From e1649dded0e5e9976c440ef9ca8cacdf556ffbb7 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Wed, 10 Jul 2024 12:51:56 -0400 Subject: [PATCH 01/61] Initial dump Signed-off-by: Charles Hu --- apps/frontend/src/store/report_intake.ts | 3 + libs/hdf-converters/README.md | 17 +- libs/hdf-converters/index.ts | 1 + .../dropwizard-no-vulns.json | 10043 ++ .../sample_input_report/dropwizard-vulns.json | 12575 +++ .../generated-saf-sbom.json | 89212 +++++++++++++++ .../sbom-dropwizard-vulns-hdf-withraw.json | 12634 +++ .../sbom-dropwizard-vulns-hdf.json | 59 + .../sbom_mapper/sbom-saf-hdf-withraw.json | 89271 ++++++++++++++++ .../sbom_mapper/sbom-saf-hdf.json | 59 + libs/hdf-converters/src/sbom-mapper.ts | 92 + .../src/utils/fingerprinting.ts | 4 +- .../test/mappers/forward/sbom_mapper.spec.ts | 114 + 13 files changed, 214075 insertions(+), 9 deletions(-) create mode 100644 libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-no-vulns.json create mode 100644 libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json create mode 100644 libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json create mode 100644 libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json create mode 100644 libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json create mode 100644 libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json create mode 100644 libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json create mode 100644 libs/hdf-converters/src/sbom-mapper.ts create mode 100644 libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts diff --git a/apps/frontend/src/store/report_intake.ts b/apps/frontend/src/store/report_intake.ts index 3f420277d9..add8460d1e 100644 --- a/apps/frontend/src/store/report_intake.ts +++ b/apps/frontend/src/store/report_intake.ts @@ -23,6 +23,7 @@ import { NiktoMapper, PrismaMapper, SarifMapper, + SbomMapper, ScoutsuiteMapper, SnykResults, TwistlockResults, @@ -271,6 +272,8 @@ export class InspecIntake extends VuexModule { return new ChecklistResults(convertOptions.data).toHdf(); case INPUT_TYPES.GOSEC: return new GoSecMapper(convertOptions.data).toHdf(); + case INPUT_TYPES.SBOM: + return new SbomMapper(convertOptions.data).toHdf(); default: return SnackbarModule.failure( `Invalid file uploaded (${filename}), no fingerprints matched.` diff --git a/libs/hdf-converters/README.md b/libs/hdf-converters/README.md index a58d64052a..c1dda19404 100644 --- a/libs/hdf-converters/README.md +++ b/libs/hdf-converters/README.md @@ -20,14 +20,15 @@ OHDF Converters supplies several methods to convert various types of security to 13. [**nikto-mapper**] - Nikto results JSON file 14. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file 15. [**sarif-mapper**] - SARIF JSON file -16. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object -17. [**snyk-mapper**] - Snyk results JSON file -18. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API -19. [**splunk-mapper**] - Splunk instance -20. [**twistlock-mapper**] - Twistlock CLI output file -21. [**veracode-mapper**] - Veracode Scan Results XML file -22. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report -23. [**zap-mapper**] - OWASP ZAP results JSON +16. [**sbom-mapper**] - SBOM JSON file +17. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object +18. [**snyk-mapper**] - Snyk results JSON file +19. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API +20. [**splunk-mapper**] - Splunk instance +21. [**twistlock-mapper**] - Twistlock CLI output file +22. [**veracode-mapper**] - Veracode Scan Results XML file +23. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report +24. [**zap-mapper**] - OWASP ZAP results JSON ### NOTICE diff --git a/libs/hdf-converters/index.ts b/libs/hdf-converters/index.ts index b33c5370c4..01535e55a1 100644 --- a/libs/hdf-converters/index.ts +++ b/libs/hdf-converters/index.ts @@ -28,6 +28,7 @@ export * from './src/netsparker-mapper'; export * from './src/nikto-mapper'; export * from './src/prisma-mapper'; export * from './src/sarif-mapper'; +export * from './src/sbom-mapper'; export * from './src/scoutsuite-mapper'; export * from './src/snyk-mapper'; export * from './src/sonarqube-mapper'; diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-no-vulns.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-no-vulns.json new file mode 100644 index 0000000000..6ea86bda47 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-no-vulns.json @@ -0,0 +1,10043 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:21541b57-cd8f-482c-a80f-9c79c75ca7cf", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:25Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + }, + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ] +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json new file mode 100644 index 0000000000..f1435e08df --- /dev/null +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json @@ -0,0 +1,12575 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:28Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + }, + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "vulnerabilities": [ + { + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 173, + 200, + 378, + 732 + ], + "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ] + }, + { + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 379, + 552 + ], + "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ] + }, + { + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 94, + 502 + ], + "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502, + 913 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 787 + ], + "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ] + }, + { + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ] + }, + { + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 776 + ], + "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 776 + ], + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 20, + 502 + ], + "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + } + ] + }, + { + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 613 + ], + "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 551, + 755 + ], + "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400, + 770 + ], + "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 226 + ], + "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 20 + ], + "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ] + }, + { + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 130 + ], + "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ] + }, + { + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 378, + 379, + 552 + ], + "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "affects": [ + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" + } + ] + }, + { + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "affects": [ + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" + } + ] + }, + { + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ] + }, + { + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 149 + ], + "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ] + }, + { + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200, + 732 + ], + "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "affects": [ + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" + } + ] + }, + { + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "high", + "method": "other" + } + ], + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ] + }, + { + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "low", + "method": "other" + } + ], + "description": "testing", + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ] + }, + { + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ] + }, + { + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ] + }, + { + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "affects": [ + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" + } + ] + }, + { + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 79 + ], + "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "affects": [ + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507" + } + ] + }, + { + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "affects": [ + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" + } + ] + }, + { + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 410 + ], + "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ] + }, + { + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ] + }, + { + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 190 + ], + "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "affects": [ + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" + } + ] + }, + { + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 295 + ], + "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ] + }, + { + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ] + }, + { + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ] + }, + { + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 88 + ], + "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ] + } + ] +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json new file mode 100644 index 0000000000..32dfa7bdd0 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json @@ -0,0 +1,89212 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "serialNumber": "urn:uuid:7103f08b-5c5e-4b5b-b2c7-d4be65fa19fe", + "metadata": { + "timestamp": "2024-07-08T18:08:55.978Z", + "tools": [ + { + "name": "npm", + "version": "10.7.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "1.19.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "6.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "saf", + "group": "@mitre", + "version": "1.4.7", + "bom-ref": "@mitre/saf@1.4.7", + "author": "The MITRE Security Automation Framework", + "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/saf@1.4.7?vcs_url=git%2Bhttps%3A//github.com/mitre/saf.git", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/saf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/saf", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/saf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "client-config-service", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Config Service Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-config-service@3.590.0#clients/client-config-service", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-config-service", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-config-service", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-config-service/-/client-config-service-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ad29ae81b639104043527461f1bd58d83f0294a7d812a161b7210ff7855d54705dae36775d2b2269d856e08b21e4ed081c2c93ba6c189b90327e25fcb03aa3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/token-providers" + } + ] + } + ] + }, + { + "type": "library", + "name": "sha256-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f152e65b607e82315b539b8c7aab5033a363d3f1756eba3cd31417096e824015a0a2c1565d3c7beda78e17908020099b38aeb849d30125d36be89e35c8fe66bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "ie11-detection", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions and types for detecting if the host environment is IE11", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/ie11-detection@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/ie11-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df8d650419226350df0cd29a8bfc173376ae8cd0645d1eedab55113d00cbf708b70146c8f34351ef8b85d535c7326ee9a3501c9c593c8aed92d88794ffefc0f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "sha256-js", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-js@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-js@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e734dee8b34fb27755ef5c0cb6dc214e9936cc683c60c57b53287c9bac9dfd63c906cc10138011626d624a1fa061cad2c8fd9caccecf3bc4238137206283abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "supports-web-crypto", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions for detecting if the host environment supports the WebCrypto API", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/supports-web-crypto@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/supports-web-crypto", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d3a84174cc1401bd96153b861bbdcb482d307cfbbddf15b0a39bcbd9eb7d7b29a09aedc8779bc500705b6a355688684f3b7eea72c7426a9fc5a97bc918958f22" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "util", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/util@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/util@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/util", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8e265a5e269091e3c082f2bfae2950a1cecf48ba7823f70919ae5f19d38d435845afc881c82d82823cdcc98212ac8af8fe4b798ba3a05573b981373771038eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/util@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/types@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.577.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "153d896444b7c0128dfda95f9a1968fb764eabf5c9d02ed039970336ba4a8c1d24a98a0a8e154a67f1f1e80ad1d1cce429f1f304112ceb2e3479b207c769d298" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/types" + } + ] + }, + { + "type": "library", + "name": "util-utf8-browser", + "group": "@aws-sdk", + "version": "3.259.0", + "bom-ref": "@aws-sdk/util-utf8-browser@3.259.0", + "author": "AWS SDK for JavaScript Team", + "description": "A browser UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-utf8-browser@3.259.0#packages/util-utf8-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-utf8-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-utf8-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52f15afef47e7b5f57a2891917c47315906bc361149105b18815b4c9840086f9370be4151a5d07de8b9c6bc2c306505f40a5f0996de1ba8ff9f47f2bc1bd7027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-utf8-browser" + } + ] + }, + { + "type": "library", + "name": "util-locate-window", + "group": "@aws-sdk", + "version": "3.535.0", + "bom-ref": "@aws-sdk/util-locate-window@3.535.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-locate-window@3.535.0#packages/util-locate-window", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-locate-window", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-locate-window", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.535.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c727748be9dda3a5c81ba9d8223f1917a6eec3adcd8f6158b0c5222abef30a843c33481d56de632fb69cf028ce0813bccb168759a3418a8c9f40b285e775784" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-locate-window" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "2.6.3", + "bom-ref": "tslib@2.6.3", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@2.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4dbf12443948963c6854b9475080024f28e3897c69c8c8ac9239cd3d5e42ac81d515ff7136cefc1961d7a38e64603c281cca6d63b8b1f7db6eb203bb0414929" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-host-header@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.577.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c6b9309cf8e7908e0c8557b34fec5a6266eeddd03b81146b5cdff2913c82b2e9cdfd09f786f3fec9035a6dfb3e58b5dd3dd66804011c24e21f681455f0ac5a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-host-header" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-logger@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.577.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68f146a468d365c25893edb86e0ee34f85dd229e369855d2b8fb78f65c392b281e7cbc8933fb01d1b28aa8f6188af5b4adcb99f5bad0e7c79950db61af3600be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-logger" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.577.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a67dd95447768a86ca2654771fe6c38a51e38119cdad0e873262bd673670f3d0a49f70dc6efe3cc4ebf8449beed1a53c4832e5fd2342c69a4a8de2c34cf18134" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-recursion-detection" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.577.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc40331e047a1d6a59387ef11607892dcebf0b331cc789f1790a25671559a01e693da25ddc28f246164dd315de641d1721109699be322418328ae8172cd3242c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-browser" + } + ] + }, + { + "type": "library", + "name": "config-resolver", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/config-resolver@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/config-resolver@3.0.1#packages/config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85b91825cdb44810f3daaa8bcedb6323f12a5de9ad996934a284739cbb225e9df4eba290453bee2876bb5388c264226ae83a33aafcb4475fef344482f629cf26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/config-resolver" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@smithy", + "version": "2.1.1", + "bom-ref": "@smithy/core@2.1.1", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/core@2.1.1#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/core/-/core-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2f6c8c3051c83414c85354980c85bb1148014bd2bc1dbb2fce433ed7ab5a495c93b2686bfe3c68e3d6219ac119730543c0e41909bfb4baabe614d94f2093f58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/core" + } + ] + }, + { + "type": "library", + "name": "fetch-http-handler", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/fetch-http-handler@3.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/fetch-http-handler@3.0.1#packages/fetch-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/fetch-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/fetch-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9a1fbe22e410e3fab070a106978a82a923448704916d395c33ac2a71671a61396d248b98e18fb757bc33183362097a6f13a5d16f4b6882d3cb2339b95f14616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/fetch-http-handler" + } + ] + }, + { + "type": "library", + "name": "hash-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-node@3.0.0#packages/hash-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f38a97b2d35e98fdd74b98dca1fd1e97af9b0df8f3baf8493d04c47eba37960b5b0ad2a0ccf9b7320892e9e85754f8de439f894b41ea993cfc7ff4587f31d5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-node" + } + ] + }, + { + "type": "library", + "name": "invalid-dependency", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/invalid-dependency@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/invalid-dependency@3.0.0#packages/invalid-dependency", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/invalid-dependency", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/invalid-dependency", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17ac0105a105809ce3d2ce0a5259622063e6a977a6c0fe846af82f0ea630087e343b95ebda2307bd2f2da1d986559b6e242a2b0645ec60bc93bb83ee8b356ae6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/invalid-dependency" + } + ] + }, + { + "type": "library", + "name": "middleware-content-length", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-content-length@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-content-length@3.0.0#packages/middleware-content-length", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-content-length", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-content-length", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc2e2ce1dfe21a86e00ad936b67596ebecd24ce060d4f4409b6bed5992ddae2c13ae815b6d6352af795ccb31ddad01e71176020b92b9d846e97e875a21463cb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-content-length" + } + ] + }, + { + "type": "library", + "name": "middleware-endpoint", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/middleware-endpoint@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-endpoint@3.0.1#packages/middleware-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "950fd439d183e0a33990b662025d2af10cb774f6f29ef0172807579d896b0353a9694c2bfa7792b15a240d9a58e9955be58c7c8e7bacdbdbafe975a933d3f849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-endpoint" + } + ] + }, + { + "type": "library", + "name": "middleware-retry", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/middleware-retry@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-retry@3.0.3#packages/middleware-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5af7b5ab325bf3754453feaafbf2347107409039eecc42c2e88bc80700f3504886a4aa97817d6fd74154b9919b452e8ebff3fe1c7b61700a07389650bd934090" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-retry" + } + ] + }, + { + "type": "library", + "name": "middleware-serde", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-serde@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-serde@3.0.0#packages/middleware-serde", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-serde", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-serde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "235bca1b57e823ea0f806f6bec8318d52fb10679809f5212aa9968cafaa4c07a126fc54fb278070d33a0606601a27b8e2a775a591506259aca6182c1f809deeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-serde" + } + ] + }, + { + "type": "library", + "name": "middleware-stack", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-stack@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a means for composing multiple middleware functions into a single handler", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-stack@3.0.0#packages/middleware-stack", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-stack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-stack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87d239b27c0c874455e6eb0ba7b24b8d02ab63ef27e6c0507a169dfb7a7cada76ab4e3bfce77dc5eb446946e5bb22263a51a71a969519a55f8f06b04abfa2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-stack" + } + ] + }, + { + "type": "library", + "name": "node-config-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/node-config-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "Load config default values from ini config files and environmental variable", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-config-provider@3.1.0#packages/node-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e07c1f1022d51f4c54df1ccbcab9cda0d56eb4575bab220647a83d49345642dad4d65da86a7f65ef297a9c052ef266a47b1aa910419cb5d72fe534e516ceaed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-config-provider" + } + ] + }, + { + "type": "library", + "name": "node-http-handler", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/node-http-handler@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-http-handler@3.0.0#packages/node-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dedac3e2becd38cca0c0b6d4268e1ea1dc90bb2a405abeeebcf9de6cd27d6bbd1d421567f944bc8ff9429efa094ba0577d9785ecf924908d037a6549c3e9fe79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-http-handler" + } + ] + }, + { + "type": "library", + "name": "protocol-http", + "group": "@smithy", + "version": "4.0.0", + "bom-ref": "@smithy/protocol-http@4.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/protocol-http@4.0.0#packages/protocol-http", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/protocol-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/protocol-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e4193842365cb5915813bd020218b87baa8d9d9cb32afcfc89601431c336e2202c0311c76065f1c9395390fa561f433dda1a569bb3c1631ad3171d2f83bf01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/protocol-http" + } + ] + }, + { + "type": "library", + "name": "smithy-client", + "group": "@smithy", + "version": "3.1.1", + "bom-ref": "@smithy/smithy-client@3.1.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/smithy-client@3.1.1#packages/smithy-client", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/smithy-client", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/smithy-client", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63e0abbb329cd947c72656e3dc49bacb155c66a6d5a4b6624cc124ffb8812ae2c6ab69b11d17c09b99075807bb89fd7e7542ad846309d1b284bb85d47807bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/smithy-client" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/types@3.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/types@3.0.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/types/-/types-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "56f5ae424d91285b8eafdf201618dc6bb7e4052fb12cb5114fc6d48e4e5742857464b9bb58fc163cf637fc0c334cbb940437a82830ad85f7b502c4d459a48487" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/types" + } + ] + }, + { + "type": "library", + "name": "url-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/url-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/url-parser@3.0.0#packages/url-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/url-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/url-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d972dacc5814bbe60e187b568a10771522c07c251a8d57cd05718662339a54a8cb02e031c77a52058de10602f3220075ee169fe7d80e1b78a62aa4f2f2672b8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/url-parser" + } + ] + }, + { + "type": "library", + "name": "util-base64", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-base64@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A Base64 <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-base64@3.0.0#packages/util-base64", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-base64", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-base64", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b1be887942db74083b1f6a3899382a49c60b4f1d738ac2633e672e30683e3752810c03ea8fc716bdf1a13fed985d9c115915730e881479c5b71a3212edce741" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-base64" + } + ] + }, + { + "type": "library", + "name": "util-body-length-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in browsers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-browser@3.0.0#packages/util-body-length-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71b8c9b3603598b626aa6c9597cd2ea0b4c984071fccc3b23e08f0018bac58a31d2de36dce6333f58c4d977fe344ba31492df092a91fd23c0d76d5d6b7210169" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-browser" + } + ] + }, + { + "type": "library", + "name": "util-body-length-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-node@3.0.0#packages/util-body-length-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3ee96786d49683543fa3f3c2137b2b7f3ab664a61044fd42d420d1381d34e9f1859bc2b2c1e38bea194d422ecf110245f1bcadd9b63ccc3658216ce9e21890" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-node" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-browser", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-browser@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-browser@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc314e3766ef5c902e9097bea8580f57fae8ac6ed90f79b88230971c3d55e73fed80a429e4c09308b9edaddebcead5fab63f14962de579f59726e74d8395a608" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-browser" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-node", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-node@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-node@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f46fc1895de713d346daa124372227aede4de667b198f30d739a0f29768818ac6bd625e2dc21c96a93681b906e0ad03681196aceeafeabdb48b02057c362b98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-node" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@smithy", + "version": "2.0.1", + "bom-ref": "@smithy/util-endpoints@2.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-endpoints@2.0.1#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6514f45423a72a556885fa0004c73c956790a3f24416e3d672d7cd4578131dbc8e56cb0c38b60550d5ae931c621d119502157e9f773490f5becd4a9c92354f10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-middleware", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-middleware@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-middleware@3.0.0#packages/util-middleware", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-middleware", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-middleware", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab921374e9d5da95c74950e7296af08123530c100c1cba6d144d3bb9aff94f2e56275d5bbebd2f9366bb6a0bbba9186b085450967a39bb70a7794e4410b2be0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-middleware" + } + ] + }, + { + "type": "library", + "name": "util-retry", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-retry@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared retry utilities to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-retry@3.0.0#packages/util-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9caf7d6ef262ce21affd438a2650ef145e39174d1680f2ca5481947c02be98387354dda16ff4b7dee5b64e5860e4f541a2a63bb4356a2f4ce6bb83b1007828f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-retry" + } + ] + }, + { + "type": "library", + "name": "util-utf8", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-utf8@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-utf8@3.0.0#packages/util-utf8", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-utf8", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-utf8", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad4793d766f1167a656037bcd791976eafe88b11061df44516d71317761d0e2fc968434833a6926182c9c9d1bcdd43732d77912392bc69b61dffc4a9fd033490" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-utf8" + } + ] + }, + { + "type": "library", + "name": "signature-v4", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/signature-v4@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A standalone implementation of the AWS Signature V4 request signing algorithm", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/signature-v4@3.0.0#packages/signature-v4", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/signature-v4", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/signature-v4", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91714e90d5fe0501dedaa9cbc693046824466a9f49ead5062f373703d8dd9fe9c3e0974cc0229327ecc5c10db41a463e9805c66adc93c371dca14951dfd1f098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/signature-v4" + } + ] + }, + { + "type": "library", + "name": "is-array-buffer", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/is-array-buffer@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a function for detecting if an argument is an ArrayBuffer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/is-array-buffer@3.0.0#packages/is-array-buffer", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/is-array-buffer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/is-array-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f85b2ee90e82e114898b2f3563c780a63101e6056d33ea052937df83e8d2bb0b6fa26249ae150906edb34bcc235d2807fe0d4c2845abcf20a14c17ba7256f915" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/is-array-buffer" + } + ] + }, + { + "type": "library", + "name": "util-hex-encoding", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-hex-encoding@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Converts binary buffers to and from lowercase hexadecimal encoding", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-hex-encoding@3.0.0#packages/util-hex-encoding", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-hex-encoding", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-hex-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7859dd8755842b960c518bf2de53e5566618fdf65c404d43f2849fe3521ddaf09e2242895cf7180c2643fb8fb156223a6f55d277bb44face40997cf3e6295a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-hex-encoding" + } + ] + }, + { + "type": "library", + "name": "util-uri-escape", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-uri-escape@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-uri-escape@3.0.0#packages/util-uri-escape", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-uri-escape", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-uri-escape", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ea47ba982e06530fb9d62c179c522e1aaa8970f0c8736bd02ba4d110f3cd4c249214dac13988708ae93772aaacdc0cbcb438f7b5d086384fc72d55db729ee6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-uri-escape" + } + ] + }, + { + "type": "library", + "name": "strnum", + "version": "1.0.5", + "bom-ref": "strnum@1.0.5", + "author": "Amit Gupta", + "description": "Parse String to Number based on configuration", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strnum@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/strnum.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27c6db37228a5e5e6a61c477e9320ef16de6546547ae69b1b1de4f008b46926cb3c09bf26e2c36215ab99ea7748b82d2352901fecc7d5479656df15dafd93524" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strnum" + } + ] + }, + { + "type": "library", + "name": "property-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/property-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/property-provider@3.1.0#packages/property-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/property-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/property-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3dfea1586a75981e9a30a25a31650037e1bcb1780bfb8a0ee2a8effb6512c450f7edde982ade476c67763f7bd104914ac882114f21656dfff0942efa7e70e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/property-provider" + } + ] + }, + { + "type": "library", + "name": "util-stream", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/util-stream@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-stream@3.0.1#packages/util-stream", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5ed534d840b1f31103c23df3a61d398e5f134fd3d7f663145e8e2ecaa4bd054d3f7bd9feccd80df182ca985bee2a00d3daf7d8aff4a9b4857cd154ebc692cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-stream" + } + ] + }, + { + "type": "library", + "name": "credential-provider-imds", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/credential-provider-imds@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/credential-provider-imds@3.1.0#packages/credential-provider-imds", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/credential-provider-imds", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/credential-provider-imds", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab8038777f2ff296189ac7aefe34d2dd9e48df35e510e7b939b8be109ade54a8125725941ce77bff26950a29c2eb4406e0c4720acf7cb5cc411f520c0b46eeed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/credential-provider-imds" + } + ] + }, + { + "type": "library", + "name": "shared-ini-file-loader", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/shared-ini-file-loader@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/shared-ini-file-loader@3.1.0#packages/shared-ini-file-loader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/shared-ini-file-loader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/shared-ini-file-loader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74033bc125f4351dea4cdc8654dfe7c30a440f37d5f53ff700dd9e0011315a675ae55a99292b2394836aa263b98634161aff88224a177ecdeedaf192373f3e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/shared-ini-file-loader" + } + ] + }, + { + "type": "library", + "name": "util-config-provider", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-config-provider@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities package for configuration providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-config-provider@3.0.0#packages/util-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5b8e4e2cd1fc2adc38bf00d2feac2bc930a3396f3010744e52ffa44be4d5e0304c45022e9481030f3a6e723da2163e9afe10e5ca5d1a27277168c4a7f898225" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-config-provider" + } + ] + }, + { + "type": "library", + "name": "bowser", + "version": "2.11.0", + "bom-ref": "bowser@2.11.0", + "author": "Dustin Diaz", + "description": "Lightweight browser detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bowser@2.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/lancedikson/bowser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lancedikson/bowser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lancedikson/bowser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02571a2418bfa6aa8904843c53d31ca5cf62f00ab19fcf1292fe5dfb1057d34e81639bbc3779862c76b92e0a696bb2ff1dfc20c0b819e8d62cf8083ab9498944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bowser" + } + ] + }, + { + "type": "library", + "name": "querystring-builder", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-builder@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-builder@3.0.0#packages/querystring-builder", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d6f058b4373c9f904d13990a610d7af50260436cad35700e02d59ee0830300539443cf9000bff2a6a11c334004b49315cd7ff0f600b4c48302b45367382ed46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-builder" + } + ] + }, + { + "type": "library", + "name": "util-buffer-from", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-buffer-from@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-buffer-from@3.0.0#packages/util-buffer-from", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-buffer-from", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-buffer-from", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6843870a0ab945615b3fe5033ef3e8b76e842478ce0be6d182c7b903c5771524a1a9de44e54378a9cef3930b2f24f3c056c7fbdd0c18707375fe0b7faed2f040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-buffer-from" + } + ] + }, + { + "type": "library", + "name": "service-error-classification", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/service-error-classification@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/service-error-classification@3.0.0#packages/service-error-classification", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/service-error-classification", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/service-error-classification", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc1b01b4e52dd86b277375f6ddec3eaf633bd56c2da477c40c684760748383aab5b7c16b5a1d798d3db90cb6a3155d47f8fa71009ea0a9ef7261e454b2649d14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/service-error-classification" + } + ] + }, + { + "type": "library", + "name": "uuid", + "version": "9.0.1", + "bom-ref": "uuid@9.0.1", + "description": "RFC4122 (v1, v4, and v5) UUIDs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/uuid@9.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/uuidjs/uuid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/uuidjs/uuid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/uuidjs/uuid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fed5e24e96c47d2bc1c9a68c3d3a4ddf896396488708cd7a1dbefd2b42356839536958ca717f5c19369b78cbd875d2874236baa7629d4e073464b5c9017b7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uuid" + } + ] + }, + { + "type": "library", + "name": "querystring-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-parser@3.0.0#packages/querystring-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5331f0b6193450471c578747ccfc929c1cb7e005b0dd5f6522a513c66a3343ec0f0c03bd72c09631f38b7bb57d0366a0358cbbc44f8f6f44ba2bf276dc94b37d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-parser" + } + ] + }, + { + "type": "library", + "name": "client-securityhub", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-securityhub@3.590.0#clients/client-securityhub", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-securityhub", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-securityhub", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-securityhub/-/client-securityhub-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cc0da783606c03b91489ecb6ea697c41b66088bb51a013b0e30dcec6364162dfcd31500d89bb9108bf63959a057c2f7b3f54f245c9baebdde57ee35adba1f92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/token-providers" + } + ] + } + ] + }, + { + "type": "library", + "name": "xlsx", + "group": "@e965", + "version": "0.20.1", + "bom-ref": "@e965/xlsx@0.20.1", + "author": "sheetjs", + "description": "SheetJS Spreadsheet data parser and writer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40e965/xlsx@0.20.1", + "externalReferences": [ + { + "url": "git+https://github.com/e965/sheetjs-npm-publisher.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://git.sheetjs.com/SheetJS/sheetjs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd1bfc34b0751fa6aa43266ddff80b8ddd31919b07fbf588462e181c0c359281123533cf9b35c96cfa8ed8730dec3641d6f9c5d5448ac50f59bd2d12f4baa66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@e965/xlsx" + } + ] + }, + { + "type": "library", + "name": "emass_client", + "group": "@mitre", + "version": "3.10.0", + "bom-ref": "@mitre/emass_client@3.10.0", + "author": "OpenAPI-Generator Contributors", + "description": "OpenAPI client for @mitre/emass_client", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/emass_client@3.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/emass_client.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/emass_client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/emass_client/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/emass_client/-/emass_client-3.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e10952e45a11106c15df5d35d150ad7a8e7d7a76cf08d11405e99a1331c422a5284f08bf4b64a4f7c4d429d31838c0a53f826d363e984cfaad76ae2fe821e705" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client" + } + ], + "components": [ + { + "type": "library", + "name": "axios", + "version": "0.21.4", + "bom-ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@0.21.4", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bade6f7b0922bbc8e318176aa4ce385f18ee0a3abd2c029e1d59a855f1d5cf2f1e1e0c71abc49b01540da2f0c0f26562d3990fd046bf9ff5337121dc4c941f36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client/node_modules/axios" + } + ] + } + ] + }, + { + "type": "library", + "name": "follow-redirects", + "version": "1.15.6", + "bom-ref": "follow-redirects@1.15.6", + "author": "Ruben Verborgh", + "description": "HTTP and HTTPS modules that follow redirects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/follow-redirects@1.15.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/follow-redirects/follow-redirects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1637ad9821311a3a948ae7ce0465725a7c7d401a93bc45580495f92e5db4ceacf5f87c87cec84a56fc2b2235df09758ac0a0ebda7d14ce127bec3befaa0aa14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/follow-redirects" + } + ] + }, + { + "type": "library", + "name": "hdf-converters", + "group": "@mitre", + "version": "2.10.8", + "bom-ref": "@mitre/hdf-converters@2.10.8", + "description": "Converter util library used to transform various scan results into HDF format", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/hdf-converters@2.10.8", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/hdf-converters" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@mdi", + "version": "7.4.47", + "bom-ref": "@mdi/js@7.4.47", + "author": "Austin Andrews", + "description": "Dist for Material Design Icons for JS/TypeScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mdi/js@7.4.47", + "externalReferences": [ + { + "url": "git+https://github.com/Templarian/MaterialDesign-JS.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mdi/js/-/js-7.4.47.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28f9cd3ad9b98b6a4c69ba99c69533ee241ffa67eb619c8a099f10373f39733804b7b72e1dc1a8ad67ddcd4316600d120fe6ba1e7e05989f98873cf38e44d9ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mdi/js" + } + ] + }, + { + "type": "library", + "name": "jsonix", + "group": "@mitre", + "version": "3.0.7", + "bom-ref": "@mitre/jsonix@3.0.7", + "author": "Alexey Valikov", + "description": "Jsonix (JSON interfaces for XML) is a JavaScript library which allows converting between XML and JSON structures.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "http://github.com/highsource/jsonix/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/%40mitre/jsonix@3.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mitre/jsonix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/mitre/jsonix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/mitre/jsonix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/jsonix/-/jsonix-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f1a0cd2f6bf46f606a68e8bedc77fdfc4b8d914315cc53d83aeb0bc7d318fcacbd2cbcf60f90718062fcfa1e669d8a53887c859271a6e16aff3059b3ee81cb63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/jsonix" + } + ] + }, + { + "type": "library", + "name": "xmldom", + "group": "@xmldom", + "version": "0.8.10", + "bom-ref": "@xmldom/xmldom@0.8.10", + "description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40xmldom/xmldom@0.8.10", + "externalReferences": [ + { + "url": "git://github.com/xmldom/xmldom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xmldom/xmldom", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xmldom/xmldom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9600b7d3978c68d9290609846deab0d315f93d475733981bd4432d7680ad8ab91288a5612171b6f3cbc1195edcff8e446a1d7f1b14473a142d478d7e1351663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@xmldom/xmldom" + } + ] + }, + { + "type": "library", + "name": "amdefine", + "version": "0.0.4", + "bom-ref": "amdefine@0.0.4", + "author": "James Burke", + "description": "Provide AMD's define() API for declaring modules in the AMD format", + "licenses": [ + { + "license": { + "name": "BSD", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/amdefine@0.0.4", + "externalReferences": [ + { + "url": "http://github.com/jrburke/amdefine.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://registry.npmjs.org/amdefine/-/amdefine-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbdb8d95aaa6f246746d80ee845b759aa3682ccd88e00b12781fba75d74d8927e6465251ab7f0852e36d503e3ec4eccea0f96d387cd2be795282c70c7e99c30e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/amdefine" + } + ] + }, + { + "type": "library", + "name": "xmlhttprequest", + "version": "1.8.0", + "bom-ref": "xmlhttprequest@1.8.0", + "author": "Dan DeFelippi", + "description": "XMLHttpRequest for Node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlhttprequest@1.8.0", + "externalReferences": [ + { + "url": "git://github.com/driverdan/node-XMLHttpRequest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/driverdan/node-XMLHttpRequest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/driverdan/node-XMLHttpRequest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlhttprequest/-/xmlhttprequest-1.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c226fd4d2695504b337f0d7598c7ca1b8cb42a9aeb5e3af64d983ff01a3dbbc2a15f5a4065296c9063d50466db2b518954010ff7ecc3b2f66c9183550b3004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlhttprequest" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "group": "@types", + "version": "1.4.5", + "bom-ref": "@types/csv2json@1.4.5", + "description": "TypeScript definitions for csv2json", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/csv2json@1.4.5#types/csv2json", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/csv2json", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/csv2json/-/csv2json-1.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d79d88c649cffcca76149023a6968d23036bdae7d65ed55c6cd814fb651371ac12af61569ea85a4e4dac2153a6967b4503226b19d3400acdc0ccacf9808a4d38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/csv2json" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "group": "@types", + "version": "1.4.4", + "bom-ref": "@types/pumpify@1.4.4", + "description": "TypeScript definitions for pumpify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pumpify@1.4.4#types/pumpify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pumpify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pumpify/-/pumpify-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9c59b41479c0f4e0c41892334184f99c5083f7ebc6a5a189aa9be22674c280f2b329c51340859003ea0223fac0154c5d43962aab4ffa94a7a686362ffd537b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "group": "@types", + "version": "3.6.4", + "bom-ref": "@types/duplexify@3.6.4", + "description": "TypeScript definitions for duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/duplexify@3.6.4#types/duplexify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/duplexify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/duplexify/-/duplexify-3.6.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e6a154fb1df9dcb708be85ba003325cc68ada5a15208591844099ecd644ca7c25d6289e621bf564681d39c1156b0ca1df3852aa6f45f491787dd5e13df5166" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/duplexify" + } + ] + }, + { + "type": "library", + "name": "node", + "group": "@types", + "version": "20.14.1", + "bom-ref": "@types/node@20.14.1", + "description": "TypeScript definitions for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/node@20.14.1#types/node", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/node/-/node-20.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f633348612efb2b01fc59167ea9a15773cbc90968c1da6d9a6803db40ba431b12f059afe528e96756b25da102d12db5fe1e5427d880e96ff9bd2354e65d3438" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/node" + } + ] + }, + { + "type": "library", + "name": "ms", + "group": "@types", + "version": "0.7.34", + "bom-ref": "@types/ms@0.7.34", + "description": "TypeScript definitions for ms", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/ms@0.7.34#types/ms", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/ms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/ms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c6f7a1b75a9e9a73202026a19ab233836fe69cac8eca96d3e2471cc73d79cfdcd808dbc6e940346fe77a256ea1976df7201796a288798edf1a701294b92ddf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "group": "@types", + "version": "4.2.5", + "bom-ref": "@types/mustache@4.2.5", + "description": "TypeScript definitions for mustache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mustache@4.2.5#types/mustache", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mustache", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mustache", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mustache/-/mustache-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3cbc2256f4c1839f6d1852fff15a5c1afa8ebb72f83aebde36f3e2d0461b59c85174454ffbec9151724f165f82029284ab5df4d7bff835feda439953b4750db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "group": "@types", + "version": "5.3.14", + "bom-ref": "@types/papaparse@5.3.14", + "description": "TypeScript definitions for papaparse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/papaparse@5.3.14#types/papaparse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/papaparse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/papaparse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/papaparse/-/papaparse-5.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f127888415ca6a73a3044f0a7d7fa055e9555ce379ba31f1f456a168b07beb5207d78857bac30ed1de2b64390f9308ae98f88bfff919e7bed4599e473929cf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "group": "@types", + "version": "0.3.12", + "bom-ref": "@types/revalidator@0.3.12", + "description": "TypeScript definitions for revalidator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/revalidator@0.3.12#types/revalidator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/revalidator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/revalidator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/revalidator/-/revalidator-0.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ec0368c77f3ef725a211395a0c0ddff1ee75565c19847434a85c1e324250f3bff342064158d9f30793213a0c6aefa282c30057b9408ea5f56ab44e0768a4cb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/revalidator" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/triple-beam@1.3.5", + "description": "TypeScript definitions for triple-beam", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/triple-beam@1.3.5#types/triple-beam", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/triple-beam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/triple-beam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e966987ac4e144c0a5d7d8abc8c60feffc76395802b5b2157e50c61695a76fd8ab5c8dd48d8138033998ba250a635009b2d1a28e863e32052cccc811c4861363" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/triple-beam" + } + ] + }, + { + "type": "library", + "name": "validator", + "group": "@types", + "version": "13.12.0", + "bom-ref": "@types/validator@13.12.0", + "description": "TypeScript definitions for validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/validator@13.12.0#types/validator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/validator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/validator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c7e392e4ee83c8275455385e8980523a0f2d10a47133ab841e71986f82ec583c3c13f1cf77a6b08ca80b6222db66dfdbe867e0c347eaa436732926630146a6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/validator" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "group": "@types", + "version": "0.4.14", + "bom-ref": "@types/xml2js@0.4.14", + "description": "TypeScript definitions for xml2js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/xml2js@0.4.14#types/xml2js", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/xml2js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/xml2js/-/xml2js-0.4.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e189eb45e9814a15913b6423bd48a7f04480e35ac7fbd9d018b506655ff5203862dd22fd3a1769342fccaee9535aea6d5cac21c7f683c44eeda15d1fff2a485d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/xml2js" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "1.7.2", + "bom-ref": "axios@1.7.2", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@1.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-1.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80f1084e32b6e89a50ee88b78af5789b201cee1de45caaa34e1e9d02ca9e44a09d4814387e5d91f703a0645edbf42b880518223463804cec1d703848b446683" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "compare-versions", + "version": "6.1.0", + "bom-ref": "compare-versions@6.1.0", + "author": "Ole Michelsen", + "description": "Compare semver version strings to find greater, equal or lesser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/compare-versions@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/omichelsen/compare-versions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd6505e1a94bea513a2da59d34a8b49a89fcb76f85450f9f3c691afc30a170e02314afdf32b73096e700c7e6ac7f0c46399020d771b711b82a8bd2ccc47f6b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/compare-versions" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "version": "2.0.2", + "bom-ref": "csv2json@2.0.2", + "author": "Julien Fontanet", + "description": "Stream and CLI to convert CSV to JSON", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/csv2json@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/julien-f/csv2json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/julien-f/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/julien-f/csv2json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv2json/-/csv2json-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61567bd8e7a14acf7e8f694c135d28b2624d1de23475c1e55fea8dabcc5c4744fe46df1668e09c84a884545dc6b0ae0e7f7cff2c4eb8c746dad5ca542e601c97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv2json" + } + ] + }, + { + "type": "library", + "name": "csv-parser", + "version": "2.3.5", + "bom-ref": "csv-parser@2.3.5", + "author": "mafintosh", + "description": "Streaming CSV parser that aims for maximum speed as well as compatibility with the csv-spectrum test suite", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parser@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/csv-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parser/-/csv-parser-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c21e8942e0094dc0bfb912e0f92c7d9554d2a90fc422c595b6cf32b55e6ad56146ac945638739068a0444738222e6c6f62bff0c0c858ece31d07bd6359bb25a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parser" + } + ] + }, + { + "type": "library", + "name": "minimist", + "version": "1.2.8", + "bom-ref": "minimist@1.2.8", + "author": "James Halliday", + "description": "parse argument options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "externalReferences": [ + { + "url": "git://github.com/minimistjs/minimist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/minimistjs/minimist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/minimistjs/minimist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimist" + } + ] + }, + { + "type": "library", + "name": "through2", + "version": "3.0.2", + "bom-ref": "through2@3.0.2", + "author": "Rod Vagg", + "description": "A tiny wrapper around Node.js streams.Transform (Streams2/3) to avoid explicit subclassing noise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through2@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/rvagg/through2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/rvagg/through2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/rvagg/through2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through2/-/through2-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a7683438314c8fd96e99c93e84b0ccea04f65a33f6af83c8aea3e976777402b3427ee916aa90757fdbf94ec034ee7811de27fd8b1bd96b2d6ddde6b58fb9cb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through2" + } + ] + }, + { + "type": "library", + "name": "exec-promise", + "version": "0.7.0", + "bom-ref": "exec-promise@0.7.0", + "author": "Julien Fontanet", + "description": "Testable CLIs with promises", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/exec-promise@0.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/exec-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exec-promise/-/exec-promise-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6b817e065a23cdb0f42b28227c5f754e6ec89d6afe89ad61853209a95362bd4d202ee90f3d27ec98ea4a7fa2d85845727852199e3bc8c18f8e99411af9e1780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exec-promise" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "1.0.2", + "bom-ref": "log-symbols@1.0.2", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: ✔︎ success", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a63eb5b4161d9fc4ecdd05b16fe20d66ea947bda16852cf2761b94891042dfd72fa2690ac31ba71608f8f2e7844761b640b7b5fe96cebdd0ac3ad807565c1cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "1.1.3", + "bom-ref": "log-symbols@1.0.2|chalk@1.1.3", + "description": "Terminal string styling done right. Much color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53795154b31296c09f8ea60f6cbc95bf5d4cf423d6e08ef6f1de9308a300389b9e11e07dffca3e792b0c9f13c90fe43e2bdd3db1d11283b0beb489281faa27d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "2.2.1", + "bom-ref": "log-symbols@1.0.2|ansi-styles@2.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "92609ebc582146258cec7079cd33d42e5e2bf5b5454968f3eb6321aa2cc3194aead8d5ae34c432bafe2d1c7a0a247b3af4cfcc17ae2511c1dd608a1cadd59060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "561ba64926c1a834cff29d992ca8f8d148c1095e3ebfc6d4484a546f82a34605a4f696ea185e111058fa2846a089d6f67ff33a0330b41261720cd19ac3d382ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "log-symbols@1.0.2|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "2.0.0", + "bom-ref": "log-symbols@1.0.2|supports-color@2.0.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28a355b5dea909880f20a538729dbbdf71d6602a6995085d7592c152bc9a007a2eef6df1f854734390dff36e058fe232cae8904d1a2e6f84a72057c872ba7bd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "has-ansi", + "version": "2.0.0", + "bom-ref": "has-ansi@2.0.0", + "author": "Sindre Sorhus", + "description": "Check if a string has ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-ansi@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0bcbc127c0f0502c75f6f866eeeae14ee52caf8fc8c8fea5e15ccd403bfeaf21d039b5b74d34e9f7207af16a588117b66db686b99fec7bbe08a857959cc9cb66" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "has-ansi@2.0.0|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi/node_modules/ansi-regex" + } + ] + } + ] + }, + { + "type": "library", + "name": "promise-toolbox", + "version": "0.14.0", + "bom-ref": "promise-toolbox@0.14.0", + "author": "Julien Fontanet", + "description": "Essential utils for promises", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-toolbox@0.14.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/promise-toolbox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/promise-toolbox/-/promise-toolbox-0.14.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "555e655cae255da3c1f6804ee74a297b5a9dd0028df0dde72b5e2362f57dfea1667d95b63f1fdb2633d90678868d770825fe89e58fdca0d809b4f1c3ca2515fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/promise-toolbox" + } + ] + }, + { + "type": "library", + "name": "make-error", + "version": "1.3.6", + "bom-ref": "make-error@1.3.6", + "author": "Julien Fontanet", + "description": "Make your own error types!", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-error@1.3.6", + "externalReferences": [ + { + "url": "git://github.com/JsCommunity/make-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/make-error", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/make-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b3c52194d7bbbcf2a8990842d6a15e94ca24aff49cdc080d6eca379fbe2654f0392d3670901f4d9577f85cf6a62f1244f21d2087bdeb33de31bf0453d825489f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-error" + } + ] + }, + { + "type": "library", + "name": "pump", + "version": "3.0.0", + "bom-ref": "pump@3.0.0", + "author": "Mathias Buus Madsen", + "description": "pipe streams together and close all of them if one of them closes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pump@3.0.0", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pump.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pump#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pump/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f0672fa9dd216cd4fcad77f8d872de30a6fe3d1e2602a9df5195ce5955d93457ef18cefea34790659374d198f2f57edebd4f13f420c64627e58f154d81161c3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pump" + } + ] + }, + { + "type": "library", + "name": "end-of-stream", + "version": "1.4.4", + "bom-ref": "end-of-stream@1.4.4", + "author": "Mathias Buus", + "description": "Call a callback when a readable/writable/duplex stream has completed or failed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/end-of-stream@1.4.4", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/end-of-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faec358a720754f428695b87cd1c97776d6270cf9c9ede02cc3e6b5be342d708ce5124ceb3e4deec53afec084deef4bdc7fa08ca12cfe4f4751fea614001eee5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/end-of-stream" + } + ] + }, + { + "type": "library", + "name": "once", + "version": "1.4.0", + "bom-ref": "once@1.4.0", + "author": "Isaac Z. Schlueter", + "description": "Run a function exactly one time", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/once@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/once.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/once#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/once/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94d689808fb643951140191c7042874d038f697754c67659125413658d0c15402e684a9ed44f8dcaf81dcff688c8d8ba67d3333b976fd47f27e7cfc610ba77fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/once" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "version": "2.0.1", + "bom-ref": "pumpify@2.0.1", + "author": "Mathias Buus", + "description": "Combine an array of streams into a single duplex stream using pump and duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pumpify@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pumpify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pumpify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pumpify/-/pumpify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9bb28e8deee3671ae6bad6a79644b575a8f5752eb3e8182c97339799c484a48942c4cdd5247ee51b940b79c93fea1805e85e1cac57f4d54b5098db097f079303" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "version": "4.1.3", + "bom-ref": "duplexify@4.1.3", + "author": "Mathias Buus", + "description": "Turn a writable and readable stream into a streams2 duplex stream with support for async initialization and streams1/streams2 input", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/duplexify@4.1.3", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/duplexify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/duplexify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "337066061c09459b12c77f25672844e770ac75d83397947bc4624d93b09575d643e82726c0c087f09fbb029ac8ad0287ed3a272b16828dcbf6ed099ffac43ea0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/duplexify" + } + ] + }, + { + "type": "library", + "name": "inherits", + "version": "2.0.4", + "bom-ref": "inherits@2.0.4", + "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/inherits.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inherits#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inherits/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inherits" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "3.6.2", + "bom-ref": "readable-stream@3.6.2", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@3.6.2", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6efec9e20ab6370f959db04447cc71381b66025eaa06e454c7522082e1221bafa5dc2d9058d39c9af442a361e93d3b9c4e0308c6abed497460404bb43d49ca0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "stream-shift", + "version": "1.0.3", + "bom-ref": "stream-shift@1.0.3", + "author": "Mathias Buus", + "description": "Returns the next buffer/object in a stream's readable queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-shift@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/stream-shift.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efa3914740ced68d6194ac136e2fc33371175867f764960ef1c5d7e512709ee9760c4836a32a19ca32cda1033c5acbd988528245f0b53b427b882be27b745999" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-shift" + } + ] + }, + { + "type": "library", + "name": "strip-bom-stream", + "version": "4.0.0", + "bom-ref": "strip-bom-stream@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-stream@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-stream/-/strip-bom-stream-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d00a4ade20241efe966e02c80b0fc9e278701de0d9b01c4822c383fa01e064808be92789d12f5ffd666a7a691af5c8e44f230de6078877a7bc5395861409f771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-stream" + } + ] + }, + { + "type": "library", + "name": "first-chunk-stream", + "version": "3.0.0", + "bom-ref": "first-chunk-stream@3.0.0", + "author": "Sindre Sorhus", + "description": "Transform the first chunk in a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/first-chunk-stream@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/first-chunk-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd46f47886bfd2f1c5d7908639a538153fb2f7b6ae8b95859c83d9d606e5bba3534cc4a668ea83956bfe8621e90c188d08c3bb82f875a298c7bdbbf54078aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/first-chunk-stream" + } + ] + }, + { + "type": "library", + "name": "strip-bom-buf", + "version": "2.0.0", + "bom-ref": "strip-bom-buf@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-buf@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-buf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-buf/-/strip-bom-buf-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80b14d1ee71dea0cdbf2332c9794266774209d4266a7baa7e2e5121cdc045ee980a7b622ce8198c35f595157eeab868139052dca7da4f17fc2c33581ef75b695" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-buf" + } + ] + }, + { + "type": "library", + "name": "is-utf8", + "version": "0.2.1", + "bom-ref": "is-utf8@0.2.1", + "author": "wayfind", + "description": "Detect if a buffer is utf8 encoded.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-utf8@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/wayfind/is-utf8.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wayfind/is-utf8#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wayfind/is-utf8/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "acc60f62f0b3b17cb022c95d80b692a0f970e4f7e807fb2cafb858e292df72876b03933f780af36b56bd5664e234804d323386af53b0f664f2536a3af54e94f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-utf8" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.4.0", + "bom-ref": "fast-xml-parser@4.4.0", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90b6378c5970218c01343a237252ac3400b5dac7c3e8dc16ef8401d82a0d18fbed5718e58987a156e9c1dc7632362fa7e13b75740720c18be6285fd9d7c7e5aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "html-entities", + "version": "2.5.2", + "bom-ref": "html-entities@2.5.2", + "author": "Marat Dulin", + "description": "Fastest HTML entities encode/decode library.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-entities@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mdevils/html-entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mdevils/html-entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdevils/html-entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-entities/-/html-entities-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bffcf491310938159efc2b26aefa666eac79f7147d15c2bf87dfa784d2b3db798911462f58c5c7983e1b8deb45305a8af1c8a1e1aa800997638529ae0156d68" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-entities" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "9.1.0", + "bom-ref": "htmlparser2@9.1.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@9.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e737e0ea61d4a1a7abffded3c671a9c666d1ef326d3f021814c67f1f9b9c4e53d984abedba6d39ca23cadcc81a8b76b40f2571bfba98aa8c1e6847769eb610cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "inspecjs", + "version": "2.10.8", + "bom-ref": "inspecjs@2.10.8", + "description": "Schema definitions, classes on top, and utilities to deal with HDF files", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/inspecjs@2.10.8", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inspecjs/-/inspecjs-2.10.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7254873aba523f31f309f195a81cf5f5fa6162c37032af4b2383ed3d690a45521ee79e1bb2a255b7f49f665859d4be7919ac4ff7e3e49d8b026984338d276109" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inspecjs" + } + ] + }, + { + "type": "library", + "name": "lodash", + "version": "4.17.21", + "bom-ref": "lodash@4.17.21", + "author": "John-David Dalton", + "description": "Lodash modular utilities.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash@4.17.21", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf690311ee7b95e713ba568322e3533f2dd1cb880b189e99d4edef13592b81764daec43e2c54c61d5c558dc5cfb35ecb85b65519e74026ff17675b6f8f916f4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash" + } + ] + }, + { + "type": "library", + "name": "moment", + "version": "2.30.1", + "bom-ref": "moment@2.30.1", + "author": "Iskren Ivov Chernev", + "description": "Parse, validate, manipulate, and display dates", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/moment@2.30.1", + "externalReferences": [ + { + "url": "git+https://github.com/moment/moment.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://momentjs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moment/moment/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b849ad3616c33ab58f152fa176314205fcbd7f6628cb3469c1c97e0eaa42ead697db5173b132d055b315fd6ecfccd497eb1fdb842d73037736510e4dcc7ea1a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/moment" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "version": "4.2.0", + "bom-ref": "mustache@4.2.0", + "author": "mustache.js Authors", + "description": "Logic-less {{mustache}} templates with JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mustache@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/janl/mustache.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/janl/mustache.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/janl/mustache.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef58a9a52cb0ab961beffb5563219b9018206d4f07deee51cf9e9f1fad2318582bf2e1f0c6cf9a48a7aa9a5b885733349b4901ef1423292eaa3df7746f6668a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "version": "5.4.1", + "bom-ref": "papaparse@5.4.1", + "author": "Matthew Holt", + "description": "Fast and powerful CSV parser for the browser that supports web workers and streaming large files. Converts CSV to JSON and JSON to CSV.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/papaparse@5.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/mholt/PapaParse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://papaparse.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mholt/PapaParse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/papaparse/-/papaparse-5.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e2a4cb2026466ef1baf6de95b5e6ebe8eac89beb09deff8c282d93e515fdeba43c8c7bdcb011752cb83efee8af4f464265553e758ffb023980ca1864b7649af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "version": "0.3.1", + "bom-ref": "revalidator@0.3.1", + "author": "Charlie Robbins", + "description": "A cross-browser / node.js validator powered by JSON Schema", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/revalidator@0.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/flatiron/revalidator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flatiron/revalidator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flatiron/revalidator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/revalidator/-/revalidator-0.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2babe370f95e690e9430184b8dda7d40809fb403c5aa8451cab792a09317c0a3050a80ed42595df6211dd3341e20f7f157de026df6a0493bc0d8970a279c1d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/revalidator" + } + ] + }, + { + "type": "library", + "name": "run-script-os", + "version": "1.1.6", + "bom-ref": "run-script-os@1.1.6", + "author": "Charlie Guse", + "description": "run-script-os is a tool that will let you use generic npm script commands that will pass through to os specific commands.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-script-os@1.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/charlesguse/run-script-os.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-script-os/-/run-script-os-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa5e8fd8bce10534c37f32adb3e428e07f785542a9c4a0c5cfa431c7069464dd26c2f8bb2f7969388ec1a8f0aaee58038775cb974769797c1f715222b65ad8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-script-os" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d0080560b1f6a7118681dc81c27482f53b48dd65614d995ee49f974e1b482e4ea6f0c71722428dd347a263d7c6342508153aed85bae0fcd8eff548107ec5db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.4.3", + "bom-ref": "tailwindcss@3.4.3", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bb31424fe7dfdec19b1e091db271fe248e3afe46f882377f59292e963641e52fe4370f75c4ec60b96eb197ead4db611d2d5cd5c668c859a691ec75af391ed0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "group": "@alloc", + "version": "5.2.0", + "bom-ref": "@alloc/quick-lru@5.2.0", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40alloc/quick-lru@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52b700041fb86d4ac5001c1b96e4c8044ad7c2f6ec53f57b4d959f99b8097db930881bb3892f60c5d383532ba279c7dd190f398e094c5ba8ee4b7fb3e53b0a2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@alloc/quick-lru" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "5.0.2", + "bom-ref": "arg@5.0.2", + "author": "Josh Junon", + "description": "Unopinionated, no-frills CLI argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@5.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d88f214e2ca43dcb9ec9bd0e902e8f1d02036ab3087c33544c25875076e4fac5b59280adfa3ff67fbfea7cf3ca4cebd8cc31f4bc5ddf05e88d6443f23d1d41a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "chokidar", + "version": "3.5.3", + "bom-ref": "chokidar@3.5.3", + "author": "Paul Miller", + "description": "Minimal and efficient cross-platform file watching library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/paulmillr/chokidar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/chokidar", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/chokidar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar" + } + ], + "components": [ + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "chokidar@3.5.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar/node_modules/glob-parent" + } + ] + } + ] + }, + { + "type": "library", + "name": "didyoumean", + "version": "1.2.2", + "bom-ref": "didyoumean@1.2.2", + "author": "Dave Porter", + "description": "Match human-quality input to potential matches by edit distance.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/didyoumean@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/dcporter/didyoumean.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "831b727ea320ec62b285099bd39e8aeccdf1b33cbf9b21fcc3e078453f905c142cbc039d7375f29aa0c33c7c750603e0b1d000e522227e89daf3d62d4404c3cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/didyoumean" + } + ] + }, + { + "type": "library", + "name": "dlv", + "version": "1.1.3", + "bom-ref": "dlv@1.1.3", + "author": "Jason Miller", + "description": "Safely get a dot-notated property within an object.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dlv@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/developit/dlv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/developit/dlv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/developit/dlv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87972b728e53ca9c81bc5ee446f16be604ff31b3c3fbd72f9228a4ba6575a81202ee78fc6d0e8504887ed691d78f5ab439241a44e9aa15a9f65f2544248d7c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dlv" + } + ] + }, + { + "type": "library", + "name": "fast-glob", + "version": "3.3.2", + "bom-ref": "fast-glob@3.3.2", + "author": "Denis Malinochkin", + "description": "It's a very fast and efficient glob library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-glob@3.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/mrmlnc/fast-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a17dabb80150c1ffceae3f26ef7ed8e5a7710d03b42c007bfd2e4c9f109d4cd0dde29e81b32215b2ff4942c0136d34aaf0a1d1a4bc081db56550d6adc5dfb53b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob" + } + ], + "components": [ + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob/node_modules/glob-parent" + } + ] + } + ] + }, + { + "type": "library", + "name": "fs.stat", + "group": "@nodelib", + "version": "2.0.5", + "bom-ref": "@nodelib/fs.stat@2.0.5", + "description": "Get the status of a file with some features", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.stat@2.0.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "46484f3e9db3aea0c0400ff68cd867ced70f025bfae17761229edaef8e78039a2f23b06e93182decc5fbb9dc00bb7ce0d437293d4d2bcf7555d5279aaaf638f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.stat" + } + ] + }, + { + "type": "library", + "name": "fs.walk", + "group": "@nodelib", + "version": "1.2.8", + "bom-ref": "@nodelib/fs.walk@1.2.8", + "description": "A library for efficiently walking a directory recursively", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.walk@1.2.8#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0607e53196059c810920c28f067041b07a6a1316ddc520ef5a6da6c199a1b05c8a01299f864f2d293f5f396de1a0ecb96287f3521d25765c0b35967ce7a1c4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.walk" + } + ] + }, + { + "type": "library", + "name": "is-glob", + "version": "4.0.3", + "bom-ref": "is-glob@4.0.3", + "author": "Jon Schlinkert", + "description": "Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/is-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/is-glob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/is-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-glob" + } + ] + }, + { + "type": "library", + "name": "merge2", + "version": "1.4.1", + "bom-ref": "merge2@1.4.1", + "description": "Merge multiple streams into one stream in sequence or parallel.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge2@1.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/teambition/merge2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/teambition/merge2", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/teambition/merge2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2aed51203095b827cb5c7d53f2f20d3d35c43065d6f0144aa17bf5999282338e7ff74c60f0b4e098b571b10373bcb4fce97330820e0bfe3f63f9cb4d1924e3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge2" + } + ] + }, + { + "type": "library", + "name": "micromatch", + "version": "4.0.5", + "bom-ref": "micromatch@4.0.5", + "author": "Jon Schlinkert", + "description": "Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/micromatch@4.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/micromatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/micromatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/micromatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0cccbe1117045b6abc6763e8f96357bb0ddce586944858c03b91ac26a7c497b523bed22e14a3ba66b2af708b5dcbdf1dc05236375b60df334874a6904fe68d74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/micromatch" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "6.0.2", + "bom-ref": "glob-parent@6.0.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@6.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f1c08f043a1550816a7a8832feddbd2bf3a7f877a017eb3494e791df078c9d084b972d773915c61e3aefa79c67ed4b84c48eeff5d6bb782893d33206df9afe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "jiti", + "version": "1.21.0", + "bom-ref": "jiti@1.21.0", + "description": "Runtime typescript and ESM support for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jiti@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/unjs/jiti.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/unjs/jiti#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/unjs/jiti/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "805a8021bb8acb2b28ff71b6aa188ed8e33ab2163a10f3ff474fa69036f2b29c4a6b387c0570c2e45885b148e573381d373fef7eb6b475adb2f9a1ebbac2c6fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jiti" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "2.1.0", + "bom-ref": "lilconfig@2.1.0", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad58eb7f187cee5319cb2b107a764f3546839ea0d78781bad78ae1a4e32c85e6a951cfe888556bb9e84d9fa861c5ad7cf440d5212c1ffc9caaaf447eba24a19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "braces", + "version": "3.0.2", + "bom-ref": "braces@3.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/braces@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/braces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/braces", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/braces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/braces" + } + ] + }, + { + "type": "library", + "name": "picomatch", + "version": "2.3.1", + "bom-ref": "picomatch@2.3.1", + "author": "Jon Schlinkert", + "description": "Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/picomatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/picomatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/picomatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picomatch" + } + ] + }, + { + "type": "library", + "name": "normalize-path", + "version": "3.0.0", + "bom-ref": "normalize-path@3.0.0", + "author": "Jon Schlinkert", + "description": "Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/normalize-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-path" + } + ] + }, + { + "type": "library", + "name": "object-hash", + "version": "3.0.0", + "bom-ref": "object-hash@3.0.0", + "author": "Scott Puleo", + "description": "Generate hashes from javascript objects in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-hash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/puleos/object-hash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/puleos/object-hash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/puleos/object-hash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4529fd17af0f8c7f47aad96db129ea602d575e859ef418eee7edb5dd1f7c70d1adb5a83dabdc80393cdd6ecaaf21aeda366e567df059169598af6696ae495603" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-hash" + } + ] + }, + { + "type": "library", + "name": "picocolors", + "version": "1.0.0", + "bom-ref": "picocolors@1.0.0", + "author": "Alexey Raspopov", + "description": "The tiniest and the fastest library for terminal output formatting with ANSI colors", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/picocolors@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexeyraspopov/picocolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5fca0ae84cb947bbaeb38b6e95a130eff324609b415c71e72cb2da3e321b19d03fc3196dac9bc13c0235bb354e5555346de46c5b799e6a06e26bf87c8b6248d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picocolors" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "15.1.0", + "bom-ref": "postcss-import@15.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@15.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "869afe274e41d855585005c778ad58c88dbaec9fdd0c384c53a07a722be6f21498d636099c15f1cca0ca0ecc33266b4b1ebcab8e19c38eaaa9ff8f6df0500b7b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-value-parser", + "version": "4.2.0", + "bom-ref": "postcss-value-parser@4.2.0", + "author": "Bogdan Chadkin", + "description": "Transforms css values and at-rule params into the tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-value-parser@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/postcss-value-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4d342b3abaeadf9156de5c6e12f09153f6dd7d9b8e480a789ff3358b779a0f499e74427c0c7caf87de3bf8d3c7788f0ffb06db6fe5ac52e48887a0b69534779" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-value-parser" + } + ] + }, + { + "type": "library", + "name": "postcss", + "version": "8.4.38", + "bom-ref": "postcss@8.4.38", + "author": "Andrey Sitnik", + "description": "Tool for transforming styles with JS plugins", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss@8.4.38", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://postcss.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a0969764d370527d7907a106b76ffa2e96ba2d024c2b94b0d148e6fd0f46cdf3a15d47213d969a52a77dda1cd3e005ad09282a01f9dac52d9910a1145869ee4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss" + } + ] + }, + { + "type": "library", + "name": "read-cache", + "version": "1.0.0", + "bom-ref": "read-cache@1.0.0", + "author": "Bogdan Chadkin", + "description": "Reads and caches the entire contents of a file until it is modified", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-cache@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/read-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/read-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/read-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b076ffc5b7b2233a09bf8b4c6f3436752eb4403517dec386f6a6b1773963102f12dfbb76d2f055610acad208c2b8951e7a63dc9af804e1a13a43093c429a944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-cache" + } + ] + }, + { + "type": "library", + "name": "pify", + "version": "2.3.0", + "bom-ref": "pify@2.3.0", + "author": "Sindre Sorhus", + "description": "Promisify a callback-style function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9d82c018f9f4e7befee423b69ac5bab058d6f4007881d2a04ef3d3d928f9284e618e81d6eb1c3283fb40765f8b937c9fc54f5474f6bf604ec8d48cd268b6ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pify" + } + ] + }, + { + "type": "library", + "name": "resolve", + "version": "1.22.8", + "bom-ref": "resolve@1.22.8", + "author": "James Halliday", + "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve@1.22.8", + "externalReferences": [ + { + "url": "git://github.com/browserify/resolve.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserify/resolve#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserify/resolve/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a59e3c2c6aa5de8594bbc6575554d31edb90f9a608da25c738cc7f835cce80e741c216ac017e70fb599f98ba9fe45f0f677d8b4b73a4a9c6e98935ebcc88cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve" + } + ] + }, + { + "type": "library", + "name": "postcss-js", + "version": "4.0.1", + "bom-ref": "postcss-js@4.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS for CSS-in-JS and styles in JS objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-js@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7432c5f2910ed7dd6124cb651c53d16bcc6c8b31da33cd8c2df364507754b55115ded813a79a23fbca9b12a60ce7b48b7dcef82926f0fffe1278999ad8b45523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-js" + } + ] + }, + { + "type": "library", + "name": "camelcase-css", + "version": "2.0.1", + "bom-ref": "camelcase-css@2.0.1", + "author": "Steven Vachon", + "description": "Convert a kebab-cased CSS property into a camelCased DOM property.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase-css@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/stevenvachon/camelcase-css.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40e4af7af86c9628e0630471e91bfbcca74c17c95b466c7eb901b1dbebc373e288fde067b32f648ade5a8f6dc0806bb7a5ae2df408306e75d6a92fa2398fb668" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase-css" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "4.0.2", + "bom-ref": "postcss-load-config@4.0.2", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2561c8918bd34c0c5683d4cc05409db1285b2a91c648efeb8b54978dbb48a9cfac436daba849c14a23ae8333d9507e43579d9a2e087eb00fa5a9a2e5556031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config" + } + ], + "components": [ + { + "type": "library", + "name": "lilconfig", + "version": "3.1.1", + "bom-ref": "postcss-load-config@4.0.2|lilconfig@3.1.1", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5f297fb9f2bc74dc92e9cf5825755d4357535a62bb4d72d9bec04c9d29a6452493ca1ca95581ad88c9042c070e30ff65671fcab0343f880a8735868b910835" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config/node_modules/lilconfig" + } + ] + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "10.9.2", + "bom-ref": "ts-node@10.9.2", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@10.9.2", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://typestrong.org/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f4145a4875c1e09fccdc3d26dfd5d45ebf0b74e3b60c9da889337bb6c3645ec2b07e7e86ffcde3d972b3b24282cc30eeda04875d2dc40810ae5d62390b9c6ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node" + } + ], + "components": [ + { + "type": "library", + "name": "arg", + "version": "4.1.3", + "bom-ref": "ts-node@10.9.2|arg@4.1.3", + "author": "Josh Junon", + "description": "Another simple argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@4.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c4bd403a86d17c76ed8c0f4adf5f2718af8d8978df6602c1f0cc7d9fbbd5102a52b65e7fb2eb2906772c72cec024b814b341a653f9df7671f3de5278e087bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node/node_modules/arg" + } + ] + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "2.4.3", + "bom-ref": "yaml@2.4.3", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b27b609b18fca3b0c4ee0fd08bad1caa92c10371c6dd24dc0c0d243be59f074e6310a85931b63bba6366dab06942fb26675ebf94f5c22465b6ebbd9d80e524ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.1", + "bom-ref": "postcss-nested@6.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "984a78c4f322e5b49688c6ec8283df70fef896c58b1e441b65cdec63e8d661deb9094c17ad4693a747e63696b4d597044ca94881474537f3294b6c59b6a2fd75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03445526b5fe21491565b5b70a5ae8456bab7ab70586279ebc7077f2caf6fa5f5e50294caa899edcb9849a7865372fb932bd8460de81d8a6b0f7061d77e5478b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-selector-parser" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd36ff25c8cad75d67352706a1be4c36db27b4d3356823540e2a41fd39306458720ebac4e3b48ec7fd7cc05d9b6e381cdd9cc248a5b54f99ede446c5a00cff56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cssesc" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/util-deprecate" + } + ] + }, + { + "type": "library", + "name": "nanoid", + "version": "3.3.7", + "bom-ref": "nanoid@3.3.7", + "author": "Andrey Sitnik", + "description": "A tiny (116 bytes), secure URL-friendly unique string ID generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nanoid@3.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/ai/nanoid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ai/nanoid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ai/nanoid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "792469a6370f21ab5120c0b553a52780ff1715ccfc31058641db75313050ecd6809af5c37ef3716ef595df1db2e8274451c8824ac0c70d065b858681f10128da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nanoid" + } + ] + }, + { + "type": "library", + "name": "source-map-js", + "version": "1.2.0", + "bom-ref": "source-map-js@1.2.0", + "author": "Valentin 7rulnik Semirulnik", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map-js@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/7rulnik/source-map-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad256f25bd20344d71298624686b0b0292c9e57fc4b2be617322196da801e5b9777cf2990277e7172551d30f0742af4233c29b529b4df9207424b54bb541432" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-js" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "847ac88ef66c7ed3acbca4a7d9345897adf3bf1b201342bed2660ca07ea00f8a264792160762b29e2bc141cce8dfec05d5c0a48f3be9b6723d434b0f53aea297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-core-module" + } + ] + }, + { + "type": "library", + "name": "path-parse", + "version": "1.0.7", + "bom-ref": "path-parse@1.0.7", + "author": "Javier Blanco", + "description": "Node.js path.parse() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-parse@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jbgutierrez/path-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c32733d510410f47ecb8f33f7703411dd325dbf29001c865a8fe4e5861d620a58dbfd84b0eb24b09aeaee5387c6bcab54e9f57a31baa00a7c6a1bce2100fcb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-parse" + } + ] + }, + { + "type": "library", + "name": "supports-preserve-symlinks-flag", + "version": "1.0.0", + "bom-ref": "supports-preserve-symlinks-flag@1.0.0", + "author": "Jordan Harband", + "description": "Determine if the current node version supports the `--preserve-symlinks` flag.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/node-supports-preserve-symlinks-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2dd169d74bd7e076480871e3dee911cd935580f3e9ae3dae9c4a3791dd5f0adbbabd041d6b4c4dd1d69ec7bf4cf567201cf2ce95beff0323259febcd4c02dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-preserve-symlinks-flag" + } + ] + }, + { + "type": "library", + "name": "sucrase", + "version": "3.35.0", + "bom-ref": "sucrase@3.35.0", + "author": "Alan Pierce", + "description": "Super-fast alternative to Babel for when you can target modern JS runtimes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sucrase@3.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/alangpierce/sucrase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alangpierce/sucrase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alangpierce/sucrase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f046d50e2bbd88dfe7112c31792c4329ed1dba7b5ad463a51ee7e64925f1303db3dbfb4c6690cca6f5d01ac73e6a31a8f32dae6149a2c5a49151cfd03e843418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase" + } + ], + "components": [ + { + "type": "library", + "name": "commander", + "version": "4.1.1", + "bom-ref": "sucrase@3.35.0|commander@4.1.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e2a6f31864cc08f3171f01dafe4e0074febb9a5141cd9409ad95abd8d82ffdf5a36c22f66c4103b2c816cdec5795520b8f73ea91217db3142ef4a12a3dba58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "sucrase@3.35.0|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "sucrase@3.35.0|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/minipass" + } + ] + } + ] + }, + { + "type": "library", + "name": "gen-mapping", + "group": "@jridgewell", + "version": "0.3.5", + "bom-ref": "@jridgewell/gen-mapping@0.3.5", + "author": "Justin Ridgewell", + "description": "Generate source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/gen-mapping@0.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/gen-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2332fc66810320145613394271184e682ba963237981d20af90e9f6c574f0e0e87a97ea3a6422d9fb0c52295bd2d0cd71ba0dff6c03bf8e2a7ab4aa5cff19a42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/gen-mapping" + } + ] + }, + { + "type": "library", + "name": "set-array", + "group": "@jridgewell", + "version": "1.2.1", + "bom-ref": "@jridgewell/set-array@1.2.1", + "author": "Justin Ridgewell", + "description": "Like a Set, but provides the index of the `key` in the backing array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/set-array@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/set-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/set-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/set-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47c80b45365eca9d37ca6ccfffa2e297fdbcb46786133871d6ada4ef4dca19644023555dbcf217746ef4549736a40330dcd03a24a2f986116ed6c257d0c9e7fc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/set-array" + } + ] + }, + { + "type": "library", + "name": "sourcemap-codec", + "group": "@jridgewell", + "version": "1.4.15", + "bom-ref": "@jridgewell/sourcemap-codec@1.4.15", + "author": "Rich Harris", + "description": "Encode/decode sourcemap mappings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/sourcemap-codec@1.4.15", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/sourcemap-codec.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "785dabc4246e9442971d34620eb0f2e9eacc616a8dc382cf750f14400e21baec5a42c55e44f165da833ca031b130584951665ff4c7292ed25ab030d96ff0697a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/sourcemap-codec" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.25", + "bom-ref": "@jridgewell/trace-mapping@0.3.25", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.25", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bcd93a684c326c6b5ac169b2fcfcf09c60ce8c290b5920f6c2abe3186020380c02196c926177d8a31b74d082644c5fbc2dbe7b0f039bdc06b4a3d080a5ea6261" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cc28352722d7ba6df6f99d6bfb57f71a235ebd38782fc236fb5785a4794bdb410763af9ad62aa1c588a59bfdf70ec01f82cc14fea9b5a3be3f8357046c92922" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child" + } + ], + "components": [ + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "foreground-child@3.1.1|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child/node_modules/signal-exit" + } + ] + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8910cf24a50f544343edd1cf3bcae46ce9cfa720f281c0c5b568e9796342832f163f6ad77315cbf13b2445e425e8eac1d86efe509ada82cd6ad7916e75cec6eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cross-spawn" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "377c824bf35e82c381a2473c18074cf147267ec2a2492f1c8a985e0ff9e2bf3afbd341fe9ec30ec498d09efc0e711615b8591d1f4c0652f5b659b5c69ab6466d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jackspeak" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc8dc8da6d76a578e1bd0d0d3e0115d66414df9cfe16340ab3ba224aee5978e009b118abff2763384cf8f18d8df39c109fbc15c5cee726d6dc1dc85c9b16a10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e72ce091def8dc63c6dea0d2ed723679fe7c67d9a7e6304ea586b0eb79ba24a8c6a9f976de5bc9fd4d7a4f0cea9d18ae6a708de84f418a4d6eb00bb10c895a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f5f03689b17494936fb8da9bfc98bb398c94f686a164144e23db5c0e9a06d4aac67684bef636c514efce60f515e0a37b3464d815978d93887a7766d3affd5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8aae9e55523ae274104d162ad8ab44836776b94ecb125853270b07e18cc81d9b21c658199acff021ce15a03413946fc8bd522b04a1b4e82ad99e9d2abfb86471" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f933ce797ca6f64ac7cc222145a15ac0047242f10b47c15c7e98758fdd0704a811d889e9e3e5d1d28236f1b42d161195d8b78c1c0faceb4049433e116e6607c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b22ed0588eb350cab9e9b11216f6a0b66ccc7463ada317d1f927b3d753286df73bb66f9591472493d6d6d9479f7d319551b3a4b31992c34000da0b3c83bd4d09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cdefdf2015f417faf8b0dd1ef2ac6591aa7acdda84641245238e5e09367e04f06c716e3b46dc56eb108218de5f3f86bc14c0878266f8b842e3933f8304ad5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-styles" + } + ] + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width-cjs" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3128d8cdc58d380d1ec001e9cf4331a5816fc20eb28f2d4d1b7c6d7a8ab3eb8e150a8fd13e09ebd7f186b7e89cde2253cd0f04bb74dd335e126b09d5526184e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf29a6e7ebbeb02b125b20fda8d69e8d5dc316f84229c94a762cd868952e1c0f3744b8dbee74ae1a775d0871afd2193e298ec130096c59e2b851e83a115e9742" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-fullwidth-code-point" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23cf1361959cf578981d1438ff7739ae38df8248e12f25b696e18885e18445b350e8e63bc93c9b6a74a90d765af32ed550ff589837186be7b2ab871aee22ea58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eastasianwidth" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aae2505e54d25062f62c7f52517a3c570b18e2ca1a9e1828e8b3529bce04d4b05c13cb373b4c29762473c91f73fd9649325316bf7eea38e6fda5d26531410a15" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdb07dac22404f5adb8e25436f686a2851cd60bc60b64f0d511c59dc86700f717a36dc5b5d94029e74a2d4b931f880e885d3e5169db6db05402c885e64941212" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb55648dd0f44012cfa1d1ab2547aa6ab1fc54022f40e0c86f087d5e93f94b28ac7fb628420b0928f345a2aa8b425bbe550fed552b21311ea5a0f327f14f9d3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@pkgjs/parseargs" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2aa5a1f957217f170c3510098e3dad9ec48974d6c7b1582790185336b5bb023568e8ebcbb71c3ccdf4fda0bc35252a21945cc9f230a84e06a85ef27e907b7a7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.10.2", + "bom-ref": "path-scurry@1.10.2", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef14dabcdcb94505e7b2300dbd5bcc9048ef9683a29e4023bff67a225773f6fd918a767848129358539545b685f29d2fa479f28d5fd4c0d0dd2ae52fe8ce6a70" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry" + } + ], + "components": [ + { + "type": "library", + "name": "lru-cache", + "version": "10.2.0", + "bom-ref": "path-scurry@1.10.2|lru-cache@10.2.0", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9b20cf31f9501fe894f86ca0258d2d6a51680cb2a6513c6252e8549a84830f56f72d70d872569ec026eeeabb1396f63c24af205178a658e6d639258bf69ffed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "path-scurry@1.10.2|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/minipass" + } + ] + } + ] + }, + { + "type": "library", + "name": "lines-and-columns", + "version": "1.2.4", + "bom-ref": "lines-and-columns@1.2.4", + "author": "Brian Donovan", + "description": "Maps lines and columns to character offsets and back.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lines-and-columns@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/eventualbuddha/lines-and-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef297295eb1943f3d5dbd8e110397751f8e8e995fb802a89af917b3caaea73ddefedfcd2ca6b75069c0453c9c0517b3cab3cefaa16e384ae50660e8cb7f1e406" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lines-and-columns" + } + ] + }, + { + "type": "library", + "name": "mz", + "version": "2.7.0", + "bom-ref": "mz@2.7.0", + "author": "Jonathan Ong", + "description": "modernize node.js to current ECMAScript standards", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mz@2.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/normalize/mz.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/normalize/mz#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/normalize/mz/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfcd4634eee79d830486b1a1f4b7b29a8138f98af45a7e4c70721930ae5c7d00a5f8d0d7d3cb0266051cf7fe8c1e78bd216b852e6d59dc74c25eedb3f5f37ad9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mz" + } + ] + }, + { + "type": "library", + "name": "any-promise", + "version": "1.3.0", + "bom-ref": "any-promise@1.3.0", + "author": "Kevin Beaty", + "description": "Resolve any installed ES6 compatible promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/any-promise@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevinbeaty/any-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/kevinbeaty/any-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevinbeaty/any-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed4be629a95646dd708232f546b1b1a12256ff44191487a0a5e1af646f648e9f2fad1bb9e574c76f09eaab61a95e6f6e2db72e8719b722a5fd381e0c651d5bd8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/any-promise" + } + ] + }, + { + "type": "library", + "name": "object-assign", + "version": "4.1.1", + "bom-ref": "object-assign@4.1.1", + "author": "Sindre Sorhus", + "description": "ES2015 `Object.assign()` ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/object-assign.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-assign" + } + ] + }, + { + "type": "library", + "name": "thenify-all", + "version": "1.6.0", + "bom-ref": "thenify-all@1.6.0", + "author": "Jonathan Ong", + "description": "Promisifies all the selected functions in an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify-all@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify-all.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify-all#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify-all/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44dc501ffa88f3fb77b615c90f072cb543b8cdeaa8eb8f94cbffac355441c785e7d8e5fe399f683fe8899cd16aa6516b6b665455e28249ada85568b74f8b9598" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify-all" + } + ] + }, + { + "type": "library", + "name": "thenify", + "version": "3.3.1", + "bom-ref": "thenify@3.3.1", + "author": "Jonathan Ong", + "description": "Promisify a callback-based function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "455652215e481b5d079377a7a2dae1bf3d13f5e9ba7321c12e41ff60066e2aa77c85190a8527c218870fd8a518d043f19ddcc034198d965cd63f06a4f9b85e4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify" + } + ] + }, + { + "type": "library", + "name": "pirates", + "version": "4.0.6", + "bom-ref": "pirates@4.0.6", + "author": "Ari Porad", + "description": "Properly hijack require, i.e., properly define require hooks and customizations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pirates@4.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/danez/pirates.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/danez/pirates#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/danez/pirates/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1a2ec1fb59e6183e20f6e4b0ee2d1458fe2fba1da3d8afa1b539494ddfda2dce4493c4a9ee6d1f514f14b7fca939d2cd60d894e01705900d0ca9942e7f48766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pirates" + } + ] + }, + { + "type": "library", + "name": "ts-interface-checker", + "version": "0.1.13", + "bom-ref": "ts-interface-checker@0.1.13", + "author": "Dmitry S, Grist Labs", + "description": "Runtime library to validate data against TypeScript interfaces", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ts-interface-checker@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/gristlabs/ts-interface-checker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63f6abbdb9feaebcf72422a5f42e2454d7d37d29b6fe6129e454b3e44b194803463d2950ae9448e4ce0f285fa6267139da338ef743e73d273752bddb4d0c3480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-interface-checker" + } + ] + }, + { + "type": "library", + "name": "tw-elements", + "version": "1.1.0", + "bom-ref": "tw-elements@1.1.0", + "author": "MDBootstrap", + "licenses": [ + { + "license": { + "name": "AGPL" + } + } + ], + "purl": "pkg:npm/tw-elements@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/Tailwind-Elements.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwind-elements.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/Tailwind-Elements/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tw-elements/-/tw-elements-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "214afd616da5f7da13559c6e563420eaba6e0a9a3a559a9b68a19899950d555b2849553f9633e9909018d8f9ff9a8ae55f028f84ff4c4cf3503255a8b2a1cbe3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements" + } + ], + "components": [ + { + "type": "library", + "name": "tailwindcss", + "version": "3.3.0", + "bom-ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e5e5171f98724949f245e20807e4fc5332af83e6f5c938efb1b49bfbacdb7e3856e8f7e79229a040c1e5498602c4a94c19abfb86618f35b4e09b855e46ff7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "14.1.0", + "bom-ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@14.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e5c08f95826e1212539b1553e94c84fb494ed1dea9362fb3f276e31ca2489a54ab96bfd77f53e1a6fd001df0d0cbbb291359391cae339e0f63e9d6b31e0531b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "3.1.4", + "bom-ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e8388ce04eefe1ca13138bb303c53ffd686d3f0ca18a29b77b28c43050a7529cdbae42bdc091e02834f6991f876ed4ab77f36e6d56984cea52a63525f0d41e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "tw-elements@1.1.0|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.0", + "bom-ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0391a9aaacf7269010ec2e7faf40322bb6449b364bf9003fccdf6db24a8f64a85902218925ca6db11265a4c28f98dffa99a37e2dcc43cd530e32ef230276fe7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-nested" + } + ] + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@popperjs", + "version": "2.11.8", + "bom-ref": "@popperjs/core@2.11.8", + "author": "Federico Zivolo", + "description": "Tooltip and Popover Positioning Engine", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40popperjs/core@2.11.8", + "externalReferences": [ + { + "url": "git+https://github.com/popperjs/popper-core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/popperjs/popper-core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/popperjs/popper-core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f5b2dd1a92c0ab9fdb06661a7c18c63006742c6ef016b19017e38a1734dbcb1c6a8039ca15c668d98a886cb7043b4aa2a76d1e3b6a474d8beba57960fcfa0e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@popperjs/core" + } + ] + }, + { + "type": "library", + "name": "chart.js", + "version": "3.9.1", + "bom-ref": "chart.js@3.9.1", + "description": "Simple HTML5 charts using the canvas element.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chart.js@3.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/Chart.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.chartjs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/Chart.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chart.js/-/chart.js-3.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "468d896cb9af83cde05c5e45e2c9e2690fa54db4afd7c13e4c87f670e7a21f522a7763c614eb5e9be0d4b9f319b02270144ef2c0f3a97d7141c114c6abb761eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chart.js" + } + ] + }, + { + "type": "library", + "name": "chartjs-plugin-datalabels", + "version": "2.2.0", + "bom-ref": "chartjs-plugin-datalabels@2.2.0", + "description": "Chart.js plugin to display labels on data elements", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chartjs-plugin-datalabels@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/chartjs-plugin-datalabels.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://chartjs-plugin-datalabels.netlify.app", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/chartjs-plugin-datalabels/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chartjs-plugin-datalabels/-/chartjs-plugin-datalabels-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d78654df4947ee7f3da2af80e1b59a24f9c01bc6bb65393b74a7f8f1803332f26342d8eb820e43a64f5ff8b6e3085e9ba71dd10064de2f5dc85e929063246f97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chartjs-plugin-datalabels" + } + ] + }, + { + "type": "library", + "name": "deepmerge", + "version": "4.3.1", + "bom-ref": "deepmerge@4.3.1", + "description": "A library for deep (recursive) merging of Javascript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deepmerge@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/TehShrike/deepmerge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dec52a6cc11cefb5eaa5d34eec547246883e796de987e19809b8feacafae63244cbb0b15cb4acc895b4f9fe40994a16f58fff53d8a5aa6a627d0c7b6927167f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deepmerge" + } + ] + }, + { + "type": "library", + "name": "detect-autofill", + "version": "1.1.4", + "bom-ref": "detect-autofill@1.1.4", + "author": "Matteo Badini", + "description": "Small javascript library to detect and even prevent browsers autofill of form elements. Usefull for implementing floating labels or applying custom logics/styles.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-autofill@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/matteobad/detect-autofill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-autofill/-/detect-autofill-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad081430091fdb7929c00d09810bb0b8b53b9e0419180a5e964a97c652460a3bff8cccfc6a6068fa1b832f1f370a987d600932be56e9d7daf69a82f9115cfbc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-autofill" + } + ] + }, + { + "type": "library", + "name": "custom-event-polyfill", + "version": "1.0.7", + "bom-ref": "custom-event-polyfill@1.0.7", + "author": "Evan Krambuhl", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/custom-event-polyfill@1.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumarharsh/custom-event-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/custom-event-polyfill/-/custom-event-polyfill-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c30e47790e4699c5914cf29fb5237c8096f337ad2af5c1bace9621b8c898b08a731937ccff8862fb05394392b25c6139a05126f8cb054273765a52d3ad0bbeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/custom-event-polyfill" + } + ] + }, + { + "type": "library", + "name": "perfect-scrollbar", + "version": "1.5.5", + "bom-ref": "perfect-scrollbar@1.5.5", + "author": "Hyunje Jun", + "description": "Minimalistic but perfect custom scrollbar plugin", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/perfect-scrollbar@1.5.5", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/perfect-scrollbar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://perfectscrollbar.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/perfect-scrollbar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/perfect-scrollbar/-/perfect-scrollbar-1.5.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7736a57eeb723f77bf14ea5d96156bc8de002795c355ab955b1c9b4a42d999a905136b12df2de97382674a9af0f2d1a61ef91a1b911daf94fb2c14d9f96594da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/perfect-scrollbar" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74ecbedc0b96ddadb035b64722e319a537208c6b8b53fb812ffb9b71917d3976c3a3c7dfe0ef32569e417f479f4bcb84a18a39ab8171edd63d3a04065e002c40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "version": "5.1.1", + "bom-ref": "quick-lru@5.1.1", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/quick-lru@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5aec802d18d63c31adb7fc3326269d3b901763ef2167cd215697ba3328af82b691116ef9d57dd26e146f1b778b28e60dfbc544bea2dc7f7c1d9ede386784b848" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/quick-lru" + } + ] + }, + { + "type": "library", + "name": "validator", + "version": "13.12.0", + "bom-ref": "validator@13.12.0", + "author": "Chris O'Hara", + "description": "String validation and sanitization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/validator@13.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/validatorjs/validator.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/validatorjs/validator.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/validatorjs/validator.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "73543498288f960753555548248ac1bb136271813eb7fee829e23d3162e3ddf87fbaad8fc61ff779e59b559e0e7065b54d47f9dc0b749e31f0e5231d037b6632" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validator" + } + ] + }, + { + "type": "library", + "name": "winston", + "version": "3.13.0", + "bom-ref": "winston@3.13.0", + "author": "Charlie Robbins", + "description": "A logger for just about everything.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston@3.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/winston.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af089d980d70dd21388f413932e22e7c587224f0431bb36eef5464668af5a76faa1ef25267d1980c0f3503295e41c65b87ff95e878de05d7e74d9266f6b49e41" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston" + } + ] + }, + { + "type": "library", + "name": "xml-formatter", + "version": "3.6.2", + "bom-ref": "xml-formatter@3.6.2", + "author": "Chris Bottin", + "description": "Converts a XML string into a human readable format (pretty print) while respecting the xml:space attribute", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-formatter@3.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-formatter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-formatter/-/xml-formatter-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a75a17af64d3b07df645521ce5d5631c85af2514b654809ecdcc5b39520e193850a8361786617cf527d233fdef9c4e7f6b0a4b93d46c1369ccfe6259851ce1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-formatter" + } + ] + }, + { + "type": "library", + "name": "xml-parser-xo", + "version": "4.1.1", + "bom-ref": "xml-parser-xo@4.1.1", + "author": "Chris Bottin", + "description": "Parse a XML string into a proprietary syntax tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-parser-xo@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-parser-xo/-/xml-parser-xo-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a07f6cbdd3e63a7bd20ae61a0fb9e99b547274dcf84349d8657449a0cdb8a1ceef64d17068d2c7dc1716928b85b53e5512488d6893e309d09097527f94e0897" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-parser-xo" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "version": "0.6.2", + "bom-ref": "xml2js@0.6.2", + "author": "Marek Kubica", + "description": "Simple XML to JavaScript object converter.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml2js@0.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/Leonidas-from-XIV/node-xml2js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f8ae2787682d445dc112d0ac718f825681a5101c393eab01dc60e0851df8b02b3eed3953cbabb1e3abd74cd5608c87296a3047cfee131c3880a1be8b6265e80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml2js" + } + ] + }, + { + "type": "library", + "name": "heimdall-lite", + "group": "@mitre", + "version": "2.10.9", + "bom-ref": "@mitre/heimdall-lite@2.10.9", + "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/heimdall-lite@2.10.9", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/heimdall-lite/-/heimdall-lite-2.10.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2461c6dd654cc64d0fe72259a9ce9c523f6cc15b5f4dab68a0b6408109cca569420a5f72a47f4d15c350a49f04c5300a91b4c4aa9d260f00155d13e8d4cec663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/heimdall-lite" + } + ] + }, + { + "type": "library", + "name": "express", + "version": "4.19.2", + "bom-ref": "express@4.19.2", + "author": "TJ Holowaychuk", + "description": "Fast, unopinionated, minimalist web framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/express@4.19.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/express.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://expressjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/express/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e53ea7863b13f8438ccee724f098c11c04531df321b743cece503ad16576a4c0f78325f0d8b66767eb9e19d3711bed1c6a538971629ba4572eccb67dd585aaf5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "express@4.19.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "express@4.19.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "inspec-objects", + "group": "@mitre", + "version": "1.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1", + "author": "The MITRE Security Automation Framework", + "description": "Typescript objects for normalizing between InSpec profiles and XCCDF benchmarks", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/inspec-objects@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/ts-inspec-objects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/inspec-objects/-/inspec-objects-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a7136eb75cf5d4548971c289f5e7466f82a8cf013f3f797022b0b49b04307009b52f45647794525979c232788ae0db3f437334472066b39cea8733e4fcd8038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects" + } + ], + "components": [ + { + "type": "library", + "name": "fast-xml-parser", + "version": "3.21.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "author": "Amit Gupta", + "description": "Validate XML or Parse XML to JS/JSON very fast without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@3.21.1", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1531558d8a013994c97a4894b1ac06b12615f502f403ecc3602463ef2df820ee8983ed8831812d41af9b6e272da5da55f1d1f15f2c2a53b0b48110c4385b4116" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "7.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@7.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fb308980e0c4ba730ee76f2511b4b3ced539acec2e47eb4d8b4444eff79cf53313bfec23fbac355139e85461e60151810e37de0d5d70c43e666eabe857e2ca2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "4.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1abc28c5837eb969733bcba1517465d0ffa41c4e06b553df63354b714c4f2fb28d7472a3ebabef9618b07881ea6185d6970f93f222cca78d8b9baee0870e1631" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "2.8.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@2.8.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de828e87e9ef63392088698e0a1b06299811fa0f8f1d55c740525fd3f7d1605d656d9620a5344f505dd24cf678d67d8a48ca8076c4c8ac7c041e87d4bde1dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "1.4.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@1.4.1", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-renderer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "547c01dca7eb70e3a47a5106d9939fc6a2d975f92297c3ed262e0ff0dd8c317b9c66adb22e9ef90a5562525395c32a071038d8538df702afb9cd63fad7e4466a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer" + } + ], + "components": [ + { + "type": "library", + "name": "entities", + "version": "2.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@2.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7dda27f9373eb5f48d30f9a909acb647d0c5f43dbe435f7f573b0413b5749d41039a607d374b5b88429e2684e66d017af1ab85623baed84e22c1a36eb7f28f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer/node_modules/entities" + } + ] + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "3.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a2c81aa8a26af031d146d5ed24aaf01261f9e56f4969f0ce68e45c36385ab584d671c5c364f089345e6ecbc73061ba2767641fd4b41a950a0533de404e3f9d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@28.1.3#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "378193e689fc5246601f43b92d46af3115751031213532f42847d198321e647495ee9d9780ba18f6df550d480bea8fb27dd8181d5c6ecfcd46f2807d546e6ec8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@28.1.3#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "088281ae568a3b303b606d7d044a82c3748b22c1308d991e2737f96dda285675b86c7e5c92da9edc95fe1b6615d5a2b9bcff0df676b5206585cd8693a7a93a34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@28.1.3#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40f0243f913029d2bf6f122be82d48e15b34ae6da71e200dce3fd9e57d89424ad9a3a22abc2e25759f4af79b45d0776276103c068e9e8314b35053d829c1172f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@28.1.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4728e2c8c519acacff73ece53053b5a66ef40dc225493f007964e4a147597af7b0e38c1c359407b0454e88256d8159e51450fcd853da5f2732b39f1c7f69ae55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@28.1.3#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c5767f487b06ede7be7328f7f5dbce87b7d10fa099984fb3f4918f9189b7986765ed3abe77a432c41684d65db7758782621a25a94c10bce1f73cc4c5d031bee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@28.1.3#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dda9fa47c29712464a3f0b7e6e2d814cd9e991025b4820a66227d7809a18ec8f40aa64c6b4a7589bd11e5f588a86867d5ad74dc379b4dba6a21a3f5a8243ab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@28.1.3#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26e032ef093141954d53f57a83dc4acc2182e4b557c7d14370004ab125e9e4c88a3c4136d78e1afef5d3103a32ce352964a7d5c29d3c5aa83903859f4cc0338e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@28.1.3#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "919024c67484f85a84f188d6f2036ea159240bd23b4b5aa67a797cb0670338bae8a4048ff8191c18ac215e8caa42e18e19e618d32fe2c63addfe2111a445c736" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@28.1.3#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb9753e5d8bea0523a85f70b38719301f994c4546b8cafaf9da3f4924568c3d31dfcced5fccc6a40c3b3fd5576e5464ef29cde03d3e37d3a4ebba043bb048f40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@28.1.3#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aa440db6d1857fea30a8f155af02dd4a2b1e9e7a4d5520730f78b11ba5c7d27e411e5b204da69ca733fa3aabe5a6c3eb0e868b369a5df8c196d25f71b5dfffe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "1.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@1.9.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012141ba9d0ccf5bb28888c035a9f58f32d06a68bdcf53e86126428a2616d857333db7a75dce3915974164bcce4feafafa2722b8432876d982b62fa18da024d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@28.1.3#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd2f914160d771c5c32925a79076bf74fc2dfb6ab003c089cd1eb5c37168602be8a373e7f2dbc6732b26305d018f4117e5162f008d8422f0b9ece9a8b5f76d28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@28.0.2#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2cd08832348cb4cbd14af9c8e8558a316a64fb65ea3b321cea446c7b6036266909f5c2e718f6ba2d886901cf370c5d3b63ac200ffdfedff84d05efe7f13cd77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@28.1.3#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ac68e7d45895e4da77d9b7d48fc82f2003590d7dd28b9105b2cec325aaaf26b184a534a7e66717d18199f809de0c195505fbbbfa741b347794ce00a6bb88888" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@28.1.3#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "306dc836307227427802c3419bb4f786cbb1290a85222468fc052a6f5abd2d1288e5453a01aafd2476ebf48be7d535707d40fd2a2ad1a0cfd3eaef1795c40f1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-config" + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@28.1.3#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34830f12aa9ae7d3169c38b592f5d7a586eab1f426489b086e777ce667551a48837d0f564104d738bb2f21251fa279a7053fb0f395848277828a01047470c5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@28.1.3#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a951a3ce116324ddc597d0cfec3ef0871c27bd7cc1406bff615c480a3fc9c57cd97f8e51a413db9cabd36a9191972c376e089612d14bd294f5300b44beac7e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@28.1.3#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "719f9e4b9cdcefd301c2df88850862129d0e78175da5cd67f0c068d67301f00ee83cc2843be4ab7bec0768b25ec50523f586bff0d3816344444948188c1e9fa3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@28.1.3#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b7f8d1c3054c490ac847f9f3947d233d566b20e31e81eabedb345c5604ab228cddc1560e978ca2a28a4c017d2d261032874f52587c14aa6da0cd9870c5805c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@28.1.3#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97373c0a951b4a813876a4f453e835a8e0d08c14473e908f5e2b2c5c3e264bdfac5907669a9789f73487d6b4b51c492bb0c3747dbee72ab27d822011d5ddf007" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@28.1.3#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "784874c67f0796cb8e07116022cb3eda65fce55012e10cb739292357bae5056963b40e28587dfb825546c8e65266f12b0d3ff2072c1974f1b0097b93bd21bce6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@28.1.3#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e25ccc82d88d95cdc353ff2565f9aac4ddc0603e8618b6e5fbbdab741a57bdc57ec215fb983ad113390f769d919e67c8896060d586ee15291776e17625c69f26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "0.7.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "author": "Desmond Brand", + "description": "An ES6 string tag that strips indentation from multi-line strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@0.7.0", + "externalReferences": [ + { + "url": "git://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "43a7ca50faa7007032862520154ec15332e2bf491df2c687f5a97bb67bb943fa248fa767ba9c724e01480635732404dd7c8026f4d02cbd73738da29af9bc55c8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@28.1.3#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ab4f5cf8b20db2001539ba880e6d53ef4a548c4250c0e3ca30c74ec10cf0226ac5b4c98a581d83a8e071cbcfdab4055cc3554e2120b163cc9c344a8f5a08bfe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@28.0.2#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a88f6c3dfc3c526077ce9b994928275c0263c9cd05e66ccfd4ae5deb865821acfbd3dedb7eedaffea1773d6b390a98bbe88978ed57cddb116aa2fafb399e53c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@28.1.3#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2015bfd3a343a6c4747df994dbd780dfdaf371746097f20d71586513a94c394e266f7107f9b0728e6dde5470fc8b2f2a303700c03131775d6386d41ea6c65d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@28.1.3#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "910789eea1de98a7dbccaa068c71eb44a1fa6ad831324f049e493688f4375f03baa04fca603f253183b388291e481f46e1a74f3389d1d4313c4dfe497961fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@28.1.3#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "354fbcf3549c05040b7352471b9789194ed48b790b2ab9b008f3ed62c26d072922c6b3363a15509693261562633320df7641a004c3635c2181fde6f3b2034643" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@28.1.3#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba03fa5ce844a6300484662fa795e3f7cf67b39701d4ae99763058b92df4ba64f80901044dac5288f719fc4d64164b57e0692b70ce2abb4ec82250d85f5829f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@28.1.3#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ffc0e90bd8f387bf9da1fa89393a3ff580e1bd1d2cb07683ed16c44252694220b5cd9f97885a67277770c88969499e91af42d99a8ea04ff79122d048a6c5f2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@28.1.3#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a372768ebe9d30c598547e0b87f34a9835dda2caec2608b802f892f285cbba3723a423016f514cb1b9439ce5ca64a7d28872f162e6f5792d081ee457b22a3d78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@28.1.3#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6755b7b538c4e9068d23dd2aa3f049a5f9efa71b5a153170e420e0c29c84fcacfc53fd3a3751e37f889af6ab94842877f6a206585d59bb1162062250c1211829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@28.1.3#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a4330e03ff451277ad8e54ed281208e7db74ccf9825ad94d96bb9cf3f71b1007533158a0ce96b9f290fc6732c374b6726595f2cf8a71d391aeb5bb44216b104" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@28.1.3#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4996ce181584b1a4f104608ea6c45695796f364bd3918d17c517e1ef3626bddf2e2f9433ca0d021c05e25ca44e7e587cd35aae03afbf0ec4f83830ed84e0bf38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-validate" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@28.1.3#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9ad103b64345f342834fa2e31b09cec1bedb1e9bc7908153cd9309fd2e74be4769fc0da5433cbfd4d609e00b42d39754585c9534b896b604c0b60db4df16b1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "1.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "author": "Luke Edwards", + "description": "A tiny (813b), correct, general-purpose, and configurable \"exports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcdb691cd0cdee35a101a43d06f054619e984d7b110607ea58558fec16416a83093bf2371b9385cef4ee58d9590b768f8e29ecd45f9336b2cab066c7e2b7ec45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6884ea3b09cb6a7a472cd5d924435b3a08d405e1e8703fb1b1226636b8e8bca056e476d2a56dddd69125b3b18540f5165e2c06f7ed0fe06b477c4a82ff833423" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@28.1.1#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df06b2055362398c7473001b97daf09b990a14ff321c7dddfdf90468bd3634f4e40e88cfb6178607b1d9485638c335fe0f1cabbe15f3d0a482564b260a49c2b8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@28.1.3#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58554986742c88ab43128e651b698cd2fe344169c133eccc7471f226cf00599ec9d106494b9f4cb3229e2475a1a416411f7d92e3c14e56f1b23854f58740e5a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@28.1.3#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b78a9caa3f61cdefa3be214f50ddd802d0047859ebfdacc84d740430045fe5c330298d923014670904d72e2c53976d0e47a98b87d28b32b8152602484b29bed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "9.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@9.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04f4b8ca7256fe8f763d4478c20ae2cf651de60a524f9bf3e8641f322c440cad19f19094bf633b4a404bca41f9e93fbe5ecfbc967f734c66cebcd1887b4dbf8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "1.8.6", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@1.8.6", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2f9790092a3d94a6dcd2c17949e0efb101425ddc99e2612136861dd607f248d507e6ae9f74b85c146d8b6cedd7b9adb7498850388dc587a8266e9dad5bc125" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@28.1.3#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c55383f8a61cabc825eed696dca8c3b419241c61ed48b1a958083cd137285eb727b2c4c708c5ad75a8f343a5534b7ab7ad22d36a126618427d54633ff9c7534" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "28.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@28.1.2#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-28.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "715f0bc7705e4ad25bf22a4f1e7a95c3f20cd9508c58eddcad6673628752224c579d1717262a42771d4908ad0ae4cb09268b994131fbde6cdfe2f83145a1fdc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@28.1.3#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2f6e2f4b52b1c92e7dcd9435bac05da1bc832d77825497640d56b8eaf880521e2ae07eb477a3d46756dc7374418eda7f49c885b01e72df6f2e4acea04683660" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@28.1.3#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f11a8fd41fce5f38e34d692a317ebb8aa830055251802c8a0f72fd9eafba66a24c76f8c4f1180792da99ea336b91d313f9d26e60d237ae1429c5acfb76b2477f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@28.1.1#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "154d2215a1ff136ddaf9aef5f25f106bfd7d6c5f69d3a9201342a2a4c38c69dc1add28e768494accf6940b4be789bb3afc1ffd9e2f7bb3ad6671e8e4f16d5f43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@28.1.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe5fd55ac76dfda057823b212d6385c85b77215758ca9bb9cb65a7dab38ed6e9fa9e4a889fc48b5f38083185c5c98b11583c85e44b6198a24c21d26f934f20ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.24.51", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.24.51", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4fd4e44e9bfaddb9b3f96850d265020b534beb2c22787ef1ede84a2a1c433ed83fc6e4c2b76c86b299428b8adf09b3d81b9ece54c899e43ff4d944e2f0e2d50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@28.1.3#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae863792faefe7b0339f5c8f81d4de6cf017bdd476c5f7b368a298cd5c59e88b7fe4d0b1cc9ca6ead508e4fd7391d5a17d4624c4423db9959c41d6852e8f2625" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "28.0.8", + "bom-ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@28.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-28.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45686d255e644fcc0a62c7ca051bc44a8c0cf87a1b66f3230a393cb91d7ddf63a5bc926bceae6718d212831255b9d85268bfe7258546eb280aa87e78f89974e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@28.1.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fe7eea49be55801db41f9fbe1ca0d5f7cdfeb42d7309b1eccdbefc7c78887b88e47596e275a68c5881093517c3d8b4dabfe903830c70aab129d3152582e3dd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@28.1.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cded50a0267e79115293dda5af7c798ac04749d5fac4855196441ae43611b15dd72e1238bb43e500cd1c0abe6dbf5af9b6d7bd8402e1bf880ff4c720c714e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "4.9.5", + "bom-ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@4.9.5", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d455e4f44d879be433650ef3f8c7098872f8356d45d84cccbbd36af62df301a1aa89b69fa98c02554e96c9602ec90451cce971a2ef31652c972c437ca0a8f6e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yaml" + } + ] + } + ] + }, + { + "type": "library", + "name": "flat", + "group": "@types", + "version": "5.0.5", + "bom-ref": "@types/flat@5.0.5", + "description": "TypeScript definitions for flat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/flat@5.0.5#types/flat", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/flat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/flat/-/flat-5.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cf2e58d940a4a769ce77283503ceecdd45f188d130dbe6a3eb6fe4ab43237732d750ace9c6b0a9e21cdd62619b0910121542f7bde18ea0373db6b2021266af9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "group": "@types", + "version": "1.2.3", + "bom-ref": "@types/he@1.2.3", + "description": "TypeScript definitions for he", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/he@1.2.3#types/he", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/he", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abaeffab09716e50f3103bf31e1564c1cd60cd55b168dc5ec87501178c4496bbe32f5d4ef98b737bed5f1a904796bfc7f66ca20546945cd9cd3e6047c717c070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/he" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "group": "@types", + "version": "0.7.0", + "bom-ref": "@types/json-diff@0.7.0", + "description": "TypeScript definitions for json-diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-diff@0.7.0#types/json-diff", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-diff/-/json-diff-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db4209aaea461f2c2d21a13a7d2df48b2821ddd56a55dce6b27ad89ff545b916902b12f1fd1187e4af618427dcb55c6037b2b32659c3ee060500eacdc220a0b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-diff" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/jstoxml@2.0.4", + "description": "TypeScript definitions for jstoxml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jstoxml@2.0.4#types/jstoxml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jstoxml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jstoxml/-/jstoxml-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c750ca76b7c09f254b0ab7caa396ca595a59157af785836785fe4455f022a2350f8577798991f7b12035ed6449c6ff868965109534d9f8eb335d75254850dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jstoxml" + } + ] + }, + { + "type": "library", + "name": "lodash", + "group": "@types", + "version": "4.17.4", + "bom-ref": "@types/lodash@4.17.4", + "description": "TypeScript definitions for lodash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/lodash@4.17.4#types/lodash", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/lodash", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1808fdba64bc5a4f7477f6488ddbe1dc278913777535c1a23f718ee2bd662a14fea95b764da6f8ba59de8f1d9c7b4ffb7ccf4be5917320dd060b6bb0d9fc825" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/lodash" + } + ] + }, + { + "type": "library", + "name": "pretty", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/pretty@2.0.3", + "description": "TypeScript definitions for pretty", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pretty@2.0.3#types/pretty", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pretty", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pretty/-/pretty-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c51f7aa5284d96bc4b777819ab30a76da0266d88624588d6e750831637a4b597a6aa9059040024330c66e2006b6893ffc5280a72c4212d77655cec03356a3855" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pretty" + } + ] + }, + { + "type": "library", + "name": "flat", + "version": "5.0.2", + "bom-ref": "flat@5.0.2", + "author": "Hugh Kennedy", + "description": "Take a nested Javascript object and flatten it, or unflatten an object with delimited keys", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/flat@5.0.2", + "externalReferences": [ + { + "url": "git://github.com/hughsk/flat.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hughsk/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hughsk/flat/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fab2e103fb9ff7ad3a5405d1b582ea4897c30f14200c034417c269632e1bc250a714bdd138816932f73a6e1827171ceb33e09f703c6356aba38aa66233cf785" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "version": "1.2.0", + "bom-ref": "he@1.2.0", + "author": "Mathias Bynens", + "description": "A robust HTML entities encoder/decoder with full Unicode support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/he@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/he.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/he/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17fd439d418fa29391662d278be0afac28074391721001d12d2029b9858c9ab6d2c28376327ffb93e1a5dfc8099d1ef2c83664e962d7c221a877524e58d0ca1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/he" + } + ] + }, + { + "type": "library", + "name": "domelementtype", + "version": "2.3.0", + "bom-ref": "domelementtype@2.3.0", + "author": "Felix Boehm", + "description": "all the types of nodes in htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domelementtype@2.3.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domelementtype.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domelementtype#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domelementtype/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38b113063eb0d0eb1a801c1d5e73dd37472731f17da2937af5ca3eed9adb7cf1ab7693d5341523d36b298ba07537bc0284b4223e7e02487ff326f5f0e7a8261f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domelementtype" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "4.1.2", + "bom-ref": "chalk@4.1.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a9db845c91217a54b9ecfc881326c846b89db8f820e432ba173fc32f6463bfd654f73020ef5503aebc3eef1190eefed06efa48b44e7b2c3d0a9434eb58b898" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "chalk@4.1.2|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "3.0.0", + "bom-ref": "slash@3.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83d43585a79bcb7e8e492b706f89ed08618668ab1a5528d0ebc7c1c6841cbad9797d2d6fb98d7c1f7c12b778c5c85b6b931f8acf45751bce40e0cc80743322d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slash" + } + ] + }, + { + "type": "library", + "name": "v8-coverage", + "group": "@bcoe", + "version": "0.2.3", + "bom-ref": "@bcoe/v8-coverage@0.2.3", + "author": "Charles Samborski", + "description": "Helper functions for V8 coverage files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40bcoe/v8-coverage@0.2.3", + "externalReferences": [ + { + "url": "git://github.com/demurgos/v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://demurgos.github.io/v8-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/demurgos/v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21610f120780dbe73bd90786b174c1c6c046908e467316342237d2d562f2050769d25075bdb58a715ab88fad60c0488c626976b1f3744470bc6e49d9c63d9b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@bcoe/v8-coverage" + } + ] + }, + { + "type": "library", + "name": "collect-v8-coverage", + "version": "1.0.2", + "bom-ref": "collect-v8-coverage@1.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/collect-v8-coverage@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/SimenB/collect-v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "947978779fce3446cb949bda24db6c17f2f3f96bc1d3bbb6c9ca9361b76babb532a435da8a5112e2f6a561bd9e5a2245c599559a919e91faa8c50873c85753e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/collect-v8-coverage" + } + ] + }, + { + "type": "library", + "name": "exit", + "version": "0.1.2", + "bom-ref": "exit@0.1.2", + "author": "\"Cowboy\" Ben Alman", + "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://github.com/cowboy/node-exit/blob/master/LICENSE-MIT" + } + } + ], + "purl": "pkg:npm/exit@0.1.2", + "externalReferences": [ + { + "url": "git://github.com/cowboy/node-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cowboy/node-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cowboy/node-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "664fde34a576cdb8e92b3aec43e9f51baa6855b12b4312742c13895da299d445622f31fe86b2eef5c757238cf0f5d05026c970044a5b4363f5a12ee70f1b3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exit" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "7.2.3", + "bom-ref": "glob@7.2.3", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@7.2.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c5474ccba54d9809a471c28089bcbe94bc21f6245c85548bf04cbb087f6d40b8794cb240358614dd93e2e5609b4e958b7dbfa76fb330f604646a04bfa240af5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "glob@7.2.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "glob@7.2.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/brace-expansion" + } + ] + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45b279fe398570d342703579a3d7939c12c9fc7b33595d0fef76dcf857f89d2feb263f98692e881b288e2f45680585fe9755ab97793ade1fcaac7fa7849d17bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "version": "3.2.2", + "bom-ref": "istanbul-lib-coverage@3.2.2", + "author": "Krishnan Anantheswaran", + "description": "Data library for istanbul coverage objects", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-coverage@3.2.2#packages/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc769b05fabd1657ff0c35129f9e6aed09686e2a3c6bab6c3e8e9cc12f95192938b62de5569d63a6591c4595eb0938d99cfb02c01af29064439a9e4a342c54e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/core@7.24.4", + "author": "The Babel Team", + "description": "Babel compiler core.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/core@7.24.4#packages/babel-core", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20core%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3015653173fe924979dfde1104b4b1c64fe22d37951ae5d35777080d76af3e930caa74a7b7a6a92a06a7fd4f0edd44966425994ff4db81f12929ae2e3203780e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/core@7.24.4|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/parser@7.24.4", + "author": "The Babel Team", + "description": "A JavaScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/parser@7.24.4#packages/babel-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A+parser+%28babylon%29%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd3bc405c82199e0666bd4081ae9d67afbc1029e3f42ef4176afb69343ade1f54c0fabf776c0bd58e71148a93bb5147204cff9df228c264a3dc4e6ad1900304a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/parser" + } + ] + }, + { + "type": "library", + "name": "schema", + "group": "@istanbuljs", + "version": "0.1.3", + "bom-ref": "@istanbuljs/schema@0.1.3", + "author": "Corey Farrell", + "description": "Schemas describing various structures used by nyc and istanbuljs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/schema@0.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "657458e2336f56049543c0cbdcb4dc6a4680b57c13554c44f3586c96cc83d80b685d6ff05686f5d0790e2755ffa4095c23b0fed98a192a0e5da3c1bfc3a45880" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/schema" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "version": "3.0.1", + "bom-ref": "istanbul-lib-report@3.0.1", + "author": "Krishnan Anantheswaran", + "description": "Base reporting library for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-report@3.0.1#packages/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1827c4d66b6c1c63842c253c7bf67b616ce99b26ebc7ff9d4937cbaef63ca9199a63acd74ca5a7e964088da005c34ebd89c9ba19530d920bb437323888f65437" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-source-maps", + "version": "4.0.1", + "bom-ref": "istanbul-lib-source-maps@4.0.1", + "author": "Krishnan Anantheswaran", + "description": "Source maps support for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-source-maps@4.0.1#packages/istanbul-lib-source-maps", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-source-maps", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f7b3c13091d1482421b704f28162fb248171a8cbcf00473bde8248ad93ad0dc5177096d2ce4da1fb09488c457bf0628ae5d10ef5da212371607e7cafccad657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-source-maps" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "version": "3.1.7", + "bom-ref": "istanbul-reports@3.1.7", + "author": "Krishnan Anantheswaran", + "description": "istanbul reports", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-reports@3.1.7#packages/istanbul-reports", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05ec265172267ae464d986343d56f180a032b2f8513d4404d21e5044cfbe9d55b2b9b28657497ca90e68a7cf81d833a6c127badc98af8f406390f4157fc7cfe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "merge-stream", + "version": "2.0.0", + "bom-ref": "merge-stream@2.0.0", + "author": "Stephen Sugden", + "description": "Create a stream that emits events from multiple other streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-stream@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/grncdr/merge-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/grncdr/merge-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/grncdr/merge-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-stream" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "8.1.1", + "bom-ref": "supports-color@8.1.1", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@8.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3295043763a876d533c6f29097bd9c505ed14391221ec1af4ac546d226bd73945b5862f6088e02ec4a4f4bc513048a659e5cd988db95e7ac3e16e371cb7b72d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "string-length", + "version": "4.0.2", + "bom-ref": "string-length@4.0.2", + "author": "Sindre Sorhus", + "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-length@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa5eab34de5f607361659cb8d515ec629b428c0d88826ab8106ee4640605408d44d554d76abafa64f5c183a7aaed8e9e2b8144858e80265cae1486ffbff4b455" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-length" + } + ] + }, + { + "type": "library", + "name": "terminal-link", + "version": "2.1.1", + "bom-ref": "terminal-link@2.1.1", + "author": "Sindre Sorhus", + "description": "Create clickable links in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/terminal-link@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/terminal-link.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d059a245440daf93c9ab2f643fb738d05e4139fa469584ebc689c30a111907ba7367144da7f6edfb29a2cbdfe7a705f26bd287f7d9c9fc65c522252460615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/terminal-link" + } + ] + }, + { + "type": "library", + "name": "ansi-escapes", + "version": "4.3.2", + "bom-ref": "ansi-escapes@4.3.2", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for manipulating the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-escapes@4.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ansi-escapes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80a5e3e402eb29640bb181bd8e54d1991ff12a5bb11d5f99f501303488027ccd7fbb03cc0aecd55678799b04ddf8eb8165cc1220c6eab2c356466d65139d5069" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-escapes" + } + ] + }, + { + "type": "library", + "name": "supports-hyperlinks", + "version": "2.3.0", + "bom-ref": "supports-hyperlinks@2.3.0", + "author": "James Talmage", + "description": "Detect if your terminal emulator supports hyperlinks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-hyperlinks@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/supports-hyperlinks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "469b00665a56703c0e3d0036d9a087e09d2decbf09980bec0b17ce484c26edc42cdcbb21377e9069393077bd039c13970d61acb30d9e52873c09a4564f45ee9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "v8-to-istanbul", + "version": "9.2.0", + "bom-ref": "v8-to-istanbul@9.2.0", + "author": "Ben Coe", + "description": "convert from v8 coverage format to istanbul's format", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/v8-to-istanbul@9.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/v8-to-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fc41ffb03831536786c5a8ca7702c20e6438156abe9298b7b829811a9c35c49b67031123943f23f0f122196a4220c22cddc88d0201f47774d3262524633c998c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-to-istanbul" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "group": "@types", + "version": "2.0.6", + "bom-ref": "@types/istanbul-lib-coverage@2.0.6", + "description": "TypeScript definitions for istanbul-lib-coverage", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6#types/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9017fb7f6ae5a6d25b32f17b4a54f1b5f6fdec48e42525efd81d981f8dbfca0411ce19257e276abf4baef5adcabdb9306b2c05e6669a8989a41b313fb3354d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-istanbul", + "version": "6.1.1", + "bom-ref": "babel-plugin-istanbul@6.1.1", + "author": "Thai Pangsakulyanont @dtinth", + "description": "A babel plugin that adds istanbul instrumentation to ES6 code", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/babel-plugin-istanbul@6.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635210a24f7cdb5702f689c2c79a2d8057d19bb2e6f88fb0c313b1ef7f0cfd62cf67d438da6e081b95b414d5fc58b2f6818319a37264b97207d833a958cfaac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul" + } + ], + "components": [ + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "fast-json-stable-stringify", + "version": "2.1.0", + "bom-ref": "fast-json-stable-stringify@2.1.0", + "author": "James Halliday", + "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", + "externalReferences": [ + { + "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-json-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "4.0.2", + "bom-ref": "write-file-atomic@4.0.2", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecac5ab947419927569e6a5a18583ea69363285f2e34baf2f0bcb38dab900ce54e35f14b34aacabd03b167f56e4c8712fe081efd835a85fe512084164d26ab96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/write-file-atomic" + } + ] + }, + { + "type": "library", + "name": "execa", + "version": "5.1.1", + "bom-ref": "execa@5.1.1", + "author": "Sindre Sorhus", + "description": "Process execution for humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/execa@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/execa.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/execa#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/execa/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e4a9659a1c01944100f20420d263dcba3d1f21a2b6595ccdcdbb121e586288e3305327f321cc0cc6941c4d89a9fab4e43ff0b9cc08e091944725edd6f721ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/execa" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "3.1.0", + "bom-ref": "p-limit@3.1.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d839a9ccdf01b0346b193767154d83c0af0e39e319d78f9aa6585d5b12801ce3e714fe897b19587ba1d7af8e9d4534776e1dcdca64c70576ec54e5773ab8945" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "co", + "version": "4.6.0", + "bom-ref": "co@4.6.0", + "description": "generator async control flow goodness", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/co@4.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/tj/co.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/co#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/co/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4156f474ce47bc6fae6b18ad9bcc0e365ee396dc7c76a85f537dc372ab4e65c2d25482920c32c38bbfb42db00a8b223c843f6ee369b66315d290c1964e169e71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/co" + } + ] + }, + { + "type": "library", + "name": "is-generator-fn", + "version": "2.1.0", + "bom-ref": "is-generator-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if something is a generator function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-generator-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-generator-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-generator-fn" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "version": "2.0.6", + "bom-ref": "stack-utils@2.0.6", + "author": "James Talmage", + "description": "Captures and cleans stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-utils@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/stack-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/stack-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/stack-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5916bdf226e919ac5ad349c7ebaab4a2d2f1ea856f1520d19ccb5ea63471a132f65ee1aee5fc2298839e3b0b6afa0182a08247bd53a963bc31a5d885e27745" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "2.0.0", + "bom-ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "529cdc2c25e895459c36ee47b5530761d5c98c0ae3b05f42d1a367aae658638b96fd5bb49a2cb96285af6d5df8e476ae56f700527a51ba130c72a4dc18e636fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils/node_modules/escape-string-regexp" + } + ] + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "5.2.0", + "bom-ref": "parse-json@5.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b208abe6fe98421b13a461148233cda20f072df3f1289d2120092c56c43eef7ba8c7820b059787d955004f44d810a0a8ae57fa1d845ac6cd05d9c1b89f0bc46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "strip-json-comments", + "version": "3.1.1", + "bom-ref": "strip-json-comments@3.1.1", + "author": "Sindre Sorhus", + "description": "Strip comments from JSON. Lets you use comments in your JSON files!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-json-comments@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-json-comments.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9f3dcf91e22870a8fe8dfda22fd9fd60307f25395b56407a2a0b8c8aea8483555a1cba602c7c2aa39179ea89832198cc12fe61072e9ed57a196ddea97a9448a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-json-comments" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "group": "@types", + "version": "4.1.9", + "bom-ref": "@types/graceful-fs@4.1.9", + "description": "TypeScript definitions for graceful-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/graceful-fs@4.1.9#types/graceful-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/graceful-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/graceful-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a253f7b1dd6a3847b97574d2685bd01bed3655d45771dcad58b019b00ab53de714f2ea9002192b9db962ec36a08ed5ca5bf065ed825b52c6bc30f72e73c2c711" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "anymatch", + "version": "3.1.3", + "bom-ref": "anymatch@3.1.3", + "author": "Elan Shanker", + "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/anymatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/anymatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/anymatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/anymatch" + } + ] + }, + { + "type": "library", + "name": "fb-watchman", + "version": "2.0.2", + "bom-ref": "fb-watchman@2.0.2", + "author": "Wez Furlong", + "description": "Bindings for the Watchman file watching service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/fb-watchman@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79d7ad41a9bb826929c1f2321bcd01ce96982c3e62b9ac95437c328ef75031b39342d6ebb71d1426eb0b7d71df7ff86b504083b9dc97465d7a320e94c0b2060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fb-watchman" + } + ] + }, + { + "type": "library", + "name": "fsevents", + "version": "2.3.3", + "bom-ref": "fsevents@2.3.3", + "description": "Native Access to MacOS FSEvents", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/fsevents/fsevents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fsevents/fsevents", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fsevents/fsevents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fsevents" + } + ] + }, + { + "type": "library", + "name": "walker", + "version": "1.0.8", + "bom-ref": "walker@1.0.8", + "author": "Naitik Shah", + "description": "A simple directory tree walker.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/walker@1.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-walker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6cffc13c9796fb918d2f9562dec0e9035cc98f74b7155781a63902f2c6e4acc0826cc1e78566d02c305ee4d4db33cfe4d8050ae56119b33a7af7f7ccb525e99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/walker" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/code-frame@7.24.2", + "author": "The Babel Team", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.24.2#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-code-frame", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb9fad2d0c95f298377ec8a59faec154b0f53f5dc4838961e515bd985d3352ebcbaeff6e210e0c08bf82453f854ec0650637086a7e8f1ac2dc04dd26dc2954c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/code-frame" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/stack-utils@2.0.3", + "description": "TypeScript definitions for stack-utils", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/stack-utils@2.0.3#types/stack-utils", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/stack-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/stack-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5a11b619dd36d83339cf75c76bdd2988acb5f00bf00a65741e09ff4f81aa3908a6fc0b21ee117e63cd63d392fade82f85124772944ee81168196f7271a3a463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/stack-utils" + } + ] + }, + { + "type": "library", + "name": "jest-pnp-resolver", + "version": "1.2.3", + "bom-ref": "jest-pnp-resolver@1.2.3", + "description": "plug'n'play resolver for Webpack", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-pnp-resolver@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/arcanis/jest-pnp-resolver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb7369c10127468201b71e1fca16e54033e0248d07d48108917ed284b5233c603b4ed513bc8d6888a8b7491e28051d21421411f349785807b946b5c1c16300f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-pnp-resolver" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "3.1.0", + "bom-ref": "detect-newline@3.1.0", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cbcfec7fbc45e6fd8ecfef09f510914d2f1629503e1380ca2cc58e9f0152549c931bba91c13a7731c96506f4ea53687f44043eee148e4b7c482630e739e03b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-newline" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "version": "0.5.13", + "bom-ref": "source-map-support@0.5.13", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/source-map-support@0.5.13", + "externalReferences": [ + { + "url": "git+https://github.com/evanw/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "48748a14769d8d5039a11e0f3ea86d01575c056c1161577a83a7005e721b4622307361213eb4ee29405d48bbe510ac883f71827fcf5f96dbdc6623fd30c140d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-support" + } + ] + }, + { + "type": "library", + "name": "type-detect", + "version": "4.0.8", + "bom-ref": "type-detect@4.0.8", + "author": "Jake Luer", + "description": "Improved typeof detection for node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-detect@4.0.8", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/type-detect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/type-detect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/type-detect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1faff9881f57653bec7b4e570ccbe6c80ea28fb30ffbd2d5727875bbf3b828423866a9a65ed74bb02ee8ee6caf6af4b83a162868d4a50a0d8cf467b93b839fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-detect" + } + ] + }, + { + "type": "library", + "name": "callsites", + "version": "3.1.0", + "bom-ref": "callsites@3.1.0", + "author": "Sindre Sorhus", + "description": "Get callsites from the V8 stack trace API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/callsites@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/callsites.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/callsites#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/callsites/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/callsites" + } + ] + }, + { + "type": "library", + "name": "cjs-module-lexer", + "version": "1.2.3", + "bom-ref": "cjs-module-lexer@1.2.3", + "author": "Guy Bedford", + "description": "Lexes CommonJS modules, returning their named exports metadata", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cjs-module-lexer@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/cjs-module-lexer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d133621acb5b426085c2de1a9238c1839a4b4534b28ff3e4590d59a0edb39ed9a0f722ea491c7011ae2209f40b1a3aa18aa05f3896bb5bf13cc1f1ab4c39a565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cjs-module-lexer" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "4.0.0", + "bom-ref": "strip-bom@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df1bab16fe6d1208a2df7662f09b69e79c042082d1f5e877e05016d343d97fe2674ac4e657f8a87b04a0425f7b247be08e8446c0f4a1b169be21daf1077e5dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom" + } + ] + }, + { + "type": "library", + "name": "generator", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/generator@7.24.4", + "author": "The Babel Team", + "description": "Turns an AST into code.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/generator@7.24.4#packages/babel-generator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20generator%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ddebebfa4a78d6571fe7bacfb2d25d6cc4c39338c064c8be3e04875b00bc9ab509c07bf49156300d7833d2098697fa2d62266b8648a7f767e13e57fbdad47bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator" + } + ], + "components": [ + { + "type": "library", + "name": "jsesc", + "version": "2.5.2", + "bom-ref": "@babel/generator@7.24.4|jsesc@2.5.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator/node_modules/jsesc" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-typescript", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-typescript@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of TypeScript syntax", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.24.1#packages/babel-plugin-syntax-typescript", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-typescript", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6219e6bf2e476449c752dcba8befa071f1f5fe5ebc0079c8b451e7682bfa867f5d361d2142fbd026cc698b804c0453790cb78706eb9c4ffd038335e27ff3b247" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-typescript" + } + ] + }, + { + "type": "library", + "name": "traverse", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/traverse@7.24.1", + "author": "The Babel Team", + "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/traverse@7.24.1#packages/babel-traverse", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20traverse%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6e53aa3d9baf0a7aa65b42e0edd9370a4b1530fe6aecbdabe512a43595e67f07e0bdb64e84e2c456cbded669782fab913e9d4ddc5ccc6fdd628e09a9d530299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse" + } + ], + "components": [ + { + "type": "library", + "name": "globals", + "version": "11.12.0", + "bom-ref": "@babel/traverse@7.24.1|globals@11.12.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@11.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse/node_modules/globals" + } + ] + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/types@7.24.0", + "author": "The Babel Team", + "description": "Babel Types is a Lodash-esque utility library for AST nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/types@7.24.0#packages/babel-types", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20types%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa3edae5cdb9dd17ca87c880041872c1cf0d49f3f92d445eed4878aa9b21ea373e68b260baf98850176349d10c42fd9b10dac247931f45d8c6a3bbf34bfa1bef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/types" + } + ] + }, + { + "type": "library", + "name": "babel__traverse", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__traverse@7.20.5", + "description": "TypeScript definitions for @babel/traverse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__traverse@7.20.5#types/babel__traverse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5970b239c46d1f7ec70149295e151db9ac5d9bcd9be064a5c93a9a8d7be237811f8ae3e0358475d3dc4c08abe997accf229b9ad031a53040c2abe83c11da2179" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__traverse" + } + ] + }, + { + "type": "library", + "name": "prettier", + "group": "@types", + "version": "2.7.3", + "bom-ref": "@types/prettier@2.7.3", + "description": "TypeScript definitions for prettier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prettier@2.7.3#types/prettier", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prettier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prettier", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbaf243fdcb3b382cca7b54d87c81dccc48f6452f8e0c2c6aa21d6bedb5825efbaaa7b95af8124f70481428bdea98febf8bc2309c536f643559227708a6fa460" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prettier" + } + ] + }, + { + "type": "library", + "name": "babel-preset-current-node-syntax", + "version": "1.0.1", + "bom-ref": "babel-preset-current-node-syntax@1.0.1", + "author": "Nicolò Ribaudo", + "description": "A Babel preset that enables parsing of proposals supported by the current Node.js version.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-current-node-syntax@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "33b2d0d1bc5aae4c50a0dfafcf96893ec2c19fbee7f10813166a3c58ad3fe386ae2b6c65097ad8714c47171814eea5b9633c3f0a398b44adae27368277b2efa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-current-node-syntax" + } + ] + }, + { + "type": "library", + "name": "natural-compare", + "version": "1.4.0", + "bom-ref": "natural-compare@1.4.0", + "author": "Lauri Rooden", + "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-compare@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/litejs/natural-compare-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "396343f1e8b756d342f61ed5eb4a9f7f7495a1b1ebf7de824f0831b9b832418129836f7487d2746eec8408d3497b19059b9b0e6a38791b5d7a45803573c64c4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-compare" + } + ] + }, + { + "type": "library", + "name": "leven", + "version": "3.1.0", + "bom-ref": "leven@3.1.0", + "author": "Sindre Sorhus", + "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/leven@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/leven.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/leven#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/leven/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/leven" + } + ] + }, + { + "type": "library", + "name": "react-is", + "version": "18.2.0", + "bom-ref": "react-is@18.2.0", + "description": "Brand checking of React Elements.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/react-is@18.2.0#packages/react-is", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/react.git#packages/react-is", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://reactjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/react/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c56183216eb1f76d71b733e486250bb6d8491e826f05b177ab6e9fce5a0f08ad21b2fc6d3d57a5bdfb70df38db1d64a4476926f59fb8bb16c30caffa670f41f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/react-is" + } + ] + }, + { + "type": "library", + "name": "rimraf", + "version": "3.0.2", + "bom-ref": "rimraf@3.0.2", + "author": "Isaac Z. Schlueter", + "description": "A deep deletion module for node (like `rm -rf`)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/rimraf@3.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/rimraf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/rimraf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/rimraf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "25990931990018514f3f662a5d95cf6cc94c060b31cc4f082ece253085ffda8d0bf54070f4efd8de8eb0170fe2f582daa5c5095b0a9b8b791dc483dd0bad9320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rimraf" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "group": "@types", + "version": "3.0.4", + "bom-ref": "@types/istanbul-reports@3.0.4", + "description": "TypeScript definitions for istanbul-reports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-reports@3.0.4#types/istanbul-reports", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-reports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a64d81d4d59a945f6da0246eea08c1cd1ebdb321633f839df164405fed2699ff6502309189c2ce59cf99af1647c7fd17463a2d82417db7a89a309f9a5dc39d65" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "yargs", + "group": "@types", + "version": "17.0.32", + "bom-ref": "@types/yargs@17.0.32", + "description": "TypeScript definitions for yargs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs@17.0.32#types/yargs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c50ebb61cfe568e1b9b8c7d7ff4f77311946182201cd931aad56be81f34a271580220ca462954690175ba84cc60c37c2ad5523e8789f7f8993679040e93980a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs" + } + ] + }, + { + "type": "library", + "name": "import-local", + "version": "3.1.0", + "bom-ref": "import-local@3.1.0", + "author": "Sindre Sorhus", + "description": "Let a globally installed package use a locally installed version of itself if available", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-local@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-local.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-local#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-local/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012074eee2ed9c3b35a3a1078caa57df804a6034aa9c57ab7d33892f61ef32a17bd0b9f1a639330c1f09e38a13f69bb800c3e44307fc8e5eacce0bcd776b5122" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-local" + } + ] + }, + { + "type": "library", + "name": "prompts", + "version": "2.4.2", + "bom-ref": "prompts@2.4.2", + "author": "Terkel Gjervig", + "description": "Lightweight, beautiful and user-friendly prompts", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompts@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/prompts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/prompts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/prompts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37136ffe42e0b8203ba778c4f282f668406cac95a001a901a609a02ba9693d657e5ae3a663aaf6ff36c05673fe4fc6d0940d27cc75d2252256d07abbca5683d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompts" + } + ] + }, + { + "type": "library", + "name": "kleur", + "version": "3.0.3", + "bom-ref": "kleur@3.0.3", + "author": "Luke Edwards", + "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kleur@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/kleur.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/kleur#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/kleur/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kleur" + } + ] + }, + { + "type": "library", + "name": "sisteransi", + "version": "1.0.5", + "bom-ref": "sisteransi@1.0.5", + "author": "Terkel Gjervig", + "description": "ANSI escape codes for some terminal swag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sisteransi@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/sisteransi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/sisteransi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/sisteransi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sisteransi" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "17.7.2", + "bom-ref": "yargs@17.7.2", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@17.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd4b3cd143ef822a7348fe4aca9d8455ec928a3d45cc121eb5b286872a0f66ad6121cc55a1167c4fc4697eebd703d4ebbadc2d773543c29e621caefa82b8ceb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs" + } + ], + "components": [ + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "yargs@17.7.2|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs/node_modules/yargs-parser" + } + ] + } + ] + }, + { + "type": "library", + "name": "json-diff", + "version": "0.9.1", + "bom-ref": "json-diff@0.9.1", + "author": "Andrey Tarantsov", + "description": "JSON diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-diff@0.9.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/andreyvit/json-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/json-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-diff/-/json-diff-0.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67778c83a91b55306bde0fc8a6617acf6f322f6b2a8b89242252560d04add1ab905b6cb4405bb746648a8b3be3f3cd04fc453235a9ef598de88bf4f967b640d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-diff" + } + ] + }, + { + "type": "library", + "name": "cli-color", + "version": "2.0.4", + "bom-ref": "cli-color@2.0.4", + "author": "Mariusz Nowak", + "description": "Colors, formatting and other tools for the console", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-color@2.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/cli-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/cli-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/cli-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-color/-/cli-color-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce59e98348cd7226cdaceec61bd21e1c7ee669615e0b3f896b5c31ffbb59354e4049249267efea65c88cd3f2c7098c5276abf9876b1d6d0fcf5d874eb9eb57bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-color" + } + ] + }, + { + "type": "library", + "name": "d", + "version": "1.0.2", + "bom-ref": "d@1.0.2", + "author": "Mariusz Nowak", + "description": "Property descriptor factory", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/d@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/d.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/d#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/d/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/d/-/d-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30ea87bcc585f7ff4c5fa9f36b42a0bc51f81e9314d04179b940d7a97fc1b71b54f0d7c1d10cd1b49f0e7bfe92b92e246e1cb3549c2377dec40383caaf327c6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/d" + } + ] + }, + { + "type": "library", + "name": "es5-ext", + "version": "0.10.64", + "bom-ref": "es5-ext@0.10.64", + "author": "Mariusz Nowak", + "description": "ECMAScript extensions and shims", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es5-ext@0.10.64", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.64.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a76b270e188b6977ba75a86cb352dd771a849be4a4b83bd5f1d9c8406d0c5a3c87a5c30d7d728f13efc2734cbe3e1c495f7038c4635e1428f9a1cd01521e9d7a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es5-ext" + } + ] + }, + { + "type": "library", + "name": "type", + "version": "2.7.2", + "bom-ref": "type@2.7.2", + "author": "Mariusz Nowak", + "description": "Runtime validation and processing of JavaScript types", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/type@2.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type/-/type-2.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77396f94d96de805d4ec40527e902c732750ee05c1fa93c6b0f9df26766988d2410e3ec8689cd094165819d122e11f4798f741bf65e6589e9852da136bb9660b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type" + } + ] + }, + { + "type": "library", + "name": "es6-iterator", + "version": "2.0.3", + "bom-ref": "es6-iterator@2.0.3", + "author": "Mariusz Nowak", + "description": "Iterator abstraction based on ES6 specification", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-iterator@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-iterator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf0e12473a1491df9c97e668135e40f68d6841df76d016f488e24c4244219778cd734dd8a958c0846eec71ff42e4a59153f475dceadfe7cf2e082eb9db9a34da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-iterator" + } + ] + }, + { + "type": "library", + "name": "es6-symbol", + "version": "3.1.4", + "bom-ref": "es6-symbol@3.1.4", + "author": "Mariusz Nowak", + "description": "ECMAScript 6 Symbol polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-symbol@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es6-symbol.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d6c51635fcb458804e0b64275ce0db9f8abe2217a6046f4474bcb1abb719f855cd385142b39e92c3de4f40565b630d66cd4e1162750cf5ce40c9f428a464be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-symbol" + } + ] + }, + { + "type": "library", + "name": "ext", + "version": "1.7.0", + "bom-ref": "ext@1.7.0", + "author": "Mariusz Nowak", + "description": "JavaScript utilities with respect to emerging standard", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ext@1.7.0#ext", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git#ext", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/tree/ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ea1c5e25868bd75d1af5be531094a3d20a23c87400980d9c8793acfb2482880d5019d4baf7b5d6635a73b2b4a3a80f4b0c4120741fcaca9225479f5170bb8763" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ext" + } + ] + }, + { + "type": "library", + "name": "esniff", + "version": "2.0.1", + "bom-ref": "esniff@2.0.1", + "author": "Mariusz Nowak", + "description": "Low footprint ECMAScript source code parser", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/esniff@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/esniff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/esniff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/esniff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esniff/-/esniff-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91350818a43f9833c5a09d2855f726c899f88810d1a6d8cd548cf020547bb6a59775523dc5f03644cc18fe06d2a491b79647563448cb6a9fcda951d9889b1d7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esniff" + } + ] + }, + { + "type": "library", + "name": "event-emitter", + "version": "0.3.5", + "bom-ref": "event-emitter@0.3.5", + "author": "Mariusz Nowak", + "description": "Environment agnostic event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/event-emitter@0.3.5", + "externalReferences": [ + { + "url": "git://github.com/medikoo/event-emitter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/event-emitter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/event-emitter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fdad19fdcbb90b3e727e84cabb4bf9e1be82b0c2f5496a1062d813e6c776ef6ec11d2b75bd8a2f1c0521a33feef6fcb9cce27e9fa37f9d9025f915e4d0aee5c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/event-emitter" + } + ] + }, + { + "type": "library", + "name": "next-tick", + "version": "1.1.0", + "bom-ref": "next-tick@1.1.0", + "author": "Mariusz Nowak", + "description": "Environment agnostic nextTick polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/next-tick@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/next-tick.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/next-tick#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/next-tick/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977548897a66ec363b93a10bf16b23d917d56a86dee17b0b2fcb6b0e59a7cbbe2d9ac1f963f66382e9b1c8839d28ad7f0826f58a63dc1843fcc1da4a203ec95" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/next-tick" + } + ] + }, + { + "type": "library", + "name": "memoizee", + "version": "0.4.15", + "bom-ref": "memoizee@0.4.15", + "author": "Mariusz Nowak", + "description": "Memoize/cache function results", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/memoizee@0.4.15", + "externalReferences": [ + { + "url": "git://github.com/medikoo/memoizee.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/memoizee#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/memoizee/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5015a62692d97794933e6ecf31494ec3f4d2cbdef633ecfc81cc90e6f78e9d20d1444cffd1b9a9c937cab77ff9d4384406a099427d6e74cff97e57123d886475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/memoizee" + } + ] + }, + { + "type": "library", + "name": "es6-weak-map", + "version": "2.0.3", + "bom-ref": "es6-weak-map@2.0.3", + "author": "Mariusz Nowak", + "description": "ECMAScript6 WeakMap polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-weak-map@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-weak-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79ba6df61ce4ced643fec3b3d19c1fb9950e3767a9aeb8cb8831f7ef0cdf1907819c9e32c157acc64ada5b01220c9380c202f11a6a685edb387209bfd05d7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-weak-map" + } + ] + }, + { + "type": "library", + "name": "is-promise", + "version": "2.2.2", + "bom-ref": "is-promise@2.2.2", + "author": "ForbesLindesay", + "description": "Test whether an object looks like a promises-a+ promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-promise@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/then/is-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/then/is-promise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/then/is-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa53f8ffa94a5017d08d9da97714e166f2d401a7e665bf0e03115bf175ed890992df920d82bf3985d386a04b35db87b3d450a7649b7a8dabbf4fe6a5879f1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-promise" + } + ] + }, + { + "type": "library", + "name": "lru-queue", + "version": "0.1.0", + "bom-ref": "lru-queue@0.1.0", + "author": "Mariusz Nowak", + "description": "LRU Queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lru-queue@0.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/lru-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/lru-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/lru-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06975892df44bc697c39f5870d03c8495a5c979c59b616fe5cfb1b10b8f90105f1202f08ae20d92106230493c49b9ad2e36d2c8d9d132c4cd172ae4a741858ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-queue" + } + ] + }, + { + "type": "library", + "name": "timers-ext", + "version": "0.1.7", + "bom-ref": "timers-ext@0.1.7", + "author": "Mariusz Nowak", + "description": "Timers extensions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/timers-ext@0.1.7", + "externalReferences": [ + { + "url": "git://github.com/medikoo/timers-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/timers-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/timers-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fce4d50dcd349da1d4a14c86e4cba645d367bc493b5555f0fe7eee1a5d74a11042e9a331fe6c2a492d830f65bb0004ddb00c7edf269a88a17c49a736dfd0da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/timers-ext" + } + ] + }, + { + "type": "library", + "name": "difflib", + "version": "0.2.4", + "bom-ref": "difflib@0.2.4", + "author": "Xueqiao Xu", + "description": "text diff library ported from Python's difflib module", + "licenses": [ + { + "license": { + "name": "PSF", + "url": "http://docs.python.org/license.html" + } + } + ], + "purl": "pkg:npm/difflib@0.2.4", + "externalReferences": [ + { + "url": "git://github.com/qiao/difflib.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/difflib.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/difflib.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/difflib/-/difflib-0.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5857098c6f4c101d036be49f66e814a3e9f938a5f1884c640e3acf83f4597e20d38358539fbe1214d6136fe86811d510680bff4d25cc2eefbcd2871574913ef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/difflib" + } + ] + }, + { + "type": "library", + "name": "heap", + "version": "0.2.7", + "bom-ref": "heap@0.2.7", + "author": "Xueqiao Xu", + "description": "binary heap (priority queue) algorithms (ported from Python's heapq module)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/heap@0.2.7", + "externalReferences": [ + { + "url": "git://github.com/qiao/heap.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/heap.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/heap.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9bb1e8189241cefa1ffd3066e7e8a59c138e5c1d980f00da392d717b12f59d4f4c93d8482e4953b59c3814e5cf3e64e3f0a76bcc35aed816c26155c0d1f5276" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/heap" + } + ] + }, + { + "type": "library", + "name": "dreamopt", + "version": "0.8.0", + "bom-ref": "dreamopt@0.8.0", + "author": "Andrey Tarantsov", + "description": "Command-line parser with readable syntax from your sweetest dreams", + "purl": "pkg:npm/dreamopt@0.8.0", + "externalReferences": [ + { + "url": "git://github.com/andreyvit/dreamopt.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dreamopt/-/dreamopt-0.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf2253a7cfa60be1bee5d7e0b18fabddc931973f90317e345633d0b19739831540c4b9a2eb84c1a1590fe7803fa51017317b1bbb618c301ad93f136fdb7c1a32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dreamopt" + } + ] + }, + { + "type": "library", + "name": "wordwrap", + "version": "1.0.0", + "bom-ref": "wordwrap@1.0.0", + "author": "James Halliday", + "description": "Wrap those words. Show them at what columns to start and stop.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wordwrap@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/substack/node-wordwrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-wordwrap#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-wordwrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "82f57324594fc9c29ce5d64de323e43fcc3b0dcdfb06d3f5c9ccc49de39be2eab7e295d972faed45399657c5be5267be5c2c4a81b8ccfa77af93214f3326dde1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wordwrap" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "version": "3.2.10", + "bom-ref": "jstoxml@3.2.10", + "author": "David Calhoun", + "description": "Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jstoxml@3.2.10", + "externalReferences": [ + { + "url": "git://github.com/davidcalhoun/jstoxml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/davidcalhoun/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davidcalhoun/jstoxml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jstoxml/-/jstoxml-3.2.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "735bf6085c4aae120f5abf9c3ab04e2569029646b945f5161b5d98d60ab2143e1dcca4e5c646ab9e2925c0e4ffeb047565f97ec76655223448411f431621b5ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jstoxml" + } + ] + }, + { + "type": "library", + "name": "pretty", + "version": "2.0.0", + "bom-ref": "pretty@2.0.0", + "author": "Jon Schlinkert", + "description": "Some tweaks for beautifying HTML with js-beautify according to my preferences.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/pretty.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bdc54721813122369a2b99d60197e3e16b9d20394a2f4f5f08bc07bb118319d7f7fd5bf59630f467fb123af325cd3149374171c3c28ff5c15ff835e8d535ed7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty" + } + ] + }, + { + "type": "library", + "name": "condense-newlines", + "version": "0.2.1", + "bom-ref": "condense-newlines@0.2.1", + "author": "Jon Schlinkert", + "description": "Replace extraneous newlines with a single newline, or pass a specified number of newlines to use.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/condense-newlines@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/condense-newlines.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fb5fe40bf476fd07f73c1c8e411452a68e006ed97a50b85f7c599f5790ef9d046824e57830890cfba354a6a6094d588777e7cd54712d1214059fa0884c1cf7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/condense-newlines" + } + ] + }, + { + "type": "library", + "name": "extend-shallow", + "version": "2.0.1", + "bom-ref": "extend-shallow@2.0.1", + "author": "Jon Schlinkert", + "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extend-shallow@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/extend-shallow.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc29d3b65c4da0088373782a636698016171ed759689ab2e1762bc31ee566cdf28b4729350a0708cfb4da51b3fadb5199bb2b158068d8fb3f56bfa79d866d5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/extend-shallow" + } + ] + }, + { + "type": "library", + "name": "is-whitespace", + "version": "0.3.0", + "bom-ref": "is-whitespace@0.3.0", + "author": "Jon Schlinkert", + "description": "Returns true if the value passed is all whitespace.", + "purl": "pkg:npm/is-whitespace@0.3.0", + "externalReferences": [ + { + "url": "git://github.com/jonschlinkert/is-whitespace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47274f865e12e89c00ca3d09263b215891051ba84dc9ede964505165a4d47d9170187c73a6935a34e56042e4bf13f4a586b029b8c5eba672b51042177dda370e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-whitespace" + } + ] + }, + { + "type": "library", + "name": "kind-of", + "version": "3.2.2", + "bom-ref": "kind-of@3.2.2", + "author": "Jon Schlinkert", + "description": "Get the native type of a value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@3.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/kind-of.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e5bd4105cca191a0fe8aa754da0d4d320510889dd7adbb5827df50124474cc58029abb98d13b0a9cee7083dcf99420db93e17a3ec8252997de13bea1b94eb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kind-of" + } + ] + }, + { + "type": "library", + "name": "is-buffer", + "version": "1.1.6", + "bom-ref": "is-buffer@1.1.6", + "author": "Feross Aboukhadijeh", + "description": "Determine if an object is a Buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-buffer@1.1.6", + "externalReferences": [ + { + "url": "git://github.com/feross/is-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/is-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/is-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-buffer" + } + ] + }, + { + "type": "library", + "name": "is-extendable", + "version": "0.1.1", + "bom-ref": "is-extendable@0.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extendable@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extendable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e413142cda1bd6f8055fa123430e62cd60f1ade7162bd00cef6aee80daf44c595d30e8b47e3e8993ecde288b74c468f87047d0209b61e30dce296389e1ff8017" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extendable" + } + ] + }, + { + "type": "library", + "name": "js-beautify", + "version": "1.15.1", + "bom-ref": "js-beautify@1.15.1", + "author": "Einar Lielmanis", + "description": "beautifier.io for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-beautify@1.15.1", + "externalReferences": [ + { + "url": "git://github.com/beautifier/js-beautify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://beautifier.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beautifier/js-beautify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1128cdcd296dfec584f2c722647f24045f013e5c173f0851ea958a030f1bc380708fe899727296e8e35652eb49ede39bb81650a6221bf12ece62ca56acab7bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify" + } + ], + "components": [ + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "js-beautify@1.15.1|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "js-beautify@1.15.1|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/minipass" + } + ] + } + ] + }, + { + "type": "library", + "name": "config-chain", + "version": "1.1.13", + "bom-ref": "config-chain@1.1.13", + "author": "Dominic Tarr", + "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", + "purl": "pkg:npm/config-chain@1.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/config-chain.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/dominictarr/config-chain", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/config-chain/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa3f9ff003c04571eb33486b6aa5d86f6fdb395495e0fbc9425359fc3563d10ae634cdaad9eba2ce47ae55c910e7b27e5b49911fa1ef8be939d0ce09ba5d9545" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/config-chain" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "1.3.8", + "bom-ref": "ini@1.3.8", + "author": "Isaac Z. Schlueter", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@1.3.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "255ff2ba0576bb35b988c4528990320ed41dfa7c6d5278de2edd1a70d770f7c90a2ebbee455c81f34b6c444384ef2bc65606a5859e913570a61079142812b17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ini" + } + ] + }, + { + "type": "library", + "name": "proto-list", + "version": "1.2.4", + "bom-ref": "proto-list@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "A utility for managing a prototype chain", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proto-list@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/proto-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/proto-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/proto-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bed2bff786a4c6c4cc85ed3f71b7e947eb323eeb3372ec21a958c9ab6e82b8d0e01468faf36a1105738fe4c269bf6afb26d13c32c89ea4622abef3930709f6bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proto-list" + } + ] + }, + { + "type": "library", + "name": "editorconfig", + "version": "1.0.4", + "bom-ref": "editorconfig@1.0.4", + "author": "EditorConfig Team", + "description": "EditorConfig File Locator and Interpreter for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/editorconfig@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/editorconfig/editorconfig-core-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fd41ed3c2964e5a98315bcc71322f300765d5c0d4b9bcd13582fe59f0386cb0cc1dee277a62a4a666339339c4d45c0b2aed04126cbaa1b8102b3309ae0e31f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "9.0.1", + "bom-ref": "editorconfig@1.0.4|minimatch@9.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d235a12690ff31d84f5f03ee8919026df61f48aa76aa79f678e736efda88edffa8b25fe5fa9aca4abbe1835e7bcd262fc7fd679a09f636a753ea4d99ef3487f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig/node_modules/minimatch" + } + ] + } + ] + }, + { + "type": "library", + "name": "wasm", + "group": "@one-ini", + "version": "0.1.1", + "bom-ref": "@one-ini/wasm@0.1.1", + "description": "Parse EditorConfig-INI file contents into AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40one-ini/wasm@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/one-ini/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/one-ini/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/one-ini/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eec921b5137f1849c489a0c96aa2f2ebbb829350d4a38154c88f287ba8c5fa68d3791d8e42b792e14497713bbf49b53cca7f357f6e75a9cfeceab98ac84acbf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@one-ini/wasm" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "10.0.1", + "bom-ref": "commander@10.0.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@10.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb8320dad5ec8699446d21b3c7b6a6ccfc0a28e086ba84913ff0a311dc3093414e1a551baba94aba8c83653359926c47749b69e7885d7d8fc952b74bed77ddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7008bd0f1e33e902e9a50bc7ac2e422c15b27cec8bd7775b1cd5dc5a564c6035f45eb6d64c1d6ec01c14a5e02941d95accbe998ea22f5b074f1584142cad0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "js-cookie", + "version": "3.0.5", + "bom-ref": "js-cookie@3.0.5", + "author": "Klaus Hartl", + "description": "A simple, lightweight JavaScript API for handling cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-cookie@3.0.5", + "externalReferences": [ + { + "url": "git://github.com/js-cookie/js-cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70488910012821b59f09960a5a157016ebcf5f58044d160fc3a2e56932a8c43decd80917ce40a39e9ea1d15efba33caa8f48da92d789e18a83253f37d3e9551b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-cookie" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.0", + "bom-ref": "nopt@7.2.0", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0950edc02761608be703316827a349e9d5f7a206bdfc7c9c8900e71b5bd00e348b31e28b27803ddd9a98283ae0612af5141639fe13180bed950a2db8a60a6418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nopt" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ebf9a1d44daed98804b021dd634631e685beeb581953ed6f5daa221c7ae929eb9134d805bd2fbf8ebc07890841e5aa407f9a01ed407b135f689764762ca1fc85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/abbrev" + } + ] + }, + { + "type": "library", + "name": "babel__core", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__core@7.20.5", + "description": "TypeScript definitions for @babel/core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__core@7.20.5#types/babel__core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa8429ad9bf3e70405270303a9eb1e4575afdeba8cbe18296d715f5725a16f1f57e3b3ce200ea2ffe75779f12664aa0080e69375a22035232a30853ad72472cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__core" + } + ] + }, + { + "type": "library", + "name": "template", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/template@7.24.0", + "author": "The Babel Team", + "description": "Generate an AST from a string template.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/template@7.24.0#packages/babel-template", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20template%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0647f6abc94c074005a57d0d144a926f1d4e9131dfd1ffb48fcda6930f99a73067924edef50974f3dd6f95f822fa41f03a4f2d4238901e9aa1e0b6926b47ca10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/template" + } + ] + }, + { + "type": "library", + "name": "bs-logger", + "version": "0.2.6", + "bom-ref": "bs-logger@0.2.6", + "author": "Huafu Gandon", + "description": "Bare simple logger for NodeJS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bs-logger@0.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/huafu/bs-logger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/huafu/bs-logger#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/huafu/bs-logger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5df030a8c666e073b8723ca3afc6da8d7236283ac0013d075c0948c6a77778d95476097d4e46193603cee8aaabb9475924fbbea7b3166ea649b277e315b42a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bs-logger" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "2.2.3", + "bom-ref": "json5@2.2.3", + "author": "Aseem Kishore", + "description": "JSON for Humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@2.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e63967bb7b21d81f5e1c2dd54fa3283e18e1f7ad85fef8aa73af2949c125bdf2ddcd93e53c5ce97c15628e830b7375bf255c67facd8c035337873167f16acca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json5" + } + ] + }, + { + "type": "library", + "name": "lodash.memoize", + "version": "4.1.2", + "bom-ref": "lodash.memoize@4.1.2", + "author": "John-David Dalton", + "description": "The lodash method `_.memoize` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.memoize@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b8fe3739a09d0cd30185dcb0760b8229a5b4e5753171ed94e59fe868cbf4a8fc18ae45227c39268b71bdb3acf88bd5d7f0f3a34e3f7c219f2d5b3b6976f802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.memoize" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "3.26.9", + "bom-ref": "@oclif/core@3.26.9", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@3.26.9", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-3.26.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81e58c5deb60ec1eaa822bfeb42fc2221a94d1214e09f9fcc2a9f6cf462218139f9a81f37ade4a6968cf936eac8c05db27b7f3d03a7603f0186cd6ab94afa7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/core@3.26.9|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/core@3.26.9|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@oclif/core@3.26.9|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@oclif/core@3.26.9|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/sprintf-js" + } + ] + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "group": "@types", + "version": "3.11.5", + "bom-ref": "@types/cli-progress@3.11.5", + "description": "TypeScript definitions for cli-progress", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/cli-progress@3.11.5#types/cli-progress", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/cli-progress", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f83db3516ef88aca9a52e62bc11b214edbd3ce97248b980d87c94144e29e5019acc030cdc2c2429672f4e5f20bc4952bb1461e853ca2fc5e689d5fcef7a2ee2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/cli-progress" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.21.3", + "bom-ref": "type-fest@0.21.3", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.21.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b74af306af3b9b77d571db870d41612a6cb25fef5ea3a5908d9bdfe7511afccd10efe4f7ef8269d5a522c9497418ac69f0cfce113547483be69323e0bd7f97db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-fest" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "cardinal", + "version": "2.1.1", + "bom-ref": "cardinal@2.1.1", + "author": "Thorsten Lorenz", + "description": "Syntax highlights JavaScript code with ANSI colors to be printed to the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cardinal@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/cardinal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/cardinal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/cardinal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "252af978e8281329ad607063356ca3acca9eb7d026da68898657ca35da8ba7ace878087428de5d44073195e723e66009ae64289a088e063df9c472eb163a81a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cardinal" + } + ] + }, + { + "type": "library", + "name": "ansicolors", + "version": "0.3.2", + "bom-ref": "ansicolors@0.3.2", + "author": "Thorsten Lorenz", + "description": "Functions that surround a string with ansicolor codes so it prints in color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansicolors@0.3.2", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/ansicolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "417bbb04facfdbd565951c47f06c01ef1e625f9a9628000c2ea2901964de2d656534734ea55309f7576cc50008597a63b96e70aafc6edc977f9d18eb27ed29aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansicolors" + } + ] + }, + { + "type": "library", + "name": "redeyed", + "version": "2.1.1", + "bom-ref": "redeyed@2.1.1", + "author": "Thorsten Lorenz", + "description": "Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/redeyed@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/redeyed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/redeyed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/redeyed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14da461a8d43c9c600767aca17108c98a620a3f9882c0aad4586e47500fc129fc79363d0e7e684004c7e214ef5dd14c39ae05a1f473c3f9668ceeacdbb939b45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/redeyed" + } + ] + }, + { + "type": "library", + "name": "esprima", + "version": "4.0.1", + "bom-ref": "esprima@4.0.1", + "author": "Ariya Hidayat", + "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esprima@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jquery/esprima.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://esprima.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jquery/esprima/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esprima" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "4.0.0", + "bom-ref": "has-flag@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "3.0.1", + "bom-ref": "clean-stack@3.0.1", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "951f70362311715423481ddaef15c62eecf872be3026eb9795a0046d1bad1a8c104e6969ed1ef6fc33a0376d5ef237706e531697d50e24c2576ab5fde29cca76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-stack" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "4.0.0", + "bom-ref": "escape-string-regexp@4.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4eda5c349dd7033c771aaf2c591cc96956a346cd2e57103660091d6f58e6d9890fcf81ba7a05050320379f9bed10865e7cf93959ae145db2ae4b97ca90959d80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "version": "3.12.0", + "bom-ref": "cli-progress@3.12.0", + "author": "Andi Dittrich", + "description": "easy to use progress-bar for command-line/terminal applications", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-progress@3.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/npkgz/cli-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npkgz/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npkgz/cli-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b51915dc7275012c26d7d4c78a22c85cb3bb226ef0953b8a9ef918693932a003de7ea8cd83b5bb0c7294946471cbdbf10ef6f2098424428cefa6db8c9060a0f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-progress" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "4.2.3", + "bom-ref": "color@4.2.3", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6b5deb94522186af2921f8278176ee487bb389c229c28106346dcec6091c72e71547cbe9a86aa9292ff8ea42ad0cb5039e61caea133e1a6dce5fd0ab54ed6e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-string", + "version": "1.9.1", + "bom-ref": "color-string@1.9.1", + "author": "Heather Arthur", + "description": "Parser and generator for CSS color strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-string@1.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21ad56b0405a239d9bfac4ce346a7c780a4a033fe7d9b30fd97ab10cb16fe9cb3b116c4969b0bfc30555bbab7131c70bac74d5c8de55e9ba1119933b3ca7912" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-string" + } + ] + }, + { + "type": "library", + "name": "simple-swizzle", + "version": "0.2.2", + "bom-ref": "simple-swizzle@0.2.2", + "author": "Qix", + "description": "Simply swizzle your arguments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/simple-swizzle@0.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-simple-swizzle.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "240fff910819b5bb98f379bec53fad5c9926267706313153f82fa0da1d91f6ec64608ac4db2cbdb2099c2e10a7c39eff5920fe121dc9f7b14f1031676d79c352" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle" + } + ], + "components": [ + { + "type": "library", + "name": "is-arrayish", + "version": "0.3.2", + "bom-ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "79546a0af56565bbb0dc6acceb7a2f352340780d4ad7a91a47f2d163ff76c34cf1439ff5633c1b9545fae768b85ecf51c001a35bd77dcba5fcf2df0e68025f59" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle/node_modules/is-arrayish" + } + ] + } + ] + }, + { + "type": "library", + "name": "ejs", + "version": "3.1.10", + "bom-ref": "ejs@3.1.10", + "author": "Matthew Eernisse", + "description": "Embedded JavaScript templates", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ejs@3.1.10", + "externalReferences": [ + { + "url": "git://github.com/mde/ejs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/ejs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/ejs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51e26615f3ab0104bc38958f678aad807c961316b4f3cfccb4ae54132a091851faedc0c45e4652be23a2291099e178a3d33c48dc9102818b37a0ac7e022cd004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ejs" + } + ] + }, + { + "type": "library", + "name": "jake", + "version": "10.8.7", + "bom-ref": "jake@10.8.7", + "author": "Matthew Eernisse", + "description": "JavaScript build tool, similar to Make or Rake", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/jake@10.8.7", + "externalReferences": [ + { + "url": "git://github.com/jakejs/jake.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jakejs/jake#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jakejs/jake/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6438b768ff9f1bf2dc87207350cf34e158dd767c1f49fb1d798930b7c35c6ca46fa38ac592386ce39ea22c59f79366545af35ee22e3c5800836f36bc7e1ab6fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "jake@10.8.7|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "jake@10.8.7|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/brace-expansion" + } + ] + } + ] + }, + { + "type": "library", + "name": "async", + "version": "3.2.5", + "bom-ref": "async@3.2.5", + "author": "Caolan McMahon", + "description": "Higher-order functions and common patterns for asynchronous code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async@3.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/caolan/async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://caolan.github.io/async/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caolan/async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da359caa69a2e1c8b54a9bf0e5bdd5b4e7531280ee9bf1e55f21ece5f44e4fa96c458332e6ff0427b445b8ccecad55bbab0c4af426500b12974e170bc4acbb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async" + } + ] + }, + { + "type": "library", + "name": "filelist", + "version": "1.0.4", + "bom-ref": "filelist@1.0.4", + "author": "Matthew Eernisse", + "description": "Lazy-evaluating list of files, based on globs or regex patterns", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/filelist@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/mde/filelist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/filelist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/filelist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c35704b9fdd2f83acb0902fb113ea4cfe82694975babd27bc970928cafce6423c0faa10dd56c85e1901fd186096b8fec84726b6b6b7f77fafc495e098bec7ef1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "5.1.6", + "bom-ref": "filelist@1.0.4|minimatch@5.1.6", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.1.6", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94ac15ff56eba46ea6054147b5becd526b400426f65996669b6c0d88e0398406fc55d092e01dddb4c5b2bdca1589c730016fc23844635cbb74ccfd735d4376ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist/node_modules/minimatch" + } + ] + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/balanced-match" + } + ] + }, + { + "type": "library", + "name": "concat-map", + "version": "0.0.1", + "bom-ref": "concat-map@0.0.1", + "author": "James Halliday", + "description": "concatenative mapdashery", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "externalReferences": [ + { + "url": "git://github.com/substack/node-concat-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-concat-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-concat-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/concat-map" + } + ] + }, + { + "type": "library", + "name": "get-package-type", + "version": "0.1.0", + "bom-ref": "get-package-type@0.1.0", + "author": "Corey Farrell", + "description": "Determine the `package.json#type` which applies to a location", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-package-type@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/cfware/get-package-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cfware/get-package-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cfware/get-package-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cee2ad63ae0661f5a2ccd009d1fafd56ab6d6643622b6892e37d0bb481f38c112be9b5fc026db39b8b16e11a39c23596e5c02544bd6a00c4dc5db8cd00ed9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-package-type" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "11.1.0", + "bom-ref": "globby@11.1.0", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e121768ecf2d6c6fc232a1c6abb964a7d538e69c156cf00ca1732f37ae6c4d27cab6b96282023dc29c963e2a91925c2b9e00f7348b4e6456f54ab4fd6df52de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globby" + } + ] + }, + { + "type": "library", + "name": "array-union", + "version": "2.1.0", + "bom-ref": "array-union@2.1.0", + "author": "Sindre Sorhus", + "description": "Create an array of unique values, in order, from the input arrays", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-union@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/array-union.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/array-union#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/array-union/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1c6cb1a0e4d853208ceacb547ba1098277781287b0008ef331d7ea3be9068e79599810f3fdc479a5ff2bfdc4785aaeb4b0bfe9d0891c8d41043f04b7185ac8cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-union" + } + ] + }, + { + "type": "library", + "name": "dir-glob", + "version": "3.0.1", + "bom-ref": "dir-glob@3.0.1", + "author": "Kevin Mårtensson", + "description": "Convert directories to glob compatible strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dir-glob@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/dir-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/dir-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/dir-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a4ad6a7d191e0a5df28663338b993b86562d545857f0b37efb9fd71ce79fed6fa0eeab217aa5c43901b88712c85a0e963dbfaa1a4abd9708389d1a633077320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dir-glob" + } + ] + }, + { + "type": "library", + "name": "path-type", + "version": "4.0.0", + "bom-ref": "path-type@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-type@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-type" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "5.3.1", + "bom-ref": "ignore@5.3.1", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@5.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45cadcff22b68c8eaa707dddf891edbc3d354c8d98c91b630f9f9b7b384e1e50250d7fc0406bb6f95944bdfd0bebea6c0e412ecc93abddb0c9e8e617be4fc5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ignore" + } + ] + }, + { + "type": "library", + "name": "hyperlinker", + "version": "1.0.0", + "bom-ref": "hyperlinker@1.0.0", + "author": "James Talmage", + "description": "Write hyperlinks in the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hyperlinker@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/hyperlinker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f2f146e545614471f4ae21a6a3337e0b74f5c885bb356a3117fc104fbf6e09f9e9d255a11563adf143a9533bd551612e4b028821206d080c9fa9f883f329441" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hyperlinker" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11d0c366ee00d8ec882bb2ebff6cc6fb0e6399bba4d435419c4c11110bc1ceca412640846d16bc1b153596085871a1890a745689b8c35e5abbefd5f5ff2e71c2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/indent-string" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "2.2.0", + "bom-ref": "is-wsl@2.2.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cacc0adad2b18951407018180d90766e4e865c9fe4ed5c7a5e0a09a430930c631d6c40361a092ca32414826b69c7d431a6eecde7d68067a21a154c168decbc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "2.2.1", + "bom-ref": "is-docker@2.2.1", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17e8b604ab05ac7eba89a505734c280fcb0bcbc81eb64c13c2d3818efb39e82c780a024378a41ea9fcfcc0062249bf093a9ad68471f9a7becf6e6602bef52e5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "natural-orderby", + "version": "2.0.3", + "bom-ref": "natural-orderby@2.0.3", + "author": "Olaf Ennen", + "description": "Lightweight and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-orderby@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/yobacca/natural-orderby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yobacca.github.io/natural-orderby", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yobacca/natural-orderby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7b2931f1534094adc3977bad997eb6f9675de72ef3e149647fb28de416e954414d2c814965d99d0bc29b0b377e7578e383fa1446bbf17583eeb10df3de0fef9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-orderby" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "1.1.33", + "bom-ref": "object-treeify@1.1.33", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@1.1.33", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1055630187f35aa5ac04c4473cc0172c20c8267a4c85d580a91ef11ba33a6b672ce8f305a65ffe676d30f730d6e2f9313857dd75e8012aaf517a17746f1584ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "password-prompt", + "version": "1.1.3", + "bom-ref": "password-prompt@1.1.3", + "author": "Jeff Dickey @jdxcode", + "description": "cross-platform masked or hidden prompt", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/password-prompt@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/password-prompt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e4ae31b668996f174b7604c1f47b62c1fc41dfdcb72addf34ccf2e066077106e502f3a5f904238b52f1ed644132aa552bca7e291edb0a0ee8a80317b5d82acb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/password-prompt" + } + ] + }, + { + "type": "library", + "name": "slice-ansi", + "version": "4.0.0", + "bom-ref": "slice-ansi@4.0.0", + "description": "Slice a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slice-ansi@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/slice-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/slice-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/slice-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8c08c7e1634e347151d3e372bd045ca0a986d43c564a1ce83b2bbde6b5358945bf29c8fddfcdfe08c5de52cdd10943a311520fd606738bc60859b4a2aeac435" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slice-ansi" + } + ] + }, + { + "type": "library", + "name": "astral-regex", + "version": "2.0.0", + "bom-ref": "astral-regex@2.0.0", + "author": "Kevin Mårtensson", + "description": "Regular expression for matching astral symbols", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/astral-regex@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/astral-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/astral-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/astral-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67bb4cc35cad4d7b798ea31c38ff8e42d794d55b8d2bd634daeb89b4a4354afebd8d740a2a0e5c89b2f0189a30f32cd93fe780735f0498b18f6a5d1ba77eabbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/astral-regex" + } + ] + }, + { + "type": "library", + "name": "widest-line", + "version": "3.1.0", + "bom-ref": "widest-line@3.1.0", + "author": "Sindre Sorhus", + "description": "Get the visual width of the widest line in a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/widest-line@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/widest-line.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36c9a85da96c5950cc1aea71679474f246bd7e56638e22ef1d501660e2ad88a33cba3b595abf5c45f7da93eb92138f3e39bf0e6da957a70c9e522c830fa40582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/widest-line" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "plugin-help", + "group": "@oclif", + "version": "6.1.0", + "bom-ref": "@oclif/plugin-help@6.1.0", + "author": "Salesforce", + "description": "Standard help for oclif.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-help@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-help.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-help", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-help/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53e2cd28a69906ba07aa848622961b42691397c696d0d25c3bdb6bd3dd4b24e67be22a840e2ba97c14c232e9255bdb9365d585600a6a4e6b210ee07f238d63c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.13", + "bom-ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.13", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba0f02654089a6181eb5265581de07420c9ec256151861b52c87855c6c63818b2367f7f92379d20a3ef1a403040ea8d50ff970992ba3b55c1aeedbc480b1880b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-9.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54bfa536b128217c30d5ca0b3ce9a21262bfd2c1a2824a3908ec48d3d2b31dcd9525726c437ed4690fbcaaebb18c3780efe2a72c64d647239748b2d1d966f88f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "ansis", + "version": "3.2.0", + "bom-ref": "ansis@3.2.0", + "author": "webdiscus", + "description": "Colorize terminal with ANSI colors & styles", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ansis@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/webdiscus/ansis.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/webdiscus/ansis", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/webdiscus/ansis/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansis/-/ansis-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "624dc19071fd53ba0fc8237780be5373b0a96a11bff9416fffa506d370b7d75572f65cd1980e6ea310d3a54f423b7ac61cbe8acc9cffa5d0de5d9099e4cbbf4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansis" + } + ] + }, + { + "type": "library", + "name": "cli-spinners", + "version": "2.9.2", + "bom-ref": "cli-spinners@2.9.2", + "author": "Sindre Sorhus", + "description": "Spinners for use in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-spinners@2.9.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-spinners.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb0a95fb9326c8be04ef26d780acace03ba065b5f4142e8b9f0ae18eeca42239caf64f0e41a710edac462a78c35d63619ecd31a2dddb648e61e791fcca8f5c26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-spinners" + } + ] + }, + { + "type": "library", + "name": "cosmiconfig", + "version": "9.0.0", + "bom-ref": "cosmiconfig@9.0.0", + "author": "Daniel Fischer", + "description": "Find and load configuration from a package.json property, rc file, TypeScript module, and more!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cosmiconfig@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/cosmiconfig/cosmiconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8adbcbe61f1111300298e4c573851f23207645f1078bbd40c7a13f3e2bd5c6af4db1e29b396a5ec8710e21b980c35aecf0093456eaec40dc30ee57fb62d530ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cosmiconfig" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa1d6590b2a164c4d88e8835544a49346ecd64959cb9cd830e4feab2a49345108e5e22e3790d5dd7fb9dad41a1a8cc5480097028d67471fdaea9a9f918bb92d8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/env-paths" + } + ] + }, + { + "type": "library", + "name": "import-fresh", + "version": "3.3.0", + "bom-ref": "import-fresh@3.3.0", + "author": "Sindre Sorhus", + "description": "Import a module while bypassing the cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-fresh@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bde6188506be0f54012b39ef8541f16fc7dac65af0527c6c78301b029e39ec4d302cd8a8d9b3922a78d80e1323f98880abad71acc1a1424f625d593917381033" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-fresh" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "4.1.0", + "bom-ref": "js-yaml@4.1.0", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c29c59b3d368c596891122462194f20c4698a65d0529203e141f5a262c9e98a84cc24c5083ade1e13d4a2605061e94ea3c33517269982ee82b46326506d5af44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "error-ex", + "version": "1.3.2", + "bom-ref": "error-ex@1.3.2", + "description": "Easy error subclassing and stack customization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-error-ex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/error-ex" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "2.3.1", + "bom-ref": "json-parse-even-better-errors@2.3.1", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c72170ca1ae8fc91287fa1a17b68b3d8d717a23dac96836c5abfd7b044432bfa223c27da36197938d7e9fa341d01945043420958dcc7f7321917b962f75921db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-parse-even-better-errors" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "5.1.6", + "bom-ref": "typescript@5.1.6", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@5.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cda582a33459e832c4580585ad50f3d47e85557cd449f4f2e4550c5ac42553c626e493fd78ee31913211385090be141feb5cfa3bf1baba0c374a0027bef9be1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-plugins", + "group": "@oclif", + "version": "5.2.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2", + "author": "Salesforce", + "description": "plugins plugin for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-plugins@5.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-plugins.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-plugins/-/plugin-plugins-5.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "054027977f9f374f1c7fb2ea9cb851bf991cf8758e2f3dd32eadedf407f6e5af100a9c5804a6339f283152ba08e744ccd34dbe8b49af8e4b518e0d9b1fd791ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "206374200c26843270cb5dd673c93ee0f11b4cf86926732d7d1e7765b3b28e4be611c2d2e270b0a7a9af3168d2e6c5237a25b79a9c7a7079ae84a12ef5799c43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-package-arg" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83cf8e9d4fcbdaffb0ca254af83e5f037e09ec41fc8d9f030e5bf085108cc66323ed4081bf188ed6619e37edfa25720a178cdebd4e2444177c955806f6f2de94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/proc-log" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a69c13b62259ab43bf6a2d33ef27ee76d069588a3133cc84ea71e2d57e3b785476116391a9f6eee829cf94db2378debcdde4f4a86e87fcfc9ff5f09cbe39e79d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path" + } + ], + "components": [ + { + "type": "library", + "name": "path-key", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85a444ca9abbc6433b12b7e0232034cfe063e0018a94c49d9501368ef268ea1b960f511d90a615f86fd3e27ab4604176be04d3f24a8c14aa35b879fde74af849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path/node_modules/path-key" + } + ] + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63ab60e6b1dfb1e7d291f2ae8efd92c07ba522744ecbfac22f9178c3440e5b1badf009f16317f46263614e1f7965fcb1a6cb9da3aeaeaa4bb1d000859f231281" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5698c846f4ec33f16022a12b3a65096049b6fc5971932b2fee1492b4d22471cfc99538998613bf7a9a39eefb1fb10e0cb492a2901414073a5bc538caabec72" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2e907fe7807eff627986a43b8a66477dd537d4e96042ac7b6627159649bd93383dff0f0628b11c15f265fedec30840ee78ec81003eb3082c133ba173b3436811" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "yarn", + "version": "1.22.22", + "bom-ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22", + "description": "📦🐈 Fast, reliable, and secure dependency management.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/yarn@1.22.22", + "externalReferences": [ + { + "url": "git+https://github.com/yarnpkg/yarn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yarnpkg/yarn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yarnpkg/yarn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/yarn" + } + ] + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6e519014293e66f19cefb3bd975b2dc7b6f55b4d6963444eba70feb46f127302a7f60e0202a3b9584d8d881d498b9cda6362fc396ef9a81ef3dcd103b66badb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info" + } + ], + "components": [ + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "hosted-git-info@7.0.2|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f61a77569dbf845414888c0aa3c5c2785567ae0f0f9374d834f211eed2400ca8b961f705eef11a2bb6af1474e54b2de438a61a25069a95f128e98b9775c78139" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info/node_modules/lru-cache" + } + ] + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3a58cbad0f5241d394a93690c6a2f97447d95ab5c4c72c96b28cd89405856b03d536e0fcde2825eee243d914e434c6e7888620b7c97cd5e08918875017b6af2d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-name" + } + ] + }, + { + "type": "library", + "name": "npm", + "version": "10.8.0", + "bom-ref": "npm@10.8.0", + "author": "GitHub Inc.", + "description": "a package manager for JavaScript", + "licenses": [ + { + "license": { + "id": "Artistic-2.0" + } + } + ], + "purl": "pkg:npm/npm@10.8.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://docs.npmjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm/-/npm-10.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c21f77b91733829ec70e73cc88b5dc0a4bf685a81d252d3327d293ff7d5dd05a173f4dbeaa037600ec29696f397f14569229e5dab10b7cfc3e0a30575b8f3f8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm" + } + ], + "components": [ + { + "type": "library", + "name": "string-locale-compare", + "group": "@isaacs", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "author": "Isaac Z. Schlueter", + "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/string-locale-compare@1.1.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/string-locale-compare.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/string-locale-compare.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/string-locale-compare" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arborist", + "group": "@npmcli", + "version": "7.5.2", + "bom-ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "author": "GitHub Inc.", + "description": "Manage node_modules trees", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/arborist@7.5.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/arborist", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/arborist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/arborist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs", + "group": "@npmcli", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "author": "GitHub Inc.", + "description": "filesystem utilities for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/fs@3.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "installed-package-contents", + "group": "@npmcli", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "author": "GitHub Inc.", + "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/installed-package-contents@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/installed-package-contents.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/installed-package-contents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/installed-package-contents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/installed-package-contents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/installed-package-contents" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-bundled", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-bundled@3.0.1", + "author": "GitHub Inc.", + "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-bundled@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-bundled.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-bundled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-bundled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-bundled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-bundled" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-normalize-package-bin", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "author": "GitHub Inc.", + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-normalize-package-bin@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-normalize-package-bin.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-normalize-package-bin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-normalize-package-bin" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "map-workspaces", + "group": "@npmcli", + "version": "3.0.6", + "bom-ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "author": "GitHub Inc.", + "description": "Retrieves a name:pathname Map for a given workspaces config", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/map-workspaces@3.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/map-workspaces.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/map-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/map-workspaces#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/map-workspaces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/map-workspaces" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "metavuln-calculator", + "group": "@npmcli", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "author": "GitHub Inc.", + "description": "Calculate meta-vulnerabilities from package security advisories", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/metavuln-calculator@7.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/metavuln-calculator.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/metavuln-calculator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/metavuln-calculator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacache", + "version": "18.0.3", + "bom-ref": "npm@10.8.0|cacache@18.0.3", + "author": "GitHub Inc.", + "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cacache@18.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cacache.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cacache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cacache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cacache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cacache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "author": "GitHub Inc.", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/json-parse-even-better-errors.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-parse-even-better-errors" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pacote", + "version": "18.0.6", + "bom-ref": "npm@10.8.0|pacote@18.0.6", + "author": "GitHub Inc.", + "description": "JavaScript package downloader", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/pacote@18.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/pacote.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/pacote.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/pacote#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/pacote/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/pacote" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "npm@10.8.0|semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/semver" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "name-from-folder", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "author": "GitHub Inc.", + "description": "Get the package name from a folder path", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/name-from-folder@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/name-from-folder.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/name-from-folder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/name-from-folder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/name-from-folder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/name-from-folder" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "group": "@npmcli", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "author": "GitHub Inc.", + "description": "Tools for dealing with node-gyp packages", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/node-gyp@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-gyp.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "package-json", + "group": "@npmcli", + "version": "5.1.0", + "bom-ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "author": "GitHub Inc.", + "description": "Programmatic API to update package.json", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/package-json@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "query", + "group": "@npmcli", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|@npmcli/query@3.1.0", + "author": "GitHub Inc.", + "description": "npm query parser and tools", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/query@3.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/query.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/query.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/query#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/query/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/query" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16?vcs_url=git%2Bhttps%3A//github.com/postcss/postcss-selector-parser.git", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/postcss-selector-parser" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/cssesc.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cssesc" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2?vcs_url=git%3A//github.com/TooTallNate/util-deprecate.git", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/util-deprecate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "redact", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/redact@2.0.0", + "author": "GitHub Inc.", + "description": "Redact sensitive npm information from output", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/redact@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/redact.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/redact.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/redact#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/redact/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/redact" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "run-script", + "group": "@npmcli", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "author": "GitHub Inc.", + "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/run-script@8.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/run-script.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/run-script.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/run-script#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/run-script/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/run-script" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bin-links", + "version": "4.0.4", + "bom-ref": "npm@10.8.0|bin-links@4.0.4", + "author": "GitHub Inc.", + "description": "JavaScript package binary linker", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/bin-links@4.0.4?vcs_url=git%2Bhttps%3A//github.com/npm/bin-links.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/bin-links.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/bin-links#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/bin-links/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/bin-links" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cmd-shim", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|cmd-shim@6.0.3", + "author": "GitHub Inc.", + "description": "Used in npm for command line application support", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cmd-shim@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-cmd-shim", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|read-cmd-shim@4.0.0", + "author": "GitHub Inc.", + "description": "Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-cmd-shim@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/read-cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|write-file-atomic@5.0.1", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/write-file-atomic.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/write-file-atomic" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "common-ancestor-path", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|common-ancestor-path@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Find the common ancestor of 2 or more paths on Windows or Unix", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/common-ancestor-path@1.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/common-ancestor-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/common-ancestor-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/common-ancestor-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-nice", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|json-stringify-nice@1.1.4", + "author": "Isaac Z. Schlueter", + "description": "Stringify an object sorting scalars before objects, and defaulting to 2-space indent", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-nice@1.1.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/json-stringify-nice.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/json-stringify-nice.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-stringify-nice" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "npm@10.8.0|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2?vcs_url=git%3A//github.com/isaacs/node-lru-cache.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/lru-cache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "npm@10.8.0|minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4?vcs_url=git%3A//github.com/isaacs/minimatch.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.1", + "bom-ref": "npm@10.8.0|nopt@7.2.1", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.1?vcs_url=git%2Bhttps%3A//github.com/npm/nopt.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/nopt" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-install-checks", + "version": "6.3.0", + "bom-ref": "npm@10.8.0|npm-install-checks@6.3.0", + "author": "GitHub Inc.", + "description": "Check the engines and platform fields in package.json", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-install-checks@6.3.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-install-checks.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-install-checks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-install-checks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-install-checks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-install-checks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "npm@10.8.0|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-package-arg.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-package-arg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-pick-manifest", + "version": "9.0.1", + "bom-ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "author": "GitHub Inc.", + "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-pick-manifest@9.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-pick-manifest.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-pick-manifest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-pick-manifest" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-registry-fetch", + "version": "17.0.1", + "bom-ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "author": "GitHub Inc.", + "description": "Fetch-based http client for use with npm registry APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-registry-fetch@17.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-registry-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-registry-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-registry-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parse-conflict-json", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "author": "GitHub Inc.", + "description": "Parse a JSON string that has git merge conflicts, resolving if possible", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/parse-conflict-json@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/parse-conflict-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/parse-conflict-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/parse-conflict-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proggy", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|proggy@2.0.0", + "author": "GitHub Inc.", + "description": "Progress bar updates at a distance", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proggy@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proggy.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proggy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proggy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proggy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proggy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-all-reject-late", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-all-reject-late@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like Promise.all, but save rejections until all promises are resolved", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-all-reject-late@1.0.1", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-all-reject-late" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-call-limit", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|promise-call-limit@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-call-limit@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/promise-call-limit.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/promise-call-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-call-limit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-package-json-fast", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "author": "GitHub Inc.", + "description": "Like read-package-json, but faster", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-package-json-fast@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/read-package-json-fast.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-package-json-fast.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-package-json-fast" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ssri", + "version": "10.0.6", + "bom-ref": "npm@10.8.0|ssri@10.0.6", + "author": "GitHub Inc.", + "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ssri@10.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/ssri.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ssri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ssri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ssri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ssri" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "treeverse", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|treeverse@3.0.0", + "author": "GitHub Inc.", + "description": "Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/treeverse@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/treeverse.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/treeverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/treeverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/treeverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/treeverse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "walk-up-path", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|walk-up-path@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Given a path string, return a generator that walks up the path, emitting each dirname.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/walk-up-path@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/walk-up-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/walk-up-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/walk-up-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config", + "group": "@npmcli", + "version": "8.3.2", + "bom-ref": "npm@10.8.0|@npmcli/config@8.3.2", + "author": "GitHub Inc.", + "description": "Configuration management for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/config@8.3.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/config", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/config" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0?vcs_url=git%2Bhttps%3A//github.com/watson/ci-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "4.1.2", + "bom-ref": "npm@10.8.0|ini@4.1.2", + "author": "GitHub Inc.", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@4.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/ini.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ini" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.15", + "bom-ref": "npm@10.8.0|glob@10.3.15", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.15?vcs_url=git%3A//github.com/isaacs/node-glob.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/glob" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git", + "group": "@npmcli", + "version": "5.0.7", + "bom-ref": "npm@10.8.0|@npmcli/git@5.0.7", + "author": "GitHub Inc.", + "description": "a util for spawning git from npm CLI contexts", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/git@5.0.7?vcs_url=git%2Bhttps%3A//github.com/npm/git.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/git.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/git#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/git/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/git" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-spawn", + "group": "@npmcli", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "author": "GitHub Inc.", + "description": "spawn processes the way the npm cli likes to do", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/promise-spawn@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promise-spawn.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promise-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promise-spawn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promise-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/promise-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-inflight", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-inflight@1.0.1", + "author": "Rebecca Turner", + "description": "One promise for multiple requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-inflight@1.0.1?vcs_url=git%2Bhttps%3A//github.com/iarna/promise-inflight.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/promise-inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/promise-inflight#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/promise-inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-inflight" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-retry", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|promise-retry@2.0.1", + "author": "IndigoUnited", + "description": "Retries a function that returns a promise, leveraging the power of the retry module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/promise-retry@2.0.1?vcs_url=git%3A//github.com/IndigoUnited/node-promise-retry.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/node-promise-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-which.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/normalize-package-data.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "version": "10.1.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0", + "author": "Nathan Rajlich", + "description": "Node.js native addon build tool", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-gyp@10.1.0?vcs_url=git%3A//github.com/nodejs/node-gyp.git", + "externalReferences": [ + { + "url": "git://github.com/nodejs/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "proc-log", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "tuf", + "group": "@sigstore", + "version": "2.3.3", + "bom-ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "author": "bdehamer@github.com", + "description": "Client for the Sigstore TUF repository", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/tuf@2.3.3?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/tuf" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "protobuf-specs", + "group": "@sigstore", + "version": "0.3.2", + "bom-ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/protobuf-specs@0.3.2?vcs_url=git%2Bhttps%3A//github.com/sigstore/protobuf-specs.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/protobuf-specs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/protobuf-specs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tuf-js", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|tuf-js@2.2.1", + "author": "bdehamer@github.com", + "description": "JavaScript implementation of The Update Framework (TUF)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tuf-js@2.2.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tuf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "models", + "group": "@tufjs", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|@tufjs/models@2.0.1", + "author": "bdehamer@github.com", + "description": "TUF metadata models", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/models@2.0.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/models" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "canonical-json", + "group": "@tufjs", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "author": "bdehamer@github.com", + "description": "OLPC JSON canonicalization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/canonical-json@2.0.0?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/canonical-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/canonical-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "npm@10.8.0|debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4?vcs_url=git%3A//github.com/debug-js/debug.git", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2?vcs_url=git%2Bhttps%3A//github.com/zeit/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "make-fetch-happen", + "version": "13.0.1", + "bom-ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "author": "GitHub Inc.", + "description": "Opinionated, caching, retrying fetch client", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-fetch-happen@13.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/make-fetch-happen.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/make-fetch-happen.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/make-fetch-happen" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/abbrev-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/abbrev" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "archy", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|archy@1.0.0", + "author": "James Halliday", + "description": "render nested hierarchies `npm ls` style with unicode pipes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/archy@1.0.0?vcs_url=git%2Bssh%3A//git%40github.com/substack/node-archy.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/substack/node-archy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-archy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-archy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/archy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "3.0.3", + "bom-ref": "npm@10.8.0|fs-minipass@3.0.3", + "author": "GitHub Inc.", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@3.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-collect", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|minipass-collect@2.0.1", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that collects all the data into a single chunk", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-collect@2.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-collect.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-collect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-collect" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|minipass@7.1.1", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-flush", + "version": "1.0.5", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that calls a flush function before emitting 'end'", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-flush@1.0.5?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-flush.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-flush.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|yallist@4.0.0", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@4.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/yallist.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/yallist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-pipeline", + "version": "1.2.4", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "create a pipeline of streams using Minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-pipeline@1.2.4", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "p-map", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|p-map@4.0.0", + "author": "Sindre Sorhus", + "description": "Map over promises concurrently", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-map@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/p-map.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/p-map" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tar", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|tar@6.2.1", + "author": "GitHub Inc.", + "description": "tar for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/tar@6.2.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-tar.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-tar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-tar#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-tar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fs-minipass", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "author": "Isaac Z. Schlueter", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@5.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "unique-filename", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|unique-filename@3.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique filename for use in temporary directories or caches.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-filename@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-filename.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-filename.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/unique-filename", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/unique-filename/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-filename" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "unique-slug", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|unique-slug@4.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique character string suitible for use in files and URLs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-slug@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-slug.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-slug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/unique-slug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/unique-slug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-slug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "npm@10.8.0|imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4?vcs_url=git%2Bhttps%3A//github.com/jensyt/imurmurhash-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/imurmurhash" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "5.3.0", + "bom-ref": "npm@10.8.0|chalk@5.3.0", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@5.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/chalk.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chalk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cli-columns", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|cli-columns@4.0.0", + "author": "Shannon Moeller", + "description": "Columnated lists for the CLI.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-columns@4.0.0?vcs_url=git%2Bhttps%3A//github.com/shannonmoeller/cli-columns.git", + "externalReferences": [ + { + "url": "git+https://github.com/shannonmoeller/cli-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cli-columns" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "npm@10.8.0|string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "npm@10.8.0|emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-fullwidth-code-point" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "npm@10.8.0|fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16?vcs_url=git%2Bhttps%3A//github.com/ka-weihe/fastest-levenshtein.git", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1?vcs_url=git%2Bhttps%3A//github.com/tapjs/foreground-child.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/foreground-child" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3?vcs_url=git%2Bssh%3A//git%40github.com/moxystudio/node-cross-spawn.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2?vcs_url=git%3A//github.com/isaacs/node-which.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-key.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-key" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0?vcs_url=git%2Bhttps%3A//github.com/kevva/shebang-command.git", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-command" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/shebang-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "npm@10.8.0|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0?vcs_url=git%2Bhttps%3A//github.com/tapjs/signal-exit.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "npm@10.8.0|jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/jackspeak.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jackspeak" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2?vcs_url=git%2Bhttps%3A//github.com/yargs/cliui.git", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0?vcs_url=git%3A//github.com/komagata/eastasianwidth.git", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/eastasianwidth" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1?vcs_url=git%2Bhttps%3A//github.com/Qix-/color-convert.git", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-convert" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4?vcs_url=git%2Bssh%3A//git%40github.com/colorjs/color-name.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0?vcs_url=git%2Bssh%3A//git%40github.com/pkgjs/parseargs.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@pkgjs/parseargs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.11.1", + "bom-ref": "npm@10.8.0|path-scurry@1.11.1", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.11.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/path-scurry.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-scurry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "npm@10.8.0|graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/graceful-fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "init-package-json", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|init-package-json@6.0.3", + "author": "GitHub Inc.", + "description": "A node module to get your node module started", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/init-package-json@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/init-package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/init-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/init-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/init-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/init-package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promzard", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|promzard@1.0.2", + "author": "GitHub Inc.", + "description": "prompting wizardly", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promzard@1.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promzard.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promzard.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promzard#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promzard/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promzard" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|read@3.0.1", + "author": "GitHub Inc.", + "description": "read(1) for node programs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/read.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-correct.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "npm@10.8.0|spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "npm@10.8.0|spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-license-ids.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/validate-npm-package-name.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-cidr", + "version": "5.0.5", + "bom-ref": "npm@10.8.0|is-cidr@5.0.5", + "author": "silverwind", + "description": "Check if a string is an IP address in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/is-cidr@5.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/is-cidr.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/is-cidr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/is-cidr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/is-cidr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-cidr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cidr-regex", + "version": "4.0.5", + "bom-ref": "npm@10.8.0|cidr-regex@4.0.5", + "author": "silverwind", + "description": "Regular expression for matching IP addresses in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/cidr-regex@4.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/cidr-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/cidr-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cidr-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-regex", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|ip-regex@5.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching IP addresses (IPv4 & IPv6)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-regex@5.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ip-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ip-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmaccess", + "version": "8.0.6", + "bom-ref": "npm@10.8.0|libnpmaccess@8.0.6", + "author": "GitHub Inc.", + "description": "programmatic library for `npm access` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmaccess@8.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmaccess", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmaccess", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmaccess", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmaccess/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmaccess" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmdiff", + "version": "6.1.2", + "bom-ref": "npm@10.8.0|libnpmdiff@6.1.2", + "author": "GitHub Inc.", + "description": "The registry diff", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmdiff@6.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmdiff", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmdiff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmdiff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/binary-extensions.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/binary-extensions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "npm@10.8.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0?vcs_url=git%3A//github.com/kpdecker/jsdiff.git", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmexec", + "version": "8.1.1", + "bom-ref": "npm@10.8.0|libnpmexec@8.1.1", + "author": "GitHub Inc.", + "description": "npm exec (npx) programmatic API", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmexec@8.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmexec", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmexec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmexec" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmfund", + "version": "5.0.10", + "bom-ref": "npm@10.8.0|libnpmfund@5.0.10", + "author": "GitHub Inc.", + "description": "Programmatic API for npm fund", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmfund@5.0.10?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmfund", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmfund", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmfund" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmhook", + "version": "10.0.5", + "bom-ref": "npm@10.8.0|libnpmhook@10.0.5", + "author": "GitHub Inc.", + "description": "programmatic API for managing npm registry hooks", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmhook@10.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmhook", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmhook", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmhook" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aproba", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|aproba@2.0.0", + "author": "Rebecca Turner", + "description": "A ridiculously light-weight argument validator (now browser friendly)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/aproba@2.0.0?vcs_url=git%2Bhttps%3A//github.com/iarna/aproba.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/aproba.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/aproba", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/aproba/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aproba" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmorg", + "version": "6.0.6", + "bom-ref": "npm@10.8.0|libnpmorg@6.0.6", + "author": "GitHub Inc.", + "description": "Programmatic api for `npm org` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmorg@6.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmorg", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmorg", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmorg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmorg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmorg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpack", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|libnpmpack@7.0.2", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm pack", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpack@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpack", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmpack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpublish", + "version": "9.0.8", + "bom-ref": "npm@10.8.0|libnpmpublish@9.0.8", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm publish and unpublish", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpublish@9.0.8?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpublish", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpublish", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpublish", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpublish" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sigstore", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|sigstore@2.3.0", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/sigstore@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sigstore" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bundle", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore bundle type", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/bundle@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/bundle" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@sigstore", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@sigstore/core@1.1.0", + "author": "bdehamer@github.com", + "description": "Base library for Sigstore", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/core@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/core" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sign", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore signing library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/sign@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/sign" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "verify", + "group": "@sigstore", + "version": "1.2.0", + "bom-ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "author": "bdehamer@github.com", + "description": "Verification of Sigstore signatures", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/verify@1.2.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/verify" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmsearch", + "version": "7.0.5", + "bom-ref": "npm@10.8.0|libnpmsearch@7.0.5", + "author": "GitHub Inc.", + "description": "Programmatic API for searching in npm and compatible registries.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmsearch@7.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmsearch", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmsearch", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmsearch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmsearch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmsearch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmteam", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|libnpmteam@6.0.5", + "author": "GitHub Inc.", + "description": "npm Team management APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmteam@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmteam", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmteam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmteam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmteam" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmversion", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|libnpmversion@6.0.2", + "author": "GitHub Inc.", + "description": "library to do the things that 'npm version' does", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmversion@6.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmversion", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmversion", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmversion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent", + "group": "@npmcli", + "version": "2.2.2", + "bom-ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "author": "GitHub Inc.", + "description": "the http/https agent used by the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/agent@2.2.2?vcs_url=git%2Bhttps%3A//github.com/npm/agent.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent-base", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|agent-base@7.1.1", + "author": "Nathan Rajlich", + "description": "Turn a function into an `http.Agent` instance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/agent-base@7.1.1?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/agent-base" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-proxy-agent", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-proxy-agent@7.0.2?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "https-proxy-agent", + "version": "7.0.4", + "bom-ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/https-proxy-agent@7.0.4?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/https-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks-proxy-agent", + "version": "8.0.3", + "bom-ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "author": "Nathan Rajlich", + "description": "A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks-proxy-agent@8.0.3?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks", + "version": "2.8.3", + "bom-ref": "npm@10.8.0|socks@2.8.3", + "author": "Josh Glazebrook", + "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks@2.8.3?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/socks.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/socks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-address", + "version": "9.0.5", + "bom-ref": "npm@10.8.0|ip-address@9.0.5", + "author": "Beau Gunderson", + "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-address@9.0.5?vcs_url=git%3A//github.com/beaugunderson/ip-address.git", + "externalReferences": [ + { + "url": "git://github.com/beaugunderson/ip-address.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-address" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsbn", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|jsbn@1.1.0", + "author": "Tom Wu", + "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsbn@1.1.0?vcs_url=git%2Bhttps%3A//github.com/andyperlitch/jsbn.git", + "externalReferences": [ + { + "url": "git+https://github.com/andyperlitch/jsbn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsbn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.1.3", + "bom-ref": "npm@10.8.0|sprintf-js@1.1.3", + "author": "Alexandru Mărășteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.1.3?vcs_url=git%2Bhttps%3A//github.com/alexei/sprintf.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "smart-buffer", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|smart-buffer@4.2.0", + "author": "Josh Glazebrook", + "description": "smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/smart-buffer@4.2.0?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/smart-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/smart-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/smart-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "npm@10.8.0|http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1?vcs_url=git%2Bhttps%3A//github.com/kornelski/http-cache-semantics.git", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-lambda", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|is-lambda@1.0.1", + "author": "Thomas Watson Steen", + "description": "Detect if your code is running on an AWS Lambda server", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-lambda@1.0.1?vcs_url=git%2Bhttps%3A//github.com/watson/is-lambda.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/is-lambda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/is-lambda", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/is-lambda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-lambda" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-fetch", + "version": "3.0.5", + "bom-ref": "npm@10.8.0|minipass-fetch@3.0.5", + "author": "GitHub Inc.", + "description": "An implementation of window.fetch in Node.js using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-fetch@3.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "encoding", + "version": "0.1.13", + "bom-ref": "npm@10.8.0|encoding@0.1.13", + "author": "Andris Reinman", + "description": "Convert encodings, uses iconv-lite", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encoding@0.1.13?vcs_url=git%2Bhttps%3A//github.com/andris9/encoding.git", + "externalReferences": [ + { + "url": "git+https://github.com/andris9/encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andris9/encoding#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andris9/encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/encoding" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|iconv-lite@0.6.3", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.6.3?vcs_url=git%3A//github.com/ashtuchkin/iconv-lite.git", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/iconv-lite" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2?vcs_url=git%2Bhttps%3A//github.com/ChALkeR/safer-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/safer-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-sized", + "version": "1.0.3", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that raises an error if you get a different number of bytes than expected", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-sized@1.0.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-sized.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-sized.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "minizlib", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|minizlib@2.1.2", + "author": "Isaac Z. Schlueter", + "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minizlib@2.1.2?vcs_url=git%2Bhttps%3A//github.com/isaacs/minizlib.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minizlib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minizlib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minizlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3?vcs_url=git%2Bhttps%3A//github.com/jshttp/negotiator.git", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/negotiator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "err-code", + "version": "2.0.3", + "bom-ref": "npm@10.8.0|err-code@2.0.3", + "author": "IndigoUnited", + "description": "Create an error with a code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/err-code@2.0.3?vcs_url=git%3A//github.com/IndigoUnited/js-err-code.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/js-err-code.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/err-code" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|retry@0.12.0", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.12.0?vcs_url=git%3A//github.com/tim-kos/node-retry.git", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1?vcs_url=git%3A//github.com/juliangruber/brace-expansion.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2?vcs_url=git%3A//github.com/juliangruber/balanced-match.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/balanced-match" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "npm@10.8.0|ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3?vcs_url=git%2Bhttps%3A//github.com/vercel/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/env-paths.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/env-paths" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "exponential-backoff", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|exponential-backoff@3.1.1", + "author": "Sami Sayegh", + "description": "A utility that allows retrying a function with an exponential delay between attempts.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/exponential-backoff@3.1.1?vcs_url=git%2Bhttps%3A//github.com/coveo/exponential-backoff.git", + "externalReferences": [ + { + "url": "git+https://github.com/coveo/exponential-backoff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/exponential-backoff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "npm@10.8.0|is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1?vcs_url=git%2Bhttps%3A//github.com/inspect-js/is-core-module.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-core-module" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2?vcs_url=git%2Bhttps%3A//github.com/inspect-js/hasOwn.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hasown" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "npm@10.8.0|function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2?vcs_url=git%2Bhttps%3A//github.com/Raynos/function-bind.git", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/function-bind" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-audit-report", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|npm-audit-report@5.0.0", + "author": "GitHub Inc.", + "description": "Given a response from the npm security api, render it into a variety of security reports", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-audit-report@5.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-audit-report.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-audit-report.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-audit-report#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-audit-report/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-audit-report" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-profile", + "version": "10.0.0", + "bom-ref": "npm@10.8.0|npm-profile@10.0.0", + "author": "GitHub Inc.", + "description": "Library for updating an npmjs.com profile", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-profile@10.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-profile.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-profile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-profile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-profile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-profile" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-json-stream", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSONStream, but using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-json-stream@1.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-json-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-json-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "jsonparse", + "version": "1.3.1", + "bom-ref": "npm@10.8.0|jsonparse@1.3.1", + "author": "Tim Caswell", + "description": "This is a pure-js JSON streaming parser for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonparse@1.3.1?vcs_url=git%2Bssh%3A//git%40github.com/creationix/jsonparse.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/creationix/jsonparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/creationix/jsonparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/creationix/jsonparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsonparse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-user-validate", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|npm-user-validate@2.0.1", + "author": "GitHub Inc.", + "description": "User validations for npm", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-user-validate@2.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-user-validate.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-user-validate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-user-validate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-user-validate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-user-validate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aggregate-error", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|aggregate-error@3.1.0", + "author": "Sindre Sorhus", + "description": "Create an error from multiple errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/aggregate-error@3.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/aggregate-error.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/aggregate-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aggregate-error" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "2.2.0", + "bom-ref": "npm@10.8.0|clean-stack@2.2.0", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/clean-stack.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/clean-stack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/indent-string.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/indent-string" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-packlist", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|npm-packlist@8.0.2", + "author": "GitHub Inc.", + "description": "Get a list of the files to add from a folder into an npm package", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-packlist@8.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-packlist.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-packlist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-packlist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-packlist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-packlist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore-walk", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|ignore-walk@6.0.5", + "author": "GitHub Inc.", + "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ignore-walk@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/ignore-walk.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ignore-walk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ignore-walk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ignore-walk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ignore-walk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff-apply", + "version": "5.5.0", + "bom-ref": "npm@10.8.0|just-diff-apply@5.5.0", + "author": "Angus Croll", + "description": "Apply a diff to an object. Optionally supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff-apply@5.5.0?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff-apply" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|just-diff@6.0.2", + "author": "Angus Croll", + "description": "Return an object representing the diffs between two objects. Supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff@6.0.2?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "qrcode-terminal", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|qrcode-terminal@0.12.0", + "description": "QRCodes, in the terminal", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/qrcode-terminal@0.12.0?vcs_url=git%2Bhttps%3A//github.com/gtanner/qrcode-terminal.git", + "externalReferences": [ + { + "url": "git+https://github.com/gtanner/qrcode-terminal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/qrcode-terminal" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/mute-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@4.0.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "npm@10.8.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0?vcs_url=git%2Bhttps%3A//github.com/chalk/supports-color.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chownr", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|chownr@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "like `chown -R`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/chownr@2.0.0?vcs_url=git%3A//github.com/isaacs/chownr.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/chownr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/chownr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/chownr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chownr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "1.0.4", + "bom-ref": "npm@10.8.0|mkdirp@1.0.4", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@1.0.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-mkdirp.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0?vcs_url=git%3A//github.com/substack/text-table.git", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/text-table" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-relative-date", + "version": "1.3.0", + "bom-ref": "npm@10.8.0|tiny-relative-date@1.3.0", + "author": "Joseph Wynn", + "description": "Tiny function that provides relative, human-readable dates.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tiny-relative-date@1.3.0?vcs_url=git%2Bhttps%3A//github.com/wildlyinaccurate/relative-date.git", + "externalReferences": [ + { + "url": "git+https://github.com/wildlyinaccurate/relative-date.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tiny-relative-date" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-version", + "group": "@oclif", + "version": "2.2.2", + "bom-ref": "@oclif/plugin-version@2.2.2", + "author": "Salesforce", + "description": "A command that shows the CLI version", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-version@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-version.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-version", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-version/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-version/-/plugin-version-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1f8b742bb15567ea42c0b01cd3679965b18c816f58717f0b58c976317ccac5019f3eb98164b4e113621e6d1f4fbd10248c3af30a66d979625c0b1f7bb4767a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-version@2.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-warn-if-update-available", + "group": "@oclif", + "version": "3.1.4", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "author": "Salesforce", + "description": "warns if there is a newer version of CLI released", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-warn-if-update-available@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-warn-if-update-available.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-warn-if-update-available/-/plugin-warn-if-update-available-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c63eb3830bee105994ac76055c7a2a993a6f394b0482a5e2ca87fd3aa8e0955dd77813cdb109dbb96ff4f391c549606f2885500addb6b954556890b3de8ece0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "http-call", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "author": "Jeff Dickey @jdxcode", + "description": "make http requests", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/http-call@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/heroku/http-call.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heroku/http-call", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heroku/http-call/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-call/-/http-call-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a1c229ac0b6dc8084e243e5f714c18ca0788a76d169e2f265e46e9c2ff5272fd9e97f2dbf6d8c1008caf8a04e31254b6aa5cf4d399df3adfcc1a54828b1b1db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call" + } + ], + "components": [ + { + "type": "library", + "name": "parse-json", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call/node_modules/parse-json" + } + ] + } + ] + }, + { + "type": "library", + "name": "is-retry-allowed", + "version": "1.1.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "author": "Vsevolod Strukchinsky", + "description": "My prime module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-retry-allowed@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/is-retry-allowed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "11a060568b67339444033d0125a61a20d564fb34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/is-retry-allowed" + } + ] + }, + { + "type": "library", + "name": "json-parse-better-errors", + "version": "1.0.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-better-errors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/zkat/json-parse-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/json-parse-better-errors" + } + ] + }, + { + "type": "library", + "name": "tunnel-agent", + "version": "0.6.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "author": "Mikeal Rogers", + "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/tunnel-agent@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/mikeal/tunnel-agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/tunnel-agent" + } + ] + } + ] + }, + { + "type": "library", + "name": "content-type", + "version": "1.0.5", + "bom-ref": "content-type@1.0.5", + "author": "Douglas Christopher Wilson", + "description": "Create and parse HTTP Content-Type header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-type" + } + ] + }, + { + "type": "library", + "name": "is-stream", + "version": "2.0.1", + "bom-ref": "is-stream@2.0.1", + "author": "Sindre Sorhus", + "description": "Check if something is a Node.js stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-stream@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "845a222624e5eb79e7fa4b2d1c606d7b05922a740ba726f5e7928785e035977f6ebed3bd9d6228a75a77b9da8f71477fc5b17554b30ee27ece23aa7b45b9e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-stream" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf3d3a4bcb74a33a035cc1beb9b7b6eb37824cd5dc2883c96498bc841ac5e227422e6b38086f50b4aeea065d5ba22e4e0f31698ecc1be493e61c26cca63698ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.2.1", + "bom-ref": "safe-buffer@5.2.1", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "test", + "group": "@oclif", + "version": "3.2.15", + "bom-ref": "@oclif/test@3.2.15", + "author": "Salesforce", + "description": "test helpers for oclif components", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/test@3.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/test/-/test-3.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea1b7468b28ccdab24a4c525c89d4d765de736b0f48e92a6072437dd1598961b76bc0b1bb87673e2010be6b3e049b0e94b4267c4425487aa2c9550a38c1e15c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "version": "4.4.1", + "bom-ref": "chai@4.4.1", + "author": "Jake Luer", + "description": "BDD/TDD assertion library for node.js and the browser. Test framework agnostic.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chai@4.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/chai.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://chaijs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/chai/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d77b0e7ccbf6f8359db8453eff16ee9f72d270ba2a375ee705e4cb52c9837ca768882d5faf49fd3d4e20baee0085170e54593fb16f0bc99587ba15ad419885fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chai" + } + ] + }, + { + "type": "library", + "name": "fancy-test", + "version": "3.0.15", + "bom-ref": "fancy-test@3.0.15", + "author": "Salesforce", + "description": "extendable utilities for testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fancy-test@3.0.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/fancy-test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/fancy-test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/fancy-test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fancy-test/-/fancy-test-3.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91964574fcd55ad2b106498b2d47f1862cec78697565946e0a69ae0a4a35a2202cfd7fccbc4e000a6fef973bf17eee0e79bffb309f2154ff2b522566dd1ef6f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fancy-test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "group": "@types", + "version": "4.3.14", + "bom-ref": "@types/chai@4.3.14", + "description": "TypeScript definitions for chai", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/chai@4.3.14#types/chai", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/chai", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chai", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a3ef5b1713843802419d1bd4efab5bbf7eab8dcfd11d1b82c824cc1554823b6ac8630fff1c7fc7f221f2408d1afa61cb179d213c70e1903ead60a9e47ccfedf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/chai" + } + ] + }, + { + "type": "library", + "name": "sinon", + "group": "@types", + "version": "17.0.3", + "bom-ref": "@types/sinon@17.0.3", + "description": "TypeScript definitions for sinon", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinon@17.0.3#types/sinon", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinon", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinon/-/sinon-17.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f7ba8bdd9fc7b0932f644411b5f5b3b06996dec49bbf5e3b641f28ef520b78c5f3c5cf5f1d70e44832a9d887ae85c773e8c2172bf39353e7e7abdfea1589aa7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinonjs__fake-timers", + "group": "@types", + "version": "8.1.5", + "bom-ref": "@types/sinonjs__fake-timers@8.1.5", + "description": "TypeScript definitions for @sinonjs/fake-timers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinonjs__fake-timers@8.1.5#types/sinonjs__fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinonjs__fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinonjs__fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "990914da363c8c9105ed81e31efb103bcfb7ba08532f599c9e7f7a8a07e138d991f9f50f48a22479f418a527bc6ec972d84a7ba106e7ffa546e7ff7fd2a700ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinonjs__fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-stdin", + "version": "1.0.0", + "bom-ref": "mock-stdin@1.0.0", + "author": "Caitlin Potter", + "description": "Mock STDIN file descriptor in Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-stdin@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/caitp/node-mock-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-stdin/-/mock-stdin-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6e91175bf417aedbbb7a74df97ced4911eaf49d01fc2a003b2486cc77e7f144df9aa8a9039c8d4ffb03504c987405771e991ae96c7a90e331b8e6dd39ec7ad1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nock", + "version": "13.5.4", + "bom-ref": "nock@13.5.4", + "author": "Pedro Teixeira", + "description": "HTTP server mocking and expectations library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nock@13.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/nock/nock.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nock/nock#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nock/nock/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c80c937dd78d24618117159dcd2282058c6ce45c4b6c28395f94387adb3def885c4331b5faa0b1bc8c8ea388f6472e8c52585654c5f83a860379f008230ba98f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nock" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-safe", + "version": "5.0.1", + "bom-ref": "json-stringify-safe@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSON.stringify, but doesn't blow up on circular refs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-safe@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/json-stringify-safe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642960e80698bda9af60413cd9ddc8c9ddef49222343ea1d823693cd1b8edeceeda0274529cce86f68b4cc287b244f245a7d7bcaf016854571bea1b051a96c44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stringify-safe" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "propagate", + "version": "2.0.1", + "bom-ref": "propagate@2.0.1", + "author": "Pedro Teixeira", + "description": "Propagate events from one event emitter into another", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/propagate@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nock/propagate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/nock/propagate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/nock/propagate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bc6ae139abcf493cf841536e04d75c35778f35d34c68ed718fdc81787d527103e393fae183db129425cf84c905b9a34d5bfb324ef62ab276c82713017d16db6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/propagate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinon", + "version": "16.1.3", + "bom-ref": "sinon@16.1.3", + "author": "Christian Johansen", + "description": "JavaScript test spies, stubs and mocks.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sinon@16.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/sinon.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sinonjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/sinonjs/sinon/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a39d659ecb17007fd9c2d1b5dc3e6883badfa813c1d8ae275337305b17df006152e65b0191a76212129ca161f946d627c82d3f9e367dc198a5093f18d750f94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "sinon@16.1.3|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "sinon@16.1.3|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "3.0.1", + "bom-ref": "@sinonjs/commons@3.0.1", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b79821ca43db1587ca350bd731930c5a3a65e800c943c42d666321eb8ea39611c06362befab7deb32f6ce58f9754199dc74b0db8d17d6a807dcc8dfd72256a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "10.3.0", + "bom-ref": "@sinonjs/fake-timers@10.3.0", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578046d3b92e6125244c24811c6f06f1336133e175f635c55a742dce3fb07bc0eb92948109e7bd67732cf328867abfdd96685edf9fd7760ca8dffd2b40a83b60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "samsam", + "group": "@sinonjs", + "version": "8.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0", + "author": "Christian Johansen", + "description": "Value identification and comparison functions", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/samsam@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/samsam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sinonjs.github.io/samsam/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/samsam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "069f0a51594ba7c89b259ae7bead9fa1584fd08557d82229acc24f2b4bea1aa82b0dad0e1d529e67207292ab2492b77157ac8a04f9866ac3bc2d58c0291dc67b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "2.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b8b6b48fce7d98cae0dac97041874efc092b39f987f97e8b4d598d4d2f42a9ec6e13622f54e448912a492ea78f01b127289efb68c982c2bd4d519e7bd76d1772" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam/node_modules/@sinonjs/commons" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "lodash.get", + "version": "4.4.2", + "bom-ref": "lodash.get@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.get` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.get@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfe530fef2eecba8107bc71f685583ee9d3056ff1f265de66f35e1df7452fb4a16db0bd4aa2457890ebd80b5922e9801e7feac53eafa065411d0c0482da76a4d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.get" + } + ] + }, + { + "type": "library", + "name": "nise", + "version": "5.1.9", + "bom-ref": "nise@5.1.9", + "description": "Fake XHR and server", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/nise@5.1.9", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/nise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/nise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/nise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e9e8ba35b8495e9ee34758c4939bdeebeea0f1ed98bcc89384c5a3e8f48cf2680bee59f718dae6a1f9259a1b10fb1af3e618a6132b392c27aec844846daac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "11.2.2", + "bom-ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@11.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b6a62092c50ee858ec701920321477cf22cc9e2465d8b5cea615b9c503e9115e48849d397c73ff23ba5d92df6f621419c323d1c6a1e596019beebce91971c83" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/@sinonjs/fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "6.2.2", + "bom-ref": "nise@5.1.9|path-to-regexp@6.2.2", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@6.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1905f749232892781bdfafb085da515c4fb77fd57c533c80a2b958bce1b1f3bb9f1877a13539f9942c6b2ad2f2678625ff010a9cd9ebf7c6733b0c03655e6883" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/path-to-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "text-encoding", + "group": "@sinonjs", + "version": "0.7.2", + "bom-ref": "@sinonjs/text-encoding@0.7.2", + "author": "Joshua Bell", + "description": "Polyfill for the Encoding Living Standard's API.", + "licenses": [ + { + "expression": "(Unlicense OR Apache-2.0)" + } + ], + "purl": "pkg:npm/%40sinonjs/text-encoding@0.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/text-encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b175ca1beb8bf48acaa95893b5aa365ace9dcb4ce7bbdb0e68fd5d8bf8ca196d4ce95b2c3bcbe5a5709072967e8e2b10d6d4c5002e49a3f10ecc56e08016a015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/text-encoding" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-extend", + "version": "6.2.0", + "bom-ref": "just-extend@6.2.0", + "author": "Angus Croll", + "description": "extend an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-extend@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "718a1f42ed97a689bcd92eaa0fbefc8c10e9c2fbf2dfdb3597f86b6228f6bbd00c750706469681bba918e26561ba7a39909562d43033e1a8a9840d96235fce03" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/just-extend" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "stdout-stderr", + "version": "0.1.13", + "bom-ref": "stdout-stderr@0.1.13", + "author": "Jeff Dickey @jdxcode", + "description": "mock stdout and stderr", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stdout-stderr@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/stdout-stderr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stdout-stderr/-/stdout-stderr-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7b7dfc71c761f8d9ecd7902efb900f22f52e76ec6dd760305282b9a40ac0609d266f0b9ecb59217a29fae398dfa511d545d7a075df31b0b52a555d55dd892c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stdout-stderr" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abort-controller", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/abort-controller@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A simple abort controller library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/abort-controller@3.0.0#packages/abort-controller", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/abort-controller", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/abort-controller", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7a1a514606df4ae0c60bbbbd98b89e76dcd551e00f281e50b933624ee8e990a8df2401cfee87526a2c4f858b34e892b4891a0d024af0be06bb261b32adb1928" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/abort-controller" + } + ] + }, + { + "type": "library", + "name": "express", + "group": "@types", + "version": "4.17.21", + "bom-ref": "@types/express@4.17.21", + "description": "TypeScript definitions for express", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express@4.17.21#types/express", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a394f337d79ab02e96909500d38cf76c50549ce99b0fe0037a0255a7a203e343b0958bb3d8177615cfe098de3136a7061fec4ffb1e50c0374ad5d86c531b41d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "group": "@types", + "version": "1.19.5", + "bom-ref": "@types/body-parser@1.19.5", + "description": "TypeScript definitions for body-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/body-parser@1.19.5#types/body-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/body-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/body-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c1dd9bbddae71abb4890d0930215013b6ff76ff0eb74ecd23729a64890850d5eaf3693878102a51a9de5df95e198f495ac91e4bdcbebb49d7332b2972e42b0a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/body-parser" + } + ] + }, + { + "type": "library", + "name": "connect", + "group": "@types", + "version": "3.4.38", + "bom-ref": "@types/connect@3.4.38", + "description": "TypeScript definitions for connect", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/connect@3.4.38#types/connect", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/connect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/connect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bab9139fd4b0fcf2e0d0a890a4b40e32ccbd586002ba3607ec234bff9938323ca5ac5f50a72745cf48385589e8ebbb519c4642d66fc465cc560946a1946daba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/connect" + } + ] + }, + { + "type": "library", + "name": "express-serve-static-core", + "group": "@types", + "version": "4.19.0", + "bom-ref": "@types/express-serve-static-core@4.19.0", + "description": "TypeScript definitions for express-serve-static-core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express-serve-static-core@4.19.0#types/express-serve-static-core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express-serve-static-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express-serve-static-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c6c9ea7726a3c246bcb5c2af8ee67ee88818065a67882573e35d70a8f042b4bbc76e6464986abedc1aa77730bd8952c2c6781edf99cd3a298a3d7cb196a8fbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express-serve-static-core" + } + ] + }, + { + "type": "library", + "name": "qs", + "group": "@types", + "version": "6.9.15", + "bom-ref": "@types/qs@6.9.15", + "description": "TypeScript definitions for qs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/qs@6.9.15#types/qs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/qs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b971d02844ba0d028a08b878e355effddc313aad53552dc93d432512aa04825be5851e8cc6795ec3f5eafcb4551e92f293b88adf33837b5a981c8325b4eed71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/qs" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "group": "@types", + "version": "1.2.7", + "bom-ref": "@types/range-parser@1.2.7", + "description": "TypeScript definitions for range-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/range-parser@1.2.7#types/range-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/range-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/range-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84aa2b9896e426acd01a1ce26b1e4f22d0d44cc00cf6e1365d7426337eddc9de2154cfb969597ba15c4c554895427da809014dfcb28265dbd2334a4546a6d299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "group": "@types", + "version": "0.17.4", + "bom-ref": "@types/send@0.17.4", + "description": "TypeScript definitions for send", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/send@0.17.4#types/send", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/send", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/send", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c7610ce9324ec9b79cedce76057d19b293e874cb1051de4be8f4703ae9d5c955215e205229fdc07b30cbf0382f82de68d147ca35fb80d1e30baf6c0b4f802204" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/mime@1.3.5", + "description": "TypeScript definitions for mime", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mime@1.3.5#types/mime", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mime", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe9c8165648b0f69f475c1c4de1abcb3c66f7044c7b44b85fb713b5d5b74220da7bec5505dd8211d57049085a3cbd034c0a7d39fdedafcf48362884a2259cfff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "group": "@types", + "version": "1.15.7", + "bom-ref": "@types/serve-static@1.15.7", + "description": "TypeScript definitions for serve-static", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/serve-static@1.15.7#types/serve-static", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/serve-static", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/serve-static", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5bc626fa1f2786e47068a3da0f0df8414930b068ba45ce3262abca168e6b9b61541210856f3556af15d4c6e28af130128d6b32b096349ec98d086842388b2b3b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/serve-static" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/http-errors@2.0.4", + "description": "TypeScript definitions for http-errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-errors@2.0.4#types/http-errors", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-errors", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-errors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f408530cb7275b2407a0ccec878ed88a3cb96f9e6de24d9c994526682eada64610dd98b7c858e0983df409e1cbb67ab2a0854fbe42f8dc523a7fe61ee1112a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-errors" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "group": "@types", + "version": "11.0.4", + "bom-ref": "@types/fs-extra@11.0.4", + "description": "TypeScript definitions for fs-extra", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/fs-extra@11.0.4#types/fs-extra", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/fs-extra", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-11.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c936c8b4236b791a28103df7aa3ba73ed8517128c444fd6be0ca8265cef0bf4bb6b149334c5a78e6d8147d2e7eafb16b64f76608235f94b85548ffe8f927a6b1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "group": "@types", + "version": "6.1.4", + "bom-ref": "@types/jsonfile@6.1.4", + "description": "TypeScript definitions for jsonfile", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jsonfile@6.1.4#types/jsonfile", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jsonfile", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonfile", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jsonfile/-/jsonfile-6.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f9a86518c23be734d7b1b5d539f7ff9f23eb299f0b53166c903f487e3df20e4a435fa54e803880943a49b88b43a74a4f8dca374f26bc420eba34b09b16951a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jsonfile" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "group": "@types", + "version": "4.0.3", + "bom-ref": "@types/get-installed-path@4.0.3", + "description": "TypeScript definitions for get-installed-path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/get-installed-path@4.0.3#types/get-installed-path", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/get-installed-path", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/get-installed-path/-/get-installed-path-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5deea74eebca3b776e98cb29b267f57b092b7bce5f866426335c88bf67e4c99458a9753538d6001fd6f61cc0e2ca43ef76315485eb9de298b3044a48eede8e53" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "jest", + "group": "@types", + "version": "29.5.12", + "bom-ref": "@types/jest@29.5.12", + "description": "TypeScript definitions for jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jest@29.5.12#types/jest", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7830bc6d3bd3fd0858771240ba542292e7a2818e40b1d0511f6c83296df2bde5bbb2f637f83ccdf38ff6354824c35d114e225b5aa66b4eda0655d625bc525d2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jest" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "29.7.0", + "bom-ref": "expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@29.7.0#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9992cd217f554b15823591b8742398cfdca1c7c821e991fc87073b125d116097f060f665987cc5bca03f8f74c3e5130cb91cdb11f49bad632ea931e3a1eb59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect-utils@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@29.7.0#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5b0d0568854050958bd4154b1edfe4080c78bc5ef58082b393ee3f63b62dd8c3000f0987d797ee503526aff1757c3759bde1caf94535f6487dc45eb52cd870" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "29.6.3", + "bom-ref": "jest-get-type@29.6.3", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@29.6.3#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cebb5e5e7a98c5f421ee5e451f22f7f232f7f5d8bc1fcac7a1e70b1f724dc47dc1c0eac1b0d79a6dd6a9e5ed08db7943e071c8f16e5514166a1b811aab92cd73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "29.7.0", + "bom-ref": "jest-matcher-utils@29.7.0", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@29.7.0#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b01903f978bd0ed70286c2372f7bb4f8dd28a603d89c244fb4671062b817991fa19adfdf61f5802f4c515d853c79639d7ee2e005ed18096dc016d9d12da82afe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "29.7.0", + "bom-ref": "jest-diff@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@29.7.0#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cc220888ae18a098faecd37247a71521db22122b7bcb14f900a1d3dea34f81b85ef003616841b904835bbc8016014e19dcbbb7b5a040d47c85d5b93a8b4548f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "29.6.3", + "bom-ref": "diff-sequences@29.6.3", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@29.6.3#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12378f2b5b2b0f73f4f28da3e1fd04c67ca5a91b3907db498dca7db7592b1f6a918bc08276c61fc1ef498122eeac5056c2ae2e3a58a9cdf9397c736fc052abf1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "29.7.0", + "bom-ref": "pretty-format@29.7.0", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@29.7.0#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3dd970fe83f137e69776633d474d09542f56545a022d3289bc354b82627ea807df04cc6c57ce65fcbbbbb0dc78cd2ccfca82f67ae226b84c0784e5dd12034565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "pretty-format@29.7.0|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format/node_modules/ansi-styles" + } + ] + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "29.7.0", + "bom-ref": "jest-message-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@29.7.0#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "181115e064400de3feaad076fbabbad6cb5e6bc98670e4f8982b6b608499c1fbbdfc8487149ff9cce31761ba4113d46c4b9f866fadc35b81609a7289efd29feb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/types@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@29.6.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb750fb088a558a38cdc5f425edac6f0b10998dc70a02402fd7563e082985efbe9c7b4088bf2a0d4b239b83983a4a95a73ad8d52d5fb78b8d187e8d565c2cecf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "29.7.0", + "bom-ref": "jest-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@29.7.0#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfa11b29a8c8a6a18a539eb2e4a054832d5db758a18502605b352564702b03ff97d9a77b09be6217e00ad445952ff068ed1cfdbaeae9ab0e9288109e7d46c218" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-util@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util/node_modules/ci-info" + } + ] + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/schemas@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@29.6.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a8e63e57fa321998942f78129e4bf72502e7a2a55eca8225f5bcc802c5a9b544d622a84d70eb69f4fed2499c7b635bc647710728e6063ce630379a2d0bfa748" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.27.8", + "bom-ref": "@sinclair/typebox@0.27.8", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.27.8", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f858f8de948cc09b38291ac7ffddfc51ffae0042c881506643383fab5606d74763c9f0374e7ad4f0df17cea0a1fe891976ccea0504d97fdea274c7c4e659f04c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "group": "@types", + "version": "4.0.9", + "bom-ref": "@types/js-yaml@4.0.9", + "description": "TypeScript definitions for js-yaml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/js-yaml@4.0.9#types/js-yaml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/js-yaml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9383066909794c6a3f8a2a6a6f65031b65308d7ce2496921d2ecac41e953949a57d6a1a5a546589bc3e73b80f11b5a81a26b4951d609eaa47ac5d21a875d092e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mocha", + "group": "@types", + "version": "10.0.6", + "bom-ref": "@types/mocha@10.0.6", + "description": "TypeScript definitions for mocha", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mocha@10.0.6#types/mocha", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mocha", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "749beb616c4ffd47179b7e909f7e9fc6150abbc03fc4c457553d9c962145d59ed403d9621b93ec8f77b3352670fb9a6e1f67330d744b7174317fc25b26dd1e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mocha" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "group": "@types", + "version": "4.13.4", + "bom-ref": "@types/mock-fs@4.13.4", + "description": "TypeScript definitions for mock-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mock-fs@4.13.4#types/mock-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mock-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "99798cd28ea550b3c8f33dd7367402a4bd011b13f0c75525d705d810f04697879f4a1cb15b64659f424e3c4586c9969864c33a3955ccff5e7352e14c639da58e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "undici-types", + "version": "5.26.5", + "bom-ref": "undici-types@5.26.5", + "description": "A stand-alone types package for Undici", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/undici-types@5.26.5", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/undici.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://undici.nodejs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/undici/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26508c3be7a174420aaa517193a21f568014566833edc53bcc3fe1f57674ab37a8b121e650954ecd242fbd84985979055c2f887cb29221f7e1bf4b1566ea7aa4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/undici-types" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "group": "@types", + "version": "1.3.3", + "bom-ref": "@types/objects-to-csv@1.3.3", + "description": "TypeScript definitions for objects-to-csv", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/objects-to-csv@1.3.3#types/objects-to-csv", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/objects-to-csv", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/objects-to-csv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/objects-to-csv/-/objects-to-csv-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0be7cc752da02beacd51ce620231ff778cfea0d6b272d06ba45e46f433b84a9a81efcc06fd3929d917c8f3fe9a29ffd1f8b39a0117106b14371bfe9498083c19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "group": "@types", + "version": "4.2.3", + "bom-ref": "@types/prompt-sync@4.2.3", + "description": "TypeScript definitions for prompt-sync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prompt-sync@4.2.3#types/prompt-sync", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prompt-sync", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prompt-sync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prompt-sync/-/prompt-sync-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b1efb8024b1d18c9e6a41adfea7ce6544853524a2fac877001a063a20b088ed8a383c78f760499d49bda085d2f801c9b6aa75da233845db98eaf89327d6d8c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "tmp", + "group": "@types", + "version": "0.2.6", + "bom-ref": "@types/tmp@0.2.6", + "description": "TypeScript definitions for tmp", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/tmp@0.2.6#types/tmp", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/tmp", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72185a35fda82879519031adfad88a136679689eaa6a59bb67dae52dd07098e88001fd3d610befa0b5e358ae0758f175c54fdfaaf3207cd7e956806c700fed28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/tmp" + } + ] + }, + { + "type": "library", + "name": "uuid", + "group": "@types", + "version": "9.0.8", + "bom-ref": "@types/uuid@9.0.8", + "description": "TypeScript definitions for uuid", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/uuid@9.0.8#types/uuid", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/uuid", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0fbdec4188718f4018724945a68f5607ad283b2b4e06d18d0e4cb208e1fc340a1059740edc91aff5423b20f54f647530d7963cafeeec9a068650d99ca0407c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/uuid" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@7.12.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/eslint-plugin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5f757dc6ee0dffdddd2f28db5fabdd99dc18891effe7969341293b6d4b5e10df2da86b89917d0868f87db01eb448e56817637529bd6ba55e5dba5b4fa678d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "regexpp", + "group": "@eslint-community", + "version": "4.10.0", + "bom-ref": "@eslint-community/regexpp@4.10.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/regexpp@4.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aef7a49dd81cbd982353c768b228e9aad74bf6da351542fd25427946372d7aa04f79f3dc84f900033dbacc182900e7570a6528373eefda4c955319f2ffaa350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/parser@7.7.1", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@7.7.1#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be63f304e3adcf8f05e89006552fe46589381245daa3a886ac3f37f2ca75c37350402d16f2bcbfabae35294e0fac6ec028d01fe7a34e711f063a91fc97d14f0b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/scope-manager@7.7.1", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.7.1#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f2b4189fd9217ef52a4450aca7627e60d511c575d254732ca71a9ced5f797f8a4eca99912fd7d5823215019075cf53d7acfd55860f7ff3837c20f74f83876ac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/types@7.7.1", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.7.1#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0263e69c65b564b4e959afbfda898facf7d1ec171b514e2885ae5521b49b4b56b54eff7ae9b925bcb357c69de6adb73e3f68f830d3937c37df36c938a3473aff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/visitor-keys@7.7.1", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.7.1#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8012f712adb9b800f0d4b43d915a5fde144cf835b3b34b999271d82b786ae237133ea5420a51c60e707a514515d9215e05e0382961d66db2ea99b19c6781586f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/typescript-estree@7.7.1", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.7.1#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977b4247097aeef056b7e9db5e5ea987d98c6780a2639102e3c73a23e8b630cd9eea66f82c2d273e7aa22d0aba88a29f1597650aa008b44ad556bbdec541921" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-api-utils", + "version": "1.3.0", + "bom-ref": "ts-api-utils@1.3.0", + "author": "JoshuaKGoldberg", + "description": "Utility functions for working with TypeScript's API. Successor to the wonderful tsutils. 🛠️️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-api-utils@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/JoshuaKGoldberg/ts-api-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "510308a3ba5bf1646898a475ffe30554b4eba08bc356d317dcae8e522afcca72f2cc1f097ab8a89edd9b4c0b6634f6b57a402037b60f0f27fa57eca0add53e79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-api-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "3.4.3", + "bom-ref": "eslint-visitor-keys@3.4.3", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2973e2d77a2ca28acc4f944914cd4eacbf24b57eb20edcc8318f57ddcbb3e6f1883382e6b1d8ddc56bf0ff6a0d56a9b3a9add23eb98eb031497cfdad86fa26a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "8.57.0", + "bom-ref": "eslint@8.57.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@8.57.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "759ebe99ec6769321b481656828bb9d54e8e9b322160cd9570d76d893b48eea3cd666df9024a6bd1feafb70df0d4a9a7e4f628fad6557e1d775ab8694baa0ba9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint@8.57.0|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint@8.57.0|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint@8.57.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint@8.57.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "type-utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0", + "description": "Type utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/type-utils@7.12.0#packages/type-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/type-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9626fdeadc91b4c84bc706ae0d6529fee5b714c84b03a0f4ac9f13ec7987ef1db71a4d46c30bbc519f7834c5c1bce10b9fa7e548f881ac22a57a19225f26aac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0", + "description": "Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/utils@7.12.0#packages/utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63a861c31c03c78d473698ee62cc18a7a8036e4899f078a7f417f9689427d5ba53b3769f618e065fe30f63199af23b68215d864704ccfd4266ff6b86095bfe0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "group": "@eslint-community", + "version": "4.4.0", + "bom-ref": "@eslint-community/eslint-utils@4.4.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/eslint-utils@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d7fb00e1dc2bcc1032794a10ea8c5a8472a6ad9bec9cb0a0e117f15b76451869909123503c534b57d09410540fd71f446171d3a39a7ac5d85933535ef69fc07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graphemer", + "version": "1.4.0", + "bom-ref": "graphemer@1.4.0", + "author": "Matt Davies", + "description": "A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/graphemer@1.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/flmnt/graphemer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flmnt/graphemer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flmnt/graphemer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12d2b0a0eea4c422fd58ee718a98874d9952cc19bb58b4fadbb4ea0bfb9545dd072a6abc357c9e6e7358c43a018bbc2df1e4d6ad4aca5c2395685abdc759206a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graphemer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accurate-search", + "version": "1.2.15", + "bom-ref": "accurate-search@1.2.15", + "author": "Florin Mirel Dumitrescu", + "description": "The fastest and most accurate javascript full-text search library. Accurate search uses match distance algorithm to return the accurate order of the matching items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/accurate-search@1.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/florind9/accurate-search.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://accuratesearch.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/florind9/accurate-search/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accurate-search/-/accurate-search-1.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2356977547875158d69468d26c177c35a304fc2414f78d87dad1cc12e6797adff16f9da60e18a421e6c08bdb9f12801ef25c331eb6c29784797ae099f0aff07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accurate-search" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "8.16.0", + "bom-ref": "ajv@8.16.0", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@8.16.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ajv.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "174b7047c535654ebb24812d7a451c2e45e4a0ee6630c9a0183f2c2bfc5417327cd398f11d097dda1226140aaa5ccc8c62348f3b250f0301d8841ef6839b135f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ajv" + } + ] + }, + { + "type": "library", + "name": "fast-deep-equal", + "version": "3.1.3", + "bom-ref": "fast-deep-equal@3.1.3", + "author": "Evgeny Poberezkin", + "description": "Fast deep equal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-deep-equal@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/fast-deep-equal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-deep-equal" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "1.0.0", + "bom-ref": "json-schema-traverse@1.0.0", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34cf3f3fd9f75e35e12199f594b86415a0024ce5114178d6855e0103f4673aff31be0aadaa9017f483b89914314b1d51968e2dab37aa6f4b0e96bb9a3b2dddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-schema-traverse" + } + ] + }, + { + "type": "library", + "name": "require-from-string", + "version": "2.0.2", + "bom-ref": "require-from-string@2.0.2", + "author": "Vsevolod Strukchinsky", + "description": "Require module from string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-from-string@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/require-from-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dfd2759ee91b1ece214cbbe029f5b8a251b9a996ae92f7fa7eef0ed85cffc904786b5030d48706bebc0372b9bbaa7d9593bde53ffc36151ac0c6ed128bfef13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-from-string" + } + ] + }, + { + "type": "library", + "name": "uri-js", + "version": "4.4.1", + "bom-ref": "uri-js@4.4.1", + "author": "Gary Court", + "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/uri-js@4.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/garycourt/uri-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/garycourt/uri-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/garycourt/uri-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eeb294cb2df7435c9cf7ca50d430262edc17d74f45ed321f5a55b561da3c5a5d628b549e1e279e8741c77cf78bd9f3172bacf4b3c79c2acf5fac2b8b26f9dd06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uri-js" + } + ] + }, + { + "type": "library", + "name": "punycode", + "version": "2.3.1", + "bom-ref": "punycode@2.3.1", + "author": "Mathias Bynens", + "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/punycode@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/punycode.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/punycode", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/punycode.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/punycode" + } + ] + }, + { + "type": "library", + "name": "form-data", + "version": "4.0.0", + "bom-ref": "form-data@4.0.0", + "author": "Felix Geisendörfer", + "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data@4.0.0", + "externalReferences": [ + { + "url": "git://github.com/form-data/form-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/form-data/form-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/form-data/form-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1131249521a2e6dd10319ba25e803f43abdc9f170b40fe6f76e812a6e0328ba4951a2d9c94f3e9fb180486e31a1c2fb31a09f7d4a776df95b7e5fec7ca491ac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data" + } + ] + }, + { + "type": "library", + "name": "proxy-from-env", + "version": "1.1.0", + "bom-ref": "proxy-from-env@1.1.0", + "author": "Rob Wu", + "description": "Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-from-env@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/Rob--W/proxy-from-env.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fece439109b03d7f5b5d5912b445a091dc63efe7470cc5caf3e17f24e4b4d2503d43930e3b98a24465036e9c8b514e45b082d6944a8d515454481bd65788562" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-from-env" + } + ] + }, + { + "type": "library", + "name": "assertion-error", + "version": "1.1.0", + "bom-ref": "assertion-error@1.1.0", + "author": "Jake Luer", + "description": "Error constructor for test and validation frameworks that implements standardized AssertionError specification.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/assertion-error@1.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/assertion-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/assertion-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/assertion-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0b1a35dbb3fa776f1b216ddee4ae5aabf2e250a72098a8beda2e40de4964738a092d90ba111d6dc407161564b33d8dd94f615c9a3ca1d1bb113c969447ae0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/assertion-error" + } + ] + }, + { + "type": "library", + "name": "check-error", + "version": "1.0.3", + "bom-ref": "check-error@1.0.3", + "author": "Jake Luer", + "description": "Error comparison and information related utility for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/check-error@1.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/check-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/check-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/check-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88a1280d869199dd66c4cf746b63847d6863b233e960fb90fa5318b28c41d76ebeb7c7f0ef24843b8f2798383908e4e3c4323ae7f636396a5e10793764e7bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/check-error" + } + ] + }, + { + "type": "library", + "name": "get-func-name", + "version": "2.0.2", + "bom-ref": "get-func-name@2.0.2", + "author": "Jake Luer", + "description": "Utility for getting a function's name for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-func-name@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/get-func-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/get-func-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/get-func-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2f5cebee135ebb0ad21cdcec88b5ca3b37f76946d05b60eb0fb170b3ed7fcf3279468d88d21ae64980cd58ee699ec3b04a7fd06abcb5f6b67395cb504152cc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-func-name" + } + ] + }, + { + "type": "library", + "name": "deep-eql", + "version": "4.1.3", + "bom-ref": "deep-eql@4.1.3", + "author": "Jake Luer", + "description": "Improved deep equality testing for Node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-eql@4.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/deep-eql.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/deep-eql#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/deep-eql/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "59a12d00ea51035310d1ea21a998e9183f33748d0ebec9bc9a616168337c76f0d9cf2a1431c6039dfe58ea2bbb1d35f17fc2434b6dea59ae1afa12820f238fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-eql" + } + ] + }, + { + "type": "library", + "name": "loupe", + "version": "2.3.7", + "bom-ref": "loupe@2.3.7", + "author": "Veselin Todorov", + "description": "Inspect utility for Node.js and browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/loupe@2.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/loupe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/loupe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/loupe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd230834655891da5848e0662e2d03d54a3b254f6755d40aac7c42f1e62557ef5828af5678fa8094bee54a5a2b1bf536170d70d214c199a6bf8eb43751b3c7b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/loupe" + } + ] + }, + { + "type": "library", + "name": "pathval", + "version": "1.1.1", + "bom-ref": "pathval@1.1.1", + "author": "Veselin Todorov", + "description": "Object value retrieval given a string path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pathval@1.1.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/pathval.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/pathval", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/pathval/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e9eb31aaa537444dd47ade57a12583de20eaa988d04db5cec1a5648bace8deed4688b04e5a63ddabfc0ba7400eebb17bdeb7796b277267657dbd50f4ca5f229" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pathval" + } + ] + }, + { + "type": "library", + "name": "colors", + "version": "1.4.0", + "bom-ref": "colors@1.4.0", + "author": "Marak Squires", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colors@1.4.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/Marak/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Marak/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Marak/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6be52a4e1e2481983f4a51af7dbcc31e9811bbb00040e9a6a911c99f185164808a1544fdd5bad584d36de7c08c594f4fb016efdcf0c26541db571b83887da6b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colors" + } + ] + }, + { + "type": "library", + "name": "csv-parse", + "version": "4.16.3", + "bom-ref": "csv-parse@4.16.3", + "author": "David Worms", + "description": "CSV parsing implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parse@4.16.3", + "externalReferences": [ + { + "url": "git+https://github.com/wdavidw/node-csv-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/parse/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wdavidw/node-csv-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.16.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70ed48ff39b3e30d9d70a1d5be90abec9551bbcfc5ca61b9384a66bec65895c718a253c12e85462941e03687386469057859561840e633204cf934ea45d5bfc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parse" + } + ] + }, + { + "type": "library", + "name": "dotenv", + "version": "16.4.5", + "bom-ref": "dotenv@16.4.5", + "description": "Loads environment variables from .env file", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/dotenv@16.4.5", + "externalReferences": [ + { + "url": "git://github.com/motdotla/dotenv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/motdotla/dotenv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/motdotla/dotenv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66674bdabba2f9e07663086c5b38c89d1f0b95db591c60e8435ba01fce69a472b0a541cbee3eeb3744e2f4d0a71a241b85a675d45a51fbb6a8d5d36c99db8d52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dotenv" + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif-typescript", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3", + "author": "oclif", + "description": "eslint config for Typscript'd oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif-typescript@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif-typescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif-typescript/-/eslint-config-oclif-typescript-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4de24a5d6050dee28cb73833fbe505356a5ed560b1f267ea46ecd9cb52e2ad112046556feb9e929151b880d65ab79ad13484207c39934be61e6f12b4da47f294" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@4.33.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68836203119574e975789c958da5a7fd871502ae068bf628df9a871829ea6d6573eb5837f43d21db7bde63f300d2b14519fc4aed3c92836bb00de36ff89815a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@4.33.0#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66885db1b5da76318148ad3fafe77ced7d120662b33aae3f4b99f32ba481809b29168f7f0940c9ee18dacaecdef892bb09940b0ccae8ab2b69ee939c14a4f164" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "7.32.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@7.32.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54767c817f840dfcfef7b8c6720c860b24626bf74f39de9787dc8fbfc065d7e4a8688c03f9afef96b3a6191532398bbb33052173b0b1a9e683654d774b8f84a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.12.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "author": "Sebastian McKenzie", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.12.11#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babeljs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66dd72a1d071d5473289e3cc4a45a753884faa1c2aee11a2da714bd4b780dc4525faad8b431d7a3084a0274fb3edd9e682f3fd42d2257ae11318e88e1f545c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@babel/code-frame" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "0.4.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@0.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27a285173e50098509ab7a5fd268c47022551116f3bfbd4f5080dccee87d264c0613371e77a08ee400cb1c1d6b6dfffea0f06da0f7cc60d3a9183cc200d95b5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "7.3.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@7.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/eslint/espree.git", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf724234213ae2e9a41699a4146ab354ab0e4f4b4dd59afeb9ea8b65fa55d4e6fc7be08480f59af8ec42a061f7b6786298c2886819b89bfbda46927f92b473da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.5.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15a82d285cfbe17ad397bcba1c2cd0a700df5cfd328717bd9472c3d546718ef64871bc91cfccd3145ff260d7d27f3538d78783c19d52aced10bedc9ffb014c42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "1.2.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66740c9cb5787bb843954bf0f07f94f0048bd36492d869fafbd01cdf01862c87bbfa37b601e00ec4f63e8b320f2437c50dbede0e37afd14b3c30ed6215137c84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "7.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@7.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d0ca9d28d7f98d75b4ced4f3ba9079304ab9a0674313fe3082a4d8b06d48c6a11378765061a89b6842e0a710e2b3813570834656882a10cba4b131e6d0561f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/acorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/glob-parent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/argparse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.29.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.29.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.29.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a65195478e6ce5dc8d5a3b633fda0129a9afc61d74e5ecb17fbd07805f85be990214fb6932a98f7b16432749cd89f0eb28abebc2497098fc78c552614817f02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.38.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.38.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.38.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b68cbf95c9f91c656f06a139aa2ec131beb5acb0179d4a8690435d6fca17e50de4f772c31d055a743a7f805628eb46ebe09a459e0f0c142f9463d2a0d11caea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "experimental-utils", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0", + "description": "(Experimental) Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/experimental-utils@4.33.0#packages/experimental-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/experimental-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cde4233a8112e491634e7021239418ed9be27333330e9b65b35e4616c23a8f250eab490e7fdf96a27921b652218744601d19ea8f981d3715b98f512f032620e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "json-schema", + "group": "@types", + "version": "7.0.15", + "bom-ref": "@types/json-schema@7.0.15", + "description": "TypeScript definitions for json-schema", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-schema@7.0.15#types/json-schema", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-schema", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7e7cff0ff0c14d0be0326420f1ac1da991914f1b3a90594ce949ebae54bbe6f1531ca2b3586af06aa057312bc6d0cf842c6e7e2850411e9b8c032df732b061c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tsutils", + "version": "3.21.0", + "bom-ref": "tsutils@3.21.0", + "author": "Klaus Meinhardt", + "description": "utilities for working with typescript's AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsutils@3.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajafff/tsutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajafff/tsutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajafff/tsutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "98728ade25172fedd417ac4be64d0f12129150128f042bfff919043a98d15b1c71dbb28a4419a603ad00f6980e52f322f062a144c3c49a30513f3b365bb3b538" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "tsutils@3.21.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "esrecurse", + "version": "4.3.0", + "bom-ref": "esrecurse@4.3.0", + "description": "ECMAScript AST recursive visitor", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esrecurse@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esrecurse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esrecurse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esrecurse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a67ca2f76fa1be457bcff0dd6faf74ead642ffa021609f63585c4b6a3fcfcbde929aa540381bc70555aa05dd2537db7083e17ca947f7df8a81e692d8bafd36a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esrecurse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "3.0.0", + "bom-ref": "eslint-utils@3.0.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae402e3720672dc3af29240d5181b412f3f34feeb721e82c1de23dd906d828e3ff05963e1e184ed96126513778aae69554bfa18f756e59d511657a8f38b8b0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "highlight", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/highlight@7.24.2", + "author": "The Babel Team", + "description": "Syntax highlight JavaScript strings for output in terminals.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/highlight@7.24.2#packages/babel-highlight", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-highlight", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-highlight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61a7356a8e1f9644f14ed7820d92c4bddc60d9f65fcf5bfc338429686ca9abf58f0ea8378a31d86c37ecf8b1b986fcd2a2a69267dfd9f652923f70a3663bfea4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "@babel/highlight@7.24.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "@babel/highlight@7.24.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/has-flag" + } + ] + } + ] + }, + { + "type": "library", + "name": "globals", + "version": "13.24.0", + "bom-ref": "globals@13.24.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@13.24.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0213b9414723f2596b6c6d3d89684f536076d38275c673de2fc910995a2b4accbe4a38f5b24f2023287a714a1c1a61f82f452e840272fa124c440e26800e2615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "type-fest", + "version": "0.20.2", + "bom-ref": "globals@13.24.0|type-fest@0.20.2", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35ef9e138af4fe25a7a40c43f39db3dc0f8dd01b7944dfff36327045dd95147126af2c317f9bec66587847a962c65e81fb0cfff1dfa669348090dd452242372d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "doctrine", + "version": "3.0.0", + "bom-ref": "doctrine@3.0.0", + "description": "JSDoc parser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/doctrine@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/doctrine.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/doctrine", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/doctrine/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c92f90e62de105fec6064778286f1aede04d3563462d3684c306165228c860cef3ae56033340455c78e33d6956675460ed469d7597880e68bd8c5dc79aa890db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/doctrine" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "enquirer", + "version": "2.4.1", + "bom-ref": "enquirer@2.4.1", + "author": "Jon Schlinkert", + "description": "Stylish, intuitive and user-friendly prompt system. Fast and lightweight enough for small projects, powerful and extensible enough for the most advanced use cases.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enquirer@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/enquirer/enquirer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/enquirer/enquirer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/enquirer/enquirer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad1a8983fea0779dfc547bd1dcf4ab75105bff5572d987f31eacef6e11884290d12886b816057fe786f9435c584b138ec0abe35f0792dba13443e9c0330a76a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enquirer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-colors", + "version": "4.1.1", + "bom-ref": "ansi-colors@4.1.1", + "author": "Brian Woodward", + "description": "Easily add ANSI colors to your text and symbols in the terminal. A faster drop-in replacement for chalk, kleur and turbocolor (without the dependencies and rendering bugs).", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-colors@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/ansi-colors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/ansi-colors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/ansi-colors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2685f46a919b1da50904d97ac85fa9e89005619ebaebf86108628de6df501636c940a514fe0f0c35b1436ef7eb80a5ef23542966994f3a7c08a3df655ff00098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-colors" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn-jsx", + "version": "5.3.2", + "bom-ref": "acorn-jsx@5.3.2", + "description": "Modern, fast React.js JSX parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-jsx@5.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn-jsx.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aeaf6cf893617f4202863b435f196527b838d68664e52957b69d0b1f0c80e5c7a3c27eef2a62a9e293eb8ba60478fbf63d4eb9b00b1e81b5ed2229e60c50d781" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-jsx" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esquery", + "version": "1.5.0", + "bom-ref": "esquery@1.5.0", + "author": "Joel Feenstra", + "description": "A query library for ECMAScript AST using a CSS selector like query language.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/esquery@1.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esquery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esquery/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esquery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6102d7529940c09802c9d43bf08309cb064271ea2a935a07d3538445d48025cffb5360329708e14822c312dab083cd7589d212ffd7c85391a31bbdc882328c56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esquery" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esutils", + "version": "2.0.3", + "bom-ref": "esutils@2.0.3", + "description": "utility box for ECMAScript language tools", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esutils@2.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/esutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esutils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "file-entry-cache", + "version": "6.0.1", + "bom-ref": "file-entry-cache@6.0.1", + "author": "Roy Riojas", + "description": "Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-entry-cache@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/royriojas/file-entry-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec6a6cfd75b299b2e4d902d82b8373a4c3ab623321748c57b88bf2d9006c2c4ea58eea1d2af7645acfdca72249dc25485691f43a2d47be0d68bdb3332dd14106" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/file-entry-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "functional-red-black-tree", + "version": "1.0.1", + "bom-ref": "functional-red-black-tree@1.0.1", + "author": "Mikola Lysenko", + "description": "A fully persistent balanced binary search tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/functional-red-black-tree@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/mikolalysenko/functional-red-black-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76c28d40d763eb10374fe4250030c0ee6392957d2a88c20d8e7d1c82bf9e1871ac6d21f34da6dc228833dbea7f8aa3f55ece843ffb12d926ea1fe6eb1936ead2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/functional-red-black-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2665cc67ac2ebc398b88712697dca4cea3ba97015ba1fd061b822470668435d0910c398c5679f2eece47b0880709b6aad30d8cc8f843aa48535204b62d4d8f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/imurmurhash" + } + ] + }, + { + "type": "library", + "name": "json-stable-stringify-without-jsonify", + "version": "1.0.1", + "bom-ref": "json-stable-stringify-without-jsonify@1.0.1", + "author": "James Halliday", + "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/samn/json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d6e8cbe97bb40dce196e858f21475a43f92ee0728f54e4df72e3caad1ac72cdd93dfff2528b6bb77cfd504a677528dc2ae9538a606940bbcec28ac562afa3f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stable-stringify-without-jsonify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "levn", + "version": "0.4.1", + "bom-ref": "levn@0.4.1", + "author": "George Zahariev", + "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/levn@0.4.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/levn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/levn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/levn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9b4f6b87e04e4b184ee1fe7ddebdc4bfb109495c2a48a7aca6f0e589e5e57afbaec3b2a97f2da693eea24102ddabcdfa1aff94011818710e2c7574cb7691029" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/levn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.merge", + "version": "4.6.2", + "bom-ref": "lodash.merge@4.6.2", + "author": "John-David Dalton", + "description": "The Lodash method `_.merge` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.merge@4.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.merge" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "optionator", + "version": "0.9.3", + "bom-ref": "optionator@0.9.3", + "author": "George Zahariev", + "description": "option parsing and help generation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/optionator@0.9.3", + "externalReferences": [ + { + "url": "git://github.com/gkz/optionator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/optionator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/optionator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2630a8ca9a7e8ca9f5b6d105131c617ad08a789b7dce102002f7b91571e2c53bc50d6ff968492d5fd6ee7c128b45131d53b6cdb692df706bbde01ddc7442608e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fast-levenshtein", + "version": "2.0.6", + "bom-ref": "optionator@0.9.3|fast-levenshtein@2.0.6", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c25eee887e1a9c92ced364a6371f1a77cbaaa9858e522599ab58c0eb29c11148e5d641d32153d220fcf62bcf2c3fba5f63388ca1d0de0cd2d6c2e61a1d83c77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator/node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "progress", + "version": "2.0.3", + "bom-ref": "progress@2.0.3", + "author": "TJ Holowaychuk", + "description": "Flexible ascii progress bar", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/progress@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/node-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-progress#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecf887b4b965e4b767288330d74d08fbcc495d1e605b6430598913ea226f6b46d78ad64a6bf5ccad26dd9a0debd979da89dcfd42e99dd153da32b66517d57db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/progress" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "version": "3.2.0", + "bom-ref": "regexpp@3.2.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexpp@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6ad9b5a8f66543e379dbb6cdb01afd7b5cb88d2f26be1a4959f246832d5d99d3c8030ac1a99ca9fd04531ea6f5ae1c26f256f63b279a39f8156fa106e69492e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "table", + "version": "6.8.2", + "bom-ref": "table@6.8.2", + "author": "Gajus Kuizinas", + "description": "Formats data into a string table.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/table@6.8.2", + "externalReferences": [ + { + "url": "git+https://github.com/gajus/table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gajus/table#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gajus/table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/table/-/table-6.8.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c36b1fbfcd27ac08765426ea47900adbbc2cc1786a71c9360217e7356efa6de417b24199d55d761b04bfff26156b77777dcbc08a9d8e5276c30235b6937bfd7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/table" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37ef148ac0170c693c3c55cfe07033551f676df995277cd82c05a24c8a2a0b9bf98ac8a786bfabe6e68ef3eeebdc131fb8d22e7c8b00ed176956069c0b6712a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-table" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache", + "version": "2.4.0", + "bom-ref": "v8-compile-cache@2.4.0", + "author": "Andres Suarez", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache@2.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/zertosh/v8-compile-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1cc967376c01c107f82ecaa250548e68e016643e1ce73d8506d9e6bcd06a2777f060356a5aa7c4ce98b49e7901bb6e787628c212c6c91d0031b9f63ef3aee87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confusing-browser-globals", + "version": "1.0.10", + "bom-ref": "confusing-browser-globals@1.0.10", + "description": "A list of browser globals that are often used by mistake instead of local variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/confusing-browser-globals@1.0.10#packages/confusing-browser-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/create-react-app.git#packages/confusing-browser-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/create-react-app#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/create-react-app/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80d95dff7972487c2e85a565b8950a2de3d88ab33740d08acd5c6a01d849208f7f5972955f93d447331526ca52d634ec952aa37ae1b828c5534a8ba2b7960f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/confusing-browser-globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-mocha", + "version": "9.0.0", + "bom-ref": "eslint-plugin-mocha@9.0.0", + "author": "Mathias Schreck", + "description": "Eslint rules for mocha.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-mocha@9.0.0", + "externalReferences": [ + { + "url": "git://github.com/lo1tuma/eslint-plugin-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77b92701c423d633c2cd97f771a781227dc19d6ea291cbdfcf4912a90a703d871518ba09579b33d25d0e241d8b47c23b76f4c36eaab5a15eb29614a0cc0d74ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ramda", + "version": "0.27.2", + "bom-ref": "ramda@0.27.2", + "author": "Scott Sauyet", + "description": "A practical functional library for JavaScript programmers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ramda@0.27.2", + "externalReferences": [ + { + "url": "git://github.com/ramda/ramda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ramdajs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ramda/ramda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ramda/-/ramda-0.27.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b88b3d4e3426e2678877b141202069ddf685fc1df834547701763e556e2394590f4fef6a151ca3b47cbc3f3a27fb5c10a285f6f66b515c20b66182aa508ac8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ramda" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-node", + "version": "11.1.0", + "bom-ref": "eslint-plugin-node@11.1.0", + "author": "Toru Nagashima", + "description": "Additional ESLint's rules for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-node@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a14c2d3c9d56d12283d13afec2abbdd9ce71b82790a81de14821dab27fd982315d03d88318d90d7f6662f73b58ed7fa136e3226f6dcb346466ebeb8df8a2c4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "eslint-plugin-node@11.1.0|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-es", + "version": "3.0.1", + "bom-ref": "eslint-plugin-es@3.0.1", + "author": "Toru Nagashima", + "description": "ESLint plugin about ECMAScript syntactic features.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-es@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-es.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "194980b0968de0573b19bb65f2e38195aca8d83aa1c16bc4cf290c1d20991d4dd7749f8d4b3cd97158578775715f989ca90fa841d2046b05d7f31911de620599" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif", + "version": "4.0.0", + "bom-ref": "eslint-config-oclif@4.0.0", + "author": "Jeff Dickey @jdxcode", + "description": "eslint config for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif/-/eslint-config-oclif-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6d91441e0b7deb1c0849c5a19e0466087e50cbba6795daa0ffe172c1757841ffa17ff899f075c7bdc181d2be4c74254a9441286942ff09115901a7fcf30fb86" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "36.0.0", + "bom-ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "author": "Sindre Sorhus", + "description": "Various awesome ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@36.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-36.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c71376bd272d1969c35ba68b1259bf2ca23072b9a4ea676211c5b9e54bf992b72b55c20549632612073f870a5e9987d969c299e67a4511118dcf869386ca7500" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.27.0", + "bom-ref": "eslint-config-xo-space@0.27.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.27.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.27.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fc5235be9d0c8e921880355a48a6daa528fc84ed7472438d2e435368061cd57eef798317d91aba658aaf191c1a5a385db008b65a7b14d28e0ed1be6f7dbe3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.35.0", + "bom-ref": "eslint-config-xo@0.35.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f96c994cb594265bc4c45ac153f2ddc3c001fd2d1ddf1fb6e8941d0566dcaa283665a5a1d338a761c1e893e113e08a0f68471145fdc513d92322d3558c1c2702" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "helper-validator-identifier", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-validator-identifier@7.22.20", + "author": "The Babel Team", + "description": "Validate identifier/keywords name", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-identifier@7.22.20#packages/babel-helper-validator-identifier", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-identifier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "638399fb2b656ad47c008fbc2997cab8be6eacaa7ba9ecb4f216b7d4bf1bdc1c1ec0902825a993cf2bf13d1ff90fe2a47490863eaffef13ba41c1958d74157f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-identifier" + } + ] + }, + { + "type": "library", + "name": "clean-regexp", + "version": "1.0.0", + "bom-ref": "clean-regexp@1.0.0", + "author": "Sam Verschueren", + "description": "Clean up regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-regexp@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SamVerschueren/clean-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19f8ac119109bf32ab9865a4bdf860cdccff06594dd5449ea83d95ead835e0e00e81a083d99fcf504bb19c067f9cfbe6687446edaf32efba754ff2114380f51f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp/node_modules/escape-string-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-template-visitor", + "version": "2.3.2", + "bom-ref": "eslint-template-visitor@2.3.2", + "licenses": [ + { + "expression": "GPL-3.0-or-later OR MIT" + } + ], + "purl": "pkg:npm/eslint-template-visitor@2.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/futpib/eslint-template-visitor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-template-visitor/-/eslint-template-visitor-2.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df2761a85a6e57bc7533d10ae7604f363e95d0ac2ed0a2a470801fa548701db47ca1c4659ffa141e07f142ea58f0ed61e10bff3ce1c3ba66ff070c0d7f16ed9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/eslint-parser@7.24.1", + "author": "The Babel Team", + "description": "ESLint parser that allows for linting of experimental syntax transformed by Babel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/eslint-parser@7.24.1#eslint/babel-eslint-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#eslint/babel-eslint-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77982ebb33253de0df6486e943cfa0d4d68236e00604118d1028741d5ab3d6c8ce7952e1d8211a89fb8ecac087d7c5115ba47ba6a5c836f7f93da47f742ea32d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/eslint-parser@7.24.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-scope-5-internals", + "group": "@nicolo-ribaudo", + "version": "5.1.1-v1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "description": "Proxy package exposing internals of eslint-scope@5 for @babel/eslint-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e78fc946f90b233cc35ac84259fba169d7eb7d954f884958f057209a0d47ae8125cbf1034accf384102c6ab0aec7e0ff90eb254d1aae373bb21929944934c71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "multimap", + "version": "1.1.0", + "bom-ref": "multimap@1.1.0", + "author": "villa.gao", + "description": "multi-map which allow multiple values for the same key", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/multimap@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/villadora/multi-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/villadora/multi-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/villadora/multi-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/multimap/-/multimap-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d19211f4f6ac3f1197991b0417c8ec0f39ddcc70e3eed21abfe2549af20507f587b30962167aaec44093fc37bb191e3283df64cbf36544a253f361b5cb6ef56f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/multimap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-builtin-module", + "version": "3.2.1", + "bom-ref": "is-builtin-module@3.2.1", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-builtin-module@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0522c4dc79d5dacc99d052b488c03fc941a995478c98dcf8016e5f9d3ba76c222a662e2f1b75a3253f451cccb90faf719806011d742125d00b769c15c55e74d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-builtin-module" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pluralize", + "version": "8.0.0", + "bom-ref": "pluralize@8.0.0", + "author": "Blake Embrey", + "description": "Pluralize and singularize any word", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pluralize@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/blakeembrey/pluralize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35cdc84f9c87cdf9537db8e0a967023e9a3b0da2b2e059e907497fcc2016d1373b8f1022baa4b11dab27b41dc3efcf3b2d2ac0f7790327d217a2fc49631c8b08" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pluralize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-pkg-up", + "version": "7.0.1", + "bom-ref": "read-pkg-up@7.0.1", + "author": "Sindre Sorhus", + "description": "Read the closest package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg-up@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccad1307b5dde89a422e694b9ae7eaca4184fbf4e539e3c3eaa28294d5bb8470ca161fc9effee0096191ee3a044045b56caab76b7c9465239b3a858b150e2886" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-limit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.8.1", + "bom-ref": "read-pkg-up@7.0.1|type-fest@0.8.1", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1d6f3233aaf8ed822339af0d64e6b107b4100d2a676e7611b20446a3374d5f13285a00886ca0a372eb2efe20df7721fa45b7063d8aa8bb903fb1c0a850b0d24" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "regexp-tree", + "version": "0.1.27", + "bom-ref": "regexp-tree@0.1.27", + "author": "Dmitry Soshnikov", + "description": "Regular Expressions parser in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexp-tree@0.1.27", + "externalReferences": [ + { + "url": "git+https://github.com/DmitrySoshnikov/regexp-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8844f1a632ba628456246e68ea15cbc2f8d80285be144667f68b343c3fdbe803fac50c2c6bf63b942560222c416d43cc7e1bbe8b62ed75e02a5538069506ab7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexp-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safe-regex", + "version": "2.1.1", + "bom-ref": "safe-regex@2.1.1", + "author": "James C.", + "description": "detect possibly catastrophic, exponential-time regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-regex@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/davisjam/safe-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/davisjam/safe-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davisjam/safe-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af1fb1f0033329be50e6543de59a22e996c9ab008b92a8b75ee257a793f7ad3f0e11ceac642246e40139754de5b2046bfc5e01b37d634a554dfa3e4aaec1aef4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-regex" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "52.0.0", + "bom-ref": "eslint-plugin-unicorn@52.0.0", + "author": "Sindre Sorhus", + "description": "More than 100 powerful ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@52.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-52.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58ce6eff9bed11e1d8c7d2d8c38df55e8bf8eedb0dc0cd41a31baabc267b8d20be71230b1f9720a8a16e6c7c1bd0a76a4c61015259608538db2309ac751079e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "2.1.4", + "bom-ref": "@eslint/eslintrc@2.1.4", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbaf59dfd312eb0549b6ca14975d0beb459d92125574f1b6e10e1e6531f79e717a969bd24a110adf04230d7f494560143ef3e1ec23a8b8fa54f48aea69916fb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "9.6.1", + "bom-ref": "espree@9.6.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@9.6.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/espree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2bb99685923a2b4e9177da40d2239ffbe558b019e6608a7186cb636839283743d6e7c259e60e6e072e7925d111379fe9e30d7474dfb698d7ec79f19ff315dc1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parent-module", + "version": "1.0.1", + "bom-ref": "parent-module@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the path of the parent module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parent-module@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parent-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parent-module" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "4.0.0", + "bom-ref": "resolve-from@4.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4dd1ea8067fda1d77c49736ec6d501571f0dbfea9939e8c4eaacaa8b2e4db5b61840e7856bace61e4c653f399a2f15961ec53a9c9981ec01137553e2fb634152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core-js-compat", + "version": "3.37.0", + "bom-ref": "core-js-compat@3.37.0", + "author": "Denis Pushkarev", + "description": "core-js compat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-js-compat@3.37.0#packages/core-js-compat", + "externalReferences": [ + { + "url": "git+https://github.com/zloirock/core-js.git#packages/core-js-compat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/zloirock/core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zloirock/core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8ab82fe4fc692e54b858385300e173b60d45655e559c25b5a77d0bf8d5dd1d8b8153a94bd043afb97f58be8137475b5779355de8cf4c7aaa133260b1ad1fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-js-compat" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "browserslist", + "version": "4.23.0", + "bom-ref": "browserslist@4.23.0", + "author": "Andrey Sitnik", + "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/browserslist@4.23.0", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/browserslist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/browserslist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/browserslist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "416f0788cd6c8614f61aece4be495f8dc2838961571ce78508803f86e24fc07b2c97073276093b5fecf6cd7a448a33fdf14098ec76ee6d9b79276660bdfd0269" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browserslist" + } + ] + }, + { + "type": "library", + "name": "caniuse-lite", + "version": "1.0.30001612", + "bom-ref": "caniuse-lite@1.0.30001612", + "author": "Ben Briggs", + "description": "A smaller version of caniuse-db, with only the essentials!", + "licenses": [ + { + "license": { + "id": "CC-BY-4.0" + } + } + ], + "purl": "pkg:npm/caniuse-lite@1.0.30001612", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/caniuse-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001612.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "945827674ed485a09cb12660596d0ae63e1eebd74ad6efe5b6b2fd95352214ec0d1ecd764b750c204620055d19e82ea14437afee2467333cd898a69b61d5c5f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/caniuse-lite" + } + ] + }, + { + "type": "library", + "name": "electron-to-chromium", + "version": "1.4.747", + "bom-ref": "electron-to-chromium@1.4.747", + "author": "Kilian Valkhof", + "description": "Provides a list of electron-to-chromium version mappings", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/electron-to-chromium@1.4.747", + "externalReferences": [ + { + "url": "git+https://github.com/kilian/electron-to-chromium.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.747.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f859d2599200bc51dbb0d566531844a9689a3a23cc71fba6d464339560a0ff02e2815b6c84eb235c7c8415f9ade9c14aebe1e44b740e241bfaff738fba66c17f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/electron-to-chromium" + } + ] + }, + { + "type": "library", + "name": "node-releases", + "version": "2.0.14", + "bom-ref": "node-releases@2.0.14", + "author": "Sergey Rubanov", + "description": "Node.js releases data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-releases@2.0.14", + "externalReferences": [ + { + "url": "git+https://github.com/chicoxyzzy/node-releases.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb5d30396b7cc99a6a5e63a0468efb59a1c49a1610606340eb2e36d4f2ac2985842bc696f9ca80a616e8ad90e1a9fc8aadb64437dd823755f629b69f636b3b63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-releases" + } + ] + }, + { + "type": "library", + "name": "update-browserslist-db", + "version": "1.0.13", + "bom-ref": "update-browserslist-db@1.0.13", + "author": "Andrey Sitnik", + "description": "CLI tool to update caniuse-lite to refresh target browsers from Browserslist config", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/update-browserslist-db@1.0.13", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/update-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/update-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/update-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e6cff3548d70fb8da4f3f7bb3796d4d617c48debc72273177a43eac1f88c4ee8fc85fe5ad4a9c27554faa22c0cfca4d1dde198543b9a3a9ce80b55eb4e216e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/update-browserslist-db" + } + ] + }, + { + "type": "library", + "name": "escalade", + "version": "3.1.2", + "bom-ref": "escalade@3.1.2", + "author": "Luke Edwards", + "description": "A tiny (183B to 210B) and fast utility to ascend parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escalade@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/escalade.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/escalade#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/escalade/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b08730269ed7dbd1f2f4067b9d3122c5689b2d7dae0ea016edfeaf78e410ee3ab2e2cc58192cbd5ca81a0415fa339f97ce1948e4a59afe86c5af3d3e64c698" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escalade" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "5.3.0", + "bom-ref": "estraverse@5.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@5.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30c74046e54443388d4de243f0380caa6870475d41450fdc04ffa92ed61d4939dfdcc20ef1f15e8883446d7dfa65d3657d4ffb03d7f7814c38f41de842cbf004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "builtin-modules", + "version": "3.3.0", + "bom-ref": "builtin-modules@3.3.0", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/builtin-modules@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/builtin-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce16820e271d2ee58de546cde4832716a34c84d7e8f75f6c1fce72dbf79afb9620f53b1391e671a4bf892dba7a7206054b8b112e9dd85784bac83baa5561d83b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/builtin-modules" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "3.0.2", + "bom-ref": "jsesc@3.0.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4aab3cd65c3b6d26e39c6b006de0a9ca1c721fe6843f0b16b1fb43d6146f83143807340762f935c40800c8f91622154326c7cefddb1b0c6db8178f80b09cfe2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-try", + "version": "2.2.0", + "bom-ref": "p-try@2.2.0", + "author": "Sindre Sorhus", + "description": "`Start a promise chain", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-try@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-try.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-try#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-try/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-try" + } + ] + }, + { + "type": "library", + "name": "path-exists", + "version": "4.0.0", + "bom-ref": "path-exists@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path exists", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-exists.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a4f50cb943b8d86f65b071ecb9169be0d8aa0073f64884b48b392066466ca03ec1b091556dd1f65ad2aaed333fa6ead2530077d943c167981e0c1b82d6cbbff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-exists" + } + ] + }, + { + "type": "library", + "name": "read-pkg", + "version": "5.2.0", + "bom-ref": "read-pkg@5.2.0", + "author": "Sindre Sorhus", + "description": "Read a package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "520ebd98d3a97ef28301cd90f034693238f376dae7bfd1dc48c5fee15b19c43d5a67a673ac813bae5cd706d593ca150b48c2a0d3be805ba591e626690f42623a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "normalize-package-data", + "version": "2.5.0", + "bom-ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.5.0", + "externalReferences": [ + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "2.8.9", + "bom-ref": "read-pkg@5.2.0|hosted-git-info@2.8.9", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.8.9", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9b120301bf4bb26e83a0e27bc47fb9f97e32d4b53fe078b9d0bf42e6c22cc0adc9cd42d2e1bc24d45be374182f611e1bcd3e2db944220b5e451367f91db2ef63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "5.7.2", + "bom-ref": "read-pkg@5.2.0|semver@5.7.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "701ce79d0f4a8c9a94ebb079d91302eb908c6ab2b6eb4d161676e471a8b05aadf1cbfe61685265b21827a63a2f31527e1df7f8f5df06127d1bf3b0b9a43435d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.6.0", + "bom-ref": "read-pkg@5.2.0|type-fest@0.6.0", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abe301f27611d4a0cbae0af81b9c9e99fb69302eff40ba959dd06610476ace6363e5d70538ee0ea3caa5c1913750b4f7f998a6d45f0aab87019e290d86508c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "group": "@types", + "version": "2.4.4", + "bom-ref": "@types/normalize-package-data@2.4.4", + "description": "TypeScript definitions for normalize-package-data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/normalize-package-data@2.4.4#types/normalize-package-data", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/normalize-package-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/normalize-package-data", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfb8be39a59387da9e2b82d21cfb32442ecd6a19c6a2d36e66f8cb4a070fcdb9691c1debac227100e808e6009d2a6edca289ec697d4e7f420b8937276636dfc4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regjsparser", + "version": "0.10.0", + "bom-ref": "regjsparser@0.10.0", + "author": "'Julian Viereck'", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/regjsparser@0.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jviereck/regjsparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jviereck/regjsparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jviereck/regjsparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab1fb1406655b32e79087d1ad61895c079aa8cbaf27e1ef04321791ced3b5c9f5fedd40c63f80f407865c83908cc9282fb1d9f502a42714383514505ae6ed21c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "jsesc", + "version": "0.5.0", + "bom-ref": "regjsparser@0.10.0|jsesc@0.5.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "http://mths.be/mit" + } + } + ], + "purl": "pkg:npm/jsesc@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b99cf952707bbb84fd2efc2616a5e28bba594a8b9a44fa2b1ace70868d48a7b54ed30c5a9c5bc12fb1a433a7531e5817fa384102945eb5a5a99c369b39e4dc9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser/node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "strip-indent", + "version": "3.0.0", + "bom-ref": "strip-indent@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip leading whitespace from each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-indent@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "95a2536b725bf95429682e83b1e1e117b75756a1d37c93c24436846e277f76b3a1822b60624bbf95eb4c52a397168595d3320851b8e9747dadfad623e1b40c45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "min-indent", + "version": "1.0.1", + "bom-ref": "min-indent@1.0.1", + "author": "James Kyle", + "description": "Get the shortest leading whitespace from lines in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/min-indent@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejameskyle/min-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23d8f0327d3b4b2fc8c0e8f7cd59158a4d894ef8296b29036448a02fa471e8df4b6cccb0c1448cb71113fbb955a032cb7773b7217c09c2fbae9ecf1407f1de02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/min-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@eslint", + "version": "8.57.0", + "bom-ref": "@eslint/js@8.57.0", + "description": "ESLint JavaScript language implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/js@8.57.0#packages/js", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git#packages/js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cfb78364da5bb8000ce2733edf37489b420e13239dd703305550fd38fd880d417c9cc5283f660145d3dce7a7a6e3c76c8e8ffe6c840b1449ae87d4b03c7fe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.11.14", + "bom-ref": "@humanwhocodes/config-array@0.11.14", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.11.14", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd3f0b90e9a0e39055e452026f5e5040cb325125ab43c0328157c2ed91b7db339a967aab8a59b4d7c6550b0d1e6a95eec7c16d037deaf0f4914acb6379ede34a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "2.0.3", + "bom-ref": "@humanwhocodes/object-schema@2.0.3", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f77cd874c112fdcd43ebdc9988a0c18f4576e2fa8dcc1fe4a05dba28f69a8007dddcfff8814961dc3cace688002be1318bd432ce50fcc7fd3c66def020a70370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "module-importer", + "group": "@humanwhocodes", + "version": "1.0.1", + "bom-ref": "@humanwhocodes/module-importer@1.0.1", + "author": "Nicholas C. Zaks", + "description": "Universal module importer for Node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/module-importer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f1bde57857cbf961be277054d3deb3d281904ea429237cad32e28555549c08b8354144c0d7acfc9744bf7cf22e5aa7d9bd6e7c8412359f9b95a4066b5f7cb7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/module-importer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs.scandir", + "group": "@nodelib", + "version": "2.1.5", + "bom-ref": "@nodelib/fs.scandir@2.1.5", + "description": "List files and directories inside the specified directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "beadb806adf29b91c4426d8d282af7c970f08dceef4ec1138510e7929d832bda75baa2d1f831eeae6fcd393a34286ec760753b7a9a4a663dcccaa62e3017fada" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.scandir" + } + ] + }, + { + "type": "library", + "name": "run-parallel", + "version": "1.2.0", + "bom-ref": "run-parallel@1.2.0", + "author": "Feross Aboukhadijeh", + "description": "Run an array of functions in parallel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-parallel@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/feross/run-parallel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/run-parallel", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/run-parallel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65e15c9947ce8b67f943c594d1ea3a8bf00144d92d0814b30fdba01b8ec2d5003c4776107f734194b07fb2dfd51f0a2dddcf3f0e950b8f9a768938ca031d004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-parallel" + } + ] + }, + { + "type": "library", + "name": "queue-microtask", + "version": "1.2.3", + "bom-ref": "queue-microtask@1.2.3", + "author": "Feross Aboukhadijeh", + "description": "fast, tiny `queueMicrotask` shim for modern engines", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/queue-microtask@1.2.3", + "externalReferences": [ + { + "url": "git://github.com/feross/queue-microtask.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/queue-microtask", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/queue-microtask/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36e68d49ae9f94a4f925a498433268934e09cd32f5080e9a1a1bf9adf2d6dcf82a03e3360a1a59427002f21f22e19164052f17e51aa40c11c0eebe217a3dcaf4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/queue-microtask" + } + ] + }, + { + "type": "library", + "name": "fastq", + "version": "1.17.1", + "bom-ref": "fastq@1.17.1", + "author": "Matteo Collina", + "description": "Fast, in memory work queue", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fastq@1.17.1", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/fastq.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/fastq#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/fastq/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b11543de55952175a0e81cbaf1937bbe1a3d6b5a5070dfd604568002c0c31739498efa06c743fccfb575b7bda0ac525f261bb760f641baedb97fb29ac368cdd7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastq" + } + ] + }, + { + "type": "library", + "name": "reusify", + "version": "1.0.4", + "bom-ref": "reusify@1.0.4", + "author": "Matteo Collina", + "description": "Reuse objects and functions with style", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/reusify@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/reusify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/reusify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/reusify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d9c7f3c6b77dcfde902175974fd43f5228b22b888f24e1ee106f5d530762055c7c6bedf3ded782e8f650e2c3788e411b69bbfeec3268b553e9f6ed0b04f2cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/reusify" + } + ] + }, + { + "type": "library", + "name": "structured-clone", + "group": "@ungap", + "version": "1.2.0", + "bom-ref": "@ungap/structured-clone@1.2.0", + "author": "Andrea Giammarchi", + "description": "A structuredClone polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40ungap/structured-clone@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/ungap/structured-clone.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ungap/structured-clone#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ungap/structured-clone/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cee55d16b3098ae083414302cd0683e8a2f6f0c8e7aaa37c5e702a884abd3cd9bf8423d34867eb5c239fc23d68c382c56ffb4dca624fc2c35b55e3dcd7116aad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ungap/structured-clone" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-key" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-command" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-regex" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "447c4c2e9f659ca1c61d19e0f5016144231b600715a67ebdb2648672addfdfac638155564e18f8aaa2db4cb96aed2b23f01f9f210d44b8210623694ab3241e23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "7.2.2", + "bom-ref": "eslint-scope@7.2.2", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@7.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74eb76d4eee54cc84333e5fd981e065fe0d9ad9b425093cbff095c4eac72af1e48bced0862d20b76dad0190a7ef27e52d20c1256639ff4d42b8cc3a07d066522" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "8.11.3", + "bom-ref": "acorn@8.11.3", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@8.11.3", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63dad17c91b98dc28e13408b8ac61ba2352322b20413b00633303f4a6e01b2500d85b4be70332980175c3d3f75a09eceb89f61609071e7d4636e1c559eb17c5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn" + } + ] + }, + { + "type": "library", + "name": "flat-cache", + "version": "3.2.0", + "bom-ref": "flat-cache@3.2.0", + "author": "Jared Wray", + "description": "A stupidly simple key/value storage using files to persist some data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/flat-cache@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/flat-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09870435af85b5c50a2e6861ab272da5c96cabb405dfca4a8d91ec18d892405e6be05b6828359a6c50e5de1cda11032f4f52c7132b30e6dc202efa5861be2f6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "flatted", + "version": "3.3.1", + "bom-ref": "flatted@3.3.1", + "author": "Andrea Giammarchi", + "description": "A super light and fast circular JSON parser.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/flatted@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/flatted.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/flatted#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/flatted/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5fc72a30b2e27bb2ac3540d277378df0560af6b12de03b7aeceb06fc33469d84d20c11b8b850091419d47a257ecc2540bf0172e7a22333db07e758d568484dc7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flatted" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "keyv", + "version": "4.5.4", + "bom-ref": "keyv@4.5.4", + "author": "Jared Wray", + "description": "Simple key-value storage with support for multiple backends", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/keyv@4.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/keyv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/keyv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/keyv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3154790747f1097f608d5e75b144b5ba9a0ec9c82094706d03b441a62f672d528d4f3538a7d4f52297eafffb8af93295600bf7e7d648ecc7b9a34ae8caa88a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/keyv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-buffer", + "version": "3.0.1", + "bom-ref": "json-buffer@3.0.1", + "author": "Dominic Tarr", + "description": "JSON parse & stringify that supports binary via bops & base64", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-buffer@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/dominictarr/json-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1b57905f4769aa7d04c99be579b4f3dd7fe669ba1888bd3b8007983c91cad7399a534ff430c15456072c17d68cebea512e3dd6c7c70689966f46ea6236b1f49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-buffer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "5.0.0", + "bom-ref": "find-up@5.0.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efcfcf5d3d7094b2c3813cc3b3bb23abd873cf4bd70fece7fbbc32a447b87d74310a6766a9f1ac10f4319a2092408dda8c557dd5b552b2f36dac94625ba9c69e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "6.0.0", + "bom-ref": "locate-path@6.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88f64ae9e6236f146edee078fd667712c10830914ca80a28a65dd1fb3baad148dc026fcc3ba282c1e0e03df3f77a54f3b6828fdcab67547c539f63470520d553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "5.0.0", + "bom-ref": "p-locate@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2da363b51594058fbecc1e6713f37071aa0cca548f93e4be647341d53cdd6cc24c9f2e9dca7a401aded7fed97f418ab74c8784ea7c47a696e8d8b1b29ab1b93f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-extglob", + "version": "2.1.1", + "bom-ref": "is-extglob@2.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a string has an extglob.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extglob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extglob" + } + ] + }, + { + "type": "library", + "name": "is-path-inside", + "version": "3.0.3", + "bom-ref": "is-path-inside@3.0.3", + "author": "Sindre Sorhus", + "description": "Check if a path is inside another path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-path-inside@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-path-inside.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15de200016fec9c18098aa2ef1e31fb42ba94a2af9951c6a7f8683fef774703daa7381cbd3b3a309eb8732bf11a380a831a782283074fc40813955a34f052f3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-path-inside" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "prelude-ls", + "version": "1.2.1", + "bom-ref": "prelude-ls@1.2.1", + "author": "George Zahariev", + "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prelude-ls@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/prelude-ls.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://preludels.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/prelude-ls/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be47033eb459a354192db9f944b18fa60fd698843ae6aa165a170629ffdbe5ea659246ab5f49bdcfca6909ab789a53aa52c5a9c8db9880edd5472ad81d2cd7e6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prelude-ls" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-check", + "version": "0.4.0", + "bom-ref": "type-check@0.4.0", + "author": "George Zahariev", + "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-check@0.4.0", + "externalReferences": [ + { + "url": "git://github.com/gkz/type-check.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/type-check", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/type-check/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5794a1cf6ec065ea8d6c176944d9026ccc705679f39f10036befc7552be7121c8b15c83fef0b9c50e0469954df4bacead7aa765b2415fbbe69ee0aefd3a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-check" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "word-wrap", + "group": "@aashutoshrathi", + "version": "1.2.6", + "bom-ref": "@aashutoshrathi/word-wrap@1.2.6", + "author": "Jon Schlinkert", + "description": "Wrap words to a specified length.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/aashutoshrathi/word-wrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d588ecd92bccf137e5111fce0f770e8e15963996f9f00dadef0a44d92f577c161388897e5c58501b66e3cb83eed48f8402508d533443603745c056142af5dc20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aashutoshrathi/word-wrap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "deep-is", + "version": "0.1.4", + "bom-ref": "deep-is@0.1.4", + "author": "Thorsten Lorenz", + "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-is@0.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/thlorenz/deep-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/deep-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/deep-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a083f392c993838fccae289a6063bea245c34fbced9ffc37129b6fffe81221d31d2ac268d2ee027d834524fcbee1228cb82a86c36c319c0f9444c837b7c6bf6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accepts", + "version": "1.3.8", + "bom-ref": "accepts@1.3.8", + "description": "Higher-level content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/accepts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/accepts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/accepts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accepts" + } + ] + }, + { + "type": "library", + "name": "mime-types", + "version": "2.1.35", + "bom-ref": "mime-types@2.1.35", + "description": "The ultimate javascript content-type utility.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-types.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-types#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-types/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-types" + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/negotiator" + } + ] + }, + { + "type": "library", + "name": "array-flatten", + "version": "1.1.1", + "bom-ref": "array-flatten@1.1.1", + "author": "Blake Embrey", + "description": "Flatten an array of nested arrays into a single flat array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/array-flatten.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-flatten" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "version": "1.20.2", + "bom-ref": "body-parser@1.20.2", + "description": "Node.js body parsing middleware", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/body-parser@1.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/body-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/body-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/body-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a5f6945e0aedcceb590696aa139b6ba64974e5453b864f1d1b7d88feb8850a298c9c1b936d49b79eb55ddf69253a47b6a338fc3483f2753ef2b8a8dcbbb396c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "body-parser@1.20.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "body-parser@1.20.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "bytes", + "version": "3.1.2", + "bom-ref": "bytes@3.1.2", + "author": "TJ Holowaychuk", + "description": "Utility to parse a string bytes to bytes and vice-versa", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/bytes.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bytes" + } + ] + }, + { + "type": "library", + "name": "depd", + "version": "2.0.0", + "bom-ref": "depd@2.0.0", + "author": "Douglas Christopher Wilson", + "description": "Deprecate all the things", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/depd@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/dougwilson/nodejs-depd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/depd" + } + ] + }, + { + "type": "library", + "name": "destroy", + "version": "1.2.0", + "bom-ref": "destroy@1.2.0", + "author": "Jonathan Ong", + "description": "destroy a stream if possible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/destroy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/destroy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/destroy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/destroy" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "version": "2.0.0", + "bom-ref": "http-errors@2.0.0", + "author": "Jonathan Ong", + "description": "Create HTTP error objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/http-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/http-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/http-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-errors" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.4.24", + "bom-ref": "iconv-lite@0.4.24", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/iconv-lite" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safer-buffer" + } + ] + }, + { + "type": "library", + "name": "on-finished", + "version": "2.4.1", + "bom-ref": "on-finished@2.4.1", + "description": "Execute a callback when a request closes, finishes, or errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/on-finished.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/on-finished#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/on-finished/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/on-finished" + } + ] + }, + { + "type": "library", + "name": "qs", + "version": "6.11.0", + "bom-ref": "qs@6.11.0", + "description": "A querystring parser that supports nesting and arrays, with a depth limit", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/qs@6.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/qs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/qs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/qs" + } + ] + }, + { + "type": "library", + "name": "raw-body", + "version": "2.5.2", + "bom-ref": "raw-body@2.5.2", + "author": "Jonathan Ong", + "description": "Get and validate the raw body of a readable stream.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/raw-body@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/raw-body.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/raw-body#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/raw-body/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f331aaca97c4363088a868605d3a02f1a076afb62b057f804007c83ecfcc964f81b4f4f3b4ebd34b4d4d456ff7121eb427e6b8f25b7caac0b38ab43a9680957c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/raw-body" + } + ] + }, + { + "type": "library", + "name": "unpipe", + "version": "1.0.0", + "bom-ref": "unpipe@1.0.0", + "author": "Douglas Christopher Wilson", + "description": "Unpipe a stream from all destinations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/unpipe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/unpipe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/unpipe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/unpipe" + } + ] + }, + { + "type": "library", + "name": "type-is", + "version": "1.6.18", + "bom-ref": "type-is@1.6.18", + "description": "Infer the content-type of a request.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/type-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/type-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/type-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-is" + } + ] + }, + { + "type": "library", + "name": "content-disposition", + "version": "0.5.4", + "bom-ref": "content-disposition@0.5.4", + "author": "Douglas Christopher Wilson", + "description": "Create and parse Content-Disposition header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-disposition.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-disposition#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-disposition/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-disposition" + } + ] + }, + { + "type": "library", + "name": "cookie-signature", + "version": "1.0.6", + "bom-ref": "cookie-signature@1.0.6", + "author": "TJ Holowaychuk", + "description": "Sign and unsign cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/node-cookie-signature.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie-signature" + } + ] + }, + { + "type": "library", + "name": "cookie", + "version": "0.6.0", + "bom-ref": "cookie@0.6.0", + "author": "Roman Shtylman", + "description": "HTTP server cookie parsing and serialization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bd5cc936a6ba1d4244d09fa4663ab68dbc971bcdc0f1b81aecff1158e07f7266cefd2f943a756ad4fd792e5d0e33181ee7291db5a7b3a2f07f704acfab2f77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie" + } + ] + }, + { + "type": "library", + "name": "encodeurl", + "version": "1.0.2", + "bom-ref": "encodeurl@1.0.2", + "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/encodeurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/encodeurl" + } + ] + }, + { + "type": "library", + "name": "escape-html", + "version": "1.0.3", + "bom-ref": "escape-html@1.0.3", + "description": "Escape string for use in HTML", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/component/escape-html.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/escape-html#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/escape-html/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-html" + } + ] + }, + { + "type": "library", + "name": "etag", + "version": "1.8.1", + "bom-ref": "etag@1.8.1", + "description": "Create simple HTTP ETags", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/etag@1.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/etag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/etag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/etag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/etag" + } + ] + }, + { + "type": "library", + "name": "finalhandler", + "version": "1.2.0", + "bom-ref": "finalhandler@1.2.0", + "author": "Douglas Christopher Wilson", + "description": "Node.js final http responder", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/finalhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "finalhandler@1.2.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "finalhandler@1.2.0|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "parseurl", + "version": "1.3.3", + "bom-ref": "parseurl@1.3.3", + "description": "parse a url with memoization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/parseurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/parseurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/parseurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parseurl" + } + ] + }, + { + "type": "library", + "name": "statuses", + "version": "2.0.1", + "bom-ref": "statuses@2.0.1", + "description": "HTTP status utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/statuses.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/statuses#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/statuses/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/statuses" + } + ] + }, + { + "type": "library", + "name": "fresh", + "version": "0.5.2", + "bom-ref": "fresh@0.5.2", + "author": "TJ Holowaychuk", + "description": "HTTP response freshness testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fresh" + } + ] + }, + { + "type": "library", + "name": "setprototypeof", + "version": "1.2.0", + "bom-ref": "setprototypeof@1.2.0", + "author": "Wes Todd", + "description": "A small polyfill for Object.setprototypeof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/wesleytodd/setprototypeof.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setprototypeof" + } + ] + }, + { + "type": "library", + "name": "toidentifier", + "version": "1.0.1", + "bom-ref": "toidentifier@1.0.1", + "author": "Douglas Christopher Wilson", + "description": "Convert a string of words to a JavaScript identifier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/toidentifier.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/toidentifier#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/toidentifier/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/toidentifier" + } + ] + }, + { + "type": "library", + "name": "merge-descriptors", + "version": "1.0.1", + "bom-ref": "merge-descriptors@1.0.1", + "author": "Jonathan Ong", + "description": "Merge objects using descriptors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/merge-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/merge-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/merge-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-descriptors" + } + ] + }, + { + "type": "library", + "name": "methods", + "version": "1.1.2", + "bom-ref": "methods@1.1.2", + "description": "HTTP methods that node supports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/methods@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/methods.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/methods#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/methods/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/methods" + } + ] + }, + { + "type": "library", + "name": "ee-first", + "version": "1.1.1", + "bom-ref": "ee-first@1.1.1", + "author": "Jonathan Ong", + "description": "return the first event in a set of ee/event pairs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonathanong/ee-first.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonathanong/ee-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonathanong/ee-first/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ee-first" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "0.1.7", + "bom-ref": "path-to-regexp@0.1.7", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "externalReferences": [ + { + "url": "git+https://github.com/component/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-to-regexp" + } + ] + }, + { + "type": "library", + "name": "proxy-addr", + "version": "2.0.7", + "bom-ref": "proxy-addr@2.0.7", + "author": "Douglas Christopher Wilson", + "description": "Determine address of proxied request", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/proxy-addr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-addr" + } + ] + }, + { + "type": "library", + "name": "forwarded", + "version": "0.2.0", + "bom-ref": "forwarded@0.2.0", + "description": "Parse HTTP X-Forwarded-For header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/forwarded.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/forwarded#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/forwarded/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/forwarded" + } + ] + }, + { + "type": "library", + "name": "ipaddr.js", + "version": "1.9.1", + "bom-ref": "ipaddr.js@1.9.1", + "author": "whitequark", + "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "externalReferences": [ + { + "url": "git://github.com/whitequark/ipaddr.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ipaddr.js" + } + ] + }, + { + "type": "library", + "name": "side-channel", + "version": "1.0.6", + "bom-ref": "side-channel@1.0.6", + "author": "Jordan Harband", + "description": "Store information about any JS value in a side channel. Uses WeakMap if available.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/side-channel@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/side-channel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/side-channel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/side-channel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c35bf119e90f5188ef1e146f078feeeefe85be5eb3d320287008e336fad87603a39b943b58608a6f7bd9be2af23d6780bda9211795a191e9b4c460745eba094" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/side-channel" + } + ] + }, + { + "type": "library", + "name": "call-bind", + "version": "1.0.7", + "bom-ref": "call-bind@1.0.7", + "author": "Jordan Harband", + "description": "Robustly `.call.bind()` a function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/call-bind@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/call-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/call-bind#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/call-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1874d2352608090eec707eec67e336ac5a294682e1f2dd9b2d25ba05b82bb4bb1a84e201e62c805497fd1a358addc6130da323e17741a4cd5c03aa484b42afdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/call-bind" + } + ] + }, + { + "type": "library", + "name": "es-define-property", + "version": "1.0.0", + "bom-ref": "es-define-property@1.0.0", + "author": "Jordan Harband", + "description": "`Object.defineProperty`, but not IE 8's broken one.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-define-property@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-define-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-define-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-define-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f16b22ca4a1ac4aaacc9d1eba641b5614d840cdbb09f4f54f7e7e8028031682fcd892ec5ea4c9efacefe80d182ce8049cb50cbcbcec0ec188ae5f0d1694f681" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-define-property" + } + ] + }, + { + "type": "library", + "name": "get-intrinsic", + "version": "1.2.4", + "bom-ref": "get-intrinsic@1.2.4", + "author": "Jordan Harband", + "description": "Get and robustly cache all JS language-level intrinsics at first require time", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/get-intrinsic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e621b091fc549053bfba2c960e01ce7258843a1123ac1a602c4c9827674eb702ac703f7c214aa13173d8928a1341dd0c5505effa10ba1cee99724aee968145" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-intrinsic" + } + ] + }, + { + "type": "library", + "name": "es-errors", + "version": "1.3.0", + "bom-ref": "es-errors@1.3.0", + "author": "Jordan Harband", + "description": "A simple cache for a few of the JS Error constructors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-errors@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65fe47d8ac6ddb18d3bdb26f3f66562c4202c40ea3fa1026333225ca9cb8c5c060d6f2959f1f3d5b2d066d2fa47f9730095145cdd0858765d20853542d2e9cb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-errors" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/function-bind" + } + ] + }, + { + "type": "library", + "name": "set-function-length", + "version": "1.2.2", + "bom-ref": "set-function-length@1.2.2", + "author": "Jordan Harband", + "description": "Set a function's length property", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/set-function-length@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/set-function-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/set-function-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/set-function-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6045ce21278fec363582492f409a74b8d31ddb34c0d39271e02f951a3014ccc899d4f741205a1d51cfe302f5e16ee01b8dfd4c198ca42e63fd6fdeb33b1cc7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/set-function-length" + } + ] + }, + { + "type": "library", + "name": "define-data-property", + "version": "1.1.4", + "bom-ref": "define-data-property@1.1.4", + "author": "Jordan Harband", + "description": "Define a data property on an object. Will fall back to assignment in an engine without descriptors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-data-property@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/define-data-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/define-data-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/define-data-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac132f23396903cbfa13e489668a3ef87018aac2eb920ecc49f2229cc3c5866928af0ed7f9d39754942cf904faf731a4cccc9f0e720c3765a2775f8d6cbdd3f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-data-property" + } + ] + }, + { + "type": "library", + "name": "gopd", + "version": "1.0.1", + "bom-ref": "gopd@1.0.1", + "author": "Jordan Harband", + "description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/gopd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/gopd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/gopd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gopd" + } + ] + }, + { + "type": "library", + "name": "has-property-descriptors", + "version": "1.0.2", + "bom-ref": "has-property-descriptors@1.0.2", + "author": "Jordan Harband", + "description": "Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-property-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7924d2ae216fafab829ed418ce4e333661cb5022f093ec61731f099f64f1a8e709eb82489dd1842d9c095e152aae9999b86b3de7d814be7ab6f2e62a49760ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-property-descriptors" + } + ] + }, + { + "type": "library", + "name": "has-proto", + "version": "1.0.3", + "bom-ref": "has-proto@1.0.3", + "author": "Jordan Harband", + "description": "Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-proto@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-proto.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-proto#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-proto/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "489d5a999009522652f8f86c54b7f9b46c9d95a541f04745a5a48ee209a250a50ec64f2ace7e40232e19789526876db39c8764fee300513da9977171cd5507f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-proto" + } + ] + }, + { + "type": "library", + "name": "has-symbols", + "version": "1.0.3", + "bom-ref": "has-symbols@1.0.3", + "author": "Jordan Harband", + "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/has-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/has-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/has-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-symbols" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21254f5208fbe633320175916a34f5d66ba76a87b59d1f470823dcbe0b24bcac6de72f8f01725adaf4798a8555541f23d6347e58ef10f0001edb7e04a391431" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hasown" + } + ] + }, + { + "type": "library", + "name": "object-inspect", + "version": "1.13.1", + "bom-ref": "object-inspect@1.13.1", + "author": "James Halliday", + "description": "string representations of objects in node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/object-inspect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-inspect" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "version": "1.2.1", + "bom-ref": "range-parser@1.2.1", + "author": "TJ Holowaychuk", + "description": "Range header field string parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/range-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/range-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/range-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "version": "0.18.0", + "bom-ref": "send@0.18.0", + "author": "TJ Holowaychuk", + "description": "Better streaming static file server with Range and conditional-GET support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/send@0.18.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/send.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/send#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/send/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "send@0.18.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "send@0.18.0|debug@2.6.9|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug/node_modules/ms" + } + ] + } + ] + } + ] + }, + { + "type": "library", + "name": "mime", + "version": "1.6.0", + "bom-ref": "mime@1.6.0", + "author": "Robert Kieffer", + "description": "A comprehensive library for mime-type mapping", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-mime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-mime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-mime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "version": "1.15.0", + "bom-ref": "serve-static@1.15.0", + "author": "Douglas Christopher Wilson", + "description": "Serve static files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/serve-static.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/serve-static#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/serve-static/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serve-static" + } + ] + }, + { + "type": "library", + "name": "media-typer", + "version": "0.3.0", + "bom-ref": "media-typer@0.3.0", + "author": "Douglas Christopher Wilson", + "description": "Simple RFC 6838 media type parser and formatter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/media-typer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/media-typer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/media-typer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/media-typer" + } + ] + }, + { + "type": "library", + "name": "utils-merge", + "version": "1.0.1", + "bom-ref": "utils-merge@1.0.1", + "author": "Jared Hanson", + "description": "merge() utility function", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "http://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/jaredhanson/utils-merge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredhanson/utils-merge#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/jaredhanson/utils-merge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/utils-merge" + } + ] + }, + { + "type": "library", + "name": "vary", + "version": "1.1.2", + "bom-ref": "vary@1.1.2", + "author": "Douglas Christopher Wilson", + "description": "Manipulate the HTTP Vary header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/vary@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/vary.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/vary#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/vary/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/vary" + } + ] + }, + { + "type": "library", + "name": "asynckit", + "version": "0.4.0", + "bom-ref": "asynckit@0.4.0", + "author": "Alex Indigo", + "description": "Minimal async jobs utility library, with streams support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/asynckit@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexindigo/asynckit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexindigo/asynckit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexindigo/asynckit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39e8bd387e2d461d18a94dc6c615fbf5d33f9b0560bdb64969235a464f9bb21923d12e5c7c772061a92b7818eb1f06ad5ca6f3f88a087582f1aca8a6d8c8d6d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/asynckit" + } + ] + }, + { + "type": "library", + "name": "combined-stream", + "version": "1.0.8", + "bom-ref": "combined-stream@1.0.8", + "author": "Felix Geisendörfer", + "description": "A stream that emits multiple other streams one after another.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/combined-stream@1.0.8", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-combined-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/combined-stream" + } + ] + }, + { + "type": "library", + "name": "delayed-stream", + "version": "1.0.0", + "bom-ref": "delayed-stream@1.0.0", + "author": "Felix Geisendörfer", + "description": "Buffers events from a stream until you are ready to handle them.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/delayed-stream@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-delayed-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "672483ecd7fdd5a2c1d11c4be0a1ab28705797b11db350c098475ca156b05e72c3ed20e1a4d82db88236680920edaed04b8d63c4f499d7ba7855d1a730793731" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/delayed-stream" + } + ] + }, + { + "type": "library", + "name": "mime-db", + "version": "1.52.0", + "bom-ref": "mime-db@1.52.0", + "description": "Media Type Database", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-db" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "11.2.0", + "bom-ref": "fs-extra@11.2.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@11.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e60e2deec0ae6716e5e1ed70d39559d2d7bc494bbbd6dfa8acdbec37c5cbfc495c620783720137f872d9156396e44a35f46389dbbd90aad7f123b44cabf64b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "6.1.0", + "bom-ref": "jsonfile@6.1.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@6.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5d8277563ab8984a6e5c9d86893616a52cd0ca3aa170c8307faebd44f59b067221af28fb3c476c5818269cb9fdf3e8ad58283cf5f367ddf9f637727de932a5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsonfile" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "2.0.1", + "bom-ref": "universalify@2.0.1", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "829b4735082120d9dcfef4c6224d12385185357c3b255ae5454b42a2725196f6b0e83b97d303b925e928f6c5ab301861f8fb18019ee85c088e9dffd42a88328b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/universalify" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "version": "4.0.8", + "bom-ref": "get-installed-path@4.0.8", + "author": "Charlike Mike Reagent", + "description": "Get installation path where the given package is installed. Works for globally and locally installed packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-installed-path@4.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/tunnckoCore/get-installed-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-installed-path/-/get-installed-path-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e600d2b5c449481e51c7dad5df3a84e74835235f55f71af28ae99c8b6d49d20829f5a400f0bbaede556b6db8fcc95ab5c30d3d8c7ceeae01a2882ce15f8ad98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "global-modules", + "version": "1.0.0", + "bom-ref": "global-modules@1.0.0", + "author": "Jon Schlinkert", + "description": "The directory used by npm for globally installed npm modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-modules@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0ace91247f5d46a4e16ec346738f39ade01e146708ce706ef9ecf3efadf87170b15bab4c29b20a4eab1a71b71162086e03b46f7733a5d155b176a0675ebfb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-modules" + } + ] + }, + { + "type": "library", + "name": "global-prefix", + "version": "1.0.2", + "bom-ref": "global-prefix@1.0.2", + "author": "Jon Schlinkert", + "description": "Get the npm global path prefix.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-prefix@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-prefix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65b31d4d5031ed4a37e0d1e1e5998bd92aff3f9d5a97e1c9056ccf85ac6710fb4e0a59c585a3d3f93313d9612cd4bf2ce67536c8ec48b1f10e086c42c3ab32a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix" + } + ], + "components": [ + { + "type": "library", + "name": "which", + "version": "1.3.1", + "bom-ref": "global-prefix@1.0.2|which@1.3.1", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix/node_modules/which" + } + ] + } + ] + }, + { + "type": "library", + "name": "expand-tilde", + "version": "2.0.2", + "bom-ref": "expand-tilde@2.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or `~+` to the cwd.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expand-tilde@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/expand-tilde.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0391267ac1d6eab7e767dcac1d08cf7494678b44916abd2d8ed1b930db66f67e5352fb1853ca28ce9aed443e00a87c5c6565a556e026428da758a7cdf68ca34f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expand-tilde" + } + ] + }, + { + "type": "library", + "name": "homedir-polyfill", + "version": "1.0.3", + "bom-ref": "homedir-polyfill@1.0.3", + "author": "Brian Woodward", + "description": "Node.js os.homedir polyfill for older versions of node.js.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/homedir-polyfill@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/homedir-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7929a6584e5b6532b6368bb8834008df367daecc29ec644aa0a5d2d412d492f3ef88eaace184cdd5d8d022aad7cbd939804b5d2cfcbce898d1c2c34cf6d9c370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/homedir-polyfill" + } + ] + }, + { + "type": "library", + "name": "parse-passwd", + "version": "1.0.0", + "bom-ref": "parse-passwd@1.0.0", + "author": "Brian Woodward", + "description": "Parse a passwd file into a list of users.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-passwd@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/parse-passwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/parse-passwd", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/parse-passwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58d40fff4145c464aed82b3fab0fd5b275c135f84b8fafa64180a79c001f2d9a85ba505bf435111525ed69fa3471b5386471b6ca91fc086d625efc8784ea6d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-passwd" + } + ] + }, + { + "type": "library", + "name": "is-windows", + "version": "1.0.2", + "bom-ref": "is-windows@1.0.2", + "author": "Jon Schlinkert", + "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-windows@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-windows.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-windows" + } + ] + }, + { + "type": "library", + "name": "resolve-dir", + "version": "1.0.1", + "bom-ref": "resolve-dir@1.0.1", + "author": "Jon Schlinkert", + "description": "Resolve a directory that is either local, global or in the user's home directory.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-dir@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/resolve-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bba24e3102cef3ac5927dd33440a14d05515c2b6eda1ce53076f2b9dc1716f33aa719d629d056e3f36732e78fb60383f6b45336d89e6445f7b547e94cff5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-dir" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "5.0.3", + "bom-ref": "domhandler@5.0.3", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@5.0.3", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "720c25bffd621508859d4f7a5d78113a1f314de7adb272620ec4dced36022c577dfbf58d908a8f4f188cffca5277c548ae15c64dfd4dcb5ab586ab95a83241e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "3.1.0", + "bom-ref": "domutils@3.1.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@3.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fbf2e32642d23602180326359e4261f0249d9b2cf0f718c98eed98dafd9661f38c249bee2eb7e2149d47516bcb82197f3c0e2571d63e8545ed577f11208c464" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "2.0.0", + "bom-ref": "dom-serializer@2.0.0", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-serializer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c08900af28aab7f9d5e4440aa90a68dd24e848e57d2740e76c9ab02bb5affd3adcf76cc801867816532ef893c55b50df185b7cd594c21a00c469b7df5de2f226" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "4.5.0", + "bom-ref": "entities@4.5.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease & speed", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@4.5.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5748631f87463e1f40a39a74328458e8156ab700a3873eaf2392d3f00279e47fb883dff8bdb1f1d48e787d2d17b9c94b8431c0acf40288c8c3c6368bf1f3f187" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "https", + "version": "1.0.0", + "bom-ref": "https@1.0.0", + "author": "hardus van der berg", + "description": "https mediation", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/https@1.0.0", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/https/-/https-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e040b9edd757ae4685d31f373a3f2c33a48b4070165f0f744a4aaed8ce0011610d677174d9d14913f180440f2280eefdb5c818a86ac3eda7b87f92f7ba6da582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/https" + } + ] + }, + { + "type": "library", + "name": "inquirer-file-tree-selection-prompt", + "version": "2.0.2", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2", + "author": "anc95", + "description": "inquerer file tree selection prompt", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inquirer-file-tree-selection-prompt@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/anc95/inquirer-file-tree-selection.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer-file-tree-selection-prompt/-/inquirer-file-tree-selection-prompt-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae56d0ec1ca4819fdf9aded259cdac681072b8cb10ad487e8aa9f2e1a32868bab6e426354ed643a7171a3bea0407335e5410fbe7d7789936884877e74a75414b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt" + } + ], + "components": [ + { + "type": "library", + "name": "rxjs", + "version": "7.8.1", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@7.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://rxjs.dev", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "000dd3563fb40368ae2284245842bfb6a16306ada3fba3cee98d3325cbf32c016110520edc72f4be5b3d8562e77196c001b2b499aafba19e15d3bf48fea3ccc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt/node_modules/rxjs" + } + ] + } + ] + }, + { + "type": "library", + "name": "cli-cursor", + "version": "3.1.0", + "bom-ref": "cli-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Toggle the CLI cursor", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23fcc7030b0a7fd16a1a85cce16591002a1bf7e48dba465377de03585e7b138b68a2e46e95b0b171487a44a5043909584c7267ce43ccc92bcf35a6922cd7cb67" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-cursor" + } + ] + }, + { + "type": "library", + "name": "restore-cursor", + "version": "3.1.0", + "bom-ref": "restore-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Gracefully restore the CLI cursor on exit", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/restore-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/restore-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97eb1279fcc7a63e6a8a6845484e5af27b9f65800cdec05254c00fb589260bee041f66a7486684317483d22cd141bbbd9dfc90f72e49ad59a9ec4f2866b523bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/restore-cursor" + } + ] + }, + { + "type": "library", + "name": "onetime", + "version": "5.1.2", + "bom-ref": "onetime@5.1.2", + "author": "Sindre Sorhus", + "description": "Ensure a function is only called once", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/onetime@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/onetime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/onetime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/onetime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91ba5a4921894d674063928f55e30e2974ab3edafc0bc0bbc287496dcb1de758d19e60fe199bbc63456853a0e6e59e2f5abd0883fd4d2ae59129fee3e5a6984a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/onetime" + } + ] + }, + { + "type": "library", + "name": "mimic-fn", + "version": "2.1.0", + "bom-ref": "mimic-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Make a function mimic another one", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-fn" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "3.0.7", + "bom-ref": "signal-exit@3.0.7", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@3.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c270f6644fa5f923c2feea12d2f5de13d2f5fb4c2e68ca8a95fcfd00c528dfc26cc8b48159215c1d1d51ae2eb62d9735daf2ebd606f78e5ee2c10860c2901b19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "figures", + "version": "3.2.0", + "bom-ref": "figures@3.2.0", + "author": "Sindre Sorhus", + "description": "Unicode symbols with Windows CMD fallbacks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/figures@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/figures.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/figures#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/figures/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c9a76e40544a2d760e1a0127e8065abbdd23de08123b28aa5d4d05f4965f79762135af899385feb38e40db38398e7b3cec60056b7e01066da45f0e17a4d71b76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "figures@3.2.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures/node_modules/escape-string-regexp" + } + ] + } + ] + }, + { + "type": "library", + "name": "inquirer", + "version": "8.0.0", + "bom-ref": "inquirer@8.0.0", + "author": "Simon Boudrias", + "description": "A collection of common interactive command line user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/inquirer@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer/-/inquirer-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38df291093cf09dca3c63f9cc6c6117ba5df0897a94f100d74d9d379bb13b90817a51c994514fdb78749c2346e6e09af9f6d022d2127a334546b25f233d5535c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "3.0.0", + "bom-ref": "cli-width@3.0.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "171aa990f3f0bb51e3b8df773a67e6e21f2e21a9d7a1f5b44715445b793944ac7e9892584ad873361a77d8acf1c72dd800467f0dcfc458dd6f651634fa43a16f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-width" + } + ] + }, + { + "type": "library", + "name": "external-editor", + "version": "3.1.0", + "bom-ref": "external-editor@3.1.0", + "author": "Kevin Gravier", + "description": "Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/external-editor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mrkmg/node-external-editor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84c438097d69d62ce6b8b63266a2cc3bfa86370d74c12bfd40308f7f35dfc85ace682492a117ea13529fd6ce5a9fae89e49642eb635ec06fa62b8f63382b507b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor" + } + ], + "components": [ + { + "type": "library", + "name": "tmp", + "version": "0.0.33", + "bom-ref": "external-editor@3.1.0|tmp@0.0.33", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.0.33", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor/node_modules/tmp" + } + ] + } + ] + }, + { + "type": "library", + "name": "chardet", + "version": "0.7.0", + "bom-ref": "chardet@0.7.0", + "author": "Dmitry Shirokov", + "description": "Character detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chardet@0.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/runk/node-chardet.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/runk/node-chardet", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/runk/node-chardet/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "993f220dcae1d37a83191466a00da1981267c69965311fb4ff4aa5ce3a99112e8d762583719902340938acf159f50f39af6eee9e488d360f193a2c195c11f070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chardet" + } + ] + }, + { + "type": "library", + "name": "os-tmpdir", + "version": "1.0.2", + "bom-ref": "os-tmpdir@1.0.2", + "author": "Sindre Sorhus", + "description": "Node.js os.tmpdir() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-tmpdir@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/os-tmpdir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f6151d37562afb148bb8e57058db49936fefd9496074d2c8d4f637505edf37803ac8e19b73e45b3bff2cbbe20d8de52550638c58d6a0ebe2b35d770611557d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/os-tmpdir" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "0.0.8", + "bom-ref": "mute-stream@0.0.8", + "author": "Isaac Z. Schlueter", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@0.0.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e76d658e9285b252c4e32ab8600f475ccf6da67644a7a58a9b123226da787086ec654a4a72c09981a3c87466a25d929ef799bf744acb0790de2bb1168101f00" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mute-stream" + } + ] + }, + { + "type": "library", + "name": "run-async", + "version": "2.4.1", + "bom-ref": "run-async@2.4.1", + "author": "Simon Boudrias", + "description": "Utility method to run function either synchronously or asynchronously using the common `this.async()` style.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-async@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/run-async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/run-async#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/run-async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6f56756fd356fc73546b03a129ec9912b63f391aebff62b31cc2a6109f08ec012d9c4e698f181063023a425bb46b4a874d4a8136fea83d3b86dc78dbd4b8381" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-async" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "6.6.7", + "bom-ref": "rxjs@6.6.7", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@6.6.7", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "853770afeef260d213e67e00318a7ce4a03acb0d956b414b6b7460baf6e96b85b7239c729da059a38d5c3375ccfb843a7d1323dec058211d5502664c5d826f45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "rxjs@6.6.7|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "through", + "version": "2.3.8", + "bom-ref": "through@2.3.8", + "author": "Dominic Tarr", + "description": "simplified stream construction", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through@2.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/through.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/through", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/through/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3cf6a83b3c8f3001dbd7eb46cc0cff9b1680f90ef866f682e1785a793b86b6405d1c4811ac057e2a66669d3ccbd5aa52c9041722f96a8618e00fbdc0de35256" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "29.7.0", + "bom-ref": "jest-mock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@29.7.0#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21338c667f949184b864587cdf16003b3592b65a0dcc914edacf035ab138961b460fe028ae09db92228445ee3041507274818fc74e7d83aae25b906da7a2e59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "group": "@types", + "version": "3.0.3", + "bom-ref": "@types/istanbul-lib-report@3.0.3", + "description": "TypeScript definitions for istanbul-lib-report", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.3#types/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-report", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3509fb00742793f4522cec6b05b1b224cfda550fa98e3e470a06ac1717342bf2a1a004df43fe3b032525d79236c815298a18e66acf9af952413aa79cac51feb8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "group": "@types", + "version": "21.0.3", + "bom-ref": "@types/yargs-parser@21.0.3", + "description": "TypeScript definitions for yargs-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs-parser@21.0.3#types/yargs-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "238abd414f4c42fe2810ecf8b401c9b4dcf5730b8bc67d85df171cda257959da8b3e95278f7d1a52ec6dd660316131bea1ef0264c57ffbaad4e12e20443ceab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "29.7.0", + "bom-ref": "jest@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@29.7.0#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348cb7a00169f6c85d6b5f61cb81cad0745358ab4f26619d9efcb0bb4d673aa342daf660f99f9fbc90f1a4c400f3c79bd88f4471a7dc763620b03b619d84ef1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/core@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@29.7.0#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fb69e5d628c9c6b43038f32f132d624f2662e6999eb8d827a8efc718584a620fb1730e098d0d5fc6095468acf0017572c967ff70cf38190251e35e3c431c6b2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@jest/core@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core/node_modules/ci-info" + } + ] + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/console@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@29.7.0#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e4d8b8094ed71d08b7d88277f7c1043f846b07c795d3db173f644ea83e1b92c1eb9d3ade7b9d8fb31bd7f2da4bf0bbd3677a45cd7c8f6cd411792378d420213a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/reporters@29.7.0", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@29.7.0#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c0a6ad0a25b24e1330056231c00cd371004dca6e1c50075cb92a995be566aac3acd56ee59ab529cc8c4e60b3c1548043e636c9d90373425a5f4d1b489ad383e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-result@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@29.7.0#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15dc7eb6feb1d7396424f7165e6303006d87067691f573d277968359056c7eb6662d54f7954d5cc32c4b81199747dcabab8341a049bd04cb1f805cd34006c960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/transform@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@29.7.0#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24fc14cf17314a54cc0ee5e38746bbe70551dd472f48aecad6d46a4c690f4c0a78a534b5d02a6017f2cd585c315a6a2f7126969cdb24b357461e451102af657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "fs.realpath", + "version": "1.0.0", + "bom-ref": "fs.realpath@1.0.0", + "author": "Isaac Z. Schlueter", + "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs.realpath@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/fs.realpath.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38ed291f694ae9ad2166701d6aee48b731cf23aa5496f23b8cc567c54411b70e28c05db093c94e49a6ed1830933f81a0ae0d8c6c69d63bd5fc2b5b78f9f18c0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs.realpath" + } + ] + }, + { + "type": "library", + "name": "inflight", + "version": "1.0.6", + "bom-ref": "inflight@1.0.6", + "author": "Isaac Z. Schlueter", + "description": "Add callbacks to requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inflight@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/npm/inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inflight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93dd88fdbd3cab8c2f16c71708bbea7ec1c2ae3ac5ef2897b10b8856f544ecdf365b7f9aaa9cee51d05b7e159ccbf159477ff82207e532028b3acbcf0eb18224" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inflight" + } + ] + }, + { + "type": "library", + "name": "path-is-absolute", + "version": "1.0.1", + "bom-ref": "path-is-absolute@1.0.1", + "author": "Sindre Sorhus", + "description": "Node.js 0.12 path.isAbsolute() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-is-absolute@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-is-absolute.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0156f0dd42767bd6eaeb8bd2692f409b47e37b53daf296c6a934ec9977da2223299ebe4394385f24eb8b8fd49ff7964f5430147ab0df124f3c30f98f7bb50242" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-is-absolute" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "6.0.2", + "bom-ref": "istanbul-lib-instrument@6.0.2", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@6.0.2#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5652c67d475940d07b414a8853926dfd5933e534a489e62164ed4c2a5e404ba07413fa17ea3ec7ec4c356e65d286681c27edd8a7f5b4bb4ac9e802bf78de1bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "make-dir", + "version": "4.0.0", + "bom-ref": "make-dir@4.0.0", + "author": "Sindre Sorhus", + "description": "Make a directory and its parents if needed - Think `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/make-dir@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/make-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8577544d960854eb75131fff8c0422fb04d9669529c018ffd10b0ecea7a06f7ac630c78989212ee712c79d87c1ad1578447dbe38248e3bde48b3fef1d562786f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-dir" + } + ] + }, + { + "type": "library", + "name": "source-map", + "version": "0.6.1", + "bom-ref": "source-map@0.6.1", + "author": "Nick Fitzgerald", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map@0.6.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mozilla/source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mozilla/source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mozilla/source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map" + } + ] + }, + { + "type": "library", + "name": "html-escaper", + "version": "2.0.2", + "bom-ref": "html-escaper@2.0.2", + "author": "Andrea Giammarchi", + "description": "fast and safe way to escape and unescape &<>'\" chars", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-escaper@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/html-escaper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-escaper" + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "29.7.0", + "bom-ref": "jest-worker@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@29.7.0#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "788cf69ac2ff1332fd5054c5171ee305391e65f92ed32500c99659989f771f64d8122ae8231d8f42311773062d625f335c2c5bf8f02603684b22dffa64490f1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "char-regex", + "version": "1.0.2", + "bom-ref": "char-regex@1.0.2", + "author": "Richie Bendall", + "description": "A regex to match any full character, considering weird character ranges.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/char-regex@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/Richienb/char-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Richienb/char-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Richienb/char-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "916597cedbd9e5205057e79180a15e87cab9b0bb99636fbc5942339715954e0fa81b0635e2aca5c7529b2b31ddf0fe99624020d31c880d4f4930787224c6758f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/char-regex" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "2.0.0", + "bom-ref": "convert-source-map@2.0.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afa78e7d1eb576144275080b22d4abbe318de46ac1f5f53172913cf6c5698c7aae9b936354dd75ef7c9f90eb59b4c64b56c2dfb51d261fdc966c4e6b3769126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "29.7.0", + "bom-ref": "jest-changed-files@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@29.7.0#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c402b162c1fd41a50fb86d74a9adc0dcdffc781d2ccbe1a976b68cf05690c5a6cc402e32d87728882b87b9573eba1902486d727cdbedf93edcaca1fa6d357db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "get-stream", + "version": "6.0.1", + "bom-ref": "get-stream@6.0.1", + "author": "Sindre Sorhus", + "description": "Get a stream as a string, buffer, or array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stream@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6ce968beda3de3423aa2ef4c3902537c0c59e44b00be32a9b113374400b076a976585775ff6f50937e03cb18934c7805b174f7d4f053b59acdcd51f68708f62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stream" + } + ] + }, + { + "type": "library", + "name": "human-signals", + "version": "2.1.0", + "bom-ref": "human-signals@2.1.0", + "author": "ehmicky", + "description": "Human-friendly process signals", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/human-signals@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/ehmicky/human-signals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://git.io/JeluP", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ehmicky/human-signals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07814567aabf4f68e1864b2091b116dc706f5887c35bce6c9e44206b0b74ed2ec9e505d393a064355fb4c80799acce50a4c01d625a1c1a89639f4b09fd642417" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/human-signals" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "4.0.1", + "bom-ref": "npm-run-path@4.0.1", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm-run-path" + } + ] + }, + { + "type": "library", + "name": "strip-final-newline", + "version": "2.0.0", + "bom-ref": "strip-final-newline@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip the final newline character from a string/buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-final-newline@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-final-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-final-newline" + } + ] + }, + { + "type": "library", + "name": "yocto-queue", + "version": "0.1.0", + "bom-ref": "yocto-queue@0.1.0", + "author": "Sindre Sorhus", + "description": "Tiny queue data structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yocto-queue@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yocto-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad592cbec9cd09d27fa2119ceb180fc3237c7a1782c6c88b33c9b1b84fedfe6395a897b03ee3b59a22e94c74224604ca08b7b12f831e00555a82db3b1e6359d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yocto-queue" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "29.7.0", + "bom-ref": "jest-config@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@29.7.0#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b976e97de43b47a4d906a237fd3c42538ab8b6d937bb43c9782f84d336df4a84a3aba6c9edbb813f1cd03cbd227eb918e0336ee0951d9342269415188bce3479" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-config@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config/node_modules/ci-info" + } + ] + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-sequencer@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@29.7.0#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190c09e56655aca9ce26e898880179d94354257813671d4d1e3152101d2a10c99264a02474ca08cf0fc28fac7a345e00bd5db7014a83a45cd090dfde602613c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "29.7.0", + "bom-ref": "jest-haste-map@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@29.7.0#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cff2eda9c9fab1d0ad6b1a7d51f69c84d3f2939fe1bb3f192d5a274e053a853cb617d1bf64b1a3059212b9beb4b70d5ba7d3da5c90b765c7dd10b61956ec098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "29.7.0", + "bom-ref": "babel-jest@29.7.0", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@29.7.0#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06bbc6637c594b011c0b32af2ac0a2d86807a83aac62438fe3f6f2e710a023019743120487ef1ec37826ac4d72ed7451e8b1d9223eb22d89d48bf9a6d8a5ca06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "29.7.0", + "bom-ref": "jest-circus@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@29.7.0#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc4d6708c822a5c4e40a8705c0cf745d741a6fd6d2f8632c8dda663eb95e95ac700fddc077c8951235ffbef1cf74b3e715ff8be34bbee7e8aeb51740d4df66cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/environment@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@29.7.0#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69021f1c3ab7dc4c6c3788cfd4d5865e1c6043fc22c6ceb480388a3be5d531df0c9f43563d681cdf86500d36f68ca694590eccbb0a22b5702c3765d55cd32903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@29.7.0#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e31e00cc9cb6da6f6b73f59411c1f157224bd5745c0af71b298fa62a5dc905db05cba190b40e49ef04fe9f7647201d4e84ba643d6d1645fe0a486810213475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "29.7.0", + "bom-ref": "jest-snapshot@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@29.7.0#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "466d01316b7105c8a81ebd7f397e5808ff14a2fe2b887bca3e49ce1acf34e1983d2466609880646ed971242ffb6789ac29855b209b5f53eb4a6fcc6560d7dd93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "1.5.3", + "bom-ref": "dedent@1.5.3", + "author": "Desmond Brand", + "description": "A string tag that strips indentation from multi-line strings. ⬅️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@1.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34742d7ce396ebc583f25832a5b2c0e684fe06dd315c986262fa11e929a635765fa733865f074a5a67301bc37b3f0555595dde17febc9e60fd05a252b13061c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "29.7.0", + "bom-ref": "jest-each@29.7.0", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@29.7.0#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "827b3e12bd78f99ac4a02e5f84e7d8098d4b3871ebd1323ead0507652f13b70da5ee097ef3478773f8057f62ad930d3e4880020d3796be915cbf7074e157a66d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "29.7.0", + "bom-ref": "jest-runtime@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@29.7.0#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8149cb8e0c1d1aa5bb0782ef38891b2acf5619b9fe40ba91410f63b82e879dd78389ecc8c210cffa684cc0758211c7d0e515176ba38f9c517c049879c5e830c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "pure-rand", + "version": "6.1.0", + "bom-ref": "pure-rand@6.1.0", + "author": "Nicolas DUBIEN", + "description": " Pure random number generator written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pure-rand@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/dubzzz/pure-rand.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d559ac2fa19a01629a7ac88a10b505c76639b3df94525479d439379f97c55c8ebf2c9d33d8d709e948f3167a4705c1bc48ea0b664fbad260f16fcfbd6576238" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pure-rand" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "29.7.0", + "bom-ref": "jest-environment-node@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@29.7.0#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ce4b0091a978ab4ceca178cfb87796193ab59c76ed0b359f3b7b0528cb06dc6f65d1e302a0aa21bcbcd798c218c531b1247e3bbbc31d86607d0fda07af1af17" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/fake-timers@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@29.7.0#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab80c7d476b84d314f7712eca835cad5ddfe8a848bef22f9a023096600d89ba8bee82ca05b9139c55aff0f51ddb06c63b7565649f500b3d3b1481fc135e956ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "29.6.3", + "bom-ref": "jest-regex-util@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@29.6.3#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "289241b110b2c8b35608d04ebd9c910e70087d489127cbfe84e0506069fc803c85dd47a0c223f8830451dff4836b8da0d586d5c9c4e2754177aca8f22c50d66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "29.7.0", + "bom-ref": "jest-resolve@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@29.7.0#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20e561652ae0f94bd502c843483b47c8508205497f43700026ff2267a6639d9ef8c73bf0bb32d789df482083e04e763ad922637eeba930a66c65046c0afc4480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "29.7.0", + "bom-ref": "jest-runner@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@29.7.0#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ec73837a70f0806a1c9b1817d345cab9c0547a7e92f39cc838eec639683a6ca1e8ce7156056f4ec01ee4a747496231c3d3801b00dd924bea414e8cf768362a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "29.7.0", + "bom-ref": "jest-validate@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@29.7.0#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "641ef01ea691195c3ff61493fceb85511786eccf2f29eab4fc9d9e80818b76f8c70a662a180461cd79ad822fa055e679b97145db5f5a39cdcbb36c8b836eed93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate" + } + ], + "components": [ + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "jest-validate@29.7.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate/node_modules/camelcase" + } + ] + } + ] + }, + { + "type": "library", + "name": "bser", + "version": "2.1.1", + "bom-ref": "bser@2.1.1", + "author": "Wez Furlong", + "description": "JavaScript implementation of the BSER Binary Serialization", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/bser@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/docs/bser.html", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bser" + } + ] + }, + { + "type": "library", + "name": "node-int64", + "version": "0.4.0", + "bom-ref": "node-int64@0.4.0", + "author": "Robert Kieffer", + "description": "Support for representing 64-bit integers in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-int64@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-int64.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-int64#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-int64/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b9973f75c5239ea173fa0ee9721df965a6af84834d0c5a2b5921bb4f7e8484bea207765e607dc63a858cc35a78f4a83e6dcf9d8f234f2ef6a52f49579405e1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-int64" + } + ] + }, + { + "type": "library", + "name": "makeerror", + "version": "1.0.12", + "bom-ref": "makeerror@1.0.12", + "author": "Naitik Shah", + "description": "A library to make errors.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/makeerror@1.0.12", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-makeerror.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "266a82bd4866b78de669d9691731b8050cc6d99de6eadbd00cd29d0a56673b755b22e749626c6c4f414d24c7a2076f894d295341349b53c41d7ac566c097262e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/makeerror" + } + ] + }, + { + "type": "library", + "name": "tmpl", + "version": "1.0.5", + "bom-ref": "tmpl@1.0.5", + "author": "Naitik Shah", + "description": "JavaScript micro templates.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/tmpl@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-tmpl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddfd2e384010c08a86b965b6315cd883c7d5fd036773f229b89346f37eeb2ee73301a2d51ec9561d9423e081a2125e47b379246e1c0bf406fb1ebb26ba3f929b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmpl" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "29.7.0", + "bom-ref": "jest-resolve-dependencies@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@29.7.0#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d330ffeaac49f92d1eb7b5b1788dc7e5749ef654c1051edb3870875e4291ea5b86e66c030e5233550d15e5c642ba84e011d71dc334e085891359fb9b8be9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "2.0.2", + "bom-ref": "resolve.exports@2.0.2", + "author": "Luke Edwards", + "description": "A tiny (952b), correct, general-purpose, and configurable \"exports\" and \"imports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f6516e8dc379ff68c803572fb4ad2aa01e5bf7f56640959ad709d9dbc8488a9b5ec34aa1d7e0c99031a493dc56de591e454ee45c530600ce265a8e38b463b9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.13.1", + "bom-ref": "emittery@0.13.1", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0de5b06b093aaf9c91f631609c3298b78b0b4b42e61c9262dd93a76f9fc975b6308f79d6f85c509c72238412b3f182c2ee844d3d533d350e3b237095c77e1ea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "29.7.0", + "bom-ref": "jest-docblock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@29.7.0#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abad7b02ec3703ad7682ec9a160b1b15e62934fe6dd9aa1434bc0151b73fd240f5478b7d8b10dbc854c77759e89387a9a15169afb3e67961eb86fb95dd7689e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "29.7.0", + "bom-ref": "jest-leak-detector@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@29.7.0#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91803c20971262d493d8163d23e48c0b7da70e9053dc9d8dbd6271f3e242b82765fc247523810a50944e88ff17b42731aa04d304624d75b07503c5d129b4deb7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "29.7.0", + "bom-ref": "jest-watcher@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@29.7.0#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e3d160ed65e4537565da1e8b6cbb4c43f1f207aad74885fb4aabc12d09acb1104637d2343cdbcf980982592398e923afae3848fc5eff6c602ff51b67b0f034de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/globals@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@29.7.0#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a98b3dddbad2db916d8c345b9b50650454b9131a2a96eb22d54c0f896cfe9f23a27988bf58d0d960f24f79a5c17c72d2b0092ed6571b5e06cdbd8617c0a2dcd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/source-map@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@29.6.3#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3078d3f7942e8a970fae92ccfbc24c4b3171e9e1e9e419bee177850c9970b2f5418e628d88802f6ac18ad9fc73d966c64659efa9e8456e1d3b30c6bb9f76099f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-jsx", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-jsx@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of jsx", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.24.1#packages/babel-plugin-syntax-jsx", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-jsx", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e0adc595dffa46e4308b174b8a684ef4f862ee6b5e245afbdc46553e7aada8218e605328ca4535cf51e080e20787a66a8f5e3b6d8ec7b0b1b891bb060131a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-jsx" + } + ] + }, + { + "type": "library", + "name": "helper-plugin-utils", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/helper-plugin-utils@7.24.0", + "author": "The Babel Team", + "description": "General utilities for plugins to use", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-plugin-utils@7.24.0#packages/babel-helper-plugin-utils", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-plugin-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-plugin-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c5339d7306d3e17146e25fbcbf364254ea2338555bdb0bd0a8cc3c784038ebe94062fc42d7719c12882e306ac651f2962cf4c826b51bdd3765723f16e1f2db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-plugin-utils" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-async-generators", + "group": "@babel", + "version": "7.8.4", + "bom-ref": "@babel/plugin-syntax-async-generators@7.8.4", + "description": "Allow parsing of async generator functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-async-generators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-bigint", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-bigint@7.8.3", + "description": "Allow parsing of BigInt literals", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c274e71651be631426def0f1a46139ecf8f4b2b454e2c1c4fe60e4b75aafd9824949e50079cda66b858b52750f78a8f2adf9ed5707bf37a7425e953eccbdcda6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-bigint" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-class-properties", + "group": "@babel", + "version": "7.12.13", + "bom-ref": "@babel/plugin-syntax-class-properties@7.12.13", + "description": "Allow parsing of class properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13#packages/babel-plugin-syntax-class-properties", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-class-properties", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-class-properties", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e6e227632a56b461a85436014d2c2074ab249db283e264fde2404deb932d26054b4c676df20c9f5225d83a7574d20e7ba5395aa21771e0afd9db5ef5d341960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-class-properties" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-import-meta", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-import-meta@7.10.4", + "description": "Allow parsing of import.meta", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4#packages/babel-plugin-syntax-import-meta", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-import-meta", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62a7e6f970f1d3e3eb8775527844023d4f35c82f89599da90cf1524b865da5f661a7832414c6830b552ab1ea2f10ac125299c82fbfaf2be0a5a7b6df874883ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-import-meta" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-json-strings", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-json-strings@7.8.3", + "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-json-strings" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-logical-assignment-operators", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "description": "Allow parsing of the logical assignment operators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4#packages/babel-plugin-syntax-logical-assignment-operators", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-logical-assignment-operators", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77cc1a4a19691438a743932dbc653dc4300ecca1f8efe145a277b2d9b68522832bf79da128e2e9d4747b56cce866f3ac57fe3e451b33358ec3d7b6dad2d7b48a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-logical-assignment-operators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-nullish-coalescing-operator", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "description": "Allow parsing of the nullish-coalescing operator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-nullish-coalescing-operator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-numeric-separator", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4#packages/babel-plugin-syntax-numeric-separator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-numeric-separator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-numeric-separator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-object-rest-spread", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "description": "Allow parsing of object rest/spread", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-object-rest-spread" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-catch-binding", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "description": "Allow parsing of optional catch bindings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-catch-binding" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-chaining", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "description": "Allow parsing of optional properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-chaining" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-top-level-await", + "group": "@babel", + "version": "7.14.5", + "bom-ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "author": "The Babel Team", + "description": "Allow parsing of top-level await in modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5#packages/babel-plugin-syntax-top-level-await", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-top-level-await", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-top-level-await", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "871fbeba92efe54d6b8187f07b5c41414851994e35344be952fae9f2392b48276f1929cce7fa9d44cb72949e8f1b938590168791b4c02939dddff63211244717" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-top-level-await" + } + ] + }, + { + "type": "library", + "name": "pkg-dir", + "version": "4.2.0", + "bom-ref": "pkg-dir@4.2.0", + "author": "Sindre Sorhus", + "description": "Find the root directory of a Node.js project or npm package", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pkg-dir@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pkg-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1d10f36da2a30be00e5955f1014ff1e7808e19e22ff5e6fee82903490a0d4ede17c96a0826fb8fb178b3c6efc5af6dc489e91bb59c2687521c206fe5fdad7419" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-limit" + } + ] + } + ] + }, + { + "type": "library", + "name": "resolve-cwd", + "version": "3.0.0", + "bom-ref": "resolve-cwd@3.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from the current working directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-cwd@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-cwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3ab65a5f631bfab242a47ffa0a94aab7dc4556937efb1d355e737689ef60e8fe7fdf17a52c0917595003a5dcf52070ff2857c45f213a574534d4e43750edab12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd" + } + ], + "components": [ + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "resolve-cwd@3.0.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd/node_modules/resolve-from" + } + ] + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "29.7.0", + "bom-ref": "jest-cli@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@29.7.0#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3955686f0d88b9b37f19262cc444e2fa039eeca6b9f4414c47fb70394dc96f61a728a78c189079486514ac4cf7485566240494759533cbcdec2cd350da066c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "create-jest", + "version": "29.7.0", + "bom-ref": "create-jest@29.7.0", + "description": "Create a new Jest project", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-jest@29.7.0#packages/create-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/create-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "01dcf66dd1f456adc5e772843093a87ed405bad582ba49ba276e306cf5913b893590c63b812eddb3fba826436e57cc030ad5969eec06709c2959c8a1fb3116d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-jest" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "8.0.1", + "bom-ref": "cliui@8.0.1", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05278d9f2bacef90b8fff350f6042dd7f72c4d7ca8ffc49bf9a7cb024cc0a6d16e32ca1df4716890636e759a62fe8415ef786754afac47ee4f55131df83afb61" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cliui" + } + ] + }, + { + "type": "library", + "name": "get-caller-file", + "version": "2.0.5", + "bom-ref": "get-caller-file@2.0.5", + "author": "Stefan Penner", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/get-caller-file@2.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/stefanpenner/get-caller-file.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-caller-file" + } + ] + }, + { + "type": "library", + "name": "require-directory", + "version": "2.1.1", + "bom-ref": "require-directory@2.1.1", + "author": "Troy Goode", + "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-directory@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/troygoode/node-require-directory.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/troygoode/node-require-directory/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/troygoode/node-require-directory/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c6c4423bfb0b06f71aef763b2b9662f6d8e3134e21d1c0032ba2211e320abc833a0b0bf3d0afb46c4434932d483f6d9019b45f9354890773aff84482abba2f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-directory" + } + ] + }, + { + "type": "library", + "name": "y18n", + "version": "5.0.8", + "bom-ref": "y18n@5.0.8", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/y18n@5.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/y18n.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/y18n", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/y18n/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d297c5cde81e0d62472480264cb44fd83c078dd179b3b8e8f6dbb3b5d43102120d09dbd2fb79c620da8f774d00a61a8947fd0b8403544baffeed209bf7c60e7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/y18n" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "2.0.1", + "bom-ref": "argparse@2.0.1", + "description": "CLI arguments parser. Native port of python's argparse.", + "licenses": [ + { + "license": { + "id": "Python-2.0" + } + } + ], + "purl": "pkg:npm/argparse@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f3ef56a9e6db173a57f4e47e59ae8edbd6ac22881e44ccdc1ad00835da4c1c7c80835d1fd3969215505b704a867ff3d7c35123019faadbf6c4060dc3beeacadd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "json-colorizer", + "version": "2.2.2", + "bom-ref": "json-colorizer@2.2.2", + "author": "Joe Attardi", + "description": "A library to format JSON with colors for display in the console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-colorizer@2.2.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/joeattardi/json-colorizer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-colorizer/-/json-colorizer-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7aa19b70575a625eb42744d4ed25ea91bfe07d63f7570182ea04169897f08e71476867180b04b00ef3cf829e46d3e8cc4db3473913d98f0486f6b0570dcf7bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "json-colorizer@2.2.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "json-colorizer@2.2.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "json-colorizer@2.2.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/has-flag" + } + ] + } + ] + }, + { + "type": "library", + "name": "markdown-diff", + "version": "2.0.0", + "bom-ref": "markdown-diff@2.0.0", + "author": "Martijn van Duijneveldt", + "description": "Generate a diff between two markdown files in markdown format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-diff@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/martijnvanduijneveldt/markdown-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-diff/-/markdown-diff-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "625ac74890b6ac0b1e707082ddce556a178aec6a6dd749040552aa2b9012ead91b4e2fa1bfe9393d73e517e8aa010ff7e9720d36aaab2baf13f6811a66a49174" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "markdown-diff@2.0.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff/node_modules/diff" + } + ] + } + ] + }, + { + "type": "library", + "name": "marked", + "version": "12.0.2", + "bom-ref": "marked@12.0.2", + "author": "Christopher Jeffrey", + "description": "A markdown parser built for speed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/marked@12.0.2", + "externalReferences": [ + { + "url": "git://github.com/markedjs/marked.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://marked.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/markedjs/marked/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a97526edefd8285a2a14f60f6b752483dc6523973202d1a6c8423331f5bffe6ea45f00b2d8fb3d0d87f98a88a314a43cab2bac72b1e8634e2224672dbb62a0d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/marked" + } + ] + }, + { + "type": "library", + "name": "markdown-table-ts", + "version": "1.0.3", + "bom-ref": "markdown-table-ts@1.0.3", + "author": "Jiri Hajek", + "description": "A zero-dependency library for generating Markdown tables written in TypeScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-table-ts@1.0.3", + "externalReferences": [ + { + "url": "git+https://gitlab.com/jiri.hajek/markdown-table-ts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts/-/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-table-ts/-/markdown-table-ts-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ae9ec55e606aa661a6b0417dd969d2ba476062f2e6d7914f20e0d93b1f7ede7a1b9312718c161cb33a997f956a4e306d2123d2342ef38d4f68df3c292fa01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-table-ts" + } + ] + }, + { + "type": "library", + "name": "mocha", + "version": "10.4.0", + "bom-ref": "mocha@10.4.0", + "author": "TJ Holowaychuk", + "description": "simple, flexible, fun test framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mocha@10.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/mochajs/mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mochajs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mochajs/mocha/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mocha/-/mocha-10.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7aa84607c24a6a9118702e32b57ff1af329fa2b8047378f5a469405d5cb7791c2bb40cb9fe721f4f54af806cdf3745d967178bab46905a4394026a88262bfe6c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.0.0", + "bom-ref": "mocha@10.4.0|diff@5.0.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.0.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd54c2aef9b9674246b72fc158796387e0408b0dc82beda3f3b34632ef0dc1cfdfe3c5a80c00b7f79ba898ef590f5d7b64e05a1e6917d68c8bbe454cfda213df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "8.1.0", + "bom-ref": "mocha@10.4.0|glob@8.1.0", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@8.1.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afc869123890118945d9053475fddd4be9f1c5222b797412d6a461309334439343751dfce82ee36fb1f0c2877c1608ae7b1fa4d0616381fb75f32bf19b95e809" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/glob" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "5.0.1", + "bom-ref": "mocha@10.4.0|minimatch@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cb0f12054728436e5cf7a8cbaaf92a116440f8fa6889fc6fad743ae39249119e302c05ec5e1a98232c44346e5272eeb1e14766fddeb8506384afc96bbdbf4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "4.1.0", + "bom-ref": "mocha@10.4.0|log-symbols@4.1.0", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: `✔︎ Success`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f173efa4003cbb285fb5ebbca48bd0c69259ed2618769522bd9a46cbab05b01b8a458ffbad019abde75e07c68af99932ababa930554bffd016eaf398cdf4722e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/log-symbols" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "16.2.0", + "bom-ref": "mocha@10.4.0|yargs@16.2.0", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@16.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f59afbed0c6d0be5fb7f8c65a42e91b5fa6d1e43139f681bd33442eb6968f6db049550c5b1654bd880961c2a1ea3186224245847e0864f4214784caa5cf2607" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/yargs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "7.0.4", + "bom-ref": "mocha@10.4.0|cliui@7.0.4", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39c444ebc70eb15317a7562fa2797f7f39103b28cb4aeffc6e13c37d0b747b4fc46f6f374ca3f6d05b3632aa0fb2bf52c00e7de6b44203e40ccd873d9c13fe25" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/cliui" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "browser-stdout", + "version": "1.3.1", + "bom-ref": "browser-stdout@1.3.1", + "author": "kumavis", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/browser-stdout@1.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumavis/browser-stdout.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa1015235f80bf65fba9e94e7c0218c1738da2877a5e5644fdf5da052996fd3e52ccb0260a0ce2f9e89613b7d4bdb1da78d0501f5dd47ed8e95f1b1f2e432983" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browser-stdout" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fill-range", + "version": "7.0.1", + "bom-ref": "fill-range@7.0.1", + "author": "Jon Schlinkert", + "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/fill-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fill-range" + } + ] + }, + { + "type": "library", + "name": "to-regex-range", + "version": "5.0.1", + "bom-ref": "to-regex-range@5.0.1", + "author": "Jon Schlinkert", + "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/to-regex-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-regex-range" + } + ] + }, + { + "type": "library", + "name": "is-number", + "version": "7.0.0", + "bom-ref": "is-number@7.0.0", + "author": "Jon Schlinkert", + "description": "Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-number.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-number" + } + ] + }, + { + "type": "library", + "name": "is-binary-path", + "version": "2.1.0", + "bom-ref": "is-binary-path@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a file path is a binary file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-binary-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-binary-path" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09e87eee8c79a9eecb26e2c7a18d1f7a1de91ee5031c071151ec8bd95620859c1fa64348cbffbc39c8346b752e4a86336af9b2970b8b59039fde19748e330c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/binary-extensions" + } + ] + }, + { + "type": "library", + "name": "readdirp", + "version": "3.6.0", + "bom-ref": "readdirp@3.6.0", + "author": "Thorsten Lorenz", + "description": "Recursive version of fs.readdir with streaming API.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "externalReferences": [ + { + "url": "git://github.com/paulmillr/readdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/readdirp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/readdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readdirp" + } + ] + }, + { + "type": "library", + "name": "wrappy", + "version": "1.0.2", + "bom-ref": "wrappy@1.0.2", + "author": "Isaac Z. Schlueter", + "description": "Callback wrapping utility", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/wrappy@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/wrappy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/wrappy", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/wrappy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9784a9fc346c7a8afdc0be84bd5dbe4ee427eb774c90f8d9feca7d5e48214c46d5f4a94f4b5c54b19deeeff2103b8c31b5c141e1b82940f45c477402bdeccf71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrappy" + } + ] + }, + { + "type": "library", + "name": "is-unicode-supported", + "version": "0.1.0", + "bom-ref": "is-unicode-supported@0.1.0", + "author": "Sindre Sorhus", + "description": "Detect whether the terminal supports Unicode", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-unicode-supported@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-unicode-supported.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "927c46daae140b7bbcb2d446c8054908e771166bf90d989171d94868041701b49f2726be3a1a29368b4b42bb2d061aaeaaee19a6e29b0dcffc4ba9a05e03c53f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-unicode-supported" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "serialize-javascript", + "version": "6.0.0", + "bom-ref": "serialize-javascript@6.0.0", + "author": "Eric Ferraiuolo", + "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/serialize-javascript@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yahoo/serialize-javascript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "42bdd3a2cbe0b85b7c78f5aab2f45facac905c8896fa719b629cbc5cadb83501c4f3771ac56b7e988ca64d3d7d0c615b35634b7c4c2cae44a637ae2555607d6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serialize-javascript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "randombytes", + "version": "2.1.0", + "bom-ref": "randombytes@2.1.0", + "description": "random bytes from browserify stand alone", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/randombytes@2.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/crypto-browserify/randombytes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd897788e5fee022945aec468bd5248627ba7eca97a92f4513665a89ce2d3450f637641069738c15bb8a2b84260c70b424ee81d59a78d49d0ba53d2847af1a99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/randombytes" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "workerpool", + "version": "6.2.1", + "bom-ref": "workerpool@6.2.1", + "author": "Jos de Jong", + "description": "Offload tasks to a pool of workers on node.js and in the browser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/workerpool@6.2.1", + "externalReferences": [ + { + "url": "git://github.com/josdejong/workerpool.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/josdejong/workerpool", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/josdejong/workerpool/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b10813dee40d9bc5f566fd7fa8796972b8b304a528651c3841a22186f638ebbf22b0d4f62c23d1f0fffd2b00e84e626f0271a44be1ba59496384a5e0672903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/workerpool" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "20.2.4", + "bom-ref": "yargs-parser@20.2.4", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@20.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e92980d84f4e513bde1e1514016c3a7a262556a8bcef15a8b0f3cb9b1a0a1441150141a0c622ae8c325be43d1c1e07145e19ed5653886de24b3249036f7244" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-unparser", + "version": "2.0.0", + "bom-ref": "yargs-unparser@2.0.0", + "author": "André Cruz", + "description": "Converts back a yargs argv object to its original array form", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs-unparser@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-unparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ee9453200f5073571a6746d9e9161119b1c9b61256b9a91ff969872b4ad578b90daeb1a17e869b04d76e7ba91d20d23aaf889fee872af5a0ff9fbc7028e77338" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "yargs-unparser@2.0.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser/node_modules/camelcase" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "decamelize", + "version": "4.0.0", + "bom-ref": "decamelize@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decamelize@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decamelize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f621353e04a293d1de208c3624ef78222767137781a10ac5277c3bb05bb3497e03a66677bf9b19a54895e52c1c7fa990105f98d2bbbc35ea3ea7e9f287627e85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decamelize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "2.1.0", + "bom-ref": "is-plain-obj@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6169dfc91c312fff92b2b5987cea54b73e5bdd80fe9f27e41ef8db71a9f393cce0c8ee00483ebbb95311b7c9396cce252cc0e75dfae24613a97a6c3e35f4f578" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "version": "5.2.0", + "bom-ref": "mock-fs@5.2.0", + "author": "Tim Schaub", + "description": "A configurable mock file system. You know, for testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-fs@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/tschaub/mock-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tschaub/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tschaub/mock-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-fs/-/mock-fs-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9d17647a60c4996e98a9d55d561ca18b363aff938f2e40296a3156f91f730ebf073daa1622b37fc859b8f4daa220fd8f0c0d7285178739bf4af1c76a3ac5367" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "version": "1.3.6", + "bom-ref": "objects-to-csv@1.3.6", + "author": "Anton Ivanov", + "description": "Converts an array of objects into a CSV file. Saves CSV to disk or returns as string.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/objects-to-csv@1.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/objects-to-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/objects-to-csv/-/objects-to-csv-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfcdde4a94b786680292c5bce4a22a06d71b8125b90c356c0a6ccba0ce82deae32cce5f6ae6b56c45e296cb27be9fcfeb9f03ee3f4b0013e1075a63a2145a602" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "async-csv", + "version": "2.1.3", + "bom-ref": "async-csv@2.1.3", + "author": "Anton Ivanov", + "description": "ES7 async-await wrapper for the csv package.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/async-csv@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/async-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-csv/-/async-csv-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a9b0237e0fb9b365eaab943c3b5133e1bc3403971d62f35f44f5f6ca22df1dae48040f91523a506fdd193ffac5dd7af9cedb0c2546454e43891d4f4032a8fa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-csv" + } + ] + }, + { + "type": "library", + "name": "csv", + "version": "5.5.3", + "bom-ref": "csv@5.5.3", + "author": "David Worms", + "description": "A mature CSV toolset with simple api, full of options and tested against large datasets.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv@5.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv/-/csv-5.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "413698d178e385340e760b80445d2518a9b9fe612af4f0fdfd585965e8070c806adad43080da47737767783e261a8da226cf9f4cabf9069d1f67e051b98dd9d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv" + } + ] + }, + { + "type": "library", + "name": "csv-generate", + "version": "3.4.3", + "bom-ref": "csv-generate@3.4.3", + "author": "David Worms", + "description": "CSV and object generation implementing the Node.js `stream.Readable` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-generate@3.4.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-generate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/generate/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-generate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-generate/-/csv-generate-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3f4feaea474bf0bc7a96b3fd59c8c0d6b471d225a374ea4951a895c11290c968cffe75992ca3438a87555cbae62f2b75cce772b2b1536af0aa3f7a908af303b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-generate" + } + ] + }, + { + "type": "library", + "name": "csv-stringify", + "version": "5.6.5", + "bom-ref": "csv-stringify@5.6.5", + "author": "David Worms", + "description": "CSV stringifier implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-stringify@5.6.5", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/stringify/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e3890eb9f5a43e7d44d0a92addd571039ceaf9da3877d1106eadfce4b1c684dad3da16c0c7e703801c98b0f17007a614649c2c0c504f4a45ac9ce0afcd6cef0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-stringify" + } + ] + }, + { + "type": "library", + "name": "stream-transform", + "version": "2.1.3", + "bom-ref": "stream-transform@2.1.3", + "author": "David Worms", + "description": "Object transformations implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-transform@2.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-stream-transform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/transform/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-stream-transform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-transform/-/stream-transform-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f461d488ce613220a2e98d378c3d80442d5eb6d0579100684007bb9c9b0f9279c8d28c35d1a5e34e77b0f10b584262e3ce7f7be019e658400980263a64fd4379" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-transform" + } + ] + }, + { + "type": "library", + "name": "mixme", + "version": "0.5.10", + "bom-ref": "mixme@0.5.10", + "author": "David Worms", + "description": "A library for recursively merging JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mixme@0.5.10", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-mixme.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/adaltas/node-mixme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-mixme/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mixme/-/mixme-0.5.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e47efa00d5a29c1d47dedc2927a258f2ebc0b69985bc7340ae98a52408d744a5d20c32cf20ca1902bc39487d2af73fa52ecf08accc3b436556a568a614a153d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mixme" + } + ] + }, + { + "type": "library", + "name": "oclif", + "version": "4.13.0", + "bom-ref": "oclif@4.13.0", + "author": "Salesforce", + "description": "oclif: create your own CLI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/oclif@4.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/oclif/-/oclif-4.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c12b4e4be3963c2c513ca2bc87a037648009aeed940377b6f568d791ad2085e0fd64a60375495d8e3b6df2d2930dfac3ac64009d17f06de32f4baea28620726d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "oclif@4.13.0|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "oclif@4.13.0|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/debug" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "oclif@4.13.0|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/ms" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "8.1.0", + "bom-ref": "oclif@4.13.0|fs-extra@8.1.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca1950800ea69ce25428eb11505b2025d402be42a1733f2d9591b91c141f45e619cb8e8ec0b718f9989ad26b5d1ec3a8f72fe13fe0b130dd1353d431a0eb46e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/fs-extra" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "4.0.0", + "bom-ref": "oclif@4.13.0|jsonfile@4.0.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@4.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ba175477cfc8e395fda29901d2d907b3e6c8ca590cdbbae86e27f14a605459bcf1373ee1dc48c559cdfb0b84654e91f776d286cbe5258405ec394a196ab8dc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/jsonfile" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "0.1.2", + "bom-ref": "oclif@4.13.0|universalify@0.1.2", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@0.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac125e2390970259b2d6957eeb5ed607d27add4e9771acc71c5d9fd9d6c98b1e17ce9505d114b765b8f414620e080bdae4ffddfc604e61a002435c3ed1acd492" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/universalify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "client-cloudfront", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Cloudfront Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-cloudfront@3.575.0#clients/client-cloudfront", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-cloudfront", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-cloudfront", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a3a39ffdc9954b510287ef7fc531f8267a2b003663279a9c563b7b40ef5cad4106549b9183585e20e327c7a14d6745e453c284854a1c3b32f69d641a6e08693" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.575.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "602b2d55a5b9b40bd7b3ebf82d1f603403be55184839b8e4d7f92709d550e504114debed550b5d25678dac3658a38013a343871b2a860a3e59d3d4d632ff9ed5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.575.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0cad3e09d9d462b247f42453062f954d06a3ef73a8a035adb5f0b1812731d798bb26d567c60869dc7bce11ed4d944abf283ce7a7bb45f34822ef310c996c659" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.575.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d75ed4fa44248b65e829c6107dea6695170dc67eab10b1a538538143c6762530571181db956da47b4ebb6b408b9b1170a7fcc25ae73b2068ddde29f7c78437ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.575.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac474da6a5b68c47399306dffecf57432c0c2d094890c8ee08aea6c3db05d8e5511871959e1fba7a1ff5245c7c2a3f9e539d5cb627d0eca6877bc746728f0761" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.575.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5765a82c1897342738ac8599b7a15470fe13374564d3603d3cf0815a44dfc8ea288aa7eaf96666663451069c25d7ee54b2f011b25aca585d15ce178c4573c92d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-host-header" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.575.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec310ac7d675d4c69ac9eec57e162d0bcae36ccfcf70570c3b637840401fca97205828fec3882c784d8e19d7c01fd3850e815ce98bcba79defd7abdb3e3cd04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-logger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.575.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae2f3d95d445a2ce8a64319a92758f4b65cf3bdaabfa067bfa63daa14f189123355b8b8aaad9d448e37273e3b7085189aea45eb861e146ad25d9295dd1b8f03b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-recursion-detection" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.575.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7d696be117eb50d4b64773e03fe5aca0c60e44082fff8ecba742747dbddd5ced58bdd73335675d45b152517d8c43133fcbd5c57d03cba4b83396e8682f70a37a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.575.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0124ac1358a096bbdcbc1735c88a3606c242abded0e43d733b072953a1ee96fad1a4a783a2ad5e225eb580f7345e3704d37a9a311ee7e87ea8c62bd06d708f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.575.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eb9e89501acd305f176036e762ad1d783a034e6ab1fb59489fdfcfb63dde289d91fe2fb5e820b7a6d04800d6d469805a70da914795908d6801c33520446a5ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.575.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c02e71f95eb0de446547a5fa5d520db003c3606f93cecdd6b61970f982ed8ee3ce0d435921002ab000476a1c677a417202fb1efb5f76f47c28f8268bf811d918" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.575.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8800e89d7c9a5e0c2f0b84f4a91b8358274a227cfcd865f67327b3abfa2a5652fc6cf63b1c3f23c1966bbae25dab9b646898b51216cee3e7f592c66a3a264abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.575.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "930cef05f0342e820b0ce152e8157cb8e924b011eb62e94fea43577a00797999c348d89ae436c1b17ab143f1e49cd1796b8dbd496430d9a690244810bd907554" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.575.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "613829ab7aef6015f35ba3930c1d34704efd7af42db2cfe5cf61a525782aa955c3d26ee2efb84603ccdbe3855ebcffd6c6d0da8925bb4928eebbc542046b20e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.575.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c507d599823ef4aa91be1598f1fc84967a5c5540415208bf1e88e2de853a58bad48eb5fdf24f771deee0283412c877fbca430b5002585b0b15e008d0da3ea78c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.575.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d33a6bfe5552e3607b773ac91bb1bcefb8b2b2e849fa877e44067d40df8537532699639697e773d877cf6362d7e6ae78e1cf64c34558892d1c3717e7050606" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.575.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbfe4d255ecc672b0a825a89490fcef0e10b35cc0b707df192769b2fd35a82dcc1ed1341da9d405174745254decbdb120cb2f8a0298d6bffae9d8ba0956fc086" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.575.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36d5c0f4e3c82aca9abecd85ee184b4ffb766438f026cbd07af8f7d68bf536999335831cece585583a6d386eeba69b1632c93928a99f88bdaa5624099decd734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.575.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41cbd51fbc29be91515c600680205f41e885fe9b43d0d27e1eb73c74361f3c6845799d04a1540160da612e2db9c5eec967e5db6aa08aad444766daf87c010e27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.575.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a5156a40b64b43dd7072e3b7ad1bcd062972bd2e1dec3423172e3712b34352d1f751210252db32b10bca8adb651099d14aa57c6d84d0f914a93b7cd12aad1fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.575.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f3433d0a109232aa9f80f6b7bd2a5736df76d95a032f4a05d1b9f2a0f5c8d595c6af1187f957770981f9a1363d26a1b727d58a465d091a19885cf10e1e4850" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "xml-builder", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/xml-builder@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "XML builder for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/xml-builder@3.575.0#packages/xml-builder", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/xml-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/xml-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "716800c266c560d085ccfc312fbd39fa55a9b3417766f39c92e7ddd8a2a8119526b69570f7fb7151736b3f24945d29914d2461a1ab4830004d7d2b56474e376d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/xml-builder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-waiter", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-waiter@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for client waiters for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-waiter@3.0.0#packages/util-waiter", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-waiter", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-waiter", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9f1172711832c2a2a44a5529a8d1ab86c5aa9b882a3ef28a61fb86ae79f62368dc6338b2926363315507d1ce8eb93da66fe1fafee655a0f9abbbbd2b8927fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-waiter" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-s3", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-s3@3.583.0#clients/client-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a52ef09dcba04ae210f1182d44813d0f2b2d76677798c9e37e388ed62035521197932020a09cd0e231f4afee57f9e5a660761071fcbd7d44174f682a577b7d18" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.583.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cedf09ab1573e2da4344e3a943d570137d1aef74dc577780e54c5a2ea169abee5beaa1491c6e6b64576aff5c2859036cf41e20daba9842d5ef1bf2568955e4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.583.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4333189e98f0d6afd758d90e00ca2c6446793f86f4ba7ece8e5b1b950b3d563b8ed885a01f3ac10602040c8032cb68e7e3fe82d4e43d78b9334110f1a1e2b04" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.582.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1f983f7a21073d83575bcaa942cb1bb97c21bb90897da75368379faf1815322dd6e63c25773dd83df6744760426ebf63201b1e405051833cc1dca9b2699d923" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.583.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81372a415e7cbbcc91fce52cf10e3f2cd666cb5eff5cfd56ead2a4774773ce8f689d67acb007faa52110b55f006ebf8f56be0f24035c0a5e4dcade3ae971523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.583.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c553575d70d6bc1548fc0795b52740f5256e9aac6265a11293f269527f463249ad4ca7ed7abd02c1e6a9fb5890f63f1b4403b4bcd8662246dcbdd0754b859553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.583.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642f666f68eae811573d8b14b03dad99872796677ef4f18dc2714d9fc8e4e1a6e76b9263936c0392737cd726e4b66051e6db4df56f2e82692db8ab6f00c20309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.582.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9063942b0e6bc8f90321807af4f8cadd289c54b4db581d3aa2e14dd96d44bea509a644063c0506cd872898ab6dde625a0937ffd647e8687c0044097a28a48ff1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.583.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d2858d83fca9b3a72d8e111e2ffa89f4121affec573fb44f0d0a85299db306459b98b2cea0c59746f97cb8a5010faa827be0c699cbbdb247d55de5d27ac11" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.583.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bfd44bcbf6d05ecd2894fb4ead1b82bf90ebc57cf8e785e4f82525ea8cf33bfaf8cace0a768f1a7527d30c77af73b388d55a89fddf6ccc786823ac2a65ccc12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.583.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d276326881b596708248f8f862d5af3ab0983e83f05069b6b15993b3e71a449feefd50f2dc58348ea063ddfc4518582789415b870d6e13ef5a80f1025f741f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "sha1-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha1-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "349b61e5cf7dec62c7b3a9ce613cc52936d874c340ebfd5794a5609d9a1a65c43bcfb50994e823d8975b1c4f2d8982d2ddfcd734282e72defb48f19ab76ada4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/region-config-resolver@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.577.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e0284214008dc33ab1ff18e0df3805716f00962e91f42f797051022964ffec250cd43d0c1af91c9521f670b6ab9870a626053aa272a426ba05b56a74907860ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.577.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eabed1636d232dc9c653595c037bc0d15a8beea0c6c0e789e1528670554eab5bd3920fa359586479d7605418715a5b35b45a0f3ef838f5d05aca4c6d97b6a7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-env@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.577.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "271bb6e798f4813a0c1848aab9f3fc66d288f075bdd2538b8f02772eb7650ff34bb00634b4e41fd5f59ce77bb6f215a698d18cc660ab2f6a7ae883a030384353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-process@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.577.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a29fa056b4e897c488084eb27737073e6363f5b954fa86e611e0471b03f0c950f5b23b49fdcb95052dec0fbd56cb9119f5e49784a84ac12d4ac772592238ab7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.577.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6461c6351682b49266b336fd5139c2ee2ccd0ad454b6d74f94b74c921e3528f4b7daf7ddac10c7b3526ba5b6628c8b518f5c4ab8e5ec8984972c068719c2e1f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/token-providers@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.577.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d02908669702dc3350250d610e39b66dd4b2fd78ececdcb962f4ac69c6ac18e90d7e4f85764890cba37aedb657dd96dcf4a231f8dcf86eede20de3523699679d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso-oidc@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.577.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e398a48f0d6b9e59661516915c6763f77c8ebfa5d4150dad05802c986613a724b8041d921c04183502c9e455669c06e2e8a69f5756dda6fbb84eeae818d7fd6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sts@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.577.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e74f4a9258a6bdad575658466e94e9797de438fe8e4699b8e2dc09c431e96bd4d445b9a86b18fbbde5a59cb09b0e8af10d3adbb03821bd866c86f70bb288d5a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.576.0", + "bom-ref": "@aws-sdk/core@3.576.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.576.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.576.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "283bc395b7a2a524c87fe7df2ad4e0d66e35f532bbb3d9994960bc6efb99f6ac7afec8d014e5c828e56acae962e839dfc466ef45cc2846e63df4e7021f537fd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.577.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a96751ce32cad704d7337341d0a6fd15323a80129734f43500ed183781425f9fcba684c2fb03b6d79d4caa3c0f92e78ab7f7b51883595e40a7529f6dce8b041" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-user-agent@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.577.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f9e470178309a21c7a45c792443ef3a701b7e137bbfab16bfd3c142cfb3dad0bb42205c3d2d1c74947a3df57b2759f854f2b9dbf3a7acade5f55c5d43b32cd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-endpoints@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.577.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "163b94cf529dcb8665cb6abf739f2da5da8777acfb88e754fdc698ce873c8f08001c10c16c824d40b094f615c99cf57633ca56c500f2219b28570b66bc4acfcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-http@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.577.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fefb2842a7aedbf7e651184758d6385a981e44fcef90b080ce3d2b9199d69218c08e77cda850428f8085445356e4ab10ec071822116bafb5f84aeac3620d2d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-ini@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.577.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abb9473edbfa06346f0a1504de6d2d21a1192b13d3699d41de52b1198b0597754b02ee4df3218250ac2e0358b37f8b9c4fe2f22ac7151aa2ba543671d5ebf79f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.577.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8959b9490bd2ec48194c9b116aa50e9834290503cf3dab78d9209b585bc540e2eb97ca9ec2af0e3fde21152e70da63fadb39e0798cea8499c37a5efd1d76f17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.577.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "070ba3757af276593a504c8f99ec26e46a86e27910e8e5724614bf4b264fffa50a485bf6fec7f7f750a6cf484dd22b544c7d6b4785de2e59fc5c23ad6ab92bce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-bucket-endpoint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-bucket-endpoint@3.577.0#packages/middleware-bucket-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-bucket-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-bucket-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b70964357d95a1f33a9075f30c48893a260273db550017b971bcb1300ad15ac708b02586f666a63e10bbedecc6e17b0df5d144c157711180f90aba66ff91148b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-bucket-endpoint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-arn-parser", + "group": "@aws-sdk", + "version": "3.568.0", + "bom-ref": "@aws-sdk/util-arn-parser@3.568.0", + "author": "AWS SDK for JavaScript Team", + "description": "A parser to Amazon Resource Names", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-arn-parser@3.568.0#packages/util-arn-parser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-arn-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-arn-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d4289596a3e28e07b7db9cf3f4fa0fe8e54964bbf5f9dedee2fe1fac3c7af9c71613249f426276d3a28f799b3c5eef15af90baec36d27c2fe327367f4836cdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-arn-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-expect-continue", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-expect-continue@3.577.0#packages/middleware-expect-continue", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-expect-continue", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-expect-continue", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9d3e9f13bf8174a1fe2e9f9200c86eaafbe1ab46b3504383f6340301d56d153b826812ed42f0689ebdb6c32e2f3c4c52059ad2a99c70743830b3c27a1ef09b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-expect-continue" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-flexible-checksums", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-flexible-checksums@3.577.0#packages/middleware-flexible-checksums", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-flexible-checksums", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "207014122a487da823c3dd8b57c48e48188217b667a9f1dcc35e0891c656dbf99fac2cb5161fe4e343284bfb774eba36b50f75ae040fc14a12801fd00a2d8eae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-flexible-checksums" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "crc32", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2334a0b2bc5472cade8d06cf5629482b2d7a9004f9d84c01eb349a23e337c712212a1e7e6a5744caf23ecfa7ab33b4c22c1d8126c16bb478e9ebfe3fb2bfb774" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "crc32c", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32c@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32c@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32c", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10d34f3cc6a79a7549e014d794e8c0803ed446275b0339d446a0f42af7d1132738a36d033d874495d5357f9710ec96e3d0224948f68c224ffd66c85d077db5d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "middleware-location-constraint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-location-constraint@3.577.0#packages/middleware-location-constraint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-location-constraint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-location-constraint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ca3d30f60f6b3eb76414a3f21762d55affa527f0667ea61493064c81371da47d9cf82b06af865fc92734aa4d5dc67c25e455d16eec2ae3a17ec167aa9679350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-location-constraint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-sdk-s3", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-sdk-s3@3.582.0#packages/middleware-sdk-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-sdk-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-sdk-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c9a90a4ba0b6993d12382ff5d951e1e477d5152bc540afd477f30bf4a2c19e313bf30fd8b0cf39342364ed06a15d6bfe71101d58815619c32aaf992b579adb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-sdk-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-signing", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-signing@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-signing@3.577.0#packages/middleware-signing", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-signing", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-signing", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "412fdd877f8da996d7b58d23fc367cebba203f8d77a46e5c146a81cbd39e3a10ccb2895cc0bad06e2d12d1ceb6d5d73540dabe7abf5f7da32167f68f9325d722" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-signing" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-ssec", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-ssec@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-ssec@3.577.0#packages/middleware-ssec", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-ssec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-ssec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8b604f251faba7cc6645520673487590344570cd89f469c296aaa973e34b4a399869d95c83898f9258accfd1f3c0555c44f2795dc19fdd4e0162ce46f3e893ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-ssec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signature-v4-multi-region", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/signature-v4-multi-region@3.582.0#packages/signature-v4-multi-region", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/signature-v4-multi-region", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/signature-v4-multi-region", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68508e8e336a117da5f95f108ce5b2e45ec2b47202fd1958741bafdcda3acb19fea4cbd55147bacdd324db21d672e755a475accaf719cc050196200f7852cfb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/signature-v4-multi-region" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-browser@3.0.0#packages/eventstream-serde-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "341ec01623cde0dc4ffd80809ebbd8475f33dbf66c887885ed5b46df482c84ef466c5ac86f5ac2f1ea78346a49496af3e8feb8ba13d77a8e0cd14b022e764aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-universal", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-universal@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-universal@3.0.0#packages/eventstream-serde-universal", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-universal", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-universal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1cd15f4a19a8b5619e0285b8ba33fc99e57d0596af72999eac36cf2239096f129b37c46c51ca5143fd8ec88c563715cd1f6196080c6e481ef29e62062654370f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-universal" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-codec", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-codec@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-codec@3.0.0#packages/eventstream-codec", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-codec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-codec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d4b72100d0e8a4e7449a105099d163d5b45f6dcffb5ecded9f0e9b56e9645797e46b11e9c7f146c48ee74ecfc89a922325de513794256a61fd98fb39cbf1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-codec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-config-resolver", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-config-resolver@3.0.0#packages/eventstream-serde-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "454406def4372d7ee97aaa8701b99aca182b1796938a53e76b38a7692185d4fd3eb60337bef21158f1e694b233daa16a07d2ea148c5d8adc5cf0ed99ea9b2b47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-node@3.0.0#packages/eventstream-serde-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da44f74c0433011316572140283c69bf867b62c63b7f545a54ebe5660b2898258cd11d1c68688d4c37ee5713e8484bc009d860872cc14420e2f3abdc71d4481" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-blob-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-blob-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-blob-browser@3.0.0#packages/hash-blob-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-blob-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-blob-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd66e9760f9bc09bd6ee5c51ff3a5601cd7fc7f62472a82eb85d9b033909aef5eb899bb5be6f2bf8f51d138b32895c1083b3cf476757a62dc22c16fda910da55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-blob-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader-native", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader-native@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader-native@3.0.0#packages/chunked-blob-reader-native", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader-native", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader-native", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5439290985bea5e4ae338cc98a9e560dfaaf836328fdef32c4ebf7545d66d75cbb07c28a30a545b666560dedfa16f93cac6b96acf6471d767bad1eee339c96ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader-native" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader@3.0.0#packages/chunked-blob-reader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1b9d4442c231748124e81a5b0188099dd654429929fbda7bbd6b17c9bb9948c7a4541201eee86c1331ba827614128b43ee99c9b9bc5c6c8bd5d65dbda64daa0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-stream-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-stream-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-stream-node@3.0.0#packages/hash-stream-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-stream-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-stream-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2748bb75ef848170c41884c3e1fc7398c5fc0b208d1134c84579718cc88d52fbeeefa5e7dc6277d70411f39ca794f936c08d65aa892700525a0f57e234395b20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-stream-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "md5-js", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/md5-js@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/md5-js@3.0.0#packages/md5-js", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/md5-js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/md5-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e6d2faeb5738e50fee910904f1ec3dcbb39f12dc5507d590ad53530887fa9099a3a8d47f6530dd9ab3a0a291c13081ab6d9c0f5251149da09276ef131c11f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/md5-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confirm", + "group": "@inquirer", + "version": "3.1.9", + "bom-ref": "@inquirer/confirm@3.1.9", + "author": "Simon Boudrias", + "description": "Inquirer confirm prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/confirm@3.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/confirm/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-3.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "505d3d69e8f10a2e17aa6e8dfe32408855c0ad77e2f5a979d8015a483fb6b881e78591ad77577a94819344c3e8b95489c5b1848be1e43964986a2118ffeb3353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/confirm" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@inquirer", + "version": "8.2.2", + "bom-ref": "@inquirer/core@8.2.2", + "author": "Simon Boudrias", + "description": "Core Inquirer prompt API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/core@8.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/core/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/core/-/core-8.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bc4ae357e398c41655f7101269bbd07e4b64c84b330f197648b89f4c13ddb84aa6dd5ba3ede9f2242af5e0ee638438a2785b1a50b318f45137dc2ff038df85b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "cli-width", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|cli-width@4.1.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@4.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2eb99778fdd9b64b0e469aacba6c6c8d34d7b5aadf51a66c6f78b48eeca720b139d4ed15dfb30fbf6ee9161a8d5a6e006230089cd3af2b72566c3b82169a6c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/cli-width" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "@inquirer/core@8.2.2|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6afb09421c9dfbaf3480a5f21bfb107349d7682eab0643ce7f21d87056fdfa1764a90911f5b767909d003198647b4a1eb0fa883be985149f8874173b9acb7820" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "6.2.0", + "bom-ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afa94f7011b1657948732984bbb227c43321756d0a0f1a4b82814b720b9ab3109a27f48e219c0835ab4af4a63fb5ff99ae5cb038a5345038f70135d405fc495c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "figures", + "group": "@inquirer", + "version": "1.0.3", + "bom-ref": "@inquirer/figures@1.0.3", + "author": "Simon Boudrias", + "description": "Vendored version of figures, for CJS compatibility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/figures@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b5d7cc434c1f9a49b79fecb175740df59466a972f271b37f451c055f714e73fe2b27df1369aacb120c06b67c8a341c9369d4d13426e34110079dd8adec961f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/figures" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type", + "group": "@inquirer", + "version": "1.3.3", + "bom-ref": "@inquirer/type@1.3.3", + "author": "Simon Boudrias", + "description": "Inquirer core TS types", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/type@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/type/-/type-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5352dd0dba5ca55f6effcccc74e1961aaff92bd6b69a8854d5bd0e5f7a58d0b22020766d163e3e12ef7ff27b47dbb2587ed7942b22e0ef7c25d37a4ee9318e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/type" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "group": "@types", + "version": "0.0.4", + "bom-ref": "@types/mute-stream@0.0.4", + "description": "TypeScript definitions for mute-stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mute-stream@0.0.4#types/mute-stream", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mute-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mute-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mute-stream/-/mute-stream-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "08f33d9f3ac23cf24740d03d91e1fd09591523e591e6431afbb5c4b398dc190d15a001a72efdb8db0f252158300047e6138a2e7c945a4dcf4f34b425d22a00a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "group": "@types", + "version": "3.0.0", + "bom-ref": "@types/wrap-ansi@3.0.0", + "description": "TypeScript definitions for wrap-ansi", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/wrap-ansi@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96d229c7e90cee0fcc2d165f91b2fb12c0848dfcc271270ba64837ede5c4b71e649ab00a0644c9c1dd462008c348bf304e933a1f39f960ee2949bf75044c2ed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "input", + "group": "@inquirer", + "version": "2.1.9", + "bom-ref": "@inquirer/input@2.1.9", + "author": "Simon Boudrias", + "description": "Inquirer input text prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/input@2.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/input/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/input/-/input-2.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d714c21e621ee3cc7d086d7ef209401eb555747f907d887380151b832a15a69e4da2f9d78117234a7fd236e95ea717fd3a5f070eade0cf0dd908052bfa1d44ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/input" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "select", + "group": "@inquirer", + "version": "2.3.5", + "bom-ref": "@inquirer/select@2.3.5", + "author": "Simon Boudrias", + "description": "Inquirer select/list prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/select@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/select/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/select/-/select-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "232063f2812d99d1761b1e052533ed1326b7ecc0fab342804cab07aa09a5b3494aec441b8584aaf46425705aba701b187bf720434160d9c0aa6183e2fddfdfc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/select" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "plugin-not-found", + "group": "@oclif", + "version": "3.2.1", + "bom-ref": "@oclif/plugin-not-found@3.2.1", + "author": "Salesforce", + "description": "\"did you mean\" for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-not-found@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-not-found.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-not-found/-/plugin-not-found-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63617258b133893ae0750c1de0bb59718bf754e31e0e15b4a56ea16c4d2eddf25dc6cf1fdc92df38724f77c14fa2b56dda576c6a3e3371751603abcc40a78a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.15", + "bom-ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a66b5993c211e31a8fae5994a6365c83f7712363ad317a5911177dae63d41ac4bd7ad6bb80504a1545eac5f2f9132ff48cbf2c266b1b987b120039a5d27b4c3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "fast-levenshtein", + "version": "3.0.0", + "bom-ref": "fast-levenshtein@3.0.0", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84a28d6a39b8eae3664e58474b2664993a00739eae649c18abbcab722663a8ec6795f4301110d02661cf529ee6d66f70c7cbe039ef08682299e4abf69350dd09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7919c2b534ed199169402c2126250ebb13d05915d52980e7d1bd8f7877d72fafd98b9dd22c0cc01df5615562b602bc82fd61f4e6419fc611483ef4c5d125d0ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "async-retry", + "version": "1.3.3", + "bom-ref": "async-retry@1.3.3", + "description": "Retrying made simple, easy and async", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async-retry@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/async-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/async-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/async-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1faff8ecb70f71362ff4b5e307ad15bb76ccf72ede4046160d6767b0a5a76785a229e666c02e13803fe10076c0bbb7867ac2ab0356ff7e5ba826d4393d984cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.13.1", + "bom-ref": "retry@0.13.1", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.13.1", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d0050dc8f16d4281ed127a1fba8238f4dcb6e64455aea2cce02bda280a9c1822b861a0ef34a5fab8714914e439249f07ce7c5b5e470959e7a3d838663215676" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "change-case", + "version": "4.1.2", + "bom-ref": "change-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform a string between `camelCase`, `PascalCase`, `Capital Case`, `snake_case`, `param-case`, `CONSTANT_CASE` and others", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/change-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/change-case/-/change-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2c58db0b3d3adbe220b1b51226392bb34dc64aa0fc99d19c5c4bb4a43de896af8a22318bb76332b49dd04093f400be96db429666302b0e77056a4e31b968ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/change-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "camel-case", + "version": "4.1.2", + "bom-ref": "camel-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform into a string with the separator denoted by the next word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camel-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83119606b4d3d49b8cc7a47ea393d35cc9949e19d5ccb43d48dbad0f862a2ad23a6a9f3deedded28409895aea0096124a655e794dc9b124660f46106c4a14283" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camel-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pascal-case", + "version": "3.1.2", + "bom-ref": "pascal-case@3.1.2", + "author": "Blake Embrey", + "description": "Transform into a string of capitalized words without separators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pascal-case@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/pascal-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b969464f76129caf71dc140968e75c670ae757a84fa5df23147d7fb9ca622d13e1ff6cc2549292d7d1381af607bda09c0029f77e85d9d1c2c1f56af1d4a19ee6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pascal-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "capital-case", + "version": "1.0.4", + "bom-ref": "capital-case@1.0.4", + "author": "Blake Embrey", + "description": "Transform into a space separated string with each word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/capital-case@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/capital-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/capital-case/-/capital-case-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76cdfb5bc0b2b478309e11864e2f3ca5c3f2475e6aa0d90ea58c2630c7e75aaa9680449aa4baaf0f1ea1b858d0e6fa964a7d99d3ad7bdd7340ecbb4c39e521d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/capital-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "no-case", + "version": "3.0.4", + "bom-ref": "no-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with spaces between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/no-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/no-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e000dde318087e468c541991d348e2c922a51cdb09a8070191e2d6e93402a69a8bc5a16ab439d4646f456495d45e3b66b68814ff384ba51bd5d251cd74af7ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/no-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case-first", + "version": "2.0.2", + "bom-ref": "upper-case-first@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string with the first character in upper cased", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case-first@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case-first/-/upper-case-first-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e75e29a581c168ac1f2512bfa4d0ba73f3b17c66b4a1b4a7025d74eaef7b11dd08eb6e4d8a7f7a2808edb5917a64bdded572eda61c67aab3a2f625a09bebbe6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case-first" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "constant-case", + "version": "3.0.4", + "bom-ref": "constant-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into upper case string with an underscore between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/constant-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/constant-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/constant-case/-/constant-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "236852062ed5becec112e243af97431dfcdbfd1ba3dc5caf17287b28b8a5023350c3705efb182a5010365bab1c54470bd212f57703d1b48a843d55022a44acc9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/constant-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case", + "version": "2.0.2", + "bom-ref": "upper-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to upper case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case/-/upper-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a07600c626dd93a6ec015088e01ba973c36196151096f5091f922bf40f1a871cb6091e6b6675420a71977cac78054a3a29553970ea08330a6d5bf0c150c2292" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "dot-case", + "version": "3.0.4", + "bom-ref": "dot-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with a period between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dot-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/dot-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afe672a587ac91addac6bf1789d9ee72d9e454a64528b085b8036012dfccf04b3dbbceeeee7c3c103e2e4986cdd702518d7ad9776e69c6850b0cb642899e3df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dot-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "header-case", + "version": "2.0.4", + "bom-ref": "header-case@2.0.4", + "author": "Blake Embrey", + "description": "Transform into a dash separated string of capitalized words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/header-case@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/header-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/header-case/-/header-case-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ffbee9394c4115670ad1d25a76cde77d382a35b8020b325c742443200b6eabcf2249dcdd6fe979301c75c941d4767684a37063cce8e28f6282607f4a65275d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/header-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lower-case", + "version": "2.0.2", + "bom-ref": "lower-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to lower case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lower-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/lower-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edf9b797734017d59f37a5b724e99fe5daf0a55a97efc26da0627703a5b46ba66795d338d70d9f5790f8f74a6c2854e931db3c4c9b1efde1cb145b0d1c78c782" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lower-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "param-case", + "version": "3.0.4", + "bom-ref": "param-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with dashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/param-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/param-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "457963ef3098a2445ea96a4e3c7f68622bd4ccb619e6f00f21f1260933558a8b02efc17c1741fdcbb4fb806d8cdfdca682eb7117981c144b326504a987d069dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/param-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-case", + "version": "3.0.4", + "bom-ref": "path-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with slashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/path-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-case/-/path-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ee2a0858d7a954eb71b3edfe141f85343e56116ca8d28e3edcad80d2a42b14a8129dd73d443c39b16e78fca5388a24e608e7ebdaf2f178942f10b0a2ddd67e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sentence-case", + "version": "3.0.4", + "bom-ref": "sentence-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case with spaces between words, then capitalize the string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sentence-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/sentence-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0b4b42489da40c091a10ed8532b40a3fc54bb95b65e74315761c8ffab8ce94ec22134b546a3c496bdf457ab88ab230a33d949191545cb9ff80aecdc8b13584a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sentence-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "snake-case", + "version": "3.0.4", + "bom-ref": "snake-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with underscores between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/snake-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/snake-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c03a1e33f3d6c642f97da457cd17c575e3a8bba3bfc2a853dbab36203fec98cc3203792f4768d16d5c005a9915be010cc454e0dcbc4efd96327ef1af5849d32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/snake-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-yarn-workspace-root", + "version": "2.0.0", + "bom-ref": "find-yarn-workspace-root@2.0.0", + "author": "Square, Inc.", + "description": "Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/find-yarn-workspace-root@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/square/find-yarn-workspace-root.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d483276e3b782b3b107e7867ccd77cc141205d9e3823365a6669cb631ec3e45665687b76816db40ab8bc43e13fb79b488f8f9ea5306e6fed99c6efef3482f3a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-yarn-workspace-root" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "github-slugger", + "version": "2.0.0", + "bom-ref": "github-slugger@2.0.0", + "author": "Dan Flettre", + "description": "Generate a slug just like GitHub does for markdown headings.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/github-slugger@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/Flet/github-slugger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Flet/github-slugger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Flet/github-slugger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/github-slugger/-/github-slugger-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21a390f69b98b63ae4abb63462097d283667adffda89425852955ff3dcbc9326b16d11bb6354ab5ff8daba6aeff35bdceb5fa488c7a6a6e8ec337630ef0e6a73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/github-slugger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "got", + "version": "13.0.0", + "bom-ref": "got@13.0.0", + "description": "Human-friendly and powerful HTTP request library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/got@13.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/got.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/got#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/got/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5df064d42c4e39270370cafd3b5c8a90d690cb2f3ae4d6d8b3e17b76be07d0b64c5600a3d8b7b9f64e8fa9b347a0be53a1e684414621e9ceb231f55c73a489c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/got" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is", + "group": "@sindresorhus", + "version": "5.6.0", + "bom-ref": "@sindresorhus/is@5.6.0", + "author": "Sindre Sorhus", + "description": "Type check values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sindresorhus/is@5.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d5eedf062986895ac9f4d2d143a81c3cf94aa6afc0347d1535b6f4d08726731afd2c24219140bdc918c237b9cb8aa375c865d50ff8bc7bfe0876b7795ec32ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sindresorhus/is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-timer", + "group": "@szmarczak", + "version": "5.0.1", + "bom-ref": "@szmarczak/http-timer@5.0.1", + "author": "Szymon Marczak", + "description": "Timings for HTTP requests", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40szmarczak/http-timer@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http-timer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http-timer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http-timer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f9905f43e20183cc79561edb7ecb24062f38c616d63dab1f96113b24b76f8093549ba6df81df46f2af033a331c0406d139c735d51f63d9c2794c9102cfff73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@szmarczak/http-timer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "defer-to-connect", + "version": "2.0.1", + "bom-ref": "defer-to-connect@2.0.1", + "author": "Szymon Marczak", + "description": "The safe way to handle the `connect` socket event", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/defer-to-connect@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/defer-to-connect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2dbedb5ea571b555a606ad189b93913025dd6de2e76e9d239531d2d200bea621dd62c78dfca0fc0f64c00b638d450a28ee90ed4bd2dc0d706b1dcd2edd1e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/defer-to-connect" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-lookup", + "version": "7.0.0", + "bom-ref": "cacheable-lookup@7.0.0", + "author": "Szymon Marczak", + "description": "A cacheable dns.lookup(…) that respects TTL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-lookup@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/cacheable-lookup.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faa272c78c622ab6bc999adcc218cc44c5210f9351d51f1eb0f933218c57f7a26279c168c405c5bb3fc6a51dfe7afe0f13559a9878a9efcc15d2f7263d0b69f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-lookup" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-request", + "version": "10.2.14", + "bom-ref": "cacheable-request@10.2.14", + "author": "Jared Wray", + "description": "Wrap native HTTP requests with RFC compliant cache support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-request@10.2.14", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/cacheable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/cacheable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/cacheable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce40d3e56005e21492a148327e0e6d148c73f1740afb6e56fd32d5a2325330a05ac5ebcb041b4bc60aa0b80b95401f0f556efd1558c7714f8627db556c367d99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-request" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "group": "@types", + "version": "4.0.4", + "bom-ref": "@types/http-cache-semantics@4.0.4", + "description": "TypeScript definitions for http-cache-semantics", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-cache-semantics@4.0.4#types/http-cache-semantics", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-cache-semantics", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-cache-semantics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d66d1b20555cede256caf7bd4b4467b9181c42a17f5dde50b1464065e405af5437fe9f495a841012a995cbe0cf4cda465f086021eb40a1817c252737deadbd40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7abdbde4328f56c57cda3e64c351a3b7e00303f5d81ec6a397cd9c18d406d9eca83e4be05215fe9c32327a5ce12166dbb173f7f441dc23a979b58b36158a985d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "4.0.0", + "bom-ref": "mimic-response@4.0.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b92121fdc4c614d03ceb4fe8e5f2adb37bd0fa79606da3e23c08da5ef9523e2b627f17f9373dd91d4ddcf8c2f1951f8353a68f8d4584d522e31010c31cb0baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-url", + "version": "8.0.1", + "bom-ref": "normalize-url@8.0.1", + "author": "Sindre Sorhus", + "description": "Normalize a URL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-url@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/normalize-url.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20ef50be350c5b13d0421b3ad283aed740919160a26734949336d718657da6f8989757d761cbe4cd0e6357dcfc63aba7f0046855197812d0babfa8cda9b689ff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-url" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "responselike", + "version": "3.0.0", + "bom-ref": "responselike@3.0.0", + "author": "Luke Childs", + "description": "A response-like object for mocking a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/responselike@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/responselike.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/responselike#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/responselike/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e34c87c5b35c976fabcd7bd9b9592b62885ab61b122653135caaf21b9cbcb9c887bf5fb10cb1d0a608c6eb82543bd9eb12ada318b1fa219f01719cb0df0af07a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/responselike" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decompress-response", + "version": "6.0.0", + "bom-ref": "decompress-response@6.0.0", + "author": "Sindre Sorhus", + "description": "Decompress a HTTP response if needed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-response@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decompress-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "696df9c9933a05bff8a099599dc307d8b0a866d2574d1c444b5eef137868462a305369161da24a1644810e70d1f9c9bd27ef5085799113221fbf4a638bd7a309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "mimic-response", + "version": "3.1.0", + "bom-ref": "decompress-response@6.0.0|mimic-response@3.1.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf4c9623ee050ebaf0792f199ade048f91dd266932d79f8bd9ee96827dfe88ae5f5b36fa4f77e1345ab6f8c79345bd3ae1ce96af837fc2fd03cd04e33731cd19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response/node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "form-data-encoder", + "version": "2.1.4", + "bom-ref": "form-data-encoder@2.1.4", + "author": "Nick K.", + "description": "Encode FormData content into the multipart/form-data format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data-encoder@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/octet-stream/form-data-encoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c8361280d32b6aabe7c621173b8862f3cf986716870ba40acdbe4df388910930de44eed900ba62aff95599ffee5d4867c14af63b81d4f2cfe7eb1fb23634241f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data-encoder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http2-wrapper", + "version": "2.2.1", + "bom-ref": "http2-wrapper@2.2.1", + "author": "Szymon Marczak", + "description": "HTTP2 client, just with the familiar `https` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http2-wrapper@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http2-wrapper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5799d5c353c03a07c8dcb99e6a3d84c667a0edf7a78e1454833d653d27b3cb50ae84f61b810b5b423e2365f10010c95a2febeea6cbe18ea0b28f3a1bd32c6c99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http2-wrapper" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "resolve-alpn", + "version": "1.2.1", + "bom-ref": "resolve-alpn@1.2.1", + "author": "Szymon Marczak", + "description": "Detects the ALPN protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-alpn@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/resolve-alpn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1ad45e25ef7fd915939a9099d0dc5be4276fa0493416cffaf6284e4e7436344f13e6e61e0692a91659f338ed3ec7b1b9ceb5c255105e1ea42572eaeed0dcafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-alpn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lowercase-keys", + "version": "3.0.0", + "bom-ref": "lowercase-keys@3.0.0", + "author": "Sindre Sorhus", + "description": "Lowercase the keys of an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lowercase-keys@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/lowercase-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a33082ea0750fa0957390b2f78a0f462c0f2f034901630d3cf8cf2cc41cd579f893f90fad8b99f0d9ea8d5cc9c171f68b86f78d0ce5d13c0bc0937b0763d9859" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lowercase-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-cancelable", + "version": "3.0.0", + "bom-ref": "p-cancelable@3.0.0", + "author": "Sindre Sorhus", + "description": "Create a promise that can be canceled", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-cancelable@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-cancelable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a55604773c6bb3968d0c993764e1c5ea5d69704032e738d4c083ab26eb65e430912247137718bdd27df918beac289db90905cac8ed4befe5987dca3be7da253" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-cancelable" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eabbc27de456f8e1196a0001e2530b48db933586562d5b4a71c2bbf554937ffff24d8e5538281ca47f343be6d92bc35ea6cee95277791be425320d7257fda265" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90df5d25bbe7c921d42c896e0c7cb7d961d152edce83b07db1b63bb6c14b72d42422a9cc877844ad881d3234d8baa99c5d7fa52b94f596752ddc6ef336cc2664" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21f0f59cfdfb4ca8001d16206ee85cba2543988ea0c9049bc88697c33321ebaf445ba7996266a7784e3b50fd181f2e328565bf8b331e61a66979a8e5b2d2abe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e2538dabfb13b851b512d5bba8dcb3c992394eef8df45e7e5254085da73cec3c7b236d855f9679c57404e069b9cbb9d7be0aabb6e69e8dfa0da5c3f3c5b1ae3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-package-json", + "version": "2.10.0", + "bom-ref": "sort-package-json@2.10.0", + "author": "Keith Cirkel", + "description": "Sort an Object or package.json based on the well-known package.json keys", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-package-json@2.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-2.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31879c7ef39b3302638c9b2487161fb8e003917a7564c3270850bcca1a7ef470ec93b1e1477dfa85dede881b3dea54d77e2aa650d23e59009e08c441865db9d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "detect-newline", + "version": "4.0.1", + "bom-ref": "sort-package-json@2.10.0|detect-newline@4.0.1", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a84dd57a0d585f3187421940ea3cde6d9376a957fa357f80ee6eea9610861b7d1d262c6b0108583ac263b270632640929ae38fa42937d35e397ebf055746f3a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/detect-newline" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "13.2.2", + "bom-ref": "sort-package-json@2.10.0|globby@13.2.2", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@13.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635ccd195fa9cd0761ec7dfd97dce00783c9aa344dab276f7580831b81c55cce17baf49a41094473dd48535c802cbf205130e89a00407f3dd725d9944bea28d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/globby" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "4.0.0", + "bom-ref": "sort-package-json@2.10.0|slash@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddd3ac0075d7524413a4e61ca00c4b228acc4e9e20210af9216de255bec0ee5148a74547867ca79bd8b3c7a4ecb1dac87152044809558ed9ced8af1b83e0a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/slash" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "4.1.0", + "bom-ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f822faf32e50d909c84c62301b792251683322a7af9ce127852ca73e7c58e841179428219905c8d1c86c102d1f0cd502093946d9dd54db0344deb5fe6983aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "detect-indent", + "version": "7.0.1", + "bom-ref": "detect-indent@7.0.1", + "author": "Sindre Sorhus", + "description": "Detect the indentation of code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-indent@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-indent/-/detect-indent-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31ced0850f2cf9c2eb9d47d4fc98bde2f1bfafc336ea6f1ffbebf2adeb38668a236910e9675792221fc4a732cdc255aebf3499dd46c316ca6316f4c35dee9efe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "get-stdin", + "version": "9.0.0", + "bom-ref": "get-stdin@9.0.0", + "author": "Sindre Sorhus", + "description": "Get stdin as a string or buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stdin@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7552818df5a2b0b02271aac8d927fe26e044fc382157853334055ef7284426ecde44477726139313d7146894de49aefb7ec6d050ade970ea497cce7df9529968" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git-hooks-list", + "version": "3.1.0", + "bom-ref": "git-hooks-list@3.1.0", + "author": "fisker Cheung", + "description": "List of Git hooks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/git-hooks-list@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/fisker/git-hooks-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c5f15787791eeffb001b5ea7e04654d25ffd41251f50d6f10c47c240cf570483a197d3bfb3ca3dec01d0ef6238ffc679487d5b86823e2a05e8b52b784a1fe3c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/git-hooks-list" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-object-keys", + "version": "1.1.3", + "bom-ref": "sort-object-keys@1.1.3", + "author": "Keith Cirkel", + "description": "Sort an object's keys, including an optional key list", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-object-keys@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-object-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39e69bcaf95914ecf68a60f73e2639e6b781337a3407ca1845df7ab7d6a1bcc7b99a0f391e1610004e174261acb5d422123bea803308ce04ff9f3d97b420fca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-object-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-jsonc", + "version": "1.0.1", + "bom-ref": "tiny-jsonc@1.0.1", + "description": "An absurdly small JSONC parser.", + "purl": "pkg:npm/tiny-jsonc@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/fabiospampinato/jsonc-simple-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tiny-jsonc/-/tiny-jsonc-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a4e810b1cef6bd0e88847c35ff962d0bd9c58a3cf10d62f8b1529ac5765dd83e2e1b6595210e7348f5852469caeffae206f74767c51e6636a6a80fa5210fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tiny-jsonc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "open", + "version": "10.1.0", + "bom-ref": "open@10.1.0", + "author": "Sindre Sorhus", + "description": "Open stuff like URLs, files, executables. Cross-platform.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/open@10.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/open.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/open#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/open/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/open/-/open-10.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a791e435a8fe547b6c1df9a8af4c3dcd1ddfe567de8bbb48e07f4a7092d2cfb71e9c4d9887eedc9e191447b34cd7d2b6eb6a15cf9d79549db797c9a041b886b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open" + } + ], + "components": [ + { + "type": "library", + "name": "is-wsl", + "version": "3.1.0", + "bom-ref": "open@10.1.0|is-wsl@3.1.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51c55f55f68ae127389bb5f77544a81e8a3340604415e0c2fb3568d3ab7df317bc0b31d265905e90d5c7fadbb435a947a25709fd0006a92e3a1de7fb41704833" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open/node_modules/is-wsl" + } + ] + } + ] + }, + { + "type": "library", + "name": "default-browser", + "version": "5.2.1", + "bom-ref": "default-browser@5.2.1", + "author": "Sindre Sorhus", + "description": "Get the default browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser@5.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "598ff74d4304d31dca3d875147110926f5d11d5e0fc8fa14b31b596bbf25c08b7045044785dd94f713ac71a4ff6137fcb825c8023789385055121ffb16d0fc5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser" + } + ] + }, + { + "type": "library", + "name": "bundle-name", + "version": "4.1.0", + "bom-ref": "bundle-name@4.1.0", + "author": "Sindre Sorhus", + "description": "Get bundle name from a bundle identifier (macOS): `com.apple.Safari` → `Safari`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bundle-name@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/bundle-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63c0ce5ec4c83a046448fa43664e7b4db2f7594b55fc045612ead9c9da1747d2457133afde559db1cbe16a4ad496bd89ad7c53032c8c6eae8ac7c0329f0f3e5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-name" + } + ] + }, + { + "type": "library", + "name": "run-applescript", + "version": "7.0.0", + "bom-ref": "run-applescript@7.0.0", + "author": "Sindre Sorhus", + "description": "Run AppleScript and get the result", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-applescript@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/run-applescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5bcb8223f7d254aff3021415240ca2d62b71bd1d55e669b2b3f54e4c948008bafbb39223a271162cf1724bc57fb16a10fe98b8a20980ea17d74a020b7328fd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-applescript" + } + ] + }, + { + "type": "library", + "name": "default-browser-id", + "version": "5.0.0", + "bom-ref": "default-browser-id@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the bundle identifier of the default browser (macOS). Example: com.apple.Safari", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser-id@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser-id.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03aa7fa6effa7f205c0354d1cff1aa5983d58a996b7ed716da0642f6aefd9e0342280791fd7de070475740797828d5d5fb7c20209d423e4250dc81ccea572cc8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser-id" + } + ] + }, + { + "type": "library", + "name": "define-lazy-prop", + "version": "3.0.0", + "bom-ref": "define-lazy-prop@3.0.0", + "author": "Sindre Sorhus", + "description": "Define a lazily evaluated property on an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-lazy-prop@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/define-lazy-prop.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37e31e5d8a2aaf7a4e827f317f244f44437b8076a42d88e1b07856193ddf58088be08900b74883c35e108a2126d9b137d1ce575f9ab416d000dc22b97fdfc152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-lazy-prop" + } + ] + }, + { + "type": "library", + "name": "is-inside-container", + "version": "1.0.0", + "bom-ref": "is-inside-container@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a container (Docker/Podman)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-inside-container@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-inside-container.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28860b08226085f1d9c6a8d8044eeb132d0e06e4dde710874bbb47560bc22e4c7b4ad2286b1c0d5b784200b80452315f79193e306fd0c66a7fbed113105ded44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container" + } + ], + "components": [ + { + "type": "library", + "name": "is-docker", + "version": "3.0.0", + "bom-ref": "is-inside-container@1.0.0|is-docker@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a58dc8040e5127b3fec05c5a2c0792bfda708ce0fec540f90673f0d62f2e6b985116bd96b21ab8a4d5df7f4086399c9e1ff58b15bc1900ea42691e7f6b21275" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container/node_modules/is-docker" + } + ] + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "version": "4.2.0", + "bom-ref": "prompt-sync@4.2.0", + "description": "a synchronous prompt for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompt-sync@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/heapwolf/prompt-sync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompt-sync/-/prompt-sync-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06e133cdce73a6d3f92ec815e4c6444e30da29259f72197953d2ee8aef122a9ee26560f9b596a53b1bcd719470bfe776a61345afcc656f198535c44a7c93b327" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync" + } + ], + "components": [ + { + "type": "library", + "name": "strip-ansi", + "version": "5.2.0", + "bom-ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "4.1.1", + "bom-ref": "prompt-sync@4.2.0|ansi-regex@4.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b96fe24ff77fabdf4383a83f6006be2ace92d950f7c6442f593d15a423c5adcbd5a6c181bb930c074f3a9bdb1a7702d014d542b97e38cf316462bab565edee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/ansi-regex" + } + ] + } + ] + }, + { + "type": "library", + "name": "lodash.truncate", + "version": "4.4.2", + "bom-ref": "lodash.truncate@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.truncate` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.truncate@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8edb6645eedb46c7b9d8eb1620c0cb697c56a91026b4851c70043781aaef882a898da7d739f34c3b4c8c7cda5d0facdb19a4d4d0fe4dcfb7bb8004fa70a98947" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.truncate" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.2.3", + "bom-ref": "tmp@0.2.3", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d90fb9bd8823c2e60d2962671ac688182a08127cbb1dc65f287f743fa086ea0aa2cb20ef48005d065a35f5cfd3594473e25eff167b1e320c2699b20130d18f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "29.1.4", + "bom-ref": "ts-jest@29.1.4", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@29.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6221f00e14af0a222da0082c2ada0b142b9a903cc3b09d432c39d2a2e4da4e674e70ec08912cdb2d776e690e8ce4345586e642fcd61a699fe6b476d632ffd2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest" + } + ], + "components": [ + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "ts-jest@29.1.4|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest/node_modules/yargs-parser" + } + ] + } + ] + }, + { + "type": "library", + "name": "remapping", + "group": "@ampproject", + "version": "2.3.0", + "bom-ref": "@ampproject/remapping@2.3.0", + "author": "Justin Ridgewell", + "description": "Remap sequential sourcemaps through transformations to point at the original source code", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40ampproject/remapping@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ampproject/remapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ampproject/remapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ampproject/remapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df4899b403e0cfe2d3218a1e8afa98a3ce777f4da305849de6e1a71a9905574337c4eb7d68def77ab920600999538df1e157ea7272f15bd2a98374792c2e1863" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ampproject/remapping" + } + ] + }, + { + "type": "library", + "name": "js-tokens", + "version": "4.0.0", + "bom-ref": "js-tokens@4.0.0", + "author": "Simon Lydell", + "description": "A regex that tokenizes JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-tokens@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/lydell/js-tokens.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lydell/js-tokens#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lydell/js-tokens/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-tokens" + } + ] + }, + { + "type": "library", + "name": "helper-compilation-targets", + "group": "@babel", + "version": "7.23.6", + "bom-ref": "@babel/helper-compilation-targets@7.23.6", + "author": "The Babel Team", + "description": "Helper functions on Babel compilation targets", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-compilation-targets@7.23.6#packages/babel-helper-compilation-targets", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-compilation-targets", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f49079e3c199a10566ceb160a7ca3b2b17609131a6eb1b3d0d6d28fcf8a6ef65038f3af939b510e99cd83ea03e83d3934b66c142872d2c9ae4cb444308059181" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "compat-data", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/compat-data@7.24.4", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/compat-data@7.24.4#packages/babel-compat-data", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-compat-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be0f068a1d8c2cafa43a41c9a788011089326888b4d23816a2dd83f503a699f2c2f2320d48ece608bb5ae81bf3fc94810aa9de815d0bf348e1c64a25e4658d7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/compat-data" + } + ] + }, + { + "type": "library", + "name": "helper-validator-option", + "group": "@babel", + "version": "7.23.5", + "bom-ref": "@babel/helper-validator-option@7.23.5", + "author": "The Babel Team", + "description": "Validate plugin/preset options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-option@7.23.5#packages/babel-helper-validator-option", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-option", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39b6d00e30bb2be775605e44db931f2803a6137d3e2aeff1f35d22c46268dc49324f30f42dbead410fbf41c9ea79c4c5186c64731290ec8d47f7772a79e082b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-option" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "5.1.1", + "bom-ref": "lru-cache@5.1.1", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@5.1.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a9340450037230bfe8d3034bad51555bae1f8996baf516fd1ee7a186cc014e5cdedd93f16f89a0d6f0b1e62b9d8395c1f858fda7ea023cbcdd5a7ac045828f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "3.1.1", + "bom-ref": "yallist@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b850641a58f1f9f663975189c01b67b09dc412e22e05e374efdc9a0033eb365430264bd36c2bc1a90cc2eb0873e4b054fb8772ba4cea14367da96fb4685f1e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yallist" + } + ] + }, + { + "type": "library", + "name": "helper-module-transforms", + "group": "@babel", + "version": "7.23.3", + "bom-ref": "@babel/helper-module-transforms@7.23.3", + "author": "The Babel Team", + "description": "Babel helper functions for implementing ES6 module transformations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-transforms@7.23.3#packages/babel-helper-module-transforms", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-transforms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-transforms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edb06ce040fd3a6b3075f0f3a73e0ca56812ad5ec55e5737cc86a0bcb1634b91fe324ed29ebdb5bd0e90c2bb2808631f342e1ee0b40f76850b12de32933d1245" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-transforms" + } + ] + }, + { + "type": "library", + "name": "helper-environment-visitor", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-environment-visitor@7.22.20", + "author": "The Babel Team", + "description": "Helper visitor to only visit nodes in the current 'this' context", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-environment-visitor@7.22.20#packages/babel-helper-environment-visitor", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-environment-visitor", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-environment-visitor", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdf79d488cc585ab7f8058567c7b605af95e7349ea07d604215ae9bb08ebb8b9577d44a703c7090749a21cac2a0e743b777d9a2a8db1b7cf3fc59a6dc316df84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-environment-visitor" + } + ] + }, + { + "type": "library", + "name": "helper-module-imports", + "group": "@babel", + "version": "7.24.3", + "bom-ref": "@babel/helper-module-imports@7.24.3", + "author": "The Babel Team", + "description": "Babel helper functions for inserting module loads", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-imports@7.24.3#packages/babel-helper-module-imports", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-imports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-imports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be229bd05f5fdacd01092db6412177d3ccfffb5616295ffbea6c2deb5341cd2e62ccccc33f076ad694ebcdff8b8b79e90565fd29d41b91e0add6348033b959aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-imports" + } + ] + }, + { + "type": "library", + "name": "helper-simple-access", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-simple-access@7.22.5", + "author": "The Babel Team", + "description": "Babel helper for ensuring that access to a given value is performed through simple accesses", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-simple-access@7.22.5#packages/babel-helper-simple-access", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-simple-access", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-simple-access", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f41fdf44fcaf818a46b7fbe58d2f5ecf3afa38aca599ee5644a7543e7d2b556d48bc9f13d01013a54e608ec56ff426c4b9e9228a43ea2301eda91ca247377e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-simple-access" + } + ] + }, + { + "type": "library", + "name": "helper-split-export-declaration", + "group": "@babel", + "version": "7.22.6", + "bom-ref": "@babel/helper-split-export-declaration@7.22.6", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.22.6#packages/babel-helper-split-export-declaration", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-split-export-declaration", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-split-export-declaration", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02c527c6e2e1458b22b0589a270be9d5017e2372a30f914ec6eb75e2afc6ce8bd47baa2b1cb7ac5b60bb77be789119b9de1e60aabcfab0597ab31738055b44fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-split-export-declaration" + } + ] + }, + { + "type": "library", + "name": "helpers", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/helpers@7.24.4", + "author": "The Babel Team", + "description": "Collection of helper functions used by Babel transforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helpers@7.24.4#packages/babel-helpers", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helpers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helpers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15ec1d9596d28b06951a5813d433c0343b821da0cc88ea3e0ff2036111588c73aebfaeb131227b7d0c30383c113403e400320eff3d44a05fe5d810969560010f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helpers" + } + ] + }, + { + "type": "library", + "name": "helper-function-name", + "group": "@babel", + "version": "7.23.0", + "bom-ref": "@babel/helper-function-name@7.23.0", + "author": "The Babel Team", + "description": "Helper function to change the property 'name' of every function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-function-name@7.23.0#packages/babel-helper-function-name", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-function-name", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-function-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "384ac4aacaf18d94c97226783a8f9ea19a9e5bd50888e72e60a449038640815f66c80fa93978619a97cd08a8c41ff6ae55f11854527acb54dce2bd1e200a6a8b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-function-name" + } + ] + }, + { + "type": "library", + "name": "helper-hoist-variables", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-hoist-variables@7.22.5", + "author": "The Babel Team", + "description": "Helper function to hoist variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-hoist-variables@7.22.5#packages/babel-helper-hoist-variables", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-hoist-variables", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-hoist-variables", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c068e4f50655cef92703ac8a2145116fccd8de0ad709c399b7effb59ccbc3b6b9cb7186996650f90e76582836199d55e7b673dd895db7f5c6932d54d6dfa3147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-hoist-variables" + } + ] + }, + { + "type": "library", + "name": "helper-string-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/helper-string-parser@7.24.1", + "author": "The Babel Team", + "description": "A utility package to parse strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-string-parser@7.24.1#packages/babel-helper-string-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-string-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-string-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "da87d10a39e703dcbec24f1bf4801112ba1e50fd36287a78df53769a12a78b2db22880caa5bac7bfd797c26f1c05e59061c266cefe6a282bbae4fe3b78217b09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-string-parser" + } + ] + }, + { + "type": "library", + "name": "to-fast-properties", + "version": "2.0.0", + "bom-ref": "to-fast-properties@2.0.0", + "author": "Sindre Sorhus", + "description": "Force V8 to use fast properties for an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-fast-properties@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/to-fast-properties.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fce68a2b4c58aecdc39b1458a8bff20dcf85c455156210e55cc8519afdf3f75e70d87175b67375a26077e788fc55418efe16d1cf20fa637b00eefec64bf71ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-fast-properties" + } + ] + }, + { + "type": "library", + "name": "gensync", + "version": "1.0.0-beta.2", + "bom-ref": "gensync@1.0.0-beta.2", + "author": "Logan Smyth", + "description": "Allows users to use generators in order to write common functions that can be both sync or async.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gensync@1.0.0-beta.2", + "externalReferences": [ + { + "url": "git+https://github.com/loganfsmyth/gensync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de137b35ab2462f3032d0639e609d6dcd43e99eb0401ea53aa583e5446e3ef3cea10c055361cdc19861ea85a3f4e5633e9e42215ca751dcb0264efa71a04bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gensync" + } + ] + }, + { + "type": "library", + "name": "resolve-uri", + "group": "@jridgewell", + "version": "3.1.2", + "bom-ref": "@jridgewell/resolve-uri@3.1.2", + "author": "Justin Ridgewell", + "description": "Resolve a URI relative to an optional base URI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/resolve-uri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d12128022233f6d3fb5b5923d63048b9e1054f45913192e0fd9492fe508c542adc15240f305b54eb6f58ccb354455e8d42053359ff98690bd42f98a59da292b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/resolve-uri" + } + ] + }, + { + "type": "library", + "name": "load-nyc-config", + "group": "@istanbuljs", + "version": "1.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0", + "description": "Utility function to load nyc configuration", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/load-nyc-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5637874a5233a6ffcdc83dcdd18b877d738f0c88b1700d6ad9957df30b0ca9c6253e6bf69f761bda560ff5730496768555783903b60b4de2eee95f38b900e399" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from" + } + ] + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "5.3.1", + "bom-ref": "camelcase@5.3.1", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@5.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "test-exclude", + "version": "6.0.0", + "bom-ref": "test-exclude@6.0.0", + "author": "Ben Coe", + "description": "test for inclusion or exclusion of paths using globs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/test-exclude@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/test-exclude.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/test-exclude/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7001963c8c8e1d4eb396683cf23c26ed54725e730dee257af0e1806d80e4fcc87fc42fe9cd53e542d63a9e0a081ffe7fb5c8ae8467ef11253c1ab1eb7310f9eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "test-exclude@6.0.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/brace-expansion" + } + ] + } + ] + }, + { + "type": "library", + "name": "babel__generator", + "group": "@types", + "version": "7.6.8", + "bom-ref": "@types/babel__generator@7.6.8", + "description": "TypeScript definitions for @babel/generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__generator@7.6.8#types/babel__generator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012b23fada440ec12216bd5aad6ae537a57799d7e344c66de8bb4afd5a7f92b7852e7af9407e7e0e1bc3e6720d6195f3c09bd7786abed398945dc03356ba96b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__generator" + } + ] + }, + { + "type": "library", + "name": "babel__template", + "group": "@types", + "version": "7.4.4", + "bom-ref": "@types/babel__template@7.4.4", + "description": "TypeScript definitions for @babel/template", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__template@7.4.4#types/babel__template", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "87f354692c86e44cb1048a7c611c68e1131edbfa9082fca8c11c1533385884108e35b5bc3d4b20e2590532b86066151ee73dcbdcc88b0eebf227f09a3dad80f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__template" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "29.6.3", + "bom-ref": "babel-preset-jest@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@29.6.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d01ddb87147ab27597259b51fd19621d30cf4609f5b0d1ce474c95b6afc8890172b8e563152fb0ba2a3f478812364c9898a989078c0666fd8d65a9e62a64e734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "29.6.3", + "bom-ref": "babel-plugin-jest-hoist@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@29.6.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11201cfd126f193144cd1c0e4d3e3e94d0e4fc634732429b373b2f4f4a8a45f0f2c984ec931079ae75369e3203615c570811c7108d5cd18c07a1bdd6698ba33a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "ts-mocha", + "version": "10.0.0", + "bom-ref": "ts-mocha@10.0.0", + "author": "Piotr Witek", + "description": "Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-mocha@10.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/piotrwitek/ts-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-mocha/-/ts-mocha-10.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5517e00cefa28ae24594d075f2dcce7f2a49db5c67db16ee6720ef26faa94db5a0900803d7b38d1abf2df9397cadc06d3817635e9e5efd193e777f5fed704747" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ts-node", + "version": "7.0.1", + "bom-ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@7.0.1", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "055c156cf251b29ccd876c9fb25c93d4f49b979b88934dc46656f8f7744a1cde2a7a3fc3d3a9f570486394e246ebda05b04ece4fc5e3a5351c61fea92932cc87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/ts-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arrify", + "version": "1.0.1", + "bom-ref": "ts-mocha@10.0.0|arrify@1.0.1", + "author": "Sindre Sorhus", + "description": "Convert a value to an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arrify@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/arrify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/arrify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/arrify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc26337b1f4cf451908c218c1b28baff7d5cf0625b81bd2a1b2af1e475b13ddd1a0b0878701d988cc6f65dff54ba8a20accae53bd713aa7079ac8e461d94dc50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/arrify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "3.5.0", + "bom-ref": "ts-mocha@10.0.0|diff@3.5.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@3.5.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "038eaab4581dfa0ee90d98a7a67c22449b716c2d61a607f4bb33f7886f3db1c1e4d00502ec0d531b17f93a288e52ffc931947c18eb7c84bf74d215746cecb9c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "0.5.6", + "bom-ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "author": "James Halliday", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "externalReferences": [ + { + "url": "git+https://github.com/substack/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "2.0.0", + "bom-ref": "ts-mocha@10.0.0|yn@2.0.0", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b93bfc27fc225938144e0fbdbcb4e2fff95e525e6f0d04baba28bf7a67936f6b2c63bbe5e9059fd9f15b2081a39e18ef6dd2a553479ded03e063586d4c2f3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/yn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "buffer-from", + "version": "1.1.2", + "bom-ref": "buffer-from@1.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/LinusU/buffer-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/LinusU/buffer-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/LinusU/buffer-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-from" + } + ] + }, + { + "type": "library", + "name": "tsconfig-paths", + "version": "3.15.0", + "bom-ref": "tsconfig-paths@3.15.0", + "author": "Jonas Kello", + "description": "Load node modules according to tsconfig paths, in run-time or via API.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsconfig-paths@3.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/dividab/tsconfig-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80736460cc37bf727e3c1af39edccfa8f36a4415ec03dd43dbca85071dd29ab07c092a376ce1f2d759ffd4c799004c128ddb4a1a146bbe8db125a75a68b349a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "json5", + "version": "1.0.2", + "bom-ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "author": "Aseem Kishore", + "description": "JSON for humans.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83531630b062cfc14a8b57b8c3453254bdf0fa225c7960050406819e718a3a935ae5ff132e4b646eb7b5facea8202c9d5809be1d15064e623efffc6fda1bd760" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "3.0.0", + "bom-ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdabc03115ce80154d17a9f210498bdc304ad7d891a437282305beb3043e09b1a2bbb963bbab7e264940d4c1f07a85ad69d82de0849552c5cbc83ab7e1d75cc0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/strip-bom" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "json5", + "group": "@types", + "version": "0.0.29", + "bom-ref": "@types/json5@0.0.29", + "author": "Jason Swearingen", + "description": "TypeScript definitions for JSON5", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json5@0.0.29", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7512e30961d8838a1a03bedcc4eeb8a0efbb2700b09c8ce464f76bac2ef58d0990b6584ce79ea9c0aa396d4ceabd99dd9156de14b2088bef530b8d09345e6135" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "group": "@cspotcode", + "version": "0.8.1", + "bom-ref": "@cspotcode/source-map-support@0.8.1", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40cspotcode/source-map-support@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21c84d7fa74de2d1e8305227ffb384f0b599d7d63aabfebb0667fabe719112ff1149b0556fd2cf27111c9f0adcc17ea2c52bda886a2898052fbb8612c57ad583" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support" + } + ], + "components": [ + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.9", + "bom-ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.9", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc17a5b7ab5d73c6cf800b5b72676d349962ad5a139846f97b6802f783e7930116f6323a0801d47a81bce6d8d63f95aabaa7dabe832d330886e0ff76e9928ab9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping" + } + ] + } + ] + }, + { + "type": "library", + "name": "node10", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node10@1.0.11", + "description": "A base TSConfig for working with Node 10.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node10@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0dc4630c2ba32bf90293f7147bc5f3f194a99bc992de634da6d6be8c6080e944840df92d94dbe6d7e22e67d7937036cd938d411f0a471de5be37594a0b3e333b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node10" + } + ] + }, + { + "type": "library", + "name": "node12", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node12@1.0.11", + "description": "A base TSConfig for working with Node 12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node12@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72a79fb91b21d76a56c86b08a0128903d96e16ede6471080f8e459bc0e24b4b4b322e094b56571188b978a01303b9ff2c1614c67640418a5af9191b5cc33136a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node12" + } + ] + }, + { + "type": "library", + "name": "node14", + "group": "@tsconfig", + "version": "1.0.3", + "bom-ref": "@tsconfig/node14@1.0.3", + "description": "A base TSConfig for working with Node 14.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node14@1.0.3#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cac4fc9a1762c562ba1f0de2d55d80791a99e567d78351b8de6aa86253369dceb7f3c16ae63717cabe6646ca9588bc7f18961da0bd1b7d70fc9e617e667fc8a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node14" + } + ] + }, + { + "type": "library", + "name": "node16", + "group": "@tsconfig", + "version": "1.0.4", + "bom-ref": "@tsconfig/node16@1.0.4", + "description": "A base TSConfig for working with Node 16.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node16@1.0.4#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf1854cb827c9727b28a71fb033975a5d778dc6261647fed3f6c1e37c4e7b506e5398f80d176d3f03264d7fa023ee38eca0fc96bbe7bac6d028077160bc39f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node16" + } + ] + }, + { + "type": "library", + "name": "acorn-walk", + "version": "8.3.2", + "bom-ref": "acorn-walk@8.3.2", + "description": "ECMAScript (ESTree) AST walker", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-walk@8.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "723932bf83ad34221eaa11eb7d2f354165e80813c4c51fc9eb6a3212a7a9570f16690792aa95b6ba1b8b3e1d66f5e5a10ee3a8fe35175539627ef7ac396a7fe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-walk" + } + ] + }, + { + "type": "library", + "name": "create-require", + "version": "1.1.1", + "bom-ref": "create-require@1.1.1", + "description": "Polyfill for Node.js module.createRequire (<= v12.2.0)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-require@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/nuxt-contrib/create-require.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "75c2855f78e7d0ca486978e2b2846f7b12095442b36aaef3dab64ac5ff8c4abf5391d9879ac5389b695c2e88eb8ff14797c9a4e55c4c99803e7ed4643ffde829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-require" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "4.0.2", + "bom-ref": "diff@4.0.2", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@4.0.2", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c966c4a480e013722f3f871cc53394e129834f4557e7afe9931edef262860771ce073067c5681043e600b0991bd2e6a9f56834c30aa6db48613546eae0d8ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache-lib", + "version": "3.0.1", + "bom-ref": "v8-compile-cache-lib@3.0.1", + "author": "Andrew Bradley", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache-lib@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/v8-compile-cache-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1aed88f25067cd667808fefb4ad141c037e9600c2c413c2ca55571a9d33bb9f45cf96a21ad3576aadc3848a2fd3adcca2b07e55fb9f2e1dc9945d8a7532b7c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache-lib" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "3.1.1", + "bom-ref": "yn@3.1.1", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yn" + } + ] + }, + { + "type": "library", + "name": "tsimportlib", + "version": "0.0.5", + "bom-ref": "tsimportlib@0.0.5", + "author": "Andrew Bradley", + "purl": "pkg:npm/tsimportlib@0.0.5", + "externalReferences": [ + { + "url": "https://github.com/cspotcode/tsimportlib", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/tsimportlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsimportlib/-/tsimportlib-0.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9642ffc2dd80783f08fbed9d8794e45fcb912c58771262deba55094c334c5988a5f0b687b54b17e9ce61d7eb6b1d260cd4e9eb2b046b72448971e8ed8e14fad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsimportlib" + } + ] + }, + { + "type": "library", + "name": "colors", + "group": "@colors", + "version": "1.6.0", + "bom-ref": "@colors/colors@1.6.0", + "author": "DABH", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40colors/colors@1.6.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/DABH/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DABH/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DABH/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "22bf803a26eaceb22c2fa6a3b77473dcbb2407b3a23151ea96d666b296d6fd326e4d5bb238c8ab56a0248df63a2484a22c783236a89c002f00c871c6ccd77f74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@colors/colors" + } + ] + }, + { + "type": "library", + "name": "diagnostics", + "group": "@dabh", + "version": "2.0.3", + "bom-ref": "@dabh/diagnostics@2.0.3", + "author": "Arnout Kazemier", + "description": "Tools for debugging your node.js modules and event loop", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40dabh/diagnostics@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/diagnostics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "86b9503888bb8407f3b0caa519217256e72bc77f0efa3eb088639ffff1f679cbc812a60de000c1492da22cc879505c83ba708d9e25083e4feadeb885bf8e7144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@dabh/diagnostics" + } + ] + }, + { + "type": "library", + "name": "colorspace", + "version": "1.1.4", + "bom-ref": "colorspace@1.1.4", + "author": "Arnout Kazemier", + "description": "Generate HEX colors for a given namespace.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colorspace@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/colorspace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "060bca262b95bb58a00541769048d10995e897ac228866d8e62a4bfe854fc26d012fdb08a4c23333c20aeefc2ec48233397315dc4cb9c3ebf1866d2b47f4cdf3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace" + } + ], + "components": [ + { + "type": "library", + "name": "color", + "version": "3.2.1", + "bom-ref": "colorspace@1.1.4|color@3.2.1", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68197b75923d10d37a7d4182ee65a93133cd1e659448d6a7f6db9637a6a187964b364f5b68b24e9d2325ad090772b7c5833dbf462823515023771dfa55c7a628" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "colorspace@1.1.4|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "colorspace@1.1.4|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-name" + } + ] + } + ] + }, + { + "type": "library", + "name": "text-hex", + "version": "1.0.0", + "bom-ref": "text-hex@1.0.0", + "author": "Arnout Kazemier", + "description": "Generate a hex color from the given text", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-hex@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/text-hex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae546356ce0278ca145a3528ae6cf63b3a3212c38b30e04e54bf4c1b8e9f8ecdc6e6554febb13f2e8e07172619fdca9cec82be6f973a4fa8ff8c04129c1af6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-hex" + } + ] + }, + { + "type": "library", + "name": "enabled", + "version": "2.0.0", + "bom-ref": "enabled@2.0.0", + "author": "Arnout Kazemier", + "description": "Check if a certain debug flag is enabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enabled@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/enabled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00aacdf7c92ec0eccc21d022cd7188f3a505068a36e822f6d5433beb7cb587f18c489e3f38753d936625b26069c92705a3fc1b2f35902413025b8f883b7ffe39" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enabled" + } + ] + }, + { + "type": "library", + "name": "kuler", + "version": "2.0.0", + "bom-ref": "kuler@2.0.0", + "author": "Arnout Kazemier", + "description": "Color your terminal using CSS/hex color codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kuler@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/kuler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eaf671fb2a559999702da1d5c30d113bbece8353581353ccd80c70e258b4a2a78e44830ab7a652c7ccf9f6ecd82fccbdabd4b30f0b5bddaa1f7cb10c6daa3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kuler" + } + ] + }, + { + "type": "library", + "name": "logform", + "version": "2.6.0", + "bom-ref": "logform@2.6.0", + "author": "Charlie Robbins", + "description": "An mutable object-based log format designed for chaining & objectMode streams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/logform@2.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/logform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/logform#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/logform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6e94778d3e9ea4fcb0fc1fdd68ed56050678398b504313b1e82b155b66218589d4b5463eb9a9ccb02f15fea557c03e840912345dbca72eb0ac0eba91c254e55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/logform" + } + ] + }, + { + "type": "library", + "name": "fecha", + "version": "4.2.3", + "bom-ref": "fecha@4.2.3", + "author": "Taylor Hakes", + "description": "Date formatting and parsing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fecha@4.2.3", + "externalReferences": [ + { + "url": "git+https://taylorhakes@github.com/taylorhakes/fecha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/taylorhakes/fecha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/taylorhakes/fecha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38fd88514e877982898b78b4cf8035f641cc4282d5b381dcf833eaab123687f0cf6474e6fef8ec7c2e8fd1be2308ccb5e178b32c1aaf9dd43e522943efbd3b27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fecha" + } + ] + }, + { + "type": "library", + "name": "safe-stable-stringify", + "version": "2.4.3", + "bom-ref": "safe-stable-stringify@2.4.3", + "author": "Ruben Bridgewater", + "description": "Deterministic and safely JSON.stringify to quickly serialize JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-stable-stringify@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/BridgeAR/safe-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b66c30365894f4c31b1e55de25b033f8fb738d5fa1e931741ad5984543b494f868ef3910a64a16c2325b6bb480df9188551eb39c3ed8fe2a198305d3dd643d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "version": "1.4.1", + "bom-ref": "triple-beam@1.4.1", + "author": "Charlie Robbins", + "description": "Definitions of levels for logging purposes & shareable Symbol constants.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/triple-beam@1.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/triple-beam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6996e056266b83540d706f8b50b6bb9e16692536522e6fe65e71d79db01b8e63796926b4cbb57ec2fbfafb859a06da48489cd384acbe3c83f173536ad4427d9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/triple-beam" + } + ] + }, + { + "type": "library", + "name": "one-time", + "version": "1.0.0", + "bom-ref": "one-time@1.0.0", + "author": "Arnout Kazemier", + "description": "Run the supplied function exactly one time (once)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/one-time@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/one-time.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e435ce8912b0b9211c43f974906085e90de37000c5bf9b52991689724fceaa454570eceeb41d77e0a4527c5d310eb2f7f4c367ab16c705b51472364885381bda" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/one-time" + } + ] + }, + { + "type": "library", + "name": "fn.name", + "version": "1.1.0", + "bom-ref": "fn.name@1.1.0", + "author": "Arnout Kazemier", + "description": "Extract names from functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fn.name@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/fn.name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1919e607980fc89a4085341d4994d2a7db9a3d2be5d3d2a861c310b6c07dad0a0e9b3b3d747e9f7de71c1fe67e72fe8febc1eee5b0ba263461e0087f98748d47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fn.name" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.3.0", + "bom-ref": "string_decoder@1.3.0", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string_decoder" + } + ] + }, + { + "type": "library", + "name": "stack-trace", + "version": "0.0.10", + "bom-ref": "stack-trace@0.0.10", + "author": "Felix Geisendörfer", + "description": "Get v8 stack traces as an array of CallSite objects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-trace@0.0.10", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-stack-trace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "286cda85cee9b942a4cf232df88a807a9f9354d6ca3fe9362e6c21b9bdfd9b502c4d291a0eeb71e7a6830a8f872c3cdffc3dba0481d32563624c6d4a0098900a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-trace" + } + ] + }, + { + "type": "library", + "name": "winston-transport", + "version": "4.7.0", + "bom-ref": "winston-transport@4.7.0", + "author": "Charlie Robbins", + "description": "Base stream implementations for winston@3 and up.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston-transport@4.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/winstonjs/winston-transport.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a3063eb92b923b75e9f37abd88616ebed9b34856a2c60c7a83c373b0f0e861faf756fabbf8319e9e883bc7a0a85f2456766aec8df1bc9789e0c327de9588e36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston-transport" + } + ] + }, + { + "type": "library", + "name": "xlsx-populate", + "version": "1.21.0", + "bom-ref": "xlsx-populate@1.21.0", + "author": "Dave T. Johnson", + "description": "Excel XLSX parser/generator written in JavaScript with Node.js and browser support, jQuery/d3-style method chaining, and a focus on keeping existing workbook features and styles in tact.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xlsx-populate@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/dtjohnson/xlsx-populate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xlsx-populate/-/xlsx-populate-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2fd869bc05e857a3a2d4eca4fcd364285d33e4618d522a4e55f20fd4b98667341dc9cd7aae77f3fdf4fc6bdb25de2b2b7eb0a9426ad9a2773ea340d89ed6147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate" + } + ], + "components": [ + { + "type": "library", + "name": "sax", + "version": "1.3.0", + "bom-ref": "xlsx-populate@1.21.0|sax@1.3.0", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2cfa8026c3dccb975575712f41b5937b240774716e5ed101f85b72d610ae9ae0b68b100d8e4e919858363ee976ac04bb73eb0926deed71470f79991b89e7d58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate/node_modules/sax" + } + ] + } + ] + }, + { + "type": "library", + "name": "cfb", + "version": "1.2.2", + "bom-ref": "cfb@1.2.2", + "author": "sheetjs", + "description": "Compound File Binary File Format extractor", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/cfb@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-cfb.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-cfb/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cfb/-/cfb-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "29f75466c48ec35f7f39b1166acbc13ff01ce2b799bc019ab9986ce92fe0a8d857848edc2b0be51fbba58fe74e1189dc6b86e6e121a8f02d5b4c042f9d38e040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cfb" + } + ] + }, + { + "type": "library", + "name": "adler-32", + "version": "1.3.1", + "bom-ref": "adler-32@1.3.1", + "author": "sheetjs", + "description": "Pure-JS ADLER-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/adler-32@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-adler32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/opensource", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-adler32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/adler-32/-/adler-32-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca7678c3f9d452fe6baec47c5141a87b5542f61663e95e6153d430d4794c0c9184270e52ed37d312b5938cccace8ceefaf461670faacdea02be2cb349c37cff8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/adler-32" + } + ] + }, + { + "type": "library", + "name": "crc-32", + "version": "1.2.2", + "bom-ref": "crc-32@1.2.2", + "author": "sheetjs", + "description": "Pure-JS CRC-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/crc-32@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44e9b308aad39cec326cf709029000e960568a3db71d57c654d2aaaab669bb264e1ea2b60b01d2be91aecadfd434dbda22311df17e48146a78321f887b520725" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/crc-32" + } + ] + }, + { + "type": "library", + "name": "jszip", + "version": "3.10.1", + "bom-ref": "jszip@3.10.1", + "author": "Stuart Knightley", + "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip", + "licenses": [ + { + "expression": "(MIT OR GPL-3.0-or-later)" + } + ], + "purl": "pkg:npm/jszip@3.10.1", + "externalReferences": [ + { + "url": "git+https://github.com/Stuk/jszip.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Stuk/jszip#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Stuk/jszip/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c570ef79cc93a462eba85aef92b512a31c5f248e401fb53ccf1c6d55c969b14b4c0aae09436f742d8f005b973b1a09ebfd8fe82be6d031ba8adaa9ad937a4de2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip" + } + ], + "components": [ + { + "type": "library", + "name": "readable-stream", + "version": "2.3.8", + "bom-ref": "jszip@3.10.1|readable-stream@2.3.8", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.1.2", + "bom-ref": "jszip@3.10.1|safe-buffer@5.1.2", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.1.1", + "bom-ref": "jszip@3.10.1|string_decoder@1.1.1", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/string_decoder" + } + ] + } + ] + }, + { + "type": "library", + "name": "lie", + "version": "3.3.0", + "bom-ref": "lie@3.3.0", + "description": "A basic but performant promise implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lie@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/lie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lie" + } + ] + }, + { + "type": "library", + "name": "immediate", + "version": "3.0.6", + "bom-ref": "immediate@3.0.6", + "description": "A cross browser microtask library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/immediate@3.0.6", + "externalReferences": [ + { + "url": "git://github.com/calvinmetcalf/immediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d7385b72a838cd0c043155f631b85ee0f4897f21b5a69a5420d8c60a387f04c484f5aa0eb1738cf24b71da10401382cd5bb5fcf1ab5e5c894898ee08d25d119" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/immediate" + } + ] + }, + { + "type": "library", + "name": "pako", + "version": "1.0.11", + "bom-ref": "pako@1.0.11", + "description": "zlib port to javascript - fast, modularized, with browser support", + "licenses": [ + { + "expression": "(MIT AND Zlib)" + } + ], + "purl": "pkg:npm/pako@1.0.11", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/pako.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/pako", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/pako/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pako" + } + ] + }, + { + "type": "library", + "name": "core-util-is", + "version": "1.0.3", + "bom-ref": "core-util-is@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "The `util.is*` functions introduced in Node v0.12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/core-util-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/core-util-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/core-util-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-util-is" + } + ] + }, + { + "type": "library", + "name": "isarray", + "version": "1.0.0", + "bom-ref": "isarray@1.0.0", + "author": "Julian Gruber", + "description": "Array#isArray for older browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/isarray.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/isarray", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/isarray/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isarray" + } + ] + }, + { + "type": "library", + "name": "process-nextick-args", + "version": "2.0.1", + "bom-ref": "process-nextick-args@2.0.1", + "description": "process.nextTick but always with args", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/process-nextick-args" + } + ] + }, + { + "type": "library", + "name": "setimmediate", + "version": "1.0.5", + "bom-ref": "setimmediate@1.0.5", + "author": "YuzuJS", + "description": "A shim for the setImmediate efficient script yielding API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/setimmediate@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/YuzuJS/setImmediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3004c9759a7cb0ba8397febc2df4266cff3328f2d0355e81219a0882bb1c14343e46cbcafc1c5e0d03a0cb128aa21d32ffc87706a5459c2a90fe077eade8885c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setimmediate" + } + ] + }, + { + "type": "library", + "name": "sax", + "version": "1.2.1", + "bom-ref": "sax@1.2.1", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d9adcba2f1d33a99bb355e723b23bc207aa056c7cae3e52ec92ad753c617912457ee4ea1095f5bdc7ae4282af79cca608fed1b9a871a2495a9be9d6873b64" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sax" + } + ] + }, + { + "type": "library", + "name": "xmlbuilder", + "version": "11.0.1", + "bom-ref": "xmlbuilder@11.0.1", + "author": "Ozgur Ozcitak", + "description": "An XML builder for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlbuilder@11.0.1", + "externalReferences": [ + { + "url": "git://github.com/oozcitak/xmlbuilder-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c396c23f905131ee02ef6de71cd3fa212c6e747ee810a7caf21f3313b96f6f49ad462745d858a9e1b14c7ba227b71bdf3eaf9e9a4d0214078921b78d91dc9bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlbuilder" + } + ] + }, + { + "type": "library", + "name": "zip-lib", + "version": "1.0.4", + "bom-ref": "zip-lib@1.0.4", + "author": "fpsqdb", + "description": "zip and unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/zip-lib@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/fpsqdb/zip-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/zip-lib/-/zip-lib-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b5cc0c2d4b13fddc60110330c685add0148fdd054af6f57faf0ece46452f1ba4045bc1a06550d3873844f050de44e0f4beb306f500c52eb789f5e4ce61ce7a4f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/zip-lib" + } + ] + }, + { + "type": "library", + "name": "yauzl", + "version": "3.1.3", + "bom-ref": "yauzl@3.1.3", + "author": "Josh Wolfe", + "description": "yet another unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yauzl@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yauzl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yauzl/-/yauzl-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "24209d9a52495afecbd2afcaca539e93245a52b744a14c5691655c828ae8b1344e0855a24bda7634d3c4f586fdd5a93b6f53794b1019125896a6ca5b65c722bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yauzl" + } + ] + }, + { + "type": "library", + "name": "buffer-crc32", + "version": "0.2.13", + "bom-ref": "buffer-crc32@0.2.13", + "author": "Brian J. Brennan", + "description": "A pure javascript CRC32 algorithm that plays nice with binary data", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/buffer-crc32@0.2.13", + "externalReferences": [ + { + "url": "git://github.com/brianloveswords/buffer-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54ef47b7ffa9dd237b48a5aa72b804ce319b4522584f1f90d694d00b4c2b5aa1f1d2fa49ada43a1ad1f1f2dbdc835ae52b56f2854e6071cc603a08fb0744c391" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-crc32" + } + ] + }, + { + "type": "library", + "name": "pend", + "version": "1.2.0", + "bom-ref": "pend@1.2.0", + "author": "Andrew Kelley", + "description": "dead-simple optimistic async helper", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pend@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/andrewrk/node-pend.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andrewrk/node-pend#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andrewrk/node-pend/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1776acbf8d94b97721773b7ec57a9f5b538695505efa6c5ada6a88d29839c801d93ef16663763a76b49ffc643503ce9681610df4ace1fd6ae029aea219c1d72e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pend" + } + ] + }, + { + "type": "library", + "name": "yazl", + "version": "2.5.1", + "bom-ref": "yazl@2.5.1", + "author": "Josh Wolfe", + "description": "yet another zip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yazl@2.5.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yazl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yazl/-/yazl-2.5.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6110d8b63cb8879c76fa401568b7e7499da019d31a2c8fba777d697ece7223043967308d8fb19089677d3a04f4c539a1dfe6a743108f31e6a16b48e04de6faf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yazl" + } + ] + } + ], + "dependencies": [ + { + "ref": "@mitre/saf@1.4.7", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@aws-sdk/client-securityhub@3.590.0", + "@e965/xlsx@0.20.1", + "@mitre/emass_client@3.10.0", + "@mitre/hdf-converters@2.10.8", + "@mitre/heimdall-lite@2.10.9", + "@mitre/inspec-objects@1.0.1", + "@oclif/core@3.26.9", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-plugins@5.2.2", + "@oclif/plugin-version@2.2.2", + "@oclif/plugin-warn-if-update-available@3.1.4", + "@oclif/test@3.2.15", + "@smithy/node-http-handler@3.0.0", + "@types/chai@4.3.14", + "@types/express@4.17.21", + "@types/flat@5.0.5", + "@types/fs-extra@11.0.4", + "@types/get-installed-path@4.0.3", + "@types/jest@29.5.12", + "@types/js-yaml@4.0.9", + "@types/lodash@4.17.4", + "@types/mocha@10.0.6", + "@types/mock-fs@4.13.4", + "@types/mustache@4.2.5", + "@types/node@20.14.1", + "@types/objects-to-csv@1.3.3", + "@types/prompt-sync@4.2.3", + "@types/tmp@0.2.6", + "@types/uuid@9.0.8", + "@types/xml2js@0.4.14", + "@typescript-eslint/eslint-plugin@7.12.0", + "accurate-search@1.2.15", + "ajv@8.16.0", + "axios@1.7.2", + "chai@4.4.1", + "colors@1.4.0", + "csv-parse@4.16.3", + "dotenv@16.4.5", + "eslint-config-oclif-typescript@1.0.3", + "eslint-config-oclif@4.0.0", + "eslint-plugin-unicorn@52.0.0", + "eslint@8.57.0", + "express@4.19.2", + "fast-xml-parser@4.4.0", + "flat@5.0.2", + "form-data@4.0.0", + "fs-extra@11.2.0", + "get-installed-path@4.0.8", + "htmlparser2@9.1.0", + "https@1.0.0", + "inquirer-file-tree-selection-prompt@2.0.2", + "inquirer@8.0.0", + "inspecjs@2.10.8", + "jest-mock@29.7.0", + "jest@29.7.0", + "js-yaml@4.1.0", + "json-colorizer@2.2.2", + "lodash@4.17.21", + "markdown-diff@2.0.0", + "markdown-table-ts@1.0.3", + "marked@12.0.2", + "mocha@10.4.0", + "mock-fs@5.2.0", + "moment@2.30.1", + "mustache@4.2.0", + "objects-to-csv@1.3.6", + "oclif@4.13.0", + "open@10.1.0", + "prompt-sync@4.2.0", + "run-script-os@1.1.6", + "table@6.8.2", + "tmp@0.2.3", + "ts-jest@29.1.4", + "ts-mocha@10.0.0", + "ts-node@10.9.2", + "tsimportlib@0.0.5", + "tslib@2.6.3", + "typescript@5.1.6", + "uuid@9.0.1", + "winston@3.13.0", + "xlsx-populate@1.21.0", + "xml2js@0.6.2", + "yaml@2.4.3", + "zip-lib@1.0.4" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0", + "dependsOn": [ + "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/util@3.0.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/util@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/util@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/types@3.577.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-utf8-browser@3.259.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-locate-window@3.535.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "tslib@2.6.3" + }, + { + "ref": "@aws-sdk/middleware-host-header@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-logger@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/config-resolver@3.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/core@2.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/fetch-http-handler@3.0.1", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/invalid-dependency@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-content-length@3.0.0", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-endpoint@3.0.1", + "dependsOn": [ + "@smithy/middleware-serde@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-retry@3.0.3", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/service-error-classification@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "tslib@2.6.3", + "uuid@9.0.1" + ] + }, + { + "ref": "@smithy/middleware-serde@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-stack@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-config-provider@3.1.0", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-http-handler@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/protocol-http@4.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/smithy-client@3.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-stack@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/types@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/url-parser@3.0.0", + "dependsOn": [ + "@smithy/querystring-parser@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-base64@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-browser@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-node@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-browser@3.0.3", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-node@3.0.3", + "dependsOn": [ + "@smithy/config-resolver@3.0.1", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-endpoints@2.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-middleware@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-retry@3.0.0", + "dependsOn": [ + "@smithy/service-error-classification@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-utf8@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/signature-v4@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/is-array-buffer@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-hex-encoding@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-uri-escape@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "strnum@1.0.5" + }, + { + "ref": "@smithy/property-provider@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-stream@3.0.1", + "dependsOn": [ + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/credential-provider-imds@3.1.0", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/shared-ini-file-loader@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-config-provider@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "bowser@2.11.0" + }, + { + "ref": "@smithy/querystring-builder@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-buffer-from@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/service-error-classification@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0" + ] + }, + { + "ref": "uuid@9.0.1" + }, + { + "ref": "@smithy/querystring-parser@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@e965/xlsx@0.20.1" + }, + { + "ref": "@mitre/emass_client@3.10.0", + "dependsOn": [ + "@mitre/emass_client@3.10.0|axios@0.21.4" + ] + }, + { + "ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "dependsOn": [ + "follow-redirects@1.15.6" + ] + }, + { + "ref": "follow-redirects@1.15.6" + }, + { + "ref": "@mitre/hdf-converters@2.10.8", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@e965/xlsx@0.20.1", + "@mdi/js@7.4.47", + "@mitre/jsonix@3.0.7", + "@smithy/node-http-handler@3.0.0", + "@types/csv2json@1.4.5", + "@types/ms@0.7.34", + "@types/mustache@4.2.5", + "@types/papaparse@5.3.14", + "@types/revalidator@0.3.12", + "@types/triple-beam@1.3.5", + "@types/validator@13.12.0", + "@types/xml2js@0.4.14", + "axios@1.7.2", + "compare-versions@6.1.0", + "csv2json@2.0.2", + "fast-xml-parser@4.4.0", + "html-entities@2.5.2", + "htmlparser2@9.1.0", + "inspecjs@2.10.8", + "lodash@4.17.21", + "moment@2.30.1", + "ms@2.1.3", + "mustache@4.2.0", + "papaparse@5.4.1", + "revalidator@0.3.1", + "run-script-os@1.1.6", + "semver@7.6.2", + "tailwindcss@3.4.3", + "tw-elements@1.1.0", + "validator@13.12.0", + "winston@3.13.0", + "xml-formatter@3.6.2", + "xml-parser-xo@4.1.1", + "xml2js@0.6.2", + "yaml@2.4.3" + ] + }, + { + "ref": "@mdi/js@7.4.47" + }, + { + "ref": "@mitre/jsonix@3.0.7", + "dependsOn": [ + "@xmldom/xmldom@0.8.10", + "amdefine@0.0.4", + "xmlhttprequest@1.8.0" + ] + }, + { + "ref": "@xmldom/xmldom@0.8.10" + }, + { + "ref": "amdefine@0.0.4" + }, + { + "ref": "xmlhttprequest@1.8.0" + }, + { + "ref": "@types/csv2json@1.4.5", + "dependsOn": [ + "@types/pumpify@1.4.4" + ] + }, + { + "ref": "@types/pumpify@1.4.4", + "dependsOn": [ + "@types/duplexify@3.6.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/duplexify@3.6.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/node@20.14.1", + "dependsOn": [ + "undici-types@5.26.5" + ] + }, + { + "ref": "@types/ms@0.7.34" + }, + { + "ref": "@types/mustache@4.2.5" + }, + { + "ref": "@types/papaparse@5.3.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/revalidator@0.3.12" + }, + { + "ref": "@types/triple-beam@1.3.5" + }, + { + "ref": "@types/validator@13.12.0" + }, + { + "ref": "@types/xml2js@0.4.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "axios@1.7.2", + "dependsOn": [ + "follow-redirects@1.15.6", + "form-data@4.0.0", + "proxy-from-env@1.1.0" + ] + }, + { + "ref": "compare-versions@6.1.0" + }, + { + "ref": "csv2json@2.0.2", + "dependsOn": [ + "csv-parser@2.3.5", + "exec-promise@0.7.0", + "minimist@1.2.8", + "promise-toolbox@0.14.0", + "pump@3.0.0", + "pumpify@2.0.1", + "strip-bom-stream@4.0.0", + "through2@3.0.2" + ] + }, + { + "ref": "csv-parser@2.3.5", + "dependsOn": [ + "minimist@1.2.8", + "through2@3.0.2" + ] + }, + { + "ref": "minimist@1.2.8" + }, + { + "ref": "through2@3.0.2", + "dependsOn": [ + "inherits@2.0.4", + "readable-stream@3.6.2" + ] + }, + { + "ref": "exec-promise@0.7.0", + "dependsOn": [ + "log-symbols@1.0.2" + ] + }, + { + "ref": "log-symbols@1.0.2", + "dependsOn": [ + "log-symbols@1.0.2|chalk@1.1.3" + ] + }, + { + "ref": "log-symbols@1.0.2|chalk@1.1.3", + "dependsOn": [ + "log-symbols@1.0.2|ansi-styles@2.2.1", + "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "has-ansi@2.0.0", + "log-symbols@1.0.2|strip-ansi@3.0.1", + "log-symbols@1.0.2|supports-color@2.0.0" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-styles@2.2.1" + }, + { + "ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "log-symbols@1.0.2|ansi-regex@2.1.1" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-regex@2.1.1" + }, + { + "ref": "log-symbols@1.0.2|supports-color@2.0.0" + }, + { + "ref": "has-ansi@2.0.0", + "dependsOn": [ + "has-ansi@2.0.0|ansi-regex@2.1.1" + ] + }, + { + "ref": "has-ansi@2.0.0|ansi-regex@2.1.1" + }, + { + "ref": "promise-toolbox@0.14.0", + "dependsOn": [ + "make-error@1.3.6" + ] + }, + { + "ref": "make-error@1.3.6" + }, + { + "ref": "pump@3.0.0", + "dependsOn": [ + "end-of-stream@1.4.4", + "once@1.4.0" + ] + }, + { + "ref": "end-of-stream@1.4.4", + "dependsOn": [ + "once@1.4.0" + ] + }, + { + "ref": "once@1.4.0", + "dependsOn": [ + "wrappy@1.0.2" + ] + }, + { + "ref": "pumpify@2.0.1", + "dependsOn": [ + "duplexify@4.1.3", + "inherits@2.0.4", + "pump@3.0.0" + ] + }, + { + "ref": "duplexify@4.1.3", + "dependsOn": [ + "end-of-stream@1.4.4", + "inherits@2.0.4", + "readable-stream@3.6.2", + "stream-shift@1.0.3" + ] + }, + { + "ref": "inherits@2.0.4" + }, + { + "ref": "readable-stream@3.6.2", + "dependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "stream-shift@1.0.3" + }, + { + "ref": "strip-bom-stream@4.0.0", + "dependsOn": [ + "first-chunk-stream@3.0.0", + "strip-bom-buf@2.0.0" + ] + }, + { + "ref": "first-chunk-stream@3.0.0" + }, + { + "ref": "strip-bom-buf@2.0.0", + "dependsOn": [ + "is-utf8@0.2.1" + ] + }, + { + "ref": "is-utf8@0.2.1" + }, + { + "ref": "fast-xml-parser@4.4.0", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "html-entities@2.5.2" + }, + { + "ref": "htmlparser2@9.1.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "domutils@3.1.0", + "entities@4.5.0" + ] + }, + { + "ref": "inspecjs@2.10.8" + }, + { + "ref": "lodash@4.17.21" + }, + { + "ref": "moment@2.30.1" + }, + { + "ref": "ms@2.1.3" + }, + { + "ref": "mustache@4.2.0" + }, + { + "ref": "papaparse@5.4.1" + }, + { + "ref": "revalidator@0.3.1" + }, + { + "ref": "run-script-os@1.1.6" + }, + { + "ref": "semver@7.6.2" + }, + { + "ref": "tailwindcss@3.4.3", + "dependsOn": [ + "@alloc/quick-lru@5.2.0", + "arg@5.0.2", + "chokidar@3.5.3", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "postcss-import@15.1.0", + "postcss-js@4.0.1", + "postcss-load-config@4.0.2", + "postcss-nested@6.0.1", + "postcss-selector-parser@6.0.16", + "postcss@8.4.38", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "@alloc/quick-lru@5.2.0" + }, + { + "ref": "arg@5.0.2" + }, + { + "ref": "chokidar@3.5.3", + "dependsOn": [ + "anymatch@3.1.3", + "braces@3.0.2", + "fsevents@2.3.3", + "chokidar@3.5.3|glob-parent@5.1.2", + "is-binary-path@2.1.0", + "is-glob@4.0.3", + "normalize-path@3.0.0", + "readdirp@3.6.0" + ] + }, + { + "ref": "chokidar@3.5.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "didyoumean@1.2.2" + }, + { + "ref": "dlv@1.1.3" + }, + { + "ref": "fast-glob@3.3.2", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "fast-glob@3.3.2|glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.5" + ] + }, + { + "ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "@nodelib/fs.stat@2.0.5" + }, + { + "ref": "@nodelib/fs.walk@1.2.8", + "dependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.17.1" + ] + }, + { + "ref": "is-glob@4.0.3", + "dependsOn": [ + "is-extglob@2.1.1" + ] + }, + { + "ref": "merge2@1.4.1" + }, + { + "ref": "micromatch@4.0.5", + "dependsOn": [ + "braces@3.0.2", + "picomatch@2.3.1" + ] + }, + { + "ref": "glob-parent@6.0.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "jiti@1.21.0" + }, + { + "ref": "lilconfig@2.1.0" + }, + { + "ref": "braces@3.0.2", + "dependsOn": [ + "fill-range@7.0.1" + ] + }, + { + "ref": "picomatch@2.3.1" + }, + { + "ref": "normalize-path@3.0.0" + }, + { + "ref": "object-hash@3.0.0" + }, + { + "ref": "picocolors@1.0.0" + }, + { + "ref": "postcss-import@15.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "postcss-value-parser@4.2.0" + }, + { + "ref": "postcss@8.4.38", + "dependsOn": [ + "nanoid@3.3.7", + "picocolors@1.0.0", + "source-map-js@1.2.0" + ] + }, + { + "ref": "read-cache@1.0.0", + "dependsOn": [ + "pify@2.3.0" + ] + }, + { + "ref": "pify@2.3.0" + }, + { + "ref": "resolve@1.22.8", + "dependsOn": [ + "is-core-module@2.13.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ] + }, + { + "ref": "postcss-js@4.0.1", + "dependsOn": [ + "camelcase-css@2.0.1", + "postcss@8.4.38" + ] + }, + { + "ref": "camelcase-css@2.0.1" + }, + { + "ref": "postcss-load-config@4.0.2", + "dependsOn": [ + "postcss-load-config@4.0.2|lilconfig@3.1.1", + "postcss@8.4.38", + "ts-node@10.9.2", + "yaml@2.4.3" + ] + }, + { + "ref": "postcss-load-config@4.0.2|lilconfig@3.1.1" + }, + { + "ref": "ts-node@10.9.2", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1", + "@tsconfig/node10@1.0.11", + "@tsconfig/node12@1.0.11", + "@tsconfig/node14@1.0.3", + "@tsconfig/node16@1.0.4", + "@types/node@20.14.1", + "acorn-walk@8.3.2", + "acorn@8.11.3", + "ts-node@10.9.2|arg@4.1.3", + "create-require@1.1.1", + "diff@4.0.2", + "make-error@1.3.6", + "typescript@5.1.6", + "v8-compile-cache-lib@3.0.1", + "yn@3.1.1" + ] + }, + { + "ref": "ts-node@10.9.2|arg@4.1.3" + }, + { + "ref": "yaml@2.4.3" + }, + { + "ref": "postcss-nested@6.0.1", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "postcss-selector-parser@6.0.16", + "dependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "cssesc@3.0.0" + }, + { + "ref": "util-deprecate@1.0.2" + }, + { + "ref": "nanoid@3.3.7" + }, + { + "ref": "source-map-js@1.2.0" + }, + { + "ref": "is-core-module@2.13.1", + "dependsOn": [ + "hasown@2.0.2" + ] + }, + { + "ref": "path-parse@1.0.7" + }, + { + "ref": "supports-preserve-symlinks-flag@1.0.0" + }, + { + "ref": "sucrase@3.35.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "sucrase@3.35.0|commander@4.1.1", + "sucrase@3.35.0|glob@10.3.12", + "lines-and-columns@1.2.4", + "mz@2.7.0", + "pirates@4.0.6", + "ts-interface-checker@0.1.13" + ] + }, + { + "ref": "sucrase@3.35.0|commander@4.1.1" + }, + { + "ref": "sucrase@3.35.0|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "sucrase@3.35.0|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "sucrase@3.35.0|minipass@7.0.4" + }, + { + "ref": "@jridgewell/gen-mapping@0.3.5", + "dependsOn": [ + "@jridgewell/set-array@1.2.1", + "@jridgewell/sourcemap-codec@1.4.15", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "@jridgewell/set-array@1.2.1" + }, + { + "ref": "@jridgewell/sourcemap-codec@1.4.15" + }, + { + "ref": "@jridgewell/trace-mapping@0.3.25", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "foreground-child@3.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "foreground-child@3.1.1|signal-exit@4.1.0" + ] + }, + { + "ref": "foreground-child@3.1.1|signal-exit@4.1.0" + }, + { + "ref": "cross-spawn@7.0.3", + "dependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ] + }, + { + "ref": "jackspeak@2.3.6", + "dependsOn": [ + "@isaacs/cliui@8.0.2", + "@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2", + "dependsOn": [ + "string-width@4.2.3", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.5h3h9846p8.g5nk6qdc128", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "wrap-ansi@7.0.0", + "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "eastasianwidth@0.2.0", + "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1" + }, + { + "ref": "string-width@4.2.3", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "emoji-regex@8.0.0" + }, + { + "ref": "is-fullwidth-code-point@3.0.0" + }, + { + "ref": "strip-ansi@6.0.1", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "ansi-regex@5.0.1" + }, + { + "ref": "wrap-ansi@7.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-styles@4.3.0", + "dependsOn": [ + "color-convert@2.0.1" + ] + }, + { + "ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@pkgjs/parseargs@0.11.0" + }, + { + "ref": "minimatch@9.0.4", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "path-scurry@1.10.2", + "dependsOn": [ + "path-scurry@1.10.2|lru-cache@10.2.0", + "path-scurry@1.10.2|minipass@7.0.4" + ] + }, + { + "ref": "path-scurry@1.10.2|lru-cache@10.2.0" + }, + { + "ref": "path-scurry@1.10.2|minipass@7.0.4" + }, + { + "ref": "lines-and-columns@1.2.4" + }, + { + "ref": "mz@2.7.0", + "dependsOn": [ + "any-promise@1.3.0", + "object-assign@4.1.1", + "thenify-all@1.6.0" + ] + }, + { + "ref": "any-promise@1.3.0" + }, + { + "ref": "object-assign@4.1.1" + }, + { + "ref": "thenify-all@1.6.0", + "dependsOn": [ + "thenify@3.3.1" + ] + }, + { + "ref": "thenify@3.3.1", + "dependsOn": [ + "any-promise@1.3.0" + ] + }, + { + "ref": "pirates@4.0.6" + }, + { + "ref": "ts-interface-checker@0.1.13" + }, + { + "ref": "tw-elements@1.1.0", + "dependsOn": [ + "@popperjs/core@2.11.8", + "chart.js@3.9.1", + "chartjs-plugin-datalabels@2.2.0", + "deepmerge@4.3.1", + "detect-autofill@1.1.4", + "perfect-scrollbar@1.5.5", + "tw-elements@1.1.0|tailwindcss@3.3.0" + ] + }, + { + "ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "dependsOn": [ + "arg@5.0.2", + "chokidar@3.5.3", + "color-name@1.1.4", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "tw-elements@1.1.0|postcss-import@14.1.0", + "postcss-js@4.0.1", + "tw-elements@1.1.0|postcss-load-config@3.1.4", + "tw-elements@1.1.0|postcss-nested@6.0.0", + "postcss-selector-parser@6.0.16", + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "quick-lru@5.1.1", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "dependsOn": [ + "lilconfig@2.1.0", + "postcss@8.4.38", + "ts-node@10.9.2", + "tw-elements@1.1.0|yaml@1.10.2" + ] + }, + { + "ref": "tw-elements@1.1.0|yaml@1.10.2" + }, + { + "ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "@popperjs/core@2.11.8" + }, + { + "ref": "chart.js@3.9.1" + }, + { + "ref": "chartjs-plugin-datalabels@2.2.0", + "dependsOn": [ + "chart.js@3.9.1" + ] + }, + { + "ref": "deepmerge@4.3.1" + }, + { + "ref": "detect-autofill@1.1.4", + "dependsOn": [ + "custom-event-polyfill@1.0.7" + ] + }, + { + "ref": "custom-event-polyfill@1.0.7" + }, + { + "ref": "perfect-scrollbar@1.5.5" + }, + { + "ref": "color-name@1.1.4" + }, + { + "ref": "quick-lru@5.1.1" + }, + { + "ref": "validator@13.12.0" + }, + { + "ref": "winston@3.13.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@dabh/diagnostics@2.0.3", + "async@3.2.5", + "is-stream@2.0.1", + "logform@2.6.0", + "one-time@1.0.0", + "readable-stream@3.6.2", + "safe-stable-stringify@2.4.3", + "stack-trace@0.0.10", + "triple-beam@1.4.1", + "winston-transport@4.7.0" + ] + }, + { + "ref": "xml-formatter@3.6.2", + "dependsOn": [ + "xml-parser-xo@4.1.1" + ] + }, + { + "ref": "xml-parser-xo@4.1.1" + }, + { + "ref": "xml2js@0.6.2", + "dependsOn": [ + "sax@1.2.1", + "xmlbuilder@11.0.1" + ] + }, + { + "ref": "@mitre/heimdall-lite@2.10.9", + "dependsOn": [ + "express@4.19.2" + ] + }, + { + "ref": "express@4.19.2", + "dependsOn": [ + "accepts@1.3.8", + "array-flatten@1.1.1", + "body-parser@1.20.2", + "content-disposition@0.5.4", + "content-type@1.0.5", + "cookie-signature@1.0.6", + "cookie@0.6.0", + "express@4.19.2|debug@2.6.9", + "depd@2.0.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "finalhandler@1.2.0", + "fresh@0.5.2", + "http-errors@2.0.0", + "merge-descriptors@1.0.1", + "methods@1.1.2", + "on-finished@2.4.1", + "parseurl@1.3.3", + "path-to-regexp@0.1.7", + "proxy-addr@2.0.7", + "qs@6.11.0", + "range-parser@1.2.1", + "safe-buffer@5.2.1", + "send@0.18.0", + "serve-static@1.15.0", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "type-is@1.6.18", + "utils-merge@1.0.1", + "vary@1.1.2" + ] + }, + { + "ref": "express@4.19.2|debug@2.6.9", + "dependsOn": [ + "express@4.19.2|ms@2.0.0" + ] + }, + { + "ref": "express@4.19.2|ms@2.0.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1", + "dependsOn": [ + "@types/flat@5.0.5", + "@types/he@1.2.3", + "@types/json-diff@0.7.0", + "@types/jstoxml@2.0.4", + "@types/lodash@4.17.4", + "@types/mustache@4.2.5", + "@types/pretty@2.0.3", + "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "flat@5.0.2", + "he@1.2.0", + "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "inspecjs@2.10.8", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json-diff@0.9.1", + "jstoxml@3.2.10", + "lodash@4.17.21", + "mustache@4.2.0", + "pretty@2.0.0", + "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "winston@3.13.0", + "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "@mitre/inspec-objects@1.0.1|entities@3.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "rimraf@3.0.2", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "terminal-link@2.1.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "dependsOn": [ + "@types/node@20.14.1", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "dependsOn": [ + "execa@5.1.1", + "p-limit@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "micromatch@4.0.5", + "parse-json@5.2.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "is-generator-fn@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "p-limit@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/babel__traverse@7.20.5", + "@types/prettier@2.7.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "natural-compare@1.4.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "semver@7.6.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "ansi-regex@5.0.1", + "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "execa@5.1.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "jest-pnp-resolver@1.2.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "leven@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "string-length@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "prompts@2.4.2", + "yargs@17.7.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + }, + { + "ref": "@types/flat@5.0.5" + }, + { + "ref": "@types/he@1.2.3" + }, + { + "ref": "@types/json-diff@0.7.0" + }, + { + "ref": "@types/jstoxml@2.0.4" + }, + { + "ref": "@types/lodash@4.17.4" + }, + { + "ref": "@types/pretty@2.0.3" + }, + { + "ref": "flat@5.0.2" + }, + { + "ref": "he@1.2.0" + }, + { + "ref": "domelementtype@2.3.0" + }, + { + "ref": "chalk@4.1.2", + "dependsOn": [ + "ansi-styles@4.3.0", + "chalk@4.1.2|supports-color@7.2.0" + ] + }, + { + "ref": "chalk@4.1.2|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "slash@3.0.0" + }, + { + "ref": "@bcoe/v8-coverage@0.2.3" + }, + { + "ref": "collect-v8-coverage@1.0.2" + }, + { + "ref": "exit@0.1.2" + }, + { + "ref": "glob@7.2.3", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "glob@7.2.3|minimatch@3.1.2", + "once@1.4.0", + "path-is-absolute@1.0.1" + ] + }, + { + "ref": "glob@7.2.3|minimatch@3.1.2", + "dependsOn": [ + "glob@7.2.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "glob@7.2.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "graceful-fs@4.2.11" + }, + { + "ref": "istanbul-lib-coverage@3.2.2" + }, + { + "ref": "@babel/core@7.24.4", + "dependsOn": [ + "@ampproject/remapping@2.3.0", + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-compilation-targets@7.23.6", + "@babel/helper-module-transforms@7.23.3", + "@babel/helpers@7.24.4", + "@babel/parser@7.24.4", + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "convert-source-map@2.0.0", + "debug@4.3.4", + "gensync@1.0.0-beta.2", + "json5@2.2.3", + "@babel/core@7.24.4|semver@6.3.1" + ] + }, + { + "ref": "@babel/core@7.24.4|semver@6.3.1" + }, + { + "ref": "@babel/parser@7.24.4" + }, + { + "ref": "@istanbuljs/schema@0.1.3" + }, + { + "ref": "istanbul-lib-report@3.0.1", + "dependsOn": [ + "istanbul-lib-coverage@3.2.2", + "make-dir@4.0.0", + "istanbul-lib-report@3.0.1|supports-color@7.2.0" + ] + }, + { + "ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "istanbul-lib-source-maps@4.0.1", + "dependsOn": [ + "debug@4.3.4", + "istanbul-lib-coverage@3.2.2", + "source-map@0.6.1" + ] + }, + { + "ref": "istanbul-reports@3.1.7", + "dependsOn": [ + "html-escaper@2.0.2", + "istanbul-lib-report@3.0.1" + ] + }, + { + "ref": "merge-stream@2.0.0" + }, + { + "ref": "supports-color@8.1.1", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "string-length@4.0.2", + "dependsOn": [ + "char-regex@1.0.2", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "terminal-link@2.1.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "supports-hyperlinks@2.3.0" + ] + }, + { + "ref": "ansi-escapes@4.3.2", + "dependsOn": [ + "type-fest@0.21.3" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0", + "dependsOn": [ + "has-flag@4.0.0", + "supports-hyperlinks@2.3.0|supports-color@7.2.0" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "v8-to-istanbul@9.2.0", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "@types/istanbul-lib-coverage@2.0.6", + "convert-source-map@2.0.0" + ] + }, + { + "ref": "@types/istanbul-lib-coverage@2.0.6" + }, + { + "ref": "babel-plugin-istanbul@6.1.1", + "dependsOn": [ + "@babel/helper-plugin-utils@7.24.0", + "@istanbuljs/load-nyc-config@1.1.0", + "@istanbuljs/schema@0.1.3", + "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "test-exclude@6.0.0" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "babel-plugin-istanbul@6.1.1|semver@6.3.1" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1" + }, + { + "ref": "fast-json-stable-stringify@2.1.0" + }, + { + "ref": "write-file-atomic@4.0.2", + "dependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@3.0.7" + ] + }, + { + "ref": "execa@5.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "get-stream@6.0.1", + "human-signals@2.1.0", + "is-stream@2.0.1", + "merge-stream@2.0.0", + "npm-run-path@4.0.1", + "onetime@5.1.2", + "signal-exit@3.0.7", + "strip-final-newline@2.0.0" + ] + }, + { + "ref": "p-limit@3.1.0", + "dependsOn": [ + "yocto-queue@0.1.0" + ] + }, + { + "ref": "co@4.6.0" + }, + { + "ref": "is-generator-fn@2.1.0" + }, + { + "ref": "stack-utils@2.0.6", + "dependsOn": [ + "stack-utils@2.0.6|escape-string-regexp@2.0.0" + ] + }, + { + "ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0" + }, + { + "ref": "parse-json@5.2.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "error-ex@1.3.2", + "json-parse-even-better-errors@2.3.1", + "lines-and-columns@1.2.4" + ] + }, + { + "ref": "strip-json-comments@3.1.1" + }, + { + "ref": "@types/graceful-fs@4.1.9", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "anymatch@3.1.3", + "dependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.1" + ] + }, + { + "ref": "fb-watchman@2.0.2", + "dependsOn": [ + "bser@2.1.1" + ] + }, + { + "ref": "fsevents@2.3.3" + }, + { + "ref": "walker@1.0.8", + "dependsOn": [ + "makeerror@1.0.12" + ] + }, + { + "ref": "@babel/code-frame@7.24.2", + "dependsOn": [ + "@babel/highlight@7.24.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "@types/stack-utils@2.0.3" + }, + { + "ref": "jest-pnp-resolver@1.2.3", + "dependsOn": [ + "jest-resolve@29.7.0" + ] + }, + { + "ref": "detect-newline@3.1.0" + }, + { + "ref": "source-map-support@0.5.13", + "dependsOn": [ + "buffer-from@1.1.2", + "source-map@0.6.1" + ] + }, + { + "ref": "type-detect@4.0.8" + }, + { + "ref": "callsites@3.1.0" + }, + { + "ref": "cjs-module-lexer@1.2.3" + }, + { + "ref": "strip-bom@4.0.0" + }, + { + "ref": "@babel/generator@7.24.4", + "dependsOn": [ + "@babel/types@7.24.0", + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25", + "@babel/generator@7.24.4|jsesc@2.5.2" + ] + }, + { + "ref": "@babel/generator@7.24.4|jsesc@2.5.2" + }, + { + "ref": "@babel/plugin-syntax-typescript@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-function-name@7.23.0", + "@babel/helper-hoist-variables@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "debug@4.3.4", + "@babel/traverse@7.24.1|globals@11.12.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1|globals@11.12.0" + }, + { + "ref": "@babel/types@7.24.0", + "dependsOn": [ + "@babel/helper-string-parser@7.24.1", + "@babel/helper-validator-identifier@7.22.20", + "to-fast-properties@2.0.0" + ] + }, + { + "ref": "@types/babel__traverse@7.20.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/prettier@2.7.3" + }, + { + "ref": "babel-preset-current-node-syntax@1.0.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/plugin-syntax-async-generators@7.8.4", + "@babel/plugin-syntax-bigint@7.8.3", + "@babel/plugin-syntax-class-properties@7.12.13", + "@babel/plugin-syntax-import-meta@7.10.4", + "@babel/plugin-syntax-json-strings@7.8.3", + "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-numeric-separator@7.10.4", + "@babel/plugin-syntax-object-rest-spread@7.8.3", + "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-syntax-top-level-await@7.14.5" + ] + }, + { + "ref": "natural-compare@1.4.0" + }, + { + "ref": "leven@3.1.0" + }, + { + "ref": "react-is@18.2.0" + }, + { + "ref": "rimraf@3.0.2", + "dependsOn": [ + "glob@7.2.3" + ] + }, + { + "ref": "@types/istanbul-reports@3.0.4", + "dependsOn": [ + "@types/istanbul-lib-report@3.0.3" + ] + }, + { + "ref": "@types/yargs@17.0.32", + "dependsOn": [ + "@types/yargs-parser@21.0.3" + ] + }, + { + "ref": "import-local@3.1.0", + "dependsOn": [ + "pkg-dir@4.2.0", + "resolve-cwd@3.0.0" + ] + }, + { + "ref": "prompts@2.4.2", + "dependsOn": [ + "kleur@3.0.3", + "sisteransi@1.0.5" + ] + }, + { + "ref": "kleur@3.0.3" + }, + { + "ref": "sisteransi@1.0.5" + }, + { + "ref": "yargs@17.7.2", + "dependsOn": [ + "cliui@8.0.1", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs@17.7.2|yargs-parser@21.1.1" + ] + }, + { + "ref": "yargs@17.7.2|yargs-parser@21.1.1" + }, + { + "ref": "json-diff@0.9.1", + "dependsOn": [ + "cli-color@2.0.4", + "difflib@0.2.4", + "dreamopt@0.8.0" + ] + }, + { + "ref": "cli-color@2.0.4", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "memoizee@0.4.15", + "timers-ext@0.1.7" + ] + }, + { + "ref": "d@1.0.2", + "dependsOn": [ + "es5-ext@0.10.64", + "type@2.7.2" + ] + }, + { + "ref": "es5-ext@0.10.64", + "dependsOn": [ + "es6-iterator@2.0.3", + "es6-symbol@3.1.4", + "esniff@2.0.1", + "next-tick@1.1.0" + ] + }, + { + "ref": "type@2.7.2" + }, + { + "ref": "es6-iterator@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "es6-symbol@3.1.4", + "dependsOn": [ + "d@1.0.2", + "ext@1.7.0" + ] + }, + { + "ref": "ext@1.7.0", + "dependsOn": [ + "type@2.7.2" + ] + }, + { + "ref": "esniff@2.0.1", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "event-emitter@0.3.5", + "type@2.7.2" + ] + }, + { + "ref": "event-emitter@0.3.5", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64" + ] + }, + { + "ref": "next-tick@1.1.0" + }, + { + "ref": "memoizee@0.4.15", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-weak-map@2.0.3", + "event-emitter@0.3.5", + "is-promise@2.2.2", + "lru-queue@0.1.0", + "next-tick@1.1.0", + "timers-ext@0.1.7" + ] + }, + { + "ref": "es6-weak-map@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "is-promise@2.2.2" + }, + { + "ref": "lru-queue@0.1.0", + "dependsOn": [ + "es5-ext@0.10.64" + ] + }, + { + "ref": "timers-ext@0.1.7", + "dependsOn": [ + "es5-ext@0.10.64", + "next-tick@1.1.0" + ] + }, + { + "ref": "difflib@0.2.4", + "dependsOn": [ + "heap@0.2.7" + ] + }, + { + "ref": "heap@0.2.7" + }, + { + "ref": "dreamopt@0.8.0", + "dependsOn": [ + "wordwrap@1.0.0" + ] + }, + { + "ref": "wordwrap@1.0.0" + }, + { + "ref": "jstoxml@3.2.10" + }, + { + "ref": "pretty@2.0.0", + "dependsOn": [ + "condense-newlines@0.2.1", + "extend-shallow@2.0.1", + "js-beautify@1.15.1" + ] + }, + { + "ref": "condense-newlines@0.2.1", + "dependsOn": [ + "extend-shallow@2.0.1", + "is-whitespace@0.3.0", + "kind-of@3.2.2" + ] + }, + { + "ref": "extend-shallow@2.0.1", + "dependsOn": [ + "is-extendable@0.1.1" + ] + }, + { + "ref": "is-whitespace@0.3.0" + }, + { + "ref": "kind-of@3.2.2", + "dependsOn": [ + "is-buffer@1.1.6" + ] + }, + { + "ref": "is-buffer@1.1.6" + }, + { + "ref": "is-extendable@0.1.1" + }, + { + "ref": "js-beautify@1.15.1", + "dependsOn": [ + "config-chain@1.1.13", + "editorconfig@1.0.4", + "js-beautify@1.15.1|glob@10.3.12", + "js-cookie@3.0.5", + "nopt@7.2.0" + ] + }, + { + "ref": "js-beautify@1.15.1|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "js-beautify@1.15.1|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "js-beautify@1.15.1|minipass@7.0.4" + }, + { + "ref": "config-chain@1.1.13", + "dependsOn": [ + "ini@1.3.8", + "proto-list@1.2.4" + ] + }, + { + "ref": "ini@1.3.8" + }, + { + "ref": "proto-list@1.2.4" + }, + { + "ref": "editorconfig@1.0.4", + "dependsOn": [ + "@one-ini/wasm@0.1.1", + "commander@10.0.1", + "editorconfig@1.0.4|minimatch@9.0.1", + "semver@7.6.2" + ] + }, + { + "ref": "editorconfig@1.0.4|minimatch@9.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "@one-ini/wasm@0.1.1" + }, + { + "ref": "commander@10.0.1" + }, + { + "ref": "brace-expansion@2.0.1", + "dependsOn": [ + "balanced-match@1.0.2" + ] + }, + { + "ref": "js-cookie@3.0.5" + }, + { + "ref": "nopt@7.2.0", + "dependsOn": [ + "abbrev@2.0.0" + ] + }, + { + "ref": "abbrev@2.0.0" + }, + { + "ref": "@types/babel__core@7.20.5", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "@types/babel__generator@7.6.8", + "@types/babel__template@7.4.4", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@babel/template@7.24.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "bs-logger@0.2.6", + "dependsOn": [ + "fast-json-stable-stringify@2.1.0" + ] + }, + { + "ref": "json5@2.2.3" + }, + { + "ref": "lodash.memoize@4.1.2" + }, + { + "ref": "@oclif/core@3.26.9", + "dependsOn": [ + "@types/cli-progress@3.11.5", + "ansi-escapes@4.3.2", + "ansi-styles@4.3.0", + "cardinal@2.1.1", + "chalk@4.1.2", + "clean-stack@3.0.1", + "cli-progress@3.12.0", + "color@4.2.3", + "@oclif/core@3.26.9|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "hyperlinker@1.0.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "@oclif/core@3.26.9|js-yaml@3.14.1", + "minimatch@9.0.4", + "natural-orderby@2.0.3", + "object-treeify@1.1.33", + "password-prompt@1.1.3", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "supports-color@8.1.1", + "supports-hyperlinks@2.3.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/core@3.26.9|debug@4.3.5", + "dependsOn": [ + "@oclif/core@3.26.9|ms@2.1.2" + ] + }, + { + "ref": "@oclif/core@3.26.9|ms@2.1.2" + }, + { + "ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "dependsOn": [ + "@oclif/core@3.26.9|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@oclif/core@3.26.9|argparse@1.0.10", + "dependsOn": [ + "@oclif/core@3.26.9|sprintf-js@1.0.3" + ] + }, + { + "ref": "@oclif/core@3.26.9|sprintf-js@1.0.3" + }, + { + "ref": "@types/cli-progress@3.11.5", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "type-fest@0.21.3" + }, + { + "ref": "color-convert@2.0.1", + "dependsOn": [ + "color-name@1.1.4" + ] + }, + { + "ref": "cardinal@2.1.1", + "dependsOn": [ + "ansicolors@0.3.2", + "redeyed@2.1.1" + ] + }, + { + "ref": "ansicolors@0.3.2" + }, + { + "ref": "redeyed@2.1.1", + "dependsOn": [ + "esprima@4.0.1" + ] + }, + { + "ref": "esprima@4.0.1" + }, + { + "ref": "has-flag@4.0.0" + }, + { + "ref": "clean-stack@3.0.1", + "dependsOn": [ + "escape-string-regexp@4.0.0" + ] + }, + { + "ref": "escape-string-regexp@4.0.0" + }, + { + "ref": "cli-progress@3.12.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "color@4.2.3", + "dependsOn": [ + "color-convert@2.0.1", + "color-string@1.9.1" + ] + }, + { + "ref": "color-string@1.9.1", + "dependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2", + "dependsOn": [ + "simple-swizzle@0.2.2|is-arrayish@0.3.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2" + }, + { + "ref": "ejs@3.1.10", + "dependsOn": [ + "jake@10.8.7" + ] + }, + { + "ref": "jake@10.8.7", + "dependsOn": [ + "async@3.2.5", + "chalk@4.1.2", + "filelist@1.0.4", + "jake@10.8.7|minimatch@3.1.2" + ] + }, + { + "ref": "jake@10.8.7|minimatch@3.1.2", + "dependsOn": [ + "jake@10.8.7|brace-expansion@1.1.11" + ] + }, + { + "ref": "jake@10.8.7|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "async@3.2.5" + }, + { + "ref": "filelist@1.0.4", + "dependsOn": [ + "filelist@1.0.4|minimatch@5.1.6" + ] + }, + { + "ref": "filelist@1.0.4|minimatch@5.1.6", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "balanced-match@1.0.2" + }, + { + "ref": "concat-map@0.0.1" + }, + { + "ref": "get-package-type@0.1.0" + }, + { + "ref": "globby@11.1.0", + "dependsOn": [ + "array-union@2.1.0", + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "slash@3.0.0" + ] + }, + { + "ref": "array-union@2.1.0" + }, + { + "ref": "dir-glob@3.0.1", + "dependsOn": [ + "path-type@4.0.0" + ] + }, + { + "ref": "path-type@4.0.0" + }, + { + "ref": "ignore@5.3.1" + }, + { + "ref": "hyperlinker@1.0.0" + }, + { + "ref": "indent-string@4.0.0" + }, + { + "ref": "is-wsl@2.2.0", + "dependsOn": [ + "is-docker@2.2.1" + ] + }, + { + "ref": "is-docker@2.2.1" + }, + { + "ref": "natural-orderby@2.0.3" + }, + { + "ref": "object-treeify@1.1.33" + }, + { + "ref": "password-prompt@1.1.3", + "dependsOn": [ + "ansi-escapes@4.3.2", + "cross-spawn@7.0.3" + ] + }, + { + "ref": "slice-ansi@4.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "astral-regex@2.0.0", + "is-fullwidth-code-point@3.0.0" + ] + }, + { + "ref": "astral-regex@2.0.0" + }, + { + "ref": "widest-line@3.1.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0", + "dependsOn": [ + "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0" + }, + { + "ref": "ansis@3.2.0" + }, + { + "ref": "cli-spinners@2.9.2" + }, + { + "ref": "cosmiconfig@9.0.0", + "dependsOn": [ + "env-paths@2.2.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "typescript@5.1.6" + ] + }, + { + "ref": "env-paths@2.2.1" + }, + { + "ref": "import-fresh@3.3.0", + "dependsOn": [ + "parent-module@1.0.1", + "resolve-from@4.0.0" + ] + }, + { + "ref": "js-yaml@4.1.0", + "dependsOn": [ + "argparse@2.0.1" + ] + }, + { + "ref": "error-ex@1.3.2", + "dependsOn": [ + "is-arrayish@0.2.1" + ] + }, + { + "ref": "json-parse-even-better-errors@2.3.1" + }, + { + "ref": "typescript@5.1.6" + }, + { + "ref": "debug@4.3.4", + "dependsOn": [ + "debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "debug@4.3.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "npm@10.8.0", + "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "semver@7.6.2", + "validate-npm-package-name@5.0.1", + "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2", + "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "semver@7.6.2", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + }, + { + "ref": "hosted-git-info@7.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2|lru-cache@10.2.2" + ] + }, + { + "ref": "hosted-git-info@7.0.2|lru-cache@10.2.2" + }, + { + "ref": "validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/config@8.3.2", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|abbrev@2.0.0", + "npm@10.8.0|archy@1.0.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|chalk@5.3.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|cli-columns@4.0.0", + "npm@10.8.0|fastest-levenshtein@1.0.16", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|init-package-json@6.0.3", + "npm@10.8.0|is-cidr@5.0.5", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|libnpmaccess@8.0.6", + "npm@10.8.0|libnpmdiff@6.1.2", + "npm@10.8.0|libnpmexec@8.1.1", + "npm@10.8.0|libnpmfund@5.0.10", + "npm@10.8.0|libnpmhook@10.0.5", + "npm@10.8.0|libnpmorg@6.0.6", + "npm@10.8.0|libnpmpack@7.0.2", + "npm@10.8.0|libnpmpublish@9.0.8", + "npm@10.8.0|libnpmsearch@7.0.5", + "npm@10.8.0|libnpmteam@6.0.5", + "npm@10.8.0|libnpmversion@6.0.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|ms@2.1.3", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-audit-report@5.0.0", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-profile@10.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|npm-user-validate@2.0.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|qrcode-terminal@0.12.0", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|spdx-expression-parse@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|supports-color@9.4.0", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|text-table@0.2.0", + "npm@10.8.0|tiny-relative-date@1.3.0", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|validate-npm-package-name@5.0.1", + "npm@10.8.0|which@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0" + }, + { + "ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/query@3.1.0", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|bin-links@4.0.4", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|common-ancestor-path@1.0.1", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|json-stringify-nice@1.1.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|proggy@2.0.0", + "npm@10.8.0|promise-all-reject-late@1.0.1", + "npm@10.8.0|promise-call-limit@3.0.1", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "dependsOn": [ + "npm@10.8.0|npm-bundled@3.0.1", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-bundled@3.0.1", + "dependsOn": [ + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|read-package-json-fast@3.0.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "dependsOn": [ + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|cacache@18.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass-collect@2.0.1", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|unique-filename@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2" + }, + { + "ref": "npm@10.8.0|pacote@18.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-packlist@8.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|proc-log@4.2.0" + }, + { + "ref": "npm@10.8.0|semver@7.6.2" + }, + { + "ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/query@3.1.0", + "dependsOn": [ + "npm@10.8.0|postcss-selector-parser@6.0.16" + ] + }, + { + "ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "dependsOn": [ + "npm@10.8.0|cssesc@3.0.0", + "npm@10.8.0|util-deprecate@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|cssesc@3.0.0" + }, + { + "ref": "npm@10.8.0|util-deprecate@1.0.2" + }, + { + "ref": "npm@10.8.0|@npmcli/redact@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|bin-links@4.0.4", + "dependsOn": [ + "npm@10.8.0|cmd-shim@6.0.3", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|read-cmd-shim@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|cmd-shim@6.0.3" + }, + { + "ref": "npm@10.8.0|read-cmd-shim@4.0.0" + }, + { + "ref": "npm@10.8.0|write-file-atomic@5.0.1", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|common-ancestor-path@1.0.1" + }, + { + "ref": "npm@10.8.0|hosted-git-info@7.0.2", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2" + ] + }, + { + "ref": "npm@10.8.0|json-stringify-nice@1.1.4" + }, + { + "ref": "npm@10.8.0|lru-cache@10.2.2" + }, + { + "ref": "npm@10.8.0|minimatch@9.0.4", + "dependsOn": [ + "npm@10.8.0|brace-expansion@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|nopt@7.2.1", + "dependsOn": [ + "npm@10.8.0|abbrev@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|npm-install-checks@6.3.0", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-package-arg@11.0.2", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "dependsOn": [ + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-json-stream@1.0.1", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|just-diff-apply@5.5.0", + "npm@10.8.0|just-diff@6.0.2" + ] + }, + { + "ref": "npm@10.8.0|proggy@2.0.0" + }, + { + "ref": "npm@10.8.0|promise-all-reject-late@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-call-limit@3.0.1" + }, + { + "ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ssri@10.0.6", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|treeverse@3.0.0" + }, + { + "ref": "npm@10.8.0|walk-up-path@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/config@8.3.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ci-info@4.0.0" + }, + { + "ref": "npm@10.8.0|ini@4.1.2" + }, + { + "ref": "npm@10.8.0|glob@10.3.15", + "dependsOn": [ + "npm@10.8.0|foreground-child@3.1.1", + "npm@10.8.0|jackspeak@2.3.6", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|path-scurry@1.11.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/git@5.0.7", + "dependsOn": [ + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-inflight@1.0.1", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "dependsOn": [ + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|promise-inflight@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-retry@2.0.1", + "dependsOn": [ + "npm@10.8.0|err-code@2.0.3", + "npm@10.8.0|retry@0.12.0" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0", + "dependsOn": [ + "npm@10.8.0|which@4.0.0|isexe@3.1.1" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1" + }, + { + "ref": "npm@10.8.0|normalize-package-data@6.0.1", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|is-core-module@2.13.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0", + "dependsOn": [ + "npm@10.8.0|env-paths@2.2.1", + "npm@10.8.0|exponential-backoff@3.1.1", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0" + }, + { + "ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|tuf-js@2.2.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + }, + { + "ref": "npm@10.8.0|tuf-js@2.2.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/models@2.0.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|make-fetch-happen@13.0.1" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/models@2.0.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0" + }, + { + "ref": "npm@10.8.0|debug@4.3.4", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2" + }, + { + "ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/agent@2.2.2", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|http-cache-semantics@4.1.1", + "npm@10.8.0|is-lambda@1.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|negotiator@0.6.3", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|abbrev@2.0.0" + }, + { + "ref": "npm@10.8.0|archy@1.0.0" + }, + { + "ref": "npm@10.8.0|fs-minipass@3.0.3", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass-collect@2.0.1", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass@7.1.1" + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5", + "dependsOn": [ + "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|yallist@4.0.0" + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "dependsOn": [ + "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|p-map@4.0.0", + "dependsOn": [ + "npm@10.8.0|aggregate-error@3.1.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1", + "dependsOn": [ + "npm@10.8.0|chownr@2.0.0", + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|mkdirp@1.0.4", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "dependsOn": [ + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0" + }, + { + "ref": "npm@10.8.0|unique-filename@3.0.0", + "dependsOn": [ + "npm@10.8.0|unique-slug@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|unique-slug@4.0.0", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4" + ] + }, + { + "ref": "npm@10.8.0|imurmurhash@0.1.4" + }, + { + "ref": "npm@10.8.0|chalk@5.3.0" + }, + { + "ref": "npm@10.8.0|cli-columns@4.0.0", + "dependsOn": [ + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|string-width@4.2.3", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|emoji-regex@8.0.0" + }, + { + "ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0" + }, + { + "ref": "npm@10.8.0|strip-ansi@6.0.1", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|ansi-regex@5.0.1" + }, + { + "ref": "npm@10.8.0|fastest-levenshtein@1.0.16" + }, + { + "ref": "npm@10.8.0|foreground-child@3.1.1", + "dependsOn": [ + "npm@10.8.0|cross-spawn@7.0.3", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3", + "dependsOn": [ + "npm@10.8.0|path-key@3.1.1", + "npm@10.8.0|shebang-command@2.0.0", + "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "dependsOn": [ + "npm@10.8.0|isexe@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|path-key@3.1.1" + }, + { + "ref": "npm@10.8.0|shebang-command@2.0.0", + "dependsOn": [ + "npm@10.8.0|shebang-regex@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|shebang-regex@3.0.0" + }, + { + "ref": "npm@10.8.0|isexe@2.0.0" + }, + { + "ref": "npm@10.8.0|signal-exit@4.1.0" + }, + { + "ref": "npm@10.8.0|jackspeak@2.3.6", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2", + "npm@10.8.0|@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "dependsOn": [ + "BomRef.6h760ft6oi8.7sr4bitkllo", + "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.uih8rvtlbdo.33q7f9m1mj", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "npm@10.8.0|wrap-ansi@7.0.0", + "npm@10.8.0|wrap-ansi@8.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "dependsOn": [ + "npm@10.8.0|color-convert@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|color-convert@2.0.1", + "dependsOn": [ + "npm@10.8.0|color-name@1.1.4" + ] + }, + { + "ref": "npm@10.8.0|color-name@1.1.4" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0", + "dependsOn": [ + "npm@10.8.0|ansi-styles@6.2.1", + "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + }, + { + "ref": "npm@10.8.0|ansi-styles@6.2.1" + }, + { + "ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0" + }, + { + "ref": "npm@10.8.0|path-scurry@1.11.1", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|graceful-fs@4.2.11" + }, + { + "ref": "npm@10.8.0|init-package-json@6.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|promzard@1.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|promzard@1.0.2", + "dependsOn": [ + "npm@10.8.0|read@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|read@3.0.1", + "dependsOn": [ + "npm@10.8.0|mute-stream@1.0.0" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0", + "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-exceptions@2.5.0" + }, + { + "ref": "npm@10.8.0|spdx-license-ids@3.0.17" + }, + { + "ref": "npm@10.8.0|validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0|is-cidr@5.0.5", + "dependsOn": [ + "npm@10.8.0|cidr-regex@4.0.5" + ] + }, + { + "ref": "npm@10.8.0|cidr-regex@4.0.5", + "dependsOn": [ + "npm@10.8.0|ip-regex@5.0.0" + ] + }, + { + "ref": "npm@10.8.0|ip-regex@5.0.0" + }, + { + "ref": "npm@10.8.0|libnpmaccess@8.0.6", + "dependsOn": [ + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmdiff@6.1.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|binary-extensions@2.3.0", + "npm@10.8.0|diff@5.2.0", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|binary-extensions@2.3.0" + }, + { + "ref": "npm@10.8.0|diff@5.2.0" + }, + { + "ref": "npm@10.8.0|libnpmexec@8.1.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmfund@5.0.10", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmhook@10.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|aproba@2.0.0" + }, + { + "ref": "npm@10.8.0|libnpmorg@6.0.6", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmpack@7.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6" + ] + }, + { + "ref": "npm@10.8.0|libnpmpublish@9.0.8", + "dependsOn": [ + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|sigstore@2.3.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|@sigstore/sign@2.3.1", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|@sigstore/verify@1.2.0" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/core@1.1.0" + }, + { + "ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmsearch@7.0.5", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmteam@6.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmversion@6.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|http-proxy-agent@7.0.2", + "npm@10.8.0|https-proxy-agent@7.0.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|socks-proxy-agent@8.0.3" + ] + }, + { + "ref": "npm@10.8.0|agent-base@7.1.1", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|socks@2.8.3" + ] + }, + { + "ref": "npm@10.8.0|socks@2.8.3", + "dependsOn": [ + "npm@10.8.0|ip-address@9.0.5", + "npm@10.8.0|smart-buffer@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|ip-address@9.0.5", + "dependsOn": [ + "npm@10.8.0|jsbn@1.1.0", + "npm@10.8.0|sprintf-js@1.1.3" + ] + }, + { + "ref": "npm@10.8.0|jsbn@1.1.0" + }, + { + "ref": "npm@10.8.0|sprintf-js@1.1.3" + }, + { + "ref": "npm@10.8.0|smart-buffer@4.2.0" + }, + { + "ref": "npm@10.8.0|http-cache-semantics@4.1.1" + }, + { + "ref": "npm@10.8.0|is-lambda@1.0.1" + }, + { + "ref": "npm@10.8.0|minipass-fetch@3.0.5", + "dependsOn": [ + "npm@10.8.0|encoding@0.1.13", + "npm@10.8.0|minipass-sized@1.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|encoding@0.1.13", + "dependsOn": [ + "npm@10.8.0|iconv-lite@0.6.3" + ] + }, + { + "ref": "npm@10.8.0|iconv-lite@0.6.3", + "dependsOn": [ + "npm@10.8.0|safer-buffer@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|safer-buffer@2.1.2" + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3", + "dependsOn": [ + "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2", + "dependsOn": [ + "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|negotiator@0.6.3" + }, + { + "ref": "npm@10.8.0|err-code@2.0.3" + }, + { + "ref": "npm@10.8.0|retry@0.12.0" + }, + { + "ref": "npm@10.8.0|brace-expansion@2.0.1", + "dependsOn": [ + "npm@10.8.0|balanced-match@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|balanced-match@1.0.2" + }, + { + "ref": "npm@10.8.0|ms@2.1.3" + }, + { + "ref": "npm@10.8.0|env-paths@2.2.1" + }, + { + "ref": "npm@10.8.0|exponential-backoff@3.1.1" + }, + { + "ref": "npm@10.8.0|is-core-module@2.13.1", + "dependsOn": [ + "npm@10.8.0|hasown@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|hasown@2.0.2", + "dependsOn": [ + "npm@10.8.0|function-bind@1.1.2" + ] + }, + { + "ref": "npm@10.8.0|function-bind@1.1.2" + }, + { + "ref": "npm@10.8.0|npm-audit-report@5.0.0" + }, + { + "ref": "npm@10.8.0|npm-profile@10.0.0", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "dependsOn": [ + "npm@10.8.0|jsonparse@1.3.1", + "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|jsonparse@1.3.1" + }, + { + "ref": "npm@10.8.0|npm-user-validate@2.0.1" + }, + { + "ref": "npm@10.8.0|aggregate-error@3.1.0", + "dependsOn": [ + "npm@10.8.0|clean-stack@2.2.0", + "npm@10.8.0|indent-string@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|clean-stack@2.2.0" + }, + { + "ref": "npm@10.8.0|indent-string@4.0.0" + }, + { + "ref": "npm@10.8.0|npm-packlist@8.0.2", + "dependsOn": [ + "npm@10.8.0|ignore-walk@6.0.5" + ] + }, + { + "ref": "npm@10.8.0|ignore-walk@6.0.5", + "dependsOn": [ + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|just-diff-apply@5.5.0" + }, + { + "ref": "npm@10.8.0|just-diff@6.0.2" + }, + { + "ref": "npm@10.8.0|qrcode-terminal@0.12.0" + }, + { + "ref": "npm@10.8.0|mute-stream@1.0.0" + }, + { + "ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|supports-color@9.4.0" + }, + { + "ref": "npm@10.8.0|chownr@2.0.0" + }, + { + "ref": "npm@10.8.0|mkdirp@1.0.4" + }, + { + "ref": "npm@10.8.0|text-table@0.2.0" + }, + { + "ref": "npm@10.8.0|tiny-relative-date@1.3.0" + }, + { + "ref": "@oclif/plugin-version@2.2.2", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "ansis@3.2.0" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-version@2.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "lodash@4.17.21" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "dependsOn": [ + "content-type@1.0.5", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "is-stream@2.0.1", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "dependsOn": [ + "error-ex@1.3.2", + "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "content-type@1.0.5" + }, + { + "ref": "is-stream@2.0.1" + }, + { + "ref": "is-arrayish@0.2.1" + }, + { + "ref": "safe-buffer@5.2.1" + }, + { + "ref": "@oclif/test@3.2.15", + "dependsOn": [ + "@oclif/core@3.26.9", + "chai@4.4.1", + "fancy-test@3.0.15" + ] + }, + { + "ref": "chai@4.4.1", + "dependsOn": [ + "assertion-error@1.1.0", + "check-error@1.0.3", + "deep-eql@4.1.3", + "get-func-name@2.0.2", + "loupe@2.3.7", + "pathval@1.1.1", + "type-detect@4.0.8" + ] + }, + { + "ref": "fancy-test@3.0.15", + "dependsOn": [ + "@types/chai@4.3.14", + "@types/lodash@4.17.4", + "@types/node@20.14.1", + "@types/sinon@17.0.3", + "lodash@4.17.21", + "mock-stdin@1.0.0", + "nock@13.5.4", + "sinon@16.1.3", + "stdout-stderr@0.1.13" + ] + }, + { + "ref": "@types/chai@4.3.14" + }, + { + "ref": "@types/sinon@17.0.3", + "dependsOn": [ + "@types/sinonjs__fake-timers@8.1.5" + ] + }, + { + "ref": "@types/sinonjs__fake-timers@8.1.5" + }, + { + "ref": "mock-stdin@1.0.0" + }, + { + "ref": "nock@13.5.4", + "dependsOn": [ + "debug@4.3.4", + "json-stringify-safe@5.0.1", + "propagate@2.0.1" + ] + }, + { + "ref": "json-stringify-safe@5.0.1" + }, + { + "ref": "propagate@2.0.1" + }, + { + "ref": "sinon@16.1.3", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "@sinonjs/fake-timers@10.3.0", + "@sinonjs/samsam@8.0.0", + "sinon@16.1.3|diff@5.2.0", + "nise@5.1.9", + "sinon@16.1.3|supports-color@7.2.0" + ] + }, + { + "ref": "sinon@16.1.3|diff@5.2.0" + }, + { + "ref": "sinon@16.1.3|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "@sinonjs/commons@3.0.1", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/fake-timers@10.3.0", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0", + "dependsOn": [ + "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "lodash.get@4.4.2", + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "lodash.get@4.4.2" + }, + { + "ref": "nise@5.1.9", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "@sinonjs/text-encoding@0.7.2", + "just-extend@6.2.0", + "nise@5.1.9|path-to-regexp@6.2.2" + ] + }, + { + "ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "nise@5.1.9|path-to-regexp@6.2.2" + }, + { + "ref": "@sinonjs/text-encoding@0.7.2" + }, + { + "ref": "just-extend@6.2.0" + }, + { + "ref": "stdout-stderr@0.1.13", + "dependsOn": [ + "debug@4.3.4", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@smithy/abort-controller@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@types/express@4.17.21", + "dependsOn": [ + "@types/body-parser@1.19.5", + "@types/express-serve-static-core@4.19.0", + "@types/qs@6.9.15", + "@types/serve-static@1.15.7" + ] + }, + { + "ref": "@types/body-parser@1.19.5", + "dependsOn": [ + "@types/connect@3.4.38", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/connect@3.4.38", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/express-serve-static-core@4.19.0", + "dependsOn": [ + "@types/node@20.14.1", + "@types/qs@6.9.15", + "@types/range-parser@1.2.7", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/qs@6.9.15" + }, + { + "ref": "@types/range-parser@1.2.7" + }, + { + "ref": "@types/send@0.17.4", + "dependsOn": [ + "@types/mime@1.3.5", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/mime@1.3.5" + }, + { + "ref": "@types/serve-static@1.15.7", + "dependsOn": [ + "@types/http-errors@2.0.4", + "@types/node@20.14.1", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/http-errors@2.0.4" + }, + { + "ref": "@types/fs-extra@11.0.4", + "dependsOn": [ + "@types/jsonfile@6.1.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/jsonfile@6.1.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/get-installed-path@4.0.3" + }, + { + "ref": "@types/jest@29.5.12", + "dependsOn": [ + "expect@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "expect@29.7.0", + "dependsOn": [ + "@jest/expect-utils@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/expect-utils@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3" + ] + }, + { + "ref": "jest-get-type@29.6.3" + }, + { + "ref": "jest-matcher-utils@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-diff@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "diff-sequences@29.6.3", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "diff-sequences@29.6.3" + }, + { + "ref": "pretty-format@29.7.0", + "dependsOn": [ + "@jest/schemas@29.6.3", + "pretty-format@29.7.0|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "pretty-format@29.7.0|ansi-styles@5.2.0" + }, + { + "ref": "jest-message-util@29.7.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@jest/types@29.6.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/types@29.6.3", + "dependsOn": [ + "@jest/schemas@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "jest-util@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-util@29.7.0|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "jest-util@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/schemas@29.6.3", + "dependsOn": [ + "@sinclair/typebox@0.27.8" + ] + }, + { + "ref": "@sinclair/typebox@0.27.8" + }, + { + "ref": "@types/js-yaml@4.0.9" + }, + { + "ref": "@types/mocha@10.0.6" + }, + { + "ref": "@types/mock-fs@4.13.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "undici-types@5.26.5" + }, + { + "ref": "@types/objects-to-csv@1.3.3" + }, + { + "ref": "@types/prompt-sync@4.2.3" + }, + { + "ref": "@types/tmp@0.2.6" + }, + { + "ref": "@types/uuid@9.0.8" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0", + "dependsOn": [ + "@eslint-community/regexpp@4.10.0", + "@typescript-eslint/parser@7.7.1", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/type-utils@7.12.0", + "@typescript-eslint/utils@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "eslint@8.57.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "natural-compare@1.4.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@eslint-community/regexpp@4.10.0" + }, + { + "ref": "@typescript-eslint/parser@7.7.1", + "dependsOn": [ + "@typescript-eslint/scope-manager@7.7.1", + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/typescript-estree@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/scope-manager@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1" + ] + }, + { + "ref": "@typescript-eslint/types@7.7.1" + }, + { + "ref": "@typescript-eslint/visitor-keys@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/typescript-estree@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "ts-api-utils@1.3.0", + "dependsOn": [ + "typescript@5.1.6" + ] + }, + { + "ref": "eslint-visitor-keys@3.4.3" + }, + { + "ref": "eslint@8.57.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@eslint-community/regexpp@4.10.0", + "@eslint/eslintrc@2.1.4", + "@eslint/js@8.57.0", + "@humanwhocodes/config-array@0.11.14", + "@humanwhocodes/module-importer@1.0.1", + "@nodelib/fs.walk@1.2.8", + "@ungap/structured-clone@1.2.0", + "eslint@8.57.0|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "escape-string-regexp@4.0.0", + "eslint-scope@7.2.2", + "eslint-visitor-keys@3.4.3", + "espree@9.6.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "find-up@5.0.0", + "glob-parent@6.0.2", + "globals@13.24.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "is-path-inside@3.0.3", + "js-yaml@4.1.0", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint@8.57.0|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "strip-ansi@6.0.1", + "text-table@0.2.0" + ] + }, + { + "ref": "eslint@8.57.0|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint@8.57.0|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint@8.57.0|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint@8.57.0|minimatch@3.1.2", + "dependsOn": [ + "eslint@8.57.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint@8.57.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "@typescript-eslint/utils@7.12.0", + "debug@4.3.4", + "eslint@8.57.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@eslint-community/eslint-utils@4.4.0", + "dependsOn": [ + "eslint-visitor-keys@3.4.3", + "eslint@8.57.0" + ] + }, + { + "ref": "graphemer@1.4.0" + }, + { + "ref": "accurate-search@1.2.15" + }, + { + "ref": "ajv@8.16.0", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "json-schema-traverse@1.0.0", + "require-from-string@2.0.2", + "uri-js@4.4.1" + ] + }, + { + "ref": "fast-deep-equal@3.1.3" + }, + { + "ref": "json-schema-traverse@1.0.0" + }, + { + "ref": "require-from-string@2.0.2" + }, + { + "ref": "uri-js@4.4.1", + "dependsOn": [ + "punycode@2.3.1" + ] + }, + { + "ref": "punycode@2.3.1" + }, + { + "ref": "form-data@4.0.0", + "dependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "mime-types@2.1.35" + ] + }, + { + "ref": "proxy-from-env@1.1.0" + }, + { + "ref": "assertion-error@1.1.0" + }, + { + "ref": "check-error@1.0.3", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "get-func-name@2.0.2" + }, + { + "ref": "deep-eql@4.1.3", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "loupe@2.3.7", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "pathval@1.1.1" + }, + { + "ref": "colors@1.4.0" + }, + { + "ref": "csv-parse@4.16.3" + }, + { + "ref": "dotenv@16.4.5" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "functional-red-black-tree@1.0.1", + "ignore@5.3.1", + "regexpp@3.2.0", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "enquirer@2.4.1", + "escape-string-regexp@4.0.0", + "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "functional-red-black-tree@1.0.1", + "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "import-fresh@3.3.0", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "progress@2.0.3", + "regexpp@3.2.0", + "semver@7.6.2", + "strip-ansi@6.0.1", + "strip-json-comments@3.1.1", + "table@6.8.2", + "text-table@0.2.0", + "v8-compile-cache@2.4.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "dependsOn": [ + "@babel/highlight@7.24.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "import-fresh@3.3.0", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0", + "dependsOn": [ + "@types/json-schema@7.0.15", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "eslint-utils@3.0.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + }, + { + "ref": "@types/json-schema@7.0.15" + }, + { + "ref": "tsutils@3.21.0", + "dependsOn": [ + "tsutils@3.21.0|tslib@1.14.1", + "typescript@5.1.6" + ] + }, + { + "ref": "tsutils@3.21.0|tslib@1.14.1" + }, + { + "ref": "esrecurse@4.3.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "eslint-utils@3.0.0", + "dependsOn": [ + "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/highlight@7.24.2", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@babel/highlight@7.24.2|chalk@2.4.2", + "js-tokens@4.0.0", + "picocolors@1.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "dependsOn": [ + "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "@babel/highlight@7.24.2|supports-color@5.5.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "dependsOn": [ + "@babel/highlight@7.24.2|color-convert@1.9.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "dependsOn": [ + "@babel/highlight@7.24.2|color-name@1.1.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-name@1.1.3" + }, + { + "ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5" + }, + { + "ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "dependsOn": [ + "@babel/highlight@7.24.2|has-flag@3.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|has-flag@3.0.0" + }, + { + "ref": "globals@13.24.0", + "dependsOn": [ + "globals@13.24.0|type-fest@0.20.2" + ] + }, + { + "ref": "globals@13.24.0|type-fest@0.20.2" + }, + { + "ref": "doctrine@3.0.0", + "dependsOn": [ + "esutils@2.0.3" + ] + }, + { + "ref": "enquirer@2.4.1", + "dependsOn": [ + "ansi-colors@4.1.1", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-colors@4.1.1" + }, + { + "ref": "acorn-jsx@5.3.2", + "dependsOn": [ + "acorn@8.11.3" + ] + }, + { + "ref": "esquery@1.5.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "esutils@2.0.3" + }, + { + "ref": "file-entry-cache@6.0.1", + "dependsOn": [ + "flat-cache@3.2.0" + ] + }, + { + "ref": "functional-red-black-tree@1.0.1" + }, + { + "ref": "imurmurhash@0.1.4" + }, + { + "ref": "json-stable-stringify-without-jsonify@1.0.1" + }, + { + "ref": "levn@0.4.1", + "dependsOn": [ + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "lodash.merge@4.6.2" + }, + { + "ref": "optionator@0.9.3", + "dependsOn": [ + "@aashutoshrathi/word-wrap@1.2.6", + "deep-is@0.1.4", + "optionator@0.9.3|fast-levenshtein@2.0.6", + "levn@0.4.1", + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "optionator@0.9.3|fast-levenshtein@2.0.6" + }, + { + "ref": "progress@2.0.3" + }, + { + "ref": "regexpp@3.2.0" + }, + { + "ref": "table@6.8.2", + "dependsOn": [ + "ajv@8.16.0", + "lodash.truncate@4.4.2", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "text-table@0.2.0" + }, + { + "ref": "v8-compile-cache@2.4.0" + }, + { + "ref": "confusing-browser-globals@1.0.10" + }, + { + "ref": "eslint-plugin-mocha@9.0.0", + "dependsOn": [ + "eslint-utils@3.0.0", + "eslint@8.57.0", + "ramda@0.27.2" + ] + }, + { + "ref": "ramda@0.27.2" + }, + { + "ref": "eslint-plugin-node@11.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1", + "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "eslint@8.57.0", + "ignore@5.3.1", + "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "resolve@1.22.8", + "eslint-plugin-node@11.1.0|semver@6.3.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "dependsOn": [ + "eslint-plugin-node@11.1.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|semver@6.3.1" + }, + { + "ref": "eslint-plugin-es@3.0.1", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "eslint@8.57.0", + "regexpp@3.2.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif@4.0.0", + "dependsOn": [ + "eslint-config-xo-space@0.27.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0", + "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "clean-regexp@1.0.0", + "eslint-template-visitor@2.3.2", + "eslint-utils@3.0.0", + "eslint@8.57.0", + "is-builtin-module@3.2.1", + "lodash@4.17.21", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "safe-regex@2.1.1", + "semver@7.6.2" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0" + }, + { + "ref": "eslint-config-xo-space@0.27.0", + "dependsOn": [ + "eslint-config-xo@0.35.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-config-xo@0.35.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint@8.57.0" + ] + }, + { + "ref": "@babel/helper-validator-identifier@7.22.20" + }, + { + "ref": "clean-regexp@1.0.0", + "dependsOn": [ + "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + }, + { + "ref": "eslint-template-visitor@2.3.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/eslint-parser@7.24.1", + "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "esquery@1.5.0", + "multimap@1.1.0" + ] + }, + { + "ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "@babel/eslint-parser@7.24.1|semver@6.3.1" + ] + }, + { + "ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1|semver@6.3.1" + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "dependsOn": [ + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + }, + { + "ref": "multimap@1.1.0" + }, + { + "ref": "is-builtin-module@3.2.1", + "dependsOn": [ + "builtin-modules@3.3.0" + ] + }, + { + "ref": "pluralize@8.0.0" + }, + { + "ref": "read-pkg-up@7.0.1", + "dependsOn": [ + "read-pkg-up@7.0.1|find-up@4.1.0", + "read-pkg@5.2.0", + "read-pkg-up@7.0.1|type-fest@0.8.1" + ] + }, + { + "ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-locate@4.1.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-limit@2.3.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|type-fest@0.8.1" + }, + { + "ref": "regexp-tree@0.1.27" + }, + { + "ref": "safe-regex@2.1.1", + "dependsOn": [ + "regexp-tree@0.1.27" + ] + }, + { + "ref": "eslint-plugin-unicorn@52.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@eslint-community/eslint-utils@4.4.0", + "@eslint/eslintrc@2.1.4", + "ci-info@4.0.0", + "clean-regexp@1.0.0", + "core-js-compat@3.37.0", + "eslint@8.57.0", + "esquery@1.5.0", + "indent-string@4.0.0", + "is-builtin-module@3.2.1", + "jsesc@3.0.2", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "regjsparser@0.10.0", + "semver@7.6.2", + "strip-indent@3.0.0" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "debug@4.3.4", + "espree@9.6.1", + "globals@13.24.0", + "ignore@5.3.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1" + }, + { + "ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "espree@9.6.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "acorn@8.11.3", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "parent-module@1.0.1", + "dependsOn": [ + "callsites@3.1.0" + ] + }, + { + "ref": "resolve-from@4.0.0" + }, + { + "ref": "ci-info@4.0.0" + }, + { + "ref": "core-js-compat@3.37.0", + "dependsOn": [ + "browserslist@4.23.0" + ] + }, + { + "ref": "browserslist@4.23.0", + "dependsOn": [ + "caniuse-lite@1.0.30001612", + "electron-to-chromium@1.4.747", + "node-releases@2.0.14", + "update-browserslist-db@1.0.13" + ] + }, + { + "ref": "caniuse-lite@1.0.30001612" + }, + { + "ref": "electron-to-chromium@1.4.747" + }, + { + "ref": "node-releases@2.0.14" + }, + { + "ref": "update-browserslist-db@1.0.13", + "dependsOn": [ + "browserslist@4.23.0", + "escalade@3.1.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "escalade@3.1.2" + }, + { + "ref": "estraverse@5.3.0" + }, + { + "ref": "builtin-modules@3.3.0" + }, + { + "ref": "jsesc@3.0.2" + }, + { + "ref": "p-try@2.2.0" + }, + { + "ref": "path-exists@4.0.0" + }, + { + "ref": "read-pkg@5.2.0", + "dependsOn": [ + "@types/normalize-package-data@2.4.4", + "read-pkg@5.2.0|normalize-package-data@2.5.0", + "parse-json@5.2.0", + "read-pkg@5.2.0|type-fest@0.6.0" + ] + }, + { + "ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "dependsOn": [ + "read-pkg@5.2.0|hosted-git-info@2.8.9", + "resolve@1.22.8", + "read-pkg@5.2.0|semver@5.7.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "read-pkg@5.2.0|hosted-git-info@2.8.9" + }, + { + "ref": "read-pkg@5.2.0|semver@5.7.2" + }, + { + "ref": "read-pkg@5.2.0|type-fest@0.6.0" + }, + { + "ref": "@types/normalize-package-data@2.4.4" + }, + { + "ref": "validate-npm-package-license@3.0.4", + "dependsOn": [ + "spdx-correct@3.2.0", + "spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "regjsparser@0.10.0", + "dependsOn": [ + "regjsparser@0.10.0|jsesc@0.5.0" + ] + }, + { + "ref": "regjsparser@0.10.0|jsesc@0.5.0" + }, + { + "ref": "strip-indent@3.0.0", + "dependsOn": [ + "min-indent@1.0.1" + ] + }, + { + "ref": "min-indent@1.0.1" + }, + { + "ref": "@eslint/js@8.57.0" + }, + { + "ref": "@humanwhocodes/config-array@0.11.14", + "dependsOn": [ + "@humanwhocodes/object-schema@2.0.3", + "debug@4.3.4", + "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "dependsOn": [ + "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@humanwhocodes/object-schema@2.0.3" + }, + { + "ref": "@humanwhocodes/module-importer@1.0.1" + }, + { + "ref": "@nodelib/fs.scandir@2.1.5", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ] + }, + { + "ref": "run-parallel@1.2.0", + "dependsOn": [ + "queue-microtask@1.2.3" + ] + }, + { + "ref": "queue-microtask@1.2.3" + }, + { + "ref": "fastq@1.17.1", + "dependsOn": [ + "reusify@1.0.4" + ] + }, + { + "ref": "reusify@1.0.4" + }, + { + "ref": "@ungap/structured-clone@1.2.0" + }, + { + "ref": "path-key@3.1.1" + }, + { + "ref": "shebang-command@2.0.0", + "dependsOn": [ + "shebang-regex@3.0.0" + ] + }, + { + "ref": "shebang-regex@3.0.0" + }, + { + "ref": "which@2.0.2", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "isexe@2.0.0" + }, + { + "ref": "eslint-scope@7.2.2", + "dependsOn": [ + "esrecurse@4.3.0", + "estraverse@5.3.0" + ] + }, + { + "ref": "acorn@8.11.3" + }, + { + "ref": "flat-cache@3.2.0", + "dependsOn": [ + "flatted@3.3.1", + "keyv@4.5.4", + "rimraf@3.0.2" + ] + }, + { + "ref": "flatted@3.3.1" + }, + { + "ref": "keyv@4.5.4", + "dependsOn": [ + "json-buffer@3.0.1" + ] + }, + { + "ref": "json-buffer@3.0.1" + }, + { + "ref": "find-up@5.0.0", + "dependsOn": [ + "locate-path@6.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "locate-path@6.0.0", + "dependsOn": [ + "p-locate@5.0.0" + ] + }, + { + "ref": "p-locate@5.0.0", + "dependsOn": [ + "p-limit@3.1.0" + ] + }, + { + "ref": "is-extglob@2.1.1" + }, + { + "ref": "is-path-inside@3.0.3" + }, + { + "ref": "prelude-ls@1.2.1" + }, + { + "ref": "type-check@0.4.0", + "dependsOn": [ + "prelude-ls@1.2.1" + ] + }, + { + "ref": "@aashutoshrathi/word-wrap@1.2.6" + }, + { + "ref": "deep-is@0.1.4" + }, + { + "ref": "accepts@1.3.8", + "dependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ] + }, + { + "ref": "mime-types@2.1.35", + "dependsOn": [ + "mime-db@1.52.0" + ] + }, + { + "ref": "negotiator@0.6.3" + }, + { + "ref": "array-flatten@1.1.1" + }, + { + "ref": "body-parser@1.20.2", + "dependsOn": [ + "bytes@3.1.2", + "content-type@1.0.5", + "body-parser@1.20.2|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "on-finished@2.4.1", + "qs@6.11.0", + "raw-body@2.5.2", + "type-is@1.6.18", + "unpipe@1.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|debug@2.6.9", + "dependsOn": [ + "body-parser@1.20.2|ms@2.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|ms@2.0.0" + }, + { + "ref": "bytes@3.1.2" + }, + { + "ref": "depd@2.0.0" + }, + { + "ref": "destroy@1.2.0" + }, + { + "ref": "http-errors@2.0.0", + "dependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "toidentifier@1.0.1" + ] + }, + { + "ref": "iconv-lite@0.4.24", + "dependsOn": [ + "safer-buffer@2.1.2" + ] + }, + { + "ref": "safer-buffer@2.1.2" + }, + { + "ref": "on-finished@2.4.1", + "dependsOn": [ + "ee-first@1.1.1" + ] + }, + { + "ref": "qs@6.11.0", + "dependsOn": [ + "side-channel@1.0.6" + ] + }, + { + "ref": "raw-body@2.5.2", + "dependsOn": [ + "bytes@3.1.2", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "unpipe@1.0.0" + ] + }, + { + "ref": "unpipe@1.0.0" + }, + { + "ref": "type-is@1.6.18", + "dependsOn": [ + "media-typer@0.3.0", + "mime-types@2.1.35" + ] + }, + { + "ref": "content-disposition@0.5.4", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "cookie-signature@1.0.6" + }, + { + "ref": "cookie@0.6.0" + }, + { + "ref": "encodeurl@1.0.2" + }, + { + "ref": "escape-html@1.0.3" + }, + { + "ref": "etag@1.8.1" + }, + { + "ref": "finalhandler@1.2.0", + "dependsOn": [ + "finalhandler@1.2.0|debug@2.6.9", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "on-finished@2.4.1", + "parseurl@1.3.3", + "statuses@2.0.1", + "unpipe@1.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|debug@2.6.9", + "dependsOn": [ + "finalhandler@1.2.0|ms@2.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|ms@2.0.0" + }, + { + "ref": "parseurl@1.3.3" + }, + { + "ref": "statuses@2.0.1" + }, + { + "ref": "fresh@0.5.2" + }, + { + "ref": "setprototypeof@1.2.0" + }, + { + "ref": "toidentifier@1.0.1" + }, + { + "ref": "merge-descriptors@1.0.1" + }, + { + "ref": "methods@1.1.2" + }, + { + "ref": "ee-first@1.1.1" + }, + { + "ref": "path-to-regexp@0.1.7" + }, + { + "ref": "proxy-addr@2.0.7", + "dependsOn": [ + "forwarded@0.2.0", + "ipaddr.js@1.9.1" + ] + }, + { + "ref": "forwarded@0.2.0" + }, + { + "ref": "ipaddr.js@1.9.1" + }, + { + "ref": "side-channel@1.0.6", + "dependsOn": [ + "call-bind@1.0.7", + "es-errors@1.3.0", + "get-intrinsic@1.2.4", + "object-inspect@1.13.1" + ] + }, + { + "ref": "call-bind@1.0.7", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "set-function-length@1.2.2" + ] + }, + { + "ref": "es-define-property@1.0.0", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "get-intrinsic@1.2.4", + "dependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2", + "has-proto@1.0.3", + "has-symbols@1.0.3", + "hasown@2.0.2" + ] + }, + { + "ref": "es-errors@1.3.0" + }, + { + "ref": "function-bind@1.1.2" + }, + { + "ref": "set-function-length@1.2.2", + "dependsOn": [ + "define-data-property@1.1.4", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "gopd@1.0.1", + "has-property-descriptors@1.0.2" + ] + }, + { + "ref": "define-data-property@1.1.4", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "gopd@1.0.1" + ] + }, + { + "ref": "gopd@1.0.1", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "has-property-descriptors@1.0.2", + "dependsOn": [ + "es-define-property@1.0.0" + ] + }, + { + "ref": "has-proto@1.0.3" + }, + { + "ref": "has-symbols@1.0.3" + }, + { + "ref": "hasown@2.0.2", + "dependsOn": [ + "function-bind@1.1.2" + ] + }, + { + "ref": "object-inspect@1.13.1" + }, + { + "ref": "range-parser@1.2.1" + }, + { + "ref": "send@0.18.0", + "dependsOn": [ + "send@0.18.0|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.0", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.1" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9", + "dependsOn": [ + "send@0.18.0|debug@2.6.9|ms@2.0.0" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9|ms@2.0.0" + }, + { + "ref": "mime@1.6.0" + }, + { + "ref": "serve-static@1.15.0", + "dependsOn": [ + "encodeurl@1.0.2", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.18.0" + ] + }, + { + "ref": "media-typer@0.3.0" + }, + { + "ref": "utils-merge@1.0.1" + }, + { + "ref": "vary@1.1.2" + }, + { + "ref": "asynckit@0.4.0" + }, + { + "ref": "combined-stream@1.0.8", + "dependsOn": [ + "delayed-stream@1.0.0" + ] + }, + { + "ref": "delayed-stream@1.0.0" + }, + { + "ref": "mime-db@1.52.0" + }, + { + "ref": "fs-extra@11.2.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@6.1.0", + "universalify@2.0.1" + ] + }, + { + "ref": "jsonfile@6.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "universalify@2.0.1" + ] + }, + { + "ref": "universalify@2.0.1" + }, + { + "ref": "get-installed-path@4.0.8", + "dependsOn": [ + "global-modules@1.0.0" + ] + }, + { + "ref": "global-modules@1.0.0", + "dependsOn": [ + "global-prefix@1.0.2", + "is-windows@1.0.2", + "resolve-dir@1.0.1" + ] + }, + { + "ref": "global-prefix@1.0.2", + "dependsOn": [ + "expand-tilde@2.0.2", + "homedir-polyfill@1.0.3", + "ini@1.3.8", + "is-windows@1.0.2", + "global-prefix@1.0.2|which@1.3.1" + ] + }, + { + "ref": "global-prefix@1.0.2|which@1.3.1", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "expand-tilde@2.0.2", + "dependsOn": [ + "homedir-polyfill@1.0.3" + ] + }, + { + "ref": "homedir-polyfill@1.0.3", + "dependsOn": [ + "parse-passwd@1.0.0" + ] + }, + { + "ref": "parse-passwd@1.0.0" + }, + { + "ref": "is-windows@1.0.2" + }, + { + "ref": "resolve-dir@1.0.1", + "dependsOn": [ + "expand-tilde@2.0.2", + "global-modules@1.0.0" + ] + }, + { + "ref": "domhandler@5.0.3", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "domutils@3.1.0", + "dependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ] + }, + { + "ref": "dom-serializer@2.0.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ] + }, + { + "ref": "entities@4.5.0" + }, + { + "ref": "https@1.0.0" + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2", + "dependsOn": [ + "chalk@4.1.2", + "cli-cursor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1" + ] + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "cli-cursor@3.1.0", + "dependsOn": [ + "restore-cursor@3.1.0" + ] + }, + { + "ref": "restore-cursor@3.1.0", + "dependsOn": [ + "onetime@5.1.2", + "signal-exit@3.0.7" + ] + }, + { + "ref": "onetime@5.1.2", + "dependsOn": [ + "mimic-fn@2.1.0" + ] + }, + { + "ref": "mimic-fn@2.1.0" + }, + { + "ref": "signal-exit@3.0.7" + }, + { + "ref": "figures@3.2.0", + "dependsOn": [ + "figures@3.2.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "figures@3.2.0|escape-string-regexp@1.0.5" + }, + { + "ref": "inquirer@8.0.0", + "dependsOn": [ + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-cursor@3.1.0", + "cli-width@3.0.0", + "external-editor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "mute-stream@0.0.8", + "run-async@2.4.1", + "rxjs@6.6.7", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "through@2.3.8" + ] + }, + { + "ref": "cli-width@3.0.0" + }, + { + "ref": "external-editor@3.1.0", + "dependsOn": [ + "chardet@0.7.0", + "iconv-lite@0.4.24", + "external-editor@3.1.0|tmp@0.0.33" + ] + }, + { + "ref": "external-editor@3.1.0|tmp@0.0.33", + "dependsOn": [ + "os-tmpdir@1.0.2" + ] + }, + { + "ref": "chardet@0.7.0" + }, + { + "ref": "os-tmpdir@1.0.2" + }, + { + "ref": "mute-stream@0.0.8" + }, + { + "ref": "run-async@2.4.1" + }, + { + "ref": "rxjs@6.6.7", + "dependsOn": [ + "rxjs@6.6.7|tslib@1.14.1" + ] + }, + { + "ref": "rxjs@6.6.7|tslib@1.14.1" + }, + { + "ref": "through@2.3.8" + }, + { + "ref": "jest-mock@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-util@29.7.0" + ] + }, + { + "ref": "@types/istanbul-lib-report@3.0.3", + "dependsOn": [ + "@types/istanbul-lib-coverage@2.0.6" + ] + }, + { + "ref": "@types/yargs-parser@21.0.3" + }, + { + "ref": "jest@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/types@29.6.3", + "import-local@3.1.0", + "jest-cli@29.7.0" + ] + }, + { + "ref": "@jest/core@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/reporters@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@jest/core@29.7.0|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-changed-files@29.7.0", + "jest-config@29.7.0", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve-dependencies@29.7.0", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "jest-watcher@29.7.0", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@jest/core@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/console@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "@jest/reporters@29.7.0", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@jest/console@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "istanbul-lib-instrument@6.0.2", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@jest/test-result@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/types@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@jest/transform@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "convert-source-map@2.0.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "fs.realpath@1.0.0" + }, + { + "ref": "inflight@1.0.6", + "dependsOn": [ + "once@1.4.0", + "wrappy@1.0.2" + ] + }, + { + "ref": "path-is-absolute@1.0.1" + }, + { + "ref": "istanbul-lib-instrument@6.0.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "semver@7.6.2" + ] + }, + { + "ref": "make-dir@4.0.0", + "dependsOn": [ + "semver@7.6.2" + ] + }, + { + "ref": "source-map@0.6.1" + }, + { + "ref": "html-escaper@2.0.2" + }, + { + "ref": "jest-worker@29.7.0", + "dependsOn": [ + "@types/node@20.14.1", + "jest-util@29.7.0", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "char-regex@1.0.2" + }, + { + "ref": "convert-source-map@2.0.0" + }, + { + "ref": "jest-changed-files@29.7.0", + "dependsOn": [ + "execa@5.1.1", + "jest-util@29.7.0", + "p-limit@3.1.0" + ] + }, + { + "ref": "get-stream@6.0.1" + }, + { + "ref": "human-signals@2.1.0" + }, + { + "ref": "npm-run-path@4.0.1", + "dependsOn": [ + "path-key@3.1.1" + ] + }, + { + "ref": "strip-final-newline@2.0.0" + }, + { + "ref": "yocto-queue@0.1.0" + }, + { + "ref": "jest-config@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/test-sequencer@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "babel-jest@29.7.0", + "chalk@4.1.2", + "jest-config@29.7.0|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-circus@29.7.0", + "jest-environment-node@29.7.0", + "jest-get-type@29.6.3", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "micromatch@4.0.5", + "parse-json@5.2.0", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "jest-config@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/test-sequencer@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "jest-haste-map@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "babel-jest@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "babel-preset-jest@29.6.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "jest-circus@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "dedent@1.5.3", + "is-generator-fn@2.1.0", + "jest-each@29.7.0", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "p-limit@3.1.0", + "pretty-format@29.7.0", + "pure-rand@6.1.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/environment@29.7.0", + "dependsOn": [ + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/expect@29.7.0", + "dependsOn": [ + "expect@29.7.0", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "jest-snapshot@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-jsx@7.24.1", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/types@7.24.0", + "@jest/expect-utils@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "expect@29.7.0", + "graceful-fs@4.2.11", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "natural-compare@1.4.0", + "pretty-format@29.7.0", + "semver@7.6.2" + ] + }, + { + "ref": "dedent@1.5.3" + }, + { + "ref": "jest-each@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "jest-util@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-runtime@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/globals@29.7.0", + "@jest/source-map@29.6.3", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "pure-rand@6.1.0" + }, + { + "ref": "jest-environment-node@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/fake-timers@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@sinonjs/fake-timers@10.3.0", + "@types/node@20.14.1", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "jest-regex-util@29.6.3" + }, + { + "ref": "jest-resolve@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-pnp-resolver@1.2.3", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "resolve.exports@2.0.2", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "jest-runner@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/environment@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "emittery@0.13.1", + "graceful-fs@4.2.11", + "jest-docblock@29.7.0", + "jest-environment-node@29.7.0", + "jest-haste-map@29.7.0", + "jest-leak-detector@29.7.0", + "jest-message-util@29.7.0", + "jest-resolve@29.7.0", + "jest-runtime@29.7.0", + "jest-util@29.7.0", + "jest-watcher@29.7.0", + "jest-worker@29.7.0", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "jest-validate@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "jest-validate@29.7.0|camelcase@6.3.0", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "leven@3.1.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-validate@29.7.0|camelcase@6.3.0" + }, + { + "ref": "bser@2.1.1", + "dependsOn": [ + "node-int64@0.4.0" + ] + }, + { + "ref": "node-int64@0.4.0" + }, + { + "ref": "makeerror@1.0.12", + "dependsOn": [ + "tmpl@1.0.5" + ] + }, + { + "ref": "tmpl@1.0.5" + }, + { + "ref": "jest-resolve-dependencies@29.7.0", + "dependsOn": [ + "jest-regex-util@29.6.3", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "resolve.exports@2.0.2" + }, + { + "ref": "emittery@0.13.1" + }, + { + "ref": "jest-docblock@29.7.0", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "jest-leak-detector@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-watcher@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "emittery@0.13.1", + "jest-util@29.7.0", + "string-length@4.0.2" + ] + }, + { + "ref": "@jest/globals@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/types@29.6.3", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/source-map@29.6.3", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@babel/plugin-syntax-jsx@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/helper-plugin-utils@7.24.0" + }, + { + "ref": "@babel/plugin-syntax-async-generators@7.8.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-bigint@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-class-properties@7.12.13", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-import-meta@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-json-strings@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "pkg-dir@4.2.0", + "dependsOn": [ + "pkg-dir@4.2.0|find-up@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|find-up@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-locate@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-limit@2.3.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0", + "dependsOn": [ + "resolve-cwd@3.0.0|resolve-from@5.0.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0|resolve-from@5.0.0" + }, + { + "ref": "jest-cli@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "chalk@4.1.2", + "create-jest@29.7.0", + "exit@0.1.2", + "import-local@3.1.0", + "jest-config@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "yargs@17.7.2" + ] + }, + { + "ref": "create-jest@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-config@29.7.0", + "jest-util@29.7.0", + "prompts@2.4.2" + ] + }, + { + "ref": "cliui@8.0.1", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "get-caller-file@2.0.5" + }, + { + "ref": "require-directory@2.1.1" + }, + { + "ref": "y18n@5.0.8" + }, + { + "ref": "argparse@2.0.1" + }, + { + "ref": "json-colorizer@2.2.2", + "dependsOn": [ + "json-colorizer@2.2.2|chalk@2.4.2", + "lodash.get@4.4.2" + ] + }, + { + "ref": "json-colorizer@2.2.2|chalk@2.4.2", + "dependsOn": [ + "json-colorizer@2.2.2|ansi-styles@3.2.1", + "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "json-colorizer@2.2.2|supports-color@5.5.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "dependsOn": [ + "json-colorizer@2.2.2|color-convert@1.9.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "dependsOn": [ + "json-colorizer@2.2.2|color-name@1.1.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-name@1.1.3" + }, + { + "ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5" + }, + { + "ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "dependsOn": [ + "json-colorizer@2.2.2|has-flag@3.0.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|has-flag@3.0.0" + }, + { + "ref": "markdown-diff@2.0.0", + "dependsOn": [ + "markdown-diff@2.0.0|diff@5.2.0", + "marked@12.0.2" + ] + }, + { + "ref": "markdown-diff@2.0.0|diff@5.2.0" + }, + { + "ref": "marked@12.0.2" + }, + { + "ref": "markdown-table-ts@1.0.3" + }, + { + "ref": "mocha@10.4.0", + "dependsOn": [ + "ansi-colors@4.1.1", + "browser-stdout@1.3.1", + "chokidar@3.5.3", + "debug@4.3.4", + "mocha@10.4.0|diff@5.0.0", + "escape-string-regexp@4.0.0", + "find-up@5.0.0", + "mocha@10.4.0|glob@8.1.0", + "he@1.2.0", + "js-yaml@4.1.0", + "mocha@10.4.0|log-symbols@4.1.0", + "mocha@10.4.0|minimatch@5.0.1", + "ms@2.1.3", + "serialize-javascript@6.0.0", + "strip-json-comments@3.1.1", + "supports-color@8.1.1", + "workerpool@6.2.1", + "yargs-parser@20.2.4", + "yargs-unparser@2.0.0", + "mocha@10.4.0|yargs@16.2.0" + ] + }, + { + "ref": "mocha@10.4.0|diff@5.0.0" + }, + { + "ref": "mocha@10.4.0|glob@8.1.0", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "mocha@10.4.0|minimatch@5.0.1", + "once@1.4.0" + ] + }, + { + "ref": "mocha@10.4.0|minimatch@5.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "mocha@10.4.0|log-symbols@4.1.0", + "dependsOn": [ + "chalk@4.1.2", + "is-unicode-supported@0.1.0" + ] + }, + { + "ref": "mocha@10.4.0|yargs@16.2.0", + "dependsOn": [ + "mocha@10.4.0|cliui@7.0.4", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs-parser@20.2.4" + ] + }, + { + "ref": "mocha@10.4.0|cliui@7.0.4", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "browser-stdout@1.3.1" + }, + { + "ref": "fill-range@7.0.1", + "dependsOn": [ + "to-regex-range@5.0.1" + ] + }, + { + "ref": "to-regex-range@5.0.1", + "dependsOn": [ + "is-number@7.0.0" + ] + }, + { + "ref": "is-number@7.0.0" + }, + { + "ref": "is-binary-path@2.1.0", + "dependsOn": [ + "binary-extensions@2.3.0" + ] + }, + { + "ref": "binary-extensions@2.3.0" + }, + { + "ref": "readdirp@3.6.0", + "dependsOn": [ + "picomatch@2.3.1" + ] + }, + { + "ref": "wrappy@1.0.2" + }, + { + "ref": "is-unicode-supported@0.1.0" + }, + { + "ref": "serialize-javascript@6.0.0", + "dependsOn": [ + "randombytes@2.1.0" + ] + }, + { + "ref": "randombytes@2.1.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "workerpool@6.2.1" + }, + { + "ref": "yargs-parser@20.2.4" + }, + { + "ref": "yargs-unparser@2.0.0", + "dependsOn": [ + "yargs-unparser@2.0.0|camelcase@6.3.0", + "decamelize@4.0.0", + "flat@5.0.2", + "is-plain-obj@2.1.0" + ] + }, + { + "ref": "yargs-unparser@2.0.0|camelcase@6.3.0" + }, + { + "ref": "decamelize@4.0.0" + }, + { + "ref": "is-plain-obj@2.1.0" + }, + { + "ref": "mock-fs@5.2.0" + }, + { + "ref": "objects-to-csv@1.3.6", + "dependsOn": [ + "async-csv@2.1.3" + ] + }, + { + "ref": "async-csv@2.1.3", + "dependsOn": [ + "csv@5.5.3" + ] + }, + { + "ref": "csv@5.5.3", + "dependsOn": [ + "csv-generate@3.4.3", + "csv-parse@4.16.3", + "csv-stringify@5.6.5", + "stream-transform@2.1.3" + ] + }, + { + "ref": "csv-generate@3.4.3" + }, + { + "ref": "csv-stringify@5.6.5" + }, + { + "ref": "stream-transform@2.1.3", + "dependsOn": [ + "mixme@0.5.10" + ] + }, + { + "ref": "mixme@0.5.10" + }, + { + "ref": "oclif@4.13.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0", + "@aws-sdk/client-s3@3.583.0", + "@inquirer/confirm@3.1.9", + "@inquirer/input@2.1.9", + "@inquirer/select@2.3.5", + "oclif@4.13.0|@oclif/core@4.0.1", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-not-found@3.2.1", + "@oclif/plugin-warn-if-update-available@3.1.4", + "async-retry@1.3.3", + "chalk@4.1.2", + "change-case@4.1.2", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "find-yarn-workspace-root@2.0.0", + "oclif@4.13.0|fs-extra@8.1.0", + "github-slugger@2.0.0", + "got@13.0.0", + "lodash@4.17.21", + "normalize-package-data@6.0.1", + "semver@7.6.2", + "sort-package-json@2.10.0", + "tiny-jsonc@1.0.1", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "oclif@4.13.0|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "oclif@4.13.0|debug@4.3.5", + "dependsOn": [ + "oclif@4.13.0|ms@2.1.2" + ] + }, + { + "ref": "oclif@4.13.0|ms@2.1.2" + }, + { + "ref": "oclif@4.13.0|fs-extra@8.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "oclif@4.13.0|jsonfile@4.0.0", + "oclif@4.13.0|universalify@0.1.2" + ] + }, + { + "ref": "oclif@4.13.0|jsonfile@4.0.0", + "dependsOn": [ + "graceful-fs@4.2.11" + ] + }, + { + "ref": "oclif@4.13.0|universalify@0.1.2" + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/xml-builder@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-waiter@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0", + "dependsOn": [ + "@aws-crypto/sha1-browser@3.0.0", + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "@aws-sdk/middleware-expect-continue@3.577.0", + "@aws-sdk/middleware-flexible-checksums@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-location-constraint@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/middleware-signing@3.577.0", + "@aws-sdk/middleware-ssec@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/signature-v4-multi-region@3.582.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/eventstream-serde-browser@3.0.0", + "@smithy/eventstream-serde-config-resolver@3.0.0", + "@smithy/eventstream-serde-node@3.0.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-blob-browser@3.0.0", + "@smithy/hash-node@3.0.0", + "@smithy/hash-stream-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/md5-js@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/region-config-resolver@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-node@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-env@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-process@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/token-providers@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso-oidc@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sts@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/credential-provider-node@3.577.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-http@3.577.0", + "@aws-sdk/credential-provider-ini@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-user-agent@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-endpoints@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-http@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-ini@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-sso@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso@3.577.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-arn-parser@3.568.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@aws-crypto/crc32c@3.0.0", + "@aws-sdk/types@3.577.0", + "@smithy/is-array-buffer@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/crc32c@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-signing@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-ssec@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "dependsOn": [ + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-browser@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-universal@3.0.0", + "dependsOn": [ + "@smithy/eventstream-codec@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-codec@3.0.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-node@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-blob-browser@3.0.0", + "dependsOn": [ + "@smithy/chunked-blob-reader-native@3.0.0", + "@smithy/chunked-blob-reader@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader-native@3.0.0", + "dependsOn": [ + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-stream-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/md5-js@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@inquirer/confirm@3.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/core@8.2.2", + "dependsOn": [ + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "@types/mute-stream@0.0.4", + "@types/node@20.14.1", + "@types/wrap-ansi@3.0.0", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-spinners@2.9.2", + "@inquirer/core@8.2.2|cli-width@4.1.0", + "@inquirer/core@8.2.2|mute-stream@1.0.0", + "@inquirer/core@8.2.2|signal-exit@4.1.0", + "strip-ansi@6.0.1", + "@inquirer/core@8.2.2|wrap-ansi@6.2.0" + ] + }, + { + "ref": "@inquirer/core@8.2.2|cli-width@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|mute-stream@1.0.0" + }, + { + "ref": "@inquirer/core@8.2.2|signal-exit@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@inquirer/figures@1.0.3" + }, + { + "ref": "@inquirer/type@1.3.3" + }, + { + "ref": "@types/mute-stream@0.0.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/wrap-ansi@3.0.0" + }, + { + "ref": "@inquirer/input@2.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/select@2.3.5", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "ansi-escapes@4.3.2", + "chalk@4.1.2" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1", + "dependsOn": [ + "@inquirer/confirm@3.1.9", + "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "ansis@3.2.0", + "fast-levenshtein@3.0.0" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "fast-levenshtein@3.0.0", + "dependsOn": [ + "fastest-levenshtein@1.0.16" + ] + }, + { + "ref": "fastest-levenshtein@1.0.16" + }, + { + "ref": "async-retry@1.3.3", + "dependsOn": [ + "retry@0.13.1" + ] + }, + { + "ref": "retry@0.13.1" + }, + { + "ref": "change-case@4.1.2", + "dependsOn": [ + "camel-case@4.1.2", + "capital-case@1.0.4", + "constant-case@3.0.4", + "dot-case@3.0.4", + "header-case@2.0.4", + "no-case@3.0.4", + "param-case@3.0.4", + "pascal-case@3.1.2", + "path-case@3.0.4", + "sentence-case@3.0.4", + "snake-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "camel-case@4.1.2", + "dependsOn": [ + "pascal-case@3.1.2", + "tslib@2.6.3" + ] + }, + { + "ref": "pascal-case@3.1.2", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "capital-case@1.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "no-case@3.0.4", + "dependsOn": [ + "lower-case@2.0.2", + "tslib@2.6.3" + ] + }, + { + "ref": "upper-case-first@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "constant-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case@2.0.2" + ] + }, + { + "ref": "upper-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "dot-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "header-case@2.0.4", + "dependsOn": [ + "capital-case@1.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "lower-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "param-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "path-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "sentence-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "snake-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "find-yarn-workspace-root@2.0.0", + "dependsOn": [ + "micromatch@4.0.5" + ] + }, + { + "ref": "github-slugger@2.0.0" + }, + { + "ref": "got@13.0.0", + "dependsOn": [ + "@sindresorhus/is@5.6.0", + "@szmarczak/http-timer@5.0.1", + "cacheable-lookup@7.0.0", + "cacheable-request@10.2.14", + "decompress-response@6.0.0", + "form-data-encoder@2.1.4", + "get-stream@6.0.1", + "http2-wrapper@2.2.1", + "lowercase-keys@3.0.0", + "p-cancelable@3.0.0", + "responselike@3.0.0" + ] + }, + { + "ref": "@sindresorhus/is@5.6.0" + }, + { + "ref": "@szmarczak/http-timer@5.0.1", + "dependsOn": [ + "defer-to-connect@2.0.1" + ] + }, + { + "ref": "defer-to-connect@2.0.1" + }, + { + "ref": "cacheable-lookup@7.0.0" + }, + { + "ref": "cacheable-request@10.2.14", + "dependsOn": [ + "@types/http-cache-semantics@4.0.4", + "get-stream@6.0.1", + "http-cache-semantics@4.1.1", + "keyv@4.5.4", + "mimic-response@4.0.0", + "normalize-url@8.0.1", + "responselike@3.0.0" + ] + }, + { + "ref": "@types/http-cache-semantics@4.0.4" + }, + { + "ref": "http-cache-semantics@4.1.1" + }, + { + "ref": "mimic-response@4.0.0" + }, + { + "ref": "normalize-url@8.0.1" + }, + { + "ref": "responselike@3.0.0", + "dependsOn": [ + "lowercase-keys@3.0.0" + ] + }, + { + "ref": "decompress-response@6.0.0", + "dependsOn": [ + "decompress-response@6.0.0|mimic-response@3.1.0" + ] + }, + { + "ref": "decompress-response@6.0.0|mimic-response@3.1.0" + }, + { + "ref": "form-data-encoder@2.1.4" + }, + { + "ref": "http2-wrapper@2.2.1", + "dependsOn": [ + "quick-lru@5.1.1", + "resolve-alpn@1.2.1" + ] + }, + { + "ref": "resolve-alpn@1.2.1" + }, + { + "ref": "lowercase-keys@3.0.0" + }, + { + "ref": "p-cancelable@3.0.0" + }, + { + "ref": "normalize-package-data@6.0.1", + "dependsOn": [ + "hosted-git-info@7.0.2", + "is-core-module@2.13.1", + "semver@7.6.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "spdx-correct@3.2.0", + "dependsOn": [ + "spdx-expression-parse@3.0.1", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-expression-parse@3.0.1", + "dependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-license-ids@3.0.17" + }, + { + "ref": "spdx-exceptions@2.5.0" + }, + { + "ref": "sort-package-json@2.10.0", + "dependsOn": [ + "detect-indent@7.0.1", + "sort-package-json@2.10.0|detect-newline@4.0.1", + "get-stdin@9.0.0", + "git-hooks-list@3.1.0", + "sort-package-json@2.10.0|globby@13.2.2", + "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "semver@7.6.2", + "sort-object-keys@1.1.3" + ] + }, + { + "ref": "sort-package-json@2.10.0|detect-newline@4.0.1" + }, + { + "ref": "sort-package-json@2.10.0|globby@13.2.2", + "dependsOn": [ + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "sort-package-json@2.10.0|slash@4.0.0" + ] + }, + { + "ref": "sort-package-json@2.10.0|slash@4.0.0" + }, + { + "ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0" + }, + { + "ref": "detect-indent@7.0.1" + }, + { + "ref": "get-stdin@9.0.0" + }, + { + "ref": "git-hooks-list@3.1.0" + }, + { + "ref": "sort-object-keys@1.1.3" + }, + { + "ref": "tiny-jsonc@1.0.1" + }, + { + "ref": "open@10.1.0", + "dependsOn": [ + "default-browser@5.2.1", + "define-lazy-prop@3.0.0", + "is-inside-container@1.0.0", + "open@10.1.0|is-wsl@3.1.0" + ] + }, + { + "ref": "open@10.1.0|is-wsl@3.1.0", + "dependsOn": [ + "is-inside-container@1.0.0" + ] + }, + { + "ref": "default-browser@5.2.1", + "dependsOn": [ + "bundle-name@4.1.0", + "default-browser-id@5.0.0" + ] + }, + { + "ref": "bundle-name@4.1.0", + "dependsOn": [ + "run-applescript@7.0.0" + ] + }, + { + "ref": "run-applescript@7.0.0" + }, + { + "ref": "default-browser-id@5.0.0" + }, + { + "ref": "define-lazy-prop@3.0.0" + }, + { + "ref": "is-inside-container@1.0.0", + "dependsOn": [ + "is-inside-container@1.0.0|is-docker@3.0.0" + ] + }, + { + "ref": "is-inside-container@1.0.0|is-docker@3.0.0" + }, + { + "ref": "prompt-sync@4.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|strip-ansi@5.2.0" + ] + }, + { + "ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|ansi-regex@4.1.1" + ] + }, + { + "ref": "prompt-sync@4.2.0|ansi-regex@4.1.1" + }, + { + "ref": "lodash.truncate@4.4.2" + }, + { + "ref": "tmp@0.2.3" + }, + { + "ref": "ts-jest@29.1.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-jest@29.7.0", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "jest-util@29.7.0", + "jest@29.7.0", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "typescript@5.1.6", + "ts-jest@29.1.4|yargs-parser@21.1.1" + ] + }, + { + "ref": "ts-jest@29.1.4|yargs-parser@21.1.1" + }, + { + "ref": "@ampproject/remapping@2.3.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "js-tokens@4.0.0" + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6", + "dependsOn": [ + "@babel/compat-data@7.24.4", + "@babel/helper-validator-option@7.23.5", + "browserslist@4.23.0", + "lru-cache@5.1.1", + "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + ] + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + }, + { + "ref": "@babel/compat-data@7.24.4" + }, + { + "ref": "@babel/helper-validator-option@7.23.5" + }, + { + "ref": "lru-cache@5.1.1", + "dependsOn": [ + "yallist@3.1.1" + ] + }, + { + "ref": "yallist@3.1.1" + }, + { + "ref": "@babel/helper-module-transforms@7.23.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-module-imports@7.24.3", + "@babel/helper-simple-access@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/helper-validator-identifier@7.22.20" + ] + }, + { + "ref": "@babel/helper-environment-visitor@7.22.20" + }, + { + "ref": "@babel/helper-module-imports@7.24.3", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-simple-access@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-split-export-declaration@7.22.6", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helpers@7.24.4", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-function-name@7.23.0", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-hoist-variables@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-string-parser@7.24.1" + }, + { + "ref": "to-fast-properties@2.0.0" + }, + { + "ref": "gensync@1.0.0-beta.2" + }, + { + "ref": "@jridgewell/resolve-uri@3.1.2" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0", + "dependsOn": [ + "camelcase@5.3.1", + "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "get-package-type@0.1.0", + "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + }, + { + "ref": "camelcase@5.3.1" + }, + { + "ref": "test-exclude@6.0.0", + "dependsOn": [ + "@istanbuljs/schema@0.1.3", + "glob@7.2.3", + "test-exclude@6.0.0|minimatch@3.1.2" + ] + }, + { + "ref": "test-exclude@6.0.0|minimatch@3.1.2", + "dependsOn": [ + "test-exclude@6.0.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@types/babel__generator@7.6.8", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/babel__template@7.4.4", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "babel-preset-jest@29.6.3", + "dependsOn": [ + "@babel/core@7.24.4", + "babel-plugin-jest-hoist@29.6.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "babel-plugin-jest-hoist@29.6.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "ts-mocha@10.0.0", + "dependsOn": [ + "mocha@10.4.0", + "ts-mocha@10.0.0|ts-node@7.0.1", + "tsconfig-paths@3.15.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "dependsOn": [ + "ts-mocha@10.0.0|arrify@1.0.1", + "buffer-from@1.1.2", + "ts-mocha@10.0.0|diff@3.5.0", + "make-error@1.3.6", + "minimist@1.2.8", + "ts-mocha@10.0.0|mkdirp@0.5.6", + "source-map-support@0.5.13", + "ts-mocha@10.0.0|yn@2.0.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|arrify@1.0.1" + }, + { + "ref": "ts-mocha@10.0.0|diff@3.5.0" + }, + { + "ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "ts-mocha@10.0.0|yn@2.0.0" + }, + { + "ref": "buffer-from@1.1.2" + }, + { + "ref": "tsconfig-paths@3.15.0", + "dependsOn": [ + "@types/json5@0.0.29", + "tsconfig-paths@3.15.0|json5@1.0.2", + "minimist@1.2.8", + "tsconfig-paths@3.15.0|strip-bom@3.0.0" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0" + }, + { + "ref": "@types/json5@0.0.29" + }, + { + "ref": "@cspotcode/source-map-support@0.8.1", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9" + ] + }, + { + "ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "@tsconfig/node10@1.0.11" + }, + { + "ref": "@tsconfig/node12@1.0.11" + }, + { + "ref": "@tsconfig/node14@1.0.3" + }, + { + "ref": "@tsconfig/node16@1.0.4" + }, + { + "ref": "acorn-walk@8.3.2" + }, + { + "ref": "create-require@1.1.1" + }, + { + "ref": "diff@4.0.2" + }, + { + "ref": "v8-compile-cache-lib@3.0.1" + }, + { + "ref": "yn@3.1.1" + }, + { + "ref": "tsimportlib@0.0.5" + }, + { + "ref": "@colors/colors@1.6.0" + }, + { + "ref": "@dabh/diagnostics@2.0.3", + "dependsOn": [ + "colorspace@1.1.4", + "enabled@2.0.0", + "kuler@2.0.0" + ] + }, + { + "ref": "colorspace@1.1.4", + "dependsOn": [ + "colorspace@1.1.4|color@3.2.1", + "text-hex@1.0.0" + ] + }, + { + "ref": "colorspace@1.1.4|color@3.2.1", + "dependsOn": [ + "colorspace@1.1.4|color-convert@1.9.3", + "color-string@1.9.1" + ] + }, + { + "ref": "colorspace@1.1.4|color-convert@1.9.3", + "dependsOn": [ + "colorspace@1.1.4|color-name@1.1.3" + ] + }, + { + "ref": "colorspace@1.1.4|color-name@1.1.3" + }, + { + "ref": "text-hex@1.0.0" + }, + { + "ref": "enabled@2.0.0" + }, + { + "ref": "kuler@2.0.0" + }, + { + "ref": "logform@2.6.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@types/triple-beam@1.3.5", + "fecha@4.2.3", + "ms@2.1.3", + "safe-stable-stringify@2.4.3", + "triple-beam@1.4.1" + ] + }, + { + "ref": "fecha@4.2.3" + }, + { + "ref": "safe-stable-stringify@2.4.3" + }, + { + "ref": "triple-beam@1.4.1" + }, + { + "ref": "one-time@1.0.0", + "dependsOn": [ + "fn.name@1.1.0" + ] + }, + { + "ref": "fn.name@1.1.0" + }, + { + "ref": "string_decoder@1.3.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "stack-trace@0.0.10" + }, + { + "ref": "winston-transport@4.7.0", + "dependsOn": [ + "logform@2.6.0", + "readable-stream@3.6.2", + "triple-beam@1.4.1" + ] + }, + { + "ref": "xlsx-populate@1.21.0", + "dependsOn": [ + "cfb@1.2.2", + "jszip@3.10.1", + "lodash@4.17.21", + "xlsx-populate@1.21.0|sax@1.3.0" + ] + }, + { + "ref": "xlsx-populate@1.21.0|sax@1.3.0" + }, + { + "ref": "cfb@1.2.2", + "dependsOn": [ + "adler-32@1.3.1", + "crc-32@1.2.2" + ] + }, + { + "ref": "adler-32@1.3.1" + }, + { + "ref": "crc-32@1.2.2" + }, + { + "ref": "jszip@3.10.1", + "dependsOn": [ + "lie@3.3.0", + "pako@1.0.11", + "jszip@3.10.1|readable-stream@2.3.8", + "setimmediate@1.0.5" + ] + }, + { + "ref": "jszip@3.10.1|readable-stream@2.3.8", + "dependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "jszip@3.10.1|safe-buffer@5.1.2", + "jszip@3.10.1|string_decoder@1.1.1", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "jszip@3.10.1|safe-buffer@5.1.2" + }, + { + "ref": "jszip@3.10.1|string_decoder@1.1.1", + "dependsOn": [ + "jszip@3.10.1|safe-buffer@5.1.2" + ] + }, + { + "ref": "lie@3.3.0", + "dependsOn": [ + "immediate@3.0.6" + ] + }, + { + "ref": "immediate@3.0.6" + }, + { + "ref": "pako@1.0.11" + }, + { + "ref": "core-util-is@1.0.3" + }, + { + "ref": "isarray@1.0.0" + }, + { + "ref": "process-nextick-args@2.0.1" + }, + { + "ref": "setimmediate@1.0.5" + }, + { + "ref": "sax@1.2.1" + }, + { + "ref": "xmlbuilder@11.0.1" + }, + { + "ref": "zip-lib@1.0.4", + "dependsOn": [ + "yauzl@3.1.3", + "yazl@2.5.1" + ] + }, + { + "ref": "yauzl@3.1.3", + "dependsOn": [ + "buffer-crc32@0.2.13", + "pend@1.2.0" + ] + }, + { + "ref": "buffer-crc32@0.2.13" + }, + { + "ref": "pend@1.2.0" + }, + { + "ref": "yazl@2.5.1", + "dependsOn": [ + "buffer-crc32@0.2.13" + ] + } + ] +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json new file mode 100644 index 0000000000..c7012e0928 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -0,0 +1,12634 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8", + "target_id": null + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9", + "version": "SNAPSHOT", + "maintainer": "", + "summary": null, + "description": "This is the project I want to use to generate data to understand the schema a bit better", + "license": "", + "copyright": null, + "copyright_email": null, + "supports": [], + "attributes": [], + "depends": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "key": "id", + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": null, + "run_time": null, + "start_time": "" + } + ] + } + ], + "sha256": "d92e5bec82fc3b42cb960062a1cfb4deac989f7d92db2436e0fb97ab0649c212" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "", + "data": {} + } + ], + "raw": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:28Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + }, + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "vulnerabilities": [ + { + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 173, + 200, + 378, + 732 + ], + "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ] + }, + { + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 379, + 552 + ], + "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ] + }, + { + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 94, + 502 + ], + "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502, + 913 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 787 + ], + "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ] + }, + { + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ] + }, + { + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 776 + ], + "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 776 + ], + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 20, + 502 + ], + "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + } + ] + }, + { + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 613 + ], + "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 551, + 755 + ], + "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400, + 770 + ], + "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 226 + ], + "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 20 + ], + "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ] + }, + { + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 130 + ], + "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ] + }, + { + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 378, + 379, + 552 + ], + "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "affects": [ + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" + } + ] + }, + { + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "affects": [ + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" + } + ] + }, + { + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ] + }, + { + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 149 + ], + "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ] + }, + { + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200, + 732 + ], + "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "affects": [ + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" + } + ] + }, + { + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "high", + "method": "other" + } + ], + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ] + }, + { + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "low", + "method": "other" + } + ], + "description": "testing", + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ] + }, + { + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ] + }, + { + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ] + }, + { + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "affects": [ + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" + } + ] + }, + { + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 79 + ], + "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "affects": [ + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507" + } + ] + }, + { + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "affects": [ + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" + } + ] + }, + { + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 410 + ], + "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ] + }, + { + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ] + }, + { + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 190 + ], + "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "affects": [ + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" + } + ] + }, + { + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 295 + ], + "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ] + }, + { + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ] + }, + { + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ] + }, + { + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 88 + ], + "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json new file mode 100644 index 0000000000..213cc610cb --- /dev/null +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -0,0 +1,59 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8", + "target_id": null + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9", + "version": "SNAPSHOT", + "maintainer": "", + "summary": null, + "description": "This is the project I want to use to generate data to understand the schema a bit better", + "license": "", + "copyright": null, + "copyright_email": null, + "supports": [], + "attributes": [], + "depends": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "key": "id", + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": null, + "run_time": null, + "start_time": "" + } + ] + } + ], + "sha256": "d92e5bec82fc3b42cb960062a1cfb4deac989f7d92db2436e0fb97ab0649c212" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "", + "data": {} + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json new file mode 100644 index 0000000000..c6b68ab6c0 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json @@ -0,0 +1,89271 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8", + "target_id": null + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "application/@mitre/saf@1.4.7", + "title": "@mitre/saf", + "version": "1.4.7", + "maintainer": "The MITRE Security Automation Framework", + "summary": null, + "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "license": "Apache-2.0", + "copyright": null, + "copyright_email": null, + "supports": [], + "attributes": [], + "depends": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "key": "id", + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": null, + "run_time": null, + "start_time": "" + } + ] + } + ], + "sha256": "fa498e2635fd0213c89c495b1cc1da6c86eb1f8e9ee55f10da6c5fdc6e3e3463" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "", + "data": {} + } + ], + "raw": { + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "serialNumber": "urn:uuid:7103f08b-5c5e-4b5b-b2c7-d4be65fa19fe", + "metadata": { + "timestamp": "2024-07-08T18:08:55.978Z", + "tools": [ + { + "name": "npm", + "version": "10.7.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "1.19.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "6.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "saf", + "group": "@mitre", + "version": "1.4.7", + "bom-ref": "@mitre/saf@1.4.7", + "author": "The MITRE Security Automation Framework", + "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/saf@1.4.7?vcs_url=git%2Bhttps%3A//github.com/mitre/saf.git", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/saf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/saf", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/saf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "client-config-service", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Config Service Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-config-service@3.590.0#clients/client-config-service", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-config-service", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-config-service", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-config-service/-/client-config-service-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ad29ae81b639104043527461f1bd58d83f0294a7d812a161b7210ff7855d54705dae36775d2b2269d856e08b21e4ed081c2c93ba6c189b90327e25fcb03aa3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/token-providers" + } + ] + } + ] + }, + { + "type": "library", + "name": "sha256-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f152e65b607e82315b539b8c7aab5033a363d3f1756eba3cd31417096e824015a0a2c1565d3c7beda78e17908020099b38aeb849d30125d36be89e35c8fe66bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "ie11-detection", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions and types for detecting if the host environment is IE11", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/ie11-detection@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/ie11-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df8d650419226350df0cd29a8bfc173376ae8cd0645d1eedab55113d00cbf708b70146c8f34351ef8b85d535c7326ee9a3501c9c593c8aed92d88794ffefc0f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "sha256-js", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-js@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-js@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e734dee8b34fb27755ef5c0cb6dc214e9936cc683c60c57b53287c9bac9dfd63c906cc10138011626d624a1fa061cad2c8fd9caccecf3bc4238137206283abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "supports-web-crypto", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions for detecting if the host environment supports the WebCrypto API", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/supports-web-crypto@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/supports-web-crypto", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d3a84174cc1401bd96153b861bbdcb482d307cfbbddf15b0a39bcbd9eb7d7b29a09aedc8779bc500705b6a355688684f3b7eea72c7426a9fc5a97bc918958f22" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "util", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/util@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/util@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/util", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8e265a5e269091e3c082f2bfae2950a1cecf48ba7823f70919ae5f19d38d435845afc881c82d82823cdcc98212ac8af8fe4b798ba3a05573b981373771038eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/util@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/types@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.577.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "153d896444b7c0128dfda95f9a1968fb764eabf5c9d02ed039970336ba4a8c1d24a98a0a8e154a67f1f1e80ad1d1cce429f1f304112ceb2e3479b207c769d298" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/types" + } + ] + }, + { + "type": "library", + "name": "util-utf8-browser", + "group": "@aws-sdk", + "version": "3.259.0", + "bom-ref": "@aws-sdk/util-utf8-browser@3.259.0", + "author": "AWS SDK for JavaScript Team", + "description": "A browser UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-utf8-browser@3.259.0#packages/util-utf8-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-utf8-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-utf8-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52f15afef47e7b5f57a2891917c47315906bc361149105b18815b4c9840086f9370be4151a5d07de8b9c6bc2c306505f40a5f0996de1ba8ff9f47f2bc1bd7027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-utf8-browser" + } + ] + }, + { + "type": "library", + "name": "util-locate-window", + "group": "@aws-sdk", + "version": "3.535.0", + "bom-ref": "@aws-sdk/util-locate-window@3.535.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-locate-window@3.535.0#packages/util-locate-window", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-locate-window", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-locate-window", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.535.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c727748be9dda3a5c81ba9d8223f1917a6eec3adcd8f6158b0c5222abef30a843c33481d56de632fb69cf028ce0813bccb168759a3418a8c9f40b285e775784" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-locate-window" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "2.6.3", + "bom-ref": "tslib@2.6.3", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@2.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4dbf12443948963c6854b9475080024f28e3897c69c8c8ac9239cd3d5e42ac81d515ff7136cefc1961d7a38e64603c281cca6d63b8b1f7db6eb203bb0414929" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-host-header@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.577.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c6b9309cf8e7908e0c8557b34fec5a6266eeddd03b81146b5cdff2913c82b2e9cdfd09f786f3fec9035a6dfb3e58b5dd3dd66804011c24e21f681455f0ac5a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-host-header" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-logger@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.577.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68f146a468d365c25893edb86e0ee34f85dd229e369855d2b8fb78f65c392b281e7cbc8933fb01d1b28aa8f6188af5b4adcb99f5bad0e7c79950db61af3600be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-logger" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.577.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a67dd95447768a86ca2654771fe6c38a51e38119cdad0e873262bd673670f3d0a49f70dc6efe3cc4ebf8449beed1a53c4832e5fd2342c69a4a8de2c34cf18134" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-recursion-detection" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.577.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc40331e047a1d6a59387ef11607892dcebf0b331cc789f1790a25671559a01e693da25ddc28f246164dd315de641d1721109699be322418328ae8172cd3242c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-browser" + } + ] + }, + { + "type": "library", + "name": "config-resolver", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/config-resolver@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/config-resolver@3.0.1#packages/config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85b91825cdb44810f3daaa8bcedb6323f12a5de9ad996934a284739cbb225e9df4eba290453bee2876bb5388c264226ae83a33aafcb4475fef344482f629cf26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/config-resolver" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@smithy", + "version": "2.1.1", + "bom-ref": "@smithy/core@2.1.1", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/core@2.1.1#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/core/-/core-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2f6c8c3051c83414c85354980c85bb1148014bd2bc1dbb2fce433ed7ab5a495c93b2686bfe3c68e3d6219ac119730543c0e41909bfb4baabe614d94f2093f58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/core" + } + ] + }, + { + "type": "library", + "name": "fetch-http-handler", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/fetch-http-handler@3.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/fetch-http-handler@3.0.1#packages/fetch-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/fetch-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/fetch-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9a1fbe22e410e3fab070a106978a82a923448704916d395c33ac2a71671a61396d248b98e18fb757bc33183362097a6f13a5d16f4b6882d3cb2339b95f14616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/fetch-http-handler" + } + ] + }, + { + "type": "library", + "name": "hash-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-node@3.0.0#packages/hash-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f38a97b2d35e98fdd74b98dca1fd1e97af9b0df8f3baf8493d04c47eba37960b5b0ad2a0ccf9b7320892e9e85754f8de439f894b41ea993cfc7ff4587f31d5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-node" + } + ] + }, + { + "type": "library", + "name": "invalid-dependency", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/invalid-dependency@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/invalid-dependency@3.0.0#packages/invalid-dependency", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/invalid-dependency", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/invalid-dependency", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17ac0105a105809ce3d2ce0a5259622063e6a977a6c0fe846af82f0ea630087e343b95ebda2307bd2f2da1d986559b6e242a2b0645ec60bc93bb83ee8b356ae6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/invalid-dependency" + } + ] + }, + { + "type": "library", + "name": "middleware-content-length", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-content-length@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-content-length@3.0.0#packages/middleware-content-length", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-content-length", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-content-length", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc2e2ce1dfe21a86e00ad936b67596ebecd24ce060d4f4409b6bed5992ddae2c13ae815b6d6352af795ccb31ddad01e71176020b92b9d846e97e875a21463cb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-content-length" + } + ] + }, + { + "type": "library", + "name": "middleware-endpoint", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/middleware-endpoint@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-endpoint@3.0.1#packages/middleware-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "950fd439d183e0a33990b662025d2af10cb774f6f29ef0172807579d896b0353a9694c2bfa7792b15a240d9a58e9955be58c7c8e7bacdbdbafe975a933d3f849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-endpoint" + } + ] + }, + { + "type": "library", + "name": "middleware-retry", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/middleware-retry@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-retry@3.0.3#packages/middleware-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5af7b5ab325bf3754453feaafbf2347107409039eecc42c2e88bc80700f3504886a4aa97817d6fd74154b9919b452e8ebff3fe1c7b61700a07389650bd934090" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-retry" + } + ] + }, + { + "type": "library", + "name": "middleware-serde", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-serde@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-serde@3.0.0#packages/middleware-serde", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-serde", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-serde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "235bca1b57e823ea0f806f6bec8318d52fb10679809f5212aa9968cafaa4c07a126fc54fb278070d33a0606601a27b8e2a775a591506259aca6182c1f809deeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-serde" + } + ] + }, + { + "type": "library", + "name": "middleware-stack", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-stack@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a means for composing multiple middleware functions into a single handler", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-stack@3.0.0#packages/middleware-stack", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-stack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-stack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87d239b27c0c874455e6eb0ba7b24b8d02ab63ef27e6c0507a169dfb7a7cada76ab4e3bfce77dc5eb446946e5bb22263a51a71a969519a55f8f06b04abfa2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-stack" + } + ] + }, + { + "type": "library", + "name": "node-config-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/node-config-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "Load config default values from ini config files and environmental variable", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-config-provider@3.1.0#packages/node-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e07c1f1022d51f4c54df1ccbcab9cda0d56eb4575bab220647a83d49345642dad4d65da86a7f65ef297a9c052ef266a47b1aa910419cb5d72fe534e516ceaed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-config-provider" + } + ] + }, + { + "type": "library", + "name": "node-http-handler", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/node-http-handler@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-http-handler@3.0.0#packages/node-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dedac3e2becd38cca0c0b6d4268e1ea1dc90bb2a405abeeebcf9de6cd27d6bbd1d421567f944bc8ff9429efa094ba0577d9785ecf924908d037a6549c3e9fe79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-http-handler" + } + ] + }, + { + "type": "library", + "name": "protocol-http", + "group": "@smithy", + "version": "4.0.0", + "bom-ref": "@smithy/protocol-http@4.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/protocol-http@4.0.0#packages/protocol-http", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/protocol-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/protocol-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e4193842365cb5915813bd020218b87baa8d9d9cb32afcfc89601431c336e2202c0311c76065f1c9395390fa561f433dda1a569bb3c1631ad3171d2f83bf01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/protocol-http" + } + ] + }, + { + "type": "library", + "name": "smithy-client", + "group": "@smithy", + "version": "3.1.1", + "bom-ref": "@smithy/smithy-client@3.1.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/smithy-client@3.1.1#packages/smithy-client", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/smithy-client", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/smithy-client", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63e0abbb329cd947c72656e3dc49bacb155c66a6d5a4b6624cc124ffb8812ae2c6ab69b11d17c09b99075807bb89fd7e7542ad846309d1b284bb85d47807bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/smithy-client" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/types@3.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/types@3.0.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/types/-/types-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "56f5ae424d91285b8eafdf201618dc6bb7e4052fb12cb5114fc6d48e4e5742857464b9bb58fc163cf637fc0c334cbb940437a82830ad85f7b502c4d459a48487" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/types" + } + ] + }, + { + "type": "library", + "name": "url-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/url-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/url-parser@3.0.0#packages/url-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/url-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/url-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d972dacc5814bbe60e187b568a10771522c07c251a8d57cd05718662339a54a8cb02e031c77a52058de10602f3220075ee169fe7d80e1b78a62aa4f2f2672b8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/url-parser" + } + ] + }, + { + "type": "library", + "name": "util-base64", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-base64@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A Base64 <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-base64@3.0.0#packages/util-base64", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-base64", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-base64", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b1be887942db74083b1f6a3899382a49c60b4f1d738ac2633e672e30683e3752810c03ea8fc716bdf1a13fed985d9c115915730e881479c5b71a3212edce741" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-base64" + } + ] + }, + { + "type": "library", + "name": "util-body-length-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in browsers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-browser@3.0.0#packages/util-body-length-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71b8c9b3603598b626aa6c9597cd2ea0b4c984071fccc3b23e08f0018bac58a31d2de36dce6333f58c4d977fe344ba31492df092a91fd23c0d76d5d6b7210169" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-browser" + } + ] + }, + { + "type": "library", + "name": "util-body-length-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-node@3.0.0#packages/util-body-length-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3ee96786d49683543fa3f3c2137b2b7f3ab664a61044fd42d420d1381d34e9f1859bc2b2c1e38bea194d422ecf110245f1bcadd9b63ccc3658216ce9e21890" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-node" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-browser", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-browser@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-browser@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc314e3766ef5c902e9097bea8580f57fae8ac6ed90f79b88230971c3d55e73fed80a429e4c09308b9edaddebcead5fab63f14962de579f59726e74d8395a608" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-browser" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-node", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-node@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-node@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f46fc1895de713d346daa124372227aede4de667b198f30d739a0f29768818ac6bd625e2dc21c96a93681b906e0ad03681196aceeafeabdb48b02057c362b98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-node" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@smithy", + "version": "2.0.1", + "bom-ref": "@smithy/util-endpoints@2.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-endpoints@2.0.1#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6514f45423a72a556885fa0004c73c956790a3f24416e3d672d7cd4578131dbc8e56cb0c38b60550d5ae931c621d119502157e9f773490f5becd4a9c92354f10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-middleware", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-middleware@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-middleware@3.0.0#packages/util-middleware", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-middleware", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-middleware", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab921374e9d5da95c74950e7296af08123530c100c1cba6d144d3bb9aff94f2e56275d5bbebd2f9366bb6a0bbba9186b085450967a39bb70a7794e4410b2be0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-middleware" + } + ] + }, + { + "type": "library", + "name": "util-retry", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-retry@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared retry utilities to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-retry@3.0.0#packages/util-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9caf7d6ef262ce21affd438a2650ef145e39174d1680f2ca5481947c02be98387354dda16ff4b7dee5b64e5860e4f541a2a63bb4356a2f4ce6bb83b1007828f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-retry" + } + ] + }, + { + "type": "library", + "name": "util-utf8", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-utf8@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-utf8@3.0.0#packages/util-utf8", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-utf8", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-utf8", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad4793d766f1167a656037bcd791976eafe88b11061df44516d71317761d0e2fc968434833a6926182c9c9d1bcdd43732d77912392bc69b61dffc4a9fd033490" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-utf8" + } + ] + }, + { + "type": "library", + "name": "signature-v4", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/signature-v4@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A standalone implementation of the AWS Signature V4 request signing algorithm", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/signature-v4@3.0.0#packages/signature-v4", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/signature-v4", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/signature-v4", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91714e90d5fe0501dedaa9cbc693046824466a9f49ead5062f373703d8dd9fe9c3e0974cc0229327ecc5c10db41a463e9805c66adc93c371dca14951dfd1f098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/signature-v4" + } + ] + }, + { + "type": "library", + "name": "is-array-buffer", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/is-array-buffer@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a function for detecting if an argument is an ArrayBuffer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/is-array-buffer@3.0.0#packages/is-array-buffer", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/is-array-buffer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/is-array-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f85b2ee90e82e114898b2f3563c780a63101e6056d33ea052937df83e8d2bb0b6fa26249ae150906edb34bcc235d2807fe0d4c2845abcf20a14c17ba7256f915" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/is-array-buffer" + } + ] + }, + { + "type": "library", + "name": "util-hex-encoding", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-hex-encoding@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Converts binary buffers to and from lowercase hexadecimal encoding", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-hex-encoding@3.0.0#packages/util-hex-encoding", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-hex-encoding", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-hex-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7859dd8755842b960c518bf2de53e5566618fdf65c404d43f2849fe3521ddaf09e2242895cf7180c2643fb8fb156223a6f55d277bb44face40997cf3e6295a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-hex-encoding" + } + ] + }, + { + "type": "library", + "name": "util-uri-escape", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-uri-escape@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-uri-escape@3.0.0#packages/util-uri-escape", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-uri-escape", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-uri-escape", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ea47ba982e06530fb9d62c179c522e1aaa8970f0c8736bd02ba4d110f3cd4c249214dac13988708ae93772aaacdc0cbcb438f7b5d086384fc72d55db729ee6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-uri-escape" + } + ] + }, + { + "type": "library", + "name": "strnum", + "version": "1.0.5", + "bom-ref": "strnum@1.0.5", + "author": "Amit Gupta", + "description": "Parse String to Number based on configuration", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strnum@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/strnum.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27c6db37228a5e5e6a61c477e9320ef16de6546547ae69b1b1de4f008b46926cb3c09bf26e2c36215ab99ea7748b82d2352901fecc7d5479656df15dafd93524" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strnum" + } + ] + }, + { + "type": "library", + "name": "property-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/property-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/property-provider@3.1.0#packages/property-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/property-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/property-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3dfea1586a75981e9a30a25a31650037e1bcb1780bfb8a0ee2a8effb6512c450f7edde982ade476c67763f7bd104914ac882114f21656dfff0942efa7e70e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/property-provider" + } + ] + }, + { + "type": "library", + "name": "util-stream", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/util-stream@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-stream@3.0.1#packages/util-stream", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5ed534d840b1f31103c23df3a61d398e5f134fd3d7f663145e8e2ecaa4bd054d3f7bd9feccd80df182ca985bee2a00d3daf7d8aff4a9b4857cd154ebc692cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-stream" + } + ] + }, + { + "type": "library", + "name": "credential-provider-imds", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/credential-provider-imds@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/credential-provider-imds@3.1.0#packages/credential-provider-imds", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/credential-provider-imds", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/credential-provider-imds", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab8038777f2ff296189ac7aefe34d2dd9e48df35e510e7b939b8be109ade54a8125725941ce77bff26950a29c2eb4406e0c4720acf7cb5cc411f520c0b46eeed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/credential-provider-imds" + } + ] + }, + { + "type": "library", + "name": "shared-ini-file-loader", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/shared-ini-file-loader@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/shared-ini-file-loader@3.1.0#packages/shared-ini-file-loader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/shared-ini-file-loader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/shared-ini-file-loader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74033bc125f4351dea4cdc8654dfe7c30a440f37d5f53ff700dd9e0011315a675ae55a99292b2394836aa263b98634161aff88224a177ecdeedaf192373f3e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/shared-ini-file-loader" + } + ] + }, + { + "type": "library", + "name": "util-config-provider", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-config-provider@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities package for configuration providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-config-provider@3.0.0#packages/util-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5b8e4e2cd1fc2adc38bf00d2feac2bc930a3396f3010744e52ffa44be4d5e0304c45022e9481030f3a6e723da2163e9afe10e5ca5d1a27277168c4a7f898225" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-config-provider" + } + ] + }, + { + "type": "library", + "name": "bowser", + "version": "2.11.0", + "bom-ref": "bowser@2.11.0", + "author": "Dustin Diaz", + "description": "Lightweight browser detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bowser@2.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/lancedikson/bowser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lancedikson/bowser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lancedikson/bowser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02571a2418bfa6aa8904843c53d31ca5cf62f00ab19fcf1292fe5dfb1057d34e81639bbc3779862c76b92e0a696bb2ff1dfc20c0b819e8d62cf8083ab9498944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bowser" + } + ] + }, + { + "type": "library", + "name": "querystring-builder", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-builder@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-builder@3.0.0#packages/querystring-builder", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d6f058b4373c9f904d13990a610d7af50260436cad35700e02d59ee0830300539443cf9000bff2a6a11c334004b49315cd7ff0f600b4c48302b45367382ed46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-builder" + } + ] + }, + { + "type": "library", + "name": "util-buffer-from", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-buffer-from@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-buffer-from@3.0.0#packages/util-buffer-from", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-buffer-from", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-buffer-from", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6843870a0ab945615b3fe5033ef3e8b76e842478ce0be6d182c7b903c5771524a1a9de44e54378a9cef3930b2f24f3c056c7fbdd0c18707375fe0b7faed2f040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-buffer-from" + } + ] + }, + { + "type": "library", + "name": "service-error-classification", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/service-error-classification@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/service-error-classification@3.0.0#packages/service-error-classification", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/service-error-classification", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/service-error-classification", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc1b01b4e52dd86b277375f6ddec3eaf633bd56c2da477c40c684760748383aab5b7c16b5a1d798d3db90cb6a3155d47f8fa71009ea0a9ef7261e454b2649d14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/service-error-classification" + } + ] + }, + { + "type": "library", + "name": "uuid", + "version": "9.0.1", + "bom-ref": "uuid@9.0.1", + "description": "RFC4122 (v1, v4, and v5) UUIDs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/uuid@9.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/uuidjs/uuid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/uuidjs/uuid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/uuidjs/uuid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fed5e24e96c47d2bc1c9a68c3d3a4ddf896396488708cd7a1dbefd2b42356839536958ca717f5c19369b78cbd875d2874236baa7629d4e073464b5c9017b7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uuid" + } + ] + }, + { + "type": "library", + "name": "querystring-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-parser@3.0.0#packages/querystring-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5331f0b6193450471c578747ccfc929c1cb7e005b0dd5f6522a513c66a3343ec0f0c03bd72c09631f38b7bb57d0366a0358cbbc44f8f6f44ba2bf276dc94b37d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-parser" + } + ] + }, + { + "type": "library", + "name": "client-securityhub", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-securityhub@3.590.0#clients/client-securityhub", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-securityhub", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-securityhub", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-securityhub/-/client-securityhub-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cc0da783606c03b91489ecb6ea697c41b66088bb51a013b0e30dcec6364162dfcd31500d89bb9108bf63959a057c2f7b3f54f245c9baebdde57ee35adba1f92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/token-providers" + } + ] + } + ] + }, + { + "type": "library", + "name": "xlsx", + "group": "@e965", + "version": "0.20.1", + "bom-ref": "@e965/xlsx@0.20.1", + "author": "sheetjs", + "description": "SheetJS Spreadsheet data parser and writer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40e965/xlsx@0.20.1", + "externalReferences": [ + { + "url": "git+https://github.com/e965/sheetjs-npm-publisher.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://git.sheetjs.com/SheetJS/sheetjs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd1bfc34b0751fa6aa43266ddff80b8ddd31919b07fbf588462e181c0c359281123533cf9b35c96cfa8ed8730dec3641d6f9c5d5448ac50f59bd2d12f4baa66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@e965/xlsx" + } + ] + }, + { + "type": "library", + "name": "emass_client", + "group": "@mitre", + "version": "3.10.0", + "bom-ref": "@mitre/emass_client@3.10.0", + "author": "OpenAPI-Generator Contributors", + "description": "OpenAPI client for @mitre/emass_client", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/emass_client@3.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/emass_client.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/emass_client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/emass_client/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/emass_client/-/emass_client-3.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e10952e45a11106c15df5d35d150ad7a8e7d7a76cf08d11405e99a1331c422a5284f08bf4b64a4f7c4d429d31838c0a53f826d363e984cfaad76ae2fe821e705" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client" + } + ], + "components": [ + { + "type": "library", + "name": "axios", + "version": "0.21.4", + "bom-ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@0.21.4", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bade6f7b0922bbc8e318176aa4ce385f18ee0a3abd2c029e1d59a855f1d5cf2f1e1e0c71abc49b01540da2f0c0f26562d3990fd046bf9ff5337121dc4c941f36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client/node_modules/axios" + } + ] + } + ] + }, + { + "type": "library", + "name": "follow-redirects", + "version": "1.15.6", + "bom-ref": "follow-redirects@1.15.6", + "author": "Ruben Verborgh", + "description": "HTTP and HTTPS modules that follow redirects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/follow-redirects@1.15.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/follow-redirects/follow-redirects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1637ad9821311a3a948ae7ce0465725a7c7d401a93bc45580495f92e5db4ceacf5f87c87cec84a56fc2b2235df09758ac0a0ebda7d14ce127bec3befaa0aa14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/follow-redirects" + } + ] + }, + { + "type": "library", + "name": "hdf-converters", + "group": "@mitre", + "version": "2.10.8", + "bom-ref": "@mitre/hdf-converters@2.10.8", + "description": "Converter util library used to transform various scan results into HDF format", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/hdf-converters@2.10.8", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/hdf-converters" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@mdi", + "version": "7.4.47", + "bom-ref": "@mdi/js@7.4.47", + "author": "Austin Andrews", + "description": "Dist for Material Design Icons for JS/TypeScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mdi/js@7.4.47", + "externalReferences": [ + { + "url": "git+https://github.com/Templarian/MaterialDesign-JS.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mdi/js/-/js-7.4.47.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28f9cd3ad9b98b6a4c69ba99c69533ee241ffa67eb619c8a099f10373f39733804b7b72e1dc1a8ad67ddcd4316600d120fe6ba1e7e05989f98873cf38e44d9ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mdi/js" + } + ] + }, + { + "type": "library", + "name": "jsonix", + "group": "@mitre", + "version": "3.0.7", + "bom-ref": "@mitre/jsonix@3.0.7", + "author": "Alexey Valikov", + "description": "Jsonix (JSON interfaces for XML) is a JavaScript library which allows converting between XML and JSON structures.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "http://github.com/highsource/jsonix/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/%40mitre/jsonix@3.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mitre/jsonix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/mitre/jsonix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/mitre/jsonix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/jsonix/-/jsonix-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f1a0cd2f6bf46f606a68e8bedc77fdfc4b8d914315cc53d83aeb0bc7d318fcacbd2cbcf60f90718062fcfa1e669d8a53887c859271a6e16aff3059b3ee81cb63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/jsonix" + } + ] + }, + { + "type": "library", + "name": "xmldom", + "group": "@xmldom", + "version": "0.8.10", + "bom-ref": "@xmldom/xmldom@0.8.10", + "description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40xmldom/xmldom@0.8.10", + "externalReferences": [ + { + "url": "git://github.com/xmldom/xmldom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xmldom/xmldom", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xmldom/xmldom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9600b7d3978c68d9290609846deab0d315f93d475733981bd4432d7680ad8ab91288a5612171b6f3cbc1195edcff8e446a1d7f1b14473a142d478d7e1351663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@xmldom/xmldom" + } + ] + }, + { + "type": "library", + "name": "amdefine", + "version": "0.0.4", + "bom-ref": "amdefine@0.0.4", + "author": "James Burke", + "description": "Provide AMD's define() API for declaring modules in the AMD format", + "licenses": [ + { + "license": { + "name": "BSD", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/amdefine@0.0.4", + "externalReferences": [ + { + "url": "http://github.com/jrburke/amdefine.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://registry.npmjs.org/amdefine/-/amdefine-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbdb8d95aaa6f246746d80ee845b759aa3682ccd88e00b12781fba75d74d8927e6465251ab7f0852e36d503e3ec4eccea0f96d387cd2be795282c70c7e99c30e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/amdefine" + } + ] + }, + { + "type": "library", + "name": "xmlhttprequest", + "version": "1.8.0", + "bom-ref": "xmlhttprequest@1.8.0", + "author": "Dan DeFelippi", + "description": "XMLHttpRequest for Node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlhttprequest@1.8.0", + "externalReferences": [ + { + "url": "git://github.com/driverdan/node-XMLHttpRequest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/driverdan/node-XMLHttpRequest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/driverdan/node-XMLHttpRequest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlhttprequest/-/xmlhttprequest-1.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c226fd4d2695504b337f0d7598c7ca1b8cb42a9aeb5e3af64d983ff01a3dbbc2a15f5a4065296c9063d50466db2b518954010ff7ecc3b2f66c9183550b3004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlhttprequest" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "group": "@types", + "version": "1.4.5", + "bom-ref": "@types/csv2json@1.4.5", + "description": "TypeScript definitions for csv2json", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/csv2json@1.4.5#types/csv2json", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/csv2json", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/csv2json/-/csv2json-1.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d79d88c649cffcca76149023a6968d23036bdae7d65ed55c6cd814fb651371ac12af61569ea85a4e4dac2153a6967b4503226b19d3400acdc0ccacf9808a4d38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/csv2json" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "group": "@types", + "version": "1.4.4", + "bom-ref": "@types/pumpify@1.4.4", + "description": "TypeScript definitions for pumpify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pumpify@1.4.4#types/pumpify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pumpify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pumpify/-/pumpify-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9c59b41479c0f4e0c41892334184f99c5083f7ebc6a5a189aa9be22674c280f2b329c51340859003ea0223fac0154c5d43962aab4ffa94a7a686362ffd537b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "group": "@types", + "version": "3.6.4", + "bom-ref": "@types/duplexify@3.6.4", + "description": "TypeScript definitions for duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/duplexify@3.6.4#types/duplexify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/duplexify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/duplexify/-/duplexify-3.6.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e6a154fb1df9dcb708be85ba003325cc68ada5a15208591844099ecd644ca7c25d6289e621bf564681d39c1156b0ca1df3852aa6f45f491787dd5e13df5166" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/duplexify" + } + ] + }, + { + "type": "library", + "name": "node", + "group": "@types", + "version": "20.14.1", + "bom-ref": "@types/node@20.14.1", + "description": "TypeScript definitions for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/node@20.14.1#types/node", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/node/-/node-20.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f633348612efb2b01fc59167ea9a15773cbc90968c1da6d9a6803db40ba431b12f059afe528e96756b25da102d12db5fe1e5427d880e96ff9bd2354e65d3438" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/node" + } + ] + }, + { + "type": "library", + "name": "ms", + "group": "@types", + "version": "0.7.34", + "bom-ref": "@types/ms@0.7.34", + "description": "TypeScript definitions for ms", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/ms@0.7.34#types/ms", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/ms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/ms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c6f7a1b75a9e9a73202026a19ab233836fe69cac8eca96d3e2471cc73d79cfdcd808dbc6e940346fe77a256ea1976df7201796a288798edf1a701294b92ddf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "group": "@types", + "version": "4.2.5", + "bom-ref": "@types/mustache@4.2.5", + "description": "TypeScript definitions for mustache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mustache@4.2.5#types/mustache", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mustache", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mustache", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mustache/-/mustache-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3cbc2256f4c1839f6d1852fff15a5c1afa8ebb72f83aebde36f3e2d0461b59c85174454ffbec9151724f165f82029284ab5df4d7bff835feda439953b4750db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "group": "@types", + "version": "5.3.14", + "bom-ref": "@types/papaparse@5.3.14", + "description": "TypeScript definitions for papaparse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/papaparse@5.3.14#types/papaparse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/papaparse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/papaparse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/papaparse/-/papaparse-5.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f127888415ca6a73a3044f0a7d7fa055e9555ce379ba31f1f456a168b07beb5207d78857bac30ed1de2b64390f9308ae98f88bfff919e7bed4599e473929cf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "group": "@types", + "version": "0.3.12", + "bom-ref": "@types/revalidator@0.3.12", + "description": "TypeScript definitions for revalidator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/revalidator@0.3.12#types/revalidator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/revalidator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/revalidator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/revalidator/-/revalidator-0.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ec0368c77f3ef725a211395a0c0ddff1ee75565c19847434a85c1e324250f3bff342064158d9f30793213a0c6aefa282c30057b9408ea5f56ab44e0768a4cb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/revalidator" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/triple-beam@1.3.5", + "description": "TypeScript definitions for triple-beam", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/triple-beam@1.3.5#types/triple-beam", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/triple-beam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/triple-beam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e966987ac4e144c0a5d7d8abc8c60feffc76395802b5b2157e50c61695a76fd8ab5c8dd48d8138033998ba250a635009b2d1a28e863e32052cccc811c4861363" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/triple-beam" + } + ] + }, + { + "type": "library", + "name": "validator", + "group": "@types", + "version": "13.12.0", + "bom-ref": "@types/validator@13.12.0", + "description": "TypeScript definitions for validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/validator@13.12.0#types/validator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/validator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/validator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c7e392e4ee83c8275455385e8980523a0f2d10a47133ab841e71986f82ec583c3c13f1cf77a6b08ca80b6222db66dfdbe867e0c347eaa436732926630146a6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/validator" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "group": "@types", + "version": "0.4.14", + "bom-ref": "@types/xml2js@0.4.14", + "description": "TypeScript definitions for xml2js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/xml2js@0.4.14#types/xml2js", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/xml2js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/xml2js/-/xml2js-0.4.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e189eb45e9814a15913b6423bd48a7f04480e35ac7fbd9d018b506655ff5203862dd22fd3a1769342fccaee9535aea6d5cac21c7f683c44eeda15d1fff2a485d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/xml2js" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "1.7.2", + "bom-ref": "axios@1.7.2", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@1.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-1.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80f1084e32b6e89a50ee88b78af5789b201cee1de45caaa34e1e9d02ca9e44a09d4814387e5d91f703a0645edbf42b880518223463804cec1d703848b446683" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "compare-versions", + "version": "6.1.0", + "bom-ref": "compare-versions@6.1.0", + "author": "Ole Michelsen", + "description": "Compare semver version strings to find greater, equal or lesser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/compare-versions@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/omichelsen/compare-versions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd6505e1a94bea513a2da59d34a8b49a89fcb76f85450f9f3c691afc30a170e02314afdf32b73096e700c7e6ac7f0c46399020d771b711b82a8bd2ccc47f6b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/compare-versions" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "version": "2.0.2", + "bom-ref": "csv2json@2.0.2", + "author": "Julien Fontanet", + "description": "Stream and CLI to convert CSV to JSON", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/csv2json@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/julien-f/csv2json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/julien-f/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/julien-f/csv2json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv2json/-/csv2json-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61567bd8e7a14acf7e8f694c135d28b2624d1de23475c1e55fea8dabcc5c4744fe46df1668e09c84a884545dc6b0ae0e7f7cff2c4eb8c746dad5ca542e601c97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv2json" + } + ] + }, + { + "type": "library", + "name": "csv-parser", + "version": "2.3.5", + "bom-ref": "csv-parser@2.3.5", + "author": "mafintosh", + "description": "Streaming CSV parser that aims for maximum speed as well as compatibility with the csv-spectrum test suite", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parser@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/csv-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parser/-/csv-parser-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c21e8942e0094dc0bfb912e0f92c7d9554d2a90fc422c595b6cf32b55e6ad56146ac945638739068a0444738222e6c6f62bff0c0c858ece31d07bd6359bb25a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parser" + } + ] + }, + { + "type": "library", + "name": "minimist", + "version": "1.2.8", + "bom-ref": "minimist@1.2.8", + "author": "James Halliday", + "description": "parse argument options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "externalReferences": [ + { + "url": "git://github.com/minimistjs/minimist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/minimistjs/minimist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/minimistjs/minimist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimist" + } + ] + }, + { + "type": "library", + "name": "through2", + "version": "3.0.2", + "bom-ref": "through2@3.0.2", + "author": "Rod Vagg", + "description": "A tiny wrapper around Node.js streams.Transform (Streams2/3) to avoid explicit subclassing noise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through2@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/rvagg/through2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/rvagg/through2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/rvagg/through2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through2/-/through2-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a7683438314c8fd96e99c93e84b0ccea04f65a33f6af83c8aea3e976777402b3427ee916aa90757fdbf94ec034ee7811de27fd8b1bd96b2d6ddde6b58fb9cb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through2" + } + ] + }, + { + "type": "library", + "name": "exec-promise", + "version": "0.7.0", + "bom-ref": "exec-promise@0.7.0", + "author": "Julien Fontanet", + "description": "Testable CLIs with promises", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/exec-promise@0.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/exec-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exec-promise/-/exec-promise-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6b817e065a23cdb0f42b28227c5f754e6ec89d6afe89ad61853209a95362bd4d202ee90f3d27ec98ea4a7fa2d85845727852199e3bc8c18f8e99411af9e1780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exec-promise" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "1.0.2", + "bom-ref": "log-symbols@1.0.2", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: ✔︎ success", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a63eb5b4161d9fc4ecdd05b16fe20d66ea947bda16852cf2761b94891042dfd72fa2690ac31ba71608f8f2e7844761b640b7b5fe96cebdd0ac3ad807565c1cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "1.1.3", + "bom-ref": "log-symbols@1.0.2|chalk@1.1.3", + "description": "Terminal string styling done right. Much color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53795154b31296c09f8ea60f6cbc95bf5d4cf423d6e08ef6f1de9308a300389b9e11e07dffca3e792b0c9f13c90fe43e2bdd3db1d11283b0beb489281faa27d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "2.2.1", + "bom-ref": "log-symbols@1.0.2|ansi-styles@2.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "92609ebc582146258cec7079cd33d42e5e2bf5b5454968f3eb6321aa2cc3194aead8d5ae34c432bafe2d1c7a0a247b3af4cfcc17ae2511c1dd608a1cadd59060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "561ba64926c1a834cff29d992ca8f8d148c1095e3ebfc6d4484a546f82a34605a4f696ea185e111058fa2846a089d6f67ff33a0330b41261720cd19ac3d382ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "log-symbols@1.0.2|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "2.0.0", + "bom-ref": "log-symbols@1.0.2|supports-color@2.0.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28a355b5dea909880f20a538729dbbdf71d6602a6995085d7592c152bc9a007a2eef6df1f854734390dff36e058fe232cae8904d1a2e6f84a72057c872ba7bd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "has-ansi", + "version": "2.0.0", + "bom-ref": "has-ansi@2.0.0", + "author": "Sindre Sorhus", + "description": "Check if a string has ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-ansi@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0bcbc127c0f0502c75f6f866eeeae14ee52caf8fc8c8fea5e15ccd403bfeaf21d039b5b74d34e9f7207af16a588117b66db686b99fec7bbe08a857959cc9cb66" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "has-ansi@2.0.0|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi/node_modules/ansi-regex" + } + ] + } + ] + }, + { + "type": "library", + "name": "promise-toolbox", + "version": "0.14.0", + "bom-ref": "promise-toolbox@0.14.0", + "author": "Julien Fontanet", + "description": "Essential utils for promises", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-toolbox@0.14.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/promise-toolbox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/promise-toolbox/-/promise-toolbox-0.14.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "555e655cae255da3c1f6804ee74a297b5a9dd0028df0dde72b5e2362f57dfea1667d95b63f1fdb2633d90678868d770825fe89e58fdca0d809b4f1c3ca2515fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/promise-toolbox" + } + ] + }, + { + "type": "library", + "name": "make-error", + "version": "1.3.6", + "bom-ref": "make-error@1.3.6", + "author": "Julien Fontanet", + "description": "Make your own error types!", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-error@1.3.6", + "externalReferences": [ + { + "url": "git://github.com/JsCommunity/make-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/make-error", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/make-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b3c52194d7bbbcf2a8990842d6a15e94ca24aff49cdc080d6eca379fbe2654f0392d3670901f4d9577f85cf6a62f1244f21d2087bdeb33de31bf0453d825489f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-error" + } + ] + }, + { + "type": "library", + "name": "pump", + "version": "3.0.0", + "bom-ref": "pump@3.0.0", + "author": "Mathias Buus Madsen", + "description": "pipe streams together and close all of them if one of them closes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pump@3.0.0", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pump.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pump#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pump/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f0672fa9dd216cd4fcad77f8d872de30a6fe3d1e2602a9df5195ce5955d93457ef18cefea34790659374d198f2f57edebd4f13f420c64627e58f154d81161c3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pump" + } + ] + }, + { + "type": "library", + "name": "end-of-stream", + "version": "1.4.4", + "bom-ref": "end-of-stream@1.4.4", + "author": "Mathias Buus", + "description": "Call a callback when a readable/writable/duplex stream has completed or failed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/end-of-stream@1.4.4", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/end-of-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faec358a720754f428695b87cd1c97776d6270cf9c9ede02cc3e6b5be342d708ce5124ceb3e4deec53afec084deef4bdc7fa08ca12cfe4f4751fea614001eee5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/end-of-stream" + } + ] + }, + { + "type": "library", + "name": "once", + "version": "1.4.0", + "bom-ref": "once@1.4.0", + "author": "Isaac Z. Schlueter", + "description": "Run a function exactly one time", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/once@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/once.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/once#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/once/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94d689808fb643951140191c7042874d038f697754c67659125413658d0c15402e684a9ed44f8dcaf81dcff688c8d8ba67d3333b976fd47f27e7cfc610ba77fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/once" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "version": "2.0.1", + "bom-ref": "pumpify@2.0.1", + "author": "Mathias Buus", + "description": "Combine an array of streams into a single duplex stream using pump and duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pumpify@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pumpify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pumpify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pumpify/-/pumpify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9bb28e8deee3671ae6bad6a79644b575a8f5752eb3e8182c97339799c484a48942c4cdd5247ee51b940b79c93fea1805e85e1cac57f4d54b5098db097f079303" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "version": "4.1.3", + "bom-ref": "duplexify@4.1.3", + "author": "Mathias Buus", + "description": "Turn a writable and readable stream into a streams2 duplex stream with support for async initialization and streams1/streams2 input", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/duplexify@4.1.3", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/duplexify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/duplexify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "337066061c09459b12c77f25672844e770ac75d83397947bc4624d93b09575d643e82726c0c087f09fbb029ac8ad0287ed3a272b16828dcbf6ed099ffac43ea0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/duplexify" + } + ] + }, + { + "type": "library", + "name": "inherits", + "version": "2.0.4", + "bom-ref": "inherits@2.0.4", + "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/inherits.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inherits#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inherits/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inherits" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "3.6.2", + "bom-ref": "readable-stream@3.6.2", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@3.6.2", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6efec9e20ab6370f959db04447cc71381b66025eaa06e454c7522082e1221bafa5dc2d9058d39c9af442a361e93d3b9c4e0308c6abed497460404bb43d49ca0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "stream-shift", + "version": "1.0.3", + "bom-ref": "stream-shift@1.0.3", + "author": "Mathias Buus", + "description": "Returns the next buffer/object in a stream's readable queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-shift@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/stream-shift.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efa3914740ced68d6194ac136e2fc33371175867f764960ef1c5d7e512709ee9760c4836a32a19ca32cda1033c5acbd988528245f0b53b427b882be27b745999" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-shift" + } + ] + }, + { + "type": "library", + "name": "strip-bom-stream", + "version": "4.0.0", + "bom-ref": "strip-bom-stream@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-stream@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-stream/-/strip-bom-stream-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d00a4ade20241efe966e02c80b0fc9e278701de0d9b01c4822c383fa01e064808be92789d12f5ffd666a7a691af5c8e44f230de6078877a7bc5395861409f771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-stream" + } + ] + }, + { + "type": "library", + "name": "first-chunk-stream", + "version": "3.0.0", + "bom-ref": "first-chunk-stream@3.0.0", + "author": "Sindre Sorhus", + "description": "Transform the first chunk in a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/first-chunk-stream@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/first-chunk-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd46f47886bfd2f1c5d7908639a538153fb2f7b6ae8b95859c83d9d606e5bba3534cc4a668ea83956bfe8621e90c188d08c3bb82f875a298c7bdbbf54078aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/first-chunk-stream" + } + ] + }, + { + "type": "library", + "name": "strip-bom-buf", + "version": "2.0.0", + "bom-ref": "strip-bom-buf@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-buf@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-buf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-buf/-/strip-bom-buf-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80b14d1ee71dea0cdbf2332c9794266774209d4266a7baa7e2e5121cdc045ee980a7b622ce8198c35f595157eeab868139052dca7da4f17fc2c33581ef75b695" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-buf" + } + ] + }, + { + "type": "library", + "name": "is-utf8", + "version": "0.2.1", + "bom-ref": "is-utf8@0.2.1", + "author": "wayfind", + "description": "Detect if a buffer is utf8 encoded.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-utf8@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/wayfind/is-utf8.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wayfind/is-utf8#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wayfind/is-utf8/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "acc60f62f0b3b17cb022c95d80b692a0f970e4f7e807fb2cafb858e292df72876b03933f780af36b56bd5664e234804d323386af53b0f664f2536a3af54e94f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-utf8" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.4.0", + "bom-ref": "fast-xml-parser@4.4.0", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90b6378c5970218c01343a237252ac3400b5dac7c3e8dc16ef8401d82a0d18fbed5718e58987a156e9c1dc7632362fa7e13b75740720c18be6285fd9d7c7e5aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "html-entities", + "version": "2.5.2", + "bom-ref": "html-entities@2.5.2", + "author": "Marat Dulin", + "description": "Fastest HTML entities encode/decode library.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-entities@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mdevils/html-entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mdevils/html-entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdevils/html-entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-entities/-/html-entities-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bffcf491310938159efc2b26aefa666eac79f7147d15c2bf87dfa784d2b3db798911462f58c5c7983e1b8deb45305a8af1c8a1e1aa800997638529ae0156d68" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-entities" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "9.1.0", + "bom-ref": "htmlparser2@9.1.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@9.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e737e0ea61d4a1a7abffded3c671a9c666d1ef326d3f021814c67f1f9b9c4e53d984abedba6d39ca23cadcc81a8b76b40f2571bfba98aa8c1e6847769eb610cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "inspecjs", + "version": "2.10.8", + "bom-ref": "inspecjs@2.10.8", + "description": "Schema definitions, classes on top, and utilities to deal with HDF files", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/inspecjs@2.10.8", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inspecjs/-/inspecjs-2.10.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7254873aba523f31f309f195a81cf5f5fa6162c37032af4b2383ed3d690a45521ee79e1bb2a255b7f49f665859d4be7919ac4ff7e3e49d8b026984338d276109" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inspecjs" + } + ] + }, + { + "type": "library", + "name": "lodash", + "version": "4.17.21", + "bom-ref": "lodash@4.17.21", + "author": "John-David Dalton", + "description": "Lodash modular utilities.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash@4.17.21", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf690311ee7b95e713ba568322e3533f2dd1cb880b189e99d4edef13592b81764daec43e2c54c61d5c558dc5cfb35ecb85b65519e74026ff17675b6f8f916f4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash" + } + ] + }, + { + "type": "library", + "name": "moment", + "version": "2.30.1", + "bom-ref": "moment@2.30.1", + "author": "Iskren Ivov Chernev", + "description": "Parse, validate, manipulate, and display dates", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/moment@2.30.1", + "externalReferences": [ + { + "url": "git+https://github.com/moment/moment.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://momentjs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moment/moment/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b849ad3616c33ab58f152fa176314205fcbd7f6628cb3469c1c97e0eaa42ead697db5173b132d055b315fd6ecfccd497eb1fdb842d73037736510e4dcc7ea1a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/moment" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "version": "4.2.0", + "bom-ref": "mustache@4.2.0", + "author": "mustache.js Authors", + "description": "Logic-less {{mustache}} templates with JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mustache@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/janl/mustache.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/janl/mustache.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/janl/mustache.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef58a9a52cb0ab961beffb5563219b9018206d4f07deee51cf9e9f1fad2318582bf2e1f0c6cf9a48a7aa9a5b885733349b4901ef1423292eaa3df7746f6668a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "version": "5.4.1", + "bom-ref": "papaparse@5.4.1", + "author": "Matthew Holt", + "description": "Fast and powerful CSV parser for the browser that supports web workers and streaming large files. Converts CSV to JSON and JSON to CSV.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/papaparse@5.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/mholt/PapaParse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://papaparse.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mholt/PapaParse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/papaparse/-/papaparse-5.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e2a4cb2026466ef1baf6de95b5e6ebe8eac89beb09deff8c282d93e515fdeba43c8c7bdcb011752cb83efee8af4f464265553e758ffb023980ca1864b7649af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "version": "0.3.1", + "bom-ref": "revalidator@0.3.1", + "author": "Charlie Robbins", + "description": "A cross-browser / node.js validator powered by JSON Schema", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/revalidator@0.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/flatiron/revalidator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flatiron/revalidator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flatiron/revalidator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/revalidator/-/revalidator-0.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2babe370f95e690e9430184b8dda7d40809fb403c5aa8451cab792a09317c0a3050a80ed42595df6211dd3341e20f7f157de026df6a0493bc0d8970a279c1d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/revalidator" + } + ] + }, + { + "type": "library", + "name": "run-script-os", + "version": "1.1.6", + "bom-ref": "run-script-os@1.1.6", + "author": "Charlie Guse", + "description": "run-script-os is a tool that will let you use generic npm script commands that will pass through to os specific commands.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-script-os@1.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/charlesguse/run-script-os.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-script-os/-/run-script-os-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa5e8fd8bce10534c37f32adb3e428e07f785542a9c4a0c5cfa431c7069464dd26c2f8bb2f7969388ec1a8f0aaee58038775cb974769797c1f715222b65ad8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-script-os" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d0080560b1f6a7118681dc81c27482f53b48dd65614d995ee49f974e1b482e4ea6f0c71722428dd347a263d7c6342508153aed85bae0fcd8eff548107ec5db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.4.3", + "bom-ref": "tailwindcss@3.4.3", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bb31424fe7dfdec19b1e091db271fe248e3afe46f882377f59292e963641e52fe4370f75c4ec60b96eb197ead4db611d2d5cd5c668c859a691ec75af391ed0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "group": "@alloc", + "version": "5.2.0", + "bom-ref": "@alloc/quick-lru@5.2.0", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40alloc/quick-lru@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52b700041fb86d4ac5001c1b96e4c8044ad7c2f6ec53f57b4d959f99b8097db930881bb3892f60c5d383532ba279c7dd190f398e094c5ba8ee4b7fb3e53b0a2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@alloc/quick-lru" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "5.0.2", + "bom-ref": "arg@5.0.2", + "author": "Josh Junon", + "description": "Unopinionated, no-frills CLI argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@5.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d88f214e2ca43dcb9ec9bd0e902e8f1d02036ab3087c33544c25875076e4fac5b59280adfa3ff67fbfea7cf3ca4cebd8cc31f4bc5ddf05e88d6443f23d1d41a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "chokidar", + "version": "3.5.3", + "bom-ref": "chokidar@3.5.3", + "author": "Paul Miller", + "description": "Minimal and efficient cross-platform file watching library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/paulmillr/chokidar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/chokidar", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/chokidar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar" + } + ], + "components": [ + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "chokidar@3.5.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar/node_modules/glob-parent" + } + ] + } + ] + }, + { + "type": "library", + "name": "didyoumean", + "version": "1.2.2", + "bom-ref": "didyoumean@1.2.2", + "author": "Dave Porter", + "description": "Match human-quality input to potential matches by edit distance.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/didyoumean@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/dcporter/didyoumean.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "831b727ea320ec62b285099bd39e8aeccdf1b33cbf9b21fcc3e078453f905c142cbc039d7375f29aa0c33c7c750603e0b1d000e522227e89daf3d62d4404c3cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/didyoumean" + } + ] + }, + { + "type": "library", + "name": "dlv", + "version": "1.1.3", + "bom-ref": "dlv@1.1.3", + "author": "Jason Miller", + "description": "Safely get a dot-notated property within an object.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dlv@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/developit/dlv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/developit/dlv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/developit/dlv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87972b728e53ca9c81bc5ee446f16be604ff31b3c3fbd72f9228a4ba6575a81202ee78fc6d0e8504887ed691d78f5ab439241a44e9aa15a9f65f2544248d7c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dlv" + } + ] + }, + { + "type": "library", + "name": "fast-glob", + "version": "3.3.2", + "bom-ref": "fast-glob@3.3.2", + "author": "Denis Malinochkin", + "description": "It's a very fast and efficient glob library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-glob@3.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/mrmlnc/fast-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a17dabb80150c1ffceae3f26ef7ed8e5a7710d03b42c007bfd2e4c9f109d4cd0dde29e81b32215b2ff4942c0136d34aaf0a1d1a4bc081db56550d6adc5dfb53b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob" + } + ], + "components": [ + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob/node_modules/glob-parent" + } + ] + } + ] + }, + { + "type": "library", + "name": "fs.stat", + "group": "@nodelib", + "version": "2.0.5", + "bom-ref": "@nodelib/fs.stat@2.0.5", + "description": "Get the status of a file with some features", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.stat@2.0.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "46484f3e9db3aea0c0400ff68cd867ced70f025bfae17761229edaef8e78039a2f23b06e93182decc5fbb9dc00bb7ce0d437293d4d2bcf7555d5279aaaf638f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.stat" + } + ] + }, + { + "type": "library", + "name": "fs.walk", + "group": "@nodelib", + "version": "1.2.8", + "bom-ref": "@nodelib/fs.walk@1.2.8", + "description": "A library for efficiently walking a directory recursively", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.walk@1.2.8#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0607e53196059c810920c28f067041b07a6a1316ddc520ef5a6da6c199a1b05c8a01299f864f2d293f5f396de1a0ecb96287f3521d25765c0b35967ce7a1c4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.walk" + } + ] + }, + { + "type": "library", + "name": "is-glob", + "version": "4.0.3", + "bom-ref": "is-glob@4.0.3", + "author": "Jon Schlinkert", + "description": "Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/is-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/is-glob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/is-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-glob" + } + ] + }, + { + "type": "library", + "name": "merge2", + "version": "1.4.1", + "bom-ref": "merge2@1.4.1", + "description": "Merge multiple streams into one stream in sequence or parallel.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge2@1.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/teambition/merge2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/teambition/merge2", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/teambition/merge2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2aed51203095b827cb5c7d53f2f20d3d35c43065d6f0144aa17bf5999282338e7ff74c60f0b4e098b571b10373bcb4fce97330820e0bfe3f63f9cb4d1924e3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge2" + } + ] + }, + { + "type": "library", + "name": "micromatch", + "version": "4.0.5", + "bom-ref": "micromatch@4.0.5", + "author": "Jon Schlinkert", + "description": "Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/micromatch@4.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/micromatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/micromatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/micromatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0cccbe1117045b6abc6763e8f96357bb0ddce586944858c03b91ac26a7c497b523bed22e14a3ba66b2af708b5dcbdf1dc05236375b60df334874a6904fe68d74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/micromatch" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "6.0.2", + "bom-ref": "glob-parent@6.0.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@6.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f1c08f043a1550816a7a8832feddbd2bf3a7f877a017eb3494e791df078c9d084b972d773915c61e3aefa79c67ed4b84c48eeff5d6bb782893d33206df9afe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "jiti", + "version": "1.21.0", + "bom-ref": "jiti@1.21.0", + "description": "Runtime typescript and ESM support for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jiti@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/unjs/jiti.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/unjs/jiti#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/unjs/jiti/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "805a8021bb8acb2b28ff71b6aa188ed8e33ab2163a10f3ff474fa69036f2b29c4a6b387c0570c2e45885b148e573381d373fef7eb6b475adb2f9a1ebbac2c6fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jiti" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "2.1.0", + "bom-ref": "lilconfig@2.1.0", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad58eb7f187cee5319cb2b107a764f3546839ea0d78781bad78ae1a4e32c85e6a951cfe888556bb9e84d9fa861c5ad7cf440d5212c1ffc9caaaf447eba24a19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "braces", + "version": "3.0.2", + "bom-ref": "braces@3.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/braces@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/braces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/braces", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/braces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/braces" + } + ] + }, + { + "type": "library", + "name": "picomatch", + "version": "2.3.1", + "bom-ref": "picomatch@2.3.1", + "author": "Jon Schlinkert", + "description": "Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/picomatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/picomatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/picomatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picomatch" + } + ] + }, + { + "type": "library", + "name": "normalize-path", + "version": "3.0.0", + "bom-ref": "normalize-path@3.0.0", + "author": "Jon Schlinkert", + "description": "Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/normalize-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-path" + } + ] + }, + { + "type": "library", + "name": "object-hash", + "version": "3.0.0", + "bom-ref": "object-hash@3.0.0", + "author": "Scott Puleo", + "description": "Generate hashes from javascript objects in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-hash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/puleos/object-hash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/puleos/object-hash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/puleos/object-hash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4529fd17af0f8c7f47aad96db129ea602d575e859ef418eee7edb5dd1f7c70d1adb5a83dabdc80393cdd6ecaaf21aeda366e567df059169598af6696ae495603" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-hash" + } + ] + }, + { + "type": "library", + "name": "picocolors", + "version": "1.0.0", + "bom-ref": "picocolors@1.0.0", + "author": "Alexey Raspopov", + "description": "The tiniest and the fastest library for terminal output formatting with ANSI colors", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/picocolors@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexeyraspopov/picocolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5fca0ae84cb947bbaeb38b6e95a130eff324609b415c71e72cb2da3e321b19d03fc3196dac9bc13c0235bb354e5555346de46c5b799e6a06e26bf87c8b6248d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picocolors" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "15.1.0", + "bom-ref": "postcss-import@15.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@15.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "869afe274e41d855585005c778ad58c88dbaec9fdd0c384c53a07a722be6f21498d636099c15f1cca0ca0ecc33266b4b1ebcab8e19c38eaaa9ff8f6df0500b7b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-value-parser", + "version": "4.2.0", + "bom-ref": "postcss-value-parser@4.2.0", + "author": "Bogdan Chadkin", + "description": "Transforms css values and at-rule params into the tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-value-parser@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/postcss-value-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4d342b3abaeadf9156de5c6e12f09153f6dd7d9b8e480a789ff3358b779a0f499e74427c0c7caf87de3bf8d3c7788f0ffb06db6fe5ac52e48887a0b69534779" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-value-parser" + } + ] + }, + { + "type": "library", + "name": "postcss", + "version": "8.4.38", + "bom-ref": "postcss@8.4.38", + "author": "Andrey Sitnik", + "description": "Tool for transforming styles with JS plugins", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss@8.4.38", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://postcss.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a0969764d370527d7907a106b76ffa2e96ba2d024c2b94b0d148e6fd0f46cdf3a15d47213d969a52a77dda1cd3e005ad09282a01f9dac52d9910a1145869ee4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss" + } + ] + }, + { + "type": "library", + "name": "read-cache", + "version": "1.0.0", + "bom-ref": "read-cache@1.0.0", + "author": "Bogdan Chadkin", + "description": "Reads and caches the entire contents of a file until it is modified", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-cache@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/read-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/read-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/read-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b076ffc5b7b2233a09bf8b4c6f3436752eb4403517dec386f6a6b1773963102f12dfbb76d2f055610acad208c2b8951e7a63dc9af804e1a13a43093c429a944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-cache" + } + ] + }, + { + "type": "library", + "name": "pify", + "version": "2.3.0", + "bom-ref": "pify@2.3.0", + "author": "Sindre Sorhus", + "description": "Promisify a callback-style function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9d82c018f9f4e7befee423b69ac5bab058d6f4007881d2a04ef3d3d928f9284e618e81d6eb1c3283fb40765f8b937c9fc54f5474f6bf604ec8d48cd268b6ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pify" + } + ] + }, + { + "type": "library", + "name": "resolve", + "version": "1.22.8", + "bom-ref": "resolve@1.22.8", + "author": "James Halliday", + "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve@1.22.8", + "externalReferences": [ + { + "url": "git://github.com/browserify/resolve.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserify/resolve#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserify/resolve/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a59e3c2c6aa5de8594bbc6575554d31edb90f9a608da25c738cc7f835cce80e741c216ac017e70fb599f98ba9fe45f0f677d8b4b73a4a9c6e98935ebcc88cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve" + } + ] + }, + { + "type": "library", + "name": "postcss-js", + "version": "4.0.1", + "bom-ref": "postcss-js@4.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS for CSS-in-JS and styles in JS objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-js@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7432c5f2910ed7dd6124cb651c53d16bcc6c8b31da33cd8c2df364507754b55115ded813a79a23fbca9b12a60ce7b48b7dcef82926f0fffe1278999ad8b45523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-js" + } + ] + }, + { + "type": "library", + "name": "camelcase-css", + "version": "2.0.1", + "bom-ref": "camelcase-css@2.0.1", + "author": "Steven Vachon", + "description": "Convert a kebab-cased CSS property into a camelCased DOM property.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase-css@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/stevenvachon/camelcase-css.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40e4af7af86c9628e0630471e91bfbcca74c17c95b466c7eb901b1dbebc373e288fde067b32f648ade5a8f6dc0806bb7a5ae2df408306e75d6a92fa2398fb668" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase-css" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "4.0.2", + "bom-ref": "postcss-load-config@4.0.2", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2561c8918bd34c0c5683d4cc05409db1285b2a91c648efeb8b54978dbb48a9cfac436daba849c14a23ae8333d9507e43579d9a2e087eb00fa5a9a2e5556031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config" + } + ], + "components": [ + { + "type": "library", + "name": "lilconfig", + "version": "3.1.1", + "bom-ref": "postcss-load-config@4.0.2|lilconfig@3.1.1", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5f297fb9f2bc74dc92e9cf5825755d4357535a62bb4d72d9bec04c9d29a6452493ca1ca95581ad88c9042c070e30ff65671fcab0343f880a8735868b910835" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config/node_modules/lilconfig" + } + ] + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "10.9.2", + "bom-ref": "ts-node@10.9.2", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@10.9.2", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://typestrong.org/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f4145a4875c1e09fccdc3d26dfd5d45ebf0b74e3b60c9da889337bb6c3645ec2b07e7e86ffcde3d972b3b24282cc30eeda04875d2dc40810ae5d62390b9c6ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node" + } + ], + "components": [ + { + "type": "library", + "name": "arg", + "version": "4.1.3", + "bom-ref": "ts-node@10.9.2|arg@4.1.3", + "author": "Josh Junon", + "description": "Another simple argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@4.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c4bd403a86d17c76ed8c0f4adf5f2718af8d8978df6602c1f0cc7d9fbbd5102a52b65e7fb2eb2906772c72cec024b814b341a653f9df7671f3de5278e087bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node/node_modules/arg" + } + ] + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "2.4.3", + "bom-ref": "yaml@2.4.3", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b27b609b18fca3b0c4ee0fd08bad1caa92c10371c6dd24dc0c0d243be59f074e6310a85931b63bba6366dab06942fb26675ebf94f5c22465b6ebbd9d80e524ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.1", + "bom-ref": "postcss-nested@6.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "984a78c4f322e5b49688c6ec8283df70fef896c58b1e441b65cdec63e8d661deb9094c17ad4693a747e63696b4d597044ca94881474537f3294b6c59b6a2fd75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03445526b5fe21491565b5b70a5ae8456bab7ab70586279ebc7077f2caf6fa5f5e50294caa899edcb9849a7865372fb932bd8460de81d8a6b0f7061d77e5478b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-selector-parser" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd36ff25c8cad75d67352706a1be4c36db27b4d3356823540e2a41fd39306458720ebac4e3b48ec7fd7cc05d9b6e381cdd9cc248a5b54f99ede446c5a00cff56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cssesc" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/util-deprecate" + } + ] + }, + { + "type": "library", + "name": "nanoid", + "version": "3.3.7", + "bom-ref": "nanoid@3.3.7", + "author": "Andrey Sitnik", + "description": "A tiny (116 bytes), secure URL-friendly unique string ID generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nanoid@3.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/ai/nanoid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ai/nanoid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ai/nanoid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "792469a6370f21ab5120c0b553a52780ff1715ccfc31058641db75313050ecd6809af5c37ef3716ef595df1db2e8274451c8824ac0c70d065b858681f10128da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nanoid" + } + ] + }, + { + "type": "library", + "name": "source-map-js", + "version": "1.2.0", + "bom-ref": "source-map-js@1.2.0", + "author": "Valentin 7rulnik Semirulnik", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map-js@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/7rulnik/source-map-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad256f25bd20344d71298624686b0b0292c9e57fc4b2be617322196da801e5b9777cf2990277e7172551d30f0742af4233c29b529b4df9207424b54bb541432" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-js" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "847ac88ef66c7ed3acbca4a7d9345897adf3bf1b201342bed2660ca07ea00f8a264792160762b29e2bc141cce8dfec05d5c0a48f3be9b6723d434b0f53aea297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-core-module" + } + ] + }, + { + "type": "library", + "name": "path-parse", + "version": "1.0.7", + "bom-ref": "path-parse@1.0.7", + "author": "Javier Blanco", + "description": "Node.js path.parse() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-parse@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jbgutierrez/path-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c32733d510410f47ecb8f33f7703411dd325dbf29001c865a8fe4e5861d620a58dbfd84b0eb24b09aeaee5387c6bcab54e9f57a31baa00a7c6a1bce2100fcb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-parse" + } + ] + }, + { + "type": "library", + "name": "supports-preserve-symlinks-flag", + "version": "1.0.0", + "bom-ref": "supports-preserve-symlinks-flag@1.0.0", + "author": "Jordan Harband", + "description": "Determine if the current node version supports the `--preserve-symlinks` flag.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/node-supports-preserve-symlinks-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2dd169d74bd7e076480871e3dee911cd935580f3e9ae3dae9c4a3791dd5f0adbbabd041d6b4c4dd1d69ec7bf4cf567201cf2ce95beff0323259febcd4c02dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-preserve-symlinks-flag" + } + ] + }, + { + "type": "library", + "name": "sucrase", + "version": "3.35.0", + "bom-ref": "sucrase@3.35.0", + "author": "Alan Pierce", + "description": "Super-fast alternative to Babel for when you can target modern JS runtimes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sucrase@3.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/alangpierce/sucrase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alangpierce/sucrase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alangpierce/sucrase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f046d50e2bbd88dfe7112c31792c4329ed1dba7b5ad463a51ee7e64925f1303db3dbfb4c6690cca6f5d01ac73e6a31a8f32dae6149a2c5a49151cfd03e843418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase" + } + ], + "components": [ + { + "type": "library", + "name": "commander", + "version": "4.1.1", + "bom-ref": "sucrase@3.35.0|commander@4.1.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e2a6f31864cc08f3171f01dafe4e0074febb9a5141cd9409ad95abd8d82ffdf5a36c22f66c4103b2c816cdec5795520b8f73ea91217db3142ef4a12a3dba58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "sucrase@3.35.0|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "sucrase@3.35.0|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/minipass" + } + ] + } + ] + }, + { + "type": "library", + "name": "gen-mapping", + "group": "@jridgewell", + "version": "0.3.5", + "bom-ref": "@jridgewell/gen-mapping@0.3.5", + "author": "Justin Ridgewell", + "description": "Generate source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/gen-mapping@0.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/gen-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2332fc66810320145613394271184e682ba963237981d20af90e9f6c574f0e0e87a97ea3a6422d9fb0c52295bd2d0cd71ba0dff6c03bf8e2a7ab4aa5cff19a42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/gen-mapping" + } + ] + }, + { + "type": "library", + "name": "set-array", + "group": "@jridgewell", + "version": "1.2.1", + "bom-ref": "@jridgewell/set-array@1.2.1", + "author": "Justin Ridgewell", + "description": "Like a Set, but provides the index of the `key` in the backing array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/set-array@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/set-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/set-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/set-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47c80b45365eca9d37ca6ccfffa2e297fdbcb46786133871d6ada4ef4dca19644023555dbcf217746ef4549736a40330dcd03a24a2f986116ed6c257d0c9e7fc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/set-array" + } + ] + }, + { + "type": "library", + "name": "sourcemap-codec", + "group": "@jridgewell", + "version": "1.4.15", + "bom-ref": "@jridgewell/sourcemap-codec@1.4.15", + "author": "Rich Harris", + "description": "Encode/decode sourcemap mappings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/sourcemap-codec@1.4.15", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/sourcemap-codec.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "785dabc4246e9442971d34620eb0f2e9eacc616a8dc382cf750f14400e21baec5a42c55e44f165da833ca031b130584951665ff4c7292ed25ab030d96ff0697a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/sourcemap-codec" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.25", + "bom-ref": "@jridgewell/trace-mapping@0.3.25", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.25", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bcd93a684c326c6b5ac169b2fcfcf09c60ce8c290b5920f6c2abe3186020380c02196c926177d8a31b74d082644c5fbc2dbe7b0f039bdc06b4a3d080a5ea6261" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cc28352722d7ba6df6f99d6bfb57f71a235ebd38782fc236fb5785a4794bdb410763af9ad62aa1c588a59bfdf70ec01f82cc14fea9b5a3be3f8357046c92922" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child" + } + ], + "components": [ + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "foreground-child@3.1.1|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child/node_modules/signal-exit" + } + ] + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8910cf24a50f544343edd1cf3bcae46ce9cfa720f281c0c5b568e9796342832f163f6ad77315cbf13b2445e425e8eac1d86efe509ada82cd6ad7916e75cec6eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cross-spawn" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "377c824bf35e82c381a2473c18074cf147267ec2a2492f1c8a985e0ff9e2bf3afbd341fe9ec30ec498d09efc0e711615b8591d1f4c0652f5b659b5c69ab6466d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jackspeak" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc8dc8da6d76a578e1bd0d0d3e0115d66414df9cfe16340ab3ba224aee5978e009b118abff2763384cf8f18d8df39c109fbc15c5cee726d6dc1dc85c9b16a10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e72ce091def8dc63c6dea0d2ed723679fe7c67d9a7e6304ea586b0eb79ba24a8c6a9f976de5bc9fd4d7a4f0cea9d18ae6a708de84f418a4d6eb00bb10c895a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f5f03689b17494936fb8da9bfc98bb398c94f686a164144e23db5c0e9a06d4aac67684bef636c514efce60f515e0a37b3464d815978d93887a7766d3affd5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8aae9e55523ae274104d162ad8ab44836776b94ecb125853270b07e18cc81d9b21c658199acff021ce15a03413946fc8bd522b04a1b4e82ad99e9d2abfb86471" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f933ce797ca6f64ac7cc222145a15ac0047242f10b47c15c7e98758fdd0704a811d889e9e3e5d1d28236f1b42d161195d8b78c1c0faceb4049433e116e6607c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b22ed0588eb350cab9e9b11216f6a0b66ccc7463ada317d1f927b3d753286df73bb66f9591472493d6d6d9479f7d319551b3a4b31992c34000da0b3c83bd4d09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cdefdf2015f417faf8b0dd1ef2ac6591aa7acdda84641245238e5e09367e04f06c716e3b46dc56eb108218de5f3f86bc14c0878266f8b842e3933f8304ad5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-styles" + } + ] + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width-cjs" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3128d8cdc58d380d1ec001e9cf4331a5816fc20eb28f2d4d1b7c6d7a8ab3eb8e150a8fd13e09ebd7f186b7e89cde2253cd0f04bb74dd335e126b09d5526184e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf29a6e7ebbeb02b125b20fda8d69e8d5dc316f84229c94a762cd868952e1c0f3744b8dbee74ae1a775d0871afd2193e298ec130096c59e2b851e83a115e9742" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-fullwidth-code-point" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23cf1361959cf578981d1438ff7739ae38df8248e12f25b696e18885e18445b350e8e63bc93c9b6a74a90d765af32ed550ff589837186be7b2ab871aee22ea58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eastasianwidth" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aae2505e54d25062f62c7f52517a3c570b18e2ca1a9e1828e8b3529bce04d4b05c13cb373b4c29762473c91f73fd9649325316bf7eea38e6fda5d26531410a15" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdb07dac22404f5adb8e25436f686a2851cd60bc60b64f0d511c59dc86700f717a36dc5b5d94029e74a2d4b931f880e885d3e5169db6db05402c885e64941212" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb55648dd0f44012cfa1d1ab2547aa6ab1fc54022f40e0c86f087d5e93f94b28ac7fb628420b0928f345a2aa8b425bbe550fed552b21311ea5a0f327f14f9d3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@pkgjs/parseargs" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2aa5a1f957217f170c3510098e3dad9ec48974d6c7b1582790185336b5bb023568e8ebcbb71c3ccdf4fda0bc35252a21945cc9f230a84e06a85ef27e907b7a7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.10.2", + "bom-ref": "path-scurry@1.10.2", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef14dabcdcb94505e7b2300dbd5bcc9048ef9683a29e4023bff67a225773f6fd918a767848129358539545b685f29d2fa479f28d5fd4c0d0dd2ae52fe8ce6a70" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry" + } + ], + "components": [ + { + "type": "library", + "name": "lru-cache", + "version": "10.2.0", + "bom-ref": "path-scurry@1.10.2|lru-cache@10.2.0", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9b20cf31f9501fe894f86ca0258d2d6a51680cb2a6513c6252e8549a84830f56f72d70d872569ec026eeeabb1396f63c24af205178a658e6d639258bf69ffed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "path-scurry@1.10.2|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/minipass" + } + ] + } + ] + }, + { + "type": "library", + "name": "lines-and-columns", + "version": "1.2.4", + "bom-ref": "lines-and-columns@1.2.4", + "author": "Brian Donovan", + "description": "Maps lines and columns to character offsets and back.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lines-and-columns@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/eventualbuddha/lines-and-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef297295eb1943f3d5dbd8e110397751f8e8e995fb802a89af917b3caaea73ddefedfcd2ca6b75069c0453c9c0517b3cab3cefaa16e384ae50660e8cb7f1e406" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lines-and-columns" + } + ] + }, + { + "type": "library", + "name": "mz", + "version": "2.7.0", + "bom-ref": "mz@2.7.0", + "author": "Jonathan Ong", + "description": "modernize node.js to current ECMAScript standards", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mz@2.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/normalize/mz.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/normalize/mz#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/normalize/mz/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfcd4634eee79d830486b1a1f4b7b29a8138f98af45a7e4c70721930ae5c7d00a5f8d0d7d3cb0266051cf7fe8c1e78bd216b852e6d59dc74c25eedb3f5f37ad9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mz" + } + ] + }, + { + "type": "library", + "name": "any-promise", + "version": "1.3.0", + "bom-ref": "any-promise@1.3.0", + "author": "Kevin Beaty", + "description": "Resolve any installed ES6 compatible promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/any-promise@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevinbeaty/any-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/kevinbeaty/any-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevinbeaty/any-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed4be629a95646dd708232f546b1b1a12256ff44191487a0a5e1af646f648e9f2fad1bb9e574c76f09eaab61a95e6f6e2db72e8719b722a5fd381e0c651d5bd8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/any-promise" + } + ] + }, + { + "type": "library", + "name": "object-assign", + "version": "4.1.1", + "bom-ref": "object-assign@4.1.1", + "author": "Sindre Sorhus", + "description": "ES2015 `Object.assign()` ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/object-assign.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-assign" + } + ] + }, + { + "type": "library", + "name": "thenify-all", + "version": "1.6.0", + "bom-ref": "thenify-all@1.6.0", + "author": "Jonathan Ong", + "description": "Promisifies all the selected functions in an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify-all@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify-all.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify-all#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify-all/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44dc501ffa88f3fb77b615c90f072cb543b8cdeaa8eb8f94cbffac355441c785e7d8e5fe399f683fe8899cd16aa6516b6b665455e28249ada85568b74f8b9598" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify-all" + } + ] + }, + { + "type": "library", + "name": "thenify", + "version": "3.3.1", + "bom-ref": "thenify@3.3.1", + "author": "Jonathan Ong", + "description": "Promisify a callback-based function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "455652215e481b5d079377a7a2dae1bf3d13f5e9ba7321c12e41ff60066e2aa77c85190a8527c218870fd8a518d043f19ddcc034198d965cd63f06a4f9b85e4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify" + } + ] + }, + { + "type": "library", + "name": "pirates", + "version": "4.0.6", + "bom-ref": "pirates@4.0.6", + "author": "Ari Porad", + "description": "Properly hijack require, i.e., properly define require hooks and customizations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pirates@4.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/danez/pirates.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/danez/pirates#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/danez/pirates/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1a2ec1fb59e6183e20f6e4b0ee2d1458fe2fba1da3d8afa1b539494ddfda2dce4493c4a9ee6d1f514f14b7fca939d2cd60d894e01705900d0ca9942e7f48766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pirates" + } + ] + }, + { + "type": "library", + "name": "ts-interface-checker", + "version": "0.1.13", + "bom-ref": "ts-interface-checker@0.1.13", + "author": "Dmitry S, Grist Labs", + "description": "Runtime library to validate data against TypeScript interfaces", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ts-interface-checker@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/gristlabs/ts-interface-checker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63f6abbdb9feaebcf72422a5f42e2454d7d37d29b6fe6129e454b3e44b194803463d2950ae9448e4ce0f285fa6267139da338ef743e73d273752bddb4d0c3480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-interface-checker" + } + ] + }, + { + "type": "library", + "name": "tw-elements", + "version": "1.1.0", + "bom-ref": "tw-elements@1.1.0", + "author": "MDBootstrap", + "licenses": [ + { + "license": { + "name": "AGPL" + } + } + ], + "purl": "pkg:npm/tw-elements@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/Tailwind-Elements.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwind-elements.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/Tailwind-Elements/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tw-elements/-/tw-elements-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "214afd616da5f7da13559c6e563420eaba6e0a9a3a559a9b68a19899950d555b2849553f9633e9909018d8f9ff9a8ae55f028f84ff4c4cf3503255a8b2a1cbe3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements" + } + ], + "components": [ + { + "type": "library", + "name": "tailwindcss", + "version": "3.3.0", + "bom-ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e5e5171f98724949f245e20807e4fc5332af83e6f5c938efb1b49bfbacdb7e3856e8f7e79229a040c1e5498602c4a94c19abfb86618f35b4e09b855e46ff7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "14.1.0", + "bom-ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@14.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e5c08f95826e1212539b1553e94c84fb494ed1dea9362fb3f276e31ca2489a54ab96bfd77f53e1a6fd001df0d0cbbb291359391cae339e0f63e9d6b31e0531b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "3.1.4", + "bom-ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e8388ce04eefe1ca13138bb303c53ffd686d3f0ca18a29b77b28c43050a7529cdbae42bdc091e02834f6991f876ed4ab77f36e6d56984cea52a63525f0d41e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "tw-elements@1.1.0|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.0", + "bom-ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0391a9aaacf7269010ec2e7faf40322bb6449b364bf9003fccdf6db24a8f64a85902218925ca6db11265a4c28f98dffa99a37e2dcc43cd530e32ef230276fe7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-nested" + } + ] + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@popperjs", + "version": "2.11.8", + "bom-ref": "@popperjs/core@2.11.8", + "author": "Federico Zivolo", + "description": "Tooltip and Popover Positioning Engine", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40popperjs/core@2.11.8", + "externalReferences": [ + { + "url": "git+https://github.com/popperjs/popper-core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/popperjs/popper-core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/popperjs/popper-core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f5b2dd1a92c0ab9fdb06661a7c18c63006742c6ef016b19017e38a1734dbcb1c6a8039ca15c668d98a886cb7043b4aa2a76d1e3b6a474d8beba57960fcfa0e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@popperjs/core" + } + ] + }, + { + "type": "library", + "name": "chart.js", + "version": "3.9.1", + "bom-ref": "chart.js@3.9.1", + "description": "Simple HTML5 charts using the canvas element.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chart.js@3.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/Chart.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.chartjs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/Chart.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chart.js/-/chart.js-3.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "468d896cb9af83cde05c5e45e2c9e2690fa54db4afd7c13e4c87f670e7a21f522a7763c614eb5e9be0d4b9f319b02270144ef2c0f3a97d7141c114c6abb761eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chart.js" + } + ] + }, + { + "type": "library", + "name": "chartjs-plugin-datalabels", + "version": "2.2.0", + "bom-ref": "chartjs-plugin-datalabels@2.2.0", + "description": "Chart.js plugin to display labels on data elements", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chartjs-plugin-datalabels@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/chartjs-plugin-datalabels.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://chartjs-plugin-datalabels.netlify.app", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/chartjs-plugin-datalabels/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chartjs-plugin-datalabels/-/chartjs-plugin-datalabels-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d78654df4947ee7f3da2af80e1b59a24f9c01bc6bb65393b74a7f8f1803332f26342d8eb820e43a64f5ff8b6e3085e9ba71dd10064de2f5dc85e929063246f97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chartjs-plugin-datalabels" + } + ] + }, + { + "type": "library", + "name": "deepmerge", + "version": "4.3.1", + "bom-ref": "deepmerge@4.3.1", + "description": "A library for deep (recursive) merging of Javascript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deepmerge@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/TehShrike/deepmerge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dec52a6cc11cefb5eaa5d34eec547246883e796de987e19809b8feacafae63244cbb0b15cb4acc895b4f9fe40994a16f58fff53d8a5aa6a627d0c7b6927167f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deepmerge" + } + ] + }, + { + "type": "library", + "name": "detect-autofill", + "version": "1.1.4", + "bom-ref": "detect-autofill@1.1.4", + "author": "Matteo Badini", + "description": "Small javascript library to detect and even prevent browsers autofill of form elements. Usefull for implementing floating labels or applying custom logics/styles.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-autofill@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/matteobad/detect-autofill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-autofill/-/detect-autofill-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad081430091fdb7929c00d09810bb0b8b53b9e0419180a5e964a97c652460a3bff8cccfc6a6068fa1b832f1f370a987d600932be56e9d7daf69a82f9115cfbc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-autofill" + } + ] + }, + { + "type": "library", + "name": "custom-event-polyfill", + "version": "1.0.7", + "bom-ref": "custom-event-polyfill@1.0.7", + "author": "Evan Krambuhl", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/custom-event-polyfill@1.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumarharsh/custom-event-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/custom-event-polyfill/-/custom-event-polyfill-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c30e47790e4699c5914cf29fb5237c8096f337ad2af5c1bace9621b8c898b08a731937ccff8862fb05394392b25c6139a05126f8cb054273765a52d3ad0bbeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/custom-event-polyfill" + } + ] + }, + { + "type": "library", + "name": "perfect-scrollbar", + "version": "1.5.5", + "bom-ref": "perfect-scrollbar@1.5.5", + "author": "Hyunje Jun", + "description": "Minimalistic but perfect custom scrollbar plugin", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/perfect-scrollbar@1.5.5", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/perfect-scrollbar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://perfectscrollbar.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/perfect-scrollbar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/perfect-scrollbar/-/perfect-scrollbar-1.5.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7736a57eeb723f77bf14ea5d96156bc8de002795c355ab955b1c9b4a42d999a905136b12df2de97382674a9af0f2d1a61ef91a1b911daf94fb2c14d9f96594da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/perfect-scrollbar" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74ecbedc0b96ddadb035b64722e319a537208c6b8b53fb812ffb9b71917d3976c3a3c7dfe0ef32569e417f479f4bcb84a18a39ab8171edd63d3a04065e002c40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "version": "5.1.1", + "bom-ref": "quick-lru@5.1.1", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/quick-lru@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5aec802d18d63c31adb7fc3326269d3b901763ef2167cd215697ba3328af82b691116ef9d57dd26e146f1b778b28e60dfbc544bea2dc7f7c1d9ede386784b848" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/quick-lru" + } + ] + }, + { + "type": "library", + "name": "validator", + "version": "13.12.0", + "bom-ref": "validator@13.12.0", + "author": "Chris O'Hara", + "description": "String validation and sanitization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/validator@13.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/validatorjs/validator.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/validatorjs/validator.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/validatorjs/validator.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "73543498288f960753555548248ac1bb136271813eb7fee829e23d3162e3ddf87fbaad8fc61ff779e59b559e0e7065b54d47f9dc0b749e31f0e5231d037b6632" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validator" + } + ] + }, + { + "type": "library", + "name": "winston", + "version": "3.13.0", + "bom-ref": "winston@3.13.0", + "author": "Charlie Robbins", + "description": "A logger for just about everything.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston@3.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/winston.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af089d980d70dd21388f413932e22e7c587224f0431bb36eef5464668af5a76faa1ef25267d1980c0f3503295e41c65b87ff95e878de05d7e74d9266f6b49e41" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston" + } + ] + }, + { + "type": "library", + "name": "xml-formatter", + "version": "3.6.2", + "bom-ref": "xml-formatter@3.6.2", + "author": "Chris Bottin", + "description": "Converts a XML string into a human readable format (pretty print) while respecting the xml:space attribute", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-formatter@3.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-formatter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-formatter/-/xml-formatter-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a75a17af64d3b07df645521ce5d5631c85af2514b654809ecdcc5b39520e193850a8361786617cf527d233fdef9c4e7f6b0a4b93d46c1369ccfe6259851ce1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-formatter" + } + ] + }, + { + "type": "library", + "name": "xml-parser-xo", + "version": "4.1.1", + "bom-ref": "xml-parser-xo@4.1.1", + "author": "Chris Bottin", + "description": "Parse a XML string into a proprietary syntax tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-parser-xo@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-parser-xo/-/xml-parser-xo-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a07f6cbdd3e63a7bd20ae61a0fb9e99b547274dcf84349d8657449a0cdb8a1ceef64d17068d2c7dc1716928b85b53e5512488d6893e309d09097527f94e0897" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-parser-xo" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "version": "0.6.2", + "bom-ref": "xml2js@0.6.2", + "author": "Marek Kubica", + "description": "Simple XML to JavaScript object converter.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml2js@0.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/Leonidas-from-XIV/node-xml2js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f8ae2787682d445dc112d0ac718f825681a5101c393eab01dc60e0851df8b02b3eed3953cbabb1e3abd74cd5608c87296a3047cfee131c3880a1be8b6265e80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml2js" + } + ] + }, + { + "type": "library", + "name": "heimdall-lite", + "group": "@mitre", + "version": "2.10.9", + "bom-ref": "@mitre/heimdall-lite@2.10.9", + "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/heimdall-lite@2.10.9", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/heimdall-lite/-/heimdall-lite-2.10.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2461c6dd654cc64d0fe72259a9ce9c523f6cc15b5f4dab68a0b6408109cca569420a5f72a47f4d15c350a49f04c5300a91b4c4aa9d260f00155d13e8d4cec663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/heimdall-lite" + } + ] + }, + { + "type": "library", + "name": "express", + "version": "4.19.2", + "bom-ref": "express@4.19.2", + "author": "TJ Holowaychuk", + "description": "Fast, unopinionated, minimalist web framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/express@4.19.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/express.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://expressjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/express/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e53ea7863b13f8438ccee724f098c11c04531df321b743cece503ad16576a4c0f78325f0d8b66767eb9e19d3711bed1c6a538971629ba4572eccb67dd585aaf5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "express@4.19.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "express@4.19.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "inspec-objects", + "group": "@mitre", + "version": "1.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1", + "author": "The MITRE Security Automation Framework", + "description": "Typescript objects for normalizing between InSpec profiles and XCCDF benchmarks", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/inspec-objects@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/ts-inspec-objects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/inspec-objects/-/inspec-objects-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a7136eb75cf5d4548971c289f5e7466f82a8cf013f3f797022b0b49b04307009b52f45647794525979c232788ae0db3f437334472066b39cea8733e4fcd8038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects" + } + ], + "components": [ + { + "type": "library", + "name": "fast-xml-parser", + "version": "3.21.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "author": "Amit Gupta", + "description": "Validate XML or Parse XML to JS/JSON very fast without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@3.21.1", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1531558d8a013994c97a4894b1ac06b12615f502f403ecc3602463ef2df820ee8983ed8831812d41af9b6e272da5da55f1d1f15f2c2a53b0b48110c4385b4116" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "7.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@7.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fb308980e0c4ba730ee76f2511b4b3ced539acec2e47eb4d8b4444eff79cf53313bfec23fbac355139e85461e60151810e37de0d5d70c43e666eabe857e2ca2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "4.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1abc28c5837eb969733bcba1517465d0ffa41c4e06b553df63354b714c4f2fb28d7472a3ebabef9618b07881ea6185d6970f93f222cca78d8b9baee0870e1631" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "2.8.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@2.8.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de828e87e9ef63392088698e0a1b06299811fa0f8f1d55c740525fd3f7d1605d656d9620a5344f505dd24cf678d67d8a48ca8076c4c8ac7c041e87d4bde1dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "1.4.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@1.4.1", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-renderer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "547c01dca7eb70e3a47a5106d9939fc6a2d975f92297c3ed262e0ff0dd8c317b9c66adb22e9ef90a5562525395c32a071038d8538df702afb9cd63fad7e4466a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer" + } + ], + "components": [ + { + "type": "library", + "name": "entities", + "version": "2.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@2.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7dda27f9373eb5f48d30f9a909acb647d0c5f43dbe435f7f573b0413b5749d41039a607d374b5b88429e2684e66d017af1ab85623baed84e22c1a36eb7f28f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer/node_modules/entities" + } + ] + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "3.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a2c81aa8a26af031d146d5ed24aaf01261f9e56f4969f0ce68e45c36385ab584d671c5c364f089345e6ecbc73061ba2767641fd4b41a950a0533de404e3f9d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@28.1.3#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "378193e689fc5246601f43b92d46af3115751031213532f42847d198321e647495ee9d9780ba18f6df550d480bea8fb27dd8181d5c6ecfcd46f2807d546e6ec8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@28.1.3#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "088281ae568a3b303b606d7d044a82c3748b22c1308d991e2737f96dda285675b86c7e5c92da9edc95fe1b6615d5a2b9bcff0df676b5206585cd8693a7a93a34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@28.1.3#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40f0243f913029d2bf6f122be82d48e15b34ae6da71e200dce3fd9e57d89424ad9a3a22abc2e25759f4af79b45d0776276103c068e9e8314b35053d829c1172f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@28.1.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4728e2c8c519acacff73ece53053b5a66ef40dc225493f007964e4a147597af7b0e38c1c359407b0454e88256d8159e51450fcd853da5f2732b39f1c7f69ae55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@28.1.3#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c5767f487b06ede7be7328f7f5dbce87b7d10fa099984fb3f4918f9189b7986765ed3abe77a432c41684d65db7758782621a25a94c10bce1f73cc4c5d031bee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@28.1.3#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dda9fa47c29712464a3f0b7e6e2d814cd9e991025b4820a66227d7809a18ec8f40aa64c6b4a7589bd11e5f588a86867d5ad74dc379b4dba6a21a3f5a8243ab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@28.1.3#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26e032ef093141954d53f57a83dc4acc2182e4b557c7d14370004ab125e9e4c88a3c4136d78e1afef5d3103a32ce352964a7d5c29d3c5aa83903859f4cc0338e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@28.1.3#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "919024c67484f85a84f188d6f2036ea159240bd23b4b5aa67a797cb0670338bae8a4048ff8191c18ac215e8caa42e18e19e618d32fe2c63addfe2111a445c736" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@28.1.3#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb9753e5d8bea0523a85f70b38719301f994c4546b8cafaf9da3f4924568c3d31dfcced5fccc6a40c3b3fd5576e5464ef29cde03d3e37d3a4ebba043bb048f40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@28.1.3#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aa440db6d1857fea30a8f155af02dd4a2b1e9e7a4d5520730f78b11ba5c7d27e411e5b204da69ca733fa3aabe5a6c3eb0e868b369a5df8c196d25f71b5dfffe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "1.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@1.9.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012141ba9d0ccf5bb28888c035a9f58f32d06a68bdcf53e86126428a2616d857333db7a75dce3915974164bcce4feafafa2722b8432876d982b62fa18da024d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@28.1.3#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd2f914160d771c5c32925a79076bf74fc2dfb6ab003c089cd1eb5c37168602be8a373e7f2dbc6732b26305d018f4117e5162f008d8422f0b9ece9a8b5f76d28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@28.0.2#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2cd08832348cb4cbd14af9c8e8558a316a64fb65ea3b321cea446c7b6036266909f5c2e718f6ba2d886901cf370c5d3b63ac200ffdfedff84d05efe7f13cd77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@28.1.3#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ac68e7d45895e4da77d9b7d48fc82f2003590d7dd28b9105b2cec325aaaf26b184a534a7e66717d18199f809de0c195505fbbbfa741b347794ce00a6bb88888" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@28.1.3#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "306dc836307227427802c3419bb4f786cbb1290a85222468fc052a6f5abd2d1288e5453a01aafd2476ebf48be7d535707d40fd2a2ad1a0cfd3eaef1795c40f1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-config" + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@28.1.3#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34830f12aa9ae7d3169c38b592f5d7a586eab1f426489b086e777ce667551a48837d0f564104d738bb2f21251fa279a7053fb0f395848277828a01047470c5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@28.1.3#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a951a3ce116324ddc597d0cfec3ef0871c27bd7cc1406bff615c480a3fc9c57cd97f8e51a413db9cabd36a9191972c376e089612d14bd294f5300b44beac7e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@28.1.3#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "719f9e4b9cdcefd301c2df88850862129d0e78175da5cd67f0c068d67301f00ee83cc2843be4ab7bec0768b25ec50523f586bff0d3816344444948188c1e9fa3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@28.1.3#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b7f8d1c3054c490ac847f9f3947d233d566b20e31e81eabedb345c5604ab228cddc1560e978ca2a28a4c017d2d261032874f52587c14aa6da0cd9870c5805c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@28.1.3#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97373c0a951b4a813876a4f453e835a8e0d08c14473e908f5e2b2c5c3e264bdfac5907669a9789f73487d6b4b51c492bb0c3747dbee72ab27d822011d5ddf007" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@28.1.3#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "784874c67f0796cb8e07116022cb3eda65fce55012e10cb739292357bae5056963b40e28587dfb825546c8e65266f12b0d3ff2072c1974f1b0097b93bd21bce6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@28.1.3#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e25ccc82d88d95cdc353ff2565f9aac4ddc0603e8618b6e5fbbdab741a57bdc57ec215fb983ad113390f769d919e67c8896060d586ee15291776e17625c69f26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "0.7.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "author": "Desmond Brand", + "description": "An ES6 string tag that strips indentation from multi-line strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@0.7.0", + "externalReferences": [ + { + "url": "git://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "43a7ca50faa7007032862520154ec15332e2bf491df2c687f5a97bb67bb943fa248fa767ba9c724e01480635732404dd7c8026f4d02cbd73738da29af9bc55c8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@28.1.3#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ab4f5cf8b20db2001539ba880e6d53ef4a548c4250c0e3ca30c74ec10cf0226ac5b4c98a581d83a8e071cbcfdab4055cc3554e2120b163cc9c344a8f5a08bfe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@28.0.2#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a88f6c3dfc3c526077ce9b994928275c0263c9cd05e66ccfd4ae5deb865821acfbd3dedb7eedaffea1773d6b390a98bbe88978ed57cddb116aa2fafb399e53c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@28.1.3#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2015bfd3a343a6c4747df994dbd780dfdaf371746097f20d71586513a94c394e266f7107f9b0728e6dde5470fc8b2f2a303700c03131775d6386d41ea6c65d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@28.1.3#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "910789eea1de98a7dbccaa068c71eb44a1fa6ad831324f049e493688f4375f03baa04fca603f253183b388291e481f46e1a74f3389d1d4313c4dfe497961fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@28.1.3#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "354fbcf3549c05040b7352471b9789194ed48b790b2ab9b008f3ed62c26d072922c6b3363a15509693261562633320df7641a004c3635c2181fde6f3b2034643" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@28.1.3#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba03fa5ce844a6300484662fa795e3f7cf67b39701d4ae99763058b92df4ba64f80901044dac5288f719fc4d64164b57e0692b70ce2abb4ec82250d85f5829f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@28.1.3#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ffc0e90bd8f387bf9da1fa89393a3ff580e1bd1d2cb07683ed16c44252694220b5cd9f97885a67277770c88969499e91af42d99a8ea04ff79122d048a6c5f2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@28.1.3#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a372768ebe9d30c598547e0b87f34a9835dda2caec2608b802f892f285cbba3723a423016f514cb1b9439ce5ca64a7d28872f162e6f5792d081ee457b22a3d78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@28.1.3#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6755b7b538c4e9068d23dd2aa3f049a5f9efa71b5a153170e420e0c29c84fcacfc53fd3a3751e37f889af6ab94842877f6a206585d59bb1162062250c1211829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@28.1.3#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a4330e03ff451277ad8e54ed281208e7db74ccf9825ad94d96bb9cf3f71b1007533158a0ce96b9f290fc6732c374b6726595f2cf8a71d391aeb5bb44216b104" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@28.1.3#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4996ce181584b1a4f104608ea6c45695796f364bd3918d17c517e1ef3626bddf2e2f9433ca0d021c05e25ca44e7e587cd35aae03afbf0ec4f83830ed84e0bf38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-validate" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@28.1.3#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9ad103b64345f342834fa2e31b09cec1bedb1e9bc7908153cd9309fd2e74be4769fc0da5433cbfd4d609e00b42d39754585c9534b896b604c0b60db4df16b1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "1.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "author": "Luke Edwards", + "description": "A tiny (813b), correct, general-purpose, and configurable \"exports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcdb691cd0cdee35a101a43d06f054619e984d7b110607ea58558fec16416a83093bf2371b9385cef4ee58d9590b768f8e29ecd45f9336b2cab066c7e2b7ec45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6884ea3b09cb6a7a472cd5d924435b3a08d405e1e8703fb1b1226636b8e8bca056e476d2a56dddd69125b3b18540f5165e2c06f7ed0fe06b477c4a82ff833423" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@28.1.1#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df06b2055362398c7473001b97daf09b990a14ff321c7dddfdf90468bd3634f4e40e88cfb6178607b1d9485638c335fe0f1cabbe15f3d0a482564b260a49c2b8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@28.1.3#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58554986742c88ab43128e651b698cd2fe344169c133eccc7471f226cf00599ec9d106494b9f4cb3229e2475a1a416411f7d92e3c14e56f1b23854f58740e5a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@28.1.3#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b78a9caa3f61cdefa3be214f50ddd802d0047859ebfdacc84d740430045fe5c330298d923014670904d72e2c53976d0e47a98b87d28b32b8152602484b29bed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "9.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@9.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04f4b8ca7256fe8f763d4478c20ae2cf651de60a524f9bf3e8641f322c440cad19f19094bf633b4a404bca41f9e93fbe5ecfbc967f734c66cebcd1887b4dbf8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "1.8.6", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@1.8.6", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2f9790092a3d94a6dcd2c17949e0efb101425ddc99e2612136861dd607f248d507e6ae9f74b85c146d8b6cedd7b9adb7498850388dc587a8266e9dad5bc125" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@28.1.3#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c55383f8a61cabc825eed696dca8c3b419241c61ed48b1a958083cd137285eb727b2c4c708c5ad75a8f343a5534b7ab7ad22d36a126618427d54633ff9c7534" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "28.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@28.1.2#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-28.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "715f0bc7705e4ad25bf22a4f1e7a95c3f20cd9508c58eddcad6673628752224c579d1717262a42771d4908ad0ae4cb09268b994131fbde6cdfe2f83145a1fdc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@28.1.3#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2f6e2f4b52b1c92e7dcd9435bac05da1bc832d77825497640d56b8eaf880521e2ae07eb477a3d46756dc7374418eda7f49c885b01e72df6f2e4acea04683660" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@28.1.3#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f11a8fd41fce5f38e34d692a317ebb8aa830055251802c8a0f72fd9eafba66a24c76f8c4f1180792da99ea336b91d313f9d26e60d237ae1429c5acfb76b2477f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@28.1.1#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "154d2215a1ff136ddaf9aef5f25f106bfd7d6c5f69d3a9201342a2a4c38c69dc1add28e768494accf6940b4be789bb3afc1ffd9e2f7bb3ad6671e8e4f16d5f43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@28.1.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe5fd55ac76dfda057823b212d6385c85b77215758ca9bb9cb65a7dab38ed6e9fa9e4a889fc48b5f38083185c5c98b11583c85e44b6198a24c21d26f934f20ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.24.51", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.24.51", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4fd4e44e9bfaddb9b3f96850d265020b534beb2c22787ef1ede84a2a1c433ed83fc6e4c2b76c86b299428b8adf09b3d81b9ece54c899e43ff4d944e2f0e2d50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@28.1.3#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae863792faefe7b0339f5c8f81d4de6cf017bdd476c5f7b368a298cd5c59e88b7fe4d0b1cc9ca6ead508e4fd7391d5a17d4624c4423db9959c41d6852e8f2625" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "28.0.8", + "bom-ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@28.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-28.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45686d255e644fcc0a62c7ca051bc44a8c0cf87a1b66f3230a393cb91d7ddf63a5bc926bceae6718d212831255b9d85268bfe7258546eb280aa87e78f89974e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@28.1.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fe7eea49be55801db41f9fbe1ca0d5f7cdfeb42d7309b1eccdbefc7c78887b88e47596e275a68c5881093517c3d8b4dabfe903830c70aab129d3152582e3dd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@28.1.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cded50a0267e79115293dda5af7c798ac04749d5fac4855196441ae43611b15dd72e1238bb43e500cd1c0abe6dbf5af9b6d7bd8402e1bf880ff4c720c714e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "4.9.5", + "bom-ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@4.9.5", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d455e4f44d879be433650ef3f8c7098872f8356d45d84cccbbd36af62df301a1aa89b69fa98c02554e96c9602ec90451cce971a2ef31652c972c437ca0a8f6e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yaml" + } + ] + } + ] + }, + { + "type": "library", + "name": "flat", + "group": "@types", + "version": "5.0.5", + "bom-ref": "@types/flat@5.0.5", + "description": "TypeScript definitions for flat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/flat@5.0.5#types/flat", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/flat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/flat/-/flat-5.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cf2e58d940a4a769ce77283503ceecdd45f188d130dbe6a3eb6fe4ab43237732d750ace9c6b0a9e21cdd62619b0910121542f7bde18ea0373db6b2021266af9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "group": "@types", + "version": "1.2.3", + "bom-ref": "@types/he@1.2.3", + "description": "TypeScript definitions for he", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/he@1.2.3#types/he", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/he", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abaeffab09716e50f3103bf31e1564c1cd60cd55b168dc5ec87501178c4496bbe32f5d4ef98b737bed5f1a904796bfc7f66ca20546945cd9cd3e6047c717c070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/he" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "group": "@types", + "version": "0.7.0", + "bom-ref": "@types/json-diff@0.7.0", + "description": "TypeScript definitions for json-diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-diff@0.7.0#types/json-diff", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-diff/-/json-diff-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db4209aaea461f2c2d21a13a7d2df48b2821ddd56a55dce6b27ad89ff545b916902b12f1fd1187e4af618427dcb55c6037b2b32659c3ee060500eacdc220a0b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-diff" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/jstoxml@2.0.4", + "description": "TypeScript definitions for jstoxml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jstoxml@2.0.4#types/jstoxml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jstoxml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jstoxml/-/jstoxml-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c750ca76b7c09f254b0ab7caa396ca595a59157af785836785fe4455f022a2350f8577798991f7b12035ed6449c6ff868965109534d9f8eb335d75254850dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jstoxml" + } + ] + }, + { + "type": "library", + "name": "lodash", + "group": "@types", + "version": "4.17.4", + "bom-ref": "@types/lodash@4.17.4", + "description": "TypeScript definitions for lodash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/lodash@4.17.4#types/lodash", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/lodash", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1808fdba64bc5a4f7477f6488ddbe1dc278913777535c1a23f718ee2bd662a14fea95b764da6f8ba59de8f1d9c7b4ffb7ccf4be5917320dd060b6bb0d9fc825" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/lodash" + } + ] + }, + { + "type": "library", + "name": "pretty", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/pretty@2.0.3", + "description": "TypeScript definitions for pretty", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pretty@2.0.3#types/pretty", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pretty", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pretty/-/pretty-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c51f7aa5284d96bc4b777819ab30a76da0266d88624588d6e750831637a4b597a6aa9059040024330c66e2006b6893ffc5280a72c4212d77655cec03356a3855" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pretty" + } + ] + }, + { + "type": "library", + "name": "flat", + "version": "5.0.2", + "bom-ref": "flat@5.0.2", + "author": "Hugh Kennedy", + "description": "Take a nested Javascript object and flatten it, or unflatten an object with delimited keys", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/flat@5.0.2", + "externalReferences": [ + { + "url": "git://github.com/hughsk/flat.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hughsk/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hughsk/flat/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fab2e103fb9ff7ad3a5405d1b582ea4897c30f14200c034417c269632e1bc250a714bdd138816932f73a6e1827171ceb33e09f703c6356aba38aa66233cf785" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "version": "1.2.0", + "bom-ref": "he@1.2.0", + "author": "Mathias Bynens", + "description": "A robust HTML entities encoder/decoder with full Unicode support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/he@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/he.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/he/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17fd439d418fa29391662d278be0afac28074391721001d12d2029b9858c9ab6d2c28376327ffb93e1a5dfc8099d1ef2c83664e962d7c221a877524e58d0ca1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/he" + } + ] + }, + { + "type": "library", + "name": "domelementtype", + "version": "2.3.0", + "bom-ref": "domelementtype@2.3.0", + "author": "Felix Boehm", + "description": "all the types of nodes in htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domelementtype@2.3.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domelementtype.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domelementtype#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domelementtype/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38b113063eb0d0eb1a801c1d5e73dd37472731f17da2937af5ca3eed9adb7cf1ab7693d5341523d36b298ba07537bc0284b4223e7e02487ff326f5f0e7a8261f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domelementtype" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "4.1.2", + "bom-ref": "chalk@4.1.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a9db845c91217a54b9ecfc881326c846b89db8f820e432ba173fc32f6463bfd654f73020ef5503aebc3eef1190eefed06efa48b44e7b2c3d0a9434eb58b898" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "chalk@4.1.2|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "3.0.0", + "bom-ref": "slash@3.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83d43585a79bcb7e8e492b706f89ed08618668ab1a5528d0ebc7c1c6841cbad9797d2d6fb98d7c1f7c12b778c5c85b6b931f8acf45751bce40e0cc80743322d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slash" + } + ] + }, + { + "type": "library", + "name": "v8-coverage", + "group": "@bcoe", + "version": "0.2.3", + "bom-ref": "@bcoe/v8-coverage@0.2.3", + "author": "Charles Samborski", + "description": "Helper functions for V8 coverage files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40bcoe/v8-coverage@0.2.3", + "externalReferences": [ + { + "url": "git://github.com/demurgos/v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://demurgos.github.io/v8-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/demurgos/v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21610f120780dbe73bd90786b174c1c6c046908e467316342237d2d562f2050769d25075bdb58a715ab88fad60c0488c626976b1f3744470bc6e49d9c63d9b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@bcoe/v8-coverage" + } + ] + }, + { + "type": "library", + "name": "collect-v8-coverage", + "version": "1.0.2", + "bom-ref": "collect-v8-coverage@1.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/collect-v8-coverage@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/SimenB/collect-v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "947978779fce3446cb949bda24db6c17f2f3f96bc1d3bbb6c9ca9361b76babb532a435da8a5112e2f6a561bd9e5a2245c599559a919e91faa8c50873c85753e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/collect-v8-coverage" + } + ] + }, + { + "type": "library", + "name": "exit", + "version": "0.1.2", + "bom-ref": "exit@0.1.2", + "author": "\"Cowboy\" Ben Alman", + "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://github.com/cowboy/node-exit/blob/master/LICENSE-MIT" + } + } + ], + "purl": "pkg:npm/exit@0.1.2", + "externalReferences": [ + { + "url": "git://github.com/cowboy/node-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cowboy/node-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cowboy/node-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "664fde34a576cdb8e92b3aec43e9f51baa6855b12b4312742c13895da299d445622f31fe86b2eef5c757238cf0f5d05026c970044a5b4363f5a12ee70f1b3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exit" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "7.2.3", + "bom-ref": "glob@7.2.3", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@7.2.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c5474ccba54d9809a471c28089bcbe94bc21f6245c85548bf04cbb087f6d40b8794cb240358614dd93e2e5609b4e958b7dbfa76fb330f604646a04bfa240af5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "glob@7.2.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "glob@7.2.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/brace-expansion" + } + ] + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45b279fe398570d342703579a3d7939c12c9fc7b33595d0fef76dcf857f89d2feb263f98692e881b288e2f45680585fe9755ab97793ade1fcaac7fa7849d17bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "version": "3.2.2", + "bom-ref": "istanbul-lib-coverage@3.2.2", + "author": "Krishnan Anantheswaran", + "description": "Data library for istanbul coverage objects", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-coverage@3.2.2#packages/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc769b05fabd1657ff0c35129f9e6aed09686e2a3c6bab6c3e8e9cc12f95192938b62de5569d63a6591c4595eb0938d99cfb02c01af29064439a9e4a342c54e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/core@7.24.4", + "author": "The Babel Team", + "description": "Babel compiler core.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/core@7.24.4#packages/babel-core", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20core%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3015653173fe924979dfde1104b4b1c64fe22d37951ae5d35777080d76af3e930caa74a7b7a6a92a06a7fd4f0edd44966425994ff4db81f12929ae2e3203780e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/core@7.24.4|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/parser@7.24.4", + "author": "The Babel Team", + "description": "A JavaScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/parser@7.24.4#packages/babel-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A+parser+%28babylon%29%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd3bc405c82199e0666bd4081ae9d67afbc1029e3f42ef4176afb69343ade1f54c0fabf776c0bd58e71148a93bb5147204cff9df228c264a3dc4e6ad1900304a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/parser" + } + ] + }, + { + "type": "library", + "name": "schema", + "group": "@istanbuljs", + "version": "0.1.3", + "bom-ref": "@istanbuljs/schema@0.1.3", + "author": "Corey Farrell", + "description": "Schemas describing various structures used by nyc and istanbuljs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/schema@0.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "657458e2336f56049543c0cbdcb4dc6a4680b57c13554c44f3586c96cc83d80b685d6ff05686f5d0790e2755ffa4095c23b0fed98a192a0e5da3c1bfc3a45880" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/schema" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "version": "3.0.1", + "bom-ref": "istanbul-lib-report@3.0.1", + "author": "Krishnan Anantheswaran", + "description": "Base reporting library for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-report@3.0.1#packages/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1827c4d66b6c1c63842c253c7bf67b616ce99b26ebc7ff9d4937cbaef63ca9199a63acd74ca5a7e964088da005c34ebd89c9ba19530d920bb437323888f65437" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-source-maps", + "version": "4.0.1", + "bom-ref": "istanbul-lib-source-maps@4.0.1", + "author": "Krishnan Anantheswaran", + "description": "Source maps support for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-source-maps@4.0.1#packages/istanbul-lib-source-maps", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-source-maps", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f7b3c13091d1482421b704f28162fb248171a8cbcf00473bde8248ad93ad0dc5177096d2ce4da1fb09488c457bf0628ae5d10ef5da212371607e7cafccad657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-source-maps" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "version": "3.1.7", + "bom-ref": "istanbul-reports@3.1.7", + "author": "Krishnan Anantheswaran", + "description": "istanbul reports", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-reports@3.1.7#packages/istanbul-reports", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05ec265172267ae464d986343d56f180a032b2f8513d4404d21e5044cfbe9d55b2b9b28657497ca90e68a7cf81d833a6c127badc98af8f406390f4157fc7cfe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "merge-stream", + "version": "2.0.0", + "bom-ref": "merge-stream@2.0.0", + "author": "Stephen Sugden", + "description": "Create a stream that emits events from multiple other streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-stream@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/grncdr/merge-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/grncdr/merge-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/grncdr/merge-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-stream" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "8.1.1", + "bom-ref": "supports-color@8.1.1", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@8.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3295043763a876d533c6f29097bd9c505ed14391221ec1af4ac546d226bd73945b5862f6088e02ec4a4f4bc513048a659e5cd988db95e7ac3e16e371cb7b72d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "string-length", + "version": "4.0.2", + "bom-ref": "string-length@4.0.2", + "author": "Sindre Sorhus", + "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-length@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa5eab34de5f607361659cb8d515ec629b428c0d88826ab8106ee4640605408d44d554d76abafa64f5c183a7aaed8e9e2b8144858e80265cae1486ffbff4b455" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-length" + } + ] + }, + { + "type": "library", + "name": "terminal-link", + "version": "2.1.1", + "bom-ref": "terminal-link@2.1.1", + "author": "Sindre Sorhus", + "description": "Create clickable links in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/terminal-link@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/terminal-link.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d059a245440daf93c9ab2f643fb738d05e4139fa469584ebc689c30a111907ba7367144da7f6edfb29a2cbdfe7a705f26bd287f7d9c9fc65c522252460615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/terminal-link" + } + ] + }, + { + "type": "library", + "name": "ansi-escapes", + "version": "4.3.2", + "bom-ref": "ansi-escapes@4.3.2", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for manipulating the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-escapes@4.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ansi-escapes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80a5e3e402eb29640bb181bd8e54d1991ff12a5bb11d5f99f501303488027ccd7fbb03cc0aecd55678799b04ddf8eb8165cc1220c6eab2c356466d65139d5069" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-escapes" + } + ] + }, + { + "type": "library", + "name": "supports-hyperlinks", + "version": "2.3.0", + "bom-ref": "supports-hyperlinks@2.3.0", + "author": "James Talmage", + "description": "Detect if your terminal emulator supports hyperlinks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-hyperlinks@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/supports-hyperlinks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "469b00665a56703c0e3d0036d9a087e09d2decbf09980bec0b17ce484c26edc42cdcbb21377e9069393077bd039c13970d61acb30d9e52873c09a4564f45ee9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "v8-to-istanbul", + "version": "9.2.0", + "bom-ref": "v8-to-istanbul@9.2.0", + "author": "Ben Coe", + "description": "convert from v8 coverage format to istanbul's format", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/v8-to-istanbul@9.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/v8-to-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fc41ffb03831536786c5a8ca7702c20e6438156abe9298b7b829811a9c35c49b67031123943f23f0f122196a4220c22cddc88d0201f47774d3262524633c998c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-to-istanbul" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "group": "@types", + "version": "2.0.6", + "bom-ref": "@types/istanbul-lib-coverage@2.0.6", + "description": "TypeScript definitions for istanbul-lib-coverage", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6#types/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9017fb7f6ae5a6d25b32f17b4a54f1b5f6fdec48e42525efd81d981f8dbfca0411ce19257e276abf4baef5adcabdb9306b2c05e6669a8989a41b313fb3354d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-istanbul", + "version": "6.1.1", + "bom-ref": "babel-plugin-istanbul@6.1.1", + "author": "Thai Pangsakulyanont @dtinth", + "description": "A babel plugin that adds istanbul instrumentation to ES6 code", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/babel-plugin-istanbul@6.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635210a24f7cdb5702f689c2c79a2d8057d19bb2e6f88fb0c313b1ef7f0cfd62cf67d438da6e081b95b414d5fc58b2f6818319a37264b97207d833a958cfaac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul" + } + ], + "components": [ + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "fast-json-stable-stringify", + "version": "2.1.0", + "bom-ref": "fast-json-stable-stringify@2.1.0", + "author": "James Halliday", + "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", + "externalReferences": [ + { + "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-json-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "4.0.2", + "bom-ref": "write-file-atomic@4.0.2", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecac5ab947419927569e6a5a18583ea69363285f2e34baf2f0bcb38dab900ce54e35f14b34aacabd03b167f56e4c8712fe081efd835a85fe512084164d26ab96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/write-file-atomic" + } + ] + }, + { + "type": "library", + "name": "execa", + "version": "5.1.1", + "bom-ref": "execa@5.1.1", + "author": "Sindre Sorhus", + "description": "Process execution for humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/execa@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/execa.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/execa#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/execa/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e4a9659a1c01944100f20420d263dcba3d1f21a2b6595ccdcdbb121e586288e3305327f321cc0cc6941c4d89a9fab4e43ff0b9cc08e091944725edd6f721ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/execa" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "3.1.0", + "bom-ref": "p-limit@3.1.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d839a9ccdf01b0346b193767154d83c0af0e39e319d78f9aa6585d5b12801ce3e714fe897b19587ba1d7af8e9d4534776e1dcdca64c70576ec54e5773ab8945" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "co", + "version": "4.6.0", + "bom-ref": "co@4.6.0", + "description": "generator async control flow goodness", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/co@4.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/tj/co.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/co#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/co/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4156f474ce47bc6fae6b18ad9bcc0e365ee396dc7c76a85f537dc372ab4e65c2d25482920c32c38bbfb42db00a8b223c843f6ee369b66315d290c1964e169e71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/co" + } + ] + }, + { + "type": "library", + "name": "is-generator-fn", + "version": "2.1.0", + "bom-ref": "is-generator-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if something is a generator function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-generator-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-generator-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-generator-fn" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "version": "2.0.6", + "bom-ref": "stack-utils@2.0.6", + "author": "James Talmage", + "description": "Captures and cleans stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-utils@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/stack-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/stack-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/stack-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5916bdf226e919ac5ad349c7ebaab4a2d2f1ea856f1520d19ccb5ea63471a132f65ee1aee5fc2298839e3b0b6afa0182a08247bd53a963bc31a5d885e27745" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "2.0.0", + "bom-ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "529cdc2c25e895459c36ee47b5530761d5c98c0ae3b05f42d1a367aae658638b96fd5bb49a2cb96285af6d5df8e476ae56f700527a51ba130c72a4dc18e636fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils/node_modules/escape-string-regexp" + } + ] + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "5.2.0", + "bom-ref": "parse-json@5.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b208abe6fe98421b13a461148233cda20f072df3f1289d2120092c56c43eef7ba8c7820b059787d955004f44d810a0a8ae57fa1d845ac6cd05d9c1b89f0bc46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "strip-json-comments", + "version": "3.1.1", + "bom-ref": "strip-json-comments@3.1.1", + "author": "Sindre Sorhus", + "description": "Strip comments from JSON. Lets you use comments in your JSON files!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-json-comments@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-json-comments.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9f3dcf91e22870a8fe8dfda22fd9fd60307f25395b56407a2a0b8c8aea8483555a1cba602c7c2aa39179ea89832198cc12fe61072e9ed57a196ddea97a9448a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-json-comments" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "group": "@types", + "version": "4.1.9", + "bom-ref": "@types/graceful-fs@4.1.9", + "description": "TypeScript definitions for graceful-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/graceful-fs@4.1.9#types/graceful-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/graceful-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/graceful-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a253f7b1dd6a3847b97574d2685bd01bed3655d45771dcad58b019b00ab53de714f2ea9002192b9db962ec36a08ed5ca5bf065ed825b52c6bc30f72e73c2c711" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "anymatch", + "version": "3.1.3", + "bom-ref": "anymatch@3.1.3", + "author": "Elan Shanker", + "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/anymatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/anymatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/anymatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/anymatch" + } + ] + }, + { + "type": "library", + "name": "fb-watchman", + "version": "2.0.2", + "bom-ref": "fb-watchman@2.0.2", + "author": "Wez Furlong", + "description": "Bindings for the Watchman file watching service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/fb-watchman@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79d7ad41a9bb826929c1f2321bcd01ce96982c3e62b9ac95437c328ef75031b39342d6ebb71d1426eb0b7d71df7ff86b504083b9dc97465d7a320e94c0b2060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fb-watchman" + } + ] + }, + { + "type": "library", + "name": "fsevents", + "version": "2.3.3", + "bom-ref": "fsevents@2.3.3", + "description": "Native Access to MacOS FSEvents", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/fsevents/fsevents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fsevents/fsevents", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fsevents/fsevents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fsevents" + } + ] + }, + { + "type": "library", + "name": "walker", + "version": "1.0.8", + "bom-ref": "walker@1.0.8", + "author": "Naitik Shah", + "description": "A simple directory tree walker.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/walker@1.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-walker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6cffc13c9796fb918d2f9562dec0e9035cc98f74b7155781a63902f2c6e4acc0826cc1e78566d02c305ee4d4db33cfe4d8050ae56119b33a7af7f7ccb525e99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/walker" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/code-frame@7.24.2", + "author": "The Babel Team", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.24.2#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-code-frame", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb9fad2d0c95f298377ec8a59faec154b0f53f5dc4838961e515bd985d3352ebcbaeff6e210e0c08bf82453f854ec0650637086a7e8f1ac2dc04dd26dc2954c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/code-frame" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/stack-utils@2.0.3", + "description": "TypeScript definitions for stack-utils", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/stack-utils@2.0.3#types/stack-utils", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/stack-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/stack-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5a11b619dd36d83339cf75c76bdd2988acb5f00bf00a65741e09ff4f81aa3908a6fc0b21ee117e63cd63d392fade82f85124772944ee81168196f7271a3a463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/stack-utils" + } + ] + }, + { + "type": "library", + "name": "jest-pnp-resolver", + "version": "1.2.3", + "bom-ref": "jest-pnp-resolver@1.2.3", + "description": "plug'n'play resolver for Webpack", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-pnp-resolver@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/arcanis/jest-pnp-resolver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb7369c10127468201b71e1fca16e54033e0248d07d48108917ed284b5233c603b4ed513bc8d6888a8b7491e28051d21421411f349785807b946b5c1c16300f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-pnp-resolver" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "3.1.0", + "bom-ref": "detect-newline@3.1.0", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cbcfec7fbc45e6fd8ecfef09f510914d2f1629503e1380ca2cc58e9f0152549c931bba91c13a7731c96506f4ea53687f44043eee148e4b7c482630e739e03b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-newline" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "version": "0.5.13", + "bom-ref": "source-map-support@0.5.13", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/source-map-support@0.5.13", + "externalReferences": [ + { + "url": "git+https://github.com/evanw/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "48748a14769d8d5039a11e0f3ea86d01575c056c1161577a83a7005e721b4622307361213eb4ee29405d48bbe510ac883f71827fcf5f96dbdc6623fd30c140d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-support" + } + ] + }, + { + "type": "library", + "name": "type-detect", + "version": "4.0.8", + "bom-ref": "type-detect@4.0.8", + "author": "Jake Luer", + "description": "Improved typeof detection for node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-detect@4.0.8", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/type-detect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/type-detect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/type-detect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1faff9881f57653bec7b4e570ccbe6c80ea28fb30ffbd2d5727875bbf3b828423866a9a65ed74bb02ee8ee6caf6af4b83a162868d4a50a0d8cf467b93b839fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-detect" + } + ] + }, + { + "type": "library", + "name": "callsites", + "version": "3.1.0", + "bom-ref": "callsites@3.1.0", + "author": "Sindre Sorhus", + "description": "Get callsites from the V8 stack trace API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/callsites@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/callsites.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/callsites#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/callsites/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/callsites" + } + ] + }, + { + "type": "library", + "name": "cjs-module-lexer", + "version": "1.2.3", + "bom-ref": "cjs-module-lexer@1.2.3", + "author": "Guy Bedford", + "description": "Lexes CommonJS modules, returning their named exports metadata", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cjs-module-lexer@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/cjs-module-lexer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d133621acb5b426085c2de1a9238c1839a4b4534b28ff3e4590d59a0edb39ed9a0f722ea491c7011ae2209f40b1a3aa18aa05f3896bb5bf13cc1f1ab4c39a565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cjs-module-lexer" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "4.0.0", + "bom-ref": "strip-bom@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df1bab16fe6d1208a2df7662f09b69e79c042082d1f5e877e05016d343d97fe2674ac4e657f8a87b04a0425f7b247be08e8446c0f4a1b169be21daf1077e5dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom" + } + ] + }, + { + "type": "library", + "name": "generator", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/generator@7.24.4", + "author": "The Babel Team", + "description": "Turns an AST into code.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/generator@7.24.4#packages/babel-generator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20generator%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ddebebfa4a78d6571fe7bacfb2d25d6cc4c39338c064c8be3e04875b00bc9ab509c07bf49156300d7833d2098697fa2d62266b8648a7f767e13e57fbdad47bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator" + } + ], + "components": [ + { + "type": "library", + "name": "jsesc", + "version": "2.5.2", + "bom-ref": "@babel/generator@7.24.4|jsesc@2.5.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator/node_modules/jsesc" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-typescript", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-typescript@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of TypeScript syntax", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.24.1#packages/babel-plugin-syntax-typescript", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-typescript", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6219e6bf2e476449c752dcba8befa071f1f5fe5ebc0079c8b451e7682bfa867f5d361d2142fbd026cc698b804c0453790cb78706eb9c4ffd038335e27ff3b247" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-typescript" + } + ] + }, + { + "type": "library", + "name": "traverse", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/traverse@7.24.1", + "author": "The Babel Team", + "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/traverse@7.24.1#packages/babel-traverse", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20traverse%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6e53aa3d9baf0a7aa65b42e0edd9370a4b1530fe6aecbdabe512a43595e67f07e0bdb64e84e2c456cbded669782fab913e9d4ddc5ccc6fdd628e09a9d530299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse" + } + ], + "components": [ + { + "type": "library", + "name": "globals", + "version": "11.12.0", + "bom-ref": "@babel/traverse@7.24.1|globals@11.12.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@11.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse/node_modules/globals" + } + ] + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/types@7.24.0", + "author": "The Babel Team", + "description": "Babel Types is a Lodash-esque utility library for AST nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/types@7.24.0#packages/babel-types", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20types%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa3edae5cdb9dd17ca87c880041872c1cf0d49f3f92d445eed4878aa9b21ea373e68b260baf98850176349d10c42fd9b10dac247931f45d8c6a3bbf34bfa1bef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/types" + } + ] + }, + { + "type": "library", + "name": "babel__traverse", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__traverse@7.20.5", + "description": "TypeScript definitions for @babel/traverse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__traverse@7.20.5#types/babel__traverse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5970b239c46d1f7ec70149295e151db9ac5d9bcd9be064a5c93a9a8d7be237811f8ae3e0358475d3dc4c08abe997accf229b9ad031a53040c2abe83c11da2179" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__traverse" + } + ] + }, + { + "type": "library", + "name": "prettier", + "group": "@types", + "version": "2.7.3", + "bom-ref": "@types/prettier@2.7.3", + "description": "TypeScript definitions for prettier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prettier@2.7.3#types/prettier", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prettier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prettier", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbaf243fdcb3b382cca7b54d87c81dccc48f6452f8e0c2c6aa21d6bedb5825efbaaa7b95af8124f70481428bdea98febf8bc2309c536f643559227708a6fa460" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prettier" + } + ] + }, + { + "type": "library", + "name": "babel-preset-current-node-syntax", + "version": "1.0.1", + "bom-ref": "babel-preset-current-node-syntax@1.0.1", + "author": "Nicolò Ribaudo", + "description": "A Babel preset that enables parsing of proposals supported by the current Node.js version.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-current-node-syntax@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "33b2d0d1bc5aae4c50a0dfafcf96893ec2c19fbee7f10813166a3c58ad3fe386ae2b6c65097ad8714c47171814eea5b9633c3f0a398b44adae27368277b2efa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-current-node-syntax" + } + ] + }, + { + "type": "library", + "name": "natural-compare", + "version": "1.4.0", + "bom-ref": "natural-compare@1.4.0", + "author": "Lauri Rooden", + "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-compare@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/litejs/natural-compare-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "396343f1e8b756d342f61ed5eb4a9f7f7495a1b1ebf7de824f0831b9b832418129836f7487d2746eec8408d3497b19059b9b0e6a38791b5d7a45803573c64c4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-compare" + } + ] + }, + { + "type": "library", + "name": "leven", + "version": "3.1.0", + "bom-ref": "leven@3.1.0", + "author": "Sindre Sorhus", + "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/leven@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/leven.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/leven#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/leven/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/leven" + } + ] + }, + { + "type": "library", + "name": "react-is", + "version": "18.2.0", + "bom-ref": "react-is@18.2.0", + "description": "Brand checking of React Elements.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/react-is@18.2.0#packages/react-is", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/react.git#packages/react-is", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://reactjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/react/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c56183216eb1f76d71b733e486250bb6d8491e826f05b177ab6e9fce5a0f08ad21b2fc6d3d57a5bdfb70df38db1d64a4476926f59fb8bb16c30caffa670f41f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/react-is" + } + ] + }, + { + "type": "library", + "name": "rimraf", + "version": "3.0.2", + "bom-ref": "rimraf@3.0.2", + "author": "Isaac Z. Schlueter", + "description": "A deep deletion module for node (like `rm -rf`)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/rimraf@3.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/rimraf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/rimraf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/rimraf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "25990931990018514f3f662a5d95cf6cc94c060b31cc4f082ece253085ffda8d0bf54070f4efd8de8eb0170fe2f582daa5c5095b0a9b8b791dc483dd0bad9320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rimraf" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "group": "@types", + "version": "3.0.4", + "bom-ref": "@types/istanbul-reports@3.0.4", + "description": "TypeScript definitions for istanbul-reports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-reports@3.0.4#types/istanbul-reports", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-reports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a64d81d4d59a945f6da0246eea08c1cd1ebdb321633f839df164405fed2699ff6502309189c2ce59cf99af1647c7fd17463a2d82417db7a89a309f9a5dc39d65" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "yargs", + "group": "@types", + "version": "17.0.32", + "bom-ref": "@types/yargs@17.0.32", + "description": "TypeScript definitions for yargs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs@17.0.32#types/yargs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c50ebb61cfe568e1b9b8c7d7ff4f77311946182201cd931aad56be81f34a271580220ca462954690175ba84cc60c37c2ad5523e8789f7f8993679040e93980a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs" + } + ] + }, + { + "type": "library", + "name": "import-local", + "version": "3.1.0", + "bom-ref": "import-local@3.1.0", + "author": "Sindre Sorhus", + "description": "Let a globally installed package use a locally installed version of itself if available", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-local@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-local.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-local#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-local/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012074eee2ed9c3b35a3a1078caa57df804a6034aa9c57ab7d33892f61ef32a17bd0b9f1a639330c1f09e38a13f69bb800c3e44307fc8e5eacce0bcd776b5122" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-local" + } + ] + }, + { + "type": "library", + "name": "prompts", + "version": "2.4.2", + "bom-ref": "prompts@2.4.2", + "author": "Terkel Gjervig", + "description": "Lightweight, beautiful and user-friendly prompts", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompts@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/prompts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/prompts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/prompts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37136ffe42e0b8203ba778c4f282f668406cac95a001a901a609a02ba9693d657e5ae3a663aaf6ff36c05673fe4fc6d0940d27cc75d2252256d07abbca5683d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompts" + } + ] + }, + { + "type": "library", + "name": "kleur", + "version": "3.0.3", + "bom-ref": "kleur@3.0.3", + "author": "Luke Edwards", + "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kleur@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/kleur.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/kleur#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/kleur/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kleur" + } + ] + }, + { + "type": "library", + "name": "sisteransi", + "version": "1.0.5", + "bom-ref": "sisteransi@1.0.5", + "author": "Terkel Gjervig", + "description": "ANSI escape codes for some terminal swag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sisteransi@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/sisteransi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/sisteransi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/sisteransi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sisteransi" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "17.7.2", + "bom-ref": "yargs@17.7.2", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@17.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd4b3cd143ef822a7348fe4aca9d8455ec928a3d45cc121eb5b286872a0f66ad6121cc55a1167c4fc4697eebd703d4ebbadc2d773543c29e621caefa82b8ceb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs" + } + ], + "components": [ + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "yargs@17.7.2|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs/node_modules/yargs-parser" + } + ] + } + ] + }, + { + "type": "library", + "name": "json-diff", + "version": "0.9.1", + "bom-ref": "json-diff@0.9.1", + "author": "Andrey Tarantsov", + "description": "JSON diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-diff@0.9.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/andreyvit/json-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/json-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-diff/-/json-diff-0.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67778c83a91b55306bde0fc8a6617acf6f322f6b2a8b89242252560d04add1ab905b6cb4405bb746648a8b3be3f3cd04fc453235a9ef598de88bf4f967b640d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-diff" + } + ] + }, + { + "type": "library", + "name": "cli-color", + "version": "2.0.4", + "bom-ref": "cli-color@2.0.4", + "author": "Mariusz Nowak", + "description": "Colors, formatting and other tools for the console", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-color@2.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/cli-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/cli-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/cli-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-color/-/cli-color-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce59e98348cd7226cdaceec61bd21e1c7ee669615e0b3f896b5c31ffbb59354e4049249267efea65c88cd3f2c7098c5276abf9876b1d6d0fcf5d874eb9eb57bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-color" + } + ] + }, + { + "type": "library", + "name": "d", + "version": "1.0.2", + "bom-ref": "d@1.0.2", + "author": "Mariusz Nowak", + "description": "Property descriptor factory", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/d@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/d.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/d#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/d/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/d/-/d-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30ea87bcc585f7ff4c5fa9f36b42a0bc51f81e9314d04179b940d7a97fc1b71b54f0d7c1d10cd1b49f0e7bfe92b92e246e1cb3549c2377dec40383caaf327c6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/d" + } + ] + }, + { + "type": "library", + "name": "es5-ext", + "version": "0.10.64", + "bom-ref": "es5-ext@0.10.64", + "author": "Mariusz Nowak", + "description": "ECMAScript extensions and shims", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es5-ext@0.10.64", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.64.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a76b270e188b6977ba75a86cb352dd771a849be4a4b83bd5f1d9c8406d0c5a3c87a5c30d7d728f13efc2734cbe3e1c495f7038c4635e1428f9a1cd01521e9d7a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es5-ext" + } + ] + }, + { + "type": "library", + "name": "type", + "version": "2.7.2", + "bom-ref": "type@2.7.2", + "author": "Mariusz Nowak", + "description": "Runtime validation and processing of JavaScript types", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/type@2.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type/-/type-2.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77396f94d96de805d4ec40527e902c732750ee05c1fa93c6b0f9df26766988d2410e3ec8689cd094165819d122e11f4798f741bf65e6589e9852da136bb9660b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type" + } + ] + }, + { + "type": "library", + "name": "es6-iterator", + "version": "2.0.3", + "bom-ref": "es6-iterator@2.0.3", + "author": "Mariusz Nowak", + "description": "Iterator abstraction based on ES6 specification", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-iterator@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-iterator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf0e12473a1491df9c97e668135e40f68d6841df76d016f488e24c4244219778cd734dd8a958c0846eec71ff42e4a59153f475dceadfe7cf2e082eb9db9a34da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-iterator" + } + ] + }, + { + "type": "library", + "name": "es6-symbol", + "version": "3.1.4", + "bom-ref": "es6-symbol@3.1.4", + "author": "Mariusz Nowak", + "description": "ECMAScript 6 Symbol polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-symbol@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es6-symbol.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d6c51635fcb458804e0b64275ce0db9f8abe2217a6046f4474bcb1abb719f855cd385142b39e92c3de4f40565b630d66cd4e1162750cf5ce40c9f428a464be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-symbol" + } + ] + }, + { + "type": "library", + "name": "ext", + "version": "1.7.0", + "bom-ref": "ext@1.7.0", + "author": "Mariusz Nowak", + "description": "JavaScript utilities with respect to emerging standard", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ext@1.7.0#ext", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git#ext", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/tree/ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ea1c5e25868bd75d1af5be531094a3d20a23c87400980d9c8793acfb2482880d5019d4baf7b5d6635a73b2b4a3a80f4b0c4120741fcaca9225479f5170bb8763" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ext" + } + ] + }, + { + "type": "library", + "name": "esniff", + "version": "2.0.1", + "bom-ref": "esniff@2.0.1", + "author": "Mariusz Nowak", + "description": "Low footprint ECMAScript source code parser", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/esniff@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/esniff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/esniff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/esniff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esniff/-/esniff-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91350818a43f9833c5a09d2855f726c899f88810d1a6d8cd548cf020547bb6a59775523dc5f03644cc18fe06d2a491b79647563448cb6a9fcda951d9889b1d7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esniff" + } + ] + }, + { + "type": "library", + "name": "event-emitter", + "version": "0.3.5", + "bom-ref": "event-emitter@0.3.5", + "author": "Mariusz Nowak", + "description": "Environment agnostic event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/event-emitter@0.3.5", + "externalReferences": [ + { + "url": "git://github.com/medikoo/event-emitter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/event-emitter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/event-emitter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fdad19fdcbb90b3e727e84cabb4bf9e1be82b0c2f5496a1062d813e6c776ef6ec11d2b75bd8a2f1c0521a33feef6fcb9cce27e9fa37f9d9025f915e4d0aee5c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/event-emitter" + } + ] + }, + { + "type": "library", + "name": "next-tick", + "version": "1.1.0", + "bom-ref": "next-tick@1.1.0", + "author": "Mariusz Nowak", + "description": "Environment agnostic nextTick polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/next-tick@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/next-tick.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/next-tick#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/next-tick/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977548897a66ec363b93a10bf16b23d917d56a86dee17b0b2fcb6b0e59a7cbbe2d9ac1f963f66382e9b1c8839d28ad7f0826f58a63dc1843fcc1da4a203ec95" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/next-tick" + } + ] + }, + { + "type": "library", + "name": "memoizee", + "version": "0.4.15", + "bom-ref": "memoizee@0.4.15", + "author": "Mariusz Nowak", + "description": "Memoize/cache function results", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/memoizee@0.4.15", + "externalReferences": [ + { + "url": "git://github.com/medikoo/memoizee.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/memoizee#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/memoizee/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5015a62692d97794933e6ecf31494ec3f4d2cbdef633ecfc81cc90e6f78e9d20d1444cffd1b9a9c937cab77ff9d4384406a099427d6e74cff97e57123d886475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/memoizee" + } + ] + }, + { + "type": "library", + "name": "es6-weak-map", + "version": "2.0.3", + "bom-ref": "es6-weak-map@2.0.3", + "author": "Mariusz Nowak", + "description": "ECMAScript6 WeakMap polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-weak-map@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-weak-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79ba6df61ce4ced643fec3b3d19c1fb9950e3767a9aeb8cb8831f7ef0cdf1907819c9e32c157acc64ada5b01220c9380c202f11a6a685edb387209bfd05d7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-weak-map" + } + ] + }, + { + "type": "library", + "name": "is-promise", + "version": "2.2.2", + "bom-ref": "is-promise@2.2.2", + "author": "ForbesLindesay", + "description": "Test whether an object looks like a promises-a+ promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-promise@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/then/is-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/then/is-promise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/then/is-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa53f8ffa94a5017d08d9da97714e166f2d401a7e665bf0e03115bf175ed890992df920d82bf3985d386a04b35db87b3d450a7649b7a8dabbf4fe6a5879f1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-promise" + } + ] + }, + { + "type": "library", + "name": "lru-queue", + "version": "0.1.0", + "bom-ref": "lru-queue@0.1.0", + "author": "Mariusz Nowak", + "description": "LRU Queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lru-queue@0.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/lru-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/lru-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/lru-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06975892df44bc697c39f5870d03c8495a5c979c59b616fe5cfb1b10b8f90105f1202f08ae20d92106230493c49b9ad2e36d2c8d9d132c4cd172ae4a741858ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-queue" + } + ] + }, + { + "type": "library", + "name": "timers-ext", + "version": "0.1.7", + "bom-ref": "timers-ext@0.1.7", + "author": "Mariusz Nowak", + "description": "Timers extensions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/timers-ext@0.1.7", + "externalReferences": [ + { + "url": "git://github.com/medikoo/timers-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/timers-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/timers-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fce4d50dcd349da1d4a14c86e4cba645d367bc493b5555f0fe7eee1a5d74a11042e9a331fe6c2a492d830f65bb0004ddb00c7edf269a88a17c49a736dfd0da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/timers-ext" + } + ] + }, + { + "type": "library", + "name": "difflib", + "version": "0.2.4", + "bom-ref": "difflib@0.2.4", + "author": "Xueqiao Xu", + "description": "text diff library ported from Python's difflib module", + "licenses": [ + { + "license": { + "name": "PSF", + "url": "http://docs.python.org/license.html" + } + } + ], + "purl": "pkg:npm/difflib@0.2.4", + "externalReferences": [ + { + "url": "git://github.com/qiao/difflib.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/difflib.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/difflib.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/difflib/-/difflib-0.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5857098c6f4c101d036be49f66e814a3e9f938a5f1884c640e3acf83f4597e20d38358539fbe1214d6136fe86811d510680bff4d25cc2eefbcd2871574913ef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/difflib" + } + ] + }, + { + "type": "library", + "name": "heap", + "version": "0.2.7", + "bom-ref": "heap@0.2.7", + "author": "Xueqiao Xu", + "description": "binary heap (priority queue) algorithms (ported from Python's heapq module)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/heap@0.2.7", + "externalReferences": [ + { + "url": "git://github.com/qiao/heap.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/heap.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/heap.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9bb1e8189241cefa1ffd3066e7e8a59c138e5c1d980f00da392d717b12f59d4f4c93d8482e4953b59c3814e5cf3e64e3f0a76bcc35aed816c26155c0d1f5276" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/heap" + } + ] + }, + { + "type": "library", + "name": "dreamopt", + "version": "0.8.0", + "bom-ref": "dreamopt@0.8.0", + "author": "Andrey Tarantsov", + "description": "Command-line parser with readable syntax from your sweetest dreams", + "purl": "pkg:npm/dreamopt@0.8.0", + "externalReferences": [ + { + "url": "git://github.com/andreyvit/dreamopt.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dreamopt/-/dreamopt-0.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf2253a7cfa60be1bee5d7e0b18fabddc931973f90317e345633d0b19739831540c4b9a2eb84c1a1590fe7803fa51017317b1bbb618c301ad93f136fdb7c1a32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dreamopt" + } + ] + }, + { + "type": "library", + "name": "wordwrap", + "version": "1.0.0", + "bom-ref": "wordwrap@1.0.0", + "author": "James Halliday", + "description": "Wrap those words. Show them at what columns to start and stop.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wordwrap@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/substack/node-wordwrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-wordwrap#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-wordwrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "82f57324594fc9c29ce5d64de323e43fcc3b0dcdfb06d3f5c9ccc49de39be2eab7e295d972faed45399657c5be5267be5c2c4a81b8ccfa77af93214f3326dde1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wordwrap" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "version": "3.2.10", + "bom-ref": "jstoxml@3.2.10", + "author": "David Calhoun", + "description": "Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jstoxml@3.2.10", + "externalReferences": [ + { + "url": "git://github.com/davidcalhoun/jstoxml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/davidcalhoun/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davidcalhoun/jstoxml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jstoxml/-/jstoxml-3.2.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "735bf6085c4aae120f5abf9c3ab04e2569029646b945f5161b5d98d60ab2143e1dcca4e5c646ab9e2925c0e4ffeb047565f97ec76655223448411f431621b5ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jstoxml" + } + ] + }, + { + "type": "library", + "name": "pretty", + "version": "2.0.0", + "bom-ref": "pretty@2.0.0", + "author": "Jon Schlinkert", + "description": "Some tweaks for beautifying HTML with js-beautify according to my preferences.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/pretty.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bdc54721813122369a2b99d60197e3e16b9d20394a2f4f5f08bc07bb118319d7f7fd5bf59630f467fb123af325cd3149374171c3c28ff5c15ff835e8d535ed7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty" + } + ] + }, + { + "type": "library", + "name": "condense-newlines", + "version": "0.2.1", + "bom-ref": "condense-newlines@0.2.1", + "author": "Jon Schlinkert", + "description": "Replace extraneous newlines with a single newline, or pass a specified number of newlines to use.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/condense-newlines@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/condense-newlines.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fb5fe40bf476fd07f73c1c8e411452a68e006ed97a50b85f7c599f5790ef9d046824e57830890cfba354a6a6094d588777e7cd54712d1214059fa0884c1cf7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/condense-newlines" + } + ] + }, + { + "type": "library", + "name": "extend-shallow", + "version": "2.0.1", + "bom-ref": "extend-shallow@2.0.1", + "author": "Jon Schlinkert", + "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extend-shallow@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/extend-shallow.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc29d3b65c4da0088373782a636698016171ed759689ab2e1762bc31ee566cdf28b4729350a0708cfb4da51b3fadb5199bb2b158068d8fb3f56bfa79d866d5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/extend-shallow" + } + ] + }, + { + "type": "library", + "name": "is-whitespace", + "version": "0.3.0", + "bom-ref": "is-whitespace@0.3.0", + "author": "Jon Schlinkert", + "description": "Returns true if the value passed is all whitespace.", + "purl": "pkg:npm/is-whitespace@0.3.0", + "externalReferences": [ + { + "url": "git://github.com/jonschlinkert/is-whitespace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47274f865e12e89c00ca3d09263b215891051ba84dc9ede964505165a4d47d9170187c73a6935a34e56042e4bf13f4a586b029b8c5eba672b51042177dda370e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-whitespace" + } + ] + }, + { + "type": "library", + "name": "kind-of", + "version": "3.2.2", + "bom-ref": "kind-of@3.2.2", + "author": "Jon Schlinkert", + "description": "Get the native type of a value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@3.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/kind-of.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e5bd4105cca191a0fe8aa754da0d4d320510889dd7adbb5827df50124474cc58029abb98d13b0a9cee7083dcf99420db93e17a3ec8252997de13bea1b94eb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kind-of" + } + ] + }, + { + "type": "library", + "name": "is-buffer", + "version": "1.1.6", + "bom-ref": "is-buffer@1.1.6", + "author": "Feross Aboukhadijeh", + "description": "Determine if an object is a Buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-buffer@1.1.6", + "externalReferences": [ + { + "url": "git://github.com/feross/is-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/is-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/is-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-buffer" + } + ] + }, + { + "type": "library", + "name": "is-extendable", + "version": "0.1.1", + "bom-ref": "is-extendable@0.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extendable@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extendable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e413142cda1bd6f8055fa123430e62cd60f1ade7162bd00cef6aee80daf44c595d30e8b47e3e8993ecde288b74c468f87047d0209b61e30dce296389e1ff8017" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extendable" + } + ] + }, + { + "type": "library", + "name": "js-beautify", + "version": "1.15.1", + "bom-ref": "js-beautify@1.15.1", + "author": "Einar Lielmanis", + "description": "beautifier.io for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-beautify@1.15.1", + "externalReferences": [ + { + "url": "git://github.com/beautifier/js-beautify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://beautifier.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beautifier/js-beautify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1128cdcd296dfec584f2c722647f24045f013e5c173f0851ea958a030f1bc380708fe899727296e8e35652eb49ede39bb81650a6221bf12ece62ca56acab7bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify" + } + ], + "components": [ + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "js-beautify@1.15.1|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "js-beautify@1.15.1|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/minipass" + } + ] + } + ] + }, + { + "type": "library", + "name": "config-chain", + "version": "1.1.13", + "bom-ref": "config-chain@1.1.13", + "author": "Dominic Tarr", + "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", + "purl": "pkg:npm/config-chain@1.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/config-chain.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/dominictarr/config-chain", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/config-chain/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa3f9ff003c04571eb33486b6aa5d86f6fdb395495e0fbc9425359fc3563d10ae634cdaad9eba2ce47ae55c910e7b27e5b49911fa1ef8be939d0ce09ba5d9545" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/config-chain" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "1.3.8", + "bom-ref": "ini@1.3.8", + "author": "Isaac Z. Schlueter", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@1.3.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "255ff2ba0576bb35b988c4528990320ed41dfa7c6d5278de2edd1a70d770f7c90a2ebbee455c81f34b6c444384ef2bc65606a5859e913570a61079142812b17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ini" + } + ] + }, + { + "type": "library", + "name": "proto-list", + "version": "1.2.4", + "bom-ref": "proto-list@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "A utility for managing a prototype chain", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proto-list@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/proto-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/proto-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/proto-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bed2bff786a4c6c4cc85ed3f71b7e947eb323eeb3372ec21a958c9ab6e82b8d0e01468faf36a1105738fe4c269bf6afb26d13c32c89ea4622abef3930709f6bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proto-list" + } + ] + }, + { + "type": "library", + "name": "editorconfig", + "version": "1.0.4", + "bom-ref": "editorconfig@1.0.4", + "author": "EditorConfig Team", + "description": "EditorConfig File Locator and Interpreter for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/editorconfig@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/editorconfig/editorconfig-core-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fd41ed3c2964e5a98315bcc71322f300765d5c0d4b9bcd13582fe59f0386cb0cc1dee277a62a4a666339339c4d45c0b2aed04126cbaa1b8102b3309ae0e31f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "9.0.1", + "bom-ref": "editorconfig@1.0.4|minimatch@9.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d235a12690ff31d84f5f03ee8919026df61f48aa76aa79f678e736efda88edffa8b25fe5fa9aca4abbe1835e7bcd262fc7fd679a09f636a753ea4d99ef3487f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig/node_modules/minimatch" + } + ] + } + ] + }, + { + "type": "library", + "name": "wasm", + "group": "@one-ini", + "version": "0.1.1", + "bom-ref": "@one-ini/wasm@0.1.1", + "description": "Parse EditorConfig-INI file contents into AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40one-ini/wasm@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/one-ini/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/one-ini/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/one-ini/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eec921b5137f1849c489a0c96aa2f2ebbb829350d4a38154c88f287ba8c5fa68d3791d8e42b792e14497713bbf49b53cca7f357f6e75a9cfeceab98ac84acbf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@one-ini/wasm" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "10.0.1", + "bom-ref": "commander@10.0.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@10.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb8320dad5ec8699446d21b3c7b6a6ccfc0a28e086ba84913ff0a311dc3093414e1a551baba94aba8c83653359926c47749b69e7885d7d8fc952b74bed77ddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7008bd0f1e33e902e9a50bc7ac2e422c15b27cec8bd7775b1cd5dc5a564c6035f45eb6d64c1d6ec01c14a5e02941d95accbe998ea22f5b074f1584142cad0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "js-cookie", + "version": "3.0.5", + "bom-ref": "js-cookie@3.0.5", + "author": "Klaus Hartl", + "description": "A simple, lightweight JavaScript API for handling cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-cookie@3.0.5", + "externalReferences": [ + { + "url": "git://github.com/js-cookie/js-cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70488910012821b59f09960a5a157016ebcf5f58044d160fc3a2e56932a8c43decd80917ce40a39e9ea1d15efba33caa8f48da92d789e18a83253f37d3e9551b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-cookie" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.0", + "bom-ref": "nopt@7.2.0", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0950edc02761608be703316827a349e9d5f7a206bdfc7c9c8900e71b5bd00e348b31e28b27803ddd9a98283ae0612af5141639fe13180bed950a2db8a60a6418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nopt" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ebf9a1d44daed98804b021dd634631e685beeb581953ed6f5daa221c7ae929eb9134d805bd2fbf8ebc07890841e5aa407f9a01ed407b135f689764762ca1fc85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/abbrev" + } + ] + }, + { + "type": "library", + "name": "babel__core", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__core@7.20.5", + "description": "TypeScript definitions for @babel/core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__core@7.20.5#types/babel__core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa8429ad9bf3e70405270303a9eb1e4575afdeba8cbe18296d715f5725a16f1f57e3b3ce200ea2ffe75779f12664aa0080e69375a22035232a30853ad72472cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__core" + } + ] + }, + { + "type": "library", + "name": "template", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/template@7.24.0", + "author": "The Babel Team", + "description": "Generate an AST from a string template.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/template@7.24.0#packages/babel-template", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20template%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0647f6abc94c074005a57d0d144a926f1d4e9131dfd1ffb48fcda6930f99a73067924edef50974f3dd6f95f822fa41f03a4f2d4238901e9aa1e0b6926b47ca10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/template" + } + ] + }, + { + "type": "library", + "name": "bs-logger", + "version": "0.2.6", + "bom-ref": "bs-logger@0.2.6", + "author": "Huafu Gandon", + "description": "Bare simple logger for NodeJS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bs-logger@0.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/huafu/bs-logger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/huafu/bs-logger#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/huafu/bs-logger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5df030a8c666e073b8723ca3afc6da8d7236283ac0013d075c0948c6a77778d95476097d4e46193603cee8aaabb9475924fbbea7b3166ea649b277e315b42a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bs-logger" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "2.2.3", + "bom-ref": "json5@2.2.3", + "author": "Aseem Kishore", + "description": "JSON for Humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@2.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e63967bb7b21d81f5e1c2dd54fa3283e18e1f7ad85fef8aa73af2949c125bdf2ddcd93e53c5ce97c15628e830b7375bf255c67facd8c035337873167f16acca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json5" + } + ] + }, + { + "type": "library", + "name": "lodash.memoize", + "version": "4.1.2", + "bom-ref": "lodash.memoize@4.1.2", + "author": "John-David Dalton", + "description": "The lodash method `_.memoize` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.memoize@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b8fe3739a09d0cd30185dcb0760b8229a5b4e5753171ed94e59fe868cbf4a8fc18ae45227c39268b71bdb3acf88bd5d7f0f3a34e3f7c219f2d5b3b6976f802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.memoize" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "3.26.9", + "bom-ref": "@oclif/core@3.26.9", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@3.26.9", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-3.26.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81e58c5deb60ec1eaa822bfeb42fc2221a94d1214e09f9fcc2a9f6cf462218139f9a81f37ade4a6968cf936eac8c05db27b7f3d03a7603f0186cd6ab94afa7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/core@3.26.9|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/core@3.26.9|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@oclif/core@3.26.9|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@oclif/core@3.26.9|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/sprintf-js" + } + ] + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "group": "@types", + "version": "3.11.5", + "bom-ref": "@types/cli-progress@3.11.5", + "description": "TypeScript definitions for cli-progress", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/cli-progress@3.11.5#types/cli-progress", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/cli-progress", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f83db3516ef88aca9a52e62bc11b214edbd3ce97248b980d87c94144e29e5019acc030cdc2c2429672f4e5f20bc4952bb1461e853ca2fc5e689d5fcef7a2ee2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/cli-progress" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.21.3", + "bom-ref": "type-fest@0.21.3", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.21.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b74af306af3b9b77d571db870d41612a6cb25fef5ea3a5908d9bdfe7511afccd10efe4f7ef8269d5a522c9497418ac69f0cfce113547483be69323e0bd7f97db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-fest" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "cardinal", + "version": "2.1.1", + "bom-ref": "cardinal@2.1.1", + "author": "Thorsten Lorenz", + "description": "Syntax highlights JavaScript code with ANSI colors to be printed to the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cardinal@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/cardinal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/cardinal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/cardinal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "252af978e8281329ad607063356ca3acca9eb7d026da68898657ca35da8ba7ace878087428de5d44073195e723e66009ae64289a088e063df9c472eb163a81a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cardinal" + } + ] + }, + { + "type": "library", + "name": "ansicolors", + "version": "0.3.2", + "bom-ref": "ansicolors@0.3.2", + "author": "Thorsten Lorenz", + "description": "Functions that surround a string with ansicolor codes so it prints in color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansicolors@0.3.2", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/ansicolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "417bbb04facfdbd565951c47f06c01ef1e625f9a9628000c2ea2901964de2d656534734ea55309f7576cc50008597a63b96e70aafc6edc977f9d18eb27ed29aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansicolors" + } + ] + }, + { + "type": "library", + "name": "redeyed", + "version": "2.1.1", + "bom-ref": "redeyed@2.1.1", + "author": "Thorsten Lorenz", + "description": "Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/redeyed@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/redeyed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/redeyed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/redeyed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14da461a8d43c9c600767aca17108c98a620a3f9882c0aad4586e47500fc129fc79363d0e7e684004c7e214ef5dd14c39ae05a1f473c3f9668ceeacdbb939b45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/redeyed" + } + ] + }, + { + "type": "library", + "name": "esprima", + "version": "4.0.1", + "bom-ref": "esprima@4.0.1", + "author": "Ariya Hidayat", + "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esprima@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jquery/esprima.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://esprima.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jquery/esprima/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esprima" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "4.0.0", + "bom-ref": "has-flag@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "3.0.1", + "bom-ref": "clean-stack@3.0.1", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "951f70362311715423481ddaef15c62eecf872be3026eb9795a0046d1bad1a8c104e6969ed1ef6fc33a0376d5ef237706e531697d50e24c2576ab5fde29cca76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-stack" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "4.0.0", + "bom-ref": "escape-string-regexp@4.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4eda5c349dd7033c771aaf2c591cc96956a346cd2e57103660091d6f58e6d9890fcf81ba7a05050320379f9bed10865e7cf93959ae145db2ae4b97ca90959d80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "version": "3.12.0", + "bom-ref": "cli-progress@3.12.0", + "author": "Andi Dittrich", + "description": "easy to use progress-bar for command-line/terminal applications", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-progress@3.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/npkgz/cli-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npkgz/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npkgz/cli-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b51915dc7275012c26d7d4c78a22c85cb3bb226ef0953b8a9ef918693932a003de7ea8cd83b5bb0c7294946471cbdbf10ef6f2098424428cefa6db8c9060a0f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-progress" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "4.2.3", + "bom-ref": "color@4.2.3", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6b5deb94522186af2921f8278176ee487bb389c229c28106346dcec6091c72e71547cbe9a86aa9292ff8ea42ad0cb5039e61caea133e1a6dce5fd0ab54ed6e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-string", + "version": "1.9.1", + "bom-ref": "color-string@1.9.1", + "author": "Heather Arthur", + "description": "Parser and generator for CSS color strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-string@1.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21ad56b0405a239d9bfac4ce346a7c780a4a033fe7d9b30fd97ab10cb16fe9cb3b116c4969b0bfc30555bbab7131c70bac74d5c8de55e9ba1119933b3ca7912" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-string" + } + ] + }, + { + "type": "library", + "name": "simple-swizzle", + "version": "0.2.2", + "bom-ref": "simple-swizzle@0.2.2", + "author": "Qix", + "description": "Simply swizzle your arguments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/simple-swizzle@0.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-simple-swizzle.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "240fff910819b5bb98f379bec53fad5c9926267706313153f82fa0da1d91f6ec64608ac4db2cbdb2099c2e10a7c39eff5920fe121dc9f7b14f1031676d79c352" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle" + } + ], + "components": [ + { + "type": "library", + "name": "is-arrayish", + "version": "0.3.2", + "bom-ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "79546a0af56565bbb0dc6acceb7a2f352340780d4ad7a91a47f2d163ff76c34cf1439ff5633c1b9545fae768b85ecf51c001a35bd77dcba5fcf2df0e68025f59" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle/node_modules/is-arrayish" + } + ] + } + ] + }, + { + "type": "library", + "name": "ejs", + "version": "3.1.10", + "bom-ref": "ejs@3.1.10", + "author": "Matthew Eernisse", + "description": "Embedded JavaScript templates", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ejs@3.1.10", + "externalReferences": [ + { + "url": "git://github.com/mde/ejs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/ejs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/ejs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51e26615f3ab0104bc38958f678aad807c961316b4f3cfccb4ae54132a091851faedc0c45e4652be23a2291099e178a3d33c48dc9102818b37a0ac7e022cd004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ejs" + } + ] + }, + { + "type": "library", + "name": "jake", + "version": "10.8.7", + "bom-ref": "jake@10.8.7", + "author": "Matthew Eernisse", + "description": "JavaScript build tool, similar to Make or Rake", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/jake@10.8.7", + "externalReferences": [ + { + "url": "git://github.com/jakejs/jake.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jakejs/jake#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jakejs/jake/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6438b768ff9f1bf2dc87207350cf34e158dd767c1f49fb1d798930b7c35c6ca46fa38ac592386ce39ea22c59f79366545af35ee22e3c5800836f36bc7e1ab6fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "jake@10.8.7|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "jake@10.8.7|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/brace-expansion" + } + ] + } + ] + }, + { + "type": "library", + "name": "async", + "version": "3.2.5", + "bom-ref": "async@3.2.5", + "author": "Caolan McMahon", + "description": "Higher-order functions and common patterns for asynchronous code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async@3.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/caolan/async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://caolan.github.io/async/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caolan/async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da359caa69a2e1c8b54a9bf0e5bdd5b4e7531280ee9bf1e55f21ece5f44e4fa96c458332e6ff0427b445b8ccecad55bbab0c4af426500b12974e170bc4acbb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async" + } + ] + }, + { + "type": "library", + "name": "filelist", + "version": "1.0.4", + "bom-ref": "filelist@1.0.4", + "author": "Matthew Eernisse", + "description": "Lazy-evaluating list of files, based on globs or regex patterns", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/filelist@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/mde/filelist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/filelist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/filelist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c35704b9fdd2f83acb0902fb113ea4cfe82694975babd27bc970928cafce6423c0faa10dd56c85e1901fd186096b8fec84726b6b6b7f77fafc495e098bec7ef1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "5.1.6", + "bom-ref": "filelist@1.0.4|minimatch@5.1.6", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.1.6", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94ac15ff56eba46ea6054147b5becd526b400426f65996669b6c0d88e0398406fc55d092e01dddb4c5b2bdca1589c730016fc23844635cbb74ccfd735d4376ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist/node_modules/minimatch" + } + ] + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/balanced-match" + } + ] + }, + { + "type": "library", + "name": "concat-map", + "version": "0.0.1", + "bom-ref": "concat-map@0.0.1", + "author": "James Halliday", + "description": "concatenative mapdashery", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "externalReferences": [ + { + "url": "git://github.com/substack/node-concat-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-concat-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-concat-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/concat-map" + } + ] + }, + { + "type": "library", + "name": "get-package-type", + "version": "0.1.0", + "bom-ref": "get-package-type@0.1.0", + "author": "Corey Farrell", + "description": "Determine the `package.json#type` which applies to a location", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-package-type@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/cfware/get-package-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cfware/get-package-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cfware/get-package-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cee2ad63ae0661f5a2ccd009d1fafd56ab6d6643622b6892e37d0bb481f38c112be9b5fc026db39b8b16e11a39c23596e5c02544bd6a00c4dc5db8cd00ed9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-package-type" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "11.1.0", + "bom-ref": "globby@11.1.0", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e121768ecf2d6c6fc232a1c6abb964a7d538e69c156cf00ca1732f37ae6c4d27cab6b96282023dc29c963e2a91925c2b9e00f7348b4e6456f54ab4fd6df52de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globby" + } + ] + }, + { + "type": "library", + "name": "array-union", + "version": "2.1.0", + "bom-ref": "array-union@2.1.0", + "author": "Sindre Sorhus", + "description": "Create an array of unique values, in order, from the input arrays", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-union@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/array-union.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/array-union#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/array-union/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1c6cb1a0e4d853208ceacb547ba1098277781287b0008ef331d7ea3be9068e79599810f3fdc479a5ff2bfdc4785aaeb4b0bfe9d0891c8d41043f04b7185ac8cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-union" + } + ] + }, + { + "type": "library", + "name": "dir-glob", + "version": "3.0.1", + "bom-ref": "dir-glob@3.0.1", + "author": "Kevin Mårtensson", + "description": "Convert directories to glob compatible strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dir-glob@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/dir-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/dir-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/dir-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a4ad6a7d191e0a5df28663338b993b86562d545857f0b37efb9fd71ce79fed6fa0eeab217aa5c43901b88712c85a0e963dbfaa1a4abd9708389d1a633077320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dir-glob" + } + ] + }, + { + "type": "library", + "name": "path-type", + "version": "4.0.0", + "bom-ref": "path-type@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-type@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-type" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "5.3.1", + "bom-ref": "ignore@5.3.1", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@5.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45cadcff22b68c8eaa707dddf891edbc3d354c8d98c91b630f9f9b7b384e1e50250d7fc0406bb6f95944bdfd0bebea6c0e412ecc93abddb0c9e8e617be4fc5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ignore" + } + ] + }, + { + "type": "library", + "name": "hyperlinker", + "version": "1.0.0", + "bom-ref": "hyperlinker@1.0.0", + "author": "James Talmage", + "description": "Write hyperlinks in the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hyperlinker@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/hyperlinker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f2f146e545614471f4ae21a6a3337e0b74f5c885bb356a3117fc104fbf6e09f9e9d255a11563adf143a9533bd551612e4b028821206d080c9fa9f883f329441" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hyperlinker" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11d0c366ee00d8ec882bb2ebff6cc6fb0e6399bba4d435419c4c11110bc1ceca412640846d16bc1b153596085871a1890a745689b8c35e5abbefd5f5ff2e71c2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/indent-string" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "2.2.0", + "bom-ref": "is-wsl@2.2.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cacc0adad2b18951407018180d90766e4e865c9fe4ed5c7a5e0a09a430930c631d6c40361a092ca32414826b69c7d431a6eecde7d68067a21a154c168decbc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "2.2.1", + "bom-ref": "is-docker@2.2.1", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17e8b604ab05ac7eba89a505734c280fcb0bcbc81eb64c13c2d3818efb39e82c780a024378a41ea9fcfcc0062249bf093a9ad68471f9a7becf6e6602bef52e5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "natural-orderby", + "version": "2.0.3", + "bom-ref": "natural-orderby@2.0.3", + "author": "Olaf Ennen", + "description": "Lightweight and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-orderby@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/yobacca/natural-orderby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yobacca.github.io/natural-orderby", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yobacca/natural-orderby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7b2931f1534094adc3977bad997eb6f9675de72ef3e149647fb28de416e954414d2c814965d99d0bc29b0b377e7578e383fa1446bbf17583eeb10df3de0fef9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-orderby" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "1.1.33", + "bom-ref": "object-treeify@1.1.33", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@1.1.33", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1055630187f35aa5ac04c4473cc0172c20c8267a4c85d580a91ef11ba33a6b672ce8f305a65ffe676d30f730d6e2f9313857dd75e8012aaf517a17746f1584ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "password-prompt", + "version": "1.1.3", + "bom-ref": "password-prompt@1.1.3", + "author": "Jeff Dickey @jdxcode", + "description": "cross-platform masked or hidden prompt", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/password-prompt@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/password-prompt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e4ae31b668996f174b7604c1f47b62c1fc41dfdcb72addf34ccf2e066077106e502f3a5f904238b52f1ed644132aa552bca7e291edb0a0ee8a80317b5d82acb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/password-prompt" + } + ] + }, + { + "type": "library", + "name": "slice-ansi", + "version": "4.0.0", + "bom-ref": "slice-ansi@4.0.0", + "description": "Slice a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slice-ansi@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/slice-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/slice-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/slice-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8c08c7e1634e347151d3e372bd045ca0a986d43c564a1ce83b2bbde6b5358945bf29c8fddfcdfe08c5de52cdd10943a311520fd606738bc60859b4a2aeac435" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slice-ansi" + } + ] + }, + { + "type": "library", + "name": "astral-regex", + "version": "2.0.0", + "bom-ref": "astral-regex@2.0.0", + "author": "Kevin Mårtensson", + "description": "Regular expression for matching astral symbols", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/astral-regex@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/astral-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/astral-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/astral-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67bb4cc35cad4d7b798ea31c38ff8e42d794d55b8d2bd634daeb89b4a4354afebd8d740a2a0e5c89b2f0189a30f32cd93fe780735f0498b18f6a5d1ba77eabbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/astral-regex" + } + ] + }, + { + "type": "library", + "name": "widest-line", + "version": "3.1.0", + "bom-ref": "widest-line@3.1.0", + "author": "Sindre Sorhus", + "description": "Get the visual width of the widest line in a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/widest-line@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/widest-line.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36c9a85da96c5950cc1aea71679474f246bd7e56638e22ef1d501660e2ad88a33cba3b595abf5c45f7da93eb92138f3e39bf0e6da957a70c9e522c830fa40582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/widest-line" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "plugin-help", + "group": "@oclif", + "version": "6.1.0", + "bom-ref": "@oclif/plugin-help@6.1.0", + "author": "Salesforce", + "description": "Standard help for oclif.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-help@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-help.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-help", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-help/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53e2cd28a69906ba07aa848622961b42691397c696d0d25c3bdb6bd3dd4b24e67be22a840e2ba97c14c232e9255bdb9365d585600a6a4e6b210ee07f238d63c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.13", + "bom-ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.13", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba0f02654089a6181eb5265581de07420c9ec256151861b52c87855c6c63818b2367f7f92379d20a3ef1a403040ea8d50ff970992ba3b55c1aeedbc480b1880b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-9.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54bfa536b128217c30d5ca0b3ce9a21262bfd2c1a2824a3908ec48d3d2b31dcd9525726c437ed4690fbcaaebb18c3780efe2a72c64d647239748b2d1d966f88f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "ansis", + "version": "3.2.0", + "bom-ref": "ansis@3.2.0", + "author": "webdiscus", + "description": "Colorize terminal with ANSI colors & styles", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ansis@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/webdiscus/ansis.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/webdiscus/ansis", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/webdiscus/ansis/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansis/-/ansis-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "624dc19071fd53ba0fc8237780be5373b0a96a11bff9416fffa506d370b7d75572f65cd1980e6ea310d3a54f423b7ac61cbe8acc9cffa5d0de5d9099e4cbbf4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansis" + } + ] + }, + { + "type": "library", + "name": "cli-spinners", + "version": "2.9.2", + "bom-ref": "cli-spinners@2.9.2", + "author": "Sindre Sorhus", + "description": "Spinners for use in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-spinners@2.9.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-spinners.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb0a95fb9326c8be04ef26d780acace03ba065b5f4142e8b9f0ae18eeca42239caf64f0e41a710edac462a78c35d63619ecd31a2dddb648e61e791fcca8f5c26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-spinners" + } + ] + }, + { + "type": "library", + "name": "cosmiconfig", + "version": "9.0.0", + "bom-ref": "cosmiconfig@9.0.0", + "author": "Daniel Fischer", + "description": "Find and load configuration from a package.json property, rc file, TypeScript module, and more!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cosmiconfig@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/cosmiconfig/cosmiconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8adbcbe61f1111300298e4c573851f23207645f1078bbd40c7a13f3e2bd5c6af4db1e29b396a5ec8710e21b980c35aecf0093456eaec40dc30ee57fb62d530ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cosmiconfig" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa1d6590b2a164c4d88e8835544a49346ecd64959cb9cd830e4feab2a49345108e5e22e3790d5dd7fb9dad41a1a8cc5480097028d67471fdaea9a9f918bb92d8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/env-paths" + } + ] + }, + { + "type": "library", + "name": "import-fresh", + "version": "3.3.0", + "bom-ref": "import-fresh@3.3.0", + "author": "Sindre Sorhus", + "description": "Import a module while bypassing the cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-fresh@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bde6188506be0f54012b39ef8541f16fc7dac65af0527c6c78301b029e39ec4d302cd8a8d9b3922a78d80e1323f98880abad71acc1a1424f625d593917381033" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-fresh" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "4.1.0", + "bom-ref": "js-yaml@4.1.0", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c29c59b3d368c596891122462194f20c4698a65d0529203e141f5a262c9e98a84cc24c5083ade1e13d4a2605061e94ea3c33517269982ee82b46326506d5af44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "error-ex", + "version": "1.3.2", + "bom-ref": "error-ex@1.3.2", + "description": "Easy error subclassing and stack customization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-error-ex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/error-ex" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "2.3.1", + "bom-ref": "json-parse-even-better-errors@2.3.1", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c72170ca1ae8fc91287fa1a17b68b3d8d717a23dac96836c5abfd7b044432bfa223c27da36197938d7e9fa341d01945043420958dcc7f7321917b962f75921db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-parse-even-better-errors" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "5.1.6", + "bom-ref": "typescript@5.1.6", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@5.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cda582a33459e832c4580585ad50f3d47e85557cd449f4f2e4550c5ac42553c626e493fd78ee31913211385090be141feb5cfa3bf1baba0c374a0027bef9be1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-plugins", + "group": "@oclif", + "version": "5.2.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2", + "author": "Salesforce", + "description": "plugins plugin for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-plugins@5.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-plugins.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-plugins/-/plugin-plugins-5.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "054027977f9f374f1c7fb2ea9cb851bf991cf8758e2f3dd32eadedf407f6e5af100a9c5804a6339f283152ba08e744ccd34dbe8b49af8e4b518e0d9b1fd791ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "206374200c26843270cb5dd673c93ee0f11b4cf86926732d7d1e7765b3b28e4be611c2d2e270b0a7a9af3168d2e6c5237a25b79a9c7a7079ae84a12ef5799c43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-package-arg" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83cf8e9d4fcbdaffb0ca254af83e5f037e09ec41fc8d9f030e5bf085108cc66323ed4081bf188ed6619e37edfa25720a178cdebd4e2444177c955806f6f2de94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/proc-log" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a69c13b62259ab43bf6a2d33ef27ee76d069588a3133cc84ea71e2d57e3b785476116391a9f6eee829cf94db2378debcdde4f4a86e87fcfc9ff5f09cbe39e79d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path" + } + ], + "components": [ + { + "type": "library", + "name": "path-key", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85a444ca9abbc6433b12b7e0232034cfe063e0018a94c49d9501368ef268ea1b960f511d90a615f86fd3e27ab4604176be04d3f24a8c14aa35b879fde74af849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path/node_modules/path-key" + } + ] + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63ab60e6b1dfb1e7d291f2ae8efd92c07ba522744ecbfac22f9178c3440e5b1badf009f16317f46263614e1f7965fcb1a6cb9da3aeaeaa4bb1d000859f231281" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5698c846f4ec33f16022a12b3a65096049b6fc5971932b2fee1492b4d22471cfc99538998613bf7a9a39eefb1fb10e0cb492a2901414073a5bc538caabec72" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2e907fe7807eff627986a43b8a66477dd537d4e96042ac7b6627159649bd93383dff0f0628b11c15f265fedec30840ee78ec81003eb3082c133ba173b3436811" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "yarn", + "version": "1.22.22", + "bom-ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22", + "description": "📦🐈 Fast, reliable, and secure dependency management.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/yarn@1.22.22", + "externalReferences": [ + { + "url": "git+https://github.com/yarnpkg/yarn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yarnpkg/yarn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yarnpkg/yarn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/yarn" + } + ] + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6e519014293e66f19cefb3bd975b2dc7b6f55b4d6963444eba70feb46f127302a7f60e0202a3b9584d8d881d498b9cda6362fc396ef9a81ef3dcd103b66badb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info" + } + ], + "components": [ + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "hosted-git-info@7.0.2|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f61a77569dbf845414888c0aa3c5c2785567ae0f0f9374d834f211eed2400ca8b961f705eef11a2bb6af1474e54b2de438a61a25069a95f128e98b9775c78139" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info/node_modules/lru-cache" + } + ] + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3a58cbad0f5241d394a93690c6a2f97447d95ab5c4c72c96b28cd89405856b03d536e0fcde2825eee243d914e434c6e7888620b7c97cd5e08918875017b6af2d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-name" + } + ] + }, + { + "type": "library", + "name": "npm", + "version": "10.8.0", + "bom-ref": "npm@10.8.0", + "author": "GitHub Inc.", + "description": "a package manager for JavaScript", + "licenses": [ + { + "license": { + "id": "Artistic-2.0" + } + } + ], + "purl": "pkg:npm/npm@10.8.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://docs.npmjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm/-/npm-10.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c21f77b91733829ec70e73cc88b5dc0a4bf685a81d252d3327d293ff7d5dd05a173f4dbeaa037600ec29696f397f14569229e5dab10b7cfc3e0a30575b8f3f8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm" + } + ], + "components": [ + { + "type": "library", + "name": "string-locale-compare", + "group": "@isaacs", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "author": "Isaac Z. Schlueter", + "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/string-locale-compare@1.1.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/string-locale-compare.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/string-locale-compare.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/string-locale-compare" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arborist", + "group": "@npmcli", + "version": "7.5.2", + "bom-ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "author": "GitHub Inc.", + "description": "Manage node_modules trees", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/arborist@7.5.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/arborist", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/arborist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/arborist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs", + "group": "@npmcli", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "author": "GitHub Inc.", + "description": "filesystem utilities for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/fs@3.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "installed-package-contents", + "group": "@npmcli", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "author": "GitHub Inc.", + "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/installed-package-contents@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/installed-package-contents.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/installed-package-contents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/installed-package-contents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/installed-package-contents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/installed-package-contents" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-bundled", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-bundled@3.0.1", + "author": "GitHub Inc.", + "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-bundled@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-bundled.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-bundled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-bundled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-bundled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-bundled" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-normalize-package-bin", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "author": "GitHub Inc.", + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-normalize-package-bin@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-normalize-package-bin.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-normalize-package-bin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-normalize-package-bin" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "map-workspaces", + "group": "@npmcli", + "version": "3.0.6", + "bom-ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "author": "GitHub Inc.", + "description": "Retrieves a name:pathname Map for a given workspaces config", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/map-workspaces@3.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/map-workspaces.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/map-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/map-workspaces#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/map-workspaces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/map-workspaces" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "metavuln-calculator", + "group": "@npmcli", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "author": "GitHub Inc.", + "description": "Calculate meta-vulnerabilities from package security advisories", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/metavuln-calculator@7.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/metavuln-calculator.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/metavuln-calculator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/metavuln-calculator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacache", + "version": "18.0.3", + "bom-ref": "npm@10.8.0|cacache@18.0.3", + "author": "GitHub Inc.", + "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cacache@18.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cacache.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cacache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cacache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cacache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cacache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "author": "GitHub Inc.", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/json-parse-even-better-errors.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-parse-even-better-errors" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pacote", + "version": "18.0.6", + "bom-ref": "npm@10.8.0|pacote@18.0.6", + "author": "GitHub Inc.", + "description": "JavaScript package downloader", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/pacote@18.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/pacote.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/pacote.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/pacote#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/pacote/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/pacote" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "npm@10.8.0|semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/semver" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "name-from-folder", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "author": "GitHub Inc.", + "description": "Get the package name from a folder path", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/name-from-folder@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/name-from-folder.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/name-from-folder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/name-from-folder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/name-from-folder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/name-from-folder" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "group": "@npmcli", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "author": "GitHub Inc.", + "description": "Tools for dealing with node-gyp packages", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/node-gyp@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-gyp.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "package-json", + "group": "@npmcli", + "version": "5.1.0", + "bom-ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "author": "GitHub Inc.", + "description": "Programmatic API to update package.json", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/package-json@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "query", + "group": "@npmcli", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|@npmcli/query@3.1.0", + "author": "GitHub Inc.", + "description": "npm query parser and tools", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/query@3.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/query.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/query.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/query#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/query/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/query" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16?vcs_url=git%2Bhttps%3A//github.com/postcss/postcss-selector-parser.git", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/postcss-selector-parser" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/cssesc.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cssesc" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2?vcs_url=git%3A//github.com/TooTallNate/util-deprecate.git", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/util-deprecate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "redact", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/redact@2.0.0", + "author": "GitHub Inc.", + "description": "Redact sensitive npm information from output", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/redact@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/redact.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/redact.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/redact#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/redact/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/redact" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "run-script", + "group": "@npmcli", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "author": "GitHub Inc.", + "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/run-script@8.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/run-script.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/run-script.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/run-script#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/run-script/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/run-script" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bin-links", + "version": "4.0.4", + "bom-ref": "npm@10.8.0|bin-links@4.0.4", + "author": "GitHub Inc.", + "description": "JavaScript package binary linker", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/bin-links@4.0.4?vcs_url=git%2Bhttps%3A//github.com/npm/bin-links.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/bin-links.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/bin-links#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/bin-links/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/bin-links" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cmd-shim", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|cmd-shim@6.0.3", + "author": "GitHub Inc.", + "description": "Used in npm for command line application support", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cmd-shim@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-cmd-shim", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|read-cmd-shim@4.0.0", + "author": "GitHub Inc.", + "description": "Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-cmd-shim@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/read-cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|write-file-atomic@5.0.1", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/write-file-atomic.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/write-file-atomic" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "common-ancestor-path", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|common-ancestor-path@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Find the common ancestor of 2 or more paths on Windows or Unix", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/common-ancestor-path@1.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/common-ancestor-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/common-ancestor-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/common-ancestor-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-nice", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|json-stringify-nice@1.1.4", + "author": "Isaac Z. Schlueter", + "description": "Stringify an object sorting scalars before objects, and defaulting to 2-space indent", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-nice@1.1.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/json-stringify-nice.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/json-stringify-nice.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-stringify-nice" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "npm@10.8.0|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2?vcs_url=git%3A//github.com/isaacs/node-lru-cache.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/lru-cache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "npm@10.8.0|minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4?vcs_url=git%3A//github.com/isaacs/minimatch.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.1", + "bom-ref": "npm@10.8.0|nopt@7.2.1", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.1?vcs_url=git%2Bhttps%3A//github.com/npm/nopt.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/nopt" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-install-checks", + "version": "6.3.0", + "bom-ref": "npm@10.8.0|npm-install-checks@6.3.0", + "author": "GitHub Inc.", + "description": "Check the engines and platform fields in package.json", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-install-checks@6.3.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-install-checks.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-install-checks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-install-checks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-install-checks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-install-checks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "npm@10.8.0|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-package-arg.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-package-arg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-pick-manifest", + "version": "9.0.1", + "bom-ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "author": "GitHub Inc.", + "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-pick-manifest@9.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-pick-manifest.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-pick-manifest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-pick-manifest" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-registry-fetch", + "version": "17.0.1", + "bom-ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "author": "GitHub Inc.", + "description": "Fetch-based http client for use with npm registry APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-registry-fetch@17.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-registry-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-registry-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-registry-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parse-conflict-json", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "author": "GitHub Inc.", + "description": "Parse a JSON string that has git merge conflicts, resolving if possible", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/parse-conflict-json@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/parse-conflict-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/parse-conflict-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/parse-conflict-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proggy", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|proggy@2.0.0", + "author": "GitHub Inc.", + "description": "Progress bar updates at a distance", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proggy@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proggy.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proggy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proggy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proggy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proggy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-all-reject-late", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-all-reject-late@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like Promise.all, but save rejections until all promises are resolved", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-all-reject-late@1.0.1", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-all-reject-late" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-call-limit", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|promise-call-limit@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-call-limit@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/promise-call-limit.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/promise-call-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-call-limit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-package-json-fast", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "author": "GitHub Inc.", + "description": "Like read-package-json, but faster", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-package-json-fast@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/read-package-json-fast.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-package-json-fast.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-package-json-fast" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ssri", + "version": "10.0.6", + "bom-ref": "npm@10.8.0|ssri@10.0.6", + "author": "GitHub Inc.", + "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ssri@10.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/ssri.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ssri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ssri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ssri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ssri" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "treeverse", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|treeverse@3.0.0", + "author": "GitHub Inc.", + "description": "Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/treeverse@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/treeverse.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/treeverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/treeverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/treeverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/treeverse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "walk-up-path", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|walk-up-path@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Given a path string, return a generator that walks up the path, emitting each dirname.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/walk-up-path@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/walk-up-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/walk-up-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/walk-up-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config", + "group": "@npmcli", + "version": "8.3.2", + "bom-ref": "npm@10.8.0|@npmcli/config@8.3.2", + "author": "GitHub Inc.", + "description": "Configuration management for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/config@8.3.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/config", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/config" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0?vcs_url=git%2Bhttps%3A//github.com/watson/ci-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "4.1.2", + "bom-ref": "npm@10.8.0|ini@4.1.2", + "author": "GitHub Inc.", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@4.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/ini.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ini" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.15", + "bom-ref": "npm@10.8.0|glob@10.3.15", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.15?vcs_url=git%3A//github.com/isaacs/node-glob.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/glob" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git", + "group": "@npmcli", + "version": "5.0.7", + "bom-ref": "npm@10.8.0|@npmcli/git@5.0.7", + "author": "GitHub Inc.", + "description": "a util for spawning git from npm CLI contexts", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/git@5.0.7?vcs_url=git%2Bhttps%3A//github.com/npm/git.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/git.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/git#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/git/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/git" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-spawn", + "group": "@npmcli", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "author": "GitHub Inc.", + "description": "spawn processes the way the npm cli likes to do", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/promise-spawn@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promise-spawn.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promise-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promise-spawn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promise-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/promise-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-inflight", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-inflight@1.0.1", + "author": "Rebecca Turner", + "description": "One promise for multiple requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-inflight@1.0.1?vcs_url=git%2Bhttps%3A//github.com/iarna/promise-inflight.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/promise-inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/promise-inflight#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/promise-inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-inflight" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-retry", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|promise-retry@2.0.1", + "author": "IndigoUnited", + "description": "Retries a function that returns a promise, leveraging the power of the retry module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/promise-retry@2.0.1?vcs_url=git%3A//github.com/IndigoUnited/node-promise-retry.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/node-promise-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-which.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/normalize-package-data.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "version": "10.1.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0", + "author": "Nathan Rajlich", + "description": "Node.js native addon build tool", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-gyp@10.1.0?vcs_url=git%3A//github.com/nodejs/node-gyp.git", + "externalReferences": [ + { + "url": "git://github.com/nodejs/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "proc-log", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "tuf", + "group": "@sigstore", + "version": "2.3.3", + "bom-ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "author": "bdehamer@github.com", + "description": "Client for the Sigstore TUF repository", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/tuf@2.3.3?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/tuf" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "protobuf-specs", + "group": "@sigstore", + "version": "0.3.2", + "bom-ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/protobuf-specs@0.3.2?vcs_url=git%2Bhttps%3A//github.com/sigstore/protobuf-specs.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/protobuf-specs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/protobuf-specs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tuf-js", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|tuf-js@2.2.1", + "author": "bdehamer@github.com", + "description": "JavaScript implementation of The Update Framework (TUF)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tuf-js@2.2.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tuf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "models", + "group": "@tufjs", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|@tufjs/models@2.0.1", + "author": "bdehamer@github.com", + "description": "TUF metadata models", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/models@2.0.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/models" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "canonical-json", + "group": "@tufjs", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "author": "bdehamer@github.com", + "description": "OLPC JSON canonicalization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/canonical-json@2.0.0?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/canonical-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/canonical-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "npm@10.8.0|debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4?vcs_url=git%3A//github.com/debug-js/debug.git", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2?vcs_url=git%2Bhttps%3A//github.com/zeit/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "make-fetch-happen", + "version": "13.0.1", + "bom-ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "author": "GitHub Inc.", + "description": "Opinionated, caching, retrying fetch client", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-fetch-happen@13.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/make-fetch-happen.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/make-fetch-happen.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/make-fetch-happen" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/abbrev-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/abbrev" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "archy", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|archy@1.0.0", + "author": "James Halliday", + "description": "render nested hierarchies `npm ls` style with unicode pipes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/archy@1.0.0?vcs_url=git%2Bssh%3A//git%40github.com/substack/node-archy.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/substack/node-archy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-archy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-archy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/archy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "3.0.3", + "bom-ref": "npm@10.8.0|fs-minipass@3.0.3", + "author": "GitHub Inc.", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@3.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-collect", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|minipass-collect@2.0.1", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that collects all the data into a single chunk", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-collect@2.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-collect.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-collect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-collect" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|minipass@7.1.1", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-flush", + "version": "1.0.5", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that calls a flush function before emitting 'end'", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-flush@1.0.5?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-flush.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-flush.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|yallist@4.0.0", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@4.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/yallist.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/yallist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-pipeline", + "version": "1.2.4", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "create a pipeline of streams using Minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-pipeline@1.2.4", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "p-map", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|p-map@4.0.0", + "author": "Sindre Sorhus", + "description": "Map over promises concurrently", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-map@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/p-map.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/p-map" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tar", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|tar@6.2.1", + "author": "GitHub Inc.", + "description": "tar for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/tar@6.2.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-tar.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-tar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-tar#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-tar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fs-minipass", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "author": "Isaac Z. Schlueter", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@5.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "unique-filename", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|unique-filename@3.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique filename for use in temporary directories or caches.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-filename@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-filename.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-filename.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/unique-filename", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/unique-filename/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-filename" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "unique-slug", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|unique-slug@4.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique character string suitible for use in files and URLs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-slug@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-slug.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-slug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/unique-slug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/unique-slug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-slug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "npm@10.8.0|imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4?vcs_url=git%2Bhttps%3A//github.com/jensyt/imurmurhash-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/imurmurhash" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "5.3.0", + "bom-ref": "npm@10.8.0|chalk@5.3.0", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@5.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/chalk.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chalk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cli-columns", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|cli-columns@4.0.0", + "author": "Shannon Moeller", + "description": "Columnated lists for the CLI.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-columns@4.0.0?vcs_url=git%2Bhttps%3A//github.com/shannonmoeller/cli-columns.git", + "externalReferences": [ + { + "url": "git+https://github.com/shannonmoeller/cli-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cli-columns" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "npm@10.8.0|string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "npm@10.8.0|emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-fullwidth-code-point" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "npm@10.8.0|fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16?vcs_url=git%2Bhttps%3A//github.com/ka-weihe/fastest-levenshtein.git", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1?vcs_url=git%2Bhttps%3A//github.com/tapjs/foreground-child.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/foreground-child" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3?vcs_url=git%2Bssh%3A//git%40github.com/moxystudio/node-cross-spawn.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2?vcs_url=git%3A//github.com/isaacs/node-which.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-key.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-key" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0?vcs_url=git%2Bhttps%3A//github.com/kevva/shebang-command.git", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-command" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/shebang-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "npm@10.8.0|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0?vcs_url=git%2Bhttps%3A//github.com/tapjs/signal-exit.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "npm@10.8.0|jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/jackspeak.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jackspeak" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2?vcs_url=git%2Bhttps%3A//github.com/yargs/cliui.git", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0?vcs_url=git%3A//github.com/komagata/eastasianwidth.git", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/eastasianwidth" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1?vcs_url=git%2Bhttps%3A//github.com/Qix-/color-convert.git", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-convert" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4?vcs_url=git%2Bssh%3A//git%40github.com/colorjs/color-name.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0?vcs_url=git%2Bssh%3A//git%40github.com/pkgjs/parseargs.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@pkgjs/parseargs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.11.1", + "bom-ref": "npm@10.8.0|path-scurry@1.11.1", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.11.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/path-scurry.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-scurry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "npm@10.8.0|graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/graceful-fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "init-package-json", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|init-package-json@6.0.3", + "author": "GitHub Inc.", + "description": "A node module to get your node module started", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/init-package-json@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/init-package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/init-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/init-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/init-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/init-package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promzard", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|promzard@1.0.2", + "author": "GitHub Inc.", + "description": "prompting wizardly", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promzard@1.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promzard.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promzard.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promzard#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promzard/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promzard" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|read@3.0.1", + "author": "GitHub Inc.", + "description": "read(1) for node programs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/read.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-correct.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "npm@10.8.0|spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "npm@10.8.0|spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-license-ids.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/validate-npm-package-name.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-cidr", + "version": "5.0.5", + "bom-ref": "npm@10.8.0|is-cidr@5.0.5", + "author": "silverwind", + "description": "Check if a string is an IP address in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/is-cidr@5.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/is-cidr.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/is-cidr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/is-cidr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/is-cidr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-cidr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cidr-regex", + "version": "4.0.5", + "bom-ref": "npm@10.8.0|cidr-regex@4.0.5", + "author": "silverwind", + "description": "Regular expression for matching IP addresses in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/cidr-regex@4.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/cidr-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/cidr-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cidr-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-regex", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|ip-regex@5.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching IP addresses (IPv4 & IPv6)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-regex@5.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ip-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ip-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmaccess", + "version": "8.0.6", + "bom-ref": "npm@10.8.0|libnpmaccess@8.0.6", + "author": "GitHub Inc.", + "description": "programmatic library for `npm access` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmaccess@8.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmaccess", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmaccess", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmaccess", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmaccess/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmaccess" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmdiff", + "version": "6.1.2", + "bom-ref": "npm@10.8.0|libnpmdiff@6.1.2", + "author": "GitHub Inc.", + "description": "The registry diff", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmdiff@6.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmdiff", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmdiff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmdiff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/binary-extensions.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/binary-extensions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "npm@10.8.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0?vcs_url=git%3A//github.com/kpdecker/jsdiff.git", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmexec", + "version": "8.1.1", + "bom-ref": "npm@10.8.0|libnpmexec@8.1.1", + "author": "GitHub Inc.", + "description": "npm exec (npx) programmatic API", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmexec@8.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmexec", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmexec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmexec" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmfund", + "version": "5.0.10", + "bom-ref": "npm@10.8.0|libnpmfund@5.0.10", + "author": "GitHub Inc.", + "description": "Programmatic API for npm fund", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmfund@5.0.10?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmfund", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmfund", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmfund" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmhook", + "version": "10.0.5", + "bom-ref": "npm@10.8.0|libnpmhook@10.0.5", + "author": "GitHub Inc.", + "description": "programmatic API for managing npm registry hooks", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmhook@10.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmhook", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmhook", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmhook" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aproba", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|aproba@2.0.0", + "author": "Rebecca Turner", + "description": "A ridiculously light-weight argument validator (now browser friendly)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/aproba@2.0.0?vcs_url=git%2Bhttps%3A//github.com/iarna/aproba.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/aproba.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/aproba", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/aproba/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aproba" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmorg", + "version": "6.0.6", + "bom-ref": "npm@10.8.0|libnpmorg@6.0.6", + "author": "GitHub Inc.", + "description": "Programmatic api for `npm org` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmorg@6.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmorg", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmorg", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmorg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmorg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmorg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpack", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|libnpmpack@7.0.2", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm pack", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpack@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpack", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmpack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpublish", + "version": "9.0.8", + "bom-ref": "npm@10.8.0|libnpmpublish@9.0.8", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm publish and unpublish", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpublish@9.0.8?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpublish", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpublish", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpublish", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpublish" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sigstore", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|sigstore@2.3.0", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/sigstore@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sigstore" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bundle", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore bundle type", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/bundle@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/bundle" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@sigstore", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@sigstore/core@1.1.0", + "author": "bdehamer@github.com", + "description": "Base library for Sigstore", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/core@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/core" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sign", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore signing library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/sign@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/sign" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "verify", + "group": "@sigstore", + "version": "1.2.0", + "bom-ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "author": "bdehamer@github.com", + "description": "Verification of Sigstore signatures", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/verify@1.2.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/verify" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmsearch", + "version": "7.0.5", + "bom-ref": "npm@10.8.0|libnpmsearch@7.0.5", + "author": "GitHub Inc.", + "description": "Programmatic API for searching in npm and compatible registries.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmsearch@7.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmsearch", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmsearch", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmsearch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmsearch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmsearch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmteam", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|libnpmteam@6.0.5", + "author": "GitHub Inc.", + "description": "npm Team management APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmteam@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmteam", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmteam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmteam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmteam" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmversion", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|libnpmversion@6.0.2", + "author": "GitHub Inc.", + "description": "library to do the things that 'npm version' does", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmversion@6.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmversion", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmversion", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmversion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent", + "group": "@npmcli", + "version": "2.2.2", + "bom-ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "author": "GitHub Inc.", + "description": "the http/https agent used by the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/agent@2.2.2?vcs_url=git%2Bhttps%3A//github.com/npm/agent.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent-base", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|agent-base@7.1.1", + "author": "Nathan Rajlich", + "description": "Turn a function into an `http.Agent` instance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/agent-base@7.1.1?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/agent-base" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-proxy-agent", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-proxy-agent@7.0.2?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "https-proxy-agent", + "version": "7.0.4", + "bom-ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/https-proxy-agent@7.0.4?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/https-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks-proxy-agent", + "version": "8.0.3", + "bom-ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "author": "Nathan Rajlich", + "description": "A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks-proxy-agent@8.0.3?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks", + "version": "2.8.3", + "bom-ref": "npm@10.8.0|socks@2.8.3", + "author": "Josh Glazebrook", + "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks@2.8.3?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/socks.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/socks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-address", + "version": "9.0.5", + "bom-ref": "npm@10.8.0|ip-address@9.0.5", + "author": "Beau Gunderson", + "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-address@9.0.5?vcs_url=git%3A//github.com/beaugunderson/ip-address.git", + "externalReferences": [ + { + "url": "git://github.com/beaugunderson/ip-address.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-address" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsbn", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|jsbn@1.1.0", + "author": "Tom Wu", + "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsbn@1.1.0?vcs_url=git%2Bhttps%3A//github.com/andyperlitch/jsbn.git", + "externalReferences": [ + { + "url": "git+https://github.com/andyperlitch/jsbn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsbn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.1.3", + "bom-ref": "npm@10.8.0|sprintf-js@1.1.3", + "author": "Alexandru Mărășteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.1.3?vcs_url=git%2Bhttps%3A//github.com/alexei/sprintf.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "smart-buffer", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|smart-buffer@4.2.0", + "author": "Josh Glazebrook", + "description": "smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/smart-buffer@4.2.0?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/smart-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/smart-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/smart-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "npm@10.8.0|http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1?vcs_url=git%2Bhttps%3A//github.com/kornelski/http-cache-semantics.git", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-lambda", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|is-lambda@1.0.1", + "author": "Thomas Watson Steen", + "description": "Detect if your code is running on an AWS Lambda server", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-lambda@1.0.1?vcs_url=git%2Bhttps%3A//github.com/watson/is-lambda.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/is-lambda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/is-lambda", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/is-lambda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-lambda" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-fetch", + "version": "3.0.5", + "bom-ref": "npm@10.8.0|minipass-fetch@3.0.5", + "author": "GitHub Inc.", + "description": "An implementation of window.fetch in Node.js using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-fetch@3.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "encoding", + "version": "0.1.13", + "bom-ref": "npm@10.8.0|encoding@0.1.13", + "author": "Andris Reinman", + "description": "Convert encodings, uses iconv-lite", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encoding@0.1.13?vcs_url=git%2Bhttps%3A//github.com/andris9/encoding.git", + "externalReferences": [ + { + "url": "git+https://github.com/andris9/encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andris9/encoding#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andris9/encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/encoding" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|iconv-lite@0.6.3", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.6.3?vcs_url=git%3A//github.com/ashtuchkin/iconv-lite.git", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/iconv-lite" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2?vcs_url=git%2Bhttps%3A//github.com/ChALkeR/safer-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/safer-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-sized", + "version": "1.0.3", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that raises an error if you get a different number of bytes than expected", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-sized@1.0.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-sized.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-sized.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "minizlib", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|minizlib@2.1.2", + "author": "Isaac Z. Schlueter", + "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minizlib@2.1.2?vcs_url=git%2Bhttps%3A//github.com/isaacs/minizlib.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minizlib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minizlib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minizlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3?vcs_url=git%2Bhttps%3A//github.com/jshttp/negotiator.git", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/negotiator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "err-code", + "version": "2.0.3", + "bom-ref": "npm@10.8.0|err-code@2.0.3", + "author": "IndigoUnited", + "description": "Create an error with a code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/err-code@2.0.3?vcs_url=git%3A//github.com/IndigoUnited/js-err-code.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/js-err-code.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/err-code" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|retry@0.12.0", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.12.0?vcs_url=git%3A//github.com/tim-kos/node-retry.git", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1?vcs_url=git%3A//github.com/juliangruber/brace-expansion.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2?vcs_url=git%3A//github.com/juliangruber/balanced-match.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/balanced-match" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "npm@10.8.0|ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3?vcs_url=git%2Bhttps%3A//github.com/vercel/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/env-paths.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/env-paths" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "exponential-backoff", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|exponential-backoff@3.1.1", + "author": "Sami Sayegh", + "description": "A utility that allows retrying a function with an exponential delay between attempts.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/exponential-backoff@3.1.1?vcs_url=git%2Bhttps%3A//github.com/coveo/exponential-backoff.git", + "externalReferences": [ + { + "url": "git+https://github.com/coveo/exponential-backoff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/exponential-backoff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "npm@10.8.0|is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1?vcs_url=git%2Bhttps%3A//github.com/inspect-js/is-core-module.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-core-module" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2?vcs_url=git%2Bhttps%3A//github.com/inspect-js/hasOwn.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hasown" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "npm@10.8.0|function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2?vcs_url=git%2Bhttps%3A//github.com/Raynos/function-bind.git", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/function-bind" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-audit-report", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|npm-audit-report@5.0.0", + "author": "GitHub Inc.", + "description": "Given a response from the npm security api, render it into a variety of security reports", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-audit-report@5.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-audit-report.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-audit-report.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-audit-report#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-audit-report/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-audit-report" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-profile", + "version": "10.0.0", + "bom-ref": "npm@10.8.0|npm-profile@10.0.0", + "author": "GitHub Inc.", + "description": "Library for updating an npmjs.com profile", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-profile@10.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-profile.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-profile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-profile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-profile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-profile" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-json-stream", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSONStream, but using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-json-stream@1.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-json-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-json-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "jsonparse", + "version": "1.3.1", + "bom-ref": "npm@10.8.0|jsonparse@1.3.1", + "author": "Tim Caswell", + "description": "This is a pure-js JSON streaming parser for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonparse@1.3.1?vcs_url=git%2Bssh%3A//git%40github.com/creationix/jsonparse.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/creationix/jsonparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/creationix/jsonparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/creationix/jsonparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsonparse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-user-validate", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|npm-user-validate@2.0.1", + "author": "GitHub Inc.", + "description": "User validations for npm", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-user-validate@2.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-user-validate.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-user-validate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-user-validate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-user-validate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-user-validate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aggregate-error", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|aggregate-error@3.1.0", + "author": "Sindre Sorhus", + "description": "Create an error from multiple errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/aggregate-error@3.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/aggregate-error.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/aggregate-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aggregate-error" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "2.2.0", + "bom-ref": "npm@10.8.0|clean-stack@2.2.0", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/clean-stack.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/clean-stack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/indent-string.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/indent-string" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-packlist", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|npm-packlist@8.0.2", + "author": "GitHub Inc.", + "description": "Get a list of the files to add from a folder into an npm package", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-packlist@8.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-packlist.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-packlist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-packlist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-packlist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-packlist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore-walk", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|ignore-walk@6.0.5", + "author": "GitHub Inc.", + "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ignore-walk@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/ignore-walk.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ignore-walk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ignore-walk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ignore-walk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ignore-walk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff-apply", + "version": "5.5.0", + "bom-ref": "npm@10.8.0|just-diff-apply@5.5.0", + "author": "Angus Croll", + "description": "Apply a diff to an object. Optionally supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff-apply@5.5.0?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff-apply" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|just-diff@6.0.2", + "author": "Angus Croll", + "description": "Return an object representing the diffs between two objects. Supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff@6.0.2?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "qrcode-terminal", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|qrcode-terminal@0.12.0", + "description": "QRCodes, in the terminal", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/qrcode-terminal@0.12.0?vcs_url=git%2Bhttps%3A//github.com/gtanner/qrcode-terminal.git", + "externalReferences": [ + { + "url": "git+https://github.com/gtanner/qrcode-terminal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/qrcode-terminal" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/mute-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@4.0.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "npm@10.8.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0?vcs_url=git%2Bhttps%3A//github.com/chalk/supports-color.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chownr", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|chownr@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "like `chown -R`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/chownr@2.0.0?vcs_url=git%3A//github.com/isaacs/chownr.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/chownr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/chownr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/chownr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chownr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "1.0.4", + "bom-ref": "npm@10.8.0|mkdirp@1.0.4", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@1.0.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-mkdirp.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0?vcs_url=git%3A//github.com/substack/text-table.git", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/text-table" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-relative-date", + "version": "1.3.0", + "bom-ref": "npm@10.8.0|tiny-relative-date@1.3.0", + "author": "Joseph Wynn", + "description": "Tiny function that provides relative, human-readable dates.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tiny-relative-date@1.3.0?vcs_url=git%2Bhttps%3A//github.com/wildlyinaccurate/relative-date.git", + "externalReferences": [ + { + "url": "git+https://github.com/wildlyinaccurate/relative-date.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tiny-relative-date" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-version", + "group": "@oclif", + "version": "2.2.2", + "bom-ref": "@oclif/plugin-version@2.2.2", + "author": "Salesforce", + "description": "A command that shows the CLI version", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-version@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-version.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-version", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-version/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-version/-/plugin-version-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1f8b742bb15567ea42c0b01cd3679965b18c816f58717f0b58c976317ccac5019f3eb98164b4e113621e6d1f4fbd10248c3af30a66d979625c0b1f7bb4767a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-version@2.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-warn-if-update-available", + "group": "@oclif", + "version": "3.1.4", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "author": "Salesforce", + "description": "warns if there is a newer version of CLI released", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-warn-if-update-available@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-warn-if-update-available.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-warn-if-update-available/-/plugin-warn-if-update-available-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c63eb3830bee105994ac76055c7a2a993a6f394b0482a5e2ca87fd3aa8e0955dd77813cdb109dbb96ff4f391c549606f2885500addb6b954556890b3de8ece0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "http-call", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "author": "Jeff Dickey @jdxcode", + "description": "make http requests", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/http-call@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/heroku/http-call.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heroku/http-call", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heroku/http-call/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-call/-/http-call-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a1c229ac0b6dc8084e243e5f714c18ca0788a76d169e2f265e46e9c2ff5272fd9e97f2dbf6d8c1008caf8a04e31254b6aa5cf4d399df3adfcc1a54828b1b1db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call" + } + ], + "components": [ + { + "type": "library", + "name": "parse-json", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call/node_modules/parse-json" + } + ] + } + ] + }, + { + "type": "library", + "name": "is-retry-allowed", + "version": "1.1.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "author": "Vsevolod Strukchinsky", + "description": "My prime module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-retry-allowed@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/is-retry-allowed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "11a060568b67339444033d0125a61a20d564fb34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/is-retry-allowed" + } + ] + }, + { + "type": "library", + "name": "json-parse-better-errors", + "version": "1.0.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-better-errors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/zkat/json-parse-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/json-parse-better-errors" + } + ] + }, + { + "type": "library", + "name": "tunnel-agent", + "version": "0.6.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "author": "Mikeal Rogers", + "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/tunnel-agent@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/mikeal/tunnel-agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/tunnel-agent" + } + ] + } + ] + }, + { + "type": "library", + "name": "content-type", + "version": "1.0.5", + "bom-ref": "content-type@1.0.5", + "author": "Douglas Christopher Wilson", + "description": "Create and parse HTTP Content-Type header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-type" + } + ] + }, + { + "type": "library", + "name": "is-stream", + "version": "2.0.1", + "bom-ref": "is-stream@2.0.1", + "author": "Sindre Sorhus", + "description": "Check if something is a Node.js stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-stream@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "845a222624e5eb79e7fa4b2d1c606d7b05922a740ba726f5e7928785e035977f6ebed3bd9d6228a75a77b9da8f71477fc5b17554b30ee27ece23aa7b45b9e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-stream" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf3d3a4bcb74a33a035cc1beb9b7b6eb37824cd5dc2883c96498bc841ac5e227422e6b38086f50b4aeea065d5ba22e4e0f31698ecc1be493e61c26cca63698ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.2.1", + "bom-ref": "safe-buffer@5.2.1", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "test", + "group": "@oclif", + "version": "3.2.15", + "bom-ref": "@oclif/test@3.2.15", + "author": "Salesforce", + "description": "test helpers for oclif components", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/test@3.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/test/-/test-3.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea1b7468b28ccdab24a4c525c89d4d765de736b0f48e92a6072437dd1598961b76bc0b1bb87673e2010be6b3e049b0e94b4267c4425487aa2c9550a38c1e15c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "version": "4.4.1", + "bom-ref": "chai@4.4.1", + "author": "Jake Luer", + "description": "BDD/TDD assertion library for node.js and the browser. Test framework agnostic.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chai@4.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/chai.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://chaijs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/chai/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d77b0e7ccbf6f8359db8453eff16ee9f72d270ba2a375ee705e4cb52c9837ca768882d5faf49fd3d4e20baee0085170e54593fb16f0bc99587ba15ad419885fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chai" + } + ] + }, + { + "type": "library", + "name": "fancy-test", + "version": "3.0.15", + "bom-ref": "fancy-test@3.0.15", + "author": "Salesforce", + "description": "extendable utilities for testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fancy-test@3.0.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/fancy-test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/fancy-test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/fancy-test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fancy-test/-/fancy-test-3.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91964574fcd55ad2b106498b2d47f1862cec78697565946e0a69ae0a4a35a2202cfd7fccbc4e000a6fef973bf17eee0e79bffb309f2154ff2b522566dd1ef6f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fancy-test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "group": "@types", + "version": "4.3.14", + "bom-ref": "@types/chai@4.3.14", + "description": "TypeScript definitions for chai", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/chai@4.3.14#types/chai", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/chai", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chai", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a3ef5b1713843802419d1bd4efab5bbf7eab8dcfd11d1b82c824cc1554823b6ac8630fff1c7fc7f221f2408d1afa61cb179d213c70e1903ead60a9e47ccfedf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/chai" + } + ] + }, + { + "type": "library", + "name": "sinon", + "group": "@types", + "version": "17.0.3", + "bom-ref": "@types/sinon@17.0.3", + "description": "TypeScript definitions for sinon", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinon@17.0.3#types/sinon", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinon", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinon/-/sinon-17.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f7ba8bdd9fc7b0932f644411b5f5b3b06996dec49bbf5e3b641f28ef520b78c5f3c5cf5f1d70e44832a9d887ae85c773e8c2172bf39353e7e7abdfea1589aa7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinonjs__fake-timers", + "group": "@types", + "version": "8.1.5", + "bom-ref": "@types/sinonjs__fake-timers@8.1.5", + "description": "TypeScript definitions for @sinonjs/fake-timers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinonjs__fake-timers@8.1.5#types/sinonjs__fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinonjs__fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinonjs__fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "990914da363c8c9105ed81e31efb103bcfb7ba08532f599c9e7f7a8a07e138d991f9f50f48a22479f418a527bc6ec972d84a7ba106e7ffa546e7ff7fd2a700ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinonjs__fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-stdin", + "version": "1.0.0", + "bom-ref": "mock-stdin@1.0.0", + "author": "Caitlin Potter", + "description": "Mock STDIN file descriptor in Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-stdin@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/caitp/node-mock-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-stdin/-/mock-stdin-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6e91175bf417aedbbb7a74df97ced4911eaf49d01fc2a003b2486cc77e7f144df9aa8a9039c8d4ffb03504c987405771e991ae96c7a90e331b8e6dd39ec7ad1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nock", + "version": "13.5.4", + "bom-ref": "nock@13.5.4", + "author": "Pedro Teixeira", + "description": "HTTP server mocking and expectations library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nock@13.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/nock/nock.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nock/nock#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nock/nock/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c80c937dd78d24618117159dcd2282058c6ce45c4b6c28395f94387adb3def885c4331b5faa0b1bc8c8ea388f6472e8c52585654c5f83a860379f008230ba98f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nock" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-safe", + "version": "5.0.1", + "bom-ref": "json-stringify-safe@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSON.stringify, but doesn't blow up on circular refs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-safe@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/json-stringify-safe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642960e80698bda9af60413cd9ddc8c9ddef49222343ea1d823693cd1b8edeceeda0274529cce86f68b4cc287b244f245a7d7bcaf016854571bea1b051a96c44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stringify-safe" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "propagate", + "version": "2.0.1", + "bom-ref": "propagate@2.0.1", + "author": "Pedro Teixeira", + "description": "Propagate events from one event emitter into another", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/propagate@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nock/propagate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/nock/propagate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/nock/propagate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bc6ae139abcf493cf841536e04d75c35778f35d34c68ed718fdc81787d527103e393fae183db129425cf84c905b9a34d5bfb324ef62ab276c82713017d16db6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/propagate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinon", + "version": "16.1.3", + "bom-ref": "sinon@16.1.3", + "author": "Christian Johansen", + "description": "JavaScript test spies, stubs and mocks.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sinon@16.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/sinon.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sinonjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/sinonjs/sinon/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a39d659ecb17007fd9c2d1b5dc3e6883badfa813c1d8ae275337305b17df006152e65b0191a76212129ca161f946d627c82d3f9e367dc198a5093f18d750f94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "sinon@16.1.3|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "sinon@16.1.3|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "3.0.1", + "bom-ref": "@sinonjs/commons@3.0.1", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b79821ca43db1587ca350bd731930c5a3a65e800c943c42d666321eb8ea39611c06362befab7deb32f6ce58f9754199dc74b0db8d17d6a807dcc8dfd72256a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "10.3.0", + "bom-ref": "@sinonjs/fake-timers@10.3.0", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578046d3b92e6125244c24811c6f06f1336133e175f635c55a742dce3fb07bc0eb92948109e7bd67732cf328867abfdd96685edf9fd7760ca8dffd2b40a83b60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "samsam", + "group": "@sinonjs", + "version": "8.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0", + "author": "Christian Johansen", + "description": "Value identification and comparison functions", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/samsam@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/samsam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sinonjs.github.io/samsam/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/samsam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "069f0a51594ba7c89b259ae7bead9fa1584fd08557d82229acc24f2b4bea1aa82b0dad0e1d529e67207292ab2492b77157ac8a04f9866ac3bc2d58c0291dc67b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "2.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b8b6b48fce7d98cae0dac97041874efc092b39f987f97e8b4d598d4d2f42a9ec6e13622f54e448912a492ea78f01b127289efb68c982c2bd4d519e7bd76d1772" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam/node_modules/@sinonjs/commons" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "lodash.get", + "version": "4.4.2", + "bom-ref": "lodash.get@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.get` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.get@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfe530fef2eecba8107bc71f685583ee9d3056ff1f265de66f35e1df7452fb4a16db0bd4aa2457890ebd80b5922e9801e7feac53eafa065411d0c0482da76a4d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.get" + } + ] + }, + { + "type": "library", + "name": "nise", + "version": "5.1.9", + "bom-ref": "nise@5.1.9", + "description": "Fake XHR and server", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/nise@5.1.9", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/nise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/nise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/nise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e9e8ba35b8495e9ee34758c4939bdeebeea0f1ed98bcc89384c5a3e8f48cf2680bee59f718dae6a1f9259a1b10fb1af3e618a6132b392c27aec844846daac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "11.2.2", + "bom-ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@11.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b6a62092c50ee858ec701920321477cf22cc9e2465d8b5cea615b9c503e9115e48849d397c73ff23ba5d92df6f621419c323d1c6a1e596019beebce91971c83" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/@sinonjs/fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "6.2.2", + "bom-ref": "nise@5.1.9|path-to-regexp@6.2.2", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@6.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1905f749232892781bdfafb085da515c4fb77fd57c533c80a2b958bce1b1f3bb9f1877a13539f9942c6b2ad2f2678625ff010a9cd9ebf7c6733b0c03655e6883" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/path-to-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "text-encoding", + "group": "@sinonjs", + "version": "0.7.2", + "bom-ref": "@sinonjs/text-encoding@0.7.2", + "author": "Joshua Bell", + "description": "Polyfill for the Encoding Living Standard's API.", + "licenses": [ + { + "expression": "(Unlicense OR Apache-2.0)" + } + ], + "purl": "pkg:npm/%40sinonjs/text-encoding@0.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/text-encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b175ca1beb8bf48acaa95893b5aa365ace9dcb4ce7bbdb0e68fd5d8bf8ca196d4ce95b2c3bcbe5a5709072967e8e2b10d6d4c5002e49a3f10ecc56e08016a015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/text-encoding" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-extend", + "version": "6.2.0", + "bom-ref": "just-extend@6.2.0", + "author": "Angus Croll", + "description": "extend an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-extend@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "718a1f42ed97a689bcd92eaa0fbefc8c10e9c2fbf2dfdb3597f86b6228f6bbd00c750706469681bba918e26561ba7a39909562d43033e1a8a9840d96235fce03" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/just-extend" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "stdout-stderr", + "version": "0.1.13", + "bom-ref": "stdout-stderr@0.1.13", + "author": "Jeff Dickey @jdxcode", + "description": "mock stdout and stderr", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stdout-stderr@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/stdout-stderr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stdout-stderr/-/stdout-stderr-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7b7dfc71c761f8d9ecd7902efb900f22f52e76ec6dd760305282b9a40ac0609d266f0b9ecb59217a29fae398dfa511d545d7a075df31b0b52a555d55dd892c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stdout-stderr" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abort-controller", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/abort-controller@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A simple abort controller library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/abort-controller@3.0.0#packages/abort-controller", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/abort-controller", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/abort-controller", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7a1a514606df4ae0c60bbbbd98b89e76dcd551e00f281e50b933624ee8e990a8df2401cfee87526a2c4f858b34e892b4891a0d024af0be06bb261b32adb1928" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/abort-controller" + } + ] + }, + { + "type": "library", + "name": "express", + "group": "@types", + "version": "4.17.21", + "bom-ref": "@types/express@4.17.21", + "description": "TypeScript definitions for express", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express@4.17.21#types/express", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a394f337d79ab02e96909500d38cf76c50549ce99b0fe0037a0255a7a203e343b0958bb3d8177615cfe098de3136a7061fec4ffb1e50c0374ad5d86c531b41d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "group": "@types", + "version": "1.19.5", + "bom-ref": "@types/body-parser@1.19.5", + "description": "TypeScript definitions for body-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/body-parser@1.19.5#types/body-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/body-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/body-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c1dd9bbddae71abb4890d0930215013b6ff76ff0eb74ecd23729a64890850d5eaf3693878102a51a9de5df95e198f495ac91e4bdcbebb49d7332b2972e42b0a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/body-parser" + } + ] + }, + { + "type": "library", + "name": "connect", + "group": "@types", + "version": "3.4.38", + "bom-ref": "@types/connect@3.4.38", + "description": "TypeScript definitions for connect", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/connect@3.4.38#types/connect", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/connect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/connect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bab9139fd4b0fcf2e0d0a890a4b40e32ccbd586002ba3607ec234bff9938323ca5ac5f50a72745cf48385589e8ebbb519c4642d66fc465cc560946a1946daba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/connect" + } + ] + }, + { + "type": "library", + "name": "express-serve-static-core", + "group": "@types", + "version": "4.19.0", + "bom-ref": "@types/express-serve-static-core@4.19.0", + "description": "TypeScript definitions for express-serve-static-core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express-serve-static-core@4.19.0#types/express-serve-static-core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express-serve-static-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express-serve-static-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c6c9ea7726a3c246bcb5c2af8ee67ee88818065a67882573e35d70a8f042b4bbc76e6464986abedc1aa77730bd8952c2c6781edf99cd3a298a3d7cb196a8fbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express-serve-static-core" + } + ] + }, + { + "type": "library", + "name": "qs", + "group": "@types", + "version": "6.9.15", + "bom-ref": "@types/qs@6.9.15", + "description": "TypeScript definitions for qs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/qs@6.9.15#types/qs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/qs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b971d02844ba0d028a08b878e355effddc313aad53552dc93d432512aa04825be5851e8cc6795ec3f5eafcb4551e92f293b88adf33837b5a981c8325b4eed71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/qs" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "group": "@types", + "version": "1.2.7", + "bom-ref": "@types/range-parser@1.2.7", + "description": "TypeScript definitions for range-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/range-parser@1.2.7#types/range-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/range-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/range-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84aa2b9896e426acd01a1ce26b1e4f22d0d44cc00cf6e1365d7426337eddc9de2154cfb969597ba15c4c554895427da809014dfcb28265dbd2334a4546a6d299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "group": "@types", + "version": "0.17.4", + "bom-ref": "@types/send@0.17.4", + "description": "TypeScript definitions for send", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/send@0.17.4#types/send", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/send", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/send", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c7610ce9324ec9b79cedce76057d19b293e874cb1051de4be8f4703ae9d5c955215e205229fdc07b30cbf0382f82de68d147ca35fb80d1e30baf6c0b4f802204" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/mime@1.3.5", + "description": "TypeScript definitions for mime", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mime@1.3.5#types/mime", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mime", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe9c8165648b0f69f475c1c4de1abcb3c66f7044c7b44b85fb713b5d5b74220da7bec5505dd8211d57049085a3cbd034c0a7d39fdedafcf48362884a2259cfff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "group": "@types", + "version": "1.15.7", + "bom-ref": "@types/serve-static@1.15.7", + "description": "TypeScript definitions for serve-static", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/serve-static@1.15.7#types/serve-static", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/serve-static", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/serve-static", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5bc626fa1f2786e47068a3da0f0df8414930b068ba45ce3262abca168e6b9b61541210856f3556af15d4c6e28af130128d6b32b096349ec98d086842388b2b3b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/serve-static" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/http-errors@2.0.4", + "description": "TypeScript definitions for http-errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-errors@2.0.4#types/http-errors", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-errors", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-errors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f408530cb7275b2407a0ccec878ed88a3cb96f9e6de24d9c994526682eada64610dd98b7c858e0983df409e1cbb67ab2a0854fbe42f8dc523a7fe61ee1112a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-errors" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "group": "@types", + "version": "11.0.4", + "bom-ref": "@types/fs-extra@11.0.4", + "description": "TypeScript definitions for fs-extra", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/fs-extra@11.0.4#types/fs-extra", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/fs-extra", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-11.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c936c8b4236b791a28103df7aa3ba73ed8517128c444fd6be0ca8265cef0bf4bb6b149334c5a78e6d8147d2e7eafb16b64f76608235f94b85548ffe8f927a6b1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "group": "@types", + "version": "6.1.4", + "bom-ref": "@types/jsonfile@6.1.4", + "description": "TypeScript definitions for jsonfile", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jsonfile@6.1.4#types/jsonfile", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jsonfile", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonfile", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jsonfile/-/jsonfile-6.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f9a86518c23be734d7b1b5d539f7ff9f23eb299f0b53166c903f487e3df20e4a435fa54e803880943a49b88b43a74a4f8dca374f26bc420eba34b09b16951a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jsonfile" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "group": "@types", + "version": "4.0.3", + "bom-ref": "@types/get-installed-path@4.0.3", + "description": "TypeScript definitions for get-installed-path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/get-installed-path@4.0.3#types/get-installed-path", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/get-installed-path", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/get-installed-path/-/get-installed-path-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5deea74eebca3b776e98cb29b267f57b092b7bce5f866426335c88bf67e4c99458a9753538d6001fd6f61cc0e2ca43ef76315485eb9de298b3044a48eede8e53" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "jest", + "group": "@types", + "version": "29.5.12", + "bom-ref": "@types/jest@29.5.12", + "description": "TypeScript definitions for jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jest@29.5.12#types/jest", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7830bc6d3bd3fd0858771240ba542292e7a2818e40b1d0511f6c83296df2bde5bbb2f637f83ccdf38ff6354824c35d114e225b5aa66b4eda0655d625bc525d2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jest" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "29.7.0", + "bom-ref": "expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@29.7.0#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9992cd217f554b15823591b8742398cfdca1c7c821e991fc87073b125d116097f060f665987cc5bca03f8f74c3e5130cb91cdb11f49bad632ea931e3a1eb59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect-utils@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@29.7.0#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5b0d0568854050958bd4154b1edfe4080c78bc5ef58082b393ee3f63b62dd8c3000f0987d797ee503526aff1757c3759bde1caf94535f6487dc45eb52cd870" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "29.6.3", + "bom-ref": "jest-get-type@29.6.3", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@29.6.3#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cebb5e5e7a98c5f421ee5e451f22f7f232f7f5d8bc1fcac7a1e70b1f724dc47dc1c0eac1b0d79a6dd6a9e5ed08db7943e071c8f16e5514166a1b811aab92cd73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "29.7.0", + "bom-ref": "jest-matcher-utils@29.7.0", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@29.7.0#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b01903f978bd0ed70286c2372f7bb4f8dd28a603d89c244fb4671062b817991fa19adfdf61f5802f4c515d853c79639d7ee2e005ed18096dc016d9d12da82afe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "29.7.0", + "bom-ref": "jest-diff@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@29.7.0#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cc220888ae18a098faecd37247a71521db22122b7bcb14f900a1d3dea34f81b85ef003616841b904835bbc8016014e19dcbbb7b5a040d47c85d5b93a8b4548f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "29.6.3", + "bom-ref": "diff-sequences@29.6.3", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@29.6.3#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12378f2b5b2b0f73f4f28da3e1fd04c67ca5a91b3907db498dca7db7592b1f6a918bc08276c61fc1ef498122eeac5056c2ae2e3a58a9cdf9397c736fc052abf1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "29.7.0", + "bom-ref": "pretty-format@29.7.0", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@29.7.0#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3dd970fe83f137e69776633d474d09542f56545a022d3289bc354b82627ea807df04cc6c57ce65fcbbbbb0dc78cd2ccfca82f67ae226b84c0784e5dd12034565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "pretty-format@29.7.0|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format/node_modules/ansi-styles" + } + ] + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "29.7.0", + "bom-ref": "jest-message-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@29.7.0#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "181115e064400de3feaad076fbabbad6cb5e6bc98670e4f8982b6b608499c1fbbdfc8487149ff9cce31761ba4113d46c4b9f866fadc35b81609a7289efd29feb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/types@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@29.6.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb750fb088a558a38cdc5f425edac6f0b10998dc70a02402fd7563e082985efbe9c7b4088bf2a0d4b239b83983a4a95a73ad8d52d5fb78b8d187e8d565c2cecf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "29.7.0", + "bom-ref": "jest-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@29.7.0#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfa11b29a8c8a6a18a539eb2e4a054832d5db758a18502605b352564702b03ff97d9a77b09be6217e00ad445952ff068ed1cfdbaeae9ab0e9288109e7d46c218" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-util@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util/node_modules/ci-info" + } + ] + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/schemas@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@29.6.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a8e63e57fa321998942f78129e4bf72502e7a2a55eca8225f5bcc802c5a9b544d622a84d70eb69f4fed2499c7b635bc647710728e6063ce630379a2d0bfa748" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.27.8", + "bom-ref": "@sinclair/typebox@0.27.8", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.27.8", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f858f8de948cc09b38291ac7ffddfc51ffae0042c881506643383fab5606d74763c9f0374e7ad4f0df17cea0a1fe891976ccea0504d97fdea274c7c4e659f04c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "group": "@types", + "version": "4.0.9", + "bom-ref": "@types/js-yaml@4.0.9", + "description": "TypeScript definitions for js-yaml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/js-yaml@4.0.9#types/js-yaml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/js-yaml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9383066909794c6a3f8a2a6a6f65031b65308d7ce2496921d2ecac41e953949a57d6a1a5a546589bc3e73b80f11b5a81a26b4951d609eaa47ac5d21a875d092e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mocha", + "group": "@types", + "version": "10.0.6", + "bom-ref": "@types/mocha@10.0.6", + "description": "TypeScript definitions for mocha", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mocha@10.0.6#types/mocha", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mocha", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "749beb616c4ffd47179b7e909f7e9fc6150abbc03fc4c457553d9c962145d59ed403d9621b93ec8f77b3352670fb9a6e1f67330d744b7174317fc25b26dd1e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mocha" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "group": "@types", + "version": "4.13.4", + "bom-ref": "@types/mock-fs@4.13.4", + "description": "TypeScript definitions for mock-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mock-fs@4.13.4#types/mock-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mock-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "99798cd28ea550b3c8f33dd7367402a4bd011b13f0c75525d705d810f04697879f4a1cb15b64659f424e3c4586c9969864c33a3955ccff5e7352e14c639da58e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "undici-types", + "version": "5.26.5", + "bom-ref": "undici-types@5.26.5", + "description": "A stand-alone types package for Undici", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/undici-types@5.26.5", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/undici.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://undici.nodejs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/undici/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26508c3be7a174420aaa517193a21f568014566833edc53bcc3fe1f57674ab37a8b121e650954ecd242fbd84985979055c2f887cb29221f7e1bf4b1566ea7aa4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/undici-types" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "group": "@types", + "version": "1.3.3", + "bom-ref": "@types/objects-to-csv@1.3.3", + "description": "TypeScript definitions for objects-to-csv", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/objects-to-csv@1.3.3#types/objects-to-csv", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/objects-to-csv", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/objects-to-csv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/objects-to-csv/-/objects-to-csv-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0be7cc752da02beacd51ce620231ff778cfea0d6b272d06ba45e46f433b84a9a81efcc06fd3929d917c8f3fe9a29ffd1f8b39a0117106b14371bfe9498083c19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "group": "@types", + "version": "4.2.3", + "bom-ref": "@types/prompt-sync@4.2.3", + "description": "TypeScript definitions for prompt-sync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prompt-sync@4.2.3#types/prompt-sync", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prompt-sync", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prompt-sync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prompt-sync/-/prompt-sync-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b1efb8024b1d18c9e6a41adfea7ce6544853524a2fac877001a063a20b088ed8a383c78f760499d49bda085d2f801c9b6aa75da233845db98eaf89327d6d8c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "tmp", + "group": "@types", + "version": "0.2.6", + "bom-ref": "@types/tmp@0.2.6", + "description": "TypeScript definitions for tmp", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/tmp@0.2.6#types/tmp", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/tmp", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72185a35fda82879519031adfad88a136679689eaa6a59bb67dae52dd07098e88001fd3d610befa0b5e358ae0758f175c54fdfaaf3207cd7e956806c700fed28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/tmp" + } + ] + }, + { + "type": "library", + "name": "uuid", + "group": "@types", + "version": "9.0.8", + "bom-ref": "@types/uuid@9.0.8", + "description": "TypeScript definitions for uuid", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/uuid@9.0.8#types/uuid", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/uuid", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0fbdec4188718f4018724945a68f5607ad283b2b4e06d18d0e4cb208e1fc340a1059740edc91aff5423b20f54f647530d7963cafeeec9a068650d99ca0407c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/uuid" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@7.12.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/eslint-plugin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5f757dc6ee0dffdddd2f28db5fabdd99dc18891effe7969341293b6d4b5e10df2da86b89917d0868f87db01eb448e56817637529bd6ba55e5dba5b4fa678d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "regexpp", + "group": "@eslint-community", + "version": "4.10.0", + "bom-ref": "@eslint-community/regexpp@4.10.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/regexpp@4.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aef7a49dd81cbd982353c768b228e9aad74bf6da351542fd25427946372d7aa04f79f3dc84f900033dbacc182900e7570a6528373eefda4c955319f2ffaa350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/parser@7.7.1", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@7.7.1#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be63f304e3adcf8f05e89006552fe46589381245daa3a886ac3f37f2ca75c37350402d16f2bcbfabae35294e0fac6ec028d01fe7a34e711f063a91fc97d14f0b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/scope-manager@7.7.1", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.7.1#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f2b4189fd9217ef52a4450aca7627e60d511c575d254732ca71a9ced5f797f8a4eca99912fd7d5823215019075cf53d7acfd55860f7ff3837c20f74f83876ac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/types@7.7.1", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.7.1#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0263e69c65b564b4e959afbfda898facf7d1ec171b514e2885ae5521b49b4b56b54eff7ae9b925bcb357c69de6adb73e3f68f830d3937c37df36c938a3473aff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/visitor-keys@7.7.1", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.7.1#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8012f712adb9b800f0d4b43d915a5fde144cf835b3b34b999271d82b786ae237133ea5420a51c60e707a514515d9215e05e0382961d66db2ea99b19c6781586f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/typescript-estree@7.7.1", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.7.1#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977b4247097aeef056b7e9db5e5ea987d98c6780a2639102e3c73a23e8b630cd9eea66f82c2d273e7aa22d0aba88a29f1597650aa008b44ad556bbdec541921" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-api-utils", + "version": "1.3.0", + "bom-ref": "ts-api-utils@1.3.0", + "author": "JoshuaKGoldberg", + "description": "Utility functions for working with TypeScript's API. Successor to the wonderful tsutils. 🛠️️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-api-utils@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/JoshuaKGoldberg/ts-api-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "510308a3ba5bf1646898a475ffe30554b4eba08bc356d317dcae8e522afcca72f2cc1f097ab8a89edd9b4c0b6634f6b57a402037b60f0f27fa57eca0add53e79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-api-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "3.4.3", + "bom-ref": "eslint-visitor-keys@3.4.3", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2973e2d77a2ca28acc4f944914cd4eacbf24b57eb20edcc8318f57ddcbb3e6f1883382e6b1d8ddc56bf0ff6a0d56a9b3a9add23eb98eb031497cfdad86fa26a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "8.57.0", + "bom-ref": "eslint@8.57.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@8.57.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "759ebe99ec6769321b481656828bb9d54e8e9b322160cd9570d76d893b48eea3cd666df9024a6bd1feafb70df0d4a9a7e4f628fad6557e1d775ab8694baa0ba9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint@8.57.0|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint@8.57.0|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint@8.57.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint@8.57.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "type-utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0", + "description": "Type utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/type-utils@7.12.0#packages/type-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/type-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9626fdeadc91b4c84bc706ae0d6529fee5b714c84b03a0f4ac9f13ec7987ef1db71a4d46c30bbc519f7834c5c1bce10b9fa7e548f881ac22a57a19225f26aac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0", + "description": "Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/utils@7.12.0#packages/utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63a861c31c03c78d473698ee62cc18a7a8036e4899f078a7f417f9689427d5ba53b3769f618e065fe30f63199af23b68215d864704ccfd4266ff6b86095bfe0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "group": "@eslint-community", + "version": "4.4.0", + "bom-ref": "@eslint-community/eslint-utils@4.4.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/eslint-utils@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d7fb00e1dc2bcc1032794a10ea8c5a8472a6ad9bec9cb0a0e117f15b76451869909123503c534b57d09410540fd71f446171d3a39a7ac5d85933535ef69fc07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graphemer", + "version": "1.4.0", + "bom-ref": "graphemer@1.4.0", + "author": "Matt Davies", + "description": "A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/graphemer@1.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/flmnt/graphemer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flmnt/graphemer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flmnt/graphemer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12d2b0a0eea4c422fd58ee718a98874d9952cc19bb58b4fadbb4ea0bfb9545dd072a6abc357c9e6e7358c43a018bbc2df1e4d6ad4aca5c2395685abdc759206a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graphemer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accurate-search", + "version": "1.2.15", + "bom-ref": "accurate-search@1.2.15", + "author": "Florin Mirel Dumitrescu", + "description": "The fastest and most accurate javascript full-text search library. Accurate search uses match distance algorithm to return the accurate order of the matching items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/accurate-search@1.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/florind9/accurate-search.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://accuratesearch.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/florind9/accurate-search/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accurate-search/-/accurate-search-1.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2356977547875158d69468d26c177c35a304fc2414f78d87dad1cc12e6797adff16f9da60e18a421e6c08bdb9f12801ef25c331eb6c29784797ae099f0aff07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accurate-search" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "8.16.0", + "bom-ref": "ajv@8.16.0", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@8.16.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ajv.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "174b7047c535654ebb24812d7a451c2e45e4a0ee6630c9a0183f2c2bfc5417327cd398f11d097dda1226140aaa5ccc8c62348f3b250f0301d8841ef6839b135f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ajv" + } + ] + }, + { + "type": "library", + "name": "fast-deep-equal", + "version": "3.1.3", + "bom-ref": "fast-deep-equal@3.1.3", + "author": "Evgeny Poberezkin", + "description": "Fast deep equal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-deep-equal@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/fast-deep-equal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-deep-equal" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "1.0.0", + "bom-ref": "json-schema-traverse@1.0.0", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34cf3f3fd9f75e35e12199f594b86415a0024ce5114178d6855e0103f4673aff31be0aadaa9017f483b89914314b1d51968e2dab37aa6f4b0e96bb9a3b2dddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-schema-traverse" + } + ] + }, + { + "type": "library", + "name": "require-from-string", + "version": "2.0.2", + "bom-ref": "require-from-string@2.0.2", + "author": "Vsevolod Strukchinsky", + "description": "Require module from string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-from-string@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/require-from-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dfd2759ee91b1ece214cbbe029f5b8a251b9a996ae92f7fa7eef0ed85cffc904786b5030d48706bebc0372b9bbaa7d9593bde53ffc36151ac0c6ed128bfef13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-from-string" + } + ] + }, + { + "type": "library", + "name": "uri-js", + "version": "4.4.1", + "bom-ref": "uri-js@4.4.1", + "author": "Gary Court", + "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/uri-js@4.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/garycourt/uri-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/garycourt/uri-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/garycourt/uri-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eeb294cb2df7435c9cf7ca50d430262edc17d74f45ed321f5a55b561da3c5a5d628b549e1e279e8741c77cf78bd9f3172bacf4b3c79c2acf5fac2b8b26f9dd06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uri-js" + } + ] + }, + { + "type": "library", + "name": "punycode", + "version": "2.3.1", + "bom-ref": "punycode@2.3.1", + "author": "Mathias Bynens", + "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/punycode@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/punycode.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/punycode", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/punycode.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/punycode" + } + ] + }, + { + "type": "library", + "name": "form-data", + "version": "4.0.0", + "bom-ref": "form-data@4.0.0", + "author": "Felix Geisendörfer", + "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data@4.0.0", + "externalReferences": [ + { + "url": "git://github.com/form-data/form-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/form-data/form-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/form-data/form-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1131249521a2e6dd10319ba25e803f43abdc9f170b40fe6f76e812a6e0328ba4951a2d9c94f3e9fb180486e31a1c2fb31a09f7d4a776df95b7e5fec7ca491ac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data" + } + ] + }, + { + "type": "library", + "name": "proxy-from-env", + "version": "1.1.0", + "bom-ref": "proxy-from-env@1.1.0", + "author": "Rob Wu", + "description": "Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-from-env@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/Rob--W/proxy-from-env.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fece439109b03d7f5b5d5912b445a091dc63efe7470cc5caf3e17f24e4b4d2503d43930e3b98a24465036e9c8b514e45b082d6944a8d515454481bd65788562" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-from-env" + } + ] + }, + { + "type": "library", + "name": "assertion-error", + "version": "1.1.0", + "bom-ref": "assertion-error@1.1.0", + "author": "Jake Luer", + "description": "Error constructor for test and validation frameworks that implements standardized AssertionError specification.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/assertion-error@1.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/assertion-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/assertion-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/assertion-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0b1a35dbb3fa776f1b216ddee4ae5aabf2e250a72098a8beda2e40de4964738a092d90ba111d6dc407161564b33d8dd94f615c9a3ca1d1bb113c969447ae0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/assertion-error" + } + ] + }, + { + "type": "library", + "name": "check-error", + "version": "1.0.3", + "bom-ref": "check-error@1.0.3", + "author": "Jake Luer", + "description": "Error comparison and information related utility for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/check-error@1.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/check-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/check-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/check-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88a1280d869199dd66c4cf746b63847d6863b233e960fb90fa5318b28c41d76ebeb7c7f0ef24843b8f2798383908e4e3c4323ae7f636396a5e10793764e7bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/check-error" + } + ] + }, + { + "type": "library", + "name": "get-func-name", + "version": "2.0.2", + "bom-ref": "get-func-name@2.0.2", + "author": "Jake Luer", + "description": "Utility for getting a function's name for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-func-name@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/get-func-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/get-func-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/get-func-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2f5cebee135ebb0ad21cdcec88b5ca3b37f76946d05b60eb0fb170b3ed7fcf3279468d88d21ae64980cd58ee699ec3b04a7fd06abcb5f6b67395cb504152cc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-func-name" + } + ] + }, + { + "type": "library", + "name": "deep-eql", + "version": "4.1.3", + "bom-ref": "deep-eql@4.1.3", + "author": "Jake Luer", + "description": "Improved deep equality testing for Node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-eql@4.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/deep-eql.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/deep-eql#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/deep-eql/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "59a12d00ea51035310d1ea21a998e9183f33748d0ebec9bc9a616168337c76f0d9cf2a1431c6039dfe58ea2bbb1d35f17fc2434b6dea59ae1afa12820f238fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-eql" + } + ] + }, + { + "type": "library", + "name": "loupe", + "version": "2.3.7", + "bom-ref": "loupe@2.3.7", + "author": "Veselin Todorov", + "description": "Inspect utility for Node.js and browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/loupe@2.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/loupe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/loupe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/loupe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd230834655891da5848e0662e2d03d54a3b254f6755d40aac7c42f1e62557ef5828af5678fa8094bee54a5a2b1bf536170d70d214c199a6bf8eb43751b3c7b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/loupe" + } + ] + }, + { + "type": "library", + "name": "pathval", + "version": "1.1.1", + "bom-ref": "pathval@1.1.1", + "author": "Veselin Todorov", + "description": "Object value retrieval given a string path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pathval@1.1.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/pathval.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/pathval", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/pathval/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e9eb31aaa537444dd47ade57a12583de20eaa988d04db5cec1a5648bace8deed4688b04e5a63ddabfc0ba7400eebb17bdeb7796b277267657dbd50f4ca5f229" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pathval" + } + ] + }, + { + "type": "library", + "name": "colors", + "version": "1.4.0", + "bom-ref": "colors@1.4.0", + "author": "Marak Squires", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colors@1.4.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/Marak/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Marak/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Marak/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6be52a4e1e2481983f4a51af7dbcc31e9811bbb00040e9a6a911c99f185164808a1544fdd5bad584d36de7c08c594f4fb016efdcf0c26541db571b83887da6b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colors" + } + ] + }, + { + "type": "library", + "name": "csv-parse", + "version": "4.16.3", + "bom-ref": "csv-parse@4.16.3", + "author": "David Worms", + "description": "CSV parsing implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parse@4.16.3", + "externalReferences": [ + { + "url": "git+https://github.com/wdavidw/node-csv-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/parse/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wdavidw/node-csv-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.16.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70ed48ff39b3e30d9d70a1d5be90abec9551bbcfc5ca61b9384a66bec65895c718a253c12e85462941e03687386469057859561840e633204cf934ea45d5bfc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parse" + } + ] + }, + { + "type": "library", + "name": "dotenv", + "version": "16.4.5", + "bom-ref": "dotenv@16.4.5", + "description": "Loads environment variables from .env file", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/dotenv@16.4.5", + "externalReferences": [ + { + "url": "git://github.com/motdotla/dotenv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/motdotla/dotenv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/motdotla/dotenv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66674bdabba2f9e07663086c5b38c89d1f0b95db591c60e8435ba01fce69a472b0a541cbee3eeb3744e2f4d0a71a241b85a675d45a51fbb6a8d5d36c99db8d52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dotenv" + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif-typescript", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3", + "author": "oclif", + "description": "eslint config for Typscript'd oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif-typescript@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif-typescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif-typescript/-/eslint-config-oclif-typescript-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4de24a5d6050dee28cb73833fbe505356a5ed560b1f267ea46ecd9cb52e2ad112046556feb9e929151b880d65ab79ad13484207c39934be61e6f12b4da47f294" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@4.33.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68836203119574e975789c958da5a7fd871502ae068bf628df9a871829ea6d6573eb5837f43d21db7bde63f300d2b14519fc4aed3c92836bb00de36ff89815a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@4.33.0#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66885db1b5da76318148ad3fafe77ced7d120662b33aae3f4b99f32ba481809b29168f7f0940c9ee18dacaecdef892bb09940b0ccae8ab2b69ee939c14a4f164" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "7.32.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@7.32.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54767c817f840dfcfef7b8c6720c860b24626bf74f39de9787dc8fbfc065d7e4a8688c03f9afef96b3a6191532398bbb33052173b0b1a9e683654d774b8f84a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.12.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "author": "Sebastian McKenzie", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.12.11#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babeljs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66dd72a1d071d5473289e3cc4a45a753884faa1c2aee11a2da714bd4b780dc4525faad8b431d7a3084a0274fb3edd9e682f3fd42d2257ae11318e88e1f545c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@babel/code-frame" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "0.4.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@0.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27a285173e50098509ab7a5fd268c47022551116f3bfbd4f5080dccee87d264c0613371e77a08ee400cb1c1d6b6dfffea0f06da0f7cc60d3a9183cc200d95b5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "7.3.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@7.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/eslint/espree.git", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf724234213ae2e9a41699a4146ab354ab0e4f4b4dd59afeb9ea8b65fa55d4e6fc7be08480f59af8ec42a061f7b6786298c2886819b89bfbda46927f92b473da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.5.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15a82d285cfbe17ad397bcba1c2cd0a700df5cfd328717bd9472c3d546718ef64871bc91cfccd3145ff260d7d27f3538d78783c19d52aced10bedc9ffb014c42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "1.2.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66740c9cb5787bb843954bf0f07f94f0048bd36492d869fafbd01cdf01862c87bbfa37b601e00ec4f63e8b320f2437c50dbede0e37afd14b3c30ed6215137c84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "7.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@7.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d0ca9d28d7f98d75b4ced4f3ba9079304ab9a0674313fe3082a4d8b06d48c6a11378765061a89b6842e0a710e2b3813570834656882a10cba4b131e6d0561f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/acorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/glob-parent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/argparse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.29.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.29.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.29.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a65195478e6ce5dc8d5a3b633fda0129a9afc61d74e5ecb17fbd07805f85be990214fb6932a98f7b16432749cd89f0eb28abebc2497098fc78c552614817f02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.38.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.38.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.38.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b68cbf95c9f91c656f06a139aa2ec131beb5acb0179d4a8690435d6fca17e50de4f772c31d055a743a7f805628eb46ebe09a459e0f0c142f9463d2a0d11caea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "experimental-utils", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0", + "description": "(Experimental) Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/experimental-utils@4.33.0#packages/experimental-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/experimental-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cde4233a8112e491634e7021239418ed9be27333330e9b65b35e4616c23a8f250eab490e7fdf96a27921b652218744601d19ea8f981d3715b98f512f032620e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "json-schema", + "group": "@types", + "version": "7.0.15", + "bom-ref": "@types/json-schema@7.0.15", + "description": "TypeScript definitions for json-schema", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-schema@7.0.15#types/json-schema", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-schema", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7e7cff0ff0c14d0be0326420f1ac1da991914f1b3a90594ce949ebae54bbe6f1531ca2b3586af06aa057312bc6d0cf842c6e7e2850411e9b8c032df732b061c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tsutils", + "version": "3.21.0", + "bom-ref": "tsutils@3.21.0", + "author": "Klaus Meinhardt", + "description": "utilities for working with typescript's AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsutils@3.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajafff/tsutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajafff/tsutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajafff/tsutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "98728ade25172fedd417ac4be64d0f12129150128f042bfff919043a98d15b1c71dbb28a4419a603ad00f6980e52f322f062a144c3c49a30513f3b365bb3b538" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "tsutils@3.21.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "esrecurse", + "version": "4.3.0", + "bom-ref": "esrecurse@4.3.0", + "description": "ECMAScript AST recursive visitor", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esrecurse@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esrecurse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esrecurse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esrecurse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a67ca2f76fa1be457bcff0dd6faf74ead642ffa021609f63585c4b6a3fcfcbde929aa540381bc70555aa05dd2537db7083e17ca947f7df8a81e692d8bafd36a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esrecurse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "3.0.0", + "bom-ref": "eslint-utils@3.0.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae402e3720672dc3af29240d5181b412f3f34feeb721e82c1de23dd906d828e3ff05963e1e184ed96126513778aae69554bfa18f756e59d511657a8f38b8b0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "highlight", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/highlight@7.24.2", + "author": "The Babel Team", + "description": "Syntax highlight JavaScript strings for output in terminals.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/highlight@7.24.2#packages/babel-highlight", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-highlight", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-highlight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61a7356a8e1f9644f14ed7820d92c4bddc60d9f65fcf5bfc338429686ca9abf58f0ea8378a31d86c37ecf8b1b986fcd2a2a69267dfd9f652923f70a3663bfea4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "@babel/highlight@7.24.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "@babel/highlight@7.24.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/has-flag" + } + ] + } + ] + }, + { + "type": "library", + "name": "globals", + "version": "13.24.0", + "bom-ref": "globals@13.24.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@13.24.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0213b9414723f2596b6c6d3d89684f536076d38275c673de2fc910995a2b4accbe4a38f5b24f2023287a714a1c1a61f82f452e840272fa124c440e26800e2615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "type-fest", + "version": "0.20.2", + "bom-ref": "globals@13.24.0|type-fest@0.20.2", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35ef9e138af4fe25a7a40c43f39db3dc0f8dd01b7944dfff36327045dd95147126af2c317f9bec66587847a962c65e81fb0cfff1dfa669348090dd452242372d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "doctrine", + "version": "3.0.0", + "bom-ref": "doctrine@3.0.0", + "description": "JSDoc parser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/doctrine@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/doctrine.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/doctrine", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/doctrine/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c92f90e62de105fec6064778286f1aede04d3563462d3684c306165228c860cef3ae56033340455c78e33d6956675460ed469d7597880e68bd8c5dc79aa890db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/doctrine" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "enquirer", + "version": "2.4.1", + "bom-ref": "enquirer@2.4.1", + "author": "Jon Schlinkert", + "description": "Stylish, intuitive and user-friendly prompt system. Fast and lightweight enough for small projects, powerful and extensible enough for the most advanced use cases.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enquirer@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/enquirer/enquirer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/enquirer/enquirer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/enquirer/enquirer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad1a8983fea0779dfc547bd1dcf4ab75105bff5572d987f31eacef6e11884290d12886b816057fe786f9435c584b138ec0abe35f0792dba13443e9c0330a76a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enquirer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-colors", + "version": "4.1.1", + "bom-ref": "ansi-colors@4.1.1", + "author": "Brian Woodward", + "description": "Easily add ANSI colors to your text and symbols in the terminal. A faster drop-in replacement for chalk, kleur and turbocolor (without the dependencies and rendering bugs).", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-colors@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/ansi-colors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/ansi-colors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/ansi-colors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2685f46a919b1da50904d97ac85fa9e89005619ebaebf86108628de6df501636c940a514fe0f0c35b1436ef7eb80a5ef23542966994f3a7c08a3df655ff00098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-colors" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn-jsx", + "version": "5.3.2", + "bom-ref": "acorn-jsx@5.3.2", + "description": "Modern, fast React.js JSX parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-jsx@5.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn-jsx.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aeaf6cf893617f4202863b435f196527b838d68664e52957b69d0b1f0c80e5c7a3c27eef2a62a9e293eb8ba60478fbf63d4eb9b00b1e81b5ed2229e60c50d781" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-jsx" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esquery", + "version": "1.5.0", + "bom-ref": "esquery@1.5.0", + "author": "Joel Feenstra", + "description": "A query library for ECMAScript AST using a CSS selector like query language.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/esquery@1.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esquery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esquery/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esquery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6102d7529940c09802c9d43bf08309cb064271ea2a935a07d3538445d48025cffb5360329708e14822c312dab083cd7589d212ffd7c85391a31bbdc882328c56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esquery" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esutils", + "version": "2.0.3", + "bom-ref": "esutils@2.0.3", + "description": "utility box for ECMAScript language tools", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esutils@2.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/esutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esutils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "file-entry-cache", + "version": "6.0.1", + "bom-ref": "file-entry-cache@6.0.1", + "author": "Roy Riojas", + "description": "Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-entry-cache@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/royriojas/file-entry-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec6a6cfd75b299b2e4d902d82b8373a4c3ab623321748c57b88bf2d9006c2c4ea58eea1d2af7645acfdca72249dc25485691f43a2d47be0d68bdb3332dd14106" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/file-entry-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "functional-red-black-tree", + "version": "1.0.1", + "bom-ref": "functional-red-black-tree@1.0.1", + "author": "Mikola Lysenko", + "description": "A fully persistent balanced binary search tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/functional-red-black-tree@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/mikolalysenko/functional-red-black-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76c28d40d763eb10374fe4250030c0ee6392957d2a88c20d8e7d1c82bf9e1871ac6d21f34da6dc228833dbea7f8aa3f55ece843ffb12d926ea1fe6eb1936ead2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/functional-red-black-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2665cc67ac2ebc398b88712697dca4cea3ba97015ba1fd061b822470668435d0910c398c5679f2eece47b0880709b6aad30d8cc8f843aa48535204b62d4d8f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/imurmurhash" + } + ] + }, + { + "type": "library", + "name": "json-stable-stringify-without-jsonify", + "version": "1.0.1", + "bom-ref": "json-stable-stringify-without-jsonify@1.0.1", + "author": "James Halliday", + "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/samn/json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d6e8cbe97bb40dce196e858f21475a43f92ee0728f54e4df72e3caad1ac72cdd93dfff2528b6bb77cfd504a677528dc2ae9538a606940bbcec28ac562afa3f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stable-stringify-without-jsonify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "levn", + "version": "0.4.1", + "bom-ref": "levn@0.4.1", + "author": "George Zahariev", + "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/levn@0.4.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/levn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/levn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/levn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9b4f6b87e04e4b184ee1fe7ddebdc4bfb109495c2a48a7aca6f0e589e5e57afbaec3b2a97f2da693eea24102ddabcdfa1aff94011818710e2c7574cb7691029" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/levn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.merge", + "version": "4.6.2", + "bom-ref": "lodash.merge@4.6.2", + "author": "John-David Dalton", + "description": "The Lodash method `_.merge` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.merge@4.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.merge" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "optionator", + "version": "0.9.3", + "bom-ref": "optionator@0.9.3", + "author": "George Zahariev", + "description": "option parsing and help generation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/optionator@0.9.3", + "externalReferences": [ + { + "url": "git://github.com/gkz/optionator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/optionator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/optionator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2630a8ca9a7e8ca9f5b6d105131c617ad08a789b7dce102002f7b91571e2c53bc50d6ff968492d5fd6ee7c128b45131d53b6cdb692df706bbde01ddc7442608e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fast-levenshtein", + "version": "2.0.6", + "bom-ref": "optionator@0.9.3|fast-levenshtein@2.0.6", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c25eee887e1a9c92ced364a6371f1a77cbaaa9858e522599ab58c0eb29c11148e5d641d32153d220fcf62bcf2c3fba5f63388ca1d0de0cd2d6c2e61a1d83c77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator/node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "progress", + "version": "2.0.3", + "bom-ref": "progress@2.0.3", + "author": "TJ Holowaychuk", + "description": "Flexible ascii progress bar", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/progress@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/node-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-progress#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecf887b4b965e4b767288330d74d08fbcc495d1e605b6430598913ea226f6b46d78ad64a6bf5ccad26dd9a0debd979da89dcfd42e99dd153da32b66517d57db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/progress" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "version": "3.2.0", + "bom-ref": "regexpp@3.2.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexpp@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6ad9b5a8f66543e379dbb6cdb01afd7b5cb88d2f26be1a4959f246832d5d99d3c8030ac1a99ca9fd04531ea6f5ae1c26f256f63b279a39f8156fa106e69492e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "table", + "version": "6.8.2", + "bom-ref": "table@6.8.2", + "author": "Gajus Kuizinas", + "description": "Formats data into a string table.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/table@6.8.2", + "externalReferences": [ + { + "url": "git+https://github.com/gajus/table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gajus/table#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gajus/table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/table/-/table-6.8.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c36b1fbfcd27ac08765426ea47900adbbc2cc1786a71c9360217e7356efa6de417b24199d55d761b04bfff26156b77777dcbc08a9d8e5276c30235b6937bfd7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/table" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37ef148ac0170c693c3c55cfe07033551f676df995277cd82c05a24c8a2a0b9bf98ac8a786bfabe6e68ef3eeebdc131fb8d22e7c8b00ed176956069c0b6712a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-table" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache", + "version": "2.4.0", + "bom-ref": "v8-compile-cache@2.4.0", + "author": "Andres Suarez", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache@2.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/zertosh/v8-compile-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1cc967376c01c107f82ecaa250548e68e016643e1ce73d8506d9e6bcd06a2777f060356a5aa7c4ce98b49e7901bb6e787628c212c6c91d0031b9f63ef3aee87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confusing-browser-globals", + "version": "1.0.10", + "bom-ref": "confusing-browser-globals@1.0.10", + "description": "A list of browser globals that are often used by mistake instead of local variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/confusing-browser-globals@1.0.10#packages/confusing-browser-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/create-react-app.git#packages/confusing-browser-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/create-react-app#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/create-react-app/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80d95dff7972487c2e85a565b8950a2de3d88ab33740d08acd5c6a01d849208f7f5972955f93d447331526ca52d634ec952aa37ae1b828c5534a8ba2b7960f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/confusing-browser-globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-mocha", + "version": "9.0.0", + "bom-ref": "eslint-plugin-mocha@9.0.0", + "author": "Mathias Schreck", + "description": "Eslint rules for mocha.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-mocha@9.0.0", + "externalReferences": [ + { + "url": "git://github.com/lo1tuma/eslint-plugin-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77b92701c423d633c2cd97f771a781227dc19d6ea291cbdfcf4912a90a703d871518ba09579b33d25d0e241d8b47c23b76f4c36eaab5a15eb29614a0cc0d74ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ramda", + "version": "0.27.2", + "bom-ref": "ramda@0.27.2", + "author": "Scott Sauyet", + "description": "A practical functional library for JavaScript programmers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ramda@0.27.2", + "externalReferences": [ + { + "url": "git://github.com/ramda/ramda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ramdajs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ramda/ramda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ramda/-/ramda-0.27.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b88b3d4e3426e2678877b141202069ddf685fc1df834547701763e556e2394590f4fef6a151ca3b47cbc3f3a27fb5c10a285f6f66b515c20b66182aa508ac8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ramda" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-node", + "version": "11.1.0", + "bom-ref": "eslint-plugin-node@11.1.0", + "author": "Toru Nagashima", + "description": "Additional ESLint's rules for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-node@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a14c2d3c9d56d12283d13afec2abbdd9ce71b82790a81de14821dab27fd982315d03d88318d90d7f6662f73b58ed7fa136e3226f6dcb346466ebeb8df8a2c4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "eslint-plugin-node@11.1.0|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-es", + "version": "3.0.1", + "bom-ref": "eslint-plugin-es@3.0.1", + "author": "Toru Nagashima", + "description": "ESLint plugin about ECMAScript syntactic features.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-es@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-es.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "194980b0968de0573b19bb65f2e38195aca8d83aa1c16bc4cf290c1d20991d4dd7749f8d4b3cd97158578775715f989ca90fa841d2046b05d7f31911de620599" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif", + "version": "4.0.0", + "bom-ref": "eslint-config-oclif@4.0.0", + "author": "Jeff Dickey @jdxcode", + "description": "eslint config for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif/-/eslint-config-oclif-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6d91441e0b7deb1c0849c5a19e0466087e50cbba6795daa0ffe172c1757841ffa17ff899f075c7bdc181d2be4c74254a9441286942ff09115901a7fcf30fb86" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "36.0.0", + "bom-ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "author": "Sindre Sorhus", + "description": "Various awesome ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@36.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-36.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c71376bd272d1969c35ba68b1259bf2ca23072b9a4ea676211c5b9e54bf992b72b55c20549632612073f870a5e9987d969c299e67a4511118dcf869386ca7500" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.27.0", + "bom-ref": "eslint-config-xo-space@0.27.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.27.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.27.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fc5235be9d0c8e921880355a48a6daa528fc84ed7472438d2e435368061cd57eef798317d91aba658aaf191c1a5a385db008b65a7b14d28e0ed1be6f7dbe3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.35.0", + "bom-ref": "eslint-config-xo@0.35.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f96c994cb594265bc4c45ac153f2ddc3c001fd2d1ddf1fb6e8941d0566dcaa283665a5a1d338a761c1e893e113e08a0f68471145fdc513d92322d3558c1c2702" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "helper-validator-identifier", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-validator-identifier@7.22.20", + "author": "The Babel Team", + "description": "Validate identifier/keywords name", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-identifier@7.22.20#packages/babel-helper-validator-identifier", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-identifier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "638399fb2b656ad47c008fbc2997cab8be6eacaa7ba9ecb4f216b7d4bf1bdc1c1ec0902825a993cf2bf13d1ff90fe2a47490863eaffef13ba41c1958d74157f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-identifier" + } + ] + }, + { + "type": "library", + "name": "clean-regexp", + "version": "1.0.0", + "bom-ref": "clean-regexp@1.0.0", + "author": "Sam Verschueren", + "description": "Clean up regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-regexp@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SamVerschueren/clean-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19f8ac119109bf32ab9865a4bdf860cdccff06594dd5449ea83d95ead835e0e00e81a083d99fcf504bb19c067f9cfbe6687446edaf32efba754ff2114380f51f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp/node_modules/escape-string-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-template-visitor", + "version": "2.3.2", + "bom-ref": "eslint-template-visitor@2.3.2", + "licenses": [ + { + "expression": "GPL-3.0-or-later OR MIT" + } + ], + "purl": "pkg:npm/eslint-template-visitor@2.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/futpib/eslint-template-visitor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-template-visitor/-/eslint-template-visitor-2.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df2761a85a6e57bc7533d10ae7604f363e95d0ac2ed0a2a470801fa548701db47ca1c4659ffa141e07f142ea58f0ed61e10bff3ce1c3ba66ff070c0d7f16ed9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/eslint-parser@7.24.1", + "author": "The Babel Team", + "description": "ESLint parser that allows for linting of experimental syntax transformed by Babel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/eslint-parser@7.24.1#eslint/babel-eslint-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#eslint/babel-eslint-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77982ebb33253de0df6486e943cfa0d4d68236e00604118d1028741d5ab3d6c8ce7952e1d8211a89fb8ecac087d7c5115ba47ba6a5c836f7f93da47f742ea32d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/eslint-parser@7.24.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-scope-5-internals", + "group": "@nicolo-ribaudo", + "version": "5.1.1-v1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "description": "Proxy package exposing internals of eslint-scope@5 for @babel/eslint-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e78fc946f90b233cc35ac84259fba169d7eb7d954f884958f057209a0d47ae8125cbf1034accf384102c6ab0aec7e0ff90eb254d1aae373bb21929944934c71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "multimap", + "version": "1.1.0", + "bom-ref": "multimap@1.1.0", + "author": "villa.gao", + "description": "multi-map which allow multiple values for the same key", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/multimap@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/villadora/multi-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/villadora/multi-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/villadora/multi-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/multimap/-/multimap-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d19211f4f6ac3f1197991b0417c8ec0f39ddcc70e3eed21abfe2549af20507f587b30962167aaec44093fc37bb191e3283df64cbf36544a253f361b5cb6ef56f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/multimap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-builtin-module", + "version": "3.2.1", + "bom-ref": "is-builtin-module@3.2.1", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-builtin-module@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0522c4dc79d5dacc99d052b488c03fc941a995478c98dcf8016e5f9d3ba76c222a662e2f1b75a3253f451cccb90faf719806011d742125d00b769c15c55e74d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-builtin-module" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pluralize", + "version": "8.0.0", + "bom-ref": "pluralize@8.0.0", + "author": "Blake Embrey", + "description": "Pluralize and singularize any word", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pluralize@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/blakeembrey/pluralize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35cdc84f9c87cdf9537db8e0a967023e9a3b0da2b2e059e907497fcc2016d1373b8f1022baa4b11dab27b41dc3efcf3b2d2ac0f7790327d217a2fc49631c8b08" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pluralize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-pkg-up", + "version": "7.0.1", + "bom-ref": "read-pkg-up@7.0.1", + "author": "Sindre Sorhus", + "description": "Read the closest package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg-up@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccad1307b5dde89a422e694b9ae7eaca4184fbf4e539e3c3eaa28294d5bb8470ca161fc9effee0096191ee3a044045b56caab76b7c9465239b3a858b150e2886" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-limit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.8.1", + "bom-ref": "read-pkg-up@7.0.1|type-fest@0.8.1", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1d6f3233aaf8ed822339af0d64e6b107b4100d2a676e7611b20446a3374d5f13285a00886ca0a372eb2efe20df7721fa45b7063d8aa8bb903fb1c0a850b0d24" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "regexp-tree", + "version": "0.1.27", + "bom-ref": "regexp-tree@0.1.27", + "author": "Dmitry Soshnikov", + "description": "Regular Expressions parser in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexp-tree@0.1.27", + "externalReferences": [ + { + "url": "git+https://github.com/DmitrySoshnikov/regexp-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8844f1a632ba628456246e68ea15cbc2f8d80285be144667f68b343c3fdbe803fac50c2c6bf63b942560222c416d43cc7e1bbe8b62ed75e02a5538069506ab7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexp-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safe-regex", + "version": "2.1.1", + "bom-ref": "safe-regex@2.1.1", + "author": "James C.", + "description": "detect possibly catastrophic, exponential-time regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-regex@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/davisjam/safe-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/davisjam/safe-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davisjam/safe-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af1fb1f0033329be50e6543de59a22e996c9ab008b92a8b75ee257a793f7ad3f0e11ceac642246e40139754de5b2046bfc5e01b37d634a554dfa3e4aaec1aef4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-regex" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "52.0.0", + "bom-ref": "eslint-plugin-unicorn@52.0.0", + "author": "Sindre Sorhus", + "description": "More than 100 powerful ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@52.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-52.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58ce6eff9bed11e1d8c7d2d8c38df55e8bf8eedb0dc0cd41a31baabc267b8d20be71230b1f9720a8a16e6c7c1bd0a76a4c61015259608538db2309ac751079e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "2.1.4", + "bom-ref": "@eslint/eslintrc@2.1.4", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbaf59dfd312eb0549b6ca14975d0beb459d92125574f1b6e10e1e6531f79e717a969bd24a110adf04230d7f494560143ef3e1ec23a8b8fa54f48aea69916fb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "9.6.1", + "bom-ref": "espree@9.6.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@9.6.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/espree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2bb99685923a2b4e9177da40d2239ffbe558b019e6608a7186cb636839283743d6e7c259e60e6e072e7925d111379fe9e30d7474dfb698d7ec79f19ff315dc1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parent-module", + "version": "1.0.1", + "bom-ref": "parent-module@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the path of the parent module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parent-module@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parent-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parent-module" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "4.0.0", + "bom-ref": "resolve-from@4.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4dd1ea8067fda1d77c49736ec6d501571f0dbfea9939e8c4eaacaa8b2e4db5b61840e7856bace61e4c653f399a2f15961ec53a9c9981ec01137553e2fb634152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core-js-compat", + "version": "3.37.0", + "bom-ref": "core-js-compat@3.37.0", + "author": "Denis Pushkarev", + "description": "core-js compat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-js-compat@3.37.0#packages/core-js-compat", + "externalReferences": [ + { + "url": "git+https://github.com/zloirock/core-js.git#packages/core-js-compat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/zloirock/core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zloirock/core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8ab82fe4fc692e54b858385300e173b60d45655e559c25b5a77d0bf8d5dd1d8b8153a94bd043afb97f58be8137475b5779355de8cf4c7aaa133260b1ad1fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-js-compat" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "browserslist", + "version": "4.23.0", + "bom-ref": "browserslist@4.23.0", + "author": "Andrey Sitnik", + "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/browserslist@4.23.0", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/browserslist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/browserslist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/browserslist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "416f0788cd6c8614f61aece4be495f8dc2838961571ce78508803f86e24fc07b2c97073276093b5fecf6cd7a448a33fdf14098ec76ee6d9b79276660bdfd0269" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browserslist" + } + ] + }, + { + "type": "library", + "name": "caniuse-lite", + "version": "1.0.30001612", + "bom-ref": "caniuse-lite@1.0.30001612", + "author": "Ben Briggs", + "description": "A smaller version of caniuse-db, with only the essentials!", + "licenses": [ + { + "license": { + "id": "CC-BY-4.0" + } + } + ], + "purl": "pkg:npm/caniuse-lite@1.0.30001612", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/caniuse-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001612.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "945827674ed485a09cb12660596d0ae63e1eebd74ad6efe5b6b2fd95352214ec0d1ecd764b750c204620055d19e82ea14437afee2467333cd898a69b61d5c5f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/caniuse-lite" + } + ] + }, + { + "type": "library", + "name": "electron-to-chromium", + "version": "1.4.747", + "bom-ref": "electron-to-chromium@1.4.747", + "author": "Kilian Valkhof", + "description": "Provides a list of electron-to-chromium version mappings", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/electron-to-chromium@1.4.747", + "externalReferences": [ + { + "url": "git+https://github.com/kilian/electron-to-chromium.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.747.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f859d2599200bc51dbb0d566531844a9689a3a23cc71fba6d464339560a0ff02e2815b6c84eb235c7c8415f9ade9c14aebe1e44b740e241bfaff738fba66c17f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/electron-to-chromium" + } + ] + }, + { + "type": "library", + "name": "node-releases", + "version": "2.0.14", + "bom-ref": "node-releases@2.0.14", + "author": "Sergey Rubanov", + "description": "Node.js releases data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-releases@2.0.14", + "externalReferences": [ + { + "url": "git+https://github.com/chicoxyzzy/node-releases.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb5d30396b7cc99a6a5e63a0468efb59a1c49a1610606340eb2e36d4f2ac2985842bc696f9ca80a616e8ad90e1a9fc8aadb64437dd823755f629b69f636b3b63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-releases" + } + ] + }, + { + "type": "library", + "name": "update-browserslist-db", + "version": "1.0.13", + "bom-ref": "update-browserslist-db@1.0.13", + "author": "Andrey Sitnik", + "description": "CLI tool to update caniuse-lite to refresh target browsers from Browserslist config", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/update-browserslist-db@1.0.13", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/update-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/update-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/update-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e6cff3548d70fb8da4f3f7bb3796d4d617c48debc72273177a43eac1f88c4ee8fc85fe5ad4a9c27554faa22c0cfca4d1dde198543b9a3a9ce80b55eb4e216e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/update-browserslist-db" + } + ] + }, + { + "type": "library", + "name": "escalade", + "version": "3.1.2", + "bom-ref": "escalade@3.1.2", + "author": "Luke Edwards", + "description": "A tiny (183B to 210B) and fast utility to ascend parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escalade@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/escalade.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/escalade#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/escalade/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b08730269ed7dbd1f2f4067b9d3122c5689b2d7dae0ea016edfeaf78e410ee3ab2e2cc58192cbd5ca81a0415fa339f97ce1948e4a59afe86c5af3d3e64c698" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escalade" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "5.3.0", + "bom-ref": "estraverse@5.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@5.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30c74046e54443388d4de243f0380caa6870475d41450fdc04ffa92ed61d4939dfdcc20ef1f15e8883446d7dfa65d3657d4ffb03d7f7814c38f41de842cbf004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "builtin-modules", + "version": "3.3.0", + "bom-ref": "builtin-modules@3.3.0", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/builtin-modules@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/builtin-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce16820e271d2ee58de546cde4832716a34c84d7e8f75f6c1fce72dbf79afb9620f53b1391e671a4bf892dba7a7206054b8b112e9dd85784bac83baa5561d83b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/builtin-modules" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "3.0.2", + "bom-ref": "jsesc@3.0.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4aab3cd65c3b6d26e39c6b006de0a9ca1c721fe6843f0b16b1fb43d6146f83143807340762f935c40800c8f91622154326c7cefddb1b0c6db8178f80b09cfe2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-try", + "version": "2.2.0", + "bom-ref": "p-try@2.2.0", + "author": "Sindre Sorhus", + "description": "`Start a promise chain", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-try@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-try.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-try#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-try/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-try" + } + ] + }, + { + "type": "library", + "name": "path-exists", + "version": "4.0.0", + "bom-ref": "path-exists@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path exists", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-exists.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a4f50cb943b8d86f65b071ecb9169be0d8aa0073f64884b48b392066466ca03ec1b091556dd1f65ad2aaed333fa6ead2530077d943c167981e0c1b82d6cbbff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-exists" + } + ] + }, + { + "type": "library", + "name": "read-pkg", + "version": "5.2.0", + "bom-ref": "read-pkg@5.2.0", + "author": "Sindre Sorhus", + "description": "Read a package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "520ebd98d3a97ef28301cd90f034693238f376dae7bfd1dc48c5fee15b19c43d5a67a673ac813bae5cd706d593ca150b48c2a0d3be805ba591e626690f42623a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "normalize-package-data", + "version": "2.5.0", + "bom-ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.5.0", + "externalReferences": [ + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "2.8.9", + "bom-ref": "read-pkg@5.2.0|hosted-git-info@2.8.9", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.8.9", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9b120301bf4bb26e83a0e27bc47fb9f97e32d4b53fe078b9d0bf42e6c22cc0adc9cd42d2e1bc24d45be374182f611e1bcd3e2db944220b5e451367f91db2ef63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "5.7.2", + "bom-ref": "read-pkg@5.2.0|semver@5.7.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "701ce79d0f4a8c9a94ebb079d91302eb908c6ab2b6eb4d161676e471a8b05aadf1cbfe61685265b21827a63a2f31527e1df7f8f5df06127d1bf3b0b9a43435d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.6.0", + "bom-ref": "read-pkg@5.2.0|type-fest@0.6.0", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abe301f27611d4a0cbae0af81b9c9e99fb69302eff40ba959dd06610476ace6363e5d70538ee0ea3caa5c1913750b4f7f998a6d45f0aab87019e290d86508c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "group": "@types", + "version": "2.4.4", + "bom-ref": "@types/normalize-package-data@2.4.4", + "description": "TypeScript definitions for normalize-package-data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/normalize-package-data@2.4.4#types/normalize-package-data", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/normalize-package-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/normalize-package-data", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfb8be39a59387da9e2b82d21cfb32442ecd6a19c6a2d36e66f8cb4a070fcdb9691c1debac227100e808e6009d2a6edca289ec697d4e7f420b8937276636dfc4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regjsparser", + "version": "0.10.0", + "bom-ref": "regjsparser@0.10.0", + "author": "'Julian Viereck'", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/regjsparser@0.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jviereck/regjsparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jviereck/regjsparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jviereck/regjsparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab1fb1406655b32e79087d1ad61895c079aa8cbaf27e1ef04321791ced3b5c9f5fedd40c63f80f407865c83908cc9282fb1d9f502a42714383514505ae6ed21c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "jsesc", + "version": "0.5.0", + "bom-ref": "regjsparser@0.10.0|jsesc@0.5.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "http://mths.be/mit" + } + } + ], + "purl": "pkg:npm/jsesc@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b99cf952707bbb84fd2efc2616a5e28bba594a8b9a44fa2b1ace70868d48a7b54ed30c5a9c5bc12fb1a433a7531e5817fa384102945eb5a5a99c369b39e4dc9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser/node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "strip-indent", + "version": "3.0.0", + "bom-ref": "strip-indent@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip leading whitespace from each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-indent@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "95a2536b725bf95429682e83b1e1e117b75756a1d37c93c24436846e277f76b3a1822b60624bbf95eb4c52a397168595d3320851b8e9747dadfad623e1b40c45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "min-indent", + "version": "1.0.1", + "bom-ref": "min-indent@1.0.1", + "author": "James Kyle", + "description": "Get the shortest leading whitespace from lines in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/min-indent@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejameskyle/min-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23d8f0327d3b4b2fc8c0e8f7cd59158a4d894ef8296b29036448a02fa471e8df4b6cccb0c1448cb71113fbb955a032cb7773b7217c09c2fbae9ecf1407f1de02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/min-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@eslint", + "version": "8.57.0", + "bom-ref": "@eslint/js@8.57.0", + "description": "ESLint JavaScript language implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/js@8.57.0#packages/js", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git#packages/js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cfb78364da5bb8000ce2733edf37489b420e13239dd703305550fd38fd880d417c9cc5283f660145d3dce7a7a6e3c76c8e8ffe6c840b1449ae87d4b03c7fe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.11.14", + "bom-ref": "@humanwhocodes/config-array@0.11.14", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.11.14", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd3f0b90e9a0e39055e452026f5e5040cb325125ab43c0328157c2ed91b7db339a967aab8a59b4d7c6550b0d1e6a95eec7c16d037deaf0f4914acb6379ede34a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "2.0.3", + "bom-ref": "@humanwhocodes/object-schema@2.0.3", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f77cd874c112fdcd43ebdc9988a0c18f4576e2fa8dcc1fe4a05dba28f69a8007dddcfff8814961dc3cace688002be1318bd432ce50fcc7fd3c66def020a70370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "module-importer", + "group": "@humanwhocodes", + "version": "1.0.1", + "bom-ref": "@humanwhocodes/module-importer@1.0.1", + "author": "Nicholas C. Zaks", + "description": "Universal module importer for Node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/module-importer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f1bde57857cbf961be277054d3deb3d281904ea429237cad32e28555549c08b8354144c0d7acfc9744bf7cf22e5aa7d9bd6e7c8412359f9b95a4066b5f7cb7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/module-importer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs.scandir", + "group": "@nodelib", + "version": "2.1.5", + "bom-ref": "@nodelib/fs.scandir@2.1.5", + "description": "List files and directories inside the specified directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "beadb806adf29b91c4426d8d282af7c970f08dceef4ec1138510e7929d832bda75baa2d1f831eeae6fcd393a34286ec760753b7a9a4a663dcccaa62e3017fada" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.scandir" + } + ] + }, + { + "type": "library", + "name": "run-parallel", + "version": "1.2.0", + "bom-ref": "run-parallel@1.2.0", + "author": "Feross Aboukhadijeh", + "description": "Run an array of functions in parallel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-parallel@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/feross/run-parallel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/run-parallel", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/run-parallel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65e15c9947ce8b67f943c594d1ea3a8bf00144d92d0814b30fdba01b8ec2d5003c4776107f734194b07fb2dfd51f0a2dddcf3f0e950b8f9a768938ca031d004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-parallel" + } + ] + }, + { + "type": "library", + "name": "queue-microtask", + "version": "1.2.3", + "bom-ref": "queue-microtask@1.2.3", + "author": "Feross Aboukhadijeh", + "description": "fast, tiny `queueMicrotask` shim for modern engines", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/queue-microtask@1.2.3", + "externalReferences": [ + { + "url": "git://github.com/feross/queue-microtask.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/queue-microtask", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/queue-microtask/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36e68d49ae9f94a4f925a498433268934e09cd32f5080e9a1a1bf9adf2d6dcf82a03e3360a1a59427002f21f22e19164052f17e51aa40c11c0eebe217a3dcaf4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/queue-microtask" + } + ] + }, + { + "type": "library", + "name": "fastq", + "version": "1.17.1", + "bom-ref": "fastq@1.17.1", + "author": "Matteo Collina", + "description": "Fast, in memory work queue", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fastq@1.17.1", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/fastq.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/fastq#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/fastq/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b11543de55952175a0e81cbaf1937bbe1a3d6b5a5070dfd604568002c0c31739498efa06c743fccfb575b7bda0ac525f261bb760f641baedb97fb29ac368cdd7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastq" + } + ] + }, + { + "type": "library", + "name": "reusify", + "version": "1.0.4", + "bom-ref": "reusify@1.0.4", + "author": "Matteo Collina", + "description": "Reuse objects and functions with style", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/reusify@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/reusify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/reusify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/reusify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d9c7f3c6b77dcfde902175974fd43f5228b22b888f24e1ee106f5d530762055c7c6bedf3ded782e8f650e2c3788e411b69bbfeec3268b553e9f6ed0b04f2cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/reusify" + } + ] + }, + { + "type": "library", + "name": "structured-clone", + "group": "@ungap", + "version": "1.2.0", + "bom-ref": "@ungap/structured-clone@1.2.0", + "author": "Andrea Giammarchi", + "description": "A structuredClone polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40ungap/structured-clone@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/ungap/structured-clone.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ungap/structured-clone#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ungap/structured-clone/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cee55d16b3098ae083414302cd0683e8a2f6f0c8e7aaa37c5e702a884abd3cd9bf8423d34867eb5c239fc23d68c382c56ffb4dca624fc2c35b55e3dcd7116aad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ungap/structured-clone" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-key" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-command" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-regex" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "447c4c2e9f659ca1c61d19e0f5016144231b600715a67ebdb2648672addfdfac638155564e18f8aaa2db4cb96aed2b23f01f9f210d44b8210623694ab3241e23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "7.2.2", + "bom-ref": "eslint-scope@7.2.2", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@7.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74eb76d4eee54cc84333e5fd981e065fe0d9ad9b425093cbff095c4eac72af1e48bced0862d20b76dad0190a7ef27e52d20c1256639ff4d42b8cc3a07d066522" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "8.11.3", + "bom-ref": "acorn@8.11.3", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@8.11.3", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63dad17c91b98dc28e13408b8ac61ba2352322b20413b00633303f4a6e01b2500d85b4be70332980175c3d3f75a09eceb89f61609071e7d4636e1c559eb17c5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn" + } + ] + }, + { + "type": "library", + "name": "flat-cache", + "version": "3.2.0", + "bom-ref": "flat-cache@3.2.0", + "author": "Jared Wray", + "description": "A stupidly simple key/value storage using files to persist some data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/flat-cache@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/flat-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09870435af85b5c50a2e6861ab272da5c96cabb405dfca4a8d91ec18d892405e6be05b6828359a6c50e5de1cda11032f4f52c7132b30e6dc202efa5861be2f6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "flatted", + "version": "3.3.1", + "bom-ref": "flatted@3.3.1", + "author": "Andrea Giammarchi", + "description": "A super light and fast circular JSON parser.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/flatted@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/flatted.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/flatted#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/flatted/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5fc72a30b2e27bb2ac3540d277378df0560af6b12de03b7aeceb06fc33469d84d20c11b8b850091419d47a257ecc2540bf0172e7a22333db07e758d568484dc7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flatted" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "keyv", + "version": "4.5.4", + "bom-ref": "keyv@4.5.4", + "author": "Jared Wray", + "description": "Simple key-value storage with support for multiple backends", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/keyv@4.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/keyv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/keyv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/keyv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3154790747f1097f608d5e75b144b5ba9a0ec9c82094706d03b441a62f672d528d4f3538a7d4f52297eafffb8af93295600bf7e7d648ecc7b9a34ae8caa88a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/keyv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-buffer", + "version": "3.0.1", + "bom-ref": "json-buffer@3.0.1", + "author": "Dominic Tarr", + "description": "JSON parse & stringify that supports binary via bops & base64", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-buffer@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/dominictarr/json-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1b57905f4769aa7d04c99be579b4f3dd7fe669ba1888bd3b8007983c91cad7399a534ff430c15456072c17d68cebea512e3dd6c7c70689966f46ea6236b1f49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-buffer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "5.0.0", + "bom-ref": "find-up@5.0.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efcfcf5d3d7094b2c3813cc3b3bb23abd873cf4bd70fece7fbbc32a447b87d74310a6766a9f1ac10f4319a2092408dda8c557dd5b552b2f36dac94625ba9c69e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "6.0.0", + "bom-ref": "locate-path@6.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88f64ae9e6236f146edee078fd667712c10830914ca80a28a65dd1fb3baad148dc026fcc3ba282c1e0e03df3f77a54f3b6828fdcab67547c539f63470520d553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "5.0.0", + "bom-ref": "p-locate@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2da363b51594058fbecc1e6713f37071aa0cca548f93e4be647341d53cdd6cc24c9f2e9dca7a401aded7fed97f418ab74c8784ea7c47a696e8d8b1b29ab1b93f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-extglob", + "version": "2.1.1", + "bom-ref": "is-extglob@2.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a string has an extglob.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extglob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extglob" + } + ] + }, + { + "type": "library", + "name": "is-path-inside", + "version": "3.0.3", + "bom-ref": "is-path-inside@3.0.3", + "author": "Sindre Sorhus", + "description": "Check if a path is inside another path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-path-inside@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-path-inside.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15de200016fec9c18098aa2ef1e31fb42ba94a2af9951c6a7f8683fef774703daa7381cbd3b3a309eb8732bf11a380a831a782283074fc40813955a34f052f3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-path-inside" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "prelude-ls", + "version": "1.2.1", + "bom-ref": "prelude-ls@1.2.1", + "author": "George Zahariev", + "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prelude-ls@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/prelude-ls.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://preludels.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/prelude-ls/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be47033eb459a354192db9f944b18fa60fd698843ae6aa165a170629ffdbe5ea659246ab5f49bdcfca6909ab789a53aa52c5a9c8db9880edd5472ad81d2cd7e6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prelude-ls" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-check", + "version": "0.4.0", + "bom-ref": "type-check@0.4.0", + "author": "George Zahariev", + "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-check@0.4.0", + "externalReferences": [ + { + "url": "git://github.com/gkz/type-check.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/type-check", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/type-check/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5794a1cf6ec065ea8d6c176944d9026ccc705679f39f10036befc7552be7121c8b15c83fef0b9c50e0469954df4bacead7aa765b2415fbbe69ee0aefd3a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-check" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "word-wrap", + "group": "@aashutoshrathi", + "version": "1.2.6", + "bom-ref": "@aashutoshrathi/word-wrap@1.2.6", + "author": "Jon Schlinkert", + "description": "Wrap words to a specified length.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/aashutoshrathi/word-wrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d588ecd92bccf137e5111fce0f770e8e15963996f9f00dadef0a44d92f577c161388897e5c58501b66e3cb83eed48f8402508d533443603745c056142af5dc20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aashutoshrathi/word-wrap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "deep-is", + "version": "0.1.4", + "bom-ref": "deep-is@0.1.4", + "author": "Thorsten Lorenz", + "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-is@0.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/thlorenz/deep-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/deep-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/deep-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a083f392c993838fccae289a6063bea245c34fbced9ffc37129b6fffe81221d31d2ac268d2ee027d834524fcbee1228cb82a86c36c319c0f9444c837b7c6bf6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accepts", + "version": "1.3.8", + "bom-ref": "accepts@1.3.8", + "description": "Higher-level content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/accepts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/accepts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/accepts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accepts" + } + ] + }, + { + "type": "library", + "name": "mime-types", + "version": "2.1.35", + "bom-ref": "mime-types@2.1.35", + "description": "The ultimate javascript content-type utility.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-types.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-types#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-types/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-types" + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/negotiator" + } + ] + }, + { + "type": "library", + "name": "array-flatten", + "version": "1.1.1", + "bom-ref": "array-flatten@1.1.1", + "author": "Blake Embrey", + "description": "Flatten an array of nested arrays into a single flat array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/array-flatten.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-flatten" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "version": "1.20.2", + "bom-ref": "body-parser@1.20.2", + "description": "Node.js body parsing middleware", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/body-parser@1.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/body-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/body-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/body-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a5f6945e0aedcceb590696aa139b6ba64974e5453b864f1d1b7d88feb8850a298c9c1b936d49b79eb55ddf69253a47b6a338fc3483f2753ef2b8a8dcbbb396c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "body-parser@1.20.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "body-parser@1.20.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "bytes", + "version": "3.1.2", + "bom-ref": "bytes@3.1.2", + "author": "TJ Holowaychuk", + "description": "Utility to parse a string bytes to bytes and vice-versa", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/bytes.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bytes" + } + ] + }, + { + "type": "library", + "name": "depd", + "version": "2.0.0", + "bom-ref": "depd@2.0.0", + "author": "Douglas Christopher Wilson", + "description": "Deprecate all the things", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/depd@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/dougwilson/nodejs-depd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/depd" + } + ] + }, + { + "type": "library", + "name": "destroy", + "version": "1.2.0", + "bom-ref": "destroy@1.2.0", + "author": "Jonathan Ong", + "description": "destroy a stream if possible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/destroy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/destroy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/destroy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/destroy" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "version": "2.0.0", + "bom-ref": "http-errors@2.0.0", + "author": "Jonathan Ong", + "description": "Create HTTP error objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/http-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/http-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/http-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-errors" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.4.24", + "bom-ref": "iconv-lite@0.4.24", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/iconv-lite" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safer-buffer" + } + ] + }, + { + "type": "library", + "name": "on-finished", + "version": "2.4.1", + "bom-ref": "on-finished@2.4.1", + "description": "Execute a callback when a request closes, finishes, or errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/on-finished.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/on-finished#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/on-finished/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/on-finished" + } + ] + }, + { + "type": "library", + "name": "qs", + "version": "6.11.0", + "bom-ref": "qs@6.11.0", + "description": "A querystring parser that supports nesting and arrays, with a depth limit", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/qs@6.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/qs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/qs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/qs" + } + ] + }, + { + "type": "library", + "name": "raw-body", + "version": "2.5.2", + "bom-ref": "raw-body@2.5.2", + "author": "Jonathan Ong", + "description": "Get and validate the raw body of a readable stream.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/raw-body@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/raw-body.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/raw-body#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/raw-body/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f331aaca97c4363088a868605d3a02f1a076afb62b057f804007c83ecfcc964f81b4f4f3b4ebd34b4d4d456ff7121eb427e6b8f25b7caac0b38ab43a9680957c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/raw-body" + } + ] + }, + { + "type": "library", + "name": "unpipe", + "version": "1.0.0", + "bom-ref": "unpipe@1.0.0", + "author": "Douglas Christopher Wilson", + "description": "Unpipe a stream from all destinations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/unpipe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/unpipe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/unpipe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/unpipe" + } + ] + }, + { + "type": "library", + "name": "type-is", + "version": "1.6.18", + "bom-ref": "type-is@1.6.18", + "description": "Infer the content-type of a request.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/type-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/type-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/type-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-is" + } + ] + }, + { + "type": "library", + "name": "content-disposition", + "version": "0.5.4", + "bom-ref": "content-disposition@0.5.4", + "author": "Douglas Christopher Wilson", + "description": "Create and parse Content-Disposition header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-disposition.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-disposition#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-disposition/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-disposition" + } + ] + }, + { + "type": "library", + "name": "cookie-signature", + "version": "1.0.6", + "bom-ref": "cookie-signature@1.0.6", + "author": "TJ Holowaychuk", + "description": "Sign and unsign cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/node-cookie-signature.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie-signature" + } + ] + }, + { + "type": "library", + "name": "cookie", + "version": "0.6.0", + "bom-ref": "cookie@0.6.0", + "author": "Roman Shtylman", + "description": "HTTP server cookie parsing and serialization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bd5cc936a6ba1d4244d09fa4663ab68dbc971bcdc0f1b81aecff1158e07f7266cefd2f943a756ad4fd792e5d0e33181ee7291db5a7b3a2f07f704acfab2f77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie" + } + ] + }, + { + "type": "library", + "name": "encodeurl", + "version": "1.0.2", + "bom-ref": "encodeurl@1.0.2", + "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/encodeurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/encodeurl" + } + ] + }, + { + "type": "library", + "name": "escape-html", + "version": "1.0.3", + "bom-ref": "escape-html@1.0.3", + "description": "Escape string for use in HTML", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/component/escape-html.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/escape-html#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/escape-html/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-html" + } + ] + }, + { + "type": "library", + "name": "etag", + "version": "1.8.1", + "bom-ref": "etag@1.8.1", + "description": "Create simple HTTP ETags", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/etag@1.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/etag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/etag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/etag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/etag" + } + ] + }, + { + "type": "library", + "name": "finalhandler", + "version": "1.2.0", + "bom-ref": "finalhandler@1.2.0", + "author": "Douglas Christopher Wilson", + "description": "Node.js final http responder", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/finalhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "finalhandler@1.2.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "finalhandler@1.2.0|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "parseurl", + "version": "1.3.3", + "bom-ref": "parseurl@1.3.3", + "description": "parse a url with memoization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/parseurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/parseurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/parseurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parseurl" + } + ] + }, + { + "type": "library", + "name": "statuses", + "version": "2.0.1", + "bom-ref": "statuses@2.0.1", + "description": "HTTP status utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/statuses.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/statuses#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/statuses/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/statuses" + } + ] + }, + { + "type": "library", + "name": "fresh", + "version": "0.5.2", + "bom-ref": "fresh@0.5.2", + "author": "TJ Holowaychuk", + "description": "HTTP response freshness testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fresh" + } + ] + }, + { + "type": "library", + "name": "setprototypeof", + "version": "1.2.0", + "bom-ref": "setprototypeof@1.2.0", + "author": "Wes Todd", + "description": "A small polyfill for Object.setprototypeof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/wesleytodd/setprototypeof.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setprototypeof" + } + ] + }, + { + "type": "library", + "name": "toidentifier", + "version": "1.0.1", + "bom-ref": "toidentifier@1.0.1", + "author": "Douglas Christopher Wilson", + "description": "Convert a string of words to a JavaScript identifier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/toidentifier.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/toidentifier#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/toidentifier/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/toidentifier" + } + ] + }, + { + "type": "library", + "name": "merge-descriptors", + "version": "1.0.1", + "bom-ref": "merge-descriptors@1.0.1", + "author": "Jonathan Ong", + "description": "Merge objects using descriptors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/merge-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/merge-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/merge-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-descriptors" + } + ] + }, + { + "type": "library", + "name": "methods", + "version": "1.1.2", + "bom-ref": "methods@1.1.2", + "description": "HTTP methods that node supports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/methods@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/methods.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/methods#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/methods/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/methods" + } + ] + }, + { + "type": "library", + "name": "ee-first", + "version": "1.1.1", + "bom-ref": "ee-first@1.1.1", + "author": "Jonathan Ong", + "description": "return the first event in a set of ee/event pairs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonathanong/ee-first.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonathanong/ee-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonathanong/ee-first/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ee-first" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "0.1.7", + "bom-ref": "path-to-regexp@0.1.7", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "externalReferences": [ + { + "url": "git+https://github.com/component/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-to-regexp" + } + ] + }, + { + "type": "library", + "name": "proxy-addr", + "version": "2.0.7", + "bom-ref": "proxy-addr@2.0.7", + "author": "Douglas Christopher Wilson", + "description": "Determine address of proxied request", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/proxy-addr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-addr" + } + ] + }, + { + "type": "library", + "name": "forwarded", + "version": "0.2.0", + "bom-ref": "forwarded@0.2.0", + "description": "Parse HTTP X-Forwarded-For header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/forwarded.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/forwarded#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/forwarded/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/forwarded" + } + ] + }, + { + "type": "library", + "name": "ipaddr.js", + "version": "1.9.1", + "bom-ref": "ipaddr.js@1.9.1", + "author": "whitequark", + "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "externalReferences": [ + { + "url": "git://github.com/whitequark/ipaddr.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ipaddr.js" + } + ] + }, + { + "type": "library", + "name": "side-channel", + "version": "1.0.6", + "bom-ref": "side-channel@1.0.6", + "author": "Jordan Harband", + "description": "Store information about any JS value in a side channel. Uses WeakMap if available.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/side-channel@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/side-channel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/side-channel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/side-channel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c35bf119e90f5188ef1e146f078feeeefe85be5eb3d320287008e336fad87603a39b943b58608a6f7bd9be2af23d6780bda9211795a191e9b4c460745eba094" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/side-channel" + } + ] + }, + { + "type": "library", + "name": "call-bind", + "version": "1.0.7", + "bom-ref": "call-bind@1.0.7", + "author": "Jordan Harband", + "description": "Robustly `.call.bind()` a function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/call-bind@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/call-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/call-bind#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/call-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1874d2352608090eec707eec67e336ac5a294682e1f2dd9b2d25ba05b82bb4bb1a84e201e62c805497fd1a358addc6130da323e17741a4cd5c03aa484b42afdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/call-bind" + } + ] + }, + { + "type": "library", + "name": "es-define-property", + "version": "1.0.0", + "bom-ref": "es-define-property@1.0.0", + "author": "Jordan Harband", + "description": "`Object.defineProperty`, but not IE 8's broken one.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-define-property@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-define-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-define-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-define-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f16b22ca4a1ac4aaacc9d1eba641b5614d840cdbb09f4f54f7e7e8028031682fcd892ec5ea4c9efacefe80d182ce8049cb50cbcbcec0ec188ae5f0d1694f681" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-define-property" + } + ] + }, + { + "type": "library", + "name": "get-intrinsic", + "version": "1.2.4", + "bom-ref": "get-intrinsic@1.2.4", + "author": "Jordan Harband", + "description": "Get and robustly cache all JS language-level intrinsics at first require time", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/get-intrinsic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e621b091fc549053bfba2c960e01ce7258843a1123ac1a602c4c9827674eb702ac703f7c214aa13173d8928a1341dd0c5505effa10ba1cee99724aee968145" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-intrinsic" + } + ] + }, + { + "type": "library", + "name": "es-errors", + "version": "1.3.0", + "bom-ref": "es-errors@1.3.0", + "author": "Jordan Harband", + "description": "A simple cache for a few of the JS Error constructors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-errors@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65fe47d8ac6ddb18d3bdb26f3f66562c4202c40ea3fa1026333225ca9cb8c5c060d6f2959f1f3d5b2d066d2fa47f9730095145cdd0858765d20853542d2e9cb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-errors" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/function-bind" + } + ] + }, + { + "type": "library", + "name": "set-function-length", + "version": "1.2.2", + "bom-ref": "set-function-length@1.2.2", + "author": "Jordan Harband", + "description": "Set a function's length property", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/set-function-length@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/set-function-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/set-function-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/set-function-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6045ce21278fec363582492f409a74b8d31ddb34c0d39271e02f951a3014ccc899d4f741205a1d51cfe302f5e16ee01b8dfd4c198ca42e63fd6fdeb33b1cc7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/set-function-length" + } + ] + }, + { + "type": "library", + "name": "define-data-property", + "version": "1.1.4", + "bom-ref": "define-data-property@1.1.4", + "author": "Jordan Harband", + "description": "Define a data property on an object. Will fall back to assignment in an engine without descriptors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-data-property@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/define-data-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/define-data-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/define-data-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac132f23396903cbfa13e489668a3ef87018aac2eb920ecc49f2229cc3c5866928af0ed7f9d39754942cf904faf731a4cccc9f0e720c3765a2775f8d6cbdd3f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-data-property" + } + ] + }, + { + "type": "library", + "name": "gopd", + "version": "1.0.1", + "bom-ref": "gopd@1.0.1", + "author": "Jordan Harband", + "description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/gopd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/gopd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/gopd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gopd" + } + ] + }, + { + "type": "library", + "name": "has-property-descriptors", + "version": "1.0.2", + "bom-ref": "has-property-descriptors@1.0.2", + "author": "Jordan Harband", + "description": "Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-property-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7924d2ae216fafab829ed418ce4e333661cb5022f093ec61731f099f64f1a8e709eb82489dd1842d9c095e152aae9999b86b3de7d814be7ab6f2e62a49760ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-property-descriptors" + } + ] + }, + { + "type": "library", + "name": "has-proto", + "version": "1.0.3", + "bom-ref": "has-proto@1.0.3", + "author": "Jordan Harband", + "description": "Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-proto@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-proto.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-proto#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-proto/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "489d5a999009522652f8f86c54b7f9b46c9d95a541f04745a5a48ee209a250a50ec64f2ace7e40232e19789526876db39c8764fee300513da9977171cd5507f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-proto" + } + ] + }, + { + "type": "library", + "name": "has-symbols", + "version": "1.0.3", + "bom-ref": "has-symbols@1.0.3", + "author": "Jordan Harband", + "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/has-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/has-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/has-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-symbols" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21254f5208fbe633320175916a34f5d66ba76a87b59d1f470823dcbe0b24bcac6de72f8f01725adaf4798a8555541f23d6347e58ef10f0001edb7e04a391431" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hasown" + } + ] + }, + { + "type": "library", + "name": "object-inspect", + "version": "1.13.1", + "bom-ref": "object-inspect@1.13.1", + "author": "James Halliday", + "description": "string representations of objects in node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/object-inspect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-inspect" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "version": "1.2.1", + "bom-ref": "range-parser@1.2.1", + "author": "TJ Holowaychuk", + "description": "Range header field string parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/range-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/range-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/range-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "version": "0.18.0", + "bom-ref": "send@0.18.0", + "author": "TJ Holowaychuk", + "description": "Better streaming static file server with Range and conditional-GET support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/send@0.18.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/send.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/send#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/send/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "send@0.18.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "send@0.18.0|debug@2.6.9|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug/node_modules/ms" + } + ] + } + ] + } + ] + }, + { + "type": "library", + "name": "mime", + "version": "1.6.0", + "bom-ref": "mime@1.6.0", + "author": "Robert Kieffer", + "description": "A comprehensive library for mime-type mapping", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-mime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-mime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-mime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "version": "1.15.0", + "bom-ref": "serve-static@1.15.0", + "author": "Douglas Christopher Wilson", + "description": "Serve static files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/serve-static.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/serve-static#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/serve-static/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serve-static" + } + ] + }, + { + "type": "library", + "name": "media-typer", + "version": "0.3.0", + "bom-ref": "media-typer@0.3.0", + "author": "Douglas Christopher Wilson", + "description": "Simple RFC 6838 media type parser and formatter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/media-typer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/media-typer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/media-typer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/media-typer" + } + ] + }, + { + "type": "library", + "name": "utils-merge", + "version": "1.0.1", + "bom-ref": "utils-merge@1.0.1", + "author": "Jared Hanson", + "description": "merge() utility function", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "http://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/jaredhanson/utils-merge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredhanson/utils-merge#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/jaredhanson/utils-merge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/utils-merge" + } + ] + }, + { + "type": "library", + "name": "vary", + "version": "1.1.2", + "bom-ref": "vary@1.1.2", + "author": "Douglas Christopher Wilson", + "description": "Manipulate the HTTP Vary header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/vary@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/vary.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/vary#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/vary/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/vary" + } + ] + }, + { + "type": "library", + "name": "asynckit", + "version": "0.4.0", + "bom-ref": "asynckit@0.4.0", + "author": "Alex Indigo", + "description": "Minimal async jobs utility library, with streams support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/asynckit@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexindigo/asynckit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexindigo/asynckit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexindigo/asynckit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39e8bd387e2d461d18a94dc6c615fbf5d33f9b0560bdb64969235a464f9bb21923d12e5c7c772061a92b7818eb1f06ad5ca6f3f88a087582f1aca8a6d8c8d6d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/asynckit" + } + ] + }, + { + "type": "library", + "name": "combined-stream", + "version": "1.0.8", + "bom-ref": "combined-stream@1.0.8", + "author": "Felix Geisendörfer", + "description": "A stream that emits multiple other streams one after another.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/combined-stream@1.0.8", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-combined-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/combined-stream" + } + ] + }, + { + "type": "library", + "name": "delayed-stream", + "version": "1.0.0", + "bom-ref": "delayed-stream@1.0.0", + "author": "Felix Geisendörfer", + "description": "Buffers events from a stream until you are ready to handle them.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/delayed-stream@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-delayed-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "672483ecd7fdd5a2c1d11c4be0a1ab28705797b11db350c098475ca156b05e72c3ed20e1a4d82db88236680920edaed04b8d63c4f499d7ba7855d1a730793731" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/delayed-stream" + } + ] + }, + { + "type": "library", + "name": "mime-db", + "version": "1.52.0", + "bom-ref": "mime-db@1.52.0", + "description": "Media Type Database", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-db" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "11.2.0", + "bom-ref": "fs-extra@11.2.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@11.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e60e2deec0ae6716e5e1ed70d39559d2d7bc494bbbd6dfa8acdbec37c5cbfc495c620783720137f872d9156396e44a35f46389dbbd90aad7f123b44cabf64b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "6.1.0", + "bom-ref": "jsonfile@6.1.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@6.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5d8277563ab8984a6e5c9d86893616a52cd0ca3aa170c8307faebd44f59b067221af28fb3c476c5818269cb9fdf3e8ad58283cf5f367ddf9f637727de932a5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsonfile" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "2.0.1", + "bom-ref": "universalify@2.0.1", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "829b4735082120d9dcfef4c6224d12385185357c3b255ae5454b42a2725196f6b0e83b97d303b925e928f6c5ab301861f8fb18019ee85c088e9dffd42a88328b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/universalify" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "version": "4.0.8", + "bom-ref": "get-installed-path@4.0.8", + "author": "Charlike Mike Reagent", + "description": "Get installation path where the given package is installed. Works for globally and locally installed packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-installed-path@4.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/tunnckoCore/get-installed-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-installed-path/-/get-installed-path-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e600d2b5c449481e51c7dad5df3a84e74835235f55f71af28ae99c8b6d49d20829f5a400f0bbaede556b6db8fcc95ab5c30d3d8c7ceeae01a2882ce15f8ad98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "global-modules", + "version": "1.0.0", + "bom-ref": "global-modules@1.0.0", + "author": "Jon Schlinkert", + "description": "The directory used by npm for globally installed npm modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-modules@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0ace91247f5d46a4e16ec346738f39ade01e146708ce706ef9ecf3efadf87170b15bab4c29b20a4eab1a71b71162086e03b46f7733a5d155b176a0675ebfb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-modules" + } + ] + }, + { + "type": "library", + "name": "global-prefix", + "version": "1.0.2", + "bom-ref": "global-prefix@1.0.2", + "author": "Jon Schlinkert", + "description": "Get the npm global path prefix.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-prefix@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-prefix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65b31d4d5031ed4a37e0d1e1e5998bd92aff3f9d5a97e1c9056ccf85ac6710fb4e0a59c585a3d3f93313d9612cd4bf2ce67536c8ec48b1f10e086c42c3ab32a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix" + } + ], + "components": [ + { + "type": "library", + "name": "which", + "version": "1.3.1", + "bom-ref": "global-prefix@1.0.2|which@1.3.1", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix/node_modules/which" + } + ] + } + ] + }, + { + "type": "library", + "name": "expand-tilde", + "version": "2.0.2", + "bom-ref": "expand-tilde@2.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or `~+` to the cwd.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expand-tilde@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/expand-tilde.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0391267ac1d6eab7e767dcac1d08cf7494678b44916abd2d8ed1b930db66f67e5352fb1853ca28ce9aed443e00a87c5c6565a556e026428da758a7cdf68ca34f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expand-tilde" + } + ] + }, + { + "type": "library", + "name": "homedir-polyfill", + "version": "1.0.3", + "bom-ref": "homedir-polyfill@1.0.3", + "author": "Brian Woodward", + "description": "Node.js os.homedir polyfill for older versions of node.js.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/homedir-polyfill@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/homedir-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7929a6584e5b6532b6368bb8834008df367daecc29ec644aa0a5d2d412d492f3ef88eaace184cdd5d8d022aad7cbd939804b5d2cfcbce898d1c2c34cf6d9c370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/homedir-polyfill" + } + ] + }, + { + "type": "library", + "name": "parse-passwd", + "version": "1.0.0", + "bom-ref": "parse-passwd@1.0.0", + "author": "Brian Woodward", + "description": "Parse a passwd file into a list of users.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-passwd@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/parse-passwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/parse-passwd", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/parse-passwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58d40fff4145c464aed82b3fab0fd5b275c135f84b8fafa64180a79c001f2d9a85ba505bf435111525ed69fa3471b5386471b6ca91fc086d625efc8784ea6d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-passwd" + } + ] + }, + { + "type": "library", + "name": "is-windows", + "version": "1.0.2", + "bom-ref": "is-windows@1.0.2", + "author": "Jon Schlinkert", + "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-windows@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-windows.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-windows" + } + ] + }, + { + "type": "library", + "name": "resolve-dir", + "version": "1.0.1", + "bom-ref": "resolve-dir@1.0.1", + "author": "Jon Schlinkert", + "description": "Resolve a directory that is either local, global or in the user's home directory.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-dir@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/resolve-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bba24e3102cef3ac5927dd33440a14d05515c2b6eda1ce53076f2b9dc1716f33aa719d629d056e3f36732e78fb60383f6b45336d89e6445f7b547e94cff5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-dir" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "5.0.3", + "bom-ref": "domhandler@5.0.3", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@5.0.3", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "720c25bffd621508859d4f7a5d78113a1f314de7adb272620ec4dced36022c577dfbf58d908a8f4f188cffca5277c548ae15c64dfd4dcb5ab586ab95a83241e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "3.1.0", + "bom-ref": "domutils@3.1.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@3.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fbf2e32642d23602180326359e4261f0249d9b2cf0f718c98eed98dafd9661f38c249bee2eb7e2149d47516bcb82197f3c0e2571d63e8545ed577f11208c464" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "2.0.0", + "bom-ref": "dom-serializer@2.0.0", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-serializer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c08900af28aab7f9d5e4440aa90a68dd24e848e57d2740e76c9ab02bb5affd3adcf76cc801867816532ef893c55b50df185b7cd594c21a00c469b7df5de2f226" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "4.5.0", + "bom-ref": "entities@4.5.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease & speed", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@4.5.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5748631f87463e1f40a39a74328458e8156ab700a3873eaf2392d3f00279e47fb883dff8bdb1f1d48e787d2d17b9c94b8431c0acf40288c8c3c6368bf1f3f187" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "https", + "version": "1.0.0", + "bom-ref": "https@1.0.0", + "author": "hardus van der berg", + "description": "https mediation", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/https@1.0.0", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/https/-/https-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e040b9edd757ae4685d31f373a3f2c33a48b4070165f0f744a4aaed8ce0011610d677174d9d14913f180440f2280eefdb5c818a86ac3eda7b87f92f7ba6da582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/https" + } + ] + }, + { + "type": "library", + "name": "inquirer-file-tree-selection-prompt", + "version": "2.0.2", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2", + "author": "anc95", + "description": "inquerer file tree selection prompt", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inquirer-file-tree-selection-prompt@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/anc95/inquirer-file-tree-selection.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer-file-tree-selection-prompt/-/inquirer-file-tree-selection-prompt-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae56d0ec1ca4819fdf9aded259cdac681072b8cb10ad487e8aa9f2e1a32868bab6e426354ed643a7171a3bea0407335e5410fbe7d7789936884877e74a75414b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt" + } + ], + "components": [ + { + "type": "library", + "name": "rxjs", + "version": "7.8.1", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@7.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://rxjs.dev", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "000dd3563fb40368ae2284245842bfb6a16306ada3fba3cee98d3325cbf32c016110520edc72f4be5b3d8562e77196c001b2b499aafba19e15d3bf48fea3ccc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt/node_modules/rxjs" + } + ] + } + ] + }, + { + "type": "library", + "name": "cli-cursor", + "version": "3.1.0", + "bom-ref": "cli-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Toggle the CLI cursor", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23fcc7030b0a7fd16a1a85cce16591002a1bf7e48dba465377de03585e7b138b68a2e46e95b0b171487a44a5043909584c7267ce43ccc92bcf35a6922cd7cb67" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-cursor" + } + ] + }, + { + "type": "library", + "name": "restore-cursor", + "version": "3.1.0", + "bom-ref": "restore-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Gracefully restore the CLI cursor on exit", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/restore-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/restore-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97eb1279fcc7a63e6a8a6845484e5af27b9f65800cdec05254c00fb589260bee041f66a7486684317483d22cd141bbbd9dfc90f72e49ad59a9ec4f2866b523bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/restore-cursor" + } + ] + }, + { + "type": "library", + "name": "onetime", + "version": "5.1.2", + "bom-ref": "onetime@5.1.2", + "author": "Sindre Sorhus", + "description": "Ensure a function is only called once", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/onetime@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/onetime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/onetime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/onetime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91ba5a4921894d674063928f55e30e2974ab3edafc0bc0bbc287496dcb1de758d19e60fe199bbc63456853a0e6e59e2f5abd0883fd4d2ae59129fee3e5a6984a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/onetime" + } + ] + }, + { + "type": "library", + "name": "mimic-fn", + "version": "2.1.0", + "bom-ref": "mimic-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Make a function mimic another one", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-fn" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "3.0.7", + "bom-ref": "signal-exit@3.0.7", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@3.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c270f6644fa5f923c2feea12d2f5de13d2f5fb4c2e68ca8a95fcfd00c528dfc26cc8b48159215c1d1d51ae2eb62d9735daf2ebd606f78e5ee2c10860c2901b19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "figures", + "version": "3.2.0", + "bom-ref": "figures@3.2.0", + "author": "Sindre Sorhus", + "description": "Unicode symbols with Windows CMD fallbacks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/figures@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/figures.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/figures#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/figures/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c9a76e40544a2d760e1a0127e8065abbdd23de08123b28aa5d4d05f4965f79762135af899385feb38e40db38398e7b3cec60056b7e01066da45f0e17a4d71b76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "figures@3.2.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures/node_modules/escape-string-regexp" + } + ] + } + ] + }, + { + "type": "library", + "name": "inquirer", + "version": "8.0.0", + "bom-ref": "inquirer@8.0.0", + "author": "Simon Boudrias", + "description": "A collection of common interactive command line user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/inquirer@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer/-/inquirer-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38df291093cf09dca3c63f9cc6c6117ba5df0897a94f100d74d9d379bb13b90817a51c994514fdb78749c2346e6e09af9f6d022d2127a334546b25f233d5535c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "3.0.0", + "bom-ref": "cli-width@3.0.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "171aa990f3f0bb51e3b8df773a67e6e21f2e21a9d7a1f5b44715445b793944ac7e9892584ad873361a77d8acf1c72dd800467f0dcfc458dd6f651634fa43a16f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-width" + } + ] + }, + { + "type": "library", + "name": "external-editor", + "version": "3.1.0", + "bom-ref": "external-editor@3.1.0", + "author": "Kevin Gravier", + "description": "Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/external-editor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mrkmg/node-external-editor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84c438097d69d62ce6b8b63266a2cc3bfa86370d74c12bfd40308f7f35dfc85ace682492a117ea13529fd6ce5a9fae89e49642eb635ec06fa62b8f63382b507b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor" + } + ], + "components": [ + { + "type": "library", + "name": "tmp", + "version": "0.0.33", + "bom-ref": "external-editor@3.1.0|tmp@0.0.33", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.0.33", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor/node_modules/tmp" + } + ] + } + ] + }, + { + "type": "library", + "name": "chardet", + "version": "0.7.0", + "bom-ref": "chardet@0.7.0", + "author": "Dmitry Shirokov", + "description": "Character detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chardet@0.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/runk/node-chardet.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/runk/node-chardet", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/runk/node-chardet/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "993f220dcae1d37a83191466a00da1981267c69965311fb4ff4aa5ce3a99112e8d762583719902340938acf159f50f39af6eee9e488d360f193a2c195c11f070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chardet" + } + ] + }, + { + "type": "library", + "name": "os-tmpdir", + "version": "1.0.2", + "bom-ref": "os-tmpdir@1.0.2", + "author": "Sindre Sorhus", + "description": "Node.js os.tmpdir() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-tmpdir@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/os-tmpdir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f6151d37562afb148bb8e57058db49936fefd9496074d2c8d4f637505edf37803ac8e19b73e45b3bff2cbbe20d8de52550638c58d6a0ebe2b35d770611557d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/os-tmpdir" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "0.0.8", + "bom-ref": "mute-stream@0.0.8", + "author": "Isaac Z. Schlueter", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@0.0.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e76d658e9285b252c4e32ab8600f475ccf6da67644a7a58a9b123226da787086ec654a4a72c09981a3c87466a25d929ef799bf744acb0790de2bb1168101f00" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mute-stream" + } + ] + }, + { + "type": "library", + "name": "run-async", + "version": "2.4.1", + "bom-ref": "run-async@2.4.1", + "author": "Simon Boudrias", + "description": "Utility method to run function either synchronously or asynchronously using the common `this.async()` style.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-async@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/run-async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/run-async#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/run-async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6f56756fd356fc73546b03a129ec9912b63f391aebff62b31cc2a6109f08ec012d9c4e698f181063023a425bb46b4a874d4a8136fea83d3b86dc78dbd4b8381" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-async" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "6.6.7", + "bom-ref": "rxjs@6.6.7", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@6.6.7", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "853770afeef260d213e67e00318a7ce4a03acb0d956b414b6b7460baf6e96b85b7239c729da059a38d5c3375ccfb843a7d1323dec058211d5502664c5d826f45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "rxjs@6.6.7|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "through", + "version": "2.3.8", + "bom-ref": "through@2.3.8", + "author": "Dominic Tarr", + "description": "simplified stream construction", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through@2.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/through.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/through", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/through/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3cf6a83b3c8f3001dbd7eb46cc0cff9b1680f90ef866f682e1785a793b86b6405d1c4811ac057e2a66669d3ccbd5aa52c9041722f96a8618e00fbdc0de35256" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "29.7.0", + "bom-ref": "jest-mock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@29.7.0#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21338c667f949184b864587cdf16003b3592b65a0dcc914edacf035ab138961b460fe028ae09db92228445ee3041507274818fc74e7d83aae25b906da7a2e59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "group": "@types", + "version": "3.0.3", + "bom-ref": "@types/istanbul-lib-report@3.0.3", + "description": "TypeScript definitions for istanbul-lib-report", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.3#types/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-report", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3509fb00742793f4522cec6b05b1b224cfda550fa98e3e470a06ac1717342bf2a1a004df43fe3b032525d79236c815298a18e66acf9af952413aa79cac51feb8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "group": "@types", + "version": "21.0.3", + "bom-ref": "@types/yargs-parser@21.0.3", + "description": "TypeScript definitions for yargs-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs-parser@21.0.3#types/yargs-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "238abd414f4c42fe2810ecf8b401c9b4dcf5730b8bc67d85df171cda257959da8b3e95278f7d1a52ec6dd660316131bea1ef0264c57ffbaad4e12e20443ceab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "29.7.0", + "bom-ref": "jest@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@29.7.0#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348cb7a00169f6c85d6b5f61cb81cad0745358ab4f26619d9efcb0bb4d673aa342daf660f99f9fbc90f1a4c400f3c79bd88f4471a7dc763620b03b619d84ef1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/core@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@29.7.0#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fb69e5d628c9c6b43038f32f132d624f2662e6999eb8d827a8efc718584a620fb1730e098d0d5fc6095468acf0017572c967ff70cf38190251e35e3c431c6b2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@jest/core@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core/node_modules/ci-info" + } + ] + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/console@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@29.7.0#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e4d8b8094ed71d08b7d88277f7c1043f846b07c795d3db173f644ea83e1b92c1eb9d3ade7b9d8fb31bd7f2da4bf0bbd3677a45cd7c8f6cd411792378d420213a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/reporters@29.7.0", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@29.7.0#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c0a6ad0a25b24e1330056231c00cd371004dca6e1c50075cb92a995be566aac3acd56ee59ab529cc8c4e60b3c1548043e636c9d90373425a5f4d1b489ad383e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-result@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@29.7.0#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15dc7eb6feb1d7396424f7165e6303006d87067691f573d277968359056c7eb6662d54f7954d5cc32c4b81199747dcabab8341a049bd04cb1f805cd34006c960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/transform@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@29.7.0#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24fc14cf17314a54cc0ee5e38746bbe70551dd472f48aecad6d46a4c690f4c0a78a534b5d02a6017f2cd585c315a6a2f7126969cdb24b357461e451102af657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "fs.realpath", + "version": "1.0.0", + "bom-ref": "fs.realpath@1.0.0", + "author": "Isaac Z. Schlueter", + "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs.realpath@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/fs.realpath.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38ed291f694ae9ad2166701d6aee48b731cf23aa5496f23b8cc567c54411b70e28c05db093c94e49a6ed1830933f81a0ae0d8c6c69d63bd5fc2b5b78f9f18c0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs.realpath" + } + ] + }, + { + "type": "library", + "name": "inflight", + "version": "1.0.6", + "bom-ref": "inflight@1.0.6", + "author": "Isaac Z. Schlueter", + "description": "Add callbacks to requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inflight@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/npm/inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inflight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93dd88fdbd3cab8c2f16c71708bbea7ec1c2ae3ac5ef2897b10b8856f544ecdf365b7f9aaa9cee51d05b7e159ccbf159477ff82207e532028b3acbcf0eb18224" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inflight" + } + ] + }, + { + "type": "library", + "name": "path-is-absolute", + "version": "1.0.1", + "bom-ref": "path-is-absolute@1.0.1", + "author": "Sindre Sorhus", + "description": "Node.js 0.12 path.isAbsolute() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-is-absolute@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-is-absolute.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0156f0dd42767bd6eaeb8bd2692f409b47e37b53daf296c6a934ec9977da2223299ebe4394385f24eb8b8fd49ff7964f5430147ab0df124f3c30f98f7bb50242" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-is-absolute" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "6.0.2", + "bom-ref": "istanbul-lib-instrument@6.0.2", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@6.0.2#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5652c67d475940d07b414a8853926dfd5933e534a489e62164ed4c2a5e404ba07413fa17ea3ec7ec4c356e65d286681c27edd8a7f5b4bb4ac9e802bf78de1bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "make-dir", + "version": "4.0.0", + "bom-ref": "make-dir@4.0.0", + "author": "Sindre Sorhus", + "description": "Make a directory and its parents if needed - Think `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/make-dir@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/make-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8577544d960854eb75131fff8c0422fb04d9669529c018ffd10b0ecea7a06f7ac630c78989212ee712c79d87c1ad1578447dbe38248e3bde48b3fef1d562786f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-dir" + } + ] + }, + { + "type": "library", + "name": "source-map", + "version": "0.6.1", + "bom-ref": "source-map@0.6.1", + "author": "Nick Fitzgerald", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map@0.6.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mozilla/source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mozilla/source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mozilla/source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map" + } + ] + }, + { + "type": "library", + "name": "html-escaper", + "version": "2.0.2", + "bom-ref": "html-escaper@2.0.2", + "author": "Andrea Giammarchi", + "description": "fast and safe way to escape and unescape &<>'\" chars", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-escaper@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/html-escaper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-escaper" + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "29.7.0", + "bom-ref": "jest-worker@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@29.7.0#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "788cf69ac2ff1332fd5054c5171ee305391e65f92ed32500c99659989f771f64d8122ae8231d8f42311773062d625f335c2c5bf8f02603684b22dffa64490f1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "char-regex", + "version": "1.0.2", + "bom-ref": "char-regex@1.0.2", + "author": "Richie Bendall", + "description": "A regex to match any full character, considering weird character ranges.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/char-regex@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/Richienb/char-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Richienb/char-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Richienb/char-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "916597cedbd9e5205057e79180a15e87cab9b0bb99636fbc5942339715954e0fa81b0635e2aca5c7529b2b31ddf0fe99624020d31c880d4f4930787224c6758f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/char-regex" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "2.0.0", + "bom-ref": "convert-source-map@2.0.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afa78e7d1eb576144275080b22d4abbe318de46ac1f5f53172913cf6c5698c7aae9b936354dd75ef7c9f90eb59b4c64b56c2dfb51d261fdc966c4e6b3769126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "29.7.0", + "bom-ref": "jest-changed-files@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@29.7.0#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c402b162c1fd41a50fb86d74a9adc0dcdffc781d2ccbe1a976b68cf05690c5a6cc402e32d87728882b87b9573eba1902486d727cdbedf93edcaca1fa6d357db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "get-stream", + "version": "6.0.1", + "bom-ref": "get-stream@6.0.1", + "author": "Sindre Sorhus", + "description": "Get a stream as a string, buffer, or array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stream@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6ce968beda3de3423aa2ef4c3902537c0c59e44b00be32a9b113374400b076a976585775ff6f50937e03cb18934c7805b174f7d4f053b59acdcd51f68708f62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stream" + } + ] + }, + { + "type": "library", + "name": "human-signals", + "version": "2.1.0", + "bom-ref": "human-signals@2.1.0", + "author": "ehmicky", + "description": "Human-friendly process signals", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/human-signals@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/ehmicky/human-signals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://git.io/JeluP", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ehmicky/human-signals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07814567aabf4f68e1864b2091b116dc706f5887c35bce6c9e44206b0b74ed2ec9e505d393a064355fb4c80799acce50a4c01d625a1c1a89639f4b09fd642417" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/human-signals" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "4.0.1", + "bom-ref": "npm-run-path@4.0.1", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm-run-path" + } + ] + }, + { + "type": "library", + "name": "strip-final-newline", + "version": "2.0.0", + "bom-ref": "strip-final-newline@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip the final newline character from a string/buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-final-newline@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-final-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-final-newline" + } + ] + }, + { + "type": "library", + "name": "yocto-queue", + "version": "0.1.0", + "bom-ref": "yocto-queue@0.1.0", + "author": "Sindre Sorhus", + "description": "Tiny queue data structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yocto-queue@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yocto-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad592cbec9cd09d27fa2119ceb180fc3237c7a1782c6c88b33c9b1b84fedfe6395a897b03ee3b59a22e94c74224604ca08b7b12f831e00555a82db3b1e6359d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yocto-queue" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "29.7.0", + "bom-ref": "jest-config@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@29.7.0#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b976e97de43b47a4d906a237fd3c42538ab8b6d937bb43c9782f84d336df4a84a3aba6c9edbb813f1cd03cbd227eb918e0336ee0951d9342269415188bce3479" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-config@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config/node_modules/ci-info" + } + ] + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-sequencer@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@29.7.0#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190c09e56655aca9ce26e898880179d94354257813671d4d1e3152101d2a10c99264a02474ca08cf0fc28fac7a345e00bd5db7014a83a45cd090dfde602613c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "29.7.0", + "bom-ref": "jest-haste-map@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@29.7.0#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cff2eda9c9fab1d0ad6b1a7d51f69c84d3f2939fe1bb3f192d5a274e053a853cb617d1bf64b1a3059212b9beb4b70d5ba7d3da5c90b765c7dd10b61956ec098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "29.7.0", + "bom-ref": "babel-jest@29.7.0", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@29.7.0#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06bbc6637c594b011c0b32af2ac0a2d86807a83aac62438fe3f6f2e710a023019743120487ef1ec37826ac4d72ed7451e8b1d9223eb22d89d48bf9a6d8a5ca06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "29.7.0", + "bom-ref": "jest-circus@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@29.7.0#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc4d6708c822a5c4e40a8705c0cf745d741a6fd6d2f8632c8dda663eb95e95ac700fddc077c8951235ffbef1cf74b3e715ff8be34bbee7e8aeb51740d4df66cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/environment@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@29.7.0#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69021f1c3ab7dc4c6c3788cfd4d5865e1c6043fc22c6ceb480388a3be5d531df0c9f43563d681cdf86500d36f68ca694590eccbb0a22b5702c3765d55cd32903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@29.7.0#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e31e00cc9cb6da6f6b73f59411c1f157224bd5745c0af71b298fa62a5dc905db05cba190b40e49ef04fe9f7647201d4e84ba643d6d1645fe0a486810213475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "29.7.0", + "bom-ref": "jest-snapshot@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@29.7.0#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "466d01316b7105c8a81ebd7f397e5808ff14a2fe2b887bca3e49ce1acf34e1983d2466609880646ed971242ffb6789ac29855b209b5f53eb4a6fcc6560d7dd93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "1.5.3", + "bom-ref": "dedent@1.5.3", + "author": "Desmond Brand", + "description": "A string tag that strips indentation from multi-line strings. ⬅️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@1.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34742d7ce396ebc583f25832a5b2c0e684fe06dd315c986262fa11e929a635765fa733865f074a5a67301bc37b3f0555595dde17febc9e60fd05a252b13061c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "29.7.0", + "bom-ref": "jest-each@29.7.0", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@29.7.0#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "827b3e12bd78f99ac4a02e5f84e7d8098d4b3871ebd1323ead0507652f13b70da5ee097ef3478773f8057f62ad930d3e4880020d3796be915cbf7074e157a66d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "29.7.0", + "bom-ref": "jest-runtime@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@29.7.0#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8149cb8e0c1d1aa5bb0782ef38891b2acf5619b9fe40ba91410f63b82e879dd78389ecc8c210cffa684cc0758211c7d0e515176ba38f9c517c049879c5e830c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "pure-rand", + "version": "6.1.0", + "bom-ref": "pure-rand@6.1.0", + "author": "Nicolas DUBIEN", + "description": " Pure random number generator written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pure-rand@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/dubzzz/pure-rand.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d559ac2fa19a01629a7ac88a10b505c76639b3df94525479d439379f97c55c8ebf2c9d33d8d709e948f3167a4705c1bc48ea0b664fbad260f16fcfbd6576238" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pure-rand" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "29.7.0", + "bom-ref": "jest-environment-node@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@29.7.0#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ce4b0091a978ab4ceca178cfb87796193ab59c76ed0b359f3b7b0528cb06dc6f65d1e302a0aa21bcbcd798c218c531b1247e3bbbc31d86607d0fda07af1af17" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/fake-timers@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@29.7.0#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab80c7d476b84d314f7712eca835cad5ddfe8a848bef22f9a023096600d89ba8bee82ca05b9139c55aff0f51ddb06c63b7565649f500b3d3b1481fc135e956ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "29.6.3", + "bom-ref": "jest-regex-util@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@29.6.3#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "289241b110b2c8b35608d04ebd9c910e70087d489127cbfe84e0506069fc803c85dd47a0c223f8830451dff4836b8da0d586d5c9c4e2754177aca8f22c50d66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "29.7.0", + "bom-ref": "jest-resolve@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@29.7.0#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20e561652ae0f94bd502c843483b47c8508205497f43700026ff2267a6639d9ef8c73bf0bb32d789df482083e04e763ad922637eeba930a66c65046c0afc4480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "29.7.0", + "bom-ref": "jest-runner@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@29.7.0#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ec73837a70f0806a1c9b1817d345cab9c0547a7e92f39cc838eec639683a6ca1e8ce7156056f4ec01ee4a747496231c3d3801b00dd924bea414e8cf768362a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "29.7.0", + "bom-ref": "jest-validate@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@29.7.0#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "641ef01ea691195c3ff61493fceb85511786eccf2f29eab4fc9d9e80818b76f8c70a662a180461cd79ad822fa055e679b97145db5f5a39cdcbb36c8b836eed93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate" + } + ], + "components": [ + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "jest-validate@29.7.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate/node_modules/camelcase" + } + ] + } + ] + }, + { + "type": "library", + "name": "bser", + "version": "2.1.1", + "bom-ref": "bser@2.1.1", + "author": "Wez Furlong", + "description": "JavaScript implementation of the BSER Binary Serialization", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/bser@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/docs/bser.html", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bser" + } + ] + }, + { + "type": "library", + "name": "node-int64", + "version": "0.4.0", + "bom-ref": "node-int64@0.4.0", + "author": "Robert Kieffer", + "description": "Support for representing 64-bit integers in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-int64@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-int64.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-int64#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-int64/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b9973f75c5239ea173fa0ee9721df965a6af84834d0c5a2b5921bb4f7e8484bea207765e607dc63a858cc35a78f4a83e6dcf9d8f234f2ef6a52f49579405e1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-int64" + } + ] + }, + { + "type": "library", + "name": "makeerror", + "version": "1.0.12", + "bom-ref": "makeerror@1.0.12", + "author": "Naitik Shah", + "description": "A library to make errors.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/makeerror@1.0.12", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-makeerror.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "266a82bd4866b78de669d9691731b8050cc6d99de6eadbd00cd29d0a56673b755b22e749626c6c4f414d24c7a2076f894d295341349b53c41d7ac566c097262e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/makeerror" + } + ] + }, + { + "type": "library", + "name": "tmpl", + "version": "1.0.5", + "bom-ref": "tmpl@1.0.5", + "author": "Naitik Shah", + "description": "JavaScript micro templates.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/tmpl@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-tmpl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddfd2e384010c08a86b965b6315cd883c7d5fd036773f229b89346f37eeb2ee73301a2d51ec9561d9423e081a2125e47b379246e1c0bf406fb1ebb26ba3f929b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmpl" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "29.7.0", + "bom-ref": "jest-resolve-dependencies@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@29.7.0#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d330ffeaac49f92d1eb7b5b1788dc7e5749ef654c1051edb3870875e4291ea5b86e66c030e5233550d15e5c642ba84e011d71dc334e085891359fb9b8be9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "2.0.2", + "bom-ref": "resolve.exports@2.0.2", + "author": "Luke Edwards", + "description": "A tiny (952b), correct, general-purpose, and configurable \"exports\" and \"imports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f6516e8dc379ff68c803572fb4ad2aa01e5bf7f56640959ad709d9dbc8488a9b5ec34aa1d7e0c99031a493dc56de591e454ee45c530600ce265a8e38b463b9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.13.1", + "bom-ref": "emittery@0.13.1", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0de5b06b093aaf9c91f631609c3298b78b0b4b42e61c9262dd93a76f9fc975b6308f79d6f85c509c72238412b3f182c2ee844d3d533d350e3b237095c77e1ea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "29.7.0", + "bom-ref": "jest-docblock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@29.7.0#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abad7b02ec3703ad7682ec9a160b1b15e62934fe6dd9aa1434bc0151b73fd240f5478b7d8b10dbc854c77759e89387a9a15169afb3e67961eb86fb95dd7689e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "29.7.0", + "bom-ref": "jest-leak-detector@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@29.7.0#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91803c20971262d493d8163d23e48c0b7da70e9053dc9d8dbd6271f3e242b82765fc247523810a50944e88ff17b42731aa04d304624d75b07503c5d129b4deb7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "29.7.0", + "bom-ref": "jest-watcher@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@29.7.0#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e3d160ed65e4537565da1e8b6cbb4c43f1f207aad74885fb4aabc12d09acb1104637d2343cdbcf980982592398e923afae3848fc5eff6c602ff51b67b0f034de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/globals@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@29.7.0#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a98b3dddbad2db916d8c345b9b50650454b9131a2a96eb22d54c0f896cfe9f23a27988bf58d0d960f24f79a5c17c72d2b0092ed6571b5e06cdbd8617c0a2dcd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/source-map@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@29.6.3#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3078d3f7942e8a970fae92ccfbc24c4b3171e9e1e9e419bee177850c9970b2f5418e628d88802f6ac18ad9fc73d966c64659efa9e8456e1d3b30c6bb9f76099f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-jsx", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-jsx@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of jsx", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.24.1#packages/babel-plugin-syntax-jsx", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-jsx", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e0adc595dffa46e4308b174b8a684ef4f862ee6b5e245afbdc46553e7aada8218e605328ca4535cf51e080e20787a66a8f5e3b6d8ec7b0b1b891bb060131a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-jsx" + } + ] + }, + { + "type": "library", + "name": "helper-plugin-utils", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/helper-plugin-utils@7.24.0", + "author": "The Babel Team", + "description": "General utilities for plugins to use", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-plugin-utils@7.24.0#packages/babel-helper-plugin-utils", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-plugin-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-plugin-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c5339d7306d3e17146e25fbcbf364254ea2338555bdb0bd0a8cc3c784038ebe94062fc42d7719c12882e306ac651f2962cf4c826b51bdd3765723f16e1f2db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-plugin-utils" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-async-generators", + "group": "@babel", + "version": "7.8.4", + "bom-ref": "@babel/plugin-syntax-async-generators@7.8.4", + "description": "Allow parsing of async generator functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-async-generators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-bigint", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-bigint@7.8.3", + "description": "Allow parsing of BigInt literals", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c274e71651be631426def0f1a46139ecf8f4b2b454e2c1c4fe60e4b75aafd9824949e50079cda66b858b52750f78a8f2adf9ed5707bf37a7425e953eccbdcda6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-bigint" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-class-properties", + "group": "@babel", + "version": "7.12.13", + "bom-ref": "@babel/plugin-syntax-class-properties@7.12.13", + "description": "Allow parsing of class properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13#packages/babel-plugin-syntax-class-properties", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-class-properties", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-class-properties", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e6e227632a56b461a85436014d2c2074ab249db283e264fde2404deb932d26054b4c676df20c9f5225d83a7574d20e7ba5395aa21771e0afd9db5ef5d341960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-class-properties" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-import-meta", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-import-meta@7.10.4", + "description": "Allow parsing of import.meta", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4#packages/babel-plugin-syntax-import-meta", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-import-meta", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62a7e6f970f1d3e3eb8775527844023d4f35c82f89599da90cf1524b865da5f661a7832414c6830b552ab1ea2f10ac125299c82fbfaf2be0a5a7b6df874883ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-import-meta" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-json-strings", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-json-strings@7.8.3", + "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-json-strings" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-logical-assignment-operators", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "description": "Allow parsing of the logical assignment operators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4#packages/babel-plugin-syntax-logical-assignment-operators", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-logical-assignment-operators", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77cc1a4a19691438a743932dbc653dc4300ecca1f8efe145a277b2d9b68522832bf79da128e2e9d4747b56cce866f3ac57fe3e451b33358ec3d7b6dad2d7b48a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-logical-assignment-operators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-nullish-coalescing-operator", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "description": "Allow parsing of the nullish-coalescing operator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-nullish-coalescing-operator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-numeric-separator", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4#packages/babel-plugin-syntax-numeric-separator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-numeric-separator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-numeric-separator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-object-rest-spread", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "description": "Allow parsing of object rest/spread", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-object-rest-spread" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-catch-binding", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "description": "Allow parsing of optional catch bindings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-catch-binding" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-chaining", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "description": "Allow parsing of optional properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-chaining" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-top-level-await", + "group": "@babel", + "version": "7.14.5", + "bom-ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "author": "The Babel Team", + "description": "Allow parsing of top-level await in modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5#packages/babel-plugin-syntax-top-level-await", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-top-level-await", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-top-level-await", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "871fbeba92efe54d6b8187f07b5c41414851994e35344be952fae9f2392b48276f1929cce7fa9d44cb72949e8f1b938590168791b4c02939dddff63211244717" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-top-level-await" + } + ] + }, + { + "type": "library", + "name": "pkg-dir", + "version": "4.2.0", + "bom-ref": "pkg-dir@4.2.0", + "author": "Sindre Sorhus", + "description": "Find the root directory of a Node.js project or npm package", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pkg-dir@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pkg-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1d10f36da2a30be00e5955f1014ff1e7808e19e22ff5e6fee82903490a0d4ede17c96a0826fb8fb178b3c6efc5af6dc489e91bb59c2687521c206fe5fdad7419" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-limit" + } + ] + } + ] + }, + { + "type": "library", + "name": "resolve-cwd", + "version": "3.0.0", + "bom-ref": "resolve-cwd@3.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from the current working directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-cwd@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-cwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3ab65a5f631bfab242a47ffa0a94aab7dc4556937efb1d355e737689ef60e8fe7fdf17a52c0917595003a5dcf52070ff2857c45f213a574534d4e43750edab12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd" + } + ], + "components": [ + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "resolve-cwd@3.0.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd/node_modules/resolve-from" + } + ] + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "29.7.0", + "bom-ref": "jest-cli@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@29.7.0#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3955686f0d88b9b37f19262cc444e2fa039eeca6b9f4414c47fb70394dc96f61a728a78c189079486514ac4cf7485566240494759533cbcdec2cd350da066c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "create-jest", + "version": "29.7.0", + "bom-ref": "create-jest@29.7.0", + "description": "Create a new Jest project", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-jest@29.7.0#packages/create-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/create-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "01dcf66dd1f456adc5e772843093a87ed405bad582ba49ba276e306cf5913b893590c63b812eddb3fba826436e57cc030ad5969eec06709c2959c8a1fb3116d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-jest" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "8.0.1", + "bom-ref": "cliui@8.0.1", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05278d9f2bacef90b8fff350f6042dd7f72c4d7ca8ffc49bf9a7cb024cc0a6d16e32ca1df4716890636e759a62fe8415ef786754afac47ee4f55131df83afb61" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cliui" + } + ] + }, + { + "type": "library", + "name": "get-caller-file", + "version": "2.0.5", + "bom-ref": "get-caller-file@2.0.5", + "author": "Stefan Penner", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/get-caller-file@2.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/stefanpenner/get-caller-file.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-caller-file" + } + ] + }, + { + "type": "library", + "name": "require-directory", + "version": "2.1.1", + "bom-ref": "require-directory@2.1.1", + "author": "Troy Goode", + "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-directory@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/troygoode/node-require-directory.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/troygoode/node-require-directory/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/troygoode/node-require-directory/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c6c4423bfb0b06f71aef763b2b9662f6d8e3134e21d1c0032ba2211e320abc833a0b0bf3d0afb46c4434932d483f6d9019b45f9354890773aff84482abba2f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-directory" + } + ] + }, + { + "type": "library", + "name": "y18n", + "version": "5.0.8", + "bom-ref": "y18n@5.0.8", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/y18n@5.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/y18n.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/y18n", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/y18n/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d297c5cde81e0d62472480264cb44fd83c078dd179b3b8e8f6dbb3b5d43102120d09dbd2fb79c620da8f774d00a61a8947fd0b8403544baffeed209bf7c60e7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/y18n" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "2.0.1", + "bom-ref": "argparse@2.0.1", + "description": "CLI arguments parser. Native port of python's argparse.", + "licenses": [ + { + "license": { + "id": "Python-2.0" + } + } + ], + "purl": "pkg:npm/argparse@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f3ef56a9e6db173a57f4e47e59ae8edbd6ac22881e44ccdc1ad00835da4c1c7c80835d1fd3969215505b704a867ff3d7c35123019faadbf6c4060dc3beeacadd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "json-colorizer", + "version": "2.2.2", + "bom-ref": "json-colorizer@2.2.2", + "author": "Joe Attardi", + "description": "A library to format JSON with colors for display in the console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-colorizer@2.2.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/joeattardi/json-colorizer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-colorizer/-/json-colorizer-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7aa19b70575a625eb42744d4ed25ea91bfe07d63f7570182ea04169897f08e71476867180b04b00ef3cf829e46d3e8cc4db3473913d98f0486f6b0570dcf7bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "json-colorizer@2.2.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "json-colorizer@2.2.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "json-colorizer@2.2.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/has-flag" + } + ] + } + ] + }, + { + "type": "library", + "name": "markdown-diff", + "version": "2.0.0", + "bom-ref": "markdown-diff@2.0.0", + "author": "Martijn van Duijneveldt", + "description": "Generate a diff between two markdown files in markdown format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-diff@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/martijnvanduijneveldt/markdown-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-diff/-/markdown-diff-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "625ac74890b6ac0b1e707082ddce556a178aec6a6dd749040552aa2b9012ead91b4e2fa1bfe9393d73e517e8aa010ff7e9720d36aaab2baf13f6811a66a49174" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "markdown-diff@2.0.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff/node_modules/diff" + } + ] + } + ] + }, + { + "type": "library", + "name": "marked", + "version": "12.0.2", + "bom-ref": "marked@12.0.2", + "author": "Christopher Jeffrey", + "description": "A markdown parser built for speed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/marked@12.0.2", + "externalReferences": [ + { + "url": "git://github.com/markedjs/marked.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://marked.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/markedjs/marked/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a97526edefd8285a2a14f60f6b752483dc6523973202d1a6c8423331f5bffe6ea45f00b2d8fb3d0d87f98a88a314a43cab2bac72b1e8634e2224672dbb62a0d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/marked" + } + ] + }, + { + "type": "library", + "name": "markdown-table-ts", + "version": "1.0.3", + "bom-ref": "markdown-table-ts@1.0.3", + "author": "Jiri Hajek", + "description": "A zero-dependency library for generating Markdown tables written in TypeScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-table-ts@1.0.3", + "externalReferences": [ + { + "url": "git+https://gitlab.com/jiri.hajek/markdown-table-ts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts/-/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-table-ts/-/markdown-table-ts-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ae9ec55e606aa661a6b0417dd969d2ba476062f2e6d7914f20e0d93b1f7ede7a1b9312718c161cb33a997f956a4e306d2123d2342ef38d4f68df3c292fa01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-table-ts" + } + ] + }, + { + "type": "library", + "name": "mocha", + "version": "10.4.0", + "bom-ref": "mocha@10.4.0", + "author": "TJ Holowaychuk", + "description": "simple, flexible, fun test framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mocha@10.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/mochajs/mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mochajs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mochajs/mocha/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mocha/-/mocha-10.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7aa84607c24a6a9118702e32b57ff1af329fa2b8047378f5a469405d5cb7791c2bb40cb9fe721f4f54af806cdf3745d967178bab46905a4394026a88262bfe6c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.0.0", + "bom-ref": "mocha@10.4.0|diff@5.0.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.0.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd54c2aef9b9674246b72fc158796387e0408b0dc82beda3f3b34632ef0dc1cfdfe3c5a80c00b7f79ba898ef590f5d7b64e05a1e6917d68c8bbe454cfda213df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "8.1.0", + "bom-ref": "mocha@10.4.0|glob@8.1.0", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@8.1.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afc869123890118945d9053475fddd4be9f1c5222b797412d6a461309334439343751dfce82ee36fb1f0c2877c1608ae7b1fa4d0616381fb75f32bf19b95e809" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/glob" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "5.0.1", + "bom-ref": "mocha@10.4.0|minimatch@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cb0f12054728436e5cf7a8cbaaf92a116440f8fa6889fc6fad743ae39249119e302c05ec5e1a98232c44346e5272eeb1e14766fddeb8506384afc96bbdbf4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "4.1.0", + "bom-ref": "mocha@10.4.0|log-symbols@4.1.0", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: `✔︎ Success`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f173efa4003cbb285fb5ebbca48bd0c69259ed2618769522bd9a46cbab05b01b8a458ffbad019abde75e07c68af99932ababa930554bffd016eaf398cdf4722e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/log-symbols" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "16.2.0", + "bom-ref": "mocha@10.4.0|yargs@16.2.0", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@16.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f59afbed0c6d0be5fb7f8c65a42e91b5fa6d1e43139f681bd33442eb6968f6db049550c5b1654bd880961c2a1ea3186224245847e0864f4214784caa5cf2607" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/yargs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "7.0.4", + "bom-ref": "mocha@10.4.0|cliui@7.0.4", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39c444ebc70eb15317a7562fa2797f7f39103b28cb4aeffc6e13c37d0b747b4fc46f6f374ca3f6d05b3632aa0fb2bf52c00e7de6b44203e40ccd873d9c13fe25" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/cliui" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "browser-stdout", + "version": "1.3.1", + "bom-ref": "browser-stdout@1.3.1", + "author": "kumavis", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/browser-stdout@1.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumavis/browser-stdout.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa1015235f80bf65fba9e94e7c0218c1738da2877a5e5644fdf5da052996fd3e52ccb0260a0ce2f9e89613b7d4bdb1da78d0501f5dd47ed8e95f1b1f2e432983" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browser-stdout" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fill-range", + "version": "7.0.1", + "bom-ref": "fill-range@7.0.1", + "author": "Jon Schlinkert", + "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/fill-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fill-range" + } + ] + }, + { + "type": "library", + "name": "to-regex-range", + "version": "5.0.1", + "bom-ref": "to-regex-range@5.0.1", + "author": "Jon Schlinkert", + "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/to-regex-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-regex-range" + } + ] + }, + { + "type": "library", + "name": "is-number", + "version": "7.0.0", + "bom-ref": "is-number@7.0.0", + "author": "Jon Schlinkert", + "description": "Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-number.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-number" + } + ] + }, + { + "type": "library", + "name": "is-binary-path", + "version": "2.1.0", + "bom-ref": "is-binary-path@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a file path is a binary file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-binary-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-binary-path" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09e87eee8c79a9eecb26e2c7a18d1f7a1de91ee5031c071151ec8bd95620859c1fa64348cbffbc39c8346b752e4a86336af9b2970b8b59039fde19748e330c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/binary-extensions" + } + ] + }, + { + "type": "library", + "name": "readdirp", + "version": "3.6.0", + "bom-ref": "readdirp@3.6.0", + "author": "Thorsten Lorenz", + "description": "Recursive version of fs.readdir with streaming API.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "externalReferences": [ + { + "url": "git://github.com/paulmillr/readdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/readdirp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/readdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readdirp" + } + ] + }, + { + "type": "library", + "name": "wrappy", + "version": "1.0.2", + "bom-ref": "wrappy@1.0.2", + "author": "Isaac Z. Schlueter", + "description": "Callback wrapping utility", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/wrappy@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/wrappy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/wrappy", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/wrappy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9784a9fc346c7a8afdc0be84bd5dbe4ee427eb774c90f8d9feca7d5e48214c46d5f4a94f4b5c54b19deeeff2103b8c31b5c141e1b82940f45c477402bdeccf71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrappy" + } + ] + }, + { + "type": "library", + "name": "is-unicode-supported", + "version": "0.1.0", + "bom-ref": "is-unicode-supported@0.1.0", + "author": "Sindre Sorhus", + "description": "Detect whether the terminal supports Unicode", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-unicode-supported@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-unicode-supported.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "927c46daae140b7bbcb2d446c8054908e771166bf90d989171d94868041701b49f2726be3a1a29368b4b42bb2d061aaeaaee19a6e29b0dcffc4ba9a05e03c53f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-unicode-supported" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "serialize-javascript", + "version": "6.0.0", + "bom-ref": "serialize-javascript@6.0.0", + "author": "Eric Ferraiuolo", + "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/serialize-javascript@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yahoo/serialize-javascript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "42bdd3a2cbe0b85b7c78f5aab2f45facac905c8896fa719b629cbc5cadb83501c4f3771ac56b7e988ca64d3d7d0c615b35634b7c4c2cae44a637ae2555607d6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serialize-javascript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "randombytes", + "version": "2.1.0", + "bom-ref": "randombytes@2.1.0", + "description": "random bytes from browserify stand alone", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/randombytes@2.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/crypto-browserify/randombytes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd897788e5fee022945aec468bd5248627ba7eca97a92f4513665a89ce2d3450f637641069738c15bb8a2b84260c70b424ee81d59a78d49d0ba53d2847af1a99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/randombytes" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "workerpool", + "version": "6.2.1", + "bom-ref": "workerpool@6.2.1", + "author": "Jos de Jong", + "description": "Offload tasks to a pool of workers on node.js and in the browser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/workerpool@6.2.1", + "externalReferences": [ + { + "url": "git://github.com/josdejong/workerpool.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/josdejong/workerpool", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/josdejong/workerpool/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b10813dee40d9bc5f566fd7fa8796972b8b304a528651c3841a22186f638ebbf22b0d4f62c23d1f0fffd2b00e84e626f0271a44be1ba59496384a5e0672903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/workerpool" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "20.2.4", + "bom-ref": "yargs-parser@20.2.4", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@20.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e92980d84f4e513bde1e1514016c3a7a262556a8bcef15a8b0f3cb9b1a0a1441150141a0c622ae8c325be43d1c1e07145e19ed5653886de24b3249036f7244" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-unparser", + "version": "2.0.0", + "bom-ref": "yargs-unparser@2.0.0", + "author": "André Cruz", + "description": "Converts back a yargs argv object to its original array form", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs-unparser@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-unparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ee9453200f5073571a6746d9e9161119b1c9b61256b9a91ff969872b4ad578b90daeb1a17e869b04d76e7ba91d20d23aaf889fee872af5a0ff9fbc7028e77338" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "yargs-unparser@2.0.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser/node_modules/camelcase" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "decamelize", + "version": "4.0.0", + "bom-ref": "decamelize@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decamelize@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decamelize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f621353e04a293d1de208c3624ef78222767137781a10ac5277c3bb05bb3497e03a66677bf9b19a54895e52c1c7fa990105f98d2bbbc35ea3ea7e9f287627e85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decamelize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "2.1.0", + "bom-ref": "is-plain-obj@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6169dfc91c312fff92b2b5987cea54b73e5bdd80fe9f27e41ef8db71a9f393cce0c8ee00483ebbb95311b7c9396cce252cc0e75dfae24613a97a6c3e35f4f578" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "version": "5.2.0", + "bom-ref": "mock-fs@5.2.0", + "author": "Tim Schaub", + "description": "A configurable mock file system. You know, for testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-fs@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/tschaub/mock-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tschaub/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tschaub/mock-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-fs/-/mock-fs-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9d17647a60c4996e98a9d55d561ca18b363aff938f2e40296a3156f91f730ebf073daa1622b37fc859b8f4daa220fd8f0c0d7285178739bf4af1c76a3ac5367" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "version": "1.3.6", + "bom-ref": "objects-to-csv@1.3.6", + "author": "Anton Ivanov", + "description": "Converts an array of objects into a CSV file. Saves CSV to disk or returns as string.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/objects-to-csv@1.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/objects-to-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/objects-to-csv/-/objects-to-csv-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfcdde4a94b786680292c5bce4a22a06d71b8125b90c356c0a6ccba0ce82deae32cce5f6ae6b56c45e296cb27be9fcfeb9f03ee3f4b0013e1075a63a2145a602" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "async-csv", + "version": "2.1.3", + "bom-ref": "async-csv@2.1.3", + "author": "Anton Ivanov", + "description": "ES7 async-await wrapper for the csv package.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/async-csv@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/async-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-csv/-/async-csv-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a9b0237e0fb9b365eaab943c3b5133e1bc3403971d62f35f44f5f6ca22df1dae48040f91523a506fdd193ffac5dd7af9cedb0c2546454e43891d4f4032a8fa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-csv" + } + ] + }, + { + "type": "library", + "name": "csv", + "version": "5.5.3", + "bom-ref": "csv@5.5.3", + "author": "David Worms", + "description": "A mature CSV toolset with simple api, full of options and tested against large datasets.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv@5.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv/-/csv-5.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "413698d178e385340e760b80445d2518a9b9fe612af4f0fdfd585965e8070c806adad43080da47737767783e261a8da226cf9f4cabf9069d1f67e051b98dd9d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv" + } + ] + }, + { + "type": "library", + "name": "csv-generate", + "version": "3.4.3", + "bom-ref": "csv-generate@3.4.3", + "author": "David Worms", + "description": "CSV and object generation implementing the Node.js `stream.Readable` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-generate@3.4.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-generate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/generate/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-generate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-generate/-/csv-generate-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3f4feaea474bf0bc7a96b3fd59c8c0d6b471d225a374ea4951a895c11290c968cffe75992ca3438a87555cbae62f2b75cce772b2b1536af0aa3f7a908af303b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-generate" + } + ] + }, + { + "type": "library", + "name": "csv-stringify", + "version": "5.6.5", + "bom-ref": "csv-stringify@5.6.5", + "author": "David Worms", + "description": "CSV stringifier implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-stringify@5.6.5", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/stringify/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e3890eb9f5a43e7d44d0a92addd571039ceaf9da3877d1106eadfce4b1c684dad3da16c0c7e703801c98b0f17007a614649c2c0c504f4a45ac9ce0afcd6cef0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-stringify" + } + ] + }, + { + "type": "library", + "name": "stream-transform", + "version": "2.1.3", + "bom-ref": "stream-transform@2.1.3", + "author": "David Worms", + "description": "Object transformations implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-transform@2.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-stream-transform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/transform/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-stream-transform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-transform/-/stream-transform-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f461d488ce613220a2e98d378c3d80442d5eb6d0579100684007bb9c9b0f9279c8d28c35d1a5e34e77b0f10b584262e3ce7f7be019e658400980263a64fd4379" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-transform" + } + ] + }, + { + "type": "library", + "name": "mixme", + "version": "0.5.10", + "bom-ref": "mixme@0.5.10", + "author": "David Worms", + "description": "A library for recursively merging JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mixme@0.5.10", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-mixme.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/adaltas/node-mixme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-mixme/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mixme/-/mixme-0.5.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e47efa00d5a29c1d47dedc2927a258f2ebc0b69985bc7340ae98a52408d744a5d20c32cf20ca1902bc39487d2af73fa52ecf08accc3b436556a568a614a153d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mixme" + } + ] + }, + { + "type": "library", + "name": "oclif", + "version": "4.13.0", + "bom-ref": "oclif@4.13.0", + "author": "Salesforce", + "description": "oclif: create your own CLI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/oclif@4.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/oclif/-/oclif-4.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c12b4e4be3963c2c513ca2bc87a037648009aeed940377b6f568d791ad2085e0fd64a60375495d8e3b6df2d2930dfac3ac64009d17f06de32f4baea28620726d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "oclif@4.13.0|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "oclif@4.13.0|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/debug" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "oclif@4.13.0|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/ms" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "8.1.0", + "bom-ref": "oclif@4.13.0|fs-extra@8.1.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca1950800ea69ce25428eb11505b2025d402be42a1733f2d9591b91c141f45e619cb8e8ec0b718f9989ad26b5d1ec3a8f72fe13fe0b130dd1353d431a0eb46e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/fs-extra" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "4.0.0", + "bom-ref": "oclif@4.13.0|jsonfile@4.0.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@4.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ba175477cfc8e395fda29901d2d907b3e6c8ca590cdbbae86e27f14a605459bcf1373ee1dc48c559cdfb0b84654e91f776d286cbe5258405ec394a196ab8dc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/jsonfile" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "0.1.2", + "bom-ref": "oclif@4.13.0|universalify@0.1.2", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@0.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac125e2390970259b2d6957eeb5ed607d27add4e9771acc71c5d9fd9d6c98b1e17ce9505d114b765b8f414620e080bdae4ffddfc604e61a002435c3ed1acd492" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/universalify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "client-cloudfront", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Cloudfront Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-cloudfront@3.575.0#clients/client-cloudfront", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-cloudfront", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-cloudfront", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a3a39ffdc9954b510287ef7fc531f8267a2b003663279a9c563b7b40ef5cad4106549b9183585e20e327c7a14d6745e453c284854a1c3b32f69d641a6e08693" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.575.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "602b2d55a5b9b40bd7b3ebf82d1f603403be55184839b8e4d7f92709d550e504114debed550b5d25678dac3658a38013a343871b2a860a3e59d3d4d632ff9ed5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.575.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0cad3e09d9d462b247f42453062f954d06a3ef73a8a035adb5f0b1812731d798bb26d567c60869dc7bce11ed4d944abf283ce7a7bb45f34822ef310c996c659" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.575.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d75ed4fa44248b65e829c6107dea6695170dc67eab10b1a538538143c6762530571181db956da47b4ebb6b408b9b1170a7fcc25ae73b2068ddde29f7c78437ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.575.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac474da6a5b68c47399306dffecf57432c0c2d094890c8ee08aea6c3db05d8e5511871959e1fba7a1ff5245c7c2a3f9e539d5cb627d0eca6877bc746728f0761" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.575.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5765a82c1897342738ac8599b7a15470fe13374564d3603d3cf0815a44dfc8ea288aa7eaf96666663451069c25d7ee54b2f011b25aca585d15ce178c4573c92d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-host-header" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.575.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec310ac7d675d4c69ac9eec57e162d0bcae36ccfcf70570c3b637840401fca97205828fec3882c784d8e19d7c01fd3850e815ce98bcba79defd7abdb3e3cd04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-logger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.575.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae2f3d95d445a2ce8a64319a92758f4b65cf3bdaabfa067bfa63daa14f189123355b8b8aaad9d448e37273e3b7085189aea45eb861e146ad25d9295dd1b8f03b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-recursion-detection" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.575.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7d696be117eb50d4b64773e03fe5aca0c60e44082fff8ecba742747dbddd5ced58bdd73335675d45b152517d8c43133fcbd5c57d03cba4b83396e8682f70a37a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.575.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0124ac1358a096bbdcbc1735c88a3606c242abded0e43d733b072953a1ee96fad1a4a783a2ad5e225eb580f7345e3704d37a9a311ee7e87ea8c62bd06d708f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.575.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eb9e89501acd305f176036e762ad1d783a034e6ab1fb59489fdfcfb63dde289d91fe2fb5e820b7a6d04800d6d469805a70da914795908d6801c33520446a5ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.575.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c02e71f95eb0de446547a5fa5d520db003c3606f93cecdd6b61970f982ed8ee3ce0d435921002ab000476a1c677a417202fb1efb5f76f47c28f8268bf811d918" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.575.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8800e89d7c9a5e0c2f0b84f4a91b8358274a227cfcd865f67327b3abfa2a5652fc6cf63b1c3f23c1966bbae25dab9b646898b51216cee3e7f592c66a3a264abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.575.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "930cef05f0342e820b0ce152e8157cb8e924b011eb62e94fea43577a00797999c348d89ae436c1b17ab143f1e49cd1796b8dbd496430d9a690244810bd907554" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.575.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "613829ab7aef6015f35ba3930c1d34704efd7af42db2cfe5cf61a525782aa955c3d26ee2efb84603ccdbe3855ebcffd6c6d0da8925bb4928eebbc542046b20e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.575.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c507d599823ef4aa91be1598f1fc84967a5c5540415208bf1e88e2de853a58bad48eb5fdf24f771deee0283412c877fbca430b5002585b0b15e008d0da3ea78c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.575.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d33a6bfe5552e3607b773ac91bb1bcefb8b2b2e849fa877e44067d40df8537532699639697e773d877cf6362d7e6ae78e1cf64c34558892d1c3717e7050606" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.575.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbfe4d255ecc672b0a825a89490fcef0e10b35cc0b707df192769b2fd35a82dcc1ed1341da9d405174745254decbdb120cb2f8a0298d6bffae9d8ba0956fc086" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.575.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36d5c0f4e3c82aca9abecd85ee184b4ffb766438f026cbd07af8f7d68bf536999335831cece585583a6d386eeba69b1632c93928a99f88bdaa5624099decd734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.575.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41cbd51fbc29be91515c600680205f41e885fe9b43d0d27e1eb73c74361f3c6845799d04a1540160da612e2db9c5eec967e5db6aa08aad444766daf87c010e27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.575.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a5156a40b64b43dd7072e3b7ad1bcd062972bd2e1dec3423172e3712b34352d1f751210252db32b10bca8adb651099d14aa57c6d84d0f914a93b7cd12aad1fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.575.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f3433d0a109232aa9f80f6b7bd2a5736df76d95a032f4a05d1b9f2a0f5c8d595c6af1187f957770981f9a1363d26a1b727d58a465d091a19885cf10e1e4850" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "xml-builder", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/xml-builder@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "XML builder for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/xml-builder@3.575.0#packages/xml-builder", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/xml-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/xml-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "716800c266c560d085ccfc312fbd39fa55a9b3417766f39c92e7ddd8a2a8119526b69570f7fb7151736b3f24945d29914d2461a1ab4830004d7d2b56474e376d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/xml-builder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-waiter", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-waiter@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for client waiters for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-waiter@3.0.0#packages/util-waiter", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-waiter", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-waiter", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9f1172711832c2a2a44a5529a8d1ab86c5aa9b882a3ef28a61fb86ae79f62368dc6338b2926363315507d1ce8eb93da66fe1fafee655a0f9abbbbd2b8927fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-waiter" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-s3", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-s3@3.583.0#clients/client-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a52ef09dcba04ae210f1182d44813d0f2b2d76677798c9e37e388ed62035521197932020a09cd0e231f4afee57f9e5a660761071fcbd7d44174f682a577b7d18" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.583.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cedf09ab1573e2da4344e3a943d570137d1aef74dc577780e54c5a2ea169abee5beaa1491c6e6b64576aff5c2859036cf41e20daba9842d5ef1bf2568955e4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.583.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4333189e98f0d6afd758d90e00ca2c6446793f86f4ba7ece8e5b1b950b3d563b8ed885a01f3ac10602040c8032cb68e7e3fe82d4e43d78b9334110f1a1e2b04" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.582.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1f983f7a21073d83575bcaa942cb1bb97c21bb90897da75368379faf1815322dd6e63c25773dd83df6744760426ebf63201b1e405051833cc1dca9b2699d923" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.583.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81372a415e7cbbcc91fce52cf10e3f2cd666cb5eff5cfd56ead2a4774773ce8f689d67acb007faa52110b55f006ebf8f56be0f24035c0a5e4dcade3ae971523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.583.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c553575d70d6bc1548fc0795b52740f5256e9aac6265a11293f269527f463249ad4ca7ed7abd02c1e6a9fb5890f63f1b4403b4bcd8662246dcbdd0754b859553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.583.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642f666f68eae811573d8b14b03dad99872796677ef4f18dc2714d9fc8e4e1a6e76b9263936c0392737cd726e4b66051e6db4df56f2e82692db8ab6f00c20309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.582.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9063942b0e6bc8f90321807af4f8cadd289c54b4db581d3aa2e14dd96d44bea509a644063c0506cd872898ab6dde625a0937ffd647e8687c0044097a28a48ff1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.583.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d2858d83fca9b3a72d8e111e2ffa89f4121affec573fb44f0d0a85299db306459b98b2cea0c59746f97cb8a5010faa827be0c699cbbdb247d55de5d27ac11" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.583.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bfd44bcbf6d05ecd2894fb4ead1b82bf90ebc57cf8e785e4f82525ea8cf33bfaf8cace0a768f1a7527d30c77af73b388d55a89fddf6ccc786823ac2a65ccc12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.583.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d276326881b596708248f8f862d5af3ab0983e83f05069b6b15993b3e71a449feefd50f2dc58348ea063ddfc4518582789415b870d6e13ef5a80f1025f741f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "sha1-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha1-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "349b61e5cf7dec62c7b3a9ce613cc52936d874c340ebfd5794a5609d9a1a65c43bcfb50994e823d8975b1c4f2d8982d2ddfcd734282e72defb48f19ab76ada4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/region-config-resolver@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.577.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e0284214008dc33ab1ff18e0df3805716f00962e91f42f797051022964ffec250cd43d0c1af91c9521f670b6ab9870a626053aa272a426ba05b56a74907860ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.577.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eabed1636d232dc9c653595c037bc0d15a8beea0c6c0e789e1528670554eab5bd3920fa359586479d7605418715a5b35b45a0f3ef838f5d05aca4c6d97b6a7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-env@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.577.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "271bb6e798f4813a0c1848aab9f3fc66d288f075bdd2538b8f02772eb7650ff34bb00634b4e41fd5f59ce77bb6f215a698d18cc660ab2f6a7ae883a030384353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-process@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.577.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a29fa056b4e897c488084eb27737073e6363f5b954fa86e611e0471b03f0c950f5b23b49fdcb95052dec0fbd56cb9119f5e49784a84ac12d4ac772592238ab7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.577.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6461c6351682b49266b336fd5139c2ee2ccd0ad454b6d74f94b74c921e3528f4b7daf7ddac10c7b3526ba5b6628c8b518f5c4ab8e5ec8984972c068719c2e1f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/token-providers@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.577.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d02908669702dc3350250d610e39b66dd4b2fd78ececdcb962f4ac69c6ac18e90d7e4f85764890cba37aedb657dd96dcf4a231f8dcf86eede20de3523699679d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso-oidc@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.577.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e398a48f0d6b9e59661516915c6763f77c8ebfa5d4150dad05802c986613a724b8041d921c04183502c9e455669c06e2e8a69f5756dda6fbb84eeae818d7fd6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sts@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.577.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e74f4a9258a6bdad575658466e94e9797de438fe8e4699b8e2dc09c431e96bd4d445b9a86b18fbbde5a59cb09b0e8af10d3adbb03821bd866c86f70bb288d5a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.576.0", + "bom-ref": "@aws-sdk/core@3.576.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.576.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.576.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "283bc395b7a2a524c87fe7df2ad4e0d66e35f532bbb3d9994960bc6efb99f6ac7afec8d014e5c828e56acae962e839dfc466ef45cc2846e63df4e7021f537fd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.577.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a96751ce32cad704d7337341d0a6fd15323a80129734f43500ed183781425f9fcba684c2fb03b6d79d4caa3c0f92e78ab7f7b51883595e40a7529f6dce8b041" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-user-agent@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.577.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f9e470178309a21c7a45c792443ef3a701b7e137bbfab16bfd3c142cfb3dad0bb42205c3d2d1c74947a3df57b2759f854f2b9dbf3a7acade5f55c5d43b32cd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-endpoints@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.577.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "163b94cf529dcb8665cb6abf739f2da5da8777acfb88e754fdc698ce873c8f08001c10c16c824d40b094f615c99cf57633ca56c500f2219b28570b66bc4acfcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-http@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.577.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fefb2842a7aedbf7e651184758d6385a981e44fcef90b080ce3d2b9199d69218c08e77cda850428f8085445356e4ab10ec071822116bafb5f84aeac3620d2d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-ini@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.577.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abb9473edbfa06346f0a1504de6d2d21a1192b13d3699d41de52b1198b0597754b02ee4df3218250ac2e0358b37f8b9c4fe2f22ac7151aa2ba543671d5ebf79f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.577.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8959b9490bd2ec48194c9b116aa50e9834290503cf3dab78d9209b585bc540e2eb97ca9ec2af0e3fde21152e70da63fadb39e0798cea8499c37a5efd1d76f17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.577.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "070ba3757af276593a504c8f99ec26e46a86e27910e8e5724614bf4b264fffa50a485bf6fec7f7f750a6cf484dd22b544c7d6b4785de2e59fc5c23ad6ab92bce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-bucket-endpoint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-bucket-endpoint@3.577.0#packages/middleware-bucket-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-bucket-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-bucket-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b70964357d95a1f33a9075f30c48893a260273db550017b971bcb1300ad15ac708b02586f666a63e10bbedecc6e17b0df5d144c157711180f90aba66ff91148b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-bucket-endpoint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-arn-parser", + "group": "@aws-sdk", + "version": "3.568.0", + "bom-ref": "@aws-sdk/util-arn-parser@3.568.0", + "author": "AWS SDK for JavaScript Team", + "description": "A parser to Amazon Resource Names", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-arn-parser@3.568.0#packages/util-arn-parser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-arn-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-arn-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d4289596a3e28e07b7db9cf3f4fa0fe8e54964bbf5f9dedee2fe1fac3c7af9c71613249f426276d3a28f799b3c5eef15af90baec36d27c2fe327367f4836cdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-arn-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-expect-continue", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-expect-continue@3.577.0#packages/middleware-expect-continue", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-expect-continue", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-expect-continue", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9d3e9f13bf8174a1fe2e9f9200c86eaafbe1ab46b3504383f6340301d56d153b826812ed42f0689ebdb6c32e2f3c4c52059ad2a99c70743830b3c27a1ef09b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-expect-continue" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-flexible-checksums", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-flexible-checksums@3.577.0#packages/middleware-flexible-checksums", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-flexible-checksums", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "207014122a487da823c3dd8b57c48e48188217b667a9f1dcc35e0891c656dbf99fac2cb5161fe4e343284bfb774eba36b50f75ae040fc14a12801fd00a2d8eae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-flexible-checksums" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "crc32", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2334a0b2bc5472cade8d06cf5629482b2d7a9004f9d84c01eb349a23e337c712212a1e7e6a5744caf23ecfa7ab33b4c22c1d8126c16bb478e9ebfe3fb2bfb774" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "crc32c", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32c@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32c@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32c", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10d34f3cc6a79a7549e014d794e8c0803ed446275b0339d446a0f42af7d1132738a36d033d874495d5357f9710ec96e3d0224948f68c224ffd66c85d077db5d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "middleware-location-constraint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-location-constraint@3.577.0#packages/middleware-location-constraint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-location-constraint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-location-constraint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ca3d30f60f6b3eb76414a3f21762d55affa527f0667ea61493064c81371da47d9cf82b06af865fc92734aa4d5dc67c25e455d16eec2ae3a17ec167aa9679350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-location-constraint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-sdk-s3", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-sdk-s3@3.582.0#packages/middleware-sdk-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-sdk-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-sdk-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c9a90a4ba0b6993d12382ff5d951e1e477d5152bc540afd477f30bf4a2c19e313bf30fd8b0cf39342364ed06a15d6bfe71101d58815619c32aaf992b579adb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-sdk-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-signing", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-signing@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-signing@3.577.0#packages/middleware-signing", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-signing", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-signing", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "412fdd877f8da996d7b58d23fc367cebba203f8d77a46e5c146a81cbd39e3a10ccb2895cc0bad06e2d12d1ceb6d5d73540dabe7abf5f7da32167f68f9325d722" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-signing" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-ssec", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-ssec@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-ssec@3.577.0#packages/middleware-ssec", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-ssec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-ssec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8b604f251faba7cc6645520673487590344570cd89f469c296aaa973e34b4a399869d95c83898f9258accfd1f3c0555c44f2795dc19fdd4e0162ce46f3e893ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-ssec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signature-v4-multi-region", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/signature-v4-multi-region@3.582.0#packages/signature-v4-multi-region", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/signature-v4-multi-region", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/signature-v4-multi-region", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68508e8e336a117da5f95f108ce5b2e45ec2b47202fd1958741bafdcda3acb19fea4cbd55147bacdd324db21d672e755a475accaf719cc050196200f7852cfb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/signature-v4-multi-region" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-browser@3.0.0#packages/eventstream-serde-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "341ec01623cde0dc4ffd80809ebbd8475f33dbf66c887885ed5b46df482c84ef466c5ac86f5ac2f1ea78346a49496af3e8feb8ba13d77a8e0cd14b022e764aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-universal", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-universal@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-universal@3.0.0#packages/eventstream-serde-universal", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-universal", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-universal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1cd15f4a19a8b5619e0285b8ba33fc99e57d0596af72999eac36cf2239096f129b37c46c51ca5143fd8ec88c563715cd1f6196080c6e481ef29e62062654370f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-universal" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-codec", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-codec@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-codec@3.0.0#packages/eventstream-codec", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-codec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-codec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d4b72100d0e8a4e7449a105099d163d5b45f6dcffb5ecded9f0e9b56e9645797e46b11e9c7f146c48ee74ecfc89a922325de513794256a61fd98fb39cbf1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-codec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-config-resolver", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-config-resolver@3.0.0#packages/eventstream-serde-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "454406def4372d7ee97aaa8701b99aca182b1796938a53e76b38a7692185d4fd3eb60337bef21158f1e694b233daa16a07d2ea148c5d8adc5cf0ed99ea9b2b47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-node@3.0.0#packages/eventstream-serde-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da44f74c0433011316572140283c69bf867b62c63b7f545a54ebe5660b2898258cd11d1c68688d4c37ee5713e8484bc009d860872cc14420e2f3abdc71d4481" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-blob-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-blob-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-blob-browser@3.0.0#packages/hash-blob-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-blob-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-blob-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd66e9760f9bc09bd6ee5c51ff3a5601cd7fc7f62472a82eb85d9b033909aef5eb899bb5be6f2bf8f51d138b32895c1083b3cf476757a62dc22c16fda910da55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-blob-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader-native", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader-native@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader-native@3.0.0#packages/chunked-blob-reader-native", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader-native", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader-native", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5439290985bea5e4ae338cc98a9e560dfaaf836328fdef32c4ebf7545d66d75cbb07c28a30a545b666560dedfa16f93cac6b96acf6471d767bad1eee339c96ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader-native" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader@3.0.0#packages/chunked-blob-reader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1b9d4442c231748124e81a5b0188099dd654429929fbda7bbd6b17c9bb9948c7a4541201eee86c1331ba827614128b43ee99c9b9bc5c6c8bd5d65dbda64daa0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-stream-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-stream-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-stream-node@3.0.0#packages/hash-stream-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-stream-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-stream-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2748bb75ef848170c41884c3e1fc7398c5fc0b208d1134c84579718cc88d52fbeeefa5e7dc6277d70411f39ca794f936c08d65aa892700525a0f57e234395b20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-stream-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "md5-js", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/md5-js@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/md5-js@3.0.0#packages/md5-js", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/md5-js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/md5-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e6d2faeb5738e50fee910904f1ec3dcbb39f12dc5507d590ad53530887fa9099a3a8d47f6530dd9ab3a0a291c13081ab6d9c0f5251149da09276ef131c11f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/md5-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confirm", + "group": "@inquirer", + "version": "3.1.9", + "bom-ref": "@inquirer/confirm@3.1.9", + "author": "Simon Boudrias", + "description": "Inquirer confirm prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/confirm@3.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/confirm/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-3.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "505d3d69e8f10a2e17aa6e8dfe32408855c0ad77e2f5a979d8015a483fb6b881e78591ad77577a94819344c3e8b95489c5b1848be1e43964986a2118ffeb3353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/confirm" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@inquirer", + "version": "8.2.2", + "bom-ref": "@inquirer/core@8.2.2", + "author": "Simon Boudrias", + "description": "Core Inquirer prompt API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/core@8.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/core/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/core/-/core-8.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bc4ae357e398c41655f7101269bbd07e4b64c84b330f197648b89f4c13ddb84aa6dd5ba3ede9f2242af5e0ee638438a2785b1a50b318f45137dc2ff038df85b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "cli-width", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|cli-width@4.1.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@4.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2eb99778fdd9b64b0e469aacba6c6c8d34d7b5aadf51a66c6f78b48eeca720b139d4ed15dfb30fbf6ee9161a8d5a6e006230089cd3af2b72566c3b82169a6c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/cli-width" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "@inquirer/core@8.2.2|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6afb09421c9dfbaf3480a5f21bfb107349d7682eab0643ce7f21d87056fdfa1764a90911f5b767909d003198647b4a1eb0fa883be985149f8874173b9acb7820" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "6.2.0", + "bom-ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afa94f7011b1657948732984bbb227c43321756d0a0f1a4b82814b720b9ab3109a27f48e219c0835ab4af4a63fb5ff99ae5cb038a5345038f70135d405fc495c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "figures", + "group": "@inquirer", + "version": "1.0.3", + "bom-ref": "@inquirer/figures@1.0.3", + "author": "Simon Boudrias", + "description": "Vendored version of figures, for CJS compatibility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/figures@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b5d7cc434c1f9a49b79fecb175740df59466a972f271b37f451c055f714e73fe2b27df1369aacb120c06b67c8a341c9369d4d13426e34110079dd8adec961f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/figures" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type", + "group": "@inquirer", + "version": "1.3.3", + "bom-ref": "@inquirer/type@1.3.3", + "author": "Simon Boudrias", + "description": "Inquirer core TS types", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/type@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/type/-/type-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5352dd0dba5ca55f6effcccc74e1961aaff92bd6b69a8854d5bd0e5f7a58d0b22020766d163e3e12ef7ff27b47dbb2587ed7942b22e0ef7c25d37a4ee9318e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/type" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "group": "@types", + "version": "0.0.4", + "bom-ref": "@types/mute-stream@0.0.4", + "description": "TypeScript definitions for mute-stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mute-stream@0.0.4#types/mute-stream", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mute-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mute-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mute-stream/-/mute-stream-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "08f33d9f3ac23cf24740d03d91e1fd09591523e591e6431afbb5c4b398dc190d15a001a72efdb8db0f252158300047e6138a2e7c945a4dcf4f34b425d22a00a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "group": "@types", + "version": "3.0.0", + "bom-ref": "@types/wrap-ansi@3.0.0", + "description": "TypeScript definitions for wrap-ansi", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/wrap-ansi@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96d229c7e90cee0fcc2d165f91b2fb12c0848dfcc271270ba64837ede5c4b71e649ab00a0644c9c1dd462008c348bf304e933a1f39f960ee2949bf75044c2ed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "input", + "group": "@inquirer", + "version": "2.1.9", + "bom-ref": "@inquirer/input@2.1.9", + "author": "Simon Boudrias", + "description": "Inquirer input text prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/input@2.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/input/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/input/-/input-2.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d714c21e621ee3cc7d086d7ef209401eb555747f907d887380151b832a15a69e4da2f9d78117234a7fd236e95ea717fd3a5f070eade0cf0dd908052bfa1d44ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/input" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "select", + "group": "@inquirer", + "version": "2.3.5", + "bom-ref": "@inquirer/select@2.3.5", + "author": "Simon Boudrias", + "description": "Inquirer select/list prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/select@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/select/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/select/-/select-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "232063f2812d99d1761b1e052533ed1326b7ecc0fab342804cab07aa09a5b3494aec441b8584aaf46425705aba701b187bf720434160d9c0aa6183e2fddfdfc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/select" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "plugin-not-found", + "group": "@oclif", + "version": "3.2.1", + "bom-ref": "@oclif/plugin-not-found@3.2.1", + "author": "Salesforce", + "description": "\"did you mean\" for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-not-found@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-not-found.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-not-found/-/plugin-not-found-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63617258b133893ae0750c1de0bb59718bf754e31e0e15b4a56ea16c4d2eddf25dc6cf1fdc92df38724f77c14fa2b56dda576c6a3e3371751603abcc40a78a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.15", + "bom-ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a66b5993c211e31a8fae5994a6365c83f7712363ad317a5911177dae63d41ac4bd7ad6bb80504a1545eac5f2f9132ff48cbf2c266b1b987b120039a5d27b4c3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "fast-levenshtein", + "version": "3.0.0", + "bom-ref": "fast-levenshtein@3.0.0", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84a28d6a39b8eae3664e58474b2664993a00739eae649c18abbcab722663a8ec6795f4301110d02661cf529ee6d66f70c7cbe039ef08682299e4abf69350dd09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7919c2b534ed199169402c2126250ebb13d05915d52980e7d1bd8f7877d72fafd98b9dd22c0cc01df5615562b602bc82fd61f4e6419fc611483ef4c5d125d0ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "async-retry", + "version": "1.3.3", + "bom-ref": "async-retry@1.3.3", + "description": "Retrying made simple, easy and async", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async-retry@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/async-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/async-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/async-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1faff8ecb70f71362ff4b5e307ad15bb76ccf72ede4046160d6767b0a5a76785a229e666c02e13803fe10076c0bbb7867ac2ab0356ff7e5ba826d4393d984cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.13.1", + "bom-ref": "retry@0.13.1", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.13.1", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d0050dc8f16d4281ed127a1fba8238f4dcb6e64455aea2cce02bda280a9c1822b861a0ef34a5fab8714914e439249f07ce7c5b5e470959e7a3d838663215676" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "change-case", + "version": "4.1.2", + "bom-ref": "change-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform a string between `camelCase`, `PascalCase`, `Capital Case`, `snake_case`, `param-case`, `CONSTANT_CASE` and others", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/change-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/change-case/-/change-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2c58db0b3d3adbe220b1b51226392bb34dc64aa0fc99d19c5c4bb4a43de896af8a22318bb76332b49dd04093f400be96db429666302b0e77056a4e31b968ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/change-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "camel-case", + "version": "4.1.2", + "bom-ref": "camel-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform into a string with the separator denoted by the next word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camel-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83119606b4d3d49b8cc7a47ea393d35cc9949e19d5ccb43d48dbad0f862a2ad23a6a9f3deedded28409895aea0096124a655e794dc9b124660f46106c4a14283" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camel-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pascal-case", + "version": "3.1.2", + "bom-ref": "pascal-case@3.1.2", + "author": "Blake Embrey", + "description": "Transform into a string of capitalized words without separators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pascal-case@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/pascal-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b969464f76129caf71dc140968e75c670ae757a84fa5df23147d7fb9ca622d13e1ff6cc2549292d7d1381af607bda09c0029f77e85d9d1c2c1f56af1d4a19ee6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pascal-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "capital-case", + "version": "1.0.4", + "bom-ref": "capital-case@1.0.4", + "author": "Blake Embrey", + "description": "Transform into a space separated string with each word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/capital-case@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/capital-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/capital-case/-/capital-case-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76cdfb5bc0b2b478309e11864e2f3ca5c3f2475e6aa0d90ea58c2630c7e75aaa9680449aa4baaf0f1ea1b858d0e6fa964a7d99d3ad7bdd7340ecbb4c39e521d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/capital-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "no-case", + "version": "3.0.4", + "bom-ref": "no-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with spaces between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/no-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/no-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e000dde318087e468c541991d348e2c922a51cdb09a8070191e2d6e93402a69a8bc5a16ab439d4646f456495d45e3b66b68814ff384ba51bd5d251cd74af7ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/no-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case-first", + "version": "2.0.2", + "bom-ref": "upper-case-first@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string with the first character in upper cased", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case-first@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case-first/-/upper-case-first-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e75e29a581c168ac1f2512bfa4d0ba73f3b17c66b4a1b4a7025d74eaef7b11dd08eb6e4d8a7f7a2808edb5917a64bdded572eda61c67aab3a2f625a09bebbe6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case-first" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "constant-case", + "version": "3.0.4", + "bom-ref": "constant-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into upper case string with an underscore between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/constant-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/constant-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/constant-case/-/constant-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "236852062ed5becec112e243af97431dfcdbfd1ba3dc5caf17287b28b8a5023350c3705efb182a5010365bab1c54470bd212f57703d1b48a843d55022a44acc9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/constant-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case", + "version": "2.0.2", + "bom-ref": "upper-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to upper case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case/-/upper-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a07600c626dd93a6ec015088e01ba973c36196151096f5091f922bf40f1a871cb6091e6b6675420a71977cac78054a3a29553970ea08330a6d5bf0c150c2292" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "dot-case", + "version": "3.0.4", + "bom-ref": "dot-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with a period between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dot-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/dot-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afe672a587ac91addac6bf1789d9ee72d9e454a64528b085b8036012dfccf04b3dbbceeeee7c3c103e2e4986cdd702518d7ad9776e69c6850b0cb642899e3df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dot-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "header-case", + "version": "2.0.4", + "bom-ref": "header-case@2.0.4", + "author": "Blake Embrey", + "description": "Transform into a dash separated string of capitalized words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/header-case@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/header-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/header-case/-/header-case-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ffbee9394c4115670ad1d25a76cde77d382a35b8020b325c742443200b6eabcf2249dcdd6fe979301c75c941d4767684a37063cce8e28f6282607f4a65275d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/header-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lower-case", + "version": "2.0.2", + "bom-ref": "lower-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to lower case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lower-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/lower-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edf9b797734017d59f37a5b724e99fe5daf0a55a97efc26da0627703a5b46ba66795d338d70d9f5790f8f74a6c2854e931db3c4c9b1efde1cb145b0d1c78c782" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lower-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "param-case", + "version": "3.0.4", + "bom-ref": "param-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with dashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/param-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/param-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "457963ef3098a2445ea96a4e3c7f68622bd4ccb619e6f00f21f1260933558a8b02efc17c1741fdcbb4fb806d8cdfdca682eb7117981c144b326504a987d069dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/param-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-case", + "version": "3.0.4", + "bom-ref": "path-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with slashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/path-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-case/-/path-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ee2a0858d7a954eb71b3edfe141f85343e56116ca8d28e3edcad80d2a42b14a8129dd73d443c39b16e78fca5388a24e608e7ebdaf2f178942f10b0a2ddd67e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sentence-case", + "version": "3.0.4", + "bom-ref": "sentence-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case with spaces between words, then capitalize the string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sentence-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/sentence-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0b4b42489da40c091a10ed8532b40a3fc54bb95b65e74315761c8ffab8ce94ec22134b546a3c496bdf457ab88ab230a33d949191545cb9ff80aecdc8b13584a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sentence-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "snake-case", + "version": "3.0.4", + "bom-ref": "snake-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with underscores between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/snake-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/snake-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c03a1e33f3d6c642f97da457cd17c575e3a8bba3bfc2a853dbab36203fec98cc3203792f4768d16d5c005a9915be010cc454e0dcbc4efd96327ef1af5849d32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/snake-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-yarn-workspace-root", + "version": "2.0.0", + "bom-ref": "find-yarn-workspace-root@2.0.0", + "author": "Square, Inc.", + "description": "Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/find-yarn-workspace-root@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/square/find-yarn-workspace-root.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d483276e3b782b3b107e7867ccd77cc141205d9e3823365a6669cb631ec3e45665687b76816db40ab8bc43e13fb79b488f8f9ea5306e6fed99c6efef3482f3a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-yarn-workspace-root" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "github-slugger", + "version": "2.0.0", + "bom-ref": "github-slugger@2.0.0", + "author": "Dan Flettre", + "description": "Generate a slug just like GitHub does for markdown headings.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/github-slugger@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/Flet/github-slugger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Flet/github-slugger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Flet/github-slugger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/github-slugger/-/github-slugger-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21a390f69b98b63ae4abb63462097d283667adffda89425852955ff3dcbc9326b16d11bb6354ab5ff8daba6aeff35bdceb5fa488c7a6a6e8ec337630ef0e6a73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/github-slugger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "got", + "version": "13.0.0", + "bom-ref": "got@13.0.0", + "description": "Human-friendly and powerful HTTP request library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/got@13.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/got.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/got#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/got/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5df064d42c4e39270370cafd3b5c8a90d690cb2f3ae4d6d8b3e17b76be07d0b64c5600a3d8b7b9f64e8fa9b347a0be53a1e684414621e9ceb231f55c73a489c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/got" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is", + "group": "@sindresorhus", + "version": "5.6.0", + "bom-ref": "@sindresorhus/is@5.6.0", + "author": "Sindre Sorhus", + "description": "Type check values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sindresorhus/is@5.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d5eedf062986895ac9f4d2d143a81c3cf94aa6afc0347d1535b6f4d08726731afd2c24219140bdc918c237b9cb8aa375c865d50ff8bc7bfe0876b7795ec32ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sindresorhus/is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-timer", + "group": "@szmarczak", + "version": "5.0.1", + "bom-ref": "@szmarczak/http-timer@5.0.1", + "author": "Szymon Marczak", + "description": "Timings for HTTP requests", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40szmarczak/http-timer@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http-timer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http-timer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http-timer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f9905f43e20183cc79561edb7ecb24062f38c616d63dab1f96113b24b76f8093549ba6df81df46f2af033a331c0406d139c735d51f63d9c2794c9102cfff73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@szmarczak/http-timer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "defer-to-connect", + "version": "2.0.1", + "bom-ref": "defer-to-connect@2.0.1", + "author": "Szymon Marczak", + "description": "The safe way to handle the `connect` socket event", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/defer-to-connect@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/defer-to-connect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2dbedb5ea571b555a606ad189b93913025dd6de2e76e9d239531d2d200bea621dd62c78dfca0fc0f64c00b638d450a28ee90ed4bd2dc0d706b1dcd2edd1e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/defer-to-connect" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-lookup", + "version": "7.0.0", + "bom-ref": "cacheable-lookup@7.0.0", + "author": "Szymon Marczak", + "description": "A cacheable dns.lookup(…) that respects TTL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-lookup@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/cacheable-lookup.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faa272c78c622ab6bc999adcc218cc44c5210f9351d51f1eb0f933218c57f7a26279c168c405c5bb3fc6a51dfe7afe0f13559a9878a9efcc15d2f7263d0b69f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-lookup" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-request", + "version": "10.2.14", + "bom-ref": "cacheable-request@10.2.14", + "author": "Jared Wray", + "description": "Wrap native HTTP requests with RFC compliant cache support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-request@10.2.14", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/cacheable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/cacheable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/cacheable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce40d3e56005e21492a148327e0e6d148c73f1740afb6e56fd32d5a2325330a05ac5ebcb041b4bc60aa0b80b95401f0f556efd1558c7714f8627db556c367d99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-request" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "group": "@types", + "version": "4.0.4", + "bom-ref": "@types/http-cache-semantics@4.0.4", + "description": "TypeScript definitions for http-cache-semantics", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-cache-semantics@4.0.4#types/http-cache-semantics", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-cache-semantics", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-cache-semantics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d66d1b20555cede256caf7bd4b4467b9181c42a17f5dde50b1464065e405af5437fe9f495a841012a995cbe0cf4cda465f086021eb40a1817c252737deadbd40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7abdbde4328f56c57cda3e64c351a3b7e00303f5d81ec6a397cd9c18d406d9eca83e4be05215fe9c32327a5ce12166dbb173f7f441dc23a979b58b36158a985d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "4.0.0", + "bom-ref": "mimic-response@4.0.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b92121fdc4c614d03ceb4fe8e5f2adb37bd0fa79606da3e23c08da5ef9523e2b627f17f9373dd91d4ddcf8c2f1951f8353a68f8d4584d522e31010c31cb0baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-url", + "version": "8.0.1", + "bom-ref": "normalize-url@8.0.1", + "author": "Sindre Sorhus", + "description": "Normalize a URL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-url@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/normalize-url.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20ef50be350c5b13d0421b3ad283aed740919160a26734949336d718657da6f8989757d761cbe4cd0e6357dcfc63aba7f0046855197812d0babfa8cda9b689ff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-url" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "responselike", + "version": "3.0.0", + "bom-ref": "responselike@3.0.0", + "author": "Luke Childs", + "description": "A response-like object for mocking a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/responselike@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/responselike.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/responselike#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/responselike/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e34c87c5b35c976fabcd7bd9b9592b62885ab61b122653135caaf21b9cbcb9c887bf5fb10cb1d0a608c6eb82543bd9eb12ada318b1fa219f01719cb0df0af07a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/responselike" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decompress-response", + "version": "6.0.0", + "bom-ref": "decompress-response@6.0.0", + "author": "Sindre Sorhus", + "description": "Decompress a HTTP response if needed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-response@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decompress-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "696df9c9933a05bff8a099599dc307d8b0a866d2574d1c444b5eef137868462a305369161da24a1644810e70d1f9c9bd27ef5085799113221fbf4a638bd7a309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "mimic-response", + "version": "3.1.0", + "bom-ref": "decompress-response@6.0.0|mimic-response@3.1.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf4c9623ee050ebaf0792f199ade048f91dd266932d79f8bd9ee96827dfe88ae5f5b36fa4f77e1345ab6f8c79345bd3ae1ce96af837fc2fd03cd04e33731cd19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response/node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "form-data-encoder", + "version": "2.1.4", + "bom-ref": "form-data-encoder@2.1.4", + "author": "Nick K.", + "description": "Encode FormData content into the multipart/form-data format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data-encoder@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/octet-stream/form-data-encoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c8361280d32b6aabe7c621173b8862f3cf986716870ba40acdbe4df388910930de44eed900ba62aff95599ffee5d4867c14af63b81d4f2cfe7eb1fb23634241f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data-encoder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http2-wrapper", + "version": "2.2.1", + "bom-ref": "http2-wrapper@2.2.1", + "author": "Szymon Marczak", + "description": "HTTP2 client, just with the familiar `https` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http2-wrapper@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http2-wrapper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5799d5c353c03a07c8dcb99e6a3d84c667a0edf7a78e1454833d653d27b3cb50ae84f61b810b5b423e2365f10010c95a2febeea6cbe18ea0b28f3a1bd32c6c99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http2-wrapper" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "resolve-alpn", + "version": "1.2.1", + "bom-ref": "resolve-alpn@1.2.1", + "author": "Szymon Marczak", + "description": "Detects the ALPN protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-alpn@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/resolve-alpn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1ad45e25ef7fd915939a9099d0dc5be4276fa0493416cffaf6284e4e7436344f13e6e61e0692a91659f338ed3ec7b1b9ceb5c255105e1ea42572eaeed0dcafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-alpn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lowercase-keys", + "version": "3.0.0", + "bom-ref": "lowercase-keys@3.0.0", + "author": "Sindre Sorhus", + "description": "Lowercase the keys of an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lowercase-keys@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/lowercase-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a33082ea0750fa0957390b2f78a0f462c0f2f034901630d3cf8cf2cc41cd579f893f90fad8b99f0d9ea8d5cc9c171f68b86f78d0ce5d13c0bc0937b0763d9859" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lowercase-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-cancelable", + "version": "3.0.0", + "bom-ref": "p-cancelable@3.0.0", + "author": "Sindre Sorhus", + "description": "Create a promise that can be canceled", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-cancelable@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-cancelable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a55604773c6bb3968d0c993764e1c5ea5d69704032e738d4c083ab26eb65e430912247137718bdd27df918beac289db90905cac8ed4befe5987dca3be7da253" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-cancelable" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eabbc27de456f8e1196a0001e2530b48db933586562d5b4a71c2bbf554937ffff24d8e5538281ca47f343be6d92bc35ea6cee95277791be425320d7257fda265" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90df5d25bbe7c921d42c896e0c7cb7d961d152edce83b07db1b63bb6c14b72d42422a9cc877844ad881d3234d8baa99c5d7fa52b94f596752ddc6ef336cc2664" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21f0f59cfdfb4ca8001d16206ee85cba2543988ea0c9049bc88697c33321ebaf445ba7996266a7784e3b50fd181f2e328565bf8b331e61a66979a8e5b2d2abe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e2538dabfb13b851b512d5bba8dcb3c992394eef8df45e7e5254085da73cec3c7b236d855f9679c57404e069b9cbb9d7be0aabb6e69e8dfa0da5c3f3c5b1ae3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-package-json", + "version": "2.10.0", + "bom-ref": "sort-package-json@2.10.0", + "author": "Keith Cirkel", + "description": "Sort an Object or package.json based on the well-known package.json keys", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-package-json@2.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-2.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31879c7ef39b3302638c9b2487161fb8e003917a7564c3270850bcca1a7ef470ec93b1e1477dfa85dede881b3dea54d77e2aa650d23e59009e08c441865db9d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "detect-newline", + "version": "4.0.1", + "bom-ref": "sort-package-json@2.10.0|detect-newline@4.0.1", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a84dd57a0d585f3187421940ea3cde6d9376a957fa357f80ee6eea9610861b7d1d262c6b0108583ac263b270632640929ae38fa42937d35e397ebf055746f3a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/detect-newline" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "13.2.2", + "bom-ref": "sort-package-json@2.10.0|globby@13.2.2", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@13.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635ccd195fa9cd0761ec7dfd97dce00783c9aa344dab276f7580831b81c55cce17baf49a41094473dd48535c802cbf205130e89a00407f3dd725d9944bea28d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/globby" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "4.0.0", + "bom-ref": "sort-package-json@2.10.0|slash@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddd3ac0075d7524413a4e61ca00c4b228acc4e9e20210af9216de255bec0ee5148a74547867ca79bd8b3c7a4ecb1dac87152044809558ed9ced8af1b83e0a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/slash" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "4.1.0", + "bom-ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f822faf32e50d909c84c62301b792251683322a7af9ce127852ca73e7c58e841179428219905c8d1c86c102d1f0cd502093946d9dd54db0344deb5fe6983aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "detect-indent", + "version": "7.0.1", + "bom-ref": "detect-indent@7.0.1", + "author": "Sindre Sorhus", + "description": "Detect the indentation of code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-indent@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-indent/-/detect-indent-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31ced0850f2cf9c2eb9d47d4fc98bde2f1bfafc336ea6f1ffbebf2adeb38668a236910e9675792221fc4a732cdc255aebf3499dd46c316ca6316f4c35dee9efe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "get-stdin", + "version": "9.0.0", + "bom-ref": "get-stdin@9.0.0", + "author": "Sindre Sorhus", + "description": "Get stdin as a string or buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stdin@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7552818df5a2b0b02271aac8d927fe26e044fc382157853334055ef7284426ecde44477726139313d7146894de49aefb7ec6d050ade970ea497cce7df9529968" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git-hooks-list", + "version": "3.1.0", + "bom-ref": "git-hooks-list@3.1.0", + "author": "fisker Cheung", + "description": "List of Git hooks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/git-hooks-list@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/fisker/git-hooks-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c5f15787791eeffb001b5ea7e04654d25ffd41251f50d6f10c47c240cf570483a197d3bfb3ca3dec01d0ef6238ffc679487d5b86823e2a05e8b52b784a1fe3c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/git-hooks-list" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-object-keys", + "version": "1.1.3", + "bom-ref": "sort-object-keys@1.1.3", + "author": "Keith Cirkel", + "description": "Sort an object's keys, including an optional key list", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-object-keys@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-object-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39e69bcaf95914ecf68a60f73e2639e6b781337a3407ca1845df7ab7d6a1bcc7b99a0f391e1610004e174261acb5d422123bea803308ce04ff9f3d97b420fca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-object-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-jsonc", + "version": "1.0.1", + "bom-ref": "tiny-jsonc@1.0.1", + "description": "An absurdly small JSONC parser.", + "purl": "pkg:npm/tiny-jsonc@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/fabiospampinato/jsonc-simple-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tiny-jsonc/-/tiny-jsonc-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a4e810b1cef6bd0e88847c35ff962d0bd9c58a3cf10d62f8b1529ac5765dd83e2e1b6595210e7348f5852469caeffae206f74767c51e6636a6a80fa5210fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tiny-jsonc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "open", + "version": "10.1.0", + "bom-ref": "open@10.1.0", + "author": "Sindre Sorhus", + "description": "Open stuff like URLs, files, executables. Cross-platform.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/open@10.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/open.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/open#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/open/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/open/-/open-10.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a791e435a8fe547b6c1df9a8af4c3dcd1ddfe567de8bbb48e07f4a7092d2cfb71e9c4d9887eedc9e191447b34cd7d2b6eb6a15cf9d79549db797c9a041b886b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open" + } + ], + "components": [ + { + "type": "library", + "name": "is-wsl", + "version": "3.1.0", + "bom-ref": "open@10.1.0|is-wsl@3.1.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51c55f55f68ae127389bb5f77544a81e8a3340604415e0c2fb3568d3ab7df317bc0b31d265905e90d5c7fadbb435a947a25709fd0006a92e3a1de7fb41704833" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open/node_modules/is-wsl" + } + ] + } + ] + }, + { + "type": "library", + "name": "default-browser", + "version": "5.2.1", + "bom-ref": "default-browser@5.2.1", + "author": "Sindre Sorhus", + "description": "Get the default browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser@5.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "598ff74d4304d31dca3d875147110926f5d11d5e0fc8fa14b31b596bbf25c08b7045044785dd94f713ac71a4ff6137fcb825c8023789385055121ffb16d0fc5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser" + } + ] + }, + { + "type": "library", + "name": "bundle-name", + "version": "4.1.0", + "bom-ref": "bundle-name@4.1.0", + "author": "Sindre Sorhus", + "description": "Get bundle name from a bundle identifier (macOS): `com.apple.Safari` → `Safari`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bundle-name@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/bundle-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63c0ce5ec4c83a046448fa43664e7b4db2f7594b55fc045612ead9c9da1747d2457133afde559db1cbe16a4ad496bd89ad7c53032c8c6eae8ac7c0329f0f3e5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-name" + } + ] + }, + { + "type": "library", + "name": "run-applescript", + "version": "7.0.0", + "bom-ref": "run-applescript@7.0.0", + "author": "Sindre Sorhus", + "description": "Run AppleScript and get the result", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-applescript@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/run-applescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5bcb8223f7d254aff3021415240ca2d62b71bd1d55e669b2b3f54e4c948008bafbb39223a271162cf1724bc57fb16a10fe98b8a20980ea17d74a020b7328fd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-applescript" + } + ] + }, + { + "type": "library", + "name": "default-browser-id", + "version": "5.0.0", + "bom-ref": "default-browser-id@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the bundle identifier of the default browser (macOS). Example: com.apple.Safari", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser-id@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser-id.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03aa7fa6effa7f205c0354d1cff1aa5983d58a996b7ed716da0642f6aefd9e0342280791fd7de070475740797828d5d5fb7c20209d423e4250dc81ccea572cc8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser-id" + } + ] + }, + { + "type": "library", + "name": "define-lazy-prop", + "version": "3.0.0", + "bom-ref": "define-lazy-prop@3.0.0", + "author": "Sindre Sorhus", + "description": "Define a lazily evaluated property on an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-lazy-prop@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/define-lazy-prop.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37e31e5d8a2aaf7a4e827f317f244f44437b8076a42d88e1b07856193ddf58088be08900b74883c35e108a2126d9b137d1ce575f9ab416d000dc22b97fdfc152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-lazy-prop" + } + ] + }, + { + "type": "library", + "name": "is-inside-container", + "version": "1.0.0", + "bom-ref": "is-inside-container@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a container (Docker/Podman)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-inside-container@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-inside-container.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28860b08226085f1d9c6a8d8044eeb132d0e06e4dde710874bbb47560bc22e4c7b4ad2286b1c0d5b784200b80452315f79193e306fd0c66a7fbed113105ded44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container" + } + ], + "components": [ + { + "type": "library", + "name": "is-docker", + "version": "3.0.0", + "bom-ref": "is-inside-container@1.0.0|is-docker@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a58dc8040e5127b3fec05c5a2c0792bfda708ce0fec540f90673f0d62f2e6b985116bd96b21ab8a4d5df7f4086399c9e1ff58b15bc1900ea42691e7f6b21275" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container/node_modules/is-docker" + } + ] + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "version": "4.2.0", + "bom-ref": "prompt-sync@4.2.0", + "description": "a synchronous prompt for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompt-sync@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/heapwolf/prompt-sync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompt-sync/-/prompt-sync-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06e133cdce73a6d3f92ec815e4c6444e30da29259f72197953d2ee8aef122a9ee26560f9b596a53b1bcd719470bfe776a61345afcc656f198535c44a7c93b327" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync" + } + ], + "components": [ + { + "type": "library", + "name": "strip-ansi", + "version": "5.2.0", + "bom-ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "4.1.1", + "bom-ref": "prompt-sync@4.2.0|ansi-regex@4.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b96fe24ff77fabdf4383a83f6006be2ace92d950f7c6442f593d15a423c5adcbd5a6c181bb930c074f3a9bdb1a7702d014d542b97e38cf316462bab565edee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/ansi-regex" + } + ] + } + ] + }, + { + "type": "library", + "name": "lodash.truncate", + "version": "4.4.2", + "bom-ref": "lodash.truncate@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.truncate` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.truncate@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8edb6645eedb46c7b9d8eb1620c0cb697c56a91026b4851c70043781aaef882a898da7d739f34c3b4c8c7cda5d0facdb19a4d4d0fe4dcfb7bb8004fa70a98947" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.truncate" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.2.3", + "bom-ref": "tmp@0.2.3", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d90fb9bd8823c2e60d2962671ac688182a08127cbb1dc65f287f743fa086ea0aa2cb20ef48005d065a35f5cfd3594473e25eff167b1e320c2699b20130d18f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "29.1.4", + "bom-ref": "ts-jest@29.1.4", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@29.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6221f00e14af0a222da0082c2ada0b142b9a903cc3b09d432c39d2a2e4da4e674e70ec08912cdb2d776e690e8ce4345586e642fcd61a699fe6b476d632ffd2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest" + } + ], + "components": [ + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "ts-jest@29.1.4|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest/node_modules/yargs-parser" + } + ] + } + ] + }, + { + "type": "library", + "name": "remapping", + "group": "@ampproject", + "version": "2.3.0", + "bom-ref": "@ampproject/remapping@2.3.0", + "author": "Justin Ridgewell", + "description": "Remap sequential sourcemaps through transformations to point at the original source code", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40ampproject/remapping@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ampproject/remapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ampproject/remapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ampproject/remapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df4899b403e0cfe2d3218a1e8afa98a3ce777f4da305849de6e1a71a9905574337c4eb7d68def77ab920600999538df1e157ea7272f15bd2a98374792c2e1863" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ampproject/remapping" + } + ] + }, + { + "type": "library", + "name": "js-tokens", + "version": "4.0.0", + "bom-ref": "js-tokens@4.0.0", + "author": "Simon Lydell", + "description": "A regex that tokenizes JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-tokens@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/lydell/js-tokens.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lydell/js-tokens#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lydell/js-tokens/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-tokens" + } + ] + }, + { + "type": "library", + "name": "helper-compilation-targets", + "group": "@babel", + "version": "7.23.6", + "bom-ref": "@babel/helper-compilation-targets@7.23.6", + "author": "The Babel Team", + "description": "Helper functions on Babel compilation targets", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-compilation-targets@7.23.6#packages/babel-helper-compilation-targets", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-compilation-targets", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f49079e3c199a10566ceb160a7ca3b2b17609131a6eb1b3d0d6d28fcf8a6ef65038f3af939b510e99cd83ea03e83d3934b66c142872d2c9ae4cb444308059181" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "compat-data", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/compat-data@7.24.4", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/compat-data@7.24.4#packages/babel-compat-data", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-compat-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be0f068a1d8c2cafa43a41c9a788011089326888b4d23816a2dd83f503a699f2c2f2320d48ece608bb5ae81bf3fc94810aa9de815d0bf348e1c64a25e4658d7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/compat-data" + } + ] + }, + { + "type": "library", + "name": "helper-validator-option", + "group": "@babel", + "version": "7.23.5", + "bom-ref": "@babel/helper-validator-option@7.23.5", + "author": "The Babel Team", + "description": "Validate plugin/preset options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-option@7.23.5#packages/babel-helper-validator-option", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-option", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39b6d00e30bb2be775605e44db931f2803a6137d3e2aeff1f35d22c46268dc49324f30f42dbead410fbf41c9ea79c4c5186c64731290ec8d47f7772a79e082b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-option" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "5.1.1", + "bom-ref": "lru-cache@5.1.1", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@5.1.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a9340450037230bfe8d3034bad51555bae1f8996baf516fd1ee7a186cc014e5cdedd93f16f89a0d6f0b1e62b9d8395c1f858fda7ea023cbcdd5a7ac045828f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "3.1.1", + "bom-ref": "yallist@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b850641a58f1f9f663975189c01b67b09dc412e22e05e374efdc9a0033eb365430264bd36c2bc1a90cc2eb0873e4b054fb8772ba4cea14367da96fb4685f1e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yallist" + } + ] + }, + { + "type": "library", + "name": "helper-module-transforms", + "group": "@babel", + "version": "7.23.3", + "bom-ref": "@babel/helper-module-transforms@7.23.3", + "author": "The Babel Team", + "description": "Babel helper functions for implementing ES6 module transformations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-transforms@7.23.3#packages/babel-helper-module-transforms", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-transforms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-transforms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edb06ce040fd3a6b3075f0f3a73e0ca56812ad5ec55e5737cc86a0bcb1634b91fe324ed29ebdb5bd0e90c2bb2808631f342e1ee0b40f76850b12de32933d1245" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-transforms" + } + ] + }, + { + "type": "library", + "name": "helper-environment-visitor", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-environment-visitor@7.22.20", + "author": "The Babel Team", + "description": "Helper visitor to only visit nodes in the current 'this' context", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-environment-visitor@7.22.20#packages/babel-helper-environment-visitor", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-environment-visitor", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-environment-visitor", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdf79d488cc585ab7f8058567c7b605af95e7349ea07d604215ae9bb08ebb8b9577d44a703c7090749a21cac2a0e743b777d9a2a8db1b7cf3fc59a6dc316df84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-environment-visitor" + } + ] + }, + { + "type": "library", + "name": "helper-module-imports", + "group": "@babel", + "version": "7.24.3", + "bom-ref": "@babel/helper-module-imports@7.24.3", + "author": "The Babel Team", + "description": "Babel helper functions for inserting module loads", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-imports@7.24.3#packages/babel-helper-module-imports", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-imports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-imports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be229bd05f5fdacd01092db6412177d3ccfffb5616295ffbea6c2deb5341cd2e62ccccc33f076ad694ebcdff8b8b79e90565fd29d41b91e0add6348033b959aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-imports" + } + ] + }, + { + "type": "library", + "name": "helper-simple-access", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-simple-access@7.22.5", + "author": "The Babel Team", + "description": "Babel helper for ensuring that access to a given value is performed through simple accesses", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-simple-access@7.22.5#packages/babel-helper-simple-access", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-simple-access", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-simple-access", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f41fdf44fcaf818a46b7fbe58d2f5ecf3afa38aca599ee5644a7543e7d2b556d48bc9f13d01013a54e608ec56ff426c4b9e9228a43ea2301eda91ca247377e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-simple-access" + } + ] + }, + { + "type": "library", + "name": "helper-split-export-declaration", + "group": "@babel", + "version": "7.22.6", + "bom-ref": "@babel/helper-split-export-declaration@7.22.6", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.22.6#packages/babel-helper-split-export-declaration", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-split-export-declaration", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-split-export-declaration", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02c527c6e2e1458b22b0589a270be9d5017e2372a30f914ec6eb75e2afc6ce8bd47baa2b1cb7ac5b60bb77be789119b9de1e60aabcfab0597ab31738055b44fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-split-export-declaration" + } + ] + }, + { + "type": "library", + "name": "helpers", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/helpers@7.24.4", + "author": "The Babel Team", + "description": "Collection of helper functions used by Babel transforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helpers@7.24.4#packages/babel-helpers", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helpers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helpers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15ec1d9596d28b06951a5813d433c0343b821da0cc88ea3e0ff2036111588c73aebfaeb131227b7d0c30383c113403e400320eff3d44a05fe5d810969560010f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helpers" + } + ] + }, + { + "type": "library", + "name": "helper-function-name", + "group": "@babel", + "version": "7.23.0", + "bom-ref": "@babel/helper-function-name@7.23.0", + "author": "The Babel Team", + "description": "Helper function to change the property 'name' of every function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-function-name@7.23.0#packages/babel-helper-function-name", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-function-name", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-function-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "384ac4aacaf18d94c97226783a8f9ea19a9e5bd50888e72e60a449038640815f66c80fa93978619a97cd08a8c41ff6ae55f11854527acb54dce2bd1e200a6a8b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-function-name" + } + ] + }, + { + "type": "library", + "name": "helper-hoist-variables", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-hoist-variables@7.22.5", + "author": "The Babel Team", + "description": "Helper function to hoist variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-hoist-variables@7.22.5#packages/babel-helper-hoist-variables", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-hoist-variables", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-hoist-variables", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c068e4f50655cef92703ac8a2145116fccd8de0ad709c399b7effb59ccbc3b6b9cb7186996650f90e76582836199d55e7b673dd895db7f5c6932d54d6dfa3147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-hoist-variables" + } + ] + }, + { + "type": "library", + "name": "helper-string-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/helper-string-parser@7.24.1", + "author": "The Babel Team", + "description": "A utility package to parse strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-string-parser@7.24.1#packages/babel-helper-string-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-string-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-string-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "da87d10a39e703dcbec24f1bf4801112ba1e50fd36287a78df53769a12a78b2db22880caa5bac7bfd797c26f1c05e59061c266cefe6a282bbae4fe3b78217b09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-string-parser" + } + ] + }, + { + "type": "library", + "name": "to-fast-properties", + "version": "2.0.0", + "bom-ref": "to-fast-properties@2.0.0", + "author": "Sindre Sorhus", + "description": "Force V8 to use fast properties for an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-fast-properties@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/to-fast-properties.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fce68a2b4c58aecdc39b1458a8bff20dcf85c455156210e55cc8519afdf3f75e70d87175b67375a26077e788fc55418efe16d1cf20fa637b00eefec64bf71ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-fast-properties" + } + ] + }, + { + "type": "library", + "name": "gensync", + "version": "1.0.0-beta.2", + "bom-ref": "gensync@1.0.0-beta.2", + "author": "Logan Smyth", + "description": "Allows users to use generators in order to write common functions that can be both sync or async.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gensync@1.0.0-beta.2", + "externalReferences": [ + { + "url": "git+https://github.com/loganfsmyth/gensync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de137b35ab2462f3032d0639e609d6dcd43e99eb0401ea53aa583e5446e3ef3cea10c055361cdc19861ea85a3f4e5633e9e42215ca751dcb0264efa71a04bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gensync" + } + ] + }, + { + "type": "library", + "name": "resolve-uri", + "group": "@jridgewell", + "version": "3.1.2", + "bom-ref": "@jridgewell/resolve-uri@3.1.2", + "author": "Justin Ridgewell", + "description": "Resolve a URI relative to an optional base URI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/resolve-uri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d12128022233f6d3fb5b5923d63048b9e1054f45913192e0fd9492fe508c542adc15240f305b54eb6f58ccb354455e8d42053359ff98690bd42f98a59da292b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/resolve-uri" + } + ] + }, + { + "type": "library", + "name": "load-nyc-config", + "group": "@istanbuljs", + "version": "1.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0", + "description": "Utility function to load nyc configuration", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/load-nyc-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5637874a5233a6ffcdc83dcdd18b877d738f0c88b1700d6ad9957df30b0ca9c6253e6bf69f761bda560ff5730496768555783903b60b4de2eee95f38b900e399" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from" + } + ] + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "5.3.1", + "bom-ref": "camelcase@5.3.1", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@5.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "test-exclude", + "version": "6.0.0", + "bom-ref": "test-exclude@6.0.0", + "author": "Ben Coe", + "description": "test for inclusion or exclusion of paths using globs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/test-exclude@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/test-exclude.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/test-exclude/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7001963c8c8e1d4eb396683cf23c26ed54725e730dee257af0e1806d80e4fcc87fc42fe9cd53e542d63a9e0a081ffe7fb5c8ae8467ef11253c1ab1eb7310f9eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "test-exclude@6.0.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/brace-expansion" + } + ] + } + ] + }, + { + "type": "library", + "name": "babel__generator", + "group": "@types", + "version": "7.6.8", + "bom-ref": "@types/babel__generator@7.6.8", + "description": "TypeScript definitions for @babel/generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__generator@7.6.8#types/babel__generator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012b23fada440ec12216bd5aad6ae537a57799d7e344c66de8bb4afd5a7f92b7852e7af9407e7e0e1bc3e6720d6195f3c09bd7786abed398945dc03356ba96b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__generator" + } + ] + }, + { + "type": "library", + "name": "babel__template", + "group": "@types", + "version": "7.4.4", + "bom-ref": "@types/babel__template@7.4.4", + "description": "TypeScript definitions for @babel/template", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__template@7.4.4#types/babel__template", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "87f354692c86e44cb1048a7c611c68e1131edbfa9082fca8c11c1533385884108e35b5bc3d4b20e2590532b86066151ee73dcbdcc88b0eebf227f09a3dad80f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__template" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "29.6.3", + "bom-ref": "babel-preset-jest@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@29.6.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d01ddb87147ab27597259b51fd19621d30cf4609f5b0d1ce474c95b6afc8890172b8e563152fb0ba2a3f478812364c9898a989078c0666fd8d65a9e62a64e734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "29.6.3", + "bom-ref": "babel-plugin-jest-hoist@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@29.6.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11201cfd126f193144cd1c0e4d3e3e94d0e4fc634732429b373b2f4f4a8a45f0f2c984ec931079ae75369e3203615c570811c7108d5cd18c07a1bdd6698ba33a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "ts-mocha", + "version": "10.0.0", + "bom-ref": "ts-mocha@10.0.0", + "author": "Piotr Witek", + "description": "Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-mocha@10.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/piotrwitek/ts-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-mocha/-/ts-mocha-10.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5517e00cefa28ae24594d075f2dcce7f2a49db5c67db16ee6720ef26faa94db5a0900803d7b38d1abf2df9397cadc06d3817635e9e5efd193e777f5fed704747" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ts-node", + "version": "7.0.1", + "bom-ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@7.0.1", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "055c156cf251b29ccd876c9fb25c93d4f49b979b88934dc46656f8f7744a1cde2a7a3fc3d3a9f570486394e246ebda05b04ece4fc5e3a5351c61fea92932cc87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/ts-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arrify", + "version": "1.0.1", + "bom-ref": "ts-mocha@10.0.0|arrify@1.0.1", + "author": "Sindre Sorhus", + "description": "Convert a value to an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arrify@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/arrify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/arrify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/arrify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc26337b1f4cf451908c218c1b28baff7d5cf0625b81bd2a1b2af1e475b13ddd1a0b0878701d988cc6f65dff54ba8a20accae53bd713aa7079ac8e461d94dc50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/arrify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "3.5.0", + "bom-ref": "ts-mocha@10.0.0|diff@3.5.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@3.5.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "038eaab4581dfa0ee90d98a7a67c22449b716c2d61a607f4bb33f7886f3db1c1e4d00502ec0d531b17f93a288e52ffc931947c18eb7c84bf74d215746cecb9c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "0.5.6", + "bom-ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "author": "James Halliday", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "externalReferences": [ + { + "url": "git+https://github.com/substack/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "2.0.0", + "bom-ref": "ts-mocha@10.0.0|yn@2.0.0", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b93bfc27fc225938144e0fbdbcb4e2fff95e525e6f0d04baba28bf7a67936f6b2c63bbe5e9059fd9f15b2081a39e18ef6dd2a553479ded03e063586d4c2f3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/yn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "buffer-from", + "version": "1.1.2", + "bom-ref": "buffer-from@1.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/LinusU/buffer-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/LinusU/buffer-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/LinusU/buffer-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-from" + } + ] + }, + { + "type": "library", + "name": "tsconfig-paths", + "version": "3.15.0", + "bom-ref": "tsconfig-paths@3.15.0", + "author": "Jonas Kello", + "description": "Load node modules according to tsconfig paths, in run-time or via API.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsconfig-paths@3.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/dividab/tsconfig-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80736460cc37bf727e3c1af39edccfa8f36a4415ec03dd43dbca85071dd29ab07c092a376ce1f2d759ffd4c799004c128ddb4a1a146bbe8db125a75a68b349a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "json5", + "version": "1.0.2", + "bom-ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "author": "Aseem Kishore", + "description": "JSON for humans.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83531630b062cfc14a8b57b8c3453254bdf0fa225c7960050406819e718a3a935ae5ff132e4b646eb7b5facea8202c9d5809be1d15064e623efffc6fda1bd760" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "3.0.0", + "bom-ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdabc03115ce80154d17a9f210498bdc304ad7d891a437282305beb3043e09b1a2bbb963bbab7e264940d4c1f07a85ad69d82de0849552c5cbc83ab7e1d75cc0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/strip-bom" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "json5", + "group": "@types", + "version": "0.0.29", + "bom-ref": "@types/json5@0.0.29", + "author": "Jason Swearingen", + "description": "TypeScript definitions for JSON5", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json5@0.0.29", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7512e30961d8838a1a03bedcc4eeb8a0efbb2700b09c8ce464f76bac2ef58d0990b6584ce79ea9c0aa396d4ceabd99dd9156de14b2088bef530b8d09345e6135" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "group": "@cspotcode", + "version": "0.8.1", + "bom-ref": "@cspotcode/source-map-support@0.8.1", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40cspotcode/source-map-support@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21c84d7fa74de2d1e8305227ffb384f0b599d7d63aabfebb0667fabe719112ff1149b0556fd2cf27111c9f0adcc17ea2c52bda886a2898052fbb8612c57ad583" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support" + } + ], + "components": [ + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.9", + "bom-ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.9", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc17a5b7ab5d73c6cf800b5b72676d349962ad5a139846f97b6802f783e7930116f6323a0801d47a81bce6d8d63f95aabaa7dabe832d330886e0ff76e9928ab9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping" + } + ] + } + ] + }, + { + "type": "library", + "name": "node10", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node10@1.0.11", + "description": "A base TSConfig for working with Node 10.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node10@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0dc4630c2ba32bf90293f7147bc5f3f194a99bc992de634da6d6be8c6080e944840df92d94dbe6d7e22e67d7937036cd938d411f0a471de5be37594a0b3e333b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node10" + } + ] + }, + { + "type": "library", + "name": "node12", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node12@1.0.11", + "description": "A base TSConfig for working with Node 12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node12@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72a79fb91b21d76a56c86b08a0128903d96e16ede6471080f8e459bc0e24b4b4b322e094b56571188b978a01303b9ff2c1614c67640418a5af9191b5cc33136a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node12" + } + ] + }, + { + "type": "library", + "name": "node14", + "group": "@tsconfig", + "version": "1.0.3", + "bom-ref": "@tsconfig/node14@1.0.3", + "description": "A base TSConfig for working with Node 14.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node14@1.0.3#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cac4fc9a1762c562ba1f0de2d55d80791a99e567d78351b8de6aa86253369dceb7f3c16ae63717cabe6646ca9588bc7f18961da0bd1b7d70fc9e617e667fc8a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node14" + } + ] + }, + { + "type": "library", + "name": "node16", + "group": "@tsconfig", + "version": "1.0.4", + "bom-ref": "@tsconfig/node16@1.0.4", + "description": "A base TSConfig for working with Node 16.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node16@1.0.4#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf1854cb827c9727b28a71fb033975a5d778dc6261647fed3f6c1e37c4e7b506e5398f80d176d3f03264d7fa023ee38eca0fc96bbe7bac6d028077160bc39f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node16" + } + ] + }, + { + "type": "library", + "name": "acorn-walk", + "version": "8.3.2", + "bom-ref": "acorn-walk@8.3.2", + "description": "ECMAScript (ESTree) AST walker", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-walk@8.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "723932bf83ad34221eaa11eb7d2f354165e80813c4c51fc9eb6a3212a7a9570f16690792aa95b6ba1b8b3e1d66f5e5a10ee3a8fe35175539627ef7ac396a7fe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-walk" + } + ] + }, + { + "type": "library", + "name": "create-require", + "version": "1.1.1", + "bom-ref": "create-require@1.1.1", + "description": "Polyfill for Node.js module.createRequire (<= v12.2.0)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-require@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/nuxt-contrib/create-require.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "75c2855f78e7d0ca486978e2b2846f7b12095442b36aaef3dab64ac5ff8c4abf5391d9879ac5389b695c2e88eb8ff14797c9a4e55c4c99803e7ed4643ffde829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-require" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "4.0.2", + "bom-ref": "diff@4.0.2", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@4.0.2", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c966c4a480e013722f3f871cc53394e129834f4557e7afe9931edef262860771ce073067c5681043e600b0991bd2e6a9f56834c30aa6db48613546eae0d8ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache-lib", + "version": "3.0.1", + "bom-ref": "v8-compile-cache-lib@3.0.1", + "author": "Andrew Bradley", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache-lib@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/v8-compile-cache-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1aed88f25067cd667808fefb4ad141c037e9600c2c413c2ca55571a9d33bb9f45cf96a21ad3576aadc3848a2fd3adcca2b07e55fb9f2e1dc9945d8a7532b7c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache-lib" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "3.1.1", + "bom-ref": "yn@3.1.1", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yn" + } + ] + }, + { + "type": "library", + "name": "tsimportlib", + "version": "0.0.5", + "bom-ref": "tsimportlib@0.0.5", + "author": "Andrew Bradley", + "purl": "pkg:npm/tsimportlib@0.0.5", + "externalReferences": [ + { + "url": "https://github.com/cspotcode/tsimportlib", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/tsimportlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsimportlib/-/tsimportlib-0.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9642ffc2dd80783f08fbed9d8794e45fcb912c58771262deba55094c334c5988a5f0b687b54b17e9ce61d7eb6b1d260cd4e9eb2b046b72448971e8ed8e14fad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsimportlib" + } + ] + }, + { + "type": "library", + "name": "colors", + "group": "@colors", + "version": "1.6.0", + "bom-ref": "@colors/colors@1.6.0", + "author": "DABH", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40colors/colors@1.6.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/DABH/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DABH/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DABH/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "22bf803a26eaceb22c2fa6a3b77473dcbb2407b3a23151ea96d666b296d6fd326e4d5bb238c8ab56a0248df63a2484a22c783236a89c002f00c871c6ccd77f74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@colors/colors" + } + ] + }, + { + "type": "library", + "name": "diagnostics", + "group": "@dabh", + "version": "2.0.3", + "bom-ref": "@dabh/diagnostics@2.0.3", + "author": "Arnout Kazemier", + "description": "Tools for debugging your node.js modules and event loop", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40dabh/diagnostics@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/diagnostics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "86b9503888bb8407f3b0caa519217256e72bc77f0efa3eb088639ffff1f679cbc812a60de000c1492da22cc879505c83ba708d9e25083e4feadeb885bf8e7144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@dabh/diagnostics" + } + ] + }, + { + "type": "library", + "name": "colorspace", + "version": "1.1.4", + "bom-ref": "colorspace@1.1.4", + "author": "Arnout Kazemier", + "description": "Generate HEX colors for a given namespace.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colorspace@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/colorspace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "060bca262b95bb58a00541769048d10995e897ac228866d8e62a4bfe854fc26d012fdb08a4c23333c20aeefc2ec48233397315dc4cb9c3ebf1866d2b47f4cdf3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace" + } + ], + "components": [ + { + "type": "library", + "name": "color", + "version": "3.2.1", + "bom-ref": "colorspace@1.1.4|color@3.2.1", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68197b75923d10d37a7d4182ee65a93133cd1e659448d6a7f6db9637a6a187964b364f5b68b24e9d2325ad090772b7c5833dbf462823515023771dfa55c7a628" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "colorspace@1.1.4|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "colorspace@1.1.4|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-name" + } + ] + } + ] + }, + { + "type": "library", + "name": "text-hex", + "version": "1.0.0", + "bom-ref": "text-hex@1.0.0", + "author": "Arnout Kazemier", + "description": "Generate a hex color from the given text", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-hex@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/text-hex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae546356ce0278ca145a3528ae6cf63b3a3212c38b30e04e54bf4c1b8e9f8ecdc6e6554febb13f2e8e07172619fdca9cec82be6f973a4fa8ff8c04129c1af6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-hex" + } + ] + }, + { + "type": "library", + "name": "enabled", + "version": "2.0.0", + "bom-ref": "enabled@2.0.0", + "author": "Arnout Kazemier", + "description": "Check if a certain debug flag is enabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enabled@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/enabled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00aacdf7c92ec0eccc21d022cd7188f3a505068a36e822f6d5433beb7cb587f18c489e3f38753d936625b26069c92705a3fc1b2f35902413025b8f883b7ffe39" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enabled" + } + ] + }, + { + "type": "library", + "name": "kuler", + "version": "2.0.0", + "bom-ref": "kuler@2.0.0", + "author": "Arnout Kazemier", + "description": "Color your terminal using CSS/hex color codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kuler@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/kuler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eaf671fb2a559999702da1d5c30d113bbece8353581353ccd80c70e258b4a2a78e44830ab7a652c7ccf9f6ecd82fccbdabd4b30f0b5bddaa1f7cb10c6daa3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kuler" + } + ] + }, + { + "type": "library", + "name": "logform", + "version": "2.6.0", + "bom-ref": "logform@2.6.0", + "author": "Charlie Robbins", + "description": "An mutable object-based log format designed for chaining & objectMode streams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/logform@2.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/logform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/logform#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/logform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6e94778d3e9ea4fcb0fc1fdd68ed56050678398b504313b1e82b155b66218589d4b5463eb9a9ccb02f15fea557c03e840912345dbca72eb0ac0eba91c254e55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/logform" + } + ] + }, + { + "type": "library", + "name": "fecha", + "version": "4.2.3", + "bom-ref": "fecha@4.2.3", + "author": "Taylor Hakes", + "description": "Date formatting and parsing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fecha@4.2.3", + "externalReferences": [ + { + "url": "git+https://taylorhakes@github.com/taylorhakes/fecha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/taylorhakes/fecha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/taylorhakes/fecha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38fd88514e877982898b78b4cf8035f641cc4282d5b381dcf833eaab123687f0cf6474e6fef8ec7c2e8fd1be2308ccb5e178b32c1aaf9dd43e522943efbd3b27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fecha" + } + ] + }, + { + "type": "library", + "name": "safe-stable-stringify", + "version": "2.4.3", + "bom-ref": "safe-stable-stringify@2.4.3", + "author": "Ruben Bridgewater", + "description": "Deterministic and safely JSON.stringify to quickly serialize JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-stable-stringify@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/BridgeAR/safe-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b66c30365894f4c31b1e55de25b033f8fb738d5fa1e931741ad5984543b494f868ef3910a64a16c2325b6bb480df9188551eb39c3ed8fe2a198305d3dd643d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "version": "1.4.1", + "bom-ref": "triple-beam@1.4.1", + "author": "Charlie Robbins", + "description": "Definitions of levels for logging purposes & shareable Symbol constants.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/triple-beam@1.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/triple-beam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6996e056266b83540d706f8b50b6bb9e16692536522e6fe65e71d79db01b8e63796926b4cbb57ec2fbfafb859a06da48489cd384acbe3c83f173536ad4427d9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/triple-beam" + } + ] + }, + { + "type": "library", + "name": "one-time", + "version": "1.0.0", + "bom-ref": "one-time@1.0.0", + "author": "Arnout Kazemier", + "description": "Run the supplied function exactly one time (once)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/one-time@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/one-time.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e435ce8912b0b9211c43f974906085e90de37000c5bf9b52991689724fceaa454570eceeb41d77e0a4527c5d310eb2f7f4c367ab16c705b51472364885381bda" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/one-time" + } + ] + }, + { + "type": "library", + "name": "fn.name", + "version": "1.1.0", + "bom-ref": "fn.name@1.1.0", + "author": "Arnout Kazemier", + "description": "Extract names from functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fn.name@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/fn.name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1919e607980fc89a4085341d4994d2a7db9a3d2be5d3d2a861c310b6c07dad0a0e9b3b3d747e9f7de71c1fe67e72fe8febc1eee5b0ba263461e0087f98748d47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fn.name" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.3.0", + "bom-ref": "string_decoder@1.3.0", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string_decoder" + } + ] + }, + { + "type": "library", + "name": "stack-trace", + "version": "0.0.10", + "bom-ref": "stack-trace@0.0.10", + "author": "Felix Geisendörfer", + "description": "Get v8 stack traces as an array of CallSite objects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-trace@0.0.10", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-stack-trace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "286cda85cee9b942a4cf232df88a807a9f9354d6ca3fe9362e6c21b9bdfd9b502c4d291a0eeb71e7a6830a8f872c3cdffc3dba0481d32563624c6d4a0098900a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-trace" + } + ] + }, + { + "type": "library", + "name": "winston-transport", + "version": "4.7.0", + "bom-ref": "winston-transport@4.7.0", + "author": "Charlie Robbins", + "description": "Base stream implementations for winston@3 and up.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston-transport@4.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/winstonjs/winston-transport.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a3063eb92b923b75e9f37abd88616ebed9b34856a2c60c7a83c373b0f0e861faf756fabbf8319e9e883bc7a0a85f2456766aec8df1bc9789e0c327de9588e36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston-transport" + } + ] + }, + { + "type": "library", + "name": "xlsx-populate", + "version": "1.21.0", + "bom-ref": "xlsx-populate@1.21.0", + "author": "Dave T. Johnson", + "description": "Excel XLSX parser/generator written in JavaScript with Node.js and browser support, jQuery/d3-style method chaining, and a focus on keeping existing workbook features and styles in tact.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xlsx-populate@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/dtjohnson/xlsx-populate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xlsx-populate/-/xlsx-populate-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2fd869bc05e857a3a2d4eca4fcd364285d33e4618d522a4e55f20fd4b98667341dc9cd7aae77f3fdf4fc6bdb25de2b2b7eb0a9426ad9a2773ea340d89ed6147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate" + } + ], + "components": [ + { + "type": "library", + "name": "sax", + "version": "1.3.0", + "bom-ref": "xlsx-populate@1.21.0|sax@1.3.0", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2cfa8026c3dccb975575712f41b5937b240774716e5ed101f85b72d610ae9ae0b68b100d8e4e919858363ee976ac04bb73eb0926deed71470f79991b89e7d58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate/node_modules/sax" + } + ] + } + ] + }, + { + "type": "library", + "name": "cfb", + "version": "1.2.2", + "bom-ref": "cfb@1.2.2", + "author": "sheetjs", + "description": "Compound File Binary File Format extractor", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/cfb@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-cfb.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-cfb/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cfb/-/cfb-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "29f75466c48ec35f7f39b1166acbc13ff01ce2b799bc019ab9986ce92fe0a8d857848edc2b0be51fbba58fe74e1189dc6b86e6e121a8f02d5b4c042f9d38e040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cfb" + } + ] + }, + { + "type": "library", + "name": "adler-32", + "version": "1.3.1", + "bom-ref": "adler-32@1.3.1", + "author": "sheetjs", + "description": "Pure-JS ADLER-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/adler-32@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-adler32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/opensource", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-adler32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/adler-32/-/adler-32-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca7678c3f9d452fe6baec47c5141a87b5542f61663e95e6153d430d4794c0c9184270e52ed37d312b5938cccace8ceefaf461670faacdea02be2cb349c37cff8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/adler-32" + } + ] + }, + { + "type": "library", + "name": "crc-32", + "version": "1.2.2", + "bom-ref": "crc-32@1.2.2", + "author": "sheetjs", + "description": "Pure-JS CRC-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/crc-32@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44e9b308aad39cec326cf709029000e960568a3db71d57c654d2aaaab669bb264e1ea2b60b01d2be91aecadfd434dbda22311df17e48146a78321f887b520725" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/crc-32" + } + ] + }, + { + "type": "library", + "name": "jszip", + "version": "3.10.1", + "bom-ref": "jszip@3.10.1", + "author": "Stuart Knightley", + "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip", + "licenses": [ + { + "expression": "(MIT OR GPL-3.0-or-later)" + } + ], + "purl": "pkg:npm/jszip@3.10.1", + "externalReferences": [ + { + "url": "git+https://github.com/Stuk/jszip.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Stuk/jszip#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Stuk/jszip/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c570ef79cc93a462eba85aef92b512a31c5f248e401fb53ccf1c6d55c969b14b4c0aae09436f742d8f005b973b1a09ebfd8fe82be6d031ba8adaa9ad937a4de2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip" + } + ], + "components": [ + { + "type": "library", + "name": "readable-stream", + "version": "2.3.8", + "bom-ref": "jszip@3.10.1|readable-stream@2.3.8", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.1.2", + "bom-ref": "jszip@3.10.1|safe-buffer@5.1.2", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.1.1", + "bom-ref": "jszip@3.10.1|string_decoder@1.1.1", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/string_decoder" + } + ] + } + ] + }, + { + "type": "library", + "name": "lie", + "version": "3.3.0", + "bom-ref": "lie@3.3.0", + "description": "A basic but performant promise implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lie@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/lie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lie" + } + ] + }, + { + "type": "library", + "name": "immediate", + "version": "3.0.6", + "bom-ref": "immediate@3.0.6", + "description": "A cross browser microtask library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/immediate@3.0.6", + "externalReferences": [ + { + "url": "git://github.com/calvinmetcalf/immediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d7385b72a838cd0c043155f631b85ee0f4897f21b5a69a5420d8c60a387f04c484f5aa0eb1738cf24b71da10401382cd5bb5fcf1ab5e5c894898ee08d25d119" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/immediate" + } + ] + }, + { + "type": "library", + "name": "pako", + "version": "1.0.11", + "bom-ref": "pako@1.0.11", + "description": "zlib port to javascript - fast, modularized, with browser support", + "licenses": [ + { + "expression": "(MIT AND Zlib)" + } + ], + "purl": "pkg:npm/pako@1.0.11", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/pako.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/pako", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/pako/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pako" + } + ] + }, + { + "type": "library", + "name": "core-util-is", + "version": "1.0.3", + "bom-ref": "core-util-is@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "The `util.is*` functions introduced in Node v0.12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/core-util-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/core-util-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/core-util-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-util-is" + } + ] + }, + { + "type": "library", + "name": "isarray", + "version": "1.0.0", + "bom-ref": "isarray@1.0.0", + "author": "Julian Gruber", + "description": "Array#isArray for older browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/isarray.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/isarray", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/isarray/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isarray" + } + ] + }, + { + "type": "library", + "name": "process-nextick-args", + "version": "2.0.1", + "bom-ref": "process-nextick-args@2.0.1", + "description": "process.nextTick but always with args", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/process-nextick-args" + } + ] + }, + { + "type": "library", + "name": "setimmediate", + "version": "1.0.5", + "bom-ref": "setimmediate@1.0.5", + "author": "YuzuJS", + "description": "A shim for the setImmediate efficient script yielding API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/setimmediate@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/YuzuJS/setImmediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3004c9759a7cb0ba8397febc2df4266cff3328f2d0355e81219a0882bb1c14343e46cbcafc1c5e0d03a0cb128aa21d32ffc87706a5459c2a90fe077eade8885c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setimmediate" + } + ] + }, + { + "type": "library", + "name": "sax", + "version": "1.2.1", + "bom-ref": "sax@1.2.1", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d9adcba2f1d33a99bb355e723b23bc207aa056c7cae3e52ec92ad753c617912457ee4ea1095f5bdc7ae4282af79cca608fed1b9a871a2495a9be9d6873b64" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sax" + } + ] + }, + { + "type": "library", + "name": "xmlbuilder", + "version": "11.0.1", + "bom-ref": "xmlbuilder@11.0.1", + "author": "Ozgur Ozcitak", + "description": "An XML builder for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlbuilder@11.0.1", + "externalReferences": [ + { + "url": "git://github.com/oozcitak/xmlbuilder-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c396c23f905131ee02ef6de71cd3fa212c6e747ee810a7caf21f3313b96f6f49ad462745d858a9e1b14c7ba227b71bdf3eaf9e9a4d0214078921b78d91dc9bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlbuilder" + } + ] + }, + { + "type": "library", + "name": "zip-lib", + "version": "1.0.4", + "bom-ref": "zip-lib@1.0.4", + "author": "fpsqdb", + "description": "zip and unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/zip-lib@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/fpsqdb/zip-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/zip-lib/-/zip-lib-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b5cc0c2d4b13fddc60110330c685add0148fdd054af6f57faf0ece46452f1ba4045bc1a06550d3873844f050de44e0f4beb306f500c52eb789f5e4ce61ce7a4f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/zip-lib" + } + ] + }, + { + "type": "library", + "name": "yauzl", + "version": "3.1.3", + "bom-ref": "yauzl@3.1.3", + "author": "Josh Wolfe", + "description": "yet another unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yauzl@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yauzl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yauzl/-/yauzl-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "24209d9a52495afecbd2afcaca539e93245a52b744a14c5691655c828ae8b1344e0855a24bda7634d3c4f586fdd5a93b6f53794b1019125896a6ca5b65c722bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yauzl" + } + ] + }, + { + "type": "library", + "name": "buffer-crc32", + "version": "0.2.13", + "bom-ref": "buffer-crc32@0.2.13", + "author": "Brian J. Brennan", + "description": "A pure javascript CRC32 algorithm that plays nice with binary data", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/buffer-crc32@0.2.13", + "externalReferences": [ + { + "url": "git://github.com/brianloveswords/buffer-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54ef47b7ffa9dd237b48a5aa72b804ce319b4522584f1f90d694d00b4c2b5aa1f1d2fa49ada43a1ad1f1f2dbdc835ae52b56f2854e6071cc603a08fb0744c391" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-crc32" + } + ] + }, + { + "type": "library", + "name": "pend", + "version": "1.2.0", + "bom-ref": "pend@1.2.0", + "author": "Andrew Kelley", + "description": "dead-simple optimistic async helper", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pend@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/andrewrk/node-pend.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andrewrk/node-pend#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andrewrk/node-pend/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1776acbf8d94b97721773b7ec57a9f5b538695505efa6c5ada6a88d29839c801d93ef16663763a76b49ffc643503ce9681610df4ace1fd6ae029aea219c1d72e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pend" + } + ] + }, + { + "type": "library", + "name": "yazl", + "version": "2.5.1", + "bom-ref": "yazl@2.5.1", + "author": "Josh Wolfe", + "description": "yet another zip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yazl@2.5.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yazl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yazl/-/yazl-2.5.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6110d8b63cb8879c76fa401568b7e7499da019d31a2c8fba777d697ece7223043967308d8fb19089677d3a04f4c539a1dfe6a743108f31e6a16b48e04de6faf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yazl" + } + ] + } + ], + "dependencies": [ + { + "ref": "@mitre/saf@1.4.7", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@aws-sdk/client-securityhub@3.590.0", + "@e965/xlsx@0.20.1", + "@mitre/emass_client@3.10.0", + "@mitre/hdf-converters@2.10.8", + "@mitre/heimdall-lite@2.10.9", + "@mitre/inspec-objects@1.0.1", + "@oclif/core@3.26.9", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-plugins@5.2.2", + "@oclif/plugin-version@2.2.2", + "@oclif/plugin-warn-if-update-available@3.1.4", + "@oclif/test@3.2.15", + "@smithy/node-http-handler@3.0.0", + "@types/chai@4.3.14", + "@types/express@4.17.21", + "@types/flat@5.0.5", + "@types/fs-extra@11.0.4", + "@types/get-installed-path@4.0.3", + "@types/jest@29.5.12", + "@types/js-yaml@4.0.9", + "@types/lodash@4.17.4", + "@types/mocha@10.0.6", + "@types/mock-fs@4.13.4", + "@types/mustache@4.2.5", + "@types/node@20.14.1", + "@types/objects-to-csv@1.3.3", + "@types/prompt-sync@4.2.3", + "@types/tmp@0.2.6", + "@types/uuid@9.0.8", + "@types/xml2js@0.4.14", + "@typescript-eslint/eslint-plugin@7.12.0", + "accurate-search@1.2.15", + "ajv@8.16.0", + "axios@1.7.2", + "chai@4.4.1", + "colors@1.4.0", + "csv-parse@4.16.3", + "dotenv@16.4.5", + "eslint-config-oclif-typescript@1.0.3", + "eslint-config-oclif@4.0.0", + "eslint-plugin-unicorn@52.0.0", + "eslint@8.57.0", + "express@4.19.2", + "fast-xml-parser@4.4.0", + "flat@5.0.2", + "form-data@4.0.0", + "fs-extra@11.2.0", + "get-installed-path@4.0.8", + "htmlparser2@9.1.0", + "https@1.0.0", + "inquirer-file-tree-selection-prompt@2.0.2", + "inquirer@8.0.0", + "inspecjs@2.10.8", + "jest-mock@29.7.0", + "jest@29.7.0", + "js-yaml@4.1.0", + "json-colorizer@2.2.2", + "lodash@4.17.21", + "markdown-diff@2.0.0", + "markdown-table-ts@1.0.3", + "marked@12.0.2", + "mocha@10.4.0", + "mock-fs@5.2.0", + "moment@2.30.1", + "mustache@4.2.0", + "objects-to-csv@1.3.6", + "oclif@4.13.0", + "open@10.1.0", + "prompt-sync@4.2.0", + "run-script-os@1.1.6", + "table@6.8.2", + "tmp@0.2.3", + "ts-jest@29.1.4", + "ts-mocha@10.0.0", + "ts-node@10.9.2", + "tsimportlib@0.0.5", + "tslib@2.6.3", + "typescript@5.1.6", + "uuid@9.0.1", + "winston@3.13.0", + "xlsx-populate@1.21.0", + "xml2js@0.6.2", + "yaml@2.4.3", + "zip-lib@1.0.4" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0", + "dependsOn": [ + "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/util@3.0.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/util@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/util@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/types@3.577.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-utf8-browser@3.259.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-locate-window@3.535.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "tslib@2.6.3" + }, + { + "ref": "@aws-sdk/middleware-host-header@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-logger@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/config-resolver@3.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/core@2.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/fetch-http-handler@3.0.1", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/invalid-dependency@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-content-length@3.0.0", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-endpoint@3.0.1", + "dependsOn": [ + "@smithy/middleware-serde@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-retry@3.0.3", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/service-error-classification@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "tslib@2.6.3", + "uuid@9.0.1" + ] + }, + { + "ref": "@smithy/middleware-serde@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-stack@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-config-provider@3.1.0", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-http-handler@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/protocol-http@4.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/smithy-client@3.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-stack@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/types@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/url-parser@3.0.0", + "dependsOn": [ + "@smithy/querystring-parser@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-base64@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-browser@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-node@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-browser@3.0.3", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-node@3.0.3", + "dependsOn": [ + "@smithy/config-resolver@3.0.1", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-endpoints@2.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-middleware@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-retry@3.0.0", + "dependsOn": [ + "@smithy/service-error-classification@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-utf8@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/signature-v4@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/is-array-buffer@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-hex-encoding@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-uri-escape@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "strnum@1.0.5" + }, + { + "ref": "@smithy/property-provider@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-stream@3.0.1", + "dependsOn": [ + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/credential-provider-imds@3.1.0", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/shared-ini-file-loader@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-config-provider@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "bowser@2.11.0" + }, + { + "ref": "@smithy/querystring-builder@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-buffer-from@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/service-error-classification@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0" + ] + }, + { + "ref": "uuid@9.0.1" + }, + { + "ref": "@smithy/querystring-parser@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@e965/xlsx@0.20.1" + }, + { + "ref": "@mitre/emass_client@3.10.0", + "dependsOn": [ + "@mitre/emass_client@3.10.0|axios@0.21.4" + ] + }, + { + "ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "dependsOn": [ + "follow-redirects@1.15.6" + ] + }, + { + "ref": "follow-redirects@1.15.6" + }, + { + "ref": "@mitre/hdf-converters@2.10.8", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@e965/xlsx@0.20.1", + "@mdi/js@7.4.47", + "@mitre/jsonix@3.0.7", + "@smithy/node-http-handler@3.0.0", + "@types/csv2json@1.4.5", + "@types/ms@0.7.34", + "@types/mustache@4.2.5", + "@types/papaparse@5.3.14", + "@types/revalidator@0.3.12", + "@types/triple-beam@1.3.5", + "@types/validator@13.12.0", + "@types/xml2js@0.4.14", + "axios@1.7.2", + "compare-versions@6.1.0", + "csv2json@2.0.2", + "fast-xml-parser@4.4.0", + "html-entities@2.5.2", + "htmlparser2@9.1.0", + "inspecjs@2.10.8", + "lodash@4.17.21", + "moment@2.30.1", + "ms@2.1.3", + "mustache@4.2.0", + "papaparse@5.4.1", + "revalidator@0.3.1", + "run-script-os@1.1.6", + "semver@7.6.2", + "tailwindcss@3.4.3", + "tw-elements@1.1.0", + "validator@13.12.0", + "winston@3.13.0", + "xml-formatter@3.6.2", + "xml-parser-xo@4.1.1", + "xml2js@0.6.2", + "yaml@2.4.3" + ] + }, + { + "ref": "@mdi/js@7.4.47" + }, + { + "ref": "@mitre/jsonix@3.0.7", + "dependsOn": [ + "@xmldom/xmldom@0.8.10", + "amdefine@0.0.4", + "xmlhttprequest@1.8.0" + ] + }, + { + "ref": "@xmldom/xmldom@0.8.10" + }, + { + "ref": "amdefine@0.0.4" + }, + { + "ref": "xmlhttprequest@1.8.0" + }, + { + "ref": "@types/csv2json@1.4.5", + "dependsOn": [ + "@types/pumpify@1.4.4" + ] + }, + { + "ref": "@types/pumpify@1.4.4", + "dependsOn": [ + "@types/duplexify@3.6.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/duplexify@3.6.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/node@20.14.1", + "dependsOn": [ + "undici-types@5.26.5" + ] + }, + { + "ref": "@types/ms@0.7.34" + }, + { + "ref": "@types/mustache@4.2.5" + }, + { + "ref": "@types/papaparse@5.3.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/revalidator@0.3.12" + }, + { + "ref": "@types/triple-beam@1.3.5" + }, + { + "ref": "@types/validator@13.12.0" + }, + { + "ref": "@types/xml2js@0.4.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "axios@1.7.2", + "dependsOn": [ + "follow-redirects@1.15.6", + "form-data@4.0.0", + "proxy-from-env@1.1.0" + ] + }, + { + "ref": "compare-versions@6.1.0" + }, + { + "ref": "csv2json@2.0.2", + "dependsOn": [ + "csv-parser@2.3.5", + "exec-promise@0.7.0", + "minimist@1.2.8", + "promise-toolbox@0.14.0", + "pump@3.0.0", + "pumpify@2.0.1", + "strip-bom-stream@4.0.0", + "through2@3.0.2" + ] + }, + { + "ref": "csv-parser@2.3.5", + "dependsOn": [ + "minimist@1.2.8", + "through2@3.0.2" + ] + }, + { + "ref": "minimist@1.2.8" + }, + { + "ref": "through2@3.0.2", + "dependsOn": [ + "inherits@2.0.4", + "readable-stream@3.6.2" + ] + }, + { + "ref": "exec-promise@0.7.0", + "dependsOn": [ + "log-symbols@1.0.2" + ] + }, + { + "ref": "log-symbols@1.0.2", + "dependsOn": [ + "log-symbols@1.0.2|chalk@1.1.3" + ] + }, + { + "ref": "log-symbols@1.0.2|chalk@1.1.3", + "dependsOn": [ + "log-symbols@1.0.2|ansi-styles@2.2.1", + "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "has-ansi@2.0.0", + "log-symbols@1.0.2|strip-ansi@3.0.1", + "log-symbols@1.0.2|supports-color@2.0.0" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-styles@2.2.1" + }, + { + "ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "log-symbols@1.0.2|ansi-regex@2.1.1" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-regex@2.1.1" + }, + { + "ref": "log-symbols@1.0.2|supports-color@2.0.0" + }, + { + "ref": "has-ansi@2.0.0", + "dependsOn": [ + "has-ansi@2.0.0|ansi-regex@2.1.1" + ] + }, + { + "ref": "has-ansi@2.0.0|ansi-regex@2.1.1" + }, + { + "ref": "promise-toolbox@0.14.0", + "dependsOn": [ + "make-error@1.3.6" + ] + }, + { + "ref": "make-error@1.3.6" + }, + { + "ref": "pump@3.0.0", + "dependsOn": [ + "end-of-stream@1.4.4", + "once@1.4.0" + ] + }, + { + "ref": "end-of-stream@1.4.4", + "dependsOn": [ + "once@1.4.0" + ] + }, + { + "ref": "once@1.4.0", + "dependsOn": [ + "wrappy@1.0.2" + ] + }, + { + "ref": "pumpify@2.0.1", + "dependsOn": [ + "duplexify@4.1.3", + "inherits@2.0.4", + "pump@3.0.0" + ] + }, + { + "ref": "duplexify@4.1.3", + "dependsOn": [ + "end-of-stream@1.4.4", + "inherits@2.0.4", + "readable-stream@3.6.2", + "stream-shift@1.0.3" + ] + }, + { + "ref": "inherits@2.0.4" + }, + { + "ref": "readable-stream@3.6.2", + "dependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "stream-shift@1.0.3" + }, + { + "ref": "strip-bom-stream@4.0.0", + "dependsOn": [ + "first-chunk-stream@3.0.0", + "strip-bom-buf@2.0.0" + ] + }, + { + "ref": "first-chunk-stream@3.0.0" + }, + { + "ref": "strip-bom-buf@2.0.0", + "dependsOn": [ + "is-utf8@0.2.1" + ] + }, + { + "ref": "is-utf8@0.2.1" + }, + { + "ref": "fast-xml-parser@4.4.0", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "html-entities@2.5.2" + }, + { + "ref": "htmlparser2@9.1.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "domutils@3.1.0", + "entities@4.5.0" + ] + }, + { + "ref": "inspecjs@2.10.8" + }, + { + "ref": "lodash@4.17.21" + }, + { + "ref": "moment@2.30.1" + }, + { + "ref": "ms@2.1.3" + }, + { + "ref": "mustache@4.2.0" + }, + { + "ref": "papaparse@5.4.1" + }, + { + "ref": "revalidator@0.3.1" + }, + { + "ref": "run-script-os@1.1.6" + }, + { + "ref": "semver@7.6.2" + }, + { + "ref": "tailwindcss@3.4.3", + "dependsOn": [ + "@alloc/quick-lru@5.2.0", + "arg@5.0.2", + "chokidar@3.5.3", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "postcss-import@15.1.0", + "postcss-js@4.0.1", + "postcss-load-config@4.0.2", + "postcss-nested@6.0.1", + "postcss-selector-parser@6.0.16", + "postcss@8.4.38", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "@alloc/quick-lru@5.2.0" + }, + { + "ref": "arg@5.0.2" + }, + { + "ref": "chokidar@3.5.3", + "dependsOn": [ + "anymatch@3.1.3", + "braces@3.0.2", + "fsevents@2.3.3", + "chokidar@3.5.3|glob-parent@5.1.2", + "is-binary-path@2.1.0", + "is-glob@4.0.3", + "normalize-path@3.0.0", + "readdirp@3.6.0" + ] + }, + { + "ref": "chokidar@3.5.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "didyoumean@1.2.2" + }, + { + "ref": "dlv@1.1.3" + }, + { + "ref": "fast-glob@3.3.2", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "fast-glob@3.3.2|glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.5" + ] + }, + { + "ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "@nodelib/fs.stat@2.0.5" + }, + { + "ref": "@nodelib/fs.walk@1.2.8", + "dependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.17.1" + ] + }, + { + "ref": "is-glob@4.0.3", + "dependsOn": [ + "is-extglob@2.1.1" + ] + }, + { + "ref": "merge2@1.4.1" + }, + { + "ref": "micromatch@4.0.5", + "dependsOn": [ + "braces@3.0.2", + "picomatch@2.3.1" + ] + }, + { + "ref": "glob-parent@6.0.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "jiti@1.21.0" + }, + { + "ref": "lilconfig@2.1.0" + }, + { + "ref": "braces@3.0.2", + "dependsOn": [ + "fill-range@7.0.1" + ] + }, + { + "ref": "picomatch@2.3.1" + }, + { + "ref": "normalize-path@3.0.0" + }, + { + "ref": "object-hash@3.0.0" + }, + { + "ref": "picocolors@1.0.0" + }, + { + "ref": "postcss-import@15.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "postcss-value-parser@4.2.0" + }, + { + "ref": "postcss@8.4.38", + "dependsOn": [ + "nanoid@3.3.7", + "picocolors@1.0.0", + "source-map-js@1.2.0" + ] + }, + { + "ref": "read-cache@1.0.0", + "dependsOn": [ + "pify@2.3.0" + ] + }, + { + "ref": "pify@2.3.0" + }, + { + "ref": "resolve@1.22.8", + "dependsOn": [ + "is-core-module@2.13.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ] + }, + { + "ref": "postcss-js@4.0.1", + "dependsOn": [ + "camelcase-css@2.0.1", + "postcss@8.4.38" + ] + }, + { + "ref": "camelcase-css@2.0.1" + }, + { + "ref": "postcss-load-config@4.0.2", + "dependsOn": [ + "postcss-load-config@4.0.2|lilconfig@3.1.1", + "postcss@8.4.38", + "ts-node@10.9.2", + "yaml@2.4.3" + ] + }, + { + "ref": "postcss-load-config@4.0.2|lilconfig@3.1.1" + }, + { + "ref": "ts-node@10.9.2", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1", + "@tsconfig/node10@1.0.11", + "@tsconfig/node12@1.0.11", + "@tsconfig/node14@1.0.3", + "@tsconfig/node16@1.0.4", + "@types/node@20.14.1", + "acorn-walk@8.3.2", + "acorn@8.11.3", + "ts-node@10.9.2|arg@4.1.3", + "create-require@1.1.1", + "diff@4.0.2", + "make-error@1.3.6", + "typescript@5.1.6", + "v8-compile-cache-lib@3.0.1", + "yn@3.1.1" + ] + }, + { + "ref": "ts-node@10.9.2|arg@4.1.3" + }, + { + "ref": "yaml@2.4.3" + }, + { + "ref": "postcss-nested@6.0.1", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "postcss-selector-parser@6.0.16", + "dependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "cssesc@3.0.0" + }, + { + "ref": "util-deprecate@1.0.2" + }, + { + "ref": "nanoid@3.3.7" + }, + { + "ref": "source-map-js@1.2.0" + }, + { + "ref": "is-core-module@2.13.1", + "dependsOn": [ + "hasown@2.0.2" + ] + }, + { + "ref": "path-parse@1.0.7" + }, + { + "ref": "supports-preserve-symlinks-flag@1.0.0" + }, + { + "ref": "sucrase@3.35.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "sucrase@3.35.0|commander@4.1.1", + "sucrase@3.35.0|glob@10.3.12", + "lines-and-columns@1.2.4", + "mz@2.7.0", + "pirates@4.0.6", + "ts-interface-checker@0.1.13" + ] + }, + { + "ref": "sucrase@3.35.0|commander@4.1.1" + }, + { + "ref": "sucrase@3.35.0|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "sucrase@3.35.0|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "sucrase@3.35.0|minipass@7.0.4" + }, + { + "ref": "@jridgewell/gen-mapping@0.3.5", + "dependsOn": [ + "@jridgewell/set-array@1.2.1", + "@jridgewell/sourcemap-codec@1.4.15", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "@jridgewell/set-array@1.2.1" + }, + { + "ref": "@jridgewell/sourcemap-codec@1.4.15" + }, + { + "ref": "@jridgewell/trace-mapping@0.3.25", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "foreground-child@3.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "foreground-child@3.1.1|signal-exit@4.1.0" + ] + }, + { + "ref": "foreground-child@3.1.1|signal-exit@4.1.0" + }, + { + "ref": "cross-spawn@7.0.3", + "dependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ] + }, + { + "ref": "jackspeak@2.3.6", + "dependsOn": [ + "@isaacs/cliui@8.0.2", + "@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2", + "dependsOn": [ + "string-width@4.2.3", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.5h3h9846p8.g5nk6qdc128", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "wrap-ansi@7.0.0", + "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "eastasianwidth@0.2.0", + "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1" + }, + { + "ref": "string-width@4.2.3", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "emoji-regex@8.0.0" + }, + { + "ref": "is-fullwidth-code-point@3.0.0" + }, + { + "ref": "strip-ansi@6.0.1", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "ansi-regex@5.0.1" + }, + { + "ref": "wrap-ansi@7.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-styles@4.3.0", + "dependsOn": [ + "color-convert@2.0.1" + ] + }, + { + "ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@pkgjs/parseargs@0.11.0" + }, + { + "ref": "minimatch@9.0.4", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "path-scurry@1.10.2", + "dependsOn": [ + "path-scurry@1.10.2|lru-cache@10.2.0", + "path-scurry@1.10.2|minipass@7.0.4" + ] + }, + { + "ref": "path-scurry@1.10.2|lru-cache@10.2.0" + }, + { + "ref": "path-scurry@1.10.2|minipass@7.0.4" + }, + { + "ref": "lines-and-columns@1.2.4" + }, + { + "ref": "mz@2.7.0", + "dependsOn": [ + "any-promise@1.3.0", + "object-assign@4.1.1", + "thenify-all@1.6.0" + ] + }, + { + "ref": "any-promise@1.3.0" + }, + { + "ref": "object-assign@4.1.1" + }, + { + "ref": "thenify-all@1.6.0", + "dependsOn": [ + "thenify@3.3.1" + ] + }, + { + "ref": "thenify@3.3.1", + "dependsOn": [ + "any-promise@1.3.0" + ] + }, + { + "ref": "pirates@4.0.6" + }, + { + "ref": "ts-interface-checker@0.1.13" + }, + { + "ref": "tw-elements@1.1.0", + "dependsOn": [ + "@popperjs/core@2.11.8", + "chart.js@3.9.1", + "chartjs-plugin-datalabels@2.2.0", + "deepmerge@4.3.1", + "detect-autofill@1.1.4", + "perfect-scrollbar@1.5.5", + "tw-elements@1.1.0|tailwindcss@3.3.0" + ] + }, + { + "ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "dependsOn": [ + "arg@5.0.2", + "chokidar@3.5.3", + "color-name@1.1.4", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "tw-elements@1.1.0|postcss-import@14.1.0", + "postcss-js@4.0.1", + "tw-elements@1.1.0|postcss-load-config@3.1.4", + "tw-elements@1.1.0|postcss-nested@6.0.0", + "postcss-selector-parser@6.0.16", + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "quick-lru@5.1.1", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "dependsOn": [ + "lilconfig@2.1.0", + "postcss@8.4.38", + "ts-node@10.9.2", + "tw-elements@1.1.0|yaml@1.10.2" + ] + }, + { + "ref": "tw-elements@1.1.0|yaml@1.10.2" + }, + { + "ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "@popperjs/core@2.11.8" + }, + { + "ref": "chart.js@3.9.1" + }, + { + "ref": "chartjs-plugin-datalabels@2.2.0", + "dependsOn": [ + "chart.js@3.9.1" + ] + }, + { + "ref": "deepmerge@4.3.1" + }, + { + "ref": "detect-autofill@1.1.4", + "dependsOn": [ + "custom-event-polyfill@1.0.7" + ] + }, + { + "ref": "custom-event-polyfill@1.0.7" + }, + { + "ref": "perfect-scrollbar@1.5.5" + }, + { + "ref": "color-name@1.1.4" + }, + { + "ref": "quick-lru@5.1.1" + }, + { + "ref": "validator@13.12.0" + }, + { + "ref": "winston@3.13.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@dabh/diagnostics@2.0.3", + "async@3.2.5", + "is-stream@2.0.1", + "logform@2.6.0", + "one-time@1.0.0", + "readable-stream@3.6.2", + "safe-stable-stringify@2.4.3", + "stack-trace@0.0.10", + "triple-beam@1.4.1", + "winston-transport@4.7.0" + ] + }, + { + "ref": "xml-formatter@3.6.2", + "dependsOn": [ + "xml-parser-xo@4.1.1" + ] + }, + { + "ref": "xml-parser-xo@4.1.1" + }, + { + "ref": "xml2js@0.6.2", + "dependsOn": [ + "sax@1.2.1", + "xmlbuilder@11.0.1" + ] + }, + { + "ref": "@mitre/heimdall-lite@2.10.9", + "dependsOn": [ + "express@4.19.2" + ] + }, + { + "ref": "express@4.19.2", + "dependsOn": [ + "accepts@1.3.8", + "array-flatten@1.1.1", + "body-parser@1.20.2", + "content-disposition@0.5.4", + "content-type@1.0.5", + "cookie-signature@1.0.6", + "cookie@0.6.0", + "express@4.19.2|debug@2.6.9", + "depd@2.0.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "finalhandler@1.2.0", + "fresh@0.5.2", + "http-errors@2.0.0", + "merge-descriptors@1.0.1", + "methods@1.1.2", + "on-finished@2.4.1", + "parseurl@1.3.3", + "path-to-regexp@0.1.7", + "proxy-addr@2.0.7", + "qs@6.11.0", + "range-parser@1.2.1", + "safe-buffer@5.2.1", + "send@0.18.0", + "serve-static@1.15.0", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "type-is@1.6.18", + "utils-merge@1.0.1", + "vary@1.1.2" + ] + }, + { + "ref": "express@4.19.2|debug@2.6.9", + "dependsOn": [ + "express@4.19.2|ms@2.0.0" + ] + }, + { + "ref": "express@4.19.2|ms@2.0.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1", + "dependsOn": [ + "@types/flat@5.0.5", + "@types/he@1.2.3", + "@types/json-diff@0.7.0", + "@types/jstoxml@2.0.4", + "@types/lodash@4.17.4", + "@types/mustache@4.2.5", + "@types/pretty@2.0.3", + "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "flat@5.0.2", + "he@1.2.0", + "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "inspecjs@2.10.8", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json-diff@0.9.1", + "jstoxml@3.2.10", + "lodash@4.17.21", + "mustache@4.2.0", + "pretty@2.0.0", + "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "winston@3.13.0", + "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "@mitre/inspec-objects@1.0.1|entities@3.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "rimraf@3.0.2", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "terminal-link@2.1.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "dependsOn": [ + "@types/node@20.14.1", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "dependsOn": [ + "execa@5.1.1", + "p-limit@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "micromatch@4.0.5", + "parse-json@5.2.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "is-generator-fn@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "p-limit@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/babel__traverse@7.20.5", + "@types/prettier@2.7.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "natural-compare@1.4.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "semver@7.6.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "ansi-regex@5.0.1", + "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "execa@5.1.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "jest-pnp-resolver@1.2.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "leven@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "string-length@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "prompts@2.4.2", + "yargs@17.7.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + }, + { + "ref": "@types/flat@5.0.5" + }, + { + "ref": "@types/he@1.2.3" + }, + { + "ref": "@types/json-diff@0.7.0" + }, + { + "ref": "@types/jstoxml@2.0.4" + }, + { + "ref": "@types/lodash@4.17.4" + }, + { + "ref": "@types/pretty@2.0.3" + }, + { + "ref": "flat@5.0.2" + }, + { + "ref": "he@1.2.0" + }, + { + "ref": "domelementtype@2.3.0" + }, + { + "ref": "chalk@4.1.2", + "dependsOn": [ + "ansi-styles@4.3.0", + "chalk@4.1.2|supports-color@7.2.0" + ] + }, + { + "ref": "chalk@4.1.2|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "slash@3.0.0" + }, + { + "ref": "@bcoe/v8-coverage@0.2.3" + }, + { + "ref": "collect-v8-coverage@1.0.2" + }, + { + "ref": "exit@0.1.2" + }, + { + "ref": "glob@7.2.3", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "glob@7.2.3|minimatch@3.1.2", + "once@1.4.0", + "path-is-absolute@1.0.1" + ] + }, + { + "ref": "glob@7.2.3|minimatch@3.1.2", + "dependsOn": [ + "glob@7.2.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "glob@7.2.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "graceful-fs@4.2.11" + }, + { + "ref": "istanbul-lib-coverage@3.2.2" + }, + { + "ref": "@babel/core@7.24.4", + "dependsOn": [ + "@ampproject/remapping@2.3.0", + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-compilation-targets@7.23.6", + "@babel/helper-module-transforms@7.23.3", + "@babel/helpers@7.24.4", + "@babel/parser@7.24.4", + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "convert-source-map@2.0.0", + "debug@4.3.4", + "gensync@1.0.0-beta.2", + "json5@2.2.3", + "@babel/core@7.24.4|semver@6.3.1" + ] + }, + { + "ref": "@babel/core@7.24.4|semver@6.3.1" + }, + { + "ref": "@babel/parser@7.24.4" + }, + { + "ref": "@istanbuljs/schema@0.1.3" + }, + { + "ref": "istanbul-lib-report@3.0.1", + "dependsOn": [ + "istanbul-lib-coverage@3.2.2", + "make-dir@4.0.0", + "istanbul-lib-report@3.0.1|supports-color@7.2.0" + ] + }, + { + "ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "istanbul-lib-source-maps@4.0.1", + "dependsOn": [ + "debug@4.3.4", + "istanbul-lib-coverage@3.2.2", + "source-map@0.6.1" + ] + }, + { + "ref": "istanbul-reports@3.1.7", + "dependsOn": [ + "html-escaper@2.0.2", + "istanbul-lib-report@3.0.1" + ] + }, + { + "ref": "merge-stream@2.0.0" + }, + { + "ref": "supports-color@8.1.1", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "string-length@4.0.2", + "dependsOn": [ + "char-regex@1.0.2", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "terminal-link@2.1.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "supports-hyperlinks@2.3.0" + ] + }, + { + "ref": "ansi-escapes@4.3.2", + "dependsOn": [ + "type-fest@0.21.3" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0", + "dependsOn": [ + "has-flag@4.0.0", + "supports-hyperlinks@2.3.0|supports-color@7.2.0" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "v8-to-istanbul@9.2.0", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "@types/istanbul-lib-coverage@2.0.6", + "convert-source-map@2.0.0" + ] + }, + { + "ref": "@types/istanbul-lib-coverage@2.0.6" + }, + { + "ref": "babel-plugin-istanbul@6.1.1", + "dependsOn": [ + "@babel/helper-plugin-utils@7.24.0", + "@istanbuljs/load-nyc-config@1.1.0", + "@istanbuljs/schema@0.1.3", + "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "test-exclude@6.0.0" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "babel-plugin-istanbul@6.1.1|semver@6.3.1" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1" + }, + { + "ref": "fast-json-stable-stringify@2.1.0" + }, + { + "ref": "write-file-atomic@4.0.2", + "dependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@3.0.7" + ] + }, + { + "ref": "execa@5.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "get-stream@6.0.1", + "human-signals@2.1.0", + "is-stream@2.0.1", + "merge-stream@2.0.0", + "npm-run-path@4.0.1", + "onetime@5.1.2", + "signal-exit@3.0.7", + "strip-final-newline@2.0.0" + ] + }, + { + "ref": "p-limit@3.1.0", + "dependsOn": [ + "yocto-queue@0.1.0" + ] + }, + { + "ref": "co@4.6.0" + }, + { + "ref": "is-generator-fn@2.1.0" + }, + { + "ref": "stack-utils@2.0.6", + "dependsOn": [ + "stack-utils@2.0.6|escape-string-regexp@2.0.0" + ] + }, + { + "ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0" + }, + { + "ref": "parse-json@5.2.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "error-ex@1.3.2", + "json-parse-even-better-errors@2.3.1", + "lines-and-columns@1.2.4" + ] + }, + { + "ref": "strip-json-comments@3.1.1" + }, + { + "ref": "@types/graceful-fs@4.1.9", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "anymatch@3.1.3", + "dependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.1" + ] + }, + { + "ref": "fb-watchman@2.0.2", + "dependsOn": [ + "bser@2.1.1" + ] + }, + { + "ref": "fsevents@2.3.3" + }, + { + "ref": "walker@1.0.8", + "dependsOn": [ + "makeerror@1.0.12" + ] + }, + { + "ref": "@babel/code-frame@7.24.2", + "dependsOn": [ + "@babel/highlight@7.24.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "@types/stack-utils@2.0.3" + }, + { + "ref": "jest-pnp-resolver@1.2.3", + "dependsOn": [ + "jest-resolve@29.7.0" + ] + }, + { + "ref": "detect-newline@3.1.0" + }, + { + "ref": "source-map-support@0.5.13", + "dependsOn": [ + "buffer-from@1.1.2", + "source-map@0.6.1" + ] + }, + { + "ref": "type-detect@4.0.8" + }, + { + "ref": "callsites@3.1.0" + }, + { + "ref": "cjs-module-lexer@1.2.3" + }, + { + "ref": "strip-bom@4.0.0" + }, + { + "ref": "@babel/generator@7.24.4", + "dependsOn": [ + "@babel/types@7.24.0", + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25", + "@babel/generator@7.24.4|jsesc@2.5.2" + ] + }, + { + "ref": "@babel/generator@7.24.4|jsesc@2.5.2" + }, + { + "ref": "@babel/plugin-syntax-typescript@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-function-name@7.23.0", + "@babel/helper-hoist-variables@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "debug@4.3.4", + "@babel/traverse@7.24.1|globals@11.12.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1|globals@11.12.0" + }, + { + "ref": "@babel/types@7.24.0", + "dependsOn": [ + "@babel/helper-string-parser@7.24.1", + "@babel/helper-validator-identifier@7.22.20", + "to-fast-properties@2.0.0" + ] + }, + { + "ref": "@types/babel__traverse@7.20.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/prettier@2.7.3" + }, + { + "ref": "babel-preset-current-node-syntax@1.0.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/plugin-syntax-async-generators@7.8.4", + "@babel/plugin-syntax-bigint@7.8.3", + "@babel/plugin-syntax-class-properties@7.12.13", + "@babel/plugin-syntax-import-meta@7.10.4", + "@babel/plugin-syntax-json-strings@7.8.3", + "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-numeric-separator@7.10.4", + "@babel/plugin-syntax-object-rest-spread@7.8.3", + "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-syntax-top-level-await@7.14.5" + ] + }, + { + "ref": "natural-compare@1.4.0" + }, + { + "ref": "leven@3.1.0" + }, + { + "ref": "react-is@18.2.0" + }, + { + "ref": "rimraf@3.0.2", + "dependsOn": [ + "glob@7.2.3" + ] + }, + { + "ref": "@types/istanbul-reports@3.0.4", + "dependsOn": [ + "@types/istanbul-lib-report@3.0.3" + ] + }, + { + "ref": "@types/yargs@17.0.32", + "dependsOn": [ + "@types/yargs-parser@21.0.3" + ] + }, + { + "ref": "import-local@3.1.0", + "dependsOn": [ + "pkg-dir@4.2.0", + "resolve-cwd@3.0.0" + ] + }, + { + "ref": "prompts@2.4.2", + "dependsOn": [ + "kleur@3.0.3", + "sisteransi@1.0.5" + ] + }, + { + "ref": "kleur@3.0.3" + }, + { + "ref": "sisteransi@1.0.5" + }, + { + "ref": "yargs@17.7.2", + "dependsOn": [ + "cliui@8.0.1", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs@17.7.2|yargs-parser@21.1.1" + ] + }, + { + "ref": "yargs@17.7.2|yargs-parser@21.1.1" + }, + { + "ref": "json-diff@0.9.1", + "dependsOn": [ + "cli-color@2.0.4", + "difflib@0.2.4", + "dreamopt@0.8.0" + ] + }, + { + "ref": "cli-color@2.0.4", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "memoizee@0.4.15", + "timers-ext@0.1.7" + ] + }, + { + "ref": "d@1.0.2", + "dependsOn": [ + "es5-ext@0.10.64", + "type@2.7.2" + ] + }, + { + "ref": "es5-ext@0.10.64", + "dependsOn": [ + "es6-iterator@2.0.3", + "es6-symbol@3.1.4", + "esniff@2.0.1", + "next-tick@1.1.0" + ] + }, + { + "ref": "type@2.7.2" + }, + { + "ref": "es6-iterator@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "es6-symbol@3.1.4", + "dependsOn": [ + "d@1.0.2", + "ext@1.7.0" + ] + }, + { + "ref": "ext@1.7.0", + "dependsOn": [ + "type@2.7.2" + ] + }, + { + "ref": "esniff@2.0.1", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "event-emitter@0.3.5", + "type@2.7.2" + ] + }, + { + "ref": "event-emitter@0.3.5", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64" + ] + }, + { + "ref": "next-tick@1.1.0" + }, + { + "ref": "memoizee@0.4.15", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-weak-map@2.0.3", + "event-emitter@0.3.5", + "is-promise@2.2.2", + "lru-queue@0.1.0", + "next-tick@1.1.0", + "timers-ext@0.1.7" + ] + }, + { + "ref": "es6-weak-map@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "is-promise@2.2.2" + }, + { + "ref": "lru-queue@0.1.0", + "dependsOn": [ + "es5-ext@0.10.64" + ] + }, + { + "ref": "timers-ext@0.1.7", + "dependsOn": [ + "es5-ext@0.10.64", + "next-tick@1.1.0" + ] + }, + { + "ref": "difflib@0.2.4", + "dependsOn": [ + "heap@0.2.7" + ] + }, + { + "ref": "heap@0.2.7" + }, + { + "ref": "dreamopt@0.8.0", + "dependsOn": [ + "wordwrap@1.0.0" + ] + }, + { + "ref": "wordwrap@1.0.0" + }, + { + "ref": "jstoxml@3.2.10" + }, + { + "ref": "pretty@2.0.0", + "dependsOn": [ + "condense-newlines@0.2.1", + "extend-shallow@2.0.1", + "js-beautify@1.15.1" + ] + }, + { + "ref": "condense-newlines@0.2.1", + "dependsOn": [ + "extend-shallow@2.0.1", + "is-whitespace@0.3.0", + "kind-of@3.2.2" + ] + }, + { + "ref": "extend-shallow@2.0.1", + "dependsOn": [ + "is-extendable@0.1.1" + ] + }, + { + "ref": "is-whitespace@0.3.0" + }, + { + "ref": "kind-of@3.2.2", + "dependsOn": [ + "is-buffer@1.1.6" + ] + }, + { + "ref": "is-buffer@1.1.6" + }, + { + "ref": "is-extendable@0.1.1" + }, + { + "ref": "js-beautify@1.15.1", + "dependsOn": [ + "config-chain@1.1.13", + "editorconfig@1.0.4", + "js-beautify@1.15.1|glob@10.3.12", + "js-cookie@3.0.5", + "nopt@7.2.0" + ] + }, + { + "ref": "js-beautify@1.15.1|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "js-beautify@1.15.1|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "js-beautify@1.15.1|minipass@7.0.4" + }, + { + "ref": "config-chain@1.1.13", + "dependsOn": [ + "ini@1.3.8", + "proto-list@1.2.4" + ] + }, + { + "ref": "ini@1.3.8" + }, + { + "ref": "proto-list@1.2.4" + }, + { + "ref": "editorconfig@1.0.4", + "dependsOn": [ + "@one-ini/wasm@0.1.1", + "commander@10.0.1", + "editorconfig@1.0.4|minimatch@9.0.1", + "semver@7.6.2" + ] + }, + { + "ref": "editorconfig@1.0.4|minimatch@9.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "@one-ini/wasm@0.1.1" + }, + { + "ref": "commander@10.0.1" + }, + { + "ref": "brace-expansion@2.0.1", + "dependsOn": [ + "balanced-match@1.0.2" + ] + }, + { + "ref": "js-cookie@3.0.5" + }, + { + "ref": "nopt@7.2.0", + "dependsOn": [ + "abbrev@2.0.0" + ] + }, + { + "ref": "abbrev@2.0.0" + }, + { + "ref": "@types/babel__core@7.20.5", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "@types/babel__generator@7.6.8", + "@types/babel__template@7.4.4", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@babel/template@7.24.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "bs-logger@0.2.6", + "dependsOn": [ + "fast-json-stable-stringify@2.1.0" + ] + }, + { + "ref": "json5@2.2.3" + }, + { + "ref": "lodash.memoize@4.1.2" + }, + { + "ref": "@oclif/core@3.26.9", + "dependsOn": [ + "@types/cli-progress@3.11.5", + "ansi-escapes@4.3.2", + "ansi-styles@4.3.0", + "cardinal@2.1.1", + "chalk@4.1.2", + "clean-stack@3.0.1", + "cli-progress@3.12.0", + "color@4.2.3", + "@oclif/core@3.26.9|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "hyperlinker@1.0.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "@oclif/core@3.26.9|js-yaml@3.14.1", + "minimatch@9.0.4", + "natural-orderby@2.0.3", + "object-treeify@1.1.33", + "password-prompt@1.1.3", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "supports-color@8.1.1", + "supports-hyperlinks@2.3.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/core@3.26.9|debug@4.3.5", + "dependsOn": [ + "@oclif/core@3.26.9|ms@2.1.2" + ] + }, + { + "ref": "@oclif/core@3.26.9|ms@2.1.2" + }, + { + "ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "dependsOn": [ + "@oclif/core@3.26.9|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@oclif/core@3.26.9|argparse@1.0.10", + "dependsOn": [ + "@oclif/core@3.26.9|sprintf-js@1.0.3" + ] + }, + { + "ref": "@oclif/core@3.26.9|sprintf-js@1.0.3" + }, + { + "ref": "@types/cli-progress@3.11.5", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "type-fest@0.21.3" + }, + { + "ref": "color-convert@2.0.1", + "dependsOn": [ + "color-name@1.1.4" + ] + }, + { + "ref": "cardinal@2.1.1", + "dependsOn": [ + "ansicolors@0.3.2", + "redeyed@2.1.1" + ] + }, + { + "ref": "ansicolors@0.3.2" + }, + { + "ref": "redeyed@2.1.1", + "dependsOn": [ + "esprima@4.0.1" + ] + }, + { + "ref": "esprima@4.0.1" + }, + { + "ref": "has-flag@4.0.0" + }, + { + "ref": "clean-stack@3.0.1", + "dependsOn": [ + "escape-string-regexp@4.0.0" + ] + }, + { + "ref": "escape-string-regexp@4.0.0" + }, + { + "ref": "cli-progress@3.12.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "color@4.2.3", + "dependsOn": [ + "color-convert@2.0.1", + "color-string@1.9.1" + ] + }, + { + "ref": "color-string@1.9.1", + "dependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2", + "dependsOn": [ + "simple-swizzle@0.2.2|is-arrayish@0.3.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2" + }, + { + "ref": "ejs@3.1.10", + "dependsOn": [ + "jake@10.8.7" + ] + }, + { + "ref": "jake@10.8.7", + "dependsOn": [ + "async@3.2.5", + "chalk@4.1.2", + "filelist@1.0.4", + "jake@10.8.7|minimatch@3.1.2" + ] + }, + { + "ref": "jake@10.8.7|minimatch@3.1.2", + "dependsOn": [ + "jake@10.8.7|brace-expansion@1.1.11" + ] + }, + { + "ref": "jake@10.8.7|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "async@3.2.5" + }, + { + "ref": "filelist@1.0.4", + "dependsOn": [ + "filelist@1.0.4|minimatch@5.1.6" + ] + }, + { + "ref": "filelist@1.0.4|minimatch@5.1.6", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "balanced-match@1.0.2" + }, + { + "ref": "concat-map@0.0.1" + }, + { + "ref": "get-package-type@0.1.0" + }, + { + "ref": "globby@11.1.0", + "dependsOn": [ + "array-union@2.1.0", + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "slash@3.0.0" + ] + }, + { + "ref": "array-union@2.1.0" + }, + { + "ref": "dir-glob@3.0.1", + "dependsOn": [ + "path-type@4.0.0" + ] + }, + { + "ref": "path-type@4.0.0" + }, + { + "ref": "ignore@5.3.1" + }, + { + "ref": "hyperlinker@1.0.0" + }, + { + "ref": "indent-string@4.0.0" + }, + { + "ref": "is-wsl@2.2.0", + "dependsOn": [ + "is-docker@2.2.1" + ] + }, + { + "ref": "is-docker@2.2.1" + }, + { + "ref": "natural-orderby@2.0.3" + }, + { + "ref": "object-treeify@1.1.33" + }, + { + "ref": "password-prompt@1.1.3", + "dependsOn": [ + "ansi-escapes@4.3.2", + "cross-spawn@7.0.3" + ] + }, + { + "ref": "slice-ansi@4.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "astral-regex@2.0.0", + "is-fullwidth-code-point@3.0.0" + ] + }, + { + "ref": "astral-regex@2.0.0" + }, + { + "ref": "widest-line@3.1.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0", + "dependsOn": [ + "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0" + }, + { + "ref": "ansis@3.2.0" + }, + { + "ref": "cli-spinners@2.9.2" + }, + { + "ref": "cosmiconfig@9.0.0", + "dependsOn": [ + "env-paths@2.2.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "typescript@5.1.6" + ] + }, + { + "ref": "env-paths@2.2.1" + }, + { + "ref": "import-fresh@3.3.0", + "dependsOn": [ + "parent-module@1.0.1", + "resolve-from@4.0.0" + ] + }, + { + "ref": "js-yaml@4.1.0", + "dependsOn": [ + "argparse@2.0.1" + ] + }, + { + "ref": "error-ex@1.3.2", + "dependsOn": [ + "is-arrayish@0.2.1" + ] + }, + { + "ref": "json-parse-even-better-errors@2.3.1" + }, + { + "ref": "typescript@5.1.6" + }, + { + "ref": "debug@4.3.4", + "dependsOn": [ + "debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "debug@4.3.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "npm@10.8.0", + "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "semver@7.6.2", + "validate-npm-package-name@5.0.1", + "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2", + "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "semver@7.6.2", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + }, + { + "ref": "hosted-git-info@7.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2|lru-cache@10.2.2" + ] + }, + { + "ref": "hosted-git-info@7.0.2|lru-cache@10.2.2" + }, + { + "ref": "validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/config@8.3.2", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|abbrev@2.0.0", + "npm@10.8.0|archy@1.0.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|chalk@5.3.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|cli-columns@4.0.0", + "npm@10.8.0|fastest-levenshtein@1.0.16", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|init-package-json@6.0.3", + "npm@10.8.0|is-cidr@5.0.5", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|libnpmaccess@8.0.6", + "npm@10.8.0|libnpmdiff@6.1.2", + "npm@10.8.0|libnpmexec@8.1.1", + "npm@10.8.0|libnpmfund@5.0.10", + "npm@10.8.0|libnpmhook@10.0.5", + "npm@10.8.0|libnpmorg@6.0.6", + "npm@10.8.0|libnpmpack@7.0.2", + "npm@10.8.0|libnpmpublish@9.0.8", + "npm@10.8.0|libnpmsearch@7.0.5", + "npm@10.8.0|libnpmteam@6.0.5", + "npm@10.8.0|libnpmversion@6.0.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|ms@2.1.3", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-audit-report@5.0.0", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-profile@10.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|npm-user-validate@2.0.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|qrcode-terminal@0.12.0", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|spdx-expression-parse@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|supports-color@9.4.0", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|text-table@0.2.0", + "npm@10.8.0|tiny-relative-date@1.3.0", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|validate-npm-package-name@5.0.1", + "npm@10.8.0|which@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0" + }, + { + "ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/query@3.1.0", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|bin-links@4.0.4", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|common-ancestor-path@1.0.1", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|json-stringify-nice@1.1.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|proggy@2.0.0", + "npm@10.8.0|promise-all-reject-late@1.0.1", + "npm@10.8.0|promise-call-limit@3.0.1", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "dependsOn": [ + "npm@10.8.0|npm-bundled@3.0.1", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-bundled@3.0.1", + "dependsOn": [ + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|read-package-json-fast@3.0.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "dependsOn": [ + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|cacache@18.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass-collect@2.0.1", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|unique-filename@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2" + }, + { + "ref": "npm@10.8.0|pacote@18.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-packlist@8.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|proc-log@4.2.0" + }, + { + "ref": "npm@10.8.0|semver@7.6.2" + }, + { + "ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/query@3.1.0", + "dependsOn": [ + "npm@10.8.0|postcss-selector-parser@6.0.16" + ] + }, + { + "ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "dependsOn": [ + "npm@10.8.0|cssesc@3.0.0", + "npm@10.8.0|util-deprecate@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|cssesc@3.0.0" + }, + { + "ref": "npm@10.8.0|util-deprecate@1.0.2" + }, + { + "ref": "npm@10.8.0|@npmcli/redact@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|bin-links@4.0.4", + "dependsOn": [ + "npm@10.8.0|cmd-shim@6.0.3", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|read-cmd-shim@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|cmd-shim@6.0.3" + }, + { + "ref": "npm@10.8.0|read-cmd-shim@4.0.0" + }, + { + "ref": "npm@10.8.0|write-file-atomic@5.0.1", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|common-ancestor-path@1.0.1" + }, + { + "ref": "npm@10.8.0|hosted-git-info@7.0.2", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2" + ] + }, + { + "ref": "npm@10.8.0|json-stringify-nice@1.1.4" + }, + { + "ref": "npm@10.8.0|lru-cache@10.2.2" + }, + { + "ref": "npm@10.8.0|minimatch@9.0.4", + "dependsOn": [ + "npm@10.8.0|brace-expansion@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|nopt@7.2.1", + "dependsOn": [ + "npm@10.8.0|abbrev@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|npm-install-checks@6.3.0", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-package-arg@11.0.2", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "dependsOn": [ + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-json-stream@1.0.1", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|just-diff-apply@5.5.0", + "npm@10.8.0|just-diff@6.0.2" + ] + }, + { + "ref": "npm@10.8.0|proggy@2.0.0" + }, + { + "ref": "npm@10.8.0|promise-all-reject-late@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-call-limit@3.0.1" + }, + { + "ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ssri@10.0.6", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|treeverse@3.0.0" + }, + { + "ref": "npm@10.8.0|walk-up-path@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/config@8.3.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ci-info@4.0.0" + }, + { + "ref": "npm@10.8.0|ini@4.1.2" + }, + { + "ref": "npm@10.8.0|glob@10.3.15", + "dependsOn": [ + "npm@10.8.0|foreground-child@3.1.1", + "npm@10.8.0|jackspeak@2.3.6", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|path-scurry@1.11.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/git@5.0.7", + "dependsOn": [ + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-inflight@1.0.1", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "dependsOn": [ + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|promise-inflight@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-retry@2.0.1", + "dependsOn": [ + "npm@10.8.0|err-code@2.0.3", + "npm@10.8.0|retry@0.12.0" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0", + "dependsOn": [ + "npm@10.8.0|which@4.0.0|isexe@3.1.1" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1" + }, + { + "ref": "npm@10.8.0|normalize-package-data@6.0.1", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|is-core-module@2.13.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0", + "dependsOn": [ + "npm@10.8.0|env-paths@2.2.1", + "npm@10.8.0|exponential-backoff@3.1.1", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0" + }, + { + "ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|tuf-js@2.2.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + }, + { + "ref": "npm@10.8.0|tuf-js@2.2.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/models@2.0.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|make-fetch-happen@13.0.1" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/models@2.0.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0" + }, + { + "ref": "npm@10.8.0|debug@4.3.4", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2" + }, + { + "ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/agent@2.2.2", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|http-cache-semantics@4.1.1", + "npm@10.8.0|is-lambda@1.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|negotiator@0.6.3", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|abbrev@2.0.0" + }, + { + "ref": "npm@10.8.0|archy@1.0.0" + }, + { + "ref": "npm@10.8.0|fs-minipass@3.0.3", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass-collect@2.0.1", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass@7.1.1" + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5", + "dependsOn": [ + "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|yallist@4.0.0" + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "dependsOn": [ + "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|p-map@4.0.0", + "dependsOn": [ + "npm@10.8.0|aggregate-error@3.1.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1", + "dependsOn": [ + "npm@10.8.0|chownr@2.0.0", + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|mkdirp@1.0.4", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "dependsOn": [ + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0" + }, + { + "ref": "npm@10.8.0|unique-filename@3.0.0", + "dependsOn": [ + "npm@10.8.0|unique-slug@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|unique-slug@4.0.0", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4" + ] + }, + { + "ref": "npm@10.8.0|imurmurhash@0.1.4" + }, + { + "ref": "npm@10.8.0|chalk@5.3.0" + }, + { + "ref": "npm@10.8.0|cli-columns@4.0.0", + "dependsOn": [ + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|string-width@4.2.3", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|emoji-regex@8.0.0" + }, + { + "ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0" + }, + { + "ref": "npm@10.8.0|strip-ansi@6.0.1", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|ansi-regex@5.0.1" + }, + { + "ref": "npm@10.8.0|fastest-levenshtein@1.0.16" + }, + { + "ref": "npm@10.8.0|foreground-child@3.1.1", + "dependsOn": [ + "npm@10.8.0|cross-spawn@7.0.3", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3", + "dependsOn": [ + "npm@10.8.0|path-key@3.1.1", + "npm@10.8.0|shebang-command@2.0.0", + "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "dependsOn": [ + "npm@10.8.0|isexe@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|path-key@3.1.1" + }, + { + "ref": "npm@10.8.0|shebang-command@2.0.0", + "dependsOn": [ + "npm@10.8.0|shebang-regex@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|shebang-regex@3.0.0" + }, + { + "ref": "npm@10.8.0|isexe@2.0.0" + }, + { + "ref": "npm@10.8.0|signal-exit@4.1.0" + }, + { + "ref": "npm@10.8.0|jackspeak@2.3.6", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2", + "npm@10.8.0|@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "dependsOn": [ + "BomRef.6h760ft6oi8.7sr4bitkllo", + "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.uih8rvtlbdo.33q7f9m1mj", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "npm@10.8.0|wrap-ansi@7.0.0", + "npm@10.8.0|wrap-ansi@8.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "dependsOn": [ + "npm@10.8.0|color-convert@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|color-convert@2.0.1", + "dependsOn": [ + "npm@10.8.0|color-name@1.1.4" + ] + }, + { + "ref": "npm@10.8.0|color-name@1.1.4" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0", + "dependsOn": [ + "npm@10.8.0|ansi-styles@6.2.1", + "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + }, + { + "ref": "npm@10.8.0|ansi-styles@6.2.1" + }, + { + "ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0" + }, + { + "ref": "npm@10.8.0|path-scurry@1.11.1", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|graceful-fs@4.2.11" + }, + { + "ref": "npm@10.8.0|init-package-json@6.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|promzard@1.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|promzard@1.0.2", + "dependsOn": [ + "npm@10.8.0|read@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|read@3.0.1", + "dependsOn": [ + "npm@10.8.0|mute-stream@1.0.0" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0", + "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-exceptions@2.5.0" + }, + { + "ref": "npm@10.8.0|spdx-license-ids@3.0.17" + }, + { + "ref": "npm@10.8.0|validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0|is-cidr@5.0.5", + "dependsOn": [ + "npm@10.8.0|cidr-regex@4.0.5" + ] + }, + { + "ref": "npm@10.8.0|cidr-regex@4.0.5", + "dependsOn": [ + "npm@10.8.0|ip-regex@5.0.0" + ] + }, + { + "ref": "npm@10.8.0|ip-regex@5.0.0" + }, + { + "ref": "npm@10.8.0|libnpmaccess@8.0.6", + "dependsOn": [ + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmdiff@6.1.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|binary-extensions@2.3.0", + "npm@10.8.0|diff@5.2.0", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|binary-extensions@2.3.0" + }, + { + "ref": "npm@10.8.0|diff@5.2.0" + }, + { + "ref": "npm@10.8.0|libnpmexec@8.1.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmfund@5.0.10", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmhook@10.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|aproba@2.0.0" + }, + { + "ref": "npm@10.8.0|libnpmorg@6.0.6", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmpack@7.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6" + ] + }, + { + "ref": "npm@10.8.0|libnpmpublish@9.0.8", + "dependsOn": [ + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|sigstore@2.3.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|@sigstore/sign@2.3.1", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|@sigstore/verify@1.2.0" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/core@1.1.0" + }, + { + "ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmsearch@7.0.5", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmteam@6.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmversion@6.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|http-proxy-agent@7.0.2", + "npm@10.8.0|https-proxy-agent@7.0.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|socks-proxy-agent@8.0.3" + ] + }, + { + "ref": "npm@10.8.0|agent-base@7.1.1", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|socks@2.8.3" + ] + }, + { + "ref": "npm@10.8.0|socks@2.8.3", + "dependsOn": [ + "npm@10.8.0|ip-address@9.0.5", + "npm@10.8.0|smart-buffer@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|ip-address@9.0.5", + "dependsOn": [ + "npm@10.8.0|jsbn@1.1.0", + "npm@10.8.0|sprintf-js@1.1.3" + ] + }, + { + "ref": "npm@10.8.0|jsbn@1.1.0" + }, + { + "ref": "npm@10.8.0|sprintf-js@1.1.3" + }, + { + "ref": "npm@10.8.0|smart-buffer@4.2.0" + }, + { + "ref": "npm@10.8.0|http-cache-semantics@4.1.1" + }, + { + "ref": "npm@10.8.0|is-lambda@1.0.1" + }, + { + "ref": "npm@10.8.0|minipass-fetch@3.0.5", + "dependsOn": [ + "npm@10.8.0|encoding@0.1.13", + "npm@10.8.0|minipass-sized@1.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|encoding@0.1.13", + "dependsOn": [ + "npm@10.8.0|iconv-lite@0.6.3" + ] + }, + { + "ref": "npm@10.8.0|iconv-lite@0.6.3", + "dependsOn": [ + "npm@10.8.0|safer-buffer@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|safer-buffer@2.1.2" + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3", + "dependsOn": [ + "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2", + "dependsOn": [ + "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|negotiator@0.6.3" + }, + { + "ref": "npm@10.8.0|err-code@2.0.3" + }, + { + "ref": "npm@10.8.0|retry@0.12.0" + }, + { + "ref": "npm@10.8.0|brace-expansion@2.0.1", + "dependsOn": [ + "npm@10.8.0|balanced-match@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|balanced-match@1.0.2" + }, + { + "ref": "npm@10.8.0|ms@2.1.3" + }, + { + "ref": "npm@10.8.0|env-paths@2.2.1" + }, + { + "ref": "npm@10.8.0|exponential-backoff@3.1.1" + }, + { + "ref": "npm@10.8.0|is-core-module@2.13.1", + "dependsOn": [ + "npm@10.8.0|hasown@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|hasown@2.0.2", + "dependsOn": [ + "npm@10.8.0|function-bind@1.1.2" + ] + }, + { + "ref": "npm@10.8.0|function-bind@1.1.2" + }, + { + "ref": "npm@10.8.0|npm-audit-report@5.0.0" + }, + { + "ref": "npm@10.8.0|npm-profile@10.0.0", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "dependsOn": [ + "npm@10.8.0|jsonparse@1.3.1", + "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|jsonparse@1.3.1" + }, + { + "ref": "npm@10.8.0|npm-user-validate@2.0.1" + }, + { + "ref": "npm@10.8.0|aggregate-error@3.1.0", + "dependsOn": [ + "npm@10.8.0|clean-stack@2.2.0", + "npm@10.8.0|indent-string@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|clean-stack@2.2.0" + }, + { + "ref": "npm@10.8.0|indent-string@4.0.0" + }, + { + "ref": "npm@10.8.0|npm-packlist@8.0.2", + "dependsOn": [ + "npm@10.8.0|ignore-walk@6.0.5" + ] + }, + { + "ref": "npm@10.8.0|ignore-walk@6.0.5", + "dependsOn": [ + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|just-diff-apply@5.5.0" + }, + { + "ref": "npm@10.8.0|just-diff@6.0.2" + }, + { + "ref": "npm@10.8.0|qrcode-terminal@0.12.0" + }, + { + "ref": "npm@10.8.0|mute-stream@1.0.0" + }, + { + "ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|supports-color@9.4.0" + }, + { + "ref": "npm@10.8.0|chownr@2.0.0" + }, + { + "ref": "npm@10.8.0|mkdirp@1.0.4" + }, + { + "ref": "npm@10.8.0|text-table@0.2.0" + }, + { + "ref": "npm@10.8.0|tiny-relative-date@1.3.0" + }, + { + "ref": "@oclif/plugin-version@2.2.2", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "ansis@3.2.0" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-version@2.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "lodash@4.17.21" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "dependsOn": [ + "content-type@1.0.5", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "is-stream@2.0.1", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "dependsOn": [ + "error-ex@1.3.2", + "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "content-type@1.0.5" + }, + { + "ref": "is-stream@2.0.1" + }, + { + "ref": "is-arrayish@0.2.1" + }, + { + "ref": "safe-buffer@5.2.1" + }, + { + "ref": "@oclif/test@3.2.15", + "dependsOn": [ + "@oclif/core@3.26.9", + "chai@4.4.1", + "fancy-test@3.0.15" + ] + }, + { + "ref": "chai@4.4.1", + "dependsOn": [ + "assertion-error@1.1.0", + "check-error@1.0.3", + "deep-eql@4.1.3", + "get-func-name@2.0.2", + "loupe@2.3.7", + "pathval@1.1.1", + "type-detect@4.0.8" + ] + }, + { + "ref": "fancy-test@3.0.15", + "dependsOn": [ + "@types/chai@4.3.14", + "@types/lodash@4.17.4", + "@types/node@20.14.1", + "@types/sinon@17.0.3", + "lodash@4.17.21", + "mock-stdin@1.0.0", + "nock@13.5.4", + "sinon@16.1.3", + "stdout-stderr@0.1.13" + ] + }, + { + "ref": "@types/chai@4.3.14" + }, + { + "ref": "@types/sinon@17.0.3", + "dependsOn": [ + "@types/sinonjs__fake-timers@8.1.5" + ] + }, + { + "ref": "@types/sinonjs__fake-timers@8.1.5" + }, + { + "ref": "mock-stdin@1.0.0" + }, + { + "ref": "nock@13.5.4", + "dependsOn": [ + "debug@4.3.4", + "json-stringify-safe@5.0.1", + "propagate@2.0.1" + ] + }, + { + "ref": "json-stringify-safe@5.0.1" + }, + { + "ref": "propagate@2.0.1" + }, + { + "ref": "sinon@16.1.3", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "@sinonjs/fake-timers@10.3.0", + "@sinonjs/samsam@8.0.0", + "sinon@16.1.3|diff@5.2.0", + "nise@5.1.9", + "sinon@16.1.3|supports-color@7.2.0" + ] + }, + { + "ref": "sinon@16.1.3|diff@5.2.0" + }, + { + "ref": "sinon@16.1.3|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "@sinonjs/commons@3.0.1", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/fake-timers@10.3.0", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0", + "dependsOn": [ + "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "lodash.get@4.4.2", + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "lodash.get@4.4.2" + }, + { + "ref": "nise@5.1.9", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "@sinonjs/text-encoding@0.7.2", + "just-extend@6.2.0", + "nise@5.1.9|path-to-regexp@6.2.2" + ] + }, + { + "ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "nise@5.1.9|path-to-regexp@6.2.2" + }, + { + "ref": "@sinonjs/text-encoding@0.7.2" + }, + { + "ref": "just-extend@6.2.0" + }, + { + "ref": "stdout-stderr@0.1.13", + "dependsOn": [ + "debug@4.3.4", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@smithy/abort-controller@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@types/express@4.17.21", + "dependsOn": [ + "@types/body-parser@1.19.5", + "@types/express-serve-static-core@4.19.0", + "@types/qs@6.9.15", + "@types/serve-static@1.15.7" + ] + }, + { + "ref": "@types/body-parser@1.19.5", + "dependsOn": [ + "@types/connect@3.4.38", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/connect@3.4.38", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/express-serve-static-core@4.19.0", + "dependsOn": [ + "@types/node@20.14.1", + "@types/qs@6.9.15", + "@types/range-parser@1.2.7", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/qs@6.9.15" + }, + { + "ref": "@types/range-parser@1.2.7" + }, + { + "ref": "@types/send@0.17.4", + "dependsOn": [ + "@types/mime@1.3.5", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/mime@1.3.5" + }, + { + "ref": "@types/serve-static@1.15.7", + "dependsOn": [ + "@types/http-errors@2.0.4", + "@types/node@20.14.1", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/http-errors@2.0.4" + }, + { + "ref": "@types/fs-extra@11.0.4", + "dependsOn": [ + "@types/jsonfile@6.1.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/jsonfile@6.1.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/get-installed-path@4.0.3" + }, + { + "ref": "@types/jest@29.5.12", + "dependsOn": [ + "expect@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "expect@29.7.0", + "dependsOn": [ + "@jest/expect-utils@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/expect-utils@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3" + ] + }, + { + "ref": "jest-get-type@29.6.3" + }, + { + "ref": "jest-matcher-utils@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-diff@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "diff-sequences@29.6.3", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "diff-sequences@29.6.3" + }, + { + "ref": "pretty-format@29.7.0", + "dependsOn": [ + "@jest/schemas@29.6.3", + "pretty-format@29.7.0|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "pretty-format@29.7.0|ansi-styles@5.2.0" + }, + { + "ref": "jest-message-util@29.7.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@jest/types@29.6.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/types@29.6.3", + "dependsOn": [ + "@jest/schemas@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "jest-util@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-util@29.7.0|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "jest-util@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/schemas@29.6.3", + "dependsOn": [ + "@sinclair/typebox@0.27.8" + ] + }, + { + "ref": "@sinclair/typebox@0.27.8" + }, + { + "ref": "@types/js-yaml@4.0.9" + }, + { + "ref": "@types/mocha@10.0.6" + }, + { + "ref": "@types/mock-fs@4.13.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "undici-types@5.26.5" + }, + { + "ref": "@types/objects-to-csv@1.3.3" + }, + { + "ref": "@types/prompt-sync@4.2.3" + }, + { + "ref": "@types/tmp@0.2.6" + }, + { + "ref": "@types/uuid@9.0.8" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0", + "dependsOn": [ + "@eslint-community/regexpp@4.10.0", + "@typescript-eslint/parser@7.7.1", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/type-utils@7.12.0", + "@typescript-eslint/utils@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "eslint@8.57.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "natural-compare@1.4.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@eslint-community/regexpp@4.10.0" + }, + { + "ref": "@typescript-eslint/parser@7.7.1", + "dependsOn": [ + "@typescript-eslint/scope-manager@7.7.1", + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/typescript-estree@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/scope-manager@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1" + ] + }, + { + "ref": "@typescript-eslint/types@7.7.1" + }, + { + "ref": "@typescript-eslint/visitor-keys@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/typescript-estree@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "ts-api-utils@1.3.0", + "dependsOn": [ + "typescript@5.1.6" + ] + }, + { + "ref": "eslint-visitor-keys@3.4.3" + }, + { + "ref": "eslint@8.57.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@eslint-community/regexpp@4.10.0", + "@eslint/eslintrc@2.1.4", + "@eslint/js@8.57.0", + "@humanwhocodes/config-array@0.11.14", + "@humanwhocodes/module-importer@1.0.1", + "@nodelib/fs.walk@1.2.8", + "@ungap/structured-clone@1.2.0", + "eslint@8.57.0|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "escape-string-regexp@4.0.0", + "eslint-scope@7.2.2", + "eslint-visitor-keys@3.4.3", + "espree@9.6.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "find-up@5.0.0", + "glob-parent@6.0.2", + "globals@13.24.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "is-path-inside@3.0.3", + "js-yaml@4.1.0", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint@8.57.0|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "strip-ansi@6.0.1", + "text-table@0.2.0" + ] + }, + { + "ref": "eslint@8.57.0|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint@8.57.0|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint@8.57.0|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint@8.57.0|minimatch@3.1.2", + "dependsOn": [ + "eslint@8.57.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint@8.57.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "@typescript-eslint/utils@7.12.0", + "debug@4.3.4", + "eslint@8.57.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@eslint-community/eslint-utils@4.4.0", + "dependsOn": [ + "eslint-visitor-keys@3.4.3", + "eslint@8.57.0" + ] + }, + { + "ref": "graphemer@1.4.0" + }, + { + "ref": "accurate-search@1.2.15" + }, + { + "ref": "ajv@8.16.0", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "json-schema-traverse@1.0.0", + "require-from-string@2.0.2", + "uri-js@4.4.1" + ] + }, + { + "ref": "fast-deep-equal@3.1.3" + }, + { + "ref": "json-schema-traverse@1.0.0" + }, + { + "ref": "require-from-string@2.0.2" + }, + { + "ref": "uri-js@4.4.1", + "dependsOn": [ + "punycode@2.3.1" + ] + }, + { + "ref": "punycode@2.3.1" + }, + { + "ref": "form-data@4.0.0", + "dependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "mime-types@2.1.35" + ] + }, + { + "ref": "proxy-from-env@1.1.0" + }, + { + "ref": "assertion-error@1.1.0" + }, + { + "ref": "check-error@1.0.3", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "get-func-name@2.0.2" + }, + { + "ref": "deep-eql@4.1.3", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "loupe@2.3.7", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "pathval@1.1.1" + }, + { + "ref": "colors@1.4.0" + }, + { + "ref": "csv-parse@4.16.3" + }, + { + "ref": "dotenv@16.4.5" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "functional-red-black-tree@1.0.1", + "ignore@5.3.1", + "regexpp@3.2.0", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "enquirer@2.4.1", + "escape-string-regexp@4.0.0", + "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "functional-red-black-tree@1.0.1", + "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "import-fresh@3.3.0", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "progress@2.0.3", + "regexpp@3.2.0", + "semver@7.6.2", + "strip-ansi@6.0.1", + "strip-json-comments@3.1.1", + "table@6.8.2", + "text-table@0.2.0", + "v8-compile-cache@2.4.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "dependsOn": [ + "@babel/highlight@7.24.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "import-fresh@3.3.0", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0", + "dependsOn": [ + "@types/json-schema@7.0.15", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "eslint-utils@3.0.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + }, + { + "ref": "@types/json-schema@7.0.15" + }, + { + "ref": "tsutils@3.21.0", + "dependsOn": [ + "tsutils@3.21.0|tslib@1.14.1", + "typescript@5.1.6" + ] + }, + { + "ref": "tsutils@3.21.0|tslib@1.14.1" + }, + { + "ref": "esrecurse@4.3.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "eslint-utils@3.0.0", + "dependsOn": [ + "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/highlight@7.24.2", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@babel/highlight@7.24.2|chalk@2.4.2", + "js-tokens@4.0.0", + "picocolors@1.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "dependsOn": [ + "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "@babel/highlight@7.24.2|supports-color@5.5.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "dependsOn": [ + "@babel/highlight@7.24.2|color-convert@1.9.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "dependsOn": [ + "@babel/highlight@7.24.2|color-name@1.1.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-name@1.1.3" + }, + { + "ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5" + }, + { + "ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "dependsOn": [ + "@babel/highlight@7.24.2|has-flag@3.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|has-flag@3.0.0" + }, + { + "ref": "globals@13.24.0", + "dependsOn": [ + "globals@13.24.0|type-fest@0.20.2" + ] + }, + { + "ref": "globals@13.24.0|type-fest@0.20.2" + }, + { + "ref": "doctrine@3.0.0", + "dependsOn": [ + "esutils@2.0.3" + ] + }, + { + "ref": "enquirer@2.4.1", + "dependsOn": [ + "ansi-colors@4.1.1", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-colors@4.1.1" + }, + { + "ref": "acorn-jsx@5.3.2", + "dependsOn": [ + "acorn@8.11.3" + ] + }, + { + "ref": "esquery@1.5.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "esutils@2.0.3" + }, + { + "ref": "file-entry-cache@6.0.1", + "dependsOn": [ + "flat-cache@3.2.0" + ] + }, + { + "ref": "functional-red-black-tree@1.0.1" + }, + { + "ref": "imurmurhash@0.1.4" + }, + { + "ref": "json-stable-stringify-without-jsonify@1.0.1" + }, + { + "ref": "levn@0.4.1", + "dependsOn": [ + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "lodash.merge@4.6.2" + }, + { + "ref": "optionator@0.9.3", + "dependsOn": [ + "@aashutoshrathi/word-wrap@1.2.6", + "deep-is@0.1.4", + "optionator@0.9.3|fast-levenshtein@2.0.6", + "levn@0.4.1", + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "optionator@0.9.3|fast-levenshtein@2.0.6" + }, + { + "ref": "progress@2.0.3" + }, + { + "ref": "regexpp@3.2.0" + }, + { + "ref": "table@6.8.2", + "dependsOn": [ + "ajv@8.16.0", + "lodash.truncate@4.4.2", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "text-table@0.2.0" + }, + { + "ref": "v8-compile-cache@2.4.0" + }, + { + "ref": "confusing-browser-globals@1.0.10" + }, + { + "ref": "eslint-plugin-mocha@9.0.0", + "dependsOn": [ + "eslint-utils@3.0.0", + "eslint@8.57.0", + "ramda@0.27.2" + ] + }, + { + "ref": "ramda@0.27.2" + }, + { + "ref": "eslint-plugin-node@11.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1", + "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "eslint@8.57.0", + "ignore@5.3.1", + "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "resolve@1.22.8", + "eslint-plugin-node@11.1.0|semver@6.3.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "dependsOn": [ + "eslint-plugin-node@11.1.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|semver@6.3.1" + }, + { + "ref": "eslint-plugin-es@3.0.1", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "eslint@8.57.0", + "regexpp@3.2.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif@4.0.0", + "dependsOn": [ + "eslint-config-xo-space@0.27.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0", + "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "clean-regexp@1.0.0", + "eslint-template-visitor@2.3.2", + "eslint-utils@3.0.0", + "eslint@8.57.0", + "is-builtin-module@3.2.1", + "lodash@4.17.21", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "safe-regex@2.1.1", + "semver@7.6.2" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0" + }, + { + "ref": "eslint-config-xo-space@0.27.0", + "dependsOn": [ + "eslint-config-xo@0.35.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-config-xo@0.35.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint@8.57.0" + ] + }, + { + "ref": "@babel/helper-validator-identifier@7.22.20" + }, + { + "ref": "clean-regexp@1.0.0", + "dependsOn": [ + "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + }, + { + "ref": "eslint-template-visitor@2.3.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/eslint-parser@7.24.1", + "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "esquery@1.5.0", + "multimap@1.1.0" + ] + }, + { + "ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "@babel/eslint-parser@7.24.1|semver@6.3.1" + ] + }, + { + "ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1|semver@6.3.1" + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "dependsOn": [ + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + }, + { + "ref": "multimap@1.1.0" + }, + { + "ref": "is-builtin-module@3.2.1", + "dependsOn": [ + "builtin-modules@3.3.0" + ] + }, + { + "ref": "pluralize@8.0.0" + }, + { + "ref": "read-pkg-up@7.0.1", + "dependsOn": [ + "read-pkg-up@7.0.1|find-up@4.1.0", + "read-pkg@5.2.0", + "read-pkg-up@7.0.1|type-fest@0.8.1" + ] + }, + { + "ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-locate@4.1.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-limit@2.3.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|type-fest@0.8.1" + }, + { + "ref": "regexp-tree@0.1.27" + }, + { + "ref": "safe-regex@2.1.1", + "dependsOn": [ + "regexp-tree@0.1.27" + ] + }, + { + "ref": "eslint-plugin-unicorn@52.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@eslint-community/eslint-utils@4.4.0", + "@eslint/eslintrc@2.1.4", + "ci-info@4.0.0", + "clean-regexp@1.0.0", + "core-js-compat@3.37.0", + "eslint@8.57.0", + "esquery@1.5.0", + "indent-string@4.0.0", + "is-builtin-module@3.2.1", + "jsesc@3.0.2", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "regjsparser@0.10.0", + "semver@7.6.2", + "strip-indent@3.0.0" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "debug@4.3.4", + "espree@9.6.1", + "globals@13.24.0", + "ignore@5.3.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1" + }, + { + "ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "espree@9.6.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "acorn@8.11.3", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "parent-module@1.0.1", + "dependsOn": [ + "callsites@3.1.0" + ] + }, + { + "ref": "resolve-from@4.0.0" + }, + { + "ref": "ci-info@4.0.0" + }, + { + "ref": "core-js-compat@3.37.0", + "dependsOn": [ + "browserslist@4.23.0" + ] + }, + { + "ref": "browserslist@4.23.0", + "dependsOn": [ + "caniuse-lite@1.0.30001612", + "electron-to-chromium@1.4.747", + "node-releases@2.0.14", + "update-browserslist-db@1.0.13" + ] + }, + { + "ref": "caniuse-lite@1.0.30001612" + }, + { + "ref": "electron-to-chromium@1.4.747" + }, + { + "ref": "node-releases@2.0.14" + }, + { + "ref": "update-browserslist-db@1.0.13", + "dependsOn": [ + "browserslist@4.23.0", + "escalade@3.1.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "escalade@3.1.2" + }, + { + "ref": "estraverse@5.3.0" + }, + { + "ref": "builtin-modules@3.3.0" + }, + { + "ref": "jsesc@3.0.2" + }, + { + "ref": "p-try@2.2.0" + }, + { + "ref": "path-exists@4.0.0" + }, + { + "ref": "read-pkg@5.2.0", + "dependsOn": [ + "@types/normalize-package-data@2.4.4", + "read-pkg@5.2.0|normalize-package-data@2.5.0", + "parse-json@5.2.0", + "read-pkg@5.2.0|type-fest@0.6.0" + ] + }, + { + "ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "dependsOn": [ + "read-pkg@5.2.0|hosted-git-info@2.8.9", + "resolve@1.22.8", + "read-pkg@5.2.0|semver@5.7.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "read-pkg@5.2.0|hosted-git-info@2.8.9" + }, + { + "ref": "read-pkg@5.2.0|semver@5.7.2" + }, + { + "ref": "read-pkg@5.2.0|type-fest@0.6.0" + }, + { + "ref": "@types/normalize-package-data@2.4.4" + }, + { + "ref": "validate-npm-package-license@3.0.4", + "dependsOn": [ + "spdx-correct@3.2.0", + "spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "regjsparser@0.10.0", + "dependsOn": [ + "regjsparser@0.10.0|jsesc@0.5.0" + ] + }, + { + "ref": "regjsparser@0.10.0|jsesc@0.5.0" + }, + { + "ref": "strip-indent@3.0.0", + "dependsOn": [ + "min-indent@1.0.1" + ] + }, + { + "ref": "min-indent@1.0.1" + }, + { + "ref": "@eslint/js@8.57.0" + }, + { + "ref": "@humanwhocodes/config-array@0.11.14", + "dependsOn": [ + "@humanwhocodes/object-schema@2.0.3", + "debug@4.3.4", + "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "dependsOn": [ + "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@humanwhocodes/object-schema@2.0.3" + }, + { + "ref": "@humanwhocodes/module-importer@1.0.1" + }, + { + "ref": "@nodelib/fs.scandir@2.1.5", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ] + }, + { + "ref": "run-parallel@1.2.0", + "dependsOn": [ + "queue-microtask@1.2.3" + ] + }, + { + "ref": "queue-microtask@1.2.3" + }, + { + "ref": "fastq@1.17.1", + "dependsOn": [ + "reusify@1.0.4" + ] + }, + { + "ref": "reusify@1.0.4" + }, + { + "ref": "@ungap/structured-clone@1.2.0" + }, + { + "ref": "path-key@3.1.1" + }, + { + "ref": "shebang-command@2.0.0", + "dependsOn": [ + "shebang-regex@3.0.0" + ] + }, + { + "ref": "shebang-regex@3.0.0" + }, + { + "ref": "which@2.0.2", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "isexe@2.0.0" + }, + { + "ref": "eslint-scope@7.2.2", + "dependsOn": [ + "esrecurse@4.3.0", + "estraverse@5.3.0" + ] + }, + { + "ref": "acorn@8.11.3" + }, + { + "ref": "flat-cache@3.2.0", + "dependsOn": [ + "flatted@3.3.1", + "keyv@4.5.4", + "rimraf@3.0.2" + ] + }, + { + "ref": "flatted@3.3.1" + }, + { + "ref": "keyv@4.5.4", + "dependsOn": [ + "json-buffer@3.0.1" + ] + }, + { + "ref": "json-buffer@3.0.1" + }, + { + "ref": "find-up@5.0.0", + "dependsOn": [ + "locate-path@6.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "locate-path@6.0.0", + "dependsOn": [ + "p-locate@5.0.0" + ] + }, + { + "ref": "p-locate@5.0.0", + "dependsOn": [ + "p-limit@3.1.0" + ] + }, + { + "ref": "is-extglob@2.1.1" + }, + { + "ref": "is-path-inside@3.0.3" + }, + { + "ref": "prelude-ls@1.2.1" + }, + { + "ref": "type-check@0.4.0", + "dependsOn": [ + "prelude-ls@1.2.1" + ] + }, + { + "ref": "@aashutoshrathi/word-wrap@1.2.6" + }, + { + "ref": "deep-is@0.1.4" + }, + { + "ref": "accepts@1.3.8", + "dependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ] + }, + { + "ref": "mime-types@2.1.35", + "dependsOn": [ + "mime-db@1.52.0" + ] + }, + { + "ref": "negotiator@0.6.3" + }, + { + "ref": "array-flatten@1.1.1" + }, + { + "ref": "body-parser@1.20.2", + "dependsOn": [ + "bytes@3.1.2", + "content-type@1.0.5", + "body-parser@1.20.2|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "on-finished@2.4.1", + "qs@6.11.0", + "raw-body@2.5.2", + "type-is@1.6.18", + "unpipe@1.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|debug@2.6.9", + "dependsOn": [ + "body-parser@1.20.2|ms@2.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|ms@2.0.0" + }, + { + "ref": "bytes@3.1.2" + }, + { + "ref": "depd@2.0.0" + }, + { + "ref": "destroy@1.2.0" + }, + { + "ref": "http-errors@2.0.0", + "dependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "toidentifier@1.0.1" + ] + }, + { + "ref": "iconv-lite@0.4.24", + "dependsOn": [ + "safer-buffer@2.1.2" + ] + }, + { + "ref": "safer-buffer@2.1.2" + }, + { + "ref": "on-finished@2.4.1", + "dependsOn": [ + "ee-first@1.1.1" + ] + }, + { + "ref": "qs@6.11.0", + "dependsOn": [ + "side-channel@1.0.6" + ] + }, + { + "ref": "raw-body@2.5.2", + "dependsOn": [ + "bytes@3.1.2", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "unpipe@1.0.0" + ] + }, + { + "ref": "unpipe@1.0.0" + }, + { + "ref": "type-is@1.6.18", + "dependsOn": [ + "media-typer@0.3.0", + "mime-types@2.1.35" + ] + }, + { + "ref": "content-disposition@0.5.4", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "cookie-signature@1.0.6" + }, + { + "ref": "cookie@0.6.0" + }, + { + "ref": "encodeurl@1.0.2" + }, + { + "ref": "escape-html@1.0.3" + }, + { + "ref": "etag@1.8.1" + }, + { + "ref": "finalhandler@1.2.0", + "dependsOn": [ + "finalhandler@1.2.0|debug@2.6.9", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "on-finished@2.4.1", + "parseurl@1.3.3", + "statuses@2.0.1", + "unpipe@1.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|debug@2.6.9", + "dependsOn": [ + "finalhandler@1.2.0|ms@2.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|ms@2.0.0" + }, + { + "ref": "parseurl@1.3.3" + }, + { + "ref": "statuses@2.0.1" + }, + { + "ref": "fresh@0.5.2" + }, + { + "ref": "setprototypeof@1.2.0" + }, + { + "ref": "toidentifier@1.0.1" + }, + { + "ref": "merge-descriptors@1.0.1" + }, + { + "ref": "methods@1.1.2" + }, + { + "ref": "ee-first@1.1.1" + }, + { + "ref": "path-to-regexp@0.1.7" + }, + { + "ref": "proxy-addr@2.0.7", + "dependsOn": [ + "forwarded@0.2.0", + "ipaddr.js@1.9.1" + ] + }, + { + "ref": "forwarded@0.2.0" + }, + { + "ref": "ipaddr.js@1.9.1" + }, + { + "ref": "side-channel@1.0.6", + "dependsOn": [ + "call-bind@1.0.7", + "es-errors@1.3.0", + "get-intrinsic@1.2.4", + "object-inspect@1.13.1" + ] + }, + { + "ref": "call-bind@1.0.7", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "set-function-length@1.2.2" + ] + }, + { + "ref": "es-define-property@1.0.0", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "get-intrinsic@1.2.4", + "dependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2", + "has-proto@1.0.3", + "has-symbols@1.0.3", + "hasown@2.0.2" + ] + }, + { + "ref": "es-errors@1.3.0" + }, + { + "ref": "function-bind@1.1.2" + }, + { + "ref": "set-function-length@1.2.2", + "dependsOn": [ + "define-data-property@1.1.4", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "gopd@1.0.1", + "has-property-descriptors@1.0.2" + ] + }, + { + "ref": "define-data-property@1.1.4", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "gopd@1.0.1" + ] + }, + { + "ref": "gopd@1.0.1", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "has-property-descriptors@1.0.2", + "dependsOn": [ + "es-define-property@1.0.0" + ] + }, + { + "ref": "has-proto@1.0.3" + }, + { + "ref": "has-symbols@1.0.3" + }, + { + "ref": "hasown@2.0.2", + "dependsOn": [ + "function-bind@1.1.2" + ] + }, + { + "ref": "object-inspect@1.13.1" + }, + { + "ref": "range-parser@1.2.1" + }, + { + "ref": "send@0.18.0", + "dependsOn": [ + "send@0.18.0|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.0", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.1" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9", + "dependsOn": [ + "send@0.18.0|debug@2.6.9|ms@2.0.0" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9|ms@2.0.0" + }, + { + "ref": "mime@1.6.0" + }, + { + "ref": "serve-static@1.15.0", + "dependsOn": [ + "encodeurl@1.0.2", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.18.0" + ] + }, + { + "ref": "media-typer@0.3.0" + }, + { + "ref": "utils-merge@1.0.1" + }, + { + "ref": "vary@1.1.2" + }, + { + "ref": "asynckit@0.4.0" + }, + { + "ref": "combined-stream@1.0.8", + "dependsOn": [ + "delayed-stream@1.0.0" + ] + }, + { + "ref": "delayed-stream@1.0.0" + }, + { + "ref": "mime-db@1.52.0" + }, + { + "ref": "fs-extra@11.2.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@6.1.0", + "universalify@2.0.1" + ] + }, + { + "ref": "jsonfile@6.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "universalify@2.0.1" + ] + }, + { + "ref": "universalify@2.0.1" + }, + { + "ref": "get-installed-path@4.0.8", + "dependsOn": [ + "global-modules@1.0.0" + ] + }, + { + "ref": "global-modules@1.0.0", + "dependsOn": [ + "global-prefix@1.0.2", + "is-windows@1.0.2", + "resolve-dir@1.0.1" + ] + }, + { + "ref": "global-prefix@1.0.2", + "dependsOn": [ + "expand-tilde@2.0.2", + "homedir-polyfill@1.0.3", + "ini@1.3.8", + "is-windows@1.0.2", + "global-prefix@1.0.2|which@1.3.1" + ] + }, + { + "ref": "global-prefix@1.0.2|which@1.3.1", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "expand-tilde@2.0.2", + "dependsOn": [ + "homedir-polyfill@1.0.3" + ] + }, + { + "ref": "homedir-polyfill@1.0.3", + "dependsOn": [ + "parse-passwd@1.0.0" + ] + }, + { + "ref": "parse-passwd@1.0.0" + }, + { + "ref": "is-windows@1.0.2" + }, + { + "ref": "resolve-dir@1.0.1", + "dependsOn": [ + "expand-tilde@2.0.2", + "global-modules@1.0.0" + ] + }, + { + "ref": "domhandler@5.0.3", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "domutils@3.1.0", + "dependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ] + }, + { + "ref": "dom-serializer@2.0.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ] + }, + { + "ref": "entities@4.5.0" + }, + { + "ref": "https@1.0.0" + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2", + "dependsOn": [ + "chalk@4.1.2", + "cli-cursor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1" + ] + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "cli-cursor@3.1.0", + "dependsOn": [ + "restore-cursor@3.1.0" + ] + }, + { + "ref": "restore-cursor@3.1.0", + "dependsOn": [ + "onetime@5.1.2", + "signal-exit@3.0.7" + ] + }, + { + "ref": "onetime@5.1.2", + "dependsOn": [ + "mimic-fn@2.1.0" + ] + }, + { + "ref": "mimic-fn@2.1.0" + }, + { + "ref": "signal-exit@3.0.7" + }, + { + "ref": "figures@3.2.0", + "dependsOn": [ + "figures@3.2.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "figures@3.2.0|escape-string-regexp@1.0.5" + }, + { + "ref": "inquirer@8.0.0", + "dependsOn": [ + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-cursor@3.1.0", + "cli-width@3.0.0", + "external-editor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "mute-stream@0.0.8", + "run-async@2.4.1", + "rxjs@6.6.7", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "through@2.3.8" + ] + }, + { + "ref": "cli-width@3.0.0" + }, + { + "ref": "external-editor@3.1.0", + "dependsOn": [ + "chardet@0.7.0", + "iconv-lite@0.4.24", + "external-editor@3.1.0|tmp@0.0.33" + ] + }, + { + "ref": "external-editor@3.1.0|tmp@0.0.33", + "dependsOn": [ + "os-tmpdir@1.0.2" + ] + }, + { + "ref": "chardet@0.7.0" + }, + { + "ref": "os-tmpdir@1.0.2" + }, + { + "ref": "mute-stream@0.0.8" + }, + { + "ref": "run-async@2.4.1" + }, + { + "ref": "rxjs@6.6.7", + "dependsOn": [ + "rxjs@6.6.7|tslib@1.14.1" + ] + }, + { + "ref": "rxjs@6.6.7|tslib@1.14.1" + }, + { + "ref": "through@2.3.8" + }, + { + "ref": "jest-mock@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-util@29.7.0" + ] + }, + { + "ref": "@types/istanbul-lib-report@3.0.3", + "dependsOn": [ + "@types/istanbul-lib-coverage@2.0.6" + ] + }, + { + "ref": "@types/yargs-parser@21.0.3" + }, + { + "ref": "jest@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/types@29.6.3", + "import-local@3.1.0", + "jest-cli@29.7.0" + ] + }, + { + "ref": "@jest/core@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/reporters@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@jest/core@29.7.0|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-changed-files@29.7.0", + "jest-config@29.7.0", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve-dependencies@29.7.0", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "jest-watcher@29.7.0", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@jest/core@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/console@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "@jest/reporters@29.7.0", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@jest/console@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "istanbul-lib-instrument@6.0.2", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@jest/test-result@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/types@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@jest/transform@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "convert-source-map@2.0.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "fs.realpath@1.0.0" + }, + { + "ref": "inflight@1.0.6", + "dependsOn": [ + "once@1.4.0", + "wrappy@1.0.2" + ] + }, + { + "ref": "path-is-absolute@1.0.1" + }, + { + "ref": "istanbul-lib-instrument@6.0.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "semver@7.6.2" + ] + }, + { + "ref": "make-dir@4.0.0", + "dependsOn": [ + "semver@7.6.2" + ] + }, + { + "ref": "source-map@0.6.1" + }, + { + "ref": "html-escaper@2.0.2" + }, + { + "ref": "jest-worker@29.7.0", + "dependsOn": [ + "@types/node@20.14.1", + "jest-util@29.7.0", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "char-regex@1.0.2" + }, + { + "ref": "convert-source-map@2.0.0" + }, + { + "ref": "jest-changed-files@29.7.0", + "dependsOn": [ + "execa@5.1.1", + "jest-util@29.7.0", + "p-limit@3.1.0" + ] + }, + { + "ref": "get-stream@6.0.1" + }, + { + "ref": "human-signals@2.1.0" + }, + { + "ref": "npm-run-path@4.0.1", + "dependsOn": [ + "path-key@3.1.1" + ] + }, + { + "ref": "strip-final-newline@2.0.0" + }, + { + "ref": "yocto-queue@0.1.0" + }, + { + "ref": "jest-config@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/test-sequencer@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "babel-jest@29.7.0", + "chalk@4.1.2", + "jest-config@29.7.0|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-circus@29.7.0", + "jest-environment-node@29.7.0", + "jest-get-type@29.6.3", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "micromatch@4.0.5", + "parse-json@5.2.0", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "jest-config@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/test-sequencer@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "jest-haste-map@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "babel-jest@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "babel-preset-jest@29.6.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "jest-circus@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "dedent@1.5.3", + "is-generator-fn@2.1.0", + "jest-each@29.7.0", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "p-limit@3.1.0", + "pretty-format@29.7.0", + "pure-rand@6.1.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/environment@29.7.0", + "dependsOn": [ + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/expect@29.7.0", + "dependsOn": [ + "expect@29.7.0", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "jest-snapshot@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-jsx@7.24.1", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/types@7.24.0", + "@jest/expect-utils@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "expect@29.7.0", + "graceful-fs@4.2.11", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "natural-compare@1.4.0", + "pretty-format@29.7.0", + "semver@7.6.2" + ] + }, + { + "ref": "dedent@1.5.3" + }, + { + "ref": "jest-each@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "jest-util@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-runtime@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/globals@29.7.0", + "@jest/source-map@29.6.3", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "pure-rand@6.1.0" + }, + { + "ref": "jest-environment-node@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/fake-timers@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@sinonjs/fake-timers@10.3.0", + "@types/node@20.14.1", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "jest-regex-util@29.6.3" + }, + { + "ref": "jest-resolve@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-pnp-resolver@1.2.3", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "resolve.exports@2.0.2", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "jest-runner@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/environment@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "emittery@0.13.1", + "graceful-fs@4.2.11", + "jest-docblock@29.7.0", + "jest-environment-node@29.7.0", + "jest-haste-map@29.7.0", + "jest-leak-detector@29.7.0", + "jest-message-util@29.7.0", + "jest-resolve@29.7.0", + "jest-runtime@29.7.0", + "jest-util@29.7.0", + "jest-watcher@29.7.0", + "jest-worker@29.7.0", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "jest-validate@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "jest-validate@29.7.0|camelcase@6.3.0", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "leven@3.1.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-validate@29.7.0|camelcase@6.3.0" + }, + { + "ref": "bser@2.1.1", + "dependsOn": [ + "node-int64@0.4.0" + ] + }, + { + "ref": "node-int64@0.4.0" + }, + { + "ref": "makeerror@1.0.12", + "dependsOn": [ + "tmpl@1.0.5" + ] + }, + { + "ref": "tmpl@1.0.5" + }, + { + "ref": "jest-resolve-dependencies@29.7.0", + "dependsOn": [ + "jest-regex-util@29.6.3", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "resolve.exports@2.0.2" + }, + { + "ref": "emittery@0.13.1" + }, + { + "ref": "jest-docblock@29.7.0", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "jest-leak-detector@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-watcher@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "emittery@0.13.1", + "jest-util@29.7.0", + "string-length@4.0.2" + ] + }, + { + "ref": "@jest/globals@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/types@29.6.3", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/source-map@29.6.3", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@babel/plugin-syntax-jsx@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/helper-plugin-utils@7.24.0" + }, + { + "ref": "@babel/plugin-syntax-async-generators@7.8.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-bigint@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-class-properties@7.12.13", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-import-meta@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-json-strings@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "pkg-dir@4.2.0", + "dependsOn": [ + "pkg-dir@4.2.0|find-up@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|find-up@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-locate@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-limit@2.3.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0", + "dependsOn": [ + "resolve-cwd@3.0.0|resolve-from@5.0.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0|resolve-from@5.0.0" + }, + { + "ref": "jest-cli@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "chalk@4.1.2", + "create-jest@29.7.0", + "exit@0.1.2", + "import-local@3.1.0", + "jest-config@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "yargs@17.7.2" + ] + }, + { + "ref": "create-jest@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-config@29.7.0", + "jest-util@29.7.0", + "prompts@2.4.2" + ] + }, + { + "ref": "cliui@8.0.1", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "get-caller-file@2.0.5" + }, + { + "ref": "require-directory@2.1.1" + }, + { + "ref": "y18n@5.0.8" + }, + { + "ref": "argparse@2.0.1" + }, + { + "ref": "json-colorizer@2.2.2", + "dependsOn": [ + "json-colorizer@2.2.2|chalk@2.4.2", + "lodash.get@4.4.2" + ] + }, + { + "ref": "json-colorizer@2.2.2|chalk@2.4.2", + "dependsOn": [ + "json-colorizer@2.2.2|ansi-styles@3.2.1", + "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "json-colorizer@2.2.2|supports-color@5.5.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "dependsOn": [ + "json-colorizer@2.2.2|color-convert@1.9.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "dependsOn": [ + "json-colorizer@2.2.2|color-name@1.1.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-name@1.1.3" + }, + { + "ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5" + }, + { + "ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "dependsOn": [ + "json-colorizer@2.2.2|has-flag@3.0.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|has-flag@3.0.0" + }, + { + "ref": "markdown-diff@2.0.0", + "dependsOn": [ + "markdown-diff@2.0.0|diff@5.2.0", + "marked@12.0.2" + ] + }, + { + "ref": "markdown-diff@2.0.0|diff@5.2.0" + }, + { + "ref": "marked@12.0.2" + }, + { + "ref": "markdown-table-ts@1.0.3" + }, + { + "ref": "mocha@10.4.0", + "dependsOn": [ + "ansi-colors@4.1.1", + "browser-stdout@1.3.1", + "chokidar@3.5.3", + "debug@4.3.4", + "mocha@10.4.0|diff@5.0.0", + "escape-string-regexp@4.0.0", + "find-up@5.0.0", + "mocha@10.4.0|glob@8.1.0", + "he@1.2.0", + "js-yaml@4.1.0", + "mocha@10.4.0|log-symbols@4.1.0", + "mocha@10.4.0|minimatch@5.0.1", + "ms@2.1.3", + "serialize-javascript@6.0.0", + "strip-json-comments@3.1.1", + "supports-color@8.1.1", + "workerpool@6.2.1", + "yargs-parser@20.2.4", + "yargs-unparser@2.0.0", + "mocha@10.4.0|yargs@16.2.0" + ] + }, + { + "ref": "mocha@10.4.0|diff@5.0.0" + }, + { + "ref": "mocha@10.4.0|glob@8.1.0", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "mocha@10.4.0|minimatch@5.0.1", + "once@1.4.0" + ] + }, + { + "ref": "mocha@10.4.0|minimatch@5.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "mocha@10.4.0|log-symbols@4.1.0", + "dependsOn": [ + "chalk@4.1.2", + "is-unicode-supported@0.1.0" + ] + }, + { + "ref": "mocha@10.4.0|yargs@16.2.0", + "dependsOn": [ + "mocha@10.4.0|cliui@7.0.4", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs-parser@20.2.4" + ] + }, + { + "ref": "mocha@10.4.0|cliui@7.0.4", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "browser-stdout@1.3.1" + }, + { + "ref": "fill-range@7.0.1", + "dependsOn": [ + "to-regex-range@5.0.1" + ] + }, + { + "ref": "to-regex-range@5.0.1", + "dependsOn": [ + "is-number@7.0.0" + ] + }, + { + "ref": "is-number@7.0.0" + }, + { + "ref": "is-binary-path@2.1.0", + "dependsOn": [ + "binary-extensions@2.3.0" + ] + }, + { + "ref": "binary-extensions@2.3.0" + }, + { + "ref": "readdirp@3.6.0", + "dependsOn": [ + "picomatch@2.3.1" + ] + }, + { + "ref": "wrappy@1.0.2" + }, + { + "ref": "is-unicode-supported@0.1.0" + }, + { + "ref": "serialize-javascript@6.0.0", + "dependsOn": [ + "randombytes@2.1.0" + ] + }, + { + "ref": "randombytes@2.1.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "workerpool@6.2.1" + }, + { + "ref": "yargs-parser@20.2.4" + }, + { + "ref": "yargs-unparser@2.0.0", + "dependsOn": [ + "yargs-unparser@2.0.0|camelcase@6.3.0", + "decamelize@4.0.0", + "flat@5.0.2", + "is-plain-obj@2.1.0" + ] + }, + { + "ref": "yargs-unparser@2.0.0|camelcase@6.3.0" + }, + { + "ref": "decamelize@4.0.0" + }, + { + "ref": "is-plain-obj@2.1.0" + }, + { + "ref": "mock-fs@5.2.0" + }, + { + "ref": "objects-to-csv@1.3.6", + "dependsOn": [ + "async-csv@2.1.3" + ] + }, + { + "ref": "async-csv@2.1.3", + "dependsOn": [ + "csv@5.5.3" + ] + }, + { + "ref": "csv@5.5.3", + "dependsOn": [ + "csv-generate@3.4.3", + "csv-parse@4.16.3", + "csv-stringify@5.6.5", + "stream-transform@2.1.3" + ] + }, + { + "ref": "csv-generate@3.4.3" + }, + { + "ref": "csv-stringify@5.6.5" + }, + { + "ref": "stream-transform@2.1.3", + "dependsOn": [ + "mixme@0.5.10" + ] + }, + { + "ref": "mixme@0.5.10" + }, + { + "ref": "oclif@4.13.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0", + "@aws-sdk/client-s3@3.583.0", + "@inquirer/confirm@3.1.9", + "@inquirer/input@2.1.9", + "@inquirer/select@2.3.5", + "oclif@4.13.0|@oclif/core@4.0.1", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-not-found@3.2.1", + "@oclif/plugin-warn-if-update-available@3.1.4", + "async-retry@1.3.3", + "chalk@4.1.2", + "change-case@4.1.2", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "find-yarn-workspace-root@2.0.0", + "oclif@4.13.0|fs-extra@8.1.0", + "github-slugger@2.0.0", + "got@13.0.0", + "lodash@4.17.21", + "normalize-package-data@6.0.1", + "semver@7.6.2", + "sort-package-json@2.10.0", + "tiny-jsonc@1.0.1", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "oclif@4.13.0|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "oclif@4.13.0|debug@4.3.5", + "dependsOn": [ + "oclif@4.13.0|ms@2.1.2" + ] + }, + { + "ref": "oclif@4.13.0|ms@2.1.2" + }, + { + "ref": "oclif@4.13.0|fs-extra@8.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "oclif@4.13.0|jsonfile@4.0.0", + "oclif@4.13.0|universalify@0.1.2" + ] + }, + { + "ref": "oclif@4.13.0|jsonfile@4.0.0", + "dependsOn": [ + "graceful-fs@4.2.11" + ] + }, + { + "ref": "oclif@4.13.0|universalify@0.1.2" + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/xml-builder@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-waiter@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0", + "dependsOn": [ + "@aws-crypto/sha1-browser@3.0.0", + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "@aws-sdk/middleware-expect-continue@3.577.0", + "@aws-sdk/middleware-flexible-checksums@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-location-constraint@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/middleware-signing@3.577.0", + "@aws-sdk/middleware-ssec@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/signature-v4-multi-region@3.582.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/eventstream-serde-browser@3.0.0", + "@smithy/eventstream-serde-config-resolver@3.0.0", + "@smithy/eventstream-serde-node@3.0.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-blob-browser@3.0.0", + "@smithy/hash-node@3.0.0", + "@smithy/hash-stream-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/md5-js@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/region-config-resolver@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-node@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-env@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-process@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/token-providers@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso-oidc@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sts@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/credential-provider-node@3.577.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-http@3.577.0", + "@aws-sdk/credential-provider-ini@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-user-agent@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-endpoints@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-http@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-ini@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-sso@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso@3.577.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-arn-parser@3.568.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@aws-crypto/crc32c@3.0.0", + "@aws-sdk/types@3.577.0", + "@smithy/is-array-buffer@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/crc32c@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-signing@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-ssec@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "dependsOn": [ + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-browser@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-universal@3.0.0", + "dependsOn": [ + "@smithy/eventstream-codec@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-codec@3.0.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-node@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-blob-browser@3.0.0", + "dependsOn": [ + "@smithy/chunked-blob-reader-native@3.0.0", + "@smithy/chunked-blob-reader@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader-native@3.0.0", + "dependsOn": [ + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-stream-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/md5-js@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@inquirer/confirm@3.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/core@8.2.2", + "dependsOn": [ + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "@types/mute-stream@0.0.4", + "@types/node@20.14.1", + "@types/wrap-ansi@3.0.0", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-spinners@2.9.2", + "@inquirer/core@8.2.2|cli-width@4.1.0", + "@inquirer/core@8.2.2|mute-stream@1.0.0", + "@inquirer/core@8.2.2|signal-exit@4.1.0", + "strip-ansi@6.0.1", + "@inquirer/core@8.2.2|wrap-ansi@6.2.0" + ] + }, + { + "ref": "@inquirer/core@8.2.2|cli-width@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|mute-stream@1.0.0" + }, + { + "ref": "@inquirer/core@8.2.2|signal-exit@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@inquirer/figures@1.0.3" + }, + { + "ref": "@inquirer/type@1.3.3" + }, + { + "ref": "@types/mute-stream@0.0.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/wrap-ansi@3.0.0" + }, + { + "ref": "@inquirer/input@2.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/select@2.3.5", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "ansi-escapes@4.3.2", + "chalk@4.1.2" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1", + "dependsOn": [ + "@inquirer/confirm@3.1.9", + "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "ansis@3.2.0", + "fast-levenshtein@3.0.0" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "fast-levenshtein@3.0.0", + "dependsOn": [ + "fastest-levenshtein@1.0.16" + ] + }, + { + "ref": "fastest-levenshtein@1.0.16" + }, + { + "ref": "async-retry@1.3.3", + "dependsOn": [ + "retry@0.13.1" + ] + }, + { + "ref": "retry@0.13.1" + }, + { + "ref": "change-case@4.1.2", + "dependsOn": [ + "camel-case@4.1.2", + "capital-case@1.0.4", + "constant-case@3.0.4", + "dot-case@3.0.4", + "header-case@2.0.4", + "no-case@3.0.4", + "param-case@3.0.4", + "pascal-case@3.1.2", + "path-case@3.0.4", + "sentence-case@3.0.4", + "snake-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "camel-case@4.1.2", + "dependsOn": [ + "pascal-case@3.1.2", + "tslib@2.6.3" + ] + }, + { + "ref": "pascal-case@3.1.2", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "capital-case@1.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "no-case@3.0.4", + "dependsOn": [ + "lower-case@2.0.2", + "tslib@2.6.3" + ] + }, + { + "ref": "upper-case-first@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "constant-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case@2.0.2" + ] + }, + { + "ref": "upper-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "dot-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "header-case@2.0.4", + "dependsOn": [ + "capital-case@1.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "lower-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "param-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "path-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "sentence-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "snake-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "find-yarn-workspace-root@2.0.0", + "dependsOn": [ + "micromatch@4.0.5" + ] + }, + { + "ref": "github-slugger@2.0.0" + }, + { + "ref": "got@13.0.0", + "dependsOn": [ + "@sindresorhus/is@5.6.0", + "@szmarczak/http-timer@5.0.1", + "cacheable-lookup@7.0.0", + "cacheable-request@10.2.14", + "decompress-response@6.0.0", + "form-data-encoder@2.1.4", + "get-stream@6.0.1", + "http2-wrapper@2.2.1", + "lowercase-keys@3.0.0", + "p-cancelable@3.0.0", + "responselike@3.0.0" + ] + }, + { + "ref": "@sindresorhus/is@5.6.0" + }, + { + "ref": "@szmarczak/http-timer@5.0.1", + "dependsOn": [ + "defer-to-connect@2.0.1" + ] + }, + { + "ref": "defer-to-connect@2.0.1" + }, + { + "ref": "cacheable-lookup@7.0.0" + }, + { + "ref": "cacheable-request@10.2.14", + "dependsOn": [ + "@types/http-cache-semantics@4.0.4", + "get-stream@6.0.1", + "http-cache-semantics@4.1.1", + "keyv@4.5.4", + "mimic-response@4.0.0", + "normalize-url@8.0.1", + "responselike@3.0.0" + ] + }, + { + "ref": "@types/http-cache-semantics@4.0.4" + }, + { + "ref": "http-cache-semantics@4.1.1" + }, + { + "ref": "mimic-response@4.0.0" + }, + { + "ref": "normalize-url@8.0.1" + }, + { + "ref": "responselike@3.0.0", + "dependsOn": [ + "lowercase-keys@3.0.0" + ] + }, + { + "ref": "decompress-response@6.0.0", + "dependsOn": [ + "decompress-response@6.0.0|mimic-response@3.1.0" + ] + }, + { + "ref": "decompress-response@6.0.0|mimic-response@3.1.0" + }, + { + "ref": "form-data-encoder@2.1.4" + }, + { + "ref": "http2-wrapper@2.2.1", + "dependsOn": [ + "quick-lru@5.1.1", + "resolve-alpn@1.2.1" + ] + }, + { + "ref": "resolve-alpn@1.2.1" + }, + { + "ref": "lowercase-keys@3.0.0" + }, + { + "ref": "p-cancelable@3.0.0" + }, + { + "ref": "normalize-package-data@6.0.1", + "dependsOn": [ + "hosted-git-info@7.0.2", + "is-core-module@2.13.1", + "semver@7.6.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "spdx-correct@3.2.0", + "dependsOn": [ + "spdx-expression-parse@3.0.1", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-expression-parse@3.0.1", + "dependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-license-ids@3.0.17" + }, + { + "ref": "spdx-exceptions@2.5.0" + }, + { + "ref": "sort-package-json@2.10.0", + "dependsOn": [ + "detect-indent@7.0.1", + "sort-package-json@2.10.0|detect-newline@4.0.1", + "get-stdin@9.0.0", + "git-hooks-list@3.1.0", + "sort-package-json@2.10.0|globby@13.2.2", + "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "semver@7.6.2", + "sort-object-keys@1.1.3" + ] + }, + { + "ref": "sort-package-json@2.10.0|detect-newline@4.0.1" + }, + { + "ref": "sort-package-json@2.10.0|globby@13.2.2", + "dependsOn": [ + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "sort-package-json@2.10.0|slash@4.0.0" + ] + }, + { + "ref": "sort-package-json@2.10.0|slash@4.0.0" + }, + { + "ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0" + }, + { + "ref": "detect-indent@7.0.1" + }, + { + "ref": "get-stdin@9.0.0" + }, + { + "ref": "git-hooks-list@3.1.0" + }, + { + "ref": "sort-object-keys@1.1.3" + }, + { + "ref": "tiny-jsonc@1.0.1" + }, + { + "ref": "open@10.1.0", + "dependsOn": [ + "default-browser@5.2.1", + "define-lazy-prop@3.0.0", + "is-inside-container@1.0.0", + "open@10.1.0|is-wsl@3.1.0" + ] + }, + { + "ref": "open@10.1.0|is-wsl@3.1.0", + "dependsOn": [ + "is-inside-container@1.0.0" + ] + }, + { + "ref": "default-browser@5.2.1", + "dependsOn": [ + "bundle-name@4.1.0", + "default-browser-id@5.0.0" + ] + }, + { + "ref": "bundle-name@4.1.0", + "dependsOn": [ + "run-applescript@7.0.0" + ] + }, + { + "ref": "run-applescript@7.0.0" + }, + { + "ref": "default-browser-id@5.0.0" + }, + { + "ref": "define-lazy-prop@3.0.0" + }, + { + "ref": "is-inside-container@1.0.0", + "dependsOn": [ + "is-inside-container@1.0.0|is-docker@3.0.0" + ] + }, + { + "ref": "is-inside-container@1.0.0|is-docker@3.0.0" + }, + { + "ref": "prompt-sync@4.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|strip-ansi@5.2.0" + ] + }, + { + "ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|ansi-regex@4.1.1" + ] + }, + { + "ref": "prompt-sync@4.2.0|ansi-regex@4.1.1" + }, + { + "ref": "lodash.truncate@4.4.2" + }, + { + "ref": "tmp@0.2.3" + }, + { + "ref": "ts-jest@29.1.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-jest@29.7.0", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "jest-util@29.7.0", + "jest@29.7.0", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "typescript@5.1.6", + "ts-jest@29.1.4|yargs-parser@21.1.1" + ] + }, + { + "ref": "ts-jest@29.1.4|yargs-parser@21.1.1" + }, + { + "ref": "@ampproject/remapping@2.3.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "js-tokens@4.0.0" + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6", + "dependsOn": [ + "@babel/compat-data@7.24.4", + "@babel/helper-validator-option@7.23.5", + "browserslist@4.23.0", + "lru-cache@5.1.1", + "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + ] + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + }, + { + "ref": "@babel/compat-data@7.24.4" + }, + { + "ref": "@babel/helper-validator-option@7.23.5" + }, + { + "ref": "lru-cache@5.1.1", + "dependsOn": [ + "yallist@3.1.1" + ] + }, + { + "ref": "yallist@3.1.1" + }, + { + "ref": "@babel/helper-module-transforms@7.23.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-module-imports@7.24.3", + "@babel/helper-simple-access@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/helper-validator-identifier@7.22.20" + ] + }, + { + "ref": "@babel/helper-environment-visitor@7.22.20" + }, + { + "ref": "@babel/helper-module-imports@7.24.3", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-simple-access@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-split-export-declaration@7.22.6", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helpers@7.24.4", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-function-name@7.23.0", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-hoist-variables@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-string-parser@7.24.1" + }, + { + "ref": "to-fast-properties@2.0.0" + }, + { + "ref": "gensync@1.0.0-beta.2" + }, + { + "ref": "@jridgewell/resolve-uri@3.1.2" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0", + "dependsOn": [ + "camelcase@5.3.1", + "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "get-package-type@0.1.0", + "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + }, + { + "ref": "camelcase@5.3.1" + }, + { + "ref": "test-exclude@6.0.0", + "dependsOn": [ + "@istanbuljs/schema@0.1.3", + "glob@7.2.3", + "test-exclude@6.0.0|minimatch@3.1.2" + ] + }, + { + "ref": "test-exclude@6.0.0|minimatch@3.1.2", + "dependsOn": [ + "test-exclude@6.0.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@types/babel__generator@7.6.8", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/babel__template@7.4.4", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "babel-preset-jest@29.6.3", + "dependsOn": [ + "@babel/core@7.24.4", + "babel-plugin-jest-hoist@29.6.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "babel-plugin-jest-hoist@29.6.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "ts-mocha@10.0.0", + "dependsOn": [ + "mocha@10.4.0", + "ts-mocha@10.0.0|ts-node@7.0.1", + "tsconfig-paths@3.15.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "dependsOn": [ + "ts-mocha@10.0.0|arrify@1.0.1", + "buffer-from@1.1.2", + "ts-mocha@10.0.0|diff@3.5.0", + "make-error@1.3.6", + "minimist@1.2.8", + "ts-mocha@10.0.0|mkdirp@0.5.6", + "source-map-support@0.5.13", + "ts-mocha@10.0.0|yn@2.0.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|arrify@1.0.1" + }, + { + "ref": "ts-mocha@10.0.0|diff@3.5.0" + }, + { + "ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "ts-mocha@10.0.0|yn@2.0.0" + }, + { + "ref": "buffer-from@1.1.2" + }, + { + "ref": "tsconfig-paths@3.15.0", + "dependsOn": [ + "@types/json5@0.0.29", + "tsconfig-paths@3.15.0|json5@1.0.2", + "minimist@1.2.8", + "tsconfig-paths@3.15.0|strip-bom@3.0.0" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0" + }, + { + "ref": "@types/json5@0.0.29" + }, + { + "ref": "@cspotcode/source-map-support@0.8.1", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9" + ] + }, + { + "ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "@tsconfig/node10@1.0.11" + }, + { + "ref": "@tsconfig/node12@1.0.11" + }, + { + "ref": "@tsconfig/node14@1.0.3" + }, + { + "ref": "@tsconfig/node16@1.0.4" + }, + { + "ref": "acorn-walk@8.3.2" + }, + { + "ref": "create-require@1.1.1" + }, + { + "ref": "diff@4.0.2" + }, + { + "ref": "v8-compile-cache-lib@3.0.1" + }, + { + "ref": "yn@3.1.1" + }, + { + "ref": "tsimportlib@0.0.5" + }, + { + "ref": "@colors/colors@1.6.0" + }, + { + "ref": "@dabh/diagnostics@2.0.3", + "dependsOn": [ + "colorspace@1.1.4", + "enabled@2.0.0", + "kuler@2.0.0" + ] + }, + { + "ref": "colorspace@1.1.4", + "dependsOn": [ + "colorspace@1.1.4|color@3.2.1", + "text-hex@1.0.0" + ] + }, + { + "ref": "colorspace@1.1.4|color@3.2.1", + "dependsOn": [ + "colorspace@1.1.4|color-convert@1.9.3", + "color-string@1.9.1" + ] + }, + { + "ref": "colorspace@1.1.4|color-convert@1.9.3", + "dependsOn": [ + "colorspace@1.1.4|color-name@1.1.3" + ] + }, + { + "ref": "colorspace@1.1.4|color-name@1.1.3" + }, + { + "ref": "text-hex@1.0.0" + }, + { + "ref": "enabled@2.0.0" + }, + { + "ref": "kuler@2.0.0" + }, + { + "ref": "logform@2.6.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@types/triple-beam@1.3.5", + "fecha@4.2.3", + "ms@2.1.3", + "safe-stable-stringify@2.4.3", + "triple-beam@1.4.1" + ] + }, + { + "ref": "fecha@4.2.3" + }, + { + "ref": "safe-stable-stringify@2.4.3" + }, + { + "ref": "triple-beam@1.4.1" + }, + { + "ref": "one-time@1.0.0", + "dependsOn": [ + "fn.name@1.1.0" + ] + }, + { + "ref": "fn.name@1.1.0" + }, + { + "ref": "string_decoder@1.3.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "stack-trace@0.0.10" + }, + { + "ref": "winston-transport@4.7.0", + "dependsOn": [ + "logform@2.6.0", + "readable-stream@3.6.2", + "triple-beam@1.4.1" + ] + }, + { + "ref": "xlsx-populate@1.21.0", + "dependsOn": [ + "cfb@1.2.2", + "jszip@3.10.1", + "lodash@4.17.21", + "xlsx-populate@1.21.0|sax@1.3.0" + ] + }, + { + "ref": "xlsx-populate@1.21.0|sax@1.3.0" + }, + { + "ref": "cfb@1.2.2", + "dependsOn": [ + "adler-32@1.3.1", + "crc-32@1.2.2" + ] + }, + { + "ref": "adler-32@1.3.1" + }, + { + "ref": "crc-32@1.2.2" + }, + { + "ref": "jszip@3.10.1", + "dependsOn": [ + "lie@3.3.0", + "pako@1.0.11", + "jszip@3.10.1|readable-stream@2.3.8", + "setimmediate@1.0.5" + ] + }, + { + "ref": "jszip@3.10.1|readable-stream@2.3.8", + "dependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "jszip@3.10.1|safe-buffer@5.1.2", + "jszip@3.10.1|string_decoder@1.1.1", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "jszip@3.10.1|safe-buffer@5.1.2" + }, + { + "ref": "jszip@3.10.1|string_decoder@1.1.1", + "dependsOn": [ + "jszip@3.10.1|safe-buffer@5.1.2" + ] + }, + { + "ref": "lie@3.3.0", + "dependsOn": [ + "immediate@3.0.6" + ] + }, + { + "ref": "immediate@3.0.6" + }, + { + "ref": "pako@1.0.11" + }, + { + "ref": "core-util-is@1.0.3" + }, + { + "ref": "isarray@1.0.0" + }, + { + "ref": "process-nextick-args@2.0.1" + }, + { + "ref": "setimmediate@1.0.5" + }, + { + "ref": "sax@1.2.1" + }, + { + "ref": "xmlbuilder@11.0.1" + }, + { + "ref": "zip-lib@1.0.4", + "dependsOn": [ + "yauzl@3.1.3", + "yazl@2.5.1" + ] + }, + { + "ref": "yauzl@3.1.3", + "dependsOn": [ + "buffer-crc32@0.2.13", + "pend@1.2.0" + ] + }, + { + "ref": "buffer-crc32@0.2.13" + }, + { + "ref": "pend@1.2.0" + }, + { + "ref": "yazl@2.5.1", + "dependsOn": [ + "buffer-crc32@0.2.13" + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json new file mode 100644 index 0000000000..b1fbfac842 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json @@ -0,0 +1,59 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8", + "target_id": null + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "application/@mitre/saf@1.4.7", + "title": "@mitre/saf", + "version": "1.4.7", + "maintainer": "The MITRE Security Automation Framework", + "summary": null, + "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "license": "Apache-2.0", + "copyright": null, + "copyright_email": null, + "supports": [], + "attributes": [], + "depends": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "key": "id", + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": null, + "run_time": null, + "start_time": "" + } + ] + } + ], + "sha256": "fa498e2635fd0213c89c495b1cc1da6c86eb1f8e9ee55f10da6c5fdc6e3e3463" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "", + "data": {} + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts new file mode 100644 index 0000000000..bedce5067c --- /dev/null +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -0,0 +1,92 @@ +import {ExecJSON} from 'inspecjs'; +import _ from 'lodash'; +import {version as HeimdallToolsVersion} from '../package.json'; +import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; + +function formatName(input: Record): string { + return `${_.get(input, 'type')}/${_.get(input, 'bom-ref')}`; +} + +function formatTitle(input: Record): string { + return `${_.get(input, 'group') ? `${_.get(input, 'group')}/` : ''}${_.get(input, 'name')}`; +} + +function formatLicense(input: Record): string { + let message = ''; + let licenses = _.get(input, 'licenses'); + if (Array.isArray(licenses)) { + licenses.map((license) => { + message = message.concat(`${license.license.id} `); + }) + } + return message.trim(); +} + +export class SbomMapper extends BaseConverter { + withRaw: boolean; + + mappings: MappedTransform< + ExecJSON.Execution & {passthrough: unknown}, + ILookupPath + > = { + platform: { + name: 'Heimdall Tools', + release: HeimdallToolsVersion, + target_id: null //Insert data + }, + version: HeimdallToolsVersion, + statistics: {}, + profiles: [ + { + name: {path: 'metadata.component', transformer: formatName}, + title: {path: 'metadata.component', transformer: formatTitle}, + version: {path: 'metadata.component.version'}, + maintainer: {path: 'metadata.component.author'}, + summary: null, //Insert data + description: {path: 'metadata.component.description'}, + license: {path: 'metadata.component', transformer: formatLicense}, + supports: [], //Insert data + attributes: [], //Insert data + depends: [], //Insert data + groups: [], //Insert data + status: 'loaded', + controls: [ + { + key: 'id', + tags: {}, //Insert data + descriptions: [], //Insert data + refs: [], //Insert data + source_location: {}, //Insert data + title: null, //Insert data + id: '', //Insert data + desc: null, //Insert data + impact: 0, //Insert data + code: null, //Insert data + results: [ + { + status: ExecJSON.ControlResultStatus.Failed, //Insert data + code_desc: '', //Insert data + message: null, //Insert data + run_time: null, //Insert data + start_time: '' //Insert data + } + ] + } + ], + sha256: '' + } + ], + passthrough: { + transformer: (data: Record): Record => { + return { + auxiliary_data: [{name: '', data: _.omit([])}], //Insert service name and mapped fields to be removed + ...(this.withRaw && {raw: data}) + }; + } + } + }; + constructor(exportJson: string, withRaw = false) { + super(JSON.parse(exportJson), true); + this.withRaw = withRaw; + } +} diff --git a/libs/hdf-converters/src/utils/fingerprinting.ts b/libs/hdf-converters/src/utils/fingerprinting.ts index de610ce681..b41ab5ed9c 100644 --- a/libs/hdf-converters/src/utils/fingerprinting.ts +++ b/libs/hdf-converters/src/utils/fingerprinting.ts @@ -11,6 +11,7 @@ export enum INPUT_TYPES { JFROG = 'jfrog', NIKTO = 'nikto', SARIF = 'sarif', + SBOM = 'sbom', SNYK = 'snyk', TWISTLOCK = 'twistlock', ZAP = 'zap', @@ -66,7 +67,8 @@ const fileTypeFingerprints: Record = { [INPUT_TYPES.SCOUTSUITE]: [], [INPUT_TYPES.NOT_FOUND]: [], [INPUT_TYPES.VERACODE]: [], - [INPUT_TYPES.GOSEC]: ['Golang errors', 'Issues'] + [INPUT_TYPES.GOSEC]: ['Golang errors', 'Issues'], + [INPUT_TYPES.SBOM]: ['bomFormat', 'metadata', 'components'] }; export function fingerprint(guessOptions: { diff --git a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts new file mode 100644 index 0000000000..f69928fc18 --- /dev/null +++ b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts @@ -0,0 +1,114 @@ +import fs from 'fs'; +import {SbomMapper} from '../../../src/sbom-mapper'; +import {omitVersions} from '../../utils'; + +describe('sbom_mapper_saf', () => { + it('Successfully converts SBOM data', () => { + const mapper = new SbomMapper( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync('sample_jsons/sbom_mapper/sbom-saf-hdf.json', { + encoding: 'utf-8' + }) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new SbomMapper( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('sbom_mapper_dropwizard_vulns', () => { + it('Successfully converts SBOM data', () => { + const mapper = new SbomMapper( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new SbomMapper( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); From a32c6430517315956ad0e29d133adab6c835fd91 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Tue, 16 Jul 2024 10:02:36 -0400 Subject: [PATCH 02/61] Linting Signed-off-by: Charles Hu --- libs/hdf-converters/src/sbom-mapper.ts | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index bedce5067c..0a8ff41b56 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -8,18 +8,19 @@ function formatName(input: Record): string { } function formatTitle(input: Record): string { - return `${_.get(input, 'group') ? `${_.get(input, 'group')}/` : ''}${_.get(input, 'name')}`; + const group = _.get(input, 'group') ? `${_.get(input, 'group')}/` : ''; + return `${group}${_.get(input, 'name')}`; } function formatLicense(input: Record): string { - let message = ''; - let licenses = _.get(input, 'licenses'); - if (Array.isArray(licenses)) { - licenses.map((license) => { - message = message.concat(`${license.license.id} `); - }) - } - return message.trim(); + let message = ''; + let licenses = _.get(input, 'licenses'); + if (Array.isArray(licenses)) { + licenses.map((license) => { + message = message.concat(`${license.license.id} `); + }); + } + return message.trim(); } export class SbomMapper extends BaseConverter { From 739c6545664c26cdc30746bfbc3c4322eb57006b Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Tue, 16 Jul 2024 10:23:00 -0400 Subject: [PATCH 03/61] Linting Signed-off-by: Charles Hu --- .../sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json | 6 +++--- .../sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json | 6 +++--- .../sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json | 6 +++--- .../sample_jsons/sbom_mapper/sbom-saf-hdf.json | 6 +++--- libs/hdf-converters/src/sbom-mapper.ts | 2 ++ 5 files changed, 14 insertions(+), 12 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index c7012e0928..5142216184 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -15,10 +15,10 @@ "summary": null, "description": "This is the project I want to use to generate data to understand the schema a bit better", "license": "", - "copyright": null, - "copyright_email": null, "supports": [], "attributes": [], + "copyright": null, + "copyright_email": null, "depends": [], "groups": [], "status": "loaded", @@ -45,7 +45,7 @@ ] } ], - "sha256": "d92e5bec82fc3b42cb960062a1cfb4deac989f7d92db2436e0fb97ab0649c212" + "sha256": "78430bb03191e135a55ada12974182bcb8bddc0fd6e07dc2f872211a13f42cff" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index 213cc610cb..a4909d6f75 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -15,10 +15,10 @@ "summary": null, "description": "This is the project I want to use to generate data to understand the schema a bit better", "license": "", - "copyright": null, - "copyright_email": null, "supports": [], "attributes": [], + "copyright": null, + "copyright_email": null, "depends": [], "groups": [], "status": "loaded", @@ -45,7 +45,7 @@ ] } ], - "sha256": "d92e5bec82fc3b42cb960062a1cfb4deac989f7d92db2436e0fb97ab0649c212" + "sha256": "78430bb03191e135a55ada12974182bcb8bddc0fd6e07dc2f872211a13f42cff" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json index c6b68ab6c0..f72c22f008 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json @@ -15,10 +15,10 @@ "summary": null, "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", "license": "Apache-2.0", - "copyright": null, - "copyright_email": null, "supports": [], "attributes": [], + "copyright": null, + "copyright_email": null, "depends": [], "groups": [], "status": "loaded", @@ -45,7 +45,7 @@ ] } ], - "sha256": "fa498e2635fd0213c89c495b1cc1da6c86eb1f8e9ee55f10da6c5fdc6e3e3463" + "sha256": "73c2aaa2337b354d7fdb7126fe606d7434728cc838b6779fb3e6952d8082d138" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json index b1fbfac842..d2ab5cb56e 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json @@ -15,10 +15,10 @@ "summary": null, "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", "license": "Apache-2.0", - "copyright": null, - "copyright_email": null, "supports": [], "attributes": [], + "copyright": null, + "copyright_email": null, "depends": [], "groups": [], "status": "loaded", @@ -45,7 +45,7 @@ ] } ], - "sha256": "fa498e2635fd0213c89c495b1cc1da6c86eb1f8e9ee55f10da6c5fdc6e3e3463" + "sha256": "73c2aaa2337b354d7fdb7126fe606d7434728cc838b6779fb3e6952d8082d138" } ], "passthrough": { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 0a8ff41b56..c7be9759ae 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -48,6 +48,8 @@ export class SbomMapper extends BaseConverter { license: {path: 'metadata.component', transformer: formatLicense}, supports: [], //Insert data attributes: [], //Insert data + copyright: null, //Insert data + copyright_email: null, //Insert data depends: [], //Insert data groups: [], //Insert data status: 'loaded', From 86a3a3899c75a99d96279b9845d9697de8211168 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Tue, 16 Jul 2024 10:26:40 -0400 Subject: [PATCH 04/61] Linting Signed-off-by: Charles Hu --- libs/hdf-converters/src/sbom-mapper.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index c7be9759ae..9aa2a59eaf 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -14,7 +14,7 @@ function formatTitle(input: Record): string { function formatLicense(input: Record): string { let message = ''; - let licenses = _.get(input, 'licenses'); + const licenses = _.get(input, 'licenses'); if (Array.isArray(licenses)) { licenses.map((license) => { message = message.concat(`${license.license.id} `); From 71d778af6096156b5bdd71384b918ead9626c74b Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Tue, 16 Jul 2024 11:14:43 -0400 Subject: [PATCH 05/61] Change in license handling Signed-off-by: Charles Hu --- libs/hdf-converters/src/sbom-mapper.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 9aa2a59eaf..fb9cd5a2ea 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -17,10 +17,10 @@ function formatLicense(input: Record): string { const licenses = _.get(input, 'licenses'); if (Array.isArray(licenses)) { licenses.map((license) => { - message = message.concat(`${license.license.id} `); + message = message.concat(`${license.license.id}, `); }); } - return message.trim(); + return message.slice(0, -2); } export class SbomMapper extends BaseConverter { From 9c6b85e655c19b3aa9c7efab7a59a1197dd2e337 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 18 Jul 2024 14:10:53 -0400 Subject: [PATCH 06/61] Passthrough implementation Signed-off-by: Charles Hu --- .../sbom-dropwizard-vulns-hdf-withraw.json | 3446 ++++- .../sbom-dropwizard-vulns-hdf.json | 3446 ++++- .../sbom_mapper/sbom-saf-hdf-withraw.json | 11031 +++++++++++++++- .../sbom_mapper/sbom-saf-hdf.json | 11031 +++++++++++++++- libs/hdf-converters/src/sbom-mapper.ts | 4 +- 5 files changed, 28949 insertions(+), 9 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index 5142216184..c20e73a8ea 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -51,8 +51,3450 @@ "passthrough": { "auxiliary_data": [ { - "name": "", - "data": {} + "name": "SBOM", + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", + "version": 1, + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "vulnerabilities": [ + { + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 173, + 200, + 378, + 732 + ], + "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ] + }, + { + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 379, + 552 + ], + "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ] + }, + { + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 94, + 502 + ], + "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502, + 913 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 787 + ], + "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ] + }, + { + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ] + }, + { + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 776 + ], + "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 776 + ], + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 20, + 502 + ], + "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + } + ] + }, + { + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 613 + ], + "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 551, + 755 + ], + "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400, + 770 + ], + "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 226 + ], + "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 20 + ], + "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ] + }, + { + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 130 + ], + "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ] + }, + { + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 378, + 379, + 552 + ], + "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "affects": [ + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" + } + ] + }, + { + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "affects": [ + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" + } + ] + }, + { + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ] + }, + { + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 149 + ], + "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ] + }, + { + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200, + 732 + ], + "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "affects": [ + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" + } + ] + }, + { + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "high", + "method": "other" + } + ], + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ] + }, + { + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "low", + "method": "other" + } + ], + "description": "testing", + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ] + }, + { + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ] + }, + { + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ] + }, + { + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "affects": [ + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" + } + ] + }, + { + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 79 + ], + "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "affects": [ + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507" + } + ] + }, + { + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "affects": [ + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" + } + ] + }, + { + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 410 + ], + "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ] + }, + { + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ] + }, + { + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 190 + ], + "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "affects": [ + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" + } + ] + }, + { + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 295 + ], + "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ] + }, + { + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ] + }, + { + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ] + }, + { + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 88 + ], + "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ] + } + ] + } } ], "raw": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index a4909d6f75..cd8dc94dd2 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -51,8 +51,3450 @@ "passthrough": { "auxiliary_data": [ { - "name": "", - "data": {} + "name": "SBOM", + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", + "version": 1, + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "vulnerabilities": [ + { + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 173, + 200, + 378, + 732 + ], + "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ] + }, + { + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 379, + 552 + ], + "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ] + }, + { + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 94, + 502 + ], + "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502, + 913 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 787 + ], + "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ] + }, + { + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ] + }, + { + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 776 + ], + "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 776 + ], + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 20, + 502 + ], + "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + } + ] + }, + { + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 613 + ], + "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 551, + 755 + ], + "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400, + 770 + ], + "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 226 + ], + "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 20 + ], + "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ] + }, + { + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 130 + ], + "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ] + }, + { + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 378, + 379, + 552 + ], + "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "affects": [ + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" + } + ] + }, + { + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "affects": [ + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" + } + ] + }, + { + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ] + }, + { + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 149 + ], + "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ] + }, + { + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200, + 732 + ], + "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "affects": [ + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" + } + ] + }, + { + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "high", + "method": "other" + } + ], + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ] + }, + { + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "low", + "method": "other" + } + ], + "description": "testing", + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ] + }, + { + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ] + }, + { + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ] + }, + { + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "affects": [ + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" + } + ] + }, + { + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 79 + ], + "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "affects": [ + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507" + } + ] + }, + { + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "affects": [ + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" + } + ] + }, + { + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 410 + ], + "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ] + }, + { + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ] + }, + { + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 190 + ], + "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "affects": [ + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" + } + ] + }, + { + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 295 + ], + "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ] + }, + { + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ] + }, + { + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ] + }, + { + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 88 + ], + "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ] + } + ] + } } ] } diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json index f72c22f008..eba9f57394 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json @@ -51,8 +51,11035 @@ "passthrough": { "auxiliary_data": [ { - "name": "", - "data": {} + "name": "SBOM", + "data": { + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "serialNumber": "urn:uuid:7103f08b-5c5e-4b5b-b2c7-d4be65fa19fe", + "dependencies": [ + { + "ref": "@mitre/saf@1.4.7", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@aws-sdk/client-securityhub@3.590.0", + "@e965/xlsx@0.20.1", + "@mitre/emass_client@3.10.0", + "@mitre/hdf-converters@2.10.8", + "@mitre/heimdall-lite@2.10.9", + "@mitre/inspec-objects@1.0.1", + "@oclif/core@3.26.9", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-plugins@5.2.2", + "@oclif/plugin-version@2.2.2", + "@oclif/plugin-warn-if-update-available@3.1.4", + "@oclif/test@3.2.15", + "@smithy/node-http-handler@3.0.0", + "@types/chai@4.3.14", + "@types/express@4.17.21", + "@types/flat@5.0.5", + "@types/fs-extra@11.0.4", + "@types/get-installed-path@4.0.3", + "@types/jest@29.5.12", + "@types/js-yaml@4.0.9", + "@types/lodash@4.17.4", + "@types/mocha@10.0.6", + "@types/mock-fs@4.13.4", + "@types/mustache@4.2.5", + "@types/node@20.14.1", + "@types/objects-to-csv@1.3.3", + "@types/prompt-sync@4.2.3", + "@types/tmp@0.2.6", + "@types/uuid@9.0.8", + "@types/xml2js@0.4.14", + "@typescript-eslint/eslint-plugin@7.12.0", + "accurate-search@1.2.15", + "ajv@8.16.0", + "axios@1.7.2", + "chai@4.4.1", + "colors@1.4.0", + "csv-parse@4.16.3", + "dotenv@16.4.5", + "eslint-config-oclif-typescript@1.0.3", + "eslint-config-oclif@4.0.0", + "eslint-plugin-unicorn@52.0.0", + "eslint@8.57.0", + "express@4.19.2", + "fast-xml-parser@4.4.0", + "flat@5.0.2", + "form-data@4.0.0", + "fs-extra@11.2.0", + "get-installed-path@4.0.8", + "htmlparser2@9.1.0", + "https@1.0.0", + "inquirer-file-tree-selection-prompt@2.0.2", + "inquirer@8.0.0", + "inspecjs@2.10.8", + "jest-mock@29.7.0", + "jest@29.7.0", + "js-yaml@4.1.0", + "json-colorizer@2.2.2", + "lodash@4.17.21", + "markdown-diff@2.0.0", + "markdown-table-ts@1.0.3", + "marked@12.0.2", + "mocha@10.4.0", + "mock-fs@5.2.0", + "moment@2.30.1", + "mustache@4.2.0", + "objects-to-csv@1.3.6", + "oclif@4.13.0", + "open@10.1.0", + "prompt-sync@4.2.0", + "run-script-os@1.1.6", + "table@6.8.2", + "tmp@0.2.3", + "ts-jest@29.1.4", + "ts-mocha@10.0.0", + "ts-node@10.9.2", + "tsimportlib@0.0.5", + "tslib@2.6.3", + "typescript@5.1.6", + "uuid@9.0.1", + "winston@3.13.0", + "xlsx-populate@1.21.0", + "xml2js@0.6.2", + "yaml@2.4.3", + "zip-lib@1.0.4" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0", + "dependsOn": [ + "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/util@3.0.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/util@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/util@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/types@3.577.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-utf8-browser@3.259.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-locate-window@3.535.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "tslib@2.6.3" + }, + { + "ref": "@aws-sdk/middleware-host-header@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-logger@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/config-resolver@3.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/core@2.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/fetch-http-handler@3.0.1", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/invalid-dependency@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-content-length@3.0.0", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-endpoint@3.0.1", + "dependsOn": [ + "@smithy/middleware-serde@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-retry@3.0.3", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/service-error-classification@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "tslib@2.6.3", + "uuid@9.0.1" + ] + }, + { + "ref": "@smithy/middleware-serde@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-stack@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-config-provider@3.1.0", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-http-handler@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/protocol-http@4.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/smithy-client@3.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-stack@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/types@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/url-parser@3.0.0", + "dependsOn": [ + "@smithy/querystring-parser@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-base64@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-browser@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-node@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-browser@3.0.3", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-node@3.0.3", + "dependsOn": [ + "@smithy/config-resolver@3.0.1", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-endpoints@2.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-middleware@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-retry@3.0.0", + "dependsOn": [ + "@smithy/service-error-classification@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-utf8@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/signature-v4@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/is-array-buffer@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-hex-encoding@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-uri-escape@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "strnum@1.0.5" + }, + { + "ref": "@smithy/property-provider@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-stream@3.0.1", + "dependsOn": [ + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/credential-provider-imds@3.1.0", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/shared-ini-file-loader@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-config-provider@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "bowser@2.11.0" + }, + { + "ref": "@smithy/querystring-builder@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-buffer-from@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/service-error-classification@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0" + ] + }, + { + "ref": "uuid@9.0.1" + }, + { + "ref": "@smithy/querystring-parser@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@e965/xlsx@0.20.1" + }, + { + "ref": "@mitre/emass_client@3.10.0", + "dependsOn": [ + "@mitre/emass_client@3.10.0|axios@0.21.4" + ] + }, + { + "ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "dependsOn": [ + "follow-redirects@1.15.6" + ] + }, + { + "ref": "follow-redirects@1.15.6" + }, + { + "ref": "@mitre/hdf-converters@2.10.8", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@e965/xlsx@0.20.1", + "@mdi/js@7.4.47", + "@mitre/jsonix@3.0.7", + "@smithy/node-http-handler@3.0.0", + "@types/csv2json@1.4.5", + "@types/ms@0.7.34", + "@types/mustache@4.2.5", + "@types/papaparse@5.3.14", + "@types/revalidator@0.3.12", + "@types/triple-beam@1.3.5", + "@types/validator@13.12.0", + "@types/xml2js@0.4.14", + "axios@1.7.2", + "compare-versions@6.1.0", + "csv2json@2.0.2", + "fast-xml-parser@4.4.0", + "html-entities@2.5.2", + "htmlparser2@9.1.0", + "inspecjs@2.10.8", + "lodash@4.17.21", + "moment@2.30.1", + "ms@2.1.3", + "mustache@4.2.0", + "papaparse@5.4.1", + "revalidator@0.3.1", + "run-script-os@1.1.6", + "semver@7.6.2", + "tailwindcss@3.4.3", + "tw-elements@1.1.0", + "validator@13.12.0", + "winston@3.13.0", + "xml-formatter@3.6.2", + "xml-parser-xo@4.1.1", + "xml2js@0.6.2", + "yaml@2.4.3" + ] + }, + { + "ref": "@mdi/js@7.4.47" + }, + { + "ref": "@mitre/jsonix@3.0.7", + "dependsOn": [ + "@xmldom/xmldom@0.8.10", + "amdefine@0.0.4", + "xmlhttprequest@1.8.0" + ] + }, + { + "ref": "@xmldom/xmldom@0.8.10" + }, + { + "ref": "amdefine@0.0.4" + }, + { + "ref": "xmlhttprequest@1.8.0" + }, + { + "ref": "@types/csv2json@1.4.5", + "dependsOn": [ + "@types/pumpify@1.4.4" + ] + }, + { + "ref": "@types/pumpify@1.4.4", + "dependsOn": [ + "@types/duplexify@3.6.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/duplexify@3.6.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/node@20.14.1", + "dependsOn": [ + "undici-types@5.26.5" + ] + }, + { + "ref": "@types/ms@0.7.34" + }, + { + "ref": "@types/mustache@4.2.5" + }, + { + "ref": "@types/papaparse@5.3.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/revalidator@0.3.12" + }, + { + "ref": "@types/triple-beam@1.3.5" + }, + { + "ref": "@types/validator@13.12.0" + }, + { + "ref": "@types/xml2js@0.4.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "axios@1.7.2", + "dependsOn": [ + "follow-redirects@1.15.6", + "form-data@4.0.0", + "proxy-from-env@1.1.0" + ] + }, + { + "ref": "compare-versions@6.1.0" + }, + { + "ref": "csv2json@2.0.2", + "dependsOn": [ + "csv-parser@2.3.5", + "exec-promise@0.7.0", + "minimist@1.2.8", + "promise-toolbox@0.14.0", + "pump@3.0.0", + "pumpify@2.0.1", + "strip-bom-stream@4.0.0", + "through2@3.0.2" + ] + }, + { + "ref": "csv-parser@2.3.5", + "dependsOn": [ + "minimist@1.2.8", + "through2@3.0.2" + ] + }, + { + "ref": "minimist@1.2.8" + }, + { + "ref": "through2@3.0.2", + "dependsOn": [ + "inherits@2.0.4", + "readable-stream@3.6.2" + ] + }, + { + "ref": "exec-promise@0.7.0", + "dependsOn": [ + "log-symbols@1.0.2" + ] + }, + { + "ref": "log-symbols@1.0.2", + "dependsOn": [ + "log-symbols@1.0.2|chalk@1.1.3" + ] + }, + { + "ref": "log-symbols@1.0.2|chalk@1.1.3", + "dependsOn": [ + "log-symbols@1.0.2|ansi-styles@2.2.1", + "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "has-ansi@2.0.0", + "log-symbols@1.0.2|strip-ansi@3.0.1", + "log-symbols@1.0.2|supports-color@2.0.0" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-styles@2.2.1" + }, + { + "ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "log-symbols@1.0.2|ansi-regex@2.1.1" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-regex@2.1.1" + }, + { + "ref": "log-symbols@1.0.2|supports-color@2.0.0" + }, + { + "ref": "has-ansi@2.0.0", + "dependsOn": [ + "has-ansi@2.0.0|ansi-regex@2.1.1" + ] + }, + { + "ref": "has-ansi@2.0.0|ansi-regex@2.1.1" + }, + { + "ref": "promise-toolbox@0.14.0", + "dependsOn": [ + "make-error@1.3.6" + ] + }, + { + "ref": "make-error@1.3.6" + }, + { + "ref": "pump@3.0.0", + "dependsOn": [ + "end-of-stream@1.4.4", + "once@1.4.0" + ] + }, + { + "ref": "end-of-stream@1.4.4", + "dependsOn": [ + "once@1.4.0" + ] + }, + { + "ref": "once@1.4.0", + "dependsOn": [ + "wrappy@1.0.2" + ] + }, + { + "ref": "pumpify@2.0.1", + "dependsOn": [ + "duplexify@4.1.3", + "inherits@2.0.4", + "pump@3.0.0" + ] + }, + { + "ref": "duplexify@4.1.3", + "dependsOn": [ + "end-of-stream@1.4.4", + "inherits@2.0.4", + "readable-stream@3.6.2", + "stream-shift@1.0.3" + ] + }, + { + "ref": "inherits@2.0.4" + }, + { + "ref": "readable-stream@3.6.2", + "dependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "stream-shift@1.0.3" + }, + { + "ref": "strip-bom-stream@4.0.0", + "dependsOn": [ + "first-chunk-stream@3.0.0", + "strip-bom-buf@2.0.0" + ] + }, + { + "ref": "first-chunk-stream@3.0.0" + }, + { + "ref": "strip-bom-buf@2.0.0", + "dependsOn": [ + "is-utf8@0.2.1" + ] + }, + { + "ref": "is-utf8@0.2.1" + }, + { + "ref": "fast-xml-parser@4.4.0", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "html-entities@2.5.2" + }, + { + "ref": "htmlparser2@9.1.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "domutils@3.1.0", + "entities@4.5.0" + ] + }, + { + "ref": "inspecjs@2.10.8" + }, + { + "ref": "lodash@4.17.21" + }, + { + "ref": "moment@2.30.1" + }, + { + "ref": "ms@2.1.3" + }, + { + "ref": "mustache@4.2.0" + }, + { + "ref": "papaparse@5.4.1" + }, + { + "ref": "revalidator@0.3.1" + }, + { + "ref": "run-script-os@1.1.6" + }, + { + "ref": "semver@7.6.2" + }, + { + "ref": "tailwindcss@3.4.3", + "dependsOn": [ + "@alloc/quick-lru@5.2.0", + "arg@5.0.2", + "chokidar@3.5.3", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "postcss-import@15.1.0", + "postcss-js@4.0.1", + "postcss-load-config@4.0.2", + "postcss-nested@6.0.1", + "postcss-selector-parser@6.0.16", + "postcss@8.4.38", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "@alloc/quick-lru@5.2.0" + }, + { + "ref": "arg@5.0.2" + }, + { + "ref": "chokidar@3.5.3", + "dependsOn": [ + "anymatch@3.1.3", + "braces@3.0.2", + "fsevents@2.3.3", + "chokidar@3.5.3|glob-parent@5.1.2", + "is-binary-path@2.1.0", + "is-glob@4.0.3", + "normalize-path@3.0.0", + "readdirp@3.6.0" + ] + }, + { + "ref": "chokidar@3.5.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "didyoumean@1.2.2" + }, + { + "ref": "dlv@1.1.3" + }, + { + "ref": "fast-glob@3.3.2", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "fast-glob@3.3.2|glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.5" + ] + }, + { + "ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "@nodelib/fs.stat@2.0.5" + }, + { + "ref": "@nodelib/fs.walk@1.2.8", + "dependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.17.1" + ] + }, + { + "ref": "is-glob@4.0.3", + "dependsOn": [ + "is-extglob@2.1.1" + ] + }, + { + "ref": "merge2@1.4.1" + }, + { + "ref": "micromatch@4.0.5", + "dependsOn": [ + "braces@3.0.2", + "picomatch@2.3.1" + ] + }, + { + "ref": "glob-parent@6.0.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "jiti@1.21.0" + }, + { + "ref": "lilconfig@2.1.0" + }, + { + "ref": "braces@3.0.2", + "dependsOn": [ + "fill-range@7.0.1" + ] + }, + { + "ref": "picomatch@2.3.1" + }, + { + "ref": "normalize-path@3.0.0" + }, + { + "ref": "object-hash@3.0.0" + }, + { + "ref": "picocolors@1.0.0" + }, + { + "ref": "postcss-import@15.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "postcss-value-parser@4.2.0" + }, + { + "ref": "postcss@8.4.38", + "dependsOn": [ + "nanoid@3.3.7", + "picocolors@1.0.0", + "source-map-js@1.2.0" + ] + }, + { + "ref": "read-cache@1.0.0", + "dependsOn": [ + "pify@2.3.0" + ] + }, + { + "ref": "pify@2.3.0" + }, + { + "ref": "resolve@1.22.8", + "dependsOn": [ + "is-core-module@2.13.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ] + }, + { + "ref": "postcss-js@4.0.1", + "dependsOn": [ + "camelcase-css@2.0.1", + "postcss@8.4.38" + ] + }, + { + "ref": "camelcase-css@2.0.1" + }, + { + "ref": "postcss-load-config@4.0.2", + "dependsOn": [ + "postcss-load-config@4.0.2|lilconfig@3.1.1", + "postcss@8.4.38", + "ts-node@10.9.2", + "yaml@2.4.3" + ] + }, + { + "ref": "postcss-load-config@4.0.2|lilconfig@3.1.1" + }, + { + "ref": "ts-node@10.9.2", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1", + "@tsconfig/node10@1.0.11", + "@tsconfig/node12@1.0.11", + "@tsconfig/node14@1.0.3", + "@tsconfig/node16@1.0.4", + "@types/node@20.14.1", + "acorn-walk@8.3.2", + "acorn@8.11.3", + "ts-node@10.9.2|arg@4.1.3", + "create-require@1.1.1", + "diff@4.0.2", + "make-error@1.3.6", + "typescript@5.1.6", + "v8-compile-cache-lib@3.0.1", + "yn@3.1.1" + ] + }, + { + "ref": "ts-node@10.9.2|arg@4.1.3" + }, + { + "ref": "yaml@2.4.3" + }, + { + "ref": "postcss-nested@6.0.1", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "postcss-selector-parser@6.0.16", + "dependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "cssesc@3.0.0" + }, + { + "ref": "util-deprecate@1.0.2" + }, + { + "ref": "nanoid@3.3.7" + }, + { + "ref": "source-map-js@1.2.0" + }, + { + "ref": "is-core-module@2.13.1", + "dependsOn": [ + "hasown@2.0.2" + ] + }, + { + "ref": "path-parse@1.0.7" + }, + { + "ref": "supports-preserve-symlinks-flag@1.0.0" + }, + { + "ref": "sucrase@3.35.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "sucrase@3.35.0|commander@4.1.1", + "sucrase@3.35.0|glob@10.3.12", + "lines-and-columns@1.2.4", + "mz@2.7.0", + "pirates@4.0.6", + "ts-interface-checker@0.1.13" + ] + }, + { + "ref": "sucrase@3.35.0|commander@4.1.1" + }, + { + "ref": "sucrase@3.35.0|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "sucrase@3.35.0|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "sucrase@3.35.0|minipass@7.0.4" + }, + { + "ref": "@jridgewell/gen-mapping@0.3.5", + "dependsOn": [ + "@jridgewell/set-array@1.2.1", + "@jridgewell/sourcemap-codec@1.4.15", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "@jridgewell/set-array@1.2.1" + }, + { + "ref": "@jridgewell/sourcemap-codec@1.4.15" + }, + { + "ref": "@jridgewell/trace-mapping@0.3.25", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "foreground-child@3.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "foreground-child@3.1.1|signal-exit@4.1.0" + ] + }, + { + "ref": "foreground-child@3.1.1|signal-exit@4.1.0" + }, + { + "ref": "cross-spawn@7.0.3", + "dependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ] + }, + { + "ref": "jackspeak@2.3.6", + "dependsOn": [ + "@isaacs/cliui@8.0.2", + "@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2", + "dependsOn": [ + "string-width@4.2.3", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.5h3h9846p8.g5nk6qdc128", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "wrap-ansi@7.0.0", + "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "eastasianwidth@0.2.0", + "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1" + }, + { + "ref": "string-width@4.2.3", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "emoji-regex@8.0.0" + }, + { + "ref": "is-fullwidth-code-point@3.0.0" + }, + { + "ref": "strip-ansi@6.0.1", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "ansi-regex@5.0.1" + }, + { + "ref": "wrap-ansi@7.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-styles@4.3.0", + "dependsOn": [ + "color-convert@2.0.1" + ] + }, + { + "ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@pkgjs/parseargs@0.11.0" + }, + { + "ref": "minimatch@9.0.4", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "path-scurry@1.10.2", + "dependsOn": [ + "path-scurry@1.10.2|lru-cache@10.2.0", + "path-scurry@1.10.2|minipass@7.0.4" + ] + }, + { + "ref": "path-scurry@1.10.2|lru-cache@10.2.0" + }, + { + "ref": "path-scurry@1.10.2|minipass@7.0.4" + }, + { + "ref": "lines-and-columns@1.2.4" + }, + { + "ref": "mz@2.7.0", + "dependsOn": [ + "any-promise@1.3.0", + "object-assign@4.1.1", + "thenify-all@1.6.0" + ] + }, + { + "ref": "any-promise@1.3.0" + }, + { + "ref": "object-assign@4.1.1" + }, + { + "ref": "thenify-all@1.6.0", + "dependsOn": [ + "thenify@3.3.1" + ] + }, + { + "ref": "thenify@3.3.1", + "dependsOn": [ + "any-promise@1.3.0" + ] + }, + { + "ref": "pirates@4.0.6" + }, + { + "ref": "ts-interface-checker@0.1.13" + }, + { + "ref": "tw-elements@1.1.0", + "dependsOn": [ + "@popperjs/core@2.11.8", + "chart.js@3.9.1", + "chartjs-plugin-datalabels@2.2.0", + "deepmerge@4.3.1", + "detect-autofill@1.1.4", + "perfect-scrollbar@1.5.5", + "tw-elements@1.1.0|tailwindcss@3.3.0" + ] + }, + { + "ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "dependsOn": [ + "arg@5.0.2", + "chokidar@3.5.3", + "color-name@1.1.4", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "tw-elements@1.1.0|postcss-import@14.1.0", + "postcss-js@4.0.1", + "tw-elements@1.1.0|postcss-load-config@3.1.4", + "tw-elements@1.1.0|postcss-nested@6.0.0", + "postcss-selector-parser@6.0.16", + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "quick-lru@5.1.1", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "dependsOn": [ + "lilconfig@2.1.0", + "postcss@8.4.38", + "ts-node@10.9.2", + "tw-elements@1.1.0|yaml@1.10.2" + ] + }, + { + "ref": "tw-elements@1.1.0|yaml@1.10.2" + }, + { + "ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "@popperjs/core@2.11.8" + }, + { + "ref": "chart.js@3.9.1" + }, + { + "ref": "chartjs-plugin-datalabels@2.2.0", + "dependsOn": [ + "chart.js@3.9.1" + ] + }, + { + "ref": "deepmerge@4.3.1" + }, + { + "ref": "detect-autofill@1.1.4", + "dependsOn": [ + "custom-event-polyfill@1.0.7" + ] + }, + { + "ref": "custom-event-polyfill@1.0.7" + }, + { + "ref": "perfect-scrollbar@1.5.5" + }, + { + "ref": "color-name@1.1.4" + }, + { + "ref": "quick-lru@5.1.1" + }, + { + "ref": "validator@13.12.0" + }, + { + "ref": "winston@3.13.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@dabh/diagnostics@2.0.3", + "async@3.2.5", + "is-stream@2.0.1", + "logform@2.6.0", + "one-time@1.0.0", + "readable-stream@3.6.2", + "safe-stable-stringify@2.4.3", + "stack-trace@0.0.10", + "triple-beam@1.4.1", + "winston-transport@4.7.0" + ] + }, + { + "ref": "xml-formatter@3.6.2", + "dependsOn": [ + "xml-parser-xo@4.1.1" + ] + }, + { + "ref": "xml-parser-xo@4.1.1" + }, + { + "ref": "xml2js@0.6.2", + "dependsOn": [ + "sax@1.2.1", + "xmlbuilder@11.0.1" + ] + }, + { + "ref": "@mitre/heimdall-lite@2.10.9", + "dependsOn": [ + "express@4.19.2" + ] + }, + { + "ref": "express@4.19.2", + "dependsOn": [ + "accepts@1.3.8", + "array-flatten@1.1.1", + "body-parser@1.20.2", + "content-disposition@0.5.4", + "content-type@1.0.5", + "cookie-signature@1.0.6", + "cookie@0.6.0", + "express@4.19.2|debug@2.6.9", + "depd@2.0.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "finalhandler@1.2.0", + "fresh@0.5.2", + "http-errors@2.0.0", + "merge-descriptors@1.0.1", + "methods@1.1.2", + "on-finished@2.4.1", + "parseurl@1.3.3", + "path-to-regexp@0.1.7", + "proxy-addr@2.0.7", + "qs@6.11.0", + "range-parser@1.2.1", + "safe-buffer@5.2.1", + "send@0.18.0", + "serve-static@1.15.0", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "type-is@1.6.18", + "utils-merge@1.0.1", + "vary@1.1.2" + ] + }, + { + "ref": "express@4.19.2|debug@2.6.9", + "dependsOn": [ + "express@4.19.2|ms@2.0.0" + ] + }, + { + "ref": "express@4.19.2|ms@2.0.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1", + "dependsOn": [ + "@types/flat@5.0.5", + "@types/he@1.2.3", + "@types/json-diff@0.7.0", + "@types/jstoxml@2.0.4", + "@types/lodash@4.17.4", + "@types/mustache@4.2.5", + "@types/pretty@2.0.3", + "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "flat@5.0.2", + "he@1.2.0", + "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "inspecjs@2.10.8", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json-diff@0.9.1", + "jstoxml@3.2.10", + "lodash@4.17.21", + "mustache@4.2.0", + "pretty@2.0.0", + "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "winston@3.13.0", + "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "@mitre/inspec-objects@1.0.1|entities@3.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "rimraf@3.0.2", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "terminal-link@2.1.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "dependsOn": [ + "@types/node@20.14.1", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "dependsOn": [ + "execa@5.1.1", + "p-limit@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "micromatch@4.0.5", + "parse-json@5.2.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "is-generator-fn@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "p-limit@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/babel__traverse@7.20.5", + "@types/prettier@2.7.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "natural-compare@1.4.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "semver@7.6.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "ansi-regex@5.0.1", + "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "execa@5.1.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "jest-pnp-resolver@1.2.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "leven@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "string-length@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "prompts@2.4.2", + "yargs@17.7.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + }, + { + "ref": "@types/flat@5.0.5" + }, + { + "ref": "@types/he@1.2.3" + }, + { + "ref": "@types/json-diff@0.7.0" + }, + { + "ref": "@types/jstoxml@2.0.4" + }, + { + "ref": "@types/lodash@4.17.4" + }, + { + "ref": "@types/pretty@2.0.3" + }, + { + "ref": "flat@5.0.2" + }, + { + "ref": "he@1.2.0" + }, + { + "ref": "domelementtype@2.3.0" + }, + { + "ref": "chalk@4.1.2", + "dependsOn": [ + "ansi-styles@4.3.0", + "chalk@4.1.2|supports-color@7.2.0" + ] + }, + { + "ref": "chalk@4.1.2|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "slash@3.0.0" + }, + { + "ref": "@bcoe/v8-coverage@0.2.3" + }, + { + "ref": "collect-v8-coverage@1.0.2" + }, + { + "ref": "exit@0.1.2" + }, + { + "ref": "glob@7.2.3", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "glob@7.2.3|minimatch@3.1.2", + "once@1.4.0", + "path-is-absolute@1.0.1" + ] + }, + { + "ref": "glob@7.2.3|minimatch@3.1.2", + "dependsOn": [ + "glob@7.2.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "glob@7.2.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "graceful-fs@4.2.11" + }, + { + "ref": "istanbul-lib-coverage@3.2.2" + }, + { + "ref": "@babel/core@7.24.4", + "dependsOn": [ + "@ampproject/remapping@2.3.0", + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-compilation-targets@7.23.6", + "@babel/helper-module-transforms@7.23.3", + "@babel/helpers@7.24.4", + "@babel/parser@7.24.4", + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "convert-source-map@2.0.0", + "debug@4.3.4", + "gensync@1.0.0-beta.2", + "json5@2.2.3", + "@babel/core@7.24.4|semver@6.3.1" + ] + }, + { + "ref": "@babel/core@7.24.4|semver@6.3.1" + }, + { + "ref": "@babel/parser@7.24.4" + }, + { + "ref": "@istanbuljs/schema@0.1.3" + }, + { + "ref": "istanbul-lib-report@3.0.1", + "dependsOn": [ + "istanbul-lib-coverage@3.2.2", + "make-dir@4.0.0", + "istanbul-lib-report@3.0.1|supports-color@7.2.0" + ] + }, + { + "ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "istanbul-lib-source-maps@4.0.1", + "dependsOn": [ + "debug@4.3.4", + "istanbul-lib-coverage@3.2.2", + "source-map@0.6.1" + ] + }, + { + "ref": "istanbul-reports@3.1.7", + "dependsOn": [ + "html-escaper@2.0.2", + "istanbul-lib-report@3.0.1" + ] + }, + { + "ref": "merge-stream@2.0.0" + }, + { + "ref": "supports-color@8.1.1", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "string-length@4.0.2", + "dependsOn": [ + "char-regex@1.0.2", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "terminal-link@2.1.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "supports-hyperlinks@2.3.0" + ] + }, + { + "ref": "ansi-escapes@4.3.2", + "dependsOn": [ + "type-fest@0.21.3" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0", + "dependsOn": [ + "has-flag@4.0.0", + "supports-hyperlinks@2.3.0|supports-color@7.2.0" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "v8-to-istanbul@9.2.0", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "@types/istanbul-lib-coverage@2.0.6", + "convert-source-map@2.0.0" + ] + }, + { + "ref": "@types/istanbul-lib-coverage@2.0.6" + }, + { + "ref": "babel-plugin-istanbul@6.1.1", + "dependsOn": [ + "@babel/helper-plugin-utils@7.24.0", + "@istanbuljs/load-nyc-config@1.1.0", + "@istanbuljs/schema@0.1.3", + "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "test-exclude@6.0.0" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "babel-plugin-istanbul@6.1.1|semver@6.3.1" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1" + }, + { + "ref": "fast-json-stable-stringify@2.1.0" + }, + { + "ref": "write-file-atomic@4.0.2", + "dependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@3.0.7" + ] + }, + { + "ref": "execa@5.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "get-stream@6.0.1", + "human-signals@2.1.0", + "is-stream@2.0.1", + "merge-stream@2.0.0", + "npm-run-path@4.0.1", + "onetime@5.1.2", + "signal-exit@3.0.7", + "strip-final-newline@2.0.0" + ] + }, + { + "ref": "p-limit@3.1.0", + "dependsOn": [ + "yocto-queue@0.1.0" + ] + }, + { + "ref": "co@4.6.0" + }, + { + "ref": "is-generator-fn@2.1.0" + }, + { + "ref": "stack-utils@2.0.6", + "dependsOn": [ + "stack-utils@2.0.6|escape-string-regexp@2.0.0" + ] + }, + { + "ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0" + }, + { + "ref": "parse-json@5.2.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "error-ex@1.3.2", + "json-parse-even-better-errors@2.3.1", + "lines-and-columns@1.2.4" + ] + }, + { + "ref": "strip-json-comments@3.1.1" + }, + { + "ref": "@types/graceful-fs@4.1.9", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "anymatch@3.1.3", + "dependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.1" + ] + }, + { + "ref": "fb-watchman@2.0.2", + "dependsOn": [ + "bser@2.1.1" + ] + }, + { + "ref": "fsevents@2.3.3" + }, + { + "ref": "walker@1.0.8", + "dependsOn": [ + "makeerror@1.0.12" + ] + }, + { + "ref": "@babel/code-frame@7.24.2", + "dependsOn": [ + "@babel/highlight@7.24.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "@types/stack-utils@2.0.3" + }, + { + "ref": "jest-pnp-resolver@1.2.3", + "dependsOn": [ + "jest-resolve@29.7.0" + ] + }, + { + "ref": "detect-newline@3.1.0" + }, + { + "ref": "source-map-support@0.5.13", + "dependsOn": [ + "buffer-from@1.1.2", + "source-map@0.6.1" + ] + }, + { + "ref": "type-detect@4.0.8" + }, + { + "ref": "callsites@3.1.0" + }, + { + "ref": "cjs-module-lexer@1.2.3" + }, + { + "ref": "strip-bom@4.0.0" + }, + { + "ref": "@babel/generator@7.24.4", + "dependsOn": [ + "@babel/types@7.24.0", + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25", + "@babel/generator@7.24.4|jsesc@2.5.2" + ] + }, + { + "ref": "@babel/generator@7.24.4|jsesc@2.5.2" + }, + { + "ref": "@babel/plugin-syntax-typescript@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-function-name@7.23.0", + "@babel/helper-hoist-variables@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "debug@4.3.4", + "@babel/traverse@7.24.1|globals@11.12.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1|globals@11.12.0" + }, + { + "ref": "@babel/types@7.24.0", + "dependsOn": [ + "@babel/helper-string-parser@7.24.1", + "@babel/helper-validator-identifier@7.22.20", + "to-fast-properties@2.0.0" + ] + }, + { + "ref": "@types/babel__traverse@7.20.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/prettier@2.7.3" + }, + { + "ref": "babel-preset-current-node-syntax@1.0.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/plugin-syntax-async-generators@7.8.4", + "@babel/plugin-syntax-bigint@7.8.3", + "@babel/plugin-syntax-class-properties@7.12.13", + "@babel/plugin-syntax-import-meta@7.10.4", + "@babel/plugin-syntax-json-strings@7.8.3", + "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-numeric-separator@7.10.4", + "@babel/plugin-syntax-object-rest-spread@7.8.3", + "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-syntax-top-level-await@7.14.5" + ] + }, + { + "ref": "natural-compare@1.4.0" + }, + { + "ref": "leven@3.1.0" + }, + { + "ref": "react-is@18.2.0" + }, + { + "ref": "rimraf@3.0.2", + "dependsOn": [ + "glob@7.2.3" + ] + }, + { + "ref": "@types/istanbul-reports@3.0.4", + "dependsOn": [ + "@types/istanbul-lib-report@3.0.3" + ] + }, + { + "ref": "@types/yargs@17.0.32", + "dependsOn": [ + "@types/yargs-parser@21.0.3" + ] + }, + { + "ref": "import-local@3.1.0", + "dependsOn": [ + "pkg-dir@4.2.0", + "resolve-cwd@3.0.0" + ] + }, + { + "ref": "prompts@2.4.2", + "dependsOn": [ + "kleur@3.0.3", + "sisteransi@1.0.5" + ] + }, + { + "ref": "kleur@3.0.3" + }, + { + "ref": "sisteransi@1.0.5" + }, + { + "ref": "yargs@17.7.2", + "dependsOn": [ + "cliui@8.0.1", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs@17.7.2|yargs-parser@21.1.1" + ] + }, + { + "ref": "yargs@17.7.2|yargs-parser@21.1.1" + }, + { + "ref": "json-diff@0.9.1", + "dependsOn": [ + "cli-color@2.0.4", + "difflib@0.2.4", + "dreamopt@0.8.0" + ] + }, + { + "ref": "cli-color@2.0.4", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "memoizee@0.4.15", + "timers-ext@0.1.7" + ] + }, + { + "ref": "d@1.0.2", + "dependsOn": [ + "es5-ext@0.10.64", + "type@2.7.2" + ] + }, + { + "ref": "es5-ext@0.10.64", + "dependsOn": [ + "es6-iterator@2.0.3", + "es6-symbol@3.1.4", + "esniff@2.0.1", + "next-tick@1.1.0" + ] + }, + { + "ref": "type@2.7.2" + }, + { + "ref": "es6-iterator@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "es6-symbol@3.1.4", + "dependsOn": [ + "d@1.0.2", + "ext@1.7.0" + ] + }, + { + "ref": "ext@1.7.0", + "dependsOn": [ + "type@2.7.2" + ] + }, + { + "ref": "esniff@2.0.1", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "event-emitter@0.3.5", + "type@2.7.2" + ] + }, + { + "ref": "event-emitter@0.3.5", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64" + ] + }, + { + "ref": "next-tick@1.1.0" + }, + { + "ref": "memoizee@0.4.15", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-weak-map@2.0.3", + "event-emitter@0.3.5", + "is-promise@2.2.2", + "lru-queue@0.1.0", + "next-tick@1.1.0", + "timers-ext@0.1.7" + ] + }, + { + "ref": "es6-weak-map@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "is-promise@2.2.2" + }, + { + "ref": "lru-queue@0.1.0", + "dependsOn": [ + "es5-ext@0.10.64" + ] + }, + { + "ref": "timers-ext@0.1.7", + "dependsOn": [ + "es5-ext@0.10.64", + "next-tick@1.1.0" + ] + }, + { + "ref": "difflib@0.2.4", + "dependsOn": [ + "heap@0.2.7" + ] + }, + { + "ref": "heap@0.2.7" + }, + { + "ref": "dreamopt@0.8.0", + "dependsOn": [ + "wordwrap@1.0.0" + ] + }, + { + "ref": "wordwrap@1.0.0" + }, + { + "ref": "jstoxml@3.2.10" + }, + { + "ref": "pretty@2.0.0", + "dependsOn": [ + "condense-newlines@0.2.1", + "extend-shallow@2.0.1", + "js-beautify@1.15.1" + ] + }, + { + "ref": "condense-newlines@0.2.1", + "dependsOn": [ + "extend-shallow@2.0.1", + "is-whitespace@0.3.0", + "kind-of@3.2.2" + ] + }, + { + "ref": "extend-shallow@2.0.1", + "dependsOn": [ + "is-extendable@0.1.1" + ] + }, + { + "ref": "is-whitespace@0.3.0" + }, + { + "ref": "kind-of@3.2.2", + "dependsOn": [ + "is-buffer@1.1.6" + ] + }, + { + "ref": "is-buffer@1.1.6" + }, + { + "ref": "is-extendable@0.1.1" + }, + { + "ref": "js-beautify@1.15.1", + "dependsOn": [ + "config-chain@1.1.13", + "editorconfig@1.0.4", + "js-beautify@1.15.1|glob@10.3.12", + "js-cookie@3.0.5", + "nopt@7.2.0" + ] + }, + { + "ref": "js-beautify@1.15.1|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "js-beautify@1.15.1|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "js-beautify@1.15.1|minipass@7.0.4" + }, + { + "ref": "config-chain@1.1.13", + "dependsOn": [ + "ini@1.3.8", + "proto-list@1.2.4" + ] + }, + { + "ref": "ini@1.3.8" + }, + { + "ref": "proto-list@1.2.4" + }, + { + "ref": "editorconfig@1.0.4", + "dependsOn": [ + "@one-ini/wasm@0.1.1", + "commander@10.0.1", + "editorconfig@1.0.4|minimatch@9.0.1", + "semver@7.6.2" + ] + }, + { + "ref": "editorconfig@1.0.4|minimatch@9.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "@one-ini/wasm@0.1.1" + }, + { + "ref": "commander@10.0.1" + }, + { + "ref": "brace-expansion@2.0.1", + "dependsOn": [ + "balanced-match@1.0.2" + ] + }, + { + "ref": "js-cookie@3.0.5" + }, + { + "ref": "nopt@7.2.0", + "dependsOn": [ + "abbrev@2.0.0" + ] + }, + { + "ref": "abbrev@2.0.0" + }, + { + "ref": "@types/babel__core@7.20.5", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "@types/babel__generator@7.6.8", + "@types/babel__template@7.4.4", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@babel/template@7.24.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "bs-logger@0.2.6", + "dependsOn": [ + "fast-json-stable-stringify@2.1.0" + ] + }, + { + "ref": "json5@2.2.3" + }, + { + "ref": "lodash.memoize@4.1.2" + }, + { + "ref": "@oclif/core@3.26.9", + "dependsOn": [ + "@types/cli-progress@3.11.5", + "ansi-escapes@4.3.2", + "ansi-styles@4.3.0", + "cardinal@2.1.1", + "chalk@4.1.2", + "clean-stack@3.0.1", + "cli-progress@3.12.0", + "color@4.2.3", + "@oclif/core@3.26.9|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "hyperlinker@1.0.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "@oclif/core@3.26.9|js-yaml@3.14.1", + "minimatch@9.0.4", + "natural-orderby@2.0.3", + "object-treeify@1.1.33", + "password-prompt@1.1.3", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "supports-color@8.1.1", + "supports-hyperlinks@2.3.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/core@3.26.9|debug@4.3.5", + "dependsOn": [ + "@oclif/core@3.26.9|ms@2.1.2" + ] + }, + { + "ref": "@oclif/core@3.26.9|ms@2.1.2" + }, + { + "ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "dependsOn": [ + "@oclif/core@3.26.9|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@oclif/core@3.26.9|argparse@1.0.10", + "dependsOn": [ + "@oclif/core@3.26.9|sprintf-js@1.0.3" + ] + }, + { + "ref": "@oclif/core@3.26.9|sprintf-js@1.0.3" + }, + { + "ref": "@types/cli-progress@3.11.5", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "type-fest@0.21.3" + }, + { + "ref": "color-convert@2.0.1", + "dependsOn": [ + "color-name@1.1.4" + ] + }, + { + "ref": "cardinal@2.1.1", + "dependsOn": [ + "ansicolors@0.3.2", + "redeyed@2.1.1" + ] + }, + { + "ref": "ansicolors@0.3.2" + }, + { + "ref": "redeyed@2.1.1", + "dependsOn": [ + "esprima@4.0.1" + ] + }, + { + "ref": "esprima@4.0.1" + }, + { + "ref": "has-flag@4.0.0" + }, + { + "ref": "clean-stack@3.0.1", + "dependsOn": [ + "escape-string-regexp@4.0.0" + ] + }, + { + "ref": "escape-string-regexp@4.0.0" + }, + { + "ref": "cli-progress@3.12.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "color@4.2.3", + "dependsOn": [ + "color-convert@2.0.1", + "color-string@1.9.1" + ] + }, + { + "ref": "color-string@1.9.1", + "dependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2", + "dependsOn": [ + "simple-swizzle@0.2.2|is-arrayish@0.3.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2" + }, + { + "ref": "ejs@3.1.10", + "dependsOn": [ + "jake@10.8.7" + ] + }, + { + "ref": "jake@10.8.7", + "dependsOn": [ + "async@3.2.5", + "chalk@4.1.2", + "filelist@1.0.4", + "jake@10.8.7|minimatch@3.1.2" + ] + }, + { + "ref": "jake@10.8.7|minimatch@3.1.2", + "dependsOn": [ + "jake@10.8.7|brace-expansion@1.1.11" + ] + }, + { + "ref": "jake@10.8.7|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "async@3.2.5" + }, + { + "ref": "filelist@1.0.4", + "dependsOn": [ + "filelist@1.0.4|minimatch@5.1.6" + ] + }, + { + "ref": "filelist@1.0.4|minimatch@5.1.6", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "balanced-match@1.0.2" + }, + { + "ref": "concat-map@0.0.1" + }, + { + "ref": "get-package-type@0.1.0" + }, + { + "ref": "globby@11.1.0", + "dependsOn": [ + "array-union@2.1.0", + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "slash@3.0.0" + ] + }, + { + "ref": "array-union@2.1.0" + }, + { + "ref": "dir-glob@3.0.1", + "dependsOn": [ + "path-type@4.0.0" + ] + }, + { + "ref": "path-type@4.0.0" + }, + { + "ref": "ignore@5.3.1" + }, + { + "ref": "hyperlinker@1.0.0" + }, + { + "ref": "indent-string@4.0.0" + }, + { + "ref": "is-wsl@2.2.0", + "dependsOn": [ + "is-docker@2.2.1" + ] + }, + { + "ref": "is-docker@2.2.1" + }, + { + "ref": "natural-orderby@2.0.3" + }, + { + "ref": "object-treeify@1.1.33" + }, + { + "ref": "password-prompt@1.1.3", + "dependsOn": [ + "ansi-escapes@4.3.2", + "cross-spawn@7.0.3" + ] + }, + { + "ref": "slice-ansi@4.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "astral-regex@2.0.0", + "is-fullwidth-code-point@3.0.0" + ] + }, + { + "ref": "astral-regex@2.0.0" + }, + { + "ref": "widest-line@3.1.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0", + "dependsOn": [ + "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0" + }, + { + "ref": "ansis@3.2.0" + }, + { + "ref": "cli-spinners@2.9.2" + }, + { + "ref": "cosmiconfig@9.0.0", + "dependsOn": [ + "env-paths@2.2.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "typescript@5.1.6" + ] + }, + { + "ref": "env-paths@2.2.1" + }, + { + "ref": "import-fresh@3.3.0", + "dependsOn": [ + "parent-module@1.0.1", + "resolve-from@4.0.0" + ] + }, + { + "ref": "js-yaml@4.1.0", + "dependsOn": [ + "argparse@2.0.1" + ] + }, + { + "ref": "error-ex@1.3.2", + "dependsOn": [ + "is-arrayish@0.2.1" + ] + }, + { + "ref": "json-parse-even-better-errors@2.3.1" + }, + { + "ref": "typescript@5.1.6" + }, + { + "ref": "debug@4.3.4", + "dependsOn": [ + "debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "debug@4.3.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "npm@10.8.0", + "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "semver@7.6.2", + "validate-npm-package-name@5.0.1", + "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2", + "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "semver@7.6.2", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + }, + { + "ref": "hosted-git-info@7.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2|lru-cache@10.2.2" + ] + }, + { + "ref": "hosted-git-info@7.0.2|lru-cache@10.2.2" + }, + { + "ref": "validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/config@8.3.2", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|abbrev@2.0.0", + "npm@10.8.0|archy@1.0.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|chalk@5.3.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|cli-columns@4.0.0", + "npm@10.8.0|fastest-levenshtein@1.0.16", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|init-package-json@6.0.3", + "npm@10.8.0|is-cidr@5.0.5", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|libnpmaccess@8.0.6", + "npm@10.8.0|libnpmdiff@6.1.2", + "npm@10.8.0|libnpmexec@8.1.1", + "npm@10.8.0|libnpmfund@5.0.10", + "npm@10.8.0|libnpmhook@10.0.5", + "npm@10.8.0|libnpmorg@6.0.6", + "npm@10.8.0|libnpmpack@7.0.2", + "npm@10.8.0|libnpmpublish@9.0.8", + "npm@10.8.0|libnpmsearch@7.0.5", + "npm@10.8.0|libnpmteam@6.0.5", + "npm@10.8.0|libnpmversion@6.0.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|ms@2.1.3", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-audit-report@5.0.0", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-profile@10.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|npm-user-validate@2.0.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|qrcode-terminal@0.12.0", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|spdx-expression-parse@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|supports-color@9.4.0", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|text-table@0.2.0", + "npm@10.8.0|tiny-relative-date@1.3.0", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|validate-npm-package-name@5.0.1", + "npm@10.8.0|which@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0" + }, + { + "ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/query@3.1.0", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|bin-links@4.0.4", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|common-ancestor-path@1.0.1", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|json-stringify-nice@1.1.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|proggy@2.0.0", + "npm@10.8.0|promise-all-reject-late@1.0.1", + "npm@10.8.0|promise-call-limit@3.0.1", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "dependsOn": [ + "npm@10.8.0|npm-bundled@3.0.1", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-bundled@3.0.1", + "dependsOn": [ + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|read-package-json-fast@3.0.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "dependsOn": [ + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|cacache@18.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass-collect@2.0.1", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|unique-filename@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2" + }, + { + "ref": "npm@10.8.0|pacote@18.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-packlist@8.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|proc-log@4.2.0" + }, + { + "ref": "npm@10.8.0|semver@7.6.2" + }, + { + "ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/query@3.1.0", + "dependsOn": [ + "npm@10.8.0|postcss-selector-parser@6.0.16" + ] + }, + { + "ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "dependsOn": [ + "npm@10.8.0|cssesc@3.0.0", + "npm@10.8.0|util-deprecate@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|cssesc@3.0.0" + }, + { + "ref": "npm@10.8.0|util-deprecate@1.0.2" + }, + { + "ref": "npm@10.8.0|@npmcli/redact@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|bin-links@4.0.4", + "dependsOn": [ + "npm@10.8.0|cmd-shim@6.0.3", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|read-cmd-shim@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|cmd-shim@6.0.3" + }, + { + "ref": "npm@10.8.0|read-cmd-shim@4.0.0" + }, + { + "ref": "npm@10.8.0|write-file-atomic@5.0.1", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|common-ancestor-path@1.0.1" + }, + { + "ref": "npm@10.8.0|hosted-git-info@7.0.2", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2" + ] + }, + { + "ref": "npm@10.8.0|json-stringify-nice@1.1.4" + }, + { + "ref": "npm@10.8.0|lru-cache@10.2.2" + }, + { + "ref": "npm@10.8.0|minimatch@9.0.4", + "dependsOn": [ + "npm@10.8.0|brace-expansion@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|nopt@7.2.1", + "dependsOn": [ + "npm@10.8.0|abbrev@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|npm-install-checks@6.3.0", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-package-arg@11.0.2", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "dependsOn": [ + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-json-stream@1.0.1", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|just-diff-apply@5.5.0", + "npm@10.8.0|just-diff@6.0.2" + ] + }, + { + "ref": "npm@10.8.0|proggy@2.0.0" + }, + { + "ref": "npm@10.8.0|promise-all-reject-late@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-call-limit@3.0.1" + }, + { + "ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ssri@10.0.6", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|treeverse@3.0.0" + }, + { + "ref": "npm@10.8.0|walk-up-path@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/config@8.3.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ci-info@4.0.0" + }, + { + "ref": "npm@10.8.0|ini@4.1.2" + }, + { + "ref": "npm@10.8.0|glob@10.3.15", + "dependsOn": [ + "npm@10.8.0|foreground-child@3.1.1", + "npm@10.8.0|jackspeak@2.3.6", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|path-scurry@1.11.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/git@5.0.7", + "dependsOn": [ + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-inflight@1.0.1", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "dependsOn": [ + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|promise-inflight@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-retry@2.0.1", + "dependsOn": [ + "npm@10.8.0|err-code@2.0.3", + "npm@10.8.0|retry@0.12.0" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0", + "dependsOn": [ + "npm@10.8.0|which@4.0.0|isexe@3.1.1" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1" + }, + { + "ref": "npm@10.8.0|normalize-package-data@6.0.1", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|is-core-module@2.13.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0", + "dependsOn": [ + "npm@10.8.0|env-paths@2.2.1", + "npm@10.8.0|exponential-backoff@3.1.1", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0" + }, + { + "ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|tuf-js@2.2.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + }, + { + "ref": "npm@10.8.0|tuf-js@2.2.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/models@2.0.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|make-fetch-happen@13.0.1" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/models@2.0.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0" + }, + { + "ref": "npm@10.8.0|debug@4.3.4", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2" + }, + { + "ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/agent@2.2.2", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|http-cache-semantics@4.1.1", + "npm@10.8.0|is-lambda@1.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|negotiator@0.6.3", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|abbrev@2.0.0" + }, + { + "ref": "npm@10.8.0|archy@1.0.0" + }, + { + "ref": "npm@10.8.0|fs-minipass@3.0.3", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass-collect@2.0.1", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass@7.1.1" + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5", + "dependsOn": [ + "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|yallist@4.0.0" + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "dependsOn": [ + "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|p-map@4.0.0", + "dependsOn": [ + "npm@10.8.0|aggregate-error@3.1.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1", + "dependsOn": [ + "npm@10.8.0|chownr@2.0.0", + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|mkdirp@1.0.4", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "dependsOn": [ + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0" + }, + { + "ref": "npm@10.8.0|unique-filename@3.0.0", + "dependsOn": [ + "npm@10.8.0|unique-slug@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|unique-slug@4.0.0", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4" + ] + }, + { + "ref": "npm@10.8.0|imurmurhash@0.1.4" + }, + { + "ref": "npm@10.8.0|chalk@5.3.0" + }, + { + "ref": "npm@10.8.0|cli-columns@4.0.0", + "dependsOn": [ + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|string-width@4.2.3", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|emoji-regex@8.0.0" + }, + { + "ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0" + }, + { + "ref": "npm@10.8.0|strip-ansi@6.0.1", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|ansi-regex@5.0.1" + }, + { + "ref": "npm@10.8.0|fastest-levenshtein@1.0.16" + }, + { + "ref": "npm@10.8.0|foreground-child@3.1.1", + "dependsOn": [ + "npm@10.8.0|cross-spawn@7.0.3", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3", + "dependsOn": [ + "npm@10.8.0|path-key@3.1.1", + "npm@10.8.0|shebang-command@2.0.0", + "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "dependsOn": [ + "npm@10.8.0|isexe@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|path-key@3.1.1" + }, + { + "ref": "npm@10.8.0|shebang-command@2.0.0", + "dependsOn": [ + "npm@10.8.0|shebang-regex@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|shebang-regex@3.0.0" + }, + { + "ref": "npm@10.8.0|isexe@2.0.0" + }, + { + "ref": "npm@10.8.0|signal-exit@4.1.0" + }, + { + "ref": "npm@10.8.0|jackspeak@2.3.6", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2", + "npm@10.8.0|@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "dependsOn": [ + "BomRef.6h760ft6oi8.7sr4bitkllo", + "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.uih8rvtlbdo.33q7f9m1mj", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "npm@10.8.0|wrap-ansi@7.0.0", + "npm@10.8.0|wrap-ansi@8.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "dependsOn": [ + "npm@10.8.0|color-convert@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|color-convert@2.0.1", + "dependsOn": [ + "npm@10.8.0|color-name@1.1.4" + ] + }, + { + "ref": "npm@10.8.0|color-name@1.1.4" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0", + "dependsOn": [ + "npm@10.8.0|ansi-styles@6.2.1", + "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + }, + { + "ref": "npm@10.8.0|ansi-styles@6.2.1" + }, + { + "ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0" + }, + { + "ref": "npm@10.8.0|path-scurry@1.11.1", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|graceful-fs@4.2.11" + }, + { + "ref": "npm@10.8.0|init-package-json@6.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|promzard@1.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|promzard@1.0.2", + "dependsOn": [ + "npm@10.8.0|read@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|read@3.0.1", + "dependsOn": [ + "npm@10.8.0|mute-stream@1.0.0" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0", + "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-exceptions@2.5.0" + }, + { + "ref": "npm@10.8.0|spdx-license-ids@3.0.17" + }, + { + "ref": "npm@10.8.0|validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0|is-cidr@5.0.5", + "dependsOn": [ + "npm@10.8.0|cidr-regex@4.0.5" + ] + }, + { + "ref": "npm@10.8.0|cidr-regex@4.0.5", + "dependsOn": [ + "npm@10.8.0|ip-regex@5.0.0" + ] + }, + { + "ref": "npm@10.8.0|ip-regex@5.0.0" + }, + { + "ref": "npm@10.8.0|libnpmaccess@8.0.6", + "dependsOn": [ + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmdiff@6.1.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|binary-extensions@2.3.0", + "npm@10.8.0|diff@5.2.0", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|binary-extensions@2.3.0" + }, + { + "ref": "npm@10.8.0|diff@5.2.0" + }, + { + "ref": "npm@10.8.0|libnpmexec@8.1.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmfund@5.0.10", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmhook@10.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|aproba@2.0.0" + }, + { + "ref": "npm@10.8.0|libnpmorg@6.0.6", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmpack@7.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6" + ] + }, + { + "ref": "npm@10.8.0|libnpmpublish@9.0.8", + "dependsOn": [ + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|sigstore@2.3.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|@sigstore/sign@2.3.1", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|@sigstore/verify@1.2.0" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/core@1.1.0" + }, + { + "ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmsearch@7.0.5", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmteam@6.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmversion@6.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|http-proxy-agent@7.0.2", + "npm@10.8.0|https-proxy-agent@7.0.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|socks-proxy-agent@8.0.3" + ] + }, + { + "ref": "npm@10.8.0|agent-base@7.1.1", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|socks@2.8.3" + ] + }, + { + "ref": "npm@10.8.0|socks@2.8.3", + "dependsOn": [ + "npm@10.8.0|ip-address@9.0.5", + "npm@10.8.0|smart-buffer@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|ip-address@9.0.5", + "dependsOn": [ + "npm@10.8.0|jsbn@1.1.0", + "npm@10.8.0|sprintf-js@1.1.3" + ] + }, + { + "ref": "npm@10.8.0|jsbn@1.1.0" + }, + { + "ref": "npm@10.8.0|sprintf-js@1.1.3" + }, + { + "ref": "npm@10.8.0|smart-buffer@4.2.0" + }, + { + "ref": "npm@10.8.0|http-cache-semantics@4.1.1" + }, + { + "ref": "npm@10.8.0|is-lambda@1.0.1" + }, + { + "ref": "npm@10.8.0|minipass-fetch@3.0.5", + "dependsOn": [ + "npm@10.8.0|encoding@0.1.13", + "npm@10.8.0|minipass-sized@1.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|encoding@0.1.13", + "dependsOn": [ + "npm@10.8.0|iconv-lite@0.6.3" + ] + }, + { + "ref": "npm@10.8.0|iconv-lite@0.6.3", + "dependsOn": [ + "npm@10.8.0|safer-buffer@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|safer-buffer@2.1.2" + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3", + "dependsOn": [ + "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2", + "dependsOn": [ + "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|negotiator@0.6.3" + }, + { + "ref": "npm@10.8.0|err-code@2.0.3" + }, + { + "ref": "npm@10.8.0|retry@0.12.0" + }, + { + "ref": "npm@10.8.0|brace-expansion@2.0.1", + "dependsOn": [ + "npm@10.8.0|balanced-match@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|balanced-match@1.0.2" + }, + { + "ref": "npm@10.8.0|ms@2.1.3" + }, + { + "ref": "npm@10.8.0|env-paths@2.2.1" + }, + { + "ref": "npm@10.8.0|exponential-backoff@3.1.1" + }, + { + "ref": "npm@10.8.0|is-core-module@2.13.1", + "dependsOn": [ + "npm@10.8.0|hasown@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|hasown@2.0.2", + "dependsOn": [ + "npm@10.8.0|function-bind@1.1.2" + ] + }, + { + "ref": "npm@10.8.0|function-bind@1.1.2" + }, + { + "ref": "npm@10.8.0|npm-audit-report@5.0.0" + }, + { + "ref": "npm@10.8.0|npm-profile@10.0.0", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "dependsOn": [ + "npm@10.8.0|jsonparse@1.3.1", + "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|jsonparse@1.3.1" + }, + { + "ref": "npm@10.8.0|npm-user-validate@2.0.1" + }, + { + "ref": "npm@10.8.0|aggregate-error@3.1.0", + "dependsOn": [ + "npm@10.8.0|clean-stack@2.2.0", + "npm@10.8.0|indent-string@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|clean-stack@2.2.0" + }, + { + "ref": "npm@10.8.0|indent-string@4.0.0" + }, + { + "ref": "npm@10.8.0|npm-packlist@8.0.2", + "dependsOn": [ + "npm@10.8.0|ignore-walk@6.0.5" + ] + }, + { + "ref": "npm@10.8.0|ignore-walk@6.0.5", + "dependsOn": [ + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|just-diff-apply@5.5.0" + }, + { + "ref": "npm@10.8.0|just-diff@6.0.2" + }, + { + "ref": "npm@10.8.0|qrcode-terminal@0.12.0" + }, + { + "ref": "npm@10.8.0|mute-stream@1.0.0" + }, + { + "ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|supports-color@9.4.0" + }, + { + "ref": "npm@10.8.0|chownr@2.0.0" + }, + { + "ref": "npm@10.8.0|mkdirp@1.0.4" + }, + { + "ref": "npm@10.8.0|text-table@0.2.0" + }, + { + "ref": "npm@10.8.0|tiny-relative-date@1.3.0" + }, + { + "ref": "@oclif/plugin-version@2.2.2", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "ansis@3.2.0" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-version@2.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "lodash@4.17.21" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "dependsOn": [ + "content-type@1.0.5", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "is-stream@2.0.1", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "dependsOn": [ + "error-ex@1.3.2", + "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "content-type@1.0.5" + }, + { + "ref": "is-stream@2.0.1" + }, + { + "ref": "is-arrayish@0.2.1" + }, + { + "ref": "safe-buffer@5.2.1" + }, + { + "ref": "@oclif/test@3.2.15", + "dependsOn": [ + "@oclif/core@3.26.9", + "chai@4.4.1", + "fancy-test@3.0.15" + ] + }, + { + "ref": "chai@4.4.1", + "dependsOn": [ + "assertion-error@1.1.0", + "check-error@1.0.3", + "deep-eql@4.1.3", + "get-func-name@2.0.2", + "loupe@2.3.7", + "pathval@1.1.1", + "type-detect@4.0.8" + ] + }, + { + "ref": "fancy-test@3.0.15", + "dependsOn": [ + "@types/chai@4.3.14", + "@types/lodash@4.17.4", + "@types/node@20.14.1", + "@types/sinon@17.0.3", + "lodash@4.17.21", + "mock-stdin@1.0.0", + "nock@13.5.4", + "sinon@16.1.3", + "stdout-stderr@0.1.13" + ] + }, + { + "ref": "@types/chai@4.3.14" + }, + { + "ref": "@types/sinon@17.0.3", + "dependsOn": [ + "@types/sinonjs__fake-timers@8.1.5" + ] + }, + { + "ref": "@types/sinonjs__fake-timers@8.1.5" + }, + { + "ref": "mock-stdin@1.0.0" + }, + { + "ref": "nock@13.5.4", + "dependsOn": [ + "debug@4.3.4", + "json-stringify-safe@5.0.1", + "propagate@2.0.1" + ] + }, + { + "ref": "json-stringify-safe@5.0.1" + }, + { + "ref": "propagate@2.0.1" + }, + { + "ref": "sinon@16.1.3", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "@sinonjs/fake-timers@10.3.0", + "@sinonjs/samsam@8.0.0", + "sinon@16.1.3|diff@5.2.0", + "nise@5.1.9", + "sinon@16.1.3|supports-color@7.2.0" + ] + }, + { + "ref": "sinon@16.1.3|diff@5.2.0" + }, + { + "ref": "sinon@16.1.3|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "@sinonjs/commons@3.0.1", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/fake-timers@10.3.0", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0", + "dependsOn": [ + "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "lodash.get@4.4.2", + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "lodash.get@4.4.2" + }, + { + "ref": "nise@5.1.9", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "@sinonjs/text-encoding@0.7.2", + "just-extend@6.2.0", + "nise@5.1.9|path-to-regexp@6.2.2" + ] + }, + { + "ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "nise@5.1.9|path-to-regexp@6.2.2" + }, + { + "ref": "@sinonjs/text-encoding@0.7.2" + }, + { + "ref": "just-extend@6.2.0" + }, + { + "ref": "stdout-stderr@0.1.13", + "dependsOn": [ + "debug@4.3.4", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@smithy/abort-controller@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@types/express@4.17.21", + "dependsOn": [ + "@types/body-parser@1.19.5", + "@types/express-serve-static-core@4.19.0", + "@types/qs@6.9.15", + "@types/serve-static@1.15.7" + ] + }, + { + "ref": "@types/body-parser@1.19.5", + "dependsOn": [ + "@types/connect@3.4.38", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/connect@3.4.38", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/express-serve-static-core@4.19.0", + "dependsOn": [ + "@types/node@20.14.1", + "@types/qs@6.9.15", + "@types/range-parser@1.2.7", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/qs@6.9.15" + }, + { + "ref": "@types/range-parser@1.2.7" + }, + { + "ref": "@types/send@0.17.4", + "dependsOn": [ + "@types/mime@1.3.5", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/mime@1.3.5" + }, + { + "ref": "@types/serve-static@1.15.7", + "dependsOn": [ + "@types/http-errors@2.0.4", + "@types/node@20.14.1", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/http-errors@2.0.4" + }, + { + "ref": "@types/fs-extra@11.0.4", + "dependsOn": [ + "@types/jsonfile@6.1.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/jsonfile@6.1.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/get-installed-path@4.0.3" + }, + { + "ref": "@types/jest@29.5.12", + "dependsOn": [ + "expect@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "expect@29.7.0", + "dependsOn": [ + "@jest/expect-utils@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/expect-utils@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3" + ] + }, + { + "ref": "jest-get-type@29.6.3" + }, + { + "ref": "jest-matcher-utils@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-diff@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "diff-sequences@29.6.3", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "diff-sequences@29.6.3" + }, + { + "ref": "pretty-format@29.7.0", + "dependsOn": [ + "@jest/schemas@29.6.3", + "pretty-format@29.7.0|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "pretty-format@29.7.0|ansi-styles@5.2.0" + }, + { + "ref": "jest-message-util@29.7.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@jest/types@29.6.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/types@29.6.3", + "dependsOn": [ + "@jest/schemas@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "jest-util@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-util@29.7.0|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "jest-util@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/schemas@29.6.3", + "dependsOn": [ + "@sinclair/typebox@0.27.8" + ] + }, + { + "ref": "@sinclair/typebox@0.27.8" + }, + { + "ref": "@types/js-yaml@4.0.9" + }, + { + "ref": "@types/mocha@10.0.6" + }, + { + "ref": "@types/mock-fs@4.13.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "undici-types@5.26.5" + }, + { + "ref": "@types/objects-to-csv@1.3.3" + }, + { + "ref": "@types/prompt-sync@4.2.3" + }, + { + "ref": "@types/tmp@0.2.6" + }, + { + "ref": "@types/uuid@9.0.8" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0", + "dependsOn": [ + "@eslint-community/regexpp@4.10.0", + "@typescript-eslint/parser@7.7.1", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/type-utils@7.12.0", + "@typescript-eslint/utils@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "eslint@8.57.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "natural-compare@1.4.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@eslint-community/regexpp@4.10.0" + }, + { + "ref": "@typescript-eslint/parser@7.7.1", + "dependsOn": [ + "@typescript-eslint/scope-manager@7.7.1", + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/typescript-estree@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/scope-manager@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1" + ] + }, + { + "ref": "@typescript-eslint/types@7.7.1" + }, + { + "ref": "@typescript-eslint/visitor-keys@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/typescript-estree@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "ts-api-utils@1.3.0", + "dependsOn": [ + "typescript@5.1.6" + ] + }, + { + "ref": "eslint-visitor-keys@3.4.3" + }, + { + "ref": "eslint@8.57.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@eslint-community/regexpp@4.10.0", + "@eslint/eslintrc@2.1.4", + "@eslint/js@8.57.0", + "@humanwhocodes/config-array@0.11.14", + "@humanwhocodes/module-importer@1.0.1", + "@nodelib/fs.walk@1.2.8", + "@ungap/structured-clone@1.2.0", + "eslint@8.57.0|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "escape-string-regexp@4.0.0", + "eslint-scope@7.2.2", + "eslint-visitor-keys@3.4.3", + "espree@9.6.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "find-up@5.0.0", + "glob-parent@6.0.2", + "globals@13.24.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "is-path-inside@3.0.3", + "js-yaml@4.1.0", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint@8.57.0|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "strip-ansi@6.0.1", + "text-table@0.2.0" + ] + }, + { + "ref": "eslint@8.57.0|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint@8.57.0|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint@8.57.0|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint@8.57.0|minimatch@3.1.2", + "dependsOn": [ + "eslint@8.57.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint@8.57.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "@typescript-eslint/utils@7.12.0", + "debug@4.3.4", + "eslint@8.57.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@eslint-community/eslint-utils@4.4.0", + "dependsOn": [ + "eslint-visitor-keys@3.4.3", + "eslint@8.57.0" + ] + }, + { + "ref": "graphemer@1.4.0" + }, + { + "ref": "accurate-search@1.2.15" + }, + { + "ref": "ajv@8.16.0", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "json-schema-traverse@1.0.0", + "require-from-string@2.0.2", + "uri-js@4.4.1" + ] + }, + { + "ref": "fast-deep-equal@3.1.3" + }, + { + "ref": "json-schema-traverse@1.0.0" + }, + { + "ref": "require-from-string@2.0.2" + }, + { + "ref": "uri-js@4.4.1", + "dependsOn": [ + "punycode@2.3.1" + ] + }, + { + "ref": "punycode@2.3.1" + }, + { + "ref": "form-data@4.0.0", + "dependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "mime-types@2.1.35" + ] + }, + { + "ref": "proxy-from-env@1.1.0" + }, + { + "ref": "assertion-error@1.1.0" + }, + { + "ref": "check-error@1.0.3", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "get-func-name@2.0.2" + }, + { + "ref": "deep-eql@4.1.3", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "loupe@2.3.7", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "pathval@1.1.1" + }, + { + "ref": "colors@1.4.0" + }, + { + "ref": "csv-parse@4.16.3" + }, + { + "ref": "dotenv@16.4.5" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "functional-red-black-tree@1.0.1", + "ignore@5.3.1", + "regexpp@3.2.0", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "enquirer@2.4.1", + "escape-string-regexp@4.0.0", + "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "functional-red-black-tree@1.0.1", + "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "import-fresh@3.3.0", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "progress@2.0.3", + "regexpp@3.2.0", + "semver@7.6.2", + "strip-ansi@6.0.1", + "strip-json-comments@3.1.1", + "table@6.8.2", + "text-table@0.2.0", + "v8-compile-cache@2.4.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "dependsOn": [ + "@babel/highlight@7.24.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "import-fresh@3.3.0", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0", + "dependsOn": [ + "@types/json-schema@7.0.15", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "eslint-utils@3.0.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + }, + { + "ref": "@types/json-schema@7.0.15" + }, + { + "ref": "tsutils@3.21.0", + "dependsOn": [ + "tsutils@3.21.0|tslib@1.14.1", + "typescript@5.1.6" + ] + }, + { + "ref": "tsutils@3.21.0|tslib@1.14.1" + }, + { + "ref": "esrecurse@4.3.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "eslint-utils@3.0.0", + "dependsOn": [ + "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/highlight@7.24.2", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@babel/highlight@7.24.2|chalk@2.4.2", + "js-tokens@4.0.0", + "picocolors@1.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "dependsOn": [ + "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "@babel/highlight@7.24.2|supports-color@5.5.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "dependsOn": [ + "@babel/highlight@7.24.2|color-convert@1.9.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "dependsOn": [ + "@babel/highlight@7.24.2|color-name@1.1.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-name@1.1.3" + }, + { + "ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5" + }, + { + "ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "dependsOn": [ + "@babel/highlight@7.24.2|has-flag@3.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|has-flag@3.0.0" + }, + { + "ref": "globals@13.24.0", + "dependsOn": [ + "globals@13.24.0|type-fest@0.20.2" + ] + }, + { + "ref": "globals@13.24.0|type-fest@0.20.2" + }, + { + "ref": "doctrine@3.0.0", + "dependsOn": [ + "esutils@2.0.3" + ] + }, + { + "ref": "enquirer@2.4.1", + "dependsOn": [ + "ansi-colors@4.1.1", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-colors@4.1.1" + }, + { + "ref": "acorn-jsx@5.3.2", + "dependsOn": [ + "acorn@8.11.3" + ] + }, + { + "ref": "esquery@1.5.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "esutils@2.0.3" + }, + { + "ref": "file-entry-cache@6.0.1", + "dependsOn": [ + "flat-cache@3.2.0" + ] + }, + { + "ref": "functional-red-black-tree@1.0.1" + }, + { + "ref": "imurmurhash@0.1.4" + }, + { + "ref": "json-stable-stringify-without-jsonify@1.0.1" + }, + { + "ref": "levn@0.4.1", + "dependsOn": [ + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "lodash.merge@4.6.2" + }, + { + "ref": "optionator@0.9.3", + "dependsOn": [ + "@aashutoshrathi/word-wrap@1.2.6", + "deep-is@0.1.4", + "optionator@0.9.3|fast-levenshtein@2.0.6", + "levn@0.4.1", + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "optionator@0.9.3|fast-levenshtein@2.0.6" + }, + { + "ref": "progress@2.0.3" + }, + { + "ref": "regexpp@3.2.0" + }, + { + "ref": "table@6.8.2", + "dependsOn": [ + "ajv@8.16.0", + "lodash.truncate@4.4.2", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "text-table@0.2.0" + }, + { + "ref": "v8-compile-cache@2.4.0" + }, + { + "ref": "confusing-browser-globals@1.0.10" + }, + { + "ref": "eslint-plugin-mocha@9.0.0", + "dependsOn": [ + "eslint-utils@3.0.0", + "eslint@8.57.0", + "ramda@0.27.2" + ] + }, + { + "ref": "ramda@0.27.2" + }, + { + "ref": "eslint-plugin-node@11.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1", + "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "eslint@8.57.0", + "ignore@5.3.1", + "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "resolve@1.22.8", + "eslint-plugin-node@11.1.0|semver@6.3.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "dependsOn": [ + "eslint-plugin-node@11.1.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|semver@6.3.1" + }, + { + "ref": "eslint-plugin-es@3.0.1", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "eslint@8.57.0", + "regexpp@3.2.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif@4.0.0", + "dependsOn": [ + "eslint-config-xo-space@0.27.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0", + "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "clean-regexp@1.0.0", + "eslint-template-visitor@2.3.2", + "eslint-utils@3.0.0", + "eslint@8.57.0", + "is-builtin-module@3.2.1", + "lodash@4.17.21", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "safe-regex@2.1.1", + "semver@7.6.2" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0" + }, + { + "ref": "eslint-config-xo-space@0.27.0", + "dependsOn": [ + "eslint-config-xo@0.35.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-config-xo@0.35.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint@8.57.0" + ] + }, + { + "ref": "@babel/helper-validator-identifier@7.22.20" + }, + { + "ref": "clean-regexp@1.0.0", + "dependsOn": [ + "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + }, + { + "ref": "eslint-template-visitor@2.3.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/eslint-parser@7.24.1", + "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "esquery@1.5.0", + "multimap@1.1.0" + ] + }, + { + "ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "@babel/eslint-parser@7.24.1|semver@6.3.1" + ] + }, + { + "ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1|semver@6.3.1" + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "dependsOn": [ + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + }, + { + "ref": "multimap@1.1.0" + }, + { + "ref": "is-builtin-module@3.2.1", + "dependsOn": [ + "builtin-modules@3.3.0" + ] + }, + { + "ref": "pluralize@8.0.0" + }, + { + "ref": "read-pkg-up@7.0.1", + "dependsOn": [ + "read-pkg-up@7.0.1|find-up@4.1.0", + "read-pkg@5.2.0", + "read-pkg-up@7.0.1|type-fest@0.8.1" + ] + }, + { + "ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-locate@4.1.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-limit@2.3.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|type-fest@0.8.1" + }, + { + "ref": "regexp-tree@0.1.27" + }, + { + "ref": "safe-regex@2.1.1", + "dependsOn": [ + "regexp-tree@0.1.27" + ] + }, + { + "ref": "eslint-plugin-unicorn@52.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@eslint-community/eslint-utils@4.4.0", + "@eslint/eslintrc@2.1.4", + "ci-info@4.0.0", + "clean-regexp@1.0.0", + "core-js-compat@3.37.0", + "eslint@8.57.0", + "esquery@1.5.0", + "indent-string@4.0.0", + "is-builtin-module@3.2.1", + "jsesc@3.0.2", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "regjsparser@0.10.0", + "semver@7.6.2", + "strip-indent@3.0.0" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "debug@4.3.4", + "espree@9.6.1", + "globals@13.24.0", + "ignore@5.3.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1" + }, + { + "ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "espree@9.6.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "acorn@8.11.3", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "parent-module@1.0.1", + "dependsOn": [ + "callsites@3.1.0" + ] + }, + { + "ref": "resolve-from@4.0.0" + }, + { + "ref": "ci-info@4.0.0" + }, + { + "ref": "core-js-compat@3.37.0", + "dependsOn": [ + "browserslist@4.23.0" + ] + }, + { + "ref": "browserslist@4.23.0", + "dependsOn": [ + "caniuse-lite@1.0.30001612", + "electron-to-chromium@1.4.747", + "node-releases@2.0.14", + "update-browserslist-db@1.0.13" + ] + }, + { + "ref": "caniuse-lite@1.0.30001612" + }, + { + "ref": "electron-to-chromium@1.4.747" + }, + { + "ref": "node-releases@2.0.14" + }, + { + "ref": "update-browserslist-db@1.0.13", + "dependsOn": [ + "browserslist@4.23.0", + "escalade@3.1.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "escalade@3.1.2" + }, + { + "ref": "estraverse@5.3.0" + }, + { + "ref": "builtin-modules@3.3.0" + }, + { + "ref": "jsesc@3.0.2" + }, + { + "ref": "p-try@2.2.0" + }, + { + "ref": "path-exists@4.0.0" + }, + { + "ref": "read-pkg@5.2.0", + "dependsOn": [ + "@types/normalize-package-data@2.4.4", + "read-pkg@5.2.0|normalize-package-data@2.5.0", + "parse-json@5.2.0", + "read-pkg@5.2.0|type-fest@0.6.0" + ] + }, + { + "ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "dependsOn": [ + "read-pkg@5.2.0|hosted-git-info@2.8.9", + "resolve@1.22.8", + "read-pkg@5.2.0|semver@5.7.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "read-pkg@5.2.0|hosted-git-info@2.8.9" + }, + { + "ref": "read-pkg@5.2.0|semver@5.7.2" + }, + { + "ref": "read-pkg@5.2.0|type-fest@0.6.0" + }, + { + "ref": "@types/normalize-package-data@2.4.4" + }, + { + "ref": "validate-npm-package-license@3.0.4", + "dependsOn": [ + "spdx-correct@3.2.0", + "spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "regjsparser@0.10.0", + "dependsOn": [ + "regjsparser@0.10.0|jsesc@0.5.0" + ] + }, + { + "ref": "regjsparser@0.10.0|jsesc@0.5.0" + }, + { + "ref": "strip-indent@3.0.0", + "dependsOn": [ + "min-indent@1.0.1" + ] + }, + { + "ref": "min-indent@1.0.1" + }, + { + "ref": "@eslint/js@8.57.0" + }, + { + "ref": "@humanwhocodes/config-array@0.11.14", + "dependsOn": [ + "@humanwhocodes/object-schema@2.0.3", + "debug@4.3.4", + "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "dependsOn": [ + "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@humanwhocodes/object-schema@2.0.3" + }, + { + "ref": "@humanwhocodes/module-importer@1.0.1" + }, + { + "ref": "@nodelib/fs.scandir@2.1.5", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ] + }, + { + "ref": "run-parallel@1.2.0", + "dependsOn": [ + "queue-microtask@1.2.3" + ] + }, + { + "ref": "queue-microtask@1.2.3" + }, + { + "ref": "fastq@1.17.1", + "dependsOn": [ + "reusify@1.0.4" + ] + }, + { + "ref": "reusify@1.0.4" + }, + { + "ref": "@ungap/structured-clone@1.2.0" + }, + { + "ref": "path-key@3.1.1" + }, + { + "ref": "shebang-command@2.0.0", + "dependsOn": [ + "shebang-regex@3.0.0" + ] + }, + { + "ref": "shebang-regex@3.0.0" + }, + { + "ref": "which@2.0.2", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "isexe@2.0.0" + }, + { + "ref": "eslint-scope@7.2.2", + "dependsOn": [ + "esrecurse@4.3.0", + "estraverse@5.3.0" + ] + }, + { + "ref": "acorn@8.11.3" + }, + { + "ref": "flat-cache@3.2.0", + "dependsOn": [ + "flatted@3.3.1", + "keyv@4.5.4", + "rimraf@3.0.2" + ] + }, + { + "ref": "flatted@3.3.1" + }, + { + "ref": "keyv@4.5.4", + "dependsOn": [ + "json-buffer@3.0.1" + ] + }, + { + "ref": "json-buffer@3.0.1" + }, + { + "ref": "find-up@5.0.0", + "dependsOn": [ + "locate-path@6.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "locate-path@6.0.0", + "dependsOn": [ + "p-locate@5.0.0" + ] + }, + { + "ref": "p-locate@5.0.0", + "dependsOn": [ + "p-limit@3.1.0" + ] + }, + { + "ref": "is-extglob@2.1.1" + }, + { + "ref": "is-path-inside@3.0.3" + }, + { + "ref": "prelude-ls@1.2.1" + }, + { + "ref": "type-check@0.4.0", + "dependsOn": [ + "prelude-ls@1.2.1" + ] + }, + { + "ref": "@aashutoshrathi/word-wrap@1.2.6" + }, + { + "ref": "deep-is@0.1.4" + }, + { + "ref": "accepts@1.3.8", + "dependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ] + }, + { + "ref": "mime-types@2.1.35", + "dependsOn": [ + "mime-db@1.52.0" + ] + }, + { + "ref": "negotiator@0.6.3" + }, + { + "ref": "array-flatten@1.1.1" + }, + { + "ref": "body-parser@1.20.2", + "dependsOn": [ + "bytes@3.1.2", + "content-type@1.0.5", + "body-parser@1.20.2|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "on-finished@2.4.1", + "qs@6.11.0", + "raw-body@2.5.2", + "type-is@1.6.18", + "unpipe@1.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|debug@2.6.9", + "dependsOn": [ + "body-parser@1.20.2|ms@2.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|ms@2.0.0" + }, + { + "ref": "bytes@3.1.2" + }, + { + "ref": "depd@2.0.0" + }, + { + "ref": "destroy@1.2.0" + }, + { + "ref": "http-errors@2.0.0", + "dependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "toidentifier@1.0.1" + ] + }, + { + "ref": "iconv-lite@0.4.24", + "dependsOn": [ + "safer-buffer@2.1.2" + ] + }, + { + "ref": "safer-buffer@2.1.2" + }, + { + "ref": "on-finished@2.4.1", + "dependsOn": [ + "ee-first@1.1.1" + ] + }, + { + "ref": "qs@6.11.0", + "dependsOn": [ + "side-channel@1.0.6" + ] + }, + { + "ref": "raw-body@2.5.2", + "dependsOn": [ + "bytes@3.1.2", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "unpipe@1.0.0" + ] + }, + { + "ref": "unpipe@1.0.0" + }, + { + "ref": "type-is@1.6.18", + "dependsOn": [ + "media-typer@0.3.0", + "mime-types@2.1.35" + ] + }, + { + "ref": "content-disposition@0.5.4", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "cookie-signature@1.0.6" + }, + { + "ref": "cookie@0.6.0" + }, + { + "ref": "encodeurl@1.0.2" + }, + { + "ref": "escape-html@1.0.3" + }, + { + "ref": "etag@1.8.1" + }, + { + "ref": "finalhandler@1.2.0", + "dependsOn": [ + "finalhandler@1.2.0|debug@2.6.9", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "on-finished@2.4.1", + "parseurl@1.3.3", + "statuses@2.0.1", + "unpipe@1.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|debug@2.6.9", + "dependsOn": [ + "finalhandler@1.2.0|ms@2.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|ms@2.0.0" + }, + { + "ref": "parseurl@1.3.3" + }, + { + "ref": "statuses@2.0.1" + }, + { + "ref": "fresh@0.5.2" + }, + { + "ref": "setprototypeof@1.2.0" + }, + { + "ref": "toidentifier@1.0.1" + }, + { + "ref": "merge-descriptors@1.0.1" + }, + { + "ref": "methods@1.1.2" + }, + { + "ref": "ee-first@1.1.1" + }, + { + "ref": "path-to-regexp@0.1.7" + }, + { + "ref": "proxy-addr@2.0.7", + "dependsOn": [ + "forwarded@0.2.0", + "ipaddr.js@1.9.1" + ] + }, + { + "ref": "forwarded@0.2.0" + }, + { + "ref": "ipaddr.js@1.9.1" + }, + { + "ref": "side-channel@1.0.6", + "dependsOn": [ + "call-bind@1.0.7", + "es-errors@1.3.0", + "get-intrinsic@1.2.4", + "object-inspect@1.13.1" + ] + }, + { + "ref": "call-bind@1.0.7", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "set-function-length@1.2.2" + ] + }, + { + "ref": "es-define-property@1.0.0", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "get-intrinsic@1.2.4", + "dependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2", + "has-proto@1.0.3", + "has-symbols@1.0.3", + "hasown@2.0.2" + ] + }, + { + "ref": "es-errors@1.3.0" + }, + { + "ref": "function-bind@1.1.2" + }, + { + "ref": "set-function-length@1.2.2", + "dependsOn": [ + "define-data-property@1.1.4", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "gopd@1.0.1", + "has-property-descriptors@1.0.2" + ] + }, + { + "ref": "define-data-property@1.1.4", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "gopd@1.0.1" + ] + }, + { + "ref": "gopd@1.0.1", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "has-property-descriptors@1.0.2", + "dependsOn": [ + "es-define-property@1.0.0" + ] + }, + { + "ref": "has-proto@1.0.3" + }, + { + "ref": "has-symbols@1.0.3" + }, + { + "ref": "hasown@2.0.2", + "dependsOn": [ + "function-bind@1.1.2" + ] + }, + { + "ref": "object-inspect@1.13.1" + }, + { + "ref": "range-parser@1.2.1" + }, + { + "ref": "send@0.18.0", + "dependsOn": [ + "send@0.18.0|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.0", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.1" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9", + "dependsOn": [ + "send@0.18.0|debug@2.6.9|ms@2.0.0" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9|ms@2.0.0" + }, + { + "ref": "mime@1.6.0" + }, + { + "ref": "serve-static@1.15.0", + "dependsOn": [ + "encodeurl@1.0.2", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.18.0" + ] + }, + { + "ref": "media-typer@0.3.0" + }, + { + "ref": "utils-merge@1.0.1" + }, + { + "ref": "vary@1.1.2" + }, + { + "ref": "asynckit@0.4.0" + }, + { + "ref": "combined-stream@1.0.8", + "dependsOn": [ + "delayed-stream@1.0.0" + ] + }, + { + "ref": "delayed-stream@1.0.0" + }, + { + "ref": "mime-db@1.52.0" + }, + { + "ref": "fs-extra@11.2.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@6.1.0", + "universalify@2.0.1" + ] + }, + { + "ref": "jsonfile@6.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "universalify@2.0.1" + ] + }, + { + "ref": "universalify@2.0.1" + }, + { + "ref": "get-installed-path@4.0.8", + "dependsOn": [ + "global-modules@1.0.0" + ] + }, + { + "ref": "global-modules@1.0.0", + "dependsOn": [ + "global-prefix@1.0.2", + "is-windows@1.0.2", + "resolve-dir@1.0.1" + ] + }, + { + "ref": "global-prefix@1.0.2", + "dependsOn": [ + "expand-tilde@2.0.2", + "homedir-polyfill@1.0.3", + "ini@1.3.8", + "is-windows@1.0.2", + "global-prefix@1.0.2|which@1.3.1" + ] + }, + { + "ref": "global-prefix@1.0.2|which@1.3.1", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "expand-tilde@2.0.2", + "dependsOn": [ + "homedir-polyfill@1.0.3" + ] + }, + { + "ref": "homedir-polyfill@1.0.3", + "dependsOn": [ + "parse-passwd@1.0.0" + ] + }, + { + "ref": "parse-passwd@1.0.0" + }, + { + "ref": "is-windows@1.0.2" + }, + { + "ref": "resolve-dir@1.0.1", + "dependsOn": [ + "expand-tilde@2.0.2", + "global-modules@1.0.0" + ] + }, + { + "ref": "domhandler@5.0.3", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "domutils@3.1.0", + "dependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ] + }, + { + "ref": "dom-serializer@2.0.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ] + }, + { + "ref": "entities@4.5.0" + }, + { + "ref": "https@1.0.0" + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2", + "dependsOn": [ + "chalk@4.1.2", + "cli-cursor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1" + ] + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "cli-cursor@3.1.0", + "dependsOn": [ + "restore-cursor@3.1.0" + ] + }, + { + "ref": "restore-cursor@3.1.0", + "dependsOn": [ + "onetime@5.1.2", + "signal-exit@3.0.7" + ] + }, + { + "ref": "onetime@5.1.2", + "dependsOn": [ + "mimic-fn@2.1.0" + ] + }, + { + "ref": "mimic-fn@2.1.0" + }, + { + "ref": "signal-exit@3.0.7" + }, + { + "ref": "figures@3.2.0", + "dependsOn": [ + "figures@3.2.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "figures@3.2.0|escape-string-regexp@1.0.5" + }, + { + "ref": "inquirer@8.0.0", + "dependsOn": [ + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-cursor@3.1.0", + "cli-width@3.0.0", + "external-editor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "mute-stream@0.0.8", + "run-async@2.4.1", + "rxjs@6.6.7", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "through@2.3.8" + ] + }, + { + "ref": "cli-width@3.0.0" + }, + { + "ref": "external-editor@3.1.0", + "dependsOn": [ + "chardet@0.7.0", + "iconv-lite@0.4.24", + "external-editor@3.1.0|tmp@0.0.33" + ] + }, + { + "ref": "external-editor@3.1.0|tmp@0.0.33", + "dependsOn": [ + "os-tmpdir@1.0.2" + ] + }, + { + "ref": "chardet@0.7.0" + }, + { + "ref": "os-tmpdir@1.0.2" + }, + { + "ref": "mute-stream@0.0.8" + }, + { + "ref": "run-async@2.4.1" + }, + { + "ref": "rxjs@6.6.7", + "dependsOn": [ + "rxjs@6.6.7|tslib@1.14.1" + ] + }, + { + "ref": "rxjs@6.6.7|tslib@1.14.1" + }, + { + "ref": "through@2.3.8" + }, + { + "ref": "jest-mock@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-util@29.7.0" + ] + }, + { + "ref": "@types/istanbul-lib-report@3.0.3", + "dependsOn": [ + "@types/istanbul-lib-coverage@2.0.6" + ] + }, + { + "ref": "@types/yargs-parser@21.0.3" + }, + { + "ref": "jest@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/types@29.6.3", + "import-local@3.1.0", + "jest-cli@29.7.0" + ] + }, + { + "ref": "@jest/core@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/reporters@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@jest/core@29.7.0|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-changed-files@29.7.0", + "jest-config@29.7.0", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve-dependencies@29.7.0", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "jest-watcher@29.7.0", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@jest/core@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/console@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "@jest/reporters@29.7.0", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@jest/console@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "istanbul-lib-instrument@6.0.2", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@jest/test-result@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/types@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@jest/transform@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "convert-source-map@2.0.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "fs.realpath@1.0.0" + }, + { + "ref": "inflight@1.0.6", + "dependsOn": [ + "once@1.4.0", + "wrappy@1.0.2" + ] + }, + { + "ref": "path-is-absolute@1.0.1" + }, + { + "ref": "istanbul-lib-instrument@6.0.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "semver@7.6.2" + ] + }, + { + "ref": "make-dir@4.0.0", + "dependsOn": [ + "semver@7.6.2" + ] + }, + { + "ref": "source-map@0.6.1" + }, + { + "ref": "html-escaper@2.0.2" + }, + { + "ref": "jest-worker@29.7.0", + "dependsOn": [ + "@types/node@20.14.1", + "jest-util@29.7.0", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "char-regex@1.0.2" + }, + { + "ref": "convert-source-map@2.0.0" + }, + { + "ref": "jest-changed-files@29.7.0", + "dependsOn": [ + "execa@5.1.1", + "jest-util@29.7.0", + "p-limit@3.1.0" + ] + }, + { + "ref": "get-stream@6.0.1" + }, + { + "ref": "human-signals@2.1.0" + }, + { + "ref": "npm-run-path@4.0.1", + "dependsOn": [ + "path-key@3.1.1" + ] + }, + { + "ref": "strip-final-newline@2.0.0" + }, + { + "ref": "yocto-queue@0.1.0" + }, + { + "ref": "jest-config@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/test-sequencer@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "babel-jest@29.7.0", + "chalk@4.1.2", + "jest-config@29.7.0|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-circus@29.7.0", + "jest-environment-node@29.7.0", + "jest-get-type@29.6.3", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "micromatch@4.0.5", + "parse-json@5.2.0", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "jest-config@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/test-sequencer@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "jest-haste-map@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "babel-jest@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "babel-preset-jest@29.6.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "jest-circus@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "dedent@1.5.3", + "is-generator-fn@2.1.0", + "jest-each@29.7.0", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "p-limit@3.1.0", + "pretty-format@29.7.0", + "pure-rand@6.1.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/environment@29.7.0", + "dependsOn": [ + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/expect@29.7.0", + "dependsOn": [ + "expect@29.7.0", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "jest-snapshot@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-jsx@7.24.1", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/types@7.24.0", + "@jest/expect-utils@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "expect@29.7.0", + "graceful-fs@4.2.11", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "natural-compare@1.4.0", + "pretty-format@29.7.0", + "semver@7.6.2" + ] + }, + { + "ref": "dedent@1.5.3" + }, + { + "ref": "jest-each@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "jest-util@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-runtime@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/globals@29.7.0", + "@jest/source-map@29.6.3", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "pure-rand@6.1.0" + }, + { + "ref": "jest-environment-node@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/fake-timers@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@sinonjs/fake-timers@10.3.0", + "@types/node@20.14.1", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "jest-regex-util@29.6.3" + }, + { + "ref": "jest-resolve@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-pnp-resolver@1.2.3", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "resolve.exports@2.0.2", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "jest-runner@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/environment@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "emittery@0.13.1", + "graceful-fs@4.2.11", + "jest-docblock@29.7.0", + "jest-environment-node@29.7.0", + "jest-haste-map@29.7.0", + "jest-leak-detector@29.7.0", + "jest-message-util@29.7.0", + "jest-resolve@29.7.0", + "jest-runtime@29.7.0", + "jest-util@29.7.0", + "jest-watcher@29.7.0", + "jest-worker@29.7.0", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "jest-validate@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "jest-validate@29.7.0|camelcase@6.3.0", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "leven@3.1.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-validate@29.7.0|camelcase@6.3.0" + }, + { + "ref": "bser@2.1.1", + "dependsOn": [ + "node-int64@0.4.0" + ] + }, + { + "ref": "node-int64@0.4.0" + }, + { + "ref": "makeerror@1.0.12", + "dependsOn": [ + "tmpl@1.0.5" + ] + }, + { + "ref": "tmpl@1.0.5" + }, + { + "ref": "jest-resolve-dependencies@29.7.0", + "dependsOn": [ + "jest-regex-util@29.6.3", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "resolve.exports@2.0.2" + }, + { + "ref": "emittery@0.13.1" + }, + { + "ref": "jest-docblock@29.7.0", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "jest-leak-detector@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-watcher@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "emittery@0.13.1", + "jest-util@29.7.0", + "string-length@4.0.2" + ] + }, + { + "ref": "@jest/globals@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/types@29.6.3", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/source-map@29.6.3", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@babel/plugin-syntax-jsx@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/helper-plugin-utils@7.24.0" + }, + { + "ref": "@babel/plugin-syntax-async-generators@7.8.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-bigint@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-class-properties@7.12.13", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-import-meta@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-json-strings@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "pkg-dir@4.2.0", + "dependsOn": [ + "pkg-dir@4.2.0|find-up@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|find-up@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-locate@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-limit@2.3.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0", + "dependsOn": [ + "resolve-cwd@3.0.0|resolve-from@5.0.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0|resolve-from@5.0.0" + }, + { + "ref": "jest-cli@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "chalk@4.1.2", + "create-jest@29.7.0", + "exit@0.1.2", + "import-local@3.1.0", + "jest-config@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "yargs@17.7.2" + ] + }, + { + "ref": "create-jest@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-config@29.7.0", + "jest-util@29.7.0", + "prompts@2.4.2" + ] + }, + { + "ref": "cliui@8.0.1", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "get-caller-file@2.0.5" + }, + { + "ref": "require-directory@2.1.1" + }, + { + "ref": "y18n@5.0.8" + }, + { + "ref": "argparse@2.0.1" + }, + { + "ref": "json-colorizer@2.2.2", + "dependsOn": [ + "json-colorizer@2.2.2|chalk@2.4.2", + "lodash.get@4.4.2" + ] + }, + { + "ref": "json-colorizer@2.2.2|chalk@2.4.2", + "dependsOn": [ + "json-colorizer@2.2.2|ansi-styles@3.2.1", + "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "json-colorizer@2.2.2|supports-color@5.5.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "dependsOn": [ + "json-colorizer@2.2.2|color-convert@1.9.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "dependsOn": [ + "json-colorizer@2.2.2|color-name@1.1.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-name@1.1.3" + }, + { + "ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5" + }, + { + "ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "dependsOn": [ + "json-colorizer@2.2.2|has-flag@3.0.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|has-flag@3.0.0" + }, + { + "ref": "markdown-diff@2.0.0", + "dependsOn": [ + "markdown-diff@2.0.0|diff@5.2.0", + "marked@12.0.2" + ] + }, + { + "ref": "markdown-diff@2.0.0|diff@5.2.0" + }, + { + "ref": "marked@12.0.2" + }, + { + "ref": "markdown-table-ts@1.0.3" + }, + { + "ref": "mocha@10.4.0", + "dependsOn": [ + "ansi-colors@4.1.1", + "browser-stdout@1.3.1", + "chokidar@3.5.3", + "debug@4.3.4", + "mocha@10.4.0|diff@5.0.0", + "escape-string-regexp@4.0.0", + "find-up@5.0.0", + "mocha@10.4.0|glob@8.1.0", + "he@1.2.0", + "js-yaml@4.1.0", + "mocha@10.4.0|log-symbols@4.1.0", + "mocha@10.4.0|minimatch@5.0.1", + "ms@2.1.3", + "serialize-javascript@6.0.0", + "strip-json-comments@3.1.1", + "supports-color@8.1.1", + "workerpool@6.2.1", + "yargs-parser@20.2.4", + "yargs-unparser@2.0.0", + "mocha@10.4.0|yargs@16.2.0" + ] + }, + { + "ref": "mocha@10.4.0|diff@5.0.0" + }, + { + "ref": "mocha@10.4.0|glob@8.1.0", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "mocha@10.4.0|minimatch@5.0.1", + "once@1.4.0" + ] + }, + { + "ref": "mocha@10.4.0|minimatch@5.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "mocha@10.4.0|log-symbols@4.1.0", + "dependsOn": [ + "chalk@4.1.2", + "is-unicode-supported@0.1.0" + ] + }, + { + "ref": "mocha@10.4.0|yargs@16.2.0", + "dependsOn": [ + "mocha@10.4.0|cliui@7.0.4", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs-parser@20.2.4" + ] + }, + { + "ref": "mocha@10.4.0|cliui@7.0.4", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "browser-stdout@1.3.1" + }, + { + "ref": "fill-range@7.0.1", + "dependsOn": [ + "to-regex-range@5.0.1" + ] + }, + { + "ref": "to-regex-range@5.0.1", + "dependsOn": [ + "is-number@7.0.0" + ] + }, + { + "ref": "is-number@7.0.0" + }, + { + "ref": "is-binary-path@2.1.0", + "dependsOn": [ + "binary-extensions@2.3.0" + ] + }, + { + "ref": "binary-extensions@2.3.0" + }, + { + "ref": "readdirp@3.6.0", + "dependsOn": [ + "picomatch@2.3.1" + ] + }, + { + "ref": "wrappy@1.0.2" + }, + { + "ref": "is-unicode-supported@0.1.0" + }, + { + "ref": "serialize-javascript@6.0.0", + "dependsOn": [ + "randombytes@2.1.0" + ] + }, + { + "ref": "randombytes@2.1.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "workerpool@6.2.1" + }, + { + "ref": "yargs-parser@20.2.4" + }, + { + "ref": "yargs-unparser@2.0.0", + "dependsOn": [ + "yargs-unparser@2.0.0|camelcase@6.3.0", + "decamelize@4.0.0", + "flat@5.0.2", + "is-plain-obj@2.1.0" + ] + }, + { + "ref": "yargs-unparser@2.0.0|camelcase@6.3.0" + }, + { + "ref": "decamelize@4.0.0" + }, + { + "ref": "is-plain-obj@2.1.0" + }, + { + "ref": "mock-fs@5.2.0" + }, + { + "ref": "objects-to-csv@1.3.6", + "dependsOn": [ + "async-csv@2.1.3" + ] + }, + { + "ref": "async-csv@2.1.3", + "dependsOn": [ + "csv@5.5.3" + ] + }, + { + "ref": "csv@5.5.3", + "dependsOn": [ + "csv-generate@3.4.3", + "csv-parse@4.16.3", + "csv-stringify@5.6.5", + "stream-transform@2.1.3" + ] + }, + { + "ref": "csv-generate@3.4.3" + }, + { + "ref": "csv-stringify@5.6.5" + }, + { + "ref": "stream-transform@2.1.3", + "dependsOn": [ + "mixme@0.5.10" + ] + }, + { + "ref": "mixme@0.5.10" + }, + { + "ref": "oclif@4.13.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0", + "@aws-sdk/client-s3@3.583.0", + "@inquirer/confirm@3.1.9", + "@inquirer/input@2.1.9", + "@inquirer/select@2.3.5", + "oclif@4.13.0|@oclif/core@4.0.1", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-not-found@3.2.1", + "@oclif/plugin-warn-if-update-available@3.1.4", + "async-retry@1.3.3", + "chalk@4.1.2", + "change-case@4.1.2", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "find-yarn-workspace-root@2.0.0", + "oclif@4.13.0|fs-extra@8.1.0", + "github-slugger@2.0.0", + "got@13.0.0", + "lodash@4.17.21", + "normalize-package-data@6.0.1", + "semver@7.6.2", + "sort-package-json@2.10.0", + "tiny-jsonc@1.0.1", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "oclif@4.13.0|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "oclif@4.13.0|debug@4.3.5", + "dependsOn": [ + "oclif@4.13.0|ms@2.1.2" + ] + }, + { + "ref": "oclif@4.13.0|ms@2.1.2" + }, + { + "ref": "oclif@4.13.0|fs-extra@8.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "oclif@4.13.0|jsonfile@4.0.0", + "oclif@4.13.0|universalify@0.1.2" + ] + }, + { + "ref": "oclif@4.13.0|jsonfile@4.0.0", + "dependsOn": [ + "graceful-fs@4.2.11" + ] + }, + { + "ref": "oclif@4.13.0|universalify@0.1.2" + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/xml-builder@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-waiter@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0", + "dependsOn": [ + "@aws-crypto/sha1-browser@3.0.0", + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "@aws-sdk/middleware-expect-continue@3.577.0", + "@aws-sdk/middleware-flexible-checksums@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-location-constraint@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/middleware-signing@3.577.0", + "@aws-sdk/middleware-ssec@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/signature-v4-multi-region@3.582.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/eventstream-serde-browser@3.0.0", + "@smithy/eventstream-serde-config-resolver@3.0.0", + "@smithy/eventstream-serde-node@3.0.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-blob-browser@3.0.0", + "@smithy/hash-node@3.0.0", + "@smithy/hash-stream-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/md5-js@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/region-config-resolver@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-node@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-env@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-process@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/token-providers@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso-oidc@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sts@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/credential-provider-node@3.577.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-http@3.577.0", + "@aws-sdk/credential-provider-ini@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-user-agent@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-endpoints@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-http@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-ini@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-sso@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso@3.577.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-arn-parser@3.568.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@aws-crypto/crc32c@3.0.0", + "@aws-sdk/types@3.577.0", + "@smithy/is-array-buffer@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/crc32c@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-signing@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-ssec@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "dependsOn": [ + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-browser@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-universal@3.0.0", + "dependsOn": [ + "@smithy/eventstream-codec@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-codec@3.0.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-node@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-blob-browser@3.0.0", + "dependsOn": [ + "@smithy/chunked-blob-reader-native@3.0.0", + "@smithy/chunked-blob-reader@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader-native@3.0.0", + "dependsOn": [ + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-stream-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/md5-js@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@inquirer/confirm@3.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/core@8.2.2", + "dependsOn": [ + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "@types/mute-stream@0.0.4", + "@types/node@20.14.1", + "@types/wrap-ansi@3.0.0", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-spinners@2.9.2", + "@inquirer/core@8.2.2|cli-width@4.1.0", + "@inquirer/core@8.2.2|mute-stream@1.0.0", + "@inquirer/core@8.2.2|signal-exit@4.1.0", + "strip-ansi@6.0.1", + "@inquirer/core@8.2.2|wrap-ansi@6.2.0" + ] + }, + { + "ref": "@inquirer/core@8.2.2|cli-width@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|mute-stream@1.0.0" + }, + { + "ref": "@inquirer/core@8.2.2|signal-exit@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@inquirer/figures@1.0.3" + }, + { + "ref": "@inquirer/type@1.3.3" + }, + { + "ref": "@types/mute-stream@0.0.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/wrap-ansi@3.0.0" + }, + { + "ref": "@inquirer/input@2.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/select@2.3.5", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "ansi-escapes@4.3.2", + "chalk@4.1.2" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1", + "dependsOn": [ + "@inquirer/confirm@3.1.9", + "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "ansis@3.2.0", + "fast-levenshtein@3.0.0" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "fast-levenshtein@3.0.0", + "dependsOn": [ + "fastest-levenshtein@1.0.16" + ] + }, + { + "ref": "fastest-levenshtein@1.0.16" + }, + { + "ref": "async-retry@1.3.3", + "dependsOn": [ + "retry@0.13.1" + ] + }, + { + "ref": "retry@0.13.1" + }, + { + "ref": "change-case@4.1.2", + "dependsOn": [ + "camel-case@4.1.2", + "capital-case@1.0.4", + "constant-case@3.0.4", + "dot-case@3.0.4", + "header-case@2.0.4", + "no-case@3.0.4", + "param-case@3.0.4", + "pascal-case@3.1.2", + "path-case@3.0.4", + "sentence-case@3.0.4", + "snake-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "camel-case@4.1.2", + "dependsOn": [ + "pascal-case@3.1.2", + "tslib@2.6.3" + ] + }, + { + "ref": "pascal-case@3.1.2", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "capital-case@1.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "no-case@3.0.4", + "dependsOn": [ + "lower-case@2.0.2", + "tslib@2.6.3" + ] + }, + { + "ref": "upper-case-first@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "constant-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case@2.0.2" + ] + }, + { + "ref": "upper-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "dot-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "header-case@2.0.4", + "dependsOn": [ + "capital-case@1.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "lower-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "param-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "path-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "sentence-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "snake-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "find-yarn-workspace-root@2.0.0", + "dependsOn": [ + "micromatch@4.0.5" + ] + }, + { + "ref": "github-slugger@2.0.0" + }, + { + "ref": "got@13.0.0", + "dependsOn": [ + "@sindresorhus/is@5.6.0", + "@szmarczak/http-timer@5.0.1", + "cacheable-lookup@7.0.0", + "cacheable-request@10.2.14", + "decompress-response@6.0.0", + "form-data-encoder@2.1.4", + "get-stream@6.0.1", + "http2-wrapper@2.2.1", + "lowercase-keys@3.0.0", + "p-cancelable@3.0.0", + "responselike@3.0.0" + ] + }, + { + "ref": "@sindresorhus/is@5.6.0" + }, + { + "ref": "@szmarczak/http-timer@5.0.1", + "dependsOn": [ + "defer-to-connect@2.0.1" + ] + }, + { + "ref": "defer-to-connect@2.0.1" + }, + { + "ref": "cacheable-lookup@7.0.0" + }, + { + "ref": "cacheable-request@10.2.14", + "dependsOn": [ + "@types/http-cache-semantics@4.0.4", + "get-stream@6.0.1", + "http-cache-semantics@4.1.1", + "keyv@4.5.4", + "mimic-response@4.0.0", + "normalize-url@8.0.1", + "responselike@3.0.0" + ] + }, + { + "ref": "@types/http-cache-semantics@4.0.4" + }, + { + "ref": "http-cache-semantics@4.1.1" + }, + { + "ref": "mimic-response@4.0.0" + }, + { + "ref": "normalize-url@8.0.1" + }, + { + "ref": "responselike@3.0.0", + "dependsOn": [ + "lowercase-keys@3.0.0" + ] + }, + { + "ref": "decompress-response@6.0.0", + "dependsOn": [ + "decompress-response@6.0.0|mimic-response@3.1.0" + ] + }, + { + "ref": "decompress-response@6.0.0|mimic-response@3.1.0" + }, + { + "ref": "form-data-encoder@2.1.4" + }, + { + "ref": "http2-wrapper@2.2.1", + "dependsOn": [ + "quick-lru@5.1.1", + "resolve-alpn@1.2.1" + ] + }, + { + "ref": "resolve-alpn@1.2.1" + }, + { + "ref": "lowercase-keys@3.0.0" + }, + { + "ref": "p-cancelable@3.0.0" + }, + { + "ref": "normalize-package-data@6.0.1", + "dependsOn": [ + "hosted-git-info@7.0.2", + "is-core-module@2.13.1", + "semver@7.6.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "spdx-correct@3.2.0", + "dependsOn": [ + "spdx-expression-parse@3.0.1", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-expression-parse@3.0.1", + "dependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-license-ids@3.0.17" + }, + { + "ref": "spdx-exceptions@2.5.0" + }, + { + "ref": "sort-package-json@2.10.0", + "dependsOn": [ + "detect-indent@7.0.1", + "sort-package-json@2.10.0|detect-newline@4.0.1", + "get-stdin@9.0.0", + "git-hooks-list@3.1.0", + "sort-package-json@2.10.0|globby@13.2.2", + "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "semver@7.6.2", + "sort-object-keys@1.1.3" + ] + }, + { + "ref": "sort-package-json@2.10.0|detect-newline@4.0.1" + }, + { + "ref": "sort-package-json@2.10.0|globby@13.2.2", + "dependsOn": [ + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "sort-package-json@2.10.0|slash@4.0.0" + ] + }, + { + "ref": "sort-package-json@2.10.0|slash@4.0.0" + }, + { + "ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0" + }, + { + "ref": "detect-indent@7.0.1" + }, + { + "ref": "get-stdin@9.0.0" + }, + { + "ref": "git-hooks-list@3.1.0" + }, + { + "ref": "sort-object-keys@1.1.3" + }, + { + "ref": "tiny-jsonc@1.0.1" + }, + { + "ref": "open@10.1.0", + "dependsOn": [ + "default-browser@5.2.1", + "define-lazy-prop@3.0.0", + "is-inside-container@1.0.0", + "open@10.1.0|is-wsl@3.1.0" + ] + }, + { + "ref": "open@10.1.0|is-wsl@3.1.0", + "dependsOn": [ + "is-inside-container@1.0.0" + ] + }, + { + "ref": "default-browser@5.2.1", + "dependsOn": [ + "bundle-name@4.1.0", + "default-browser-id@5.0.0" + ] + }, + { + "ref": "bundle-name@4.1.0", + "dependsOn": [ + "run-applescript@7.0.0" + ] + }, + { + "ref": "run-applescript@7.0.0" + }, + { + "ref": "default-browser-id@5.0.0" + }, + { + "ref": "define-lazy-prop@3.0.0" + }, + { + "ref": "is-inside-container@1.0.0", + "dependsOn": [ + "is-inside-container@1.0.0|is-docker@3.0.0" + ] + }, + { + "ref": "is-inside-container@1.0.0|is-docker@3.0.0" + }, + { + "ref": "prompt-sync@4.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|strip-ansi@5.2.0" + ] + }, + { + "ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|ansi-regex@4.1.1" + ] + }, + { + "ref": "prompt-sync@4.2.0|ansi-regex@4.1.1" + }, + { + "ref": "lodash.truncate@4.4.2" + }, + { + "ref": "tmp@0.2.3" + }, + { + "ref": "ts-jest@29.1.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-jest@29.7.0", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "jest-util@29.7.0", + "jest@29.7.0", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "typescript@5.1.6", + "ts-jest@29.1.4|yargs-parser@21.1.1" + ] + }, + { + "ref": "ts-jest@29.1.4|yargs-parser@21.1.1" + }, + { + "ref": "@ampproject/remapping@2.3.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "js-tokens@4.0.0" + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6", + "dependsOn": [ + "@babel/compat-data@7.24.4", + "@babel/helper-validator-option@7.23.5", + "browserslist@4.23.0", + "lru-cache@5.1.1", + "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + ] + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + }, + { + "ref": "@babel/compat-data@7.24.4" + }, + { + "ref": "@babel/helper-validator-option@7.23.5" + }, + { + "ref": "lru-cache@5.1.1", + "dependsOn": [ + "yallist@3.1.1" + ] + }, + { + "ref": "yallist@3.1.1" + }, + { + "ref": "@babel/helper-module-transforms@7.23.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-module-imports@7.24.3", + "@babel/helper-simple-access@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/helper-validator-identifier@7.22.20" + ] + }, + { + "ref": "@babel/helper-environment-visitor@7.22.20" + }, + { + "ref": "@babel/helper-module-imports@7.24.3", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-simple-access@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-split-export-declaration@7.22.6", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helpers@7.24.4", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-function-name@7.23.0", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-hoist-variables@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-string-parser@7.24.1" + }, + { + "ref": "to-fast-properties@2.0.0" + }, + { + "ref": "gensync@1.0.0-beta.2" + }, + { + "ref": "@jridgewell/resolve-uri@3.1.2" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0", + "dependsOn": [ + "camelcase@5.3.1", + "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "get-package-type@0.1.0", + "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + }, + { + "ref": "camelcase@5.3.1" + }, + { + "ref": "test-exclude@6.0.0", + "dependsOn": [ + "@istanbuljs/schema@0.1.3", + "glob@7.2.3", + "test-exclude@6.0.0|minimatch@3.1.2" + ] + }, + { + "ref": "test-exclude@6.0.0|minimatch@3.1.2", + "dependsOn": [ + "test-exclude@6.0.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@types/babel__generator@7.6.8", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/babel__template@7.4.4", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "babel-preset-jest@29.6.3", + "dependsOn": [ + "@babel/core@7.24.4", + "babel-plugin-jest-hoist@29.6.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "babel-plugin-jest-hoist@29.6.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "ts-mocha@10.0.0", + "dependsOn": [ + "mocha@10.4.0", + "ts-mocha@10.0.0|ts-node@7.0.1", + "tsconfig-paths@3.15.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "dependsOn": [ + "ts-mocha@10.0.0|arrify@1.0.1", + "buffer-from@1.1.2", + "ts-mocha@10.0.0|diff@3.5.0", + "make-error@1.3.6", + "minimist@1.2.8", + "ts-mocha@10.0.0|mkdirp@0.5.6", + "source-map-support@0.5.13", + "ts-mocha@10.0.0|yn@2.0.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|arrify@1.0.1" + }, + { + "ref": "ts-mocha@10.0.0|diff@3.5.0" + }, + { + "ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "ts-mocha@10.0.0|yn@2.0.0" + }, + { + "ref": "buffer-from@1.1.2" + }, + { + "ref": "tsconfig-paths@3.15.0", + "dependsOn": [ + "@types/json5@0.0.29", + "tsconfig-paths@3.15.0|json5@1.0.2", + "minimist@1.2.8", + "tsconfig-paths@3.15.0|strip-bom@3.0.0" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0" + }, + { + "ref": "@types/json5@0.0.29" + }, + { + "ref": "@cspotcode/source-map-support@0.8.1", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9" + ] + }, + { + "ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "@tsconfig/node10@1.0.11" + }, + { + "ref": "@tsconfig/node12@1.0.11" + }, + { + "ref": "@tsconfig/node14@1.0.3" + }, + { + "ref": "@tsconfig/node16@1.0.4" + }, + { + "ref": "acorn-walk@8.3.2" + }, + { + "ref": "create-require@1.1.1" + }, + { + "ref": "diff@4.0.2" + }, + { + "ref": "v8-compile-cache-lib@3.0.1" + }, + { + "ref": "yn@3.1.1" + }, + { + "ref": "tsimportlib@0.0.5" + }, + { + "ref": "@colors/colors@1.6.0" + }, + { + "ref": "@dabh/diagnostics@2.0.3", + "dependsOn": [ + "colorspace@1.1.4", + "enabled@2.0.0", + "kuler@2.0.0" + ] + }, + { + "ref": "colorspace@1.1.4", + "dependsOn": [ + "colorspace@1.1.4|color@3.2.1", + "text-hex@1.0.0" + ] + }, + { + "ref": "colorspace@1.1.4|color@3.2.1", + "dependsOn": [ + "colorspace@1.1.4|color-convert@1.9.3", + "color-string@1.9.1" + ] + }, + { + "ref": "colorspace@1.1.4|color-convert@1.9.3", + "dependsOn": [ + "colorspace@1.1.4|color-name@1.1.3" + ] + }, + { + "ref": "colorspace@1.1.4|color-name@1.1.3" + }, + { + "ref": "text-hex@1.0.0" + }, + { + "ref": "enabled@2.0.0" + }, + { + "ref": "kuler@2.0.0" + }, + { + "ref": "logform@2.6.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@types/triple-beam@1.3.5", + "fecha@4.2.3", + "ms@2.1.3", + "safe-stable-stringify@2.4.3", + "triple-beam@1.4.1" + ] + }, + { + "ref": "fecha@4.2.3" + }, + { + "ref": "safe-stable-stringify@2.4.3" + }, + { + "ref": "triple-beam@1.4.1" + }, + { + "ref": "one-time@1.0.0", + "dependsOn": [ + "fn.name@1.1.0" + ] + }, + { + "ref": "fn.name@1.1.0" + }, + { + "ref": "string_decoder@1.3.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "stack-trace@0.0.10" + }, + { + "ref": "winston-transport@4.7.0", + "dependsOn": [ + "logform@2.6.0", + "readable-stream@3.6.2", + "triple-beam@1.4.1" + ] + }, + { + "ref": "xlsx-populate@1.21.0", + "dependsOn": [ + "cfb@1.2.2", + "jszip@3.10.1", + "lodash@4.17.21", + "xlsx-populate@1.21.0|sax@1.3.0" + ] + }, + { + "ref": "xlsx-populate@1.21.0|sax@1.3.0" + }, + { + "ref": "cfb@1.2.2", + "dependsOn": [ + "adler-32@1.3.1", + "crc-32@1.2.2" + ] + }, + { + "ref": "adler-32@1.3.1" + }, + { + "ref": "crc-32@1.2.2" + }, + { + "ref": "jszip@3.10.1", + "dependsOn": [ + "lie@3.3.0", + "pako@1.0.11", + "jszip@3.10.1|readable-stream@2.3.8", + "setimmediate@1.0.5" + ] + }, + { + "ref": "jszip@3.10.1|readable-stream@2.3.8", + "dependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "jszip@3.10.1|safe-buffer@5.1.2", + "jszip@3.10.1|string_decoder@1.1.1", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "jszip@3.10.1|safe-buffer@5.1.2" + }, + { + "ref": "jszip@3.10.1|string_decoder@1.1.1", + "dependsOn": [ + "jszip@3.10.1|safe-buffer@5.1.2" + ] + }, + { + "ref": "lie@3.3.0", + "dependsOn": [ + "immediate@3.0.6" + ] + }, + { + "ref": "immediate@3.0.6" + }, + { + "ref": "pako@1.0.11" + }, + { + "ref": "core-util-is@1.0.3" + }, + { + "ref": "isarray@1.0.0" + }, + { + "ref": "process-nextick-args@2.0.1" + }, + { + "ref": "setimmediate@1.0.5" + }, + { + "ref": "sax@1.2.1" + }, + { + "ref": "xmlbuilder@11.0.1" + }, + { + "ref": "zip-lib@1.0.4", + "dependsOn": [ + "yauzl@3.1.3", + "yazl@2.5.1" + ] + }, + { + "ref": "yauzl@3.1.3", + "dependsOn": [ + "buffer-crc32@0.2.13", + "pend@1.2.0" + ] + }, + { + "ref": "buffer-crc32@0.2.13" + }, + { + "ref": "pend@1.2.0" + }, + { + "ref": "yazl@2.5.1", + "dependsOn": [ + "buffer-crc32@0.2.13" + ] + } + ] + } } ], "raw": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json index d2ab5cb56e..258569931f 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json @@ -51,8 +51,11035 @@ "passthrough": { "auxiliary_data": [ { - "name": "", - "data": {} + "name": "SBOM", + "data": { + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "serialNumber": "urn:uuid:7103f08b-5c5e-4b5b-b2c7-d4be65fa19fe", + "dependencies": [ + { + "ref": "@mitre/saf@1.4.7", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@aws-sdk/client-securityhub@3.590.0", + "@e965/xlsx@0.20.1", + "@mitre/emass_client@3.10.0", + "@mitre/hdf-converters@2.10.8", + "@mitre/heimdall-lite@2.10.9", + "@mitre/inspec-objects@1.0.1", + "@oclif/core@3.26.9", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-plugins@5.2.2", + "@oclif/plugin-version@2.2.2", + "@oclif/plugin-warn-if-update-available@3.1.4", + "@oclif/test@3.2.15", + "@smithy/node-http-handler@3.0.0", + "@types/chai@4.3.14", + "@types/express@4.17.21", + "@types/flat@5.0.5", + "@types/fs-extra@11.0.4", + "@types/get-installed-path@4.0.3", + "@types/jest@29.5.12", + "@types/js-yaml@4.0.9", + "@types/lodash@4.17.4", + "@types/mocha@10.0.6", + "@types/mock-fs@4.13.4", + "@types/mustache@4.2.5", + "@types/node@20.14.1", + "@types/objects-to-csv@1.3.3", + "@types/prompt-sync@4.2.3", + "@types/tmp@0.2.6", + "@types/uuid@9.0.8", + "@types/xml2js@0.4.14", + "@typescript-eslint/eslint-plugin@7.12.0", + "accurate-search@1.2.15", + "ajv@8.16.0", + "axios@1.7.2", + "chai@4.4.1", + "colors@1.4.0", + "csv-parse@4.16.3", + "dotenv@16.4.5", + "eslint-config-oclif-typescript@1.0.3", + "eslint-config-oclif@4.0.0", + "eslint-plugin-unicorn@52.0.0", + "eslint@8.57.0", + "express@4.19.2", + "fast-xml-parser@4.4.0", + "flat@5.0.2", + "form-data@4.0.0", + "fs-extra@11.2.0", + "get-installed-path@4.0.8", + "htmlparser2@9.1.0", + "https@1.0.0", + "inquirer-file-tree-selection-prompt@2.0.2", + "inquirer@8.0.0", + "inspecjs@2.10.8", + "jest-mock@29.7.0", + "jest@29.7.0", + "js-yaml@4.1.0", + "json-colorizer@2.2.2", + "lodash@4.17.21", + "markdown-diff@2.0.0", + "markdown-table-ts@1.0.3", + "marked@12.0.2", + "mocha@10.4.0", + "mock-fs@5.2.0", + "moment@2.30.1", + "mustache@4.2.0", + "objects-to-csv@1.3.6", + "oclif@4.13.0", + "open@10.1.0", + "prompt-sync@4.2.0", + "run-script-os@1.1.6", + "table@6.8.2", + "tmp@0.2.3", + "ts-jest@29.1.4", + "ts-mocha@10.0.0", + "ts-node@10.9.2", + "tsimportlib@0.0.5", + "tslib@2.6.3", + "typescript@5.1.6", + "uuid@9.0.1", + "winston@3.13.0", + "xlsx-populate@1.21.0", + "xml2js@0.6.2", + "yaml@2.4.3", + "zip-lib@1.0.4" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0", + "dependsOn": [ + "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/util@3.0.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/util@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/util@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/types@3.577.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-utf8-browser@3.259.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-locate-window@3.535.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "tslib@2.6.3" + }, + { + "ref": "@aws-sdk/middleware-host-header@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-logger@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/config-resolver@3.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/core@2.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/fetch-http-handler@3.0.1", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/invalid-dependency@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-content-length@3.0.0", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-endpoint@3.0.1", + "dependsOn": [ + "@smithy/middleware-serde@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-retry@3.0.3", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/service-error-classification@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "tslib@2.6.3", + "uuid@9.0.1" + ] + }, + { + "ref": "@smithy/middleware-serde@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-stack@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-config-provider@3.1.0", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-http-handler@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/protocol-http@4.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/smithy-client@3.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-stack@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/types@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/url-parser@3.0.0", + "dependsOn": [ + "@smithy/querystring-parser@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-base64@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-browser@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-node@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-browser@3.0.3", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-node@3.0.3", + "dependsOn": [ + "@smithy/config-resolver@3.0.1", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-endpoints@2.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-middleware@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-retry@3.0.0", + "dependsOn": [ + "@smithy/service-error-classification@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-utf8@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/signature-v4@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/is-array-buffer@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-hex-encoding@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-uri-escape@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "strnum@1.0.5" + }, + { + "ref": "@smithy/property-provider@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-stream@3.0.1", + "dependsOn": [ + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/credential-provider-imds@3.1.0", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/shared-ini-file-loader@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-config-provider@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "bowser@2.11.0" + }, + { + "ref": "@smithy/querystring-builder@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-buffer-from@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/service-error-classification@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0" + ] + }, + { + "ref": "uuid@9.0.1" + }, + { + "ref": "@smithy/querystring-parser@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@e965/xlsx@0.20.1" + }, + { + "ref": "@mitre/emass_client@3.10.0", + "dependsOn": [ + "@mitre/emass_client@3.10.0|axios@0.21.4" + ] + }, + { + "ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "dependsOn": [ + "follow-redirects@1.15.6" + ] + }, + { + "ref": "follow-redirects@1.15.6" + }, + { + "ref": "@mitre/hdf-converters@2.10.8", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@e965/xlsx@0.20.1", + "@mdi/js@7.4.47", + "@mitre/jsonix@3.0.7", + "@smithy/node-http-handler@3.0.0", + "@types/csv2json@1.4.5", + "@types/ms@0.7.34", + "@types/mustache@4.2.5", + "@types/papaparse@5.3.14", + "@types/revalidator@0.3.12", + "@types/triple-beam@1.3.5", + "@types/validator@13.12.0", + "@types/xml2js@0.4.14", + "axios@1.7.2", + "compare-versions@6.1.0", + "csv2json@2.0.2", + "fast-xml-parser@4.4.0", + "html-entities@2.5.2", + "htmlparser2@9.1.0", + "inspecjs@2.10.8", + "lodash@4.17.21", + "moment@2.30.1", + "ms@2.1.3", + "mustache@4.2.0", + "papaparse@5.4.1", + "revalidator@0.3.1", + "run-script-os@1.1.6", + "semver@7.6.2", + "tailwindcss@3.4.3", + "tw-elements@1.1.0", + "validator@13.12.0", + "winston@3.13.0", + "xml-formatter@3.6.2", + "xml-parser-xo@4.1.1", + "xml2js@0.6.2", + "yaml@2.4.3" + ] + }, + { + "ref": "@mdi/js@7.4.47" + }, + { + "ref": "@mitre/jsonix@3.0.7", + "dependsOn": [ + "@xmldom/xmldom@0.8.10", + "amdefine@0.0.4", + "xmlhttprequest@1.8.0" + ] + }, + { + "ref": "@xmldom/xmldom@0.8.10" + }, + { + "ref": "amdefine@0.0.4" + }, + { + "ref": "xmlhttprequest@1.8.0" + }, + { + "ref": "@types/csv2json@1.4.5", + "dependsOn": [ + "@types/pumpify@1.4.4" + ] + }, + { + "ref": "@types/pumpify@1.4.4", + "dependsOn": [ + "@types/duplexify@3.6.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/duplexify@3.6.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/node@20.14.1", + "dependsOn": [ + "undici-types@5.26.5" + ] + }, + { + "ref": "@types/ms@0.7.34" + }, + { + "ref": "@types/mustache@4.2.5" + }, + { + "ref": "@types/papaparse@5.3.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/revalidator@0.3.12" + }, + { + "ref": "@types/triple-beam@1.3.5" + }, + { + "ref": "@types/validator@13.12.0" + }, + { + "ref": "@types/xml2js@0.4.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "axios@1.7.2", + "dependsOn": [ + "follow-redirects@1.15.6", + "form-data@4.0.0", + "proxy-from-env@1.1.0" + ] + }, + { + "ref": "compare-versions@6.1.0" + }, + { + "ref": "csv2json@2.0.2", + "dependsOn": [ + "csv-parser@2.3.5", + "exec-promise@0.7.0", + "minimist@1.2.8", + "promise-toolbox@0.14.0", + "pump@3.0.0", + "pumpify@2.0.1", + "strip-bom-stream@4.0.0", + "through2@3.0.2" + ] + }, + { + "ref": "csv-parser@2.3.5", + "dependsOn": [ + "minimist@1.2.8", + "through2@3.0.2" + ] + }, + { + "ref": "minimist@1.2.8" + }, + { + "ref": "through2@3.0.2", + "dependsOn": [ + "inherits@2.0.4", + "readable-stream@3.6.2" + ] + }, + { + "ref": "exec-promise@0.7.0", + "dependsOn": [ + "log-symbols@1.0.2" + ] + }, + { + "ref": "log-symbols@1.0.2", + "dependsOn": [ + "log-symbols@1.0.2|chalk@1.1.3" + ] + }, + { + "ref": "log-symbols@1.0.2|chalk@1.1.3", + "dependsOn": [ + "log-symbols@1.0.2|ansi-styles@2.2.1", + "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "has-ansi@2.0.0", + "log-symbols@1.0.2|strip-ansi@3.0.1", + "log-symbols@1.0.2|supports-color@2.0.0" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-styles@2.2.1" + }, + { + "ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "log-symbols@1.0.2|ansi-regex@2.1.1" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-regex@2.1.1" + }, + { + "ref": "log-symbols@1.0.2|supports-color@2.0.0" + }, + { + "ref": "has-ansi@2.0.0", + "dependsOn": [ + "has-ansi@2.0.0|ansi-regex@2.1.1" + ] + }, + { + "ref": "has-ansi@2.0.0|ansi-regex@2.1.1" + }, + { + "ref": "promise-toolbox@0.14.0", + "dependsOn": [ + "make-error@1.3.6" + ] + }, + { + "ref": "make-error@1.3.6" + }, + { + "ref": "pump@3.0.0", + "dependsOn": [ + "end-of-stream@1.4.4", + "once@1.4.0" + ] + }, + { + "ref": "end-of-stream@1.4.4", + "dependsOn": [ + "once@1.4.0" + ] + }, + { + "ref": "once@1.4.0", + "dependsOn": [ + "wrappy@1.0.2" + ] + }, + { + "ref": "pumpify@2.0.1", + "dependsOn": [ + "duplexify@4.1.3", + "inherits@2.0.4", + "pump@3.0.0" + ] + }, + { + "ref": "duplexify@4.1.3", + "dependsOn": [ + "end-of-stream@1.4.4", + "inherits@2.0.4", + "readable-stream@3.6.2", + "stream-shift@1.0.3" + ] + }, + { + "ref": "inherits@2.0.4" + }, + { + "ref": "readable-stream@3.6.2", + "dependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "stream-shift@1.0.3" + }, + { + "ref": "strip-bom-stream@4.0.0", + "dependsOn": [ + "first-chunk-stream@3.0.0", + "strip-bom-buf@2.0.0" + ] + }, + { + "ref": "first-chunk-stream@3.0.0" + }, + { + "ref": "strip-bom-buf@2.0.0", + "dependsOn": [ + "is-utf8@0.2.1" + ] + }, + { + "ref": "is-utf8@0.2.1" + }, + { + "ref": "fast-xml-parser@4.4.0", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "html-entities@2.5.2" + }, + { + "ref": "htmlparser2@9.1.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "domutils@3.1.0", + "entities@4.5.0" + ] + }, + { + "ref": "inspecjs@2.10.8" + }, + { + "ref": "lodash@4.17.21" + }, + { + "ref": "moment@2.30.1" + }, + { + "ref": "ms@2.1.3" + }, + { + "ref": "mustache@4.2.0" + }, + { + "ref": "papaparse@5.4.1" + }, + { + "ref": "revalidator@0.3.1" + }, + { + "ref": "run-script-os@1.1.6" + }, + { + "ref": "semver@7.6.2" + }, + { + "ref": "tailwindcss@3.4.3", + "dependsOn": [ + "@alloc/quick-lru@5.2.0", + "arg@5.0.2", + "chokidar@3.5.3", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "postcss-import@15.1.0", + "postcss-js@4.0.1", + "postcss-load-config@4.0.2", + "postcss-nested@6.0.1", + "postcss-selector-parser@6.0.16", + "postcss@8.4.38", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "@alloc/quick-lru@5.2.0" + }, + { + "ref": "arg@5.0.2" + }, + { + "ref": "chokidar@3.5.3", + "dependsOn": [ + "anymatch@3.1.3", + "braces@3.0.2", + "fsevents@2.3.3", + "chokidar@3.5.3|glob-parent@5.1.2", + "is-binary-path@2.1.0", + "is-glob@4.0.3", + "normalize-path@3.0.0", + "readdirp@3.6.0" + ] + }, + { + "ref": "chokidar@3.5.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "didyoumean@1.2.2" + }, + { + "ref": "dlv@1.1.3" + }, + { + "ref": "fast-glob@3.3.2", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "fast-glob@3.3.2|glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.5" + ] + }, + { + "ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "@nodelib/fs.stat@2.0.5" + }, + { + "ref": "@nodelib/fs.walk@1.2.8", + "dependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.17.1" + ] + }, + { + "ref": "is-glob@4.0.3", + "dependsOn": [ + "is-extglob@2.1.1" + ] + }, + { + "ref": "merge2@1.4.1" + }, + { + "ref": "micromatch@4.0.5", + "dependsOn": [ + "braces@3.0.2", + "picomatch@2.3.1" + ] + }, + { + "ref": "glob-parent@6.0.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "jiti@1.21.0" + }, + { + "ref": "lilconfig@2.1.0" + }, + { + "ref": "braces@3.0.2", + "dependsOn": [ + "fill-range@7.0.1" + ] + }, + { + "ref": "picomatch@2.3.1" + }, + { + "ref": "normalize-path@3.0.0" + }, + { + "ref": "object-hash@3.0.0" + }, + { + "ref": "picocolors@1.0.0" + }, + { + "ref": "postcss-import@15.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "postcss-value-parser@4.2.0" + }, + { + "ref": "postcss@8.4.38", + "dependsOn": [ + "nanoid@3.3.7", + "picocolors@1.0.0", + "source-map-js@1.2.0" + ] + }, + { + "ref": "read-cache@1.0.0", + "dependsOn": [ + "pify@2.3.0" + ] + }, + { + "ref": "pify@2.3.0" + }, + { + "ref": "resolve@1.22.8", + "dependsOn": [ + "is-core-module@2.13.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ] + }, + { + "ref": "postcss-js@4.0.1", + "dependsOn": [ + "camelcase-css@2.0.1", + "postcss@8.4.38" + ] + }, + { + "ref": "camelcase-css@2.0.1" + }, + { + "ref": "postcss-load-config@4.0.2", + "dependsOn": [ + "postcss-load-config@4.0.2|lilconfig@3.1.1", + "postcss@8.4.38", + "ts-node@10.9.2", + "yaml@2.4.3" + ] + }, + { + "ref": "postcss-load-config@4.0.2|lilconfig@3.1.1" + }, + { + "ref": "ts-node@10.9.2", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1", + "@tsconfig/node10@1.0.11", + "@tsconfig/node12@1.0.11", + "@tsconfig/node14@1.0.3", + "@tsconfig/node16@1.0.4", + "@types/node@20.14.1", + "acorn-walk@8.3.2", + "acorn@8.11.3", + "ts-node@10.9.2|arg@4.1.3", + "create-require@1.1.1", + "diff@4.0.2", + "make-error@1.3.6", + "typescript@5.1.6", + "v8-compile-cache-lib@3.0.1", + "yn@3.1.1" + ] + }, + { + "ref": "ts-node@10.9.2|arg@4.1.3" + }, + { + "ref": "yaml@2.4.3" + }, + { + "ref": "postcss-nested@6.0.1", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "postcss-selector-parser@6.0.16", + "dependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "cssesc@3.0.0" + }, + { + "ref": "util-deprecate@1.0.2" + }, + { + "ref": "nanoid@3.3.7" + }, + { + "ref": "source-map-js@1.2.0" + }, + { + "ref": "is-core-module@2.13.1", + "dependsOn": [ + "hasown@2.0.2" + ] + }, + { + "ref": "path-parse@1.0.7" + }, + { + "ref": "supports-preserve-symlinks-flag@1.0.0" + }, + { + "ref": "sucrase@3.35.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "sucrase@3.35.0|commander@4.1.1", + "sucrase@3.35.0|glob@10.3.12", + "lines-and-columns@1.2.4", + "mz@2.7.0", + "pirates@4.0.6", + "ts-interface-checker@0.1.13" + ] + }, + { + "ref": "sucrase@3.35.0|commander@4.1.1" + }, + { + "ref": "sucrase@3.35.0|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "sucrase@3.35.0|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "sucrase@3.35.0|minipass@7.0.4" + }, + { + "ref": "@jridgewell/gen-mapping@0.3.5", + "dependsOn": [ + "@jridgewell/set-array@1.2.1", + "@jridgewell/sourcemap-codec@1.4.15", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "@jridgewell/set-array@1.2.1" + }, + { + "ref": "@jridgewell/sourcemap-codec@1.4.15" + }, + { + "ref": "@jridgewell/trace-mapping@0.3.25", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "foreground-child@3.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "foreground-child@3.1.1|signal-exit@4.1.0" + ] + }, + { + "ref": "foreground-child@3.1.1|signal-exit@4.1.0" + }, + { + "ref": "cross-spawn@7.0.3", + "dependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ] + }, + { + "ref": "jackspeak@2.3.6", + "dependsOn": [ + "@isaacs/cliui@8.0.2", + "@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2", + "dependsOn": [ + "string-width@4.2.3", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.5h3h9846p8.g5nk6qdc128", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "wrap-ansi@7.0.0", + "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "eastasianwidth@0.2.0", + "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1" + }, + { + "ref": "string-width@4.2.3", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "emoji-regex@8.0.0" + }, + { + "ref": "is-fullwidth-code-point@3.0.0" + }, + { + "ref": "strip-ansi@6.0.1", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "ansi-regex@5.0.1" + }, + { + "ref": "wrap-ansi@7.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-styles@4.3.0", + "dependsOn": [ + "color-convert@2.0.1" + ] + }, + { + "ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@pkgjs/parseargs@0.11.0" + }, + { + "ref": "minimatch@9.0.4", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "path-scurry@1.10.2", + "dependsOn": [ + "path-scurry@1.10.2|lru-cache@10.2.0", + "path-scurry@1.10.2|minipass@7.0.4" + ] + }, + { + "ref": "path-scurry@1.10.2|lru-cache@10.2.0" + }, + { + "ref": "path-scurry@1.10.2|minipass@7.0.4" + }, + { + "ref": "lines-and-columns@1.2.4" + }, + { + "ref": "mz@2.7.0", + "dependsOn": [ + "any-promise@1.3.0", + "object-assign@4.1.1", + "thenify-all@1.6.0" + ] + }, + { + "ref": "any-promise@1.3.0" + }, + { + "ref": "object-assign@4.1.1" + }, + { + "ref": "thenify-all@1.6.0", + "dependsOn": [ + "thenify@3.3.1" + ] + }, + { + "ref": "thenify@3.3.1", + "dependsOn": [ + "any-promise@1.3.0" + ] + }, + { + "ref": "pirates@4.0.6" + }, + { + "ref": "ts-interface-checker@0.1.13" + }, + { + "ref": "tw-elements@1.1.0", + "dependsOn": [ + "@popperjs/core@2.11.8", + "chart.js@3.9.1", + "chartjs-plugin-datalabels@2.2.0", + "deepmerge@4.3.1", + "detect-autofill@1.1.4", + "perfect-scrollbar@1.5.5", + "tw-elements@1.1.0|tailwindcss@3.3.0" + ] + }, + { + "ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "dependsOn": [ + "arg@5.0.2", + "chokidar@3.5.3", + "color-name@1.1.4", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "tw-elements@1.1.0|postcss-import@14.1.0", + "postcss-js@4.0.1", + "tw-elements@1.1.0|postcss-load-config@3.1.4", + "tw-elements@1.1.0|postcss-nested@6.0.0", + "postcss-selector-parser@6.0.16", + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "quick-lru@5.1.1", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "dependsOn": [ + "lilconfig@2.1.0", + "postcss@8.4.38", + "ts-node@10.9.2", + "tw-elements@1.1.0|yaml@1.10.2" + ] + }, + { + "ref": "tw-elements@1.1.0|yaml@1.10.2" + }, + { + "ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "@popperjs/core@2.11.8" + }, + { + "ref": "chart.js@3.9.1" + }, + { + "ref": "chartjs-plugin-datalabels@2.2.0", + "dependsOn": [ + "chart.js@3.9.1" + ] + }, + { + "ref": "deepmerge@4.3.1" + }, + { + "ref": "detect-autofill@1.1.4", + "dependsOn": [ + "custom-event-polyfill@1.0.7" + ] + }, + { + "ref": "custom-event-polyfill@1.0.7" + }, + { + "ref": "perfect-scrollbar@1.5.5" + }, + { + "ref": "color-name@1.1.4" + }, + { + "ref": "quick-lru@5.1.1" + }, + { + "ref": "validator@13.12.0" + }, + { + "ref": "winston@3.13.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@dabh/diagnostics@2.0.3", + "async@3.2.5", + "is-stream@2.0.1", + "logform@2.6.0", + "one-time@1.0.0", + "readable-stream@3.6.2", + "safe-stable-stringify@2.4.3", + "stack-trace@0.0.10", + "triple-beam@1.4.1", + "winston-transport@4.7.0" + ] + }, + { + "ref": "xml-formatter@3.6.2", + "dependsOn": [ + "xml-parser-xo@4.1.1" + ] + }, + { + "ref": "xml-parser-xo@4.1.1" + }, + { + "ref": "xml2js@0.6.2", + "dependsOn": [ + "sax@1.2.1", + "xmlbuilder@11.0.1" + ] + }, + { + "ref": "@mitre/heimdall-lite@2.10.9", + "dependsOn": [ + "express@4.19.2" + ] + }, + { + "ref": "express@4.19.2", + "dependsOn": [ + "accepts@1.3.8", + "array-flatten@1.1.1", + "body-parser@1.20.2", + "content-disposition@0.5.4", + "content-type@1.0.5", + "cookie-signature@1.0.6", + "cookie@0.6.0", + "express@4.19.2|debug@2.6.9", + "depd@2.0.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "finalhandler@1.2.0", + "fresh@0.5.2", + "http-errors@2.0.0", + "merge-descriptors@1.0.1", + "methods@1.1.2", + "on-finished@2.4.1", + "parseurl@1.3.3", + "path-to-regexp@0.1.7", + "proxy-addr@2.0.7", + "qs@6.11.0", + "range-parser@1.2.1", + "safe-buffer@5.2.1", + "send@0.18.0", + "serve-static@1.15.0", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "type-is@1.6.18", + "utils-merge@1.0.1", + "vary@1.1.2" + ] + }, + { + "ref": "express@4.19.2|debug@2.6.9", + "dependsOn": [ + "express@4.19.2|ms@2.0.0" + ] + }, + { + "ref": "express@4.19.2|ms@2.0.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1", + "dependsOn": [ + "@types/flat@5.0.5", + "@types/he@1.2.3", + "@types/json-diff@0.7.0", + "@types/jstoxml@2.0.4", + "@types/lodash@4.17.4", + "@types/mustache@4.2.5", + "@types/pretty@2.0.3", + "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "flat@5.0.2", + "he@1.2.0", + "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "inspecjs@2.10.8", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json-diff@0.9.1", + "jstoxml@3.2.10", + "lodash@4.17.21", + "mustache@4.2.0", + "pretty@2.0.0", + "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "winston@3.13.0", + "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "@mitre/inspec-objects@1.0.1|entities@3.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "rimraf@3.0.2", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "terminal-link@2.1.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "dependsOn": [ + "@types/node@20.14.1", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "dependsOn": [ + "execa@5.1.1", + "p-limit@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "micromatch@4.0.5", + "parse-json@5.2.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "is-generator-fn@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "p-limit@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/babel__traverse@7.20.5", + "@types/prettier@2.7.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "natural-compare@1.4.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "semver@7.6.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "ansi-regex@5.0.1", + "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "execa@5.1.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "jest-pnp-resolver@1.2.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "leven@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "string-length@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "prompts@2.4.2", + "yargs@17.7.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + }, + { + "ref": "@types/flat@5.0.5" + }, + { + "ref": "@types/he@1.2.3" + }, + { + "ref": "@types/json-diff@0.7.0" + }, + { + "ref": "@types/jstoxml@2.0.4" + }, + { + "ref": "@types/lodash@4.17.4" + }, + { + "ref": "@types/pretty@2.0.3" + }, + { + "ref": "flat@5.0.2" + }, + { + "ref": "he@1.2.0" + }, + { + "ref": "domelementtype@2.3.0" + }, + { + "ref": "chalk@4.1.2", + "dependsOn": [ + "ansi-styles@4.3.0", + "chalk@4.1.2|supports-color@7.2.0" + ] + }, + { + "ref": "chalk@4.1.2|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "slash@3.0.0" + }, + { + "ref": "@bcoe/v8-coverage@0.2.3" + }, + { + "ref": "collect-v8-coverage@1.0.2" + }, + { + "ref": "exit@0.1.2" + }, + { + "ref": "glob@7.2.3", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "glob@7.2.3|minimatch@3.1.2", + "once@1.4.0", + "path-is-absolute@1.0.1" + ] + }, + { + "ref": "glob@7.2.3|minimatch@3.1.2", + "dependsOn": [ + "glob@7.2.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "glob@7.2.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "graceful-fs@4.2.11" + }, + { + "ref": "istanbul-lib-coverage@3.2.2" + }, + { + "ref": "@babel/core@7.24.4", + "dependsOn": [ + "@ampproject/remapping@2.3.0", + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-compilation-targets@7.23.6", + "@babel/helper-module-transforms@7.23.3", + "@babel/helpers@7.24.4", + "@babel/parser@7.24.4", + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "convert-source-map@2.0.0", + "debug@4.3.4", + "gensync@1.0.0-beta.2", + "json5@2.2.3", + "@babel/core@7.24.4|semver@6.3.1" + ] + }, + { + "ref": "@babel/core@7.24.4|semver@6.3.1" + }, + { + "ref": "@babel/parser@7.24.4" + }, + { + "ref": "@istanbuljs/schema@0.1.3" + }, + { + "ref": "istanbul-lib-report@3.0.1", + "dependsOn": [ + "istanbul-lib-coverage@3.2.2", + "make-dir@4.0.0", + "istanbul-lib-report@3.0.1|supports-color@7.2.0" + ] + }, + { + "ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "istanbul-lib-source-maps@4.0.1", + "dependsOn": [ + "debug@4.3.4", + "istanbul-lib-coverage@3.2.2", + "source-map@0.6.1" + ] + }, + { + "ref": "istanbul-reports@3.1.7", + "dependsOn": [ + "html-escaper@2.0.2", + "istanbul-lib-report@3.0.1" + ] + }, + { + "ref": "merge-stream@2.0.0" + }, + { + "ref": "supports-color@8.1.1", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "string-length@4.0.2", + "dependsOn": [ + "char-regex@1.0.2", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "terminal-link@2.1.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "supports-hyperlinks@2.3.0" + ] + }, + { + "ref": "ansi-escapes@4.3.2", + "dependsOn": [ + "type-fest@0.21.3" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0", + "dependsOn": [ + "has-flag@4.0.0", + "supports-hyperlinks@2.3.0|supports-color@7.2.0" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "v8-to-istanbul@9.2.0", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "@types/istanbul-lib-coverage@2.0.6", + "convert-source-map@2.0.0" + ] + }, + { + "ref": "@types/istanbul-lib-coverage@2.0.6" + }, + { + "ref": "babel-plugin-istanbul@6.1.1", + "dependsOn": [ + "@babel/helper-plugin-utils@7.24.0", + "@istanbuljs/load-nyc-config@1.1.0", + "@istanbuljs/schema@0.1.3", + "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "test-exclude@6.0.0" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "babel-plugin-istanbul@6.1.1|semver@6.3.1" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1" + }, + { + "ref": "fast-json-stable-stringify@2.1.0" + }, + { + "ref": "write-file-atomic@4.0.2", + "dependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@3.0.7" + ] + }, + { + "ref": "execa@5.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "get-stream@6.0.1", + "human-signals@2.1.0", + "is-stream@2.0.1", + "merge-stream@2.0.0", + "npm-run-path@4.0.1", + "onetime@5.1.2", + "signal-exit@3.0.7", + "strip-final-newline@2.0.0" + ] + }, + { + "ref": "p-limit@3.1.0", + "dependsOn": [ + "yocto-queue@0.1.0" + ] + }, + { + "ref": "co@4.6.0" + }, + { + "ref": "is-generator-fn@2.1.0" + }, + { + "ref": "stack-utils@2.0.6", + "dependsOn": [ + "stack-utils@2.0.6|escape-string-regexp@2.0.0" + ] + }, + { + "ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0" + }, + { + "ref": "parse-json@5.2.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "error-ex@1.3.2", + "json-parse-even-better-errors@2.3.1", + "lines-and-columns@1.2.4" + ] + }, + { + "ref": "strip-json-comments@3.1.1" + }, + { + "ref": "@types/graceful-fs@4.1.9", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "anymatch@3.1.3", + "dependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.1" + ] + }, + { + "ref": "fb-watchman@2.0.2", + "dependsOn": [ + "bser@2.1.1" + ] + }, + { + "ref": "fsevents@2.3.3" + }, + { + "ref": "walker@1.0.8", + "dependsOn": [ + "makeerror@1.0.12" + ] + }, + { + "ref": "@babel/code-frame@7.24.2", + "dependsOn": [ + "@babel/highlight@7.24.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "@types/stack-utils@2.0.3" + }, + { + "ref": "jest-pnp-resolver@1.2.3", + "dependsOn": [ + "jest-resolve@29.7.0" + ] + }, + { + "ref": "detect-newline@3.1.0" + }, + { + "ref": "source-map-support@0.5.13", + "dependsOn": [ + "buffer-from@1.1.2", + "source-map@0.6.1" + ] + }, + { + "ref": "type-detect@4.0.8" + }, + { + "ref": "callsites@3.1.0" + }, + { + "ref": "cjs-module-lexer@1.2.3" + }, + { + "ref": "strip-bom@4.0.0" + }, + { + "ref": "@babel/generator@7.24.4", + "dependsOn": [ + "@babel/types@7.24.0", + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25", + "@babel/generator@7.24.4|jsesc@2.5.2" + ] + }, + { + "ref": "@babel/generator@7.24.4|jsesc@2.5.2" + }, + { + "ref": "@babel/plugin-syntax-typescript@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-function-name@7.23.0", + "@babel/helper-hoist-variables@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "debug@4.3.4", + "@babel/traverse@7.24.1|globals@11.12.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1|globals@11.12.0" + }, + { + "ref": "@babel/types@7.24.0", + "dependsOn": [ + "@babel/helper-string-parser@7.24.1", + "@babel/helper-validator-identifier@7.22.20", + "to-fast-properties@2.0.0" + ] + }, + { + "ref": "@types/babel__traverse@7.20.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/prettier@2.7.3" + }, + { + "ref": "babel-preset-current-node-syntax@1.0.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/plugin-syntax-async-generators@7.8.4", + "@babel/plugin-syntax-bigint@7.8.3", + "@babel/plugin-syntax-class-properties@7.12.13", + "@babel/plugin-syntax-import-meta@7.10.4", + "@babel/plugin-syntax-json-strings@7.8.3", + "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-numeric-separator@7.10.4", + "@babel/plugin-syntax-object-rest-spread@7.8.3", + "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-syntax-top-level-await@7.14.5" + ] + }, + { + "ref": "natural-compare@1.4.0" + }, + { + "ref": "leven@3.1.0" + }, + { + "ref": "react-is@18.2.0" + }, + { + "ref": "rimraf@3.0.2", + "dependsOn": [ + "glob@7.2.3" + ] + }, + { + "ref": "@types/istanbul-reports@3.0.4", + "dependsOn": [ + "@types/istanbul-lib-report@3.0.3" + ] + }, + { + "ref": "@types/yargs@17.0.32", + "dependsOn": [ + "@types/yargs-parser@21.0.3" + ] + }, + { + "ref": "import-local@3.1.0", + "dependsOn": [ + "pkg-dir@4.2.0", + "resolve-cwd@3.0.0" + ] + }, + { + "ref": "prompts@2.4.2", + "dependsOn": [ + "kleur@3.0.3", + "sisteransi@1.0.5" + ] + }, + { + "ref": "kleur@3.0.3" + }, + { + "ref": "sisteransi@1.0.5" + }, + { + "ref": "yargs@17.7.2", + "dependsOn": [ + "cliui@8.0.1", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs@17.7.2|yargs-parser@21.1.1" + ] + }, + { + "ref": "yargs@17.7.2|yargs-parser@21.1.1" + }, + { + "ref": "json-diff@0.9.1", + "dependsOn": [ + "cli-color@2.0.4", + "difflib@0.2.4", + "dreamopt@0.8.0" + ] + }, + { + "ref": "cli-color@2.0.4", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "memoizee@0.4.15", + "timers-ext@0.1.7" + ] + }, + { + "ref": "d@1.0.2", + "dependsOn": [ + "es5-ext@0.10.64", + "type@2.7.2" + ] + }, + { + "ref": "es5-ext@0.10.64", + "dependsOn": [ + "es6-iterator@2.0.3", + "es6-symbol@3.1.4", + "esniff@2.0.1", + "next-tick@1.1.0" + ] + }, + { + "ref": "type@2.7.2" + }, + { + "ref": "es6-iterator@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "es6-symbol@3.1.4", + "dependsOn": [ + "d@1.0.2", + "ext@1.7.0" + ] + }, + { + "ref": "ext@1.7.0", + "dependsOn": [ + "type@2.7.2" + ] + }, + { + "ref": "esniff@2.0.1", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "event-emitter@0.3.5", + "type@2.7.2" + ] + }, + { + "ref": "event-emitter@0.3.5", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64" + ] + }, + { + "ref": "next-tick@1.1.0" + }, + { + "ref": "memoizee@0.4.15", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-weak-map@2.0.3", + "event-emitter@0.3.5", + "is-promise@2.2.2", + "lru-queue@0.1.0", + "next-tick@1.1.0", + "timers-ext@0.1.7" + ] + }, + { + "ref": "es6-weak-map@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "is-promise@2.2.2" + }, + { + "ref": "lru-queue@0.1.0", + "dependsOn": [ + "es5-ext@0.10.64" + ] + }, + { + "ref": "timers-ext@0.1.7", + "dependsOn": [ + "es5-ext@0.10.64", + "next-tick@1.1.0" + ] + }, + { + "ref": "difflib@0.2.4", + "dependsOn": [ + "heap@0.2.7" + ] + }, + { + "ref": "heap@0.2.7" + }, + { + "ref": "dreamopt@0.8.0", + "dependsOn": [ + "wordwrap@1.0.0" + ] + }, + { + "ref": "wordwrap@1.0.0" + }, + { + "ref": "jstoxml@3.2.10" + }, + { + "ref": "pretty@2.0.0", + "dependsOn": [ + "condense-newlines@0.2.1", + "extend-shallow@2.0.1", + "js-beautify@1.15.1" + ] + }, + { + "ref": "condense-newlines@0.2.1", + "dependsOn": [ + "extend-shallow@2.0.1", + "is-whitespace@0.3.0", + "kind-of@3.2.2" + ] + }, + { + "ref": "extend-shallow@2.0.1", + "dependsOn": [ + "is-extendable@0.1.1" + ] + }, + { + "ref": "is-whitespace@0.3.0" + }, + { + "ref": "kind-of@3.2.2", + "dependsOn": [ + "is-buffer@1.1.6" + ] + }, + { + "ref": "is-buffer@1.1.6" + }, + { + "ref": "is-extendable@0.1.1" + }, + { + "ref": "js-beautify@1.15.1", + "dependsOn": [ + "config-chain@1.1.13", + "editorconfig@1.0.4", + "js-beautify@1.15.1|glob@10.3.12", + "js-cookie@3.0.5", + "nopt@7.2.0" + ] + }, + { + "ref": "js-beautify@1.15.1|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "js-beautify@1.15.1|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "js-beautify@1.15.1|minipass@7.0.4" + }, + { + "ref": "config-chain@1.1.13", + "dependsOn": [ + "ini@1.3.8", + "proto-list@1.2.4" + ] + }, + { + "ref": "ini@1.3.8" + }, + { + "ref": "proto-list@1.2.4" + }, + { + "ref": "editorconfig@1.0.4", + "dependsOn": [ + "@one-ini/wasm@0.1.1", + "commander@10.0.1", + "editorconfig@1.0.4|minimatch@9.0.1", + "semver@7.6.2" + ] + }, + { + "ref": "editorconfig@1.0.4|minimatch@9.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "@one-ini/wasm@0.1.1" + }, + { + "ref": "commander@10.0.1" + }, + { + "ref": "brace-expansion@2.0.1", + "dependsOn": [ + "balanced-match@1.0.2" + ] + }, + { + "ref": "js-cookie@3.0.5" + }, + { + "ref": "nopt@7.2.0", + "dependsOn": [ + "abbrev@2.0.0" + ] + }, + { + "ref": "abbrev@2.0.0" + }, + { + "ref": "@types/babel__core@7.20.5", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "@types/babel__generator@7.6.8", + "@types/babel__template@7.4.4", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@babel/template@7.24.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "bs-logger@0.2.6", + "dependsOn": [ + "fast-json-stable-stringify@2.1.0" + ] + }, + { + "ref": "json5@2.2.3" + }, + { + "ref": "lodash.memoize@4.1.2" + }, + { + "ref": "@oclif/core@3.26.9", + "dependsOn": [ + "@types/cli-progress@3.11.5", + "ansi-escapes@4.3.2", + "ansi-styles@4.3.0", + "cardinal@2.1.1", + "chalk@4.1.2", + "clean-stack@3.0.1", + "cli-progress@3.12.0", + "color@4.2.3", + "@oclif/core@3.26.9|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "hyperlinker@1.0.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "@oclif/core@3.26.9|js-yaml@3.14.1", + "minimatch@9.0.4", + "natural-orderby@2.0.3", + "object-treeify@1.1.33", + "password-prompt@1.1.3", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "supports-color@8.1.1", + "supports-hyperlinks@2.3.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/core@3.26.9|debug@4.3.5", + "dependsOn": [ + "@oclif/core@3.26.9|ms@2.1.2" + ] + }, + { + "ref": "@oclif/core@3.26.9|ms@2.1.2" + }, + { + "ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "dependsOn": [ + "@oclif/core@3.26.9|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@oclif/core@3.26.9|argparse@1.0.10", + "dependsOn": [ + "@oclif/core@3.26.9|sprintf-js@1.0.3" + ] + }, + { + "ref": "@oclif/core@3.26.9|sprintf-js@1.0.3" + }, + { + "ref": "@types/cli-progress@3.11.5", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "type-fest@0.21.3" + }, + { + "ref": "color-convert@2.0.1", + "dependsOn": [ + "color-name@1.1.4" + ] + }, + { + "ref": "cardinal@2.1.1", + "dependsOn": [ + "ansicolors@0.3.2", + "redeyed@2.1.1" + ] + }, + { + "ref": "ansicolors@0.3.2" + }, + { + "ref": "redeyed@2.1.1", + "dependsOn": [ + "esprima@4.0.1" + ] + }, + { + "ref": "esprima@4.0.1" + }, + { + "ref": "has-flag@4.0.0" + }, + { + "ref": "clean-stack@3.0.1", + "dependsOn": [ + "escape-string-regexp@4.0.0" + ] + }, + { + "ref": "escape-string-regexp@4.0.0" + }, + { + "ref": "cli-progress@3.12.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "color@4.2.3", + "dependsOn": [ + "color-convert@2.0.1", + "color-string@1.9.1" + ] + }, + { + "ref": "color-string@1.9.1", + "dependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2", + "dependsOn": [ + "simple-swizzle@0.2.2|is-arrayish@0.3.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2" + }, + { + "ref": "ejs@3.1.10", + "dependsOn": [ + "jake@10.8.7" + ] + }, + { + "ref": "jake@10.8.7", + "dependsOn": [ + "async@3.2.5", + "chalk@4.1.2", + "filelist@1.0.4", + "jake@10.8.7|minimatch@3.1.2" + ] + }, + { + "ref": "jake@10.8.7|minimatch@3.1.2", + "dependsOn": [ + "jake@10.8.7|brace-expansion@1.1.11" + ] + }, + { + "ref": "jake@10.8.7|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "async@3.2.5" + }, + { + "ref": "filelist@1.0.4", + "dependsOn": [ + "filelist@1.0.4|minimatch@5.1.6" + ] + }, + { + "ref": "filelist@1.0.4|minimatch@5.1.6", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "balanced-match@1.0.2" + }, + { + "ref": "concat-map@0.0.1" + }, + { + "ref": "get-package-type@0.1.0" + }, + { + "ref": "globby@11.1.0", + "dependsOn": [ + "array-union@2.1.0", + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "slash@3.0.0" + ] + }, + { + "ref": "array-union@2.1.0" + }, + { + "ref": "dir-glob@3.0.1", + "dependsOn": [ + "path-type@4.0.0" + ] + }, + { + "ref": "path-type@4.0.0" + }, + { + "ref": "ignore@5.3.1" + }, + { + "ref": "hyperlinker@1.0.0" + }, + { + "ref": "indent-string@4.0.0" + }, + { + "ref": "is-wsl@2.2.0", + "dependsOn": [ + "is-docker@2.2.1" + ] + }, + { + "ref": "is-docker@2.2.1" + }, + { + "ref": "natural-orderby@2.0.3" + }, + { + "ref": "object-treeify@1.1.33" + }, + { + "ref": "password-prompt@1.1.3", + "dependsOn": [ + "ansi-escapes@4.3.2", + "cross-spawn@7.0.3" + ] + }, + { + "ref": "slice-ansi@4.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "astral-regex@2.0.0", + "is-fullwidth-code-point@3.0.0" + ] + }, + { + "ref": "astral-regex@2.0.0" + }, + { + "ref": "widest-line@3.1.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0", + "dependsOn": [ + "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0" + }, + { + "ref": "ansis@3.2.0" + }, + { + "ref": "cli-spinners@2.9.2" + }, + { + "ref": "cosmiconfig@9.0.0", + "dependsOn": [ + "env-paths@2.2.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "typescript@5.1.6" + ] + }, + { + "ref": "env-paths@2.2.1" + }, + { + "ref": "import-fresh@3.3.0", + "dependsOn": [ + "parent-module@1.0.1", + "resolve-from@4.0.0" + ] + }, + { + "ref": "js-yaml@4.1.0", + "dependsOn": [ + "argparse@2.0.1" + ] + }, + { + "ref": "error-ex@1.3.2", + "dependsOn": [ + "is-arrayish@0.2.1" + ] + }, + { + "ref": "json-parse-even-better-errors@2.3.1" + }, + { + "ref": "typescript@5.1.6" + }, + { + "ref": "debug@4.3.4", + "dependsOn": [ + "debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "debug@4.3.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "npm@10.8.0", + "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "semver@7.6.2", + "validate-npm-package-name@5.0.1", + "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2", + "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "semver@7.6.2", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + }, + { + "ref": "hosted-git-info@7.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2|lru-cache@10.2.2" + ] + }, + { + "ref": "hosted-git-info@7.0.2|lru-cache@10.2.2" + }, + { + "ref": "validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/config@8.3.2", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|abbrev@2.0.0", + "npm@10.8.0|archy@1.0.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|chalk@5.3.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|cli-columns@4.0.0", + "npm@10.8.0|fastest-levenshtein@1.0.16", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|init-package-json@6.0.3", + "npm@10.8.0|is-cidr@5.0.5", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|libnpmaccess@8.0.6", + "npm@10.8.0|libnpmdiff@6.1.2", + "npm@10.8.0|libnpmexec@8.1.1", + "npm@10.8.0|libnpmfund@5.0.10", + "npm@10.8.0|libnpmhook@10.0.5", + "npm@10.8.0|libnpmorg@6.0.6", + "npm@10.8.0|libnpmpack@7.0.2", + "npm@10.8.0|libnpmpublish@9.0.8", + "npm@10.8.0|libnpmsearch@7.0.5", + "npm@10.8.0|libnpmteam@6.0.5", + "npm@10.8.0|libnpmversion@6.0.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|ms@2.1.3", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-audit-report@5.0.0", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-profile@10.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|npm-user-validate@2.0.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|qrcode-terminal@0.12.0", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|spdx-expression-parse@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|supports-color@9.4.0", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|text-table@0.2.0", + "npm@10.8.0|tiny-relative-date@1.3.0", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|validate-npm-package-name@5.0.1", + "npm@10.8.0|which@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0" + }, + { + "ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/query@3.1.0", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|bin-links@4.0.4", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|common-ancestor-path@1.0.1", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|json-stringify-nice@1.1.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|proggy@2.0.0", + "npm@10.8.0|promise-all-reject-late@1.0.1", + "npm@10.8.0|promise-call-limit@3.0.1", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "dependsOn": [ + "npm@10.8.0|npm-bundled@3.0.1", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-bundled@3.0.1", + "dependsOn": [ + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|read-package-json-fast@3.0.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "dependsOn": [ + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|cacache@18.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass-collect@2.0.1", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|unique-filename@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2" + }, + { + "ref": "npm@10.8.0|pacote@18.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-packlist@8.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|proc-log@4.2.0" + }, + { + "ref": "npm@10.8.0|semver@7.6.2" + }, + { + "ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/query@3.1.0", + "dependsOn": [ + "npm@10.8.0|postcss-selector-parser@6.0.16" + ] + }, + { + "ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "dependsOn": [ + "npm@10.8.0|cssesc@3.0.0", + "npm@10.8.0|util-deprecate@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|cssesc@3.0.0" + }, + { + "ref": "npm@10.8.0|util-deprecate@1.0.2" + }, + { + "ref": "npm@10.8.0|@npmcli/redact@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|bin-links@4.0.4", + "dependsOn": [ + "npm@10.8.0|cmd-shim@6.0.3", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|read-cmd-shim@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|cmd-shim@6.0.3" + }, + { + "ref": "npm@10.8.0|read-cmd-shim@4.0.0" + }, + { + "ref": "npm@10.8.0|write-file-atomic@5.0.1", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|common-ancestor-path@1.0.1" + }, + { + "ref": "npm@10.8.0|hosted-git-info@7.0.2", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2" + ] + }, + { + "ref": "npm@10.8.0|json-stringify-nice@1.1.4" + }, + { + "ref": "npm@10.8.0|lru-cache@10.2.2" + }, + { + "ref": "npm@10.8.0|minimatch@9.0.4", + "dependsOn": [ + "npm@10.8.0|brace-expansion@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|nopt@7.2.1", + "dependsOn": [ + "npm@10.8.0|abbrev@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|npm-install-checks@6.3.0", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-package-arg@11.0.2", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "dependsOn": [ + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-json-stream@1.0.1", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|just-diff-apply@5.5.0", + "npm@10.8.0|just-diff@6.0.2" + ] + }, + { + "ref": "npm@10.8.0|proggy@2.0.0" + }, + { + "ref": "npm@10.8.0|promise-all-reject-late@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-call-limit@3.0.1" + }, + { + "ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ssri@10.0.6", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|treeverse@3.0.0" + }, + { + "ref": "npm@10.8.0|walk-up-path@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/config@8.3.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ci-info@4.0.0" + }, + { + "ref": "npm@10.8.0|ini@4.1.2" + }, + { + "ref": "npm@10.8.0|glob@10.3.15", + "dependsOn": [ + "npm@10.8.0|foreground-child@3.1.1", + "npm@10.8.0|jackspeak@2.3.6", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|path-scurry@1.11.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/git@5.0.7", + "dependsOn": [ + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-inflight@1.0.1", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "dependsOn": [ + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|promise-inflight@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-retry@2.0.1", + "dependsOn": [ + "npm@10.8.0|err-code@2.0.3", + "npm@10.8.0|retry@0.12.0" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0", + "dependsOn": [ + "npm@10.8.0|which@4.0.0|isexe@3.1.1" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1" + }, + { + "ref": "npm@10.8.0|normalize-package-data@6.0.1", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|is-core-module@2.13.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0", + "dependsOn": [ + "npm@10.8.0|env-paths@2.2.1", + "npm@10.8.0|exponential-backoff@3.1.1", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0" + }, + { + "ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|tuf-js@2.2.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + }, + { + "ref": "npm@10.8.0|tuf-js@2.2.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/models@2.0.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|make-fetch-happen@13.0.1" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/models@2.0.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0" + }, + { + "ref": "npm@10.8.0|debug@4.3.4", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2" + }, + { + "ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/agent@2.2.2", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|http-cache-semantics@4.1.1", + "npm@10.8.0|is-lambda@1.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|negotiator@0.6.3", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|abbrev@2.0.0" + }, + { + "ref": "npm@10.8.0|archy@1.0.0" + }, + { + "ref": "npm@10.8.0|fs-minipass@3.0.3", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass-collect@2.0.1", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass@7.1.1" + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5", + "dependsOn": [ + "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|yallist@4.0.0" + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "dependsOn": [ + "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|p-map@4.0.0", + "dependsOn": [ + "npm@10.8.0|aggregate-error@3.1.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1", + "dependsOn": [ + "npm@10.8.0|chownr@2.0.0", + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|mkdirp@1.0.4", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "dependsOn": [ + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0" + }, + { + "ref": "npm@10.8.0|unique-filename@3.0.0", + "dependsOn": [ + "npm@10.8.0|unique-slug@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|unique-slug@4.0.0", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4" + ] + }, + { + "ref": "npm@10.8.0|imurmurhash@0.1.4" + }, + { + "ref": "npm@10.8.0|chalk@5.3.0" + }, + { + "ref": "npm@10.8.0|cli-columns@4.0.0", + "dependsOn": [ + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|string-width@4.2.3", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|emoji-regex@8.0.0" + }, + { + "ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0" + }, + { + "ref": "npm@10.8.0|strip-ansi@6.0.1", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|ansi-regex@5.0.1" + }, + { + "ref": "npm@10.8.0|fastest-levenshtein@1.0.16" + }, + { + "ref": "npm@10.8.0|foreground-child@3.1.1", + "dependsOn": [ + "npm@10.8.0|cross-spawn@7.0.3", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3", + "dependsOn": [ + "npm@10.8.0|path-key@3.1.1", + "npm@10.8.0|shebang-command@2.0.0", + "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "dependsOn": [ + "npm@10.8.0|isexe@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|path-key@3.1.1" + }, + { + "ref": "npm@10.8.0|shebang-command@2.0.0", + "dependsOn": [ + "npm@10.8.0|shebang-regex@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|shebang-regex@3.0.0" + }, + { + "ref": "npm@10.8.0|isexe@2.0.0" + }, + { + "ref": "npm@10.8.0|signal-exit@4.1.0" + }, + { + "ref": "npm@10.8.0|jackspeak@2.3.6", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2", + "npm@10.8.0|@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "dependsOn": [ + "BomRef.6h760ft6oi8.7sr4bitkllo", + "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.uih8rvtlbdo.33q7f9m1mj", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "npm@10.8.0|wrap-ansi@7.0.0", + "npm@10.8.0|wrap-ansi@8.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "dependsOn": [ + "npm@10.8.0|color-convert@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|color-convert@2.0.1", + "dependsOn": [ + "npm@10.8.0|color-name@1.1.4" + ] + }, + { + "ref": "npm@10.8.0|color-name@1.1.4" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0", + "dependsOn": [ + "npm@10.8.0|ansi-styles@6.2.1", + "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + }, + { + "ref": "npm@10.8.0|ansi-styles@6.2.1" + }, + { + "ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0" + }, + { + "ref": "npm@10.8.0|path-scurry@1.11.1", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|graceful-fs@4.2.11" + }, + { + "ref": "npm@10.8.0|init-package-json@6.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|promzard@1.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|promzard@1.0.2", + "dependsOn": [ + "npm@10.8.0|read@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|read@3.0.1", + "dependsOn": [ + "npm@10.8.0|mute-stream@1.0.0" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0", + "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-exceptions@2.5.0" + }, + { + "ref": "npm@10.8.0|spdx-license-ids@3.0.17" + }, + { + "ref": "npm@10.8.0|validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0|is-cidr@5.0.5", + "dependsOn": [ + "npm@10.8.0|cidr-regex@4.0.5" + ] + }, + { + "ref": "npm@10.8.0|cidr-regex@4.0.5", + "dependsOn": [ + "npm@10.8.0|ip-regex@5.0.0" + ] + }, + { + "ref": "npm@10.8.0|ip-regex@5.0.0" + }, + { + "ref": "npm@10.8.0|libnpmaccess@8.0.6", + "dependsOn": [ + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmdiff@6.1.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|binary-extensions@2.3.0", + "npm@10.8.0|diff@5.2.0", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|binary-extensions@2.3.0" + }, + { + "ref": "npm@10.8.0|diff@5.2.0" + }, + { + "ref": "npm@10.8.0|libnpmexec@8.1.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmfund@5.0.10", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmhook@10.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|aproba@2.0.0" + }, + { + "ref": "npm@10.8.0|libnpmorg@6.0.6", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmpack@7.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6" + ] + }, + { + "ref": "npm@10.8.0|libnpmpublish@9.0.8", + "dependsOn": [ + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|sigstore@2.3.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|@sigstore/sign@2.3.1", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|@sigstore/verify@1.2.0" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/core@1.1.0" + }, + { + "ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmsearch@7.0.5", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmteam@6.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmversion@6.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|http-proxy-agent@7.0.2", + "npm@10.8.0|https-proxy-agent@7.0.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|socks-proxy-agent@8.0.3" + ] + }, + { + "ref": "npm@10.8.0|agent-base@7.1.1", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|socks@2.8.3" + ] + }, + { + "ref": "npm@10.8.0|socks@2.8.3", + "dependsOn": [ + "npm@10.8.0|ip-address@9.0.5", + "npm@10.8.0|smart-buffer@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|ip-address@9.0.5", + "dependsOn": [ + "npm@10.8.0|jsbn@1.1.0", + "npm@10.8.0|sprintf-js@1.1.3" + ] + }, + { + "ref": "npm@10.8.0|jsbn@1.1.0" + }, + { + "ref": "npm@10.8.0|sprintf-js@1.1.3" + }, + { + "ref": "npm@10.8.0|smart-buffer@4.2.0" + }, + { + "ref": "npm@10.8.0|http-cache-semantics@4.1.1" + }, + { + "ref": "npm@10.8.0|is-lambda@1.0.1" + }, + { + "ref": "npm@10.8.0|minipass-fetch@3.0.5", + "dependsOn": [ + "npm@10.8.0|encoding@0.1.13", + "npm@10.8.0|minipass-sized@1.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|encoding@0.1.13", + "dependsOn": [ + "npm@10.8.0|iconv-lite@0.6.3" + ] + }, + { + "ref": "npm@10.8.0|iconv-lite@0.6.3", + "dependsOn": [ + "npm@10.8.0|safer-buffer@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|safer-buffer@2.1.2" + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3", + "dependsOn": [ + "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2", + "dependsOn": [ + "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|negotiator@0.6.3" + }, + { + "ref": "npm@10.8.0|err-code@2.0.3" + }, + { + "ref": "npm@10.8.0|retry@0.12.0" + }, + { + "ref": "npm@10.8.0|brace-expansion@2.0.1", + "dependsOn": [ + "npm@10.8.0|balanced-match@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|balanced-match@1.0.2" + }, + { + "ref": "npm@10.8.0|ms@2.1.3" + }, + { + "ref": "npm@10.8.0|env-paths@2.2.1" + }, + { + "ref": "npm@10.8.0|exponential-backoff@3.1.1" + }, + { + "ref": "npm@10.8.0|is-core-module@2.13.1", + "dependsOn": [ + "npm@10.8.0|hasown@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|hasown@2.0.2", + "dependsOn": [ + "npm@10.8.0|function-bind@1.1.2" + ] + }, + { + "ref": "npm@10.8.0|function-bind@1.1.2" + }, + { + "ref": "npm@10.8.0|npm-audit-report@5.0.0" + }, + { + "ref": "npm@10.8.0|npm-profile@10.0.0", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "dependsOn": [ + "npm@10.8.0|jsonparse@1.3.1", + "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|jsonparse@1.3.1" + }, + { + "ref": "npm@10.8.0|npm-user-validate@2.0.1" + }, + { + "ref": "npm@10.8.0|aggregate-error@3.1.0", + "dependsOn": [ + "npm@10.8.0|clean-stack@2.2.0", + "npm@10.8.0|indent-string@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|clean-stack@2.2.0" + }, + { + "ref": "npm@10.8.0|indent-string@4.0.0" + }, + { + "ref": "npm@10.8.0|npm-packlist@8.0.2", + "dependsOn": [ + "npm@10.8.0|ignore-walk@6.0.5" + ] + }, + { + "ref": "npm@10.8.0|ignore-walk@6.0.5", + "dependsOn": [ + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|just-diff-apply@5.5.0" + }, + { + "ref": "npm@10.8.0|just-diff@6.0.2" + }, + { + "ref": "npm@10.8.0|qrcode-terminal@0.12.0" + }, + { + "ref": "npm@10.8.0|mute-stream@1.0.0" + }, + { + "ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|supports-color@9.4.0" + }, + { + "ref": "npm@10.8.0|chownr@2.0.0" + }, + { + "ref": "npm@10.8.0|mkdirp@1.0.4" + }, + { + "ref": "npm@10.8.0|text-table@0.2.0" + }, + { + "ref": "npm@10.8.0|tiny-relative-date@1.3.0" + }, + { + "ref": "@oclif/plugin-version@2.2.2", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "ansis@3.2.0" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-version@2.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "lodash@4.17.21" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "dependsOn": [ + "content-type@1.0.5", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "is-stream@2.0.1", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "dependsOn": [ + "error-ex@1.3.2", + "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "content-type@1.0.5" + }, + { + "ref": "is-stream@2.0.1" + }, + { + "ref": "is-arrayish@0.2.1" + }, + { + "ref": "safe-buffer@5.2.1" + }, + { + "ref": "@oclif/test@3.2.15", + "dependsOn": [ + "@oclif/core@3.26.9", + "chai@4.4.1", + "fancy-test@3.0.15" + ] + }, + { + "ref": "chai@4.4.1", + "dependsOn": [ + "assertion-error@1.1.0", + "check-error@1.0.3", + "deep-eql@4.1.3", + "get-func-name@2.0.2", + "loupe@2.3.7", + "pathval@1.1.1", + "type-detect@4.0.8" + ] + }, + { + "ref": "fancy-test@3.0.15", + "dependsOn": [ + "@types/chai@4.3.14", + "@types/lodash@4.17.4", + "@types/node@20.14.1", + "@types/sinon@17.0.3", + "lodash@4.17.21", + "mock-stdin@1.0.0", + "nock@13.5.4", + "sinon@16.1.3", + "stdout-stderr@0.1.13" + ] + }, + { + "ref": "@types/chai@4.3.14" + }, + { + "ref": "@types/sinon@17.0.3", + "dependsOn": [ + "@types/sinonjs__fake-timers@8.1.5" + ] + }, + { + "ref": "@types/sinonjs__fake-timers@8.1.5" + }, + { + "ref": "mock-stdin@1.0.0" + }, + { + "ref": "nock@13.5.4", + "dependsOn": [ + "debug@4.3.4", + "json-stringify-safe@5.0.1", + "propagate@2.0.1" + ] + }, + { + "ref": "json-stringify-safe@5.0.1" + }, + { + "ref": "propagate@2.0.1" + }, + { + "ref": "sinon@16.1.3", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "@sinonjs/fake-timers@10.3.0", + "@sinonjs/samsam@8.0.0", + "sinon@16.1.3|diff@5.2.0", + "nise@5.1.9", + "sinon@16.1.3|supports-color@7.2.0" + ] + }, + { + "ref": "sinon@16.1.3|diff@5.2.0" + }, + { + "ref": "sinon@16.1.3|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "@sinonjs/commons@3.0.1", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/fake-timers@10.3.0", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0", + "dependsOn": [ + "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "lodash.get@4.4.2", + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "lodash.get@4.4.2" + }, + { + "ref": "nise@5.1.9", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "@sinonjs/text-encoding@0.7.2", + "just-extend@6.2.0", + "nise@5.1.9|path-to-regexp@6.2.2" + ] + }, + { + "ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "nise@5.1.9|path-to-regexp@6.2.2" + }, + { + "ref": "@sinonjs/text-encoding@0.7.2" + }, + { + "ref": "just-extend@6.2.0" + }, + { + "ref": "stdout-stderr@0.1.13", + "dependsOn": [ + "debug@4.3.4", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@smithy/abort-controller@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@types/express@4.17.21", + "dependsOn": [ + "@types/body-parser@1.19.5", + "@types/express-serve-static-core@4.19.0", + "@types/qs@6.9.15", + "@types/serve-static@1.15.7" + ] + }, + { + "ref": "@types/body-parser@1.19.5", + "dependsOn": [ + "@types/connect@3.4.38", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/connect@3.4.38", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/express-serve-static-core@4.19.0", + "dependsOn": [ + "@types/node@20.14.1", + "@types/qs@6.9.15", + "@types/range-parser@1.2.7", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/qs@6.9.15" + }, + { + "ref": "@types/range-parser@1.2.7" + }, + { + "ref": "@types/send@0.17.4", + "dependsOn": [ + "@types/mime@1.3.5", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/mime@1.3.5" + }, + { + "ref": "@types/serve-static@1.15.7", + "dependsOn": [ + "@types/http-errors@2.0.4", + "@types/node@20.14.1", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/http-errors@2.0.4" + }, + { + "ref": "@types/fs-extra@11.0.4", + "dependsOn": [ + "@types/jsonfile@6.1.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/jsonfile@6.1.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/get-installed-path@4.0.3" + }, + { + "ref": "@types/jest@29.5.12", + "dependsOn": [ + "expect@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "expect@29.7.0", + "dependsOn": [ + "@jest/expect-utils@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/expect-utils@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3" + ] + }, + { + "ref": "jest-get-type@29.6.3" + }, + { + "ref": "jest-matcher-utils@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-diff@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "diff-sequences@29.6.3", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "diff-sequences@29.6.3" + }, + { + "ref": "pretty-format@29.7.0", + "dependsOn": [ + "@jest/schemas@29.6.3", + "pretty-format@29.7.0|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "pretty-format@29.7.0|ansi-styles@5.2.0" + }, + { + "ref": "jest-message-util@29.7.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@jest/types@29.6.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/types@29.6.3", + "dependsOn": [ + "@jest/schemas@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "jest-util@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-util@29.7.0|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "jest-util@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/schemas@29.6.3", + "dependsOn": [ + "@sinclair/typebox@0.27.8" + ] + }, + { + "ref": "@sinclair/typebox@0.27.8" + }, + { + "ref": "@types/js-yaml@4.0.9" + }, + { + "ref": "@types/mocha@10.0.6" + }, + { + "ref": "@types/mock-fs@4.13.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "undici-types@5.26.5" + }, + { + "ref": "@types/objects-to-csv@1.3.3" + }, + { + "ref": "@types/prompt-sync@4.2.3" + }, + { + "ref": "@types/tmp@0.2.6" + }, + { + "ref": "@types/uuid@9.0.8" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0", + "dependsOn": [ + "@eslint-community/regexpp@4.10.0", + "@typescript-eslint/parser@7.7.1", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/type-utils@7.12.0", + "@typescript-eslint/utils@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "eslint@8.57.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "natural-compare@1.4.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@eslint-community/regexpp@4.10.0" + }, + { + "ref": "@typescript-eslint/parser@7.7.1", + "dependsOn": [ + "@typescript-eslint/scope-manager@7.7.1", + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/typescript-estree@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/scope-manager@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1" + ] + }, + { + "ref": "@typescript-eslint/types@7.7.1" + }, + { + "ref": "@typescript-eslint/visitor-keys@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/typescript-estree@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "ts-api-utils@1.3.0", + "dependsOn": [ + "typescript@5.1.6" + ] + }, + { + "ref": "eslint-visitor-keys@3.4.3" + }, + { + "ref": "eslint@8.57.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@eslint-community/regexpp@4.10.0", + "@eslint/eslintrc@2.1.4", + "@eslint/js@8.57.0", + "@humanwhocodes/config-array@0.11.14", + "@humanwhocodes/module-importer@1.0.1", + "@nodelib/fs.walk@1.2.8", + "@ungap/structured-clone@1.2.0", + "eslint@8.57.0|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "escape-string-regexp@4.0.0", + "eslint-scope@7.2.2", + "eslint-visitor-keys@3.4.3", + "espree@9.6.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "find-up@5.0.0", + "glob-parent@6.0.2", + "globals@13.24.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "is-path-inside@3.0.3", + "js-yaml@4.1.0", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint@8.57.0|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "strip-ansi@6.0.1", + "text-table@0.2.0" + ] + }, + { + "ref": "eslint@8.57.0|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint@8.57.0|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint@8.57.0|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint@8.57.0|minimatch@3.1.2", + "dependsOn": [ + "eslint@8.57.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint@8.57.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "@typescript-eslint/utils@7.12.0", + "debug@4.3.4", + "eslint@8.57.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@eslint-community/eslint-utils@4.4.0", + "dependsOn": [ + "eslint-visitor-keys@3.4.3", + "eslint@8.57.0" + ] + }, + { + "ref": "graphemer@1.4.0" + }, + { + "ref": "accurate-search@1.2.15" + }, + { + "ref": "ajv@8.16.0", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "json-schema-traverse@1.0.0", + "require-from-string@2.0.2", + "uri-js@4.4.1" + ] + }, + { + "ref": "fast-deep-equal@3.1.3" + }, + { + "ref": "json-schema-traverse@1.0.0" + }, + { + "ref": "require-from-string@2.0.2" + }, + { + "ref": "uri-js@4.4.1", + "dependsOn": [ + "punycode@2.3.1" + ] + }, + { + "ref": "punycode@2.3.1" + }, + { + "ref": "form-data@4.0.0", + "dependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "mime-types@2.1.35" + ] + }, + { + "ref": "proxy-from-env@1.1.0" + }, + { + "ref": "assertion-error@1.1.0" + }, + { + "ref": "check-error@1.0.3", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "get-func-name@2.0.2" + }, + { + "ref": "deep-eql@4.1.3", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "loupe@2.3.7", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "pathval@1.1.1" + }, + { + "ref": "colors@1.4.0" + }, + { + "ref": "csv-parse@4.16.3" + }, + { + "ref": "dotenv@16.4.5" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "functional-red-black-tree@1.0.1", + "ignore@5.3.1", + "regexpp@3.2.0", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "enquirer@2.4.1", + "escape-string-regexp@4.0.0", + "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "functional-red-black-tree@1.0.1", + "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "import-fresh@3.3.0", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "progress@2.0.3", + "regexpp@3.2.0", + "semver@7.6.2", + "strip-ansi@6.0.1", + "strip-json-comments@3.1.1", + "table@6.8.2", + "text-table@0.2.0", + "v8-compile-cache@2.4.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "dependsOn": [ + "@babel/highlight@7.24.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "import-fresh@3.3.0", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0", + "dependsOn": [ + "@types/json-schema@7.0.15", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "eslint-utils@3.0.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + }, + { + "ref": "@types/json-schema@7.0.15" + }, + { + "ref": "tsutils@3.21.0", + "dependsOn": [ + "tsutils@3.21.0|tslib@1.14.1", + "typescript@5.1.6" + ] + }, + { + "ref": "tsutils@3.21.0|tslib@1.14.1" + }, + { + "ref": "esrecurse@4.3.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "eslint-utils@3.0.0", + "dependsOn": [ + "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/highlight@7.24.2", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@babel/highlight@7.24.2|chalk@2.4.2", + "js-tokens@4.0.0", + "picocolors@1.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "dependsOn": [ + "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "@babel/highlight@7.24.2|supports-color@5.5.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "dependsOn": [ + "@babel/highlight@7.24.2|color-convert@1.9.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "dependsOn": [ + "@babel/highlight@7.24.2|color-name@1.1.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-name@1.1.3" + }, + { + "ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5" + }, + { + "ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "dependsOn": [ + "@babel/highlight@7.24.2|has-flag@3.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|has-flag@3.0.0" + }, + { + "ref": "globals@13.24.0", + "dependsOn": [ + "globals@13.24.0|type-fest@0.20.2" + ] + }, + { + "ref": "globals@13.24.0|type-fest@0.20.2" + }, + { + "ref": "doctrine@3.0.0", + "dependsOn": [ + "esutils@2.0.3" + ] + }, + { + "ref": "enquirer@2.4.1", + "dependsOn": [ + "ansi-colors@4.1.1", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-colors@4.1.1" + }, + { + "ref": "acorn-jsx@5.3.2", + "dependsOn": [ + "acorn@8.11.3" + ] + }, + { + "ref": "esquery@1.5.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "esutils@2.0.3" + }, + { + "ref": "file-entry-cache@6.0.1", + "dependsOn": [ + "flat-cache@3.2.0" + ] + }, + { + "ref": "functional-red-black-tree@1.0.1" + }, + { + "ref": "imurmurhash@0.1.4" + }, + { + "ref": "json-stable-stringify-without-jsonify@1.0.1" + }, + { + "ref": "levn@0.4.1", + "dependsOn": [ + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "lodash.merge@4.6.2" + }, + { + "ref": "optionator@0.9.3", + "dependsOn": [ + "@aashutoshrathi/word-wrap@1.2.6", + "deep-is@0.1.4", + "optionator@0.9.3|fast-levenshtein@2.0.6", + "levn@0.4.1", + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "optionator@0.9.3|fast-levenshtein@2.0.6" + }, + { + "ref": "progress@2.0.3" + }, + { + "ref": "regexpp@3.2.0" + }, + { + "ref": "table@6.8.2", + "dependsOn": [ + "ajv@8.16.0", + "lodash.truncate@4.4.2", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "text-table@0.2.0" + }, + { + "ref": "v8-compile-cache@2.4.0" + }, + { + "ref": "confusing-browser-globals@1.0.10" + }, + { + "ref": "eslint-plugin-mocha@9.0.0", + "dependsOn": [ + "eslint-utils@3.0.0", + "eslint@8.57.0", + "ramda@0.27.2" + ] + }, + { + "ref": "ramda@0.27.2" + }, + { + "ref": "eslint-plugin-node@11.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1", + "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "eslint@8.57.0", + "ignore@5.3.1", + "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "resolve@1.22.8", + "eslint-plugin-node@11.1.0|semver@6.3.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "dependsOn": [ + "eslint-plugin-node@11.1.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|semver@6.3.1" + }, + { + "ref": "eslint-plugin-es@3.0.1", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "eslint@8.57.0", + "regexpp@3.2.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif@4.0.0", + "dependsOn": [ + "eslint-config-xo-space@0.27.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0", + "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "clean-regexp@1.0.0", + "eslint-template-visitor@2.3.2", + "eslint-utils@3.0.0", + "eslint@8.57.0", + "is-builtin-module@3.2.1", + "lodash@4.17.21", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "safe-regex@2.1.1", + "semver@7.6.2" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0" + }, + { + "ref": "eslint-config-xo-space@0.27.0", + "dependsOn": [ + "eslint-config-xo@0.35.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-config-xo@0.35.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint@8.57.0" + ] + }, + { + "ref": "@babel/helper-validator-identifier@7.22.20" + }, + { + "ref": "clean-regexp@1.0.0", + "dependsOn": [ + "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + }, + { + "ref": "eslint-template-visitor@2.3.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/eslint-parser@7.24.1", + "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "esquery@1.5.0", + "multimap@1.1.0" + ] + }, + { + "ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "@babel/eslint-parser@7.24.1|semver@6.3.1" + ] + }, + { + "ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1|semver@6.3.1" + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "dependsOn": [ + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + }, + { + "ref": "multimap@1.1.0" + }, + { + "ref": "is-builtin-module@3.2.1", + "dependsOn": [ + "builtin-modules@3.3.0" + ] + }, + { + "ref": "pluralize@8.0.0" + }, + { + "ref": "read-pkg-up@7.0.1", + "dependsOn": [ + "read-pkg-up@7.0.1|find-up@4.1.0", + "read-pkg@5.2.0", + "read-pkg-up@7.0.1|type-fest@0.8.1" + ] + }, + { + "ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-locate@4.1.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-limit@2.3.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|type-fest@0.8.1" + }, + { + "ref": "regexp-tree@0.1.27" + }, + { + "ref": "safe-regex@2.1.1", + "dependsOn": [ + "regexp-tree@0.1.27" + ] + }, + { + "ref": "eslint-plugin-unicorn@52.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@eslint-community/eslint-utils@4.4.0", + "@eslint/eslintrc@2.1.4", + "ci-info@4.0.0", + "clean-regexp@1.0.0", + "core-js-compat@3.37.0", + "eslint@8.57.0", + "esquery@1.5.0", + "indent-string@4.0.0", + "is-builtin-module@3.2.1", + "jsesc@3.0.2", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "regjsparser@0.10.0", + "semver@7.6.2", + "strip-indent@3.0.0" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "debug@4.3.4", + "espree@9.6.1", + "globals@13.24.0", + "ignore@5.3.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1" + }, + { + "ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "espree@9.6.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "acorn@8.11.3", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "parent-module@1.0.1", + "dependsOn": [ + "callsites@3.1.0" + ] + }, + { + "ref": "resolve-from@4.0.0" + }, + { + "ref": "ci-info@4.0.0" + }, + { + "ref": "core-js-compat@3.37.0", + "dependsOn": [ + "browserslist@4.23.0" + ] + }, + { + "ref": "browserslist@4.23.0", + "dependsOn": [ + "caniuse-lite@1.0.30001612", + "electron-to-chromium@1.4.747", + "node-releases@2.0.14", + "update-browserslist-db@1.0.13" + ] + }, + { + "ref": "caniuse-lite@1.0.30001612" + }, + { + "ref": "electron-to-chromium@1.4.747" + }, + { + "ref": "node-releases@2.0.14" + }, + { + "ref": "update-browserslist-db@1.0.13", + "dependsOn": [ + "browserslist@4.23.0", + "escalade@3.1.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "escalade@3.1.2" + }, + { + "ref": "estraverse@5.3.0" + }, + { + "ref": "builtin-modules@3.3.0" + }, + { + "ref": "jsesc@3.0.2" + }, + { + "ref": "p-try@2.2.0" + }, + { + "ref": "path-exists@4.0.0" + }, + { + "ref": "read-pkg@5.2.0", + "dependsOn": [ + "@types/normalize-package-data@2.4.4", + "read-pkg@5.2.0|normalize-package-data@2.5.0", + "parse-json@5.2.0", + "read-pkg@5.2.0|type-fest@0.6.0" + ] + }, + { + "ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "dependsOn": [ + "read-pkg@5.2.0|hosted-git-info@2.8.9", + "resolve@1.22.8", + "read-pkg@5.2.0|semver@5.7.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "read-pkg@5.2.0|hosted-git-info@2.8.9" + }, + { + "ref": "read-pkg@5.2.0|semver@5.7.2" + }, + { + "ref": "read-pkg@5.2.0|type-fest@0.6.0" + }, + { + "ref": "@types/normalize-package-data@2.4.4" + }, + { + "ref": "validate-npm-package-license@3.0.4", + "dependsOn": [ + "spdx-correct@3.2.0", + "spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "regjsparser@0.10.0", + "dependsOn": [ + "regjsparser@0.10.0|jsesc@0.5.0" + ] + }, + { + "ref": "regjsparser@0.10.0|jsesc@0.5.0" + }, + { + "ref": "strip-indent@3.0.0", + "dependsOn": [ + "min-indent@1.0.1" + ] + }, + { + "ref": "min-indent@1.0.1" + }, + { + "ref": "@eslint/js@8.57.0" + }, + { + "ref": "@humanwhocodes/config-array@0.11.14", + "dependsOn": [ + "@humanwhocodes/object-schema@2.0.3", + "debug@4.3.4", + "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "dependsOn": [ + "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@humanwhocodes/object-schema@2.0.3" + }, + { + "ref": "@humanwhocodes/module-importer@1.0.1" + }, + { + "ref": "@nodelib/fs.scandir@2.1.5", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ] + }, + { + "ref": "run-parallel@1.2.0", + "dependsOn": [ + "queue-microtask@1.2.3" + ] + }, + { + "ref": "queue-microtask@1.2.3" + }, + { + "ref": "fastq@1.17.1", + "dependsOn": [ + "reusify@1.0.4" + ] + }, + { + "ref": "reusify@1.0.4" + }, + { + "ref": "@ungap/structured-clone@1.2.0" + }, + { + "ref": "path-key@3.1.1" + }, + { + "ref": "shebang-command@2.0.0", + "dependsOn": [ + "shebang-regex@3.0.0" + ] + }, + { + "ref": "shebang-regex@3.0.0" + }, + { + "ref": "which@2.0.2", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "isexe@2.0.0" + }, + { + "ref": "eslint-scope@7.2.2", + "dependsOn": [ + "esrecurse@4.3.0", + "estraverse@5.3.0" + ] + }, + { + "ref": "acorn@8.11.3" + }, + { + "ref": "flat-cache@3.2.0", + "dependsOn": [ + "flatted@3.3.1", + "keyv@4.5.4", + "rimraf@3.0.2" + ] + }, + { + "ref": "flatted@3.3.1" + }, + { + "ref": "keyv@4.5.4", + "dependsOn": [ + "json-buffer@3.0.1" + ] + }, + { + "ref": "json-buffer@3.0.1" + }, + { + "ref": "find-up@5.0.0", + "dependsOn": [ + "locate-path@6.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "locate-path@6.0.0", + "dependsOn": [ + "p-locate@5.0.0" + ] + }, + { + "ref": "p-locate@5.0.0", + "dependsOn": [ + "p-limit@3.1.0" + ] + }, + { + "ref": "is-extglob@2.1.1" + }, + { + "ref": "is-path-inside@3.0.3" + }, + { + "ref": "prelude-ls@1.2.1" + }, + { + "ref": "type-check@0.4.0", + "dependsOn": [ + "prelude-ls@1.2.1" + ] + }, + { + "ref": "@aashutoshrathi/word-wrap@1.2.6" + }, + { + "ref": "deep-is@0.1.4" + }, + { + "ref": "accepts@1.3.8", + "dependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ] + }, + { + "ref": "mime-types@2.1.35", + "dependsOn": [ + "mime-db@1.52.0" + ] + }, + { + "ref": "negotiator@0.6.3" + }, + { + "ref": "array-flatten@1.1.1" + }, + { + "ref": "body-parser@1.20.2", + "dependsOn": [ + "bytes@3.1.2", + "content-type@1.0.5", + "body-parser@1.20.2|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "on-finished@2.4.1", + "qs@6.11.0", + "raw-body@2.5.2", + "type-is@1.6.18", + "unpipe@1.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|debug@2.6.9", + "dependsOn": [ + "body-parser@1.20.2|ms@2.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|ms@2.0.0" + }, + { + "ref": "bytes@3.1.2" + }, + { + "ref": "depd@2.0.0" + }, + { + "ref": "destroy@1.2.0" + }, + { + "ref": "http-errors@2.0.0", + "dependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "toidentifier@1.0.1" + ] + }, + { + "ref": "iconv-lite@0.4.24", + "dependsOn": [ + "safer-buffer@2.1.2" + ] + }, + { + "ref": "safer-buffer@2.1.2" + }, + { + "ref": "on-finished@2.4.1", + "dependsOn": [ + "ee-first@1.1.1" + ] + }, + { + "ref": "qs@6.11.0", + "dependsOn": [ + "side-channel@1.0.6" + ] + }, + { + "ref": "raw-body@2.5.2", + "dependsOn": [ + "bytes@3.1.2", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "unpipe@1.0.0" + ] + }, + { + "ref": "unpipe@1.0.0" + }, + { + "ref": "type-is@1.6.18", + "dependsOn": [ + "media-typer@0.3.0", + "mime-types@2.1.35" + ] + }, + { + "ref": "content-disposition@0.5.4", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "cookie-signature@1.0.6" + }, + { + "ref": "cookie@0.6.0" + }, + { + "ref": "encodeurl@1.0.2" + }, + { + "ref": "escape-html@1.0.3" + }, + { + "ref": "etag@1.8.1" + }, + { + "ref": "finalhandler@1.2.0", + "dependsOn": [ + "finalhandler@1.2.0|debug@2.6.9", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "on-finished@2.4.1", + "parseurl@1.3.3", + "statuses@2.0.1", + "unpipe@1.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|debug@2.6.9", + "dependsOn": [ + "finalhandler@1.2.0|ms@2.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|ms@2.0.0" + }, + { + "ref": "parseurl@1.3.3" + }, + { + "ref": "statuses@2.0.1" + }, + { + "ref": "fresh@0.5.2" + }, + { + "ref": "setprototypeof@1.2.0" + }, + { + "ref": "toidentifier@1.0.1" + }, + { + "ref": "merge-descriptors@1.0.1" + }, + { + "ref": "methods@1.1.2" + }, + { + "ref": "ee-first@1.1.1" + }, + { + "ref": "path-to-regexp@0.1.7" + }, + { + "ref": "proxy-addr@2.0.7", + "dependsOn": [ + "forwarded@0.2.0", + "ipaddr.js@1.9.1" + ] + }, + { + "ref": "forwarded@0.2.0" + }, + { + "ref": "ipaddr.js@1.9.1" + }, + { + "ref": "side-channel@1.0.6", + "dependsOn": [ + "call-bind@1.0.7", + "es-errors@1.3.0", + "get-intrinsic@1.2.4", + "object-inspect@1.13.1" + ] + }, + { + "ref": "call-bind@1.0.7", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "set-function-length@1.2.2" + ] + }, + { + "ref": "es-define-property@1.0.0", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "get-intrinsic@1.2.4", + "dependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2", + "has-proto@1.0.3", + "has-symbols@1.0.3", + "hasown@2.0.2" + ] + }, + { + "ref": "es-errors@1.3.0" + }, + { + "ref": "function-bind@1.1.2" + }, + { + "ref": "set-function-length@1.2.2", + "dependsOn": [ + "define-data-property@1.1.4", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "gopd@1.0.1", + "has-property-descriptors@1.0.2" + ] + }, + { + "ref": "define-data-property@1.1.4", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "gopd@1.0.1" + ] + }, + { + "ref": "gopd@1.0.1", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "has-property-descriptors@1.0.2", + "dependsOn": [ + "es-define-property@1.0.0" + ] + }, + { + "ref": "has-proto@1.0.3" + }, + { + "ref": "has-symbols@1.0.3" + }, + { + "ref": "hasown@2.0.2", + "dependsOn": [ + "function-bind@1.1.2" + ] + }, + { + "ref": "object-inspect@1.13.1" + }, + { + "ref": "range-parser@1.2.1" + }, + { + "ref": "send@0.18.0", + "dependsOn": [ + "send@0.18.0|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.0", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.1" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9", + "dependsOn": [ + "send@0.18.0|debug@2.6.9|ms@2.0.0" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9|ms@2.0.0" + }, + { + "ref": "mime@1.6.0" + }, + { + "ref": "serve-static@1.15.0", + "dependsOn": [ + "encodeurl@1.0.2", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.18.0" + ] + }, + { + "ref": "media-typer@0.3.0" + }, + { + "ref": "utils-merge@1.0.1" + }, + { + "ref": "vary@1.1.2" + }, + { + "ref": "asynckit@0.4.0" + }, + { + "ref": "combined-stream@1.0.8", + "dependsOn": [ + "delayed-stream@1.0.0" + ] + }, + { + "ref": "delayed-stream@1.0.0" + }, + { + "ref": "mime-db@1.52.0" + }, + { + "ref": "fs-extra@11.2.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@6.1.0", + "universalify@2.0.1" + ] + }, + { + "ref": "jsonfile@6.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "universalify@2.0.1" + ] + }, + { + "ref": "universalify@2.0.1" + }, + { + "ref": "get-installed-path@4.0.8", + "dependsOn": [ + "global-modules@1.0.0" + ] + }, + { + "ref": "global-modules@1.0.0", + "dependsOn": [ + "global-prefix@1.0.2", + "is-windows@1.0.2", + "resolve-dir@1.0.1" + ] + }, + { + "ref": "global-prefix@1.0.2", + "dependsOn": [ + "expand-tilde@2.0.2", + "homedir-polyfill@1.0.3", + "ini@1.3.8", + "is-windows@1.0.2", + "global-prefix@1.0.2|which@1.3.1" + ] + }, + { + "ref": "global-prefix@1.0.2|which@1.3.1", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "expand-tilde@2.0.2", + "dependsOn": [ + "homedir-polyfill@1.0.3" + ] + }, + { + "ref": "homedir-polyfill@1.0.3", + "dependsOn": [ + "parse-passwd@1.0.0" + ] + }, + { + "ref": "parse-passwd@1.0.0" + }, + { + "ref": "is-windows@1.0.2" + }, + { + "ref": "resolve-dir@1.0.1", + "dependsOn": [ + "expand-tilde@2.0.2", + "global-modules@1.0.0" + ] + }, + { + "ref": "domhandler@5.0.3", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "domutils@3.1.0", + "dependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ] + }, + { + "ref": "dom-serializer@2.0.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ] + }, + { + "ref": "entities@4.5.0" + }, + { + "ref": "https@1.0.0" + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2", + "dependsOn": [ + "chalk@4.1.2", + "cli-cursor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1" + ] + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "cli-cursor@3.1.0", + "dependsOn": [ + "restore-cursor@3.1.0" + ] + }, + { + "ref": "restore-cursor@3.1.0", + "dependsOn": [ + "onetime@5.1.2", + "signal-exit@3.0.7" + ] + }, + { + "ref": "onetime@5.1.2", + "dependsOn": [ + "mimic-fn@2.1.0" + ] + }, + { + "ref": "mimic-fn@2.1.0" + }, + { + "ref": "signal-exit@3.0.7" + }, + { + "ref": "figures@3.2.0", + "dependsOn": [ + "figures@3.2.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "figures@3.2.0|escape-string-regexp@1.0.5" + }, + { + "ref": "inquirer@8.0.0", + "dependsOn": [ + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-cursor@3.1.0", + "cli-width@3.0.0", + "external-editor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "mute-stream@0.0.8", + "run-async@2.4.1", + "rxjs@6.6.7", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "through@2.3.8" + ] + }, + { + "ref": "cli-width@3.0.0" + }, + { + "ref": "external-editor@3.1.0", + "dependsOn": [ + "chardet@0.7.0", + "iconv-lite@0.4.24", + "external-editor@3.1.0|tmp@0.0.33" + ] + }, + { + "ref": "external-editor@3.1.0|tmp@0.0.33", + "dependsOn": [ + "os-tmpdir@1.0.2" + ] + }, + { + "ref": "chardet@0.7.0" + }, + { + "ref": "os-tmpdir@1.0.2" + }, + { + "ref": "mute-stream@0.0.8" + }, + { + "ref": "run-async@2.4.1" + }, + { + "ref": "rxjs@6.6.7", + "dependsOn": [ + "rxjs@6.6.7|tslib@1.14.1" + ] + }, + { + "ref": "rxjs@6.6.7|tslib@1.14.1" + }, + { + "ref": "through@2.3.8" + }, + { + "ref": "jest-mock@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-util@29.7.0" + ] + }, + { + "ref": "@types/istanbul-lib-report@3.0.3", + "dependsOn": [ + "@types/istanbul-lib-coverage@2.0.6" + ] + }, + { + "ref": "@types/yargs-parser@21.0.3" + }, + { + "ref": "jest@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/types@29.6.3", + "import-local@3.1.0", + "jest-cli@29.7.0" + ] + }, + { + "ref": "@jest/core@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/reporters@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@jest/core@29.7.0|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-changed-files@29.7.0", + "jest-config@29.7.0", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve-dependencies@29.7.0", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "jest-watcher@29.7.0", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@jest/core@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/console@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "@jest/reporters@29.7.0", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@jest/console@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "istanbul-lib-instrument@6.0.2", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@jest/test-result@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/types@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@jest/transform@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "convert-source-map@2.0.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "fs.realpath@1.0.0" + }, + { + "ref": "inflight@1.0.6", + "dependsOn": [ + "once@1.4.0", + "wrappy@1.0.2" + ] + }, + { + "ref": "path-is-absolute@1.0.1" + }, + { + "ref": "istanbul-lib-instrument@6.0.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "semver@7.6.2" + ] + }, + { + "ref": "make-dir@4.0.0", + "dependsOn": [ + "semver@7.6.2" + ] + }, + { + "ref": "source-map@0.6.1" + }, + { + "ref": "html-escaper@2.0.2" + }, + { + "ref": "jest-worker@29.7.0", + "dependsOn": [ + "@types/node@20.14.1", + "jest-util@29.7.0", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "char-regex@1.0.2" + }, + { + "ref": "convert-source-map@2.0.0" + }, + { + "ref": "jest-changed-files@29.7.0", + "dependsOn": [ + "execa@5.1.1", + "jest-util@29.7.0", + "p-limit@3.1.0" + ] + }, + { + "ref": "get-stream@6.0.1" + }, + { + "ref": "human-signals@2.1.0" + }, + { + "ref": "npm-run-path@4.0.1", + "dependsOn": [ + "path-key@3.1.1" + ] + }, + { + "ref": "strip-final-newline@2.0.0" + }, + { + "ref": "yocto-queue@0.1.0" + }, + { + "ref": "jest-config@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/test-sequencer@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "babel-jest@29.7.0", + "chalk@4.1.2", + "jest-config@29.7.0|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-circus@29.7.0", + "jest-environment-node@29.7.0", + "jest-get-type@29.6.3", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "micromatch@4.0.5", + "parse-json@5.2.0", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "jest-config@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/test-sequencer@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "jest-haste-map@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "babel-jest@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "babel-preset-jest@29.6.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "jest-circus@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "dedent@1.5.3", + "is-generator-fn@2.1.0", + "jest-each@29.7.0", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "p-limit@3.1.0", + "pretty-format@29.7.0", + "pure-rand@6.1.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/environment@29.7.0", + "dependsOn": [ + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/expect@29.7.0", + "dependsOn": [ + "expect@29.7.0", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "jest-snapshot@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-jsx@7.24.1", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/types@7.24.0", + "@jest/expect-utils@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "expect@29.7.0", + "graceful-fs@4.2.11", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "natural-compare@1.4.0", + "pretty-format@29.7.0", + "semver@7.6.2" + ] + }, + { + "ref": "dedent@1.5.3" + }, + { + "ref": "jest-each@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "jest-util@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-runtime@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/globals@29.7.0", + "@jest/source-map@29.6.3", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "pure-rand@6.1.0" + }, + { + "ref": "jest-environment-node@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/fake-timers@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@sinonjs/fake-timers@10.3.0", + "@types/node@20.14.1", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "jest-regex-util@29.6.3" + }, + { + "ref": "jest-resolve@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-pnp-resolver@1.2.3", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "resolve.exports@2.0.2", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "jest-runner@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/environment@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "emittery@0.13.1", + "graceful-fs@4.2.11", + "jest-docblock@29.7.0", + "jest-environment-node@29.7.0", + "jest-haste-map@29.7.0", + "jest-leak-detector@29.7.0", + "jest-message-util@29.7.0", + "jest-resolve@29.7.0", + "jest-runtime@29.7.0", + "jest-util@29.7.0", + "jest-watcher@29.7.0", + "jest-worker@29.7.0", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "jest-validate@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "jest-validate@29.7.0|camelcase@6.3.0", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "leven@3.1.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-validate@29.7.0|camelcase@6.3.0" + }, + { + "ref": "bser@2.1.1", + "dependsOn": [ + "node-int64@0.4.0" + ] + }, + { + "ref": "node-int64@0.4.0" + }, + { + "ref": "makeerror@1.0.12", + "dependsOn": [ + "tmpl@1.0.5" + ] + }, + { + "ref": "tmpl@1.0.5" + }, + { + "ref": "jest-resolve-dependencies@29.7.0", + "dependsOn": [ + "jest-regex-util@29.6.3", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "resolve.exports@2.0.2" + }, + { + "ref": "emittery@0.13.1" + }, + { + "ref": "jest-docblock@29.7.0", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "jest-leak-detector@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-watcher@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "emittery@0.13.1", + "jest-util@29.7.0", + "string-length@4.0.2" + ] + }, + { + "ref": "@jest/globals@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/types@29.6.3", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/source-map@29.6.3", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@babel/plugin-syntax-jsx@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/helper-plugin-utils@7.24.0" + }, + { + "ref": "@babel/plugin-syntax-async-generators@7.8.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-bigint@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-class-properties@7.12.13", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-import-meta@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-json-strings@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "pkg-dir@4.2.0", + "dependsOn": [ + "pkg-dir@4.2.0|find-up@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|find-up@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-locate@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-limit@2.3.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0", + "dependsOn": [ + "resolve-cwd@3.0.0|resolve-from@5.0.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0|resolve-from@5.0.0" + }, + { + "ref": "jest-cli@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "chalk@4.1.2", + "create-jest@29.7.0", + "exit@0.1.2", + "import-local@3.1.0", + "jest-config@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "yargs@17.7.2" + ] + }, + { + "ref": "create-jest@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-config@29.7.0", + "jest-util@29.7.0", + "prompts@2.4.2" + ] + }, + { + "ref": "cliui@8.0.1", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "get-caller-file@2.0.5" + }, + { + "ref": "require-directory@2.1.1" + }, + { + "ref": "y18n@5.0.8" + }, + { + "ref": "argparse@2.0.1" + }, + { + "ref": "json-colorizer@2.2.2", + "dependsOn": [ + "json-colorizer@2.2.2|chalk@2.4.2", + "lodash.get@4.4.2" + ] + }, + { + "ref": "json-colorizer@2.2.2|chalk@2.4.2", + "dependsOn": [ + "json-colorizer@2.2.2|ansi-styles@3.2.1", + "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "json-colorizer@2.2.2|supports-color@5.5.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "dependsOn": [ + "json-colorizer@2.2.2|color-convert@1.9.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "dependsOn": [ + "json-colorizer@2.2.2|color-name@1.1.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-name@1.1.3" + }, + { + "ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5" + }, + { + "ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "dependsOn": [ + "json-colorizer@2.2.2|has-flag@3.0.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|has-flag@3.0.0" + }, + { + "ref": "markdown-diff@2.0.0", + "dependsOn": [ + "markdown-diff@2.0.0|diff@5.2.0", + "marked@12.0.2" + ] + }, + { + "ref": "markdown-diff@2.0.0|diff@5.2.0" + }, + { + "ref": "marked@12.0.2" + }, + { + "ref": "markdown-table-ts@1.0.3" + }, + { + "ref": "mocha@10.4.0", + "dependsOn": [ + "ansi-colors@4.1.1", + "browser-stdout@1.3.1", + "chokidar@3.5.3", + "debug@4.3.4", + "mocha@10.4.0|diff@5.0.0", + "escape-string-regexp@4.0.0", + "find-up@5.0.0", + "mocha@10.4.0|glob@8.1.0", + "he@1.2.0", + "js-yaml@4.1.0", + "mocha@10.4.0|log-symbols@4.1.0", + "mocha@10.4.0|minimatch@5.0.1", + "ms@2.1.3", + "serialize-javascript@6.0.0", + "strip-json-comments@3.1.1", + "supports-color@8.1.1", + "workerpool@6.2.1", + "yargs-parser@20.2.4", + "yargs-unparser@2.0.0", + "mocha@10.4.0|yargs@16.2.0" + ] + }, + { + "ref": "mocha@10.4.0|diff@5.0.0" + }, + { + "ref": "mocha@10.4.0|glob@8.1.0", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "mocha@10.4.0|minimatch@5.0.1", + "once@1.4.0" + ] + }, + { + "ref": "mocha@10.4.0|minimatch@5.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "mocha@10.4.0|log-symbols@4.1.0", + "dependsOn": [ + "chalk@4.1.2", + "is-unicode-supported@0.1.0" + ] + }, + { + "ref": "mocha@10.4.0|yargs@16.2.0", + "dependsOn": [ + "mocha@10.4.0|cliui@7.0.4", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs-parser@20.2.4" + ] + }, + { + "ref": "mocha@10.4.0|cliui@7.0.4", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "browser-stdout@1.3.1" + }, + { + "ref": "fill-range@7.0.1", + "dependsOn": [ + "to-regex-range@5.0.1" + ] + }, + { + "ref": "to-regex-range@5.0.1", + "dependsOn": [ + "is-number@7.0.0" + ] + }, + { + "ref": "is-number@7.0.0" + }, + { + "ref": "is-binary-path@2.1.0", + "dependsOn": [ + "binary-extensions@2.3.0" + ] + }, + { + "ref": "binary-extensions@2.3.0" + }, + { + "ref": "readdirp@3.6.0", + "dependsOn": [ + "picomatch@2.3.1" + ] + }, + { + "ref": "wrappy@1.0.2" + }, + { + "ref": "is-unicode-supported@0.1.0" + }, + { + "ref": "serialize-javascript@6.0.0", + "dependsOn": [ + "randombytes@2.1.0" + ] + }, + { + "ref": "randombytes@2.1.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "workerpool@6.2.1" + }, + { + "ref": "yargs-parser@20.2.4" + }, + { + "ref": "yargs-unparser@2.0.0", + "dependsOn": [ + "yargs-unparser@2.0.0|camelcase@6.3.0", + "decamelize@4.0.0", + "flat@5.0.2", + "is-plain-obj@2.1.0" + ] + }, + { + "ref": "yargs-unparser@2.0.0|camelcase@6.3.0" + }, + { + "ref": "decamelize@4.0.0" + }, + { + "ref": "is-plain-obj@2.1.0" + }, + { + "ref": "mock-fs@5.2.0" + }, + { + "ref": "objects-to-csv@1.3.6", + "dependsOn": [ + "async-csv@2.1.3" + ] + }, + { + "ref": "async-csv@2.1.3", + "dependsOn": [ + "csv@5.5.3" + ] + }, + { + "ref": "csv@5.5.3", + "dependsOn": [ + "csv-generate@3.4.3", + "csv-parse@4.16.3", + "csv-stringify@5.6.5", + "stream-transform@2.1.3" + ] + }, + { + "ref": "csv-generate@3.4.3" + }, + { + "ref": "csv-stringify@5.6.5" + }, + { + "ref": "stream-transform@2.1.3", + "dependsOn": [ + "mixme@0.5.10" + ] + }, + { + "ref": "mixme@0.5.10" + }, + { + "ref": "oclif@4.13.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0", + "@aws-sdk/client-s3@3.583.0", + "@inquirer/confirm@3.1.9", + "@inquirer/input@2.1.9", + "@inquirer/select@2.3.5", + "oclif@4.13.0|@oclif/core@4.0.1", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-not-found@3.2.1", + "@oclif/plugin-warn-if-update-available@3.1.4", + "async-retry@1.3.3", + "chalk@4.1.2", + "change-case@4.1.2", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "find-yarn-workspace-root@2.0.0", + "oclif@4.13.0|fs-extra@8.1.0", + "github-slugger@2.0.0", + "got@13.0.0", + "lodash@4.17.21", + "normalize-package-data@6.0.1", + "semver@7.6.2", + "sort-package-json@2.10.0", + "tiny-jsonc@1.0.1", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "oclif@4.13.0|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "oclif@4.13.0|debug@4.3.5", + "dependsOn": [ + "oclif@4.13.0|ms@2.1.2" + ] + }, + { + "ref": "oclif@4.13.0|ms@2.1.2" + }, + { + "ref": "oclif@4.13.0|fs-extra@8.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "oclif@4.13.0|jsonfile@4.0.0", + "oclif@4.13.0|universalify@0.1.2" + ] + }, + { + "ref": "oclif@4.13.0|jsonfile@4.0.0", + "dependsOn": [ + "graceful-fs@4.2.11" + ] + }, + { + "ref": "oclif@4.13.0|universalify@0.1.2" + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/xml-builder@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-waiter@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0", + "dependsOn": [ + "@aws-crypto/sha1-browser@3.0.0", + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "@aws-sdk/middleware-expect-continue@3.577.0", + "@aws-sdk/middleware-flexible-checksums@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-location-constraint@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/middleware-signing@3.577.0", + "@aws-sdk/middleware-ssec@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/signature-v4-multi-region@3.582.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/eventstream-serde-browser@3.0.0", + "@smithy/eventstream-serde-config-resolver@3.0.0", + "@smithy/eventstream-serde-node@3.0.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-blob-browser@3.0.0", + "@smithy/hash-node@3.0.0", + "@smithy/hash-stream-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/md5-js@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/region-config-resolver@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-node@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-env@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-process@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/token-providers@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso-oidc@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sts@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/credential-provider-node@3.577.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-http@3.577.0", + "@aws-sdk/credential-provider-ini@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-user-agent@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-endpoints@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-http@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-ini@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-sso@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso@3.577.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-arn-parser@3.568.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@aws-crypto/crc32c@3.0.0", + "@aws-sdk/types@3.577.0", + "@smithy/is-array-buffer@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/crc32c@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-signing@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-ssec@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "dependsOn": [ + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-browser@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-universal@3.0.0", + "dependsOn": [ + "@smithy/eventstream-codec@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-codec@3.0.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-node@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-blob-browser@3.0.0", + "dependsOn": [ + "@smithy/chunked-blob-reader-native@3.0.0", + "@smithy/chunked-blob-reader@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader-native@3.0.0", + "dependsOn": [ + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-stream-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/md5-js@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@inquirer/confirm@3.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/core@8.2.2", + "dependsOn": [ + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "@types/mute-stream@0.0.4", + "@types/node@20.14.1", + "@types/wrap-ansi@3.0.0", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-spinners@2.9.2", + "@inquirer/core@8.2.2|cli-width@4.1.0", + "@inquirer/core@8.2.2|mute-stream@1.0.0", + "@inquirer/core@8.2.2|signal-exit@4.1.0", + "strip-ansi@6.0.1", + "@inquirer/core@8.2.2|wrap-ansi@6.2.0" + ] + }, + { + "ref": "@inquirer/core@8.2.2|cli-width@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|mute-stream@1.0.0" + }, + { + "ref": "@inquirer/core@8.2.2|signal-exit@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@inquirer/figures@1.0.3" + }, + { + "ref": "@inquirer/type@1.3.3" + }, + { + "ref": "@types/mute-stream@0.0.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/wrap-ansi@3.0.0" + }, + { + "ref": "@inquirer/input@2.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/select@2.3.5", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "ansi-escapes@4.3.2", + "chalk@4.1.2" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1", + "dependsOn": [ + "@inquirer/confirm@3.1.9", + "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "ansis@3.2.0", + "fast-levenshtein@3.0.0" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "fast-levenshtein@3.0.0", + "dependsOn": [ + "fastest-levenshtein@1.0.16" + ] + }, + { + "ref": "fastest-levenshtein@1.0.16" + }, + { + "ref": "async-retry@1.3.3", + "dependsOn": [ + "retry@0.13.1" + ] + }, + { + "ref": "retry@0.13.1" + }, + { + "ref": "change-case@4.1.2", + "dependsOn": [ + "camel-case@4.1.2", + "capital-case@1.0.4", + "constant-case@3.0.4", + "dot-case@3.0.4", + "header-case@2.0.4", + "no-case@3.0.4", + "param-case@3.0.4", + "pascal-case@3.1.2", + "path-case@3.0.4", + "sentence-case@3.0.4", + "snake-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "camel-case@4.1.2", + "dependsOn": [ + "pascal-case@3.1.2", + "tslib@2.6.3" + ] + }, + { + "ref": "pascal-case@3.1.2", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "capital-case@1.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "no-case@3.0.4", + "dependsOn": [ + "lower-case@2.0.2", + "tslib@2.6.3" + ] + }, + { + "ref": "upper-case-first@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "constant-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case@2.0.2" + ] + }, + { + "ref": "upper-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "dot-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "header-case@2.0.4", + "dependsOn": [ + "capital-case@1.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "lower-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "param-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "path-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "sentence-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "snake-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "find-yarn-workspace-root@2.0.0", + "dependsOn": [ + "micromatch@4.0.5" + ] + }, + { + "ref": "github-slugger@2.0.0" + }, + { + "ref": "got@13.0.0", + "dependsOn": [ + "@sindresorhus/is@5.6.0", + "@szmarczak/http-timer@5.0.1", + "cacheable-lookup@7.0.0", + "cacheable-request@10.2.14", + "decompress-response@6.0.0", + "form-data-encoder@2.1.4", + "get-stream@6.0.1", + "http2-wrapper@2.2.1", + "lowercase-keys@3.0.0", + "p-cancelable@3.0.0", + "responselike@3.0.0" + ] + }, + { + "ref": "@sindresorhus/is@5.6.0" + }, + { + "ref": "@szmarczak/http-timer@5.0.1", + "dependsOn": [ + "defer-to-connect@2.0.1" + ] + }, + { + "ref": "defer-to-connect@2.0.1" + }, + { + "ref": "cacheable-lookup@7.0.0" + }, + { + "ref": "cacheable-request@10.2.14", + "dependsOn": [ + "@types/http-cache-semantics@4.0.4", + "get-stream@6.0.1", + "http-cache-semantics@4.1.1", + "keyv@4.5.4", + "mimic-response@4.0.0", + "normalize-url@8.0.1", + "responselike@3.0.0" + ] + }, + { + "ref": "@types/http-cache-semantics@4.0.4" + }, + { + "ref": "http-cache-semantics@4.1.1" + }, + { + "ref": "mimic-response@4.0.0" + }, + { + "ref": "normalize-url@8.0.1" + }, + { + "ref": "responselike@3.0.0", + "dependsOn": [ + "lowercase-keys@3.0.0" + ] + }, + { + "ref": "decompress-response@6.0.0", + "dependsOn": [ + "decompress-response@6.0.0|mimic-response@3.1.0" + ] + }, + { + "ref": "decompress-response@6.0.0|mimic-response@3.1.0" + }, + { + "ref": "form-data-encoder@2.1.4" + }, + { + "ref": "http2-wrapper@2.2.1", + "dependsOn": [ + "quick-lru@5.1.1", + "resolve-alpn@1.2.1" + ] + }, + { + "ref": "resolve-alpn@1.2.1" + }, + { + "ref": "lowercase-keys@3.0.0" + }, + { + "ref": "p-cancelable@3.0.0" + }, + { + "ref": "normalize-package-data@6.0.1", + "dependsOn": [ + "hosted-git-info@7.0.2", + "is-core-module@2.13.1", + "semver@7.6.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "spdx-correct@3.2.0", + "dependsOn": [ + "spdx-expression-parse@3.0.1", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-expression-parse@3.0.1", + "dependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-license-ids@3.0.17" + }, + { + "ref": "spdx-exceptions@2.5.0" + }, + { + "ref": "sort-package-json@2.10.0", + "dependsOn": [ + "detect-indent@7.0.1", + "sort-package-json@2.10.0|detect-newline@4.0.1", + "get-stdin@9.0.0", + "git-hooks-list@3.1.0", + "sort-package-json@2.10.0|globby@13.2.2", + "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "semver@7.6.2", + "sort-object-keys@1.1.3" + ] + }, + { + "ref": "sort-package-json@2.10.0|detect-newline@4.0.1" + }, + { + "ref": "sort-package-json@2.10.0|globby@13.2.2", + "dependsOn": [ + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "sort-package-json@2.10.0|slash@4.0.0" + ] + }, + { + "ref": "sort-package-json@2.10.0|slash@4.0.0" + }, + { + "ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0" + }, + { + "ref": "detect-indent@7.0.1" + }, + { + "ref": "get-stdin@9.0.0" + }, + { + "ref": "git-hooks-list@3.1.0" + }, + { + "ref": "sort-object-keys@1.1.3" + }, + { + "ref": "tiny-jsonc@1.0.1" + }, + { + "ref": "open@10.1.0", + "dependsOn": [ + "default-browser@5.2.1", + "define-lazy-prop@3.0.0", + "is-inside-container@1.0.0", + "open@10.1.0|is-wsl@3.1.0" + ] + }, + { + "ref": "open@10.1.0|is-wsl@3.1.0", + "dependsOn": [ + "is-inside-container@1.0.0" + ] + }, + { + "ref": "default-browser@5.2.1", + "dependsOn": [ + "bundle-name@4.1.0", + "default-browser-id@5.0.0" + ] + }, + { + "ref": "bundle-name@4.1.0", + "dependsOn": [ + "run-applescript@7.0.0" + ] + }, + { + "ref": "run-applescript@7.0.0" + }, + { + "ref": "default-browser-id@5.0.0" + }, + { + "ref": "define-lazy-prop@3.0.0" + }, + { + "ref": "is-inside-container@1.0.0", + "dependsOn": [ + "is-inside-container@1.0.0|is-docker@3.0.0" + ] + }, + { + "ref": "is-inside-container@1.0.0|is-docker@3.0.0" + }, + { + "ref": "prompt-sync@4.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|strip-ansi@5.2.0" + ] + }, + { + "ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|ansi-regex@4.1.1" + ] + }, + { + "ref": "prompt-sync@4.2.0|ansi-regex@4.1.1" + }, + { + "ref": "lodash.truncate@4.4.2" + }, + { + "ref": "tmp@0.2.3" + }, + { + "ref": "ts-jest@29.1.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-jest@29.7.0", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "jest-util@29.7.0", + "jest@29.7.0", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "typescript@5.1.6", + "ts-jest@29.1.4|yargs-parser@21.1.1" + ] + }, + { + "ref": "ts-jest@29.1.4|yargs-parser@21.1.1" + }, + { + "ref": "@ampproject/remapping@2.3.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "js-tokens@4.0.0" + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6", + "dependsOn": [ + "@babel/compat-data@7.24.4", + "@babel/helper-validator-option@7.23.5", + "browserslist@4.23.0", + "lru-cache@5.1.1", + "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + ] + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + }, + { + "ref": "@babel/compat-data@7.24.4" + }, + { + "ref": "@babel/helper-validator-option@7.23.5" + }, + { + "ref": "lru-cache@5.1.1", + "dependsOn": [ + "yallist@3.1.1" + ] + }, + { + "ref": "yallist@3.1.1" + }, + { + "ref": "@babel/helper-module-transforms@7.23.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-module-imports@7.24.3", + "@babel/helper-simple-access@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/helper-validator-identifier@7.22.20" + ] + }, + { + "ref": "@babel/helper-environment-visitor@7.22.20" + }, + { + "ref": "@babel/helper-module-imports@7.24.3", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-simple-access@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-split-export-declaration@7.22.6", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helpers@7.24.4", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-function-name@7.23.0", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-hoist-variables@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-string-parser@7.24.1" + }, + { + "ref": "to-fast-properties@2.0.0" + }, + { + "ref": "gensync@1.0.0-beta.2" + }, + { + "ref": "@jridgewell/resolve-uri@3.1.2" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0", + "dependsOn": [ + "camelcase@5.3.1", + "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "get-package-type@0.1.0", + "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + }, + { + "ref": "camelcase@5.3.1" + }, + { + "ref": "test-exclude@6.0.0", + "dependsOn": [ + "@istanbuljs/schema@0.1.3", + "glob@7.2.3", + "test-exclude@6.0.0|minimatch@3.1.2" + ] + }, + { + "ref": "test-exclude@6.0.0|minimatch@3.1.2", + "dependsOn": [ + "test-exclude@6.0.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@types/babel__generator@7.6.8", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/babel__template@7.4.4", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "babel-preset-jest@29.6.3", + "dependsOn": [ + "@babel/core@7.24.4", + "babel-plugin-jest-hoist@29.6.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "babel-plugin-jest-hoist@29.6.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "ts-mocha@10.0.0", + "dependsOn": [ + "mocha@10.4.0", + "ts-mocha@10.0.0|ts-node@7.0.1", + "tsconfig-paths@3.15.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "dependsOn": [ + "ts-mocha@10.0.0|arrify@1.0.1", + "buffer-from@1.1.2", + "ts-mocha@10.0.0|diff@3.5.0", + "make-error@1.3.6", + "minimist@1.2.8", + "ts-mocha@10.0.0|mkdirp@0.5.6", + "source-map-support@0.5.13", + "ts-mocha@10.0.0|yn@2.0.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|arrify@1.0.1" + }, + { + "ref": "ts-mocha@10.0.0|diff@3.5.0" + }, + { + "ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "ts-mocha@10.0.0|yn@2.0.0" + }, + { + "ref": "buffer-from@1.1.2" + }, + { + "ref": "tsconfig-paths@3.15.0", + "dependsOn": [ + "@types/json5@0.0.29", + "tsconfig-paths@3.15.0|json5@1.0.2", + "minimist@1.2.8", + "tsconfig-paths@3.15.0|strip-bom@3.0.0" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0" + }, + { + "ref": "@types/json5@0.0.29" + }, + { + "ref": "@cspotcode/source-map-support@0.8.1", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9" + ] + }, + { + "ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "@tsconfig/node10@1.0.11" + }, + { + "ref": "@tsconfig/node12@1.0.11" + }, + { + "ref": "@tsconfig/node14@1.0.3" + }, + { + "ref": "@tsconfig/node16@1.0.4" + }, + { + "ref": "acorn-walk@8.3.2" + }, + { + "ref": "create-require@1.1.1" + }, + { + "ref": "diff@4.0.2" + }, + { + "ref": "v8-compile-cache-lib@3.0.1" + }, + { + "ref": "yn@3.1.1" + }, + { + "ref": "tsimportlib@0.0.5" + }, + { + "ref": "@colors/colors@1.6.0" + }, + { + "ref": "@dabh/diagnostics@2.0.3", + "dependsOn": [ + "colorspace@1.1.4", + "enabled@2.0.0", + "kuler@2.0.0" + ] + }, + { + "ref": "colorspace@1.1.4", + "dependsOn": [ + "colorspace@1.1.4|color@3.2.1", + "text-hex@1.0.0" + ] + }, + { + "ref": "colorspace@1.1.4|color@3.2.1", + "dependsOn": [ + "colorspace@1.1.4|color-convert@1.9.3", + "color-string@1.9.1" + ] + }, + { + "ref": "colorspace@1.1.4|color-convert@1.9.3", + "dependsOn": [ + "colorspace@1.1.4|color-name@1.1.3" + ] + }, + { + "ref": "colorspace@1.1.4|color-name@1.1.3" + }, + { + "ref": "text-hex@1.0.0" + }, + { + "ref": "enabled@2.0.0" + }, + { + "ref": "kuler@2.0.0" + }, + { + "ref": "logform@2.6.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@types/triple-beam@1.3.5", + "fecha@4.2.3", + "ms@2.1.3", + "safe-stable-stringify@2.4.3", + "triple-beam@1.4.1" + ] + }, + { + "ref": "fecha@4.2.3" + }, + { + "ref": "safe-stable-stringify@2.4.3" + }, + { + "ref": "triple-beam@1.4.1" + }, + { + "ref": "one-time@1.0.0", + "dependsOn": [ + "fn.name@1.1.0" + ] + }, + { + "ref": "fn.name@1.1.0" + }, + { + "ref": "string_decoder@1.3.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "stack-trace@0.0.10" + }, + { + "ref": "winston-transport@4.7.0", + "dependsOn": [ + "logform@2.6.0", + "readable-stream@3.6.2", + "triple-beam@1.4.1" + ] + }, + { + "ref": "xlsx-populate@1.21.0", + "dependsOn": [ + "cfb@1.2.2", + "jszip@3.10.1", + "lodash@4.17.21", + "xlsx-populate@1.21.0|sax@1.3.0" + ] + }, + { + "ref": "xlsx-populate@1.21.0|sax@1.3.0" + }, + { + "ref": "cfb@1.2.2", + "dependsOn": [ + "adler-32@1.3.1", + "crc-32@1.2.2" + ] + }, + { + "ref": "adler-32@1.3.1" + }, + { + "ref": "crc-32@1.2.2" + }, + { + "ref": "jszip@3.10.1", + "dependsOn": [ + "lie@3.3.0", + "pako@1.0.11", + "jszip@3.10.1|readable-stream@2.3.8", + "setimmediate@1.0.5" + ] + }, + { + "ref": "jszip@3.10.1|readable-stream@2.3.8", + "dependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "jszip@3.10.1|safe-buffer@5.1.2", + "jszip@3.10.1|string_decoder@1.1.1", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "jszip@3.10.1|safe-buffer@5.1.2" + }, + { + "ref": "jszip@3.10.1|string_decoder@1.1.1", + "dependsOn": [ + "jszip@3.10.1|safe-buffer@5.1.2" + ] + }, + { + "ref": "lie@3.3.0", + "dependsOn": [ + "immediate@3.0.6" + ] + }, + { + "ref": "immediate@3.0.6" + }, + { + "ref": "pako@1.0.11" + }, + { + "ref": "core-util-is@1.0.3" + }, + { + "ref": "isarray@1.0.0" + }, + { + "ref": "process-nextick-args@2.0.1" + }, + { + "ref": "setimmediate@1.0.5" + }, + { + "ref": "sax@1.2.1" + }, + { + "ref": "xmlbuilder@11.0.1" + }, + { + "ref": "zip-lib@1.0.4", + "dependsOn": [ + "yauzl@3.1.3", + "yazl@2.5.1" + ] + }, + { + "ref": "yauzl@3.1.3", + "dependsOn": [ + "buffer-crc32@0.2.13", + "pend@1.2.0" + ] + }, + { + "ref": "buffer-crc32@0.2.13" + }, + { + "ref": "pend@1.2.0" + }, + { + "ref": "yazl@2.5.1", + "dependsOn": [ + "buffer-crc32@0.2.13" + ] + } + ] + } } ] } diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index fb9cd5a2ea..161cd59834 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -82,7 +82,9 @@ export class SbomMapper extends BaseConverter { passthrough: { transformer: (data: Record): Record => { return { - auxiliary_data: [{name: '', data: _.omit([])}], //Insert service name and mapped fields to be removed + auxiliary_data: [ + {name: 'SBOM', data: _.omit(data, ['metadata', 'components'])} + ], ...(this.withRaw && {raw: data}) }; } From 05691263e0ac4de1c8a8fb016e227d1415695162 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 22 Jul 2024 13:25:06 -0400 Subject: [PATCH 07/61] Finished intermediary object generation Signed-off-by: Charles Hu --- apps/frontend/src/store/report_intake.ts | 4 +- .../sbom-dropwizard-vulns-hdf-withraw.json | 10170 +++++++++++----- .../sbom-dropwizard-vulns-hdf.json | 5017 ++++---- .../sbom_mapper/sbom-saf-hdf-withraw.json | 26 +- .../sbom_mapper/sbom-saf-hdf.json | 26 +- libs/hdf-converters/src/sbom-mapper.ts | 50 +- .../test/mappers/forward/sbom_mapper.spec.ts | 42 +- 7 files changed, 9361 insertions(+), 5974 deletions(-) diff --git a/apps/frontend/src/store/report_intake.ts b/apps/frontend/src/store/report_intake.ts index add8460d1e..aa3d85451a 100644 --- a/apps/frontend/src/store/report_intake.ts +++ b/apps/frontend/src/store/report_intake.ts @@ -23,7 +23,7 @@ import { NiktoMapper, PrismaMapper, SarifMapper, - SbomMapper, + SBOMResults, ScoutsuiteMapper, SnykResults, TwistlockResults, @@ -273,7 +273,7 @@ export class InspecIntake extends VuexModule { case INPUT_TYPES.GOSEC: return new GoSecMapper(convertOptions.data).toHdf(); case INPUT_TYPES.SBOM: - return new SbomMapper(convertOptions.data).toHdf(); + return new SBOMResults(convertOptions.data).toHdf(); default: return SnackbarModule.failure( `Invalid file uploaded (${filename}), no fingerprints matched.` diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index c20e73a8ea..1506e0e164 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -24,13 +24,12 @@ "status": "loaded", "controls": [ { - "key": "id", "tags": {}, "descriptions": [], "refs": [], "source_location": {}, "title": null, - "id": "", + "id": "GHSA-5mg8-w23w-74h3", "desc": null, "impact": 0, "code": null, @@ -38,3460 +37,2608 @@ { "status": "failed", "code_desc": "", - "message": null, + "message": "guava", "run_time": null, "start_time": "" } ] - } - ], - "sha256": "78430bb03191e135a55ada12974182bcb8bddc0fd6e07dc2f872211a13f42cff" - } - ], - "passthrough": { - "auxiliary_data": [ - { - "name": "SBOM", - "data": { - "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", - "version": 1, - "dependencies": [ - { - "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "dependsOn": [] - }, - { - "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", - "dependsOn": [] - }, - { - "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", - "dependsOn": [] - }, - { - "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", - "dependsOn": [] - }, + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-7g45-4rm6-3mm3", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "guava", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-5p34-5m6p-p58g", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", - "dependsOn": [ - "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", - "f09e69a1-54de-4e7b-802a-adda10a1c7be" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-27xj-rqx5-2255", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-58pp-9c76-5625", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-v3xw-c963-f5hc", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-h4rc-386g-6m85", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-9vvp-fxw6-jcxr", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-rf6r-2c4q-2vwg", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-758m-v56v-grj4", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-95cm-88f5-f2c7", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-c2q3-4qrh-fm48", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", - "dependsOn": [] - }, - { - "ref": "757cef7a-83f2-4973-832d-67849ca42b69", - "dependsOn": [] - }, - { - "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", - "dependsOn": [] - }, - { - "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-mc6h-4qgp-37qh", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-j823-4qch-3rgm", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-c265-37vj-cwcc", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-4w82-r329-3q67", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-rpr3-cw39-3pxh", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", - "dependsOn": [ - "dd4f3e68-5483-4177-9ee9-987774aea94f", - "4607f688-0845-494b-b2d4-9ee41c19d4f4", - "893beba4-580b-4ada-a4cf-067fbe145507", - "88a1ebea-4757-41a9-91cc-047c07fe0f94", - "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-fmmc-742q-jg75", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", - "dependsOn": [ - "55086fc5-4c36-45b5-9569-fdafa26e075d", - "757cef7a-83f2-4973-832d-67849ca42b69", - "93a8597b-e82a-4726-8e16-849d026f7b98" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-gjmw-vf9h-g25v", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", - "dependsOn": [ - "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", - "370d779c-d1ea-4d92-8e70-1ad325e94298", - "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "65c8e5ac-baa7-4b18-8320-b3742c7401ae", - "b692a425-dca6-4bed-af67-5855cb40dbcf", - "2a741bac-adc5-492c-a149-20cc8eee8cc8", - "881df936-411d-4bb3-b464-6edcf14c671c", - "ac21cab7-b535-4294-8a61-b10b62918666", - "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", - "1d12f487-9f6e-4658-98ad-395ce4475ad9", - "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "80b88754-8b78-4597-bc4f-47788add0031", - "1f037d99-8070-4b50-8260-1e8ef8765f8d", - "5978be79-e890-48b1-8f11-40416ee5bb61", - "5aed0617-3613-43e7-94d2-105b2af0b00d", - "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", - "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", - "96cf7115-b31d-4c98-bae2-952c601d3878" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-mx7p-6679-8g3q", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", - "dependsOn": [ - "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", - "daabc9e2-1ec3-4d10-9251-69ab9834b02a" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-q93h-jc49-78gg", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", - "dependsOn": [ - "ea1f023d-0390-4558-8696-dc8d566dd95e" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-p43x-xfjf-5jhr", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", - "dependsOn": [ - "58e68d03-5ae3-424e-a51b-822ceb9e8643", - "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", - "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", - "8c0378f7-4c0e-4ee3-849d-740b0035c371" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-h3cw-g4mq-c5x2", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-qjw2-hr98-qgfh", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-8w26-6f25-cm9x", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-m6x4-97wx-4q27", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-v585-23hc-c647", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-r695-7vr9-jgc2", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-vfqx-33qm-g869", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-f9xh-2qgp-cq57", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-cvm9-fjm9-3572", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-9gph-22xh-8x98", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-89qr-369f-5m5x", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-8c4j-34r4-xr8g", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-9m6f-7xcq-8vf8", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-5r5r-6hpj-8gg9", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-wh8g-3j2c-rqj5", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-r3gr-cxrf-hg25", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-jjjh-jjxp-wpff", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-5949-rw7g-wx7w", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-57j2-w4cx-62h2", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-288c-cq4h-88gq", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", - "dependsOn": [ - "55521fe9-aed2-403e-9df2-75fc5af90f54", - "f0e1d440-763b-4714-9bec-6bf081f12b9e", - "79b01257-3e61-49f7-8600-2042bde4702b", - "b4ca2dc7-9d68-4737-9afc-dea82759cd45" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-gww7-p5w4-wrfv", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", - "dependsOn": [ - "1a021b8e-d143-4072-84f0-0e18292f1967", - "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", - "6b5fc35d-b114-4455-aa14-0a67248ee6bd", - "cdd49ec5-1b07-46eb-be80-02048d7796ae", - "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "c2dbe746-304a-4e35-88f0-69943d701fe5", - "5694b066-2847-4855-8230-77e902b37502", - "4634319e-cca2-4c02-8372-222f43bd35ba", - "648c2811-d754-45aa-9160-8f018ab4aab9", - "8fb33937-22be-4bae-b750-c8e4dd1e28e4", - "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", - "85776385-c1af-42fa-a0ac-21ecf796742f" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-rgv9-q543-rqg4", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "881df936-411d-4bb3-b464-6edcf14c671c", - "dependsOn": [ - "aab91e2b-b26c-4248-9535-f3e8db0b0883", - "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", - "1b61648b-2106-4c86-ad10-79411c0ce338", - "ea950eb0-f271-4abc-a5dc-7c60fed3b586", - "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", - "82cd08db-9df5-488f-be94-6f3b554dfa9b", - "4e012695-d45a-4296-b37b-54a8b6893a50", - "71f396a0-0285-465e-8ce3-6eacb47be941", - "efb2d239-5a37-49aa-9995-47e7be07304a" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-fqwf-pjwf-7vqv", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", - "dependsOn": [ - "bd750137-b073-47d5-891a-e48c192cfcba", - "4e012695-d45a-4296-b37b-54a8b6893a50", - "423d6189-7ce4-4931-9c74-3b58517df601", - "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", - "c1abfd09-121f-418c-befa-4d6b9e164769" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-8jpx-m2wh-2v34", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", - "dependsOn": [ - "1a021b8e-d143-4072-84f0-0e18292f1967", - "4e012695-d45a-4296-b37b-54a8b6893a50", - "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" - ] - }, + "status": "failed", + "code_desc": "", + "message": "dropwizard-validation", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-3mcp-9wr4-cjqf", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", - "dependsOn": [ - "54f1226e-fb42-44e1-afb3-f5963e327f7c", - "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", - "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "6d8385bd-f9a9-4a97-9031-3a1c717209b7", - "2f225da8-8da3-429b-a014-effeea8c71eb", - "a309ae04-449e-4c6d-92cb-072fb307f9ad", - "e36cfe6c-5955-40dd-8f4f-09c43087ac53" - ] - }, + "status": "failed", + "code_desc": "", + "message": "dropwizard-validation", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-rvwf-54qp-4r6v", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-9w3m-gqgf-c4p9", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-w37g-rhq8-7m4j", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-c4r9-r8fh-9vj2", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-hhhw-99gj-p3c3", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-98wm-3w3q-mw94", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", - "dependsOn": [ - "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" - ] - }, + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-3mc7-4q67-w48m", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", - "dependsOn": [ - "ab3bfc00-8d35-4a4d-b314-86573681d910", - "36fc309f-d086-43d6-b660-5de275ee630f" - ] - }, + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-mjmj-j48q-9wg2", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", - "dependsOn": [ - "df3cc349-8f4d-4d7e-82ab-1309f17741d3" - ] - }, + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-668q-qrv7-99fm", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "ac21cab7-b535-4294-8a61-b10b62918666", - "dependsOn": [ - "cc245b84-5644-43ff-82a8-82d6ff6ce58a" - ] - }, + "status": "failed", + "code_desc": "", + "message": "logback-core", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-vmq6-5m68-f53m", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", - "dependsOn": [ - "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", - "94379ad3-19a6-4b21-a049-ca0b762d8c13" - ] - }, + "status": "failed", + "code_desc": "", + "message": "logback-core", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-m394-8rww-3jr7", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", - "dependsOn": [ - "7e266974-a702-488c-99f6-258ccf14f0f3" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-m6cp-vxjx-65j6", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "dependsOn": [ - "0d0caea7-65ca-4504-b50a-80e480879f5f", - "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", - "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-26vr-8j45-3r4w", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", - "dependsOn": [ - "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-p26g-97m4-6q7c", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", - "dependsOn": [ - "d6394138-9591-4141-9a76-4c3082ff2ed4", - "5b865504-bea5-4b92-ae5e-46553e01093c" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-qw69-rqj8-6qw8", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", - "dependsOn": [ - "ebf5150b-055e-45d4-82e5-eebc38ffea70" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-86wm-rrjm-8wh8", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-cj7v-27pg-wf7q", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-http", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-hmr7-m48g-48f6", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-http", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-g3wg-6mcf-8jj6", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", - "dependsOn": [ - "fba3b85d-fb95-43d0-b534-0fc515cc831c", - "aa9df662-3606-433f-abf6-8d2ba8dbed4a", - "026156fa-3bff-4bbd-894a-36d1b3be8f3d", - "da25e363-473d-4f84-9f46-8e09c7ec7c28" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-webapp", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-58qw-p7qm-5rvh", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-xml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-gwcr-j4wh-j3cq", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-servlets", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-3gh6-v5v9-6v9j", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-servlets", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-269g-pwp5-87pp", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", - "dependsOn": [ - "bc3daea8-1de6-4319-b0fa-c36672bfae58", - "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", - "f09e69a1-54de-4e7b-802a-adda10a1c7be", - "b8d1f31a-736f-4134-9f3b-b5b85376c82e", - "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", - "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", - "627bb70b-4b85-4801-8239-f03de04ca5db", - "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" - ] - }, + "status": "failed", + "code_desc": "", + "message": "junit", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "INT-f70z-tbpp-4o5d", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "byte-buddy", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "INT-63e3-49kp-blqt", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", - "dependsOn": [ - "c454f700-0d16-4956-a210-03d9073b6d12", - "a34a6a71-d883-47b3-b6eb-e87238cffb51", - "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" - ] - }, + "status": "failed", + "code_desc": "", + "message": "byte-buddy", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-j8jw-g6fq-mp7h", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", - "dependsOn": [ - "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", - "517c6455-0a2e-4e78-8d4b-88837bb5244c" - ] - }, + "status": "failed", + "code_desc": "", + "message": "hibernate-core", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-8grg-q944-cch5", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "hibernate-core", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-hwj3-m3p6-hj38", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "dom4j", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-7r82-7xv7-xcpj", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", - "dependsOn": [ - "d2a5e2bf-ead6-4768-866a-385166eb6709" - ] - }, + "status": "failed", + "code_desc": "", + "message": "httpclient", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-jvfv-hrrc-6q72", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "liquibase-core", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-wgmr-mf83-7x4j", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", - "dependsOn": [ - "f4a06b14-3945-4381-b3dd-b46407b02b6b" - ] - }, + "status": "failed", + "code_desc": "", + "message": "http2-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-qppj-fm5r-hxr3", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "893beba4-580b-4ada-a4cf-067fbe145507", - "dependsOn": [ - "1a5b616d-beeb-422e-aa26-63a8a4181c4e", - "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" - ] - }, + "status": "failed", + "code_desc": "", + "message": "http2-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-rggv-cv7r-mw98", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "http2-common", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-wgh7-54f2-x98r", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "http2-hpack", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-w4g2-9hj6-5472", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "amqp-client", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-mm8h-8587-p46h", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "amqp-client", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-h376-j262-vhq6", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "h2", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-45hx-wfhj-473x", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", - "dependsOn": [ - "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - ] - }, + "status": "failed", + "code_desc": "", + "message": "h2", + "run_time": null, + "start_time": "" + } + ] + } + ], + "sha256": "c04e3b5461a7a25a9bdf3c3cc3e1f7c57fca676fdd12e4ac31072df9e64fae61" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", + "version": 1, + "dependencies": [ { - "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", "dependsOn": [] }, { - "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", - "dependsOn": [ - "6b5fc35d-b114-4455-aa14-0a67248ee6bd", - "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - ] - }, - { - "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", "dependsOn": [] }, { - "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", "dependsOn": [] }, { - "ref": "5694b066-2847-4855-8230-77e902b37502", + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", "dependsOn": [] }, { - "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", "dependsOn": [] }, { - "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", "dependsOn": [ - "014723b6-3b73-414b-a760-da7bb1ab988d", - "7a6724fd-3628-46d2-8de5-9059e6ec494c" + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" ] }, { - "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", - "dependsOn": [] - }, - { - "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", - "dependsOn": [] - }, - { - "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", "dependsOn": [] }, { - "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", "dependsOn": [] }, { - "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", "dependsOn": [] }, { - "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", "dependsOn": [] }, { - "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", "dependsOn": [] }, { - "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", "dependsOn": [] }, { - "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", "dependsOn": [] }, { - "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", "dependsOn": [] }, { - "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", "dependsOn": [] }, { - "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", "dependsOn": [] }, { - "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", "dependsOn": [] }, { - "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", "dependsOn": [] }, { - "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", - "dependsOn": [ - "7176887b-3e41-4f10-9d29-26ec573e2c49", - "85776385-c1af-42fa-a0ac-21ecf796742f", - "c9381862-0cc8-48d6-9b97-82f00d12cdb7" - ] - }, - { - "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", - "dependsOn": [ - "1a021b8e-d143-4072-84f0-0e18292f1967" - ] - }, - { - "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", - "dependsOn": [ - "7e266974-a702-488c-99f6-258ccf14f0f3" - ] - }, - { - "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", "dependsOn": [] }, { - "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", "dependsOn": [] }, { - "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", "dependsOn": [] }, { - "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", "dependsOn": [] }, { - "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", "dependsOn": [ - "f72b7435-4703-4eea-8a0e-b7991aaa5565", - "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" ] }, { - "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", "dependsOn": [ - "ad836327-5c0c-495e-bb92-9e17bda31d81" + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" ] }, { - "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", - "dependsOn": [] - }, - { - "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", - "dependsOn": [] - }, - { - "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", - "dependsOn": [] - }, - { - "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", "dependsOn": [ - "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", - "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" ] }, { - "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", - "dependsOn": [] - }, - { - "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", - "dependsOn": [] - }, - { - "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", "dependsOn": [ - "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", - "dd4f3e68-5483-4177-9ee9-987774aea94f", - "837f075b-d753-4d9e-a827-1d9f9f5e08b3", - "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", - "856bdbf0-98a8-4f05-950b-f6603c23a8c6", - "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", - "8dc0d897-c489-493c-a4b6-c5384d663c85", - "cce11866-0e96-4a46-9b49-dbee3ab30c8b", - "c454f700-0d16-4956-a210-03d9073b6d12" + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" ] }, { - "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", "dependsOn": [ - "ad836327-5c0c-495e-bb92-9e17bda31d81" + "ea1f023d-0390-4558-8696-dc8d566dd95e" ] }, { - "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", "dependsOn": [ - "60844efd-9e68-4684-adf6-b7cc9e09a53b", - "aab91e2b-b26c-4248-9535-f3e8db0b0883", - "dd4f3e68-5483-4177-9ee9-987774aea94f" + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" ] }, { - "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", - "dependsOn": [] - }, - { - "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", - "dependsOn": [] - }, - { - "ref": "79b01257-3e61-49f7-8600-2042bde4702b", - "dependsOn": [] - }, - { - "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", - "dependsOn": [] - }, - { - "ref": "50a898e1-523d-4041-9250-b25394071a77", - "dependsOn": [] - }, - { - "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", - "dependsOn": [] - }, - { - "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", - "dependsOn": [] - }, - { - "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", - "dependsOn": [] - }, - { - "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", - "dependsOn": [] - }, - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", "dependsOn": [ - "25416803-852c-4475-bf84-2bf849ea6a56", - "c1abfd09-121f-418c-befa-4d6b9e164769", - "be69e2b9-e673-42a8-98f1-e6d3be74c272" + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" ] }, { - "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", "dependsOn": [ - "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" ] }, { - "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", "dependsOn": [ - "efb2d239-5a37-49aa-9995-47e7be07304a" - ] - }, - { - "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", - "dependsOn": [] - }, - { - "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", - "dependsOn": [] + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] }, { - "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", "dependsOn": [ - "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", - "423d6189-7ce4-4931-9c74-3b58517df601" + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" ] }, { - "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", - "dependsOn": [] + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] }, { - "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", "dependsOn": [ - "186eb402-6ab8-417c-8bbb-4032f9722383", - "7b1c11dd-7462-451d-a5b1-0fbd56708727" + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" ] }, { - "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", "dependsOn": [] }, { - "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", - "dependsOn": [] + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] }, { - "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", - "dependsOn": [] + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] }, { - "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", - "dependsOn": [] + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] }, { - "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", - "dependsOn": [] + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] }, { - "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", "dependsOn": [ - "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" ] }, { - "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", - "dependsOn": [] + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] }, { - "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", "dependsOn": [ - "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", - "a0e7d3ee-2d51-4a08-a013-5b75b697edec", - "7a60c1f8-0819-4133-aa05-ece823ae5494" + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" ] }, { - "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", - "dependsOn": [] + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] }, { - "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", "dependsOn": [ - "33155de6-f8f2-48a7-ab80-19d8641794bf", - "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" ] }, { - "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", "dependsOn": [ - "85776385-c1af-42fa-a0ac-21ecf796742f", - "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + "ebf5150b-055e-45d4-82e5-eebc38ffea70" ] }, { - "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", "dependsOn": [] }, { - "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", "dependsOn": [] }, { - "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", "dependsOn": [] }, { - "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", - "dependsOn": [] + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] }, { - "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", "dependsOn": [] }, { - "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", "dependsOn": [] }, { - "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", "dependsOn": [] }, { - "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", "dependsOn": [ - "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" ] }, { - "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", - "dependsOn": [] - }, - { - "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", "dependsOn": [] }, { - "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e" - ] - }, - { - "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "cc245b84-5644-43ff-82a8-82d6ff6ce58a" - ] - }, - { - "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" ] }, { - "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e" + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" ] }, { - "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", - "dependsOn": [] - }, - { - "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", "dependsOn": [] }, { - "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", "dependsOn": [] }, { - "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e" - ] - }, - { - "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", "dependsOn": [ - "9c03efc2-c106-4191-980f-b91376b5ab06", - "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + "d2a5e2bf-ead6-4768-866a-385166eb6709" ] }, { - "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", "dependsOn": [] }, { - "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", "dependsOn": [ - "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "91658b5a-2478-4653-a3e4-f62c4f58f87b" + "f4a06b14-3945-4381-b3dd-b46407b02b6b" ] }, { - "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", - "dependsOn": [] - }, - { - "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", - "dependsOn": [] + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] }, { - "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", "dependsOn": [] }, { - "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", "dependsOn": [] }, { - "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", "dependsOn": [] }, { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", "dependsOn": [] }, { - "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", "dependsOn": [] }, { - "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", "dependsOn": [ - "13aba3db-12c7-44d2-895d-130d2897e460" + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" ] }, { - "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", "dependsOn": [] }, { - "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", "dependsOn": [ - "3affcf84-19c7-4ac3-91f9-b08980969391" + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" ] }, { - "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", "dependsOn": [] }, { - "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", "dependsOn": [] - } - ], - "vulnerabilities": [ - { - "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", - "id": "GHSA-5mg8-w23w-74h3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 173, - 200, - 378, - 732 - ], - "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", - "published": "2021-03-25T17:04:19Z", - "updated": "2023-11-09T18:44:38Z", - "affects": [ - { - "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" - } - ] }, { - "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", - "id": "GHSA-7g45-4rm6-3mm3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 379, - 552 - ], - "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", - "published": "2023-06-14T18:30:38Z", - "updated": "2024-02-13T21:49:15Z", - "affects": [ - { - "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" - } - ] + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] }, { - "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", - "id": "GHSA-5p34-5m6p-p58g", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", - "published": "2020-04-23T21:08:40Z", - "updated": "2023-02-01T05:02:59Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] }, { - "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", - "id": "GHSA-27xj-rqx5-2255", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", - "published": "2020-05-15T18:58:44Z", - "updated": "2023-02-01T05:02:59Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" ] }, { - "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", - "id": "GHSA-58pp-9c76-5625", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", - "published": "2020-06-10T21:12:41Z", - "updated": "2023-02-01T05:03:03Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] }, { - "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", - "id": "GHSA-v3xw-c963-f5hc", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", - "published": "2020-05-15T18:58:50Z", - "updated": "2023-02-01T05:03:05Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] }, { - "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", - "id": "GHSA-h4rc-386g-6m85", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", - "published": "2020-04-23T20:19:02Z", - "updated": "2024-03-15T00:41:35Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] }, { - "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", - "id": "GHSA-9vvp-fxw6-jcxr", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", - "published": "2020-05-15T18:58:47Z", - "updated": "2024-03-15T00:48:55Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] }, { - "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", - "id": "GHSA-rf6r-2c4q-2vwg", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", - "published": "2020-05-15T18:58:54Z", - "updated": "2024-03-15T00:50:18Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] }, { - "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", - "id": "GHSA-758m-v56v-grj4", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", - "published": "2020-04-23T21:36:03Z", - "updated": "2024-06-25T13:46:45Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] }, { - "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", - "id": "GHSA-95cm-88f5-f2c7", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", - "published": "2020-04-23T16:32:59Z", - "updated": "2024-07-03T21:10:50Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] }, { - "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", - "id": "GHSA-c2q3-4qrh-fm48", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", - "published": "2020-06-18T14:44:50Z", - "updated": "2023-02-01T05:04:14Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] }, { - "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", - "id": "GHSA-mc6h-4qgp-37qh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", - "published": "2020-06-18T14:44:43Z", - "updated": "2024-03-15T00:37:17Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] }, { - "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", - "id": "GHSA-j823-4qch-3rgm", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", - "published": "2020-06-18T14:44:46Z", - "updated": "2024-03-15T00:39:55Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] }, { - "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", - "id": "GHSA-c265-37vj-cwcc", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", - "published": "2020-06-18T14:44:48Z", - "updated": "2024-06-25T13:46:04Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] }, { - "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", - "id": "GHSA-4w82-r329-3q67", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", - "published": "2020-03-04T20:52:14Z", - "updated": "2023-06-08T19:02:12Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] }, { - "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", - "id": "GHSA-rpr3-cw39-3pxh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", - "published": "2022-07-15T19:41:47Z", - "updated": "2023-08-18T15:45:27Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] }, { - "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", - "id": "GHSA-fmmc-742q-jg75", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", - "published": "2019-11-13T00:32:27Z", - "updated": "2023-09-14T14:55:20Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] }, { - "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", - "id": "GHSA-gjmw-vf9h-g25v", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", - "published": "2019-11-13T00:32:38Z", - "updated": "2023-09-14T14:55:25Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" ] }, { - "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", - "id": "GHSA-mx7p-6679-8g3q", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", - "published": "2019-10-28T20:51:15Z", - "updated": "2024-03-15T00:57:37Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" ] }, { - "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", - "id": "GHSA-q93h-jc49-78gg", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", - "published": "2020-05-15T18:59:10Z", - "updated": "2023-09-14T15:09:40Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" ] }, { - "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", - "id": "GHSA-p43x-xfjf-5jhr", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", - "published": "2020-05-15T18:59:01Z", - "updated": "2024-03-15T00:20:09Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] }, { - "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", - "id": "GHSA-h3cw-g4mq-c5x2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 94, - 502 - ], - "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", - "published": "2021-12-09T19:14:51Z", - "updated": "2023-09-14T15:44:55Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] }, { - "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", - "id": "GHSA-qjw2-hr98-qgfh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", - "published": "2021-12-09T19:15:36Z", - "updated": "2023-09-14T15:47:50Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] }, { - "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", - "id": "GHSA-8w26-6f25-cm9x", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", - "published": "2021-12-09T19:16:02Z", - "updated": "2023-09-14T15:52:49Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" ] }, { - "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", - "id": "GHSA-m6x4-97wx-4q27", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", - "published": "2021-12-09T19:16:26Z", - "updated": "2023-09-14T15:53:30Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" ] }, { - "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", - "id": "GHSA-v585-23hc-c647", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", - "published": "2021-11-19T20:13:06Z", - "updated": "2023-09-14T15:59:33Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] }, { - "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", - "id": "GHSA-r695-7vr9-jgc2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", - "published": "2021-12-09T19:16:51Z", - "updated": "2023-09-14T16:01:31Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] }, { - "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", - "id": "GHSA-vfqx-33qm-g869", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", - "published": "2021-12-09T19:16:59Z", - "updated": "2023-09-14T16:04:22Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] }, { - "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", - "id": "GHSA-f9xh-2qgp-cq57", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", - "published": "2021-12-09T19:16:42Z", - "updated": "2023-09-14T16:04:22Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" ] }, { - "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", - "id": "GHSA-cvm9-fjm9-3572", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "published": "2021-12-09T19:16:10Z", - "updated": "2023-09-14T16:07:00Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] }, { - "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", - "id": "GHSA-9gph-22xh-8x98", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "published": "2021-12-09T19:15:54Z", - "updated": "2023-09-14T16:07:40Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] }, { - "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", - "id": "GHSA-89qr-369f-5m5x", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "published": "2021-12-09T19:15:46Z", - "updated": "2023-09-14T16:08:37Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" ] }, { - "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", - "id": "GHSA-8c4j-34r4-xr8g", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "published": "2021-12-09T19:16:18Z", - "updated": "2023-09-14T16:13:01Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" ] }, { - "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", - "id": "GHSA-9m6f-7xcq-8vf8", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", - "published": "2021-12-09T19:16:34Z", - "updated": "2023-09-14T16:15:44Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" ] }, { - "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", - "id": "GHSA-5r5r-6hpj-8gg9", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", - "published": "2021-12-09T19:15:24Z", - "updated": "2023-11-21T11:40:53Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] }, { - "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", - "id": "GHSA-wh8g-3j2c-rqj5", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", - "published": "2021-12-09T19:15:00Z", - "updated": "2024-03-15T00:28:08Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] }, { - "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", - "id": "GHSA-r3gr-cxrf-hg25", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502, - 913 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", - "published": "2021-12-09T19:15:11Z", - "updated": "2024-06-25T13:47:23Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] }, { - "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", - "id": "GHSA-jjjh-jjxp-wpff", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 502 - ], - "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", - "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-15T00:14:44Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] }, { - "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", - "id": "GHSA-5949-rw7g-wx7w", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", - "published": "2021-01-20T21:20:15Z", - "updated": "2024-03-15T00:16:04Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] }, { - "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", - "id": "GHSA-57j2-w4cx-62h2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 787 - ], - "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", - "published": "2022-03-12T00:00:36Z", - "updated": "2024-03-15T00:24:56Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] }, { - "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", - "id": "GHSA-288c-cq4h-88gq", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", - "published": "2021-02-18T20:51:54Z", - "updated": "2024-03-15T00:31:24Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" ] }, { - "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", - "id": "GHSA-gww7-p5w4-wrfv", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", - "published": "2020-03-04T20:52:11Z", - "updated": "2024-03-15T00:52:59Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" ] }, { - "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", - "id": "GHSA-rgv9-q543-rqg4", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 502 - ], - "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", - "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-24T05:01:05Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" ] }, { - "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", - "id": "GHSA-fqwf-pjwf-7vqv", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", - "published": "2020-05-15T18:59:04Z", - "updated": "2024-07-03T21:10:31Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] }, { - "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", - "id": "GHSA-8jpx-m2wh-2v34", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 74 - ], - "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "published": "2020-04-10T18:42:20Z", - "updated": "2023-01-09T05:02:18Z", - "affects": [ - { - "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" - } - ] + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] }, { - "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", - "id": "GHSA-3mcp-9wr4-cjqf", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 74 - ], - "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "published": "2020-02-24T17:27:27Z", - "updated": "2024-06-05T16:42:03Z", - "affects": [ - { - "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" - } + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" ] }, { - "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", - "id": "GHSA-rvwf-54qp-4r6v", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 776 - ], - "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", - "published": "2021-06-04T21:37:45Z", - "updated": "2023-05-22T20:17:58Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ] + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] }, { - "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", - "id": "GHSA-9w3m-gqgf-c4p9", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" ] }, { - "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", - "id": "GHSA-w37g-rhq8-7m4j", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", - "published": "2022-11-11T19:00:31Z", - "updated": "2024-06-21T21:33:52Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ] + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] }, { - "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", - "id": "GHSA-c4r9-r8fh-9vj2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ] + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] }, { - "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", - "id": "GHSA-hhhw-99gj-p3c3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ] + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] }, { - "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", - "id": "GHSA-98wm-3w3q-mw94", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ] + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] }, { - "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", - "id": "GHSA-3mc7-4q67-w48m", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 776 - ], - "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", - "published": "2022-08-31T00:00:24Z", - "updated": "2024-03-15T19:06:46Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ] + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] }, { - "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", - "id": "GHSA-mjmj-j48q-9wg2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 20, - 502 - ], - "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", - "published": "2022-12-12T21:19:47Z", - "updated": "2024-06-24T21:22:59Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" ] }, { - "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", - "id": "GHSA-668q-qrv7-99fm", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", - "published": "2021-12-17T20:00:50Z", - "updated": "2023-01-30T05:04:55Z", - "affects": [ - { - "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" - } - ] + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] }, { - "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", - "id": "GHSA-vmq6-5m68-f53m", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "published": "2023-11-29T12:30:16Z", - "updated": "2023-12-05T21:31:13Z", - "affects": [ - { - "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" - } + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" ] }, { - "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", - "id": "GHSA-vmq6-5m68-f53m", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "published": "2023-11-29T12:30:16Z", - "updated": "2023-12-05T21:31:13Z", - "affects": [ - { - "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" - } - ] + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] }, { - "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", - "id": "GHSA-m394-8rww-3jr7", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", - "published": "2021-03-10T03:46:47Z", - "updated": "2023-02-01T05:05:09Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" ] }, { - "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", - "id": "GHSA-m6cp-vxjx-65j6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 613 - ], - "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", - "published": "2021-06-23T20:23:04Z", - "updated": "2023-02-01T05:05:59Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" ] }, { - "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", - "id": "GHSA-26vr-8j45-3r4w", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 551, - 755 - ], - "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", - "published": "2021-04-06T17:31:30Z", - "updated": "2023-09-26T11:11:47Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ] + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] }, { - "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", - "id": "GHSA-p26g-97m4-6q7c", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 200 - ], - "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", - "published": "2023-04-18T22:19:57Z", - "updated": "2023-11-06T05:01:53Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ] + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] }, { - "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", - "id": "GHSA-qw69-rqj8-6qw8", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400, - 770 - ], - "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", - "published": "2023-04-19T18:15:45Z", - "updated": "2023-11-06T05:02:06Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ] + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] }, { - "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", - "id": "GHSA-86wm-rrjm-8wh8", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 226 - ], - "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", - "published": "2020-12-02T18:28:18Z", - "updated": "2024-02-21T17:23:14Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ] + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] }, { - "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", - "id": "GHSA-cj7v-27pg-wf7q", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 20 - ], - "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "published": "2022-07-07T20:55:34Z", - "updated": "2023-01-29T05:06:01Z", - "affects": [ - { - "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" - } - ] + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] }, { - "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", - "id": "GHSA-hmr7-m48g-48f6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 130 - ], - "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", - "published": "2023-09-14T16:17:27Z", - "updated": "2023-11-06T05:01:59Z", - "affects": [ - { - "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" - } - ] + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] }, { - "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", - "id": "GHSA-g3wg-6mcf-8jj6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 378, - 379, - 552 - ], - "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", - "published": "2020-11-04T17:50:24Z", - "updated": "2023-11-27T23:07:53Z", - "affects": [ - { - "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" - } - ] + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] }, { - "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", - "id": "GHSA-58qw-p7qm-5rvh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", - "published": "2023-07-10T21:52:39Z", - "updated": "2023-09-05T22:39:32Z", - "affects": [ - { - "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" - } + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" ] }, { - "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", - "id": "GHSA-gwcr-j4wh-j3cq", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 200 - ], - "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", - "published": "2021-06-10T15:43:22Z", - "updated": "2023-02-01T05:05:51Z", - "affects": [ - { - "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" - } - ] + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] }, { - "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", - "id": "GHSA-3gh6-v5v9-6v9j", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 149 - ], - "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", - "published": "2023-09-14T16:16:00Z", - "updated": "2023-11-06T05:01:59Z", - "affects": [ - { - "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" - } - ] + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] }, { - "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", - "id": "GHSA-269g-pwp5-87pp", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 200, - 732 - ], - "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", - "published": "2020-10-12T17:33:00Z", - "updated": "2023-02-01T05:04:50Z", - "affects": [ - { - "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" - } + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" ] }, { - "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", - "id": "INT-f70z-tbpp-4o5d", - "source": { - "name": "INTERNAL" - }, - "ratings": [ - { - "source": { - "name": "INTERNAL" - }, - "severity": "high", - "method": "other" - } - ], - "affects": [ - { - "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" - } + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" ] }, { - "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", - "id": "INT-63e3-49kp-blqt", - "source": { - "name": "INTERNAL" - }, - "ratings": [ - { - "source": { - "name": "INTERNAL" - }, - "severity": "low", - "method": "other" - } - ], - "description": "testing", - "affects": [ - { - "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" - } + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" ] }, { - "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", - "id": "GHSA-j8jw-g6fq-mp7h", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 89 - ], - "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", - "published": "2022-02-09T22:57:29Z", - "updated": "2024-06-27T16:39:59Z", - "affects": [ - { - "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" - } + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" ] }, { - "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", - "id": "GHSA-8grg-q944-cch5", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 89 - ], - "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", - "published": "2022-02-10T23:05:04Z", - "updated": "2024-06-27T18:05:49Z", - "affects": [ - { - "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" - } + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" ] }, { - "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", - "id": "GHSA-hwj3-m3p6-hj38", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", - "published": "2020-06-05T16:13:36Z", - "updated": "2023-01-27T05:02:30Z", - "affects": [ - { - "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" - } + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" ] }, { - "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", - "id": "GHSA-7r82-7xv7-xcpj", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 79 - ], - "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", - "published": "2021-06-03T23:40:23Z", - "updated": "2023-02-01T05:05:30Z", - "affects": [ - { - "ref": "893beba4-580b-4ada-a4cf-067fbe145507" - } + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" ] }, { - "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", - "id": "GHSA-jvfv-hrrc-6q72", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", - "published": "2022-03-05T00:00:45Z", - "updated": "2023-01-27T05:02:46Z", - "affects": [ - { - "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" - } - ] + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] }, { - "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", - "id": "GHSA-wgmr-mf83-7x4j", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 410 - ], - "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "published": "2022-07-07T20:55:40Z", - "updated": "2023-07-24T19:39:20Z", - "affects": [ - { - "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" - } - ] + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] }, { - "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", - "id": "GHSA-qppj-fm5r-hxr3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", - "published": "2023-10-10T21:28:24Z", - "updated": "2024-06-21T21:34:00Z", - "affects": [ - { - "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" - } - ] + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] }, { - "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", - "id": "GHSA-rggv-cv7r-mw98", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", - "published": "2024-02-26T20:13:46Z", - "updated": "2024-05-02T18:38:19Z", - "affects": [ - { - "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" - } - ] + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] }, { - "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", - "id": "GHSA-qppj-fm5r-hxr3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", - "published": "2023-10-10T21:28:24Z", - "updated": "2024-06-21T21:34:00Z", - "affects": [ - { - "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" - } - ] + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] }, { - "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", - "id": "GHSA-wgh7-54f2-x98r", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 190 - ], - "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", - "published": "2023-10-10T21:16:23Z", - "updated": "2024-06-21T21:33:57Z", - "affects": [ - { - "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" - } + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" ] }, { - "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", - "id": "GHSA-w4g2-9hj6-5472", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 295 - ], - "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", - "published": "2018-10-18T18:06:08Z", - "updated": "2023-01-09T05:03:38Z", - "affects": [ - { - "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" - } - ] + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] }, { - "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", - "id": "GHSA-mm8h-8587-p46h", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", - "published": "2023-10-24T01:49:09Z", - "updated": "2023-11-05T05:04:23Z", - "affects": [ - { - "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" - } + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" ] }, { - "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", - "id": "GHSA-h376-j262-vhq6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", - "published": "2022-01-06T23:55:09Z", - "updated": "2023-02-25T00:31:20Z", - "affects": [ - { - "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" - } - ] + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] }, { - "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", - "id": "GHSA-45hx-wfhj-473x", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 88 - ], - "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", - "published": "2022-01-21T23:07:39Z", - "updated": "2023-08-18T15:47:05Z", - "affects": [ - { - "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" - } - ] + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] } ] } @@ -13570,6 +12717,68 @@ { "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13600,6 +12809,68 @@ { "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13629,6 +12900,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13658,6 +12987,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13687,6 +13074,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13716,6 +13161,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13745,6 +13248,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13774,6 +13335,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13803,6 +13422,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13832,6 +13509,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13861,6 +13596,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13890,6 +13683,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13919,6 +13770,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13948,6 +13857,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -13977,6 +13944,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14006,6 +14031,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14035,6 +14118,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14064,6 +14205,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14093,6 +14292,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14122,6 +14379,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14151,6 +14466,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14180,6 +14553,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14210,6 +14641,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14239,6 +14728,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14268,6 +14815,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14297,6 +14902,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14326,6 +14989,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14355,6 +15076,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14384,6 +15163,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14413,6 +15250,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14442,6 +15337,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14471,6 +15424,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14500,6 +15511,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14529,6 +15598,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14558,6 +15685,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14587,6 +15772,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14616,6 +15859,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14646,6 +15947,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14676,6 +16035,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14705,6 +16122,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14734,6 +16209,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14763,6 +16296,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14792,6 +16383,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14822,6 +16471,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14851,6 +16558,64 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } ] }, { @@ -14880,6 +16645,42 @@ { "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + } ] }, { @@ -14909,6 +16710,42 @@ { "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + } ] }, { @@ -14938,6 +16775,60 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } ] }, { @@ -14968,6 +16859,60 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } ] }, { @@ -14998,6 +16943,60 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } ] }, { @@ -15028,6 +17027,60 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } ] }, { @@ -15058,6 +17111,60 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } ] }, { @@ -15088,6 +17195,60 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } ] }, { @@ -15118,6 +17279,60 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } ] }, { @@ -15148,6 +17363,60 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } ] }, { @@ -15177,6 +17446,65 @@ { "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + } ] }, { @@ -15206,6 +17534,65 @@ { "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + } ] }, { @@ -15235,6 +17622,65 @@ { "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + } ] }, { @@ -15264,6 +17710,72 @@ { "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15293,6 +17805,72 @@ { "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15324,6 +17902,72 @@ { "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15351,7 +17995,73 @@ "updated": "2023-11-06T05:01:53Z", "affects": [ { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] } ] }, @@ -15383,6 +18093,72 @@ { "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15412,6 +18188,72 @@ { "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15441,6 +18283,72 @@ { "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15470,6 +18378,72 @@ { "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15501,6 +18475,72 @@ { "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15530,6 +18570,72 @@ { "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15559,6 +18665,72 @@ { "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15588,6 +18760,72 @@ { "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15618,6 +18856,77 @@ { "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + } ] }, { @@ -15639,6 +18948,60 @@ { "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + } ] }, { @@ -15661,6 +19024,60 @@ { "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + } ] }, { @@ -15690,6 +19107,65 @@ { "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + } ] }, { @@ -15719,6 +19195,65 @@ { "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + } ] }, { @@ -15748,6 +19283,51 @@ { "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + } ] }, { @@ -15777,6 +19357,68 @@ { "ref": "893beba4-580b-4ada-a4cf-067fbe145507" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + } ] }, { @@ -15806,6 +19448,68 @@ { "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + } ] }, { @@ -15836,6 +19540,72 @@ { "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15865,6 +19635,72 @@ { "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15894,6 +19730,72 @@ { "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15923,6 +19825,72 @@ { "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15952,6 +19920,72 @@ { "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } ] }, { @@ -15981,6 +20015,60 @@ { "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + } ] }, { @@ -16010,6 +20098,60 @@ { "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + } ] }, { @@ -16039,6 +20181,57 @@ { "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + } ] }, { @@ -16068,6 +20261,57 @@ { "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + } ] } ] diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index cd8dc94dd2..5f26d36a77 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -24,13 +24,12 @@ "status": "loaded", "controls": [ { - "key": "id", "tags": {}, "descriptions": [], "refs": [], "source_location": {}, "title": null, - "id": "", + "id": "GHSA-5mg8-w23w-74h3", "desc": null, "impact": 0, "code": null, @@ -38,3460 +37,2608 @@ { "status": "failed", "code_desc": "", - "message": null, + "message": "guava", "run_time": null, "start_time": "" } ] - } - ], - "sha256": "78430bb03191e135a55ada12974182bcb8bddc0fd6e07dc2f872211a13f42cff" - } - ], - "passthrough": { - "auxiliary_data": [ - { - "name": "SBOM", - "data": { - "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", - "version": 1, - "dependencies": [ + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-7g45-4rm6-3mm3", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "guava", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-5p34-5m6p-p58g", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-27xj-rqx5-2255", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-58pp-9c76-5625", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-v3xw-c963-f5hc", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-h4rc-386g-6m85", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", - "dependsOn": [ - "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", - "f09e69a1-54de-4e7b-802a-adda10a1c7be" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-9vvp-fxw6-jcxr", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-rf6r-2c4q-2vwg", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-758m-v56v-grj4", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-95cm-88f5-f2c7", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-c2q3-4qrh-fm48", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-mc6h-4qgp-37qh", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-j823-4qch-3rgm", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-c265-37vj-cwcc", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-4w82-r329-3q67", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-rpr3-cw39-3pxh", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "757cef7a-83f2-4973-832d-67849ca42b69", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-fmmc-742q-jg75", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-gjmw-vf9h-g25v", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-mx7p-6679-8g3q", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-q93h-jc49-78gg", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-p43x-xfjf-5jhr", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-h3cw-g4mq-c5x2", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-qjw2-hr98-qgfh", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", - "dependsOn": [ - "dd4f3e68-5483-4177-9ee9-987774aea94f", - "4607f688-0845-494b-b2d4-9ee41c19d4f4", - "893beba4-580b-4ada-a4cf-067fbe145507", - "88a1ebea-4757-41a9-91cc-047c07fe0f94", - "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-8w26-6f25-cm9x", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", - "dependsOn": [ - "55086fc5-4c36-45b5-9569-fdafa26e075d", - "757cef7a-83f2-4973-832d-67849ca42b69", - "93a8597b-e82a-4726-8e16-849d026f7b98" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-m6x4-97wx-4q27", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", - "dependsOn": [ - "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", - "370d779c-d1ea-4d92-8e70-1ad325e94298", - "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "65c8e5ac-baa7-4b18-8320-b3742c7401ae", - "b692a425-dca6-4bed-af67-5855cb40dbcf", - "2a741bac-adc5-492c-a149-20cc8eee8cc8", - "881df936-411d-4bb3-b464-6edcf14c671c", - "ac21cab7-b535-4294-8a61-b10b62918666", - "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", - "1d12f487-9f6e-4658-98ad-395ce4475ad9", - "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "80b88754-8b78-4597-bc4f-47788add0031", - "1f037d99-8070-4b50-8260-1e8ef8765f8d", - "5978be79-e890-48b1-8f11-40416ee5bb61", - "5aed0617-3613-43e7-94d2-105b2af0b00d", - "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", - "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", - "96cf7115-b31d-4c98-bae2-952c601d3878" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-v585-23hc-c647", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", - "dependsOn": [ - "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", - "daabc9e2-1ec3-4d10-9251-69ab9834b02a" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-r695-7vr9-jgc2", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", - "dependsOn": [ - "ea1f023d-0390-4558-8696-dc8d566dd95e" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-vfqx-33qm-g869", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", - "dependsOn": [ - "58e68d03-5ae3-424e-a51b-822ceb9e8643", - "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", - "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", - "8c0378f7-4c0e-4ee3-849d-740b0035c371" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-f9xh-2qgp-cq57", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-cvm9-fjm9-3572", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-9gph-22xh-8x98", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-89qr-369f-5m5x", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-8c4j-34r4-xr8g", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-9m6f-7xcq-8vf8", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-5r5r-6hpj-8gg9", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-wh8g-3j2c-rqj5", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-r3gr-cxrf-hg25", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-jjjh-jjxp-wpff", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-5949-rw7g-wx7w", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-57j2-w4cx-62h2", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-288c-cq4h-88gq", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-gww7-p5w4-wrfv", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-rgv9-q543-rqg4", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-fqwf-pjwf-7vqv", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "jackson-databind", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-8jpx-m2wh-2v34", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "dropwizard-validation", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-3mcp-9wr4-cjqf", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "dropwizard-validation", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-rvwf-54qp-4r6v", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-9w3m-gqgf-c4p9", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-w37g-rhq8-7m4j", + "desc": null, + "impact": 0, + "code": null, + "results": [ + { + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-c4r9-r8fh-9vj2", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", - "dependsOn": [ - "55521fe9-aed2-403e-9df2-75fc5af90f54", - "f0e1d440-763b-4714-9bec-6bf081f12b9e", - "79b01257-3e61-49f7-8600-2042bde4702b", - "b4ca2dc7-9d68-4737-9afc-dea82759cd45" - ] - }, + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-hhhw-99gj-p3c3", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", - "dependsOn": [ - "1a021b8e-d143-4072-84f0-0e18292f1967", - "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", - "6b5fc35d-b114-4455-aa14-0a67248ee6bd", - "cdd49ec5-1b07-46eb-be80-02048d7796ae", - "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "c2dbe746-304a-4e35-88f0-69943d701fe5", - "5694b066-2847-4855-8230-77e902b37502", - "4634319e-cca2-4c02-8372-222f43bd35ba", - "648c2811-d754-45aa-9160-8f018ab4aab9", - "8fb33937-22be-4bae-b750-c8e4dd1e28e4", - "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", - "85776385-c1af-42fa-a0ac-21ecf796742f" - ] - }, + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-98wm-3w3q-mw94", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "881df936-411d-4bb3-b464-6edcf14c671c", - "dependsOn": [ - "aab91e2b-b26c-4248-9535-f3e8db0b0883", - "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", - "1b61648b-2106-4c86-ad10-79411c0ce338", - "ea950eb0-f271-4abc-a5dc-7c60fed3b586", - "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", - "82cd08db-9df5-488f-be94-6f3b554dfa9b", - "4e012695-d45a-4296-b37b-54a8b6893a50", - "71f396a0-0285-465e-8ce3-6eacb47be941", - "efb2d239-5a37-49aa-9995-47e7be07304a" - ] - }, + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-3mc7-4q67-w48m", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", - "dependsOn": [ - "bd750137-b073-47d5-891a-e48c192cfcba", - "4e012695-d45a-4296-b37b-54a8b6893a50", - "423d6189-7ce4-4931-9c74-3b58517df601", - "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", - "c1abfd09-121f-418c-befa-4d6b9e164769" - ] - }, + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-mjmj-j48q-9wg2", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", - "dependsOn": [ - "1a021b8e-d143-4072-84f0-0e18292f1967", - "4e012695-d45a-4296-b37b-54a8b6893a50", - "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" - ] - }, + "status": "failed", + "code_desc": "", + "message": "snakeyaml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-668q-qrv7-99fm", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", - "dependsOn": [ - "54f1226e-fb42-44e1-afb3-f5963e327f7c", - "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", - "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "6d8385bd-f9a9-4a97-9031-3a1c717209b7", - "2f225da8-8da3-429b-a014-effeea8c71eb", - "a309ae04-449e-4c6d-92cb-072fb307f9ad", - "e36cfe6c-5955-40dd-8f4f-09c43087ac53" - ] - }, + "status": "failed", + "code_desc": "", + "message": "logback-core", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-vmq6-5m68-f53m", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "logback-core", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-m394-8rww-3jr7", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", - "dependsOn": [ - "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-m6cp-vxjx-65j6", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", - "dependsOn": [ - "ab3bfc00-8d35-4a4d-b314-86573681d910", - "36fc309f-d086-43d6-b660-5de275ee630f" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-26vr-8j45-3r4w", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", - "dependsOn": [ - "df3cc349-8f4d-4d7e-82ab-1309f17741d3" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-p26g-97m4-6q7c", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "ac21cab7-b535-4294-8a61-b10b62918666", - "dependsOn": [ - "cc245b84-5644-43ff-82a8-82d6ff6ce58a" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-qw69-rqj8-6qw8", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", - "dependsOn": [ - "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", - "94379ad3-19a6-4b21-a049-ca0b762d8c13" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-86wm-rrjm-8wh8", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", - "dependsOn": [ - "7e266974-a702-488c-99f6-258ccf14f0f3" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-cj7v-27pg-wf7q", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "dependsOn": [ - "0d0caea7-65ca-4504-b50a-80e480879f5f", - "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", - "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-http", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-hmr7-m48g-48f6", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", - "dependsOn": [ - "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-http", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-g3wg-6mcf-8jj6", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", - "dependsOn": [ - "d6394138-9591-4141-9a76-4c3082ff2ed4", - "5b865504-bea5-4b92-ae5e-46553e01093c" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-webapp", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-58qw-p7qm-5rvh", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", - "dependsOn": [ - "ebf5150b-055e-45d4-82e5-eebc38ffea70" - ] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-xml", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-gwcr-j4wh-j3cq", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-servlets", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-3gh6-v5v9-6v9j", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "jetty-servlets", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-269g-pwp5-87pp", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "junit", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "INT-f70z-tbpp-4o5d", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", - "dependsOn": [ - "fba3b85d-fb95-43d0-b534-0fc515cc831c", - "aa9df662-3606-433f-abf6-8d2ba8dbed4a", - "026156fa-3bff-4bbd-894a-36d1b3be8f3d", - "da25e363-473d-4f84-9f46-8e09c7ec7c28" - ] - }, + "status": "failed", + "code_desc": "", + "message": "byte-buddy", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "INT-63e3-49kp-blqt", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "byte-buddy", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-j8jw-g6fq-mp7h", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "hibernate-core", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-8grg-q944-cch5", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "hibernate-core", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-hwj3-m3p6-hj38", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", - "dependsOn": [ - "bc3daea8-1de6-4319-b0fa-c36672bfae58", - "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", - "f09e69a1-54de-4e7b-802a-adda10a1c7be", - "b8d1f31a-736f-4134-9f3b-b5b85376c82e", - "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", - "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", - "627bb70b-4b85-4801-8239-f03de04ca5db", - "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" - ] - }, + "status": "failed", + "code_desc": "", + "message": "dom4j", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-7r82-7xv7-xcpj", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "httpclient", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-jvfv-hrrc-6q72", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", - "dependsOn": [ - "c454f700-0d16-4956-a210-03d9073b6d12", - "a34a6a71-d883-47b3-b6eb-e87238cffb51", - "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" - ] - }, + "status": "failed", + "code_desc": "", + "message": "liquibase-core", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-wgmr-mf83-7x4j", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", - "dependsOn": [ - "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", - "517c6455-0a2e-4e78-8d4b-88837bb5244c" - ] - }, + "status": "failed", + "code_desc": "", + "message": "http2-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-qppj-fm5r-hxr3", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "http2-server", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-rggv-cv7r-mw98", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "http2-common", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-wgh7-54f2-x98r", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", - "dependsOn": [ - "d2a5e2bf-ead6-4768-866a-385166eb6709" - ] - }, + "status": "failed", + "code_desc": "", + "message": "http2-hpack", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-w4g2-9hj6-5472", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "amqp-client", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-mm8h-8587-p46h", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", - "dependsOn": [ - "f4a06b14-3945-4381-b3dd-b46407b02b6b" - ] - }, + "status": "failed", + "code_desc": "", + "message": "amqp-client", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-h376-j262-vhq6", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "893beba4-580b-4ada-a4cf-067fbe145507", - "dependsOn": [ - "1a5b616d-beeb-422e-aa26-63a8a4181c4e", - "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" - ] - }, + "status": "failed", + "code_desc": "", + "message": "h2", + "run_time": null, + "start_time": "" + } + ] + }, + { + "tags": {}, + "descriptions": [], + "refs": [], + "source_location": {}, + "title": null, + "id": "GHSA-45hx-wfhj-473x", + "desc": null, + "impact": 0, + "code": null, + "results": [ { - "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", - "dependsOn": [] - }, + "status": "failed", + "code_desc": "", + "message": "h2", + "run_time": null, + "start_time": "" + } + ] + } + ], + "sha256": "c04e3b5461a7a25a9bdf3c3cc3e1f7c57fca676fdd12e4ac31072df9e64fae61" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", + "version": 1, + "dependencies": [ { - "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", "dependsOn": [] }, { - "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", "dependsOn": [] }, { - "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", "dependsOn": [] }, { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", "dependsOn": [] }, { - "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", - "dependsOn": [ - "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - ] - }, - { - "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", "dependsOn": [] }, { - "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", "dependsOn": [ - "6b5fc35d-b114-4455-aa14-0a67248ee6bd", - "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" ] }, { - "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", - "dependsOn": [] - }, - { - "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", - "dependsOn": [] - }, - { - "ref": "5694b066-2847-4855-8230-77e902b37502", + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", "dependsOn": [] }, { - "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", "dependsOn": [] }, { - "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", - "dependsOn": [ - "014723b6-3b73-414b-a760-da7bb1ab988d", - "7a6724fd-3628-46d2-8de5-9059e6ec494c" - ] - }, - { - "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", "dependsOn": [] }, { - "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", "dependsOn": [] }, { - "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", "dependsOn": [] }, { - "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", "dependsOn": [] }, { - "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", "dependsOn": [] }, { - "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", "dependsOn": [] }, { - "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", "dependsOn": [] }, { - "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", "dependsOn": [] }, { - "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", "dependsOn": [] }, { - "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", "dependsOn": [] }, { - "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", "dependsOn": [] }, { - "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", "dependsOn": [] }, { - "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", "dependsOn": [] }, { - "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", "dependsOn": [] }, { - "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", "dependsOn": [ - "7176887b-3e41-4f10-9d29-26ec573e2c49", - "85776385-c1af-42fa-a0ac-21ecf796742f", - "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" ] }, { - "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", "dependsOn": [ - "1a021b8e-d143-4072-84f0-0e18292f1967" + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" ] }, { - "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", "dependsOn": [ - "7e266974-a702-488c-99f6-258ccf14f0f3" + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" ] }, { - "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", - "dependsOn": [] - }, - { - "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", - "dependsOn": [] - }, - { - "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", - "dependsOn": [] - }, - { - "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", - "dependsOn": [] - }, - { - "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", "dependsOn": [ - "f72b7435-4703-4eea-8a0e-b7991aaa5565", - "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" ] }, { - "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", "dependsOn": [ - "ad836327-5c0c-495e-bb92-9e17bda31d81" + "ea1f023d-0390-4558-8696-dc8d566dd95e" ] }, { - "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", - "dependsOn": [] - }, - { - "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", - "dependsOn": [] - }, - { - "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", - "dependsOn": [] - }, - { - "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", "dependsOn": [ - "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", - "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" ] }, { - "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", - "dependsOn": [] - }, - { - "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", - "dependsOn": [] - }, - { - "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", "dependsOn": [ - "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", - "dd4f3e68-5483-4177-9ee9-987774aea94f", - "837f075b-d753-4d9e-a827-1d9f9f5e08b3", - "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", - "856bdbf0-98a8-4f05-950b-f6603c23a8c6", - "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", - "8dc0d897-c489-493c-a4b6-c5384d663c85", - "cce11866-0e96-4a46-9b49-dbee3ab30c8b", - "c454f700-0d16-4956-a210-03d9073b6d12" + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" ] }, { - "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", "dependsOn": [ - "ad836327-5c0c-495e-bb92-9e17bda31d81" + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" ] }, { - "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", "dependsOn": [ - "60844efd-9e68-4684-adf6-b7cc9e09a53b", "aab91e2b-b26c-4248-9535-f3e8db0b0883", - "dd4f3e68-5483-4177-9ee9-987774aea94f" + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" ] }, { - "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", - "dependsOn": [] - }, - { - "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", - "dependsOn": [] - }, - { - "ref": "79b01257-3e61-49f7-8600-2042bde4702b", - "dependsOn": [] - }, - { - "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", - "dependsOn": [] + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] }, { - "ref": "50a898e1-523d-4041-9250-b25394071a77", - "dependsOn": [] + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] }, { - "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", - "dependsOn": [] + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] }, { - "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", "dependsOn": [] }, { - "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", - "dependsOn": [] + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] }, { - "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", - "dependsOn": [] + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] }, { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", "dependsOn": [ - "25416803-852c-4475-bf84-2bf849ea6a56", - "c1abfd09-121f-418c-befa-4d6b9e164769", - "be69e2b9-e673-42a8-98f1-e6d3be74c272" + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" ] }, { - "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", "dependsOn": [ - "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" ] }, { - "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", "dependsOn": [ - "efb2d239-5a37-49aa-9995-47e7be07304a" + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" ] }, { - "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", - "dependsOn": [] + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] }, { - "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", - "dependsOn": [] + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] }, { - "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", "dependsOn": [ - "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", - "423d6189-7ce4-4931-9c74-3b58517df601" + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" ] }, { - "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", - "dependsOn": [] + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] }, { - "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", "dependsOn": [ - "186eb402-6ab8-417c-8bbb-4032f9722383", - "7b1c11dd-7462-451d-a5b1-0fbd56708727" + "ebf5150b-055e-45d4-82e5-eebc38ffea70" ] }, { - "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", "dependsOn": [] }, { - "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", "dependsOn": [] }, { - "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", "dependsOn": [] }, { - "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", - "dependsOn": [] + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] }, { - "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", "dependsOn": [] }, { - "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", - "dependsOn": [ - "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" - ] + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] }, { - "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", "dependsOn": [] }, { - "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", "dependsOn": [ - "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", - "a0e7d3ee-2d51-4a08-a013-5b75b697edec", - "7a60c1f8-0819-4133-aa05-ece823ae5494" + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" ] }, { - "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", "dependsOn": [] }, { - "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", "dependsOn": [ - "33155de6-f8f2-48a7-ab80-19d8641794bf", - "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" ] }, { - "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", "dependsOn": [ - "85776385-c1af-42fa-a0ac-21ecf796742f", - "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" ] }, { - "ref": "36fc309f-d086-43d6-b660-5de275ee630f", - "dependsOn": [] - }, - { - "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", - "dependsOn": [] - }, - { - "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", - "dependsOn": [] - }, - { - "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", - "dependsOn": [] - }, - { - "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "dependsOn": [] - }, - { - "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", "dependsOn": [] }, { - "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", "dependsOn": [] }, { - "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", "dependsOn": [ - "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + "d2a5e2bf-ead6-4768-866a-385166eb6709" ] }, { - "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", - "dependsOn": [] - }, - { - "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", "dependsOn": [] }, { - "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e" - ] - }, - { - "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + "f4a06b14-3945-4381-b3dd-b46407b02b6b" ] }, { - "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" ] }, { - "ref": "bd750137-b073-47d5-891a-e48c192cfcba", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e" - ] + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] }, { - "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", "dependsOn": [] }, { - "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", "dependsOn": [] }, { - "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", "dependsOn": [] }, { - "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e" - ] + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] }, { - "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", "dependsOn": [ - "9c03efc2-c106-4191-980f-b91376b5ab06", - "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" ] }, { - "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", "dependsOn": [] }, { - "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", "dependsOn": [ - "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "91658b5a-2478-4653-a3e4-f62c4f58f87b" + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" ] }, { - "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", "dependsOn": [] }, { - "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", "dependsOn": [] }, { - "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "ref": "5694b066-2847-4855-8230-77e902b37502", "dependsOn": [] }, { - "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", "dependsOn": [] }, { - "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", - "dependsOn": [] + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] }, { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", "dependsOn": [] }, { - "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", "dependsOn": [] }, { - "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", - "dependsOn": [ - "13aba3db-12c7-44d2-895d-130d2897e460" - ] + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] }, { - "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", "dependsOn": [] }, { - "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", - "dependsOn": [ - "3affcf84-19c7-4ac3-91f9-b08980969391" - ] + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] }, { - "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", "dependsOn": [] }, { - "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", "dependsOn": [] - } - ], - "vulnerabilities": [ - { - "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", - "id": "GHSA-5mg8-w23w-74h3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 173, - 200, - 378, - 732 - ], - "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", - "published": "2021-03-25T17:04:19Z", - "updated": "2023-11-09T18:44:38Z", - "affects": [ - { - "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" - } - ] }, { - "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", - "id": "GHSA-7g45-4rm6-3mm3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 379, - 552 - ], - "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", - "published": "2023-06-14T18:30:38Z", - "updated": "2024-02-13T21:49:15Z", - "affects": [ - { - "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" - } - ] + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] }, { - "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", - "id": "GHSA-5p34-5m6p-p58g", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", - "published": "2020-04-23T21:08:40Z", - "updated": "2023-02-01T05:02:59Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] }, { - "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", - "id": "GHSA-27xj-rqx5-2255", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", - "published": "2020-05-15T18:58:44Z", - "updated": "2023-02-01T05:02:59Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] }, { - "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", - "id": "GHSA-58pp-9c76-5625", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", - "published": "2020-06-10T21:12:41Z", - "updated": "2023-02-01T05:03:03Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] }, { - "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", - "id": "GHSA-v3xw-c963-f5hc", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", - "published": "2020-05-15T18:58:50Z", - "updated": "2023-02-01T05:03:05Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] }, { - "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", - "id": "GHSA-h4rc-386g-6m85", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", - "published": "2020-04-23T20:19:02Z", - "updated": "2024-03-15T00:41:35Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] }, { - "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", - "id": "GHSA-9vvp-fxw6-jcxr", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", - "published": "2020-05-15T18:58:47Z", - "updated": "2024-03-15T00:48:55Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] }, { - "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", - "id": "GHSA-rf6r-2c4q-2vwg", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", - "published": "2020-05-15T18:58:54Z", - "updated": "2024-03-15T00:50:18Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" ] }, { - "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", - "id": "GHSA-758m-v56v-grj4", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", - "published": "2020-04-23T21:36:03Z", - "updated": "2024-06-25T13:46:45Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" ] }, { - "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", - "id": "GHSA-95cm-88f5-f2c7", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", - "published": "2020-04-23T16:32:59Z", - "updated": "2024-07-03T21:10:50Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" ] }, { - "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", - "id": "GHSA-c2q3-4qrh-fm48", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", - "published": "2020-06-18T14:44:50Z", - "updated": "2023-02-01T05:04:14Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] }, { - "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", - "id": "GHSA-mc6h-4qgp-37qh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", - "published": "2020-06-18T14:44:43Z", - "updated": "2024-03-15T00:37:17Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] }, { - "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", - "id": "GHSA-j823-4qch-3rgm", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", - "published": "2020-06-18T14:44:46Z", - "updated": "2024-03-15T00:39:55Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] }, { - "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", - "id": "GHSA-c265-37vj-cwcc", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", - "published": "2020-06-18T14:44:48Z", - "updated": "2024-06-25T13:46:04Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] }, { - "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", - "id": "GHSA-4w82-r329-3q67", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", - "published": "2020-03-04T20:52:14Z", - "updated": "2023-06-08T19:02:12Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" ] }, { - "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", - "id": "GHSA-rpr3-cw39-3pxh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", - "published": "2022-07-15T19:41:47Z", - "updated": "2023-08-18T15:45:27Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" ] }, { - "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", - "id": "GHSA-fmmc-742q-jg75", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", - "published": "2019-11-13T00:32:27Z", - "updated": "2023-09-14T14:55:20Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] }, { - "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", - "id": "GHSA-gjmw-vf9h-g25v", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", - "published": "2019-11-13T00:32:38Z", - "updated": "2023-09-14T14:55:25Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] }, { - "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", - "id": "GHSA-mx7p-6679-8g3q", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", - "published": "2019-10-28T20:51:15Z", - "updated": "2024-03-15T00:57:37Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] }, { - "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", - "id": "GHSA-q93h-jc49-78gg", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", - "published": "2020-05-15T18:59:10Z", - "updated": "2023-09-14T15:09:40Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" ] }, { - "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", - "id": "GHSA-p43x-xfjf-5jhr", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", - "published": "2020-05-15T18:59:01Z", - "updated": "2024-03-15T00:20:09Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] }, { - "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", - "id": "GHSA-h3cw-g4mq-c5x2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 94, - 502 - ], - "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", - "published": "2021-12-09T19:14:51Z", - "updated": "2023-09-14T15:44:55Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] }, { - "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", - "id": "GHSA-qjw2-hr98-qgfh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", - "published": "2021-12-09T19:15:36Z", - "updated": "2023-09-14T15:47:50Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" ] }, { - "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", - "id": "GHSA-8w26-6f25-cm9x", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", - "published": "2021-12-09T19:16:02Z", - "updated": "2023-09-14T15:52:49Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" ] }, { - "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", - "id": "GHSA-m6x4-97wx-4q27", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", - "published": "2021-12-09T19:16:26Z", - "updated": "2023-09-14T15:53:30Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" ] }, { - "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", - "id": "GHSA-v585-23hc-c647", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", - "published": "2021-11-19T20:13:06Z", - "updated": "2023-09-14T15:59:33Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] }, { - "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", - "id": "GHSA-r695-7vr9-jgc2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", - "published": "2021-12-09T19:16:51Z", - "updated": "2023-09-14T16:01:31Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] }, { - "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", - "id": "GHSA-vfqx-33qm-g869", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", - "published": "2021-12-09T19:16:59Z", - "updated": "2023-09-14T16:04:22Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] }, { - "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", - "id": "GHSA-f9xh-2qgp-cq57", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", - "published": "2021-12-09T19:16:42Z", - "updated": "2023-09-14T16:04:22Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] }, { - "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", - "id": "GHSA-cvm9-fjm9-3572", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "published": "2021-12-09T19:16:10Z", - "updated": "2023-09-14T16:07:00Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] }, { - "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", - "id": "GHSA-9gph-22xh-8x98", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "published": "2021-12-09T19:15:54Z", - "updated": "2023-09-14T16:07:40Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] }, { - "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", - "id": "GHSA-89qr-369f-5m5x", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "published": "2021-12-09T19:15:46Z", - "updated": "2023-09-14T16:08:37Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] }, { - "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", - "id": "GHSA-8c4j-34r4-xr8g", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "published": "2021-12-09T19:16:18Z", - "updated": "2023-09-14T16:13:01Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] }, { - "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", - "id": "GHSA-9m6f-7xcq-8vf8", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", - "published": "2021-12-09T19:16:34Z", - "updated": "2023-09-14T16:15:44Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] }, { - "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", - "id": "GHSA-5r5r-6hpj-8gg9", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", - "published": "2021-12-09T19:15:24Z", - "updated": "2023-11-21T11:40:53Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" ] }, { - "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", - "id": "GHSA-wh8g-3j2c-rqj5", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", - "published": "2021-12-09T19:15:00Z", - "updated": "2024-03-15T00:28:08Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" ] }, { - "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", - "id": "GHSA-r3gr-cxrf-hg25", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502, - 913 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", - "published": "2021-12-09T19:15:11Z", - "updated": "2024-06-25T13:47:23Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" ] }, { - "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", - "id": "GHSA-jjjh-jjxp-wpff", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 502 - ], - "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", - "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-15T00:14:44Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] }, { - "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", - "id": "GHSA-5949-rw7g-wx7w", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", - "published": "2021-01-20T21:20:15Z", - "updated": "2024-03-15T00:16:04Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] }, { - "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", - "id": "GHSA-57j2-w4cx-62h2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 787 - ], - "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", - "published": "2022-03-12T00:00:36Z", - "updated": "2024-03-15T00:24:56Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" ] }, { - "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", - "id": "GHSA-288c-cq4h-88gq", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", - "published": "2021-02-18T20:51:54Z", - "updated": "2024-03-15T00:31:24Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] }, { - "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", - "id": "GHSA-gww7-p5w4-wrfv", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", - "published": "2020-03-04T20:52:11Z", - "updated": "2024-03-15T00:52:59Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" ] }, { - "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", - "id": "GHSA-rgv9-q543-rqg4", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 502 - ], - "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", - "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-24T05:01:05Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] }, { - "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", - "id": "GHSA-fqwf-pjwf-7vqv", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", - "published": "2020-05-15T18:59:04Z", - "updated": "2024-07-03T21:10:31Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ] + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] }, { - "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", - "id": "GHSA-8jpx-m2wh-2v34", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 74 - ], - "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "published": "2020-04-10T18:42:20Z", - "updated": "2023-01-09T05:02:18Z", - "affects": [ - { - "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" - } - ] + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] }, { - "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", - "id": "GHSA-3mcp-9wr4-cjqf", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 74 - ], - "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "published": "2020-02-24T17:27:27Z", - "updated": "2024-06-05T16:42:03Z", - "affects": [ - { - "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" - } - ] + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] }, { - "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", - "id": "GHSA-rvwf-54qp-4r6v", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 776 - ], - "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", - "published": "2021-06-04T21:37:45Z", - "updated": "2023-05-22T20:17:58Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ] + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] }, { - "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", - "id": "GHSA-9w3m-gqgf-c4p9", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" ] }, { - "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", - "id": "GHSA-w37g-rhq8-7m4j", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", - "published": "2022-11-11T19:00:31Z", - "updated": "2024-06-21T21:33:52Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ] + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] }, { - "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", - "id": "GHSA-c4r9-r8fh-9vj2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" ] }, { - "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", - "id": "GHSA-hhhw-99gj-p3c3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ] + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] }, { - "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", - "id": "GHSA-98wm-3w3q-mw94", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" ] }, { - "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", - "id": "GHSA-3mc7-4q67-w48m", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 776 - ], - "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", - "published": "2022-08-31T00:00:24Z", - "updated": "2024-03-15T19:06:46Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" ] }, { - "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", - "id": "GHSA-mjmj-j48q-9wg2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 20, - 502 - ], - "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", - "published": "2022-12-12T21:19:47Z", - "updated": "2024-06-24T21:22:59Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ] + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] }, { - "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", - "id": "GHSA-668q-qrv7-99fm", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", - "published": "2021-12-17T20:00:50Z", - "updated": "2023-01-30T05:04:55Z", - "affects": [ - { - "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" - } - ] + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] }, { - "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", - "id": "GHSA-vmq6-5m68-f53m", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "published": "2023-11-29T12:30:16Z", - "updated": "2023-12-05T21:31:13Z", - "affects": [ - { - "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" - } - ] + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] }, { - "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", - "id": "GHSA-vmq6-5m68-f53m", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "published": "2023-11-29T12:30:16Z", - "updated": "2023-12-05T21:31:13Z", - "affects": [ - { - "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" - } - ] + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] }, { - "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", - "id": "GHSA-m394-8rww-3jr7", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", - "published": "2021-03-10T03:46:47Z", - "updated": "2023-02-01T05:05:09Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ] + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] }, { - "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", - "id": "GHSA-m6cp-vxjx-65j6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 613 - ], - "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", - "published": "2021-06-23T20:23:04Z", - "updated": "2023-02-01T05:05:59Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ] + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] }, { - "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", - "id": "GHSA-26vr-8j45-3r4w", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 551, - 755 - ], - "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", - "published": "2021-04-06T17:31:30Z", - "updated": "2023-09-26T11:11:47Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ] + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] }, { - "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", - "id": "GHSA-p26g-97m4-6q7c", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 200 - ], - "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", - "published": "2023-04-18T22:19:57Z", - "updated": "2023-11-06T05:01:53Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" ] }, { - "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", - "id": "GHSA-qw69-rqj8-6qw8", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400, - 770 - ], - "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", - "published": "2023-04-19T18:15:45Z", - "updated": "2023-11-06T05:02:06Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ] + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] }, { - "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", - "id": "GHSA-86wm-rrjm-8wh8", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 226 - ], - "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", - "published": "2020-12-02T18:28:18Z", - "updated": "2024-02-21T17:23:14Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ] + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] }, { - "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", - "id": "GHSA-cj7v-27pg-wf7q", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 20 - ], - "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "published": "2022-07-07T20:55:34Z", - "updated": "2023-01-29T05:06:01Z", - "affects": [ - { - "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" - } + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" ] }, { - "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", - "id": "GHSA-hmr7-m48g-48f6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 130 - ], - "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", - "published": "2023-09-14T16:17:27Z", - "updated": "2023-11-06T05:01:59Z", - "affects": [ - { - "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" - } + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" ] }, { - "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", - "id": "GHSA-g3wg-6mcf-8jj6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 378, - 379, - 552 - ], - "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", - "published": "2020-11-04T17:50:24Z", - "updated": "2023-11-27T23:07:53Z", - "affects": [ - { - "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" - } + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" ] }, { - "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", - "id": "GHSA-58qw-p7qm-5rvh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", - "published": "2023-07-10T21:52:39Z", - "updated": "2023-09-05T22:39:32Z", - "affects": [ - { - "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" - } + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" ] }, { - "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", - "id": "GHSA-gwcr-j4wh-j3cq", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 200 - ], - "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", - "published": "2021-06-10T15:43:22Z", - "updated": "2023-02-01T05:05:51Z", - "affects": [ - { - "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" - } - ] + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] }, { - "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", - "id": "GHSA-3gh6-v5v9-6v9j", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 149 - ], - "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", - "published": "2023-09-14T16:16:00Z", - "updated": "2023-11-06T05:01:59Z", - "affects": [ - { - "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" - } - ] + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] }, { - "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", - "id": "GHSA-269g-pwp5-87pp", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 200, - 732 - ], - "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", - "published": "2020-10-12T17:33:00Z", - "updated": "2023-02-01T05:04:50Z", - "affects": [ - { - "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" - } - ] + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] }, { - "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", - "id": "INT-f70z-tbpp-4o5d", - "source": { - "name": "INTERNAL" - }, - "ratings": [ - { - "source": { - "name": "INTERNAL" - }, - "severity": "high", - "method": "other" - } - ], - "affects": [ - { - "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" - } + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" ] }, { - "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", - "id": "INT-63e3-49kp-blqt", - "source": { - "name": "INTERNAL" - }, - "ratings": [ - { - "source": { - "name": "INTERNAL" - }, - "severity": "low", - "method": "other" - } - ], - "description": "testing", - "affects": [ - { - "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" - } + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" ] }, { - "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", - "id": "GHSA-j8jw-g6fq-mp7h", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 89 - ], - "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", - "published": "2022-02-09T22:57:29Z", - "updated": "2024-06-27T16:39:59Z", - "affects": [ - { - "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" - } - ] + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] }, { - "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", - "id": "GHSA-8grg-q944-cch5", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 89 - ], - "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", - "published": "2022-02-10T23:05:04Z", - "updated": "2024-06-27T18:05:49Z", - "affects": [ - { - "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" - } + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" ] }, { - "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", - "id": "GHSA-hwj3-m3p6-hj38", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", - "published": "2020-06-05T16:13:36Z", - "updated": "2023-01-27T05:02:30Z", - "affects": [ - { - "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" - } - ] + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] }, { - "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", - "id": "GHSA-7r82-7xv7-xcpj", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 79 - ], - "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", - "published": "2021-06-03T23:40:23Z", - "updated": "2023-02-01T05:05:30Z", - "affects": [ - { - "ref": "893beba4-580b-4ada-a4cf-067fbe145507" - } - ] + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] }, { - "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", - "id": "GHSA-jvfv-hrrc-6q72", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", - "published": "2022-03-05T00:00:45Z", - "updated": "2023-01-27T05:02:46Z", - "affects": [ - { - "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" - } - ] + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] }, { - "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", - "id": "GHSA-wgmr-mf83-7x4j", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 410 - ], - "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "published": "2022-07-07T20:55:40Z", - "updated": "2023-07-24T19:39:20Z", - "affects": [ - { - "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" - } - ] + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] }, { - "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", - "id": "GHSA-qppj-fm5r-hxr3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", - "published": "2023-10-10T21:28:24Z", - "updated": "2024-06-21T21:34:00Z", - "affects": [ - { - "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" - } - ] + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] }, { - "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", - "id": "GHSA-rggv-cv7r-mw98", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", - "published": "2024-02-26T20:13:46Z", - "updated": "2024-05-02T18:38:19Z", - "affects": [ - { - "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" - } - ] + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] }, { - "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", - "id": "GHSA-qppj-fm5r-hxr3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", - "published": "2023-10-10T21:28:24Z", - "updated": "2024-06-21T21:34:00Z", - "affects": [ - { - "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" - } - ] + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] }, { - "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", - "id": "GHSA-wgh7-54f2-x98r", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 190 - ], - "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", - "published": "2023-10-10T21:16:23Z", - "updated": "2024-06-21T21:33:57Z", - "affects": [ - { - "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" - } + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" ] }, { - "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", - "id": "GHSA-w4g2-9hj6-5472", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 295 - ], - "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", - "published": "2018-10-18T18:06:08Z", - "updated": "2023-01-09T05:03:38Z", - "affects": [ - { - "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" - } - ] + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] }, { - "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", - "id": "GHSA-mm8h-8587-p46h", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", - "published": "2023-10-24T01:49:09Z", - "updated": "2023-11-05T05:04:23Z", - "affects": [ - { - "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" - } + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" ] }, { - "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", - "id": "GHSA-h376-j262-vhq6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", - "published": "2022-01-06T23:55:09Z", - "updated": "2023-02-25T00:31:20Z", - "affects": [ - { - "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" - } - ] + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] }, { - "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", - "id": "GHSA-45hx-wfhj-473x", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 88 - ], - "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", - "published": "2022-01-21T23:07:39Z", - "updated": "2023-08-18T15:47:05Z", - "affects": [ - { - "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" - } - ] + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] } ] } diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json index eba9f57394..5c7628cd66 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json @@ -22,30 +22,8 @@ "depends": [], "groups": [], "status": "loaded", - "controls": [ - { - "key": "id", - "tags": {}, - "descriptions": [], - "refs": [], - "source_location": {}, - "title": null, - "id": "", - "desc": null, - "impact": 0, - "code": null, - "results": [ - { - "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, - "start_time": "" - } - ] - } - ], - "sha256": "73c2aaa2337b354d7fdb7126fe606d7434728cc838b6779fb3e6952d8082d138" + "controls": [], + "sha256": "569c078b8149960c980abb20c9d5a9005ba9d713965cac778799f1669f428981" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json index 258569931f..228b291dfc 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json @@ -22,30 +22,8 @@ "depends": [], "groups": [], "status": "loaded", - "controls": [ - { - "key": "id", - "tags": {}, - "descriptions": [], - "refs": [], - "source_location": {}, - "title": null, - "id": "", - "desc": null, - "impact": 0, - "code": null, - "results": [ - { - "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, - "start_time": "" - } - ] - } - ], - "sha256": "73c2aaa2337b354d7fdb7126fe606d7434728cc838b6779fb3e6952d8082d138" + "controls": [], + "sha256": "569c078b8149960c980abb20c9d5a9005ba9d713965cac778799f1669f428981" } ], "passthrough": { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 161cd59834..7a5a2bd559 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -23,7 +23,42 @@ function formatLicense(input: Record): string { return message.slice(0, -2); } -export class SbomMapper extends BaseConverter { +export class SBOMResults { + data: Record; + withRaw: boolean; + constructor(SBOMJson: string, withRaw = false) { + this.data = JSON.parse(SBOMJson); + this.withRaw = withRaw; + this.generateIntermediary(this.data); + } + + generateIntermediary(data: Record) { + if (_.has(data, 'vulnerabilities')) { + if ( + data.vulnerabilities instanceof Array && + data.components instanceof Array + ) { + for (let vulnerability of data.vulnerabilities) { + for (const id of vulnerability.affects) { + const components = []; + for (const component of data.components) { + if (_.get(component, 'bom-ref') === id.ref) { + components.push(component); + } + vulnerability['affectedComponents'] = components; + } + } + } + } + } + } + + toHdf(): ExecJSON.Execution { + return new SBOMMapper(this.data, this.withRaw).toHdf(); + } +} + +export class SBOMMapper extends BaseConverter { withRaw: boolean; mappings: MappedTransform< @@ -55,18 +90,20 @@ export class SbomMapper extends BaseConverter { status: 'loaded', controls: [ { + path: 'vulnerabilities', key: 'id', tags: {}, //Insert data descriptions: [], //Insert data refs: [], //Insert data source_location: {}, //Insert data title: null, //Insert data - id: '', //Insert data + id: {path: 'id'}, desc: null, //Insert data impact: 0, //Insert data code: null, //Insert data results: [ { + path: 'affectedComponents', status: ExecJSON.ControlResultStatus.Failed, //Insert data code_desc: '', //Insert data message: null, //Insert data @@ -83,15 +120,18 @@ export class SbomMapper extends BaseConverter { transformer: (data: Record): Record => { return { auxiliary_data: [ - {name: 'SBOM', data: _.omit(data, ['metadata', 'components'])} + { + name: 'SBOM', + data: _.omit(data, ['metadata', 'components', 'vulnerabilities']) + } ], ...(this.withRaw && {raw: data}) }; } } }; - constructor(exportJson: string, withRaw = false) { - super(JSON.parse(exportJson), true); + constructor(exportJson: Record, withRaw = false) { + super(exportJson, true); this.withRaw = withRaw; } } diff --git a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts index f69928fc18..e5b7ab4b66 100644 --- a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts @@ -1,20 +1,20 @@ import fs from 'fs'; -import {SbomMapper} from '../../../src/sbom-mapper'; +import {SBOMResults} from '../../../src/sbom-mapper'; import {omitVersions} from '../../utils'; describe('sbom_mapper_saf', () => { it('Successfully converts SBOM data', () => { - const mapper = new SbomMapper( + const mapper = new SBOMResults( fs.readFileSync( 'sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json', {encoding: 'utf-8'} ) ); - // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', - // JSON.stringify(mapper.toHdf(), null, 2) - // ); + fs.writeFileSync( + 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', + JSON.stringify(mapper.toHdf(), null, 2) + ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -28,7 +28,7 @@ describe('sbom_mapper_saf', () => { }); it('Successfully converts withraw flagged SBOM data', () => { - const mapper = new SbomMapper( + const mapper = new SBOMResults( fs.readFileSync( 'sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json', {encoding: 'utf-8'} @@ -36,10 +36,10 @@ describe('sbom_mapper_saf', () => { true ); - // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', - // JSON.stringify(mapper.toHdf(), null, 2) - // ); + fs.writeFileSync( + 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', + JSON.stringify(mapper.toHdf(), null, 2) + ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -58,17 +58,17 @@ describe('sbom_mapper_saf', () => { describe('sbom_mapper_dropwizard_vulns', () => { it('Successfully converts SBOM data', () => { - const mapper = new SbomMapper( + const mapper = new SBOMResults( fs.readFileSync( 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json', {encoding: 'utf-8'} ) ); - // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', - // JSON.stringify(mapper.toHdf(), null, 2) - // ); + fs.writeFileSync( + 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', + JSON.stringify(mapper.toHdf(), null, 2) + ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -85,7 +85,7 @@ describe('sbom_mapper_dropwizard_vulns', () => { }); it('Successfully converts withraw flagged SBOM data', () => { - const mapper = new SbomMapper( + const mapper = new SBOMResults( fs.readFileSync( 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json', {encoding: 'utf-8'} @@ -93,10 +93,10 @@ describe('sbom_mapper_dropwizard_vulns', () => { true ); - // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', - // JSON.stringify(mapper.toHdf(), null, 2) - // ); + fs.writeFileSync( + 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', + JSON.stringify(mapper.toHdf(), null, 2) + ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( From 452eec62c8340fea7e5002e0e4b94ba63b96014b Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 22 Jul 2024 13:25:57 -0400 Subject: [PATCH 08/61] Linting Signed-off-by: Charles Hu --- .../test/mappers/forward/sbom_mapper.spec.ts | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts index e5b7ab4b66..36ad553864 100644 --- a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts @@ -11,10 +11,10 @@ describe('sbom_mapper_saf', () => { ) ); - fs.writeFileSync( - 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', - JSON.stringify(mapper.toHdf(), null, 2) - ); + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -36,10 +36,10 @@ describe('sbom_mapper_saf', () => { true ); - fs.writeFileSync( - 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', - JSON.stringify(mapper.toHdf(), null, 2) - ); + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -65,10 +65,10 @@ describe('sbom_mapper_dropwizard_vulns', () => { ) ); - fs.writeFileSync( - 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', - JSON.stringify(mapper.toHdf(), null, 2) - ); + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -93,10 +93,10 @@ describe('sbom_mapper_dropwizard_vulns', () => { true ); - fs.writeFileSync( - 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', - JSON.stringify(mapper.toHdf(), null, 2) - ); + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( From ab79f273745eb16c3ddeb4f0a7df165d3f3c65ab Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 22 Jul 2024 13:33:39 -0400 Subject: [PATCH 09/61] Linting Signed-off-by: Charles Hu --- libs/hdf-converters/src/sbom-mapper.ts | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 7a5a2bd559..49106b422f 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -33,20 +33,19 @@ export class SBOMResults { } generateIntermediary(data: Record) { - if (_.has(data, 'vulnerabilities')) { - if ( - data.vulnerabilities instanceof Array && - data.components instanceof Array - ) { - for (let vulnerability of data.vulnerabilities) { - for (const id of vulnerability.affects) { - const components = []; - for (const component of data.components) { - if (_.get(component, 'bom-ref') === id.ref) { - components.push(component); - } - vulnerability['affectedComponents'] = components; + if ( + _.has(data, 'vulnerabilities') && + data.vulnerabilities instanceof Array && + data.components instanceof Array + ) { + for (let vulnerability of data.vulnerabilities) { + for (const id of vulnerability.affects) { + const components = []; + for (const component of data.components) { + if (_.get(component, 'bom-ref') === id.ref) { + components.push(component); } + vulnerability['affectedComponents'] = components; } } } From d08b9f25c33ec5e17c62eace22a75596ea89b566 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 22 Jul 2024 13:56:13 -0400 Subject: [PATCH 10/61] Logical density change Signed-off-by: Charles Hu --- .../sbom-dropwizard-vulns-hdf-withraw.json | 172 +++++++++--------- .../sbom-dropwizard-vulns-hdf.json | 172 +++++++++--------- libs/hdf-converters/src/sbom-mapper.ts | 16 +- 3 files changed, 181 insertions(+), 179 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index 1506e0e164..2f59edfe2a 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -37,7 +37,7 @@ { "status": "failed", "code_desc": "", - "message": "guava", + "message": null, "run_time": null, "start_time": "" } @@ -57,7 +57,7 @@ { "status": "failed", "code_desc": "", - "message": "guava", + "message": null, "run_time": null, "start_time": "" } @@ -77,7 +77,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -97,7 +97,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -117,7 +117,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -137,7 +137,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -157,7 +157,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -177,7 +177,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -197,7 +197,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -217,7 +217,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -237,7 +237,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -257,7 +257,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -277,7 +277,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -297,7 +297,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -317,7 +317,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -337,7 +337,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -357,7 +357,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -377,7 +377,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -397,7 +397,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -417,7 +417,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -437,7 +437,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -457,7 +457,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -477,7 +477,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -497,7 +497,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -517,7 +517,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -537,7 +537,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -557,7 +557,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -577,7 +577,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -597,7 +597,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -617,7 +617,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -637,7 +637,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -657,7 +657,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -677,7 +677,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -697,7 +697,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -717,7 +717,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -737,7 +737,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -757,7 +757,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -777,7 +777,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -797,7 +797,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -817,7 +817,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -837,7 +837,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -857,7 +857,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -877,7 +877,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -897,7 +897,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -917,7 +917,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -937,7 +937,7 @@ { "status": "failed", "code_desc": "", - "message": "dropwizard-validation", + "message": null, "run_time": null, "start_time": "" } @@ -957,7 +957,7 @@ { "status": "failed", "code_desc": "", - "message": "dropwizard-validation", + "message": null, "run_time": null, "start_time": "" } @@ -977,7 +977,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -997,7 +997,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1017,7 +1017,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1037,7 +1037,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1057,7 +1057,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1077,7 +1077,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1097,7 +1097,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1117,7 +1117,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1137,7 +1137,7 @@ { "status": "failed", "code_desc": "", - "message": "logback-core", + "message": null, "run_time": null, "start_time": "" } @@ -1157,7 +1157,7 @@ { "status": "failed", "code_desc": "", - "message": "logback-core", + "message": null, "run_time": null, "start_time": "" } @@ -1177,7 +1177,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-server", + "message": null, "run_time": null, "start_time": "" } @@ -1197,7 +1197,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-server", + "message": null, "run_time": null, "start_time": "" } @@ -1217,7 +1217,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-server", + "message": null, "run_time": null, "start_time": "" } @@ -1237,7 +1237,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-server", + "message": null, "run_time": null, "start_time": "" } @@ -1257,7 +1257,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-server", + "message": null, "run_time": null, "start_time": "" } @@ -1277,7 +1277,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-server", + "message": null, "run_time": null, "start_time": "" } @@ -1297,7 +1297,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-http", + "message": null, "run_time": null, "start_time": "" } @@ -1317,7 +1317,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-http", + "message": null, "run_time": null, "start_time": "" } @@ -1337,7 +1337,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-webapp", + "message": null, "run_time": null, "start_time": "" } @@ -1357,7 +1357,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-xml", + "message": null, "run_time": null, "start_time": "" } @@ -1377,7 +1377,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-servlets", + "message": null, "run_time": null, "start_time": "" } @@ -1397,7 +1397,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-servlets", + "message": null, "run_time": null, "start_time": "" } @@ -1417,7 +1417,7 @@ { "status": "failed", "code_desc": "", - "message": "junit", + "message": null, "run_time": null, "start_time": "" } @@ -1437,7 +1437,7 @@ { "status": "failed", "code_desc": "", - "message": "byte-buddy", + "message": null, "run_time": null, "start_time": "" } @@ -1457,7 +1457,7 @@ { "status": "failed", "code_desc": "", - "message": "byte-buddy", + "message": null, "run_time": null, "start_time": "" } @@ -1477,7 +1477,7 @@ { "status": "failed", "code_desc": "", - "message": "hibernate-core", + "message": null, "run_time": null, "start_time": "" } @@ -1497,7 +1497,7 @@ { "status": "failed", "code_desc": "", - "message": "hibernate-core", + "message": null, "run_time": null, "start_time": "" } @@ -1517,7 +1517,7 @@ { "status": "failed", "code_desc": "", - "message": "dom4j", + "message": null, "run_time": null, "start_time": "" } @@ -1537,7 +1537,7 @@ { "status": "failed", "code_desc": "", - "message": "httpclient", + "message": null, "run_time": null, "start_time": "" } @@ -1557,7 +1557,7 @@ { "status": "failed", "code_desc": "", - "message": "liquibase-core", + "message": null, "run_time": null, "start_time": "" } @@ -1577,7 +1577,7 @@ { "status": "failed", "code_desc": "", - "message": "http2-server", + "message": null, "run_time": null, "start_time": "" } @@ -1597,7 +1597,7 @@ { "status": "failed", "code_desc": "", - "message": "http2-server", + "message": null, "run_time": null, "start_time": "" } @@ -1617,7 +1617,7 @@ { "status": "failed", "code_desc": "", - "message": "http2-common", + "message": null, "run_time": null, "start_time": "" } @@ -1637,7 +1637,7 @@ { "status": "failed", "code_desc": "", - "message": "http2-hpack", + "message": null, "run_time": null, "start_time": "" } @@ -1657,7 +1657,7 @@ { "status": "failed", "code_desc": "", - "message": "amqp-client", + "message": null, "run_time": null, "start_time": "" } @@ -1677,7 +1677,7 @@ { "status": "failed", "code_desc": "", - "message": "amqp-client", + "message": null, "run_time": null, "start_time": "" } @@ -1697,7 +1697,7 @@ { "status": "failed", "code_desc": "", - "message": "h2", + "message": null, "run_time": null, "start_time": "" } @@ -1717,14 +1717,14 @@ { "status": "failed", "code_desc": "", - "message": "h2", + "message": null, "run_time": null, "start_time": "" } ] } ], - "sha256": "c04e3b5461a7a25a9bdf3c3cc3e1f7c57fca676fdd12e4ac31072df9e64fae61" + "sha256": "cea5e02f216ef11082767cc7bc6d2f12a3fedcb2a4979c109128031f4015cc4e" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index 5f26d36a77..5bb4c2e8ee 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -37,7 +37,7 @@ { "status": "failed", "code_desc": "", - "message": "guava", + "message": null, "run_time": null, "start_time": "" } @@ -57,7 +57,7 @@ { "status": "failed", "code_desc": "", - "message": "guava", + "message": null, "run_time": null, "start_time": "" } @@ -77,7 +77,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -97,7 +97,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -117,7 +117,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -137,7 +137,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -157,7 +157,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -177,7 +177,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -197,7 +197,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -217,7 +217,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -237,7 +237,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -257,7 +257,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -277,7 +277,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -297,7 +297,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -317,7 +317,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -337,7 +337,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -357,7 +357,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -377,7 +377,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -397,7 +397,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -417,7 +417,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -437,7 +437,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -457,7 +457,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -477,7 +477,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -497,7 +497,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -517,7 +517,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -537,7 +537,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -557,7 +557,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -577,7 +577,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -597,7 +597,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -617,7 +617,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -637,7 +637,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -657,7 +657,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -677,7 +677,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -697,7 +697,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -717,7 +717,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -737,7 +737,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -757,7 +757,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -777,7 +777,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -797,7 +797,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -817,7 +817,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -837,7 +837,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -857,7 +857,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -877,7 +877,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -897,7 +897,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -917,7 +917,7 @@ { "status": "failed", "code_desc": "", - "message": "jackson-databind", + "message": null, "run_time": null, "start_time": "" } @@ -937,7 +937,7 @@ { "status": "failed", "code_desc": "", - "message": "dropwizard-validation", + "message": null, "run_time": null, "start_time": "" } @@ -957,7 +957,7 @@ { "status": "failed", "code_desc": "", - "message": "dropwizard-validation", + "message": null, "run_time": null, "start_time": "" } @@ -977,7 +977,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -997,7 +997,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1017,7 +1017,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1037,7 +1037,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1057,7 +1057,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1077,7 +1077,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1097,7 +1097,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1117,7 +1117,7 @@ { "status": "failed", "code_desc": "", - "message": "snakeyaml", + "message": null, "run_time": null, "start_time": "" } @@ -1137,7 +1137,7 @@ { "status": "failed", "code_desc": "", - "message": "logback-core", + "message": null, "run_time": null, "start_time": "" } @@ -1157,7 +1157,7 @@ { "status": "failed", "code_desc": "", - "message": "logback-core", + "message": null, "run_time": null, "start_time": "" } @@ -1177,7 +1177,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-server", + "message": null, "run_time": null, "start_time": "" } @@ -1197,7 +1197,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-server", + "message": null, "run_time": null, "start_time": "" } @@ -1217,7 +1217,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-server", + "message": null, "run_time": null, "start_time": "" } @@ -1237,7 +1237,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-server", + "message": null, "run_time": null, "start_time": "" } @@ -1257,7 +1257,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-server", + "message": null, "run_time": null, "start_time": "" } @@ -1277,7 +1277,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-server", + "message": null, "run_time": null, "start_time": "" } @@ -1297,7 +1297,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-http", + "message": null, "run_time": null, "start_time": "" } @@ -1317,7 +1317,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-http", + "message": null, "run_time": null, "start_time": "" } @@ -1337,7 +1337,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-webapp", + "message": null, "run_time": null, "start_time": "" } @@ -1357,7 +1357,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-xml", + "message": null, "run_time": null, "start_time": "" } @@ -1377,7 +1377,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-servlets", + "message": null, "run_time": null, "start_time": "" } @@ -1397,7 +1397,7 @@ { "status": "failed", "code_desc": "", - "message": "jetty-servlets", + "message": null, "run_time": null, "start_time": "" } @@ -1417,7 +1417,7 @@ { "status": "failed", "code_desc": "", - "message": "junit", + "message": null, "run_time": null, "start_time": "" } @@ -1437,7 +1437,7 @@ { "status": "failed", "code_desc": "", - "message": "byte-buddy", + "message": null, "run_time": null, "start_time": "" } @@ -1457,7 +1457,7 @@ { "status": "failed", "code_desc": "", - "message": "byte-buddy", + "message": null, "run_time": null, "start_time": "" } @@ -1477,7 +1477,7 @@ { "status": "failed", "code_desc": "", - "message": "hibernate-core", + "message": null, "run_time": null, "start_time": "" } @@ -1497,7 +1497,7 @@ { "status": "failed", "code_desc": "", - "message": "hibernate-core", + "message": null, "run_time": null, "start_time": "" } @@ -1517,7 +1517,7 @@ { "status": "failed", "code_desc": "", - "message": "dom4j", + "message": null, "run_time": null, "start_time": "" } @@ -1537,7 +1537,7 @@ { "status": "failed", "code_desc": "", - "message": "httpclient", + "message": null, "run_time": null, "start_time": "" } @@ -1557,7 +1557,7 @@ { "status": "failed", "code_desc": "", - "message": "liquibase-core", + "message": null, "run_time": null, "start_time": "" } @@ -1577,7 +1577,7 @@ { "status": "failed", "code_desc": "", - "message": "http2-server", + "message": null, "run_time": null, "start_time": "" } @@ -1597,7 +1597,7 @@ { "status": "failed", "code_desc": "", - "message": "http2-server", + "message": null, "run_time": null, "start_time": "" } @@ -1617,7 +1617,7 @@ { "status": "failed", "code_desc": "", - "message": "http2-common", + "message": null, "run_time": null, "start_time": "" } @@ -1637,7 +1637,7 @@ { "status": "failed", "code_desc": "", - "message": "http2-hpack", + "message": null, "run_time": null, "start_time": "" } @@ -1657,7 +1657,7 @@ { "status": "failed", "code_desc": "", - "message": "amqp-client", + "message": null, "run_time": null, "start_time": "" } @@ -1677,7 +1677,7 @@ { "status": "failed", "code_desc": "", - "message": "amqp-client", + "message": null, "run_time": null, "start_time": "" } @@ -1697,7 +1697,7 @@ { "status": "failed", "code_desc": "", - "message": "h2", + "message": null, "run_time": null, "start_time": "" } @@ -1717,14 +1717,14 @@ { "status": "failed", "code_desc": "", - "message": "h2", + "message": null, "run_time": null, "start_time": "" } ] } ], - "sha256": "c04e3b5461a7a25a9bdf3c3cc3e1f7c57fca676fdd12e4ac31072df9e64fae61" + "sha256": "cea5e02f216ef11082767cc7bc6d2f12a3fedcb2a4979c109128031f4015cc4e" } ], "passthrough": { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 49106b422f..fcbc4b0c25 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -33,15 +33,17 @@ export class SBOMResults { } generateIntermediary(data: Record) { - if ( - _.has(data, 'vulnerabilities') && - data.vulnerabilities instanceof Array && - data.components instanceof Array - ) { - for (let vulnerability of data.vulnerabilities) { + if (_.has(data, 'vulnerabilities')) { + for (let vulnerability of data.vulnerabilities as (Record< + string, + unknown + > & {affects: (Object & {ref: string})[]})[]) { for (const id of vulnerability.affects) { const components = []; - for (const component of data.components) { + for (const component of data.components as Record< + string, + unknown + >[]) { if (_.get(component, 'bom-ref') === id.ref) { components.push(component); } From 5045bb778b6254169af3bf16c10be1109a0b5fc3 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 22 Jul 2024 15:15:33 -0400 Subject: [PATCH 11/61] Mapping progress; component flattening Signed-off-by: Charles Hu --- .../sbom-dropwizard-vulns-hdf-withraw.json | 11292 +- .../sbom-dropwizard-vulns-hdf.json | 11282 +- .../sbom_mapper/sbom-saf-hdf-withraw.json | 181566 ++++++++++----- .../sbom_mapper/sbom-saf-hdf.json | 99946 +++++++- libs/hdf-converters/src/sbom-mapper.ts | 32 +- 5 files changed, 238971 insertions(+), 65147 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index 2f59edfe2a..35e0a4cf6a 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -28,9 +28,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "b7a12947-7a8d-4031-b59d-640d33dbad6a", "id": "GHSA-5mg8-w23w-74h3", - "desc": null, + "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0, "code": null, "results": [ @@ -48,9 +48,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "bb03c210-ea12-450d-85df-17d81a75ede2", "id": "GHSA-7g45-4rm6-3mm3", - "desc": null, + "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0, "code": null, "results": [ @@ -68,9 +68,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", "id": "GHSA-5p34-5m6p-p58g", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 0, "code": null, "results": [ @@ -88,9 +88,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "f57dc81d-6b2d-4060-8c15-7613c1a37981", "id": "GHSA-27xj-rqx5-2255", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0, "code": null, "results": [ @@ -108,9 +108,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", "id": "GHSA-58pp-9c76-5625", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0, "code": null, "results": [ @@ -128,9 +128,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", "id": "GHSA-v3xw-c963-f5hc", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0, "code": null, "results": [ @@ -148,9 +148,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", "id": "GHSA-h4rc-386g-6m85", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0, "code": null, "results": [ @@ -168,9 +168,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", "id": "GHSA-9vvp-fxw6-jcxr", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0, "code": null, "results": [ @@ -188,9 +188,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "343cd240-f667-4770-aecf-ddc11f9d0172", "id": "GHSA-rf6r-2c4q-2vwg", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0, "code": null, "results": [ @@ -208,9 +208,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", "id": "GHSA-758m-v56v-grj4", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0, "code": null, "results": [ @@ -228,9 +228,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", "id": "GHSA-95cm-88f5-f2c7", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0, "code": null, "results": [ @@ -248,9 +248,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", "id": "GHSA-c2q3-4qrh-fm48", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0, "code": null, "results": [ @@ -268,9 +268,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "97981cb2-9228-4b8b-a172-ad12f550a19f", "id": "GHSA-mc6h-4qgp-37qh", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0, "code": null, "results": [ @@ -288,9 +288,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", "id": "GHSA-j823-4qch-3rgm", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0, "code": null, "results": [ @@ -308,9 +308,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "7e3a7481-266e-4cb7-af3b-94dcaf462942", "id": "GHSA-c265-37vj-cwcc", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0, "code": null, "results": [ @@ -328,9 +328,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "db7cfe67-0b1d-4504-af8b-da26e12af73a", "id": "GHSA-4w82-r329-3q67", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 0, "code": null, "results": [ @@ -348,9 +348,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", "id": "GHSA-rpr3-cw39-3pxh", - "desc": null, + "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0, "code": null, "results": [ @@ -368,9 +368,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c037af59-a132-4727-8cc3-c6095c490df7", "id": "GHSA-fmmc-742q-jg75", - "desc": null, + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 0, "code": null, "results": [ @@ -388,9 +388,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", "id": "GHSA-gjmw-vf9h-g25v", - "desc": null, + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 0, "code": null, "results": [ @@ -408,9 +408,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "e8b21aeb-ce1d-4df2-8102-577b813e712f", "id": "GHSA-mx7p-6679-8g3q", - "desc": null, + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 0, "code": null, "results": [ @@ -428,9 +428,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "e141c668-bc18-4738-b3b6-e7ba1057d124", "id": "GHSA-q93h-jc49-78gg", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 0, "code": null, "results": [ @@ -448,9 +448,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", "id": "GHSA-p43x-xfjf-5jhr", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 0, "code": null, "results": [ @@ -468,9 +468,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "6af6635c-bedd-40e5-88b8-324d3a80a33e", "id": "GHSA-h3cw-g4mq-c5x2", - "desc": null, + "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0, "code": null, "results": [ @@ -488,9 +488,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "3ad04380-a25c-41d8-8fad-259c2561795b", "id": "GHSA-qjw2-hr98-qgfh", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0, "code": null, "results": [ @@ -508,9 +508,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "86f78c35-adfb-48e4-9428-88084373e1c0", "id": "GHSA-8w26-6f25-cm9x", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0, "code": null, "results": [ @@ -528,9 +528,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", "id": "GHSA-m6x4-97wx-4q27", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0, "code": null, "results": [ @@ -548,9 +548,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "00033bff-66dc-4a36-ab38-a10b0625409f", "id": "GHSA-v585-23hc-c647", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0, "code": null, "results": [ @@ -568,9 +568,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "14e2856b-f78d-4a6d-99eb-470c8566df29", "id": "GHSA-r695-7vr9-jgc2", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0, "code": null, "results": [ @@ -588,9 +588,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c224f923-be9a-4faa-a930-ef4db611bc2b", "id": "GHSA-vfqx-33qm-g869", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0, "code": null, "results": [ @@ -608,9 +608,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "5201940b-1f04-4668-ae86-8261448d817d", "id": "GHSA-f9xh-2qgp-cq57", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0, "code": null, "results": [ @@ -628,9 +628,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", "id": "GHSA-cvm9-fjm9-3572", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0, "code": null, "results": [ @@ -648,9 +648,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", "id": "GHSA-9gph-22xh-8x98", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0, "code": null, "results": [ @@ -668,9 +668,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "950cff67-088e-4f41-9818-25943c9e17c0", "id": "GHSA-89qr-369f-5m5x", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0, "code": null, "results": [ @@ -688,9 +688,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "53eda8c2-268a-4866-89ac-234bfe7f74ce", "id": "GHSA-8c4j-34r4-xr8g", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0, "code": null, "results": [ @@ -708,9 +708,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "9edaa51d-929b-457e-aab5-0fffecdb4938", "id": "GHSA-9m6f-7xcq-8vf8", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0, "code": null, "results": [ @@ -728,9 +728,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "6d5189b4-d549-419a-b886-43a62cc43d40", "id": "GHSA-5r5r-6hpj-8gg9", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0, "code": null, "results": [ @@ -748,9 +748,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "135c6dab-529e-4855-ab72-a0138e2110c8", "id": "GHSA-wh8g-3j2c-rqj5", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0, "code": null, "results": [ @@ -768,9 +768,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "57f41366-73de-4a9c-ba15-4d09c9f60e33", "id": "GHSA-r3gr-cxrf-hg25", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0, "code": null, "results": [ @@ -788,9 +788,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", "id": "GHSA-jjjh-jjxp-wpff", - "desc": null, + "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0, "code": null, "results": [ @@ -808,9 +808,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "726a055c-f364-4cb7-a75a-d3c541dad0fa", "id": "GHSA-5949-rw7g-wx7w", - "desc": null, + "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0, "code": null, "results": [ @@ -828,9 +828,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", "id": "GHSA-57j2-w4cx-62h2", - "desc": null, + "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0, "code": null, "results": [ @@ -848,9 +848,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", "id": "GHSA-288c-cq4h-88gq", - "desc": null, + "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0, "code": null, "results": [ @@ -868,9 +868,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", "id": "GHSA-gww7-p5w4-wrfv", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 0, "code": null, "results": [ @@ -888,9 +888,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "87742746-bd8b-423d-979d-d9aa81a8ccfd", "id": "GHSA-rgv9-q543-rqg4", - "desc": null, + "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0, "code": null, "results": [ @@ -908,9 +908,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "5c0b94e1-0577-42c9-8028-f244d68f61da", "id": "GHSA-fqwf-pjwf-7vqv", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0, "code": null, "results": [ @@ -928,9 +928,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "f2fa9b19-418a-4901-9840-a8631227701e", "id": "GHSA-8jpx-m2wh-2v34", - "desc": null, + "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0, "code": null, "results": [ @@ -948,9 +948,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", "id": "GHSA-3mcp-9wr4-cjqf", - "desc": null, + "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0, "code": null, "results": [ @@ -968,9 +968,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", "id": "GHSA-rvwf-54qp-4r6v", - "desc": null, + "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0, "code": null, "results": [ @@ -988,9 +988,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "63a53dc7-5769-43dc-a053-50ccd5295d8b", "id": "GHSA-9w3m-gqgf-c4p9", - "desc": null, + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0, "code": null, "results": [ @@ -1008,9 +1008,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "5ab41975-23cc-45e0-9a13-be603ea00595", "id": "GHSA-w37g-rhq8-7m4j", - "desc": null, + "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0, "code": null, "results": [ @@ -1028,9 +1028,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "dff65990-715e-4f71-aace-60d4436af108", "id": "GHSA-c4r9-r8fh-9vj2", - "desc": null, + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0, "code": null, "results": [ @@ -1048,9 +1048,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", "id": "GHSA-hhhw-99gj-p3c3", - "desc": null, + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0, "code": null, "results": [ @@ -1068,9 +1068,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "6c215a04-8ea0-421f-961b-d5cceb64fd13", "id": "GHSA-98wm-3w3q-mw94", - "desc": null, + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0, "code": null, "results": [ @@ -1088,9 +1088,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "38c08d91-3487-44c4-b258-d5a274a4ad05", "id": "GHSA-3mc7-4q67-w48m", - "desc": null, + "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0, "code": null, "results": [ @@ -1108,9 +1108,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", "id": "GHSA-mjmj-j48q-9wg2", - "desc": null, + "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0, "code": null, "results": [ @@ -1128,9 +1128,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", "id": "GHSA-668q-qrv7-99fm", - "desc": null, + "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0, "code": null, "results": [ @@ -1148,9 +1148,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", "id": "GHSA-vmq6-5m68-f53m", - "desc": null, + "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0, "code": null, "results": [ @@ -1168,9 +1168,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", "id": "GHSA-m394-8rww-3jr7", - "desc": null, + "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0, "code": null, "results": [ @@ -1188,9 +1188,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "f32ca540-f068-4392-bea0-c0d7b050b7d1", "id": "GHSA-m6cp-vxjx-65j6", - "desc": null, + "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0, "code": null, "results": [ @@ -1208,9 +1208,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", "id": "GHSA-26vr-8j45-3r4w", - "desc": null, + "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0, "code": null, "results": [ @@ -1228,9 +1228,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "d5c5815d-1742-46b6-953a-a4ed90fdd920", "id": "GHSA-p26g-97m4-6q7c", - "desc": null, + "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0, "code": null, "results": [ @@ -1248,9 +1248,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "f6ff72c7-6603-4627-899d-658f8f7c5f23", "id": "GHSA-qw69-rqj8-6qw8", - "desc": null, + "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0, "code": null, "results": [ @@ -1268,9 +1268,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", "id": "GHSA-86wm-rrjm-8wh8", - "desc": null, + "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0, "code": null, "results": [ @@ -1288,9 +1288,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c19b779d-2699-44de-a189-a0d18d8dc953", "id": "GHSA-cj7v-27pg-wf7q", - "desc": null, + "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0, "code": null, "results": [ @@ -1308,9 +1308,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", "id": "GHSA-hmr7-m48g-48f6", - "desc": null, + "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0, "code": null, "results": [ @@ -1328,9 +1328,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", "id": "GHSA-g3wg-6mcf-8jj6", - "desc": null, + "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0, "code": null, "results": [ @@ -1348,9 +1348,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "76910119-ee18-4144-855b-b2fdab20e33c", "id": "GHSA-58qw-p7qm-5rvh", - "desc": null, + "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0, "code": null, "results": [ @@ -1368,9 +1368,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "d8add710-4eed-448d-b198-ecff8ffe86ea", "id": "GHSA-gwcr-j4wh-j3cq", - "desc": null, + "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0, "code": null, "results": [ @@ -1388,9 +1388,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "123b8eaf-5572-4945-975d-21ed3c2f101d", "id": "GHSA-3gh6-v5v9-6v9j", - "desc": null, + "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0, "code": null, "results": [ @@ -1408,9 +1408,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "499117ae-d134-4505-8674-ed498531e7a9", "id": "GHSA-269g-pwp5-87pp", - "desc": null, + "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0, "code": null, "results": [ @@ -1428,9 +1428,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "id": "INT-f70z-tbpp-4o5d", - "desc": null, + "desc": "", "impact": 0, "code": null, "results": [ @@ -1448,9 +1448,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "id": "INT-63e3-49kp-blqt", - "desc": null, + "desc": "testing", "impact": 0, "code": null, "results": [ @@ -1468,9 +1468,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "1f182b73-afb8-424c-8e08-533a0f702076", "id": "GHSA-j8jw-g6fq-mp7h", - "desc": null, + "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0, "code": null, "results": [ @@ -1488,9 +1488,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", "id": "GHSA-8grg-q944-cch5", - "desc": null, + "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0, "code": null, "results": [ @@ -1508,9 +1508,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "55ebe39e-12f6-4360-aeba-9913ef7efb68", "id": "GHSA-hwj3-m3p6-hj38", - "desc": null, + "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 0, "code": null, "results": [ @@ -1528,9 +1528,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "8c0002e8-9326-40f7-9209-51020755ff02", "id": "GHSA-7r82-7xv7-xcpj", - "desc": null, + "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0, "code": null, "results": [ @@ -1548,9 +1548,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "7b0674fc-e326-47d0-b34b-b5bfb523784b", "id": "GHSA-jvfv-hrrc-6q72", - "desc": null, + "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 0, "code": null, "results": [ @@ -1568,9 +1568,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c3fdf61d-7886-423b-8a29-b6ab6790c127", "id": "GHSA-wgmr-mf83-7x4j", - "desc": null, + "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0, "code": null, "results": [ @@ -1588,9 +1588,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "affa7af3-427f-4223-8028-d9ac45e80e08", "id": "GHSA-qppj-fm5r-hxr3", - "desc": null, + "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0, "code": null, "results": [ @@ -1608,9 +1608,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", "id": "GHSA-rggv-cv7r-mw98", - "desc": null, + "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0, "code": null, "results": [ @@ -1628,9 +1628,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", "id": "GHSA-wgh7-54f2-x98r", - "desc": null, + "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0, "code": null, "results": [ @@ -1648,9 +1648,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", "id": "GHSA-w4g2-9hj6-5472", - "desc": null, + "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0, "code": null, "results": [ @@ -1668,9 +1668,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", "id": "GHSA-mm8h-8587-p46h", - "desc": null, + "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0, "code": null, "results": [ @@ -1688,9 +1688,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "815a1358-2bd4-4028-bd3e-8219747c78f6", "id": "GHSA-h376-j262-vhq6", - "desc": null, + "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 0, "code": null, "results": [ @@ -1708,9 +1708,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c8a50465-16df-44e0-84e9-7acff5870a51", "id": "GHSA-45hx-wfhj-473x", - "desc": null, + "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 0, "code": null, "results": [ @@ -1724,923 +1724,10055 @@ ] } ], - "sha256": "cea5e02f216ef11082767cc7bc6d2f12a3fedcb2a4979c109128031f4015cc4e" + "sha256": "fa59f17859d66dbe3b09f493059c5994e08d7cb0f475075b22d6586635274ba2" } ], "passthrough": { "auxiliary_data": [ { "name": "SBOM", - "data": { - "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", - "version": 1, - "dependencies": [ - { - "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "dependsOn": [] - }, - { - "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", - "dependsOn": [] - }, - { - "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", - "dependsOn": [] - }, - { - "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", - "dependsOn": [] - }, - { - "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", - "dependsOn": [] - }, - { - "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", - "dependsOn": [ - "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", - "f09e69a1-54de-4e7b-802a-adda10a1c7be" - ] - }, - { - "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", - "dependsOn": [] - }, - { - "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", - "dependsOn": [] - }, - { - "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", - "dependsOn": [] - }, - { - "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", - "dependsOn": [] - }, - { - "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "dependsOn": [] - }, - { - "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", - "dependsOn": [] - }, - { - "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", - "dependsOn": [] - }, - { - "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", - "dependsOn": [] - }, - { - "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", - "dependsOn": [] - }, - { - "ref": "757cef7a-83f2-4973-832d-67849ca42b69", - "dependsOn": [] - }, - { - "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", - "dependsOn": [] - }, - { - "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", - "dependsOn": [] - }, - { - "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", - "dependsOn": [] - }, - { - "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", - "dependsOn": [] - }, - { - "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", - "dependsOn": [] - }, - { - "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", - "dependsOn": [] - }, - { - "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", - "dependsOn": [ - "dd4f3e68-5483-4177-9ee9-987774aea94f", - "4607f688-0845-494b-b2d4-9ee41c19d4f4", - "893beba4-580b-4ada-a4cf-067fbe145507", - "88a1ebea-4757-41a9-91cc-047c07fe0f94", - "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" - ] - }, - { - "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", - "dependsOn": [ - "55086fc5-4c36-45b5-9569-fdafa26e075d", - "757cef7a-83f2-4973-832d-67849ca42b69", - "93a8597b-e82a-4726-8e16-849d026f7b98" - ] - }, - { - "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", - "dependsOn": [ - "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", - "370d779c-d1ea-4d92-8e70-1ad325e94298", - "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "65c8e5ac-baa7-4b18-8320-b3742c7401ae", - "b692a425-dca6-4bed-af67-5855cb40dbcf", - "2a741bac-adc5-492c-a149-20cc8eee8cc8", - "881df936-411d-4bb3-b464-6edcf14c671c", - "ac21cab7-b535-4294-8a61-b10b62918666", - "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", - "1d12f487-9f6e-4658-98ad-395ce4475ad9", - "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "80b88754-8b78-4597-bc4f-47788add0031", - "1f037d99-8070-4b50-8260-1e8ef8765f8d", - "5978be79-e890-48b1-8f11-40416ee5bb61", - "5aed0617-3613-43e7-94d2-105b2af0b00d", - "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", - "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", - "96cf7115-b31d-4c98-bae2-952c601d3878" - ] - }, - { - "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", - "dependsOn": [ - "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", - "daabc9e2-1ec3-4d10-9251-69ab9834b02a" - ] - }, - { - "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", - "dependsOn": [ - "ea1f023d-0390-4558-8696-dc8d566dd95e" - ] - }, - { - "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", - "dependsOn": [ - "58e68d03-5ae3-424e-a51b-822ceb9e8643", - "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", - "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", - "8c0378f7-4c0e-4ee3-849d-740b0035c371" - ] - }, - { - "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", - "dependsOn": [ - "55521fe9-aed2-403e-9df2-75fc5af90f54", - "f0e1d440-763b-4714-9bec-6bf081f12b9e", - "79b01257-3e61-49f7-8600-2042bde4702b", - "b4ca2dc7-9d68-4737-9afc-dea82759cd45" - ] - }, - { - "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", - "dependsOn": [ - "1a021b8e-d143-4072-84f0-0e18292f1967", - "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", - "6b5fc35d-b114-4455-aa14-0a67248ee6bd", - "cdd49ec5-1b07-46eb-be80-02048d7796ae", - "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "c2dbe746-304a-4e35-88f0-69943d701fe5", - "5694b066-2847-4855-8230-77e902b37502", - "4634319e-cca2-4c02-8372-222f43bd35ba", - "648c2811-d754-45aa-9160-8f018ab4aab9", - "8fb33937-22be-4bae-b750-c8e4dd1e28e4", - "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", - "85776385-c1af-42fa-a0ac-21ecf796742f" - ] - }, - { - "ref": "881df936-411d-4bb3-b464-6edcf14c671c", - "dependsOn": [ - "aab91e2b-b26c-4248-9535-f3e8db0b0883", - "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", - "1b61648b-2106-4c86-ad10-79411c0ce338", - "ea950eb0-f271-4abc-a5dc-7c60fed3b586", - "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", - "82cd08db-9df5-488f-be94-6f3b554dfa9b", - "4e012695-d45a-4296-b37b-54a8b6893a50", - "71f396a0-0285-465e-8ce3-6eacb47be941", - "efb2d239-5a37-49aa-9995-47e7be07304a" - ] - }, - { - "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", - "dependsOn": [ - "bd750137-b073-47d5-891a-e48c192cfcba", - "4e012695-d45a-4296-b37b-54a8b6893a50", - "423d6189-7ce4-4931-9c74-3b58517df601", - "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", - "c1abfd09-121f-418c-befa-4d6b9e164769" - ] - }, - { - "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", - "dependsOn": [ - "1a021b8e-d143-4072-84f0-0e18292f1967", - "4e012695-d45a-4296-b37b-54a8b6893a50", - "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" - ] - }, - { - "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", - "dependsOn": [ - "54f1226e-fb42-44e1-afb3-f5963e327f7c", - "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", - "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "6d8385bd-f9a9-4a97-9031-3a1c717209b7", - "2f225da8-8da3-429b-a014-effeea8c71eb", - "a309ae04-449e-4c6d-92cb-072fb307f9ad", - "e36cfe6c-5955-40dd-8f4f-09c43087ac53" - ] - }, - { - "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", - "dependsOn": [] - }, - { - "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", - "dependsOn": [ - "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" - ] - }, - { - "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", - "dependsOn": [ - "ab3bfc00-8d35-4a4d-b314-86573681d910", - "36fc309f-d086-43d6-b660-5de275ee630f" - ] - }, - { - "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", - "dependsOn": [ - "df3cc349-8f4d-4d7e-82ab-1309f17741d3" - ] - }, - { - "ref": "ac21cab7-b535-4294-8a61-b10b62918666", - "dependsOn": [ - "cc245b84-5644-43ff-82a8-82d6ff6ce58a" - ] - }, - { - "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", - "dependsOn": [ - "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", - "94379ad3-19a6-4b21-a049-ca0b762d8c13" - ] - }, - { - "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", - "dependsOn": [ - "7e266974-a702-488c-99f6-258ccf14f0f3" - ] - }, - { - "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "dependsOn": [ - "0d0caea7-65ca-4504-b50a-80e480879f5f", - "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", - "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" - ] - }, - { - "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", - "dependsOn": [ - "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" - ] - }, - { - "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", - "dependsOn": [ - "d6394138-9591-4141-9a76-4c3082ff2ed4", - "5b865504-bea5-4b92-ae5e-46553e01093c" - ] - }, - { - "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", - "dependsOn": [ - "ebf5150b-055e-45d4-82e5-eebc38ffea70" - ] - }, - { - "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", - "dependsOn": [] - }, - { - "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", - "dependsOn": [] - }, - { - "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", - "dependsOn": [] - }, - { - "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", - "dependsOn": [ - "fba3b85d-fb95-43d0-b534-0fc515cc831c", - "aa9df662-3606-433f-abf6-8d2ba8dbed4a", - "026156fa-3bff-4bbd-894a-36d1b3be8f3d", - "da25e363-473d-4f84-9f46-8e09c7ec7c28" - ] - }, - { - "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", - "dependsOn": [] - }, - { - "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", - "dependsOn": [] - }, - { - "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", - "dependsOn": [] - }, - { - "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", - "dependsOn": [ - "bc3daea8-1de6-4319-b0fa-c36672bfae58", - "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", - "f09e69a1-54de-4e7b-802a-adda10a1c7be", - "b8d1f31a-736f-4134-9f3b-b5b85376c82e", - "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", - "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", - "627bb70b-4b85-4801-8239-f03de04ca5db", - "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" - ] - }, - { - "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", - "dependsOn": [] - }, - { - "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", - "dependsOn": [ - "c454f700-0d16-4956-a210-03d9073b6d12", - "a34a6a71-d883-47b3-b6eb-e87238cffb51", - "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" - ] - }, - { - "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", - "dependsOn": [ - "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", - "517c6455-0a2e-4e78-8d4b-88837bb5244c" - ] - }, - { - "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", - "dependsOn": [] - }, - { - "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", - "dependsOn": [] - }, - { - "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", - "dependsOn": [ - "d2a5e2bf-ead6-4768-866a-385166eb6709" - ] - }, - { - "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", - "dependsOn": [] - }, - { - "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", - "dependsOn": [ - "f4a06b14-3945-4381-b3dd-b46407b02b6b" - ] - }, - { - "ref": "893beba4-580b-4ada-a4cf-067fbe145507", - "dependsOn": [ - "1a5b616d-beeb-422e-aa26-63a8a4181c4e", - "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" - ] - }, - { - "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", - "dependsOn": [] - }, - { - "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", - "dependsOn": [] - }, - { - "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", - "dependsOn": [] - }, - { - "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", - "dependsOn": [] - }, - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "dependsOn": [] - }, - { - "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", - "dependsOn": [ - "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - ] - }, - { - "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", - "dependsOn": [] - }, - { - "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", - "dependsOn": [ - "6b5fc35d-b114-4455-aa14-0a67248ee6bd", - "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - ] - }, - { - "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", - "dependsOn": [] - }, - { - "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", - "dependsOn": [] - }, - { - "ref": "5694b066-2847-4855-8230-77e902b37502", - "dependsOn": [] - }, - { - "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", - "dependsOn": [] - }, - { - "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", - "dependsOn": [ - "014723b6-3b73-414b-a760-da7bb1ab988d", - "7a6724fd-3628-46d2-8de5-9059e6ec494c" - ] - }, - { - "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", - "dependsOn": [] - }, - { - "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", - "dependsOn": [] - }, - { - "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", - "dependsOn": [] - }, - { - "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", - "dependsOn": [] - }, - { - "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", - "dependsOn": [] - }, - { - "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", - "dependsOn": [] - }, - { - "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", - "dependsOn": [] - }, - { - "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", - "dependsOn": [] - }, - { - "ref": "25416803-852c-4475-bf84-2bf849ea6a56", - "dependsOn": [] - }, - { - "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", - "dependsOn": [] - }, - { - "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", - "dependsOn": [] - }, - { - "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", - "dependsOn": [] - }, - { - "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", - "dependsOn": [] - }, - { - "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", - "dependsOn": [] - }, - { - "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", - "dependsOn": [ - "7176887b-3e41-4f10-9d29-26ec573e2c49", - "85776385-c1af-42fa-a0ac-21ecf796742f", - "c9381862-0cc8-48d6-9b97-82f00d12cdb7" - ] - }, - { - "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", - "dependsOn": [ - "1a021b8e-d143-4072-84f0-0e18292f1967" - ] - }, - { - "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", - "dependsOn": [ - "7e266974-a702-488c-99f6-258ccf14f0f3" - ] - }, - { - "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", - "dependsOn": [] - }, - { - "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", - "dependsOn": [] - }, - { - "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", - "dependsOn": [] - }, - { - "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", - "dependsOn": [] - }, - { - "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", - "dependsOn": [ - "f72b7435-4703-4eea-8a0e-b7991aaa5565", - "3d67ecbd-3ee2-437b-800b-d137ccd17d46" - ] - }, - { - "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", - "dependsOn": [ - "ad836327-5c0c-495e-bb92-9e17bda31d81" - ] - }, - { - "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", - "dependsOn": [] - }, - { - "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", - "dependsOn": [] - }, - { - "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", - "dependsOn": [] - }, - { - "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", - "dependsOn": [ - "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", - "75ac24b0-9039-45fe-842d-ccecdd3c62e1" - ] - }, - { - "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", - "dependsOn": [] - }, - { - "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", - "dependsOn": [] - }, - { - "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", - "dependsOn": [ - "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", - "dd4f3e68-5483-4177-9ee9-987774aea94f", - "837f075b-d753-4d9e-a827-1d9f9f5e08b3", - "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", - "856bdbf0-98a8-4f05-950b-f6603c23a8c6", - "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", - "8dc0d897-c489-493c-a4b6-c5384d663c85", - "cce11866-0e96-4a46-9b49-dbee3ab30c8b", - "c454f700-0d16-4956-a210-03d9073b6d12" - ] - }, - { - "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", - "dependsOn": [ - "ad836327-5c0c-495e-bb92-9e17bda31d81" - ] - }, - { - "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", - "dependsOn": [ - "60844efd-9e68-4684-adf6-b7cc9e09a53b", - "aab91e2b-b26c-4248-9535-f3e8db0b0883", - "dd4f3e68-5483-4177-9ee9-987774aea94f" - ] - }, - { - "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", - "dependsOn": [] - }, - { - "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", - "dependsOn": [] - }, - { - "ref": "79b01257-3e61-49f7-8600-2042bde4702b", - "dependsOn": [] - }, - { - "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", - "dependsOn": [] - }, - { - "ref": "50a898e1-523d-4041-9250-b25394071a77", - "dependsOn": [] - }, - { - "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", - "dependsOn": [] - }, - { - "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", - "dependsOn": [] - }, - { - "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", - "dependsOn": [] - }, - { - "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", - "dependsOn": [] - }, - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "dependsOn": [ - "25416803-852c-4475-bf84-2bf849ea6a56", - "c1abfd09-121f-418c-befa-4d6b9e164769", - "be69e2b9-e673-42a8-98f1-e6d3be74c272" - ] - }, - { - "ref": "423d6189-7ce4-4931-9c74-3b58517df601", - "dependsOn": [ - "4473173b-92a4-4b6f-aa40-3b0479fe60ee" - ] - }, - { - "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", - "dependsOn": [ - "efb2d239-5a37-49aa-9995-47e7be07304a" - ] - }, - { - "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", - "dependsOn": [] - }, - { - "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", - "dependsOn": [] - }, - { - "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", - "dependsOn": [ - "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", - "423d6189-7ce4-4931-9c74-3b58517df601" - ] - }, - { - "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", - "dependsOn": [] - }, - { - "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", - "dependsOn": [ - "186eb402-6ab8-417c-8bbb-4032f9722383", - "7b1c11dd-7462-451d-a5b1-0fbd56708727" - ] - }, - { - "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", - "dependsOn": [] - }, - { - "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", - "dependsOn": [] - }, - { - "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", - "dependsOn": [] - }, - { - "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", - "dependsOn": [] - }, - { - "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", - "dependsOn": [] - }, - { - "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", - "dependsOn": [ - "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" - ] - }, - { - "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", - "dependsOn": [] - }, - { - "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", - "dependsOn": [ - "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", - "a0e7d3ee-2d51-4a08-a013-5b75b697edec", - "7a60c1f8-0819-4133-aa05-ece823ae5494" - ] - }, - { - "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", - "dependsOn": [] - }, - { - "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", - "dependsOn": [ - "33155de6-f8f2-48a7-ab80-19d8641794bf", - "71a8cbce-c3a6-4797-b3f1-60415f5e1131" - ] - }, - { - "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", - "dependsOn": [ - "85776385-c1af-42fa-a0ac-21ecf796742f", - "6d8385bd-f9a9-4a97-9031-3a1c717209b7" - ] - }, - { - "ref": "36fc309f-d086-43d6-b660-5de275ee630f", - "dependsOn": [] - }, - { - "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", - "dependsOn": [] - }, - { - "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", - "dependsOn": [] - }, - { - "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", - "dependsOn": [] - }, - { - "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "dependsOn": [] - }, - { - "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", - "dependsOn": [] - }, - { - "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "dependsOn": [] - }, - { - "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", - "dependsOn": [ - "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" - ] - }, - { - "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", - "dependsOn": [] - }, - { - "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", - "dependsOn": [] - }, - { - "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e" - ] - }, - { - "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "cc245b84-5644-43ff-82a8-82d6ff6ce58a" - ] - }, - { - "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "cc245b84-5644-43ff-82a8-82d6ff6ce58a" - ] - }, - { - "ref": "bd750137-b073-47d5-891a-e48c192cfcba", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e" - ] - }, - { - "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", - "dependsOn": [] - }, - { - "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", - "dependsOn": [] - }, - { - "ref": "80b88754-8b78-4597-bc4f-47788add0031", - "dependsOn": [] - }, - { - "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e" - ] - }, - { - "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", - "dependsOn": [ - "9c03efc2-c106-4191-980f-b91376b5ab06", - "80a1384b-dee2-4dff-9d74-79d854cdeb2f" - ] - }, - { - "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", - "dependsOn": [] - }, - { - "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", - "dependsOn": [ - "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "91658b5a-2478-4653-a3e4-f62c4f58f87b" - ] - }, - { - "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", - "dependsOn": [] - }, - { - "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", - "dependsOn": [] - }, - { - "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", - "dependsOn": [] - }, - { - "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", - "dependsOn": [] - }, - { - "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", - "dependsOn": [] - }, - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "dependsOn": [] - }, - { - "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", - "dependsOn": [] - }, - { - "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", - "dependsOn": [ - "13aba3db-12c7-44d2-895d-130d2897e460" - ] - }, - { - "ref": "13aba3db-12c7-44d2-895d-130d2897e460", - "dependsOn": [] - }, - { - "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", - "dependsOn": [ - "3affcf84-19c7-4ac3-91f9-b08980969391" - ] - }, - { - "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", - "dependsOn": [] - }, - { - "ref": "c454f700-0d16-4956-a210-03d9073b6d12", - "dependsOn": [] + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:28Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" } - ] + } } } ], diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index 5bb4c2e8ee..09f695248e 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -28,9 +28,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "b7a12947-7a8d-4031-b59d-640d33dbad6a", "id": "GHSA-5mg8-w23w-74h3", - "desc": null, + "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0, "code": null, "results": [ @@ -48,9 +48,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "bb03c210-ea12-450d-85df-17d81a75ede2", "id": "GHSA-7g45-4rm6-3mm3", - "desc": null, + "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0, "code": null, "results": [ @@ -68,9 +68,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", "id": "GHSA-5p34-5m6p-p58g", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 0, "code": null, "results": [ @@ -88,9 +88,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "f57dc81d-6b2d-4060-8c15-7613c1a37981", "id": "GHSA-27xj-rqx5-2255", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0, "code": null, "results": [ @@ -108,9 +108,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", "id": "GHSA-58pp-9c76-5625", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0, "code": null, "results": [ @@ -128,9 +128,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", "id": "GHSA-v3xw-c963-f5hc", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0, "code": null, "results": [ @@ -148,9 +148,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", "id": "GHSA-h4rc-386g-6m85", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0, "code": null, "results": [ @@ -168,9 +168,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", "id": "GHSA-9vvp-fxw6-jcxr", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0, "code": null, "results": [ @@ -188,9 +188,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "343cd240-f667-4770-aecf-ddc11f9d0172", "id": "GHSA-rf6r-2c4q-2vwg", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0, "code": null, "results": [ @@ -208,9 +208,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", "id": "GHSA-758m-v56v-grj4", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0, "code": null, "results": [ @@ -228,9 +228,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", "id": "GHSA-95cm-88f5-f2c7", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0, "code": null, "results": [ @@ -248,9 +248,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", "id": "GHSA-c2q3-4qrh-fm48", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0, "code": null, "results": [ @@ -268,9 +268,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "97981cb2-9228-4b8b-a172-ad12f550a19f", "id": "GHSA-mc6h-4qgp-37qh", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0, "code": null, "results": [ @@ -288,9 +288,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", "id": "GHSA-j823-4qch-3rgm", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0, "code": null, "results": [ @@ -308,9 +308,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "7e3a7481-266e-4cb7-af3b-94dcaf462942", "id": "GHSA-c265-37vj-cwcc", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0, "code": null, "results": [ @@ -328,9 +328,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "db7cfe67-0b1d-4504-af8b-da26e12af73a", "id": "GHSA-4w82-r329-3q67", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 0, "code": null, "results": [ @@ -348,9 +348,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", "id": "GHSA-rpr3-cw39-3pxh", - "desc": null, + "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0, "code": null, "results": [ @@ -368,9 +368,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c037af59-a132-4727-8cc3-c6095c490df7", "id": "GHSA-fmmc-742q-jg75", - "desc": null, + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 0, "code": null, "results": [ @@ -388,9 +388,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", "id": "GHSA-gjmw-vf9h-g25v", - "desc": null, + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 0, "code": null, "results": [ @@ -408,9 +408,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "e8b21aeb-ce1d-4df2-8102-577b813e712f", "id": "GHSA-mx7p-6679-8g3q", - "desc": null, + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 0, "code": null, "results": [ @@ -428,9 +428,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "e141c668-bc18-4738-b3b6-e7ba1057d124", "id": "GHSA-q93h-jc49-78gg", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 0, "code": null, "results": [ @@ -448,9 +448,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", "id": "GHSA-p43x-xfjf-5jhr", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 0, "code": null, "results": [ @@ -468,9 +468,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "6af6635c-bedd-40e5-88b8-324d3a80a33e", "id": "GHSA-h3cw-g4mq-c5x2", - "desc": null, + "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0, "code": null, "results": [ @@ -488,9 +488,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "3ad04380-a25c-41d8-8fad-259c2561795b", "id": "GHSA-qjw2-hr98-qgfh", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0, "code": null, "results": [ @@ -508,9 +508,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "86f78c35-adfb-48e4-9428-88084373e1c0", "id": "GHSA-8w26-6f25-cm9x", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0, "code": null, "results": [ @@ -528,9 +528,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", "id": "GHSA-m6x4-97wx-4q27", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0, "code": null, "results": [ @@ -548,9 +548,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "00033bff-66dc-4a36-ab38-a10b0625409f", "id": "GHSA-v585-23hc-c647", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0, "code": null, "results": [ @@ -568,9 +568,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "14e2856b-f78d-4a6d-99eb-470c8566df29", "id": "GHSA-r695-7vr9-jgc2", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0, "code": null, "results": [ @@ -588,9 +588,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c224f923-be9a-4faa-a930-ef4db611bc2b", "id": "GHSA-vfqx-33qm-g869", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0, "code": null, "results": [ @@ -608,9 +608,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "5201940b-1f04-4668-ae86-8261448d817d", "id": "GHSA-f9xh-2qgp-cq57", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0, "code": null, "results": [ @@ -628,9 +628,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", "id": "GHSA-cvm9-fjm9-3572", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0, "code": null, "results": [ @@ -648,9 +648,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", "id": "GHSA-9gph-22xh-8x98", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0, "code": null, "results": [ @@ -668,9 +668,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "950cff67-088e-4f41-9818-25943c9e17c0", "id": "GHSA-89qr-369f-5m5x", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0, "code": null, "results": [ @@ -688,9 +688,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "53eda8c2-268a-4866-89ac-234bfe7f74ce", "id": "GHSA-8c4j-34r4-xr8g", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0, "code": null, "results": [ @@ -708,9 +708,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "9edaa51d-929b-457e-aab5-0fffecdb4938", "id": "GHSA-9m6f-7xcq-8vf8", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0, "code": null, "results": [ @@ -728,9 +728,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "6d5189b4-d549-419a-b886-43a62cc43d40", "id": "GHSA-5r5r-6hpj-8gg9", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0, "code": null, "results": [ @@ -748,9 +748,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "135c6dab-529e-4855-ab72-a0138e2110c8", "id": "GHSA-wh8g-3j2c-rqj5", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0, "code": null, "results": [ @@ -768,9 +768,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "57f41366-73de-4a9c-ba15-4d09c9f60e33", "id": "GHSA-r3gr-cxrf-hg25", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0, "code": null, "results": [ @@ -788,9 +788,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", "id": "GHSA-jjjh-jjxp-wpff", - "desc": null, + "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0, "code": null, "results": [ @@ -808,9 +808,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "726a055c-f364-4cb7-a75a-d3c541dad0fa", "id": "GHSA-5949-rw7g-wx7w", - "desc": null, + "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0, "code": null, "results": [ @@ -828,9 +828,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", "id": "GHSA-57j2-w4cx-62h2", - "desc": null, + "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0, "code": null, "results": [ @@ -848,9 +848,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", "id": "GHSA-288c-cq4h-88gq", - "desc": null, + "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0, "code": null, "results": [ @@ -868,9 +868,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", "id": "GHSA-gww7-p5w4-wrfv", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 0, "code": null, "results": [ @@ -888,9 +888,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "87742746-bd8b-423d-979d-d9aa81a8ccfd", "id": "GHSA-rgv9-q543-rqg4", - "desc": null, + "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0, "code": null, "results": [ @@ -908,9 +908,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "5c0b94e1-0577-42c9-8028-f244d68f61da", "id": "GHSA-fqwf-pjwf-7vqv", - "desc": null, + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0, "code": null, "results": [ @@ -928,9 +928,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "f2fa9b19-418a-4901-9840-a8631227701e", "id": "GHSA-8jpx-m2wh-2v34", - "desc": null, + "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0, "code": null, "results": [ @@ -948,9 +948,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", "id": "GHSA-3mcp-9wr4-cjqf", - "desc": null, + "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0, "code": null, "results": [ @@ -968,9 +968,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", "id": "GHSA-rvwf-54qp-4r6v", - "desc": null, + "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0, "code": null, "results": [ @@ -988,9 +988,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "63a53dc7-5769-43dc-a053-50ccd5295d8b", "id": "GHSA-9w3m-gqgf-c4p9", - "desc": null, + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0, "code": null, "results": [ @@ -1008,9 +1008,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "5ab41975-23cc-45e0-9a13-be603ea00595", "id": "GHSA-w37g-rhq8-7m4j", - "desc": null, + "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0, "code": null, "results": [ @@ -1028,9 +1028,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "dff65990-715e-4f71-aace-60d4436af108", "id": "GHSA-c4r9-r8fh-9vj2", - "desc": null, + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0, "code": null, "results": [ @@ -1048,9 +1048,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", "id": "GHSA-hhhw-99gj-p3c3", - "desc": null, + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0, "code": null, "results": [ @@ -1068,9 +1068,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "6c215a04-8ea0-421f-961b-d5cceb64fd13", "id": "GHSA-98wm-3w3q-mw94", - "desc": null, + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0, "code": null, "results": [ @@ -1088,9 +1088,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "38c08d91-3487-44c4-b258-d5a274a4ad05", "id": "GHSA-3mc7-4q67-w48m", - "desc": null, + "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0, "code": null, "results": [ @@ -1108,9 +1108,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", "id": "GHSA-mjmj-j48q-9wg2", - "desc": null, + "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0, "code": null, "results": [ @@ -1128,9 +1128,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", "id": "GHSA-668q-qrv7-99fm", - "desc": null, + "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0, "code": null, "results": [ @@ -1148,9 +1148,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", "id": "GHSA-vmq6-5m68-f53m", - "desc": null, + "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0, "code": null, "results": [ @@ -1168,9 +1168,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", "id": "GHSA-m394-8rww-3jr7", - "desc": null, + "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0, "code": null, "results": [ @@ -1188,9 +1188,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "f32ca540-f068-4392-bea0-c0d7b050b7d1", "id": "GHSA-m6cp-vxjx-65j6", - "desc": null, + "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0, "code": null, "results": [ @@ -1208,9 +1208,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", "id": "GHSA-26vr-8j45-3r4w", - "desc": null, + "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0, "code": null, "results": [ @@ -1228,9 +1228,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "d5c5815d-1742-46b6-953a-a4ed90fdd920", "id": "GHSA-p26g-97m4-6q7c", - "desc": null, + "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0, "code": null, "results": [ @@ -1248,9 +1248,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "f6ff72c7-6603-4627-899d-658f8f7c5f23", "id": "GHSA-qw69-rqj8-6qw8", - "desc": null, + "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0, "code": null, "results": [ @@ -1268,9 +1268,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", "id": "GHSA-86wm-rrjm-8wh8", - "desc": null, + "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0, "code": null, "results": [ @@ -1288,9 +1288,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c19b779d-2699-44de-a189-a0d18d8dc953", "id": "GHSA-cj7v-27pg-wf7q", - "desc": null, + "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0, "code": null, "results": [ @@ -1308,9 +1308,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", "id": "GHSA-hmr7-m48g-48f6", - "desc": null, + "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0, "code": null, "results": [ @@ -1328,9 +1328,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", "id": "GHSA-g3wg-6mcf-8jj6", - "desc": null, + "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0, "code": null, "results": [ @@ -1348,9 +1348,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "76910119-ee18-4144-855b-b2fdab20e33c", "id": "GHSA-58qw-p7qm-5rvh", - "desc": null, + "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0, "code": null, "results": [ @@ -1368,9 +1368,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "d8add710-4eed-448d-b198-ecff8ffe86ea", "id": "GHSA-gwcr-j4wh-j3cq", - "desc": null, + "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0, "code": null, "results": [ @@ -1388,9 +1388,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "123b8eaf-5572-4945-975d-21ed3c2f101d", "id": "GHSA-3gh6-v5v9-6v9j", - "desc": null, + "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0, "code": null, "results": [ @@ -1408,9 +1408,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "499117ae-d134-4505-8674-ed498531e7a9", "id": "GHSA-269g-pwp5-87pp", - "desc": null, + "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0, "code": null, "results": [ @@ -1428,9 +1428,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "id": "INT-f70z-tbpp-4o5d", - "desc": null, + "desc": "", "impact": 0, "code": null, "results": [ @@ -1448,9 +1448,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "id": "INT-63e3-49kp-blqt", - "desc": null, + "desc": "testing", "impact": 0, "code": null, "results": [ @@ -1468,9 +1468,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "1f182b73-afb8-424c-8e08-533a0f702076", "id": "GHSA-j8jw-g6fq-mp7h", - "desc": null, + "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0, "code": null, "results": [ @@ -1488,9 +1488,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", "id": "GHSA-8grg-q944-cch5", - "desc": null, + "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0, "code": null, "results": [ @@ -1508,9 +1508,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "55ebe39e-12f6-4360-aeba-9913ef7efb68", "id": "GHSA-hwj3-m3p6-hj38", - "desc": null, + "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 0, "code": null, "results": [ @@ -1528,9 +1528,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "8c0002e8-9326-40f7-9209-51020755ff02", "id": "GHSA-7r82-7xv7-xcpj", - "desc": null, + "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0, "code": null, "results": [ @@ -1548,9 +1548,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "7b0674fc-e326-47d0-b34b-b5bfb523784b", "id": "GHSA-jvfv-hrrc-6q72", - "desc": null, + "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 0, "code": null, "results": [ @@ -1568,9 +1568,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c3fdf61d-7886-423b-8a29-b6ab6790c127", "id": "GHSA-wgmr-mf83-7x4j", - "desc": null, + "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0, "code": null, "results": [ @@ -1588,9 +1588,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "affa7af3-427f-4223-8028-d9ac45e80e08", "id": "GHSA-qppj-fm5r-hxr3", - "desc": null, + "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0, "code": null, "results": [ @@ -1608,9 +1608,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", "id": "GHSA-rggv-cv7r-mw98", - "desc": null, + "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0, "code": null, "results": [ @@ -1628,9 +1628,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", "id": "GHSA-wgh7-54f2-x98r", - "desc": null, + "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0, "code": null, "results": [ @@ -1648,9 +1648,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", "id": "GHSA-w4g2-9hj6-5472", - "desc": null, + "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0, "code": null, "results": [ @@ -1668,9 +1668,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", "id": "GHSA-mm8h-8587-p46h", - "desc": null, + "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0, "code": null, "results": [ @@ -1688,9 +1688,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "815a1358-2bd4-4028-bd3e-8219747c78f6", "id": "GHSA-h376-j262-vhq6", - "desc": null, + "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 0, "code": null, "results": [ @@ -1708,9 +1708,9 @@ "descriptions": [], "refs": [], "source_location": {}, - "title": null, + "title": "c8a50465-16df-44e0-84e9-7acff5870a51", "id": "GHSA-45hx-wfhj-473x", - "desc": null, + "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 0, "code": null, "results": [ @@ -1724,923 +1724,10055 @@ ] } ], - "sha256": "cea5e02f216ef11082767cc7bc6d2f12a3fedcb2a4979c109128031f4015cc4e" + "sha256": "fa59f17859d66dbe3b09f493059c5994e08d7cb0f475075b22d6586635274ba2" } ], "passthrough": { "auxiliary_data": [ { "name": "SBOM", + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], "data": { "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", "version": 1, - "dependencies": [ - { - "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "dependsOn": [] - }, - { - "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", - "dependsOn": [] - }, - { - "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", - "dependsOn": [] - }, - { - "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", - "dependsOn": [] - }, - { - "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", - "dependsOn": [] - }, - { - "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", - "dependsOn": [ - "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", - "f09e69a1-54de-4e7b-802a-adda10a1c7be" - ] - }, - { - "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", - "dependsOn": [] - }, - { - "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", - "dependsOn": [] - }, - { - "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", - "dependsOn": [] - }, - { - "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", - "dependsOn": [] - }, - { - "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "dependsOn": [] - }, - { - "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", - "dependsOn": [] - }, - { - "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", - "dependsOn": [] - }, - { - "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", - "dependsOn": [] - }, - { - "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", - "dependsOn": [] - }, - { - "ref": "757cef7a-83f2-4973-832d-67849ca42b69", - "dependsOn": [] - }, - { - "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", - "dependsOn": [] - }, - { - "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", - "dependsOn": [] - }, - { - "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", - "dependsOn": [] - }, - { - "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", - "dependsOn": [] - }, - { - "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", - "dependsOn": [] - }, - { - "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", - "dependsOn": [] - }, - { - "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", - "dependsOn": [ - "dd4f3e68-5483-4177-9ee9-987774aea94f", - "4607f688-0845-494b-b2d4-9ee41c19d4f4", - "893beba4-580b-4ada-a4cf-067fbe145507", - "88a1ebea-4757-41a9-91cc-047c07fe0f94", - "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" - ] - }, - { - "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", - "dependsOn": [ - "55086fc5-4c36-45b5-9569-fdafa26e075d", - "757cef7a-83f2-4973-832d-67849ca42b69", - "93a8597b-e82a-4726-8e16-849d026f7b98" - ] - }, - { - "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", - "dependsOn": [ - "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", - "370d779c-d1ea-4d92-8e70-1ad325e94298", - "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "65c8e5ac-baa7-4b18-8320-b3742c7401ae", - "b692a425-dca6-4bed-af67-5855cb40dbcf", - "2a741bac-adc5-492c-a149-20cc8eee8cc8", - "881df936-411d-4bb3-b464-6edcf14c671c", - "ac21cab7-b535-4294-8a61-b10b62918666", - "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", - "1d12f487-9f6e-4658-98ad-395ce4475ad9", - "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "80b88754-8b78-4597-bc4f-47788add0031", - "1f037d99-8070-4b50-8260-1e8ef8765f8d", - "5978be79-e890-48b1-8f11-40416ee5bb61", - "5aed0617-3613-43e7-94d2-105b2af0b00d", - "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", - "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", - "96cf7115-b31d-4c98-bae2-952c601d3878" - ] - }, - { - "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", - "dependsOn": [ - "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", - "daabc9e2-1ec3-4d10-9251-69ab9834b02a" - ] - }, - { - "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", - "dependsOn": [ - "ea1f023d-0390-4558-8696-dc8d566dd95e" - ] - }, - { - "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", - "dependsOn": [ - "58e68d03-5ae3-424e-a51b-822ceb9e8643", - "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", - "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", - "8c0378f7-4c0e-4ee3-849d-740b0035c371" - ] - }, - { - "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", - "dependsOn": [ - "55521fe9-aed2-403e-9df2-75fc5af90f54", - "f0e1d440-763b-4714-9bec-6bf081f12b9e", - "79b01257-3e61-49f7-8600-2042bde4702b", - "b4ca2dc7-9d68-4737-9afc-dea82759cd45" - ] - }, - { - "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", - "dependsOn": [ - "1a021b8e-d143-4072-84f0-0e18292f1967", - "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", - "6b5fc35d-b114-4455-aa14-0a67248ee6bd", - "cdd49ec5-1b07-46eb-be80-02048d7796ae", - "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "c2dbe746-304a-4e35-88f0-69943d701fe5", - "5694b066-2847-4855-8230-77e902b37502", - "4634319e-cca2-4c02-8372-222f43bd35ba", - "648c2811-d754-45aa-9160-8f018ab4aab9", - "8fb33937-22be-4bae-b750-c8e4dd1e28e4", - "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", - "85776385-c1af-42fa-a0ac-21ecf796742f" - ] - }, - { - "ref": "881df936-411d-4bb3-b464-6edcf14c671c", - "dependsOn": [ - "aab91e2b-b26c-4248-9535-f3e8db0b0883", - "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", - "1b61648b-2106-4c86-ad10-79411c0ce338", - "ea950eb0-f271-4abc-a5dc-7c60fed3b586", - "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", - "82cd08db-9df5-488f-be94-6f3b554dfa9b", - "4e012695-d45a-4296-b37b-54a8b6893a50", - "71f396a0-0285-465e-8ce3-6eacb47be941", - "efb2d239-5a37-49aa-9995-47e7be07304a" - ] - }, - { - "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", - "dependsOn": [ - "bd750137-b073-47d5-891a-e48c192cfcba", - "4e012695-d45a-4296-b37b-54a8b6893a50", - "423d6189-7ce4-4931-9c74-3b58517df601", - "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", - "c1abfd09-121f-418c-befa-4d6b9e164769" - ] - }, - { - "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", - "dependsOn": [ - "1a021b8e-d143-4072-84f0-0e18292f1967", - "4e012695-d45a-4296-b37b-54a8b6893a50", - "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" - ] - }, - { - "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", - "dependsOn": [ - "54f1226e-fb42-44e1-afb3-f5963e327f7c", - "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", - "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "6d8385bd-f9a9-4a97-9031-3a1c717209b7", - "2f225da8-8da3-429b-a014-effeea8c71eb", - "a309ae04-449e-4c6d-92cb-072fb307f9ad", - "e36cfe6c-5955-40dd-8f4f-09c43087ac53" - ] - }, - { - "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", - "dependsOn": [] - }, - { - "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", - "dependsOn": [ - "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" - ] - }, - { - "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", - "dependsOn": [ - "ab3bfc00-8d35-4a4d-b314-86573681d910", - "36fc309f-d086-43d6-b660-5de275ee630f" - ] - }, - { - "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", - "dependsOn": [ - "df3cc349-8f4d-4d7e-82ab-1309f17741d3" - ] - }, - { - "ref": "ac21cab7-b535-4294-8a61-b10b62918666", - "dependsOn": [ - "cc245b84-5644-43ff-82a8-82d6ff6ce58a" - ] - }, - { - "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", - "dependsOn": [ - "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", - "94379ad3-19a6-4b21-a049-ca0b762d8c13" - ] - }, - { - "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", - "dependsOn": [ - "7e266974-a702-488c-99f6-258ccf14f0f3" - ] - }, - { - "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "dependsOn": [ - "0d0caea7-65ca-4504-b50a-80e480879f5f", - "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", - "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" - ] - }, - { - "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", - "dependsOn": [ - "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" - ] - }, - { - "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", - "dependsOn": [ - "d6394138-9591-4141-9a76-4c3082ff2ed4", - "5b865504-bea5-4b92-ae5e-46553e01093c" - ] - }, - { - "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", - "dependsOn": [ - "ebf5150b-055e-45d4-82e5-eebc38ffea70" - ] - }, - { - "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", - "dependsOn": [] - }, - { - "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", - "dependsOn": [] - }, - { - "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", - "dependsOn": [] - }, - { - "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", - "dependsOn": [ - "fba3b85d-fb95-43d0-b534-0fc515cc831c", - "aa9df662-3606-433f-abf6-8d2ba8dbed4a", - "026156fa-3bff-4bbd-894a-36d1b3be8f3d", - "da25e363-473d-4f84-9f46-8e09c7ec7c28" - ] - }, - { - "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", - "dependsOn": [] - }, - { - "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", - "dependsOn": [] - }, - { - "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", - "dependsOn": [] - }, - { - "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", - "dependsOn": [ - "bc3daea8-1de6-4319-b0fa-c36672bfae58", - "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", - "f09e69a1-54de-4e7b-802a-adda10a1c7be", - "b8d1f31a-736f-4134-9f3b-b5b85376c82e", - "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", - "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", - "627bb70b-4b85-4801-8239-f03de04ca5db", - "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" - ] - }, - { - "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", - "dependsOn": [] - }, - { - "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", - "dependsOn": [ - "c454f700-0d16-4956-a210-03d9073b6d12", - "a34a6a71-d883-47b3-b6eb-e87238cffb51", - "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" - ] - }, - { - "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", - "dependsOn": [ - "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", - "517c6455-0a2e-4e78-8d4b-88837bb5244c" - ] - }, - { - "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", - "dependsOn": [] - }, - { - "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", - "dependsOn": [] - }, - { - "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", - "dependsOn": [ - "d2a5e2bf-ead6-4768-866a-385166eb6709" - ] - }, - { - "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", - "dependsOn": [] - }, - { - "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", - "dependsOn": [ - "f4a06b14-3945-4381-b3dd-b46407b02b6b" - ] - }, - { - "ref": "893beba4-580b-4ada-a4cf-067fbe145507", - "dependsOn": [ - "1a5b616d-beeb-422e-aa26-63a8a4181c4e", - "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" - ] - }, - { - "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", - "dependsOn": [] - }, - { - "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", - "dependsOn": [] - }, - { - "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", - "dependsOn": [] - }, - { - "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", - "dependsOn": [] - }, - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "dependsOn": [] - }, - { - "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", - "dependsOn": [ - "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - ] - }, - { - "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", - "dependsOn": [] - }, - { - "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", - "dependsOn": [ - "6b5fc35d-b114-4455-aa14-0a67248ee6bd", - "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - ] - }, - { - "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", - "dependsOn": [] - }, - { - "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", - "dependsOn": [] - }, - { - "ref": "5694b066-2847-4855-8230-77e902b37502", - "dependsOn": [] - }, - { - "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", - "dependsOn": [] - }, - { - "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", - "dependsOn": [ - "014723b6-3b73-414b-a760-da7bb1ab988d", - "7a6724fd-3628-46d2-8de5-9059e6ec494c" - ] - }, - { - "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", - "dependsOn": [] - }, - { - "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", - "dependsOn": [] - }, - { - "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", - "dependsOn": [] - }, - { - "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", - "dependsOn": [] - }, - { - "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", - "dependsOn": [] - }, - { - "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", - "dependsOn": [] - }, - { - "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", - "dependsOn": [] - }, - { - "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", - "dependsOn": [] - }, - { - "ref": "25416803-852c-4475-bf84-2bf849ea6a56", - "dependsOn": [] - }, - { - "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", - "dependsOn": [] - }, - { - "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", - "dependsOn": [] - }, - { - "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", - "dependsOn": [] - }, - { - "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", - "dependsOn": [] - }, - { - "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", - "dependsOn": [] - }, - { - "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", - "dependsOn": [ - "7176887b-3e41-4f10-9d29-26ec573e2c49", - "85776385-c1af-42fa-a0ac-21ecf796742f", - "c9381862-0cc8-48d6-9b97-82f00d12cdb7" - ] - }, - { - "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", - "dependsOn": [ - "1a021b8e-d143-4072-84f0-0e18292f1967" - ] - }, - { - "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", - "dependsOn": [ - "7e266974-a702-488c-99f6-258ccf14f0f3" - ] - }, - { - "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", - "dependsOn": [] - }, - { - "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", - "dependsOn": [] - }, - { - "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", - "dependsOn": [] - }, - { - "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", - "dependsOn": [] - }, - { - "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", - "dependsOn": [ - "f72b7435-4703-4eea-8a0e-b7991aaa5565", - "3d67ecbd-3ee2-437b-800b-d137ccd17d46" - ] - }, - { - "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", - "dependsOn": [ - "ad836327-5c0c-495e-bb92-9e17bda31d81" - ] - }, - { - "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", - "dependsOn": [] - }, - { - "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", - "dependsOn": [] - }, - { - "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", - "dependsOn": [] - }, - { - "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", - "dependsOn": [ - "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", - "75ac24b0-9039-45fe-842d-ccecdd3c62e1" - ] - }, - { - "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", - "dependsOn": [] - }, - { - "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", - "dependsOn": [] - }, - { - "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", - "dependsOn": [ - "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", - "dd4f3e68-5483-4177-9ee9-987774aea94f", - "837f075b-d753-4d9e-a827-1d9f9f5e08b3", - "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", - "856bdbf0-98a8-4f05-950b-f6603c23a8c6", - "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", - "8dc0d897-c489-493c-a4b6-c5384d663c85", - "cce11866-0e96-4a46-9b49-dbee3ab30c8b", - "c454f700-0d16-4956-a210-03d9073b6d12" - ] - }, - { - "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", - "dependsOn": [ - "ad836327-5c0c-495e-bb92-9e17bda31d81" - ] - }, - { - "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", - "dependsOn": [ - "60844efd-9e68-4684-adf6-b7cc9e09a53b", - "aab91e2b-b26c-4248-9535-f3e8db0b0883", - "dd4f3e68-5483-4177-9ee9-987774aea94f" - ] - }, - { - "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", - "dependsOn": [] - }, - { - "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", - "dependsOn": [] - }, - { - "ref": "79b01257-3e61-49f7-8600-2042bde4702b", - "dependsOn": [] - }, - { - "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", - "dependsOn": [] - }, - { - "ref": "50a898e1-523d-4041-9250-b25394071a77", - "dependsOn": [] - }, - { - "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", - "dependsOn": [] - }, - { - "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", - "dependsOn": [] - }, - { - "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", - "dependsOn": [] - }, - { - "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", - "dependsOn": [] - }, - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "dependsOn": [ - "25416803-852c-4475-bf84-2bf849ea6a56", - "c1abfd09-121f-418c-befa-4d6b9e164769", - "be69e2b9-e673-42a8-98f1-e6d3be74c272" - ] - }, - { - "ref": "423d6189-7ce4-4931-9c74-3b58517df601", - "dependsOn": [ - "4473173b-92a4-4b6f-aa40-3b0479fe60ee" - ] - }, - { - "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", - "dependsOn": [ - "efb2d239-5a37-49aa-9995-47e7be07304a" - ] - }, - { - "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", - "dependsOn": [] - }, - { - "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", - "dependsOn": [] - }, - { - "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", - "dependsOn": [ - "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", - "423d6189-7ce4-4931-9c74-3b58517df601" - ] - }, - { - "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", - "dependsOn": [] - }, - { - "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", - "dependsOn": [ - "186eb402-6ab8-417c-8bbb-4032f9722383", - "7b1c11dd-7462-451d-a5b1-0fbd56708727" - ] - }, - { - "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", - "dependsOn": [] - }, - { - "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", - "dependsOn": [] - }, - { - "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", - "dependsOn": [] - }, - { - "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", - "dependsOn": [] - }, - { - "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", - "dependsOn": [] - }, - { - "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", - "dependsOn": [ - "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" - ] - }, - { - "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", - "dependsOn": [] - }, - { - "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", - "dependsOn": [ - "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", - "a0e7d3ee-2d51-4a08-a013-5b75b697edec", - "7a60c1f8-0819-4133-aa05-ece823ae5494" - ] - }, - { - "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", - "dependsOn": [] - }, - { - "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", - "dependsOn": [ - "33155de6-f8f2-48a7-ab80-19d8641794bf", - "71a8cbce-c3a6-4797-b3f1-60415f5e1131" - ] - }, - { - "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", - "dependsOn": [ - "85776385-c1af-42fa-a0ac-21ecf796742f", - "6d8385bd-f9a9-4a97-9031-3a1c717209b7" - ] - }, - { - "ref": "36fc309f-d086-43d6-b660-5de275ee630f", - "dependsOn": [] - }, - { - "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", - "dependsOn": [] - }, - { - "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", - "dependsOn": [] - }, - { - "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", - "dependsOn": [] - }, - { - "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "dependsOn": [] - }, - { - "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", - "dependsOn": [] - }, - { - "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "dependsOn": [] - }, - { - "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", - "dependsOn": [ - "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" - ] - }, - { - "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", - "dependsOn": [] - }, - { - "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", - "dependsOn": [] - }, - { - "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e" - ] - }, - { - "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "cc245b84-5644-43ff-82a8-82d6ff6ce58a" - ] - }, - { - "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e", - "cc245b84-5644-43ff-82a8-82d6ff6ce58a" - ] - }, - { - "ref": "bd750137-b073-47d5-891a-e48c192cfcba", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e" - ] - }, - { - "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", - "dependsOn": [] - }, - { - "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", - "dependsOn": [] - }, - { - "ref": "80b88754-8b78-4597-bc4f-47788add0031", - "dependsOn": [] - }, - { - "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", - "dependsOn": [ - "384a59b8-b897-4318-8a7f-2e02568a9e5e" - ] - }, - { - "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", - "dependsOn": [ - "9c03efc2-c106-4191-980f-b91376b5ab06", - "80a1384b-dee2-4dff-9d74-79d854cdeb2f" - ] - }, - { - "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", - "dependsOn": [] - }, - { - "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", - "dependsOn": [ - "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "91658b5a-2478-4653-a3e4-f62c4f58f87b" - ] - }, - { - "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", - "dependsOn": [] - }, - { - "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", - "dependsOn": [] - }, - { - "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", - "dependsOn": [] - }, - { - "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", - "dependsOn": [] - }, - { - "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", - "dependsOn": [] - }, - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "dependsOn": [] - }, - { - "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", - "dependsOn": [] - }, - { - "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", - "dependsOn": [ - "13aba3db-12c7-44d2-895d-130d2897e460" - ] - }, - { - "ref": "13aba3db-12c7-44d2-895d-130d2897e460", - "dependsOn": [] - }, - { - "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", - "dependsOn": [ - "3affcf84-19c7-4ac3-91f9-b08980969391" - ] - }, - { - "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", - "dependsOn": [] - }, - { - "ref": "c454f700-0d16-4956-a210-03d9073b6d12", - "dependsOn": [] + "metadata": { + "timestamp": "2024-07-08T17:30:28Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" } - ] + } } } ] diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json index 5c7628cd66..113071648c 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json @@ -30,11175 +30,110512 @@ "auxiliary_data": [ { "name": "SBOM", + "components": [ + { + "type": "library", + "name": "client-config-service", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Config Service Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-config-service@3.590.0#clients/client-config-service", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-config-service", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-config-service", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-config-service/-/client-config-service-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ad29ae81b639104043527461f1bd58d83f0294a7d812a161b7210ff7855d54705dae36775d2b2269d856e08b21e4ed081c2c93ba6c189b90327e25fcb03aa3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service" + } + ] + }, + { + "type": "library", + "name": "sha256-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f152e65b607e82315b539b8c7aab5033a363d3f1756eba3cd31417096e824015a0a2c1565d3c7beda78e17908020099b38aeb849d30125d36be89e35c8fe66bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser" + } + ] + }, + { + "type": "library", + "name": "ie11-detection", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions and types for detecting if the host environment is IE11", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/ie11-detection@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/ie11-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df8d650419226350df0cd29a8bfc173376ae8cd0645d1eedab55113d00cbf708b70146c8f34351ef8b85d535c7326ee9a3501c9c593c8aed92d88794ffefc0f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection" + } + ] + }, + { + "type": "library", + "name": "sha256-js", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-js@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-js@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e734dee8b34fb27755ef5c0cb6dc214e9936cc683c60c57b53287c9bac9dfd63c906cc10138011626d624a1fa061cad2c8fd9caccecf3bc4238137206283abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js" + } + ] + }, + { + "type": "library", + "name": "supports-web-crypto", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions for detecting if the host environment supports the WebCrypto API", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/supports-web-crypto@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/supports-web-crypto", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d3a84174cc1401bd96153b861bbdcb482d307cfbbddf15b0a39bcbd9eb7d7b29a09aedc8779bc500705b6a355688684f3b7eea72c7426a9fc5a97bc918958f22" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto" + } + ] + }, + { + "type": "library", + "name": "util", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/util@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/util@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/util", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8e265a5e269091e3c082f2bfae2950a1cecf48ba7823f70919ae5f19d38d435845afc881c82d82823cdcc98212ac8af8fe4b798ba3a05573b981373771038eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/types@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.577.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "153d896444b7c0128dfda95f9a1968fb764eabf5c9d02ed039970336ba4a8c1d24a98a0a8e154a67f1f1e80ad1d1cce429f1f304112ceb2e3479b207c769d298" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/types" + } + ] + }, + { + "type": "library", + "name": "util-utf8-browser", + "group": "@aws-sdk", + "version": "3.259.0", + "bom-ref": "@aws-sdk/util-utf8-browser@3.259.0", + "author": "AWS SDK for JavaScript Team", + "description": "A browser UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-utf8-browser@3.259.0#packages/util-utf8-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-utf8-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-utf8-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52f15afef47e7b5f57a2891917c47315906bc361149105b18815b4c9840086f9370be4151a5d07de8b9c6bc2c306505f40a5f0996de1ba8ff9f47f2bc1bd7027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-utf8-browser" + } + ] + }, + { + "type": "library", + "name": "util-locate-window", + "group": "@aws-sdk", + "version": "3.535.0", + "bom-ref": "@aws-sdk/util-locate-window@3.535.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-locate-window@3.535.0#packages/util-locate-window", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-locate-window", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-locate-window", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.535.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c727748be9dda3a5c81ba9d8223f1917a6eec3adcd8f6158b0c5222abef30a843c33481d56de632fb69cf028ce0813bccb168759a3418a8c9f40b285e775784" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-locate-window" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "2.6.3", + "bom-ref": "tslib@2.6.3", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@2.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4dbf12443948963c6854b9475080024f28e3897c69c8c8ac9239cd3d5e42ac81d515ff7136cefc1961d7a38e64603c281cca6d63b8b1f7db6eb203bb0414929" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-host-header@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.577.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c6b9309cf8e7908e0c8557b34fec5a6266eeddd03b81146b5cdff2913c82b2e9cdfd09f786f3fec9035a6dfb3e58b5dd3dd66804011c24e21f681455f0ac5a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-host-header" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-logger@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.577.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68f146a468d365c25893edb86e0ee34f85dd229e369855d2b8fb78f65c392b281e7cbc8933fb01d1b28aa8f6188af5b4adcb99f5bad0e7c79950db61af3600be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-logger" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.577.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a67dd95447768a86ca2654771fe6c38a51e38119cdad0e873262bd673670f3d0a49f70dc6efe3cc4ebf8449beed1a53c4832e5fd2342c69a4a8de2c34cf18134" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-recursion-detection" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.577.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc40331e047a1d6a59387ef11607892dcebf0b331cc789f1790a25671559a01e693da25ddc28f246164dd315de641d1721109699be322418328ae8172cd3242c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-browser" + } + ] + }, + { + "type": "library", + "name": "config-resolver", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/config-resolver@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/config-resolver@3.0.1#packages/config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85b91825cdb44810f3daaa8bcedb6323f12a5de9ad996934a284739cbb225e9df4eba290453bee2876bb5388c264226ae83a33aafcb4475fef344482f629cf26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/config-resolver" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@smithy", + "version": "2.1.1", + "bom-ref": "@smithy/core@2.1.1", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/core@2.1.1#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/core/-/core-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2f6c8c3051c83414c85354980c85bb1148014bd2bc1dbb2fce433ed7ab5a495c93b2686bfe3c68e3d6219ac119730543c0e41909bfb4baabe614d94f2093f58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/core" + } + ] + }, + { + "type": "library", + "name": "fetch-http-handler", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/fetch-http-handler@3.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/fetch-http-handler@3.0.1#packages/fetch-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/fetch-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/fetch-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9a1fbe22e410e3fab070a106978a82a923448704916d395c33ac2a71671a61396d248b98e18fb757bc33183362097a6f13a5d16f4b6882d3cb2339b95f14616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/fetch-http-handler" + } + ] + }, + { + "type": "library", + "name": "hash-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-node@3.0.0#packages/hash-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f38a97b2d35e98fdd74b98dca1fd1e97af9b0df8f3baf8493d04c47eba37960b5b0ad2a0ccf9b7320892e9e85754f8de439f894b41ea993cfc7ff4587f31d5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-node" + } + ] + }, + { + "type": "library", + "name": "invalid-dependency", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/invalid-dependency@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/invalid-dependency@3.0.0#packages/invalid-dependency", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/invalid-dependency", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/invalid-dependency", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17ac0105a105809ce3d2ce0a5259622063e6a977a6c0fe846af82f0ea630087e343b95ebda2307bd2f2da1d986559b6e242a2b0645ec60bc93bb83ee8b356ae6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/invalid-dependency" + } + ] + }, + { + "type": "library", + "name": "middleware-content-length", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-content-length@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-content-length@3.0.0#packages/middleware-content-length", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-content-length", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-content-length", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc2e2ce1dfe21a86e00ad936b67596ebecd24ce060d4f4409b6bed5992ddae2c13ae815b6d6352af795ccb31ddad01e71176020b92b9d846e97e875a21463cb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-content-length" + } + ] + }, + { + "type": "library", + "name": "middleware-endpoint", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/middleware-endpoint@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-endpoint@3.0.1#packages/middleware-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "950fd439d183e0a33990b662025d2af10cb774f6f29ef0172807579d896b0353a9694c2bfa7792b15a240d9a58e9955be58c7c8e7bacdbdbafe975a933d3f849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-endpoint" + } + ] + }, + { + "type": "library", + "name": "middleware-retry", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/middleware-retry@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-retry@3.0.3#packages/middleware-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5af7b5ab325bf3754453feaafbf2347107409039eecc42c2e88bc80700f3504886a4aa97817d6fd74154b9919b452e8ebff3fe1c7b61700a07389650bd934090" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-retry" + } + ] + }, + { + "type": "library", + "name": "middleware-serde", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-serde@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-serde@3.0.0#packages/middleware-serde", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-serde", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-serde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "235bca1b57e823ea0f806f6bec8318d52fb10679809f5212aa9968cafaa4c07a126fc54fb278070d33a0606601a27b8e2a775a591506259aca6182c1f809deeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-serde" + } + ] + }, + { + "type": "library", + "name": "middleware-stack", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-stack@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a means for composing multiple middleware functions into a single handler", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-stack@3.0.0#packages/middleware-stack", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-stack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-stack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87d239b27c0c874455e6eb0ba7b24b8d02ab63ef27e6c0507a169dfb7a7cada76ab4e3bfce77dc5eb446946e5bb22263a51a71a969519a55f8f06b04abfa2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-stack" + } + ] + }, + { + "type": "library", + "name": "node-config-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/node-config-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "Load config default values from ini config files and environmental variable", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-config-provider@3.1.0#packages/node-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e07c1f1022d51f4c54df1ccbcab9cda0d56eb4575bab220647a83d49345642dad4d65da86a7f65ef297a9c052ef266a47b1aa910419cb5d72fe534e516ceaed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-config-provider" + } + ] + }, + { + "type": "library", + "name": "node-http-handler", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/node-http-handler@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-http-handler@3.0.0#packages/node-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dedac3e2becd38cca0c0b6d4268e1ea1dc90bb2a405abeeebcf9de6cd27d6bbd1d421567f944bc8ff9429efa094ba0577d9785ecf924908d037a6549c3e9fe79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-http-handler" + } + ] + }, + { + "type": "library", + "name": "protocol-http", + "group": "@smithy", + "version": "4.0.0", + "bom-ref": "@smithy/protocol-http@4.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/protocol-http@4.0.0#packages/protocol-http", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/protocol-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/protocol-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e4193842365cb5915813bd020218b87baa8d9d9cb32afcfc89601431c336e2202c0311c76065f1c9395390fa561f433dda1a569bb3c1631ad3171d2f83bf01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/protocol-http" + } + ] + }, + { + "type": "library", + "name": "smithy-client", + "group": "@smithy", + "version": "3.1.1", + "bom-ref": "@smithy/smithy-client@3.1.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/smithy-client@3.1.1#packages/smithy-client", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/smithy-client", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/smithy-client", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63e0abbb329cd947c72656e3dc49bacb155c66a6d5a4b6624cc124ffb8812ae2c6ab69b11d17c09b99075807bb89fd7e7542ad846309d1b284bb85d47807bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/smithy-client" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/types@3.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/types@3.0.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/types/-/types-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "56f5ae424d91285b8eafdf201618dc6bb7e4052fb12cb5114fc6d48e4e5742857464b9bb58fc163cf637fc0c334cbb940437a82830ad85f7b502c4d459a48487" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/types" + } + ] + }, + { + "type": "library", + "name": "url-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/url-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/url-parser@3.0.0#packages/url-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/url-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/url-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d972dacc5814bbe60e187b568a10771522c07c251a8d57cd05718662339a54a8cb02e031c77a52058de10602f3220075ee169fe7d80e1b78a62aa4f2f2672b8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/url-parser" + } + ] + }, + { + "type": "library", + "name": "util-base64", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-base64@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A Base64 <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-base64@3.0.0#packages/util-base64", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-base64", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-base64", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b1be887942db74083b1f6a3899382a49c60b4f1d738ac2633e672e30683e3752810c03ea8fc716bdf1a13fed985d9c115915730e881479c5b71a3212edce741" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-base64" + } + ] + }, + { + "type": "library", + "name": "util-body-length-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in browsers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-browser@3.0.0#packages/util-body-length-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71b8c9b3603598b626aa6c9597cd2ea0b4c984071fccc3b23e08f0018bac58a31d2de36dce6333f58c4d977fe344ba31492df092a91fd23c0d76d5d6b7210169" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-browser" + } + ] + }, + { + "type": "library", + "name": "util-body-length-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-node@3.0.0#packages/util-body-length-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3ee96786d49683543fa3f3c2137b2b7f3ab664a61044fd42d420d1381d34e9f1859bc2b2c1e38bea194d422ecf110245f1bcadd9b63ccc3658216ce9e21890" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-node" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-browser", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-browser@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-browser@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc314e3766ef5c902e9097bea8580f57fae8ac6ed90f79b88230971c3d55e73fed80a429e4c09308b9edaddebcead5fab63f14962de579f59726e74d8395a608" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-browser" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-node", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-node@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-node@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f46fc1895de713d346daa124372227aede4de667b198f30d739a0f29768818ac6bd625e2dc21c96a93681b906e0ad03681196aceeafeabdb48b02057c362b98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-node" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@smithy", + "version": "2.0.1", + "bom-ref": "@smithy/util-endpoints@2.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-endpoints@2.0.1#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6514f45423a72a556885fa0004c73c956790a3f24416e3d672d7cd4578131dbc8e56cb0c38b60550d5ae931c621d119502157e9f773490f5becd4a9c92354f10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-middleware", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-middleware@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-middleware@3.0.0#packages/util-middleware", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-middleware", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-middleware", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab921374e9d5da95c74950e7296af08123530c100c1cba6d144d3bb9aff94f2e56275d5bbebd2f9366bb6a0bbba9186b085450967a39bb70a7794e4410b2be0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-middleware" + } + ] + }, + { + "type": "library", + "name": "util-retry", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-retry@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared retry utilities to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-retry@3.0.0#packages/util-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9caf7d6ef262ce21affd438a2650ef145e39174d1680f2ca5481947c02be98387354dda16ff4b7dee5b64e5860e4f541a2a63bb4356a2f4ce6bb83b1007828f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-retry" + } + ] + }, + { + "type": "library", + "name": "util-utf8", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-utf8@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-utf8@3.0.0#packages/util-utf8", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-utf8", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-utf8", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad4793d766f1167a656037bcd791976eafe88b11061df44516d71317761d0e2fc968434833a6926182c9c9d1bcdd43732d77912392bc69b61dffc4a9fd033490" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-utf8" + } + ] + }, + { + "type": "library", + "name": "signature-v4", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/signature-v4@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A standalone implementation of the AWS Signature V4 request signing algorithm", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/signature-v4@3.0.0#packages/signature-v4", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/signature-v4", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/signature-v4", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91714e90d5fe0501dedaa9cbc693046824466a9f49ead5062f373703d8dd9fe9c3e0974cc0229327ecc5c10db41a463e9805c66adc93c371dca14951dfd1f098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/signature-v4" + } + ] + }, + { + "type": "library", + "name": "is-array-buffer", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/is-array-buffer@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a function for detecting if an argument is an ArrayBuffer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/is-array-buffer@3.0.0#packages/is-array-buffer", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/is-array-buffer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/is-array-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f85b2ee90e82e114898b2f3563c780a63101e6056d33ea052937df83e8d2bb0b6fa26249ae150906edb34bcc235d2807fe0d4c2845abcf20a14c17ba7256f915" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/is-array-buffer" + } + ] + }, + { + "type": "library", + "name": "util-hex-encoding", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-hex-encoding@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Converts binary buffers to and from lowercase hexadecimal encoding", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-hex-encoding@3.0.0#packages/util-hex-encoding", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-hex-encoding", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-hex-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7859dd8755842b960c518bf2de53e5566618fdf65c404d43f2849fe3521ddaf09e2242895cf7180c2643fb8fb156223a6f55d277bb44face40997cf3e6295a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-hex-encoding" + } + ] + }, + { + "type": "library", + "name": "util-uri-escape", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-uri-escape@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-uri-escape@3.0.0#packages/util-uri-escape", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-uri-escape", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-uri-escape", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ea47ba982e06530fb9d62c179c522e1aaa8970f0c8736bd02ba4d110f3cd4c249214dac13988708ae93772aaacdc0cbcb438f7b5d086384fc72d55db729ee6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-uri-escape" + } + ] + }, + { + "type": "library", + "name": "strnum", + "version": "1.0.5", + "bom-ref": "strnum@1.0.5", + "author": "Amit Gupta", + "description": "Parse String to Number based on configuration", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strnum@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/strnum.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27c6db37228a5e5e6a61c477e9320ef16de6546547ae69b1b1de4f008b46926cb3c09bf26e2c36215ab99ea7748b82d2352901fecc7d5479656df15dafd93524" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strnum" + } + ] + }, + { + "type": "library", + "name": "property-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/property-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/property-provider@3.1.0#packages/property-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/property-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/property-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3dfea1586a75981e9a30a25a31650037e1bcb1780bfb8a0ee2a8effb6512c450f7edde982ade476c67763f7bd104914ac882114f21656dfff0942efa7e70e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/property-provider" + } + ] + }, + { + "type": "library", + "name": "util-stream", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/util-stream@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-stream@3.0.1#packages/util-stream", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5ed534d840b1f31103c23df3a61d398e5f134fd3d7f663145e8e2ecaa4bd054d3f7bd9feccd80df182ca985bee2a00d3daf7d8aff4a9b4857cd154ebc692cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-stream" + } + ] + }, + { + "type": "library", + "name": "credential-provider-imds", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/credential-provider-imds@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/credential-provider-imds@3.1.0#packages/credential-provider-imds", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/credential-provider-imds", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/credential-provider-imds", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab8038777f2ff296189ac7aefe34d2dd9e48df35e510e7b939b8be109ade54a8125725941ce77bff26950a29c2eb4406e0c4720acf7cb5cc411f520c0b46eeed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/credential-provider-imds" + } + ] + }, + { + "type": "library", + "name": "shared-ini-file-loader", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/shared-ini-file-loader@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/shared-ini-file-loader@3.1.0#packages/shared-ini-file-loader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/shared-ini-file-loader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/shared-ini-file-loader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74033bc125f4351dea4cdc8654dfe7c30a440f37d5f53ff700dd9e0011315a675ae55a99292b2394836aa263b98634161aff88224a177ecdeedaf192373f3e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/shared-ini-file-loader" + } + ] + }, + { + "type": "library", + "name": "util-config-provider", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-config-provider@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities package for configuration providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-config-provider@3.0.0#packages/util-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5b8e4e2cd1fc2adc38bf00d2feac2bc930a3396f3010744e52ffa44be4d5e0304c45022e9481030f3a6e723da2163e9afe10e5ca5d1a27277168c4a7f898225" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-config-provider" + } + ] + }, + { + "type": "library", + "name": "bowser", + "version": "2.11.0", + "bom-ref": "bowser@2.11.0", + "author": "Dustin Diaz", + "description": "Lightweight browser detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bowser@2.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/lancedikson/bowser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lancedikson/bowser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lancedikson/bowser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02571a2418bfa6aa8904843c53d31ca5cf62f00ab19fcf1292fe5dfb1057d34e81639bbc3779862c76b92e0a696bb2ff1dfc20c0b819e8d62cf8083ab9498944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bowser" + } + ] + }, + { + "type": "library", + "name": "querystring-builder", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-builder@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-builder@3.0.0#packages/querystring-builder", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d6f058b4373c9f904d13990a610d7af50260436cad35700e02d59ee0830300539443cf9000bff2a6a11c334004b49315cd7ff0f600b4c48302b45367382ed46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-builder" + } + ] + }, + { + "type": "library", + "name": "util-buffer-from", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-buffer-from@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-buffer-from@3.0.0#packages/util-buffer-from", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-buffer-from", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-buffer-from", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6843870a0ab945615b3fe5033ef3e8b76e842478ce0be6d182c7b903c5771524a1a9de44e54378a9cef3930b2f24f3c056c7fbdd0c18707375fe0b7faed2f040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-buffer-from" + } + ] + }, + { + "type": "library", + "name": "service-error-classification", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/service-error-classification@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/service-error-classification@3.0.0#packages/service-error-classification", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/service-error-classification", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/service-error-classification", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc1b01b4e52dd86b277375f6ddec3eaf633bd56c2da477c40c684760748383aab5b7c16b5a1d798d3db90cb6a3155d47f8fa71009ea0a9ef7261e454b2649d14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/service-error-classification" + } + ] + }, + { + "type": "library", + "name": "uuid", + "version": "9.0.1", + "bom-ref": "uuid@9.0.1", + "description": "RFC4122 (v1, v4, and v5) UUIDs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/uuid@9.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/uuidjs/uuid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/uuidjs/uuid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/uuidjs/uuid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fed5e24e96c47d2bc1c9a68c3d3a4ddf896396488708cd7a1dbefd2b42356839536958ca717f5c19369b78cbd875d2874236baa7629d4e073464b5c9017b7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uuid" + } + ] + }, + { + "type": "library", + "name": "querystring-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-parser@3.0.0#packages/querystring-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5331f0b6193450471c578747ccfc929c1cb7e005b0dd5f6522a513c66a3343ec0f0c03bd72c09631f38b7bb57d0366a0358cbbc44f8f6f44ba2bf276dc94b37d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-parser" + } + ] + }, + { + "type": "library", + "name": "client-securityhub", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-securityhub@3.590.0#clients/client-securityhub", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-securityhub", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-securityhub", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-securityhub/-/client-securityhub-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cc0da783606c03b91489ecb6ea697c41b66088bb51a013b0e30dcec6364162dfcd31500d89bb9108bf63959a057c2f7b3f54f245c9baebdde57ee35adba1f92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub" + } + ] + }, + { + "type": "library", + "name": "xlsx", + "group": "@e965", + "version": "0.20.1", + "bom-ref": "@e965/xlsx@0.20.1", + "author": "sheetjs", + "description": "SheetJS Spreadsheet data parser and writer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40e965/xlsx@0.20.1", + "externalReferences": [ + { + "url": "git+https://github.com/e965/sheetjs-npm-publisher.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://git.sheetjs.com/SheetJS/sheetjs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd1bfc34b0751fa6aa43266ddff80b8ddd31919b07fbf588462e181c0c359281123533cf9b35c96cfa8ed8730dec3641d6f9c5d5448ac50f59bd2d12f4baa66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@e965/xlsx" + } + ] + }, + { + "type": "library", + "name": "emass_client", + "group": "@mitre", + "version": "3.10.0", + "bom-ref": "@mitre/emass_client@3.10.0", + "author": "OpenAPI-Generator Contributors", + "description": "OpenAPI client for @mitre/emass_client", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/emass_client@3.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/emass_client.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/emass_client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/emass_client/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/emass_client/-/emass_client-3.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e10952e45a11106c15df5d35d150ad7a8e7d7a76cf08d11405e99a1331c422a5284f08bf4b64a4f7c4d429d31838c0a53f826d363e984cfaad76ae2fe821e705" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client" + } + ] + }, + { + "type": "library", + "name": "follow-redirects", + "version": "1.15.6", + "bom-ref": "follow-redirects@1.15.6", + "author": "Ruben Verborgh", + "description": "HTTP and HTTPS modules that follow redirects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/follow-redirects@1.15.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/follow-redirects/follow-redirects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1637ad9821311a3a948ae7ce0465725a7c7d401a93bc45580495f92e5db4ceacf5f87c87cec84a56fc2b2235df09758ac0a0ebda7d14ce127bec3befaa0aa14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/follow-redirects" + } + ] + }, + { + "type": "library", + "name": "hdf-converters", + "group": "@mitre", + "version": "2.10.8", + "bom-ref": "@mitre/hdf-converters@2.10.8", + "description": "Converter util library used to transform various scan results into HDF format", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/hdf-converters@2.10.8", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/hdf-converters" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@mdi", + "version": "7.4.47", + "bom-ref": "@mdi/js@7.4.47", + "author": "Austin Andrews", + "description": "Dist for Material Design Icons for JS/TypeScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mdi/js@7.4.47", + "externalReferences": [ + { + "url": "git+https://github.com/Templarian/MaterialDesign-JS.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mdi/js/-/js-7.4.47.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28f9cd3ad9b98b6a4c69ba99c69533ee241ffa67eb619c8a099f10373f39733804b7b72e1dc1a8ad67ddcd4316600d120fe6ba1e7e05989f98873cf38e44d9ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mdi/js" + } + ] + }, + { + "type": "library", + "name": "jsonix", + "group": "@mitre", + "version": "3.0.7", + "bom-ref": "@mitre/jsonix@3.0.7", + "author": "Alexey Valikov", + "description": "Jsonix (JSON interfaces for XML) is a JavaScript library which allows converting between XML and JSON structures.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "http://github.com/highsource/jsonix/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/%40mitre/jsonix@3.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mitre/jsonix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/mitre/jsonix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/mitre/jsonix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/jsonix/-/jsonix-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f1a0cd2f6bf46f606a68e8bedc77fdfc4b8d914315cc53d83aeb0bc7d318fcacbd2cbcf60f90718062fcfa1e669d8a53887c859271a6e16aff3059b3ee81cb63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/jsonix" + } + ] + }, + { + "type": "library", + "name": "xmldom", + "group": "@xmldom", + "version": "0.8.10", + "bom-ref": "@xmldom/xmldom@0.8.10", + "description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40xmldom/xmldom@0.8.10", + "externalReferences": [ + { + "url": "git://github.com/xmldom/xmldom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xmldom/xmldom", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xmldom/xmldom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9600b7d3978c68d9290609846deab0d315f93d475733981bd4432d7680ad8ab91288a5612171b6f3cbc1195edcff8e446a1d7f1b14473a142d478d7e1351663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@xmldom/xmldom" + } + ] + }, + { + "type": "library", + "name": "amdefine", + "version": "0.0.4", + "bom-ref": "amdefine@0.0.4", + "author": "James Burke", + "description": "Provide AMD's define() API for declaring modules in the AMD format", + "licenses": [ + { + "license": { + "name": "BSD", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/amdefine@0.0.4", + "externalReferences": [ + { + "url": "http://github.com/jrburke/amdefine.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://registry.npmjs.org/amdefine/-/amdefine-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbdb8d95aaa6f246746d80ee845b759aa3682ccd88e00b12781fba75d74d8927e6465251ab7f0852e36d503e3ec4eccea0f96d387cd2be795282c70c7e99c30e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/amdefine" + } + ] + }, + { + "type": "library", + "name": "xmlhttprequest", + "version": "1.8.0", + "bom-ref": "xmlhttprequest@1.8.0", + "author": "Dan DeFelippi", + "description": "XMLHttpRequest for Node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlhttprequest@1.8.0", + "externalReferences": [ + { + "url": "git://github.com/driverdan/node-XMLHttpRequest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/driverdan/node-XMLHttpRequest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/driverdan/node-XMLHttpRequest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlhttprequest/-/xmlhttprequest-1.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c226fd4d2695504b337f0d7598c7ca1b8cb42a9aeb5e3af64d983ff01a3dbbc2a15f5a4065296c9063d50466db2b518954010ff7ecc3b2f66c9183550b3004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlhttprequest" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "group": "@types", + "version": "1.4.5", + "bom-ref": "@types/csv2json@1.4.5", + "description": "TypeScript definitions for csv2json", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/csv2json@1.4.5#types/csv2json", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/csv2json", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/csv2json/-/csv2json-1.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d79d88c649cffcca76149023a6968d23036bdae7d65ed55c6cd814fb651371ac12af61569ea85a4e4dac2153a6967b4503226b19d3400acdc0ccacf9808a4d38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/csv2json" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "group": "@types", + "version": "1.4.4", + "bom-ref": "@types/pumpify@1.4.4", + "description": "TypeScript definitions for pumpify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pumpify@1.4.4#types/pumpify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pumpify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pumpify/-/pumpify-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9c59b41479c0f4e0c41892334184f99c5083f7ebc6a5a189aa9be22674c280f2b329c51340859003ea0223fac0154c5d43962aab4ffa94a7a686362ffd537b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "group": "@types", + "version": "3.6.4", + "bom-ref": "@types/duplexify@3.6.4", + "description": "TypeScript definitions for duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/duplexify@3.6.4#types/duplexify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/duplexify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/duplexify/-/duplexify-3.6.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e6a154fb1df9dcb708be85ba003325cc68ada5a15208591844099ecd644ca7c25d6289e621bf564681d39c1156b0ca1df3852aa6f45f491787dd5e13df5166" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/duplexify" + } + ] + }, + { + "type": "library", + "name": "node", + "group": "@types", + "version": "20.14.1", + "bom-ref": "@types/node@20.14.1", + "description": "TypeScript definitions for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/node@20.14.1#types/node", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/node/-/node-20.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f633348612efb2b01fc59167ea9a15773cbc90968c1da6d9a6803db40ba431b12f059afe528e96756b25da102d12db5fe1e5427d880e96ff9bd2354e65d3438" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/node" + } + ] + }, + { + "type": "library", + "name": "ms", + "group": "@types", + "version": "0.7.34", + "bom-ref": "@types/ms@0.7.34", + "description": "TypeScript definitions for ms", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/ms@0.7.34#types/ms", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/ms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/ms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c6f7a1b75a9e9a73202026a19ab233836fe69cac8eca96d3e2471cc73d79cfdcd808dbc6e940346fe77a256ea1976df7201796a288798edf1a701294b92ddf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "group": "@types", + "version": "4.2.5", + "bom-ref": "@types/mustache@4.2.5", + "description": "TypeScript definitions for mustache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mustache@4.2.5#types/mustache", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mustache", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mustache", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mustache/-/mustache-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3cbc2256f4c1839f6d1852fff15a5c1afa8ebb72f83aebde36f3e2d0461b59c85174454ffbec9151724f165f82029284ab5df4d7bff835feda439953b4750db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "group": "@types", + "version": "5.3.14", + "bom-ref": "@types/papaparse@5.3.14", + "description": "TypeScript definitions for papaparse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/papaparse@5.3.14#types/papaparse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/papaparse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/papaparse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/papaparse/-/papaparse-5.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f127888415ca6a73a3044f0a7d7fa055e9555ce379ba31f1f456a168b07beb5207d78857bac30ed1de2b64390f9308ae98f88bfff919e7bed4599e473929cf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "group": "@types", + "version": "0.3.12", + "bom-ref": "@types/revalidator@0.3.12", + "description": "TypeScript definitions for revalidator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/revalidator@0.3.12#types/revalidator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/revalidator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/revalidator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/revalidator/-/revalidator-0.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ec0368c77f3ef725a211395a0c0ddff1ee75565c19847434a85c1e324250f3bff342064158d9f30793213a0c6aefa282c30057b9408ea5f56ab44e0768a4cb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/revalidator" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/triple-beam@1.3.5", + "description": "TypeScript definitions for triple-beam", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/triple-beam@1.3.5#types/triple-beam", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/triple-beam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/triple-beam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e966987ac4e144c0a5d7d8abc8c60feffc76395802b5b2157e50c61695a76fd8ab5c8dd48d8138033998ba250a635009b2d1a28e863e32052cccc811c4861363" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/triple-beam" + } + ] + }, + { + "type": "library", + "name": "validator", + "group": "@types", + "version": "13.12.0", + "bom-ref": "@types/validator@13.12.0", + "description": "TypeScript definitions for validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/validator@13.12.0#types/validator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/validator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/validator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c7e392e4ee83c8275455385e8980523a0f2d10a47133ab841e71986f82ec583c3c13f1cf77a6b08ca80b6222db66dfdbe867e0c347eaa436732926630146a6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/validator" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "group": "@types", + "version": "0.4.14", + "bom-ref": "@types/xml2js@0.4.14", + "description": "TypeScript definitions for xml2js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/xml2js@0.4.14#types/xml2js", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/xml2js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/xml2js/-/xml2js-0.4.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e189eb45e9814a15913b6423bd48a7f04480e35ac7fbd9d018b506655ff5203862dd22fd3a1769342fccaee9535aea6d5cac21c7f683c44eeda15d1fff2a485d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/xml2js" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "1.7.2", + "bom-ref": "axios@1.7.2", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@1.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-1.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80f1084e32b6e89a50ee88b78af5789b201cee1de45caaa34e1e9d02ca9e44a09d4814387e5d91f703a0645edbf42b880518223463804cec1d703848b446683" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "compare-versions", + "version": "6.1.0", + "bom-ref": "compare-versions@6.1.0", + "author": "Ole Michelsen", + "description": "Compare semver version strings to find greater, equal or lesser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/compare-versions@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/omichelsen/compare-versions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd6505e1a94bea513a2da59d34a8b49a89fcb76f85450f9f3c691afc30a170e02314afdf32b73096e700c7e6ac7f0c46399020d771b711b82a8bd2ccc47f6b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/compare-versions" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "version": "2.0.2", + "bom-ref": "csv2json@2.0.2", + "author": "Julien Fontanet", + "description": "Stream and CLI to convert CSV to JSON", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/csv2json@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/julien-f/csv2json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/julien-f/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/julien-f/csv2json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv2json/-/csv2json-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61567bd8e7a14acf7e8f694c135d28b2624d1de23475c1e55fea8dabcc5c4744fe46df1668e09c84a884545dc6b0ae0e7f7cff2c4eb8c746dad5ca542e601c97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv2json" + } + ] + }, + { + "type": "library", + "name": "csv-parser", + "version": "2.3.5", + "bom-ref": "csv-parser@2.3.5", + "author": "mafintosh", + "description": "Streaming CSV parser that aims for maximum speed as well as compatibility with the csv-spectrum test suite", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parser@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/csv-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parser/-/csv-parser-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c21e8942e0094dc0bfb912e0f92c7d9554d2a90fc422c595b6cf32b55e6ad56146ac945638739068a0444738222e6c6f62bff0c0c858ece31d07bd6359bb25a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parser" + } + ] + }, + { + "type": "library", + "name": "minimist", + "version": "1.2.8", + "bom-ref": "minimist@1.2.8", + "author": "James Halliday", + "description": "parse argument options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "externalReferences": [ + { + "url": "git://github.com/minimistjs/minimist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/minimistjs/minimist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/minimistjs/minimist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimist" + } + ] + }, + { + "type": "library", + "name": "through2", + "version": "3.0.2", + "bom-ref": "through2@3.0.2", + "author": "Rod Vagg", + "description": "A tiny wrapper around Node.js streams.Transform (Streams2/3) to avoid explicit subclassing noise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through2@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/rvagg/through2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/rvagg/through2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/rvagg/through2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through2/-/through2-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a7683438314c8fd96e99c93e84b0ccea04f65a33f6af83c8aea3e976777402b3427ee916aa90757fdbf94ec034ee7811de27fd8b1bd96b2d6ddde6b58fb9cb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through2" + } + ] + }, + { + "type": "library", + "name": "exec-promise", + "version": "0.7.0", + "bom-ref": "exec-promise@0.7.0", + "author": "Julien Fontanet", + "description": "Testable CLIs with promises", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/exec-promise@0.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/exec-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exec-promise/-/exec-promise-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6b817e065a23cdb0f42b28227c5f754e6ec89d6afe89ad61853209a95362bd4d202ee90f3d27ec98ea4a7fa2d85845727852199e3bc8c18f8e99411af9e1780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exec-promise" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "1.0.2", + "bom-ref": "log-symbols@1.0.2", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: ✔︎ success", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a63eb5b4161d9fc4ecdd05b16fe20d66ea947bda16852cf2761b94891042dfd72fa2690ac31ba71608f8f2e7844761b640b7b5fe96cebdd0ac3ad807565c1cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols" + } + ] + }, + { + "type": "library", + "name": "has-ansi", + "version": "2.0.0", + "bom-ref": "has-ansi@2.0.0", + "author": "Sindre Sorhus", + "description": "Check if a string has ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-ansi@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0bcbc127c0f0502c75f6f866eeeae14ee52caf8fc8c8fea5e15ccd403bfeaf21d039b5b74d34e9f7207af16a588117b66db686b99fec7bbe08a857959cc9cb66" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi" + } + ] + }, + { + "type": "library", + "name": "promise-toolbox", + "version": "0.14.0", + "bom-ref": "promise-toolbox@0.14.0", + "author": "Julien Fontanet", + "description": "Essential utils for promises", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-toolbox@0.14.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/promise-toolbox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/promise-toolbox/-/promise-toolbox-0.14.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "555e655cae255da3c1f6804ee74a297b5a9dd0028df0dde72b5e2362f57dfea1667d95b63f1fdb2633d90678868d770825fe89e58fdca0d809b4f1c3ca2515fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/promise-toolbox" + } + ] + }, + { + "type": "library", + "name": "make-error", + "version": "1.3.6", + "bom-ref": "make-error@1.3.6", + "author": "Julien Fontanet", + "description": "Make your own error types!", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-error@1.3.6", + "externalReferences": [ + { + "url": "git://github.com/JsCommunity/make-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/make-error", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/make-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b3c52194d7bbbcf2a8990842d6a15e94ca24aff49cdc080d6eca379fbe2654f0392d3670901f4d9577f85cf6a62f1244f21d2087bdeb33de31bf0453d825489f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-error" + } + ] + }, + { + "type": "library", + "name": "pump", + "version": "3.0.0", + "bom-ref": "pump@3.0.0", + "author": "Mathias Buus Madsen", + "description": "pipe streams together and close all of them if one of them closes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pump@3.0.0", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pump.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pump#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pump/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f0672fa9dd216cd4fcad77f8d872de30a6fe3d1e2602a9df5195ce5955d93457ef18cefea34790659374d198f2f57edebd4f13f420c64627e58f154d81161c3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pump" + } + ] + }, + { + "type": "library", + "name": "end-of-stream", + "version": "1.4.4", + "bom-ref": "end-of-stream@1.4.4", + "author": "Mathias Buus", + "description": "Call a callback when a readable/writable/duplex stream has completed or failed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/end-of-stream@1.4.4", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/end-of-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faec358a720754f428695b87cd1c97776d6270cf9c9ede02cc3e6b5be342d708ce5124ceb3e4deec53afec084deef4bdc7fa08ca12cfe4f4751fea614001eee5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/end-of-stream" + } + ] + }, + { + "type": "library", + "name": "once", + "version": "1.4.0", + "bom-ref": "once@1.4.0", + "author": "Isaac Z. Schlueter", + "description": "Run a function exactly one time", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/once@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/once.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/once#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/once/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94d689808fb643951140191c7042874d038f697754c67659125413658d0c15402e684a9ed44f8dcaf81dcff688c8d8ba67d3333b976fd47f27e7cfc610ba77fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/once" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "version": "2.0.1", + "bom-ref": "pumpify@2.0.1", + "author": "Mathias Buus", + "description": "Combine an array of streams into a single duplex stream using pump and duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pumpify@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pumpify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pumpify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pumpify/-/pumpify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9bb28e8deee3671ae6bad6a79644b575a8f5752eb3e8182c97339799c484a48942c4cdd5247ee51b940b79c93fea1805e85e1cac57f4d54b5098db097f079303" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "version": "4.1.3", + "bom-ref": "duplexify@4.1.3", + "author": "Mathias Buus", + "description": "Turn a writable and readable stream into a streams2 duplex stream with support for async initialization and streams1/streams2 input", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/duplexify@4.1.3", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/duplexify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/duplexify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "337066061c09459b12c77f25672844e770ac75d83397947bc4624d93b09575d643e82726c0c087f09fbb029ac8ad0287ed3a272b16828dcbf6ed099ffac43ea0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/duplexify" + } + ] + }, + { + "type": "library", + "name": "inherits", + "version": "2.0.4", + "bom-ref": "inherits@2.0.4", + "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/inherits.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inherits#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inherits/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inherits" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "3.6.2", + "bom-ref": "readable-stream@3.6.2", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@3.6.2", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6efec9e20ab6370f959db04447cc71381b66025eaa06e454c7522082e1221bafa5dc2d9058d39c9af442a361e93d3b9c4e0308c6abed497460404bb43d49ca0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "stream-shift", + "version": "1.0.3", + "bom-ref": "stream-shift@1.0.3", + "author": "Mathias Buus", + "description": "Returns the next buffer/object in a stream's readable queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-shift@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/stream-shift.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efa3914740ced68d6194ac136e2fc33371175867f764960ef1c5d7e512709ee9760c4836a32a19ca32cda1033c5acbd988528245f0b53b427b882be27b745999" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-shift" + } + ] + }, + { + "type": "library", + "name": "strip-bom-stream", + "version": "4.0.0", + "bom-ref": "strip-bom-stream@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-stream@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-stream/-/strip-bom-stream-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d00a4ade20241efe966e02c80b0fc9e278701de0d9b01c4822c383fa01e064808be92789d12f5ffd666a7a691af5c8e44f230de6078877a7bc5395861409f771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-stream" + } + ] + }, + { + "type": "library", + "name": "first-chunk-stream", + "version": "3.0.0", + "bom-ref": "first-chunk-stream@3.0.0", + "author": "Sindre Sorhus", + "description": "Transform the first chunk in a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/first-chunk-stream@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/first-chunk-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd46f47886bfd2f1c5d7908639a538153fb2f7b6ae8b95859c83d9d606e5bba3534cc4a668ea83956bfe8621e90c188d08c3bb82f875a298c7bdbbf54078aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/first-chunk-stream" + } + ] + }, + { + "type": "library", + "name": "strip-bom-buf", + "version": "2.0.0", + "bom-ref": "strip-bom-buf@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-buf@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-buf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-buf/-/strip-bom-buf-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80b14d1ee71dea0cdbf2332c9794266774209d4266a7baa7e2e5121cdc045ee980a7b622ce8198c35f595157eeab868139052dca7da4f17fc2c33581ef75b695" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-buf" + } + ] + }, + { + "type": "library", + "name": "is-utf8", + "version": "0.2.1", + "bom-ref": "is-utf8@0.2.1", + "author": "wayfind", + "description": "Detect if a buffer is utf8 encoded.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-utf8@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/wayfind/is-utf8.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wayfind/is-utf8#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wayfind/is-utf8/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "acc60f62f0b3b17cb022c95d80b692a0f970e4f7e807fb2cafb858e292df72876b03933f780af36b56bd5664e234804d323386af53b0f664f2536a3af54e94f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-utf8" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.4.0", + "bom-ref": "fast-xml-parser@4.4.0", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90b6378c5970218c01343a237252ac3400b5dac7c3e8dc16ef8401d82a0d18fbed5718e58987a156e9c1dc7632362fa7e13b75740720c18be6285fd9d7c7e5aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "html-entities", + "version": "2.5.2", + "bom-ref": "html-entities@2.5.2", + "author": "Marat Dulin", + "description": "Fastest HTML entities encode/decode library.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-entities@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mdevils/html-entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mdevils/html-entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdevils/html-entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-entities/-/html-entities-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bffcf491310938159efc2b26aefa666eac79f7147d15c2bf87dfa784d2b3db798911462f58c5c7983e1b8deb45305a8af1c8a1e1aa800997638529ae0156d68" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-entities" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "9.1.0", + "bom-ref": "htmlparser2@9.1.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@9.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e737e0ea61d4a1a7abffded3c671a9c666d1ef326d3f021814c67f1f9b9c4e53d984abedba6d39ca23cadcc81a8b76b40f2571bfba98aa8c1e6847769eb610cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "inspecjs", + "version": "2.10.8", + "bom-ref": "inspecjs@2.10.8", + "description": "Schema definitions, classes on top, and utilities to deal with HDF files", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/inspecjs@2.10.8", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inspecjs/-/inspecjs-2.10.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7254873aba523f31f309f195a81cf5f5fa6162c37032af4b2383ed3d690a45521ee79e1bb2a255b7f49f665859d4be7919ac4ff7e3e49d8b026984338d276109" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inspecjs" + } + ] + }, + { + "type": "library", + "name": "lodash", + "version": "4.17.21", + "bom-ref": "lodash@4.17.21", + "author": "John-David Dalton", + "description": "Lodash modular utilities.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash@4.17.21", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf690311ee7b95e713ba568322e3533f2dd1cb880b189e99d4edef13592b81764daec43e2c54c61d5c558dc5cfb35ecb85b65519e74026ff17675b6f8f916f4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash" + } + ] + }, + { + "type": "library", + "name": "moment", + "version": "2.30.1", + "bom-ref": "moment@2.30.1", + "author": "Iskren Ivov Chernev", + "description": "Parse, validate, manipulate, and display dates", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/moment@2.30.1", + "externalReferences": [ + { + "url": "git+https://github.com/moment/moment.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://momentjs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moment/moment/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b849ad3616c33ab58f152fa176314205fcbd7f6628cb3469c1c97e0eaa42ead697db5173b132d055b315fd6ecfccd497eb1fdb842d73037736510e4dcc7ea1a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/moment" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "version": "4.2.0", + "bom-ref": "mustache@4.2.0", + "author": "mustache.js Authors", + "description": "Logic-less {{mustache}} templates with JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mustache@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/janl/mustache.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/janl/mustache.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/janl/mustache.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef58a9a52cb0ab961beffb5563219b9018206d4f07deee51cf9e9f1fad2318582bf2e1f0c6cf9a48a7aa9a5b885733349b4901ef1423292eaa3df7746f6668a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "version": "5.4.1", + "bom-ref": "papaparse@5.4.1", + "author": "Matthew Holt", + "description": "Fast and powerful CSV parser for the browser that supports web workers and streaming large files. Converts CSV to JSON and JSON to CSV.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/papaparse@5.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/mholt/PapaParse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://papaparse.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mholt/PapaParse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/papaparse/-/papaparse-5.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e2a4cb2026466ef1baf6de95b5e6ebe8eac89beb09deff8c282d93e515fdeba43c8c7bdcb011752cb83efee8af4f464265553e758ffb023980ca1864b7649af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "version": "0.3.1", + "bom-ref": "revalidator@0.3.1", + "author": "Charlie Robbins", + "description": "A cross-browser / node.js validator powered by JSON Schema", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/revalidator@0.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/flatiron/revalidator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flatiron/revalidator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flatiron/revalidator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/revalidator/-/revalidator-0.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2babe370f95e690e9430184b8dda7d40809fb403c5aa8451cab792a09317c0a3050a80ed42595df6211dd3341e20f7f157de026df6a0493bc0d8970a279c1d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/revalidator" + } + ] + }, + { + "type": "library", + "name": "run-script-os", + "version": "1.1.6", + "bom-ref": "run-script-os@1.1.6", + "author": "Charlie Guse", + "description": "run-script-os is a tool that will let you use generic npm script commands that will pass through to os specific commands.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-script-os@1.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/charlesguse/run-script-os.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-script-os/-/run-script-os-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa5e8fd8bce10534c37f32adb3e428e07f785542a9c4a0c5cfa431c7069464dd26c2f8bb2f7969388ec1a8f0aaee58038775cb974769797c1f715222b65ad8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-script-os" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d0080560b1f6a7118681dc81c27482f53b48dd65614d995ee49f974e1b482e4ea6f0c71722428dd347a263d7c6342508153aed85bae0fcd8eff548107ec5db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.4.3", + "bom-ref": "tailwindcss@3.4.3", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bb31424fe7dfdec19b1e091db271fe248e3afe46f882377f59292e963641e52fe4370f75c4ec60b96eb197ead4db611d2d5cd5c668c859a691ec75af391ed0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "group": "@alloc", + "version": "5.2.0", + "bom-ref": "@alloc/quick-lru@5.2.0", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40alloc/quick-lru@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52b700041fb86d4ac5001c1b96e4c8044ad7c2f6ec53f57b4d959f99b8097db930881bb3892f60c5d383532ba279c7dd190f398e094c5ba8ee4b7fb3e53b0a2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@alloc/quick-lru" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "5.0.2", + "bom-ref": "arg@5.0.2", + "author": "Josh Junon", + "description": "Unopinionated, no-frills CLI argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@5.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d88f214e2ca43dcb9ec9bd0e902e8f1d02036ab3087c33544c25875076e4fac5b59280adfa3ff67fbfea7cf3ca4cebd8cc31f4bc5ddf05e88d6443f23d1d41a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "chokidar", + "version": "3.5.3", + "bom-ref": "chokidar@3.5.3", + "author": "Paul Miller", + "description": "Minimal and efficient cross-platform file watching library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/paulmillr/chokidar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/chokidar", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/chokidar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar" + } + ] + }, + { + "type": "library", + "name": "didyoumean", + "version": "1.2.2", + "bom-ref": "didyoumean@1.2.2", + "author": "Dave Porter", + "description": "Match human-quality input to potential matches by edit distance.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/didyoumean@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/dcporter/didyoumean.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "831b727ea320ec62b285099bd39e8aeccdf1b33cbf9b21fcc3e078453f905c142cbc039d7375f29aa0c33c7c750603e0b1d000e522227e89daf3d62d4404c3cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/didyoumean" + } + ] + }, + { + "type": "library", + "name": "dlv", + "version": "1.1.3", + "bom-ref": "dlv@1.1.3", + "author": "Jason Miller", + "description": "Safely get a dot-notated property within an object.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dlv@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/developit/dlv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/developit/dlv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/developit/dlv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87972b728e53ca9c81bc5ee446f16be604ff31b3c3fbd72f9228a4ba6575a81202ee78fc6d0e8504887ed691d78f5ab439241a44e9aa15a9f65f2544248d7c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dlv" + } + ] + }, + { + "type": "library", + "name": "fast-glob", + "version": "3.3.2", + "bom-ref": "fast-glob@3.3.2", + "author": "Denis Malinochkin", + "description": "It's a very fast and efficient glob library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-glob@3.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/mrmlnc/fast-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a17dabb80150c1ffceae3f26ef7ed8e5a7710d03b42c007bfd2e4c9f109d4cd0dde29e81b32215b2ff4942c0136d34aaf0a1d1a4bc081db56550d6adc5dfb53b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob" + } + ] + }, + { + "type": "library", + "name": "fs.stat", + "group": "@nodelib", + "version": "2.0.5", + "bom-ref": "@nodelib/fs.stat@2.0.5", + "description": "Get the status of a file with some features", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.stat@2.0.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "46484f3e9db3aea0c0400ff68cd867ced70f025bfae17761229edaef8e78039a2f23b06e93182decc5fbb9dc00bb7ce0d437293d4d2bcf7555d5279aaaf638f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.stat" + } + ] + }, + { + "type": "library", + "name": "fs.walk", + "group": "@nodelib", + "version": "1.2.8", + "bom-ref": "@nodelib/fs.walk@1.2.8", + "description": "A library for efficiently walking a directory recursively", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.walk@1.2.8#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0607e53196059c810920c28f067041b07a6a1316ddc520ef5a6da6c199a1b05c8a01299f864f2d293f5f396de1a0ecb96287f3521d25765c0b35967ce7a1c4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.walk" + } + ] + }, + { + "type": "library", + "name": "is-glob", + "version": "4.0.3", + "bom-ref": "is-glob@4.0.3", + "author": "Jon Schlinkert", + "description": "Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/is-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/is-glob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/is-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-glob" + } + ] + }, + { + "type": "library", + "name": "merge2", + "version": "1.4.1", + "bom-ref": "merge2@1.4.1", + "description": "Merge multiple streams into one stream in sequence or parallel.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge2@1.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/teambition/merge2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/teambition/merge2", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/teambition/merge2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2aed51203095b827cb5c7d53f2f20d3d35c43065d6f0144aa17bf5999282338e7ff74c60f0b4e098b571b10373bcb4fce97330820e0bfe3f63f9cb4d1924e3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge2" + } + ] + }, + { + "type": "library", + "name": "micromatch", + "version": "4.0.5", + "bom-ref": "micromatch@4.0.5", + "author": "Jon Schlinkert", + "description": "Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/micromatch@4.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/micromatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/micromatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/micromatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0cccbe1117045b6abc6763e8f96357bb0ddce586944858c03b91ac26a7c497b523bed22e14a3ba66b2af708b5dcbdf1dc05236375b60df334874a6904fe68d74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/micromatch" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "6.0.2", + "bom-ref": "glob-parent@6.0.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@6.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f1c08f043a1550816a7a8832feddbd2bf3a7f877a017eb3494e791df078c9d084b972d773915c61e3aefa79c67ed4b84c48eeff5d6bb782893d33206df9afe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "jiti", + "version": "1.21.0", + "bom-ref": "jiti@1.21.0", + "description": "Runtime typescript and ESM support for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jiti@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/unjs/jiti.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/unjs/jiti#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/unjs/jiti/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "805a8021bb8acb2b28ff71b6aa188ed8e33ab2163a10f3ff474fa69036f2b29c4a6b387c0570c2e45885b148e573381d373fef7eb6b475adb2f9a1ebbac2c6fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jiti" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "2.1.0", + "bom-ref": "lilconfig@2.1.0", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad58eb7f187cee5319cb2b107a764f3546839ea0d78781bad78ae1a4e32c85e6a951cfe888556bb9e84d9fa861c5ad7cf440d5212c1ffc9caaaf447eba24a19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "braces", + "version": "3.0.2", + "bom-ref": "braces@3.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/braces@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/braces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/braces", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/braces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/braces" + } + ] + }, + { + "type": "library", + "name": "picomatch", + "version": "2.3.1", + "bom-ref": "picomatch@2.3.1", + "author": "Jon Schlinkert", + "description": "Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/picomatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/picomatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/picomatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picomatch" + } + ] + }, + { + "type": "library", + "name": "normalize-path", + "version": "3.0.0", + "bom-ref": "normalize-path@3.0.0", + "author": "Jon Schlinkert", + "description": "Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/normalize-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-path" + } + ] + }, + { + "type": "library", + "name": "object-hash", + "version": "3.0.0", + "bom-ref": "object-hash@3.0.0", + "author": "Scott Puleo", + "description": "Generate hashes from javascript objects in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-hash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/puleos/object-hash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/puleos/object-hash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/puleos/object-hash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4529fd17af0f8c7f47aad96db129ea602d575e859ef418eee7edb5dd1f7c70d1adb5a83dabdc80393cdd6ecaaf21aeda366e567df059169598af6696ae495603" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-hash" + } + ] + }, + { + "type": "library", + "name": "picocolors", + "version": "1.0.0", + "bom-ref": "picocolors@1.0.0", + "author": "Alexey Raspopov", + "description": "The tiniest and the fastest library for terminal output formatting with ANSI colors", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/picocolors@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexeyraspopov/picocolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5fca0ae84cb947bbaeb38b6e95a130eff324609b415c71e72cb2da3e321b19d03fc3196dac9bc13c0235bb354e5555346de46c5b799e6a06e26bf87c8b6248d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picocolors" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "15.1.0", + "bom-ref": "postcss-import@15.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@15.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "869afe274e41d855585005c778ad58c88dbaec9fdd0c384c53a07a722be6f21498d636099c15f1cca0ca0ecc33266b4b1ebcab8e19c38eaaa9ff8f6df0500b7b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-value-parser", + "version": "4.2.0", + "bom-ref": "postcss-value-parser@4.2.0", + "author": "Bogdan Chadkin", + "description": "Transforms css values and at-rule params into the tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-value-parser@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/postcss-value-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4d342b3abaeadf9156de5c6e12f09153f6dd7d9b8e480a789ff3358b779a0f499e74427c0c7caf87de3bf8d3c7788f0ffb06db6fe5ac52e48887a0b69534779" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-value-parser" + } + ] + }, + { + "type": "library", + "name": "postcss", + "version": "8.4.38", + "bom-ref": "postcss@8.4.38", + "author": "Andrey Sitnik", + "description": "Tool for transforming styles with JS plugins", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss@8.4.38", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://postcss.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a0969764d370527d7907a106b76ffa2e96ba2d024c2b94b0d148e6fd0f46cdf3a15d47213d969a52a77dda1cd3e005ad09282a01f9dac52d9910a1145869ee4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss" + } + ] + }, + { + "type": "library", + "name": "read-cache", + "version": "1.0.0", + "bom-ref": "read-cache@1.0.0", + "author": "Bogdan Chadkin", + "description": "Reads and caches the entire contents of a file until it is modified", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-cache@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/read-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/read-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/read-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b076ffc5b7b2233a09bf8b4c6f3436752eb4403517dec386f6a6b1773963102f12dfbb76d2f055610acad208c2b8951e7a63dc9af804e1a13a43093c429a944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-cache" + } + ] + }, + { + "type": "library", + "name": "pify", + "version": "2.3.0", + "bom-ref": "pify@2.3.0", + "author": "Sindre Sorhus", + "description": "Promisify a callback-style function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9d82c018f9f4e7befee423b69ac5bab058d6f4007881d2a04ef3d3d928f9284e618e81d6eb1c3283fb40765f8b937c9fc54f5474f6bf604ec8d48cd268b6ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pify" + } + ] + }, + { + "type": "library", + "name": "resolve", + "version": "1.22.8", + "bom-ref": "resolve@1.22.8", + "author": "James Halliday", + "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve@1.22.8", + "externalReferences": [ + { + "url": "git://github.com/browserify/resolve.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserify/resolve#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserify/resolve/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a59e3c2c6aa5de8594bbc6575554d31edb90f9a608da25c738cc7f835cce80e741c216ac017e70fb599f98ba9fe45f0f677d8b4b73a4a9c6e98935ebcc88cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve" + } + ] + }, + { + "type": "library", + "name": "postcss-js", + "version": "4.0.1", + "bom-ref": "postcss-js@4.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS for CSS-in-JS and styles in JS objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-js@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7432c5f2910ed7dd6124cb651c53d16bcc6c8b31da33cd8c2df364507754b55115ded813a79a23fbca9b12a60ce7b48b7dcef82926f0fffe1278999ad8b45523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-js" + } + ] + }, + { + "type": "library", + "name": "camelcase-css", + "version": "2.0.1", + "bom-ref": "camelcase-css@2.0.1", + "author": "Steven Vachon", + "description": "Convert a kebab-cased CSS property into a camelCased DOM property.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase-css@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/stevenvachon/camelcase-css.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40e4af7af86c9628e0630471e91bfbcca74c17c95b466c7eb901b1dbebc373e288fde067b32f648ade5a8f6dc0806bb7a5ae2df408306e75d6a92fa2398fb668" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase-css" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "4.0.2", + "bom-ref": "postcss-load-config@4.0.2", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2561c8918bd34c0c5683d4cc05409db1285b2a91c648efeb8b54978dbb48a9cfac436daba849c14a23ae8333d9507e43579d9a2e087eb00fa5a9a2e5556031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "10.9.2", + "bom-ref": "ts-node@10.9.2", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@10.9.2", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://typestrong.org/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f4145a4875c1e09fccdc3d26dfd5d45ebf0b74e3b60c9da889337bb6c3645ec2b07e7e86ffcde3d972b3b24282cc30eeda04875d2dc40810ae5d62390b9c6ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "2.4.3", + "bom-ref": "yaml@2.4.3", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b27b609b18fca3b0c4ee0fd08bad1caa92c10371c6dd24dc0c0d243be59f074e6310a85931b63bba6366dab06942fb26675ebf94f5c22465b6ebbd9d80e524ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.1", + "bom-ref": "postcss-nested@6.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "984a78c4f322e5b49688c6ec8283df70fef896c58b1e441b65cdec63e8d661deb9094c17ad4693a747e63696b4d597044ca94881474537f3294b6c59b6a2fd75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03445526b5fe21491565b5b70a5ae8456bab7ab70586279ebc7077f2caf6fa5f5e50294caa899edcb9849a7865372fb932bd8460de81d8a6b0f7061d77e5478b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-selector-parser" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd36ff25c8cad75d67352706a1be4c36db27b4d3356823540e2a41fd39306458720ebac4e3b48ec7fd7cc05d9b6e381cdd9cc248a5b54f99ede446c5a00cff56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cssesc" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/util-deprecate" + } + ] + }, + { + "type": "library", + "name": "nanoid", + "version": "3.3.7", + "bom-ref": "nanoid@3.3.7", + "author": "Andrey Sitnik", + "description": "A tiny (116 bytes), secure URL-friendly unique string ID generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nanoid@3.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/ai/nanoid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ai/nanoid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ai/nanoid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "792469a6370f21ab5120c0b553a52780ff1715ccfc31058641db75313050ecd6809af5c37ef3716ef595df1db2e8274451c8824ac0c70d065b858681f10128da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nanoid" + } + ] + }, + { + "type": "library", + "name": "source-map-js", + "version": "1.2.0", + "bom-ref": "source-map-js@1.2.0", + "author": "Valentin 7rulnik Semirulnik", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map-js@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/7rulnik/source-map-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad256f25bd20344d71298624686b0b0292c9e57fc4b2be617322196da801e5b9777cf2990277e7172551d30f0742af4233c29b529b4df9207424b54bb541432" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-js" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "847ac88ef66c7ed3acbca4a7d9345897adf3bf1b201342bed2660ca07ea00f8a264792160762b29e2bc141cce8dfec05d5c0a48f3be9b6723d434b0f53aea297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-core-module" + } + ] + }, + { + "type": "library", + "name": "path-parse", + "version": "1.0.7", + "bom-ref": "path-parse@1.0.7", + "author": "Javier Blanco", + "description": "Node.js path.parse() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-parse@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jbgutierrez/path-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c32733d510410f47ecb8f33f7703411dd325dbf29001c865a8fe4e5861d620a58dbfd84b0eb24b09aeaee5387c6bcab54e9f57a31baa00a7c6a1bce2100fcb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-parse" + } + ] + }, + { + "type": "library", + "name": "supports-preserve-symlinks-flag", + "version": "1.0.0", + "bom-ref": "supports-preserve-symlinks-flag@1.0.0", + "author": "Jordan Harband", + "description": "Determine if the current node version supports the `--preserve-symlinks` flag.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/node-supports-preserve-symlinks-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2dd169d74bd7e076480871e3dee911cd935580f3e9ae3dae9c4a3791dd5f0adbbabd041d6b4c4dd1d69ec7bf4cf567201cf2ce95beff0323259febcd4c02dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-preserve-symlinks-flag" + } + ] + }, + { + "type": "library", + "name": "sucrase", + "version": "3.35.0", + "bom-ref": "sucrase@3.35.0", + "author": "Alan Pierce", + "description": "Super-fast alternative to Babel for when you can target modern JS runtimes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sucrase@3.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/alangpierce/sucrase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alangpierce/sucrase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alangpierce/sucrase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f046d50e2bbd88dfe7112c31792c4329ed1dba7b5ad463a51ee7e64925f1303db3dbfb4c6690cca6f5d01ac73e6a31a8f32dae6149a2c5a49151cfd03e843418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase" + } + ] + }, + { + "type": "library", + "name": "gen-mapping", + "group": "@jridgewell", + "version": "0.3.5", + "bom-ref": "@jridgewell/gen-mapping@0.3.5", + "author": "Justin Ridgewell", + "description": "Generate source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/gen-mapping@0.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/gen-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2332fc66810320145613394271184e682ba963237981d20af90e9f6c574f0e0e87a97ea3a6422d9fb0c52295bd2d0cd71ba0dff6c03bf8e2a7ab4aa5cff19a42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/gen-mapping" + } + ] + }, + { + "type": "library", + "name": "set-array", + "group": "@jridgewell", + "version": "1.2.1", + "bom-ref": "@jridgewell/set-array@1.2.1", + "author": "Justin Ridgewell", + "description": "Like a Set, but provides the index of the `key` in the backing array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/set-array@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/set-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/set-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/set-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47c80b45365eca9d37ca6ccfffa2e297fdbcb46786133871d6ada4ef4dca19644023555dbcf217746ef4549736a40330dcd03a24a2f986116ed6c257d0c9e7fc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/set-array" + } + ] + }, + { + "type": "library", + "name": "sourcemap-codec", + "group": "@jridgewell", + "version": "1.4.15", + "bom-ref": "@jridgewell/sourcemap-codec@1.4.15", + "author": "Rich Harris", + "description": "Encode/decode sourcemap mappings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/sourcemap-codec@1.4.15", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/sourcemap-codec.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "785dabc4246e9442971d34620eb0f2e9eacc616a8dc382cf750f14400e21baec5a42c55e44f165da833ca031b130584951665ff4c7292ed25ab030d96ff0697a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/sourcemap-codec" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.25", + "bom-ref": "@jridgewell/trace-mapping@0.3.25", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.25", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bcd93a684c326c6b5ac169b2fcfcf09c60ce8c290b5920f6c2abe3186020380c02196c926177d8a31b74d082644c5fbc2dbe7b0f039bdc06b4a3d080a5ea6261" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cc28352722d7ba6df6f99d6bfb57f71a235ebd38782fc236fb5785a4794bdb410763af9ad62aa1c588a59bfdf70ec01f82cc14fea9b5a3be3f8357046c92922" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8910cf24a50f544343edd1cf3bcae46ce9cfa720f281c0c5b568e9796342832f163f6ad77315cbf13b2445e425e8eac1d86efe509ada82cd6ad7916e75cec6eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cross-spawn" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "377c824bf35e82c381a2473c18074cf147267ec2a2492f1c8a985e0ff9e2bf3afbd341fe9ec30ec498d09efc0e711615b8591d1f4c0652f5b659b5c69ab6466d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jackspeak" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc8dc8da6d76a578e1bd0d0d3e0115d66414df9cfe16340ab3ba224aee5978e009b118abff2763384cf8f18d8df39c109fbc15c5cee726d6dc1dc85c9b16a10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width-cjs" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3128d8cdc58d380d1ec001e9cf4331a5816fc20eb28f2d4d1b7c6d7a8ab3eb8e150a8fd13e09ebd7f186b7e89cde2253cd0f04bb74dd335e126b09d5526184e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf29a6e7ebbeb02b125b20fda8d69e8d5dc316f84229c94a762cd868952e1c0f3744b8dbee74ae1a775d0871afd2193e298ec130096c59e2b851e83a115e9742" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-fullwidth-code-point" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23cf1361959cf578981d1438ff7739ae38df8248e12f25b696e18885e18445b350e8e63bc93c9b6a74a90d765af32ed550ff589837186be7b2ab871aee22ea58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eastasianwidth" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aae2505e54d25062f62c7f52517a3c570b18e2ca1a9e1828e8b3529bce04d4b05c13cb373b4c29762473c91f73fd9649325316bf7eea38e6fda5d26531410a15" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdb07dac22404f5adb8e25436f686a2851cd60bc60b64f0d511c59dc86700f717a36dc5b5d94029e74a2d4b931f880e885d3e5169db6db05402c885e64941212" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb55648dd0f44012cfa1d1ab2547aa6ab1fc54022f40e0c86f087d5e93f94b28ac7fb628420b0928f345a2aa8b425bbe550fed552b21311ea5a0f327f14f9d3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@pkgjs/parseargs" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2aa5a1f957217f170c3510098e3dad9ec48974d6c7b1582790185336b5bb023568e8ebcbb71c3ccdf4fda0bc35252a21945cc9f230a84e06a85ef27e907b7a7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.10.2", + "bom-ref": "path-scurry@1.10.2", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef14dabcdcb94505e7b2300dbd5bcc9048ef9683a29e4023bff67a225773f6fd918a767848129358539545b685f29d2fa479f28d5fd4c0d0dd2ae52fe8ce6a70" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry" + } + ] + }, + { + "type": "library", + "name": "lines-and-columns", + "version": "1.2.4", + "bom-ref": "lines-and-columns@1.2.4", + "author": "Brian Donovan", + "description": "Maps lines and columns to character offsets and back.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lines-and-columns@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/eventualbuddha/lines-and-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef297295eb1943f3d5dbd8e110397751f8e8e995fb802a89af917b3caaea73ddefedfcd2ca6b75069c0453c9c0517b3cab3cefaa16e384ae50660e8cb7f1e406" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lines-and-columns" + } + ] + }, + { + "type": "library", + "name": "mz", + "version": "2.7.0", + "bom-ref": "mz@2.7.0", + "author": "Jonathan Ong", + "description": "modernize node.js to current ECMAScript standards", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mz@2.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/normalize/mz.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/normalize/mz#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/normalize/mz/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfcd4634eee79d830486b1a1f4b7b29a8138f98af45a7e4c70721930ae5c7d00a5f8d0d7d3cb0266051cf7fe8c1e78bd216b852e6d59dc74c25eedb3f5f37ad9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mz" + } + ] + }, + { + "type": "library", + "name": "any-promise", + "version": "1.3.0", + "bom-ref": "any-promise@1.3.0", + "author": "Kevin Beaty", + "description": "Resolve any installed ES6 compatible promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/any-promise@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevinbeaty/any-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/kevinbeaty/any-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevinbeaty/any-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed4be629a95646dd708232f546b1b1a12256ff44191487a0a5e1af646f648e9f2fad1bb9e574c76f09eaab61a95e6f6e2db72e8719b722a5fd381e0c651d5bd8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/any-promise" + } + ] + }, + { + "type": "library", + "name": "object-assign", + "version": "4.1.1", + "bom-ref": "object-assign@4.1.1", + "author": "Sindre Sorhus", + "description": "ES2015 `Object.assign()` ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/object-assign.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-assign" + } + ] + }, + { + "type": "library", + "name": "thenify-all", + "version": "1.6.0", + "bom-ref": "thenify-all@1.6.0", + "author": "Jonathan Ong", + "description": "Promisifies all the selected functions in an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify-all@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify-all.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify-all#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify-all/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44dc501ffa88f3fb77b615c90f072cb543b8cdeaa8eb8f94cbffac355441c785e7d8e5fe399f683fe8899cd16aa6516b6b665455e28249ada85568b74f8b9598" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify-all" + } + ] + }, + { + "type": "library", + "name": "thenify", + "version": "3.3.1", + "bom-ref": "thenify@3.3.1", + "author": "Jonathan Ong", + "description": "Promisify a callback-based function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "455652215e481b5d079377a7a2dae1bf3d13f5e9ba7321c12e41ff60066e2aa77c85190a8527c218870fd8a518d043f19ddcc034198d965cd63f06a4f9b85e4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify" + } + ] + }, + { + "type": "library", + "name": "pirates", + "version": "4.0.6", + "bom-ref": "pirates@4.0.6", + "author": "Ari Porad", + "description": "Properly hijack require, i.e., properly define require hooks and customizations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pirates@4.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/danez/pirates.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/danez/pirates#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/danez/pirates/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1a2ec1fb59e6183e20f6e4b0ee2d1458fe2fba1da3d8afa1b539494ddfda2dce4493c4a9ee6d1f514f14b7fca939d2cd60d894e01705900d0ca9942e7f48766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pirates" + } + ] + }, + { + "type": "library", + "name": "ts-interface-checker", + "version": "0.1.13", + "bom-ref": "ts-interface-checker@0.1.13", + "author": "Dmitry S, Grist Labs", + "description": "Runtime library to validate data against TypeScript interfaces", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ts-interface-checker@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/gristlabs/ts-interface-checker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63f6abbdb9feaebcf72422a5f42e2454d7d37d29b6fe6129e454b3e44b194803463d2950ae9448e4ce0f285fa6267139da338ef743e73d273752bddb4d0c3480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-interface-checker" + } + ] + }, + { + "type": "library", + "name": "tw-elements", + "version": "1.1.0", + "bom-ref": "tw-elements@1.1.0", + "author": "MDBootstrap", + "licenses": [ + { + "license": { + "name": "AGPL" + } + } + ], + "purl": "pkg:npm/tw-elements@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/Tailwind-Elements.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwind-elements.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/Tailwind-Elements/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tw-elements/-/tw-elements-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "214afd616da5f7da13559c6e563420eaba6e0a9a3a559a9b68a19899950d555b2849553f9633e9909018d8f9ff9a8ae55f028f84ff4c4cf3503255a8b2a1cbe3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@popperjs", + "version": "2.11.8", + "bom-ref": "@popperjs/core@2.11.8", + "author": "Federico Zivolo", + "description": "Tooltip and Popover Positioning Engine", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40popperjs/core@2.11.8", + "externalReferences": [ + { + "url": "git+https://github.com/popperjs/popper-core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/popperjs/popper-core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/popperjs/popper-core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f5b2dd1a92c0ab9fdb06661a7c18c63006742c6ef016b19017e38a1734dbcb1c6a8039ca15c668d98a886cb7043b4aa2a76d1e3b6a474d8beba57960fcfa0e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@popperjs/core" + } + ] + }, + { + "type": "library", + "name": "chart.js", + "version": "3.9.1", + "bom-ref": "chart.js@3.9.1", + "description": "Simple HTML5 charts using the canvas element.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chart.js@3.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/Chart.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.chartjs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/Chart.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chart.js/-/chart.js-3.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "468d896cb9af83cde05c5e45e2c9e2690fa54db4afd7c13e4c87f670e7a21f522a7763c614eb5e9be0d4b9f319b02270144ef2c0f3a97d7141c114c6abb761eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chart.js" + } + ] + }, + { + "type": "library", + "name": "chartjs-plugin-datalabels", + "version": "2.2.0", + "bom-ref": "chartjs-plugin-datalabels@2.2.0", + "description": "Chart.js plugin to display labels on data elements", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chartjs-plugin-datalabels@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/chartjs-plugin-datalabels.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://chartjs-plugin-datalabels.netlify.app", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/chartjs-plugin-datalabels/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chartjs-plugin-datalabels/-/chartjs-plugin-datalabels-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d78654df4947ee7f3da2af80e1b59a24f9c01bc6bb65393b74a7f8f1803332f26342d8eb820e43a64f5ff8b6e3085e9ba71dd10064de2f5dc85e929063246f97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chartjs-plugin-datalabels" + } + ] + }, + { + "type": "library", + "name": "deepmerge", + "version": "4.3.1", + "bom-ref": "deepmerge@4.3.1", + "description": "A library for deep (recursive) merging of Javascript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deepmerge@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/TehShrike/deepmerge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dec52a6cc11cefb5eaa5d34eec547246883e796de987e19809b8feacafae63244cbb0b15cb4acc895b4f9fe40994a16f58fff53d8a5aa6a627d0c7b6927167f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deepmerge" + } + ] + }, + { + "type": "library", + "name": "detect-autofill", + "version": "1.1.4", + "bom-ref": "detect-autofill@1.1.4", + "author": "Matteo Badini", + "description": "Small javascript library to detect and even prevent browsers autofill of form elements. Usefull for implementing floating labels or applying custom logics/styles.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-autofill@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/matteobad/detect-autofill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-autofill/-/detect-autofill-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad081430091fdb7929c00d09810bb0b8b53b9e0419180a5e964a97c652460a3bff8cccfc6a6068fa1b832f1f370a987d600932be56e9d7daf69a82f9115cfbc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-autofill" + } + ] + }, + { + "type": "library", + "name": "custom-event-polyfill", + "version": "1.0.7", + "bom-ref": "custom-event-polyfill@1.0.7", + "author": "Evan Krambuhl", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/custom-event-polyfill@1.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumarharsh/custom-event-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/custom-event-polyfill/-/custom-event-polyfill-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c30e47790e4699c5914cf29fb5237c8096f337ad2af5c1bace9621b8c898b08a731937ccff8862fb05394392b25c6139a05126f8cb054273765a52d3ad0bbeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/custom-event-polyfill" + } + ] + }, + { + "type": "library", + "name": "perfect-scrollbar", + "version": "1.5.5", + "bom-ref": "perfect-scrollbar@1.5.5", + "author": "Hyunje Jun", + "description": "Minimalistic but perfect custom scrollbar plugin", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/perfect-scrollbar@1.5.5", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/perfect-scrollbar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://perfectscrollbar.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/perfect-scrollbar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/perfect-scrollbar/-/perfect-scrollbar-1.5.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7736a57eeb723f77bf14ea5d96156bc8de002795c355ab955b1c9b4a42d999a905136b12df2de97382674a9af0f2d1a61ef91a1b911daf94fb2c14d9f96594da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/perfect-scrollbar" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74ecbedc0b96ddadb035b64722e319a537208c6b8b53fb812ffb9b71917d3976c3a3c7dfe0ef32569e417f479f4bcb84a18a39ab8171edd63d3a04065e002c40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "version": "5.1.1", + "bom-ref": "quick-lru@5.1.1", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/quick-lru@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5aec802d18d63c31adb7fc3326269d3b901763ef2167cd215697ba3328af82b691116ef9d57dd26e146f1b778b28e60dfbc544bea2dc7f7c1d9ede386784b848" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/quick-lru" + } + ] + }, + { + "type": "library", + "name": "validator", + "version": "13.12.0", + "bom-ref": "validator@13.12.0", + "author": "Chris O'Hara", + "description": "String validation and sanitization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/validator@13.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/validatorjs/validator.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/validatorjs/validator.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/validatorjs/validator.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "73543498288f960753555548248ac1bb136271813eb7fee829e23d3162e3ddf87fbaad8fc61ff779e59b559e0e7065b54d47f9dc0b749e31f0e5231d037b6632" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validator" + } + ] + }, + { + "type": "library", + "name": "winston", + "version": "3.13.0", + "bom-ref": "winston@3.13.0", + "author": "Charlie Robbins", + "description": "A logger for just about everything.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston@3.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/winston.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af089d980d70dd21388f413932e22e7c587224f0431bb36eef5464668af5a76faa1ef25267d1980c0f3503295e41c65b87ff95e878de05d7e74d9266f6b49e41" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston" + } + ] + }, + { + "type": "library", + "name": "xml-formatter", + "version": "3.6.2", + "bom-ref": "xml-formatter@3.6.2", + "author": "Chris Bottin", + "description": "Converts a XML string into a human readable format (pretty print) while respecting the xml:space attribute", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-formatter@3.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-formatter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-formatter/-/xml-formatter-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a75a17af64d3b07df645521ce5d5631c85af2514b654809ecdcc5b39520e193850a8361786617cf527d233fdef9c4e7f6b0a4b93d46c1369ccfe6259851ce1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-formatter" + } + ] + }, + { + "type": "library", + "name": "xml-parser-xo", + "version": "4.1.1", + "bom-ref": "xml-parser-xo@4.1.1", + "author": "Chris Bottin", + "description": "Parse a XML string into a proprietary syntax tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-parser-xo@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-parser-xo/-/xml-parser-xo-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a07f6cbdd3e63a7bd20ae61a0fb9e99b547274dcf84349d8657449a0cdb8a1ceef64d17068d2c7dc1716928b85b53e5512488d6893e309d09097527f94e0897" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-parser-xo" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "version": "0.6.2", + "bom-ref": "xml2js@0.6.2", + "author": "Marek Kubica", + "description": "Simple XML to JavaScript object converter.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml2js@0.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/Leonidas-from-XIV/node-xml2js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f8ae2787682d445dc112d0ac718f825681a5101c393eab01dc60e0851df8b02b3eed3953cbabb1e3abd74cd5608c87296a3047cfee131c3880a1be8b6265e80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml2js" + } + ] + }, + { + "type": "library", + "name": "heimdall-lite", + "group": "@mitre", + "version": "2.10.9", + "bom-ref": "@mitre/heimdall-lite@2.10.9", + "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/heimdall-lite@2.10.9", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/heimdall-lite/-/heimdall-lite-2.10.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2461c6dd654cc64d0fe72259a9ce9c523f6cc15b5f4dab68a0b6408109cca569420a5f72a47f4d15c350a49f04c5300a91b4c4aa9d260f00155d13e8d4cec663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/heimdall-lite" + } + ] + }, + { + "type": "library", + "name": "express", + "version": "4.19.2", + "bom-ref": "express@4.19.2", + "author": "TJ Holowaychuk", + "description": "Fast, unopinionated, minimalist web framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/express@4.19.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/express.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://expressjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/express/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e53ea7863b13f8438ccee724f098c11c04531df321b743cece503ad16576a4c0f78325f0d8b66767eb9e19d3711bed1c6a538971629ba4572eccb67dd585aaf5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express" + } + ] + }, + { + "type": "library", + "name": "inspec-objects", + "group": "@mitre", + "version": "1.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1", + "author": "The MITRE Security Automation Framework", + "description": "Typescript objects for normalizing between InSpec profiles and XCCDF benchmarks", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/inspec-objects@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/ts-inspec-objects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/inspec-objects/-/inspec-objects-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a7136eb75cf5d4548971c289f5e7466f82a8cf013f3f797022b0b49b04307009b52f45647794525979c232788ae0db3f437334472066b39cea8733e4fcd8038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects" + } + ] + }, + { + "type": "library", + "name": "flat", + "group": "@types", + "version": "5.0.5", + "bom-ref": "@types/flat@5.0.5", + "description": "TypeScript definitions for flat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/flat@5.0.5#types/flat", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/flat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/flat/-/flat-5.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cf2e58d940a4a769ce77283503ceecdd45f188d130dbe6a3eb6fe4ab43237732d750ace9c6b0a9e21cdd62619b0910121542f7bde18ea0373db6b2021266af9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "group": "@types", + "version": "1.2.3", + "bom-ref": "@types/he@1.2.3", + "description": "TypeScript definitions for he", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/he@1.2.3#types/he", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/he", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abaeffab09716e50f3103bf31e1564c1cd60cd55b168dc5ec87501178c4496bbe32f5d4ef98b737bed5f1a904796bfc7f66ca20546945cd9cd3e6047c717c070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/he" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "group": "@types", + "version": "0.7.0", + "bom-ref": "@types/json-diff@0.7.0", + "description": "TypeScript definitions for json-diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-diff@0.7.0#types/json-diff", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-diff/-/json-diff-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db4209aaea461f2c2d21a13a7d2df48b2821ddd56a55dce6b27ad89ff545b916902b12f1fd1187e4af618427dcb55c6037b2b32659c3ee060500eacdc220a0b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-diff" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/jstoxml@2.0.4", + "description": "TypeScript definitions for jstoxml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jstoxml@2.0.4#types/jstoxml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jstoxml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jstoxml/-/jstoxml-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c750ca76b7c09f254b0ab7caa396ca595a59157af785836785fe4455f022a2350f8577798991f7b12035ed6449c6ff868965109534d9f8eb335d75254850dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jstoxml" + } + ] + }, + { + "type": "library", + "name": "lodash", + "group": "@types", + "version": "4.17.4", + "bom-ref": "@types/lodash@4.17.4", + "description": "TypeScript definitions for lodash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/lodash@4.17.4#types/lodash", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/lodash", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1808fdba64bc5a4f7477f6488ddbe1dc278913777535c1a23f718ee2bd662a14fea95b764da6f8ba59de8f1d9c7b4ffb7ccf4be5917320dd060b6bb0d9fc825" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/lodash" + } + ] + }, + { + "type": "library", + "name": "pretty", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/pretty@2.0.3", + "description": "TypeScript definitions for pretty", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pretty@2.0.3#types/pretty", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pretty", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pretty/-/pretty-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c51f7aa5284d96bc4b777819ab30a76da0266d88624588d6e750831637a4b597a6aa9059040024330c66e2006b6893ffc5280a72c4212d77655cec03356a3855" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pretty" + } + ] + }, + { + "type": "library", + "name": "flat", + "version": "5.0.2", + "bom-ref": "flat@5.0.2", + "author": "Hugh Kennedy", + "description": "Take a nested Javascript object and flatten it, or unflatten an object with delimited keys", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/flat@5.0.2", + "externalReferences": [ + { + "url": "git://github.com/hughsk/flat.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hughsk/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hughsk/flat/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fab2e103fb9ff7ad3a5405d1b582ea4897c30f14200c034417c269632e1bc250a714bdd138816932f73a6e1827171ceb33e09f703c6356aba38aa66233cf785" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "version": "1.2.0", + "bom-ref": "he@1.2.0", + "author": "Mathias Bynens", + "description": "A robust HTML entities encoder/decoder with full Unicode support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/he@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/he.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/he/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17fd439d418fa29391662d278be0afac28074391721001d12d2029b9858c9ab6d2c28376327ffb93e1a5dfc8099d1ef2c83664e962d7c221a877524e58d0ca1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/he" + } + ] + }, + { + "type": "library", + "name": "domelementtype", + "version": "2.3.0", + "bom-ref": "domelementtype@2.3.0", + "author": "Felix Boehm", + "description": "all the types of nodes in htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domelementtype@2.3.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domelementtype.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domelementtype#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domelementtype/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38b113063eb0d0eb1a801c1d5e73dd37472731f17da2937af5ca3eed9adb7cf1ab7693d5341523d36b298ba07537bc0284b4223e7e02487ff326f5f0e7a8261f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domelementtype" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "4.1.2", + "bom-ref": "chalk@4.1.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a9db845c91217a54b9ecfc881326c846b89db8f820e432ba173fc32f6463bfd654f73020ef5503aebc3eef1190eefed06efa48b44e7b2c3d0a9434eb58b898" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "3.0.0", + "bom-ref": "slash@3.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83d43585a79bcb7e8e492b706f89ed08618668ab1a5528d0ebc7c1c6841cbad9797d2d6fb98d7c1f7c12b778c5c85b6b931f8acf45751bce40e0cc80743322d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slash" + } + ] + }, + { + "type": "library", + "name": "v8-coverage", + "group": "@bcoe", + "version": "0.2.3", + "bom-ref": "@bcoe/v8-coverage@0.2.3", + "author": "Charles Samborski", + "description": "Helper functions for V8 coverage files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40bcoe/v8-coverage@0.2.3", + "externalReferences": [ + { + "url": "git://github.com/demurgos/v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://demurgos.github.io/v8-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/demurgos/v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21610f120780dbe73bd90786b174c1c6c046908e467316342237d2d562f2050769d25075bdb58a715ab88fad60c0488c626976b1f3744470bc6e49d9c63d9b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@bcoe/v8-coverage" + } + ] + }, + { + "type": "library", + "name": "collect-v8-coverage", + "version": "1.0.2", + "bom-ref": "collect-v8-coverage@1.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/collect-v8-coverage@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/SimenB/collect-v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "947978779fce3446cb949bda24db6c17f2f3f96bc1d3bbb6c9ca9361b76babb532a435da8a5112e2f6a561bd9e5a2245c599559a919e91faa8c50873c85753e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/collect-v8-coverage" + } + ] + }, + { + "type": "library", + "name": "exit", + "version": "0.1.2", + "bom-ref": "exit@0.1.2", + "author": "\"Cowboy\" Ben Alman", + "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://github.com/cowboy/node-exit/blob/master/LICENSE-MIT" + } + } + ], + "purl": "pkg:npm/exit@0.1.2", + "externalReferences": [ + { + "url": "git://github.com/cowboy/node-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cowboy/node-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cowboy/node-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "664fde34a576cdb8e92b3aec43e9f51baa6855b12b4312742c13895da299d445622f31fe86b2eef5c757238cf0f5d05026c970044a5b4363f5a12ee70f1b3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exit" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "7.2.3", + "bom-ref": "glob@7.2.3", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@7.2.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c5474ccba54d9809a471c28089bcbe94bc21f6245c85548bf04cbb087f6d40b8794cb240358614dd93e2e5609b4e958b7dbfa76fb330f604646a04bfa240af5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45b279fe398570d342703579a3d7939c12c9fc7b33595d0fef76dcf857f89d2feb263f98692e881b288e2f45680585fe9755ab97793ade1fcaac7fa7849d17bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "version": "3.2.2", + "bom-ref": "istanbul-lib-coverage@3.2.2", + "author": "Krishnan Anantheswaran", + "description": "Data library for istanbul coverage objects", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-coverage@3.2.2#packages/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc769b05fabd1657ff0c35129f9e6aed09686e2a3c6bab6c3e8e9cc12f95192938b62de5569d63a6591c4595eb0938d99cfb02c01af29064439a9e4a342c54e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/core@7.24.4", + "author": "The Babel Team", + "description": "Babel compiler core.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/core@7.24.4#packages/babel-core", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20core%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3015653173fe924979dfde1104b4b1c64fe22d37951ae5d35777080d76af3e930caa74a7b7a6a92a06a7fd4f0edd44966425994ff4db81f12929ae2e3203780e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/parser@7.24.4", + "author": "The Babel Team", + "description": "A JavaScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/parser@7.24.4#packages/babel-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A+parser+%28babylon%29%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd3bc405c82199e0666bd4081ae9d67afbc1029e3f42ef4176afb69343ade1f54c0fabf776c0bd58e71148a93bb5147204cff9df228c264a3dc4e6ad1900304a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/parser" + } + ] + }, + { + "type": "library", + "name": "schema", + "group": "@istanbuljs", + "version": "0.1.3", + "bom-ref": "@istanbuljs/schema@0.1.3", + "author": "Corey Farrell", + "description": "Schemas describing various structures used by nyc and istanbuljs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/schema@0.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "657458e2336f56049543c0cbdcb4dc6a4680b57c13554c44f3586c96cc83d80b685d6ff05686f5d0790e2755ffa4095c23b0fed98a192a0e5da3c1bfc3a45880" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/schema" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "version": "3.0.1", + "bom-ref": "istanbul-lib-report@3.0.1", + "author": "Krishnan Anantheswaran", + "description": "Base reporting library for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-report@3.0.1#packages/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1827c4d66b6c1c63842c253c7bf67b616ce99b26ebc7ff9d4937cbaef63ca9199a63acd74ca5a7e964088da005c34ebd89c9ba19530d920bb437323888f65437" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-source-maps", + "version": "4.0.1", + "bom-ref": "istanbul-lib-source-maps@4.0.1", + "author": "Krishnan Anantheswaran", + "description": "Source maps support for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-source-maps@4.0.1#packages/istanbul-lib-source-maps", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-source-maps", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f7b3c13091d1482421b704f28162fb248171a8cbcf00473bde8248ad93ad0dc5177096d2ce4da1fb09488c457bf0628ae5d10ef5da212371607e7cafccad657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-source-maps" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "version": "3.1.7", + "bom-ref": "istanbul-reports@3.1.7", + "author": "Krishnan Anantheswaran", + "description": "istanbul reports", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-reports@3.1.7#packages/istanbul-reports", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05ec265172267ae464d986343d56f180a032b2f8513d4404d21e5044cfbe9d55b2b9b28657497ca90e68a7cf81d833a6c127badc98af8f406390f4157fc7cfe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "merge-stream", + "version": "2.0.0", + "bom-ref": "merge-stream@2.0.0", + "author": "Stephen Sugden", + "description": "Create a stream that emits events from multiple other streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-stream@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/grncdr/merge-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/grncdr/merge-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/grncdr/merge-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-stream" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "8.1.1", + "bom-ref": "supports-color@8.1.1", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@8.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3295043763a876d533c6f29097bd9c505ed14391221ec1af4ac546d226bd73945b5862f6088e02ec4a4f4bc513048a659e5cd988db95e7ac3e16e371cb7b72d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "string-length", + "version": "4.0.2", + "bom-ref": "string-length@4.0.2", + "author": "Sindre Sorhus", + "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-length@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa5eab34de5f607361659cb8d515ec629b428c0d88826ab8106ee4640605408d44d554d76abafa64f5c183a7aaed8e9e2b8144858e80265cae1486ffbff4b455" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-length" + } + ] + }, + { + "type": "library", + "name": "terminal-link", + "version": "2.1.1", + "bom-ref": "terminal-link@2.1.1", + "author": "Sindre Sorhus", + "description": "Create clickable links in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/terminal-link@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/terminal-link.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d059a245440daf93c9ab2f643fb738d05e4139fa469584ebc689c30a111907ba7367144da7f6edfb29a2cbdfe7a705f26bd287f7d9c9fc65c522252460615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/terminal-link" + } + ] + }, + { + "type": "library", + "name": "ansi-escapes", + "version": "4.3.2", + "bom-ref": "ansi-escapes@4.3.2", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for manipulating the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-escapes@4.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ansi-escapes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80a5e3e402eb29640bb181bd8e54d1991ff12a5bb11d5f99f501303488027ccd7fbb03cc0aecd55678799b04ddf8eb8165cc1220c6eab2c356466d65139d5069" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-escapes" + } + ] + }, + { + "type": "library", + "name": "supports-hyperlinks", + "version": "2.3.0", + "bom-ref": "supports-hyperlinks@2.3.0", + "author": "James Talmage", + "description": "Detect if your terminal emulator supports hyperlinks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-hyperlinks@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/supports-hyperlinks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "469b00665a56703c0e3d0036d9a087e09d2decbf09980bec0b17ce484c26edc42cdcbb21377e9069393077bd039c13970d61acb30d9e52873c09a4564f45ee9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks" + } + ] + }, + { + "type": "library", + "name": "v8-to-istanbul", + "version": "9.2.0", + "bom-ref": "v8-to-istanbul@9.2.0", + "author": "Ben Coe", + "description": "convert from v8 coverage format to istanbul's format", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/v8-to-istanbul@9.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/v8-to-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fc41ffb03831536786c5a8ca7702c20e6438156abe9298b7b829811a9c35c49b67031123943f23f0f122196a4220c22cddc88d0201f47774d3262524633c998c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-to-istanbul" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "group": "@types", + "version": "2.0.6", + "bom-ref": "@types/istanbul-lib-coverage@2.0.6", + "description": "TypeScript definitions for istanbul-lib-coverage", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6#types/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9017fb7f6ae5a6d25b32f17b4a54f1b5f6fdec48e42525efd81d981f8dbfca0411ce19257e276abf4baef5adcabdb9306b2c05e6669a8989a41b313fb3354d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-istanbul", + "version": "6.1.1", + "bom-ref": "babel-plugin-istanbul@6.1.1", + "author": "Thai Pangsakulyanont @dtinth", + "description": "A babel plugin that adds istanbul instrumentation to ES6 code", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/babel-plugin-istanbul@6.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635210a24f7cdb5702f689c2c79a2d8057d19bb2e6f88fb0c313b1ef7f0cfd62cf67d438da6e081b95b414d5fc58b2f6818319a37264b97207d833a958cfaac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul" + } + ] + }, + { + "type": "library", + "name": "fast-json-stable-stringify", + "version": "2.1.0", + "bom-ref": "fast-json-stable-stringify@2.1.0", + "author": "James Halliday", + "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", + "externalReferences": [ + { + "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-json-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "4.0.2", + "bom-ref": "write-file-atomic@4.0.2", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecac5ab947419927569e6a5a18583ea69363285f2e34baf2f0bcb38dab900ce54e35f14b34aacabd03b167f56e4c8712fe081efd835a85fe512084164d26ab96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/write-file-atomic" + } + ] + }, + { + "type": "library", + "name": "execa", + "version": "5.1.1", + "bom-ref": "execa@5.1.1", + "author": "Sindre Sorhus", + "description": "Process execution for humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/execa@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/execa.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/execa#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/execa/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e4a9659a1c01944100f20420d263dcba3d1f21a2b6595ccdcdbb121e586288e3305327f321cc0cc6941c4d89a9fab4e43ff0b9cc08e091944725edd6f721ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/execa" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "3.1.0", + "bom-ref": "p-limit@3.1.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d839a9ccdf01b0346b193767154d83c0af0e39e319d78f9aa6585d5b12801ce3e714fe897b19587ba1d7af8e9d4534776e1dcdca64c70576ec54e5773ab8945" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "co", + "version": "4.6.0", + "bom-ref": "co@4.6.0", + "description": "generator async control flow goodness", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/co@4.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/tj/co.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/co#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/co/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4156f474ce47bc6fae6b18ad9bcc0e365ee396dc7c76a85f537dc372ab4e65c2d25482920c32c38bbfb42db00a8b223c843f6ee369b66315d290c1964e169e71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/co" + } + ] + }, + { + "type": "library", + "name": "is-generator-fn", + "version": "2.1.0", + "bom-ref": "is-generator-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if something is a generator function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-generator-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-generator-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-generator-fn" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "version": "2.0.6", + "bom-ref": "stack-utils@2.0.6", + "author": "James Talmage", + "description": "Captures and cleans stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-utils@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/stack-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/stack-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/stack-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5916bdf226e919ac5ad349c7ebaab4a2d2f1ea856f1520d19ccb5ea63471a132f65ee1aee5fc2298839e3b0b6afa0182a08247bd53a963bc31a5d885e27745" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils" + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "5.2.0", + "bom-ref": "parse-json@5.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b208abe6fe98421b13a461148233cda20f072df3f1289d2120092c56c43eef7ba8c7820b059787d955004f44d810a0a8ae57fa1d845ac6cd05d9c1b89f0bc46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "strip-json-comments", + "version": "3.1.1", + "bom-ref": "strip-json-comments@3.1.1", + "author": "Sindre Sorhus", + "description": "Strip comments from JSON. Lets you use comments in your JSON files!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-json-comments@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-json-comments.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9f3dcf91e22870a8fe8dfda22fd9fd60307f25395b56407a2a0b8c8aea8483555a1cba602c7c2aa39179ea89832198cc12fe61072e9ed57a196ddea97a9448a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-json-comments" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "group": "@types", + "version": "4.1.9", + "bom-ref": "@types/graceful-fs@4.1.9", + "description": "TypeScript definitions for graceful-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/graceful-fs@4.1.9#types/graceful-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/graceful-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/graceful-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a253f7b1dd6a3847b97574d2685bd01bed3655d45771dcad58b019b00ab53de714f2ea9002192b9db962ec36a08ed5ca5bf065ed825b52c6bc30f72e73c2c711" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "anymatch", + "version": "3.1.3", + "bom-ref": "anymatch@3.1.3", + "author": "Elan Shanker", + "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/anymatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/anymatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/anymatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/anymatch" + } + ] + }, + { + "type": "library", + "name": "fb-watchman", + "version": "2.0.2", + "bom-ref": "fb-watchman@2.0.2", + "author": "Wez Furlong", + "description": "Bindings for the Watchman file watching service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/fb-watchman@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79d7ad41a9bb826929c1f2321bcd01ce96982c3e62b9ac95437c328ef75031b39342d6ebb71d1426eb0b7d71df7ff86b504083b9dc97465d7a320e94c0b2060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fb-watchman" + } + ] + }, + { + "type": "library", + "name": "fsevents", + "version": "2.3.3", + "bom-ref": "fsevents@2.3.3", + "description": "Native Access to MacOS FSEvents", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/fsevents/fsevents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fsevents/fsevents", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fsevents/fsevents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fsevents" + } + ] + }, + { + "type": "library", + "name": "walker", + "version": "1.0.8", + "bom-ref": "walker@1.0.8", + "author": "Naitik Shah", + "description": "A simple directory tree walker.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/walker@1.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-walker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6cffc13c9796fb918d2f9562dec0e9035cc98f74b7155781a63902f2c6e4acc0826cc1e78566d02c305ee4d4db33cfe4d8050ae56119b33a7af7f7ccb525e99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/walker" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/code-frame@7.24.2", + "author": "The Babel Team", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.24.2#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-code-frame", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb9fad2d0c95f298377ec8a59faec154b0f53f5dc4838961e515bd985d3352ebcbaeff6e210e0c08bf82453f854ec0650637086a7e8f1ac2dc04dd26dc2954c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/code-frame" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/stack-utils@2.0.3", + "description": "TypeScript definitions for stack-utils", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/stack-utils@2.0.3#types/stack-utils", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/stack-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/stack-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5a11b619dd36d83339cf75c76bdd2988acb5f00bf00a65741e09ff4f81aa3908a6fc0b21ee117e63cd63d392fade82f85124772944ee81168196f7271a3a463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/stack-utils" + } + ] + }, + { + "type": "library", + "name": "jest-pnp-resolver", + "version": "1.2.3", + "bom-ref": "jest-pnp-resolver@1.2.3", + "description": "plug'n'play resolver for Webpack", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-pnp-resolver@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/arcanis/jest-pnp-resolver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb7369c10127468201b71e1fca16e54033e0248d07d48108917ed284b5233c603b4ed513bc8d6888a8b7491e28051d21421411f349785807b946b5c1c16300f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-pnp-resolver" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "3.1.0", + "bom-ref": "detect-newline@3.1.0", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cbcfec7fbc45e6fd8ecfef09f510914d2f1629503e1380ca2cc58e9f0152549c931bba91c13a7731c96506f4ea53687f44043eee148e4b7c482630e739e03b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-newline" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "version": "0.5.13", + "bom-ref": "source-map-support@0.5.13", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/source-map-support@0.5.13", + "externalReferences": [ + { + "url": "git+https://github.com/evanw/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "48748a14769d8d5039a11e0f3ea86d01575c056c1161577a83a7005e721b4622307361213eb4ee29405d48bbe510ac883f71827fcf5f96dbdc6623fd30c140d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-support" + } + ] + }, + { + "type": "library", + "name": "type-detect", + "version": "4.0.8", + "bom-ref": "type-detect@4.0.8", + "author": "Jake Luer", + "description": "Improved typeof detection for node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-detect@4.0.8", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/type-detect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/type-detect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/type-detect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1faff9881f57653bec7b4e570ccbe6c80ea28fb30ffbd2d5727875bbf3b828423866a9a65ed74bb02ee8ee6caf6af4b83a162868d4a50a0d8cf467b93b839fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-detect" + } + ] + }, + { + "type": "library", + "name": "callsites", + "version": "3.1.0", + "bom-ref": "callsites@3.1.0", + "author": "Sindre Sorhus", + "description": "Get callsites from the V8 stack trace API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/callsites@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/callsites.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/callsites#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/callsites/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/callsites" + } + ] + }, + { + "type": "library", + "name": "cjs-module-lexer", + "version": "1.2.3", + "bom-ref": "cjs-module-lexer@1.2.3", + "author": "Guy Bedford", + "description": "Lexes CommonJS modules, returning their named exports metadata", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cjs-module-lexer@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/cjs-module-lexer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d133621acb5b426085c2de1a9238c1839a4b4534b28ff3e4590d59a0edb39ed9a0f722ea491c7011ae2209f40b1a3aa18aa05f3896bb5bf13cc1f1ab4c39a565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cjs-module-lexer" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "4.0.0", + "bom-ref": "strip-bom@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df1bab16fe6d1208a2df7662f09b69e79c042082d1f5e877e05016d343d97fe2674ac4e657f8a87b04a0425f7b247be08e8446c0f4a1b169be21daf1077e5dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom" + } + ] + }, + { + "type": "library", + "name": "generator", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/generator@7.24.4", + "author": "The Babel Team", + "description": "Turns an AST into code.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/generator@7.24.4#packages/babel-generator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20generator%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ddebebfa4a78d6571fe7bacfb2d25d6cc4c39338c064c8be3e04875b00bc9ab509c07bf49156300d7833d2098697fa2d62266b8648a7f767e13e57fbdad47bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-typescript", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-typescript@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of TypeScript syntax", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.24.1#packages/babel-plugin-syntax-typescript", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-typescript", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6219e6bf2e476449c752dcba8befa071f1f5fe5ebc0079c8b451e7682bfa867f5d361d2142fbd026cc698b804c0453790cb78706eb9c4ffd038335e27ff3b247" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-typescript" + } + ] + }, + { + "type": "library", + "name": "traverse", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/traverse@7.24.1", + "author": "The Babel Team", + "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/traverse@7.24.1#packages/babel-traverse", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20traverse%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6e53aa3d9baf0a7aa65b42e0edd9370a4b1530fe6aecbdabe512a43595e67f07e0bdb64e84e2c456cbded669782fab913e9d4ddc5ccc6fdd628e09a9d530299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/types@7.24.0", + "author": "The Babel Team", + "description": "Babel Types is a Lodash-esque utility library for AST nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/types@7.24.0#packages/babel-types", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20types%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa3edae5cdb9dd17ca87c880041872c1cf0d49f3f92d445eed4878aa9b21ea373e68b260baf98850176349d10c42fd9b10dac247931f45d8c6a3bbf34bfa1bef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/types" + } + ] + }, + { + "type": "library", + "name": "babel__traverse", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__traverse@7.20.5", + "description": "TypeScript definitions for @babel/traverse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__traverse@7.20.5#types/babel__traverse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5970b239c46d1f7ec70149295e151db9ac5d9bcd9be064a5c93a9a8d7be237811f8ae3e0358475d3dc4c08abe997accf229b9ad031a53040c2abe83c11da2179" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__traverse" + } + ] + }, + { + "type": "library", + "name": "prettier", + "group": "@types", + "version": "2.7.3", + "bom-ref": "@types/prettier@2.7.3", + "description": "TypeScript definitions for prettier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prettier@2.7.3#types/prettier", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prettier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prettier", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbaf243fdcb3b382cca7b54d87c81dccc48f6452f8e0c2c6aa21d6bedb5825efbaaa7b95af8124f70481428bdea98febf8bc2309c536f643559227708a6fa460" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prettier" + } + ] + }, + { + "type": "library", + "name": "babel-preset-current-node-syntax", + "version": "1.0.1", + "bom-ref": "babel-preset-current-node-syntax@1.0.1", + "author": "Nicolò Ribaudo", + "description": "A Babel preset that enables parsing of proposals supported by the current Node.js version.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-current-node-syntax@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "33b2d0d1bc5aae4c50a0dfafcf96893ec2c19fbee7f10813166a3c58ad3fe386ae2b6c65097ad8714c47171814eea5b9633c3f0a398b44adae27368277b2efa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-current-node-syntax" + } + ] + }, + { + "type": "library", + "name": "natural-compare", + "version": "1.4.0", + "bom-ref": "natural-compare@1.4.0", + "author": "Lauri Rooden", + "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-compare@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/litejs/natural-compare-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "396343f1e8b756d342f61ed5eb4a9f7f7495a1b1ebf7de824f0831b9b832418129836f7487d2746eec8408d3497b19059b9b0e6a38791b5d7a45803573c64c4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-compare" + } + ] + }, + { + "type": "library", + "name": "leven", + "version": "3.1.0", + "bom-ref": "leven@3.1.0", + "author": "Sindre Sorhus", + "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/leven@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/leven.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/leven#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/leven/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/leven" + } + ] + }, + { + "type": "library", + "name": "react-is", + "version": "18.2.0", + "bom-ref": "react-is@18.2.0", + "description": "Brand checking of React Elements.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/react-is@18.2.0#packages/react-is", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/react.git#packages/react-is", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://reactjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/react/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c56183216eb1f76d71b733e486250bb6d8491e826f05b177ab6e9fce5a0f08ad21b2fc6d3d57a5bdfb70df38db1d64a4476926f59fb8bb16c30caffa670f41f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/react-is" + } + ] + }, + { + "type": "library", + "name": "rimraf", + "version": "3.0.2", + "bom-ref": "rimraf@3.0.2", + "author": "Isaac Z. Schlueter", + "description": "A deep deletion module for node (like `rm -rf`)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/rimraf@3.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/rimraf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/rimraf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/rimraf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "25990931990018514f3f662a5d95cf6cc94c060b31cc4f082ece253085ffda8d0bf54070f4efd8de8eb0170fe2f582daa5c5095b0a9b8b791dc483dd0bad9320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rimraf" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "group": "@types", + "version": "3.0.4", + "bom-ref": "@types/istanbul-reports@3.0.4", + "description": "TypeScript definitions for istanbul-reports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-reports@3.0.4#types/istanbul-reports", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-reports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a64d81d4d59a945f6da0246eea08c1cd1ebdb321633f839df164405fed2699ff6502309189c2ce59cf99af1647c7fd17463a2d82417db7a89a309f9a5dc39d65" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "yargs", + "group": "@types", + "version": "17.0.32", + "bom-ref": "@types/yargs@17.0.32", + "description": "TypeScript definitions for yargs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs@17.0.32#types/yargs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c50ebb61cfe568e1b9b8c7d7ff4f77311946182201cd931aad56be81f34a271580220ca462954690175ba84cc60c37c2ad5523e8789f7f8993679040e93980a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs" + } + ] + }, + { + "type": "library", + "name": "import-local", + "version": "3.1.0", + "bom-ref": "import-local@3.1.0", + "author": "Sindre Sorhus", + "description": "Let a globally installed package use a locally installed version of itself if available", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-local@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-local.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-local#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-local/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012074eee2ed9c3b35a3a1078caa57df804a6034aa9c57ab7d33892f61ef32a17bd0b9f1a639330c1f09e38a13f69bb800c3e44307fc8e5eacce0bcd776b5122" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-local" + } + ] + }, + { + "type": "library", + "name": "prompts", + "version": "2.4.2", + "bom-ref": "prompts@2.4.2", + "author": "Terkel Gjervig", + "description": "Lightweight, beautiful and user-friendly prompts", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompts@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/prompts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/prompts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/prompts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37136ffe42e0b8203ba778c4f282f668406cac95a001a901a609a02ba9693d657e5ae3a663aaf6ff36c05673fe4fc6d0940d27cc75d2252256d07abbca5683d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompts" + } + ] + }, + { + "type": "library", + "name": "kleur", + "version": "3.0.3", + "bom-ref": "kleur@3.0.3", + "author": "Luke Edwards", + "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kleur@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/kleur.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/kleur#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/kleur/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kleur" + } + ] + }, + { + "type": "library", + "name": "sisteransi", + "version": "1.0.5", + "bom-ref": "sisteransi@1.0.5", + "author": "Terkel Gjervig", + "description": "ANSI escape codes for some terminal swag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sisteransi@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/sisteransi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/sisteransi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/sisteransi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sisteransi" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "17.7.2", + "bom-ref": "yargs@17.7.2", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@17.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd4b3cd143ef822a7348fe4aca9d8455ec928a3d45cc121eb5b286872a0f66ad6121cc55a1167c4fc4697eebd703d4ebbadc2d773543c29e621caefa82b8ceb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "version": "0.9.1", + "bom-ref": "json-diff@0.9.1", + "author": "Andrey Tarantsov", + "description": "JSON diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-diff@0.9.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/andreyvit/json-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/json-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-diff/-/json-diff-0.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67778c83a91b55306bde0fc8a6617acf6f322f6b2a8b89242252560d04add1ab905b6cb4405bb746648a8b3be3f3cd04fc453235a9ef598de88bf4f967b640d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-diff" + } + ] + }, + { + "type": "library", + "name": "cli-color", + "version": "2.0.4", + "bom-ref": "cli-color@2.0.4", + "author": "Mariusz Nowak", + "description": "Colors, formatting and other tools for the console", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-color@2.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/cli-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/cli-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/cli-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-color/-/cli-color-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce59e98348cd7226cdaceec61bd21e1c7ee669615e0b3f896b5c31ffbb59354e4049249267efea65c88cd3f2c7098c5276abf9876b1d6d0fcf5d874eb9eb57bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-color" + } + ] + }, + { + "type": "library", + "name": "d", + "version": "1.0.2", + "bom-ref": "d@1.0.2", + "author": "Mariusz Nowak", + "description": "Property descriptor factory", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/d@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/d.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/d#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/d/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/d/-/d-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30ea87bcc585f7ff4c5fa9f36b42a0bc51f81e9314d04179b940d7a97fc1b71b54f0d7c1d10cd1b49f0e7bfe92b92e246e1cb3549c2377dec40383caaf327c6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/d" + } + ] + }, + { + "type": "library", + "name": "es5-ext", + "version": "0.10.64", + "bom-ref": "es5-ext@0.10.64", + "author": "Mariusz Nowak", + "description": "ECMAScript extensions and shims", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es5-ext@0.10.64", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.64.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a76b270e188b6977ba75a86cb352dd771a849be4a4b83bd5f1d9c8406d0c5a3c87a5c30d7d728f13efc2734cbe3e1c495f7038c4635e1428f9a1cd01521e9d7a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es5-ext" + } + ] + }, + { + "type": "library", + "name": "type", + "version": "2.7.2", + "bom-ref": "type@2.7.2", + "author": "Mariusz Nowak", + "description": "Runtime validation and processing of JavaScript types", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/type@2.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type/-/type-2.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77396f94d96de805d4ec40527e902c732750ee05c1fa93c6b0f9df26766988d2410e3ec8689cd094165819d122e11f4798f741bf65e6589e9852da136bb9660b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type" + } + ] + }, + { + "type": "library", + "name": "es6-iterator", + "version": "2.0.3", + "bom-ref": "es6-iterator@2.0.3", + "author": "Mariusz Nowak", + "description": "Iterator abstraction based on ES6 specification", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-iterator@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-iterator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf0e12473a1491df9c97e668135e40f68d6841df76d016f488e24c4244219778cd734dd8a958c0846eec71ff42e4a59153f475dceadfe7cf2e082eb9db9a34da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-iterator" + } + ] + }, + { + "type": "library", + "name": "es6-symbol", + "version": "3.1.4", + "bom-ref": "es6-symbol@3.1.4", + "author": "Mariusz Nowak", + "description": "ECMAScript 6 Symbol polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-symbol@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es6-symbol.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d6c51635fcb458804e0b64275ce0db9f8abe2217a6046f4474bcb1abb719f855cd385142b39e92c3de4f40565b630d66cd4e1162750cf5ce40c9f428a464be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-symbol" + } + ] + }, + { + "type": "library", + "name": "ext", + "version": "1.7.0", + "bom-ref": "ext@1.7.0", + "author": "Mariusz Nowak", + "description": "JavaScript utilities with respect to emerging standard", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ext@1.7.0#ext", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git#ext", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/tree/ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ea1c5e25868bd75d1af5be531094a3d20a23c87400980d9c8793acfb2482880d5019d4baf7b5d6635a73b2b4a3a80f4b0c4120741fcaca9225479f5170bb8763" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ext" + } + ] + }, + { + "type": "library", + "name": "esniff", + "version": "2.0.1", + "bom-ref": "esniff@2.0.1", + "author": "Mariusz Nowak", + "description": "Low footprint ECMAScript source code parser", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/esniff@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/esniff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/esniff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/esniff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esniff/-/esniff-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91350818a43f9833c5a09d2855f726c899f88810d1a6d8cd548cf020547bb6a59775523dc5f03644cc18fe06d2a491b79647563448cb6a9fcda951d9889b1d7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esniff" + } + ] + }, + { + "type": "library", + "name": "event-emitter", + "version": "0.3.5", + "bom-ref": "event-emitter@0.3.5", + "author": "Mariusz Nowak", + "description": "Environment agnostic event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/event-emitter@0.3.5", + "externalReferences": [ + { + "url": "git://github.com/medikoo/event-emitter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/event-emitter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/event-emitter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fdad19fdcbb90b3e727e84cabb4bf9e1be82b0c2f5496a1062d813e6c776ef6ec11d2b75bd8a2f1c0521a33feef6fcb9cce27e9fa37f9d9025f915e4d0aee5c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/event-emitter" + } + ] + }, + { + "type": "library", + "name": "next-tick", + "version": "1.1.0", + "bom-ref": "next-tick@1.1.0", + "author": "Mariusz Nowak", + "description": "Environment agnostic nextTick polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/next-tick@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/next-tick.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/next-tick#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/next-tick/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977548897a66ec363b93a10bf16b23d917d56a86dee17b0b2fcb6b0e59a7cbbe2d9ac1f963f66382e9b1c8839d28ad7f0826f58a63dc1843fcc1da4a203ec95" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/next-tick" + } + ] + }, + { + "type": "library", + "name": "memoizee", + "version": "0.4.15", + "bom-ref": "memoizee@0.4.15", + "author": "Mariusz Nowak", + "description": "Memoize/cache function results", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/memoizee@0.4.15", + "externalReferences": [ + { + "url": "git://github.com/medikoo/memoizee.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/memoizee#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/memoizee/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5015a62692d97794933e6ecf31494ec3f4d2cbdef633ecfc81cc90e6f78e9d20d1444cffd1b9a9c937cab77ff9d4384406a099427d6e74cff97e57123d886475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/memoizee" + } + ] + }, + { + "type": "library", + "name": "es6-weak-map", + "version": "2.0.3", + "bom-ref": "es6-weak-map@2.0.3", + "author": "Mariusz Nowak", + "description": "ECMAScript6 WeakMap polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-weak-map@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-weak-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79ba6df61ce4ced643fec3b3d19c1fb9950e3767a9aeb8cb8831f7ef0cdf1907819c9e32c157acc64ada5b01220c9380c202f11a6a685edb387209bfd05d7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-weak-map" + } + ] + }, + { + "type": "library", + "name": "is-promise", + "version": "2.2.2", + "bom-ref": "is-promise@2.2.2", + "author": "ForbesLindesay", + "description": "Test whether an object looks like a promises-a+ promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-promise@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/then/is-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/then/is-promise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/then/is-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa53f8ffa94a5017d08d9da97714e166f2d401a7e665bf0e03115bf175ed890992df920d82bf3985d386a04b35db87b3d450a7649b7a8dabbf4fe6a5879f1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-promise" + } + ] + }, + { + "type": "library", + "name": "lru-queue", + "version": "0.1.0", + "bom-ref": "lru-queue@0.1.0", + "author": "Mariusz Nowak", + "description": "LRU Queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lru-queue@0.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/lru-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/lru-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/lru-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06975892df44bc697c39f5870d03c8495a5c979c59b616fe5cfb1b10b8f90105f1202f08ae20d92106230493c49b9ad2e36d2c8d9d132c4cd172ae4a741858ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-queue" + } + ] + }, + { + "type": "library", + "name": "timers-ext", + "version": "0.1.7", + "bom-ref": "timers-ext@0.1.7", + "author": "Mariusz Nowak", + "description": "Timers extensions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/timers-ext@0.1.7", + "externalReferences": [ + { + "url": "git://github.com/medikoo/timers-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/timers-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/timers-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fce4d50dcd349da1d4a14c86e4cba645d367bc493b5555f0fe7eee1a5d74a11042e9a331fe6c2a492d830f65bb0004ddb00c7edf269a88a17c49a736dfd0da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/timers-ext" + } + ] + }, + { + "type": "library", + "name": "difflib", + "version": "0.2.4", + "bom-ref": "difflib@0.2.4", + "author": "Xueqiao Xu", + "description": "text diff library ported from Python's difflib module", + "licenses": [ + { + "license": { + "name": "PSF", + "url": "http://docs.python.org/license.html" + } + } + ], + "purl": "pkg:npm/difflib@0.2.4", + "externalReferences": [ + { + "url": "git://github.com/qiao/difflib.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/difflib.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/difflib.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/difflib/-/difflib-0.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5857098c6f4c101d036be49f66e814a3e9f938a5f1884c640e3acf83f4597e20d38358539fbe1214d6136fe86811d510680bff4d25cc2eefbcd2871574913ef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/difflib" + } + ] + }, + { + "type": "library", + "name": "heap", + "version": "0.2.7", + "bom-ref": "heap@0.2.7", + "author": "Xueqiao Xu", + "description": "binary heap (priority queue) algorithms (ported from Python's heapq module)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/heap@0.2.7", + "externalReferences": [ + { + "url": "git://github.com/qiao/heap.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/heap.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/heap.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9bb1e8189241cefa1ffd3066e7e8a59c138e5c1d980f00da392d717b12f59d4f4c93d8482e4953b59c3814e5cf3e64e3f0a76bcc35aed816c26155c0d1f5276" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/heap" + } + ] + }, + { + "type": "library", + "name": "dreamopt", + "version": "0.8.0", + "bom-ref": "dreamopt@0.8.0", + "author": "Andrey Tarantsov", + "description": "Command-line parser with readable syntax from your sweetest dreams", + "purl": "pkg:npm/dreamopt@0.8.0", + "externalReferences": [ + { + "url": "git://github.com/andreyvit/dreamopt.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dreamopt/-/dreamopt-0.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf2253a7cfa60be1bee5d7e0b18fabddc931973f90317e345633d0b19739831540c4b9a2eb84c1a1590fe7803fa51017317b1bbb618c301ad93f136fdb7c1a32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dreamopt" + } + ] + }, + { + "type": "library", + "name": "wordwrap", + "version": "1.0.0", + "bom-ref": "wordwrap@1.0.0", + "author": "James Halliday", + "description": "Wrap those words. Show them at what columns to start and stop.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wordwrap@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/substack/node-wordwrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-wordwrap#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-wordwrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "82f57324594fc9c29ce5d64de323e43fcc3b0dcdfb06d3f5c9ccc49de39be2eab7e295d972faed45399657c5be5267be5c2c4a81b8ccfa77af93214f3326dde1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wordwrap" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "version": "3.2.10", + "bom-ref": "jstoxml@3.2.10", + "author": "David Calhoun", + "description": "Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jstoxml@3.2.10", + "externalReferences": [ + { + "url": "git://github.com/davidcalhoun/jstoxml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/davidcalhoun/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davidcalhoun/jstoxml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jstoxml/-/jstoxml-3.2.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "735bf6085c4aae120f5abf9c3ab04e2569029646b945f5161b5d98d60ab2143e1dcca4e5c646ab9e2925c0e4ffeb047565f97ec76655223448411f431621b5ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jstoxml" + } + ] + }, + { + "type": "library", + "name": "pretty", + "version": "2.0.0", + "bom-ref": "pretty@2.0.0", + "author": "Jon Schlinkert", + "description": "Some tweaks for beautifying HTML with js-beautify according to my preferences.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/pretty.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bdc54721813122369a2b99d60197e3e16b9d20394a2f4f5f08bc07bb118319d7f7fd5bf59630f467fb123af325cd3149374171c3c28ff5c15ff835e8d535ed7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty" + } + ] + }, + { + "type": "library", + "name": "condense-newlines", + "version": "0.2.1", + "bom-ref": "condense-newlines@0.2.1", + "author": "Jon Schlinkert", + "description": "Replace extraneous newlines with a single newline, or pass a specified number of newlines to use.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/condense-newlines@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/condense-newlines.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fb5fe40bf476fd07f73c1c8e411452a68e006ed97a50b85f7c599f5790ef9d046824e57830890cfba354a6a6094d588777e7cd54712d1214059fa0884c1cf7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/condense-newlines" + } + ] + }, + { + "type": "library", + "name": "extend-shallow", + "version": "2.0.1", + "bom-ref": "extend-shallow@2.0.1", + "author": "Jon Schlinkert", + "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extend-shallow@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/extend-shallow.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc29d3b65c4da0088373782a636698016171ed759689ab2e1762bc31ee566cdf28b4729350a0708cfb4da51b3fadb5199bb2b158068d8fb3f56bfa79d866d5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/extend-shallow" + } + ] + }, + { + "type": "library", + "name": "is-whitespace", + "version": "0.3.0", + "bom-ref": "is-whitespace@0.3.0", + "author": "Jon Schlinkert", + "description": "Returns true if the value passed is all whitespace.", + "purl": "pkg:npm/is-whitespace@0.3.0", + "externalReferences": [ + { + "url": "git://github.com/jonschlinkert/is-whitespace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47274f865e12e89c00ca3d09263b215891051ba84dc9ede964505165a4d47d9170187c73a6935a34e56042e4bf13f4a586b029b8c5eba672b51042177dda370e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-whitespace" + } + ] + }, + { + "type": "library", + "name": "kind-of", + "version": "3.2.2", + "bom-ref": "kind-of@3.2.2", + "author": "Jon Schlinkert", + "description": "Get the native type of a value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@3.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/kind-of.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e5bd4105cca191a0fe8aa754da0d4d320510889dd7adbb5827df50124474cc58029abb98d13b0a9cee7083dcf99420db93e17a3ec8252997de13bea1b94eb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kind-of" + } + ] + }, + { + "type": "library", + "name": "is-buffer", + "version": "1.1.6", + "bom-ref": "is-buffer@1.1.6", + "author": "Feross Aboukhadijeh", + "description": "Determine if an object is a Buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-buffer@1.1.6", + "externalReferences": [ + { + "url": "git://github.com/feross/is-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/is-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/is-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-buffer" + } + ] + }, + { + "type": "library", + "name": "is-extendable", + "version": "0.1.1", + "bom-ref": "is-extendable@0.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extendable@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extendable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e413142cda1bd6f8055fa123430e62cd60f1ade7162bd00cef6aee80daf44c595d30e8b47e3e8993ecde288b74c468f87047d0209b61e30dce296389e1ff8017" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extendable" + } + ] + }, + { + "type": "library", + "name": "js-beautify", + "version": "1.15.1", + "bom-ref": "js-beautify@1.15.1", + "author": "Einar Lielmanis", + "description": "beautifier.io for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-beautify@1.15.1", + "externalReferences": [ + { + "url": "git://github.com/beautifier/js-beautify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://beautifier.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beautifier/js-beautify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1128cdcd296dfec584f2c722647f24045f013e5c173f0851ea958a030f1bc380708fe899727296e8e35652eb49ede39bb81650a6221bf12ece62ca56acab7bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify" + } + ] + }, + { + "type": "library", + "name": "config-chain", + "version": "1.1.13", + "bom-ref": "config-chain@1.1.13", + "author": "Dominic Tarr", + "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", + "purl": "pkg:npm/config-chain@1.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/config-chain.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/dominictarr/config-chain", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/config-chain/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa3f9ff003c04571eb33486b6aa5d86f6fdb395495e0fbc9425359fc3563d10ae634cdaad9eba2ce47ae55c910e7b27e5b49911fa1ef8be939d0ce09ba5d9545" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/config-chain" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "1.3.8", + "bom-ref": "ini@1.3.8", + "author": "Isaac Z. Schlueter", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@1.3.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "255ff2ba0576bb35b988c4528990320ed41dfa7c6d5278de2edd1a70d770f7c90a2ebbee455c81f34b6c444384ef2bc65606a5859e913570a61079142812b17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ini" + } + ] + }, + { + "type": "library", + "name": "proto-list", + "version": "1.2.4", + "bom-ref": "proto-list@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "A utility for managing a prototype chain", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proto-list@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/proto-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/proto-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/proto-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bed2bff786a4c6c4cc85ed3f71b7e947eb323eeb3372ec21a958c9ab6e82b8d0e01468faf36a1105738fe4c269bf6afb26d13c32c89ea4622abef3930709f6bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proto-list" + } + ] + }, + { + "type": "library", + "name": "editorconfig", + "version": "1.0.4", + "bom-ref": "editorconfig@1.0.4", + "author": "EditorConfig Team", + "description": "EditorConfig File Locator and Interpreter for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/editorconfig@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/editorconfig/editorconfig-core-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fd41ed3c2964e5a98315bcc71322f300765d5c0d4b9bcd13582fe59f0386cb0cc1dee277a62a4a666339339c4d45c0b2aed04126cbaa1b8102b3309ae0e31f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig" + } + ] + }, + { + "type": "library", + "name": "wasm", + "group": "@one-ini", + "version": "0.1.1", + "bom-ref": "@one-ini/wasm@0.1.1", + "description": "Parse EditorConfig-INI file contents into AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40one-ini/wasm@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/one-ini/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/one-ini/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/one-ini/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eec921b5137f1849c489a0c96aa2f2ebbb829350d4a38154c88f287ba8c5fa68d3791d8e42b792e14497713bbf49b53cca7f357f6e75a9cfeceab98ac84acbf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@one-ini/wasm" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "10.0.1", + "bom-ref": "commander@10.0.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@10.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb8320dad5ec8699446d21b3c7b6a6ccfc0a28e086ba84913ff0a311dc3093414e1a551baba94aba8c83653359926c47749b69e7885d7d8fc952b74bed77ddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7008bd0f1e33e902e9a50bc7ac2e422c15b27cec8bd7775b1cd5dc5a564c6035f45eb6d64c1d6ec01c14a5e02941d95accbe998ea22f5b074f1584142cad0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "js-cookie", + "version": "3.0.5", + "bom-ref": "js-cookie@3.0.5", + "author": "Klaus Hartl", + "description": "A simple, lightweight JavaScript API for handling cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-cookie@3.0.5", + "externalReferences": [ + { + "url": "git://github.com/js-cookie/js-cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70488910012821b59f09960a5a157016ebcf5f58044d160fc3a2e56932a8c43decd80917ce40a39e9ea1d15efba33caa8f48da92d789e18a83253f37d3e9551b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-cookie" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.0", + "bom-ref": "nopt@7.2.0", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0950edc02761608be703316827a349e9d5f7a206bdfc7c9c8900e71b5bd00e348b31e28b27803ddd9a98283ae0612af5141639fe13180bed950a2db8a60a6418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nopt" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ebf9a1d44daed98804b021dd634631e685beeb581953ed6f5daa221c7ae929eb9134d805bd2fbf8ebc07890841e5aa407f9a01ed407b135f689764762ca1fc85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/abbrev" + } + ] + }, + { + "type": "library", + "name": "babel__core", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__core@7.20.5", + "description": "TypeScript definitions for @babel/core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__core@7.20.5#types/babel__core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa8429ad9bf3e70405270303a9eb1e4575afdeba8cbe18296d715f5725a16f1f57e3b3ce200ea2ffe75779f12664aa0080e69375a22035232a30853ad72472cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__core" + } + ] + }, + { + "type": "library", + "name": "template", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/template@7.24.0", + "author": "The Babel Team", + "description": "Generate an AST from a string template.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/template@7.24.0#packages/babel-template", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20template%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0647f6abc94c074005a57d0d144a926f1d4e9131dfd1ffb48fcda6930f99a73067924edef50974f3dd6f95f822fa41f03a4f2d4238901e9aa1e0b6926b47ca10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/template" + } + ] + }, + { + "type": "library", + "name": "bs-logger", + "version": "0.2.6", + "bom-ref": "bs-logger@0.2.6", + "author": "Huafu Gandon", + "description": "Bare simple logger for NodeJS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bs-logger@0.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/huafu/bs-logger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/huafu/bs-logger#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/huafu/bs-logger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5df030a8c666e073b8723ca3afc6da8d7236283ac0013d075c0948c6a77778d95476097d4e46193603cee8aaabb9475924fbbea7b3166ea649b277e315b42a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bs-logger" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "2.2.3", + "bom-ref": "json5@2.2.3", + "author": "Aseem Kishore", + "description": "JSON for Humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@2.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e63967bb7b21d81f5e1c2dd54fa3283e18e1f7ad85fef8aa73af2949c125bdf2ddcd93e53c5ce97c15628e830b7375bf255c67facd8c035337873167f16acca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json5" + } + ] + }, + { + "type": "library", + "name": "lodash.memoize", + "version": "4.1.2", + "bom-ref": "lodash.memoize@4.1.2", + "author": "John-David Dalton", + "description": "The lodash method `_.memoize` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.memoize@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b8fe3739a09d0cd30185dcb0760b8229a5b4e5753171ed94e59fe868cbf4a8fc18ae45227c39268b71bdb3acf88bd5d7f0f3a34e3f7c219f2d5b3b6976f802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.memoize" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "3.26.9", + "bom-ref": "@oclif/core@3.26.9", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@3.26.9", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-3.26.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81e58c5deb60ec1eaa822bfeb42fc2221a94d1214e09f9fcc2a9f6cf462218139f9a81f37ade4a6968cf936eac8c05db27b7f3d03a7603f0186cd6ab94afa7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "group": "@types", + "version": "3.11.5", + "bom-ref": "@types/cli-progress@3.11.5", + "description": "TypeScript definitions for cli-progress", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/cli-progress@3.11.5#types/cli-progress", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/cli-progress", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f83db3516ef88aca9a52e62bc11b214edbd3ce97248b980d87c94144e29e5019acc030cdc2c2429672f4e5f20bc4952bb1461e853ca2fc5e689d5fcef7a2ee2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/cli-progress" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.21.3", + "bom-ref": "type-fest@0.21.3", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.21.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b74af306af3b9b77d571db870d41612a6cb25fef5ea3a5908d9bdfe7511afccd10efe4f7ef8269d5a522c9497418ac69f0cfce113547483be69323e0bd7f97db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-fest" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "cardinal", + "version": "2.1.1", + "bom-ref": "cardinal@2.1.1", + "author": "Thorsten Lorenz", + "description": "Syntax highlights JavaScript code with ANSI colors to be printed to the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cardinal@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/cardinal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/cardinal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/cardinal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "252af978e8281329ad607063356ca3acca9eb7d026da68898657ca35da8ba7ace878087428de5d44073195e723e66009ae64289a088e063df9c472eb163a81a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cardinal" + } + ] + }, + { + "type": "library", + "name": "ansicolors", + "version": "0.3.2", + "bom-ref": "ansicolors@0.3.2", + "author": "Thorsten Lorenz", + "description": "Functions that surround a string with ansicolor codes so it prints in color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansicolors@0.3.2", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/ansicolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "417bbb04facfdbd565951c47f06c01ef1e625f9a9628000c2ea2901964de2d656534734ea55309f7576cc50008597a63b96e70aafc6edc977f9d18eb27ed29aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansicolors" + } + ] + }, + { + "type": "library", + "name": "redeyed", + "version": "2.1.1", + "bom-ref": "redeyed@2.1.1", + "author": "Thorsten Lorenz", + "description": "Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/redeyed@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/redeyed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/redeyed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/redeyed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14da461a8d43c9c600767aca17108c98a620a3f9882c0aad4586e47500fc129fc79363d0e7e684004c7e214ef5dd14c39ae05a1f473c3f9668ceeacdbb939b45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/redeyed" + } + ] + }, + { + "type": "library", + "name": "esprima", + "version": "4.0.1", + "bom-ref": "esprima@4.0.1", + "author": "Ariya Hidayat", + "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esprima@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jquery/esprima.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://esprima.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jquery/esprima/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esprima" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "4.0.0", + "bom-ref": "has-flag@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "3.0.1", + "bom-ref": "clean-stack@3.0.1", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "951f70362311715423481ddaef15c62eecf872be3026eb9795a0046d1bad1a8c104e6969ed1ef6fc33a0376d5ef237706e531697d50e24c2576ab5fde29cca76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-stack" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "4.0.0", + "bom-ref": "escape-string-regexp@4.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4eda5c349dd7033c771aaf2c591cc96956a346cd2e57103660091d6f58e6d9890fcf81ba7a05050320379f9bed10865e7cf93959ae145db2ae4b97ca90959d80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "version": "3.12.0", + "bom-ref": "cli-progress@3.12.0", + "author": "Andi Dittrich", + "description": "easy to use progress-bar for command-line/terminal applications", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-progress@3.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/npkgz/cli-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npkgz/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npkgz/cli-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b51915dc7275012c26d7d4c78a22c85cb3bb226ef0953b8a9ef918693932a003de7ea8cd83b5bb0c7294946471cbdbf10ef6f2098424428cefa6db8c9060a0f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-progress" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "4.2.3", + "bom-ref": "color@4.2.3", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6b5deb94522186af2921f8278176ee487bb389c229c28106346dcec6091c72e71547cbe9a86aa9292ff8ea42ad0cb5039e61caea133e1a6dce5fd0ab54ed6e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-string", + "version": "1.9.1", + "bom-ref": "color-string@1.9.1", + "author": "Heather Arthur", + "description": "Parser and generator for CSS color strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-string@1.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21ad56b0405a239d9bfac4ce346a7c780a4a033fe7d9b30fd97ab10cb16fe9cb3b116c4969b0bfc30555bbab7131c70bac74d5c8de55e9ba1119933b3ca7912" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-string" + } + ] + }, + { + "type": "library", + "name": "simple-swizzle", + "version": "0.2.2", + "bom-ref": "simple-swizzle@0.2.2", + "author": "Qix", + "description": "Simply swizzle your arguments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/simple-swizzle@0.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-simple-swizzle.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "240fff910819b5bb98f379bec53fad5c9926267706313153f82fa0da1d91f6ec64608ac4db2cbdb2099c2e10a7c39eff5920fe121dc9f7b14f1031676d79c352" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle" + } + ] + }, + { + "type": "library", + "name": "ejs", + "version": "3.1.10", + "bom-ref": "ejs@3.1.10", + "author": "Matthew Eernisse", + "description": "Embedded JavaScript templates", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ejs@3.1.10", + "externalReferences": [ + { + "url": "git://github.com/mde/ejs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/ejs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/ejs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51e26615f3ab0104bc38958f678aad807c961316b4f3cfccb4ae54132a091851faedc0c45e4652be23a2291099e178a3d33c48dc9102818b37a0ac7e022cd004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ejs" + } + ] + }, + { + "type": "library", + "name": "jake", + "version": "10.8.7", + "bom-ref": "jake@10.8.7", + "author": "Matthew Eernisse", + "description": "JavaScript build tool, similar to Make or Rake", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/jake@10.8.7", + "externalReferences": [ + { + "url": "git://github.com/jakejs/jake.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jakejs/jake#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jakejs/jake/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6438b768ff9f1bf2dc87207350cf34e158dd767c1f49fb1d798930b7c35c6ca46fa38ac592386ce39ea22c59f79366545af35ee22e3c5800836f36bc7e1ab6fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake" + } + ] + }, + { + "type": "library", + "name": "async", + "version": "3.2.5", + "bom-ref": "async@3.2.5", + "author": "Caolan McMahon", + "description": "Higher-order functions and common patterns for asynchronous code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async@3.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/caolan/async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://caolan.github.io/async/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caolan/async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da359caa69a2e1c8b54a9bf0e5bdd5b4e7531280ee9bf1e55f21ece5f44e4fa96c458332e6ff0427b445b8ccecad55bbab0c4af426500b12974e170bc4acbb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async" + } + ] + }, + { + "type": "library", + "name": "filelist", + "version": "1.0.4", + "bom-ref": "filelist@1.0.4", + "author": "Matthew Eernisse", + "description": "Lazy-evaluating list of files, based on globs or regex patterns", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/filelist@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/mde/filelist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/filelist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/filelist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c35704b9fdd2f83acb0902fb113ea4cfe82694975babd27bc970928cafce6423c0faa10dd56c85e1901fd186096b8fec84726b6b6b7f77fafc495e098bec7ef1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/balanced-match" + } + ] + }, + { + "type": "library", + "name": "concat-map", + "version": "0.0.1", + "bom-ref": "concat-map@0.0.1", + "author": "James Halliday", + "description": "concatenative mapdashery", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "externalReferences": [ + { + "url": "git://github.com/substack/node-concat-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-concat-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-concat-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/concat-map" + } + ] + }, + { + "type": "library", + "name": "get-package-type", + "version": "0.1.0", + "bom-ref": "get-package-type@0.1.0", + "author": "Corey Farrell", + "description": "Determine the `package.json#type` which applies to a location", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-package-type@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/cfware/get-package-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cfware/get-package-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cfware/get-package-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cee2ad63ae0661f5a2ccd009d1fafd56ab6d6643622b6892e37d0bb481f38c112be9b5fc026db39b8b16e11a39c23596e5c02544bd6a00c4dc5db8cd00ed9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-package-type" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "11.1.0", + "bom-ref": "globby@11.1.0", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e121768ecf2d6c6fc232a1c6abb964a7d538e69c156cf00ca1732f37ae6c4d27cab6b96282023dc29c963e2a91925c2b9e00f7348b4e6456f54ab4fd6df52de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globby" + } + ] + }, + { + "type": "library", + "name": "array-union", + "version": "2.1.0", + "bom-ref": "array-union@2.1.0", + "author": "Sindre Sorhus", + "description": "Create an array of unique values, in order, from the input arrays", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-union@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/array-union.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/array-union#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/array-union/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1c6cb1a0e4d853208ceacb547ba1098277781287b0008ef331d7ea3be9068e79599810f3fdc479a5ff2bfdc4785aaeb4b0bfe9d0891c8d41043f04b7185ac8cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-union" + } + ] + }, + { + "type": "library", + "name": "dir-glob", + "version": "3.0.1", + "bom-ref": "dir-glob@3.0.1", + "author": "Kevin Mårtensson", + "description": "Convert directories to glob compatible strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dir-glob@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/dir-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/dir-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/dir-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a4ad6a7d191e0a5df28663338b993b86562d545857f0b37efb9fd71ce79fed6fa0eeab217aa5c43901b88712c85a0e963dbfaa1a4abd9708389d1a633077320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dir-glob" + } + ] + }, + { + "type": "library", + "name": "path-type", + "version": "4.0.0", + "bom-ref": "path-type@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-type@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-type" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "5.3.1", + "bom-ref": "ignore@5.3.1", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@5.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45cadcff22b68c8eaa707dddf891edbc3d354c8d98c91b630f9f9b7b384e1e50250d7fc0406bb6f95944bdfd0bebea6c0e412ecc93abddb0c9e8e617be4fc5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ignore" + } + ] + }, + { + "type": "library", + "name": "hyperlinker", + "version": "1.0.0", + "bom-ref": "hyperlinker@1.0.0", + "author": "James Talmage", + "description": "Write hyperlinks in the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hyperlinker@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/hyperlinker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f2f146e545614471f4ae21a6a3337e0b74f5c885bb356a3117fc104fbf6e09f9e9d255a11563adf143a9533bd551612e4b028821206d080c9fa9f883f329441" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hyperlinker" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11d0c366ee00d8ec882bb2ebff6cc6fb0e6399bba4d435419c4c11110bc1ceca412640846d16bc1b153596085871a1890a745689b8c35e5abbefd5f5ff2e71c2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/indent-string" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "2.2.0", + "bom-ref": "is-wsl@2.2.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cacc0adad2b18951407018180d90766e4e865c9fe4ed5c7a5e0a09a430930c631d6c40361a092ca32414826b69c7d431a6eecde7d68067a21a154c168decbc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "2.2.1", + "bom-ref": "is-docker@2.2.1", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17e8b604ab05ac7eba89a505734c280fcb0bcbc81eb64c13c2d3818efb39e82c780a024378a41ea9fcfcc0062249bf093a9ad68471f9a7becf6e6602bef52e5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "natural-orderby", + "version": "2.0.3", + "bom-ref": "natural-orderby@2.0.3", + "author": "Olaf Ennen", + "description": "Lightweight and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-orderby@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/yobacca/natural-orderby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yobacca.github.io/natural-orderby", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yobacca/natural-orderby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7b2931f1534094adc3977bad997eb6f9675de72ef3e149647fb28de416e954414d2c814965d99d0bc29b0b377e7578e383fa1446bbf17583eeb10df3de0fef9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-orderby" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "1.1.33", + "bom-ref": "object-treeify@1.1.33", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@1.1.33", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1055630187f35aa5ac04c4473cc0172c20c8267a4c85d580a91ef11ba33a6b672ce8f305a65ffe676d30f730d6e2f9313857dd75e8012aaf517a17746f1584ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "password-prompt", + "version": "1.1.3", + "bom-ref": "password-prompt@1.1.3", + "author": "Jeff Dickey @jdxcode", + "description": "cross-platform masked or hidden prompt", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/password-prompt@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/password-prompt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e4ae31b668996f174b7604c1f47b62c1fc41dfdcb72addf34ccf2e066077106e502f3a5f904238b52f1ed644132aa552bca7e291edb0a0ee8a80317b5d82acb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/password-prompt" + } + ] + }, + { + "type": "library", + "name": "slice-ansi", + "version": "4.0.0", + "bom-ref": "slice-ansi@4.0.0", + "description": "Slice a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slice-ansi@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/slice-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/slice-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/slice-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8c08c7e1634e347151d3e372bd045ca0a986d43c564a1ce83b2bbde6b5358945bf29c8fddfcdfe08c5de52cdd10943a311520fd606738bc60859b4a2aeac435" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slice-ansi" + } + ] + }, + { + "type": "library", + "name": "astral-regex", + "version": "2.0.0", + "bom-ref": "astral-regex@2.0.0", + "author": "Kevin Mårtensson", + "description": "Regular expression for matching astral symbols", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/astral-regex@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/astral-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/astral-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/astral-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67bb4cc35cad4d7b798ea31c38ff8e42d794d55b8d2bd634daeb89b4a4354afebd8d740a2a0e5c89b2f0189a30f32cd93fe780735f0498b18f6a5d1ba77eabbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/astral-regex" + } + ] + }, + { + "type": "library", + "name": "widest-line", + "version": "3.1.0", + "bom-ref": "widest-line@3.1.0", + "author": "Sindre Sorhus", + "description": "Get the visual width of the widest line in a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/widest-line@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/widest-line.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36c9a85da96c5950cc1aea71679474f246bd7e56638e22ef1d501660e2ad88a33cba3b595abf5c45f7da93eb92138f3e39bf0e6da957a70c9e522c830fa40582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/widest-line" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "plugin-help", + "group": "@oclif", + "version": "6.1.0", + "bom-ref": "@oclif/plugin-help@6.1.0", + "author": "Salesforce", + "description": "Standard help for oclif.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-help@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-help.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-help", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-help/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53e2cd28a69906ba07aa848622961b42691397c696d0d25c3bdb6bd3dd4b24e67be22a840e2ba97c14c232e9255bdb9365d585600a6a4e6b210ee07f238d63c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help" + } + ] + }, + { + "type": "library", + "name": "ansis", + "version": "3.2.0", + "bom-ref": "ansis@3.2.0", + "author": "webdiscus", + "description": "Colorize terminal with ANSI colors & styles", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ansis@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/webdiscus/ansis.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/webdiscus/ansis", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/webdiscus/ansis/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansis/-/ansis-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "624dc19071fd53ba0fc8237780be5373b0a96a11bff9416fffa506d370b7d75572f65cd1980e6ea310d3a54f423b7ac61cbe8acc9cffa5d0de5d9099e4cbbf4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansis" + } + ] + }, + { + "type": "library", + "name": "cli-spinners", + "version": "2.9.2", + "bom-ref": "cli-spinners@2.9.2", + "author": "Sindre Sorhus", + "description": "Spinners for use in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-spinners@2.9.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-spinners.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb0a95fb9326c8be04ef26d780acace03ba065b5f4142e8b9f0ae18eeca42239caf64f0e41a710edac462a78c35d63619ecd31a2dddb648e61e791fcca8f5c26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-spinners" + } + ] + }, + { + "type": "library", + "name": "cosmiconfig", + "version": "9.0.0", + "bom-ref": "cosmiconfig@9.0.0", + "author": "Daniel Fischer", + "description": "Find and load configuration from a package.json property, rc file, TypeScript module, and more!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cosmiconfig@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/cosmiconfig/cosmiconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8adbcbe61f1111300298e4c573851f23207645f1078bbd40c7a13f3e2bd5c6af4db1e29b396a5ec8710e21b980c35aecf0093456eaec40dc30ee57fb62d530ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cosmiconfig" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa1d6590b2a164c4d88e8835544a49346ecd64959cb9cd830e4feab2a49345108e5e22e3790d5dd7fb9dad41a1a8cc5480097028d67471fdaea9a9f918bb92d8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/env-paths" + } + ] + }, + { + "type": "library", + "name": "import-fresh", + "version": "3.3.0", + "bom-ref": "import-fresh@3.3.0", + "author": "Sindre Sorhus", + "description": "Import a module while bypassing the cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-fresh@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bde6188506be0f54012b39ef8541f16fc7dac65af0527c6c78301b029e39ec4d302cd8a8d9b3922a78d80e1323f98880abad71acc1a1424f625d593917381033" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-fresh" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "4.1.0", + "bom-ref": "js-yaml@4.1.0", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c29c59b3d368c596891122462194f20c4698a65d0529203e141f5a262c9e98a84cc24c5083ade1e13d4a2605061e94ea3c33517269982ee82b46326506d5af44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "error-ex", + "version": "1.3.2", + "bom-ref": "error-ex@1.3.2", + "description": "Easy error subclassing and stack customization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-error-ex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/error-ex" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "2.3.1", + "bom-ref": "json-parse-even-better-errors@2.3.1", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c72170ca1ae8fc91287fa1a17b68b3d8d717a23dac96836c5abfd7b044432bfa223c27da36197938d7e9fa341d01945043420958dcc7f7321917b962f75921db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-parse-even-better-errors" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "5.1.6", + "bom-ref": "typescript@5.1.6", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@5.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cda582a33459e832c4580585ad50f3d47e85557cd449f4f2e4550c5ac42553c626e493fd78ee31913211385090be141feb5cfa3bf1baba0c374a0027bef9be1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "plugin-plugins", + "group": "@oclif", + "version": "5.2.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2", + "author": "Salesforce", + "description": "plugins plugin for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-plugins@5.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-plugins.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-plugins/-/plugin-plugins-5.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "054027977f9f374f1c7fb2ea9cb851bf991cf8758e2f3dd32eadedf407f6e5af100a9c5804a6339f283152ba08e744ccd34dbe8b49af8e4b518e0d9b1fd791ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6e519014293e66f19cefb3bd975b2dc7b6f55b4d6963444eba70feb46f127302a7f60e0202a3b9584d8d881d498b9cda6362fc396ef9a81ef3dcd103b66badb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3a58cbad0f5241d394a93690c6a2f97447d95ab5c4c72c96b28cd89405856b03d536e0fcde2825eee243d914e434c6e7888620b7c97cd5e08918875017b6af2d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-name" + } + ] + }, + { + "type": "library", + "name": "npm", + "version": "10.8.0", + "bom-ref": "npm@10.8.0", + "author": "GitHub Inc.", + "description": "a package manager for JavaScript", + "licenses": [ + { + "license": { + "id": "Artistic-2.0" + } + } + ], + "purl": "pkg:npm/npm@10.8.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://docs.npmjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm/-/npm-10.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c21f77b91733829ec70e73cc88b5dc0a4bf685a81d252d3327d293ff7d5dd05a173f4dbeaa037600ec29696f397f14569229e5dab10b7cfc3e0a30575b8f3f8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm" + } + ] + }, + { + "type": "library", + "name": "plugin-version", + "group": "@oclif", + "version": "2.2.2", + "bom-ref": "@oclif/plugin-version@2.2.2", + "author": "Salesforce", + "description": "A command that shows the CLI version", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-version@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-version.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-version", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-version/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-version/-/plugin-version-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1f8b742bb15567ea42c0b01cd3679965b18c816f58717f0b58c976317ccac5019f3eb98164b4e113621e6d1f4fbd10248c3af30a66d979625c0b1f7bb4767a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version" + } + ] + }, + { + "type": "library", + "name": "plugin-warn-if-update-available", + "group": "@oclif", + "version": "3.1.4", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "author": "Salesforce", + "description": "warns if there is a newer version of CLI released", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-warn-if-update-available@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-warn-if-update-available.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-warn-if-update-available/-/plugin-warn-if-update-available-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c63eb3830bee105994ac76055c7a2a993a6f394b0482a5e2ca87fd3aa8e0955dd77813cdb109dbb96ff4f391c549606f2885500addb6b954556890b3de8ece0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available" + } + ] + }, + { + "type": "library", + "name": "content-type", + "version": "1.0.5", + "bom-ref": "content-type@1.0.5", + "author": "Douglas Christopher Wilson", + "description": "Create and parse HTTP Content-Type header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-type" + } + ] + }, + { + "type": "library", + "name": "is-stream", + "version": "2.0.1", + "bom-ref": "is-stream@2.0.1", + "author": "Sindre Sorhus", + "description": "Check if something is a Node.js stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-stream@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "845a222624e5eb79e7fa4b2d1c606d7b05922a740ba726f5e7928785e035977f6ebed3bd9d6228a75a77b9da8f71477fc5b17554b30ee27ece23aa7b45b9e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-stream" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf3d3a4bcb74a33a035cc1beb9b7b6eb37824cd5dc2883c96498bc841ac5e227422e6b38086f50b4aeea065d5ba22e4e0f31698ecc1be493e61c26cca63698ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.2.1", + "bom-ref": "safe-buffer@5.2.1", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "test", + "group": "@oclif", + "version": "3.2.15", + "bom-ref": "@oclif/test@3.2.15", + "author": "Salesforce", + "description": "test helpers for oclif components", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/test@3.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/test/-/test-3.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea1b7468b28ccdab24a4c525c89d4d765de736b0f48e92a6072437dd1598961b76bc0b1bb87673e2010be6b3e049b0e94b4267c4425487aa2c9550a38c1e15c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "version": "4.4.1", + "bom-ref": "chai@4.4.1", + "author": "Jake Luer", + "description": "BDD/TDD assertion library for node.js and the browser. Test framework agnostic.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chai@4.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/chai.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://chaijs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/chai/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d77b0e7ccbf6f8359db8453eff16ee9f72d270ba2a375ee705e4cb52c9837ca768882d5faf49fd3d4e20baee0085170e54593fb16f0bc99587ba15ad419885fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chai" + } + ] + }, + { + "type": "library", + "name": "fancy-test", + "version": "3.0.15", + "bom-ref": "fancy-test@3.0.15", + "author": "Salesforce", + "description": "extendable utilities for testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fancy-test@3.0.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/fancy-test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/fancy-test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/fancy-test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fancy-test/-/fancy-test-3.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91964574fcd55ad2b106498b2d47f1862cec78697565946e0a69ae0a4a35a2202cfd7fccbc4e000a6fef973bf17eee0e79bffb309f2154ff2b522566dd1ef6f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fancy-test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "group": "@types", + "version": "4.3.14", + "bom-ref": "@types/chai@4.3.14", + "description": "TypeScript definitions for chai", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/chai@4.3.14#types/chai", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/chai", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chai", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a3ef5b1713843802419d1bd4efab5bbf7eab8dcfd11d1b82c824cc1554823b6ac8630fff1c7fc7f221f2408d1afa61cb179d213c70e1903ead60a9e47ccfedf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/chai" + } + ] + }, + { + "type": "library", + "name": "sinon", + "group": "@types", + "version": "17.0.3", + "bom-ref": "@types/sinon@17.0.3", + "description": "TypeScript definitions for sinon", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinon@17.0.3#types/sinon", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinon", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinon/-/sinon-17.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f7ba8bdd9fc7b0932f644411b5f5b3b06996dec49bbf5e3b641f28ef520b78c5f3c5cf5f1d70e44832a9d887ae85c773e8c2172bf39353e7e7abdfea1589aa7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinonjs__fake-timers", + "group": "@types", + "version": "8.1.5", + "bom-ref": "@types/sinonjs__fake-timers@8.1.5", + "description": "TypeScript definitions for @sinonjs/fake-timers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinonjs__fake-timers@8.1.5#types/sinonjs__fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinonjs__fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinonjs__fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "990914da363c8c9105ed81e31efb103bcfb7ba08532f599c9e7f7a8a07e138d991f9f50f48a22479f418a527bc6ec972d84a7ba106e7ffa546e7ff7fd2a700ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinonjs__fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-stdin", + "version": "1.0.0", + "bom-ref": "mock-stdin@1.0.0", + "author": "Caitlin Potter", + "description": "Mock STDIN file descriptor in Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-stdin@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/caitp/node-mock-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-stdin/-/mock-stdin-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6e91175bf417aedbbb7a74df97ced4911eaf49d01fc2a003b2486cc77e7f144df9aa8a9039c8d4ffb03504c987405771e991ae96c7a90e331b8e6dd39ec7ad1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nock", + "version": "13.5.4", + "bom-ref": "nock@13.5.4", + "author": "Pedro Teixeira", + "description": "HTTP server mocking and expectations library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nock@13.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/nock/nock.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nock/nock#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nock/nock/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c80c937dd78d24618117159dcd2282058c6ce45c4b6c28395f94387adb3def885c4331b5faa0b1bc8c8ea388f6472e8c52585654c5f83a860379f008230ba98f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nock" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-safe", + "version": "5.0.1", + "bom-ref": "json-stringify-safe@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSON.stringify, but doesn't blow up on circular refs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-safe@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/json-stringify-safe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642960e80698bda9af60413cd9ddc8c9ddef49222343ea1d823693cd1b8edeceeda0274529cce86f68b4cc287b244f245a7d7bcaf016854571bea1b051a96c44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stringify-safe" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "propagate", + "version": "2.0.1", + "bom-ref": "propagate@2.0.1", + "author": "Pedro Teixeira", + "description": "Propagate events from one event emitter into another", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/propagate@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nock/propagate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/nock/propagate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/nock/propagate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bc6ae139abcf493cf841536e04d75c35778f35d34c68ed718fdc81787d527103e393fae183db129425cf84c905b9a34d5bfb324ef62ab276c82713017d16db6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/propagate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinon", + "version": "16.1.3", + "bom-ref": "sinon@16.1.3", + "author": "Christian Johansen", + "description": "JavaScript test spies, stubs and mocks.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sinon@16.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/sinon.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sinonjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/sinonjs/sinon/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a39d659ecb17007fd9c2d1b5dc3e6883badfa813c1d8ae275337305b17df006152e65b0191a76212129ca161f946d627c82d3f9e367dc198a5093f18d750f94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "3.0.1", + "bom-ref": "@sinonjs/commons@3.0.1", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b79821ca43db1587ca350bd731930c5a3a65e800c943c42d666321eb8ea39611c06362befab7deb32f6ce58f9754199dc74b0db8d17d6a807dcc8dfd72256a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "10.3.0", + "bom-ref": "@sinonjs/fake-timers@10.3.0", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578046d3b92e6125244c24811c6f06f1336133e175f635c55a742dce3fb07bc0eb92948109e7bd67732cf328867abfdd96685edf9fd7760ca8dffd2b40a83b60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "samsam", + "group": "@sinonjs", + "version": "8.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0", + "author": "Christian Johansen", + "description": "Value identification and comparison functions", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/samsam@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/samsam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sinonjs.github.io/samsam/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/samsam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "069f0a51594ba7c89b259ae7bead9fa1584fd08557d82229acc24f2b4bea1aa82b0dad0e1d529e67207292ab2492b77157ac8a04f9866ac3bc2d58c0291dc67b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.get", + "version": "4.4.2", + "bom-ref": "lodash.get@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.get` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.get@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfe530fef2eecba8107bc71f685583ee9d3056ff1f265de66f35e1df7452fb4a16db0bd4aa2457890ebd80b5922e9801e7feac53eafa065411d0c0482da76a4d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.get" + } + ] + }, + { + "type": "library", + "name": "nise", + "version": "5.1.9", + "bom-ref": "nise@5.1.9", + "description": "Fake XHR and server", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/nise@5.1.9", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/nise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/nise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/nise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e9e8ba35b8495e9ee34758c4939bdeebeea0f1ed98bcc89384c5a3e8f48cf2680bee59f718dae6a1f9259a1b10fb1af3e618a6132b392c27aec844846daac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-encoding", + "group": "@sinonjs", + "version": "0.7.2", + "bom-ref": "@sinonjs/text-encoding@0.7.2", + "author": "Joshua Bell", + "description": "Polyfill for the Encoding Living Standard's API.", + "licenses": [ + { + "expression": "(Unlicense OR Apache-2.0)" + } + ], + "purl": "pkg:npm/%40sinonjs/text-encoding@0.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/text-encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b175ca1beb8bf48acaa95893b5aa365ace9dcb4ce7bbdb0e68fd5d8bf8ca196d4ce95b2c3bcbe5a5709072967e8e2b10d6d4c5002e49a3f10ecc56e08016a015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/text-encoding" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-extend", + "version": "6.2.0", + "bom-ref": "just-extend@6.2.0", + "author": "Angus Croll", + "description": "extend an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-extend@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "718a1f42ed97a689bcd92eaa0fbefc8c10e9c2fbf2dfdb3597f86b6228f6bbd00c750706469681bba918e26561ba7a39909562d43033e1a8a9840d96235fce03" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/just-extend" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "stdout-stderr", + "version": "0.1.13", + "bom-ref": "stdout-stderr@0.1.13", + "author": "Jeff Dickey @jdxcode", + "description": "mock stdout and stderr", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stdout-stderr@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/stdout-stderr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stdout-stderr/-/stdout-stderr-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7b7dfc71c761f8d9ecd7902efb900f22f52e76ec6dd760305282b9a40ac0609d266f0b9ecb59217a29fae398dfa511d545d7a075df31b0b52a555d55dd892c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stdout-stderr" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abort-controller", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/abort-controller@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A simple abort controller library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/abort-controller@3.0.0#packages/abort-controller", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/abort-controller", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/abort-controller", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7a1a514606df4ae0c60bbbbd98b89e76dcd551e00f281e50b933624ee8e990a8df2401cfee87526a2c4f858b34e892b4891a0d024af0be06bb261b32adb1928" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/abort-controller" + } + ] + }, + { + "type": "library", + "name": "express", + "group": "@types", + "version": "4.17.21", + "bom-ref": "@types/express@4.17.21", + "description": "TypeScript definitions for express", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express@4.17.21#types/express", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a394f337d79ab02e96909500d38cf76c50549ce99b0fe0037a0255a7a203e343b0958bb3d8177615cfe098de3136a7061fec4ffb1e50c0374ad5d86c531b41d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "group": "@types", + "version": "1.19.5", + "bom-ref": "@types/body-parser@1.19.5", + "description": "TypeScript definitions for body-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/body-parser@1.19.5#types/body-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/body-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/body-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c1dd9bbddae71abb4890d0930215013b6ff76ff0eb74ecd23729a64890850d5eaf3693878102a51a9de5df95e198f495ac91e4bdcbebb49d7332b2972e42b0a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/body-parser" + } + ] + }, + { + "type": "library", + "name": "connect", + "group": "@types", + "version": "3.4.38", + "bom-ref": "@types/connect@3.4.38", + "description": "TypeScript definitions for connect", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/connect@3.4.38#types/connect", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/connect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/connect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bab9139fd4b0fcf2e0d0a890a4b40e32ccbd586002ba3607ec234bff9938323ca5ac5f50a72745cf48385589e8ebbb519c4642d66fc465cc560946a1946daba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/connect" + } + ] + }, + { + "type": "library", + "name": "express-serve-static-core", + "group": "@types", + "version": "4.19.0", + "bom-ref": "@types/express-serve-static-core@4.19.0", + "description": "TypeScript definitions for express-serve-static-core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express-serve-static-core@4.19.0#types/express-serve-static-core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express-serve-static-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express-serve-static-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c6c9ea7726a3c246bcb5c2af8ee67ee88818065a67882573e35d70a8f042b4bbc76e6464986abedc1aa77730bd8952c2c6781edf99cd3a298a3d7cb196a8fbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express-serve-static-core" + } + ] + }, + { + "type": "library", + "name": "qs", + "group": "@types", + "version": "6.9.15", + "bom-ref": "@types/qs@6.9.15", + "description": "TypeScript definitions for qs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/qs@6.9.15#types/qs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/qs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b971d02844ba0d028a08b878e355effddc313aad53552dc93d432512aa04825be5851e8cc6795ec3f5eafcb4551e92f293b88adf33837b5a981c8325b4eed71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/qs" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "group": "@types", + "version": "1.2.7", + "bom-ref": "@types/range-parser@1.2.7", + "description": "TypeScript definitions for range-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/range-parser@1.2.7#types/range-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/range-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/range-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84aa2b9896e426acd01a1ce26b1e4f22d0d44cc00cf6e1365d7426337eddc9de2154cfb969597ba15c4c554895427da809014dfcb28265dbd2334a4546a6d299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "group": "@types", + "version": "0.17.4", + "bom-ref": "@types/send@0.17.4", + "description": "TypeScript definitions for send", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/send@0.17.4#types/send", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/send", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/send", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c7610ce9324ec9b79cedce76057d19b293e874cb1051de4be8f4703ae9d5c955215e205229fdc07b30cbf0382f82de68d147ca35fb80d1e30baf6c0b4f802204" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/mime@1.3.5", + "description": "TypeScript definitions for mime", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mime@1.3.5#types/mime", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mime", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe9c8165648b0f69f475c1c4de1abcb3c66f7044c7b44b85fb713b5d5b74220da7bec5505dd8211d57049085a3cbd034c0a7d39fdedafcf48362884a2259cfff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "group": "@types", + "version": "1.15.7", + "bom-ref": "@types/serve-static@1.15.7", + "description": "TypeScript definitions for serve-static", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/serve-static@1.15.7#types/serve-static", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/serve-static", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/serve-static", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5bc626fa1f2786e47068a3da0f0df8414930b068ba45ce3262abca168e6b9b61541210856f3556af15d4c6e28af130128d6b32b096349ec98d086842388b2b3b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/serve-static" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/http-errors@2.0.4", + "description": "TypeScript definitions for http-errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-errors@2.0.4#types/http-errors", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-errors", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-errors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f408530cb7275b2407a0ccec878ed88a3cb96f9e6de24d9c994526682eada64610dd98b7c858e0983df409e1cbb67ab2a0854fbe42f8dc523a7fe61ee1112a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-errors" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "group": "@types", + "version": "11.0.4", + "bom-ref": "@types/fs-extra@11.0.4", + "description": "TypeScript definitions for fs-extra", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/fs-extra@11.0.4#types/fs-extra", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/fs-extra", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-11.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c936c8b4236b791a28103df7aa3ba73ed8517128c444fd6be0ca8265cef0bf4bb6b149334c5a78e6d8147d2e7eafb16b64f76608235f94b85548ffe8f927a6b1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "group": "@types", + "version": "6.1.4", + "bom-ref": "@types/jsonfile@6.1.4", + "description": "TypeScript definitions for jsonfile", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jsonfile@6.1.4#types/jsonfile", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jsonfile", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonfile", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jsonfile/-/jsonfile-6.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f9a86518c23be734d7b1b5d539f7ff9f23eb299f0b53166c903f487e3df20e4a435fa54e803880943a49b88b43a74a4f8dca374f26bc420eba34b09b16951a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jsonfile" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "group": "@types", + "version": "4.0.3", + "bom-ref": "@types/get-installed-path@4.0.3", + "description": "TypeScript definitions for get-installed-path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/get-installed-path@4.0.3#types/get-installed-path", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/get-installed-path", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/get-installed-path/-/get-installed-path-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5deea74eebca3b776e98cb29b267f57b092b7bce5f866426335c88bf67e4c99458a9753538d6001fd6f61cc0e2ca43ef76315485eb9de298b3044a48eede8e53" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "jest", + "group": "@types", + "version": "29.5.12", + "bom-ref": "@types/jest@29.5.12", + "description": "TypeScript definitions for jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jest@29.5.12#types/jest", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7830bc6d3bd3fd0858771240ba542292e7a2818e40b1d0511f6c83296df2bde5bbb2f637f83ccdf38ff6354824c35d114e225b5aa66b4eda0655d625bc525d2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jest" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "29.7.0", + "bom-ref": "expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@29.7.0#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9992cd217f554b15823591b8742398cfdca1c7c821e991fc87073b125d116097f060f665987cc5bca03f8f74c3e5130cb91cdb11f49bad632ea931e3a1eb59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect-utils@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@29.7.0#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5b0d0568854050958bd4154b1edfe4080c78bc5ef58082b393ee3f63b62dd8c3000f0987d797ee503526aff1757c3759bde1caf94535f6487dc45eb52cd870" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "29.6.3", + "bom-ref": "jest-get-type@29.6.3", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@29.6.3#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cebb5e5e7a98c5f421ee5e451f22f7f232f7f5d8bc1fcac7a1e70b1f724dc47dc1c0eac1b0d79a6dd6a9e5ed08db7943e071c8f16e5514166a1b811aab92cd73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "29.7.0", + "bom-ref": "jest-matcher-utils@29.7.0", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@29.7.0#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b01903f978bd0ed70286c2372f7bb4f8dd28a603d89c244fb4671062b817991fa19adfdf61f5802f4c515d853c79639d7ee2e005ed18096dc016d9d12da82afe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "29.7.0", + "bom-ref": "jest-diff@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@29.7.0#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cc220888ae18a098faecd37247a71521db22122b7bcb14f900a1d3dea34f81b85ef003616841b904835bbc8016014e19dcbbb7b5a040d47c85d5b93a8b4548f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "29.6.3", + "bom-ref": "diff-sequences@29.6.3", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@29.6.3#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12378f2b5b2b0f73f4f28da3e1fd04c67ca5a91b3907db498dca7db7592b1f6a918bc08276c61fc1ef498122eeac5056c2ae2e3a58a9cdf9397c736fc052abf1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "29.7.0", + "bom-ref": "pretty-format@29.7.0", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@29.7.0#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3dd970fe83f137e69776633d474d09542f56545a022d3289bc354b82627ea807df04cc6c57ce65fcbbbbb0dc78cd2ccfca82f67ae226b84c0784e5dd12034565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "29.7.0", + "bom-ref": "jest-message-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@29.7.0#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "181115e064400de3feaad076fbabbad6cb5e6bc98670e4f8982b6b608499c1fbbdfc8487149ff9cce31761ba4113d46c4b9f866fadc35b81609a7289efd29feb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/types@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@29.6.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb750fb088a558a38cdc5f425edac6f0b10998dc70a02402fd7563e082985efbe9c7b4088bf2a0d4b239b83983a4a95a73ad8d52d5fb78b8d187e8d565c2cecf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "29.7.0", + "bom-ref": "jest-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@29.7.0#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfa11b29a8c8a6a18a539eb2e4a054832d5db758a18502605b352564702b03ff97d9a77b09be6217e00ad445952ff068ed1cfdbaeae9ab0e9288109e7d46c218" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/schemas@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@29.6.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a8e63e57fa321998942f78129e4bf72502e7a2a55eca8225f5bcc802c5a9b544d622a84d70eb69f4fed2499c7b635bc647710728e6063ce630379a2d0bfa748" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.27.8", + "bom-ref": "@sinclair/typebox@0.27.8", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.27.8", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f858f8de948cc09b38291ac7ffddfc51ffae0042c881506643383fab5606d74763c9f0374e7ad4f0df17cea0a1fe891976ccea0504d97fdea274c7c4e659f04c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "group": "@types", + "version": "4.0.9", + "bom-ref": "@types/js-yaml@4.0.9", + "description": "TypeScript definitions for js-yaml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/js-yaml@4.0.9#types/js-yaml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/js-yaml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9383066909794c6a3f8a2a6a6f65031b65308d7ce2496921d2ecac41e953949a57d6a1a5a546589bc3e73b80f11b5a81a26b4951d609eaa47ac5d21a875d092e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mocha", + "group": "@types", + "version": "10.0.6", + "bom-ref": "@types/mocha@10.0.6", + "description": "TypeScript definitions for mocha", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mocha@10.0.6#types/mocha", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mocha", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "749beb616c4ffd47179b7e909f7e9fc6150abbc03fc4c457553d9c962145d59ed403d9621b93ec8f77b3352670fb9a6e1f67330d744b7174317fc25b26dd1e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mocha" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "group": "@types", + "version": "4.13.4", + "bom-ref": "@types/mock-fs@4.13.4", + "description": "TypeScript definitions for mock-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mock-fs@4.13.4#types/mock-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mock-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "99798cd28ea550b3c8f33dd7367402a4bd011b13f0c75525d705d810f04697879f4a1cb15b64659f424e3c4586c9969864c33a3955ccff5e7352e14c639da58e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "undici-types", + "version": "5.26.5", + "bom-ref": "undici-types@5.26.5", + "description": "A stand-alone types package for Undici", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/undici-types@5.26.5", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/undici.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://undici.nodejs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/undici/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26508c3be7a174420aaa517193a21f568014566833edc53bcc3fe1f57674ab37a8b121e650954ecd242fbd84985979055c2f887cb29221f7e1bf4b1566ea7aa4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/undici-types" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "group": "@types", + "version": "1.3.3", + "bom-ref": "@types/objects-to-csv@1.3.3", + "description": "TypeScript definitions for objects-to-csv", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/objects-to-csv@1.3.3#types/objects-to-csv", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/objects-to-csv", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/objects-to-csv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/objects-to-csv/-/objects-to-csv-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0be7cc752da02beacd51ce620231ff778cfea0d6b272d06ba45e46f433b84a9a81efcc06fd3929d917c8f3fe9a29ffd1f8b39a0117106b14371bfe9498083c19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "group": "@types", + "version": "4.2.3", + "bom-ref": "@types/prompt-sync@4.2.3", + "description": "TypeScript definitions for prompt-sync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prompt-sync@4.2.3#types/prompt-sync", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prompt-sync", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prompt-sync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prompt-sync/-/prompt-sync-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b1efb8024b1d18c9e6a41adfea7ce6544853524a2fac877001a063a20b088ed8a383c78f760499d49bda085d2f801c9b6aa75da233845db98eaf89327d6d8c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "tmp", + "group": "@types", + "version": "0.2.6", + "bom-ref": "@types/tmp@0.2.6", + "description": "TypeScript definitions for tmp", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/tmp@0.2.6#types/tmp", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/tmp", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72185a35fda82879519031adfad88a136679689eaa6a59bb67dae52dd07098e88001fd3d610befa0b5e358ae0758f175c54fdfaaf3207cd7e956806c700fed28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/tmp" + } + ] + }, + { + "type": "library", + "name": "uuid", + "group": "@types", + "version": "9.0.8", + "bom-ref": "@types/uuid@9.0.8", + "description": "TypeScript definitions for uuid", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/uuid@9.0.8#types/uuid", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/uuid", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0fbdec4188718f4018724945a68f5607ad283b2b4e06d18d0e4cb208e1fc340a1059740edc91aff5423b20f54f647530d7963cafeeec9a068650d99ca0407c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/uuid" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@7.12.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/eslint-plugin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5f757dc6ee0dffdddd2f28db5fabdd99dc18891effe7969341293b6d4b5e10df2da86b89917d0868f87db01eb448e56817637529bd6ba55e5dba5b4fa678d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "group": "@eslint-community", + "version": "4.10.0", + "bom-ref": "@eslint-community/regexpp@4.10.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/regexpp@4.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aef7a49dd81cbd982353c768b228e9aad74bf6da351542fd25427946372d7aa04f79f3dc84f900033dbacc182900e7570a6528373eefda4c955319f2ffaa350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/parser@7.7.1", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@7.7.1#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be63f304e3adcf8f05e89006552fe46589381245daa3a886ac3f37f2ca75c37350402d16f2bcbfabae35294e0fac6ec028d01fe7a34e711f063a91fc97d14f0b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/scope-manager@7.7.1", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.7.1#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f2b4189fd9217ef52a4450aca7627e60d511c575d254732ca71a9ced5f797f8a4eca99912fd7d5823215019075cf53d7acfd55860f7ff3837c20f74f83876ac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/types@7.7.1", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.7.1#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0263e69c65b564b4e959afbfda898facf7d1ec171b514e2885ae5521b49b4b56b54eff7ae9b925bcb357c69de6adb73e3f68f830d3937c37df36c938a3473aff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/visitor-keys@7.7.1", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.7.1#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8012f712adb9b800f0d4b43d915a5fde144cf835b3b34b999271d82b786ae237133ea5420a51c60e707a514515d9215e05e0382961d66db2ea99b19c6781586f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/typescript-estree@7.7.1", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.7.1#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977b4247097aeef056b7e9db5e5ea987d98c6780a2639102e3c73a23e8b630cd9eea66f82c2d273e7aa22d0aba88a29f1597650aa008b44ad556bbdec541921" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-api-utils", + "version": "1.3.0", + "bom-ref": "ts-api-utils@1.3.0", + "author": "JoshuaKGoldberg", + "description": "Utility functions for working with TypeScript's API. Successor to the wonderful tsutils. 🛠️️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-api-utils@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/JoshuaKGoldberg/ts-api-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "510308a3ba5bf1646898a475ffe30554b4eba08bc356d317dcae8e522afcca72f2cc1f097ab8a89edd9b4c0b6634f6b57a402037b60f0f27fa57eca0add53e79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-api-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "3.4.3", + "bom-ref": "eslint-visitor-keys@3.4.3", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2973e2d77a2ca28acc4f944914cd4eacbf24b57eb20edcc8318f57ddcbb3e6f1883382e6b1d8ddc56bf0ff6a0d56a9b3a9add23eb98eb031497cfdad86fa26a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "8.57.0", + "bom-ref": "eslint@8.57.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@8.57.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "759ebe99ec6769321b481656828bb9d54e8e9b322160cd9570d76d893b48eea3cd666df9024a6bd1feafb70df0d4a9a7e4f628fad6557e1d775ab8694baa0ba9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0", + "description": "Type utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/type-utils@7.12.0#packages/type-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/type-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9626fdeadc91b4c84bc706ae0d6529fee5b714c84b03a0f4ac9f13ec7987ef1db71a4d46c30bbc519f7834c5c1bce10b9fa7e548f881ac22a57a19225f26aac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0", + "description": "Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/utils@7.12.0#packages/utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63a861c31c03c78d473698ee62cc18a7a8036e4899f078a7f417f9689427d5ba53b3769f618e065fe30f63199af23b68215d864704ccfd4266ff6b86095bfe0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "group": "@eslint-community", + "version": "4.4.0", + "bom-ref": "@eslint-community/eslint-utils@4.4.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/eslint-utils@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d7fb00e1dc2bcc1032794a10ea8c5a8472a6ad9bec9cb0a0e117f15b76451869909123503c534b57d09410540fd71f446171d3a39a7ac5d85933535ef69fc07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graphemer", + "version": "1.4.0", + "bom-ref": "graphemer@1.4.0", + "author": "Matt Davies", + "description": "A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/graphemer@1.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/flmnt/graphemer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flmnt/graphemer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flmnt/graphemer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12d2b0a0eea4c422fd58ee718a98874d9952cc19bb58b4fadbb4ea0bfb9545dd072a6abc357c9e6e7358c43a018bbc2df1e4d6ad4aca5c2395685abdc759206a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graphemer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accurate-search", + "version": "1.2.15", + "bom-ref": "accurate-search@1.2.15", + "author": "Florin Mirel Dumitrescu", + "description": "The fastest and most accurate javascript full-text search library. Accurate search uses match distance algorithm to return the accurate order of the matching items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/accurate-search@1.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/florind9/accurate-search.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://accuratesearch.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/florind9/accurate-search/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accurate-search/-/accurate-search-1.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2356977547875158d69468d26c177c35a304fc2414f78d87dad1cc12e6797adff16f9da60e18a421e6c08bdb9f12801ef25c331eb6c29784797ae099f0aff07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accurate-search" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "8.16.0", + "bom-ref": "ajv@8.16.0", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@8.16.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ajv.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "174b7047c535654ebb24812d7a451c2e45e4a0ee6630c9a0183f2c2bfc5417327cd398f11d097dda1226140aaa5ccc8c62348f3b250f0301d8841ef6839b135f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ajv" + } + ] + }, + { + "type": "library", + "name": "fast-deep-equal", + "version": "3.1.3", + "bom-ref": "fast-deep-equal@3.1.3", + "author": "Evgeny Poberezkin", + "description": "Fast deep equal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-deep-equal@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/fast-deep-equal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-deep-equal" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "1.0.0", + "bom-ref": "json-schema-traverse@1.0.0", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34cf3f3fd9f75e35e12199f594b86415a0024ce5114178d6855e0103f4673aff31be0aadaa9017f483b89914314b1d51968e2dab37aa6f4b0e96bb9a3b2dddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-schema-traverse" + } + ] + }, + { + "type": "library", + "name": "require-from-string", + "version": "2.0.2", + "bom-ref": "require-from-string@2.0.2", + "author": "Vsevolod Strukchinsky", + "description": "Require module from string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-from-string@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/require-from-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dfd2759ee91b1ece214cbbe029f5b8a251b9a996ae92f7fa7eef0ed85cffc904786b5030d48706bebc0372b9bbaa7d9593bde53ffc36151ac0c6ed128bfef13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-from-string" + } + ] + }, + { + "type": "library", + "name": "uri-js", + "version": "4.4.1", + "bom-ref": "uri-js@4.4.1", + "author": "Gary Court", + "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/uri-js@4.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/garycourt/uri-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/garycourt/uri-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/garycourt/uri-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eeb294cb2df7435c9cf7ca50d430262edc17d74f45ed321f5a55b561da3c5a5d628b549e1e279e8741c77cf78bd9f3172bacf4b3c79c2acf5fac2b8b26f9dd06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uri-js" + } + ] + }, + { + "type": "library", + "name": "punycode", + "version": "2.3.1", + "bom-ref": "punycode@2.3.1", + "author": "Mathias Bynens", + "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/punycode@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/punycode.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/punycode", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/punycode.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/punycode" + } + ] + }, + { + "type": "library", + "name": "form-data", + "version": "4.0.0", + "bom-ref": "form-data@4.0.0", + "author": "Felix Geisendörfer", + "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data@4.0.0", + "externalReferences": [ + { + "url": "git://github.com/form-data/form-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/form-data/form-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/form-data/form-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1131249521a2e6dd10319ba25e803f43abdc9f170b40fe6f76e812a6e0328ba4951a2d9c94f3e9fb180486e31a1c2fb31a09f7d4a776df95b7e5fec7ca491ac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data" + } + ] + }, + { + "type": "library", + "name": "proxy-from-env", + "version": "1.1.0", + "bom-ref": "proxy-from-env@1.1.0", + "author": "Rob Wu", + "description": "Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-from-env@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/Rob--W/proxy-from-env.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fece439109b03d7f5b5d5912b445a091dc63efe7470cc5caf3e17f24e4b4d2503d43930e3b98a24465036e9c8b514e45b082d6944a8d515454481bd65788562" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-from-env" + } + ] + }, + { + "type": "library", + "name": "assertion-error", + "version": "1.1.0", + "bom-ref": "assertion-error@1.1.0", + "author": "Jake Luer", + "description": "Error constructor for test and validation frameworks that implements standardized AssertionError specification.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/assertion-error@1.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/assertion-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/assertion-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/assertion-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0b1a35dbb3fa776f1b216ddee4ae5aabf2e250a72098a8beda2e40de4964738a092d90ba111d6dc407161564b33d8dd94f615c9a3ca1d1bb113c969447ae0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/assertion-error" + } + ] + }, + { + "type": "library", + "name": "check-error", + "version": "1.0.3", + "bom-ref": "check-error@1.0.3", + "author": "Jake Luer", + "description": "Error comparison and information related utility for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/check-error@1.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/check-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/check-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/check-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88a1280d869199dd66c4cf746b63847d6863b233e960fb90fa5318b28c41d76ebeb7c7f0ef24843b8f2798383908e4e3c4323ae7f636396a5e10793764e7bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/check-error" + } + ] + }, + { + "type": "library", + "name": "get-func-name", + "version": "2.0.2", + "bom-ref": "get-func-name@2.0.2", + "author": "Jake Luer", + "description": "Utility for getting a function's name for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-func-name@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/get-func-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/get-func-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/get-func-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2f5cebee135ebb0ad21cdcec88b5ca3b37f76946d05b60eb0fb170b3ed7fcf3279468d88d21ae64980cd58ee699ec3b04a7fd06abcb5f6b67395cb504152cc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-func-name" + } + ] + }, + { + "type": "library", + "name": "deep-eql", + "version": "4.1.3", + "bom-ref": "deep-eql@4.1.3", + "author": "Jake Luer", + "description": "Improved deep equality testing for Node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-eql@4.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/deep-eql.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/deep-eql#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/deep-eql/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "59a12d00ea51035310d1ea21a998e9183f33748d0ebec9bc9a616168337c76f0d9cf2a1431c6039dfe58ea2bbb1d35f17fc2434b6dea59ae1afa12820f238fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-eql" + } + ] + }, + { + "type": "library", + "name": "loupe", + "version": "2.3.7", + "bom-ref": "loupe@2.3.7", + "author": "Veselin Todorov", + "description": "Inspect utility for Node.js and browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/loupe@2.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/loupe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/loupe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/loupe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd230834655891da5848e0662e2d03d54a3b254f6755d40aac7c42f1e62557ef5828af5678fa8094bee54a5a2b1bf536170d70d214c199a6bf8eb43751b3c7b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/loupe" + } + ] + }, + { + "type": "library", + "name": "pathval", + "version": "1.1.1", + "bom-ref": "pathval@1.1.1", + "author": "Veselin Todorov", + "description": "Object value retrieval given a string path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pathval@1.1.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/pathval.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/pathval", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/pathval/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e9eb31aaa537444dd47ade57a12583de20eaa988d04db5cec1a5648bace8deed4688b04e5a63ddabfc0ba7400eebb17bdeb7796b277267657dbd50f4ca5f229" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pathval" + } + ] + }, + { + "type": "library", + "name": "colors", + "version": "1.4.0", + "bom-ref": "colors@1.4.0", + "author": "Marak Squires", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colors@1.4.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/Marak/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Marak/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Marak/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6be52a4e1e2481983f4a51af7dbcc31e9811bbb00040e9a6a911c99f185164808a1544fdd5bad584d36de7c08c594f4fb016efdcf0c26541db571b83887da6b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colors" + } + ] + }, + { + "type": "library", + "name": "csv-parse", + "version": "4.16.3", + "bom-ref": "csv-parse@4.16.3", + "author": "David Worms", + "description": "CSV parsing implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parse@4.16.3", + "externalReferences": [ + { + "url": "git+https://github.com/wdavidw/node-csv-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/parse/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wdavidw/node-csv-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.16.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70ed48ff39b3e30d9d70a1d5be90abec9551bbcfc5ca61b9384a66bec65895c718a253c12e85462941e03687386469057859561840e633204cf934ea45d5bfc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parse" + } + ] + }, + { + "type": "library", + "name": "dotenv", + "version": "16.4.5", + "bom-ref": "dotenv@16.4.5", + "description": "Loads environment variables from .env file", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/dotenv@16.4.5", + "externalReferences": [ + { + "url": "git://github.com/motdotla/dotenv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/motdotla/dotenv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/motdotla/dotenv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66674bdabba2f9e07663086c5b38c89d1f0b95db591c60e8435ba01fce69a472b0a541cbee3eeb3744e2f4d0a71a241b85a675d45a51fbb6a8d5d36c99db8d52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dotenv" + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif-typescript", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3", + "author": "oclif", + "description": "eslint config for Typscript'd oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif-typescript@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif-typescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif-typescript/-/eslint-config-oclif-typescript-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4de24a5d6050dee28cb73833fbe505356a5ed560b1f267ea46ecd9cb52e2ad112046556feb9e929151b880d65ab79ad13484207c39934be61e6f12b4da47f294" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "experimental-utils", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0", + "description": "(Experimental) Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/experimental-utils@4.33.0#packages/experimental-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/experimental-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cde4233a8112e491634e7021239418ed9be27333330e9b65b35e4616c23a8f250eab490e7fdf96a27921b652218744601d19ea8f981d3715b98f512f032620e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema", + "group": "@types", + "version": "7.0.15", + "bom-ref": "@types/json-schema@7.0.15", + "description": "TypeScript definitions for json-schema", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-schema@7.0.15#types/json-schema", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-schema", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7e7cff0ff0c14d0be0326420f1ac1da991914f1b3a90594ce949ebae54bbe6f1531ca2b3586af06aa057312bc6d0cf842c6e7e2850411e9b8c032df732b061c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tsutils", + "version": "3.21.0", + "bom-ref": "tsutils@3.21.0", + "author": "Klaus Meinhardt", + "description": "utilities for working with typescript's AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsutils@3.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajafff/tsutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajafff/tsutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajafff/tsutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "98728ade25172fedd417ac4be64d0f12129150128f042bfff919043a98d15b1c71dbb28a4419a603ad00f6980e52f322f062a144c3c49a30513f3b365bb3b538" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esrecurse", + "version": "4.3.0", + "bom-ref": "esrecurse@4.3.0", + "description": "ECMAScript AST recursive visitor", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esrecurse@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esrecurse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esrecurse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esrecurse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a67ca2f76fa1be457bcff0dd6faf74ead642ffa021609f63585c4b6a3fcfcbde929aa540381bc70555aa05dd2537db7083e17ca947f7df8a81e692d8bafd36a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esrecurse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "3.0.0", + "bom-ref": "eslint-utils@3.0.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae402e3720672dc3af29240d5181b412f3f34feeb721e82c1de23dd906d828e3ff05963e1e184ed96126513778aae69554bfa18f756e59d511657a8f38b8b0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "highlight", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/highlight@7.24.2", + "author": "The Babel Team", + "description": "Syntax highlight JavaScript strings for output in terminals.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/highlight@7.24.2#packages/babel-highlight", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-highlight", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-highlight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61a7356a8e1f9644f14ed7820d92c4bddc60d9f65fcf5bfc338429686ca9abf58f0ea8378a31d86c37ecf8b1b986fcd2a2a69267dfd9f652923f70a3663bfea4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight" + } + ] + }, + { + "type": "library", + "name": "globals", + "version": "13.24.0", + "bom-ref": "globals@13.24.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@13.24.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0213b9414723f2596b6c6d3d89684f536076d38275c673de2fc910995a2b4accbe4a38f5b24f2023287a714a1c1a61f82f452e840272fa124c440e26800e2615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "doctrine", + "version": "3.0.0", + "bom-ref": "doctrine@3.0.0", + "description": "JSDoc parser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/doctrine@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/doctrine.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/doctrine", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/doctrine/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c92f90e62de105fec6064778286f1aede04d3563462d3684c306165228c860cef3ae56033340455c78e33d6956675460ed469d7597880e68bd8c5dc79aa890db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/doctrine" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "enquirer", + "version": "2.4.1", + "bom-ref": "enquirer@2.4.1", + "author": "Jon Schlinkert", + "description": "Stylish, intuitive and user-friendly prompt system. Fast and lightweight enough for small projects, powerful and extensible enough for the most advanced use cases.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enquirer@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/enquirer/enquirer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/enquirer/enquirer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/enquirer/enquirer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad1a8983fea0779dfc547bd1dcf4ab75105bff5572d987f31eacef6e11884290d12886b816057fe786f9435c584b138ec0abe35f0792dba13443e9c0330a76a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enquirer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-colors", + "version": "4.1.1", + "bom-ref": "ansi-colors@4.1.1", + "author": "Brian Woodward", + "description": "Easily add ANSI colors to your text and symbols in the terminal. A faster drop-in replacement for chalk, kleur and turbocolor (without the dependencies and rendering bugs).", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-colors@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/ansi-colors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/ansi-colors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/ansi-colors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2685f46a919b1da50904d97ac85fa9e89005619ebaebf86108628de6df501636c940a514fe0f0c35b1436ef7eb80a5ef23542966994f3a7c08a3df655ff00098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-colors" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn-jsx", + "version": "5.3.2", + "bom-ref": "acorn-jsx@5.3.2", + "description": "Modern, fast React.js JSX parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-jsx@5.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn-jsx.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aeaf6cf893617f4202863b435f196527b838d68664e52957b69d0b1f0c80e5c7a3c27eef2a62a9e293eb8ba60478fbf63d4eb9b00b1e81b5ed2229e60c50d781" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-jsx" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esquery", + "version": "1.5.0", + "bom-ref": "esquery@1.5.0", + "author": "Joel Feenstra", + "description": "A query library for ECMAScript AST using a CSS selector like query language.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/esquery@1.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esquery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esquery/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esquery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6102d7529940c09802c9d43bf08309cb064271ea2a935a07d3538445d48025cffb5360329708e14822c312dab083cd7589d212ffd7c85391a31bbdc882328c56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esquery" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esutils", + "version": "2.0.3", + "bom-ref": "esutils@2.0.3", + "description": "utility box for ECMAScript language tools", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esutils@2.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/esutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esutils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "file-entry-cache", + "version": "6.0.1", + "bom-ref": "file-entry-cache@6.0.1", + "author": "Roy Riojas", + "description": "Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-entry-cache@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/royriojas/file-entry-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec6a6cfd75b299b2e4d902d82b8373a4c3ab623321748c57b88bf2d9006c2c4ea58eea1d2af7645acfdca72249dc25485691f43a2d47be0d68bdb3332dd14106" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/file-entry-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "functional-red-black-tree", + "version": "1.0.1", + "bom-ref": "functional-red-black-tree@1.0.1", + "author": "Mikola Lysenko", + "description": "A fully persistent balanced binary search tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/functional-red-black-tree@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/mikolalysenko/functional-red-black-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76c28d40d763eb10374fe4250030c0ee6392957d2a88c20d8e7d1c82bf9e1871ac6d21f34da6dc228833dbea7f8aa3f55ece843ffb12d926ea1fe6eb1936ead2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/functional-red-black-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2665cc67ac2ebc398b88712697dca4cea3ba97015ba1fd061b822470668435d0910c398c5679f2eece47b0880709b6aad30d8cc8f843aa48535204b62d4d8f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/imurmurhash" + } + ] + }, + { + "type": "library", + "name": "json-stable-stringify-without-jsonify", + "version": "1.0.1", + "bom-ref": "json-stable-stringify-without-jsonify@1.0.1", + "author": "James Halliday", + "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/samn/json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d6e8cbe97bb40dce196e858f21475a43f92ee0728f54e4df72e3caad1ac72cdd93dfff2528b6bb77cfd504a677528dc2ae9538a606940bbcec28ac562afa3f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stable-stringify-without-jsonify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "levn", + "version": "0.4.1", + "bom-ref": "levn@0.4.1", + "author": "George Zahariev", + "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/levn@0.4.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/levn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/levn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/levn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9b4f6b87e04e4b184ee1fe7ddebdc4bfb109495c2a48a7aca6f0e589e5e57afbaec3b2a97f2da693eea24102ddabcdfa1aff94011818710e2c7574cb7691029" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/levn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.merge", + "version": "4.6.2", + "bom-ref": "lodash.merge@4.6.2", + "author": "John-David Dalton", + "description": "The Lodash method `_.merge` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.merge@4.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.merge" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "optionator", + "version": "0.9.3", + "bom-ref": "optionator@0.9.3", + "author": "George Zahariev", + "description": "option parsing and help generation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/optionator@0.9.3", + "externalReferences": [ + { + "url": "git://github.com/gkz/optionator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/optionator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/optionator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2630a8ca9a7e8ca9f5b6d105131c617ad08a789b7dce102002f7b91571e2c53bc50d6ff968492d5fd6ee7c128b45131d53b6cdb692df706bbde01ddc7442608e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "progress", + "version": "2.0.3", + "bom-ref": "progress@2.0.3", + "author": "TJ Holowaychuk", + "description": "Flexible ascii progress bar", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/progress@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/node-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-progress#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecf887b4b965e4b767288330d74d08fbcc495d1e605b6430598913ea226f6b46d78ad64a6bf5ccad26dd9a0debd979da89dcfd42e99dd153da32b66517d57db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/progress" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "version": "3.2.0", + "bom-ref": "regexpp@3.2.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexpp@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6ad9b5a8f66543e379dbb6cdb01afd7b5cb88d2f26be1a4959f246832d5d99d3c8030ac1a99ca9fd04531ea6f5ae1c26f256f63b279a39f8156fa106e69492e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "table", + "version": "6.8.2", + "bom-ref": "table@6.8.2", + "author": "Gajus Kuizinas", + "description": "Formats data into a string table.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/table@6.8.2", + "externalReferences": [ + { + "url": "git+https://github.com/gajus/table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gajus/table#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gajus/table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/table/-/table-6.8.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c36b1fbfcd27ac08765426ea47900adbbc2cc1786a71c9360217e7356efa6de417b24199d55d761b04bfff26156b77777dcbc08a9d8e5276c30235b6937bfd7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/table" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37ef148ac0170c693c3c55cfe07033551f676df995277cd82c05a24c8a2a0b9bf98ac8a786bfabe6e68ef3eeebdc131fb8d22e7c8b00ed176956069c0b6712a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-table" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache", + "version": "2.4.0", + "bom-ref": "v8-compile-cache@2.4.0", + "author": "Andres Suarez", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache@2.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/zertosh/v8-compile-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1cc967376c01c107f82ecaa250548e68e016643e1ce73d8506d9e6bcd06a2777f060356a5aa7c4ce98b49e7901bb6e787628c212c6c91d0031b9f63ef3aee87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confusing-browser-globals", + "version": "1.0.10", + "bom-ref": "confusing-browser-globals@1.0.10", + "description": "A list of browser globals that are often used by mistake instead of local variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/confusing-browser-globals@1.0.10#packages/confusing-browser-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/create-react-app.git#packages/confusing-browser-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/create-react-app#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/create-react-app/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80d95dff7972487c2e85a565b8950a2de3d88ab33740d08acd5c6a01d849208f7f5972955f93d447331526ca52d634ec952aa37ae1b828c5534a8ba2b7960f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/confusing-browser-globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-mocha", + "version": "9.0.0", + "bom-ref": "eslint-plugin-mocha@9.0.0", + "author": "Mathias Schreck", + "description": "Eslint rules for mocha.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-mocha@9.0.0", + "externalReferences": [ + { + "url": "git://github.com/lo1tuma/eslint-plugin-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77b92701c423d633c2cd97f771a781227dc19d6ea291cbdfcf4912a90a703d871518ba09579b33d25d0e241d8b47c23b76f4c36eaab5a15eb29614a0cc0d74ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ramda", + "version": "0.27.2", + "bom-ref": "ramda@0.27.2", + "author": "Scott Sauyet", + "description": "A practical functional library for JavaScript programmers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ramda@0.27.2", + "externalReferences": [ + { + "url": "git://github.com/ramda/ramda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ramdajs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ramda/ramda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ramda/-/ramda-0.27.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b88b3d4e3426e2678877b141202069ddf685fc1df834547701763e556e2394590f4fef6a151ca3b47cbc3f3a27fb5c10a285f6f66b515c20b66182aa508ac8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ramda" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-node", + "version": "11.1.0", + "bom-ref": "eslint-plugin-node@11.1.0", + "author": "Toru Nagashima", + "description": "Additional ESLint's rules for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-node@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a14c2d3c9d56d12283d13afec2abbdd9ce71b82790a81de14821dab27fd982315d03d88318d90d7f6662f73b58ed7fa136e3226f6dcb346466ebeb8df8a2c4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-es", + "version": "3.0.1", + "bom-ref": "eslint-plugin-es@3.0.1", + "author": "Toru Nagashima", + "description": "ESLint plugin about ECMAScript syntactic features.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-es@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-es.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "194980b0968de0573b19bb65f2e38195aca8d83aa1c16bc4cf290c1d20991d4dd7749f8d4b3cd97158578775715f989ca90fa841d2046b05d7f31911de620599" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif", + "version": "4.0.0", + "bom-ref": "eslint-config-oclif@4.0.0", + "author": "Jeff Dickey @jdxcode", + "description": "eslint config for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif/-/eslint-config-oclif-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6d91441e0b7deb1c0849c5a19e0466087e50cbba6795daa0ffe172c1757841ffa17ff899f075c7bdc181d2be4c74254a9441286942ff09115901a7fcf30fb86" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.27.0", + "bom-ref": "eslint-config-xo-space@0.27.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.27.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.27.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fc5235be9d0c8e921880355a48a6daa528fc84ed7472438d2e435368061cd57eef798317d91aba658aaf191c1a5a385db008b65a7b14d28e0ed1be6f7dbe3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.35.0", + "bom-ref": "eslint-config-xo@0.35.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f96c994cb594265bc4c45ac153f2ddc3c001fd2d1ddf1fb6e8941d0566dcaa283665a5a1d338a761c1e893e113e08a0f68471145fdc513d92322d3558c1c2702" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "helper-validator-identifier", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-validator-identifier@7.22.20", + "author": "The Babel Team", + "description": "Validate identifier/keywords name", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-identifier@7.22.20#packages/babel-helper-validator-identifier", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-identifier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "638399fb2b656ad47c008fbc2997cab8be6eacaa7ba9ecb4f216b7d4bf1bdc1c1ec0902825a993cf2bf13d1ff90fe2a47490863eaffef13ba41c1958d74157f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-identifier" + } + ] + }, + { + "type": "library", + "name": "clean-regexp", + "version": "1.0.0", + "bom-ref": "clean-regexp@1.0.0", + "author": "Sam Verschueren", + "description": "Clean up regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-regexp@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SamVerschueren/clean-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19f8ac119109bf32ab9865a4bdf860cdccff06594dd5449ea83d95ead835e0e00e81a083d99fcf504bb19c067f9cfbe6687446edaf32efba754ff2114380f51f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-template-visitor", + "version": "2.3.2", + "bom-ref": "eslint-template-visitor@2.3.2", + "licenses": [ + { + "expression": "GPL-3.0-or-later OR MIT" + } + ], + "purl": "pkg:npm/eslint-template-visitor@2.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/futpib/eslint-template-visitor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-template-visitor/-/eslint-template-visitor-2.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df2761a85a6e57bc7533d10ae7604f363e95d0ac2ed0a2a470801fa548701db47ca1c4659ffa141e07f142ea58f0ed61e10bff3ce1c3ba66ff070c0d7f16ed9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/eslint-parser@7.24.1", + "author": "The Babel Team", + "description": "ESLint parser that allows for linting of experimental syntax transformed by Babel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/eslint-parser@7.24.1#eslint/babel-eslint-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#eslint/babel-eslint-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77982ebb33253de0df6486e943cfa0d4d68236e00604118d1028741d5ab3d6c8ce7952e1d8211a89fb8ecac087d7c5115ba47ba6a5c836f7f93da47f742ea32d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope-5-internals", + "group": "@nicolo-ribaudo", + "version": "5.1.1-v1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "description": "Proxy package exposing internals of eslint-scope@5 for @babel/eslint-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e78fc946f90b233cc35ac84259fba169d7eb7d954f884958f057209a0d47ae8125cbf1034accf384102c6ab0aec7e0ff90eb254d1aae373bb21929944934c71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "multimap", + "version": "1.1.0", + "bom-ref": "multimap@1.1.0", + "author": "villa.gao", + "description": "multi-map which allow multiple values for the same key", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/multimap@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/villadora/multi-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/villadora/multi-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/villadora/multi-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/multimap/-/multimap-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d19211f4f6ac3f1197991b0417c8ec0f39ddcc70e3eed21abfe2549af20507f587b30962167aaec44093fc37bb191e3283df64cbf36544a253f361b5cb6ef56f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/multimap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-builtin-module", + "version": "3.2.1", + "bom-ref": "is-builtin-module@3.2.1", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-builtin-module@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0522c4dc79d5dacc99d052b488c03fc941a995478c98dcf8016e5f9d3ba76c222a662e2f1b75a3253f451cccb90faf719806011d742125d00b769c15c55e74d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-builtin-module" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pluralize", + "version": "8.0.0", + "bom-ref": "pluralize@8.0.0", + "author": "Blake Embrey", + "description": "Pluralize and singularize any word", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pluralize@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/blakeembrey/pluralize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35cdc84f9c87cdf9537db8e0a967023e9a3b0da2b2e059e907497fcc2016d1373b8f1022baa4b11dab27b41dc3efcf3b2d2ac0f7790327d217a2fc49631c8b08" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pluralize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-pkg-up", + "version": "7.0.1", + "bom-ref": "read-pkg-up@7.0.1", + "author": "Sindre Sorhus", + "description": "Read the closest package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg-up@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccad1307b5dde89a422e694b9ae7eaca4184fbf4e539e3c3eaa28294d5bb8470ca161fc9effee0096191ee3a044045b56caab76b7c9465239b3a858b150e2886" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexp-tree", + "version": "0.1.27", + "bom-ref": "regexp-tree@0.1.27", + "author": "Dmitry Soshnikov", + "description": "Regular Expressions parser in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexp-tree@0.1.27", + "externalReferences": [ + { + "url": "git+https://github.com/DmitrySoshnikov/regexp-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8844f1a632ba628456246e68ea15cbc2f8d80285be144667f68b343c3fdbe803fac50c2c6bf63b942560222c416d43cc7e1bbe8b62ed75e02a5538069506ab7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexp-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safe-regex", + "version": "2.1.1", + "bom-ref": "safe-regex@2.1.1", + "author": "James C.", + "description": "detect possibly catastrophic, exponential-time regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-regex@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/davisjam/safe-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/davisjam/safe-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davisjam/safe-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af1fb1f0033329be50e6543de59a22e996c9ab008b92a8b75ee257a793f7ad3f0e11ceac642246e40139754de5b2046bfc5e01b37d634a554dfa3e4aaec1aef4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-regex" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "52.0.0", + "bom-ref": "eslint-plugin-unicorn@52.0.0", + "author": "Sindre Sorhus", + "description": "More than 100 powerful ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@52.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-52.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58ce6eff9bed11e1d8c7d2d8c38df55e8bf8eedb0dc0cd41a31baabc267b8d20be71230b1f9720a8a16e6c7c1bd0a76a4c61015259608538db2309ac751079e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "2.1.4", + "bom-ref": "@eslint/eslintrc@2.1.4", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbaf59dfd312eb0549b6ca14975d0beb459d92125574f1b6e10e1e6531f79e717a969bd24a110adf04230d7f494560143ef3e1ec23a8b8fa54f48aea69916fb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "9.6.1", + "bom-ref": "espree@9.6.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@9.6.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/espree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2bb99685923a2b4e9177da40d2239ffbe558b019e6608a7186cb636839283743d6e7c259e60e6e072e7925d111379fe9e30d7474dfb698d7ec79f19ff315dc1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parent-module", + "version": "1.0.1", + "bom-ref": "parent-module@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the path of the parent module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parent-module@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parent-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parent-module" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "4.0.0", + "bom-ref": "resolve-from@4.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4dd1ea8067fda1d77c49736ec6d501571f0dbfea9939e8c4eaacaa8b2e4db5b61840e7856bace61e4c653f399a2f15961ec53a9c9981ec01137553e2fb634152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core-js-compat", + "version": "3.37.0", + "bom-ref": "core-js-compat@3.37.0", + "author": "Denis Pushkarev", + "description": "core-js compat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-js-compat@3.37.0#packages/core-js-compat", + "externalReferences": [ + { + "url": "git+https://github.com/zloirock/core-js.git#packages/core-js-compat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/zloirock/core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zloirock/core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8ab82fe4fc692e54b858385300e173b60d45655e559c25b5a77d0bf8d5dd1d8b8153a94bd043afb97f58be8137475b5779355de8cf4c7aaa133260b1ad1fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-js-compat" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "browserslist", + "version": "4.23.0", + "bom-ref": "browserslist@4.23.0", + "author": "Andrey Sitnik", + "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/browserslist@4.23.0", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/browserslist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/browserslist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/browserslist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "416f0788cd6c8614f61aece4be495f8dc2838961571ce78508803f86e24fc07b2c97073276093b5fecf6cd7a448a33fdf14098ec76ee6d9b79276660bdfd0269" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browserslist" + } + ] + }, + { + "type": "library", + "name": "caniuse-lite", + "version": "1.0.30001612", + "bom-ref": "caniuse-lite@1.0.30001612", + "author": "Ben Briggs", + "description": "A smaller version of caniuse-db, with only the essentials!", + "licenses": [ + { + "license": { + "id": "CC-BY-4.0" + } + } + ], + "purl": "pkg:npm/caniuse-lite@1.0.30001612", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/caniuse-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001612.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "945827674ed485a09cb12660596d0ae63e1eebd74ad6efe5b6b2fd95352214ec0d1ecd764b750c204620055d19e82ea14437afee2467333cd898a69b61d5c5f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/caniuse-lite" + } + ] + }, + { + "type": "library", + "name": "electron-to-chromium", + "version": "1.4.747", + "bom-ref": "electron-to-chromium@1.4.747", + "author": "Kilian Valkhof", + "description": "Provides a list of electron-to-chromium version mappings", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/electron-to-chromium@1.4.747", + "externalReferences": [ + { + "url": "git+https://github.com/kilian/electron-to-chromium.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.747.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f859d2599200bc51dbb0d566531844a9689a3a23cc71fba6d464339560a0ff02e2815b6c84eb235c7c8415f9ade9c14aebe1e44b740e241bfaff738fba66c17f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/electron-to-chromium" + } + ] + }, + { + "type": "library", + "name": "node-releases", + "version": "2.0.14", + "bom-ref": "node-releases@2.0.14", + "author": "Sergey Rubanov", + "description": "Node.js releases data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-releases@2.0.14", + "externalReferences": [ + { + "url": "git+https://github.com/chicoxyzzy/node-releases.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb5d30396b7cc99a6a5e63a0468efb59a1c49a1610606340eb2e36d4f2ac2985842bc696f9ca80a616e8ad90e1a9fc8aadb64437dd823755f629b69f636b3b63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-releases" + } + ] + }, + { + "type": "library", + "name": "update-browserslist-db", + "version": "1.0.13", + "bom-ref": "update-browserslist-db@1.0.13", + "author": "Andrey Sitnik", + "description": "CLI tool to update caniuse-lite to refresh target browsers from Browserslist config", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/update-browserslist-db@1.0.13", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/update-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/update-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/update-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e6cff3548d70fb8da4f3f7bb3796d4d617c48debc72273177a43eac1f88c4ee8fc85fe5ad4a9c27554faa22c0cfca4d1dde198543b9a3a9ce80b55eb4e216e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/update-browserslist-db" + } + ] + }, + { + "type": "library", + "name": "escalade", + "version": "3.1.2", + "bom-ref": "escalade@3.1.2", + "author": "Luke Edwards", + "description": "A tiny (183B to 210B) and fast utility to ascend parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escalade@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/escalade.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/escalade#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/escalade/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b08730269ed7dbd1f2f4067b9d3122c5689b2d7dae0ea016edfeaf78e410ee3ab2e2cc58192cbd5ca81a0415fa339f97ce1948e4a59afe86c5af3d3e64c698" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escalade" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "5.3.0", + "bom-ref": "estraverse@5.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@5.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30c74046e54443388d4de243f0380caa6870475d41450fdc04ffa92ed61d4939dfdcc20ef1f15e8883446d7dfa65d3657d4ffb03d7f7814c38f41de842cbf004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "builtin-modules", + "version": "3.3.0", + "bom-ref": "builtin-modules@3.3.0", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/builtin-modules@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/builtin-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce16820e271d2ee58de546cde4832716a34c84d7e8f75f6c1fce72dbf79afb9620f53b1391e671a4bf892dba7a7206054b8b112e9dd85784bac83baa5561d83b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/builtin-modules" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "3.0.2", + "bom-ref": "jsesc@3.0.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4aab3cd65c3b6d26e39c6b006de0a9ca1c721fe6843f0b16b1fb43d6146f83143807340762f935c40800c8f91622154326c7cefddb1b0c6db8178f80b09cfe2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-try", + "version": "2.2.0", + "bom-ref": "p-try@2.2.0", + "author": "Sindre Sorhus", + "description": "`Start a promise chain", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-try@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-try.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-try#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-try/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-try" + } + ] + }, + { + "type": "library", + "name": "path-exists", + "version": "4.0.0", + "bom-ref": "path-exists@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path exists", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-exists.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a4f50cb943b8d86f65b071ecb9169be0d8aa0073f64884b48b392066466ca03ec1b091556dd1f65ad2aaed333fa6ead2530077d943c167981e0c1b82d6cbbff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-exists" + } + ] + }, + { + "type": "library", + "name": "read-pkg", + "version": "5.2.0", + "bom-ref": "read-pkg@5.2.0", + "author": "Sindre Sorhus", + "description": "Read a package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "520ebd98d3a97ef28301cd90f034693238f376dae7bfd1dc48c5fee15b19c43d5a67a673ac813bae5cd706d593ca150b48c2a0d3be805ba591e626690f42623a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "group": "@types", + "version": "2.4.4", + "bom-ref": "@types/normalize-package-data@2.4.4", + "description": "TypeScript definitions for normalize-package-data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/normalize-package-data@2.4.4#types/normalize-package-data", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/normalize-package-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/normalize-package-data", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfb8be39a59387da9e2b82d21cfb32442ecd6a19c6a2d36e66f8cb4a070fcdb9691c1debac227100e808e6009d2a6edca289ec697d4e7f420b8937276636dfc4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regjsparser", + "version": "0.10.0", + "bom-ref": "regjsparser@0.10.0", + "author": "'Julian Viereck'", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/regjsparser@0.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jviereck/regjsparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jviereck/regjsparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jviereck/regjsparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab1fb1406655b32e79087d1ad61895c079aa8cbaf27e1ef04321791ced3b5c9f5fedd40c63f80f407865c83908cc9282fb1d9f502a42714383514505ae6ed21c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-indent", + "version": "3.0.0", + "bom-ref": "strip-indent@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip leading whitespace from each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-indent@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "95a2536b725bf95429682e83b1e1e117b75756a1d37c93c24436846e277f76b3a1822b60624bbf95eb4c52a397168595d3320851b8e9747dadfad623e1b40c45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "min-indent", + "version": "1.0.1", + "bom-ref": "min-indent@1.0.1", + "author": "James Kyle", + "description": "Get the shortest leading whitespace from lines in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/min-indent@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejameskyle/min-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23d8f0327d3b4b2fc8c0e8f7cd59158a4d894ef8296b29036448a02fa471e8df4b6cccb0c1448cb71113fbb955a032cb7773b7217c09c2fbae9ecf1407f1de02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/min-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@eslint", + "version": "8.57.0", + "bom-ref": "@eslint/js@8.57.0", + "description": "ESLint JavaScript language implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/js@8.57.0#packages/js", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git#packages/js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cfb78364da5bb8000ce2733edf37489b420e13239dd703305550fd38fd880d417c9cc5283f660145d3dce7a7a6e3c76c8e8ffe6c840b1449ae87d4b03c7fe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.11.14", + "bom-ref": "@humanwhocodes/config-array@0.11.14", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.11.14", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd3f0b90e9a0e39055e452026f5e5040cb325125ab43c0328157c2ed91b7db339a967aab8a59b4d7c6550b0d1e6a95eec7c16d037deaf0f4914acb6379ede34a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "2.0.3", + "bom-ref": "@humanwhocodes/object-schema@2.0.3", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f77cd874c112fdcd43ebdc9988a0c18f4576e2fa8dcc1fe4a05dba28f69a8007dddcfff8814961dc3cace688002be1318bd432ce50fcc7fd3c66def020a70370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "module-importer", + "group": "@humanwhocodes", + "version": "1.0.1", + "bom-ref": "@humanwhocodes/module-importer@1.0.1", + "author": "Nicholas C. Zaks", + "description": "Universal module importer for Node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/module-importer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f1bde57857cbf961be277054d3deb3d281904ea429237cad32e28555549c08b8354144c0d7acfc9744bf7cf22e5aa7d9bd6e7c8412359f9b95a4066b5f7cb7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/module-importer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs.scandir", + "group": "@nodelib", + "version": "2.1.5", + "bom-ref": "@nodelib/fs.scandir@2.1.5", + "description": "List files and directories inside the specified directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "beadb806adf29b91c4426d8d282af7c970f08dceef4ec1138510e7929d832bda75baa2d1f831eeae6fcd393a34286ec760753b7a9a4a663dcccaa62e3017fada" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.scandir" + } + ] + }, + { + "type": "library", + "name": "run-parallel", + "version": "1.2.0", + "bom-ref": "run-parallel@1.2.0", + "author": "Feross Aboukhadijeh", + "description": "Run an array of functions in parallel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-parallel@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/feross/run-parallel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/run-parallel", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/run-parallel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65e15c9947ce8b67f943c594d1ea3a8bf00144d92d0814b30fdba01b8ec2d5003c4776107f734194b07fb2dfd51f0a2dddcf3f0e950b8f9a768938ca031d004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-parallel" + } + ] + }, + { + "type": "library", + "name": "queue-microtask", + "version": "1.2.3", + "bom-ref": "queue-microtask@1.2.3", + "author": "Feross Aboukhadijeh", + "description": "fast, tiny `queueMicrotask` shim for modern engines", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/queue-microtask@1.2.3", + "externalReferences": [ + { + "url": "git://github.com/feross/queue-microtask.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/queue-microtask", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/queue-microtask/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36e68d49ae9f94a4f925a498433268934e09cd32f5080e9a1a1bf9adf2d6dcf82a03e3360a1a59427002f21f22e19164052f17e51aa40c11c0eebe217a3dcaf4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/queue-microtask" + } + ] + }, + { + "type": "library", + "name": "fastq", + "version": "1.17.1", + "bom-ref": "fastq@1.17.1", + "author": "Matteo Collina", + "description": "Fast, in memory work queue", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fastq@1.17.1", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/fastq.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/fastq#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/fastq/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b11543de55952175a0e81cbaf1937bbe1a3d6b5a5070dfd604568002c0c31739498efa06c743fccfb575b7bda0ac525f261bb760f641baedb97fb29ac368cdd7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastq" + } + ] + }, + { + "type": "library", + "name": "reusify", + "version": "1.0.4", + "bom-ref": "reusify@1.0.4", + "author": "Matteo Collina", + "description": "Reuse objects and functions with style", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/reusify@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/reusify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/reusify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/reusify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d9c7f3c6b77dcfde902175974fd43f5228b22b888f24e1ee106f5d530762055c7c6bedf3ded782e8f650e2c3788e411b69bbfeec3268b553e9f6ed0b04f2cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/reusify" + } + ] + }, + { + "type": "library", + "name": "structured-clone", + "group": "@ungap", + "version": "1.2.0", + "bom-ref": "@ungap/structured-clone@1.2.0", + "author": "Andrea Giammarchi", + "description": "A structuredClone polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40ungap/structured-clone@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/ungap/structured-clone.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ungap/structured-clone#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ungap/structured-clone/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cee55d16b3098ae083414302cd0683e8a2f6f0c8e7aaa37c5e702a884abd3cd9bf8423d34867eb5c239fc23d68c382c56ffb4dca624fc2c35b55e3dcd7116aad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ungap/structured-clone" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-key" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-command" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-regex" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "447c4c2e9f659ca1c61d19e0f5016144231b600715a67ebdb2648672addfdfac638155564e18f8aaa2db4cb96aed2b23f01f9f210d44b8210623694ab3241e23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "7.2.2", + "bom-ref": "eslint-scope@7.2.2", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@7.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74eb76d4eee54cc84333e5fd981e065fe0d9ad9b425093cbff095c4eac72af1e48bced0862d20b76dad0190a7ef27e52d20c1256639ff4d42b8cc3a07d066522" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "8.11.3", + "bom-ref": "acorn@8.11.3", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@8.11.3", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63dad17c91b98dc28e13408b8ac61ba2352322b20413b00633303f4a6e01b2500d85b4be70332980175c3d3f75a09eceb89f61609071e7d4636e1c559eb17c5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn" + } + ] + }, + { + "type": "library", + "name": "flat-cache", + "version": "3.2.0", + "bom-ref": "flat-cache@3.2.0", + "author": "Jared Wray", + "description": "A stupidly simple key/value storage using files to persist some data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/flat-cache@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/flat-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09870435af85b5c50a2e6861ab272da5c96cabb405dfca4a8d91ec18d892405e6be05b6828359a6c50e5de1cda11032f4f52c7132b30e6dc202efa5861be2f6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "flatted", + "version": "3.3.1", + "bom-ref": "flatted@3.3.1", + "author": "Andrea Giammarchi", + "description": "A super light and fast circular JSON parser.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/flatted@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/flatted.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/flatted#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/flatted/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5fc72a30b2e27bb2ac3540d277378df0560af6b12de03b7aeceb06fc33469d84d20c11b8b850091419d47a257ecc2540bf0172e7a22333db07e758d568484dc7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flatted" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "keyv", + "version": "4.5.4", + "bom-ref": "keyv@4.5.4", + "author": "Jared Wray", + "description": "Simple key-value storage with support for multiple backends", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/keyv@4.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/keyv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/keyv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/keyv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3154790747f1097f608d5e75b144b5ba9a0ec9c82094706d03b441a62f672d528d4f3538a7d4f52297eafffb8af93295600bf7e7d648ecc7b9a34ae8caa88a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/keyv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-buffer", + "version": "3.0.1", + "bom-ref": "json-buffer@3.0.1", + "author": "Dominic Tarr", + "description": "JSON parse & stringify that supports binary via bops & base64", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-buffer@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/dominictarr/json-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1b57905f4769aa7d04c99be579b4f3dd7fe669ba1888bd3b8007983c91cad7399a534ff430c15456072c17d68cebea512e3dd6c7c70689966f46ea6236b1f49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-buffer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "5.0.0", + "bom-ref": "find-up@5.0.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efcfcf5d3d7094b2c3813cc3b3bb23abd873cf4bd70fece7fbbc32a447b87d74310a6766a9f1ac10f4319a2092408dda8c557dd5b552b2f36dac94625ba9c69e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "6.0.0", + "bom-ref": "locate-path@6.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88f64ae9e6236f146edee078fd667712c10830914ca80a28a65dd1fb3baad148dc026fcc3ba282c1e0e03df3f77a54f3b6828fdcab67547c539f63470520d553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "5.0.0", + "bom-ref": "p-locate@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2da363b51594058fbecc1e6713f37071aa0cca548f93e4be647341d53cdd6cc24c9f2e9dca7a401aded7fed97f418ab74c8784ea7c47a696e8d8b1b29ab1b93f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-extglob", + "version": "2.1.1", + "bom-ref": "is-extglob@2.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a string has an extglob.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extglob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extglob" + } + ] + }, + { + "type": "library", + "name": "is-path-inside", + "version": "3.0.3", + "bom-ref": "is-path-inside@3.0.3", + "author": "Sindre Sorhus", + "description": "Check if a path is inside another path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-path-inside@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-path-inside.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15de200016fec9c18098aa2ef1e31fb42ba94a2af9951c6a7f8683fef774703daa7381cbd3b3a309eb8732bf11a380a831a782283074fc40813955a34f052f3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-path-inside" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "prelude-ls", + "version": "1.2.1", + "bom-ref": "prelude-ls@1.2.1", + "author": "George Zahariev", + "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prelude-ls@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/prelude-ls.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://preludels.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/prelude-ls/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be47033eb459a354192db9f944b18fa60fd698843ae6aa165a170629ffdbe5ea659246ab5f49bdcfca6909ab789a53aa52c5a9c8db9880edd5472ad81d2cd7e6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prelude-ls" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-check", + "version": "0.4.0", + "bom-ref": "type-check@0.4.0", + "author": "George Zahariev", + "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-check@0.4.0", + "externalReferences": [ + { + "url": "git://github.com/gkz/type-check.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/type-check", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/type-check/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5794a1cf6ec065ea8d6c176944d9026ccc705679f39f10036befc7552be7121c8b15c83fef0b9c50e0469954df4bacead7aa765b2415fbbe69ee0aefd3a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-check" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "word-wrap", + "group": "@aashutoshrathi", + "version": "1.2.6", + "bom-ref": "@aashutoshrathi/word-wrap@1.2.6", + "author": "Jon Schlinkert", + "description": "Wrap words to a specified length.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/aashutoshrathi/word-wrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d588ecd92bccf137e5111fce0f770e8e15963996f9f00dadef0a44d92f577c161388897e5c58501b66e3cb83eed48f8402508d533443603745c056142af5dc20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aashutoshrathi/word-wrap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "deep-is", + "version": "0.1.4", + "bom-ref": "deep-is@0.1.4", + "author": "Thorsten Lorenz", + "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-is@0.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/thlorenz/deep-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/deep-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/deep-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a083f392c993838fccae289a6063bea245c34fbced9ffc37129b6fffe81221d31d2ac268d2ee027d834524fcbee1228cb82a86c36c319c0f9444c837b7c6bf6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accepts", + "version": "1.3.8", + "bom-ref": "accepts@1.3.8", + "description": "Higher-level content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/accepts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/accepts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/accepts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accepts" + } + ] + }, + { + "type": "library", + "name": "mime-types", + "version": "2.1.35", + "bom-ref": "mime-types@2.1.35", + "description": "The ultimate javascript content-type utility.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-types.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-types#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-types/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-types" + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/negotiator" + } + ] + }, + { + "type": "library", + "name": "array-flatten", + "version": "1.1.1", + "bom-ref": "array-flatten@1.1.1", + "author": "Blake Embrey", + "description": "Flatten an array of nested arrays into a single flat array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/array-flatten.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-flatten" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "version": "1.20.2", + "bom-ref": "body-parser@1.20.2", + "description": "Node.js body parsing middleware", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/body-parser@1.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/body-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/body-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/body-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a5f6945e0aedcceb590696aa139b6ba64974e5453b864f1d1b7d88feb8850a298c9c1b936d49b79eb55ddf69253a47b6a338fc3483f2753ef2b8a8dcbbb396c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser" + } + ] + }, + { + "type": "library", + "name": "bytes", + "version": "3.1.2", + "bom-ref": "bytes@3.1.2", + "author": "TJ Holowaychuk", + "description": "Utility to parse a string bytes to bytes and vice-versa", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/bytes.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bytes" + } + ] + }, + { + "type": "library", + "name": "depd", + "version": "2.0.0", + "bom-ref": "depd@2.0.0", + "author": "Douglas Christopher Wilson", + "description": "Deprecate all the things", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/depd@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/dougwilson/nodejs-depd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/depd" + } + ] + }, + { + "type": "library", + "name": "destroy", + "version": "1.2.0", + "bom-ref": "destroy@1.2.0", + "author": "Jonathan Ong", + "description": "destroy a stream if possible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/destroy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/destroy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/destroy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/destroy" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "version": "2.0.0", + "bom-ref": "http-errors@2.0.0", + "author": "Jonathan Ong", + "description": "Create HTTP error objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/http-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/http-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/http-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-errors" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.4.24", + "bom-ref": "iconv-lite@0.4.24", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/iconv-lite" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safer-buffer" + } + ] + }, + { + "type": "library", + "name": "on-finished", + "version": "2.4.1", + "bom-ref": "on-finished@2.4.1", + "description": "Execute a callback when a request closes, finishes, or errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/on-finished.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/on-finished#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/on-finished/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/on-finished" + } + ] + }, + { + "type": "library", + "name": "qs", + "version": "6.11.0", + "bom-ref": "qs@6.11.0", + "description": "A querystring parser that supports nesting and arrays, with a depth limit", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/qs@6.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/qs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/qs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/qs" + } + ] + }, + { + "type": "library", + "name": "raw-body", + "version": "2.5.2", + "bom-ref": "raw-body@2.5.2", + "author": "Jonathan Ong", + "description": "Get and validate the raw body of a readable stream.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/raw-body@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/raw-body.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/raw-body#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/raw-body/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f331aaca97c4363088a868605d3a02f1a076afb62b057f804007c83ecfcc964f81b4f4f3b4ebd34b4d4d456ff7121eb427e6b8f25b7caac0b38ab43a9680957c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/raw-body" + } + ] + }, + { + "type": "library", + "name": "unpipe", + "version": "1.0.0", + "bom-ref": "unpipe@1.0.0", + "author": "Douglas Christopher Wilson", + "description": "Unpipe a stream from all destinations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/unpipe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/unpipe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/unpipe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/unpipe" + } + ] + }, + { + "type": "library", + "name": "type-is", + "version": "1.6.18", + "bom-ref": "type-is@1.6.18", + "description": "Infer the content-type of a request.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/type-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/type-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/type-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-is" + } + ] + }, + { + "type": "library", + "name": "content-disposition", + "version": "0.5.4", + "bom-ref": "content-disposition@0.5.4", + "author": "Douglas Christopher Wilson", + "description": "Create and parse Content-Disposition header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-disposition.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-disposition#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-disposition/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-disposition" + } + ] + }, + { + "type": "library", + "name": "cookie-signature", + "version": "1.0.6", + "bom-ref": "cookie-signature@1.0.6", + "author": "TJ Holowaychuk", + "description": "Sign and unsign cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/node-cookie-signature.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie-signature" + } + ] + }, + { + "type": "library", + "name": "cookie", + "version": "0.6.0", + "bom-ref": "cookie@0.6.0", + "author": "Roman Shtylman", + "description": "HTTP server cookie parsing and serialization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bd5cc936a6ba1d4244d09fa4663ab68dbc971bcdc0f1b81aecff1158e07f7266cefd2f943a756ad4fd792e5d0e33181ee7291db5a7b3a2f07f704acfab2f77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie" + } + ] + }, + { + "type": "library", + "name": "encodeurl", + "version": "1.0.2", + "bom-ref": "encodeurl@1.0.2", + "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/encodeurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/encodeurl" + } + ] + }, + { + "type": "library", + "name": "escape-html", + "version": "1.0.3", + "bom-ref": "escape-html@1.0.3", + "description": "Escape string for use in HTML", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/component/escape-html.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/escape-html#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/escape-html/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-html" + } + ] + }, + { + "type": "library", + "name": "etag", + "version": "1.8.1", + "bom-ref": "etag@1.8.1", + "description": "Create simple HTTP ETags", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/etag@1.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/etag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/etag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/etag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/etag" + } + ] + }, + { + "type": "library", + "name": "finalhandler", + "version": "1.2.0", + "bom-ref": "finalhandler@1.2.0", + "author": "Douglas Christopher Wilson", + "description": "Node.js final http responder", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/finalhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler" + } + ] + }, + { + "type": "library", + "name": "parseurl", + "version": "1.3.3", + "bom-ref": "parseurl@1.3.3", + "description": "parse a url with memoization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/parseurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/parseurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/parseurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parseurl" + } + ] + }, + { + "type": "library", + "name": "statuses", + "version": "2.0.1", + "bom-ref": "statuses@2.0.1", + "description": "HTTP status utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/statuses.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/statuses#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/statuses/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/statuses" + } + ] + }, + { + "type": "library", + "name": "fresh", + "version": "0.5.2", + "bom-ref": "fresh@0.5.2", + "author": "TJ Holowaychuk", + "description": "HTTP response freshness testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fresh" + } + ] + }, + { + "type": "library", + "name": "setprototypeof", + "version": "1.2.0", + "bom-ref": "setprototypeof@1.2.0", + "author": "Wes Todd", + "description": "A small polyfill for Object.setprototypeof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/wesleytodd/setprototypeof.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setprototypeof" + } + ] + }, + { + "type": "library", + "name": "toidentifier", + "version": "1.0.1", + "bom-ref": "toidentifier@1.0.1", + "author": "Douglas Christopher Wilson", + "description": "Convert a string of words to a JavaScript identifier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/toidentifier.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/toidentifier#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/toidentifier/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/toidentifier" + } + ] + }, + { + "type": "library", + "name": "merge-descriptors", + "version": "1.0.1", + "bom-ref": "merge-descriptors@1.0.1", + "author": "Jonathan Ong", + "description": "Merge objects using descriptors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/merge-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/merge-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/merge-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-descriptors" + } + ] + }, + { + "type": "library", + "name": "methods", + "version": "1.1.2", + "bom-ref": "methods@1.1.2", + "description": "HTTP methods that node supports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/methods@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/methods.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/methods#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/methods/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/methods" + } + ] + }, + { + "type": "library", + "name": "ee-first", + "version": "1.1.1", + "bom-ref": "ee-first@1.1.1", + "author": "Jonathan Ong", + "description": "return the first event in a set of ee/event pairs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonathanong/ee-first.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonathanong/ee-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonathanong/ee-first/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ee-first" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "0.1.7", + "bom-ref": "path-to-regexp@0.1.7", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "externalReferences": [ + { + "url": "git+https://github.com/component/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-to-regexp" + } + ] + }, + { + "type": "library", + "name": "proxy-addr", + "version": "2.0.7", + "bom-ref": "proxy-addr@2.0.7", + "author": "Douglas Christopher Wilson", + "description": "Determine address of proxied request", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/proxy-addr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-addr" + } + ] + }, + { + "type": "library", + "name": "forwarded", + "version": "0.2.0", + "bom-ref": "forwarded@0.2.0", + "description": "Parse HTTP X-Forwarded-For header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/forwarded.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/forwarded#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/forwarded/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/forwarded" + } + ] + }, + { + "type": "library", + "name": "ipaddr.js", + "version": "1.9.1", + "bom-ref": "ipaddr.js@1.9.1", + "author": "whitequark", + "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "externalReferences": [ + { + "url": "git://github.com/whitequark/ipaddr.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ipaddr.js" + } + ] + }, + { + "type": "library", + "name": "side-channel", + "version": "1.0.6", + "bom-ref": "side-channel@1.0.6", + "author": "Jordan Harband", + "description": "Store information about any JS value in a side channel. Uses WeakMap if available.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/side-channel@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/side-channel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/side-channel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/side-channel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c35bf119e90f5188ef1e146f078feeeefe85be5eb3d320287008e336fad87603a39b943b58608a6f7bd9be2af23d6780bda9211795a191e9b4c460745eba094" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/side-channel" + } + ] + }, + { + "type": "library", + "name": "call-bind", + "version": "1.0.7", + "bom-ref": "call-bind@1.0.7", + "author": "Jordan Harband", + "description": "Robustly `.call.bind()` a function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/call-bind@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/call-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/call-bind#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/call-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1874d2352608090eec707eec67e336ac5a294682e1f2dd9b2d25ba05b82bb4bb1a84e201e62c805497fd1a358addc6130da323e17741a4cd5c03aa484b42afdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/call-bind" + } + ] + }, + { + "type": "library", + "name": "es-define-property", + "version": "1.0.0", + "bom-ref": "es-define-property@1.0.0", + "author": "Jordan Harband", + "description": "`Object.defineProperty`, but not IE 8's broken one.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-define-property@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-define-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-define-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-define-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f16b22ca4a1ac4aaacc9d1eba641b5614d840cdbb09f4f54f7e7e8028031682fcd892ec5ea4c9efacefe80d182ce8049cb50cbcbcec0ec188ae5f0d1694f681" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-define-property" + } + ] + }, + { + "type": "library", + "name": "get-intrinsic", + "version": "1.2.4", + "bom-ref": "get-intrinsic@1.2.4", + "author": "Jordan Harband", + "description": "Get and robustly cache all JS language-level intrinsics at first require time", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/get-intrinsic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e621b091fc549053bfba2c960e01ce7258843a1123ac1a602c4c9827674eb702ac703f7c214aa13173d8928a1341dd0c5505effa10ba1cee99724aee968145" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-intrinsic" + } + ] + }, + { + "type": "library", + "name": "es-errors", + "version": "1.3.0", + "bom-ref": "es-errors@1.3.0", + "author": "Jordan Harband", + "description": "A simple cache for a few of the JS Error constructors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-errors@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65fe47d8ac6ddb18d3bdb26f3f66562c4202c40ea3fa1026333225ca9cb8c5c060d6f2959f1f3d5b2d066d2fa47f9730095145cdd0858765d20853542d2e9cb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-errors" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/function-bind" + } + ] + }, + { + "type": "library", + "name": "set-function-length", + "version": "1.2.2", + "bom-ref": "set-function-length@1.2.2", + "author": "Jordan Harband", + "description": "Set a function's length property", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/set-function-length@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/set-function-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/set-function-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/set-function-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6045ce21278fec363582492f409a74b8d31ddb34c0d39271e02f951a3014ccc899d4f741205a1d51cfe302f5e16ee01b8dfd4c198ca42e63fd6fdeb33b1cc7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/set-function-length" + } + ] + }, + { + "type": "library", + "name": "define-data-property", + "version": "1.1.4", + "bom-ref": "define-data-property@1.1.4", + "author": "Jordan Harband", + "description": "Define a data property on an object. Will fall back to assignment in an engine without descriptors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-data-property@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/define-data-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/define-data-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/define-data-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac132f23396903cbfa13e489668a3ef87018aac2eb920ecc49f2229cc3c5866928af0ed7f9d39754942cf904faf731a4cccc9f0e720c3765a2775f8d6cbdd3f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-data-property" + } + ] + }, + { + "type": "library", + "name": "gopd", + "version": "1.0.1", + "bom-ref": "gopd@1.0.1", + "author": "Jordan Harband", + "description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/gopd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/gopd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/gopd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gopd" + } + ] + }, + { + "type": "library", + "name": "has-property-descriptors", + "version": "1.0.2", + "bom-ref": "has-property-descriptors@1.0.2", + "author": "Jordan Harband", + "description": "Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-property-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7924d2ae216fafab829ed418ce4e333661cb5022f093ec61731f099f64f1a8e709eb82489dd1842d9c095e152aae9999b86b3de7d814be7ab6f2e62a49760ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-property-descriptors" + } + ] + }, + { + "type": "library", + "name": "has-proto", + "version": "1.0.3", + "bom-ref": "has-proto@1.0.3", + "author": "Jordan Harband", + "description": "Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-proto@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-proto.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-proto#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-proto/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "489d5a999009522652f8f86c54b7f9b46c9d95a541f04745a5a48ee209a250a50ec64f2ace7e40232e19789526876db39c8764fee300513da9977171cd5507f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-proto" + } + ] + }, + { + "type": "library", + "name": "has-symbols", + "version": "1.0.3", + "bom-ref": "has-symbols@1.0.3", + "author": "Jordan Harband", + "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/has-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/has-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/has-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-symbols" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21254f5208fbe633320175916a34f5d66ba76a87b59d1f470823dcbe0b24bcac6de72f8f01725adaf4798a8555541f23d6347e58ef10f0001edb7e04a391431" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hasown" + } + ] + }, + { + "type": "library", + "name": "object-inspect", + "version": "1.13.1", + "bom-ref": "object-inspect@1.13.1", + "author": "James Halliday", + "description": "string representations of objects in node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/object-inspect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-inspect" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "version": "1.2.1", + "bom-ref": "range-parser@1.2.1", + "author": "TJ Holowaychuk", + "description": "Range header field string parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/range-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/range-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/range-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "version": "0.18.0", + "bom-ref": "send@0.18.0", + "author": "TJ Holowaychuk", + "description": "Better streaming static file server with Range and conditional-GET support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/send@0.18.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/send.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/send#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/send/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "version": "1.6.0", + "bom-ref": "mime@1.6.0", + "author": "Robert Kieffer", + "description": "A comprehensive library for mime-type mapping", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-mime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-mime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-mime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "version": "1.15.0", + "bom-ref": "serve-static@1.15.0", + "author": "Douglas Christopher Wilson", + "description": "Serve static files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/serve-static.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/serve-static#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/serve-static/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serve-static" + } + ] + }, + { + "type": "library", + "name": "media-typer", + "version": "0.3.0", + "bom-ref": "media-typer@0.3.0", + "author": "Douglas Christopher Wilson", + "description": "Simple RFC 6838 media type parser and formatter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/media-typer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/media-typer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/media-typer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/media-typer" + } + ] + }, + { + "type": "library", + "name": "utils-merge", + "version": "1.0.1", + "bom-ref": "utils-merge@1.0.1", + "author": "Jared Hanson", + "description": "merge() utility function", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "http://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/jaredhanson/utils-merge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredhanson/utils-merge#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/jaredhanson/utils-merge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/utils-merge" + } + ] + }, + { + "type": "library", + "name": "vary", + "version": "1.1.2", + "bom-ref": "vary@1.1.2", + "author": "Douglas Christopher Wilson", + "description": "Manipulate the HTTP Vary header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/vary@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/vary.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/vary#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/vary/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/vary" + } + ] + }, + { + "type": "library", + "name": "asynckit", + "version": "0.4.0", + "bom-ref": "asynckit@0.4.0", + "author": "Alex Indigo", + "description": "Minimal async jobs utility library, with streams support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/asynckit@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexindigo/asynckit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexindigo/asynckit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexindigo/asynckit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39e8bd387e2d461d18a94dc6c615fbf5d33f9b0560bdb64969235a464f9bb21923d12e5c7c772061a92b7818eb1f06ad5ca6f3f88a087582f1aca8a6d8c8d6d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/asynckit" + } + ] + }, + { + "type": "library", + "name": "combined-stream", + "version": "1.0.8", + "bom-ref": "combined-stream@1.0.8", + "author": "Felix Geisendörfer", + "description": "A stream that emits multiple other streams one after another.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/combined-stream@1.0.8", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-combined-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/combined-stream" + } + ] + }, + { + "type": "library", + "name": "delayed-stream", + "version": "1.0.0", + "bom-ref": "delayed-stream@1.0.0", + "author": "Felix Geisendörfer", + "description": "Buffers events from a stream until you are ready to handle them.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/delayed-stream@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-delayed-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "672483ecd7fdd5a2c1d11c4be0a1ab28705797b11db350c098475ca156b05e72c3ed20e1a4d82db88236680920edaed04b8d63c4f499d7ba7855d1a730793731" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/delayed-stream" + } + ] + }, + { + "type": "library", + "name": "mime-db", + "version": "1.52.0", + "bom-ref": "mime-db@1.52.0", + "description": "Media Type Database", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-db" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "11.2.0", + "bom-ref": "fs-extra@11.2.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@11.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e60e2deec0ae6716e5e1ed70d39559d2d7bc494bbbd6dfa8acdbec37c5cbfc495c620783720137f872d9156396e44a35f46389dbbd90aad7f123b44cabf64b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "6.1.0", + "bom-ref": "jsonfile@6.1.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@6.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5d8277563ab8984a6e5c9d86893616a52cd0ca3aa170c8307faebd44f59b067221af28fb3c476c5818269cb9fdf3e8ad58283cf5f367ddf9f637727de932a5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsonfile" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "2.0.1", + "bom-ref": "universalify@2.0.1", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "829b4735082120d9dcfef4c6224d12385185357c3b255ae5454b42a2725196f6b0e83b97d303b925e928f6c5ab301861f8fb18019ee85c088e9dffd42a88328b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/universalify" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "version": "4.0.8", + "bom-ref": "get-installed-path@4.0.8", + "author": "Charlike Mike Reagent", + "description": "Get installation path where the given package is installed. Works for globally and locally installed packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-installed-path@4.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/tunnckoCore/get-installed-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-installed-path/-/get-installed-path-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e600d2b5c449481e51c7dad5df3a84e74835235f55f71af28ae99c8b6d49d20829f5a400f0bbaede556b6db8fcc95ab5c30d3d8c7ceeae01a2882ce15f8ad98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "global-modules", + "version": "1.0.0", + "bom-ref": "global-modules@1.0.0", + "author": "Jon Schlinkert", + "description": "The directory used by npm for globally installed npm modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-modules@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0ace91247f5d46a4e16ec346738f39ade01e146708ce706ef9ecf3efadf87170b15bab4c29b20a4eab1a71b71162086e03b46f7733a5d155b176a0675ebfb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-modules" + } + ] + }, + { + "type": "library", + "name": "global-prefix", + "version": "1.0.2", + "bom-ref": "global-prefix@1.0.2", + "author": "Jon Schlinkert", + "description": "Get the npm global path prefix.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-prefix@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-prefix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65b31d4d5031ed4a37e0d1e1e5998bd92aff3f9d5a97e1c9056ccf85ac6710fb4e0a59c585a3d3f93313d9612cd4bf2ce67536c8ec48b1f10e086c42c3ab32a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix" + } + ] + }, + { + "type": "library", + "name": "expand-tilde", + "version": "2.0.2", + "bom-ref": "expand-tilde@2.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or `~+` to the cwd.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expand-tilde@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/expand-tilde.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0391267ac1d6eab7e767dcac1d08cf7494678b44916abd2d8ed1b930db66f67e5352fb1853ca28ce9aed443e00a87c5c6565a556e026428da758a7cdf68ca34f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expand-tilde" + } + ] + }, + { + "type": "library", + "name": "homedir-polyfill", + "version": "1.0.3", + "bom-ref": "homedir-polyfill@1.0.3", + "author": "Brian Woodward", + "description": "Node.js os.homedir polyfill for older versions of node.js.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/homedir-polyfill@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/homedir-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7929a6584e5b6532b6368bb8834008df367daecc29ec644aa0a5d2d412d492f3ef88eaace184cdd5d8d022aad7cbd939804b5d2cfcbce898d1c2c34cf6d9c370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/homedir-polyfill" + } + ] + }, + { + "type": "library", + "name": "parse-passwd", + "version": "1.0.0", + "bom-ref": "parse-passwd@1.0.0", + "author": "Brian Woodward", + "description": "Parse a passwd file into a list of users.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-passwd@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/parse-passwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/parse-passwd", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/parse-passwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58d40fff4145c464aed82b3fab0fd5b275c135f84b8fafa64180a79c001f2d9a85ba505bf435111525ed69fa3471b5386471b6ca91fc086d625efc8784ea6d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-passwd" + } + ] + }, + { + "type": "library", + "name": "is-windows", + "version": "1.0.2", + "bom-ref": "is-windows@1.0.2", + "author": "Jon Schlinkert", + "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-windows@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-windows.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-windows" + } + ] + }, + { + "type": "library", + "name": "resolve-dir", + "version": "1.0.1", + "bom-ref": "resolve-dir@1.0.1", + "author": "Jon Schlinkert", + "description": "Resolve a directory that is either local, global or in the user's home directory.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-dir@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/resolve-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bba24e3102cef3ac5927dd33440a14d05515c2b6eda1ce53076f2b9dc1716f33aa719d629d056e3f36732e78fb60383f6b45336d89e6445f7b547e94cff5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-dir" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "5.0.3", + "bom-ref": "domhandler@5.0.3", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@5.0.3", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "720c25bffd621508859d4f7a5d78113a1f314de7adb272620ec4dced36022c577dfbf58d908a8f4f188cffca5277c548ae15c64dfd4dcb5ab586ab95a83241e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "3.1.0", + "bom-ref": "domutils@3.1.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@3.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fbf2e32642d23602180326359e4261f0249d9b2cf0f718c98eed98dafd9661f38c249bee2eb7e2149d47516bcb82197f3c0e2571d63e8545ed577f11208c464" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "2.0.0", + "bom-ref": "dom-serializer@2.0.0", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-serializer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c08900af28aab7f9d5e4440aa90a68dd24e848e57d2740e76c9ab02bb5affd3adcf76cc801867816532ef893c55b50df185b7cd594c21a00c469b7df5de2f226" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "4.5.0", + "bom-ref": "entities@4.5.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease & speed", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@4.5.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5748631f87463e1f40a39a74328458e8156ab700a3873eaf2392d3f00279e47fb883dff8bdb1f1d48e787d2d17b9c94b8431c0acf40288c8c3c6368bf1f3f187" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "https", + "version": "1.0.0", + "bom-ref": "https@1.0.0", + "author": "hardus van der berg", + "description": "https mediation", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/https@1.0.0", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/https/-/https-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e040b9edd757ae4685d31f373a3f2c33a48b4070165f0f744a4aaed8ce0011610d677174d9d14913f180440f2280eefdb5c818a86ac3eda7b87f92f7ba6da582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/https" + } + ] + }, + { + "type": "library", + "name": "inquirer-file-tree-selection-prompt", + "version": "2.0.2", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2", + "author": "anc95", + "description": "inquerer file tree selection prompt", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inquirer-file-tree-selection-prompt@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/anc95/inquirer-file-tree-selection.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer-file-tree-selection-prompt/-/inquirer-file-tree-selection-prompt-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae56d0ec1ca4819fdf9aded259cdac681072b8cb10ad487e8aa9f2e1a32868bab6e426354ed643a7171a3bea0407335e5410fbe7d7789936884877e74a75414b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt" + } + ] + }, + { + "type": "library", + "name": "cli-cursor", + "version": "3.1.0", + "bom-ref": "cli-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Toggle the CLI cursor", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23fcc7030b0a7fd16a1a85cce16591002a1bf7e48dba465377de03585e7b138b68a2e46e95b0b171487a44a5043909584c7267ce43ccc92bcf35a6922cd7cb67" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-cursor" + } + ] + }, + { + "type": "library", + "name": "restore-cursor", + "version": "3.1.0", + "bom-ref": "restore-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Gracefully restore the CLI cursor on exit", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/restore-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/restore-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97eb1279fcc7a63e6a8a6845484e5af27b9f65800cdec05254c00fb589260bee041f66a7486684317483d22cd141bbbd9dfc90f72e49ad59a9ec4f2866b523bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/restore-cursor" + } + ] + }, + { + "type": "library", + "name": "onetime", + "version": "5.1.2", + "bom-ref": "onetime@5.1.2", + "author": "Sindre Sorhus", + "description": "Ensure a function is only called once", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/onetime@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/onetime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/onetime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/onetime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91ba5a4921894d674063928f55e30e2974ab3edafc0bc0bbc287496dcb1de758d19e60fe199bbc63456853a0e6e59e2f5abd0883fd4d2ae59129fee3e5a6984a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/onetime" + } + ] + }, + { + "type": "library", + "name": "mimic-fn", + "version": "2.1.0", + "bom-ref": "mimic-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Make a function mimic another one", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-fn" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "3.0.7", + "bom-ref": "signal-exit@3.0.7", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@3.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c270f6644fa5f923c2feea12d2f5de13d2f5fb4c2e68ca8a95fcfd00c528dfc26cc8b48159215c1d1d51ae2eb62d9735daf2ebd606f78e5ee2c10860c2901b19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "figures", + "version": "3.2.0", + "bom-ref": "figures@3.2.0", + "author": "Sindre Sorhus", + "description": "Unicode symbols with Windows CMD fallbacks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/figures@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/figures.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/figures#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/figures/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c9a76e40544a2d760e1a0127e8065abbdd23de08123b28aa5d4d05f4965f79762135af899385feb38e40db38398e7b3cec60056b7e01066da45f0e17a4d71b76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures" + } + ] + }, + { + "type": "library", + "name": "inquirer", + "version": "8.0.0", + "bom-ref": "inquirer@8.0.0", + "author": "Simon Boudrias", + "description": "A collection of common interactive command line user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/inquirer@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer/-/inquirer-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38df291093cf09dca3c63f9cc6c6117ba5df0897a94f100d74d9d379bb13b90817a51c994514fdb78749c2346e6e09af9f6d022d2127a334546b25f233d5535c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "3.0.0", + "bom-ref": "cli-width@3.0.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "171aa990f3f0bb51e3b8df773a67e6e21f2e21a9d7a1f5b44715445b793944ac7e9892584ad873361a77d8acf1c72dd800467f0dcfc458dd6f651634fa43a16f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-width" + } + ] + }, + { + "type": "library", + "name": "external-editor", + "version": "3.1.0", + "bom-ref": "external-editor@3.1.0", + "author": "Kevin Gravier", + "description": "Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/external-editor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mrkmg/node-external-editor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84c438097d69d62ce6b8b63266a2cc3bfa86370d74c12bfd40308f7f35dfc85ace682492a117ea13529fd6ce5a9fae89e49642eb635ec06fa62b8f63382b507b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor" + } + ] + }, + { + "type": "library", + "name": "chardet", + "version": "0.7.0", + "bom-ref": "chardet@0.7.0", + "author": "Dmitry Shirokov", + "description": "Character detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chardet@0.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/runk/node-chardet.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/runk/node-chardet", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/runk/node-chardet/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "993f220dcae1d37a83191466a00da1981267c69965311fb4ff4aa5ce3a99112e8d762583719902340938acf159f50f39af6eee9e488d360f193a2c195c11f070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chardet" + } + ] + }, + { + "type": "library", + "name": "os-tmpdir", + "version": "1.0.2", + "bom-ref": "os-tmpdir@1.0.2", + "author": "Sindre Sorhus", + "description": "Node.js os.tmpdir() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-tmpdir@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/os-tmpdir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f6151d37562afb148bb8e57058db49936fefd9496074d2c8d4f637505edf37803ac8e19b73e45b3bff2cbbe20d8de52550638c58d6a0ebe2b35d770611557d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/os-tmpdir" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "0.0.8", + "bom-ref": "mute-stream@0.0.8", + "author": "Isaac Z. Schlueter", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@0.0.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e76d658e9285b252c4e32ab8600f475ccf6da67644a7a58a9b123226da787086ec654a4a72c09981a3c87466a25d929ef799bf744acb0790de2bb1168101f00" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mute-stream" + } + ] + }, + { + "type": "library", + "name": "run-async", + "version": "2.4.1", + "bom-ref": "run-async@2.4.1", + "author": "Simon Boudrias", + "description": "Utility method to run function either synchronously or asynchronously using the common `this.async()` style.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-async@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/run-async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/run-async#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/run-async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6f56756fd356fc73546b03a129ec9912b63f391aebff62b31cc2a6109f08ec012d9c4e698f181063023a425bb46b4a874d4a8136fea83d3b86dc78dbd4b8381" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-async" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "6.6.7", + "bom-ref": "rxjs@6.6.7", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@6.6.7", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "853770afeef260d213e67e00318a7ce4a03acb0d956b414b6b7460baf6e96b85b7239c729da059a38d5c3375ccfb843a7d1323dec058211d5502664c5d826f45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs" + } + ] + }, + { + "type": "library", + "name": "through", + "version": "2.3.8", + "bom-ref": "through@2.3.8", + "author": "Dominic Tarr", + "description": "simplified stream construction", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through@2.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/through.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/through", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/through/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3cf6a83b3c8f3001dbd7eb46cc0cff9b1680f90ef866f682e1785a793b86b6405d1c4811ac057e2a66669d3ccbd5aa52c9041722f96a8618e00fbdc0de35256" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "29.7.0", + "bom-ref": "jest-mock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@29.7.0#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21338c667f949184b864587cdf16003b3592b65a0dcc914edacf035ab138961b460fe028ae09db92228445ee3041507274818fc74e7d83aae25b906da7a2e59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "group": "@types", + "version": "3.0.3", + "bom-ref": "@types/istanbul-lib-report@3.0.3", + "description": "TypeScript definitions for istanbul-lib-report", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.3#types/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-report", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3509fb00742793f4522cec6b05b1b224cfda550fa98e3e470a06ac1717342bf2a1a004df43fe3b032525d79236c815298a18e66acf9af952413aa79cac51feb8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "group": "@types", + "version": "21.0.3", + "bom-ref": "@types/yargs-parser@21.0.3", + "description": "TypeScript definitions for yargs-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs-parser@21.0.3#types/yargs-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "238abd414f4c42fe2810ecf8b401c9b4dcf5730b8bc67d85df171cda257959da8b3e95278f7d1a52ec6dd660316131bea1ef0264c57ffbaad4e12e20443ceab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "29.7.0", + "bom-ref": "jest@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@29.7.0#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348cb7a00169f6c85d6b5f61cb81cad0745358ab4f26619d9efcb0bb4d673aa342daf660f99f9fbc90f1a4c400f3c79bd88f4471a7dc763620b03b619d84ef1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/core@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@29.7.0#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fb69e5d628c9c6b43038f32f132d624f2662e6999eb8d827a8efc718584a620fb1730e098d0d5fc6095468acf0017572c967ff70cf38190251e35e3c431c6b2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/console@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@29.7.0#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e4d8b8094ed71d08b7d88277f7c1043f846b07c795d3db173f644ea83e1b92c1eb9d3ade7b9d8fb31bd7f2da4bf0bbd3677a45cd7c8f6cd411792378d420213a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/reporters@29.7.0", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@29.7.0#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c0a6ad0a25b24e1330056231c00cd371004dca6e1c50075cb92a995be566aac3acd56ee59ab529cc8c4e60b3c1548043e636c9d90373425a5f4d1b489ad383e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-result@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@29.7.0#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15dc7eb6feb1d7396424f7165e6303006d87067691f573d277968359056c7eb6662d54f7954d5cc32c4b81199747dcabab8341a049bd04cb1f805cd34006c960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/transform@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@29.7.0#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24fc14cf17314a54cc0ee5e38746bbe70551dd472f48aecad6d46a4c690f4c0a78a534b5d02a6017f2cd585c315a6a2f7126969cdb24b357461e451102af657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "fs.realpath", + "version": "1.0.0", + "bom-ref": "fs.realpath@1.0.0", + "author": "Isaac Z. Schlueter", + "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs.realpath@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/fs.realpath.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38ed291f694ae9ad2166701d6aee48b731cf23aa5496f23b8cc567c54411b70e28c05db093c94e49a6ed1830933f81a0ae0d8c6c69d63bd5fc2b5b78f9f18c0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs.realpath" + } + ] + }, + { + "type": "library", + "name": "inflight", + "version": "1.0.6", + "bom-ref": "inflight@1.0.6", + "author": "Isaac Z. Schlueter", + "description": "Add callbacks to requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inflight@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/npm/inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inflight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93dd88fdbd3cab8c2f16c71708bbea7ec1c2ae3ac5ef2897b10b8856f544ecdf365b7f9aaa9cee51d05b7e159ccbf159477ff82207e532028b3acbcf0eb18224" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inflight" + } + ] + }, + { + "type": "library", + "name": "path-is-absolute", + "version": "1.0.1", + "bom-ref": "path-is-absolute@1.0.1", + "author": "Sindre Sorhus", + "description": "Node.js 0.12 path.isAbsolute() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-is-absolute@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-is-absolute.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0156f0dd42767bd6eaeb8bd2692f409b47e37b53daf296c6a934ec9977da2223299ebe4394385f24eb8b8fd49ff7964f5430147ab0df124f3c30f98f7bb50242" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-is-absolute" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "6.0.2", + "bom-ref": "istanbul-lib-instrument@6.0.2", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@6.0.2#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5652c67d475940d07b414a8853926dfd5933e534a489e62164ed4c2a5e404ba07413fa17ea3ec7ec4c356e65d286681c27edd8a7f5b4bb4ac9e802bf78de1bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "make-dir", + "version": "4.0.0", + "bom-ref": "make-dir@4.0.0", + "author": "Sindre Sorhus", + "description": "Make a directory and its parents if needed - Think `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/make-dir@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/make-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8577544d960854eb75131fff8c0422fb04d9669529c018ffd10b0ecea7a06f7ac630c78989212ee712c79d87c1ad1578447dbe38248e3bde48b3fef1d562786f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-dir" + } + ] + }, + { + "type": "library", + "name": "source-map", + "version": "0.6.1", + "bom-ref": "source-map@0.6.1", + "author": "Nick Fitzgerald", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map@0.6.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mozilla/source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mozilla/source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mozilla/source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map" + } + ] + }, + { + "type": "library", + "name": "html-escaper", + "version": "2.0.2", + "bom-ref": "html-escaper@2.0.2", + "author": "Andrea Giammarchi", + "description": "fast and safe way to escape and unescape &<>'\" chars", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-escaper@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/html-escaper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-escaper" + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "29.7.0", + "bom-ref": "jest-worker@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@29.7.0#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "788cf69ac2ff1332fd5054c5171ee305391e65f92ed32500c99659989f771f64d8122ae8231d8f42311773062d625f335c2c5bf8f02603684b22dffa64490f1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "char-regex", + "version": "1.0.2", + "bom-ref": "char-regex@1.0.2", + "author": "Richie Bendall", + "description": "A regex to match any full character, considering weird character ranges.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/char-regex@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/Richienb/char-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Richienb/char-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Richienb/char-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "916597cedbd9e5205057e79180a15e87cab9b0bb99636fbc5942339715954e0fa81b0635e2aca5c7529b2b31ddf0fe99624020d31c880d4f4930787224c6758f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/char-regex" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "2.0.0", + "bom-ref": "convert-source-map@2.0.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afa78e7d1eb576144275080b22d4abbe318de46ac1f5f53172913cf6c5698c7aae9b936354dd75ef7c9f90eb59b4c64b56c2dfb51d261fdc966c4e6b3769126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "29.7.0", + "bom-ref": "jest-changed-files@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@29.7.0#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c402b162c1fd41a50fb86d74a9adc0dcdffc781d2ccbe1a976b68cf05690c5a6cc402e32d87728882b87b9573eba1902486d727cdbedf93edcaca1fa6d357db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "get-stream", + "version": "6.0.1", + "bom-ref": "get-stream@6.0.1", + "author": "Sindre Sorhus", + "description": "Get a stream as a string, buffer, or array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stream@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6ce968beda3de3423aa2ef4c3902537c0c59e44b00be32a9b113374400b076a976585775ff6f50937e03cb18934c7805b174f7d4f053b59acdcd51f68708f62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stream" + } + ] + }, + { + "type": "library", + "name": "human-signals", + "version": "2.1.0", + "bom-ref": "human-signals@2.1.0", + "author": "ehmicky", + "description": "Human-friendly process signals", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/human-signals@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/ehmicky/human-signals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://git.io/JeluP", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ehmicky/human-signals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07814567aabf4f68e1864b2091b116dc706f5887c35bce6c9e44206b0b74ed2ec9e505d393a064355fb4c80799acce50a4c01d625a1c1a89639f4b09fd642417" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/human-signals" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "4.0.1", + "bom-ref": "npm-run-path@4.0.1", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm-run-path" + } + ] + }, + { + "type": "library", + "name": "strip-final-newline", + "version": "2.0.0", + "bom-ref": "strip-final-newline@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip the final newline character from a string/buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-final-newline@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-final-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-final-newline" + } + ] + }, + { + "type": "library", + "name": "yocto-queue", + "version": "0.1.0", + "bom-ref": "yocto-queue@0.1.0", + "author": "Sindre Sorhus", + "description": "Tiny queue data structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yocto-queue@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yocto-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad592cbec9cd09d27fa2119ceb180fc3237c7a1782c6c88b33c9b1b84fedfe6395a897b03ee3b59a22e94c74224604ca08b7b12f831e00555a82db3b1e6359d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yocto-queue" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "29.7.0", + "bom-ref": "jest-config@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@29.7.0#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b976e97de43b47a4d906a237fd3c42538ab8b6d937bb43c9782f84d336df4a84a3aba6c9edbb813f1cd03cbd227eb918e0336ee0951d9342269415188bce3479" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config" + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-sequencer@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@29.7.0#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190c09e56655aca9ce26e898880179d94354257813671d4d1e3152101d2a10c99264a02474ca08cf0fc28fac7a345e00bd5db7014a83a45cd090dfde602613c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "29.7.0", + "bom-ref": "jest-haste-map@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@29.7.0#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cff2eda9c9fab1d0ad6b1a7d51f69c84d3f2939fe1bb3f192d5a274e053a853cb617d1bf64b1a3059212b9beb4b70d5ba7d3da5c90b765c7dd10b61956ec098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "29.7.0", + "bom-ref": "babel-jest@29.7.0", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@29.7.0#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06bbc6637c594b011c0b32af2ac0a2d86807a83aac62438fe3f6f2e710a023019743120487ef1ec37826ac4d72ed7451e8b1d9223eb22d89d48bf9a6d8a5ca06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "29.7.0", + "bom-ref": "jest-circus@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@29.7.0#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc4d6708c822a5c4e40a8705c0cf745d741a6fd6d2f8632c8dda663eb95e95ac700fddc077c8951235ffbef1cf74b3e715ff8be34bbee7e8aeb51740d4df66cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/environment@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@29.7.0#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69021f1c3ab7dc4c6c3788cfd4d5865e1c6043fc22c6ceb480388a3be5d531df0c9f43563d681cdf86500d36f68ca694590eccbb0a22b5702c3765d55cd32903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@29.7.0#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e31e00cc9cb6da6f6b73f59411c1f157224bd5745c0af71b298fa62a5dc905db05cba190b40e49ef04fe9f7647201d4e84ba643d6d1645fe0a486810213475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "29.7.0", + "bom-ref": "jest-snapshot@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@29.7.0#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "466d01316b7105c8a81ebd7f397e5808ff14a2fe2b887bca3e49ce1acf34e1983d2466609880646ed971242ffb6789ac29855b209b5f53eb4a6fcc6560d7dd93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "1.5.3", + "bom-ref": "dedent@1.5.3", + "author": "Desmond Brand", + "description": "A string tag that strips indentation from multi-line strings. ⬅️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@1.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34742d7ce396ebc583f25832a5b2c0e684fe06dd315c986262fa11e929a635765fa733865f074a5a67301bc37b3f0555595dde17febc9e60fd05a252b13061c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "29.7.0", + "bom-ref": "jest-each@29.7.0", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@29.7.0#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "827b3e12bd78f99ac4a02e5f84e7d8098d4b3871ebd1323ead0507652f13b70da5ee097ef3478773f8057f62ad930d3e4880020d3796be915cbf7074e157a66d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "29.7.0", + "bom-ref": "jest-runtime@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@29.7.0#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8149cb8e0c1d1aa5bb0782ef38891b2acf5619b9fe40ba91410f63b82e879dd78389ecc8c210cffa684cc0758211c7d0e515176ba38f9c517c049879c5e830c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "pure-rand", + "version": "6.1.0", + "bom-ref": "pure-rand@6.1.0", + "author": "Nicolas DUBIEN", + "description": " Pure random number generator written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pure-rand@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/dubzzz/pure-rand.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d559ac2fa19a01629a7ac88a10b505c76639b3df94525479d439379f97c55c8ebf2c9d33d8d709e948f3167a4705c1bc48ea0b664fbad260f16fcfbd6576238" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pure-rand" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "29.7.0", + "bom-ref": "jest-environment-node@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@29.7.0#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ce4b0091a978ab4ceca178cfb87796193ab59c76ed0b359f3b7b0528cb06dc6f65d1e302a0aa21bcbcd798c218c531b1247e3bbbc31d86607d0fda07af1af17" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/fake-timers@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@29.7.0#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab80c7d476b84d314f7712eca835cad5ddfe8a848bef22f9a023096600d89ba8bee82ca05b9139c55aff0f51ddb06c63b7565649f500b3d3b1481fc135e956ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "29.6.3", + "bom-ref": "jest-regex-util@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@29.6.3#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "289241b110b2c8b35608d04ebd9c910e70087d489127cbfe84e0506069fc803c85dd47a0c223f8830451dff4836b8da0d586d5c9c4e2754177aca8f22c50d66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "29.7.0", + "bom-ref": "jest-resolve@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@29.7.0#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20e561652ae0f94bd502c843483b47c8508205497f43700026ff2267a6639d9ef8c73bf0bb32d789df482083e04e763ad922637eeba930a66c65046c0afc4480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "29.7.0", + "bom-ref": "jest-runner@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@29.7.0#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ec73837a70f0806a1c9b1817d345cab9c0547a7e92f39cc838eec639683a6ca1e8ce7156056f4ec01ee4a747496231c3d3801b00dd924bea414e8cf768362a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "29.7.0", + "bom-ref": "jest-validate@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@29.7.0#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "641ef01ea691195c3ff61493fceb85511786eccf2f29eab4fc9d9e80818b76f8c70a662a180461cd79ad822fa055e679b97145db5f5a39cdcbb36c8b836eed93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate" + } + ] + }, + { + "type": "library", + "name": "bser", + "version": "2.1.1", + "bom-ref": "bser@2.1.1", + "author": "Wez Furlong", + "description": "JavaScript implementation of the BSER Binary Serialization", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/bser@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/docs/bser.html", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bser" + } + ] + }, + { + "type": "library", + "name": "node-int64", + "version": "0.4.0", + "bom-ref": "node-int64@0.4.0", + "author": "Robert Kieffer", + "description": "Support for representing 64-bit integers in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-int64@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-int64.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-int64#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-int64/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b9973f75c5239ea173fa0ee9721df965a6af84834d0c5a2b5921bb4f7e8484bea207765e607dc63a858cc35a78f4a83e6dcf9d8f234f2ef6a52f49579405e1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-int64" + } + ] + }, + { + "type": "library", + "name": "makeerror", + "version": "1.0.12", + "bom-ref": "makeerror@1.0.12", + "author": "Naitik Shah", + "description": "A library to make errors.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/makeerror@1.0.12", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-makeerror.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "266a82bd4866b78de669d9691731b8050cc6d99de6eadbd00cd29d0a56673b755b22e749626c6c4f414d24c7a2076f894d295341349b53c41d7ac566c097262e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/makeerror" + } + ] + }, + { + "type": "library", + "name": "tmpl", + "version": "1.0.5", + "bom-ref": "tmpl@1.0.5", + "author": "Naitik Shah", + "description": "JavaScript micro templates.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/tmpl@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-tmpl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddfd2e384010c08a86b965b6315cd883c7d5fd036773f229b89346f37eeb2ee73301a2d51ec9561d9423e081a2125e47b379246e1c0bf406fb1ebb26ba3f929b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmpl" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "29.7.0", + "bom-ref": "jest-resolve-dependencies@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@29.7.0#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d330ffeaac49f92d1eb7b5b1788dc7e5749ef654c1051edb3870875e4291ea5b86e66c030e5233550d15e5c642ba84e011d71dc334e085891359fb9b8be9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "2.0.2", + "bom-ref": "resolve.exports@2.0.2", + "author": "Luke Edwards", + "description": "A tiny (952b), correct, general-purpose, and configurable \"exports\" and \"imports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f6516e8dc379ff68c803572fb4ad2aa01e5bf7f56640959ad709d9dbc8488a9b5ec34aa1d7e0c99031a493dc56de591e454ee45c530600ce265a8e38b463b9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.13.1", + "bom-ref": "emittery@0.13.1", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0de5b06b093aaf9c91f631609c3298b78b0b4b42e61c9262dd93a76f9fc975b6308f79d6f85c509c72238412b3f182c2ee844d3d533d350e3b237095c77e1ea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "29.7.0", + "bom-ref": "jest-docblock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@29.7.0#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abad7b02ec3703ad7682ec9a160b1b15e62934fe6dd9aa1434bc0151b73fd240f5478b7d8b10dbc854c77759e89387a9a15169afb3e67961eb86fb95dd7689e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "29.7.0", + "bom-ref": "jest-leak-detector@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@29.7.0#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91803c20971262d493d8163d23e48c0b7da70e9053dc9d8dbd6271f3e242b82765fc247523810a50944e88ff17b42731aa04d304624d75b07503c5d129b4deb7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "29.7.0", + "bom-ref": "jest-watcher@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@29.7.0#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e3d160ed65e4537565da1e8b6cbb4c43f1f207aad74885fb4aabc12d09acb1104637d2343cdbcf980982592398e923afae3848fc5eff6c602ff51b67b0f034de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/globals@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@29.7.0#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a98b3dddbad2db916d8c345b9b50650454b9131a2a96eb22d54c0f896cfe9f23a27988bf58d0d960f24f79a5c17c72d2b0092ed6571b5e06cdbd8617c0a2dcd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/source-map@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@29.6.3#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3078d3f7942e8a970fae92ccfbc24c4b3171e9e1e9e419bee177850c9970b2f5418e628d88802f6ac18ad9fc73d966c64659efa9e8456e1d3b30c6bb9f76099f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-jsx", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-jsx@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of jsx", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.24.1#packages/babel-plugin-syntax-jsx", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-jsx", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e0adc595dffa46e4308b174b8a684ef4f862ee6b5e245afbdc46553e7aada8218e605328ca4535cf51e080e20787a66a8f5e3b6d8ec7b0b1b891bb060131a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-jsx" + } + ] + }, + { + "type": "library", + "name": "helper-plugin-utils", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/helper-plugin-utils@7.24.0", + "author": "The Babel Team", + "description": "General utilities for plugins to use", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-plugin-utils@7.24.0#packages/babel-helper-plugin-utils", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-plugin-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-plugin-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c5339d7306d3e17146e25fbcbf364254ea2338555bdb0bd0a8cc3c784038ebe94062fc42d7719c12882e306ac651f2962cf4c826b51bdd3765723f16e1f2db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-plugin-utils" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-async-generators", + "group": "@babel", + "version": "7.8.4", + "bom-ref": "@babel/plugin-syntax-async-generators@7.8.4", + "description": "Allow parsing of async generator functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-async-generators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-bigint", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-bigint@7.8.3", + "description": "Allow parsing of BigInt literals", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c274e71651be631426def0f1a46139ecf8f4b2b454e2c1c4fe60e4b75aafd9824949e50079cda66b858b52750f78a8f2adf9ed5707bf37a7425e953eccbdcda6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-bigint" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-class-properties", + "group": "@babel", + "version": "7.12.13", + "bom-ref": "@babel/plugin-syntax-class-properties@7.12.13", + "description": "Allow parsing of class properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13#packages/babel-plugin-syntax-class-properties", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-class-properties", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-class-properties", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e6e227632a56b461a85436014d2c2074ab249db283e264fde2404deb932d26054b4c676df20c9f5225d83a7574d20e7ba5395aa21771e0afd9db5ef5d341960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-class-properties" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-import-meta", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-import-meta@7.10.4", + "description": "Allow parsing of import.meta", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4#packages/babel-plugin-syntax-import-meta", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-import-meta", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62a7e6f970f1d3e3eb8775527844023d4f35c82f89599da90cf1524b865da5f661a7832414c6830b552ab1ea2f10ac125299c82fbfaf2be0a5a7b6df874883ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-import-meta" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-json-strings", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-json-strings@7.8.3", + "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-json-strings" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-logical-assignment-operators", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "description": "Allow parsing of the logical assignment operators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4#packages/babel-plugin-syntax-logical-assignment-operators", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-logical-assignment-operators", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77cc1a4a19691438a743932dbc653dc4300ecca1f8efe145a277b2d9b68522832bf79da128e2e9d4747b56cce866f3ac57fe3e451b33358ec3d7b6dad2d7b48a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-logical-assignment-operators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-nullish-coalescing-operator", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "description": "Allow parsing of the nullish-coalescing operator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-nullish-coalescing-operator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-numeric-separator", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4#packages/babel-plugin-syntax-numeric-separator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-numeric-separator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-numeric-separator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-object-rest-spread", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "description": "Allow parsing of object rest/spread", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-object-rest-spread" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-catch-binding", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "description": "Allow parsing of optional catch bindings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-catch-binding" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-chaining", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "description": "Allow parsing of optional properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-chaining" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-top-level-await", + "group": "@babel", + "version": "7.14.5", + "bom-ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "author": "The Babel Team", + "description": "Allow parsing of top-level await in modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5#packages/babel-plugin-syntax-top-level-await", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-top-level-await", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-top-level-await", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "871fbeba92efe54d6b8187f07b5c41414851994e35344be952fae9f2392b48276f1929cce7fa9d44cb72949e8f1b938590168791b4c02939dddff63211244717" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-top-level-await" + } + ] + }, + { + "type": "library", + "name": "pkg-dir", + "version": "4.2.0", + "bom-ref": "pkg-dir@4.2.0", + "author": "Sindre Sorhus", + "description": "Find the root directory of a Node.js project or npm package", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pkg-dir@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pkg-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1d10f36da2a30be00e5955f1014ff1e7808e19e22ff5e6fee82903490a0d4ede17c96a0826fb8fb178b3c6efc5af6dc489e91bb59c2687521c206fe5fdad7419" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir" + } + ] + }, + { + "type": "library", + "name": "resolve-cwd", + "version": "3.0.0", + "bom-ref": "resolve-cwd@3.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from the current working directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-cwd@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-cwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3ab65a5f631bfab242a47ffa0a94aab7dc4556937efb1d355e737689ef60e8fe7fdf17a52c0917595003a5dcf52070ff2857c45f213a574534d4e43750edab12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd" + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "29.7.0", + "bom-ref": "jest-cli@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@29.7.0#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3955686f0d88b9b37f19262cc444e2fa039eeca6b9f4414c47fb70394dc96f61a728a78c189079486514ac4cf7485566240494759533cbcdec2cd350da066c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "create-jest", + "version": "29.7.0", + "bom-ref": "create-jest@29.7.0", + "description": "Create a new Jest project", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-jest@29.7.0#packages/create-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/create-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "01dcf66dd1f456adc5e772843093a87ed405bad582ba49ba276e306cf5913b893590c63b812eddb3fba826436e57cc030ad5969eec06709c2959c8a1fb3116d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-jest" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "8.0.1", + "bom-ref": "cliui@8.0.1", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05278d9f2bacef90b8fff350f6042dd7f72c4d7ca8ffc49bf9a7cb024cc0a6d16e32ca1df4716890636e759a62fe8415ef786754afac47ee4f55131df83afb61" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cliui" + } + ] + }, + { + "type": "library", + "name": "get-caller-file", + "version": "2.0.5", + "bom-ref": "get-caller-file@2.0.5", + "author": "Stefan Penner", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/get-caller-file@2.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/stefanpenner/get-caller-file.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-caller-file" + } + ] + }, + { + "type": "library", + "name": "require-directory", + "version": "2.1.1", + "bom-ref": "require-directory@2.1.1", + "author": "Troy Goode", + "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-directory@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/troygoode/node-require-directory.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/troygoode/node-require-directory/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/troygoode/node-require-directory/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c6c4423bfb0b06f71aef763b2b9662f6d8e3134e21d1c0032ba2211e320abc833a0b0bf3d0afb46c4434932d483f6d9019b45f9354890773aff84482abba2f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-directory" + } + ] + }, + { + "type": "library", + "name": "y18n", + "version": "5.0.8", + "bom-ref": "y18n@5.0.8", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/y18n@5.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/y18n.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/y18n", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/y18n/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d297c5cde81e0d62472480264cb44fd83c078dd179b3b8e8f6dbb3b5d43102120d09dbd2fb79c620da8f774d00a61a8947fd0b8403544baffeed209bf7c60e7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/y18n" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "2.0.1", + "bom-ref": "argparse@2.0.1", + "description": "CLI arguments parser. Native port of python's argparse.", + "licenses": [ + { + "license": { + "id": "Python-2.0" + } + } + ], + "purl": "pkg:npm/argparse@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f3ef56a9e6db173a57f4e47e59ae8edbd6ac22881e44ccdc1ad00835da4c1c7c80835d1fd3969215505b704a867ff3d7c35123019faadbf6c4060dc3beeacadd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "json-colorizer", + "version": "2.2.2", + "bom-ref": "json-colorizer@2.2.2", + "author": "Joe Attardi", + "description": "A library to format JSON with colors for display in the console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-colorizer@2.2.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/joeattardi/json-colorizer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-colorizer/-/json-colorizer-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7aa19b70575a625eb42744d4ed25ea91bfe07d63f7570182ea04169897f08e71476867180b04b00ef3cf829e46d3e8cc4db3473913d98f0486f6b0570dcf7bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer" + } + ] + }, + { + "type": "library", + "name": "markdown-diff", + "version": "2.0.0", + "bom-ref": "markdown-diff@2.0.0", + "author": "Martijn van Duijneveldt", + "description": "Generate a diff between two markdown files in markdown format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-diff@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/martijnvanduijneveldt/markdown-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-diff/-/markdown-diff-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "625ac74890b6ac0b1e707082ddce556a178aec6a6dd749040552aa2b9012ead91b4e2fa1bfe9393d73e517e8aa010ff7e9720d36aaab2baf13f6811a66a49174" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff" + } + ] + }, + { + "type": "library", + "name": "marked", + "version": "12.0.2", + "bom-ref": "marked@12.0.2", + "author": "Christopher Jeffrey", + "description": "A markdown parser built for speed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/marked@12.0.2", + "externalReferences": [ + { + "url": "git://github.com/markedjs/marked.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://marked.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/markedjs/marked/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a97526edefd8285a2a14f60f6b752483dc6523973202d1a6c8423331f5bffe6ea45f00b2d8fb3d0d87f98a88a314a43cab2bac72b1e8634e2224672dbb62a0d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/marked" + } + ] + }, + { + "type": "library", + "name": "markdown-table-ts", + "version": "1.0.3", + "bom-ref": "markdown-table-ts@1.0.3", + "author": "Jiri Hajek", + "description": "A zero-dependency library for generating Markdown tables written in TypeScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-table-ts@1.0.3", + "externalReferences": [ + { + "url": "git+https://gitlab.com/jiri.hajek/markdown-table-ts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts/-/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-table-ts/-/markdown-table-ts-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ae9ec55e606aa661a6b0417dd969d2ba476062f2e6d7914f20e0d93b1f7ede7a1b9312718c161cb33a997f956a4e306d2123d2342ef38d4f68df3c292fa01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-table-ts" + } + ] + }, + { + "type": "library", + "name": "mocha", + "version": "10.4.0", + "bom-ref": "mocha@10.4.0", + "author": "TJ Holowaychuk", + "description": "simple, flexible, fun test framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mocha@10.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/mochajs/mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mochajs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mochajs/mocha/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mocha/-/mocha-10.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7aa84607c24a6a9118702e32b57ff1af329fa2b8047378f5a469405d5cb7791c2bb40cb9fe721f4f54af806cdf3745d967178bab46905a4394026a88262bfe6c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "browser-stdout", + "version": "1.3.1", + "bom-ref": "browser-stdout@1.3.1", + "author": "kumavis", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/browser-stdout@1.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumavis/browser-stdout.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa1015235f80bf65fba9e94e7c0218c1738da2877a5e5644fdf5da052996fd3e52ccb0260a0ce2f9e89613b7d4bdb1da78d0501f5dd47ed8e95f1b1f2e432983" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browser-stdout" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fill-range", + "version": "7.0.1", + "bom-ref": "fill-range@7.0.1", + "author": "Jon Schlinkert", + "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/fill-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fill-range" + } + ] + }, + { + "type": "library", + "name": "to-regex-range", + "version": "5.0.1", + "bom-ref": "to-regex-range@5.0.1", + "author": "Jon Schlinkert", + "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/to-regex-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-regex-range" + } + ] + }, + { + "type": "library", + "name": "is-number", + "version": "7.0.0", + "bom-ref": "is-number@7.0.0", + "author": "Jon Schlinkert", + "description": "Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-number.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-number" + } + ] + }, + { + "type": "library", + "name": "is-binary-path", + "version": "2.1.0", + "bom-ref": "is-binary-path@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a file path is a binary file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-binary-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-binary-path" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09e87eee8c79a9eecb26e2c7a18d1f7a1de91ee5031c071151ec8bd95620859c1fa64348cbffbc39c8346b752e4a86336af9b2970b8b59039fde19748e330c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/binary-extensions" + } + ] + }, + { + "type": "library", + "name": "readdirp", + "version": "3.6.0", + "bom-ref": "readdirp@3.6.0", + "author": "Thorsten Lorenz", + "description": "Recursive version of fs.readdir with streaming API.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "externalReferences": [ + { + "url": "git://github.com/paulmillr/readdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/readdirp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/readdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readdirp" + } + ] + }, + { + "type": "library", + "name": "wrappy", + "version": "1.0.2", + "bom-ref": "wrappy@1.0.2", + "author": "Isaac Z. Schlueter", + "description": "Callback wrapping utility", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/wrappy@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/wrappy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/wrappy", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/wrappy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9784a9fc346c7a8afdc0be84bd5dbe4ee427eb774c90f8d9feca7d5e48214c46d5f4a94f4b5c54b19deeeff2103b8c31b5c141e1b82940f45c477402bdeccf71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrappy" + } + ] + }, + { + "type": "library", + "name": "is-unicode-supported", + "version": "0.1.0", + "bom-ref": "is-unicode-supported@0.1.0", + "author": "Sindre Sorhus", + "description": "Detect whether the terminal supports Unicode", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-unicode-supported@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-unicode-supported.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "927c46daae140b7bbcb2d446c8054908e771166bf90d989171d94868041701b49f2726be3a1a29368b4b42bb2d061aaeaaee19a6e29b0dcffc4ba9a05e03c53f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-unicode-supported" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "serialize-javascript", + "version": "6.0.0", + "bom-ref": "serialize-javascript@6.0.0", + "author": "Eric Ferraiuolo", + "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/serialize-javascript@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yahoo/serialize-javascript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "42bdd3a2cbe0b85b7c78f5aab2f45facac905c8896fa719b629cbc5cadb83501c4f3771ac56b7e988ca64d3d7d0c615b35634b7c4c2cae44a637ae2555607d6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serialize-javascript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "randombytes", + "version": "2.1.0", + "bom-ref": "randombytes@2.1.0", + "description": "random bytes from browserify stand alone", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/randombytes@2.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/crypto-browserify/randombytes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd897788e5fee022945aec468bd5248627ba7eca97a92f4513665a89ce2d3450f637641069738c15bb8a2b84260c70b424ee81d59a78d49d0ba53d2847af1a99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/randombytes" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "workerpool", + "version": "6.2.1", + "bom-ref": "workerpool@6.2.1", + "author": "Jos de Jong", + "description": "Offload tasks to a pool of workers on node.js and in the browser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/workerpool@6.2.1", + "externalReferences": [ + { + "url": "git://github.com/josdejong/workerpool.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/josdejong/workerpool", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/josdejong/workerpool/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b10813dee40d9bc5f566fd7fa8796972b8b304a528651c3841a22186f638ebbf22b0d4f62c23d1f0fffd2b00e84e626f0271a44be1ba59496384a5e0672903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/workerpool" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "20.2.4", + "bom-ref": "yargs-parser@20.2.4", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@20.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e92980d84f4e513bde1e1514016c3a7a262556a8bcef15a8b0f3cb9b1a0a1441150141a0c622ae8c325be43d1c1e07145e19ed5653886de24b3249036f7244" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-unparser", + "version": "2.0.0", + "bom-ref": "yargs-unparser@2.0.0", + "author": "André Cruz", + "description": "Converts back a yargs argv object to its original array form", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs-unparser@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-unparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ee9453200f5073571a6746d9e9161119b1c9b61256b9a91ff969872b4ad578b90daeb1a17e869b04d76e7ba91d20d23aaf889fee872af5a0ff9fbc7028e77338" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decamelize", + "version": "4.0.0", + "bom-ref": "decamelize@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decamelize@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decamelize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f621353e04a293d1de208c3624ef78222767137781a10ac5277c3bb05bb3497e03a66677bf9b19a54895e52c1c7fa990105f98d2bbbc35ea3ea7e9f287627e85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decamelize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "2.1.0", + "bom-ref": "is-plain-obj@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6169dfc91c312fff92b2b5987cea54b73e5bdd80fe9f27e41ef8db71a9f393cce0c8ee00483ebbb95311b7c9396cce252cc0e75dfae24613a97a6c3e35f4f578" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "version": "5.2.0", + "bom-ref": "mock-fs@5.2.0", + "author": "Tim Schaub", + "description": "A configurable mock file system. You know, for testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-fs@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/tschaub/mock-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tschaub/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tschaub/mock-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-fs/-/mock-fs-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9d17647a60c4996e98a9d55d561ca18b363aff938f2e40296a3156f91f730ebf073daa1622b37fc859b8f4daa220fd8f0c0d7285178739bf4af1c76a3ac5367" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "version": "1.3.6", + "bom-ref": "objects-to-csv@1.3.6", + "author": "Anton Ivanov", + "description": "Converts an array of objects into a CSV file. Saves CSV to disk or returns as string.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/objects-to-csv@1.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/objects-to-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/objects-to-csv/-/objects-to-csv-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfcdde4a94b786680292c5bce4a22a06d71b8125b90c356c0a6ccba0ce82deae32cce5f6ae6b56c45e296cb27be9fcfeb9f03ee3f4b0013e1075a63a2145a602" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "async-csv", + "version": "2.1.3", + "bom-ref": "async-csv@2.1.3", + "author": "Anton Ivanov", + "description": "ES7 async-await wrapper for the csv package.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/async-csv@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/async-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-csv/-/async-csv-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a9b0237e0fb9b365eaab943c3b5133e1bc3403971d62f35f44f5f6ca22df1dae48040f91523a506fdd193ffac5dd7af9cedb0c2546454e43891d4f4032a8fa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-csv" + } + ] + }, + { + "type": "library", + "name": "csv", + "version": "5.5.3", + "bom-ref": "csv@5.5.3", + "author": "David Worms", + "description": "A mature CSV toolset with simple api, full of options and tested against large datasets.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv@5.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv/-/csv-5.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "413698d178e385340e760b80445d2518a9b9fe612af4f0fdfd585965e8070c806adad43080da47737767783e261a8da226cf9f4cabf9069d1f67e051b98dd9d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv" + } + ] + }, + { + "type": "library", + "name": "csv-generate", + "version": "3.4.3", + "bom-ref": "csv-generate@3.4.3", + "author": "David Worms", + "description": "CSV and object generation implementing the Node.js `stream.Readable` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-generate@3.4.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-generate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/generate/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-generate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-generate/-/csv-generate-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3f4feaea474bf0bc7a96b3fd59c8c0d6b471d225a374ea4951a895c11290c968cffe75992ca3438a87555cbae62f2b75cce772b2b1536af0aa3f7a908af303b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-generate" + } + ] + }, + { + "type": "library", + "name": "csv-stringify", + "version": "5.6.5", + "bom-ref": "csv-stringify@5.6.5", + "author": "David Worms", + "description": "CSV stringifier implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-stringify@5.6.5", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/stringify/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e3890eb9f5a43e7d44d0a92addd571039ceaf9da3877d1106eadfce4b1c684dad3da16c0c7e703801c98b0f17007a614649c2c0c504f4a45ac9ce0afcd6cef0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-stringify" + } + ] + }, + { + "type": "library", + "name": "stream-transform", + "version": "2.1.3", + "bom-ref": "stream-transform@2.1.3", + "author": "David Worms", + "description": "Object transformations implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-transform@2.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-stream-transform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/transform/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-stream-transform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-transform/-/stream-transform-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f461d488ce613220a2e98d378c3d80442d5eb6d0579100684007bb9c9b0f9279c8d28c35d1a5e34e77b0f10b584262e3ce7f7be019e658400980263a64fd4379" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-transform" + } + ] + }, + { + "type": "library", + "name": "mixme", + "version": "0.5.10", + "bom-ref": "mixme@0.5.10", + "author": "David Worms", + "description": "A library for recursively merging JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mixme@0.5.10", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-mixme.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/adaltas/node-mixme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-mixme/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mixme/-/mixme-0.5.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e47efa00d5a29c1d47dedc2927a258f2ebc0b69985bc7340ae98a52408d744a5d20c32cf20ca1902bc39487d2af73fa52ecf08accc3b436556a568a614a153d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mixme" + } + ] + }, + { + "type": "library", + "name": "oclif", + "version": "4.13.0", + "bom-ref": "oclif@4.13.0", + "author": "Salesforce", + "description": "oclif: create your own CLI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/oclif@4.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/oclif/-/oclif-4.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c12b4e4be3963c2c513ca2bc87a037648009aeed940377b6f568d791ad2085e0fd64a60375495d8e3b6df2d2930dfac3ac64009d17f06de32f4baea28620726d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-cloudfront", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Cloudfront Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-cloudfront@3.575.0#clients/client-cloudfront", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-cloudfront", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-cloudfront", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a3a39ffdc9954b510287ef7fc531f8267a2b003663279a9c563b7b40ef5cad4106549b9183585e20e327c7a14d6745e453c284854a1c3b32f69d641a6e08693" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "xml-builder", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/xml-builder@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "XML builder for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/xml-builder@3.575.0#packages/xml-builder", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/xml-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/xml-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "716800c266c560d085ccfc312fbd39fa55a9b3417766f39c92e7ddd8a2a8119526b69570f7fb7151736b3f24945d29914d2461a1ab4830004d7d2b56474e376d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/xml-builder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-waiter", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-waiter@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for client waiters for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-waiter@3.0.0#packages/util-waiter", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-waiter", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-waiter", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9f1172711832c2a2a44a5529a8d1ab86c5aa9b882a3ef28a61fb86ae79f62368dc6338b2926363315507d1ce8eb93da66fe1fafee655a0f9abbbbd2b8927fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-waiter" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-s3", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-s3@3.583.0#clients/client-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a52ef09dcba04ae210f1182d44813d0f2b2d76677798c9e37e388ed62035521197932020a09cd0e231f4afee57f9e5a660761071fcbd7d44174f682a577b7d18" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sha1-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha1-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "349b61e5cf7dec62c7b3a9ce613cc52936d874c340ebfd5794a5609d9a1a65c43bcfb50994e823d8975b1c4f2d8982d2ddfcd734282e72defb48f19ab76ada4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/region-config-resolver@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.577.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e0284214008dc33ab1ff18e0df3805716f00962e91f42f797051022964ffec250cd43d0c1af91c9521f670b6ab9870a626053aa272a426ba05b56a74907860ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.577.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eabed1636d232dc9c653595c037bc0d15a8beea0c6c0e789e1528670554eab5bd3920fa359586479d7605418715a5b35b45a0f3ef838f5d05aca4c6d97b6a7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-env@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.577.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "271bb6e798f4813a0c1848aab9f3fc66d288f075bdd2538b8f02772eb7650ff34bb00634b4e41fd5f59ce77bb6f215a698d18cc660ab2f6a7ae883a030384353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-process@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.577.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a29fa056b4e897c488084eb27737073e6363f5b954fa86e611e0471b03f0c950f5b23b49fdcb95052dec0fbd56cb9119f5e49784a84ac12d4ac772592238ab7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.577.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6461c6351682b49266b336fd5139c2ee2ccd0ad454b6d74f94b74c921e3528f4b7daf7ddac10c7b3526ba5b6628c8b518f5c4ab8e5ec8984972c068719c2e1f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/token-providers@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.577.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d02908669702dc3350250d610e39b66dd4b2fd78ececdcb962f4ac69c6ac18e90d7e4f85764890cba37aedb657dd96dcf4a231f8dcf86eede20de3523699679d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso-oidc@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.577.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e398a48f0d6b9e59661516915c6763f77c8ebfa5d4150dad05802c986613a724b8041d921c04183502c9e455669c06e2e8a69f5756dda6fbb84eeae818d7fd6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sts@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.577.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e74f4a9258a6bdad575658466e94e9797de438fe8e4699b8e2dc09c431e96bd4d445b9a86b18fbbde5a59cb09b0e8af10d3adbb03821bd866c86f70bb288d5a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.576.0", + "bom-ref": "@aws-sdk/core@3.576.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.576.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.576.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "283bc395b7a2a524c87fe7df2ad4e0d66e35f532bbb3d9994960bc6efb99f6ac7afec8d014e5c828e56acae962e839dfc466ef45cc2846e63df4e7021f537fd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.577.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a96751ce32cad704d7337341d0a6fd15323a80129734f43500ed183781425f9fcba684c2fb03b6d79d4caa3c0f92e78ab7f7b51883595e40a7529f6dce8b041" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-user-agent@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.577.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f9e470178309a21c7a45c792443ef3a701b7e137bbfab16bfd3c142cfb3dad0bb42205c3d2d1c74947a3df57b2759f854f2b9dbf3a7acade5f55c5d43b32cd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-endpoints@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.577.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "163b94cf529dcb8665cb6abf739f2da5da8777acfb88e754fdc698ce873c8f08001c10c16c824d40b094f615c99cf57633ca56c500f2219b28570b66bc4acfcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-http@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.577.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fefb2842a7aedbf7e651184758d6385a981e44fcef90b080ce3d2b9199d69218c08e77cda850428f8085445356e4ab10ec071822116bafb5f84aeac3620d2d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-ini@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.577.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abb9473edbfa06346f0a1504de6d2d21a1192b13d3699d41de52b1198b0597754b02ee4df3218250ac2e0358b37f8b9c4fe2f22ac7151aa2ba543671d5ebf79f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.577.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8959b9490bd2ec48194c9b116aa50e9834290503cf3dab78d9209b585bc540e2eb97ca9ec2af0e3fde21152e70da63fadb39e0798cea8499c37a5efd1d76f17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.577.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "070ba3757af276593a504c8f99ec26e46a86e27910e8e5724614bf4b264fffa50a485bf6fec7f7f750a6cf484dd22b544c7d6b4785de2e59fc5c23ad6ab92bce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-bucket-endpoint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-bucket-endpoint@3.577.0#packages/middleware-bucket-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-bucket-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-bucket-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b70964357d95a1f33a9075f30c48893a260273db550017b971bcb1300ad15ac708b02586f666a63e10bbedecc6e17b0df5d144c157711180f90aba66ff91148b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-bucket-endpoint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-arn-parser", + "group": "@aws-sdk", + "version": "3.568.0", + "bom-ref": "@aws-sdk/util-arn-parser@3.568.0", + "author": "AWS SDK for JavaScript Team", + "description": "A parser to Amazon Resource Names", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-arn-parser@3.568.0#packages/util-arn-parser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-arn-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-arn-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d4289596a3e28e07b7db9cf3f4fa0fe8e54964bbf5f9dedee2fe1fac3c7af9c71613249f426276d3a28f799b3c5eef15af90baec36d27c2fe327367f4836cdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-arn-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-expect-continue", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-expect-continue@3.577.0#packages/middleware-expect-continue", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-expect-continue", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-expect-continue", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9d3e9f13bf8174a1fe2e9f9200c86eaafbe1ab46b3504383f6340301d56d153b826812ed42f0689ebdb6c32e2f3c4c52059ad2a99c70743830b3c27a1ef09b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-expect-continue" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-flexible-checksums", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-flexible-checksums@3.577.0#packages/middleware-flexible-checksums", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-flexible-checksums", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "207014122a487da823c3dd8b57c48e48188217b667a9f1dcc35e0891c656dbf99fac2cb5161fe4e343284bfb774eba36b50f75ae040fc14a12801fd00a2d8eae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-flexible-checksums" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "crc32", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2334a0b2bc5472cade8d06cf5629482b2d7a9004f9d84c01eb349a23e337c712212a1e7e6a5744caf23ecfa7ab33b4c22c1d8126c16bb478e9ebfe3fb2bfb774" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "crc32c", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32c@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32c@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32c", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10d34f3cc6a79a7549e014d794e8c0803ed446275b0339d446a0f42af7d1132738a36d033d874495d5357f9710ec96e3d0224948f68c224ffd66c85d077db5d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-location-constraint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-location-constraint@3.577.0#packages/middleware-location-constraint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-location-constraint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-location-constraint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ca3d30f60f6b3eb76414a3f21762d55affa527f0667ea61493064c81371da47d9cf82b06af865fc92734aa4d5dc67c25e455d16eec2ae3a17ec167aa9679350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-location-constraint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-sdk-s3", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-sdk-s3@3.582.0#packages/middleware-sdk-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-sdk-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-sdk-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c9a90a4ba0b6993d12382ff5d951e1e477d5152bc540afd477f30bf4a2c19e313bf30fd8b0cf39342364ed06a15d6bfe71101d58815619c32aaf992b579adb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-sdk-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-signing", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-signing@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-signing@3.577.0#packages/middleware-signing", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-signing", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-signing", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "412fdd877f8da996d7b58d23fc367cebba203f8d77a46e5c146a81cbd39e3a10ccb2895cc0bad06e2d12d1ceb6d5d73540dabe7abf5f7da32167f68f9325d722" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-signing" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-ssec", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-ssec@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-ssec@3.577.0#packages/middleware-ssec", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-ssec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-ssec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8b604f251faba7cc6645520673487590344570cd89f469c296aaa973e34b4a399869d95c83898f9258accfd1f3c0555c44f2795dc19fdd4e0162ce46f3e893ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-ssec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signature-v4-multi-region", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/signature-v4-multi-region@3.582.0#packages/signature-v4-multi-region", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/signature-v4-multi-region", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/signature-v4-multi-region", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68508e8e336a117da5f95f108ce5b2e45ec2b47202fd1958741bafdcda3acb19fea4cbd55147bacdd324db21d672e755a475accaf719cc050196200f7852cfb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/signature-v4-multi-region" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-browser@3.0.0#packages/eventstream-serde-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "341ec01623cde0dc4ffd80809ebbd8475f33dbf66c887885ed5b46df482c84ef466c5ac86f5ac2f1ea78346a49496af3e8feb8ba13d77a8e0cd14b022e764aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-universal", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-universal@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-universal@3.0.0#packages/eventstream-serde-universal", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-universal", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-universal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1cd15f4a19a8b5619e0285b8ba33fc99e57d0596af72999eac36cf2239096f129b37c46c51ca5143fd8ec88c563715cd1f6196080c6e481ef29e62062654370f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-universal" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-codec", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-codec@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-codec@3.0.0#packages/eventstream-codec", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-codec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-codec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d4b72100d0e8a4e7449a105099d163d5b45f6dcffb5ecded9f0e9b56e9645797e46b11e9c7f146c48ee74ecfc89a922325de513794256a61fd98fb39cbf1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-codec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-config-resolver", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-config-resolver@3.0.0#packages/eventstream-serde-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "454406def4372d7ee97aaa8701b99aca182b1796938a53e76b38a7692185d4fd3eb60337bef21158f1e694b233daa16a07d2ea148c5d8adc5cf0ed99ea9b2b47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-node@3.0.0#packages/eventstream-serde-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da44f74c0433011316572140283c69bf867b62c63b7f545a54ebe5660b2898258cd11d1c68688d4c37ee5713e8484bc009d860872cc14420e2f3abdc71d4481" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-blob-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-blob-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-blob-browser@3.0.0#packages/hash-blob-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-blob-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-blob-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd66e9760f9bc09bd6ee5c51ff3a5601cd7fc7f62472a82eb85d9b033909aef5eb899bb5be6f2bf8f51d138b32895c1083b3cf476757a62dc22c16fda910da55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-blob-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader-native", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader-native@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader-native@3.0.0#packages/chunked-blob-reader-native", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader-native", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader-native", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5439290985bea5e4ae338cc98a9e560dfaaf836328fdef32c4ebf7545d66d75cbb07c28a30a545b666560dedfa16f93cac6b96acf6471d767bad1eee339c96ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader-native" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader@3.0.0#packages/chunked-blob-reader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1b9d4442c231748124e81a5b0188099dd654429929fbda7bbd6b17c9bb9948c7a4541201eee86c1331ba827614128b43ee99c9b9bc5c6c8bd5d65dbda64daa0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-stream-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-stream-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-stream-node@3.0.0#packages/hash-stream-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-stream-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-stream-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2748bb75ef848170c41884c3e1fc7398c5fc0b208d1134c84579718cc88d52fbeeefa5e7dc6277d70411f39ca794f936c08d65aa892700525a0f57e234395b20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-stream-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "md5-js", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/md5-js@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/md5-js@3.0.0#packages/md5-js", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/md5-js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/md5-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e6d2faeb5738e50fee910904f1ec3dcbb39f12dc5507d590ad53530887fa9099a3a8d47f6530dd9ab3a0a291c13081ab6d9c0f5251149da09276ef131c11f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/md5-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confirm", + "group": "@inquirer", + "version": "3.1.9", + "bom-ref": "@inquirer/confirm@3.1.9", + "author": "Simon Boudrias", + "description": "Inquirer confirm prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/confirm@3.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/confirm/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-3.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "505d3d69e8f10a2e17aa6e8dfe32408855c0ad77e2f5a979d8015a483fb6b881e78591ad77577a94819344c3e8b95489c5b1848be1e43964986a2118ffeb3353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/confirm" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@inquirer", + "version": "8.2.2", + "bom-ref": "@inquirer/core@8.2.2", + "author": "Simon Boudrias", + "description": "Core Inquirer prompt API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/core@8.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/core/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/core/-/core-8.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bc4ae357e398c41655f7101269bbd07e4b64c84b330f197648b89f4c13ddb84aa6dd5ba3ede9f2242af5e0ee638438a2785b1a50b318f45137dc2ff038df85b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "figures", + "group": "@inquirer", + "version": "1.0.3", + "bom-ref": "@inquirer/figures@1.0.3", + "author": "Simon Boudrias", + "description": "Vendored version of figures, for CJS compatibility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/figures@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b5d7cc434c1f9a49b79fecb175740df59466a972f271b37f451c055f714e73fe2b27df1369aacb120c06b67c8a341c9369d4d13426e34110079dd8adec961f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/figures" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type", + "group": "@inquirer", + "version": "1.3.3", + "bom-ref": "@inquirer/type@1.3.3", + "author": "Simon Boudrias", + "description": "Inquirer core TS types", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/type@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/type/-/type-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5352dd0dba5ca55f6effcccc74e1961aaff92bd6b69a8854d5bd0e5f7a58d0b22020766d163e3e12ef7ff27b47dbb2587ed7942b22e0ef7c25d37a4ee9318e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/type" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "group": "@types", + "version": "0.0.4", + "bom-ref": "@types/mute-stream@0.0.4", + "description": "TypeScript definitions for mute-stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mute-stream@0.0.4#types/mute-stream", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mute-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mute-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mute-stream/-/mute-stream-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "08f33d9f3ac23cf24740d03d91e1fd09591523e591e6431afbb5c4b398dc190d15a001a72efdb8db0f252158300047e6138a2e7c945a4dcf4f34b425d22a00a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "group": "@types", + "version": "3.0.0", + "bom-ref": "@types/wrap-ansi@3.0.0", + "description": "TypeScript definitions for wrap-ansi", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/wrap-ansi@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96d229c7e90cee0fcc2d165f91b2fb12c0848dfcc271270ba64837ede5c4b71e649ab00a0644c9c1dd462008c348bf304e933a1f39f960ee2949bf75044c2ed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "input", + "group": "@inquirer", + "version": "2.1.9", + "bom-ref": "@inquirer/input@2.1.9", + "author": "Simon Boudrias", + "description": "Inquirer input text prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/input@2.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/input/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/input/-/input-2.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d714c21e621ee3cc7d086d7ef209401eb555747f907d887380151b832a15a69e4da2f9d78117234a7fd236e95ea717fd3a5f070eade0cf0dd908052bfa1d44ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/input" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "select", + "group": "@inquirer", + "version": "2.3.5", + "bom-ref": "@inquirer/select@2.3.5", + "author": "Simon Boudrias", + "description": "Inquirer select/list prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/select@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/select/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/select/-/select-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "232063f2812d99d1761b1e052533ed1326b7ecc0fab342804cab07aa09a5b3494aec441b8584aaf46425705aba701b187bf720434160d9c0aa6183e2fddfdfc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/select" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "plugin-not-found", + "group": "@oclif", + "version": "3.2.1", + "bom-ref": "@oclif/plugin-not-found@3.2.1", + "author": "Salesforce", + "description": "\"did you mean\" for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-not-found@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-not-found.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-not-found/-/plugin-not-found-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63617258b133893ae0750c1de0bb59718bf754e31e0e15b4a56ea16c4d2eddf25dc6cf1fdc92df38724f77c14fa2b56dda576c6a3e3371751603abcc40a78a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-levenshtein", + "version": "3.0.0", + "bom-ref": "fast-levenshtein@3.0.0", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84a28d6a39b8eae3664e58474b2664993a00739eae649c18abbcab722663a8ec6795f4301110d02661cf529ee6d66f70c7cbe039ef08682299e4abf69350dd09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7919c2b534ed199169402c2126250ebb13d05915d52980e7d1bd8f7877d72fafd98b9dd22c0cc01df5615562b602bc82fd61f4e6419fc611483ef4c5d125d0ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "async-retry", + "version": "1.3.3", + "bom-ref": "async-retry@1.3.3", + "description": "Retrying made simple, easy and async", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async-retry@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/async-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/async-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/async-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1faff8ecb70f71362ff4b5e307ad15bb76ccf72ede4046160d6767b0a5a76785a229e666c02e13803fe10076c0bbb7867ac2ab0356ff7e5ba826d4393d984cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.13.1", + "bom-ref": "retry@0.13.1", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.13.1", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d0050dc8f16d4281ed127a1fba8238f4dcb6e64455aea2cce02bda280a9c1822b861a0ef34a5fab8714914e439249f07ce7c5b5e470959e7a3d838663215676" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "change-case", + "version": "4.1.2", + "bom-ref": "change-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform a string between `camelCase`, `PascalCase`, `Capital Case`, `snake_case`, `param-case`, `CONSTANT_CASE` and others", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/change-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/change-case/-/change-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2c58db0b3d3adbe220b1b51226392bb34dc64aa0fc99d19c5c4bb4a43de896af8a22318bb76332b49dd04093f400be96db429666302b0e77056a4e31b968ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/change-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "camel-case", + "version": "4.1.2", + "bom-ref": "camel-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform into a string with the separator denoted by the next word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camel-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83119606b4d3d49b8cc7a47ea393d35cc9949e19d5ccb43d48dbad0f862a2ad23a6a9f3deedded28409895aea0096124a655e794dc9b124660f46106c4a14283" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camel-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pascal-case", + "version": "3.1.2", + "bom-ref": "pascal-case@3.1.2", + "author": "Blake Embrey", + "description": "Transform into a string of capitalized words without separators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pascal-case@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/pascal-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b969464f76129caf71dc140968e75c670ae757a84fa5df23147d7fb9ca622d13e1ff6cc2549292d7d1381af607bda09c0029f77e85d9d1c2c1f56af1d4a19ee6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pascal-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "capital-case", + "version": "1.0.4", + "bom-ref": "capital-case@1.0.4", + "author": "Blake Embrey", + "description": "Transform into a space separated string with each word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/capital-case@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/capital-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/capital-case/-/capital-case-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76cdfb5bc0b2b478309e11864e2f3ca5c3f2475e6aa0d90ea58c2630c7e75aaa9680449aa4baaf0f1ea1b858d0e6fa964a7d99d3ad7bdd7340ecbb4c39e521d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/capital-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "no-case", + "version": "3.0.4", + "bom-ref": "no-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with spaces between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/no-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/no-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e000dde318087e468c541991d348e2c922a51cdb09a8070191e2d6e93402a69a8bc5a16ab439d4646f456495d45e3b66b68814ff384ba51bd5d251cd74af7ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/no-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case-first", + "version": "2.0.2", + "bom-ref": "upper-case-first@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string with the first character in upper cased", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case-first@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case-first/-/upper-case-first-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e75e29a581c168ac1f2512bfa4d0ba73f3b17c66b4a1b4a7025d74eaef7b11dd08eb6e4d8a7f7a2808edb5917a64bdded572eda61c67aab3a2f625a09bebbe6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case-first" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "constant-case", + "version": "3.0.4", + "bom-ref": "constant-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into upper case string with an underscore between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/constant-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/constant-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/constant-case/-/constant-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "236852062ed5becec112e243af97431dfcdbfd1ba3dc5caf17287b28b8a5023350c3705efb182a5010365bab1c54470bd212f57703d1b48a843d55022a44acc9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/constant-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case", + "version": "2.0.2", + "bom-ref": "upper-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to upper case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case/-/upper-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a07600c626dd93a6ec015088e01ba973c36196151096f5091f922bf40f1a871cb6091e6b6675420a71977cac78054a3a29553970ea08330a6d5bf0c150c2292" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "dot-case", + "version": "3.0.4", + "bom-ref": "dot-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with a period between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dot-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/dot-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afe672a587ac91addac6bf1789d9ee72d9e454a64528b085b8036012dfccf04b3dbbceeeee7c3c103e2e4986cdd702518d7ad9776e69c6850b0cb642899e3df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dot-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "header-case", + "version": "2.0.4", + "bom-ref": "header-case@2.0.4", + "author": "Blake Embrey", + "description": "Transform into a dash separated string of capitalized words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/header-case@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/header-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/header-case/-/header-case-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ffbee9394c4115670ad1d25a76cde77d382a35b8020b325c742443200b6eabcf2249dcdd6fe979301c75c941d4767684a37063cce8e28f6282607f4a65275d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/header-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lower-case", + "version": "2.0.2", + "bom-ref": "lower-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to lower case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lower-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/lower-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edf9b797734017d59f37a5b724e99fe5daf0a55a97efc26da0627703a5b46ba66795d338d70d9f5790f8f74a6c2854e931db3c4c9b1efde1cb145b0d1c78c782" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lower-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "param-case", + "version": "3.0.4", + "bom-ref": "param-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with dashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/param-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/param-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "457963ef3098a2445ea96a4e3c7f68622bd4ccb619e6f00f21f1260933558a8b02efc17c1741fdcbb4fb806d8cdfdca682eb7117981c144b326504a987d069dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/param-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-case", + "version": "3.0.4", + "bom-ref": "path-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with slashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/path-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-case/-/path-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ee2a0858d7a954eb71b3edfe141f85343e56116ca8d28e3edcad80d2a42b14a8129dd73d443c39b16e78fca5388a24e608e7ebdaf2f178942f10b0a2ddd67e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sentence-case", + "version": "3.0.4", + "bom-ref": "sentence-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case with spaces between words, then capitalize the string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sentence-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/sentence-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0b4b42489da40c091a10ed8532b40a3fc54bb95b65e74315761c8ffab8ce94ec22134b546a3c496bdf457ab88ab230a33d949191545cb9ff80aecdc8b13584a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sentence-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "snake-case", + "version": "3.0.4", + "bom-ref": "snake-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with underscores between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/snake-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/snake-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c03a1e33f3d6c642f97da457cd17c575e3a8bba3bfc2a853dbab36203fec98cc3203792f4768d16d5c005a9915be010cc454e0dcbc4efd96327ef1af5849d32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/snake-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-yarn-workspace-root", + "version": "2.0.0", + "bom-ref": "find-yarn-workspace-root@2.0.0", + "author": "Square, Inc.", + "description": "Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/find-yarn-workspace-root@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/square/find-yarn-workspace-root.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d483276e3b782b3b107e7867ccd77cc141205d9e3823365a6669cb631ec3e45665687b76816db40ab8bc43e13fb79b488f8f9ea5306e6fed99c6efef3482f3a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-yarn-workspace-root" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "github-slugger", + "version": "2.0.0", + "bom-ref": "github-slugger@2.0.0", + "author": "Dan Flettre", + "description": "Generate a slug just like GitHub does for markdown headings.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/github-slugger@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/Flet/github-slugger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Flet/github-slugger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Flet/github-slugger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/github-slugger/-/github-slugger-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21a390f69b98b63ae4abb63462097d283667adffda89425852955ff3dcbc9326b16d11bb6354ab5ff8daba6aeff35bdceb5fa488c7a6a6e8ec337630ef0e6a73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/github-slugger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "got", + "version": "13.0.0", + "bom-ref": "got@13.0.0", + "description": "Human-friendly and powerful HTTP request library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/got@13.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/got.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/got#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/got/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5df064d42c4e39270370cafd3b5c8a90d690cb2f3ae4d6d8b3e17b76be07d0b64c5600a3d8b7b9f64e8fa9b347a0be53a1e684414621e9ceb231f55c73a489c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/got" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is", + "group": "@sindresorhus", + "version": "5.6.0", + "bom-ref": "@sindresorhus/is@5.6.0", + "author": "Sindre Sorhus", + "description": "Type check values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sindresorhus/is@5.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d5eedf062986895ac9f4d2d143a81c3cf94aa6afc0347d1535b6f4d08726731afd2c24219140bdc918c237b9cb8aa375c865d50ff8bc7bfe0876b7795ec32ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sindresorhus/is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-timer", + "group": "@szmarczak", + "version": "5.0.1", + "bom-ref": "@szmarczak/http-timer@5.0.1", + "author": "Szymon Marczak", + "description": "Timings for HTTP requests", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40szmarczak/http-timer@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http-timer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http-timer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http-timer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f9905f43e20183cc79561edb7ecb24062f38c616d63dab1f96113b24b76f8093549ba6df81df46f2af033a331c0406d139c735d51f63d9c2794c9102cfff73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@szmarczak/http-timer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "defer-to-connect", + "version": "2.0.1", + "bom-ref": "defer-to-connect@2.0.1", + "author": "Szymon Marczak", + "description": "The safe way to handle the `connect` socket event", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/defer-to-connect@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/defer-to-connect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2dbedb5ea571b555a606ad189b93913025dd6de2e76e9d239531d2d200bea621dd62c78dfca0fc0f64c00b638d450a28ee90ed4bd2dc0d706b1dcd2edd1e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/defer-to-connect" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-lookup", + "version": "7.0.0", + "bom-ref": "cacheable-lookup@7.0.0", + "author": "Szymon Marczak", + "description": "A cacheable dns.lookup(…) that respects TTL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-lookup@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/cacheable-lookup.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faa272c78c622ab6bc999adcc218cc44c5210f9351d51f1eb0f933218c57f7a26279c168c405c5bb3fc6a51dfe7afe0f13559a9878a9efcc15d2f7263d0b69f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-lookup" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-request", + "version": "10.2.14", + "bom-ref": "cacheable-request@10.2.14", + "author": "Jared Wray", + "description": "Wrap native HTTP requests with RFC compliant cache support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-request@10.2.14", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/cacheable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/cacheable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/cacheable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce40d3e56005e21492a148327e0e6d148c73f1740afb6e56fd32d5a2325330a05ac5ebcb041b4bc60aa0b80b95401f0f556efd1558c7714f8627db556c367d99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-request" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "group": "@types", + "version": "4.0.4", + "bom-ref": "@types/http-cache-semantics@4.0.4", + "description": "TypeScript definitions for http-cache-semantics", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-cache-semantics@4.0.4#types/http-cache-semantics", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-cache-semantics", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-cache-semantics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d66d1b20555cede256caf7bd4b4467b9181c42a17f5dde50b1464065e405af5437fe9f495a841012a995cbe0cf4cda465f086021eb40a1817c252737deadbd40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7abdbde4328f56c57cda3e64c351a3b7e00303f5d81ec6a397cd9c18d406d9eca83e4be05215fe9c32327a5ce12166dbb173f7f441dc23a979b58b36158a985d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "4.0.0", + "bom-ref": "mimic-response@4.0.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b92121fdc4c614d03ceb4fe8e5f2adb37bd0fa79606da3e23c08da5ef9523e2b627f17f9373dd91d4ddcf8c2f1951f8353a68f8d4584d522e31010c31cb0baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-url", + "version": "8.0.1", + "bom-ref": "normalize-url@8.0.1", + "author": "Sindre Sorhus", + "description": "Normalize a URL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-url@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/normalize-url.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20ef50be350c5b13d0421b3ad283aed740919160a26734949336d718657da6f8989757d761cbe4cd0e6357dcfc63aba7f0046855197812d0babfa8cda9b689ff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-url" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "responselike", + "version": "3.0.0", + "bom-ref": "responselike@3.0.0", + "author": "Luke Childs", + "description": "A response-like object for mocking a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/responselike@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/responselike.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/responselike#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/responselike/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e34c87c5b35c976fabcd7bd9b9592b62885ab61b122653135caaf21b9cbcb9c887bf5fb10cb1d0a608c6eb82543bd9eb12ada318b1fa219f01719cb0df0af07a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/responselike" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decompress-response", + "version": "6.0.0", + "bom-ref": "decompress-response@6.0.0", + "author": "Sindre Sorhus", + "description": "Decompress a HTTP response if needed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-response@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decompress-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "696df9c9933a05bff8a099599dc307d8b0a866d2574d1c444b5eef137868462a305369161da24a1644810e70d1f9c9bd27ef5085799113221fbf4a638bd7a309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "form-data-encoder", + "version": "2.1.4", + "bom-ref": "form-data-encoder@2.1.4", + "author": "Nick K.", + "description": "Encode FormData content into the multipart/form-data format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data-encoder@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/octet-stream/form-data-encoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c8361280d32b6aabe7c621173b8862f3cf986716870ba40acdbe4df388910930de44eed900ba62aff95599ffee5d4867c14af63b81d4f2cfe7eb1fb23634241f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data-encoder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http2-wrapper", + "version": "2.2.1", + "bom-ref": "http2-wrapper@2.2.1", + "author": "Szymon Marczak", + "description": "HTTP2 client, just with the familiar `https` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http2-wrapper@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http2-wrapper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5799d5c353c03a07c8dcb99e6a3d84c667a0edf7a78e1454833d653d27b3cb50ae84f61b810b5b423e2365f10010c95a2febeea6cbe18ea0b28f3a1bd32c6c99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http2-wrapper" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "resolve-alpn", + "version": "1.2.1", + "bom-ref": "resolve-alpn@1.2.1", + "author": "Szymon Marczak", + "description": "Detects the ALPN protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-alpn@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/resolve-alpn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1ad45e25ef7fd915939a9099d0dc5be4276fa0493416cffaf6284e4e7436344f13e6e61e0692a91659f338ed3ec7b1b9ceb5c255105e1ea42572eaeed0dcafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-alpn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lowercase-keys", + "version": "3.0.0", + "bom-ref": "lowercase-keys@3.0.0", + "author": "Sindre Sorhus", + "description": "Lowercase the keys of an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lowercase-keys@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/lowercase-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a33082ea0750fa0957390b2f78a0f462c0f2f034901630d3cf8cf2cc41cd579f893f90fad8b99f0d9ea8d5cc9c171f68b86f78d0ce5d13c0bc0937b0763d9859" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lowercase-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-cancelable", + "version": "3.0.0", + "bom-ref": "p-cancelable@3.0.0", + "author": "Sindre Sorhus", + "description": "Create a promise that can be canceled", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-cancelable@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-cancelable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a55604773c6bb3968d0c993764e1c5ea5d69704032e738d4c083ab26eb65e430912247137718bdd27df918beac289db90905cac8ed4befe5987dca3be7da253" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-cancelable" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eabbc27de456f8e1196a0001e2530b48db933586562d5b4a71c2bbf554937ffff24d8e5538281ca47f343be6d92bc35ea6cee95277791be425320d7257fda265" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90df5d25bbe7c921d42c896e0c7cb7d961d152edce83b07db1b63bb6c14b72d42422a9cc877844ad881d3234d8baa99c5d7fa52b94f596752ddc6ef336cc2664" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21f0f59cfdfb4ca8001d16206ee85cba2543988ea0c9049bc88697c33321ebaf445ba7996266a7784e3b50fd181f2e328565bf8b331e61a66979a8e5b2d2abe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e2538dabfb13b851b512d5bba8dcb3c992394eef8df45e7e5254085da73cec3c7b236d855f9679c57404e069b9cbb9d7be0aabb6e69e8dfa0da5c3f3c5b1ae3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-package-json", + "version": "2.10.0", + "bom-ref": "sort-package-json@2.10.0", + "author": "Keith Cirkel", + "description": "Sort an Object or package.json based on the well-known package.json keys", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-package-json@2.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-2.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31879c7ef39b3302638c9b2487161fb8e003917a7564c3270850bcca1a7ef470ec93b1e1477dfa85dede881b3dea54d77e2aa650d23e59009e08c441865db9d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "detect-indent", + "version": "7.0.1", + "bom-ref": "detect-indent@7.0.1", + "author": "Sindre Sorhus", + "description": "Detect the indentation of code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-indent@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-indent/-/detect-indent-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31ced0850f2cf9c2eb9d47d4fc98bde2f1bfafc336ea6f1ffbebf2adeb38668a236910e9675792221fc4a732cdc255aebf3499dd46c316ca6316f4c35dee9efe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "get-stdin", + "version": "9.0.0", + "bom-ref": "get-stdin@9.0.0", + "author": "Sindre Sorhus", + "description": "Get stdin as a string or buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stdin@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7552818df5a2b0b02271aac8d927fe26e044fc382157853334055ef7284426ecde44477726139313d7146894de49aefb7ec6d050ade970ea497cce7df9529968" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git-hooks-list", + "version": "3.1.0", + "bom-ref": "git-hooks-list@3.1.0", + "author": "fisker Cheung", + "description": "List of Git hooks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/git-hooks-list@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/fisker/git-hooks-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c5f15787791eeffb001b5ea7e04654d25ffd41251f50d6f10c47c240cf570483a197d3bfb3ca3dec01d0ef6238ffc679487d5b86823e2a05e8b52b784a1fe3c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/git-hooks-list" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-object-keys", + "version": "1.1.3", + "bom-ref": "sort-object-keys@1.1.3", + "author": "Keith Cirkel", + "description": "Sort an object's keys, including an optional key list", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-object-keys@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-object-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39e69bcaf95914ecf68a60f73e2639e6b781337a3407ca1845df7ab7d6a1bcc7b99a0f391e1610004e174261acb5d422123bea803308ce04ff9f3d97b420fca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-object-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-jsonc", + "version": "1.0.1", + "bom-ref": "tiny-jsonc@1.0.1", + "description": "An absurdly small JSONC parser.", + "purl": "pkg:npm/tiny-jsonc@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/fabiospampinato/jsonc-simple-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tiny-jsonc/-/tiny-jsonc-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a4e810b1cef6bd0e88847c35ff962d0bd9c58a3cf10d62f8b1529ac5765dd83e2e1b6595210e7348f5852469caeffae206f74767c51e6636a6a80fa5210fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tiny-jsonc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "open", + "version": "10.1.0", + "bom-ref": "open@10.1.0", + "author": "Sindre Sorhus", + "description": "Open stuff like URLs, files, executables. Cross-platform.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/open@10.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/open.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/open#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/open/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/open/-/open-10.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a791e435a8fe547b6c1df9a8af4c3dcd1ddfe567de8bbb48e07f4a7092d2cfb71e9c4d9887eedc9e191447b34cd7d2b6eb6a15cf9d79549db797c9a041b886b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open" + } + ] + }, + { + "type": "library", + "name": "default-browser", + "version": "5.2.1", + "bom-ref": "default-browser@5.2.1", + "author": "Sindre Sorhus", + "description": "Get the default browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser@5.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "598ff74d4304d31dca3d875147110926f5d11d5e0fc8fa14b31b596bbf25c08b7045044785dd94f713ac71a4ff6137fcb825c8023789385055121ffb16d0fc5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser" + } + ] + }, + { + "type": "library", + "name": "bundle-name", + "version": "4.1.0", + "bom-ref": "bundle-name@4.1.0", + "author": "Sindre Sorhus", + "description": "Get bundle name from a bundle identifier (macOS): `com.apple.Safari` → `Safari`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bundle-name@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/bundle-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63c0ce5ec4c83a046448fa43664e7b4db2f7594b55fc045612ead9c9da1747d2457133afde559db1cbe16a4ad496bd89ad7c53032c8c6eae8ac7c0329f0f3e5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-name" + } + ] + }, + { + "type": "library", + "name": "run-applescript", + "version": "7.0.0", + "bom-ref": "run-applescript@7.0.0", + "author": "Sindre Sorhus", + "description": "Run AppleScript and get the result", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-applescript@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/run-applescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5bcb8223f7d254aff3021415240ca2d62b71bd1d55e669b2b3f54e4c948008bafbb39223a271162cf1724bc57fb16a10fe98b8a20980ea17d74a020b7328fd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-applescript" + } + ] + }, + { + "type": "library", + "name": "default-browser-id", + "version": "5.0.0", + "bom-ref": "default-browser-id@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the bundle identifier of the default browser (macOS). Example: com.apple.Safari", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser-id@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser-id.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03aa7fa6effa7f205c0354d1cff1aa5983d58a996b7ed716da0642f6aefd9e0342280791fd7de070475740797828d5d5fb7c20209d423e4250dc81ccea572cc8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser-id" + } + ] + }, + { + "type": "library", + "name": "define-lazy-prop", + "version": "3.0.0", + "bom-ref": "define-lazy-prop@3.0.0", + "author": "Sindre Sorhus", + "description": "Define a lazily evaluated property on an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-lazy-prop@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/define-lazy-prop.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37e31e5d8a2aaf7a4e827f317f244f44437b8076a42d88e1b07856193ddf58088be08900b74883c35e108a2126d9b137d1ce575f9ab416d000dc22b97fdfc152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-lazy-prop" + } + ] + }, + { + "type": "library", + "name": "is-inside-container", + "version": "1.0.0", + "bom-ref": "is-inside-container@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a container (Docker/Podman)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-inside-container@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-inside-container.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28860b08226085f1d9c6a8d8044eeb132d0e06e4dde710874bbb47560bc22e4c7b4ad2286b1c0d5b784200b80452315f79193e306fd0c66a7fbed113105ded44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "version": "4.2.0", + "bom-ref": "prompt-sync@4.2.0", + "description": "a synchronous prompt for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompt-sync@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/heapwolf/prompt-sync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompt-sync/-/prompt-sync-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06e133cdce73a6d3f92ec815e4c6444e30da29259f72197953d2ee8aef122a9ee26560f9b596a53b1bcd719470bfe776a61345afcc656f198535c44a7c93b327" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "lodash.truncate", + "version": "4.4.2", + "bom-ref": "lodash.truncate@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.truncate` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.truncate@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8edb6645eedb46c7b9d8eb1620c0cb697c56a91026b4851c70043781aaef882a898da7d739f34c3b4c8c7cda5d0facdb19a4d4d0fe4dcfb7bb8004fa70a98947" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.truncate" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.2.3", + "bom-ref": "tmp@0.2.3", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d90fb9bd8823c2e60d2962671ac688182a08127cbb1dc65f287f743fa086ea0aa2cb20ef48005d065a35f5cfd3594473e25eff167b1e320c2699b20130d18f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "29.1.4", + "bom-ref": "ts-jest@29.1.4", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@29.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6221f00e14af0a222da0082c2ada0b142b9a903cc3b09d432c39d2a2e4da4e674e70ec08912cdb2d776e690e8ce4345586e642fcd61a699fe6b476d632ffd2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "remapping", + "group": "@ampproject", + "version": "2.3.0", + "bom-ref": "@ampproject/remapping@2.3.0", + "author": "Justin Ridgewell", + "description": "Remap sequential sourcemaps through transformations to point at the original source code", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40ampproject/remapping@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ampproject/remapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ampproject/remapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ampproject/remapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df4899b403e0cfe2d3218a1e8afa98a3ce777f4da305849de6e1a71a9905574337c4eb7d68def77ab920600999538df1e157ea7272f15bd2a98374792c2e1863" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ampproject/remapping" + } + ] + }, + { + "type": "library", + "name": "js-tokens", + "version": "4.0.0", + "bom-ref": "js-tokens@4.0.0", + "author": "Simon Lydell", + "description": "A regex that tokenizes JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-tokens@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/lydell/js-tokens.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lydell/js-tokens#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lydell/js-tokens/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-tokens" + } + ] + }, + { + "type": "library", + "name": "helper-compilation-targets", + "group": "@babel", + "version": "7.23.6", + "bom-ref": "@babel/helper-compilation-targets@7.23.6", + "author": "The Babel Team", + "description": "Helper functions on Babel compilation targets", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-compilation-targets@7.23.6#packages/babel-helper-compilation-targets", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-compilation-targets", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f49079e3c199a10566ceb160a7ca3b2b17609131a6eb1b3d0d6d28fcf8a6ef65038f3af939b510e99cd83ea03e83d3934b66c142872d2c9ae4cb444308059181" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets" + } + ] + }, + { + "type": "library", + "name": "compat-data", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/compat-data@7.24.4", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/compat-data@7.24.4#packages/babel-compat-data", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-compat-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be0f068a1d8c2cafa43a41c9a788011089326888b4d23816a2dd83f503a699f2c2f2320d48ece608bb5ae81bf3fc94810aa9de815d0bf348e1c64a25e4658d7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/compat-data" + } + ] + }, + { + "type": "library", + "name": "helper-validator-option", + "group": "@babel", + "version": "7.23.5", + "bom-ref": "@babel/helper-validator-option@7.23.5", + "author": "The Babel Team", + "description": "Validate plugin/preset options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-option@7.23.5#packages/babel-helper-validator-option", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-option", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39b6d00e30bb2be775605e44db931f2803a6137d3e2aeff1f35d22c46268dc49324f30f42dbead410fbf41c9ea79c4c5186c64731290ec8d47f7772a79e082b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-option" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "5.1.1", + "bom-ref": "lru-cache@5.1.1", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@5.1.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a9340450037230bfe8d3034bad51555bae1f8996baf516fd1ee7a186cc014e5cdedd93f16f89a0d6f0b1e62b9d8395c1f858fda7ea023cbcdd5a7ac045828f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "3.1.1", + "bom-ref": "yallist@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b850641a58f1f9f663975189c01b67b09dc412e22e05e374efdc9a0033eb365430264bd36c2bc1a90cc2eb0873e4b054fb8772ba4cea14367da96fb4685f1e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yallist" + } + ] + }, + { + "type": "library", + "name": "helper-module-transforms", + "group": "@babel", + "version": "7.23.3", + "bom-ref": "@babel/helper-module-transforms@7.23.3", + "author": "The Babel Team", + "description": "Babel helper functions for implementing ES6 module transformations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-transforms@7.23.3#packages/babel-helper-module-transforms", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-transforms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-transforms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edb06ce040fd3a6b3075f0f3a73e0ca56812ad5ec55e5737cc86a0bcb1634b91fe324ed29ebdb5bd0e90c2bb2808631f342e1ee0b40f76850b12de32933d1245" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-transforms" + } + ] + }, + { + "type": "library", + "name": "helper-environment-visitor", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-environment-visitor@7.22.20", + "author": "The Babel Team", + "description": "Helper visitor to only visit nodes in the current 'this' context", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-environment-visitor@7.22.20#packages/babel-helper-environment-visitor", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-environment-visitor", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-environment-visitor", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdf79d488cc585ab7f8058567c7b605af95e7349ea07d604215ae9bb08ebb8b9577d44a703c7090749a21cac2a0e743b777d9a2a8db1b7cf3fc59a6dc316df84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-environment-visitor" + } + ] + }, + { + "type": "library", + "name": "helper-module-imports", + "group": "@babel", + "version": "7.24.3", + "bom-ref": "@babel/helper-module-imports@7.24.3", + "author": "The Babel Team", + "description": "Babel helper functions for inserting module loads", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-imports@7.24.3#packages/babel-helper-module-imports", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-imports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-imports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be229bd05f5fdacd01092db6412177d3ccfffb5616295ffbea6c2deb5341cd2e62ccccc33f076ad694ebcdff8b8b79e90565fd29d41b91e0add6348033b959aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-imports" + } + ] + }, + { + "type": "library", + "name": "helper-simple-access", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-simple-access@7.22.5", + "author": "The Babel Team", + "description": "Babel helper for ensuring that access to a given value is performed through simple accesses", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-simple-access@7.22.5#packages/babel-helper-simple-access", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-simple-access", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-simple-access", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f41fdf44fcaf818a46b7fbe58d2f5ecf3afa38aca599ee5644a7543e7d2b556d48bc9f13d01013a54e608ec56ff426c4b9e9228a43ea2301eda91ca247377e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-simple-access" + } + ] + }, + { + "type": "library", + "name": "helper-split-export-declaration", + "group": "@babel", + "version": "7.22.6", + "bom-ref": "@babel/helper-split-export-declaration@7.22.6", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.22.6#packages/babel-helper-split-export-declaration", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-split-export-declaration", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-split-export-declaration", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02c527c6e2e1458b22b0589a270be9d5017e2372a30f914ec6eb75e2afc6ce8bd47baa2b1cb7ac5b60bb77be789119b9de1e60aabcfab0597ab31738055b44fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-split-export-declaration" + } + ] + }, + { + "type": "library", + "name": "helpers", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/helpers@7.24.4", + "author": "The Babel Team", + "description": "Collection of helper functions used by Babel transforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helpers@7.24.4#packages/babel-helpers", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helpers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helpers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15ec1d9596d28b06951a5813d433c0343b821da0cc88ea3e0ff2036111588c73aebfaeb131227b7d0c30383c113403e400320eff3d44a05fe5d810969560010f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helpers" + } + ] + }, + { + "type": "library", + "name": "helper-function-name", + "group": "@babel", + "version": "7.23.0", + "bom-ref": "@babel/helper-function-name@7.23.0", + "author": "The Babel Team", + "description": "Helper function to change the property 'name' of every function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-function-name@7.23.0#packages/babel-helper-function-name", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-function-name", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-function-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "384ac4aacaf18d94c97226783a8f9ea19a9e5bd50888e72e60a449038640815f66c80fa93978619a97cd08a8c41ff6ae55f11854527acb54dce2bd1e200a6a8b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-function-name" + } + ] + }, + { + "type": "library", + "name": "helper-hoist-variables", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-hoist-variables@7.22.5", + "author": "The Babel Team", + "description": "Helper function to hoist variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-hoist-variables@7.22.5#packages/babel-helper-hoist-variables", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-hoist-variables", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-hoist-variables", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c068e4f50655cef92703ac8a2145116fccd8de0ad709c399b7effb59ccbc3b6b9cb7186996650f90e76582836199d55e7b673dd895db7f5c6932d54d6dfa3147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-hoist-variables" + } + ] + }, + { + "type": "library", + "name": "helper-string-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/helper-string-parser@7.24.1", + "author": "The Babel Team", + "description": "A utility package to parse strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-string-parser@7.24.1#packages/babel-helper-string-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-string-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-string-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "da87d10a39e703dcbec24f1bf4801112ba1e50fd36287a78df53769a12a78b2db22880caa5bac7bfd797c26f1c05e59061c266cefe6a282bbae4fe3b78217b09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-string-parser" + } + ] + }, + { + "type": "library", + "name": "to-fast-properties", + "version": "2.0.0", + "bom-ref": "to-fast-properties@2.0.0", + "author": "Sindre Sorhus", + "description": "Force V8 to use fast properties for an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-fast-properties@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/to-fast-properties.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fce68a2b4c58aecdc39b1458a8bff20dcf85c455156210e55cc8519afdf3f75e70d87175b67375a26077e788fc55418efe16d1cf20fa637b00eefec64bf71ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-fast-properties" + } + ] + }, + { + "type": "library", + "name": "gensync", + "version": "1.0.0-beta.2", + "bom-ref": "gensync@1.0.0-beta.2", + "author": "Logan Smyth", + "description": "Allows users to use generators in order to write common functions that can be both sync or async.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gensync@1.0.0-beta.2", + "externalReferences": [ + { + "url": "git+https://github.com/loganfsmyth/gensync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de137b35ab2462f3032d0639e609d6dcd43e99eb0401ea53aa583e5446e3ef3cea10c055361cdc19861ea85a3f4e5633e9e42215ca751dcb0264efa71a04bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gensync" + } + ] + }, + { + "type": "library", + "name": "resolve-uri", + "group": "@jridgewell", + "version": "3.1.2", + "bom-ref": "@jridgewell/resolve-uri@3.1.2", + "author": "Justin Ridgewell", + "description": "Resolve a URI relative to an optional base URI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/resolve-uri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d12128022233f6d3fb5b5923d63048b9e1054f45913192e0fd9492fe508c542adc15240f305b54eb6f58ccb354455e8d42053359ff98690bd42f98a59da292b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/resolve-uri" + } + ] + }, + { + "type": "library", + "name": "load-nyc-config", + "group": "@istanbuljs", + "version": "1.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0", + "description": "Utility function to load nyc configuration", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/load-nyc-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5637874a5233a6ffcdc83dcdd18b877d738f0c88b1700d6ad9957df30b0ca9c6253e6bf69f761bda560ff5730496768555783903b60b4de2eee95f38b900e399" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "5.3.1", + "bom-ref": "camelcase@5.3.1", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@5.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "test-exclude", + "version": "6.0.0", + "bom-ref": "test-exclude@6.0.0", + "author": "Ben Coe", + "description": "test for inclusion or exclusion of paths using globs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/test-exclude@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/test-exclude.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/test-exclude/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7001963c8c8e1d4eb396683cf23c26ed54725e730dee257af0e1806d80e4fcc87fc42fe9cd53e542d63a9e0a081ffe7fb5c8ae8467ef11253c1ab1eb7310f9eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude" + } + ] + }, + { + "type": "library", + "name": "babel__generator", + "group": "@types", + "version": "7.6.8", + "bom-ref": "@types/babel__generator@7.6.8", + "description": "TypeScript definitions for @babel/generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__generator@7.6.8#types/babel__generator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012b23fada440ec12216bd5aad6ae537a57799d7e344c66de8bb4afd5a7f92b7852e7af9407e7e0e1bc3e6720d6195f3c09bd7786abed398945dc03356ba96b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__generator" + } + ] + }, + { + "type": "library", + "name": "babel__template", + "group": "@types", + "version": "7.4.4", + "bom-ref": "@types/babel__template@7.4.4", + "description": "TypeScript definitions for @babel/template", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__template@7.4.4#types/babel__template", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "87f354692c86e44cb1048a7c611c68e1131edbfa9082fca8c11c1533385884108e35b5bc3d4b20e2590532b86066151ee73dcbdcc88b0eebf227f09a3dad80f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__template" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "29.6.3", + "bom-ref": "babel-preset-jest@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@29.6.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d01ddb87147ab27597259b51fd19621d30cf4609f5b0d1ce474c95b6afc8890172b8e563152fb0ba2a3f478812364c9898a989078c0666fd8d65a9e62a64e734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "29.6.3", + "bom-ref": "babel-plugin-jest-hoist@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@29.6.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11201cfd126f193144cd1c0e4d3e3e94d0e4fc634732429b373b2f4f4a8a45f0f2c984ec931079ae75369e3203615c570811c7108d5cd18c07a1bdd6698ba33a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "ts-mocha", + "version": "10.0.0", + "bom-ref": "ts-mocha@10.0.0", + "author": "Piotr Witek", + "description": "Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-mocha@10.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/piotrwitek/ts-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-mocha/-/ts-mocha-10.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5517e00cefa28ae24594d075f2dcce7f2a49db5c67db16ee6720ef26faa94db5a0900803d7b38d1abf2df9397cadc06d3817635e9e5efd193e777f5fed704747" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "buffer-from", + "version": "1.1.2", + "bom-ref": "buffer-from@1.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/LinusU/buffer-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/LinusU/buffer-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/LinusU/buffer-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-from" + } + ] + }, + { + "type": "library", + "name": "tsconfig-paths", + "version": "3.15.0", + "bom-ref": "tsconfig-paths@3.15.0", + "author": "Jonas Kello", + "description": "Load node modules according to tsconfig paths, in run-time or via API.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsconfig-paths@3.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/dividab/tsconfig-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80736460cc37bf727e3c1af39edccfa8f36a4415ec03dd43dbca85071dd29ab07c092a376ce1f2d759ffd4c799004c128ddb4a1a146bbe8db125a75a68b349a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json5", + "group": "@types", + "version": "0.0.29", + "bom-ref": "@types/json5@0.0.29", + "author": "Jason Swearingen", + "description": "TypeScript definitions for JSON5", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json5@0.0.29", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7512e30961d8838a1a03bedcc4eeb8a0efbb2700b09c8ce464f76bac2ef58d0990b6584ce79ea9c0aa396d4ceabd99dd9156de14b2088bef530b8d09345e6135" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "group": "@cspotcode", + "version": "0.8.1", + "bom-ref": "@cspotcode/source-map-support@0.8.1", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40cspotcode/source-map-support@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21c84d7fa74de2d1e8305227ffb384f0b599d7d63aabfebb0667fabe719112ff1149b0556fd2cf27111c9f0adcc17ea2c52bda886a2898052fbb8612c57ad583" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support" + } + ] + }, + { + "type": "library", + "name": "node10", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node10@1.0.11", + "description": "A base TSConfig for working with Node 10.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node10@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0dc4630c2ba32bf90293f7147bc5f3f194a99bc992de634da6d6be8c6080e944840df92d94dbe6d7e22e67d7937036cd938d411f0a471de5be37594a0b3e333b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node10" + } + ] + }, + { + "type": "library", + "name": "node12", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node12@1.0.11", + "description": "A base TSConfig for working with Node 12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node12@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72a79fb91b21d76a56c86b08a0128903d96e16ede6471080f8e459bc0e24b4b4b322e094b56571188b978a01303b9ff2c1614c67640418a5af9191b5cc33136a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node12" + } + ] + }, + { + "type": "library", + "name": "node14", + "group": "@tsconfig", + "version": "1.0.3", + "bom-ref": "@tsconfig/node14@1.0.3", + "description": "A base TSConfig for working with Node 14.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node14@1.0.3#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cac4fc9a1762c562ba1f0de2d55d80791a99e567d78351b8de6aa86253369dceb7f3c16ae63717cabe6646ca9588bc7f18961da0bd1b7d70fc9e617e667fc8a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node14" + } + ] + }, + { + "type": "library", + "name": "node16", + "group": "@tsconfig", + "version": "1.0.4", + "bom-ref": "@tsconfig/node16@1.0.4", + "description": "A base TSConfig for working with Node 16.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node16@1.0.4#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf1854cb827c9727b28a71fb033975a5d778dc6261647fed3f6c1e37c4e7b506e5398f80d176d3f03264d7fa023ee38eca0fc96bbe7bac6d028077160bc39f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node16" + } + ] + }, + { + "type": "library", + "name": "acorn-walk", + "version": "8.3.2", + "bom-ref": "acorn-walk@8.3.2", + "description": "ECMAScript (ESTree) AST walker", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-walk@8.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "723932bf83ad34221eaa11eb7d2f354165e80813c4c51fc9eb6a3212a7a9570f16690792aa95b6ba1b8b3e1d66f5e5a10ee3a8fe35175539627ef7ac396a7fe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-walk" + } + ] + }, + { + "type": "library", + "name": "create-require", + "version": "1.1.1", + "bom-ref": "create-require@1.1.1", + "description": "Polyfill for Node.js module.createRequire (<= v12.2.0)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-require@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/nuxt-contrib/create-require.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "75c2855f78e7d0ca486978e2b2846f7b12095442b36aaef3dab64ac5ff8c4abf5391d9879ac5389b695c2e88eb8ff14797c9a4e55c4c99803e7ed4643ffde829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-require" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "4.0.2", + "bom-ref": "diff@4.0.2", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@4.0.2", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c966c4a480e013722f3f871cc53394e129834f4557e7afe9931edef262860771ce073067c5681043e600b0991bd2e6a9f56834c30aa6db48613546eae0d8ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache-lib", + "version": "3.0.1", + "bom-ref": "v8-compile-cache-lib@3.0.1", + "author": "Andrew Bradley", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache-lib@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/v8-compile-cache-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1aed88f25067cd667808fefb4ad141c037e9600c2c413c2ca55571a9d33bb9f45cf96a21ad3576aadc3848a2fd3adcca2b07e55fb9f2e1dc9945d8a7532b7c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache-lib" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "3.1.1", + "bom-ref": "yn@3.1.1", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yn" + } + ] + }, + { + "type": "library", + "name": "tsimportlib", + "version": "0.0.5", + "bom-ref": "tsimportlib@0.0.5", + "author": "Andrew Bradley", + "purl": "pkg:npm/tsimportlib@0.0.5", + "externalReferences": [ + { + "url": "https://github.com/cspotcode/tsimportlib", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/tsimportlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsimportlib/-/tsimportlib-0.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9642ffc2dd80783f08fbed9d8794e45fcb912c58771262deba55094c334c5988a5f0b687b54b17e9ce61d7eb6b1d260cd4e9eb2b046b72448971e8ed8e14fad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsimportlib" + } + ] + }, + { + "type": "library", + "name": "colors", + "group": "@colors", + "version": "1.6.0", + "bom-ref": "@colors/colors@1.6.0", + "author": "DABH", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40colors/colors@1.6.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/DABH/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DABH/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DABH/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "22bf803a26eaceb22c2fa6a3b77473dcbb2407b3a23151ea96d666b296d6fd326e4d5bb238c8ab56a0248df63a2484a22c783236a89c002f00c871c6ccd77f74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@colors/colors" + } + ] + }, + { + "type": "library", + "name": "diagnostics", + "group": "@dabh", + "version": "2.0.3", + "bom-ref": "@dabh/diagnostics@2.0.3", + "author": "Arnout Kazemier", + "description": "Tools for debugging your node.js modules and event loop", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40dabh/diagnostics@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/diagnostics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "86b9503888bb8407f3b0caa519217256e72bc77f0efa3eb088639ffff1f679cbc812a60de000c1492da22cc879505c83ba708d9e25083e4feadeb885bf8e7144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@dabh/diagnostics" + } + ] + }, + { + "type": "library", + "name": "colorspace", + "version": "1.1.4", + "bom-ref": "colorspace@1.1.4", + "author": "Arnout Kazemier", + "description": "Generate HEX colors for a given namespace.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colorspace@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/colorspace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "060bca262b95bb58a00541769048d10995e897ac228866d8e62a4bfe854fc26d012fdb08a4c23333c20aeefc2ec48233397315dc4cb9c3ebf1866d2b47f4cdf3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace" + } + ] + }, + { + "type": "library", + "name": "text-hex", + "version": "1.0.0", + "bom-ref": "text-hex@1.0.0", + "author": "Arnout Kazemier", + "description": "Generate a hex color from the given text", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-hex@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/text-hex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae546356ce0278ca145a3528ae6cf63b3a3212c38b30e04e54bf4c1b8e9f8ecdc6e6554febb13f2e8e07172619fdca9cec82be6f973a4fa8ff8c04129c1af6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-hex" + } + ] + }, + { + "type": "library", + "name": "enabled", + "version": "2.0.0", + "bom-ref": "enabled@2.0.0", + "author": "Arnout Kazemier", + "description": "Check if a certain debug flag is enabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enabled@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/enabled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00aacdf7c92ec0eccc21d022cd7188f3a505068a36e822f6d5433beb7cb587f18c489e3f38753d936625b26069c92705a3fc1b2f35902413025b8f883b7ffe39" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enabled" + } + ] + }, + { + "type": "library", + "name": "kuler", + "version": "2.0.0", + "bom-ref": "kuler@2.0.0", + "author": "Arnout Kazemier", + "description": "Color your terminal using CSS/hex color codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kuler@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/kuler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eaf671fb2a559999702da1d5c30d113bbece8353581353ccd80c70e258b4a2a78e44830ab7a652c7ccf9f6ecd82fccbdabd4b30f0b5bddaa1f7cb10c6daa3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kuler" + } + ] + }, + { + "type": "library", + "name": "logform", + "version": "2.6.0", + "bom-ref": "logform@2.6.0", + "author": "Charlie Robbins", + "description": "An mutable object-based log format designed for chaining & objectMode streams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/logform@2.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/logform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/logform#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/logform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6e94778d3e9ea4fcb0fc1fdd68ed56050678398b504313b1e82b155b66218589d4b5463eb9a9ccb02f15fea557c03e840912345dbca72eb0ac0eba91c254e55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/logform" + } + ] + }, + { + "type": "library", + "name": "fecha", + "version": "4.2.3", + "bom-ref": "fecha@4.2.3", + "author": "Taylor Hakes", + "description": "Date formatting and parsing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fecha@4.2.3", + "externalReferences": [ + { + "url": "git+https://taylorhakes@github.com/taylorhakes/fecha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/taylorhakes/fecha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/taylorhakes/fecha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38fd88514e877982898b78b4cf8035f641cc4282d5b381dcf833eaab123687f0cf6474e6fef8ec7c2e8fd1be2308ccb5e178b32c1aaf9dd43e522943efbd3b27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fecha" + } + ] + }, + { + "type": "library", + "name": "safe-stable-stringify", + "version": "2.4.3", + "bom-ref": "safe-stable-stringify@2.4.3", + "author": "Ruben Bridgewater", + "description": "Deterministic and safely JSON.stringify to quickly serialize JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-stable-stringify@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/BridgeAR/safe-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b66c30365894f4c31b1e55de25b033f8fb738d5fa1e931741ad5984543b494f868ef3910a64a16c2325b6bb480df9188551eb39c3ed8fe2a198305d3dd643d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "version": "1.4.1", + "bom-ref": "triple-beam@1.4.1", + "author": "Charlie Robbins", + "description": "Definitions of levels for logging purposes & shareable Symbol constants.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/triple-beam@1.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/triple-beam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6996e056266b83540d706f8b50b6bb9e16692536522e6fe65e71d79db01b8e63796926b4cbb57ec2fbfafb859a06da48489cd384acbe3c83f173536ad4427d9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/triple-beam" + } + ] + }, + { + "type": "library", + "name": "one-time", + "version": "1.0.0", + "bom-ref": "one-time@1.0.0", + "author": "Arnout Kazemier", + "description": "Run the supplied function exactly one time (once)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/one-time@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/one-time.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e435ce8912b0b9211c43f974906085e90de37000c5bf9b52991689724fceaa454570eceeb41d77e0a4527c5d310eb2f7f4c367ab16c705b51472364885381bda" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/one-time" + } + ] + }, + { + "type": "library", + "name": "fn.name", + "version": "1.1.0", + "bom-ref": "fn.name@1.1.0", + "author": "Arnout Kazemier", + "description": "Extract names from functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fn.name@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/fn.name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1919e607980fc89a4085341d4994d2a7db9a3d2be5d3d2a861c310b6c07dad0a0e9b3b3d747e9f7de71c1fe67e72fe8febc1eee5b0ba263461e0087f98748d47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fn.name" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.3.0", + "bom-ref": "string_decoder@1.3.0", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string_decoder" + } + ] + }, + { + "type": "library", + "name": "stack-trace", + "version": "0.0.10", + "bom-ref": "stack-trace@0.0.10", + "author": "Felix Geisendörfer", + "description": "Get v8 stack traces as an array of CallSite objects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-trace@0.0.10", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-stack-trace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "286cda85cee9b942a4cf232df88a807a9f9354d6ca3fe9362e6c21b9bdfd9b502c4d291a0eeb71e7a6830a8f872c3cdffc3dba0481d32563624c6d4a0098900a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-trace" + } + ] + }, + { + "type": "library", + "name": "winston-transport", + "version": "4.7.0", + "bom-ref": "winston-transport@4.7.0", + "author": "Charlie Robbins", + "description": "Base stream implementations for winston@3 and up.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston-transport@4.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/winstonjs/winston-transport.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a3063eb92b923b75e9f37abd88616ebed9b34856a2c60c7a83c373b0f0e861faf756fabbf8319e9e883bc7a0a85f2456766aec8df1bc9789e0c327de9588e36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston-transport" + } + ] + }, + { + "type": "library", + "name": "xlsx-populate", + "version": "1.21.0", + "bom-ref": "xlsx-populate@1.21.0", + "author": "Dave T. Johnson", + "description": "Excel XLSX parser/generator written in JavaScript with Node.js and browser support, jQuery/d3-style method chaining, and a focus on keeping existing workbook features and styles in tact.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xlsx-populate@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/dtjohnson/xlsx-populate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xlsx-populate/-/xlsx-populate-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2fd869bc05e857a3a2d4eca4fcd364285d33e4618d522a4e55f20fd4b98667341dc9cd7aae77f3fdf4fc6bdb25de2b2b7eb0a9426ad9a2773ea340d89ed6147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate" + } + ] + }, + { + "type": "library", + "name": "cfb", + "version": "1.2.2", + "bom-ref": "cfb@1.2.2", + "author": "sheetjs", + "description": "Compound File Binary File Format extractor", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/cfb@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-cfb.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-cfb/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cfb/-/cfb-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "29f75466c48ec35f7f39b1166acbc13ff01ce2b799bc019ab9986ce92fe0a8d857848edc2b0be51fbba58fe74e1189dc6b86e6e121a8f02d5b4c042f9d38e040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cfb" + } + ] + }, + { + "type": "library", + "name": "adler-32", + "version": "1.3.1", + "bom-ref": "adler-32@1.3.1", + "author": "sheetjs", + "description": "Pure-JS ADLER-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/adler-32@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-adler32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/opensource", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-adler32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/adler-32/-/adler-32-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca7678c3f9d452fe6baec47c5141a87b5542f61663e95e6153d430d4794c0c9184270e52ed37d312b5938cccace8ceefaf461670faacdea02be2cb349c37cff8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/adler-32" + } + ] + }, + { + "type": "library", + "name": "crc-32", + "version": "1.2.2", + "bom-ref": "crc-32@1.2.2", + "author": "sheetjs", + "description": "Pure-JS CRC-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/crc-32@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44e9b308aad39cec326cf709029000e960568a3db71d57c654d2aaaab669bb264e1ea2b60b01d2be91aecadfd434dbda22311df17e48146a78321f887b520725" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/crc-32" + } + ] + }, + { + "type": "library", + "name": "jszip", + "version": "3.10.1", + "bom-ref": "jszip@3.10.1", + "author": "Stuart Knightley", + "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip", + "licenses": [ + { + "expression": "(MIT OR GPL-3.0-or-later)" + } + ], + "purl": "pkg:npm/jszip@3.10.1", + "externalReferences": [ + { + "url": "git+https://github.com/Stuk/jszip.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Stuk/jszip#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Stuk/jszip/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c570ef79cc93a462eba85aef92b512a31c5f248e401fb53ccf1c6d55c969b14b4c0aae09436f742d8f005b973b1a09ebfd8fe82be6d031ba8adaa9ad937a4de2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip" + } + ] + }, + { + "type": "library", + "name": "lie", + "version": "3.3.0", + "bom-ref": "lie@3.3.0", + "description": "A basic but performant promise implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lie@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/lie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lie" + } + ] + }, + { + "type": "library", + "name": "immediate", + "version": "3.0.6", + "bom-ref": "immediate@3.0.6", + "description": "A cross browser microtask library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/immediate@3.0.6", + "externalReferences": [ + { + "url": "git://github.com/calvinmetcalf/immediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d7385b72a838cd0c043155f631b85ee0f4897f21b5a69a5420d8c60a387f04c484f5aa0eb1738cf24b71da10401382cd5bb5fcf1ab5e5c894898ee08d25d119" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/immediate" + } + ] + }, + { + "type": "library", + "name": "pako", + "version": "1.0.11", + "bom-ref": "pako@1.0.11", + "description": "zlib port to javascript - fast, modularized, with browser support", + "licenses": [ + { + "expression": "(MIT AND Zlib)" + } + ], + "purl": "pkg:npm/pako@1.0.11", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/pako.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/pako", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/pako/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pako" + } + ] + }, + { + "type": "library", + "name": "core-util-is", + "version": "1.0.3", + "bom-ref": "core-util-is@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "The `util.is*` functions introduced in Node v0.12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/core-util-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/core-util-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/core-util-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-util-is" + } + ] + }, + { + "type": "library", + "name": "isarray", + "version": "1.0.0", + "bom-ref": "isarray@1.0.0", + "author": "Julian Gruber", + "description": "Array#isArray for older browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/isarray.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/isarray", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/isarray/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isarray" + } + ] + }, + { + "type": "library", + "name": "process-nextick-args", + "version": "2.0.1", + "bom-ref": "process-nextick-args@2.0.1", + "description": "process.nextTick but always with args", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/process-nextick-args" + } + ] + }, + { + "type": "library", + "name": "setimmediate", + "version": "1.0.5", + "bom-ref": "setimmediate@1.0.5", + "author": "YuzuJS", + "description": "A shim for the setImmediate efficient script yielding API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/setimmediate@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/YuzuJS/setImmediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3004c9759a7cb0ba8397febc2df4266cff3328f2d0355e81219a0882bb1c14343e46cbcafc1c5e0d03a0cb128aa21d32ffc87706a5459c2a90fe077eade8885c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setimmediate" + } + ] + }, + { + "type": "library", + "name": "sax", + "version": "1.2.1", + "bom-ref": "sax@1.2.1", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d9adcba2f1d33a99bb355e723b23bc207aa056c7cae3e52ec92ad753c617912457ee4ea1095f5bdc7ae4282af79cca608fed1b9a871a2495a9be9d6873b64" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sax" + } + ] + }, + { + "type": "library", + "name": "xmlbuilder", + "version": "11.0.1", + "bom-ref": "xmlbuilder@11.0.1", + "author": "Ozgur Ozcitak", + "description": "An XML builder for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlbuilder@11.0.1", + "externalReferences": [ + { + "url": "git://github.com/oozcitak/xmlbuilder-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c396c23f905131ee02ef6de71cd3fa212c6e747ee810a7caf21f3313b96f6f49ad462745d858a9e1b14c7ba227b71bdf3eaf9e9a4d0214078921b78d91dc9bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlbuilder" + } + ] + }, + { + "type": "library", + "name": "zip-lib", + "version": "1.0.4", + "bom-ref": "zip-lib@1.0.4", + "author": "fpsqdb", + "description": "zip and unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/zip-lib@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/fpsqdb/zip-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/zip-lib/-/zip-lib-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b5cc0c2d4b13fddc60110330c685add0148fdd054af6f57faf0ece46452f1ba4045bc1a06550d3873844f050de44e0f4beb306f500c52eb789f5e4ce61ce7a4f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/zip-lib" + } + ] + }, + { + "type": "library", + "name": "yauzl", + "version": "3.1.3", + "bom-ref": "yauzl@3.1.3", + "author": "Josh Wolfe", + "description": "yet another unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yauzl@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yauzl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yauzl/-/yauzl-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "24209d9a52495afecbd2afcaca539e93245a52b744a14c5691655c828ae8b1344e0855a24bda7634d3c4f586fdd5a93b6f53794b1019125896a6ca5b65c722bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yauzl" + } + ] + }, + { + "type": "library", + "name": "buffer-crc32", + "version": "0.2.13", + "bom-ref": "buffer-crc32@0.2.13", + "author": "Brian J. Brennan", + "description": "A pure javascript CRC32 algorithm that plays nice with binary data", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/buffer-crc32@0.2.13", + "externalReferences": [ + { + "url": "git://github.com/brianloveswords/buffer-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54ef47b7ffa9dd237b48a5aa72b804ce319b4522584f1f90d694d00b4c2b5aa1f1d2fa49ada43a1ad1f1f2dbdc835ae52b56f2854e6071cc603a08fb0744c391" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-crc32" + } + ] + }, + { + "type": "library", + "name": "pend", + "version": "1.2.0", + "bom-ref": "pend@1.2.0", + "author": "Andrew Kelley", + "description": "dead-simple optimistic async helper", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pend@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/andrewrk/node-pend.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andrewrk/node-pend#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andrewrk/node-pend/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1776acbf8d94b97721773b7ec57a9f5b538695505efa6c5ada6a88d29839c801d93ef16663763a76b49ffc643503ce9681610df4ace1fd6ae029aea219c1d72e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pend" + } + ] + }, + { + "type": "library", + "name": "yazl", + "version": "2.5.1", + "bom-ref": "yazl@2.5.1", + "author": "Josh Wolfe", + "description": "yet another zip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yazl@2.5.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yazl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yazl/-/yazl-2.5.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6110d8b63cb8879c76fa401568b7e7499da019d31a2c8fba777d697ece7223043967308d8fb19089677d3a04f4c539a1dfe6a743108f31e6a16b48e04de6faf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yazl" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/token-providers" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/util@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/token-providers" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "0.21.4", + "bom-ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@0.21.4", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bade6f7b0922bbc8e318176aa4ce385f18ee0a3abd2c029e1d59a855f1d5cf2f1e1e0c71abc49b01540da2f0c0f26562d3990fd046bf9ff5337121dc4c941f36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client/node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "1.1.3", + "bom-ref": "log-symbols@1.0.2|chalk@1.1.3", + "description": "Terminal string styling done right. Much color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53795154b31296c09f8ea60f6cbc95bf5d4cf423d6e08ef6f1de9308a300389b9e11e07dffca3e792b0c9f13c90fe43e2bdd3db1d11283b0beb489281faa27d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "2.2.1", + "bom-ref": "log-symbols@1.0.2|ansi-styles@2.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "92609ebc582146258cec7079cd33d42e5e2bf5b5454968f3eb6321aa2cc3194aead8d5ae34c432bafe2d1c7a0a247b3af4cfcc17ae2511c1dd608a1cadd59060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "561ba64926c1a834cff29d992ca8f8d148c1095e3ebfc6d4484a546f82a34605a4f696ea185e111058fa2846a089d6f67ff33a0330b41261720cd19ac3d382ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "log-symbols@1.0.2|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "2.0.0", + "bom-ref": "log-symbols@1.0.2|supports-color@2.0.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28a355b5dea909880f20a538729dbbdf71d6602a6995085d7592c152bc9a007a2eef6df1f854734390dff36e058fe232cae8904d1a2e6f84a72057c872ba7bd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "has-ansi@2.0.0|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "chokidar@3.5.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar/node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob/node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "3.1.1", + "bom-ref": "postcss-load-config@4.0.2|lilconfig@3.1.1", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5f297fb9f2bc74dc92e9cf5825755d4357535a62bb4d72d9bec04c9d29a6452493ca1ca95581ad88c9042c070e30ff65671fcab0343f880a8735868b910835" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config/node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "4.1.3", + "bom-ref": "ts-node@10.9.2|arg@4.1.3", + "author": "Josh Junon", + "description": "Another simple argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@4.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c4bd403a86d17c76ed8c0f4adf5f2718af8d8978df6602c1f0cc7d9fbbd5102a52b65e7fb2eb2906772c72cec024b814b341a653f9df7671f3de5278e087bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node/node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "4.1.1", + "bom-ref": "sucrase@3.35.0|commander@4.1.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e2a6f31864cc08f3171f01dafe4e0074febb9a5141cd9409ad95abd8d82ffdf5a36c22f66c4103b2c816cdec5795520b8f73ea91217db3142ef4a12a3dba58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "sucrase@3.35.0|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "sucrase@3.35.0|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "foreground-child@3.1.1|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child/node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e72ce091def8dc63c6dea0d2ed723679fe7c67d9a7e6304ea586b0eb79ba24a8c6a9f976de5bc9fd4d7a4f0cea9d18ae6a708de84f418a4d6eb00bb10c895a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f5f03689b17494936fb8da9bfc98bb398c94f686a164144e23db5c0e9a06d4aac67684bef636c514efce60f515e0a37b3464d815978d93887a7766d3affd5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8aae9e55523ae274104d162ad8ab44836776b94ecb125853270b07e18cc81d9b21c658199acff021ce15a03413946fc8bd522b04a1b4e82ad99e9d2abfb86471" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f933ce797ca6f64ac7cc222145a15ac0047242f10b47c15c7e98758fdd0704a811d889e9e3e5d1d28236f1b42d161195d8b78c1c0faceb4049433e116e6607c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b22ed0588eb350cab9e9b11216f6a0b66ccc7463ada317d1f927b3d753286df73bb66f9591472493d6d6d9479f7d319551b3a4b31992c34000da0b3c83bd4d09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cdefdf2015f417faf8b0dd1ef2ac6591aa7acdda84641245238e5e09367e04f06c716e3b46dc56eb108218de5f3f86bc14c0878266f8b842e3933f8304ad5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.0", + "bom-ref": "path-scurry@1.10.2|lru-cache@10.2.0", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9b20cf31f9501fe894f86ca0258d2d6a51680cb2a6513c6252e8549a84830f56f72d70d872569ec026eeeabb1396f63c24af205178a658e6d639258bf69ffed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "path-scurry@1.10.2|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.3.0", + "bom-ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e5e5171f98724949f245e20807e4fc5332af83e6f5c938efb1b49bfbacdb7e3856e8f7e79229a040c1e5498602c4a94c19abfb86618f35b4e09b855e46ff7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "14.1.0", + "bom-ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@14.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e5c08f95826e1212539b1553e94c84fb494ed1dea9362fb3f276e31ca2489a54ab96bfd77f53e1a6fd001df0d0cbbb291359391cae339e0f63e9d6b31e0531b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "3.1.4", + "bom-ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e8388ce04eefe1ca13138bb303c53ffd686d3f0ca18a29b77b28c43050a7529cdbae42bdc091e02834f6991f876ed4ab77f36e6d56984cea52a63525f0d41e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "tw-elements@1.1.0|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.0", + "bom-ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0391a9aaacf7269010ec2e7faf40322bb6449b364bf9003fccdf6db24a8f64a85902218925ca6db11265a4c28f98dffa99a37e2dcc43cd530e32ef230276fe7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "express@4.19.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "express@4.19.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "3.21.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "author": "Amit Gupta", + "description": "Validate XML or Parse XML to JS/JSON very fast without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@3.21.1", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1531558d8a013994c97a4894b1ac06b12615f502f403ecc3602463ef2df820ee8983ed8831812d41af9b6e272da5da55f1d1f15f2c2a53b0b48110c4385b4116" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "7.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@7.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fb308980e0c4ba730ee76f2511b4b3ced539acec2e47eb4d8b4444eff79cf53313bfec23fbac355139e85461e60151810e37de0d5d70c43e666eabe857e2ca2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "4.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1abc28c5837eb969733bcba1517465d0ffa41c4e06b553df63354b714c4f2fb28d7472a3ebabef9618b07881ea6185d6970f93f222cca78d8b9baee0870e1631" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "2.8.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@2.8.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de828e87e9ef63392088698e0a1b06299811fa0f8f1d55c740525fd3f7d1605d656d9620a5344f505dd24cf678d67d8a48ca8076c4c8ac7c041e87d4bde1dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "1.4.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@1.4.1", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-renderer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "547c01dca7eb70e3a47a5106d9939fc6a2d975f92297c3ed262e0ff0dd8c317b9c66adb22e9ef90a5562525395c32a071038d8538df702afb9cd63fad7e4466a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "3.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a2c81aa8a26af031d146d5ed24aaf01261f9e56f4969f0ce68e45c36385ab584d671c5c364f089345e6ecbc73061ba2767641fd4b41a950a0533de404e3f9d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@28.1.3#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "378193e689fc5246601f43b92d46af3115751031213532f42847d198321e647495ee9d9780ba18f6df550d480bea8fb27dd8181d5c6ecfcd46f2807d546e6ec8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@28.1.3#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "088281ae568a3b303b606d7d044a82c3748b22c1308d991e2737f96dda285675b86c7e5c92da9edc95fe1b6615d5a2b9bcff0df676b5206585cd8693a7a93a34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@28.1.3#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40f0243f913029d2bf6f122be82d48e15b34ae6da71e200dce3fd9e57d89424ad9a3a22abc2e25759f4af79b45d0776276103c068e9e8314b35053d829c1172f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@28.1.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4728e2c8c519acacff73ece53053b5a66ef40dc225493f007964e4a147597af7b0e38c1c359407b0454e88256d8159e51450fcd853da5f2732b39f1c7f69ae55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@28.1.3#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c5767f487b06ede7be7328f7f5dbce87b7d10fa099984fb3f4918f9189b7986765ed3abe77a432c41684d65db7758782621a25a94c10bce1f73cc4c5d031bee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@28.1.3#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dda9fa47c29712464a3f0b7e6e2d814cd9e991025b4820a66227d7809a18ec8f40aa64c6b4a7589bd11e5f588a86867d5ad74dc379b4dba6a21a3f5a8243ab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@28.1.3#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26e032ef093141954d53f57a83dc4acc2182e4b557c7d14370004ab125e9e4c88a3c4136d78e1afef5d3103a32ce352964a7d5c29d3c5aa83903859f4cc0338e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@28.1.3#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "919024c67484f85a84f188d6f2036ea159240bd23b4b5aa67a797cb0670338bae8a4048ff8191c18ac215e8caa42e18e19e618d32fe2c63addfe2111a445c736" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@28.1.3#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb9753e5d8bea0523a85f70b38719301f994c4546b8cafaf9da3f4924568c3d31dfcced5fccc6a40c3b3fd5576e5464ef29cde03d3e37d3a4ebba043bb048f40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@28.1.3#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aa440db6d1857fea30a8f155af02dd4a2b1e9e7a4d5520730f78b11ba5c7d27e411e5b204da69ca733fa3aabe5a6c3eb0e868b369a5df8c196d25f71b5dfffe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "1.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@1.9.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012141ba9d0ccf5bb28888c035a9f58f32d06a68bdcf53e86126428a2616d857333db7a75dce3915974164bcce4feafafa2722b8432876d982b62fa18da024d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@28.1.3#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd2f914160d771c5c32925a79076bf74fc2dfb6ab003c089cd1eb5c37168602be8a373e7f2dbc6732b26305d018f4117e5162f008d8422f0b9ece9a8b5f76d28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@28.0.2#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2cd08832348cb4cbd14af9c8e8558a316a64fb65ea3b321cea446c7b6036266909f5c2e718f6ba2d886901cf370c5d3b63ac200ffdfedff84d05efe7f13cd77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@28.1.3#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ac68e7d45895e4da77d9b7d48fc82f2003590d7dd28b9105b2cec325aaaf26b184a534a7e66717d18199f809de0c195505fbbbfa741b347794ce00a6bb88888" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@28.1.3#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "306dc836307227427802c3419bb4f786cbb1290a85222468fc052a6f5abd2d1288e5453a01aafd2476ebf48be7d535707d40fd2a2ad1a0cfd3eaef1795c40f1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-config" + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@28.1.3#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34830f12aa9ae7d3169c38b592f5d7a586eab1f426489b086e777ce667551a48837d0f564104d738bb2f21251fa279a7053fb0f395848277828a01047470c5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@28.1.3#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a951a3ce116324ddc597d0cfec3ef0871c27bd7cc1406bff615c480a3fc9c57cd97f8e51a413db9cabd36a9191972c376e089612d14bd294f5300b44beac7e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@28.1.3#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "719f9e4b9cdcefd301c2df88850862129d0e78175da5cd67f0c068d67301f00ee83cc2843be4ab7bec0768b25ec50523f586bff0d3816344444948188c1e9fa3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@28.1.3#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b7f8d1c3054c490ac847f9f3947d233d566b20e31e81eabedb345c5604ab228cddc1560e978ca2a28a4c017d2d261032874f52587c14aa6da0cd9870c5805c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@28.1.3#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97373c0a951b4a813876a4f453e835a8e0d08c14473e908f5e2b2c5c3e264bdfac5907669a9789f73487d6b4b51c492bb0c3747dbee72ab27d822011d5ddf007" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@28.1.3#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "784874c67f0796cb8e07116022cb3eda65fce55012e10cb739292357bae5056963b40e28587dfb825546c8e65266f12b0d3ff2072c1974f1b0097b93bd21bce6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@28.1.3#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e25ccc82d88d95cdc353ff2565f9aac4ddc0603e8618b6e5fbbdab741a57bdc57ec215fb983ad113390f769d919e67c8896060d586ee15291776e17625c69f26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "0.7.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "author": "Desmond Brand", + "description": "An ES6 string tag that strips indentation from multi-line strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@0.7.0", + "externalReferences": [ + { + "url": "git://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "43a7ca50faa7007032862520154ec15332e2bf491df2c687f5a97bb67bb943fa248fa767ba9c724e01480635732404dd7c8026f4d02cbd73738da29af9bc55c8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@28.1.3#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ab4f5cf8b20db2001539ba880e6d53ef4a548c4250c0e3ca30c74ec10cf0226ac5b4c98a581d83a8e071cbcfdab4055cc3554e2120b163cc9c344a8f5a08bfe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@28.0.2#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a88f6c3dfc3c526077ce9b994928275c0263c9cd05e66ccfd4ae5deb865821acfbd3dedb7eedaffea1773d6b390a98bbe88978ed57cddb116aa2fafb399e53c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@28.1.3#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2015bfd3a343a6c4747df994dbd780dfdaf371746097f20d71586513a94c394e266f7107f9b0728e6dde5470fc8b2f2a303700c03131775d6386d41ea6c65d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@28.1.3#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "910789eea1de98a7dbccaa068c71eb44a1fa6ad831324f049e493688f4375f03baa04fca603f253183b388291e481f46e1a74f3389d1d4313c4dfe497961fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@28.1.3#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "354fbcf3549c05040b7352471b9789194ed48b790b2ab9b008f3ed62c26d072922c6b3363a15509693261562633320df7641a004c3635c2181fde6f3b2034643" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@28.1.3#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba03fa5ce844a6300484662fa795e3f7cf67b39701d4ae99763058b92df4ba64f80901044dac5288f719fc4d64164b57e0692b70ce2abb4ec82250d85f5829f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@28.1.3#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ffc0e90bd8f387bf9da1fa89393a3ff580e1bd1d2cb07683ed16c44252694220b5cd9f97885a67277770c88969499e91af42d99a8ea04ff79122d048a6c5f2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@28.1.3#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a372768ebe9d30c598547e0b87f34a9835dda2caec2608b802f892f285cbba3723a423016f514cb1b9439ce5ca64a7d28872f162e6f5792d081ee457b22a3d78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@28.1.3#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6755b7b538c4e9068d23dd2aa3f049a5f9efa71b5a153170e420e0c29c84fcacfc53fd3a3751e37f889af6ab94842877f6a206585d59bb1162062250c1211829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@28.1.3#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a4330e03ff451277ad8e54ed281208e7db74ccf9825ad94d96bb9cf3f71b1007533158a0ce96b9f290fc6732c374b6726595f2cf8a71d391aeb5bb44216b104" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@28.1.3#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4996ce181584b1a4f104608ea6c45695796f364bd3918d17c517e1ef3626bddf2e2f9433ca0d021c05e25ca44e7e587cd35aae03afbf0ec4f83830ed84e0bf38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-validate" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@28.1.3#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9ad103b64345f342834fa2e31b09cec1bedb1e9bc7908153cd9309fd2e74be4769fc0da5433cbfd4d609e00b42d39754585c9534b896b604c0b60db4df16b1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "1.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "author": "Luke Edwards", + "description": "A tiny (813b), correct, general-purpose, and configurable \"exports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcdb691cd0cdee35a101a43d06f054619e984d7b110607ea58558fec16416a83093bf2371b9385cef4ee58d9590b768f8e29ecd45f9336b2cab066c7e2b7ec45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6884ea3b09cb6a7a472cd5d924435b3a08d405e1e8703fb1b1226636b8e8bca056e476d2a56dddd69125b3b18540f5165e2c06f7ed0fe06b477c4a82ff833423" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@28.1.1#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df06b2055362398c7473001b97daf09b990a14ff321c7dddfdf90468bd3634f4e40e88cfb6178607b1d9485638c335fe0f1cabbe15f3d0a482564b260a49c2b8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@28.1.3#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58554986742c88ab43128e651b698cd2fe344169c133eccc7471f226cf00599ec9d106494b9f4cb3229e2475a1a416411f7d92e3c14e56f1b23854f58740e5a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@28.1.3#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b78a9caa3f61cdefa3be214f50ddd802d0047859ebfdacc84d740430045fe5c330298d923014670904d72e2c53976d0e47a98b87d28b32b8152602484b29bed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "9.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@9.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04f4b8ca7256fe8f763d4478c20ae2cf651de60a524f9bf3e8641f322c440cad19f19094bf633b4a404bca41f9e93fbe5ecfbc967f734c66cebcd1887b4dbf8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "1.8.6", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@1.8.6", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2f9790092a3d94a6dcd2c17949e0efb101425ddc99e2612136861dd607f248d507e6ae9f74b85c146d8b6cedd7b9adb7498850388dc587a8266e9dad5bc125" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@28.1.3#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c55383f8a61cabc825eed696dca8c3b419241c61ed48b1a958083cd137285eb727b2c4c708c5ad75a8f343a5534b7ab7ad22d36a126618427d54633ff9c7534" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "28.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@28.1.2#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-28.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "715f0bc7705e4ad25bf22a4f1e7a95c3f20cd9508c58eddcad6673628752224c579d1717262a42771d4908ad0ae4cb09268b994131fbde6cdfe2f83145a1fdc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@28.1.3#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2f6e2f4b52b1c92e7dcd9435bac05da1bc832d77825497640d56b8eaf880521e2ae07eb477a3d46756dc7374418eda7f49c885b01e72df6f2e4acea04683660" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@28.1.3#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f11a8fd41fce5f38e34d692a317ebb8aa830055251802c8a0f72fd9eafba66a24c76f8c4f1180792da99ea336b91d313f9d26e60d237ae1429c5acfb76b2477f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@28.1.1#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "154d2215a1ff136ddaf9aef5f25f106bfd7d6c5f69d3a9201342a2a4c38c69dc1add28e768494accf6940b4be789bb3afc1ffd9e2f7bb3ad6671e8e4f16d5f43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@28.1.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe5fd55ac76dfda057823b212d6385c85b77215758ca9bb9cb65a7dab38ed6e9fa9e4a889fc48b5f38083185c5c98b11583c85e44b6198a24c21d26f934f20ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.24.51", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.24.51", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4fd4e44e9bfaddb9b3f96850d265020b534beb2c22787ef1ede84a2a1c433ed83fc6e4c2b76c86b299428b8adf09b3d81b9ece54c899e43ff4d944e2f0e2d50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@28.1.3#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae863792faefe7b0339f5c8f81d4de6cf017bdd476c5f7b368a298cd5c59e88b7fe4d0b1cc9ca6ead508e4fd7391d5a17d4624c4423db9959c41d6852e8f2625" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "28.0.8", + "bom-ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@28.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-28.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45686d255e644fcc0a62c7ca051bc44a8c0cf87a1b66f3230a393cb91d7ddf63a5bc926bceae6718d212831255b9d85268bfe7258546eb280aa87e78f89974e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@28.1.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fe7eea49be55801db41f9fbe1ca0d5f7cdfeb42d7309b1eccdbefc7c78887b88e47596e275a68c5881093517c3d8b4dabfe903830c70aab129d3152582e3dd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@28.1.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cded50a0267e79115293dda5af7c798ac04749d5fac4855196441ae43611b15dd72e1238bb43e500cd1c0abe6dbf5af9b6d7bd8402e1bf880ff4c720c714e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "4.9.5", + "bom-ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@4.9.5", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d455e4f44d879be433650ef3f8c7098872f8356d45d84cccbbd36af62df301a1aa89b69fa98c02554e96c9602ec90451cce971a2ef31652c972c437ca0a8f6e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "chalk@4.1.2|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "glob@7.2.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "glob@7.2.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/core@7.24.4|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "2.0.0", + "bom-ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "529cdc2c25e895459c36ee47b5530761d5c98c0ae3b05f42d1a367aae658638b96fd5bb49a2cb96285af6d5df8e476ae56f700527a51ba130c72a4dc18e636fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "2.5.2", + "bom-ref": "@babel/generator@7.24.4|jsesc@2.5.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator/node_modules/jsesc" + } + ] + }, + { + "type": "library", + "name": "globals", + "version": "11.12.0", + "bom-ref": "@babel/traverse@7.24.1|globals@11.12.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@11.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse/node_modules/globals" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "yargs@17.7.2|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "js-beautify@1.15.1|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "js-beautify@1.15.1|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.1", + "bom-ref": "editorconfig@1.0.4|minimatch@9.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d235a12690ff31d84f5f03ee8919026df61f48aa76aa79f678e736efda88edffa8b25fe5fa9aca4abbe1835e7bcd262fc7fd679a09f636a753ea4d99ef3487f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/core@3.26.9|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/core@3.26.9|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@oclif/core@3.26.9|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@oclif/core@3.26.9|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.3.2", + "bom-ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "79546a0af56565bbb0dc6acceb7a2f352340780d4ad7a91a47f2d163ff76c34cf1439ff5633c1b9545fae768b85ecf51c001a35bd77dcba5fcf2df0e68025f59" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle/node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "jake@10.8.7|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "jake@10.8.7|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "5.1.6", + "bom-ref": "filelist@1.0.4|minimatch@5.1.6", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.1.6", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94ac15ff56eba46ea6054147b5becd526b400426f65996669b6c0d88e0398406fc55d092e01dddb4c5b2bdca1589c730016fc23844635cbb74ccfd735d4376ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.13", + "bom-ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.13", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba0f02654089a6181eb5265581de07420c9ec256151861b52c87855c6c63818b2367f7f92379d20a3ef1a403040ea8d50ff970992ba3b55c1aeedbc480b1880b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-9.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54bfa536b128217c30d5ca0b3ce9a21262bfd2c1a2824a3908ec48d3d2b31dcd9525726c437ed4690fbcaaebb18c3780efe2a72c64d647239748b2d1d966f88f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "206374200c26843270cb5dd673c93ee0f11b4cf86926732d7d1e7765b3b28e4be611c2d2e270b0a7a9af3168d2e6c5237a25b79a9c7a7079ae84a12ef5799c43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-package-arg" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83cf8e9d4fcbdaffb0ca254af83e5f037e09ec41fc8d9f030e5bf085108cc66323ed4081bf188ed6619e37edfa25720a178cdebd4e2444177c955806f6f2de94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/proc-log" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a69c13b62259ab43bf6a2d33ef27ee76d069588a3133cc84ea71e2d57e3b785476116391a9f6eee829cf94db2378debcdde4f4a86e87fcfc9ff5f09cbe39e79d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63ab60e6b1dfb1e7d291f2ae8efd92c07ba522744ecbfac22f9178c3440e5b1badf009f16317f46263614e1f7965fcb1a6cb9da3aeaeaa4bb1d000859f231281" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5698c846f4ec33f16022a12b3a65096049b6fc5971932b2fee1492b4d22471cfc99538998613bf7a9a39eefb1fb10e0cb492a2901414073a5bc538caabec72" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2e907fe7807eff627986a43b8a66477dd537d4e96042ac7b6627159649bd93383dff0f0628b11c15f265fedec30840ee78ec81003eb3082c133ba173b3436811" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "yarn", + "version": "1.22.22", + "bom-ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22", + "description": "📦🐈 Fast, reliable, and secure dependency management.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/yarn@1.22.22", + "externalReferences": [ + { + "url": "git+https://github.com/yarnpkg/yarn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yarnpkg/yarn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yarnpkg/yarn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/yarn" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "hosted-git-info@7.0.2|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f61a77569dbf845414888c0aa3c5c2785567ae0f0f9374d834f211eed2400ca8b961f705eef11a2bb6af1474e54b2de438a61a25069a95f128e98b9775c78139" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "string-locale-compare", + "group": "@isaacs", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "author": "Isaac Z. Schlueter", + "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/string-locale-compare@1.1.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/string-locale-compare.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/string-locale-compare.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/string-locale-compare" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arborist", + "group": "@npmcli", + "version": "7.5.2", + "bom-ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "author": "GitHub Inc.", + "description": "Manage node_modules trees", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/arborist@7.5.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/arborist", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/arborist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/arborist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs", + "group": "@npmcli", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "author": "GitHub Inc.", + "description": "filesystem utilities for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/fs@3.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "installed-package-contents", + "group": "@npmcli", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "author": "GitHub Inc.", + "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/installed-package-contents@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/installed-package-contents.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/installed-package-contents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/installed-package-contents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/installed-package-contents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/installed-package-contents" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-bundled", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-bundled@3.0.1", + "author": "GitHub Inc.", + "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-bundled@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-bundled.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-bundled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-bundled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-bundled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-bundled" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-normalize-package-bin", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "author": "GitHub Inc.", + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-normalize-package-bin@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-normalize-package-bin.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-normalize-package-bin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-normalize-package-bin" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "map-workspaces", + "group": "@npmcli", + "version": "3.0.6", + "bom-ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "author": "GitHub Inc.", + "description": "Retrieves a name:pathname Map for a given workspaces config", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/map-workspaces@3.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/map-workspaces.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/map-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/map-workspaces#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/map-workspaces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/map-workspaces" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "metavuln-calculator", + "group": "@npmcli", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "author": "GitHub Inc.", + "description": "Calculate meta-vulnerabilities from package security advisories", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/metavuln-calculator@7.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/metavuln-calculator.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/metavuln-calculator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/metavuln-calculator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacache", + "version": "18.0.3", + "bom-ref": "npm@10.8.0|cacache@18.0.3", + "author": "GitHub Inc.", + "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cacache@18.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cacache.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cacache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cacache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cacache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cacache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "author": "GitHub Inc.", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/json-parse-even-better-errors.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-parse-even-better-errors" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pacote", + "version": "18.0.6", + "bom-ref": "npm@10.8.0|pacote@18.0.6", + "author": "GitHub Inc.", + "description": "JavaScript package downloader", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/pacote@18.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/pacote.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/pacote.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/pacote#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/pacote/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/pacote" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "npm@10.8.0|semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/semver" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "name-from-folder", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "author": "GitHub Inc.", + "description": "Get the package name from a folder path", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/name-from-folder@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/name-from-folder.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/name-from-folder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/name-from-folder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/name-from-folder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/name-from-folder" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "group": "@npmcli", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "author": "GitHub Inc.", + "description": "Tools for dealing with node-gyp packages", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/node-gyp@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-gyp.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "package-json", + "group": "@npmcli", + "version": "5.1.0", + "bom-ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "author": "GitHub Inc.", + "description": "Programmatic API to update package.json", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/package-json@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "query", + "group": "@npmcli", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|@npmcli/query@3.1.0", + "author": "GitHub Inc.", + "description": "npm query parser and tools", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/query@3.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/query.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/query.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/query#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/query/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/query" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16?vcs_url=git%2Bhttps%3A//github.com/postcss/postcss-selector-parser.git", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/postcss-selector-parser" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/cssesc.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cssesc" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2?vcs_url=git%3A//github.com/TooTallNate/util-deprecate.git", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/util-deprecate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "redact", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/redact@2.0.0", + "author": "GitHub Inc.", + "description": "Redact sensitive npm information from output", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/redact@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/redact.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/redact.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/redact#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/redact/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/redact" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "run-script", + "group": "@npmcli", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "author": "GitHub Inc.", + "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/run-script@8.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/run-script.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/run-script.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/run-script#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/run-script/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/run-script" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bin-links", + "version": "4.0.4", + "bom-ref": "npm@10.8.0|bin-links@4.0.4", + "author": "GitHub Inc.", + "description": "JavaScript package binary linker", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/bin-links@4.0.4?vcs_url=git%2Bhttps%3A//github.com/npm/bin-links.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/bin-links.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/bin-links#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/bin-links/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/bin-links" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cmd-shim", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|cmd-shim@6.0.3", + "author": "GitHub Inc.", + "description": "Used in npm for command line application support", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cmd-shim@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-cmd-shim", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|read-cmd-shim@4.0.0", + "author": "GitHub Inc.", + "description": "Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-cmd-shim@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/read-cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|write-file-atomic@5.0.1", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/write-file-atomic.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/write-file-atomic" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "common-ancestor-path", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|common-ancestor-path@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Find the common ancestor of 2 or more paths on Windows or Unix", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/common-ancestor-path@1.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/common-ancestor-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/common-ancestor-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/common-ancestor-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-nice", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|json-stringify-nice@1.1.4", + "author": "Isaac Z. Schlueter", + "description": "Stringify an object sorting scalars before objects, and defaulting to 2-space indent", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-nice@1.1.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/json-stringify-nice.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/json-stringify-nice.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-stringify-nice" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "npm@10.8.0|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2?vcs_url=git%3A//github.com/isaacs/node-lru-cache.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/lru-cache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "npm@10.8.0|minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4?vcs_url=git%3A//github.com/isaacs/minimatch.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.1", + "bom-ref": "npm@10.8.0|nopt@7.2.1", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.1?vcs_url=git%2Bhttps%3A//github.com/npm/nopt.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/nopt" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-install-checks", + "version": "6.3.0", + "bom-ref": "npm@10.8.0|npm-install-checks@6.3.0", + "author": "GitHub Inc.", + "description": "Check the engines and platform fields in package.json", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-install-checks@6.3.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-install-checks.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-install-checks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-install-checks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-install-checks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-install-checks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "npm@10.8.0|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-package-arg.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-package-arg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-pick-manifest", + "version": "9.0.1", + "bom-ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "author": "GitHub Inc.", + "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-pick-manifest@9.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-pick-manifest.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-pick-manifest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-pick-manifest" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-registry-fetch", + "version": "17.0.1", + "bom-ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "author": "GitHub Inc.", + "description": "Fetch-based http client for use with npm registry APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-registry-fetch@17.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-registry-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-registry-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-registry-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parse-conflict-json", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "author": "GitHub Inc.", + "description": "Parse a JSON string that has git merge conflicts, resolving if possible", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/parse-conflict-json@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/parse-conflict-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/parse-conflict-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/parse-conflict-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proggy", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|proggy@2.0.0", + "author": "GitHub Inc.", + "description": "Progress bar updates at a distance", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proggy@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proggy.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proggy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proggy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proggy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proggy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-all-reject-late", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-all-reject-late@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like Promise.all, but save rejections until all promises are resolved", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-all-reject-late@1.0.1", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-all-reject-late" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-call-limit", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|promise-call-limit@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-call-limit@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/promise-call-limit.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/promise-call-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-call-limit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-package-json-fast", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "author": "GitHub Inc.", + "description": "Like read-package-json, but faster", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-package-json-fast@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/read-package-json-fast.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-package-json-fast.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-package-json-fast" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ssri", + "version": "10.0.6", + "bom-ref": "npm@10.8.0|ssri@10.0.6", + "author": "GitHub Inc.", + "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ssri@10.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/ssri.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ssri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ssri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ssri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ssri" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "treeverse", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|treeverse@3.0.0", + "author": "GitHub Inc.", + "description": "Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/treeverse@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/treeverse.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/treeverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/treeverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/treeverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/treeverse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "walk-up-path", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|walk-up-path@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Given a path string, return a generator that walks up the path, emitting each dirname.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/walk-up-path@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/walk-up-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/walk-up-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/walk-up-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config", + "group": "@npmcli", + "version": "8.3.2", + "bom-ref": "npm@10.8.0|@npmcli/config@8.3.2", + "author": "GitHub Inc.", + "description": "Configuration management for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/config@8.3.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/config", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/config" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0?vcs_url=git%2Bhttps%3A//github.com/watson/ci-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "4.1.2", + "bom-ref": "npm@10.8.0|ini@4.1.2", + "author": "GitHub Inc.", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@4.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/ini.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ini" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.15", + "bom-ref": "npm@10.8.0|glob@10.3.15", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.15?vcs_url=git%3A//github.com/isaacs/node-glob.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/glob" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git", + "group": "@npmcli", + "version": "5.0.7", + "bom-ref": "npm@10.8.0|@npmcli/git@5.0.7", + "author": "GitHub Inc.", + "description": "a util for spawning git from npm CLI contexts", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/git@5.0.7?vcs_url=git%2Bhttps%3A//github.com/npm/git.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/git.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/git#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/git/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/git" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-spawn", + "group": "@npmcli", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "author": "GitHub Inc.", + "description": "spawn processes the way the npm cli likes to do", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/promise-spawn@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promise-spawn.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promise-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promise-spawn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promise-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/promise-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-inflight", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-inflight@1.0.1", + "author": "Rebecca Turner", + "description": "One promise for multiple requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-inflight@1.0.1?vcs_url=git%2Bhttps%3A//github.com/iarna/promise-inflight.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/promise-inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/promise-inflight#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/promise-inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-inflight" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-retry", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|promise-retry@2.0.1", + "author": "IndigoUnited", + "description": "Retries a function that returns a promise, leveraging the power of the retry module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/promise-retry@2.0.1?vcs_url=git%3A//github.com/IndigoUnited/node-promise-retry.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/node-promise-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-which.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/normalize-package-data.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "version": "10.1.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0", + "author": "Nathan Rajlich", + "description": "Node.js native addon build tool", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-gyp@10.1.0?vcs_url=git%3A//github.com/nodejs/node-gyp.git", + "externalReferences": [ + { + "url": "git://github.com/nodejs/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tuf", + "group": "@sigstore", + "version": "2.3.3", + "bom-ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "author": "bdehamer@github.com", + "description": "Client for the Sigstore TUF repository", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/tuf@2.3.3?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/tuf" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "protobuf-specs", + "group": "@sigstore", + "version": "0.3.2", + "bom-ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/protobuf-specs@0.3.2?vcs_url=git%2Bhttps%3A//github.com/sigstore/protobuf-specs.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/protobuf-specs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/protobuf-specs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tuf-js", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|tuf-js@2.2.1", + "author": "bdehamer@github.com", + "description": "JavaScript implementation of The Update Framework (TUF)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tuf-js@2.2.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tuf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "models", + "group": "@tufjs", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|@tufjs/models@2.0.1", + "author": "bdehamer@github.com", + "description": "TUF metadata models", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/models@2.0.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/models" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "canonical-json", + "group": "@tufjs", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "author": "bdehamer@github.com", + "description": "OLPC JSON canonicalization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/canonical-json@2.0.0?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/canonical-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/canonical-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "npm@10.8.0|debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4?vcs_url=git%3A//github.com/debug-js/debug.git", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "make-fetch-happen", + "version": "13.0.1", + "bom-ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "author": "GitHub Inc.", + "description": "Opinionated, caching, retrying fetch client", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-fetch-happen@13.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/make-fetch-happen.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/make-fetch-happen.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/make-fetch-happen" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/abbrev-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/abbrev" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "archy", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|archy@1.0.0", + "author": "James Halliday", + "description": "render nested hierarchies `npm ls` style with unicode pipes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/archy@1.0.0?vcs_url=git%2Bssh%3A//git%40github.com/substack/node-archy.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/substack/node-archy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-archy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-archy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/archy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "3.0.3", + "bom-ref": "npm@10.8.0|fs-minipass@3.0.3", + "author": "GitHub Inc.", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@3.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-collect", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|minipass-collect@2.0.1", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that collects all the data into a single chunk", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-collect@2.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-collect.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-collect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-collect" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|minipass@7.1.1", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-flush", + "version": "1.0.5", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that calls a flush function before emitting 'end'", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-flush@1.0.5?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-flush.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-flush.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|yallist@4.0.0", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@4.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/yallist.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/yallist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-pipeline", + "version": "1.2.4", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "create a pipeline of streams using Minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-pipeline@1.2.4", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-map", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|p-map@4.0.0", + "author": "Sindre Sorhus", + "description": "Map over promises concurrently", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-map@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/p-map.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/p-map" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tar", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|tar@6.2.1", + "author": "GitHub Inc.", + "description": "tar for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/tar@6.2.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-tar.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-tar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-tar#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-tar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "unique-filename", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|unique-filename@3.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique filename for use in temporary directories or caches.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-filename@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-filename.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-filename.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/unique-filename", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/unique-filename/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-filename" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "unique-slug", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|unique-slug@4.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique character string suitible for use in files and URLs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-slug@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-slug.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-slug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/unique-slug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/unique-slug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-slug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "npm@10.8.0|imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4?vcs_url=git%2Bhttps%3A//github.com/jensyt/imurmurhash-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/imurmurhash" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "5.3.0", + "bom-ref": "npm@10.8.0|chalk@5.3.0", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@5.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/chalk.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chalk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cli-columns", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|cli-columns@4.0.0", + "author": "Shannon Moeller", + "description": "Columnated lists for the CLI.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-columns@4.0.0?vcs_url=git%2Bhttps%3A//github.com/shannonmoeller/cli-columns.git", + "externalReferences": [ + { + "url": "git+https://github.com/shannonmoeller/cli-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cli-columns" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "npm@10.8.0|string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "npm@10.8.0|emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-fullwidth-code-point" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "npm@10.8.0|fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16?vcs_url=git%2Bhttps%3A//github.com/ka-weihe/fastest-levenshtein.git", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1?vcs_url=git%2Bhttps%3A//github.com/tapjs/foreground-child.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/foreground-child" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3?vcs_url=git%2Bssh%3A//git%40github.com/moxystudio/node-cross-spawn.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-key.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-key" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0?vcs_url=git%2Bhttps%3A//github.com/kevva/shebang-command.git", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-command" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/shebang-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "npm@10.8.0|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0?vcs_url=git%2Bhttps%3A//github.com/tapjs/signal-exit.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "npm@10.8.0|jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/jackspeak.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jackspeak" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2?vcs_url=git%2Bhttps%3A//github.com/yargs/cliui.git", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0?vcs_url=git%3A//github.com/komagata/eastasianwidth.git", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/eastasianwidth" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1?vcs_url=git%2Bhttps%3A//github.com/Qix-/color-convert.git", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-convert" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4?vcs_url=git%2Bssh%3A//git%40github.com/colorjs/color-name.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0?vcs_url=git%2Bssh%3A//git%40github.com/pkgjs/parseargs.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@pkgjs/parseargs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.11.1", + "bom-ref": "npm@10.8.0|path-scurry@1.11.1", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.11.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/path-scurry.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-scurry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "npm@10.8.0|graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/graceful-fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "init-package-json", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|init-package-json@6.0.3", + "author": "GitHub Inc.", + "description": "A node module to get your node module started", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/init-package-json@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/init-package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/init-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/init-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/init-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/init-package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promzard", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|promzard@1.0.2", + "author": "GitHub Inc.", + "description": "prompting wizardly", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promzard@1.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promzard.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promzard.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promzard#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promzard/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promzard" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|read@3.0.1", + "author": "GitHub Inc.", + "description": "read(1) for node programs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/read.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-correct.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "npm@10.8.0|spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "npm@10.8.0|spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-license-ids.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/validate-npm-package-name.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-cidr", + "version": "5.0.5", + "bom-ref": "npm@10.8.0|is-cidr@5.0.5", + "author": "silverwind", + "description": "Check if a string is an IP address in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/is-cidr@5.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/is-cidr.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/is-cidr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/is-cidr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/is-cidr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-cidr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cidr-regex", + "version": "4.0.5", + "bom-ref": "npm@10.8.0|cidr-regex@4.0.5", + "author": "silverwind", + "description": "Regular expression for matching IP addresses in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/cidr-regex@4.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/cidr-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/cidr-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cidr-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-regex", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|ip-regex@5.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching IP addresses (IPv4 & IPv6)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-regex@5.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ip-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ip-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmaccess", + "version": "8.0.6", + "bom-ref": "npm@10.8.0|libnpmaccess@8.0.6", + "author": "GitHub Inc.", + "description": "programmatic library for `npm access` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmaccess@8.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmaccess", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmaccess", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmaccess", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmaccess/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmaccess" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmdiff", + "version": "6.1.2", + "bom-ref": "npm@10.8.0|libnpmdiff@6.1.2", + "author": "GitHub Inc.", + "description": "The registry diff", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmdiff@6.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmdiff", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmdiff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmdiff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/binary-extensions.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/binary-extensions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "npm@10.8.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0?vcs_url=git%3A//github.com/kpdecker/jsdiff.git", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmexec", + "version": "8.1.1", + "bom-ref": "npm@10.8.0|libnpmexec@8.1.1", + "author": "GitHub Inc.", + "description": "npm exec (npx) programmatic API", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmexec@8.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmexec", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmexec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmexec" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmfund", + "version": "5.0.10", + "bom-ref": "npm@10.8.0|libnpmfund@5.0.10", + "author": "GitHub Inc.", + "description": "Programmatic API for npm fund", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmfund@5.0.10?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmfund", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmfund", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmfund" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmhook", + "version": "10.0.5", + "bom-ref": "npm@10.8.0|libnpmhook@10.0.5", + "author": "GitHub Inc.", + "description": "programmatic API for managing npm registry hooks", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmhook@10.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmhook", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmhook", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmhook" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aproba", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|aproba@2.0.0", + "author": "Rebecca Turner", + "description": "A ridiculously light-weight argument validator (now browser friendly)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/aproba@2.0.0?vcs_url=git%2Bhttps%3A//github.com/iarna/aproba.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/aproba.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/aproba", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/aproba/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aproba" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmorg", + "version": "6.0.6", + "bom-ref": "npm@10.8.0|libnpmorg@6.0.6", + "author": "GitHub Inc.", + "description": "Programmatic api for `npm org` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmorg@6.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmorg", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmorg", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmorg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmorg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmorg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpack", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|libnpmpack@7.0.2", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm pack", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpack@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpack", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmpack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpublish", + "version": "9.0.8", + "bom-ref": "npm@10.8.0|libnpmpublish@9.0.8", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm publish and unpublish", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpublish@9.0.8?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpublish", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpublish", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpublish", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpublish" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sigstore", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|sigstore@2.3.0", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/sigstore@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sigstore" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bundle", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore bundle type", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/bundle@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/bundle" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@sigstore", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@sigstore/core@1.1.0", + "author": "bdehamer@github.com", + "description": "Base library for Sigstore", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/core@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/core" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sign", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore signing library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/sign@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/sign" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "verify", + "group": "@sigstore", + "version": "1.2.0", + "bom-ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "author": "bdehamer@github.com", + "description": "Verification of Sigstore signatures", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/verify@1.2.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/verify" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmsearch", + "version": "7.0.5", + "bom-ref": "npm@10.8.0|libnpmsearch@7.0.5", + "author": "GitHub Inc.", + "description": "Programmatic API for searching in npm and compatible registries.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmsearch@7.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmsearch", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmsearch", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmsearch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmsearch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmsearch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmteam", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|libnpmteam@6.0.5", + "author": "GitHub Inc.", + "description": "npm Team management APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmteam@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmteam", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmteam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmteam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmteam" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmversion", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|libnpmversion@6.0.2", + "author": "GitHub Inc.", + "description": "library to do the things that 'npm version' does", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmversion@6.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmversion", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmversion", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmversion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent", + "group": "@npmcli", + "version": "2.2.2", + "bom-ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "author": "GitHub Inc.", + "description": "the http/https agent used by the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/agent@2.2.2?vcs_url=git%2Bhttps%3A//github.com/npm/agent.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent-base", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|agent-base@7.1.1", + "author": "Nathan Rajlich", + "description": "Turn a function into an `http.Agent` instance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/agent-base@7.1.1?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/agent-base" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-proxy-agent", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-proxy-agent@7.0.2?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "https-proxy-agent", + "version": "7.0.4", + "bom-ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/https-proxy-agent@7.0.4?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/https-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks-proxy-agent", + "version": "8.0.3", + "bom-ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "author": "Nathan Rajlich", + "description": "A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks-proxy-agent@8.0.3?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks", + "version": "2.8.3", + "bom-ref": "npm@10.8.0|socks@2.8.3", + "author": "Josh Glazebrook", + "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks@2.8.3?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/socks.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/socks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-address", + "version": "9.0.5", + "bom-ref": "npm@10.8.0|ip-address@9.0.5", + "author": "Beau Gunderson", + "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-address@9.0.5?vcs_url=git%3A//github.com/beaugunderson/ip-address.git", + "externalReferences": [ + { + "url": "git://github.com/beaugunderson/ip-address.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-address" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsbn", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|jsbn@1.1.0", + "author": "Tom Wu", + "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsbn@1.1.0?vcs_url=git%2Bhttps%3A//github.com/andyperlitch/jsbn.git", + "externalReferences": [ + { + "url": "git+https://github.com/andyperlitch/jsbn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsbn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.1.3", + "bom-ref": "npm@10.8.0|sprintf-js@1.1.3", + "author": "Alexandru Mărășteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.1.3?vcs_url=git%2Bhttps%3A//github.com/alexei/sprintf.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "smart-buffer", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|smart-buffer@4.2.0", + "author": "Josh Glazebrook", + "description": "smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/smart-buffer@4.2.0?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/smart-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/smart-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/smart-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "npm@10.8.0|http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1?vcs_url=git%2Bhttps%3A//github.com/kornelski/http-cache-semantics.git", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-lambda", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|is-lambda@1.0.1", + "author": "Thomas Watson Steen", + "description": "Detect if your code is running on an AWS Lambda server", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-lambda@1.0.1?vcs_url=git%2Bhttps%3A//github.com/watson/is-lambda.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/is-lambda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/is-lambda", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/is-lambda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-lambda" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-fetch", + "version": "3.0.5", + "bom-ref": "npm@10.8.0|minipass-fetch@3.0.5", + "author": "GitHub Inc.", + "description": "An implementation of window.fetch in Node.js using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-fetch@3.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "encoding", + "version": "0.1.13", + "bom-ref": "npm@10.8.0|encoding@0.1.13", + "author": "Andris Reinman", + "description": "Convert encodings, uses iconv-lite", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encoding@0.1.13?vcs_url=git%2Bhttps%3A//github.com/andris9/encoding.git", + "externalReferences": [ + { + "url": "git+https://github.com/andris9/encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andris9/encoding#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andris9/encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/encoding" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|iconv-lite@0.6.3", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.6.3?vcs_url=git%3A//github.com/ashtuchkin/iconv-lite.git", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/iconv-lite" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2?vcs_url=git%2Bhttps%3A//github.com/ChALkeR/safer-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/safer-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-sized", + "version": "1.0.3", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that raises an error if you get a different number of bytes than expected", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-sized@1.0.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-sized.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-sized.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minizlib", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|minizlib@2.1.2", + "author": "Isaac Z. Schlueter", + "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minizlib@2.1.2?vcs_url=git%2Bhttps%3A//github.com/isaacs/minizlib.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minizlib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minizlib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minizlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3?vcs_url=git%2Bhttps%3A//github.com/jshttp/negotiator.git", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/negotiator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "err-code", + "version": "2.0.3", + "bom-ref": "npm@10.8.0|err-code@2.0.3", + "author": "IndigoUnited", + "description": "Create an error with a code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/err-code@2.0.3?vcs_url=git%3A//github.com/IndigoUnited/js-err-code.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/js-err-code.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/err-code" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|retry@0.12.0", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.12.0?vcs_url=git%3A//github.com/tim-kos/node-retry.git", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1?vcs_url=git%3A//github.com/juliangruber/brace-expansion.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2?vcs_url=git%3A//github.com/juliangruber/balanced-match.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/balanced-match" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "npm@10.8.0|ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3?vcs_url=git%2Bhttps%3A//github.com/vercel/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/env-paths.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/env-paths" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "exponential-backoff", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|exponential-backoff@3.1.1", + "author": "Sami Sayegh", + "description": "A utility that allows retrying a function with an exponential delay between attempts.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/exponential-backoff@3.1.1?vcs_url=git%2Bhttps%3A//github.com/coveo/exponential-backoff.git", + "externalReferences": [ + { + "url": "git+https://github.com/coveo/exponential-backoff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/exponential-backoff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "npm@10.8.0|is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1?vcs_url=git%2Bhttps%3A//github.com/inspect-js/is-core-module.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-core-module" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2?vcs_url=git%2Bhttps%3A//github.com/inspect-js/hasOwn.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hasown" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "npm@10.8.0|function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2?vcs_url=git%2Bhttps%3A//github.com/Raynos/function-bind.git", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/function-bind" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-audit-report", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|npm-audit-report@5.0.0", + "author": "GitHub Inc.", + "description": "Given a response from the npm security api, render it into a variety of security reports", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-audit-report@5.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-audit-report.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-audit-report.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-audit-report#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-audit-report/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-audit-report" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-profile", + "version": "10.0.0", + "bom-ref": "npm@10.8.0|npm-profile@10.0.0", + "author": "GitHub Inc.", + "description": "Library for updating an npmjs.com profile", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-profile@10.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-profile.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-profile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-profile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-profile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-profile" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-json-stream", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSONStream, but using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-json-stream@1.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-json-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-json-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonparse", + "version": "1.3.1", + "bom-ref": "npm@10.8.0|jsonparse@1.3.1", + "author": "Tim Caswell", + "description": "This is a pure-js JSON streaming parser for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonparse@1.3.1?vcs_url=git%2Bssh%3A//git%40github.com/creationix/jsonparse.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/creationix/jsonparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/creationix/jsonparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/creationix/jsonparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsonparse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-user-validate", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|npm-user-validate@2.0.1", + "author": "GitHub Inc.", + "description": "User validations for npm", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-user-validate@2.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-user-validate.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-user-validate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-user-validate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-user-validate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-user-validate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aggregate-error", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|aggregate-error@3.1.0", + "author": "Sindre Sorhus", + "description": "Create an error from multiple errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/aggregate-error@3.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/aggregate-error.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/aggregate-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aggregate-error" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "2.2.0", + "bom-ref": "npm@10.8.0|clean-stack@2.2.0", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/clean-stack.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/clean-stack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/indent-string.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/indent-string" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-packlist", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|npm-packlist@8.0.2", + "author": "GitHub Inc.", + "description": "Get a list of the files to add from a folder into an npm package", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-packlist@8.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-packlist.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-packlist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-packlist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-packlist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-packlist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore-walk", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|ignore-walk@6.0.5", + "author": "GitHub Inc.", + "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ignore-walk@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/ignore-walk.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ignore-walk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ignore-walk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ignore-walk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ignore-walk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff-apply", + "version": "5.5.0", + "bom-ref": "npm@10.8.0|just-diff-apply@5.5.0", + "author": "Angus Croll", + "description": "Apply a diff to an object. Optionally supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff-apply@5.5.0?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff-apply" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|just-diff@6.0.2", + "author": "Angus Croll", + "description": "Return an object representing the diffs between two objects. Supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff@6.0.2?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "qrcode-terminal", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|qrcode-terminal@0.12.0", + "description": "QRCodes, in the terminal", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/qrcode-terminal@0.12.0?vcs_url=git%2Bhttps%3A//github.com/gtanner/qrcode-terminal.git", + "externalReferences": [ + { + "url": "git+https://github.com/gtanner/qrcode-terminal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/qrcode-terminal" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/mute-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@4.0.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "npm@10.8.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0?vcs_url=git%2Bhttps%3A//github.com/chalk/supports-color.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chownr", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|chownr@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "like `chown -R`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/chownr@2.0.0?vcs_url=git%3A//github.com/isaacs/chownr.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/chownr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/chownr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/chownr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chownr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "1.0.4", + "bom-ref": "npm@10.8.0|mkdirp@1.0.4", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@1.0.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-mkdirp.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0?vcs_url=git%3A//github.com/substack/text-table.git", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/text-table" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-relative-date", + "version": "1.3.0", + "bom-ref": "npm@10.8.0|tiny-relative-date@1.3.0", + "author": "Joseph Wynn", + "description": "Tiny function that provides relative, human-readable dates.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tiny-relative-date@1.3.0?vcs_url=git%2Bhttps%3A//github.com/wildlyinaccurate/relative-date.git", + "externalReferences": [ + { + "url": "git+https://github.com/wildlyinaccurate/relative-date.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tiny-relative-date" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-version@2.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "http-call", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "author": "Jeff Dickey @jdxcode", + "description": "make http requests", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/http-call@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/heroku/http-call.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heroku/http-call", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heroku/http-call/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-call/-/http-call-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a1c229ac0b6dc8084e243e5f714c18ca0788a76d169e2f265e46e9c2ff5272fd9e97f2dbf6d8c1008caf8a04e31254b6aa5cf4d399df3adfcc1a54828b1b1db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call" + } + ] + }, + { + "type": "library", + "name": "is-retry-allowed", + "version": "1.1.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "author": "Vsevolod Strukchinsky", + "description": "My prime module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-retry-allowed@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/is-retry-allowed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "11a060568b67339444033d0125a61a20d564fb34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/is-retry-allowed" + } + ] + }, + { + "type": "library", + "name": "json-parse-better-errors", + "version": "1.0.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-better-errors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/zkat/json-parse-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/json-parse-better-errors" + } + ] + }, + { + "type": "library", + "name": "tunnel-agent", + "version": "0.6.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "author": "Mikeal Rogers", + "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/tunnel-agent@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/mikeal/tunnel-agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/tunnel-agent" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "sinon@16.1.3|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "sinon@16.1.3|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "2.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b8b6b48fce7d98cae0dac97041874efc092b39f987f97e8b4d598d4d2f42a9ec6e13622f54e448912a492ea78f01b127289efb68c982c2bd4d519e7bd76d1772" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam/node_modules/@sinonjs/commons" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "11.2.2", + "bom-ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@11.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b6a62092c50ee858ec701920321477cf22cc9e2465d8b5cea615b9c503e9115e48849d397c73ff23ba5d92df6f621419c323d1c6a1e596019beebce91971c83" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/@sinonjs/fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "6.2.2", + "bom-ref": "nise@5.1.9|path-to-regexp@6.2.2", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@6.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1905f749232892781bdfafb085da515c4fb77fd57c533c80a2b958bce1b1f3bb9f1877a13539f9942c6b2ad2f2678625ff010a9cd9ebf7c6733b0c03655e6883" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/path-to-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "pretty-format@29.7.0|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-util@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint@8.57.0|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint@8.57.0|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint@8.57.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint@8.57.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@4.33.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68836203119574e975789c958da5a7fd871502ae068bf628df9a871829ea6d6573eb5837f43d21db7bde63f300d2b14519fc4aed3c92836bb00de36ff89815a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@4.33.0#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66885db1b5da76318148ad3fafe77ced7d120662b33aae3f4b99f32ba481809b29168f7f0940c9ee18dacaecdef892bb09940b0ccae8ab2b69ee939c14a4f164" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "7.32.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@7.32.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54767c817f840dfcfef7b8c6720c860b24626bf74f39de9787dc8fbfc065d7e4a8688c03f9afef96b3a6191532398bbb33052173b0b1a9e683654d774b8f84a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.12.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "author": "Sebastian McKenzie", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.12.11#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babeljs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66dd72a1d071d5473289e3cc4a45a753884faa1c2aee11a2da714bd4b780dc4525faad8b431d7a3084a0274fb3edd9e682f3fd42d2257ae11318e88e1f545c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@babel/code-frame" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "0.4.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@0.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27a285173e50098509ab7a5fd268c47022551116f3bfbd4f5080dccee87d264c0613371e77a08ee400cb1c1d6b6dfffea0f06da0f7cc60d3a9183cc200d95b5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "7.3.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@7.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/eslint/espree.git", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf724234213ae2e9a41699a4146ab354ab0e4f4b4dd59afeb9ea8b65fa55d4e6fc7be08480f59af8ec42a061f7b6786298c2886819b89bfbda46927f92b473da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.5.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15a82d285cfbe17ad397bcba1c2cd0a700df5cfd328717bd9472c3d546718ef64871bc91cfccd3145ff260d7d27f3538d78783c19d52aced10bedc9ffb014c42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "1.2.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66740c9cb5787bb843954bf0f07f94f0048bd36492d869fafbd01cdf01862c87bbfa37b601e00ec4f63e8b320f2437c50dbede0e37afd14b3c30ed6215137c84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "7.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@7.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d0ca9d28d7f98d75b4ced4f3ba9079304ab9a0674313fe3082a4d8b06d48c6a11378765061a89b6842e0a710e2b3813570834656882a10cba4b131e6d0561f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/acorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/glob-parent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/argparse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.29.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.29.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.29.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a65195478e6ce5dc8d5a3b633fda0129a9afc61d74e5ecb17fbd07805f85be990214fb6932a98f7b16432749cd89f0eb28abebc2497098fc78c552614817f02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.38.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.38.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.38.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b68cbf95c9f91c656f06a139aa2ec131beb5acb0179d4a8690435d6fca17e50de4f772c31d055a743a7f805628eb46ebe09a459e0f0c142f9463d2a0d11caea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "tsutils@3.21.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "@babel/highlight@7.24.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "@babel/highlight@7.24.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.20.2", + "bom-ref": "globals@13.24.0|type-fest@0.20.2", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35ef9e138af4fe25a7a40c43f39db3dc0f8dd01b7944dfff36327045dd95147126af2c317f9bec66587847a962c65e81fb0cfff1dfa669348090dd452242372d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-levenshtein", + "version": "2.0.6", + "bom-ref": "optionator@0.9.3|fast-levenshtein@2.0.6", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c25eee887e1a9c92ced364a6371f1a77cbaaa9858e522599ab58c0eb29c11148e5d641d32153d220fcf62bcf2c3fba5f63388ca1d0de0cd2d6c2e61a1d83c77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator/node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "eslint-plugin-node@11.1.0|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "36.0.0", + "bom-ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "author": "Sindre Sorhus", + "description": "Various awesome ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@36.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-36.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c71376bd272d1969c35ba68b1259bf2ca23072b9a4ea676211c5b9e54bf992b72b55c20549632612073f870a5e9987d969c299e67a4511118dcf869386ca7500" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp/node_modules/escape-string-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/eslint-parser@7.24.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-limit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.8.1", + "bom-ref": "read-pkg-up@7.0.1|type-fest@0.8.1", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1d6f3233aaf8ed822339af0d64e6b107b4100d2a676e7611b20446a3374d5f13285a00886ca0a372eb2efe20df7721fa45b7063d8aa8bb903fb1c0a850b0d24" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "2.5.0", + "bom-ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.5.0", + "externalReferences": [ + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "2.8.9", + "bom-ref": "read-pkg@5.2.0|hosted-git-info@2.8.9", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.8.9", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9b120301bf4bb26e83a0e27bc47fb9f97e32d4b53fe078b9d0bf42e6c22cc0adc9cd42d2e1bc24d45be374182f611e1bcd3e2db944220b5e451367f91db2ef63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "5.7.2", + "bom-ref": "read-pkg@5.2.0|semver@5.7.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "701ce79d0f4a8c9a94ebb079d91302eb908c6ab2b6eb4d161676e471a8b05aadf1cbfe61685265b21827a63a2f31527e1df7f8f5df06127d1bf3b0b9a43435d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.6.0", + "bom-ref": "read-pkg@5.2.0|type-fest@0.6.0", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abe301f27611d4a0cbae0af81b9c9e99fb69302eff40ba959dd06610476ace6363e5d70538ee0ea3caa5c1913750b4f7f998a6d45f0aab87019e290d86508c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "0.5.0", + "bom-ref": "regjsparser@0.10.0|jsesc@0.5.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "http://mths.be/mit" + } + } + ], + "purl": "pkg:npm/jsesc@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b99cf952707bbb84fd2efc2616a5e28bba594a8b9a44fa2b1ace70868d48a7b54ed30c5a9c5bc12fb1a433a7531e5817fa384102945eb5a5a99c369b39e4dc9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser/node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "body-parser@1.20.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "body-parser@1.20.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "finalhandler@1.2.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "finalhandler@1.2.0|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "send@0.18.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "1.3.1", + "bom-ref": "global-prefix@1.0.2|which@1.3.1", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix/node_modules/which" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "7.8.1", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@7.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://rxjs.dev", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "000dd3563fb40368ae2284245842bfb6a16306ada3fba3cee98d3325cbf32c016110520edc72f4be5b3d8562e77196c001b2b499aafba19e15d3bf48fea3ccc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt/node_modules/rxjs" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "figures@3.2.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.0.33", + "bom-ref": "external-editor@3.1.0|tmp@0.0.33", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.0.33", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor/node_modules/tmp" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "rxjs@6.6.7|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@jest/core@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-config@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "jest-validate@29.7.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "resolve-cwd@3.0.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd/node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "json-colorizer@2.2.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "json-colorizer@2.2.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "json-colorizer@2.2.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "markdown-diff@2.0.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff/node_modules/diff" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.0.0", + "bom-ref": "mocha@10.4.0|diff@5.0.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.0.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd54c2aef9b9674246b72fc158796387e0408b0dc82beda3f3b34632ef0dc1cfdfe3c5a80c00b7f79ba898ef590f5d7b64e05a1e6917d68c8bbe454cfda213df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "8.1.0", + "bom-ref": "mocha@10.4.0|glob@8.1.0", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@8.1.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afc869123890118945d9053475fddd4be9f1c5222b797412d6a461309334439343751dfce82ee36fb1f0c2877c1608ae7b1fa4d0616381fb75f32bf19b95e809" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/glob" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "5.0.1", + "bom-ref": "mocha@10.4.0|minimatch@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cb0f12054728436e5cf7a8cbaaf92a116440f8fa6889fc6fad743ae39249119e302c05ec5e1a98232c44346e5272eeb1e14766fddeb8506384afc96bbdbf4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "4.1.0", + "bom-ref": "mocha@10.4.0|log-symbols@4.1.0", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: `✔︎ Success`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f173efa4003cbb285fb5ebbca48bd0c69259ed2618769522bd9a46cbab05b01b8a458ffbad019abde75e07c68af99932ababa930554bffd016eaf398cdf4722e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/log-symbols" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "16.2.0", + "bom-ref": "mocha@10.4.0|yargs@16.2.0", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@16.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f59afbed0c6d0be5fb7f8c65a42e91b5fa6d1e43139f681bd33442eb6968f6db049550c5b1654bd880961c2a1ea3186224245847e0864f4214784caa5cf2607" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/yargs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "7.0.4", + "bom-ref": "mocha@10.4.0|cliui@7.0.4", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39c444ebc70eb15317a7562fa2797f7f39103b28cb4aeffc6e13c37d0b747b4fc46f6f374ca3f6d05b3632aa0fb2bf52c00e7de6b44203e40ccd873d9c13fe25" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/cliui" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "yargs-unparser@2.0.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser/node_modules/camelcase" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "oclif@4.13.0|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "oclif@4.13.0|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/debug" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "oclif@4.13.0|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/ms" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "8.1.0", + "bom-ref": "oclif@4.13.0|fs-extra@8.1.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca1950800ea69ce25428eb11505b2025d402be42a1733f2d9591b91c141f45e619cb8e8ec0b718f9989ad26b5d1ec3a8f72fe13fe0b130dd1353d431a0eb46e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/fs-extra" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "4.0.0", + "bom-ref": "oclif@4.13.0|jsonfile@4.0.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@4.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ba175477cfc8e395fda29901d2d907b3e6c8ca590cdbbae86e27f14a605459bcf1373ee1dc48c559cdfb0b84654e91f776d286cbe5258405ec394a196ab8dc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/jsonfile" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "0.1.2", + "bom-ref": "oclif@4.13.0|universalify@0.1.2", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@0.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac125e2390970259b2d6957eeb5ed607d27add4e9771acc71c5d9fd9d6c98b1e17ce9505d114b765b8f414620e080bdae4ffddfc604e61a002435c3ed1acd492" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/universalify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.575.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "602b2d55a5b9b40bd7b3ebf82d1f603403be55184839b8e4d7f92709d550e504114debed550b5d25678dac3658a38013a343871b2a860a3e59d3d4d632ff9ed5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.575.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0cad3e09d9d462b247f42453062f954d06a3ef73a8a035adb5f0b1812731d798bb26d567c60869dc7bce11ed4d944abf283ce7a7bb45f34822ef310c996c659" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.575.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d75ed4fa44248b65e829c6107dea6695170dc67eab10b1a538538143c6762530571181db956da47b4ebb6b408b9b1170a7fcc25ae73b2068ddde29f7c78437ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.575.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac474da6a5b68c47399306dffecf57432c0c2d094890c8ee08aea6c3db05d8e5511871959e1fba7a1ff5245c7c2a3f9e539d5cb627d0eca6877bc746728f0761" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.575.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5765a82c1897342738ac8599b7a15470fe13374564d3603d3cf0815a44dfc8ea288aa7eaf96666663451069c25d7ee54b2f011b25aca585d15ce178c4573c92d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-host-header" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.575.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec310ac7d675d4c69ac9eec57e162d0bcae36ccfcf70570c3b637840401fca97205828fec3882c784d8e19d7c01fd3850e815ce98bcba79defd7abdb3e3cd04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-logger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.575.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae2f3d95d445a2ce8a64319a92758f4b65cf3bdaabfa067bfa63daa14f189123355b8b8aaad9d448e37273e3b7085189aea45eb861e146ad25d9295dd1b8f03b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-recursion-detection" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.575.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7d696be117eb50d4b64773e03fe5aca0c60e44082fff8ecba742747dbddd5ced58bdd73335675d45b152517d8c43133fcbd5c57d03cba4b83396e8682f70a37a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.575.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0124ac1358a096bbdcbc1735c88a3606c242abded0e43d733b072953a1ee96fad1a4a783a2ad5e225eb580f7345e3704d37a9a311ee7e87ea8c62bd06d708f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.575.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eb9e89501acd305f176036e762ad1d783a034e6ab1fb59489fdfcfb63dde289d91fe2fb5e820b7a6d04800d6d469805a70da914795908d6801c33520446a5ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.575.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c02e71f95eb0de446547a5fa5d520db003c3606f93cecdd6b61970f982ed8ee3ce0d435921002ab000476a1c677a417202fb1efb5f76f47c28f8268bf811d918" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.575.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8800e89d7c9a5e0c2f0b84f4a91b8358274a227cfcd865f67327b3abfa2a5652fc6cf63b1c3f23c1966bbae25dab9b646898b51216cee3e7f592c66a3a264abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.575.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "930cef05f0342e820b0ce152e8157cb8e924b011eb62e94fea43577a00797999c348d89ae436c1b17ab143f1e49cd1796b8dbd496430d9a690244810bd907554" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.575.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "613829ab7aef6015f35ba3930c1d34704efd7af42db2cfe5cf61a525782aa955c3d26ee2efb84603ccdbe3855ebcffd6c6d0da8925bb4928eebbc542046b20e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.575.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c507d599823ef4aa91be1598f1fc84967a5c5540415208bf1e88e2de853a58bad48eb5fdf24f771deee0283412c877fbca430b5002585b0b15e008d0da3ea78c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.575.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d33a6bfe5552e3607b773ac91bb1bcefb8b2b2e849fa877e44067d40df8537532699639697e773d877cf6362d7e6ae78e1cf64c34558892d1c3717e7050606" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.575.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbfe4d255ecc672b0a825a89490fcef0e10b35cc0b707df192769b2fd35a82dcc1ed1341da9d405174745254decbdb120cb2f8a0298d6bffae9d8ba0956fc086" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.575.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36d5c0f4e3c82aca9abecd85ee184b4ffb766438f026cbd07af8f7d68bf536999335831cece585583a6d386eeba69b1632c93928a99f88bdaa5624099decd734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.575.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41cbd51fbc29be91515c600680205f41e885fe9b43d0d27e1eb73c74361f3c6845799d04a1540160da612e2db9c5eec967e5db6aa08aad444766daf87c010e27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.575.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a5156a40b64b43dd7072e3b7ad1bcd062972bd2e1dec3423172e3712b34352d1f751210252db32b10bca8adb651099d14aa57c6d84d0f914a93b7cd12aad1fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.575.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f3433d0a109232aa9f80f6b7bd2a5736df76d95a032f4a05d1b9f2a0f5c8d595c6af1187f957770981f9a1363d26a1b727d58a465d091a19885cf10e1e4850" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.583.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cedf09ab1573e2da4344e3a943d570137d1aef74dc577780e54c5a2ea169abee5beaa1491c6e6b64576aff5c2859036cf41e20daba9842d5ef1bf2568955e4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.583.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4333189e98f0d6afd758d90e00ca2c6446793f86f4ba7ece8e5b1b950b3d563b8ed885a01f3ac10602040c8032cb68e7e3fe82d4e43d78b9334110f1a1e2b04" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.582.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1f983f7a21073d83575bcaa942cb1bb97c21bb90897da75368379faf1815322dd6e63c25773dd83df6744760426ebf63201b1e405051833cc1dca9b2699d923" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.583.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81372a415e7cbbcc91fce52cf10e3f2cd666cb5eff5cfd56ead2a4774773ce8f689d67acb007faa52110b55f006ebf8f56be0f24035c0a5e4dcade3ae971523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.583.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c553575d70d6bc1548fc0795b52740f5256e9aac6265a11293f269527f463249ad4ca7ed7abd02c1e6a9fb5890f63f1b4403b4bcd8662246dcbdd0754b859553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.583.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642f666f68eae811573d8b14b03dad99872796677ef4f18dc2714d9fc8e4e1a6e76b9263936c0392737cd726e4b66051e6db4df56f2e82692db8ab6f00c20309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.582.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9063942b0e6bc8f90321807af4f8cadd289c54b4db581d3aa2e14dd96d44bea509a644063c0506cd872898ab6dde625a0937ffd647e8687c0044097a28a48ff1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.583.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d2858d83fca9b3a72d8e111e2ffa89f4121affec573fb44f0d0a85299db306459b98b2cea0c59746f97cb8a5010faa827be0c699cbbdb247d55de5d27ac11" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.583.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bfd44bcbf6d05ecd2894fb4ead1b82bf90ebc57cf8e785e4f82525ea8cf33bfaf8cace0a768f1a7527d30c77af73b388d55a89fddf6ccc786823ac2a65ccc12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.583.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d276326881b596708248f8f862d5af3ab0983e83f05069b6b15993b3e71a449feefd50f2dc58348ea063ddfc4518582789415b870d6e13ef5a80f1025f741f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|cli-width@4.1.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@4.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2eb99778fdd9b64b0e469aacba6c6c8d34d7b5aadf51a66c6f78b48eeca720b139d4ed15dfb30fbf6ee9161a8d5a6e006230089cd3af2b72566c3b82169a6c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/cli-width" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "@inquirer/core@8.2.2|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6afb09421c9dfbaf3480a5f21bfb107349d7682eab0643ce7f21d87056fdfa1764a90911f5b767909d003198647b4a1eb0fa883be985149f8874173b9acb7820" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "6.2.0", + "bom-ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afa94f7011b1657948732984bbb227c43321756d0a0f1a4b82814b720b9ab3109a27f48e219c0835ab4af4a63fb5ff99ae5cb038a5345038f70135d405fc495c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.15", + "bom-ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a66b5993c211e31a8fae5994a6365c83f7712363ad317a5911177dae63d41ac4bd7ad6bb80504a1545eac5f2f9132ff48cbf2c266b1b987b120039a5d27b4c3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "3.1.0", + "bom-ref": "decompress-response@6.0.0|mimic-response@3.1.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf4c9623ee050ebaf0792f199ade048f91dd266932d79f8bd9ee96827dfe88ae5f5b36fa4f77e1345ab6f8c79345bd3ae1ce96af837fc2fd03cd04e33731cd19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response/node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "4.0.1", + "bom-ref": "sort-package-json@2.10.0|detect-newline@4.0.1", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a84dd57a0d585f3187421940ea3cde6d9376a957fa357f80ee6eea9610861b7d1d262c6b0108583ac263b270632640929ae38fa42937d35e397ebf055746f3a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/detect-newline" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "13.2.2", + "bom-ref": "sort-package-json@2.10.0|globby@13.2.2", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@13.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635ccd195fa9cd0761ec7dfd97dce00783c9aa344dab276f7580831b81c55cce17baf49a41094473dd48535c802cbf205130e89a00407f3dd725d9944bea28d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/globby" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "4.0.0", + "bom-ref": "sort-package-json@2.10.0|slash@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddd3ac0075d7524413a4e61ca00c4b228acc4e9e20210af9216de255bec0ee5148a74547867ca79bd8b3c7a4ecb1dac87152044809558ed9ced8af1b83e0a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/slash" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "4.1.0", + "bom-ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f822faf32e50d909c84c62301b792251683322a7af9ce127852ca73e7c58e841179428219905c8d1c86c102d1f0cd502093946d9dd54db0344deb5fe6983aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "3.1.0", + "bom-ref": "open@10.1.0|is-wsl@3.1.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51c55f55f68ae127389bb5f77544a81e8a3340604415e0c2fb3568d3ab7df317bc0b31d265905e90d5c7fadbb435a947a25709fd0006a92e3a1de7fb41704833" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open/node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "3.0.0", + "bom-ref": "is-inside-container@1.0.0|is-docker@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a58dc8040e5127b3fec05c5a2c0792bfda708ce0fec540f90673f0d62f2e6b985116bd96b21ab8a4d5df7f4086399c9e1ff58b15bc1900ea42691e7f6b21275" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container/node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "5.2.0", + "bom-ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "4.1.1", + "bom-ref": "prompt-sync@4.2.0|ansi-regex@4.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b96fe24ff77fabdf4383a83f6006be2ace92d950f7c6442f593d15a423c5adcbd5a6c181bb930c074f3a9bdb1a7702d014d542b97e38cf316462bab565edee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "ts-jest@29.1.4|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "test-exclude@6.0.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "7.0.1", + "bom-ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@7.0.1", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "055c156cf251b29ccd876c9fb25c93d4f49b979b88934dc46656f8f7744a1cde2a7a3fc3d3a9f570486394e246ebda05b04ece4fc5e3a5351c61fea92932cc87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/ts-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arrify", + "version": "1.0.1", + "bom-ref": "ts-mocha@10.0.0|arrify@1.0.1", + "author": "Sindre Sorhus", + "description": "Convert a value to an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arrify@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/arrify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/arrify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/arrify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc26337b1f4cf451908c218c1b28baff7d5cf0625b81bd2a1b2af1e475b13ddd1a0b0878701d988cc6f65dff54ba8a20accae53bd713aa7079ac8e461d94dc50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/arrify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "3.5.0", + "bom-ref": "ts-mocha@10.0.0|diff@3.5.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@3.5.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "038eaab4581dfa0ee90d98a7a67c22449b716c2d61a607f4bb33f7886f3db1c1e4d00502ec0d531b17f93a288e52ffc931947c18eb7c84bf74d215746cecb9c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "0.5.6", + "bom-ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "author": "James Halliday", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "externalReferences": [ + { + "url": "git+https://github.com/substack/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "2.0.0", + "bom-ref": "ts-mocha@10.0.0|yn@2.0.0", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b93bfc27fc225938144e0fbdbcb4e2fff95e525e6f0d04baba28bf7a67936f6b2c63bbe5e9059fd9f15b2081a39e18ef6dd2a553479ded03e063586d4c2f3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/yn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "1.0.2", + "bom-ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "author": "Aseem Kishore", + "description": "JSON for humans.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83531630b062cfc14a8b57b8c3453254bdf0fa225c7960050406819e718a3a935ae5ff132e4b646eb7b5facea8202c9d5809be1d15064e623efffc6fda1bd760" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "3.0.0", + "bom-ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdabc03115ce80154d17a9f210498bdc304ad7d891a437282305beb3043e09b1a2bbb963bbab7e264940d4c1f07a85ad69d82de0849552c5cbc83ab7e1d75cc0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/strip-bom" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.9", + "bom-ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.9", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc17a5b7ab5d73c6cf800b5b72676d349962ad5a139846f97b6802f783e7930116f6323a0801d47a81bce6d8d63f95aabaa7dabe832d330886e0ff76e9928ab9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "3.2.1", + "bom-ref": "colorspace@1.1.4|color@3.2.1", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68197b75923d10d37a7d4182ee65a93133cd1e659448d6a7f6db9637a6a187964b364f5b68b24e9d2325ad090772b7c5833dbf462823515023771dfa55c7a628" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "colorspace@1.1.4|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "colorspace@1.1.4|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "sax", + "version": "1.3.0", + "bom-ref": "xlsx-populate@1.21.0|sax@1.3.0", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2cfa8026c3dccb975575712f41b5937b240774716e5ed101f85b72d610ae9ae0b68b100d8e4e919858363ee976ac04bb73eb0926deed71470f79991b89e7d58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate/node_modules/sax" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "2.3.8", + "bom-ref": "jszip@3.10.1|readable-stream@2.3.8", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.1.2", + "bom-ref": "jszip@3.10.1|safe-buffer@5.1.2", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.1.1", + "bom-ref": "jszip@3.10.1|string_decoder@1.1.1", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/string_decoder" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "2.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@2.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7dda27f9373eb5f48d30f9a909acb647d0c5f43dbe435f7f573b0413b5749d41039a607d374b5b88429e2684e66d017af1ab85623baed84e22c1a36eb7f28f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85a444ca9abbc6433b12b7e0232034cfe063e0018a94c49d9501368ef268ea1b960f511d90a615f86fd3e27ab4604176be04d3f24a8c14aa35b879fde74af849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path/node_modules/path-key" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2?vcs_url=git%2Bhttps%3A//github.com/zeit/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "author": "Isaac Z. Schlueter", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@5.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2?vcs_url=git%3A//github.com/isaacs/node-which.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call/node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "send@0.18.0|debug@2.6.9|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ], + "dependencies": [ + { + "ref": "@mitre/saf@1.4.7", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@aws-sdk/client-securityhub@3.590.0", + "@e965/xlsx@0.20.1", + "@mitre/emass_client@3.10.0", + "@mitre/hdf-converters@2.10.8", + "@mitre/heimdall-lite@2.10.9", + "@mitre/inspec-objects@1.0.1", + "@oclif/core@3.26.9", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-plugins@5.2.2", + "@oclif/plugin-version@2.2.2", + "@oclif/plugin-warn-if-update-available@3.1.4", + "@oclif/test@3.2.15", + "@smithy/node-http-handler@3.0.0", + "@types/chai@4.3.14", + "@types/express@4.17.21", + "@types/flat@5.0.5", + "@types/fs-extra@11.0.4", + "@types/get-installed-path@4.0.3", + "@types/jest@29.5.12", + "@types/js-yaml@4.0.9", + "@types/lodash@4.17.4", + "@types/mocha@10.0.6", + "@types/mock-fs@4.13.4", + "@types/mustache@4.2.5", + "@types/node@20.14.1", + "@types/objects-to-csv@1.3.3", + "@types/prompt-sync@4.2.3", + "@types/tmp@0.2.6", + "@types/uuid@9.0.8", + "@types/xml2js@0.4.14", + "@typescript-eslint/eslint-plugin@7.12.0", + "accurate-search@1.2.15", + "ajv@8.16.0", + "axios@1.7.2", + "chai@4.4.1", + "colors@1.4.0", + "csv-parse@4.16.3", + "dotenv@16.4.5", + "eslint-config-oclif-typescript@1.0.3", + "eslint-config-oclif@4.0.0", + "eslint-plugin-unicorn@52.0.0", + "eslint@8.57.0", + "express@4.19.2", + "fast-xml-parser@4.4.0", + "flat@5.0.2", + "form-data@4.0.0", + "fs-extra@11.2.0", + "get-installed-path@4.0.8", + "htmlparser2@9.1.0", + "https@1.0.0", + "inquirer-file-tree-selection-prompt@2.0.2", + "inquirer@8.0.0", + "inspecjs@2.10.8", + "jest-mock@29.7.0", + "jest@29.7.0", + "js-yaml@4.1.0", + "json-colorizer@2.2.2", + "lodash@4.17.21", + "markdown-diff@2.0.0", + "markdown-table-ts@1.0.3", + "marked@12.0.2", + "mocha@10.4.0", + "mock-fs@5.2.0", + "moment@2.30.1", + "mustache@4.2.0", + "objects-to-csv@1.3.6", + "oclif@4.13.0", + "open@10.1.0", + "prompt-sync@4.2.0", + "run-script-os@1.1.6", + "table@6.8.2", + "tmp@0.2.3", + "ts-jest@29.1.4", + "ts-mocha@10.0.0", + "ts-node@10.9.2", + "tsimportlib@0.0.5", + "tslib@2.6.3", + "typescript@5.1.6", + "uuid@9.0.1", + "winston@3.13.0", + "xlsx-populate@1.21.0", + "xml2js@0.6.2", + "yaml@2.4.3", + "zip-lib@1.0.4" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0", + "dependsOn": [ + "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/util@3.0.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/util@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/util@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/types@3.577.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-utf8-browser@3.259.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-locate-window@3.535.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "tslib@2.6.3" + }, + { + "ref": "@aws-sdk/middleware-host-header@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-logger@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/config-resolver@3.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/core@2.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/fetch-http-handler@3.0.1", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/invalid-dependency@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-content-length@3.0.0", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-endpoint@3.0.1", + "dependsOn": [ + "@smithy/middleware-serde@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-retry@3.0.3", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/service-error-classification@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "tslib@2.6.3", + "uuid@9.0.1" + ] + }, + { + "ref": "@smithy/middleware-serde@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-stack@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-config-provider@3.1.0", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-http-handler@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/protocol-http@4.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/smithy-client@3.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-stack@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/types@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/url-parser@3.0.0", + "dependsOn": [ + "@smithy/querystring-parser@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-base64@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-browser@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-node@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-browser@3.0.3", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-node@3.0.3", + "dependsOn": [ + "@smithy/config-resolver@3.0.1", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-endpoints@2.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-middleware@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-retry@3.0.0", + "dependsOn": [ + "@smithy/service-error-classification@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-utf8@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/signature-v4@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/is-array-buffer@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-hex-encoding@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-uri-escape@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "strnum@1.0.5" + }, + { + "ref": "@smithy/property-provider@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-stream@3.0.1", + "dependsOn": [ + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/credential-provider-imds@3.1.0", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/shared-ini-file-loader@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-config-provider@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "bowser@2.11.0" + }, + { + "ref": "@smithy/querystring-builder@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-buffer-from@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/service-error-classification@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0" + ] + }, + { + "ref": "uuid@9.0.1" + }, + { + "ref": "@smithy/querystring-parser@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@e965/xlsx@0.20.1" + }, + { + "ref": "@mitre/emass_client@3.10.0", + "dependsOn": [ + "@mitre/emass_client@3.10.0|axios@0.21.4" + ] + }, + { + "ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "dependsOn": [ + "follow-redirects@1.15.6" + ] + }, + { + "ref": "follow-redirects@1.15.6" + }, + { + "ref": "@mitre/hdf-converters@2.10.8", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@e965/xlsx@0.20.1", + "@mdi/js@7.4.47", + "@mitre/jsonix@3.0.7", + "@smithy/node-http-handler@3.0.0", + "@types/csv2json@1.4.5", + "@types/ms@0.7.34", + "@types/mustache@4.2.5", + "@types/papaparse@5.3.14", + "@types/revalidator@0.3.12", + "@types/triple-beam@1.3.5", + "@types/validator@13.12.0", + "@types/xml2js@0.4.14", + "axios@1.7.2", + "compare-versions@6.1.0", + "csv2json@2.0.2", + "fast-xml-parser@4.4.0", + "html-entities@2.5.2", + "htmlparser2@9.1.0", + "inspecjs@2.10.8", + "lodash@4.17.21", + "moment@2.30.1", + "ms@2.1.3", + "mustache@4.2.0", + "papaparse@5.4.1", + "revalidator@0.3.1", + "run-script-os@1.1.6", + "semver@7.6.2", + "tailwindcss@3.4.3", + "tw-elements@1.1.0", + "validator@13.12.0", + "winston@3.13.0", + "xml-formatter@3.6.2", + "xml-parser-xo@4.1.1", + "xml2js@0.6.2", + "yaml@2.4.3" + ] + }, + { + "ref": "@mdi/js@7.4.47" + }, + { + "ref": "@mitre/jsonix@3.0.7", + "dependsOn": [ + "@xmldom/xmldom@0.8.10", + "amdefine@0.0.4", + "xmlhttprequest@1.8.0" + ] + }, + { + "ref": "@xmldom/xmldom@0.8.10" + }, + { + "ref": "amdefine@0.0.4" + }, + { + "ref": "xmlhttprequest@1.8.0" + }, + { + "ref": "@types/csv2json@1.4.5", + "dependsOn": [ + "@types/pumpify@1.4.4" + ] + }, + { + "ref": "@types/pumpify@1.4.4", + "dependsOn": [ + "@types/duplexify@3.6.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/duplexify@3.6.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/node@20.14.1", + "dependsOn": [ + "undici-types@5.26.5" + ] + }, + { + "ref": "@types/ms@0.7.34" + }, + { + "ref": "@types/mustache@4.2.5" + }, + { + "ref": "@types/papaparse@5.3.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/revalidator@0.3.12" + }, + { + "ref": "@types/triple-beam@1.3.5" + }, + { + "ref": "@types/validator@13.12.0" + }, + { + "ref": "@types/xml2js@0.4.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "axios@1.7.2", + "dependsOn": [ + "follow-redirects@1.15.6", + "form-data@4.0.0", + "proxy-from-env@1.1.0" + ] + }, + { + "ref": "compare-versions@6.1.0" + }, + { + "ref": "csv2json@2.0.2", + "dependsOn": [ + "csv-parser@2.3.5", + "exec-promise@0.7.0", + "minimist@1.2.8", + "promise-toolbox@0.14.0", + "pump@3.0.0", + "pumpify@2.0.1", + "strip-bom-stream@4.0.0", + "through2@3.0.2" + ] + }, + { + "ref": "csv-parser@2.3.5", + "dependsOn": [ + "minimist@1.2.8", + "through2@3.0.2" + ] + }, + { + "ref": "minimist@1.2.8" + }, + { + "ref": "through2@3.0.2", + "dependsOn": [ + "inherits@2.0.4", + "readable-stream@3.6.2" + ] + }, + { + "ref": "exec-promise@0.7.0", + "dependsOn": [ + "log-symbols@1.0.2" + ] + }, + { + "ref": "log-symbols@1.0.2", + "dependsOn": [ + "log-symbols@1.0.2|chalk@1.1.3" + ] + }, + { + "ref": "log-symbols@1.0.2|chalk@1.1.3", + "dependsOn": [ + "log-symbols@1.0.2|ansi-styles@2.2.1", + "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "has-ansi@2.0.0", + "log-symbols@1.0.2|strip-ansi@3.0.1", + "log-symbols@1.0.2|supports-color@2.0.0" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-styles@2.2.1" + }, + { + "ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "log-symbols@1.0.2|ansi-regex@2.1.1" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-regex@2.1.1" + }, + { + "ref": "log-symbols@1.0.2|supports-color@2.0.0" + }, + { + "ref": "has-ansi@2.0.0", + "dependsOn": [ + "has-ansi@2.0.0|ansi-regex@2.1.1" + ] + }, + { + "ref": "has-ansi@2.0.0|ansi-regex@2.1.1" + }, + { + "ref": "promise-toolbox@0.14.0", + "dependsOn": [ + "make-error@1.3.6" + ] + }, + { + "ref": "make-error@1.3.6" + }, + { + "ref": "pump@3.0.0", + "dependsOn": [ + "end-of-stream@1.4.4", + "once@1.4.0" + ] + }, + { + "ref": "end-of-stream@1.4.4", + "dependsOn": [ + "once@1.4.0" + ] + }, + { + "ref": "once@1.4.0", + "dependsOn": [ + "wrappy@1.0.2" + ] + }, + { + "ref": "pumpify@2.0.1", + "dependsOn": [ + "duplexify@4.1.3", + "inherits@2.0.4", + "pump@3.0.0" + ] + }, + { + "ref": "duplexify@4.1.3", + "dependsOn": [ + "end-of-stream@1.4.4", + "inherits@2.0.4", + "readable-stream@3.6.2", + "stream-shift@1.0.3" + ] + }, + { + "ref": "inherits@2.0.4" + }, + { + "ref": "readable-stream@3.6.2", + "dependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "stream-shift@1.0.3" + }, + { + "ref": "strip-bom-stream@4.0.0", + "dependsOn": [ + "first-chunk-stream@3.0.0", + "strip-bom-buf@2.0.0" + ] + }, + { + "ref": "first-chunk-stream@3.0.0" + }, + { + "ref": "strip-bom-buf@2.0.0", + "dependsOn": [ + "is-utf8@0.2.1" + ] + }, + { + "ref": "is-utf8@0.2.1" + }, + { + "ref": "fast-xml-parser@4.4.0", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "html-entities@2.5.2" + }, + { + "ref": "htmlparser2@9.1.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "domutils@3.1.0", + "entities@4.5.0" + ] + }, + { + "ref": "inspecjs@2.10.8" + }, + { + "ref": "lodash@4.17.21" + }, + { + "ref": "moment@2.30.1" + }, + { + "ref": "ms@2.1.3" + }, + { + "ref": "mustache@4.2.0" + }, + { + "ref": "papaparse@5.4.1" + }, + { + "ref": "revalidator@0.3.1" + }, + { + "ref": "run-script-os@1.1.6" + }, + { + "ref": "semver@7.6.2" + }, + { + "ref": "tailwindcss@3.4.3", + "dependsOn": [ + "@alloc/quick-lru@5.2.0", + "arg@5.0.2", + "chokidar@3.5.3", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "postcss-import@15.1.0", + "postcss-js@4.0.1", + "postcss-load-config@4.0.2", + "postcss-nested@6.0.1", + "postcss-selector-parser@6.0.16", + "postcss@8.4.38", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "@alloc/quick-lru@5.2.0" + }, + { + "ref": "arg@5.0.2" + }, + { + "ref": "chokidar@3.5.3", + "dependsOn": [ + "anymatch@3.1.3", + "braces@3.0.2", + "fsevents@2.3.3", + "chokidar@3.5.3|glob-parent@5.1.2", + "is-binary-path@2.1.0", + "is-glob@4.0.3", + "normalize-path@3.0.0", + "readdirp@3.6.0" + ] + }, + { + "ref": "chokidar@3.5.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "didyoumean@1.2.2" + }, + { + "ref": "dlv@1.1.3" + }, + { + "ref": "fast-glob@3.3.2", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "fast-glob@3.3.2|glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.5" + ] + }, + { + "ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "@nodelib/fs.stat@2.0.5" + }, + { + "ref": "@nodelib/fs.walk@1.2.8", + "dependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.17.1" + ] + }, + { + "ref": "is-glob@4.0.3", + "dependsOn": [ + "is-extglob@2.1.1" + ] + }, + { + "ref": "merge2@1.4.1" + }, + { + "ref": "micromatch@4.0.5", + "dependsOn": [ + "braces@3.0.2", + "picomatch@2.3.1" + ] + }, + { + "ref": "glob-parent@6.0.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "jiti@1.21.0" + }, + { + "ref": "lilconfig@2.1.0" + }, + { + "ref": "braces@3.0.2", + "dependsOn": [ + "fill-range@7.0.1" + ] + }, + { + "ref": "picomatch@2.3.1" + }, + { + "ref": "normalize-path@3.0.0" + }, + { + "ref": "object-hash@3.0.0" + }, + { + "ref": "picocolors@1.0.0" + }, + { + "ref": "postcss-import@15.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "postcss-value-parser@4.2.0" + }, + { + "ref": "postcss@8.4.38", + "dependsOn": [ + "nanoid@3.3.7", + "picocolors@1.0.0", + "source-map-js@1.2.0" + ] + }, + { + "ref": "read-cache@1.0.0", + "dependsOn": [ + "pify@2.3.0" + ] + }, + { + "ref": "pify@2.3.0" + }, + { + "ref": "resolve@1.22.8", + "dependsOn": [ + "is-core-module@2.13.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ] + }, + { + "ref": "postcss-js@4.0.1", + "dependsOn": [ + "camelcase-css@2.0.1", + "postcss@8.4.38" + ] + }, + { + "ref": "camelcase-css@2.0.1" + }, + { + "ref": "postcss-load-config@4.0.2", + "dependsOn": [ + "postcss-load-config@4.0.2|lilconfig@3.1.1", + "postcss@8.4.38", + "ts-node@10.9.2", + "yaml@2.4.3" + ] + }, + { + "ref": "postcss-load-config@4.0.2|lilconfig@3.1.1" + }, + { + "ref": "ts-node@10.9.2", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1", + "@tsconfig/node10@1.0.11", + "@tsconfig/node12@1.0.11", + "@tsconfig/node14@1.0.3", + "@tsconfig/node16@1.0.4", + "@types/node@20.14.1", + "acorn-walk@8.3.2", + "acorn@8.11.3", + "ts-node@10.9.2|arg@4.1.3", + "create-require@1.1.1", + "diff@4.0.2", + "make-error@1.3.6", + "typescript@5.1.6", + "v8-compile-cache-lib@3.0.1", + "yn@3.1.1" + ] + }, + { + "ref": "ts-node@10.9.2|arg@4.1.3" + }, + { + "ref": "yaml@2.4.3" + }, + { + "ref": "postcss-nested@6.0.1", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "postcss-selector-parser@6.0.16", + "dependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "cssesc@3.0.0" + }, + { + "ref": "util-deprecate@1.0.2" + }, + { + "ref": "nanoid@3.3.7" + }, + { + "ref": "source-map-js@1.2.0" + }, + { + "ref": "is-core-module@2.13.1", + "dependsOn": [ + "hasown@2.0.2" + ] + }, + { + "ref": "path-parse@1.0.7" + }, + { + "ref": "supports-preserve-symlinks-flag@1.0.0" + }, + { + "ref": "sucrase@3.35.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "sucrase@3.35.0|commander@4.1.1", + "sucrase@3.35.0|glob@10.3.12", + "lines-and-columns@1.2.4", + "mz@2.7.0", + "pirates@4.0.6", + "ts-interface-checker@0.1.13" + ] + }, + { + "ref": "sucrase@3.35.0|commander@4.1.1" + }, + { + "ref": "sucrase@3.35.0|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "sucrase@3.35.0|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "sucrase@3.35.0|minipass@7.0.4" + }, + { + "ref": "@jridgewell/gen-mapping@0.3.5", + "dependsOn": [ + "@jridgewell/set-array@1.2.1", + "@jridgewell/sourcemap-codec@1.4.15", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "@jridgewell/set-array@1.2.1" + }, + { + "ref": "@jridgewell/sourcemap-codec@1.4.15" + }, + { + "ref": "@jridgewell/trace-mapping@0.3.25", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "foreground-child@3.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "foreground-child@3.1.1|signal-exit@4.1.0" + ] + }, + { + "ref": "foreground-child@3.1.1|signal-exit@4.1.0" + }, + { + "ref": "cross-spawn@7.0.3", + "dependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ] + }, + { + "ref": "jackspeak@2.3.6", + "dependsOn": [ + "@isaacs/cliui@8.0.2", + "@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2", + "dependsOn": [ + "string-width@4.2.3", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.5h3h9846p8.g5nk6qdc128", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "wrap-ansi@7.0.0", + "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "eastasianwidth@0.2.0", + "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1" + }, + { + "ref": "string-width@4.2.3", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "emoji-regex@8.0.0" + }, + { + "ref": "is-fullwidth-code-point@3.0.0" + }, + { + "ref": "strip-ansi@6.0.1", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "ansi-regex@5.0.1" + }, + { + "ref": "wrap-ansi@7.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-styles@4.3.0", + "dependsOn": [ + "color-convert@2.0.1" + ] + }, + { + "ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@pkgjs/parseargs@0.11.0" + }, + { + "ref": "minimatch@9.0.4", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "path-scurry@1.10.2", + "dependsOn": [ + "path-scurry@1.10.2|lru-cache@10.2.0", + "path-scurry@1.10.2|minipass@7.0.4" + ] + }, + { + "ref": "path-scurry@1.10.2|lru-cache@10.2.0" + }, + { + "ref": "path-scurry@1.10.2|minipass@7.0.4" + }, + { + "ref": "lines-and-columns@1.2.4" + }, + { + "ref": "mz@2.7.0", + "dependsOn": [ + "any-promise@1.3.0", + "object-assign@4.1.1", + "thenify-all@1.6.0" + ] + }, + { + "ref": "any-promise@1.3.0" + }, + { + "ref": "object-assign@4.1.1" + }, + { + "ref": "thenify-all@1.6.0", + "dependsOn": [ + "thenify@3.3.1" + ] + }, + { + "ref": "thenify@3.3.1", + "dependsOn": [ + "any-promise@1.3.0" + ] + }, + { + "ref": "pirates@4.0.6" + }, + { + "ref": "ts-interface-checker@0.1.13" + }, + { + "ref": "tw-elements@1.1.0", + "dependsOn": [ + "@popperjs/core@2.11.8", + "chart.js@3.9.1", + "chartjs-plugin-datalabels@2.2.0", + "deepmerge@4.3.1", + "detect-autofill@1.1.4", + "perfect-scrollbar@1.5.5", + "tw-elements@1.1.0|tailwindcss@3.3.0" + ] + }, + { + "ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "dependsOn": [ + "arg@5.0.2", + "chokidar@3.5.3", + "color-name@1.1.4", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "tw-elements@1.1.0|postcss-import@14.1.0", + "postcss-js@4.0.1", + "tw-elements@1.1.0|postcss-load-config@3.1.4", + "tw-elements@1.1.0|postcss-nested@6.0.0", + "postcss-selector-parser@6.0.16", + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "quick-lru@5.1.1", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "dependsOn": [ + "lilconfig@2.1.0", + "postcss@8.4.38", + "ts-node@10.9.2", + "tw-elements@1.1.0|yaml@1.10.2" + ] + }, + { + "ref": "tw-elements@1.1.0|yaml@1.10.2" + }, + { + "ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "@popperjs/core@2.11.8" + }, + { + "ref": "chart.js@3.9.1" + }, + { + "ref": "chartjs-plugin-datalabels@2.2.0", + "dependsOn": [ + "chart.js@3.9.1" + ] + }, + { + "ref": "deepmerge@4.3.1" + }, + { + "ref": "detect-autofill@1.1.4", + "dependsOn": [ + "custom-event-polyfill@1.0.7" + ] + }, + { + "ref": "custom-event-polyfill@1.0.7" + }, + { + "ref": "perfect-scrollbar@1.5.5" + }, + { + "ref": "color-name@1.1.4" + }, + { + "ref": "quick-lru@5.1.1" + }, + { + "ref": "validator@13.12.0" + }, + { + "ref": "winston@3.13.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@dabh/diagnostics@2.0.3", + "async@3.2.5", + "is-stream@2.0.1", + "logform@2.6.0", + "one-time@1.0.0", + "readable-stream@3.6.2", + "safe-stable-stringify@2.4.3", + "stack-trace@0.0.10", + "triple-beam@1.4.1", + "winston-transport@4.7.0" + ] + }, + { + "ref": "xml-formatter@3.6.2", + "dependsOn": [ + "xml-parser-xo@4.1.1" + ] + }, + { + "ref": "xml-parser-xo@4.1.1" + }, + { + "ref": "xml2js@0.6.2", + "dependsOn": [ + "sax@1.2.1", + "xmlbuilder@11.0.1" + ] + }, + { + "ref": "@mitre/heimdall-lite@2.10.9", + "dependsOn": [ + "express@4.19.2" + ] + }, + { + "ref": "express@4.19.2", + "dependsOn": [ + "accepts@1.3.8", + "array-flatten@1.1.1", + "body-parser@1.20.2", + "content-disposition@0.5.4", + "content-type@1.0.5", + "cookie-signature@1.0.6", + "cookie@0.6.0", + "express@4.19.2|debug@2.6.9", + "depd@2.0.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "finalhandler@1.2.0", + "fresh@0.5.2", + "http-errors@2.0.0", + "merge-descriptors@1.0.1", + "methods@1.1.2", + "on-finished@2.4.1", + "parseurl@1.3.3", + "path-to-regexp@0.1.7", + "proxy-addr@2.0.7", + "qs@6.11.0", + "range-parser@1.2.1", + "safe-buffer@5.2.1", + "send@0.18.0", + "serve-static@1.15.0", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "type-is@1.6.18", + "utils-merge@1.0.1", + "vary@1.1.2" + ] + }, + { + "ref": "express@4.19.2|debug@2.6.9", + "dependsOn": [ + "express@4.19.2|ms@2.0.0" + ] + }, + { + "ref": "express@4.19.2|ms@2.0.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1", + "dependsOn": [ + "@types/flat@5.0.5", + "@types/he@1.2.3", + "@types/json-diff@0.7.0", + "@types/jstoxml@2.0.4", + "@types/lodash@4.17.4", + "@types/mustache@4.2.5", + "@types/pretty@2.0.3", + "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "flat@5.0.2", + "he@1.2.0", + "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "inspecjs@2.10.8", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json-diff@0.9.1", + "jstoxml@3.2.10", + "lodash@4.17.21", + "mustache@4.2.0", + "pretty@2.0.0", + "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "winston@3.13.0", + "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "@mitre/inspec-objects@1.0.1|entities@3.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "rimraf@3.0.2", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "terminal-link@2.1.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "dependsOn": [ + "@types/node@20.14.1", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "dependsOn": [ + "execa@5.1.1", + "p-limit@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "micromatch@4.0.5", + "parse-json@5.2.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "is-generator-fn@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "p-limit@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/babel__traverse@7.20.5", + "@types/prettier@2.7.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "natural-compare@1.4.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "semver@7.6.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "ansi-regex@5.0.1", + "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "execa@5.1.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "jest-pnp-resolver@1.2.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "leven@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "string-length@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "prompts@2.4.2", + "yargs@17.7.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + }, + { + "ref": "@types/flat@5.0.5" + }, + { + "ref": "@types/he@1.2.3" + }, + { + "ref": "@types/json-diff@0.7.0" + }, + { + "ref": "@types/jstoxml@2.0.4" + }, + { + "ref": "@types/lodash@4.17.4" + }, + { + "ref": "@types/pretty@2.0.3" + }, + { + "ref": "flat@5.0.2" + }, + { + "ref": "he@1.2.0" + }, + { + "ref": "domelementtype@2.3.0" + }, + { + "ref": "chalk@4.1.2", + "dependsOn": [ + "ansi-styles@4.3.0", + "chalk@4.1.2|supports-color@7.2.0" + ] + }, + { + "ref": "chalk@4.1.2|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "slash@3.0.0" + }, + { + "ref": "@bcoe/v8-coverage@0.2.3" + }, + { + "ref": "collect-v8-coverage@1.0.2" + }, + { + "ref": "exit@0.1.2" + }, + { + "ref": "glob@7.2.3", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "glob@7.2.3|minimatch@3.1.2", + "once@1.4.0", + "path-is-absolute@1.0.1" + ] + }, + { + "ref": "glob@7.2.3|minimatch@3.1.2", + "dependsOn": [ + "glob@7.2.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "glob@7.2.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "graceful-fs@4.2.11" + }, + { + "ref": "istanbul-lib-coverage@3.2.2" + }, + { + "ref": "@babel/core@7.24.4", + "dependsOn": [ + "@ampproject/remapping@2.3.0", + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-compilation-targets@7.23.6", + "@babel/helper-module-transforms@7.23.3", + "@babel/helpers@7.24.4", + "@babel/parser@7.24.4", + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "convert-source-map@2.0.0", + "debug@4.3.4", + "gensync@1.0.0-beta.2", + "json5@2.2.3", + "@babel/core@7.24.4|semver@6.3.1" + ] + }, + { + "ref": "@babel/core@7.24.4|semver@6.3.1" + }, + { + "ref": "@babel/parser@7.24.4" + }, + { + "ref": "@istanbuljs/schema@0.1.3" + }, + { + "ref": "istanbul-lib-report@3.0.1", + "dependsOn": [ + "istanbul-lib-coverage@3.2.2", + "make-dir@4.0.0", + "istanbul-lib-report@3.0.1|supports-color@7.2.0" + ] + }, + { + "ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "istanbul-lib-source-maps@4.0.1", + "dependsOn": [ + "debug@4.3.4", + "istanbul-lib-coverage@3.2.2", + "source-map@0.6.1" + ] + }, + { + "ref": "istanbul-reports@3.1.7", + "dependsOn": [ + "html-escaper@2.0.2", + "istanbul-lib-report@3.0.1" + ] + }, + { + "ref": "merge-stream@2.0.0" + }, + { + "ref": "supports-color@8.1.1", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "string-length@4.0.2", + "dependsOn": [ + "char-regex@1.0.2", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "terminal-link@2.1.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "supports-hyperlinks@2.3.0" + ] + }, + { + "ref": "ansi-escapes@4.3.2", + "dependsOn": [ + "type-fest@0.21.3" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0", + "dependsOn": [ + "has-flag@4.0.0", + "supports-hyperlinks@2.3.0|supports-color@7.2.0" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "v8-to-istanbul@9.2.0", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "@types/istanbul-lib-coverage@2.0.6", + "convert-source-map@2.0.0" + ] + }, + { + "ref": "@types/istanbul-lib-coverage@2.0.6" + }, + { + "ref": "babel-plugin-istanbul@6.1.1", + "dependsOn": [ + "@babel/helper-plugin-utils@7.24.0", + "@istanbuljs/load-nyc-config@1.1.0", + "@istanbuljs/schema@0.1.3", + "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "test-exclude@6.0.0" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "babel-plugin-istanbul@6.1.1|semver@6.3.1" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1" + }, + { + "ref": "fast-json-stable-stringify@2.1.0" + }, + { + "ref": "write-file-atomic@4.0.2", + "dependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@3.0.7" + ] + }, + { + "ref": "execa@5.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "get-stream@6.0.1", + "human-signals@2.1.0", + "is-stream@2.0.1", + "merge-stream@2.0.0", + "npm-run-path@4.0.1", + "onetime@5.1.2", + "signal-exit@3.0.7", + "strip-final-newline@2.0.0" + ] + }, + { + "ref": "p-limit@3.1.0", + "dependsOn": [ + "yocto-queue@0.1.0" + ] + }, + { + "ref": "co@4.6.0" + }, + { + "ref": "is-generator-fn@2.1.0" + }, + { + "ref": "stack-utils@2.0.6", + "dependsOn": [ + "stack-utils@2.0.6|escape-string-regexp@2.0.0" + ] + }, + { + "ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0" + }, + { + "ref": "parse-json@5.2.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "error-ex@1.3.2", + "json-parse-even-better-errors@2.3.1", + "lines-and-columns@1.2.4" + ] + }, + { + "ref": "strip-json-comments@3.1.1" + }, + { + "ref": "@types/graceful-fs@4.1.9", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "anymatch@3.1.3", + "dependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.1" + ] + }, + { + "ref": "fb-watchman@2.0.2", + "dependsOn": [ + "bser@2.1.1" + ] + }, + { + "ref": "fsevents@2.3.3" + }, + { + "ref": "walker@1.0.8", + "dependsOn": [ + "makeerror@1.0.12" + ] + }, + { + "ref": "@babel/code-frame@7.24.2", + "dependsOn": [ + "@babel/highlight@7.24.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "@types/stack-utils@2.0.3" + }, + { + "ref": "jest-pnp-resolver@1.2.3", + "dependsOn": [ + "jest-resolve@29.7.0" + ] + }, + { + "ref": "detect-newline@3.1.0" + }, + { + "ref": "source-map-support@0.5.13", + "dependsOn": [ + "buffer-from@1.1.2", + "source-map@0.6.1" + ] + }, + { + "ref": "type-detect@4.0.8" + }, + { + "ref": "callsites@3.1.0" + }, + { + "ref": "cjs-module-lexer@1.2.3" + }, + { + "ref": "strip-bom@4.0.0" + }, + { + "ref": "@babel/generator@7.24.4", + "dependsOn": [ + "@babel/types@7.24.0", + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25", + "@babel/generator@7.24.4|jsesc@2.5.2" + ] + }, + { + "ref": "@babel/generator@7.24.4|jsesc@2.5.2" + }, + { + "ref": "@babel/plugin-syntax-typescript@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-function-name@7.23.0", + "@babel/helper-hoist-variables@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "debug@4.3.4", + "@babel/traverse@7.24.1|globals@11.12.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1|globals@11.12.0" + }, + { + "ref": "@babel/types@7.24.0", + "dependsOn": [ + "@babel/helper-string-parser@7.24.1", + "@babel/helper-validator-identifier@7.22.20", + "to-fast-properties@2.0.0" + ] + }, + { + "ref": "@types/babel__traverse@7.20.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/prettier@2.7.3" + }, + { + "ref": "babel-preset-current-node-syntax@1.0.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/plugin-syntax-async-generators@7.8.4", + "@babel/plugin-syntax-bigint@7.8.3", + "@babel/plugin-syntax-class-properties@7.12.13", + "@babel/plugin-syntax-import-meta@7.10.4", + "@babel/plugin-syntax-json-strings@7.8.3", + "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-numeric-separator@7.10.4", + "@babel/plugin-syntax-object-rest-spread@7.8.3", + "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-syntax-top-level-await@7.14.5" + ] + }, + { + "ref": "natural-compare@1.4.0" + }, + { + "ref": "leven@3.1.0" + }, + { + "ref": "react-is@18.2.0" + }, + { + "ref": "rimraf@3.0.2", + "dependsOn": [ + "glob@7.2.3" + ] + }, + { + "ref": "@types/istanbul-reports@3.0.4", + "dependsOn": [ + "@types/istanbul-lib-report@3.0.3" + ] + }, + { + "ref": "@types/yargs@17.0.32", + "dependsOn": [ + "@types/yargs-parser@21.0.3" + ] + }, + { + "ref": "import-local@3.1.0", + "dependsOn": [ + "pkg-dir@4.2.0", + "resolve-cwd@3.0.0" + ] + }, + { + "ref": "prompts@2.4.2", + "dependsOn": [ + "kleur@3.0.3", + "sisteransi@1.0.5" + ] + }, + { + "ref": "kleur@3.0.3" + }, + { + "ref": "sisteransi@1.0.5" + }, + { + "ref": "yargs@17.7.2", + "dependsOn": [ + "cliui@8.0.1", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs@17.7.2|yargs-parser@21.1.1" + ] + }, + { + "ref": "yargs@17.7.2|yargs-parser@21.1.1" + }, + { + "ref": "json-diff@0.9.1", + "dependsOn": [ + "cli-color@2.0.4", + "difflib@0.2.4", + "dreamopt@0.8.0" + ] + }, + { + "ref": "cli-color@2.0.4", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "memoizee@0.4.15", + "timers-ext@0.1.7" + ] + }, + { + "ref": "d@1.0.2", + "dependsOn": [ + "es5-ext@0.10.64", + "type@2.7.2" + ] + }, + { + "ref": "es5-ext@0.10.64", + "dependsOn": [ + "es6-iterator@2.0.3", + "es6-symbol@3.1.4", + "esniff@2.0.1", + "next-tick@1.1.0" + ] + }, + { + "ref": "type@2.7.2" + }, + { + "ref": "es6-iterator@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "es6-symbol@3.1.4", + "dependsOn": [ + "d@1.0.2", + "ext@1.7.0" + ] + }, + { + "ref": "ext@1.7.0", + "dependsOn": [ + "type@2.7.2" + ] + }, + { + "ref": "esniff@2.0.1", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "event-emitter@0.3.5", + "type@2.7.2" + ] + }, + { + "ref": "event-emitter@0.3.5", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64" + ] + }, + { + "ref": "next-tick@1.1.0" + }, + { + "ref": "memoizee@0.4.15", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-weak-map@2.0.3", + "event-emitter@0.3.5", + "is-promise@2.2.2", + "lru-queue@0.1.0", + "next-tick@1.1.0", + "timers-ext@0.1.7" + ] + }, + { + "ref": "es6-weak-map@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "is-promise@2.2.2" + }, + { + "ref": "lru-queue@0.1.0", + "dependsOn": [ + "es5-ext@0.10.64" + ] + }, + { + "ref": "timers-ext@0.1.7", + "dependsOn": [ + "es5-ext@0.10.64", + "next-tick@1.1.0" + ] + }, + { + "ref": "difflib@0.2.4", + "dependsOn": [ + "heap@0.2.7" + ] + }, + { + "ref": "heap@0.2.7" + }, + { + "ref": "dreamopt@0.8.0", + "dependsOn": [ + "wordwrap@1.0.0" + ] + }, + { + "ref": "wordwrap@1.0.0" + }, + { + "ref": "jstoxml@3.2.10" + }, + { + "ref": "pretty@2.0.0", + "dependsOn": [ + "condense-newlines@0.2.1", + "extend-shallow@2.0.1", + "js-beautify@1.15.1" + ] + }, + { + "ref": "condense-newlines@0.2.1", + "dependsOn": [ + "extend-shallow@2.0.1", + "is-whitespace@0.3.0", + "kind-of@3.2.2" + ] + }, + { + "ref": "extend-shallow@2.0.1", + "dependsOn": [ + "is-extendable@0.1.1" + ] + }, + { + "ref": "is-whitespace@0.3.0" + }, + { + "ref": "kind-of@3.2.2", + "dependsOn": [ + "is-buffer@1.1.6" + ] + }, + { + "ref": "is-buffer@1.1.6" + }, + { + "ref": "is-extendable@0.1.1" + }, + { + "ref": "js-beautify@1.15.1", + "dependsOn": [ + "config-chain@1.1.13", + "editorconfig@1.0.4", + "js-beautify@1.15.1|glob@10.3.12", + "js-cookie@3.0.5", + "nopt@7.2.0" + ] + }, + { + "ref": "js-beautify@1.15.1|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "js-beautify@1.15.1|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "js-beautify@1.15.1|minipass@7.0.4" + }, + { + "ref": "config-chain@1.1.13", + "dependsOn": [ + "ini@1.3.8", + "proto-list@1.2.4" + ] + }, + { + "ref": "ini@1.3.8" + }, + { + "ref": "proto-list@1.2.4" + }, + { + "ref": "editorconfig@1.0.4", + "dependsOn": [ + "@one-ini/wasm@0.1.1", + "commander@10.0.1", + "editorconfig@1.0.4|minimatch@9.0.1", + "semver@7.6.2" + ] + }, + { + "ref": "editorconfig@1.0.4|minimatch@9.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "@one-ini/wasm@0.1.1" + }, + { + "ref": "commander@10.0.1" + }, + { + "ref": "brace-expansion@2.0.1", + "dependsOn": [ + "balanced-match@1.0.2" + ] + }, + { + "ref": "js-cookie@3.0.5" + }, + { + "ref": "nopt@7.2.0", + "dependsOn": [ + "abbrev@2.0.0" + ] + }, + { + "ref": "abbrev@2.0.0" + }, + { + "ref": "@types/babel__core@7.20.5", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "@types/babel__generator@7.6.8", + "@types/babel__template@7.4.4", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@babel/template@7.24.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "bs-logger@0.2.6", + "dependsOn": [ + "fast-json-stable-stringify@2.1.0" + ] + }, + { + "ref": "json5@2.2.3" + }, + { + "ref": "lodash.memoize@4.1.2" + }, + { + "ref": "@oclif/core@3.26.9", + "dependsOn": [ + "@types/cli-progress@3.11.5", + "ansi-escapes@4.3.2", + "ansi-styles@4.3.0", + "cardinal@2.1.1", + "chalk@4.1.2", + "clean-stack@3.0.1", + "cli-progress@3.12.0", + "color@4.2.3", + "@oclif/core@3.26.9|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "hyperlinker@1.0.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "@oclif/core@3.26.9|js-yaml@3.14.1", + "minimatch@9.0.4", + "natural-orderby@2.0.3", + "object-treeify@1.1.33", + "password-prompt@1.1.3", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "supports-color@8.1.1", + "supports-hyperlinks@2.3.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/core@3.26.9|debug@4.3.5", + "dependsOn": [ + "@oclif/core@3.26.9|ms@2.1.2" + ] + }, + { + "ref": "@oclif/core@3.26.9|ms@2.1.2" + }, + { + "ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "dependsOn": [ + "@oclif/core@3.26.9|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@oclif/core@3.26.9|argparse@1.0.10", + "dependsOn": [ + "@oclif/core@3.26.9|sprintf-js@1.0.3" + ] + }, + { + "ref": "@oclif/core@3.26.9|sprintf-js@1.0.3" + }, + { + "ref": "@types/cli-progress@3.11.5", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "type-fest@0.21.3" + }, + { + "ref": "color-convert@2.0.1", + "dependsOn": [ + "color-name@1.1.4" + ] + }, + { + "ref": "cardinal@2.1.1", + "dependsOn": [ + "ansicolors@0.3.2", + "redeyed@2.1.1" + ] + }, + { + "ref": "ansicolors@0.3.2" + }, + { + "ref": "redeyed@2.1.1", + "dependsOn": [ + "esprima@4.0.1" + ] + }, + { + "ref": "esprima@4.0.1" + }, + { + "ref": "has-flag@4.0.0" + }, + { + "ref": "clean-stack@3.0.1", + "dependsOn": [ + "escape-string-regexp@4.0.0" + ] + }, + { + "ref": "escape-string-regexp@4.0.0" + }, + { + "ref": "cli-progress@3.12.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "color@4.2.3", + "dependsOn": [ + "color-convert@2.0.1", + "color-string@1.9.1" + ] + }, + { + "ref": "color-string@1.9.1", + "dependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2", + "dependsOn": [ + "simple-swizzle@0.2.2|is-arrayish@0.3.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2" + }, + { + "ref": "ejs@3.1.10", + "dependsOn": [ + "jake@10.8.7" + ] + }, + { + "ref": "jake@10.8.7", + "dependsOn": [ + "async@3.2.5", + "chalk@4.1.2", + "filelist@1.0.4", + "jake@10.8.7|minimatch@3.1.2" + ] + }, + { + "ref": "jake@10.8.7|minimatch@3.1.2", + "dependsOn": [ + "jake@10.8.7|brace-expansion@1.1.11" + ] + }, + { + "ref": "jake@10.8.7|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "async@3.2.5" + }, + { + "ref": "filelist@1.0.4", + "dependsOn": [ + "filelist@1.0.4|minimatch@5.1.6" + ] + }, + { + "ref": "filelist@1.0.4|minimatch@5.1.6", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "balanced-match@1.0.2" + }, + { + "ref": "concat-map@0.0.1" + }, + { + "ref": "get-package-type@0.1.0" + }, + { + "ref": "globby@11.1.0", + "dependsOn": [ + "array-union@2.1.0", + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "slash@3.0.0" + ] + }, + { + "ref": "array-union@2.1.0" + }, + { + "ref": "dir-glob@3.0.1", + "dependsOn": [ + "path-type@4.0.0" + ] + }, + { + "ref": "path-type@4.0.0" + }, + { + "ref": "ignore@5.3.1" + }, + { + "ref": "hyperlinker@1.0.0" + }, + { + "ref": "indent-string@4.0.0" + }, + { + "ref": "is-wsl@2.2.0", + "dependsOn": [ + "is-docker@2.2.1" + ] + }, + { + "ref": "is-docker@2.2.1" + }, + { + "ref": "natural-orderby@2.0.3" + }, + { + "ref": "object-treeify@1.1.33" + }, + { + "ref": "password-prompt@1.1.3", + "dependsOn": [ + "ansi-escapes@4.3.2", + "cross-spawn@7.0.3" + ] + }, + { + "ref": "slice-ansi@4.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "astral-regex@2.0.0", + "is-fullwidth-code-point@3.0.0" + ] + }, + { + "ref": "astral-regex@2.0.0" + }, + { + "ref": "widest-line@3.1.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0", + "dependsOn": [ + "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0" + }, + { + "ref": "ansis@3.2.0" + }, + { + "ref": "cli-spinners@2.9.2" + }, + { + "ref": "cosmiconfig@9.0.0", + "dependsOn": [ + "env-paths@2.2.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "typescript@5.1.6" + ] + }, + { + "ref": "env-paths@2.2.1" + }, + { + "ref": "import-fresh@3.3.0", + "dependsOn": [ + "parent-module@1.0.1", + "resolve-from@4.0.0" + ] + }, + { + "ref": "js-yaml@4.1.0", + "dependsOn": [ + "argparse@2.0.1" + ] + }, + { + "ref": "error-ex@1.3.2", + "dependsOn": [ + "is-arrayish@0.2.1" + ] + }, + { + "ref": "json-parse-even-better-errors@2.3.1" + }, + { + "ref": "typescript@5.1.6" + }, + { + "ref": "debug@4.3.4", + "dependsOn": [ + "debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "debug@4.3.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "npm@10.8.0", + "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "semver@7.6.2", + "validate-npm-package-name@5.0.1", + "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2", + "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "semver@7.6.2", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + }, + { + "ref": "hosted-git-info@7.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2|lru-cache@10.2.2" + ] + }, + { + "ref": "hosted-git-info@7.0.2|lru-cache@10.2.2" + }, + { + "ref": "validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/config@8.3.2", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|abbrev@2.0.0", + "npm@10.8.0|archy@1.0.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|chalk@5.3.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|cli-columns@4.0.0", + "npm@10.8.0|fastest-levenshtein@1.0.16", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|init-package-json@6.0.3", + "npm@10.8.0|is-cidr@5.0.5", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|libnpmaccess@8.0.6", + "npm@10.8.0|libnpmdiff@6.1.2", + "npm@10.8.0|libnpmexec@8.1.1", + "npm@10.8.0|libnpmfund@5.0.10", + "npm@10.8.0|libnpmhook@10.0.5", + "npm@10.8.0|libnpmorg@6.0.6", + "npm@10.8.0|libnpmpack@7.0.2", + "npm@10.8.0|libnpmpublish@9.0.8", + "npm@10.8.0|libnpmsearch@7.0.5", + "npm@10.8.0|libnpmteam@6.0.5", + "npm@10.8.0|libnpmversion@6.0.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|ms@2.1.3", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-audit-report@5.0.0", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-profile@10.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|npm-user-validate@2.0.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|qrcode-terminal@0.12.0", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|spdx-expression-parse@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|supports-color@9.4.0", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|text-table@0.2.0", + "npm@10.8.0|tiny-relative-date@1.3.0", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|validate-npm-package-name@5.0.1", + "npm@10.8.0|which@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0" + }, + { + "ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/query@3.1.0", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|bin-links@4.0.4", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|common-ancestor-path@1.0.1", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|json-stringify-nice@1.1.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|proggy@2.0.0", + "npm@10.8.0|promise-all-reject-late@1.0.1", + "npm@10.8.0|promise-call-limit@3.0.1", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "dependsOn": [ + "npm@10.8.0|npm-bundled@3.0.1", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-bundled@3.0.1", + "dependsOn": [ + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|read-package-json-fast@3.0.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "dependsOn": [ + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|cacache@18.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass-collect@2.0.1", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|unique-filename@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2" + }, + { + "ref": "npm@10.8.0|pacote@18.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-packlist@8.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|proc-log@4.2.0" + }, + { + "ref": "npm@10.8.0|semver@7.6.2" + }, + { + "ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/query@3.1.0", + "dependsOn": [ + "npm@10.8.0|postcss-selector-parser@6.0.16" + ] + }, + { + "ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "dependsOn": [ + "npm@10.8.0|cssesc@3.0.0", + "npm@10.8.0|util-deprecate@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|cssesc@3.0.0" + }, + { + "ref": "npm@10.8.0|util-deprecate@1.0.2" + }, + { + "ref": "npm@10.8.0|@npmcli/redact@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|bin-links@4.0.4", + "dependsOn": [ + "npm@10.8.0|cmd-shim@6.0.3", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|read-cmd-shim@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|cmd-shim@6.0.3" + }, + { + "ref": "npm@10.8.0|read-cmd-shim@4.0.0" + }, + { + "ref": "npm@10.8.0|write-file-atomic@5.0.1", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|common-ancestor-path@1.0.1" + }, + { + "ref": "npm@10.8.0|hosted-git-info@7.0.2", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2" + ] + }, + { + "ref": "npm@10.8.0|json-stringify-nice@1.1.4" + }, + { + "ref": "npm@10.8.0|lru-cache@10.2.2" + }, + { + "ref": "npm@10.8.0|minimatch@9.0.4", + "dependsOn": [ + "npm@10.8.0|brace-expansion@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|nopt@7.2.1", + "dependsOn": [ + "npm@10.8.0|abbrev@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|npm-install-checks@6.3.0", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-package-arg@11.0.2", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "dependsOn": [ + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-json-stream@1.0.1", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|just-diff-apply@5.5.0", + "npm@10.8.0|just-diff@6.0.2" + ] + }, + { + "ref": "npm@10.8.0|proggy@2.0.0" + }, + { + "ref": "npm@10.8.0|promise-all-reject-late@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-call-limit@3.0.1" + }, + { + "ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ssri@10.0.6", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|treeverse@3.0.0" + }, + { + "ref": "npm@10.8.0|walk-up-path@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/config@8.3.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ci-info@4.0.0" + }, + { + "ref": "npm@10.8.0|ini@4.1.2" + }, + { + "ref": "npm@10.8.0|glob@10.3.15", + "dependsOn": [ + "npm@10.8.0|foreground-child@3.1.1", + "npm@10.8.0|jackspeak@2.3.6", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|path-scurry@1.11.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/git@5.0.7", + "dependsOn": [ + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-inflight@1.0.1", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "dependsOn": [ + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|promise-inflight@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-retry@2.0.1", + "dependsOn": [ + "npm@10.8.0|err-code@2.0.3", + "npm@10.8.0|retry@0.12.0" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0", + "dependsOn": [ + "npm@10.8.0|which@4.0.0|isexe@3.1.1" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1" + }, + { + "ref": "npm@10.8.0|normalize-package-data@6.0.1", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|is-core-module@2.13.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0", + "dependsOn": [ + "npm@10.8.0|env-paths@2.2.1", + "npm@10.8.0|exponential-backoff@3.1.1", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0" + }, + { + "ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|tuf-js@2.2.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + }, + { + "ref": "npm@10.8.0|tuf-js@2.2.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/models@2.0.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|make-fetch-happen@13.0.1" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/models@2.0.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0" + }, + { + "ref": "npm@10.8.0|debug@4.3.4", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2" + }, + { + "ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/agent@2.2.2", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|http-cache-semantics@4.1.1", + "npm@10.8.0|is-lambda@1.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|negotiator@0.6.3", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|abbrev@2.0.0" + }, + { + "ref": "npm@10.8.0|archy@1.0.0" + }, + { + "ref": "npm@10.8.0|fs-minipass@3.0.3", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass-collect@2.0.1", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass@7.1.1" + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5", + "dependsOn": [ + "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|yallist@4.0.0" + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "dependsOn": [ + "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|p-map@4.0.0", + "dependsOn": [ + "npm@10.8.0|aggregate-error@3.1.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1", + "dependsOn": [ + "npm@10.8.0|chownr@2.0.0", + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|mkdirp@1.0.4", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "dependsOn": [ + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0" + }, + { + "ref": "npm@10.8.0|unique-filename@3.0.0", + "dependsOn": [ + "npm@10.8.0|unique-slug@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|unique-slug@4.0.0", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4" + ] + }, + { + "ref": "npm@10.8.0|imurmurhash@0.1.4" + }, + { + "ref": "npm@10.8.0|chalk@5.3.0" + }, + { + "ref": "npm@10.8.0|cli-columns@4.0.0", + "dependsOn": [ + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|string-width@4.2.3", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|emoji-regex@8.0.0" + }, + { + "ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0" + }, + { + "ref": "npm@10.8.0|strip-ansi@6.0.1", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|ansi-regex@5.0.1" + }, + { + "ref": "npm@10.8.0|fastest-levenshtein@1.0.16" + }, + { + "ref": "npm@10.8.0|foreground-child@3.1.1", + "dependsOn": [ + "npm@10.8.0|cross-spawn@7.0.3", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3", + "dependsOn": [ + "npm@10.8.0|path-key@3.1.1", + "npm@10.8.0|shebang-command@2.0.0", + "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "dependsOn": [ + "npm@10.8.0|isexe@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|path-key@3.1.1" + }, + { + "ref": "npm@10.8.0|shebang-command@2.0.0", + "dependsOn": [ + "npm@10.8.0|shebang-regex@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|shebang-regex@3.0.0" + }, + { + "ref": "npm@10.8.0|isexe@2.0.0" + }, + { + "ref": "npm@10.8.0|signal-exit@4.1.0" + }, + { + "ref": "npm@10.8.0|jackspeak@2.3.6", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2", + "npm@10.8.0|@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "dependsOn": [ + "BomRef.6h760ft6oi8.7sr4bitkllo", + "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.uih8rvtlbdo.33q7f9m1mj", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "npm@10.8.0|wrap-ansi@7.0.0", + "npm@10.8.0|wrap-ansi@8.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "dependsOn": [ + "npm@10.8.0|color-convert@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|color-convert@2.0.1", + "dependsOn": [ + "npm@10.8.0|color-name@1.1.4" + ] + }, + { + "ref": "npm@10.8.0|color-name@1.1.4" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0", + "dependsOn": [ + "npm@10.8.0|ansi-styles@6.2.1", + "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + }, + { + "ref": "npm@10.8.0|ansi-styles@6.2.1" + }, + { + "ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0" + }, + { + "ref": "npm@10.8.0|path-scurry@1.11.1", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|graceful-fs@4.2.11" + }, + { + "ref": "npm@10.8.0|init-package-json@6.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|promzard@1.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|promzard@1.0.2", + "dependsOn": [ + "npm@10.8.0|read@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|read@3.0.1", + "dependsOn": [ + "npm@10.8.0|mute-stream@1.0.0" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0", + "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-exceptions@2.5.0" + }, + { + "ref": "npm@10.8.0|spdx-license-ids@3.0.17" + }, + { + "ref": "npm@10.8.0|validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0|is-cidr@5.0.5", + "dependsOn": [ + "npm@10.8.0|cidr-regex@4.0.5" + ] + }, + { + "ref": "npm@10.8.0|cidr-regex@4.0.5", + "dependsOn": [ + "npm@10.8.0|ip-regex@5.0.0" + ] + }, + { + "ref": "npm@10.8.0|ip-regex@5.0.0" + }, + { + "ref": "npm@10.8.0|libnpmaccess@8.0.6", + "dependsOn": [ + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmdiff@6.1.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|binary-extensions@2.3.0", + "npm@10.8.0|diff@5.2.0", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|binary-extensions@2.3.0" + }, + { + "ref": "npm@10.8.0|diff@5.2.0" + }, + { + "ref": "npm@10.8.0|libnpmexec@8.1.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmfund@5.0.10", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmhook@10.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|aproba@2.0.0" + }, + { + "ref": "npm@10.8.0|libnpmorg@6.0.6", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmpack@7.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6" + ] + }, + { + "ref": "npm@10.8.0|libnpmpublish@9.0.8", + "dependsOn": [ + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|sigstore@2.3.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|@sigstore/sign@2.3.1", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|@sigstore/verify@1.2.0" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/core@1.1.0" + }, + { + "ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmsearch@7.0.5", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmteam@6.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmversion@6.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|http-proxy-agent@7.0.2", + "npm@10.8.0|https-proxy-agent@7.0.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|socks-proxy-agent@8.0.3" + ] + }, + { + "ref": "npm@10.8.0|agent-base@7.1.1", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|socks@2.8.3" + ] + }, + { + "ref": "npm@10.8.0|socks@2.8.3", + "dependsOn": [ + "npm@10.8.0|ip-address@9.0.5", + "npm@10.8.0|smart-buffer@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|ip-address@9.0.5", + "dependsOn": [ + "npm@10.8.0|jsbn@1.1.0", + "npm@10.8.0|sprintf-js@1.1.3" + ] + }, + { + "ref": "npm@10.8.0|jsbn@1.1.0" + }, + { + "ref": "npm@10.8.0|sprintf-js@1.1.3" + }, + { + "ref": "npm@10.8.0|smart-buffer@4.2.0" + }, + { + "ref": "npm@10.8.0|http-cache-semantics@4.1.1" + }, + { + "ref": "npm@10.8.0|is-lambda@1.0.1" + }, + { + "ref": "npm@10.8.0|minipass-fetch@3.0.5", + "dependsOn": [ + "npm@10.8.0|encoding@0.1.13", + "npm@10.8.0|minipass-sized@1.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|encoding@0.1.13", + "dependsOn": [ + "npm@10.8.0|iconv-lite@0.6.3" + ] + }, + { + "ref": "npm@10.8.0|iconv-lite@0.6.3", + "dependsOn": [ + "npm@10.8.0|safer-buffer@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|safer-buffer@2.1.2" + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3", + "dependsOn": [ + "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2", + "dependsOn": [ + "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|negotiator@0.6.3" + }, + { + "ref": "npm@10.8.0|err-code@2.0.3" + }, + { + "ref": "npm@10.8.0|retry@0.12.0" + }, + { + "ref": "npm@10.8.0|brace-expansion@2.0.1", + "dependsOn": [ + "npm@10.8.0|balanced-match@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|balanced-match@1.0.2" + }, + { + "ref": "npm@10.8.0|ms@2.1.3" + }, + { + "ref": "npm@10.8.0|env-paths@2.2.1" + }, + { + "ref": "npm@10.8.0|exponential-backoff@3.1.1" + }, + { + "ref": "npm@10.8.0|is-core-module@2.13.1", + "dependsOn": [ + "npm@10.8.0|hasown@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|hasown@2.0.2", + "dependsOn": [ + "npm@10.8.0|function-bind@1.1.2" + ] + }, + { + "ref": "npm@10.8.0|function-bind@1.1.2" + }, + { + "ref": "npm@10.8.0|npm-audit-report@5.0.0" + }, + { + "ref": "npm@10.8.0|npm-profile@10.0.0", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "dependsOn": [ + "npm@10.8.0|jsonparse@1.3.1", + "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|jsonparse@1.3.1" + }, + { + "ref": "npm@10.8.0|npm-user-validate@2.0.1" + }, + { + "ref": "npm@10.8.0|aggregate-error@3.1.0", + "dependsOn": [ + "npm@10.8.0|clean-stack@2.2.0", + "npm@10.8.0|indent-string@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|clean-stack@2.2.0" + }, + { + "ref": "npm@10.8.0|indent-string@4.0.0" + }, + { + "ref": "npm@10.8.0|npm-packlist@8.0.2", + "dependsOn": [ + "npm@10.8.0|ignore-walk@6.0.5" + ] + }, + { + "ref": "npm@10.8.0|ignore-walk@6.0.5", + "dependsOn": [ + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|just-diff-apply@5.5.0" + }, + { + "ref": "npm@10.8.0|just-diff@6.0.2" + }, + { + "ref": "npm@10.8.0|qrcode-terminal@0.12.0" + }, + { + "ref": "npm@10.8.0|mute-stream@1.0.0" + }, + { + "ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|supports-color@9.4.0" + }, + { + "ref": "npm@10.8.0|chownr@2.0.0" + }, + { + "ref": "npm@10.8.0|mkdirp@1.0.4" + }, + { + "ref": "npm@10.8.0|text-table@0.2.0" + }, + { + "ref": "npm@10.8.0|tiny-relative-date@1.3.0" + }, + { + "ref": "@oclif/plugin-version@2.2.2", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "ansis@3.2.0" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-version@2.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "lodash@4.17.21" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "dependsOn": [ + "content-type@1.0.5", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "is-stream@2.0.1", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "dependsOn": [ + "error-ex@1.3.2", + "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "content-type@1.0.5" + }, + { + "ref": "is-stream@2.0.1" + }, + { + "ref": "is-arrayish@0.2.1" + }, + { + "ref": "safe-buffer@5.2.1" + }, + { + "ref": "@oclif/test@3.2.15", + "dependsOn": [ + "@oclif/core@3.26.9", + "chai@4.4.1", + "fancy-test@3.0.15" + ] + }, + { + "ref": "chai@4.4.1", + "dependsOn": [ + "assertion-error@1.1.0", + "check-error@1.0.3", + "deep-eql@4.1.3", + "get-func-name@2.0.2", + "loupe@2.3.7", + "pathval@1.1.1", + "type-detect@4.0.8" + ] + }, + { + "ref": "fancy-test@3.0.15", + "dependsOn": [ + "@types/chai@4.3.14", + "@types/lodash@4.17.4", + "@types/node@20.14.1", + "@types/sinon@17.0.3", + "lodash@4.17.21", + "mock-stdin@1.0.0", + "nock@13.5.4", + "sinon@16.1.3", + "stdout-stderr@0.1.13" + ] + }, + { + "ref": "@types/chai@4.3.14" + }, + { + "ref": "@types/sinon@17.0.3", + "dependsOn": [ + "@types/sinonjs__fake-timers@8.1.5" + ] + }, + { + "ref": "@types/sinonjs__fake-timers@8.1.5" + }, + { + "ref": "mock-stdin@1.0.0" + }, + { + "ref": "nock@13.5.4", + "dependsOn": [ + "debug@4.3.4", + "json-stringify-safe@5.0.1", + "propagate@2.0.1" + ] + }, + { + "ref": "json-stringify-safe@5.0.1" + }, + { + "ref": "propagate@2.0.1" + }, + { + "ref": "sinon@16.1.3", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "@sinonjs/fake-timers@10.3.0", + "@sinonjs/samsam@8.0.0", + "sinon@16.1.3|diff@5.2.0", + "nise@5.1.9", + "sinon@16.1.3|supports-color@7.2.0" + ] + }, + { + "ref": "sinon@16.1.3|diff@5.2.0" + }, + { + "ref": "sinon@16.1.3|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "@sinonjs/commons@3.0.1", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/fake-timers@10.3.0", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0", + "dependsOn": [ + "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "lodash.get@4.4.2", + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "lodash.get@4.4.2" + }, + { + "ref": "nise@5.1.9", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "@sinonjs/text-encoding@0.7.2", + "just-extend@6.2.0", + "nise@5.1.9|path-to-regexp@6.2.2" + ] + }, + { + "ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "nise@5.1.9|path-to-regexp@6.2.2" + }, + { + "ref": "@sinonjs/text-encoding@0.7.2" + }, + { + "ref": "just-extend@6.2.0" + }, + { + "ref": "stdout-stderr@0.1.13", + "dependsOn": [ + "debug@4.3.4", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@smithy/abort-controller@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@types/express@4.17.21", + "dependsOn": [ + "@types/body-parser@1.19.5", + "@types/express-serve-static-core@4.19.0", + "@types/qs@6.9.15", + "@types/serve-static@1.15.7" + ] + }, + { + "ref": "@types/body-parser@1.19.5", + "dependsOn": [ + "@types/connect@3.4.38", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/connect@3.4.38", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/express-serve-static-core@4.19.0", + "dependsOn": [ + "@types/node@20.14.1", + "@types/qs@6.9.15", + "@types/range-parser@1.2.7", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/qs@6.9.15" + }, + { + "ref": "@types/range-parser@1.2.7" + }, + { + "ref": "@types/send@0.17.4", + "dependsOn": [ + "@types/mime@1.3.5", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/mime@1.3.5" + }, + { + "ref": "@types/serve-static@1.15.7", + "dependsOn": [ + "@types/http-errors@2.0.4", + "@types/node@20.14.1", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/http-errors@2.0.4" + }, + { + "ref": "@types/fs-extra@11.0.4", + "dependsOn": [ + "@types/jsonfile@6.1.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/jsonfile@6.1.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/get-installed-path@4.0.3" + }, + { + "ref": "@types/jest@29.5.12", + "dependsOn": [ + "expect@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "expect@29.7.0", + "dependsOn": [ + "@jest/expect-utils@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/expect-utils@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3" + ] + }, + { + "ref": "jest-get-type@29.6.3" + }, + { + "ref": "jest-matcher-utils@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-diff@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "diff-sequences@29.6.3", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "diff-sequences@29.6.3" + }, + { + "ref": "pretty-format@29.7.0", + "dependsOn": [ + "@jest/schemas@29.6.3", + "pretty-format@29.7.0|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "pretty-format@29.7.0|ansi-styles@5.2.0" + }, + { + "ref": "jest-message-util@29.7.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@jest/types@29.6.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/types@29.6.3", + "dependsOn": [ + "@jest/schemas@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "jest-util@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-util@29.7.0|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "jest-util@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/schemas@29.6.3", + "dependsOn": [ + "@sinclair/typebox@0.27.8" + ] + }, + { + "ref": "@sinclair/typebox@0.27.8" + }, + { + "ref": "@types/js-yaml@4.0.9" + }, + { + "ref": "@types/mocha@10.0.6" + }, + { + "ref": "@types/mock-fs@4.13.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "undici-types@5.26.5" + }, + { + "ref": "@types/objects-to-csv@1.3.3" + }, + { + "ref": "@types/prompt-sync@4.2.3" + }, + { + "ref": "@types/tmp@0.2.6" + }, + { + "ref": "@types/uuid@9.0.8" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0", + "dependsOn": [ + "@eslint-community/regexpp@4.10.0", + "@typescript-eslint/parser@7.7.1", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/type-utils@7.12.0", + "@typescript-eslint/utils@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "eslint@8.57.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "natural-compare@1.4.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@eslint-community/regexpp@4.10.0" + }, + { + "ref": "@typescript-eslint/parser@7.7.1", + "dependsOn": [ + "@typescript-eslint/scope-manager@7.7.1", + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/typescript-estree@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/scope-manager@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1" + ] + }, + { + "ref": "@typescript-eslint/types@7.7.1" + }, + { + "ref": "@typescript-eslint/visitor-keys@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/typescript-estree@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "ts-api-utils@1.3.0", + "dependsOn": [ + "typescript@5.1.6" + ] + }, + { + "ref": "eslint-visitor-keys@3.4.3" + }, + { + "ref": "eslint@8.57.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@eslint-community/regexpp@4.10.0", + "@eslint/eslintrc@2.1.4", + "@eslint/js@8.57.0", + "@humanwhocodes/config-array@0.11.14", + "@humanwhocodes/module-importer@1.0.1", + "@nodelib/fs.walk@1.2.8", + "@ungap/structured-clone@1.2.0", + "eslint@8.57.0|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "escape-string-regexp@4.0.0", + "eslint-scope@7.2.2", + "eslint-visitor-keys@3.4.3", + "espree@9.6.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "find-up@5.0.0", + "glob-parent@6.0.2", + "globals@13.24.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "is-path-inside@3.0.3", + "js-yaml@4.1.0", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint@8.57.0|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "strip-ansi@6.0.1", + "text-table@0.2.0" + ] + }, + { + "ref": "eslint@8.57.0|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint@8.57.0|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint@8.57.0|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint@8.57.0|minimatch@3.1.2", + "dependsOn": [ + "eslint@8.57.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint@8.57.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "@typescript-eslint/utils@7.12.0", + "debug@4.3.4", + "eslint@8.57.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@eslint-community/eslint-utils@4.4.0", + "dependsOn": [ + "eslint-visitor-keys@3.4.3", + "eslint@8.57.0" + ] + }, + { + "ref": "graphemer@1.4.0" + }, + { + "ref": "accurate-search@1.2.15" + }, + { + "ref": "ajv@8.16.0", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "json-schema-traverse@1.0.0", + "require-from-string@2.0.2", + "uri-js@4.4.1" + ] + }, + { + "ref": "fast-deep-equal@3.1.3" + }, + { + "ref": "json-schema-traverse@1.0.0" + }, + { + "ref": "require-from-string@2.0.2" + }, + { + "ref": "uri-js@4.4.1", + "dependsOn": [ + "punycode@2.3.1" + ] + }, + { + "ref": "punycode@2.3.1" + }, + { + "ref": "form-data@4.0.0", + "dependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "mime-types@2.1.35" + ] + }, + { + "ref": "proxy-from-env@1.1.0" + }, + { + "ref": "assertion-error@1.1.0" + }, + { + "ref": "check-error@1.0.3", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "get-func-name@2.0.2" + }, + { + "ref": "deep-eql@4.1.3", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "loupe@2.3.7", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "pathval@1.1.1" + }, + { + "ref": "colors@1.4.0" + }, + { + "ref": "csv-parse@4.16.3" + }, + { + "ref": "dotenv@16.4.5" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "functional-red-black-tree@1.0.1", + "ignore@5.3.1", + "regexpp@3.2.0", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "enquirer@2.4.1", + "escape-string-regexp@4.0.0", + "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "functional-red-black-tree@1.0.1", + "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "import-fresh@3.3.0", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "progress@2.0.3", + "regexpp@3.2.0", + "semver@7.6.2", + "strip-ansi@6.0.1", + "strip-json-comments@3.1.1", + "table@6.8.2", + "text-table@0.2.0", + "v8-compile-cache@2.4.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "dependsOn": [ + "@babel/highlight@7.24.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "import-fresh@3.3.0", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0", + "dependsOn": [ + "@types/json-schema@7.0.15", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "eslint-utils@3.0.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + }, + { + "ref": "@types/json-schema@7.0.15" + }, + { + "ref": "tsutils@3.21.0", + "dependsOn": [ + "tsutils@3.21.0|tslib@1.14.1", + "typescript@5.1.6" + ] + }, + { + "ref": "tsutils@3.21.0|tslib@1.14.1" + }, + { + "ref": "esrecurse@4.3.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "eslint-utils@3.0.0", + "dependsOn": [ + "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/highlight@7.24.2", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@babel/highlight@7.24.2|chalk@2.4.2", + "js-tokens@4.0.0", + "picocolors@1.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "dependsOn": [ + "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "@babel/highlight@7.24.2|supports-color@5.5.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "dependsOn": [ + "@babel/highlight@7.24.2|color-convert@1.9.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "dependsOn": [ + "@babel/highlight@7.24.2|color-name@1.1.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-name@1.1.3" + }, + { + "ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5" + }, + { + "ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "dependsOn": [ + "@babel/highlight@7.24.2|has-flag@3.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|has-flag@3.0.0" + }, + { + "ref": "globals@13.24.0", + "dependsOn": [ + "globals@13.24.0|type-fest@0.20.2" + ] + }, + { + "ref": "globals@13.24.0|type-fest@0.20.2" + }, + { + "ref": "doctrine@3.0.0", + "dependsOn": [ + "esutils@2.0.3" + ] + }, + { + "ref": "enquirer@2.4.1", + "dependsOn": [ + "ansi-colors@4.1.1", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-colors@4.1.1" + }, + { + "ref": "acorn-jsx@5.3.2", + "dependsOn": [ + "acorn@8.11.3" + ] + }, + { + "ref": "esquery@1.5.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "esutils@2.0.3" + }, + { + "ref": "file-entry-cache@6.0.1", + "dependsOn": [ + "flat-cache@3.2.0" + ] + }, + { + "ref": "functional-red-black-tree@1.0.1" + }, + { + "ref": "imurmurhash@0.1.4" + }, + { + "ref": "json-stable-stringify-without-jsonify@1.0.1" + }, + { + "ref": "levn@0.4.1", + "dependsOn": [ + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "lodash.merge@4.6.2" + }, + { + "ref": "optionator@0.9.3", + "dependsOn": [ + "@aashutoshrathi/word-wrap@1.2.6", + "deep-is@0.1.4", + "optionator@0.9.3|fast-levenshtein@2.0.6", + "levn@0.4.1", + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "optionator@0.9.3|fast-levenshtein@2.0.6" + }, + { + "ref": "progress@2.0.3" + }, + { + "ref": "regexpp@3.2.0" + }, + { + "ref": "table@6.8.2", + "dependsOn": [ + "ajv@8.16.0", + "lodash.truncate@4.4.2", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "text-table@0.2.0" + }, + { + "ref": "v8-compile-cache@2.4.0" + }, + { + "ref": "confusing-browser-globals@1.0.10" + }, + { + "ref": "eslint-plugin-mocha@9.0.0", + "dependsOn": [ + "eslint-utils@3.0.0", + "eslint@8.57.0", + "ramda@0.27.2" + ] + }, + { + "ref": "ramda@0.27.2" + }, + { + "ref": "eslint-plugin-node@11.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1", + "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "eslint@8.57.0", + "ignore@5.3.1", + "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "resolve@1.22.8", + "eslint-plugin-node@11.1.0|semver@6.3.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "dependsOn": [ + "eslint-plugin-node@11.1.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|semver@6.3.1" + }, + { + "ref": "eslint-plugin-es@3.0.1", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "eslint@8.57.0", + "regexpp@3.2.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif@4.0.0", + "dependsOn": [ + "eslint-config-xo-space@0.27.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0", + "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "clean-regexp@1.0.0", + "eslint-template-visitor@2.3.2", + "eslint-utils@3.0.0", + "eslint@8.57.0", + "is-builtin-module@3.2.1", + "lodash@4.17.21", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "safe-regex@2.1.1", + "semver@7.6.2" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0" + }, + { + "ref": "eslint-config-xo-space@0.27.0", + "dependsOn": [ + "eslint-config-xo@0.35.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-config-xo@0.35.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint@8.57.0" + ] + }, + { + "ref": "@babel/helper-validator-identifier@7.22.20" + }, + { + "ref": "clean-regexp@1.0.0", + "dependsOn": [ + "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + }, + { + "ref": "eslint-template-visitor@2.3.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/eslint-parser@7.24.1", + "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "esquery@1.5.0", + "multimap@1.1.0" + ] + }, + { + "ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "@babel/eslint-parser@7.24.1|semver@6.3.1" + ] + }, + { + "ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1|semver@6.3.1" + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "dependsOn": [ + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + }, + { + "ref": "multimap@1.1.0" + }, + { + "ref": "is-builtin-module@3.2.1", + "dependsOn": [ + "builtin-modules@3.3.0" + ] + }, + { + "ref": "pluralize@8.0.0" + }, + { + "ref": "read-pkg-up@7.0.1", + "dependsOn": [ + "read-pkg-up@7.0.1|find-up@4.1.0", + "read-pkg@5.2.0", + "read-pkg-up@7.0.1|type-fest@0.8.1" + ] + }, + { + "ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-locate@4.1.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-limit@2.3.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|type-fest@0.8.1" + }, + { + "ref": "regexp-tree@0.1.27" + }, + { + "ref": "safe-regex@2.1.1", + "dependsOn": [ + "regexp-tree@0.1.27" + ] + }, + { + "ref": "eslint-plugin-unicorn@52.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@eslint-community/eslint-utils@4.4.0", + "@eslint/eslintrc@2.1.4", + "ci-info@4.0.0", + "clean-regexp@1.0.0", + "core-js-compat@3.37.0", + "eslint@8.57.0", + "esquery@1.5.0", + "indent-string@4.0.0", + "is-builtin-module@3.2.1", + "jsesc@3.0.2", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "regjsparser@0.10.0", + "semver@7.6.2", + "strip-indent@3.0.0" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "debug@4.3.4", + "espree@9.6.1", + "globals@13.24.0", + "ignore@5.3.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1" + }, + { + "ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "espree@9.6.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "acorn@8.11.3", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "parent-module@1.0.1", + "dependsOn": [ + "callsites@3.1.0" + ] + }, + { + "ref": "resolve-from@4.0.0" + }, + { + "ref": "ci-info@4.0.0" + }, + { + "ref": "core-js-compat@3.37.0", + "dependsOn": [ + "browserslist@4.23.0" + ] + }, + { + "ref": "browserslist@4.23.0", + "dependsOn": [ + "caniuse-lite@1.0.30001612", + "electron-to-chromium@1.4.747", + "node-releases@2.0.14", + "update-browserslist-db@1.0.13" + ] + }, + { + "ref": "caniuse-lite@1.0.30001612" + }, + { + "ref": "electron-to-chromium@1.4.747" + }, + { + "ref": "node-releases@2.0.14" + }, + { + "ref": "update-browserslist-db@1.0.13", + "dependsOn": [ + "browserslist@4.23.0", + "escalade@3.1.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "escalade@3.1.2" + }, + { + "ref": "estraverse@5.3.0" + }, + { + "ref": "builtin-modules@3.3.0" + }, + { + "ref": "jsesc@3.0.2" + }, + { + "ref": "p-try@2.2.0" + }, + { + "ref": "path-exists@4.0.0" + }, + { + "ref": "read-pkg@5.2.0", + "dependsOn": [ + "@types/normalize-package-data@2.4.4", + "read-pkg@5.2.0|normalize-package-data@2.5.0", + "parse-json@5.2.0", + "read-pkg@5.2.0|type-fest@0.6.0" + ] + }, + { + "ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "dependsOn": [ + "read-pkg@5.2.0|hosted-git-info@2.8.9", + "resolve@1.22.8", + "read-pkg@5.2.0|semver@5.7.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "read-pkg@5.2.0|hosted-git-info@2.8.9" + }, + { + "ref": "read-pkg@5.2.0|semver@5.7.2" + }, + { + "ref": "read-pkg@5.2.0|type-fest@0.6.0" + }, + { + "ref": "@types/normalize-package-data@2.4.4" + }, + { + "ref": "validate-npm-package-license@3.0.4", + "dependsOn": [ + "spdx-correct@3.2.0", + "spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "regjsparser@0.10.0", + "dependsOn": [ + "regjsparser@0.10.0|jsesc@0.5.0" + ] + }, + { + "ref": "regjsparser@0.10.0|jsesc@0.5.0" + }, + { + "ref": "strip-indent@3.0.0", + "dependsOn": [ + "min-indent@1.0.1" + ] + }, + { + "ref": "min-indent@1.0.1" + }, + { + "ref": "@eslint/js@8.57.0" + }, + { + "ref": "@humanwhocodes/config-array@0.11.14", + "dependsOn": [ + "@humanwhocodes/object-schema@2.0.3", + "debug@4.3.4", + "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "dependsOn": [ + "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@humanwhocodes/object-schema@2.0.3" + }, + { + "ref": "@humanwhocodes/module-importer@1.0.1" + }, + { + "ref": "@nodelib/fs.scandir@2.1.5", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ] + }, + { + "ref": "run-parallel@1.2.0", + "dependsOn": [ + "queue-microtask@1.2.3" + ] + }, + { + "ref": "queue-microtask@1.2.3" + }, + { + "ref": "fastq@1.17.1", + "dependsOn": [ + "reusify@1.0.4" + ] + }, + { + "ref": "reusify@1.0.4" + }, + { + "ref": "@ungap/structured-clone@1.2.0" + }, + { + "ref": "path-key@3.1.1" + }, + { + "ref": "shebang-command@2.0.0", + "dependsOn": [ + "shebang-regex@3.0.0" + ] + }, + { + "ref": "shebang-regex@3.0.0" + }, + { + "ref": "which@2.0.2", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "isexe@2.0.0" + }, + { + "ref": "eslint-scope@7.2.2", + "dependsOn": [ + "esrecurse@4.3.0", + "estraverse@5.3.0" + ] + }, + { + "ref": "acorn@8.11.3" + }, + { + "ref": "flat-cache@3.2.0", + "dependsOn": [ + "flatted@3.3.1", + "keyv@4.5.4", + "rimraf@3.0.2" + ] + }, + { + "ref": "flatted@3.3.1" + }, + { + "ref": "keyv@4.5.4", + "dependsOn": [ + "json-buffer@3.0.1" + ] + }, + { + "ref": "json-buffer@3.0.1" + }, + { + "ref": "find-up@5.0.0", + "dependsOn": [ + "locate-path@6.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "locate-path@6.0.0", + "dependsOn": [ + "p-locate@5.0.0" + ] + }, + { + "ref": "p-locate@5.0.0", + "dependsOn": [ + "p-limit@3.1.0" + ] + }, + { + "ref": "is-extglob@2.1.1" + }, + { + "ref": "is-path-inside@3.0.3" + }, + { + "ref": "prelude-ls@1.2.1" + }, + { + "ref": "type-check@0.4.0", + "dependsOn": [ + "prelude-ls@1.2.1" + ] + }, + { + "ref": "@aashutoshrathi/word-wrap@1.2.6" + }, + { + "ref": "deep-is@0.1.4" + }, + { + "ref": "accepts@1.3.8", + "dependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ] + }, + { + "ref": "mime-types@2.1.35", + "dependsOn": [ + "mime-db@1.52.0" + ] + }, + { + "ref": "negotiator@0.6.3" + }, + { + "ref": "array-flatten@1.1.1" + }, + { + "ref": "body-parser@1.20.2", + "dependsOn": [ + "bytes@3.1.2", + "content-type@1.0.5", + "body-parser@1.20.2|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "on-finished@2.4.1", + "qs@6.11.0", + "raw-body@2.5.2", + "type-is@1.6.18", + "unpipe@1.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|debug@2.6.9", + "dependsOn": [ + "body-parser@1.20.2|ms@2.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|ms@2.0.0" + }, + { + "ref": "bytes@3.1.2" + }, + { + "ref": "depd@2.0.0" + }, + { + "ref": "destroy@1.2.0" + }, + { + "ref": "http-errors@2.0.0", + "dependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "toidentifier@1.0.1" + ] + }, + { + "ref": "iconv-lite@0.4.24", + "dependsOn": [ + "safer-buffer@2.1.2" + ] + }, + { + "ref": "safer-buffer@2.1.2" + }, + { + "ref": "on-finished@2.4.1", + "dependsOn": [ + "ee-first@1.1.1" + ] + }, + { + "ref": "qs@6.11.0", + "dependsOn": [ + "side-channel@1.0.6" + ] + }, + { + "ref": "raw-body@2.5.2", + "dependsOn": [ + "bytes@3.1.2", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "unpipe@1.0.0" + ] + }, + { + "ref": "unpipe@1.0.0" + }, + { + "ref": "type-is@1.6.18", + "dependsOn": [ + "media-typer@0.3.0", + "mime-types@2.1.35" + ] + }, + { + "ref": "content-disposition@0.5.4", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "cookie-signature@1.0.6" + }, + { + "ref": "cookie@0.6.0" + }, + { + "ref": "encodeurl@1.0.2" + }, + { + "ref": "escape-html@1.0.3" + }, + { + "ref": "etag@1.8.1" + }, + { + "ref": "finalhandler@1.2.0", + "dependsOn": [ + "finalhandler@1.2.0|debug@2.6.9", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "on-finished@2.4.1", + "parseurl@1.3.3", + "statuses@2.0.1", + "unpipe@1.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|debug@2.6.9", + "dependsOn": [ + "finalhandler@1.2.0|ms@2.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|ms@2.0.0" + }, + { + "ref": "parseurl@1.3.3" + }, + { + "ref": "statuses@2.0.1" + }, + { + "ref": "fresh@0.5.2" + }, + { + "ref": "setprototypeof@1.2.0" + }, + { + "ref": "toidentifier@1.0.1" + }, + { + "ref": "merge-descriptors@1.0.1" + }, + { + "ref": "methods@1.1.2" + }, + { + "ref": "ee-first@1.1.1" + }, + { + "ref": "path-to-regexp@0.1.7" + }, + { + "ref": "proxy-addr@2.0.7", + "dependsOn": [ + "forwarded@0.2.0", + "ipaddr.js@1.9.1" + ] + }, + { + "ref": "forwarded@0.2.0" + }, + { + "ref": "ipaddr.js@1.9.1" + }, + { + "ref": "side-channel@1.0.6", + "dependsOn": [ + "call-bind@1.0.7", + "es-errors@1.3.0", + "get-intrinsic@1.2.4", + "object-inspect@1.13.1" + ] + }, + { + "ref": "call-bind@1.0.7", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "set-function-length@1.2.2" + ] + }, + { + "ref": "es-define-property@1.0.0", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "get-intrinsic@1.2.4", + "dependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2", + "has-proto@1.0.3", + "has-symbols@1.0.3", + "hasown@2.0.2" + ] + }, + { + "ref": "es-errors@1.3.0" + }, + { + "ref": "function-bind@1.1.2" + }, + { + "ref": "set-function-length@1.2.2", + "dependsOn": [ + "define-data-property@1.1.4", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "gopd@1.0.1", + "has-property-descriptors@1.0.2" + ] + }, + { + "ref": "define-data-property@1.1.4", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "gopd@1.0.1" + ] + }, + { + "ref": "gopd@1.0.1", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "has-property-descriptors@1.0.2", + "dependsOn": [ + "es-define-property@1.0.0" + ] + }, + { + "ref": "has-proto@1.0.3" + }, + { + "ref": "has-symbols@1.0.3" + }, + { + "ref": "hasown@2.0.2", + "dependsOn": [ + "function-bind@1.1.2" + ] + }, + { + "ref": "object-inspect@1.13.1" + }, + { + "ref": "range-parser@1.2.1" + }, + { + "ref": "send@0.18.0", + "dependsOn": [ + "send@0.18.0|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.0", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.1" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9", + "dependsOn": [ + "send@0.18.0|debug@2.6.9|ms@2.0.0" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9|ms@2.0.0" + }, + { + "ref": "mime@1.6.0" + }, + { + "ref": "serve-static@1.15.0", + "dependsOn": [ + "encodeurl@1.0.2", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.18.0" + ] + }, + { + "ref": "media-typer@0.3.0" + }, + { + "ref": "utils-merge@1.0.1" + }, + { + "ref": "vary@1.1.2" + }, + { + "ref": "asynckit@0.4.0" + }, + { + "ref": "combined-stream@1.0.8", + "dependsOn": [ + "delayed-stream@1.0.0" + ] + }, + { + "ref": "delayed-stream@1.0.0" + }, + { + "ref": "mime-db@1.52.0" + }, + { + "ref": "fs-extra@11.2.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@6.1.0", + "universalify@2.0.1" + ] + }, + { + "ref": "jsonfile@6.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "universalify@2.0.1" + ] + }, + { + "ref": "universalify@2.0.1" + }, + { + "ref": "get-installed-path@4.0.8", + "dependsOn": [ + "global-modules@1.0.0" + ] + }, + { + "ref": "global-modules@1.0.0", + "dependsOn": [ + "global-prefix@1.0.2", + "is-windows@1.0.2", + "resolve-dir@1.0.1" + ] + }, + { + "ref": "global-prefix@1.0.2", + "dependsOn": [ + "expand-tilde@2.0.2", + "homedir-polyfill@1.0.3", + "ini@1.3.8", + "is-windows@1.0.2", + "global-prefix@1.0.2|which@1.3.1" + ] + }, + { + "ref": "global-prefix@1.0.2|which@1.3.1", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "expand-tilde@2.0.2", + "dependsOn": [ + "homedir-polyfill@1.0.3" + ] + }, + { + "ref": "homedir-polyfill@1.0.3", + "dependsOn": [ + "parse-passwd@1.0.0" + ] + }, + { + "ref": "parse-passwd@1.0.0" + }, + { + "ref": "is-windows@1.0.2" + }, + { + "ref": "resolve-dir@1.0.1", + "dependsOn": [ + "expand-tilde@2.0.2", + "global-modules@1.0.0" + ] + }, + { + "ref": "domhandler@5.0.3", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "domutils@3.1.0", + "dependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ] + }, + { + "ref": "dom-serializer@2.0.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ] + }, + { + "ref": "entities@4.5.0" + }, + { + "ref": "https@1.0.0" + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2", + "dependsOn": [ + "chalk@4.1.2", + "cli-cursor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1" + ] + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "cli-cursor@3.1.0", + "dependsOn": [ + "restore-cursor@3.1.0" + ] + }, + { + "ref": "restore-cursor@3.1.0", + "dependsOn": [ + "onetime@5.1.2", + "signal-exit@3.0.7" + ] + }, + { + "ref": "onetime@5.1.2", + "dependsOn": [ + "mimic-fn@2.1.0" + ] + }, + { + "ref": "mimic-fn@2.1.0" + }, + { + "ref": "signal-exit@3.0.7" + }, + { + "ref": "figures@3.2.0", + "dependsOn": [ + "figures@3.2.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "figures@3.2.0|escape-string-regexp@1.0.5" + }, + { + "ref": "inquirer@8.0.0", + "dependsOn": [ + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-cursor@3.1.0", + "cli-width@3.0.0", + "external-editor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "mute-stream@0.0.8", + "run-async@2.4.1", + "rxjs@6.6.7", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "through@2.3.8" + ] + }, + { + "ref": "cli-width@3.0.0" + }, + { + "ref": "external-editor@3.1.0", + "dependsOn": [ + "chardet@0.7.0", + "iconv-lite@0.4.24", + "external-editor@3.1.0|tmp@0.0.33" + ] + }, + { + "ref": "external-editor@3.1.0|tmp@0.0.33", + "dependsOn": [ + "os-tmpdir@1.0.2" + ] + }, + { + "ref": "chardet@0.7.0" + }, + { + "ref": "os-tmpdir@1.0.2" + }, + { + "ref": "mute-stream@0.0.8" + }, + { + "ref": "run-async@2.4.1" + }, + { + "ref": "rxjs@6.6.7", + "dependsOn": [ + "rxjs@6.6.7|tslib@1.14.1" + ] + }, + { + "ref": "rxjs@6.6.7|tslib@1.14.1" + }, + { + "ref": "through@2.3.8" + }, + { + "ref": "jest-mock@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-util@29.7.0" + ] + }, + { + "ref": "@types/istanbul-lib-report@3.0.3", + "dependsOn": [ + "@types/istanbul-lib-coverage@2.0.6" + ] + }, + { + "ref": "@types/yargs-parser@21.0.3" + }, + { + "ref": "jest@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/types@29.6.3", + "import-local@3.1.0", + "jest-cli@29.7.0" + ] + }, + { + "ref": "@jest/core@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/reporters@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@jest/core@29.7.0|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-changed-files@29.7.0", + "jest-config@29.7.0", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve-dependencies@29.7.0", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "jest-watcher@29.7.0", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@jest/core@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/console@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "@jest/reporters@29.7.0", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@jest/console@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "istanbul-lib-instrument@6.0.2", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@jest/test-result@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/types@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@jest/transform@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "convert-source-map@2.0.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "fs.realpath@1.0.0" + }, + { + "ref": "inflight@1.0.6", + "dependsOn": [ + "once@1.4.0", + "wrappy@1.0.2" + ] + }, + { + "ref": "path-is-absolute@1.0.1" + }, + { + "ref": "istanbul-lib-instrument@6.0.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "semver@7.6.2" + ] + }, + { + "ref": "make-dir@4.0.0", + "dependsOn": [ + "semver@7.6.2" + ] + }, + { + "ref": "source-map@0.6.1" + }, + { + "ref": "html-escaper@2.0.2" + }, + { + "ref": "jest-worker@29.7.0", + "dependsOn": [ + "@types/node@20.14.1", + "jest-util@29.7.0", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "char-regex@1.0.2" + }, + { + "ref": "convert-source-map@2.0.0" + }, + { + "ref": "jest-changed-files@29.7.0", + "dependsOn": [ + "execa@5.1.1", + "jest-util@29.7.0", + "p-limit@3.1.0" + ] + }, + { + "ref": "get-stream@6.0.1" + }, + { + "ref": "human-signals@2.1.0" + }, + { + "ref": "npm-run-path@4.0.1", + "dependsOn": [ + "path-key@3.1.1" + ] + }, + { + "ref": "strip-final-newline@2.0.0" + }, + { + "ref": "yocto-queue@0.1.0" + }, + { + "ref": "jest-config@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/test-sequencer@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "babel-jest@29.7.0", + "chalk@4.1.2", + "jest-config@29.7.0|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-circus@29.7.0", + "jest-environment-node@29.7.0", + "jest-get-type@29.6.3", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "micromatch@4.0.5", + "parse-json@5.2.0", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "jest-config@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/test-sequencer@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "jest-haste-map@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "babel-jest@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "babel-preset-jest@29.6.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "jest-circus@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "dedent@1.5.3", + "is-generator-fn@2.1.0", + "jest-each@29.7.0", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "p-limit@3.1.0", + "pretty-format@29.7.0", + "pure-rand@6.1.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/environment@29.7.0", + "dependsOn": [ + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/expect@29.7.0", + "dependsOn": [ + "expect@29.7.0", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "jest-snapshot@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-jsx@7.24.1", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/types@7.24.0", + "@jest/expect-utils@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "expect@29.7.0", + "graceful-fs@4.2.11", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "natural-compare@1.4.0", + "pretty-format@29.7.0", + "semver@7.6.2" + ] + }, + { + "ref": "dedent@1.5.3" + }, + { + "ref": "jest-each@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "jest-util@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-runtime@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/globals@29.7.0", + "@jest/source-map@29.6.3", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "pure-rand@6.1.0" + }, + { + "ref": "jest-environment-node@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/fake-timers@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@sinonjs/fake-timers@10.3.0", + "@types/node@20.14.1", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "jest-regex-util@29.6.3" + }, + { + "ref": "jest-resolve@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-pnp-resolver@1.2.3", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "resolve.exports@2.0.2", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "jest-runner@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/environment@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "emittery@0.13.1", + "graceful-fs@4.2.11", + "jest-docblock@29.7.0", + "jest-environment-node@29.7.0", + "jest-haste-map@29.7.0", + "jest-leak-detector@29.7.0", + "jest-message-util@29.7.0", + "jest-resolve@29.7.0", + "jest-runtime@29.7.0", + "jest-util@29.7.0", + "jest-watcher@29.7.0", + "jest-worker@29.7.0", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "jest-validate@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "jest-validate@29.7.0|camelcase@6.3.0", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "leven@3.1.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-validate@29.7.0|camelcase@6.3.0" + }, + { + "ref": "bser@2.1.1", + "dependsOn": [ + "node-int64@0.4.0" + ] + }, + { + "ref": "node-int64@0.4.0" + }, + { + "ref": "makeerror@1.0.12", + "dependsOn": [ + "tmpl@1.0.5" + ] + }, + { + "ref": "tmpl@1.0.5" + }, + { + "ref": "jest-resolve-dependencies@29.7.0", + "dependsOn": [ + "jest-regex-util@29.6.3", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "resolve.exports@2.0.2" + }, + { + "ref": "emittery@0.13.1" + }, + { + "ref": "jest-docblock@29.7.0", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "jest-leak-detector@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-watcher@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "emittery@0.13.1", + "jest-util@29.7.0", + "string-length@4.0.2" + ] + }, + { + "ref": "@jest/globals@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/types@29.6.3", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/source-map@29.6.3", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@babel/plugin-syntax-jsx@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/helper-plugin-utils@7.24.0" + }, + { + "ref": "@babel/plugin-syntax-async-generators@7.8.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-bigint@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-class-properties@7.12.13", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-import-meta@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-json-strings@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "pkg-dir@4.2.0", + "dependsOn": [ + "pkg-dir@4.2.0|find-up@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|find-up@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-locate@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-limit@2.3.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0", + "dependsOn": [ + "resolve-cwd@3.0.0|resolve-from@5.0.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0|resolve-from@5.0.0" + }, + { + "ref": "jest-cli@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "chalk@4.1.2", + "create-jest@29.7.0", + "exit@0.1.2", + "import-local@3.1.0", + "jest-config@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "yargs@17.7.2" + ] + }, + { + "ref": "create-jest@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-config@29.7.0", + "jest-util@29.7.0", + "prompts@2.4.2" + ] + }, + { + "ref": "cliui@8.0.1", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "get-caller-file@2.0.5" + }, + { + "ref": "require-directory@2.1.1" + }, + { + "ref": "y18n@5.0.8" + }, + { + "ref": "argparse@2.0.1" + }, + { + "ref": "json-colorizer@2.2.2", + "dependsOn": [ + "json-colorizer@2.2.2|chalk@2.4.2", + "lodash.get@4.4.2" + ] + }, + { + "ref": "json-colorizer@2.2.2|chalk@2.4.2", + "dependsOn": [ + "json-colorizer@2.2.2|ansi-styles@3.2.1", + "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "json-colorizer@2.2.2|supports-color@5.5.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "dependsOn": [ + "json-colorizer@2.2.2|color-convert@1.9.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "dependsOn": [ + "json-colorizer@2.2.2|color-name@1.1.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-name@1.1.3" + }, + { + "ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5" + }, + { + "ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "dependsOn": [ + "json-colorizer@2.2.2|has-flag@3.0.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|has-flag@3.0.0" + }, + { + "ref": "markdown-diff@2.0.0", + "dependsOn": [ + "markdown-diff@2.0.0|diff@5.2.0", + "marked@12.0.2" + ] + }, + { + "ref": "markdown-diff@2.0.0|diff@5.2.0" + }, + { + "ref": "marked@12.0.2" + }, + { + "ref": "markdown-table-ts@1.0.3" + }, + { + "ref": "mocha@10.4.0", + "dependsOn": [ + "ansi-colors@4.1.1", + "browser-stdout@1.3.1", + "chokidar@3.5.3", + "debug@4.3.4", + "mocha@10.4.0|diff@5.0.0", + "escape-string-regexp@4.0.0", + "find-up@5.0.0", + "mocha@10.4.0|glob@8.1.0", + "he@1.2.0", + "js-yaml@4.1.0", + "mocha@10.4.0|log-symbols@4.1.0", + "mocha@10.4.0|minimatch@5.0.1", + "ms@2.1.3", + "serialize-javascript@6.0.0", + "strip-json-comments@3.1.1", + "supports-color@8.1.1", + "workerpool@6.2.1", + "yargs-parser@20.2.4", + "yargs-unparser@2.0.0", + "mocha@10.4.0|yargs@16.2.0" + ] + }, + { + "ref": "mocha@10.4.0|diff@5.0.0" + }, + { + "ref": "mocha@10.4.0|glob@8.1.0", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "mocha@10.4.0|minimatch@5.0.1", + "once@1.4.0" + ] + }, + { + "ref": "mocha@10.4.0|minimatch@5.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "mocha@10.4.0|log-symbols@4.1.0", + "dependsOn": [ + "chalk@4.1.2", + "is-unicode-supported@0.1.0" + ] + }, + { + "ref": "mocha@10.4.0|yargs@16.2.0", + "dependsOn": [ + "mocha@10.4.0|cliui@7.0.4", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs-parser@20.2.4" + ] + }, + { + "ref": "mocha@10.4.0|cliui@7.0.4", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "browser-stdout@1.3.1" + }, + { + "ref": "fill-range@7.0.1", + "dependsOn": [ + "to-regex-range@5.0.1" + ] + }, + { + "ref": "to-regex-range@5.0.1", + "dependsOn": [ + "is-number@7.0.0" + ] + }, + { + "ref": "is-number@7.0.0" + }, + { + "ref": "is-binary-path@2.1.0", + "dependsOn": [ + "binary-extensions@2.3.0" + ] + }, + { + "ref": "binary-extensions@2.3.0" + }, + { + "ref": "readdirp@3.6.0", + "dependsOn": [ + "picomatch@2.3.1" + ] + }, + { + "ref": "wrappy@1.0.2" + }, + { + "ref": "is-unicode-supported@0.1.0" + }, + { + "ref": "serialize-javascript@6.0.0", + "dependsOn": [ + "randombytes@2.1.0" + ] + }, + { + "ref": "randombytes@2.1.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "workerpool@6.2.1" + }, + { + "ref": "yargs-parser@20.2.4" + }, + { + "ref": "yargs-unparser@2.0.0", + "dependsOn": [ + "yargs-unparser@2.0.0|camelcase@6.3.0", + "decamelize@4.0.0", + "flat@5.0.2", + "is-plain-obj@2.1.0" + ] + }, + { + "ref": "yargs-unparser@2.0.0|camelcase@6.3.0" + }, + { + "ref": "decamelize@4.0.0" + }, + { + "ref": "is-plain-obj@2.1.0" + }, + { + "ref": "mock-fs@5.2.0" + }, + { + "ref": "objects-to-csv@1.3.6", + "dependsOn": [ + "async-csv@2.1.3" + ] + }, + { + "ref": "async-csv@2.1.3", + "dependsOn": [ + "csv@5.5.3" + ] + }, + { + "ref": "csv@5.5.3", + "dependsOn": [ + "csv-generate@3.4.3", + "csv-parse@4.16.3", + "csv-stringify@5.6.5", + "stream-transform@2.1.3" + ] + }, + { + "ref": "csv-generate@3.4.3" + }, + { + "ref": "csv-stringify@5.6.5" + }, + { + "ref": "stream-transform@2.1.3", + "dependsOn": [ + "mixme@0.5.10" + ] + }, + { + "ref": "mixme@0.5.10" + }, + { + "ref": "oclif@4.13.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0", + "@aws-sdk/client-s3@3.583.0", + "@inquirer/confirm@3.1.9", + "@inquirer/input@2.1.9", + "@inquirer/select@2.3.5", + "oclif@4.13.0|@oclif/core@4.0.1", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-not-found@3.2.1", + "@oclif/plugin-warn-if-update-available@3.1.4", + "async-retry@1.3.3", + "chalk@4.1.2", + "change-case@4.1.2", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "find-yarn-workspace-root@2.0.0", + "oclif@4.13.0|fs-extra@8.1.0", + "github-slugger@2.0.0", + "got@13.0.0", + "lodash@4.17.21", + "normalize-package-data@6.0.1", + "semver@7.6.2", + "sort-package-json@2.10.0", + "tiny-jsonc@1.0.1", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "oclif@4.13.0|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "oclif@4.13.0|debug@4.3.5", + "dependsOn": [ + "oclif@4.13.0|ms@2.1.2" + ] + }, + { + "ref": "oclif@4.13.0|ms@2.1.2" + }, + { + "ref": "oclif@4.13.0|fs-extra@8.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "oclif@4.13.0|jsonfile@4.0.0", + "oclif@4.13.0|universalify@0.1.2" + ] + }, + { + "ref": "oclif@4.13.0|jsonfile@4.0.0", + "dependsOn": [ + "graceful-fs@4.2.11" + ] + }, + { + "ref": "oclif@4.13.0|universalify@0.1.2" + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/xml-builder@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-waiter@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0", + "dependsOn": [ + "@aws-crypto/sha1-browser@3.0.0", + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "@aws-sdk/middleware-expect-continue@3.577.0", + "@aws-sdk/middleware-flexible-checksums@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-location-constraint@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/middleware-signing@3.577.0", + "@aws-sdk/middleware-ssec@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/signature-v4-multi-region@3.582.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/eventstream-serde-browser@3.0.0", + "@smithy/eventstream-serde-config-resolver@3.0.0", + "@smithy/eventstream-serde-node@3.0.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-blob-browser@3.0.0", + "@smithy/hash-node@3.0.0", + "@smithy/hash-stream-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/md5-js@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/region-config-resolver@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-node@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-env@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-process@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/token-providers@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso-oidc@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sts@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/credential-provider-node@3.577.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-http@3.577.0", + "@aws-sdk/credential-provider-ini@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-user-agent@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-endpoints@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-http@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-ini@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-sso@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso@3.577.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-arn-parser@3.568.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@aws-crypto/crc32c@3.0.0", + "@aws-sdk/types@3.577.0", + "@smithy/is-array-buffer@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/crc32c@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-signing@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-ssec@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "dependsOn": [ + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-browser@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-universal@3.0.0", + "dependsOn": [ + "@smithy/eventstream-codec@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-codec@3.0.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-node@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-blob-browser@3.0.0", + "dependsOn": [ + "@smithy/chunked-blob-reader-native@3.0.0", + "@smithy/chunked-blob-reader@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader-native@3.0.0", + "dependsOn": [ + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-stream-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/md5-js@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@inquirer/confirm@3.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/core@8.2.2", + "dependsOn": [ + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "@types/mute-stream@0.0.4", + "@types/node@20.14.1", + "@types/wrap-ansi@3.0.0", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-spinners@2.9.2", + "@inquirer/core@8.2.2|cli-width@4.1.0", + "@inquirer/core@8.2.2|mute-stream@1.0.0", + "@inquirer/core@8.2.2|signal-exit@4.1.0", + "strip-ansi@6.0.1", + "@inquirer/core@8.2.2|wrap-ansi@6.2.0" + ] + }, + { + "ref": "@inquirer/core@8.2.2|cli-width@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|mute-stream@1.0.0" + }, + { + "ref": "@inquirer/core@8.2.2|signal-exit@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@inquirer/figures@1.0.3" + }, + { + "ref": "@inquirer/type@1.3.3" + }, + { + "ref": "@types/mute-stream@0.0.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/wrap-ansi@3.0.0" + }, + { + "ref": "@inquirer/input@2.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/select@2.3.5", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "ansi-escapes@4.3.2", + "chalk@4.1.2" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1", + "dependsOn": [ + "@inquirer/confirm@3.1.9", + "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "ansis@3.2.0", + "fast-levenshtein@3.0.0" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "fast-levenshtein@3.0.0", + "dependsOn": [ + "fastest-levenshtein@1.0.16" + ] + }, + { + "ref": "fastest-levenshtein@1.0.16" + }, + { + "ref": "async-retry@1.3.3", + "dependsOn": [ + "retry@0.13.1" + ] + }, + { + "ref": "retry@0.13.1" + }, + { + "ref": "change-case@4.1.2", + "dependsOn": [ + "camel-case@4.1.2", + "capital-case@1.0.4", + "constant-case@3.0.4", + "dot-case@3.0.4", + "header-case@2.0.4", + "no-case@3.0.4", + "param-case@3.0.4", + "pascal-case@3.1.2", + "path-case@3.0.4", + "sentence-case@3.0.4", + "snake-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "camel-case@4.1.2", + "dependsOn": [ + "pascal-case@3.1.2", + "tslib@2.6.3" + ] + }, + { + "ref": "pascal-case@3.1.2", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "capital-case@1.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "no-case@3.0.4", + "dependsOn": [ + "lower-case@2.0.2", + "tslib@2.6.3" + ] + }, + { + "ref": "upper-case-first@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "constant-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case@2.0.2" + ] + }, + { + "ref": "upper-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "dot-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "header-case@2.0.4", + "dependsOn": [ + "capital-case@1.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "lower-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "param-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "path-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "sentence-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "snake-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "find-yarn-workspace-root@2.0.0", + "dependsOn": [ + "micromatch@4.0.5" + ] + }, + { + "ref": "github-slugger@2.0.0" + }, + { + "ref": "got@13.0.0", + "dependsOn": [ + "@sindresorhus/is@5.6.0", + "@szmarczak/http-timer@5.0.1", + "cacheable-lookup@7.0.0", + "cacheable-request@10.2.14", + "decompress-response@6.0.0", + "form-data-encoder@2.1.4", + "get-stream@6.0.1", + "http2-wrapper@2.2.1", + "lowercase-keys@3.0.0", + "p-cancelable@3.0.0", + "responselike@3.0.0" + ] + }, + { + "ref": "@sindresorhus/is@5.6.0" + }, + { + "ref": "@szmarczak/http-timer@5.0.1", + "dependsOn": [ + "defer-to-connect@2.0.1" + ] + }, + { + "ref": "defer-to-connect@2.0.1" + }, + { + "ref": "cacheable-lookup@7.0.0" + }, + { + "ref": "cacheable-request@10.2.14", + "dependsOn": [ + "@types/http-cache-semantics@4.0.4", + "get-stream@6.0.1", + "http-cache-semantics@4.1.1", + "keyv@4.5.4", + "mimic-response@4.0.0", + "normalize-url@8.0.1", + "responselike@3.0.0" + ] + }, + { + "ref": "@types/http-cache-semantics@4.0.4" + }, + { + "ref": "http-cache-semantics@4.1.1" + }, + { + "ref": "mimic-response@4.0.0" + }, + { + "ref": "normalize-url@8.0.1" + }, + { + "ref": "responselike@3.0.0", + "dependsOn": [ + "lowercase-keys@3.0.0" + ] + }, + { + "ref": "decompress-response@6.0.0", + "dependsOn": [ + "decompress-response@6.0.0|mimic-response@3.1.0" + ] + }, + { + "ref": "decompress-response@6.0.0|mimic-response@3.1.0" + }, + { + "ref": "form-data-encoder@2.1.4" + }, + { + "ref": "http2-wrapper@2.2.1", + "dependsOn": [ + "quick-lru@5.1.1", + "resolve-alpn@1.2.1" + ] + }, + { + "ref": "resolve-alpn@1.2.1" + }, + { + "ref": "lowercase-keys@3.0.0" + }, + { + "ref": "p-cancelable@3.0.0" + }, + { + "ref": "normalize-package-data@6.0.1", + "dependsOn": [ + "hosted-git-info@7.0.2", + "is-core-module@2.13.1", + "semver@7.6.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "spdx-correct@3.2.0", + "dependsOn": [ + "spdx-expression-parse@3.0.1", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-expression-parse@3.0.1", + "dependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-license-ids@3.0.17" + }, + { + "ref": "spdx-exceptions@2.5.0" + }, + { + "ref": "sort-package-json@2.10.0", + "dependsOn": [ + "detect-indent@7.0.1", + "sort-package-json@2.10.0|detect-newline@4.0.1", + "get-stdin@9.0.0", + "git-hooks-list@3.1.0", + "sort-package-json@2.10.0|globby@13.2.2", + "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "semver@7.6.2", + "sort-object-keys@1.1.3" + ] + }, + { + "ref": "sort-package-json@2.10.0|detect-newline@4.0.1" + }, + { + "ref": "sort-package-json@2.10.0|globby@13.2.2", + "dependsOn": [ + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "sort-package-json@2.10.0|slash@4.0.0" + ] + }, + { + "ref": "sort-package-json@2.10.0|slash@4.0.0" + }, + { + "ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0" + }, + { + "ref": "detect-indent@7.0.1" + }, + { + "ref": "get-stdin@9.0.0" + }, + { + "ref": "git-hooks-list@3.1.0" + }, + { + "ref": "sort-object-keys@1.1.3" + }, + { + "ref": "tiny-jsonc@1.0.1" + }, + { + "ref": "open@10.1.0", + "dependsOn": [ + "default-browser@5.2.1", + "define-lazy-prop@3.0.0", + "is-inside-container@1.0.0", + "open@10.1.0|is-wsl@3.1.0" + ] + }, + { + "ref": "open@10.1.0|is-wsl@3.1.0", + "dependsOn": [ + "is-inside-container@1.0.0" + ] + }, + { + "ref": "default-browser@5.2.1", + "dependsOn": [ + "bundle-name@4.1.0", + "default-browser-id@5.0.0" + ] + }, + { + "ref": "bundle-name@4.1.0", + "dependsOn": [ + "run-applescript@7.0.0" + ] + }, + { + "ref": "run-applescript@7.0.0" + }, + { + "ref": "default-browser-id@5.0.0" + }, + { + "ref": "define-lazy-prop@3.0.0" + }, + { + "ref": "is-inside-container@1.0.0", + "dependsOn": [ + "is-inside-container@1.0.0|is-docker@3.0.0" + ] + }, + { + "ref": "is-inside-container@1.0.0|is-docker@3.0.0" + }, + { + "ref": "prompt-sync@4.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|strip-ansi@5.2.0" + ] + }, + { + "ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|ansi-regex@4.1.1" + ] + }, + { + "ref": "prompt-sync@4.2.0|ansi-regex@4.1.1" + }, + { + "ref": "lodash.truncate@4.4.2" + }, + { + "ref": "tmp@0.2.3" + }, + { + "ref": "ts-jest@29.1.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-jest@29.7.0", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "jest-util@29.7.0", + "jest@29.7.0", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "typescript@5.1.6", + "ts-jest@29.1.4|yargs-parser@21.1.1" + ] + }, + { + "ref": "ts-jest@29.1.4|yargs-parser@21.1.1" + }, + { + "ref": "@ampproject/remapping@2.3.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "js-tokens@4.0.0" + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6", + "dependsOn": [ + "@babel/compat-data@7.24.4", + "@babel/helper-validator-option@7.23.5", + "browserslist@4.23.0", + "lru-cache@5.1.1", + "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + ] + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + }, + { + "ref": "@babel/compat-data@7.24.4" + }, + { + "ref": "@babel/helper-validator-option@7.23.5" + }, + { + "ref": "lru-cache@5.1.1", + "dependsOn": [ + "yallist@3.1.1" + ] + }, + { + "ref": "yallist@3.1.1" + }, + { + "ref": "@babel/helper-module-transforms@7.23.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-module-imports@7.24.3", + "@babel/helper-simple-access@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/helper-validator-identifier@7.22.20" + ] + }, + { + "ref": "@babel/helper-environment-visitor@7.22.20" + }, + { + "ref": "@babel/helper-module-imports@7.24.3", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-simple-access@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-split-export-declaration@7.22.6", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helpers@7.24.4", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-function-name@7.23.0", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-hoist-variables@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-string-parser@7.24.1" + }, + { + "ref": "to-fast-properties@2.0.0" + }, + { + "ref": "gensync@1.0.0-beta.2" + }, + { + "ref": "@jridgewell/resolve-uri@3.1.2" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0", + "dependsOn": [ + "camelcase@5.3.1", + "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "get-package-type@0.1.0", + "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + }, + { + "ref": "camelcase@5.3.1" + }, + { + "ref": "test-exclude@6.0.0", + "dependsOn": [ + "@istanbuljs/schema@0.1.3", + "glob@7.2.3", + "test-exclude@6.0.0|minimatch@3.1.2" + ] + }, + { + "ref": "test-exclude@6.0.0|minimatch@3.1.2", + "dependsOn": [ + "test-exclude@6.0.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@types/babel__generator@7.6.8", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/babel__template@7.4.4", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "babel-preset-jest@29.6.3", + "dependsOn": [ + "@babel/core@7.24.4", + "babel-plugin-jest-hoist@29.6.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "babel-plugin-jest-hoist@29.6.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "ts-mocha@10.0.0", + "dependsOn": [ + "mocha@10.4.0", + "ts-mocha@10.0.0|ts-node@7.0.1", + "tsconfig-paths@3.15.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "dependsOn": [ + "ts-mocha@10.0.0|arrify@1.0.1", + "buffer-from@1.1.2", + "ts-mocha@10.0.0|diff@3.5.0", + "make-error@1.3.6", + "minimist@1.2.8", + "ts-mocha@10.0.0|mkdirp@0.5.6", + "source-map-support@0.5.13", + "ts-mocha@10.0.0|yn@2.0.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|arrify@1.0.1" + }, + { + "ref": "ts-mocha@10.0.0|diff@3.5.0" + }, + { + "ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "ts-mocha@10.0.0|yn@2.0.0" + }, + { + "ref": "buffer-from@1.1.2" + }, + { + "ref": "tsconfig-paths@3.15.0", + "dependsOn": [ + "@types/json5@0.0.29", + "tsconfig-paths@3.15.0|json5@1.0.2", + "minimist@1.2.8", + "tsconfig-paths@3.15.0|strip-bom@3.0.0" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0" + }, + { + "ref": "@types/json5@0.0.29" + }, + { + "ref": "@cspotcode/source-map-support@0.8.1", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9" + ] + }, + { + "ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "@tsconfig/node10@1.0.11" + }, + { + "ref": "@tsconfig/node12@1.0.11" + }, + { + "ref": "@tsconfig/node14@1.0.3" + }, + { + "ref": "@tsconfig/node16@1.0.4" + }, + { + "ref": "acorn-walk@8.3.2" + }, + { + "ref": "create-require@1.1.1" + }, + { + "ref": "diff@4.0.2" + }, + { + "ref": "v8-compile-cache-lib@3.0.1" + }, + { + "ref": "yn@3.1.1" + }, + { + "ref": "tsimportlib@0.0.5" + }, + { + "ref": "@colors/colors@1.6.0" + }, + { + "ref": "@dabh/diagnostics@2.0.3", + "dependsOn": [ + "colorspace@1.1.4", + "enabled@2.0.0", + "kuler@2.0.0" + ] + }, + { + "ref": "colorspace@1.1.4", + "dependsOn": [ + "colorspace@1.1.4|color@3.2.1", + "text-hex@1.0.0" + ] + }, + { + "ref": "colorspace@1.1.4|color@3.2.1", + "dependsOn": [ + "colorspace@1.1.4|color-convert@1.9.3", + "color-string@1.9.1" + ] + }, + { + "ref": "colorspace@1.1.4|color-convert@1.9.3", + "dependsOn": [ + "colorspace@1.1.4|color-name@1.1.3" + ] + }, + { + "ref": "colorspace@1.1.4|color-name@1.1.3" + }, + { + "ref": "text-hex@1.0.0" + }, + { + "ref": "enabled@2.0.0" + }, + { + "ref": "kuler@2.0.0" + }, + { + "ref": "logform@2.6.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@types/triple-beam@1.3.5", + "fecha@4.2.3", + "ms@2.1.3", + "safe-stable-stringify@2.4.3", + "triple-beam@1.4.1" + ] + }, + { + "ref": "fecha@4.2.3" + }, + { + "ref": "safe-stable-stringify@2.4.3" + }, + { + "ref": "triple-beam@1.4.1" + }, + { + "ref": "one-time@1.0.0", + "dependsOn": [ + "fn.name@1.1.0" + ] + }, + { + "ref": "fn.name@1.1.0" + }, + { + "ref": "string_decoder@1.3.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "stack-trace@0.0.10" + }, + { + "ref": "winston-transport@4.7.0", + "dependsOn": [ + "logform@2.6.0", + "readable-stream@3.6.2", + "triple-beam@1.4.1" + ] + }, + { + "ref": "xlsx-populate@1.21.0", + "dependsOn": [ + "cfb@1.2.2", + "jszip@3.10.1", + "lodash@4.17.21", + "xlsx-populate@1.21.0|sax@1.3.0" + ] + }, + { + "ref": "xlsx-populate@1.21.0|sax@1.3.0" + }, + { + "ref": "cfb@1.2.2", + "dependsOn": [ + "adler-32@1.3.1", + "crc-32@1.2.2" + ] + }, + { + "ref": "adler-32@1.3.1" + }, + { + "ref": "crc-32@1.2.2" + }, + { + "ref": "jszip@3.10.1", + "dependsOn": [ + "lie@3.3.0", + "pako@1.0.11", + "jszip@3.10.1|readable-stream@2.3.8", + "setimmediate@1.0.5" + ] + }, + { + "ref": "jszip@3.10.1|readable-stream@2.3.8", + "dependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "jszip@3.10.1|safe-buffer@5.1.2", + "jszip@3.10.1|string_decoder@1.1.1", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "jszip@3.10.1|safe-buffer@5.1.2" + }, + { + "ref": "jszip@3.10.1|string_decoder@1.1.1", + "dependsOn": [ + "jszip@3.10.1|safe-buffer@5.1.2" + ] + }, + { + "ref": "lie@3.3.0", + "dependsOn": [ + "immediate@3.0.6" + ] + }, + { + "ref": "immediate@3.0.6" + }, + { + "ref": "pako@1.0.11" + }, + { + "ref": "core-util-is@1.0.3" + }, + { + "ref": "isarray@1.0.0" + }, + { + "ref": "process-nextick-args@2.0.1" + }, + { + "ref": "setimmediate@1.0.5" + }, + { + "ref": "sax@1.2.1" + }, + { + "ref": "xmlbuilder@11.0.1" + }, + { + "ref": "zip-lib@1.0.4", + "dependsOn": [ + "yauzl@3.1.3", + "yazl@2.5.1" + ] + }, + { + "ref": "yauzl@3.1.3", + "dependsOn": [ + "buffer-crc32@0.2.13", + "pend@1.2.0" + ] + }, + { + "ref": "buffer-crc32@0.2.13" + }, + { + "ref": "pend@1.2.0" + }, + { + "ref": "yazl@2.5.1", + "dependsOn": [ + "buffer-crc32@0.2.13" + ] + } + ], "data": { "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", "version": 1, "serialNumber": "urn:uuid:7103f08b-5c5e-4b5b-b2c7-d4be65fa19fe", - "dependencies": [ - { - "ref": "@mitre/saf@1.4.7", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0", - "@aws-sdk/client-securityhub@3.590.0", - "@e965/xlsx@0.20.1", - "@mitre/emass_client@3.10.0", - "@mitre/hdf-converters@2.10.8", - "@mitre/heimdall-lite@2.10.9", - "@mitre/inspec-objects@1.0.1", - "@oclif/core@3.26.9", - "@oclif/plugin-help@6.1.0", - "@oclif/plugin-plugins@5.2.2", - "@oclif/plugin-version@2.2.2", - "@oclif/plugin-warn-if-update-available@3.1.4", - "@oclif/test@3.2.15", - "@smithy/node-http-handler@3.0.0", - "@types/chai@4.3.14", - "@types/express@4.17.21", - "@types/flat@5.0.5", - "@types/fs-extra@11.0.4", - "@types/get-installed-path@4.0.3", - "@types/jest@29.5.12", - "@types/js-yaml@4.0.9", - "@types/lodash@4.17.4", - "@types/mocha@10.0.6", - "@types/mock-fs@4.13.4", - "@types/mustache@4.2.5", - "@types/node@20.14.1", - "@types/objects-to-csv@1.3.3", - "@types/prompt-sync@4.2.3", - "@types/tmp@0.2.6", - "@types/uuid@9.0.8", - "@types/xml2js@0.4.14", - "@typescript-eslint/eslint-plugin@7.12.0", - "accurate-search@1.2.15", - "ajv@8.16.0", - "axios@1.7.2", - "chai@4.4.1", - "colors@1.4.0", - "csv-parse@4.16.3", - "dotenv@16.4.5", - "eslint-config-oclif-typescript@1.0.3", - "eslint-config-oclif@4.0.0", - "eslint-plugin-unicorn@52.0.0", - "eslint@8.57.0", - "express@4.19.2", - "fast-xml-parser@4.4.0", - "flat@5.0.2", - "form-data@4.0.0", - "fs-extra@11.2.0", - "get-installed-path@4.0.8", - "htmlparser2@9.1.0", - "https@1.0.0", - "inquirer-file-tree-selection-prompt@2.0.2", - "inquirer@8.0.0", - "inspecjs@2.10.8", - "jest-mock@29.7.0", - "jest@29.7.0", - "js-yaml@4.1.0", - "json-colorizer@2.2.2", - "lodash@4.17.21", - "markdown-diff@2.0.0", - "markdown-table-ts@1.0.3", - "marked@12.0.2", - "mocha@10.4.0", - "mock-fs@5.2.0", - "moment@2.30.1", - "mustache@4.2.0", - "objects-to-csv@1.3.6", - "oclif@4.13.0", - "open@10.1.0", - "prompt-sync@4.2.0", - "run-script-os@1.1.6", - "table@6.8.2", - "tmp@0.2.3", - "ts-jest@29.1.4", - "ts-mocha@10.0.0", - "ts-node@10.9.2", - "tsimportlib@0.0.5", - "tslib@2.6.3", - "typescript@5.1.6", - "uuid@9.0.1", - "winston@3.13.0", - "xlsx-populate@1.21.0", - "xml2js@0.6.2", - "yaml@2.4.3", - "zip-lib@1.0.4" + "metadata": { + "timestamp": "2024-07-08T18:08:55.978Z", + "tools": [ + { + "name": "npm", + "version": "10.7.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "1.19.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "6.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "saf", + "group": "@mitre", + "version": "1.4.7", + "bom-ref": "@mitre/saf@1.4.7", + "author": "The MITRE Security Automation Framework", + "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/saf@1.4.7?vcs_url=git%2Bhttps%3A//github.com/mitre/saf.git", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/saf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/saf", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/saf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + } ] + } + } + } + } + ], + "raw": { + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "serialNumber": "urn:uuid:7103f08b-5c5e-4b5b-b2c7-d4be65fa19fe", + "metadata": { + "timestamp": "2024-07-08T18:08:55.978Z", + "tools": [ + { + "name": "npm", + "version": "10.7.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "1.19.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "6.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "saf", + "group": "@mitre", + "version": "1.4.7", + "bom-ref": "@mitre/saf@1.4.7", + "author": "The MITRE Security Automation Framework", + "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/saf@1.4.7?vcs_url=git%2Bhttps%3A//github.com/mitre/saf.git", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/saf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/saf", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/saf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "client-config-service", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Config Service Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-config-service@3.590.0#clients/client-config-service", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-config-service", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-config-service", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-config-service/-/client-config-service-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ad29ae81b639104043527461f1bd58d83f0294a7d812a161b7210ff7855d54705dae36775d2b2269d856e08b21e4ed081c2c93ba6c189b90327e25fcb03aa3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service" + } + ] + }, + { + "type": "library", + "name": "sha256-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f152e65b607e82315b539b8c7aab5033a363d3f1756eba3cd31417096e824015a0a2c1565d3c7beda78e17908020099b38aeb849d30125d36be89e35c8fe66bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser" + } + ] + }, + { + "type": "library", + "name": "ie11-detection", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions and types for detecting if the host environment is IE11", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/ie11-detection@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/ie11-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df8d650419226350df0cd29a8bfc173376ae8cd0645d1eedab55113d00cbf708b70146c8f34351ef8b85d535c7326ee9a3501c9c593c8aed92d88794ffefc0f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection" + } + ] + }, + { + "type": "library", + "name": "sha256-js", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-js@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-js@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e734dee8b34fb27755ef5c0cb6dc214e9936cc683c60c57b53287c9bac9dfd63c906cc10138011626d624a1fa061cad2c8fd9caccecf3bc4238137206283abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js" + } + ] + }, + { + "type": "library", + "name": "supports-web-crypto", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions for detecting if the host environment supports the WebCrypto API", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/supports-web-crypto@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/supports-web-crypto", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d3a84174cc1401bd96153b861bbdcb482d307cfbbddf15b0a39bcbd9eb7d7b29a09aedc8779bc500705b6a355688684f3b7eea72c7426a9fc5a97bc918958f22" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto" + } + ] + }, + { + "type": "library", + "name": "util", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/util@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/util@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/util", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8e265a5e269091e3c082f2bfae2950a1cecf48ba7823f70919ae5f19d38d435845afc881c82d82823cdcc98212ac8af8fe4b798ba3a05573b981373771038eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/types@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.577.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "153d896444b7c0128dfda95f9a1968fb764eabf5c9d02ed039970336ba4a8c1d24a98a0a8e154a67f1f1e80ad1d1cce429f1f304112ceb2e3479b207c769d298" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/types" + } + ] + }, + { + "type": "library", + "name": "util-utf8-browser", + "group": "@aws-sdk", + "version": "3.259.0", + "bom-ref": "@aws-sdk/util-utf8-browser@3.259.0", + "author": "AWS SDK for JavaScript Team", + "description": "A browser UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-utf8-browser@3.259.0#packages/util-utf8-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-utf8-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-utf8-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52f15afef47e7b5f57a2891917c47315906bc361149105b18815b4c9840086f9370be4151a5d07de8b9c6bc2c306505f40a5f0996de1ba8ff9f47f2bc1bd7027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-utf8-browser" + } + ] + }, + { + "type": "library", + "name": "util-locate-window", + "group": "@aws-sdk", + "version": "3.535.0", + "bom-ref": "@aws-sdk/util-locate-window@3.535.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-locate-window@3.535.0#packages/util-locate-window", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-locate-window", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-locate-window", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.535.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c727748be9dda3a5c81ba9d8223f1917a6eec3adcd8f6158b0c5222abef30a843c33481d56de632fb69cf028ce0813bccb168759a3418a8c9f40b285e775784" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-locate-window" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "2.6.3", + "bom-ref": "tslib@2.6.3", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@2.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4dbf12443948963c6854b9475080024f28e3897c69c8c8ac9239cd3d5e42ac81d515ff7136cefc1961d7a38e64603c281cca6d63b8b1f7db6eb203bb0414929" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-host-header@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.577.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c6b9309cf8e7908e0c8557b34fec5a6266eeddd03b81146b5cdff2913c82b2e9cdfd09f786f3fec9035a6dfb3e58b5dd3dd66804011c24e21f681455f0ac5a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-host-header" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-logger@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.577.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68f146a468d365c25893edb86e0ee34f85dd229e369855d2b8fb78f65c392b281e7cbc8933fb01d1b28aa8f6188af5b4adcb99f5bad0e7c79950db61af3600be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-logger" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.577.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a67dd95447768a86ca2654771fe6c38a51e38119cdad0e873262bd673670f3d0a49f70dc6efe3cc4ebf8449beed1a53c4832e5fd2342c69a4a8de2c34cf18134" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-recursion-detection" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.577.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc40331e047a1d6a59387ef11607892dcebf0b331cc789f1790a25671559a01e693da25ddc28f246164dd315de641d1721109699be322418328ae8172cd3242c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-browser" + } + ] + }, + { + "type": "library", + "name": "config-resolver", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/config-resolver@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/config-resolver@3.0.1#packages/config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85b91825cdb44810f3daaa8bcedb6323f12a5de9ad996934a284739cbb225e9df4eba290453bee2876bb5388c264226ae83a33aafcb4475fef344482f629cf26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/config-resolver" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@smithy", + "version": "2.1.1", + "bom-ref": "@smithy/core@2.1.1", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/core@2.1.1#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/core/-/core-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2f6c8c3051c83414c85354980c85bb1148014bd2bc1dbb2fce433ed7ab5a495c93b2686bfe3c68e3d6219ac119730543c0e41909bfb4baabe614d94f2093f58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/core" + } + ] + }, + { + "type": "library", + "name": "fetch-http-handler", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/fetch-http-handler@3.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/fetch-http-handler@3.0.1#packages/fetch-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/fetch-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/fetch-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9a1fbe22e410e3fab070a106978a82a923448704916d395c33ac2a71671a61396d248b98e18fb757bc33183362097a6f13a5d16f4b6882d3cb2339b95f14616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/fetch-http-handler" + } + ] + }, + { + "type": "library", + "name": "hash-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-node@3.0.0#packages/hash-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f38a97b2d35e98fdd74b98dca1fd1e97af9b0df8f3baf8493d04c47eba37960b5b0ad2a0ccf9b7320892e9e85754f8de439f894b41ea993cfc7ff4587f31d5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-node" + } + ] + }, + { + "type": "library", + "name": "invalid-dependency", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/invalid-dependency@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/invalid-dependency@3.0.0#packages/invalid-dependency", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/invalid-dependency", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/invalid-dependency", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17ac0105a105809ce3d2ce0a5259622063e6a977a6c0fe846af82f0ea630087e343b95ebda2307bd2f2da1d986559b6e242a2b0645ec60bc93bb83ee8b356ae6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/invalid-dependency" + } + ] + }, + { + "type": "library", + "name": "middleware-content-length", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-content-length@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-content-length@3.0.0#packages/middleware-content-length", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-content-length", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-content-length", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc2e2ce1dfe21a86e00ad936b67596ebecd24ce060d4f4409b6bed5992ddae2c13ae815b6d6352af795ccb31ddad01e71176020b92b9d846e97e875a21463cb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-content-length" + } + ] + }, + { + "type": "library", + "name": "middleware-endpoint", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/middleware-endpoint@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-endpoint@3.0.1#packages/middleware-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "950fd439d183e0a33990b662025d2af10cb774f6f29ef0172807579d896b0353a9694c2bfa7792b15a240d9a58e9955be58c7c8e7bacdbdbafe975a933d3f849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-endpoint" + } + ] + }, + { + "type": "library", + "name": "middleware-retry", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/middleware-retry@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-retry@3.0.3#packages/middleware-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5af7b5ab325bf3754453feaafbf2347107409039eecc42c2e88bc80700f3504886a4aa97817d6fd74154b9919b452e8ebff3fe1c7b61700a07389650bd934090" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-retry" + } + ] + }, + { + "type": "library", + "name": "middleware-serde", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-serde@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-serde@3.0.0#packages/middleware-serde", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-serde", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-serde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "235bca1b57e823ea0f806f6bec8318d52fb10679809f5212aa9968cafaa4c07a126fc54fb278070d33a0606601a27b8e2a775a591506259aca6182c1f809deeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-serde" + } + ] + }, + { + "type": "library", + "name": "middleware-stack", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-stack@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a means for composing multiple middleware functions into a single handler", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-stack@3.0.0#packages/middleware-stack", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-stack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-stack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87d239b27c0c874455e6eb0ba7b24b8d02ab63ef27e6c0507a169dfb7a7cada76ab4e3bfce77dc5eb446946e5bb22263a51a71a969519a55f8f06b04abfa2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-stack" + } + ] + }, + { + "type": "library", + "name": "node-config-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/node-config-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "Load config default values from ini config files and environmental variable", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-config-provider@3.1.0#packages/node-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e07c1f1022d51f4c54df1ccbcab9cda0d56eb4575bab220647a83d49345642dad4d65da86a7f65ef297a9c052ef266a47b1aa910419cb5d72fe534e516ceaed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-config-provider" + } + ] + }, + { + "type": "library", + "name": "node-http-handler", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/node-http-handler@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-http-handler@3.0.0#packages/node-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dedac3e2becd38cca0c0b6d4268e1ea1dc90bb2a405abeeebcf9de6cd27d6bbd1d421567f944bc8ff9429efa094ba0577d9785ecf924908d037a6549c3e9fe79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-http-handler" + } + ] + }, + { + "type": "library", + "name": "protocol-http", + "group": "@smithy", + "version": "4.0.0", + "bom-ref": "@smithy/protocol-http@4.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/protocol-http@4.0.0#packages/protocol-http", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/protocol-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/protocol-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e4193842365cb5915813bd020218b87baa8d9d9cb32afcfc89601431c336e2202c0311c76065f1c9395390fa561f433dda1a569bb3c1631ad3171d2f83bf01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/protocol-http" + } + ] + }, + { + "type": "library", + "name": "smithy-client", + "group": "@smithy", + "version": "3.1.1", + "bom-ref": "@smithy/smithy-client@3.1.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/smithy-client@3.1.1#packages/smithy-client", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/smithy-client", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/smithy-client", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63e0abbb329cd947c72656e3dc49bacb155c66a6d5a4b6624cc124ffb8812ae2c6ab69b11d17c09b99075807bb89fd7e7542ad846309d1b284bb85d47807bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/smithy-client" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/types@3.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/types@3.0.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/types/-/types-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "56f5ae424d91285b8eafdf201618dc6bb7e4052fb12cb5114fc6d48e4e5742857464b9bb58fc163cf637fc0c334cbb940437a82830ad85f7b502c4d459a48487" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/types" + } + ] + }, + { + "type": "library", + "name": "url-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/url-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/url-parser@3.0.0#packages/url-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/url-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/url-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d972dacc5814bbe60e187b568a10771522c07c251a8d57cd05718662339a54a8cb02e031c77a52058de10602f3220075ee169fe7d80e1b78a62aa4f2f2672b8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/url-parser" + } + ] + }, + { + "type": "library", + "name": "util-base64", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-base64@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A Base64 <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-base64@3.0.0#packages/util-base64", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-base64", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-base64", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b1be887942db74083b1f6a3899382a49c60b4f1d738ac2633e672e30683e3752810c03ea8fc716bdf1a13fed985d9c115915730e881479c5b71a3212edce741" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-base64" + } + ] + }, + { + "type": "library", + "name": "util-body-length-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in browsers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-browser@3.0.0#packages/util-body-length-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71b8c9b3603598b626aa6c9597cd2ea0b4c984071fccc3b23e08f0018bac58a31d2de36dce6333f58c4d977fe344ba31492df092a91fd23c0d76d5d6b7210169" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-browser" + } + ] + }, + { + "type": "library", + "name": "util-body-length-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-node@3.0.0#packages/util-body-length-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3ee96786d49683543fa3f3c2137b2b7f3ab664a61044fd42d420d1381d34e9f1859bc2b2c1e38bea194d422ecf110245f1bcadd9b63ccc3658216ce9e21890" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-node" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-browser", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-browser@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-browser@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc314e3766ef5c902e9097bea8580f57fae8ac6ed90f79b88230971c3d55e73fed80a429e4c09308b9edaddebcead5fab63f14962de579f59726e74d8395a608" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-browser" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-node", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-node@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-node@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f46fc1895de713d346daa124372227aede4de667b198f30d739a0f29768818ac6bd625e2dc21c96a93681b906e0ad03681196aceeafeabdb48b02057c362b98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-node" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@smithy", + "version": "2.0.1", + "bom-ref": "@smithy/util-endpoints@2.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-endpoints@2.0.1#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6514f45423a72a556885fa0004c73c956790a3f24416e3d672d7cd4578131dbc8e56cb0c38b60550d5ae931c621d119502157e9f773490f5becd4a9c92354f10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-middleware", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-middleware@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-middleware@3.0.0#packages/util-middleware", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-middleware", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-middleware", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab921374e9d5da95c74950e7296af08123530c100c1cba6d144d3bb9aff94f2e56275d5bbebd2f9366bb6a0bbba9186b085450967a39bb70a7794e4410b2be0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-middleware" + } + ] + }, + { + "type": "library", + "name": "util-retry", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-retry@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared retry utilities to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-retry@3.0.0#packages/util-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9caf7d6ef262ce21affd438a2650ef145e39174d1680f2ca5481947c02be98387354dda16ff4b7dee5b64e5860e4f541a2a63bb4356a2f4ce6bb83b1007828f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-retry" + } + ] + }, + { + "type": "library", + "name": "util-utf8", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-utf8@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-utf8@3.0.0#packages/util-utf8", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-utf8", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-utf8", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad4793d766f1167a656037bcd791976eafe88b11061df44516d71317761d0e2fc968434833a6926182c9c9d1bcdd43732d77912392bc69b61dffc4a9fd033490" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-utf8" + } + ] + }, + { + "type": "library", + "name": "signature-v4", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/signature-v4@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A standalone implementation of the AWS Signature V4 request signing algorithm", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/signature-v4@3.0.0#packages/signature-v4", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/signature-v4", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/signature-v4", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91714e90d5fe0501dedaa9cbc693046824466a9f49ead5062f373703d8dd9fe9c3e0974cc0229327ecc5c10db41a463e9805c66adc93c371dca14951dfd1f098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/signature-v4" + } + ] + }, + { + "type": "library", + "name": "is-array-buffer", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/is-array-buffer@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a function for detecting if an argument is an ArrayBuffer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/is-array-buffer@3.0.0#packages/is-array-buffer", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/is-array-buffer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/is-array-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f85b2ee90e82e114898b2f3563c780a63101e6056d33ea052937df83e8d2bb0b6fa26249ae150906edb34bcc235d2807fe0d4c2845abcf20a14c17ba7256f915" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/is-array-buffer" + } + ] + }, + { + "type": "library", + "name": "util-hex-encoding", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-hex-encoding@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Converts binary buffers to and from lowercase hexadecimal encoding", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-hex-encoding@3.0.0#packages/util-hex-encoding", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-hex-encoding", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-hex-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7859dd8755842b960c518bf2de53e5566618fdf65c404d43f2849fe3521ddaf09e2242895cf7180c2643fb8fb156223a6f55d277bb44face40997cf3e6295a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-hex-encoding" + } + ] + }, + { + "type": "library", + "name": "util-uri-escape", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-uri-escape@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-uri-escape@3.0.0#packages/util-uri-escape", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-uri-escape", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-uri-escape", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ea47ba982e06530fb9d62c179c522e1aaa8970f0c8736bd02ba4d110f3cd4c249214dac13988708ae93772aaacdc0cbcb438f7b5d086384fc72d55db729ee6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-uri-escape" + } + ] + }, + { + "type": "library", + "name": "strnum", + "version": "1.0.5", + "bom-ref": "strnum@1.0.5", + "author": "Amit Gupta", + "description": "Parse String to Number based on configuration", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strnum@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/strnum.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27c6db37228a5e5e6a61c477e9320ef16de6546547ae69b1b1de4f008b46926cb3c09bf26e2c36215ab99ea7748b82d2352901fecc7d5479656df15dafd93524" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strnum" + } + ] + }, + { + "type": "library", + "name": "property-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/property-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/property-provider@3.1.0#packages/property-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/property-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/property-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3dfea1586a75981e9a30a25a31650037e1bcb1780bfb8a0ee2a8effb6512c450f7edde982ade476c67763f7bd104914ac882114f21656dfff0942efa7e70e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/property-provider" + } + ] + }, + { + "type": "library", + "name": "util-stream", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/util-stream@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-stream@3.0.1#packages/util-stream", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5ed534d840b1f31103c23df3a61d398e5f134fd3d7f663145e8e2ecaa4bd054d3f7bd9feccd80df182ca985bee2a00d3daf7d8aff4a9b4857cd154ebc692cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-stream" + } + ] + }, + { + "type": "library", + "name": "credential-provider-imds", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/credential-provider-imds@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/credential-provider-imds@3.1.0#packages/credential-provider-imds", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/credential-provider-imds", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/credential-provider-imds", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab8038777f2ff296189ac7aefe34d2dd9e48df35e510e7b939b8be109ade54a8125725941ce77bff26950a29c2eb4406e0c4720acf7cb5cc411f520c0b46eeed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/credential-provider-imds" + } + ] + }, + { + "type": "library", + "name": "shared-ini-file-loader", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/shared-ini-file-loader@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/shared-ini-file-loader@3.1.0#packages/shared-ini-file-loader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/shared-ini-file-loader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/shared-ini-file-loader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74033bc125f4351dea4cdc8654dfe7c30a440f37d5f53ff700dd9e0011315a675ae55a99292b2394836aa263b98634161aff88224a177ecdeedaf192373f3e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/shared-ini-file-loader" + } + ] + }, + { + "type": "library", + "name": "util-config-provider", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-config-provider@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities package for configuration providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-config-provider@3.0.0#packages/util-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5b8e4e2cd1fc2adc38bf00d2feac2bc930a3396f3010744e52ffa44be4d5e0304c45022e9481030f3a6e723da2163e9afe10e5ca5d1a27277168c4a7f898225" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-config-provider" + } + ] + }, + { + "type": "library", + "name": "bowser", + "version": "2.11.0", + "bom-ref": "bowser@2.11.0", + "author": "Dustin Diaz", + "description": "Lightweight browser detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bowser@2.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/lancedikson/bowser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lancedikson/bowser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lancedikson/bowser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02571a2418bfa6aa8904843c53d31ca5cf62f00ab19fcf1292fe5dfb1057d34e81639bbc3779862c76b92e0a696bb2ff1dfc20c0b819e8d62cf8083ab9498944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bowser" + } + ] + }, + { + "type": "library", + "name": "querystring-builder", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-builder@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-builder@3.0.0#packages/querystring-builder", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d6f058b4373c9f904d13990a610d7af50260436cad35700e02d59ee0830300539443cf9000bff2a6a11c334004b49315cd7ff0f600b4c48302b45367382ed46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-builder" + } + ] + }, + { + "type": "library", + "name": "util-buffer-from", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-buffer-from@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-buffer-from@3.0.0#packages/util-buffer-from", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-buffer-from", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-buffer-from", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6843870a0ab945615b3fe5033ef3e8b76e842478ce0be6d182c7b903c5771524a1a9de44e54378a9cef3930b2f24f3c056c7fbdd0c18707375fe0b7faed2f040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-buffer-from" + } + ] + }, + { + "type": "library", + "name": "service-error-classification", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/service-error-classification@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/service-error-classification@3.0.0#packages/service-error-classification", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/service-error-classification", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/service-error-classification", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc1b01b4e52dd86b277375f6ddec3eaf633bd56c2da477c40c684760748383aab5b7c16b5a1d798d3db90cb6a3155d47f8fa71009ea0a9ef7261e454b2649d14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/service-error-classification" + } + ] + }, + { + "type": "library", + "name": "uuid", + "version": "9.0.1", + "bom-ref": "uuid@9.0.1", + "description": "RFC4122 (v1, v4, and v5) UUIDs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/uuid@9.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/uuidjs/uuid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/uuidjs/uuid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/uuidjs/uuid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fed5e24e96c47d2bc1c9a68c3d3a4ddf896396488708cd7a1dbefd2b42356839536958ca717f5c19369b78cbd875d2874236baa7629d4e073464b5c9017b7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uuid" + } + ] + }, + { + "type": "library", + "name": "querystring-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-parser@3.0.0#packages/querystring-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5331f0b6193450471c578747ccfc929c1cb7e005b0dd5f6522a513c66a3343ec0f0c03bd72c09631f38b7bb57d0366a0358cbbc44f8f6f44ba2bf276dc94b37d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-parser" + } + ] + }, + { + "type": "library", + "name": "client-securityhub", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-securityhub@3.590.0#clients/client-securityhub", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-securityhub", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-securityhub", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-securityhub/-/client-securityhub-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cc0da783606c03b91489ecb6ea697c41b66088bb51a013b0e30dcec6364162dfcd31500d89bb9108bf63959a057c2f7b3f54f245c9baebdde57ee35adba1f92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub" + } + ] + }, + { + "type": "library", + "name": "xlsx", + "group": "@e965", + "version": "0.20.1", + "bom-ref": "@e965/xlsx@0.20.1", + "author": "sheetjs", + "description": "SheetJS Spreadsheet data parser and writer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40e965/xlsx@0.20.1", + "externalReferences": [ + { + "url": "git+https://github.com/e965/sheetjs-npm-publisher.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://git.sheetjs.com/SheetJS/sheetjs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd1bfc34b0751fa6aa43266ddff80b8ddd31919b07fbf588462e181c0c359281123533cf9b35c96cfa8ed8730dec3641d6f9c5d5448ac50f59bd2d12f4baa66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@e965/xlsx" + } + ] + }, + { + "type": "library", + "name": "emass_client", + "group": "@mitre", + "version": "3.10.0", + "bom-ref": "@mitre/emass_client@3.10.0", + "author": "OpenAPI-Generator Contributors", + "description": "OpenAPI client for @mitre/emass_client", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/emass_client@3.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/emass_client.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/emass_client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/emass_client/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/emass_client/-/emass_client-3.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e10952e45a11106c15df5d35d150ad7a8e7d7a76cf08d11405e99a1331c422a5284f08bf4b64a4f7c4d429d31838c0a53f826d363e984cfaad76ae2fe821e705" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client" + } + ] + }, + { + "type": "library", + "name": "follow-redirects", + "version": "1.15.6", + "bom-ref": "follow-redirects@1.15.6", + "author": "Ruben Verborgh", + "description": "HTTP and HTTPS modules that follow redirects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/follow-redirects@1.15.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/follow-redirects/follow-redirects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1637ad9821311a3a948ae7ce0465725a7c7d401a93bc45580495f92e5db4ceacf5f87c87cec84a56fc2b2235df09758ac0a0ebda7d14ce127bec3befaa0aa14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/follow-redirects" + } + ] + }, + { + "type": "library", + "name": "hdf-converters", + "group": "@mitre", + "version": "2.10.8", + "bom-ref": "@mitre/hdf-converters@2.10.8", + "description": "Converter util library used to transform various scan results into HDF format", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/hdf-converters@2.10.8", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/hdf-converters" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@mdi", + "version": "7.4.47", + "bom-ref": "@mdi/js@7.4.47", + "author": "Austin Andrews", + "description": "Dist for Material Design Icons for JS/TypeScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mdi/js@7.4.47", + "externalReferences": [ + { + "url": "git+https://github.com/Templarian/MaterialDesign-JS.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mdi/js/-/js-7.4.47.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28f9cd3ad9b98b6a4c69ba99c69533ee241ffa67eb619c8a099f10373f39733804b7b72e1dc1a8ad67ddcd4316600d120fe6ba1e7e05989f98873cf38e44d9ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mdi/js" + } + ] + }, + { + "type": "library", + "name": "jsonix", + "group": "@mitre", + "version": "3.0.7", + "bom-ref": "@mitre/jsonix@3.0.7", + "author": "Alexey Valikov", + "description": "Jsonix (JSON interfaces for XML) is a JavaScript library which allows converting between XML and JSON structures.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "http://github.com/highsource/jsonix/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/%40mitre/jsonix@3.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mitre/jsonix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/mitre/jsonix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/mitre/jsonix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/jsonix/-/jsonix-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f1a0cd2f6bf46f606a68e8bedc77fdfc4b8d914315cc53d83aeb0bc7d318fcacbd2cbcf60f90718062fcfa1e669d8a53887c859271a6e16aff3059b3ee81cb63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/jsonix" + } + ] + }, + { + "type": "library", + "name": "xmldom", + "group": "@xmldom", + "version": "0.8.10", + "bom-ref": "@xmldom/xmldom@0.8.10", + "description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40xmldom/xmldom@0.8.10", + "externalReferences": [ + { + "url": "git://github.com/xmldom/xmldom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xmldom/xmldom", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xmldom/xmldom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9600b7d3978c68d9290609846deab0d315f93d475733981bd4432d7680ad8ab91288a5612171b6f3cbc1195edcff8e446a1d7f1b14473a142d478d7e1351663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@xmldom/xmldom" + } + ] + }, + { + "type": "library", + "name": "amdefine", + "version": "0.0.4", + "bom-ref": "amdefine@0.0.4", + "author": "James Burke", + "description": "Provide AMD's define() API for declaring modules in the AMD format", + "licenses": [ + { + "license": { + "name": "BSD", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/amdefine@0.0.4", + "externalReferences": [ + { + "url": "http://github.com/jrburke/amdefine.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://registry.npmjs.org/amdefine/-/amdefine-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbdb8d95aaa6f246746d80ee845b759aa3682ccd88e00b12781fba75d74d8927e6465251ab7f0852e36d503e3ec4eccea0f96d387cd2be795282c70c7e99c30e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/amdefine" + } + ] + }, + { + "type": "library", + "name": "xmlhttprequest", + "version": "1.8.0", + "bom-ref": "xmlhttprequest@1.8.0", + "author": "Dan DeFelippi", + "description": "XMLHttpRequest for Node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlhttprequest@1.8.0", + "externalReferences": [ + { + "url": "git://github.com/driverdan/node-XMLHttpRequest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/driverdan/node-XMLHttpRequest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/driverdan/node-XMLHttpRequest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlhttprequest/-/xmlhttprequest-1.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c226fd4d2695504b337f0d7598c7ca1b8cb42a9aeb5e3af64d983ff01a3dbbc2a15f5a4065296c9063d50466db2b518954010ff7ecc3b2f66c9183550b3004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlhttprequest" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "group": "@types", + "version": "1.4.5", + "bom-ref": "@types/csv2json@1.4.5", + "description": "TypeScript definitions for csv2json", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/csv2json@1.4.5#types/csv2json", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/csv2json", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/csv2json/-/csv2json-1.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d79d88c649cffcca76149023a6968d23036bdae7d65ed55c6cd814fb651371ac12af61569ea85a4e4dac2153a6967b4503226b19d3400acdc0ccacf9808a4d38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/csv2json" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "group": "@types", + "version": "1.4.4", + "bom-ref": "@types/pumpify@1.4.4", + "description": "TypeScript definitions for pumpify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pumpify@1.4.4#types/pumpify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pumpify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pumpify/-/pumpify-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9c59b41479c0f4e0c41892334184f99c5083f7ebc6a5a189aa9be22674c280f2b329c51340859003ea0223fac0154c5d43962aab4ffa94a7a686362ffd537b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "group": "@types", + "version": "3.6.4", + "bom-ref": "@types/duplexify@3.6.4", + "description": "TypeScript definitions for duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/duplexify@3.6.4#types/duplexify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/duplexify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/duplexify/-/duplexify-3.6.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e6a154fb1df9dcb708be85ba003325cc68ada5a15208591844099ecd644ca7c25d6289e621bf564681d39c1156b0ca1df3852aa6f45f491787dd5e13df5166" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/duplexify" + } + ] + }, + { + "type": "library", + "name": "node", + "group": "@types", + "version": "20.14.1", + "bom-ref": "@types/node@20.14.1", + "description": "TypeScript definitions for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/node@20.14.1#types/node", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/node/-/node-20.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f633348612efb2b01fc59167ea9a15773cbc90968c1da6d9a6803db40ba431b12f059afe528e96756b25da102d12db5fe1e5427d880e96ff9bd2354e65d3438" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/node" + } + ] + }, + { + "type": "library", + "name": "ms", + "group": "@types", + "version": "0.7.34", + "bom-ref": "@types/ms@0.7.34", + "description": "TypeScript definitions for ms", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/ms@0.7.34#types/ms", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/ms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/ms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c6f7a1b75a9e9a73202026a19ab233836fe69cac8eca96d3e2471cc73d79cfdcd808dbc6e940346fe77a256ea1976df7201796a288798edf1a701294b92ddf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "group": "@types", + "version": "4.2.5", + "bom-ref": "@types/mustache@4.2.5", + "description": "TypeScript definitions for mustache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mustache@4.2.5#types/mustache", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mustache", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mustache", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mustache/-/mustache-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3cbc2256f4c1839f6d1852fff15a5c1afa8ebb72f83aebde36f3e2d0461b59c85174454ffbec9151724f165f82029284ab5df4d7bff835feda439953b4750db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "group": "@types", + "version": "5.3.14", + "bom-ref": "@types/papaparse@5.3.14", + "description": "TypeScript definitions for papaparse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/papaparse@5.3.14#types/papaparse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/papaparse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/papaparse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/papaparse/-/papaparse-5.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f127888415ca6a73a3044f0a7d7fa055e9555ce379ba31f1f456a168b07beb5207d78857bac30ed1de2b64390f9308ae98f88bfff919e7bed4599e473929cf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "group": "@types", + "version": "0.3.12", + "bom-ref": "@types/revalidator@0.3.12", + "description": "TypeScript definitions for revalidator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/revalidator@0.3.12#types/revalidator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/revalidator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/revalidator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/revalidator/-/revalidator-0.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ec0368c77f3ef725a211395a0c0ddff1ee75565c19847434a85c1e324250f3bff342064158d9f30793213a0c6aefa282c30057b9408ea5f56ab44e0768a4cb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/revalidator" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/triple-beam@1.3.5", + "description": "TypeScript definitions for triple-beam", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/triple-beam@1.3.5#types/triple-beam", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/triple-beam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/triple-beam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e966987ac4e144c0a5d7d8abc8c60feffc76395802b5b2157e50c61695a76fd8ab5c8dd48d8138033998ba250a635009b2d1a28e863e32052cccc811c4861363" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/triple-beam" + } + ] + }, + { + "type": "library", + "name": "validator", + "group": "@types", + "version": "13.12.0", + "bom-ref": "@types/validator@13.12.0", + "description": "TypeScript definitions for validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/validator@13.12.0#types/validator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/validator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/validator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c7e392e4ee83c8275455385e8980523a0f2d10a47133ab841e71986f82ec583c3c13f1cf77a6b08ca80b6222db66dfdbe867e0c347eaa436732926630146a6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/validator" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "group": "@types", + "version": "0.4.14", + "bom-ref": "@types/xml2js@0.4.14", + "description": "TypeScript definitions for xml2js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/xml2js@0.4.14#types/xml2js", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/xml2js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/xml2js/-/xml2js-0.4.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e189eb45e9814a15913b6423bd48a7f04480e35ac7fbd9d018b506655ff5203862dd22fd3a1769342fccaee9535aea6d5cac21c7f683c44eeda15d1fff2a485d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/xml2js" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "1.7.2", + "bom-ref": "axios@1.7.2", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@1.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-1.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80f1084e32b6e89a50ee88b78af5789b201cee1de45caaa34e1e9d02ca9e44a09d4814387e5d91f703a0645edbf42b880518223463804cec1d703848b446683" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "compare-versions", + "version": "6.1.0", + "bom-ref": "compare-versions@6.1.0", + "author": "Ole Michelsen", + "description": "Compare semver version strings to find greater, equal or lesser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/compare-versions@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/omichelsen/compare-versions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd6505e1a94bea513a2da59d34a8b49a89fcb76f85450f9f3c691afc30a170e02314afdf32b73096e700c7e6ac7f0c46399020d771b711b82a8bd2ccc47f6b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/compare-versions" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "version": "2.0.2", + "bom-ref": "csv2json@2.0.2", + "author": "Julien Fontanet", + "description": "Stream and CLI to convert CSV to JSON", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/csv2json@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/julien-f/csv2json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/julien-f/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/julien-f/csv2json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv2json/-/csv2json-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61567bd8e7a14acf7e8f694c135d28b2624d1de23475c1e55fea8dabcc5c4744fe46df1668e09c84a884545dc6b0ae0e7f7cff2c4eb8c746dad5ca542e601c97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv2json" + } + ] + }, + { + "type": "library", + "name": "csv-parser", + "version": "2.3.5", + "bom-ref": "csv-parser@2.3.5", + "author": "mafintosh", + "description": "Streaming CSV parser that aims for maximum speed as well as compatibility with the csv-spectrum test suite", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parser@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/csv-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parser/-/csv-parser-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c21e8942e0094dc0bfb912e0f92c7d9554d2a90fc422c595b6cf32b55e6ad56146ac945638739068a0444738222e6c6f62bff0c0c858ece31d07bd6359bb25a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parser" + } + ] + }, + { + "type": "library", + "name": "minimist", + "version": "1.2.8", + "bom-ref": "minimist@1.2.8", + "author": "James Halliday", + "description": "parse argument options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "externalReferences": [ + { + "url": "git://github.com/minimistjs/minimist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/minimistjs/minimist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/minimistjs/minimist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimist" + } + ] + }, + { + "type": "library", + "name": "through2", + "version": "3.0.2", + "bom-ref": "through2@3.0.2", + "author": "Rod Vagg", + "description": "A tiny wrapper around Node.js streams.Transform (Streams2/3) to avoid explicit subclassing noise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through2@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/rvagg/through2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/rvagg/through2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/rvagg/through2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through2/-/through2-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a7683438314c8fd96e99c93e84b0ccea04f65a33f6af83c8aea3e976777402b3427ee916aa90757fdbf94ec034ee7811de27fd8b1bd96b2d6ddde6b58fb9cb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through2" + } + ] + }, + { + "type": "library", + "name": "exec-promise", + "version": "0.7.0", + "bom-ref": "exec-promise@0.7.0", + "author": "Julien Fontanet", + "description": "Testable CLIs with promises", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/exec-promise@0.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/exec-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exec-promise/-/exec-promise-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6b817e065a23cdb0f42b28227c5f754e6ec89d6afe89ad61853209a95362bd4d202ee90f3d27ec98ea4a7fa2d85845727852199e3bc8c18f8e99411af9e1780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exec-promise" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "1.0.2", + "bom-ref": "log-symbols@1.0.2", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: ✔︎ success", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a63eb5b4161d9fc4ecdd05b16fe20d66ea947bda16852cf2761b94891042dfd72fa2690ac31ba71608f8f2e7844761b640b7b5fe96cebdd0ac3ad807565c1cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols" + } + ] + }, + { + "type": "library", + "name": "has-ansi", + "version": "2.0.0", + "bom-ref": "has-ansi@2.0.0", + "author": "Sindre Sorhus", + "description": "Check if a string has ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-ansi@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0bcbc127c0f0502c75f6f866eeeae14ee52caf8fc8c8fea5e15ccd403bfeaf21d039b5b74d34e9f7207af16a588117b66db686b99fec7bbe08a857959cc9cb66" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi" + } + ] + }, + { + "type": "library", + "name": "promise-toolbox", + "version": "0.14.0", + "bom-ref": "promise-toolbox@0.14.0", + "author": "Julien Fontanet", + "description": "Essential utils for promises", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-toolbox@0.14.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/promise-toolbox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/promise-toolbox/-/promise-toolbox-0.14.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "555e655cae255da3c1f6804ee74a297b5a9dd0028df0dde72b5e2362f57dfea1667d95b63f1fdb2633d90678868d770825fe89e58fdca0d809b4f1c3ca2515fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/promise-toolbox" + } + ] + }, + { + "type": "library", + "name": "make-error", + "version": "1.3.6", + "bom-ref": "make-error@1.3.6", + "author": "Julien Fontanet", + "description": "Make your own error types!", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-error@1.3.6", + "externalReferences": [ + { + "url": "git://github.com/JsCommunity/make-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/make-error", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/make-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b3c52194d7bbbcf2a8990842d6a15e94ca24aff49cdc080d6eca379fbe2654f0392d3670901f4d9577f85cf6a62f1244f21d2087bdeb33de31bf0453d825489f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-error" + } + ] + }, + { + "type": "library", + "name": "pump", + "version": "3.0.0", + "bom-ref": "pump@3.0.0", + "author": "Mathias Buus Madsen", + "description": "pipe streams together and close all of them if one of them closes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pump@3.0.0", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pump.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pump#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pump/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f0672fa9dd216cd4fcad77f8d872de30a6fe3d1e2602a9df5195ce5955d93457ef18cefea34790659374d198f2f57edebd4f13f420c64627e58f154d81161c3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pump" + } + ] + }, + { + "type": "library", + "name": "end-of-stream", + "version": "1.4.4", + "bom-ref": "end-of-stream@1.4.4", + "author": "Mathias Buus", + "description": "Call a callback when a readable/writable/duplex stream has completed or failed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/end-of-stream@1.4.4", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/end-of-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faec358a720754f428695b87cd1c97776d6270cf9c9ede02cc3e6b5be342d708ce5124ceb3e4deec53afec084deef4bdc7fa08ca12cfe4f4751fea614001eee5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/end-of-stream" + } + ] + }, + { + "type": "library", + "name": "once", + "version": "1.4.0", + "bom-ref": "once@1.4.0", + "author": "Isaac Z. Schlueter", + "description": "Run a function exactly one time", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/once@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/once.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/once#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/once/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94d689808fb643951140191c7042874d038f697754c67659125413658d0c15402e684a9ed44f8dcaf81dcff688c8d8ba67d3333b976fd47f27e7cfc610ba77fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/once" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "version": "2.0.1", + "bom-ref": "pumpify@2.0.1", + "author": "Mathias Buus", + "description": "Combine an array of streams into a single duplex stream using pump and duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pumpify@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pumpify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pumpify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pumpify/-/pumpify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9bb28e8deee3671ae6bad6a79644b575a8f5752eb3e8182c97339799c484a48942c4cdd5247ee51b940b79c93fea1805e85e1cac57f4d54b5098db097f079303" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "version": "4.1.3", + "bom-ref": "duplexify@4.1.3", + "author": "Mathias Buus", + "description": "Turn a writable and readable stream into a streams2 duplex stream with support for async initialization and streams1/streams2 input", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/duplexify@4.1.3", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/duplexify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/duplexify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "337066061c09459b12c77f25672844e770ac75d83397947bc4624d93b09575d643e82726c0c087f09fbb029ac8ad0287ed3a272b16828dcbf6ed099ffac43ea0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/duplexify" + } + ] + }, + { + "type": "library", + "name": "inherits", + "version": "2.0.4", + "bom-ref": "inherits@2.0.4", + "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/inherits.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inherits#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inherits/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inherits" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "3.6.2", + "bom-ref": "readable-stream@3.6.2", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@3.6.2", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6efec9e20ab6370f959db04447cc71381b66025eaa06e454c7522082e1221bafa5dc2d9058d39c9af442a361e93d3b9c4e0308c6abed497460404bb43d49ca0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "stream-shift", + "version": "1.0.3", + "bom-ref": "stream-shift@1.0.3", + "author": "Mathias Buus", + "description": "Returns the next buffer/object in a stream's readable queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-shift@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/stream-shift.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efa3914740ced68d6194ac136e2fc33371175867f764960ef1c5d7e512709ee9760c4836a32a19ca32cda1033c5acbd988528245f0b53b427b882be27b745999" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-shift" + } + ] + }, + { + "type": "library", + "name": "strip-bom-stream", + "version": "4.0.0", + "bom-ref": "strip-bom-stream@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-stream@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-stream/-/strip-bom-stream-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d00a4ade20241efe966e02c80b0fc9e278701de0d9b01c4822c383fa01e064808be92789d12f5ffd666a7a691af5c8e44f230de6078877a7bc5395861409f771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-stream" + } + ] + }, + { + "type": "library", + "name": "first-chunk-stream", + "version": "3.0.0", + "bom-ref": "first-chunk-stream@3.0.0", + "author": "Sindre Sorhus", + "description": "Transform the first chunk in a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/first-chunk-stream@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/first-chunk-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd46f47886bfd2f1c5d7908639a538153fb2f7b6ae8b95859c83d9d606e5bba3534cc4a668ea83956bfe8621e90c188d08c3bb82f875a298c7bdbbf54078aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/first-chunk-stream" + } + ] + }, + { + "type": "library", + "name": "strip-bom-buf", + "version": "2.0.0", + "bom-ref": "strip-bom-buf@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-buf@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-buf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-buf/-/strip-bom-buf-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80b14d1ee71dea0cdbf2332c9794266774209d4266a7baa7e2e5121cdc045ee980a7b622ce8198c35f595157eeab868139052dca7da4f17fc2c33581ef75b695" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-buf" + } + ] + }, + { + "type": "library", + "name": "is-utf8", + "version": "0.2.1", + "bom-ref": "is-utf8@0.2.1", + "author": "wayfind", + "description": "Detect if a buffer is utf8 encoded.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-utf8@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/wayfind/is-utf8.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wayfind/is-utf8#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wayfind/is-utf8/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "acc60f62f0b3b17cb022c95d80b692a0f970e4f7e807fb2cafb858e292df72876b03933f780af36b56bd5664e234804d323386af53b0f664f2536a3af54e94f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-utf8" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.4.0", + "bom-ref": "fast-xml-parser@4.4.0", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90b6378c5970218c01343a237252ac3400b5dac7c3e8dc16ef8401d82a0d18fbed5718e58987a156e9c1dc7632362fa7e13b75740720c18be6285fd9d7c7e5aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "html-entities", + "version": "2.5.2", + "bom-ref": "html-entities@2.5.2", + "author": "Marat Dulin", + "description": "Fastest HTML entities encode/decode library.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-entities@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mdevils/html-entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mdevils/html-entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdevils/html-entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-entities/-/html-entities-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bffcf491310938159efc2b26aefa666eac79f7147d15c2bf87dfa784d2b3db798911462f58c5c7983e1b8deb45305a8af1c8a1e1aa800997638529ae0156d68" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-entities" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "9.1.0", + "bom-ref": "htmlparser2@9.1.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@9.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e737e0ea61d4a1a7abffded3c671a9c666d1ef326d3f021814c67f1f9b9c4e53d984abedba6d39ca23cadcc81a8b76b40f2571bfba98aa8c1e6847769eb610cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "inspecjs", + "version": "2.10.8", + "bom-ref": "inspecjs@2.10.8", + "description": "Schema definitions, classes on top, and utilities to deal with HDF files", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/inspecjs@2.10.8", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inspecjs/-/inspecjs-2.10.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7254873aba523f31f309f195a81cf5f5fa6162c37032af4b2383ed3d690a45521ee79e1bb2a255b7f49f665859d4be7919ac4ff7e3e49d8b026984338d276109" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inspecjs" + } + ] + }, + { + "type": "library", + "name": "lodash", + "version": "4.17.21", + "bom-ref": "lodash@4.17.21", + "author": "John-David Dalton", + "description": "Lodash modular utilities.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash@4.17.21", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf690311ee7b95e713ba568322e3533f2dd1cb880b189e99d4edef13592b81764daec43e2c54c61d5c558dc5cfb35ecb85b65519e74026ff17675b6f8f916f4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash" + } + ] + }, + { + "type": "library", + "name": "moment", + "version": "2.30.1", + "bom-ref": "moment@2.30.1", + "author": "Iskren Ivov Chernev", + "description": "Parse, validate, manipulate, and display dates", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/moment@2.30.1", + "externalReferences": [ + { + "url": "git+https://github.com/moment/moment.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://momentjs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moment/moment/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b849ad3616c33ab58f152fa176314205fcbd7f6628cb3469c1c97e0eaa42ead697db5173b132d055b315fd6ecfccd497eb1fdb842d73037736510e4dcc7ea1a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/moment" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "version": "4.2.0", + "bom-ref": "mustache@4.2.0", + "author": "mustache.js Authors", + "description": "Logic-less {{mustache}} templates with JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mustache@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/janl/mustache.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/janl/mustache.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/janl/mustache.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef58a9a52cb0ab961beffb5563219b9018206d4f07deee51cf9e9f1fad2318582bf2e1f0c6cf9a48a7aa9a5b885733349b4901ef1423292eaa3df7746f6668a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "version": "5.4.1", + "bom-ref": "papaparse@5.4.1", + "author": "Matthew Holt", + "description": "Fast and powerful CSV parser for the browser that supports web workers and streaming large files. Converts CSV to JSON and JSON to CSV.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/papaparse@5.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/mholt/PapaParse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://papaparse.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mholt/PapaParse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/papaparse/-/papaparse-5.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e2a4cb2026466ef1baf6de95b5e6ebe8eac89beb09deff8c282d93e515fdeba43c8c7bdcb011752cb83efee8af4f464265553e758ffb023980ca1864b7649af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "version": "0.3.1", + "bom-ref": "revalidator@0.3.1", + "author": "Charlie Robbins", + "description": "A cross-browser / node.js validator powered by JSON Schema", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/revalidator@0.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/flatiron/revalidator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flatiron/revalidator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flatiron/revalidator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/revalidator/-/revalidator-0.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2babe370f95e690e9430184b8dda7d40809fb403c5aa8451cab792a09317c0a3050a80ed42595df6211dd3341e20f7f157de026df6a0493bc0d8970a279c1d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/revalidator" + } + ] + }, + { + "type": "library", + "name": "run-script-os", + "version": "1.1.6", + "bom-ref": "run-script-os@1.1.6", + "author": "Charlie Guse", + "description": "run-script-os is a tool that will let you use generic npm script commands that will pass through to os specific commands.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-script-os@1.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/charlesguse/run-script-os.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-script-os/-/run-script-os-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa5e8fd8bce10534c37f32adb3e428e07f785542a9c4a0c5cfa431c7069464dd26c2f8bb2f7969388ec1a8f0aaee58038775cb974769797c1f715222b65ad8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-script-os" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d0080560b1f6a7118681dc81c27482f53b48dd65614d995ee49f974e1b482e4ea6f0c71722428dd347a263d7c6342508153aed85bae0fcd8eff548107ec5db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.4.3", + "bom-ref": "tailwindcss@3.4.3", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bb31424fe7dfdec19b1e091db271fe248e3afe46f882377f59292e963641e52fe4370f75c4ec60b96eb197ead4db611d2d5cd5c668c859a691ec75af391ed0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "group": "@alloc", + "version": "5.2.0", + "bom-ref": "@alloc/quick-lru@5.2.0", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40alloc/quick-lru@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52b700041fb86d4ac5001c1b96e4c8044ad7c2f6ec53f57b4d959f99b8097db930881bb3892f60c5d383532ba279c7dd190f398e094c5ba8ee4b7fb3e53b0a2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@alloc/quick-lru" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "5.0.2", + "bom-ref": "arg@5.0.2", + "author": "Josh Junon", + "description": "Unopinionated, no-frills CLI argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@5.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d88f214e2ca43dcb9ec9bd0e902e8f1d02036ab3087c33544c25875076e4fac5b59280adfa3ff67fbfea7cf3ca4cebd8cc31f4bc5ddf05e88d6443f23d1d41a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "chokidar", + "version": "3.5.3", + "bom-ref": "chokidar@3.5.3", + "author": "Paul Miller", + "description": "Minimal and efficient cross-platform file watching library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/paulmillr/chokidar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/chokidar", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/chokidar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar" + } + ] + }, + { + "type": "library", + "name": "didyoumean", + "version": "1.2.2", + "bom-ref": "didyoumean@1.2.2", + "author": "Dave Porter", + "description": "Match human-quality input to potential matches by edit distance.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/didyoumean@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/dcporter/didyoumean.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "831b727ea320ec62b285099bd39e8aeccdf1b33cbf9b21fcc3e078453f905c142cbc039d7375f29aa0c33c7c750603e0b1d000e522227e89daf3d62d4404c3cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/didyoumean" + } + ] + }, + { + "type": "library", + "name": "dlv", + "version": "1.1.3", + "bom-ref": "dlv@1.1.3", + "author": "Jason Miller", + "description": "Safely get a dot-notated property within an object.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dlv@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/developit/dlv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/developit/dlv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/developit/dlv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87972b728e53ca9c81bc5ee446f16be604ff31b3c3fbd72f9228a4ba6575a81202ee78fc6d0e8504887ed691d78f5ab439241a44e9aa15a9f65f2544248d7c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dlv" + } + ] + }, + { + "type": "library", + "name": "fast-glob", + "version": "3.3.2", + "bom-ref": "fast-glob@3.3.2", + "author": "Denis Malinochkin", + "description": "It's a very fast and efficient glob library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-glob@3.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/mrmlnc/fast-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a17dabb80150c1ffceae3f26ef7ed8e5a7710d03b42c007bfd2e4c9f109d4cd0dde29e81b32215b2ff4942c0136d34aaf0a1d1a4bc081db56550d6adc5dfb53b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob" + } + ] + }, + { + "type": "library", + "name": "fs.stat", + "group": "@nodelib", + "version": "2.0.5", + "bom-ref": "@nodelib/fs.stat@2.0.5", + "description": "Get the status of a file with some features", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.stat@2.0.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "46484f3e9db3aea0c0400ff68cd867ced70f025bfae17761229edaef8e78039a2f23b06e93182decc5fbb9dc00bb7ce0d437293d4d2bcf7555d5279aaaf638f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.stat" + } + ] + }, + { + "type": "library", + "name": "fs.walk", + "group": "@nodelib", + "version": "1.2.8", + "bom-ref": "@nodelib/fs.walk@1.2.8", + "description": "A library for efficiently walking a directory recursively", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.walk@1.2.8#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0607e53196059c810920c28f067041b07a6a1316ddc520ef5a6da6c199a1b05c8a01299f864f2d293f5f396de1a0ecb96287f3521d25765c0b35967ce7a1c4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.walk" + } + ] + }, + { + "type": "library", + "name": "is-glob", + "version": "4.0.3", + "bom-ref": "is-glob@4.0.3", + "author": "Jon Schlinkert", + "description": "Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/is-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/is-glob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/is-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-glob" + } + ] + }, + { + "type": "library", + "name": "merge2", + "version": "1.4.1", + "bom-ref": "merge2@1.4.1", + "description": "Merge multiple streams into one stream in sequence or parallel.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge2@1.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/teambition/merge2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/teambition/merge2", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/teambition/merge2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2aed51203095b827cb5c7d53f2f20d3d35c43065d6f0144aa17bf5999282338e7ff74c60f0b4e098b571b10373bcb4fce97330820e0bfe3f63f9cb4d1924e3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge2" + } + ] + }, + { + "type": "library", + "name": "micromatch", + "version": "4.0.5", + "bom-ref": "micromatch@4.0.5", + "author": "Jon Schlinkert", + "description": "Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/micromatch@4.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/micromatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/micromatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/micromatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0cccbe1117045b6abc6763e8f96357bb0ddce586944858c03b91ac26a7c497b523bed22e14a3ba66b2af708b5dcbdf1dc05236375b60df334874a6904fe68d74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/micromatch" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "6.0.2", + "bom-ref": "glob-parent@6.0.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@6.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f1c08f043a1550816a7a8832feddbd2bf3a7f877a017eb3494e791df078c9d084b972d773915c61e3aefa79c67ed4b84c48eeff5d6bb782893d33206df9afe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "jiti", + "version": "1.21.0", + "bom-ref": "jiti@1.21.0", + "description": "Runtime typescript and ESM support for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jiti@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/unjs/jiti.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/unjs/jiti#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/unjs/jiti/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "805a8021bb8acb2b28ff71b6aa188ed8e33ab2163a10f3ff474fa69036f2b29c4a6b387c0570c2e45885b148e573381d373fef7eb6b475adb2f9a1ebbac2c6fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jiti" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "2.1.0", + "bom-ref": "lilconfig@2.1.0", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad58eb7f187cee5319cb2b107a764f3546839ea0d78781bad78ae1a4e32c85e6a951cfe888556bb9e84d9fa861c5ad7cf440d5212c1ffc9caaaf447eba24a19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "braces", + "version": "3.0.2", + "bom-ref": "braces@3.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/braces@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/braces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/braces", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/braces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/braces" + } + ] + }, + { + "type": "library", + "name": "picomatch", + "version": "2.3.1", + "bom-ref": "picomatch@2.3.1", + "author": "Jon Schlinkert", + "description": "Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/picomatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/picomatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/picomatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picomatch" + } + ] + }, + { + "type": "library", + "name": "normalize-path", + "version": "3.0.0", + "bom-ref": "normalize-path@3.0.0", + "author": "Jon Schlinkert", + "description": "Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/normalize-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-path" + } + ] + }, + { + "type": "library", + "name": "object-hash", + "version": "3.0.0", + "bom-ref": "object-hash@3.0.0", + "author": "Scott Puleo", + "description": "Generate hashes from javascript objects in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-hash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/puleos/object-hash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/puleos/object-hash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/puleos/object-hash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4529fd17af0f8c7f47aad96db129ea602d575e859ef418eee7edb5dd1f7c70d1adb5a83dabdc80393cdd6ecaaf21aeda366e567df059169598af6696ae495603" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-hash" + } + ] + }, + { + "type": "library", + "name": "picocolors", + "version": "1.0.0", + "bom-ref": "picocolors@1.0.0", + "author": "Alexey Raspopov", + "description": "The tiniest and the fastest library for terminal output formatting with ANSI colors", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/picocolors@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexeyraspopov/picocolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5fca0ae84cb947bbaeb38b6e95a130eff324609b415c71e72cb2da3e321b19d03fc3196dac9bc13c0235bb354e5555346de46c5b799e6a06e26bf87c8b6248d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picocolors" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "15.1.0", + "bom-ref": "postcss-import@15.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@15.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "869afe274e41d855585005c778ad58c88dbaec9fdd0c384c53a07a722be6f21498d636099c15f1cca0ca0ecc33266b4b1ebcab8e19c38eaaa9ff8f6df0500b7b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-value-parser", + "version": "4.2.0", + "bom-ref": "postcss-value-parser@4.2.0", + "author": "Bogdan Chadkin", + "description": "Transforms css values and at-rule params into the tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-value-parser@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/postcss-value-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4d342b3abaeadf9156de5c6e12f09153f6dd7d9b8e480a789ff3358b779a0f499e74427c0c7caf87de3bf8d3c7788f0ffb06db6fe5ac52e48887a0b69534779" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-value-parser" + } + ] + }, + { + "type": "library", + "name": "postcss", + "version": "8.4.38", + "bom-ref": "postcss@8.4.38", + "author": "Andrey Sitnik", + "description": "Tool for transforming styles with JS plugins", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss@8.4.38", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://postcss.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a0969764d370527d7907a106b76ffa2e96ba2d024c2b94b0d148e6fd0f46cdf3a15d47213d969a52a77dda1cd3e005ad09282a01f9dac52d9910a1145869ee4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss" + } + ] + }, + { + "type": "library", + "name": "read-cache", + "version": "1.0.0", + "bom-ref": "read-cache@1.0.0", + "author": "Bogdan Chadkin", + "description": "Reads and caches the entire contents of a file until it is modified", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-cache@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/read-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/read-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/read-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b076ffc5b7b2233a09bf8b4c6f3436752eb4403517dec386f6a6b1773963102f12dfbb76d2f055610acad208c2b8951e7a63dc9af804e1a13a43093c429a944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-cache" + } + ] + }, + { + "type": "library", + "name": "pify", + "version": "2.3.0", + "bom-ref": "pify@2.3.0", + "author": "Sindre Sorhus", + "description": "Promisify a callback-style function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9d82c018f9f4e7befee423b69ac5bab058d6f4007881d2a04ef3d3d928f9284e618e81d6eb1c3283fb40765f8b937c9fc54f5474f6bf604ec8d48cd268b6ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pify" + } + ] + }, + { + "type": "library", + "name": "resolve", + "version": "1.22.8", + "bom-ref": "resolve@1.22.8", + "author": "James Halliday", + "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve@1.22.8", + "externalReferences": [ + { + "url": "git://github.com/browserify/resolve.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserify/resolve#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserify/resolve/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a59e3c2c6aa5de8594bbc6575554d31edb90f9a608da25c738cc7f835cce80e741c216ac017e70fb599f98ba9fe45f0f677d8b4b73a4a9c6e98935ebcc88cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve" + } + ] + }, + { + "type": "library", + "name": "postcss-js", + "version": "4.0.1", + "bom-ref": "postcss-js@4.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS for CSS-in-JS and styles in JS objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-js@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7432c5f2910ed7dd6124cb651c53d16bcc6c8b31da33cd8c2df364507754b55115ded813a79a23fbca9b12a60ce7b48b7dcef82926f0fffe1278999ad8b45523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-js" + } + ] + }, + { + "type": "library", + "name": "camelcase-css", + "version": "2.0.1", + "bom-ref": "camelcase-css@2.0.1", + "author": "Steven Vachon", + "description": "Convert a kebab-cased CSS property into a camelCased DOM property.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase-css@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/stevenvachon/camelcase-css.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40e4af7af86c9628e0630471e91bfbcca74c17c95b466c7eb901b1dbebc373e288fde067b32f648ade5a8f6dc0806bb7a5ae2df408306e75d6a92fa2398fb668" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase-css" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "4.0.2", + "bom-ref": "postcss-load-config@4.0.2", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2561c8918bd34c0c5683d4cc05409db1285b2a91c648efeb8b54978dbb48a9cfac436daba849c14a23ae8333d9507e43579d9a2e087eb00fa5a9a2e5556031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "10.9.2", + "bom-ref": "ts-node@10.9.2", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@10.9.2", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://typestrong.org/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f4145a4875c1e09fccdc3d26dfd5d45ebf0b74e3b60c9da889337bb6c3645ec2b07e7e86ffcde3d972b3b24282cc30eeda04875d2dc40810ae5d62390b9c6ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "2.4.3", + "bom-ref": "yaml@2.4.3", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b27b609b18fca3b0c4ee0fd08bad1caa92c10371c6dd24dc0c0d243be59f074e6310a85931b63bba6366dab06942fb26675ebf94f5c22465b6ebbd9d80e524ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.1", + "bom-ref": "postcss-nested@6.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "984a78c4f322e5b49688c6ec8283df70fef896c58b1e441b65cdec63e8d661deb9094c17ad4693a747e63696b4d597044ca94881474537f3294b6c59b6a2fd75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03445526b5fe21491565b5b70a5ae8456bab7ab70586279ebc7077f2caf6fa5f5e50294caa899edcb9849a7865372fb932bd8460de81d8a6b0f7061d77e5478b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-selector-parser" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd36ff25c8cad75d67352706a1be4c36db27b4d3356823540e2a41fd39306458720ebac4e3b48ec7fd7cc05d9b6e381cdd9cc248a5b54f99ede446c5a00cff56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cssesc" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/util-deprecate" + } + ] + }, + { + "type": "library", + "name": "nanoid", + "version": "3.3.7", + "bom-ref": "nanoid@3.3.7", + "author": "Andrey Sitnik", + "description": "A tiny (116 bytes), secure URL-friendly unique string ID generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nanoid@3.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/ai/nanoid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ai/nanoid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ai/nanoid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "792469a6370f21ab5120c0b553a52780ff1715ccfc31058641db75313050ecd6809af5c37ef3716ef595df1db2e8274451c8824ac0c70d065b858681f10128da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nanoid" + } + ] + }, + { + "type": "library", + "name": "source-map-js", + "version": "1.2.0", + "bom-ref": "source-map-js@1.2.0", + "author": "Valentin 7rulnik Semirulnik", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map-js@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/7rulnik/source-map-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad256f25bd20344d71298624686b0b0292c9e57fc4b2be617322196da801e5b9777cf2990277e7172551d30f0742af4233c29b529b4df9207424b54bb541432" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-js" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "847ac88ef66c7ed3acbca4a7d9345897adf3bf1b201342bed2660ca07ea00f8a264792160762b29e2bc141cce8dfec05d5c0a48f3be9b6723d434b0f53aea297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-core-module" + } + ] + }, + { + "type": "library", + "name": "path-parse", + "version": "1.0.7", + "bom-ref": "path-parse@1.0.7", + "author": "Javier Blanco", + "description": "Node.js path.parse() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-parse@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jbgutierrez/path-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c32733d510410f47ecb8f33f7703411dd325dbf29001c865a8fe4e5861d620a58dbfd84b0eb24b09aeaee5387c6bcab54e9f57a31baa00a7c6a1bce2100fcb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-parse" + } + ] + }, + { + "type": "library", + "name": "supports-preserve-symlinks-flag", + "version": "1.0.0", + "bom-ref": "supports-preserve-symlinks-flag@1.0.0", + "author": "Jordan Harband", + "description": "Determine if the current node version supports the `--preserve-symlinks` flag.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/node-supports-preserve-symlinks-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2dd169d74bd7e076480871e3dee911cd935580f3e9ae3dae9c4a3791dd5f0adbbabd041d6b4c4dd1d69ec7bf4cf567201cf2ce95beff0323259febcd4c02dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-preserve-symlinks-flag" + } + ] + }, + { + "type": "library", + "name": "sucrase", + "version": "3.35.0", + "bom-ref": "sucrase@3.35.0", + "author": "Alan Pierce", + "description": "Super-fast alternative to Babel for when you can target modern JS runtimes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sucrase@3.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/alangpierce/sucrase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alangpierce/sucrase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alangpierce/sucrase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f046d50e2bbd88dfe7112c31792c4329ed1dba7b5ad463a51ee7e64925f1303db3dbfb4c6690cca6f5d01ac73e6a31a8f32dae6149a2c5a49151cfd03e843418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase" + } + ] + }, + { + "type": "library", + "name": "gen-mapping", + "group": "@jridgewell", + "version": "0.3.5", + "bom-ref": "@jridgewell/gen-mapping@0.3.5", + "author": "Justin Ridgewell", + "description": "Generate source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/gen-mapping@0.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/gen-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2332fc66810320145613394271184e682ba963237981d20af90e9f6c574f0e0e87a97ea3a6422d9fb0c52295bd2d0cd71ba0dff6c03bf8e2a7ab4aa5cff19a42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/gen-mapping" + } + ] + }, + { + "type": "library", + "name": "set-array", + "group": "@jridgewell", + "version": "1.2.1", + "bom-ref": "@jridgewell/set-array@1.2.1", + "author": "Justin Ridgewell", + "description": "Like a Set, but provides the index of the `key` in the backing array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/set-array@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/set-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/set-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/set-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47c80b45365eca9d37ca6ccfffa2e297fdbcb46786133871d6ada4ef4dca19644023555dbcf217746ef4549736a40330dcd03a24a2f986116ed6c257d0c9e7fc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/set-array" + } + ] + }, + { + "type": "library", + "name": "sourcemap-codec", + "group": "@jridgewell", + "version": "1.4.15", + "bom-ref": "@jridgewell/sourcemap-codec@1.4.15", + "author": "Rich Harris", + "description": "Encode/decode sourcemap mappings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/sourcemap-codec@1.4.15", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/sourcemap-codec.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "785dabc4246e9442971d34620eb0f2e9eacc616a8dc382cf750f14400e21baec5a42c55e44f165da833ca031b130584951665ff4c7292ed25ab030d96ff0697a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/sourcemap-codec" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.25", + "bom-ref": "@jridgewell/trace-mapping@0.3.25", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.25", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bcd93a684c326c6b5ac169b2fcfcf09c60ce8c290b5920f6c2abe3186020380c02196c926177d8a31b74d082644c5fbc2dbe7b0f039bdc06b4a3d080a5ea6261" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cc28352722d7ba6df6f99d6bfb57f71a235ebd38782fc236fb5785a4794bdb410763af9ad62aa1c588a59bfdf70ec01f82cc14fea9b5a3be3f8357046c92922" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8910cf24a50f544343edd1cf3bcae46ce9cfa720f281c0c5b568e9796342832f163f6ad77315cbf13b2445e425e8eac1d86efe509ada82cd6ad7916e75cec6eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cross-spawn" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "377c824bf35e82c381a2473c18074cf147267ec2a2492f1c8a985e0ff9e2bf3afbd341fe9ec30ec498d09efc0e711615b8591d1f4c0652f5b659b5c69ab6466d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jackspeak" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc8dc8da6d76a578e1bd0d0d3e0115d66414df9cfe16340ab3ba224aee5978e009b118abff2763384cf8f18d8df39c109fbc15c5cee726d6dc1dc85c9b16a10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width-cjs" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3128d8cdc58d380d1ec001e9cf4331a5816fc20eb28f2d4d1b7c6d7a8ab3eb8e150a8fd13e09ebd7f186b7e89cde2253cd0f04bb74dd335e126b09d5526184e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf29a6e7ebbeb02b125b20fda8d69e8d5dc316f84229c94a762cd868952e1c0f3744b8dbee74ae1a775d0871afd2193e298ec130096c59e2b851e83a115e9742" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-fullwidth-code-point" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23cf1361959cf578981d1438ff7739ae38df8248e12f25b696e18885e18445b350e8e63bc93c9b6a74a90d765af32ed550ff589837186be7b2ab871aee22ea58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eastasianwidth" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", - "dependsOn": [ - "@smithy/core@2.1.1", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", - "tslib@2.6.3" - ] + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "@smithy/util-endpoints@2.0.1", - "tslib@2.6.3" - ] + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aae2505e54d25062f62c7f52517a3c570b18e2ca1a9e1828e8b3529bce04d4b05c13cb373b4c29762473c91f73fd9649325316bf7eea38e6fda5d26531410a15" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", - "dependsOn": [ - "strnum@1.0.5" - ] + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/node-http-handler@3.0.0", - "@smithy/property-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-stream@3.0.1", - "tslib@2.6.3" - ] + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdb07dac22404f5adb8e25436f686a2851cd60bc60b64f0d511c59dc86700f717a36dc5b5d94029e74a2d4b931f880e885d3e5169db6db05402c885e64941212" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb55648dd0f44012cfa1d1ab2547aa6ab1fc54022f40e0c86f087d5e93f94b28ac7fb628420b0928f345a2aa8b425bbe550fed552b21311ea5a0f327f14f9d3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@pkgjs/parseargs" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2aa5a1f957217f170c3510098e3dad9ec48974d6c7b1582790185336b5bb023568e8ebcbb71c3ccdf4fda0bc35252a21945cc9f230a84e06a85ef27e907b7a7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.10.2", + "bom-ref": "path-scurry@1.10.2", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef14dabcdcb94505e7b2300dbd5bcc9048ef9683a29e4023bff67a225773f6fd918a767848129358539545b685f29d2fa479f28d5fd4c0d0dd2ae52fe8ce6a70" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry" + } + ] + }, + { + "type": "library", + "name": "lines-and-columns", + "version": "1.2.4", + "bom-ref": "lines-and-columns@1.2.4", + "author": "Brian Donovan", + "description": "Maps lines and columns to character offsets and back.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lines-and-columns@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/eventualbuddha/lines-and-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef297295eb1943f3d5dbd8e110397751f8e8e995fb802a89af917b3caaea73ddefedfcd2ca6b75069c0453c9c0517b3cab3cefaa16e384ae50660e8cb7f1e406" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lines-and-columns" + } + ] + }, + { + "type": "library", + "name": "mz", + "version": "2.7.0", + "bom-ref": "mz@2.7.0", + "author": "Jonathan Ong", + "description": "modernize node.js to current ECMAScript standards", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mz@2.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/normalize/mz.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/normalize/mz#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/normalize/mz/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfcd4634eee79d830486b1a1f4b7b29a8138f98af45a7e4c70721930ae5c7d00a5f8d0d7d3cb0266051cf7fe8c1e78bd216b852e6d59dc74c25eedb3f5f37ad9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/mz" + } + ] + }, + { + "type": "library", + "name": "any-promise", + "version": "1.3.0", + "bom-ref": "any-promise@1.3.0", + "author": "Kevin Beaty", + "description": "Resolve any installed ES6 compatible promise", + "licenses": [ { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/any-promise@1.3.0", + "externalReferences": [ { - "ref": "@aws-crypto/sha256-browser@3.0.0", - "dependsOn": [ - "@aws-crypto/ie11-detection@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-crypto/supports-web-crypto@3.0.0", - "@aws-crypto/util@3.0.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-locate-window@3.535.0", - "@aws-sdk/util-utf8-browser@3.259.0", - "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" - ] + "url": "git+https://github.com/kevinbeaty/any-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + "url": "http://github.com/kevinbeaty/any-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-crypto/ie11-detection@3.0.0", - "dependsOn": [ - "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" - ] + "url": "https://github.com/kevinbeaty/any-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" - }, + "url": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed4be629a95646dd708232f546b1b1a12256ff44191487a0a5e1af646f648e9f2fad1bb9e574c76f09eaab61a95e6f6e2db72e8719b722a5fd381e0c651d5bd8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-crypto/sha256-js@3.0.0", - "dependsOn": [ - "@aws-crypto/util@3.0.0", - "@aws-sdk/types@3.577.0", - "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/any-promise" + } + ] + }, + { + "type": "library", + "name": "object-assign", + "version": "4.1.1", + "bom-ref": "object-assign@4.1.1", + "author": "Sindre Sorhus", + "description": "ES2015 `Object.assign()` ponyfill", + "licenses": [ { - "ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "externalReferences": [ { - "ref": "@aws-crypto/supports-web-crypto@3.0.0", - "dependsOn": [ - "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" - ] + "url": "git+https://github.com/sindresorhus/object-assign.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-crypto/util@3.0.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-utf8-browser@3.259.0", - "@aws-crypto/util@3.0.0|tslib@1.14.1" - ] + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-crypto/util@3.0.0|tslib@1.14.1" - }, + "url": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/types@3.577.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/object-assign" + } + ] + }, + { + "type": "library", + "name": "thenify-all", + "version": "1.6.0", + "bom-ref": "thenify-all@1.6.0", + "author": "Jonathan Ong", + "description": "Promisifies all the selected functions in an object", + "licenses": [ { - "ref": "@aws-sdk/util-utf8-browser@3.259.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify-all@1.6.0", + "externalReferences": [ { - "ref": "@aws-sdk/util-locate-window@3.535.0", - "dependsOn": [ - "tslib@2.6.3" - ] + "url": "git+https://github.com/thenables/thenify-all.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "tslib@2.6.3" + "url": "https://github.com/thenables/thenify-all#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/middleware-host-header@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/thenables/thenify-all/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/middleware-logger@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44dc501ffa88f3fb77b615c90f072cb543b8cdeaa8eb8f94cbffac355441c785e7d8e5fe399f683fe8899cd16aa6516b6b665455e28249ada85568b74f8b9598" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/middleware-recursion-detection@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/thenify-all" + } + ] + }, + { + "type": "library", + "name": "thenify", + "version": "3.3.1", + "bom-ref": "thenify@3.3.1", + "author": "Jonathan Ong", + "description": "Promisify a callback-based function", + "licenses": [ { - "ref": "@aws-sdk/util-user-agent-browser@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "bowser@2.11.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify@3.3.1", + "externalReferences": [ { - "ref": "@smithy/config-resolver@3.0.1", - "dependsOn": [ - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/thenables/thenify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@smithy/core@2.1.1", - "dependsOn": [ - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/thenables/thenify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@smithy/fetch-http-handler@3.0.1", - "dependsOn": [ - "@smithy/protocol-http@4.0.0", - "@smithy/querystring-builder@3.0.0", - "@smithy/types@3.0.0", - "@smithy/util-base64@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/thenables/thenify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@smithy/hash-node@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "@smithy/util-buffer-from@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "455652215e481b5d079377a7a2dae1bf3d13f5e9ba7321c12e41ff60066e2aa77c85190a8527c218870fd8a518d043f19ddcc034198d965cd63f06a4f9b85e4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@smithy/invalid-dependency@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/thenify" + } + ] + }, + { + "type": "library", + "name": "pirates", + "version": "4.0.6", + "bom-ref": "pirates@4.0.6", + "author": "Ari Porad", + "description": "Properly hijack require, i.e., properly define require hooks and customizations", + "licenses": [ { - "ref": "@smithy/middleware-content-length@3.0.0", - "dependsOn": [ - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pirates@4.0.6", + "externalReferences": [ { - "ref": "@smithy/middleware-endpoint@3.0.1", - "dependsOn": [ - "@smithy/middleware-serde@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/danez/pirates.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@smithy/middleware-retry@3.0.3", - "dependsOn": [ - "@smithy/node-config-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/service-error-classification@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "tslib@2.6.3", - "uuid@9.0.1" - ] + "url": "https://github.com/danez/pirates#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@smithy/middleware-serde@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/danez/pirates/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@smithy/middleware-stack@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1a2ec1fb59e6183e20f6e4b0ee2d1458fe2fba1da3d8afa1b539494ddfda2dce4493c4a9ee6d1f514f14b7fca939d2cd60d894e01705900d0ca9942e7f48766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@smithy/node-config-provider@3.1.0", - "dependsOn": [ - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/pirates" + } + ] + }, + { + "type": "library", + "name": "ts-interface-checker", + "version": "0.1.13", + "bom-ref": "ts-interface-checker@0.1.13", + "author": "Dmitry S, Grist Labs", + "description": "Runtime library to validate data against TypeScript interfaces", + "licenses": [ { - "ref": "@smithy/node-http-handler@3.0.0", - "dependsOn": [ - "@smithy/abort-controller@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/querystring-builder@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ts-interface-checker@0.1.13", + "externalReferences": [ { - "ref": "@smithy/protocol-http@4.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/gristlabs/ts-interface-checker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@smithy/smithy-client@3.1.1", - "dependsOn": [ - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-stack@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "@smithy/util-stream@3.0.1", - "tslib@2.6.3" - ] + "url": "https://github.com/gristlabs/ts-interface-checker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@smithy/types@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] + "url": "https://github.com/gristlabs/ts-interface-checker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@smithy/url-parser@3.0.0", - "dependsOn": [ - "@smithy/querystring-parser@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63f6abbdb9feaebcf72422a5f42e2454d7d37d29b6fe6129e454b3e44b194803463d2950ae9448e4ce0f285fa6267139da338ef743e73d273752bddb4d0c3480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@smithy/util-base64@3.0.0", - "dependsOn": [ - "@smithy/util-buffer-from@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/ts-interface-checker" + } + ] + }, + { + "type": "library", + "name": "tw-elements", + "version": "1.1.0", + "bom-ref": "tw-elements@1.1.0", + "author": "MDBootstrap", + "licenses": [ { - "ref": "@smithy/util-body-length-browser@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, + "license": { + "name": "AGPL" + } + } + ], + "purl": "pkg:npm/tw-elements@1.1.0", + "externalReferences": [ { - "ref": "@smithy/util-body-length-node@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] + "url": "git+https://github.com/mdbootstrap/Tailwind-Elements.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@smithy/util-defaults-mode-browser@3.0.3", - "dependsOn": [ - "@smithy/property-provider@3.1.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "bowser@2.11.0", - "tslib@2.6.3" - ] + "url": "https://tailwind-elements.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@smithy/util-defaults-mode-node@3.0.3", - "dependsOn": [ - "@smithy/config-resolver@3.0.1", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/mdbootstrap/Tailwind-Elements/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@smithy/util-endpoints@2.0.1", - "dependsOn": [ - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/tw-elements/-/tw-elements-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "214afd616da5f7da13559c6e563420eaba6e0a9a3a559a9b68a19899950d555b2849553f9633e9909018d8f9ff9a8ae55f028f84ff4c4cf3503255a8b2a1cbe3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@smithy/util-middleware@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@popperjs", + "version": "2.11.8", + "bom-ref": "@popperjs/core@2.11.8", + "author": "Federico Zivolo", + "description": "Tooltip and Popover Positioning Engine", + "licenses": [ { - "ref": "@smithy/util-retry@3.0.0", - "dependsOn": [ - "@smithy/service-error-classification@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40popperjs/core@2.11.8", + "externalReferences": [ { - "ref": "@smithy/util-utf8@3.0.0", - "dependsOn": [ - "@smithy/util-buffer-from@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/popperjs/popper-core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@smithy/signature-v4@3.0.0", - "dependsOn": [ - "@smithy/is-array-buffer@3.0.0", - "@smithy/types@3.0.0", - "@smithy/util-hex-encoding@3.0.0", - "@smithy/util-middleware@3.0.0", - "@smithy/util-uri-escape@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/popperjs/popper-core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@smithy/is-array-buffer@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] + "url": "https://github.com/popperjs/popper-core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@smithy/util-hex-encoding@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f5b2dd1a92c0ab9fdb06661a7c18c63006742c6ef016b19017e38a1734dbcb1c6a8039ca15c668d98a886cb7043b4aa2a76d1e3b6a474d8beba57960fcfa0e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@smithy/util-uri-escape@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@popperjs/core" + } + ] + }, + { + "type": "library", + "name": "chart.js", + "version": "3.9.1", + "bom-ref": "chart.js@3.9.1", + "description": "Simple HTML5 charts using the canvas element.", + "licenses": [ { - "ref": "strnum@1.0.5" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chart.js@3.9.1", + "externalReferences": [ { - "ref": "@smithy/property-provider@3.1.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/chartjs/Chart.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@smithy/util-stream@3.0.1", - "dependsOn": [ - "@smithy/fetch-http-handler@3.0.1", - "@smithy/node-http-handler@3.0.0", - "@smithy/types@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-buffer-from@3.0.0", - "@smithy/util-hex-encoding@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "https://www.chartjs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@smithy/credential-provider-imds@3.1.0", - "dependsOn": [ - "@smithy/node-config-provider@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/chartjs/Chart.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@smithy/shared-ini-file-loader@3.1.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/chart.js/-/chart.js-3.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "468d896cb9af83cde05c5e45e2c9e2690fa54db4afd7c13e4c87f670e7a21f522a7763c614eb5e9be0d4b9f319b02270144ef2c0f3a97d7141c114c6abb761eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@smithy/util-config-provider@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/chart.js" + } + ] + }, + { + "type": "library", + "name": "chartjs-plugin-datalabels", + "version": "2.2.0", + "bom-ref": "chartjs-plugin-datalabels@2.2.0", + "description": "Chart.js plugin to display labels on data elements", + "licenses": [ { - "ref": "bowser@2.11.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chartjs-plugin-datalabels@2.2.0", + "externalReferences": [ { - "ref": "@smithy/querystring-builder@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "@smithy/util-uri-escape@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/chartjs/chartjs-plugin-datalabels.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@smithy/util-buffer-from@3.0.0", - "dependsOn": [ - "@smithy/is-array-buffer@3.0.0", - "tslib@2.6.3" - ] + "url": "https://chartjs-plugin-datalabels.netlify.app", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@smithy/service-error-classification@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0" - ] + "url": "https://github.com/chartjs/chartjs-plugin-datalabels/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "uuid@9.0.1" - }, + "url": "https://registry.npmjs.org/chartjs-plugin-datalabels/-/chartjs-plugin-datalabels-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d78654df4947ee7f3da2af80e1b59a24f9c01bc6bb65393b74a7f8f1803332f26342d8eb820e43a64f5ff8b6e3085e9ba71dd10064de2f5dc85e929063246f97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@smithy/querystring-parser@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/chartjs-plugin-datalabels" + } + ] + }, + { + "type": "library", + "name": "deepmerge", + "version": "4.3.1", + "bom-ref": "deepmerge@4.3.1", + "description": "A library for deep (recursive) merging of Javascript objects", + "licenses": [ { - "ref": "@aws-sdk/client-securityhub@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deepmerge@4.3.1", + "externalReferences": [ { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "git://github.com/TehShrike/deepmerge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/TehShrike/deepmerge", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", - "dependsOn": [ - "@smithy/core@2.1.1", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", - "tslib@2.6.3" - ] + "url": "https://github.com/TehShrike/deepmerge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "dependsOn": [ - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dec52a6cc11cefb5eaa5d34eec547246883e796de987e19809b8feacafae63244cbb0b15cb4acc895b4f9fe40994a16f58fff53d8a5aa6a627d0c7b6927167f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/deepmerge" + } + ] + }, + { + "type": "library", + "name": "detect-autofill", + "version": "1.1.4", + "bom-ref": "detect-autofill@1.1.4", + "author": "Matteo Badini", + "description": "Small javascript library to detect and even prevent browsers autofill of form elements. Usefull for implementing floating labels or applying custom logics/styles.", + "licenses": [ { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-autofill@1.1.4", + "externalReferences": [ { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "@smithy/util-endpoints@2.0.1", - "tslib@2.6.3" - ] + "url": "git+https://github.com/matteobad/detect-autofill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/matteobad/detect-autofill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", - "dependsOn": [ - "strnum@1.0.5" - ] + "url": "https://github.com/matteobad/detect-autofill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/detect-autofill/-/detect-autofill-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad081430091fdb7929c00d09810bb0b8b53b9e0419180a5e964a97c652460a3bff8cccfc6a6068fa1b832f1f370a987d600932be56e9d7daf69a82f9115cfbc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/node-http-handler@3.0.0", - "@smithy/property-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-stream@3.0.1", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/detect-autofill" + } + ] + }, + { + "type": "library", + "name": "custom-event-polyfill", + "version": "1.0.7", + "bom-ref": "custom-event-polyfill@1.0.7", + "author": "Evan Krambuhl", + "licenses": [ { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", - "dependsOn": [ - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/custom-event-polyfill@1.0.7", + "externalReferences": [ { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "git+ssh://git@github.com/kumarharsh/custom-event-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "dependsOn": [ - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/kumarharsh/custom-event-polyfill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "dependsOn": [ - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/kumarharsh/custom-event-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/custom-event-polyfill/-/custom-event-polyfill-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c30e47790e4699c5914cf29fb5237c8096f337ad2af5c1bace9621b8c898b08a731937ccff8862fb05394392b25c6139a05126f8cb054273765a52d3ad0bbeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", - "dependsOn": [ - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/custom-event-polyfill" + } + ] + }, + { + "type": "library", + "name": "perfect-scrollbar", + "version": "1.5.5", + "bom-ref": "perfect-scrollbar@1.5.5", + "author": "Hyunje Jun", + "description": "Minimalistic but perfect custom scrollbar plugin", + "licenses": [ { - "ref": "@e965/xlsx@0.20.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/perfect-scrollbar@1.5.5", + "externalReferences": [ { - "ref": "@mitre/emass_client@3.10.0", - "dependsOn": [ - "@mitre/emass_client@3.10.0|axios@0.21.4" - ] + "url": "git+https://github.com/mdbootstrap/perfect-scrollbar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@mitre/emass_client@3.10.0|axios@0.21.4", - "dependsOn": [ - "follow-redirects@1.15.6" - ] + "url": "https://perfectscrollbar.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "follow-redirects@1.15.6" - }, - { - "ref": "@mitre/hdf-converters@2.10.8", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0", - "@e965/xlsx@0.20.1", - "@mdi/js@7.4.47", - "@mitre/jsonix@3.0.7", - "@smithy/node-http-handler@3.0.0", - "@types/csv2json@1.4.5", - "@types/ms@0.7.34", - "@types/mustache@4.2.5", - "@types/papaparse@5.3.14", - "@types/revalidator@0.3.12", - "@types/triple-beam@1.3.5", - "@types/validator@13.12.0", - "@types/xml2js@0.4.14", - "axios@1.7.2", - "compare-versions@6.1.0", - "csv2json@2.0.2", - "fast-xml-parser@4.4.0", - "html-entities@2.5.2", - "htmlparser2@9.1.0", - "inspecjs@2.10.8", - "lodash@4.17.21", - "moment@2.30.1", - "ms@2.1.3", - "mustache@4.2.0", - "papaparse@5.4.1", - "revalidator@0.3.1", - "run-script-os@1.1.6", - "semver@7.6.2", - "tailwindcss@3.4.3", - "tw-elements@1.1.0", - "validator@13.12.0", - "winston@3.13.0", - "xml-formatter@3.6.2", - "xml-parser-xo@4.1.1", - "xml2js@0.6.2", - "yaml@2.4.3" - ] + "url": "https://github.com/mdbootstrap/perfect-scrollbar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mdi/js@7.4.47" - }, + "url": "https://registry.npmjs.org/perfect-scrollbar/-/perfect-scrollbar-1.5.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7736a57eeb723f77bf14ea5d96156bc8de002795c355ab955b1c9b4a42d999a905136b12df2de97382674a9af0f2d1a61ef91a1b911daf94fb2c14d9f96594da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/jsonix@3.0.7", - "dependsOn": [ - "@xmldom/xmldom@0.8.10", - "amdefine@0.0.4", - "xmlhttprequest@1.8.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/perfect-scrollbar" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ { - "ref": "@xmldom/xmldom@0.8.10" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4", + "externalReferences": [ { - "ref": "amdefine@0.0.4" + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "xmlhttprequest@1.8.0" + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@types/csv2json@1.4.5", - "dependsOn": [ - "@types/pumpify@1.4.4" - ] + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@types/pumpify@1.4.4", - "dependsOn": [ - "@types/duplexify@3.6.4", - "@types/node@20.14.1" - ] - }, + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74ecbedc0b96ddadb035b64722e319a537208c6b8b53fb812ffb9b71917d3976c3a3c7dfe0ef32569e417f479f4bcb84a18a39ab8171edd63d3a04065e002c40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@types/duplexify@3.6.4", - "dependsOn": [ - "@types/node@20.14.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "version": "5.1.1", + "bom-ref": "quick-lru@5.1.1", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ { - "ref": "@types/node@20.14.1", - "dependsOn": [ - "undici-types@5.26.5" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/quick-lru@5.1.1", + "externalReferences": [ { - "ref": "@types/ms@0.7.34" + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@types/mustache@4.2.5" + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@types/papaparse@5.3.14", - "dependsOn": [ - "@types/node@20.14.1" - ] + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@types/revalidator@0.3.12" - }, + "url": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5aec802d18d63c31adb7fc3326269d3b901763ef2167cd215697ba3328af82b691116ef9d57dd26e146f1b778b28e60dfbc544bea2dc7f7c1d9ede386784b848" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@types/triple-beam@1.3.5" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/quick-lru" + } + ] + }, + { + "type": "library", + "name": "validator", + "version": "13.12.0", + "bom-ref": "validator@13.12.0", + "author": "Chris O'Hara", + "description": "String validation and sanitization", + "licenses": [ { - "ref": "@types/validator@13.12.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/validator@13.12.0", + "externalReferences": [ { - "ref": "@types/xml2js@0.4.14", - "dependsOn": [ - "@types/node@20.14.1" - ] + "url": "git+https://github.com/validatorjs/validator.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "axios@1.7.2", - "dependsOn": [ - "follow-redirects@1.15.6", - "form-data@4.0.0", - "proxy-from-env@1.1.0" - ] + "url": "https://github.com/validatorjs/validator.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "compare-versions@6.1.0" + "url": "https://github.com/validatorjs/validator.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "csv2json@2.0.2", - "dependsOn": [ - "csv-parser@2.3.5", - "exec-promise@0.7.0", - "minimist@1.2.8", - "promise-toolbox@0.14.0", - "pump@3.0.0", - "pumpify@2.0.1", - "strip-bom-stream@4.0.0", - "through2@3.0.2" - ] - }, + "url": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "73543498288f960753555548248ac1bb136271813eb7fee829e23d3162e3ddf87fbaad8fc61ff779e59b559e0e7065b54d47f9dc0b749e31f0e5231d037b6632" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "csv-parser@2.3.5", - "dependsOn": [ - "minimist@1.2.8", - "through2@3.0.2" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/validator" + } + ] + }, + { + "type": "library", + "name": "winston", + "version": "3.13.0", + "bom-ref": "winston@3.13.0", + "author": "Charlie Robbins", + "description": "A logger for just about everything.", + "licenses": [ { - "ref": "minimist@1.2.8" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston@3.13.0", + "externalReferences": [ { - "ref": "through2@3.0.2", - "dependsOn": [ - "inherits@2.0.4", - "readable-stream@3.6.2" - ] + "url": "git+https://github.com/winstonjs/winston.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "exec-promise@0.7.0", - "dependsOn": [ - "log-symbols@1.0.2" - ] + "url": "https://github.com/winstonjs/winston#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "log-symbols@1.0.2", - "dependsOn": [ - "log-symbols@1.0.2|chalk@1.1.3" - ] + "url": "https://github.com/winstonjs/winston/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "log-symbols@1.0.2|chalk@1.1.3", - "dependsOn": [ - "log-symbols@1.0.2|ansi-styles@2.2.1", - "log-symbols@1.0.2|escape-string-regexp@1.0.5", - "has-ansi@2.0.0", - "log-symbols@1.0.2|strip-ansi@3.0.1", - "log-symbols@1.0.2|supports-color@2.0.0" - ] - }, + "url": "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af089d980d70dd21388f413932e22e7c587224f0431bb36eef5464668af5a76faa1ef25267d1980c0f3503295e41c65b87ff95e878de05d7e74d9266f6b49e41" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "log-symbols@1.0.2|ansi-styles@2.2.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/winston" + } + ] + }, + { + "type": "library", + "name": "xml-formatter", + "version": "3.6.2", + "bom-ref": "xml-formatter@3.6.2", + "author": "Chris Bottin", + "description": "Converts a XML string into a human readable format (pretty print) while respecting the xml:space attribute", + "licenses": [ { - "ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-formatter@3.6.2", + "externalReferences": [ { - "ref": "log-symbols@1.0.2|strip-ansi@3.0.1", - "dependsOn": [ - "log-symbols@1.0.2|ansi-regex@2.1.1" - ] + "url": "git+https://github.com/chrisbottin/xml-formatter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "log-symbols@1.0.2|ansi-regex@2.1.1" + "url": "https://github.com/chrisbottin/xml-formatter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "log-symbols@1.0.2|supports-color@2.0.0" + "url": "https://github.com/chrisbottin/xml-formatter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "has-ansi@2.0.0", - "dependsOn": [ - "has-ansi@2.0.0|ansi-regex@2.1.1" - ] - }, + "url": "https://registry.npmjs.org/xml-formatter/-/xml-formatter-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a75a17af64d3b07df645521ce5d5631c85af2514b654809ecdcc5b39520e193850a8361786617cf527d233fdef9c4e7f6b0a4b93d46c1369ccfe6259851ce1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "has-ansi@2.0.0|ansi-regex@2.1.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/xml-formatter" + } + ] + }, + { + "type": "library", + "name": "xml-parser-xo", + "version": "4.1.1", + "bom-ref": "xml-parser-xo@4.1.1", + "author": "Chris Bottin", + "description": "Parse a XML string into a proprietary syntax tree", + "licenses": [ { - "ref": "promise-toolbox@0.14.0", - "dependsOn": [ - "make-error@1.3.6" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-parser-xo@4.1.1", + "externalReferences": [ { - "ref": "make-error@1.3.6" + "url": "git+https://github.com/chrisbottin/xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "pump@3.0.0", - "dependsOn": [ - "end-of-stream@1.4.4", - "once@1.4.0" - ] + "url": "https://github.com/chrisbottin/xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "end-of-stream@1.4.4", - "dependsOn": [ - "once@1.4.0" - ] + "url": "https://github.com/chrisbottin/xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "once@1.4.0", - "dependsOn": [ - "wrappy@1.0.2" - ] - }, + "url": "https://registry.npmjs.org/xml-parser-xo/-/xml-parser-xo-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a07f6cbdd3e63a7bd20ae61a0fb9e99b547274dcf84349d8657449a0cdb8a1ceef64d17068d2c7dc1716928b85b53e5512488d6893e309d09097527f94e0897" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "pumpify@2.0.1", - "dependsOn": [ - "duplexify@4.1.3", - "inherits@2.0.4", - "pump@3.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/xml-parser-xo" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "version": "0.6.2", + "bom-ref": "xml2js@0.6.2", + "author": "Marek Kubica", + "description": "Simple XML to JavaScript object converter.", + "licenses": [ { - "ref": "duplexify@4.1.3", - "dependsOn": [ - "end-of-stream@1.4.4", - "inherits@2.0.4", - "readable-stream@3.6.2", - "stream-shift@1.0.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml2js@0.6.2", + "externalReferences": [ { - "ref": "inherits@2.0.4" + "url": "git+https://github.com/Leonidas-from-XIV/node-xml2js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "readable-stream@3.6.2", - "dependsOn": [ - "inherits@2.0.4", - "string_decoder@1.3.0", - "util-deprecate@1.0.2" - ] + "url": "https://github.com/Leonidas-from-XIV/node-xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "stream-shift@1.0.3" + "url": "https://github.com/Leonidas-from-XIV/node-xml2js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "strip-bom-stream@4.0.0", - "dependsOn": [ - "first-chunk-stream@3.0.0", - "strip-bom-buf@2.0.0" - ] - }, + "url": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f8ae2787682d445dc112d0ac718f825681a5101c393eab01dc60e0851df8b02b3eed3953cbabb1e3abd74cd5608c87296a3047cfee131c3880a1be8b6265e80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "first-chunk-stream@3.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/xml2js" + } + ] + }, + { + "type": "library", + "name": "heimdall-lite", + "group": "@mitre", + "version": "2.10.9", + "bom-ref": "@mitre/heimdall-lite@2.10.9", + "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.", + "licenses": [ { - "ref": "strip-bom-buf@2.0.0", - "dependsOn": [ - "is-utf8@0.2.1" - ] - }, + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/heimdall-lite@2.10.9", + "externalReferences": [ { - "ref": "is-utf8@0.2.1" + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "fast-xml-parser@4.4.0", - "dependsOn": [ - "strnum@1.0.5" - ] + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "html-entities@2.5.2" + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "htmlparser2@9.1.0", - "dependsOn": [ - "domelementtype@2.3.0", - "domhandler@5.0.3", - "domutils@3.1.0", - "entities@4.5.0" - ] - }, + "url": "https://registry.npmjs.org/@mitre/heimdall-lite/-/heimdall-lite-2.10.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2461c6dd654cc64d0fe72259a9ce9c523f6cc15b5f4dab68a0b6408109cca569420a5f72a47f4d15c350a49f04c5300a91b4c4aa9d260f00155d13e8d4cec663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "inspecjs@2.10.8" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/heimdall-lite" + } + ] + }, + { + "type": "library", + "name": "express", + "version": "4.19.2", + "bom-ref": "express@4.19.2", + "author": "TJ Holowaychuk", + "description": "Fast, unopinionated, minimalist web framework", + "licenses": [ { - "ref": "lodash@4.17.21" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/express@4.19.2", + "externalReferences": [ { - "ref": "moment@2.30.1" + "url": "git+https://github.com/expressjs/express.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "ms@2.1.3" + "url": "http://expressjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "mustache@4.2.0" + "url": "https://github.com/expressjs/express/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "papaparse@5.4.1" - }, + "url": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e53ea7863b13f8438ccee724f098c11c04531df321b743cece503ad16576a4c0f78325f0d8b66767eb9e19d3711bed1c6a538971629ba4572eccb67dd585aaf5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "revalidator@0.3.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/express" + } + ] + }, + { + "type": "library", + "name": "inspec-objects", + "group": "@mitre", + "version": "1.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1", + "author": "The MITRE Security Automation Framework", + "description": "Typescript objects for normalizing between InSpec profiles and XCCDF benchmarks", + "licenses": [ { - "ref": "run-script-os@1.1.6" - }, + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/inspec-objects@1.0.1", + "externalReferences": [ { - "ref": "semver@7.6.2" + "url": "git+https://github.com/mitre/ts-inspec-objects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "tailwindcss@3.4.3", - "dependsOn": [ - "@alloc/quick-lru@5.2.0", - "arg@5.0.2", - "chokidar@3.5.3", - "didyoumean@1.2.2", - "dlv@1.1.3", - "fast-glob@3.3.2", - "glob-parent@6.0.2", - "is-glob@4.0.3", - "jiti@1.21.0", - "lilconfig@2.1.0", - "micromatch@4.0.5", - "normalize-path@3.0.0", - "object-hash@3.0.0", - "picocolors@1.0.0", - "postcss-import@15.1.0", - "postcss-js@4.0.1", - "postcss-load-config@4.0.2", - "postcss-nested@6.0.1", - "postcss-selector-parser@6.0.16", - "postcss@8.4.38", - "resolve@1.22.8", - "sucrase@3.35.0" - ] + "url": "https://github.com/mitre/ts-inspec-objects#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@alloc/quick-lru@5.2.0" + "url": "https://github.com/mitre/ts-inspec-objects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "arg@5.0.2" - }, + "url": "https://registry.npmjs.org/@mitre/inspec-objects/-/inspec-objects-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a7136eb75cf5d4548971c289f5e7466f82a8cf013f3f797022b0b49b04307009b52f45647794525979c232788ae0db3f437334472066b39cea8733e4fcd8038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "chokidar@3.5.3", - "dependsOn": [ - "anymatch@3.1.3", - "braces@3.0.2", - "fsevents@2.3.3", - "chokidar@3.5.3|glob-parent@5.1.2", - "is-binary-path@2.1.0", - "is-glob@4.0.3", - "normalize-path@3.0.0", - "readdirp@3.6.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects" + } + ] + }, + { + "type": "library", + "name": "flat", + "group": "@types", + "version": "5.0.5", + "bom-ref": "@types/flat@5.0.5", + "description": "TypeScript definitions for flat", + "licenses": [ { - "ref": "chokidar@3.5.3|glob-parent@5.1.2", - "dependsOn": [ - "is-glob@4.0.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/flat@5.0.5#types/flat", + "externalReferences": [ { - "ref": "didyoumean@1.2.2" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/flat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "dlv@1.1.3" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "fast-glob@3.3.2", - "dependsOn": [ - "@nodelib/fs.stat@2.0.5", - "@nodelib/fs.walk@1.2.8", - "fast-glob@3.3.2|glob-parent@5.1.2", - "merge2@1.4.1", - "micromatch@4.0.5" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "fast-glob@3.3.2|glob-parent@5.1.2", - "dependsOn": [ - "is-glob@4.0.3" - ] - }, + "url": "https://registry.npmjs.org/@types/flat/-/flat-5.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cf2e58d940a4a769ce77283503ceecdd45f188d130dbe6a3eb6fe4ab43237732d750ace9c6b0a9e21cdd62619b0910121542f7bde18ea0373db6b2021266af9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@nodelib/fs.stat@2.0.5" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "group": "@types", + "version": "1.2.3", + "bom-ref": "@types/he@1.2.3", + "description": "TypeScript definitions for he", + "licenses": [ { - "ref": "@nodelib/fs.walk@1.2.8", - "dependsOn": [ - "@nodelib/fs.scandir@2.1.5", - "fastq@1.17.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/he@1.2.3#types/he", + "externalReferences": [ { - "ref": "is-glob@4.0.3", - "dependsOn": [ - "is-extglob@2.1.1" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/he", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "merge2@1.4.1" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "micromatch@4.0.5", - "dependsOn": [ - "braces@3.0.2", - "picomatch@2.3.1" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "glob-parent@6.0.2", - "dependsOn": [ - "is-glob@4.0.3" - ] - }, + "url": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abaeffab09716e50f3103bf31e1564c1cd60cd55b168dc5ec87501178c4496bbe32f5d4ef98b737bed5f1a904796bfc7f66ca20546945cd9cd3e6047c717c070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "jiti@1.21.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/he" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "group": "@types", + "version": "0.7.0", + "bom-ref": "@types/json-diff@0.7.0", + "description": "TypeScript definitions for json-diff", + "licenses": [ { - "ref": "lilconfig@2.1.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-diff@0.7.0#types/json-diff", + "externalReferences": [ { - "ref": "braces@3.0.2", - "dependsOn": [ - "fill-range@7.0.1" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "picomatch@2.3.1" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "normalize-path@3.0.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "object-hash@3.0.0" - }, + "url": "https://registry.npmjs.org/@types/json-diff/-/json-diff-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db4209aaea461f2c2d21a13a7d2df48b2821ddd56a55dce6b27ad89ff545b916902b12f1fd1187e4af618427dcb55c6037b2b32659c3ee060500eacdc220a0b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "picocolors@1.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-diff" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/jstoxml@2.0.4", + "description": "TypeScript definitions for jstoxml", + "licenses": [ { - "ref": "postcss-import@15.1.0", - "dependsOn": [ - "postcss-value-parser@4.2.0", - "postcss@8.4.38", - "read-cache@1.0.0", - "resolve@1.22.8" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jstoxml@2.0.4#types/jstoxml", + "externalReferences": [ { - "ref": "postcss-value-parser@4.2.0" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jstoxml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "postcss@8.4.38", - "dependsOn": [ - "nanoid@3.3.7", - "picocolors@1.0.0", - "source-map-js@1.2.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "read-cache@1.0.0", - "dependsOn": [ - "pify@2.3.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "pify@2.3.0" - }, + "url": "https://registry.npmjs.org/@types/jstoxml/-/jstoxml-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c750ca76b7c09f254b0ab7caa396ca595a59157af785836785fe4455f022a2350f8577798991f7b12035ed6449c6ff868965109534d9f8eb335d75254850dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "resolve@1.22.8", - "dependsOn": [ - "is-core-module@2.13.1", - "path-parse@1.0.7", - "supports-preserve-symlinks-flag@1.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jstoxml" + } + ] + }, + { + "type": "library", + "name": "lodash", + "group": "@types", + "version": "4.17.4", + "bom-ref": "@types/lodash@4.17.4", + "description": "TypeScript definitions for lodash", + "licenses": [ { - "ref": "postcss-js@4.0.1", - "dependsOn": [ - "camelcase-css@2.0.1", - "postcss@8.4.38" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/lodash@4.17.4#types/lodash", + "externalReferences": [ { - "ref": "camelcase-css@2.0.1" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/lodash", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "postcss-load-config@4.0.2", - "dependsOn": [ - "postcss-load-config@4.0.2|lilconfig@3.1.1", - "postcss@8.4.38", - "ts-node@10.9.2", - "yaml@2.4.3" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "postcss-load-config@4.0.2|lilconfig@3.1.1" - }, - { - "ref": "ts-node@10.9.2", - "dependsOn": [ - "@cspotcode/source-map-support@0.8.1", - "@tsconfig/node10@1.0.11", - "@tsconfig/node12@1.0.11", - "@tsconfig/node14@1.0.3", - "@tsconfig/node16@1.0.4", - "@types/node@20.14.1", - "acorn-walk@8.3.2", - "acorn@8.11.3", - "ts-node@10.9.2|arg@4.1.3", - "create-require@1.1.1", - "diff@4.0.2", - "make-error@1.3.6", - "typescript@5.1.6", - "v8-compile-cache-lib@3.0.1", - "yn@3.1.1" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "ts-node@10.9.2|arg@4.1.3" - }, + "url": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1808fdba64bc5a4f7477f6488ddbe1dc278913777535c1a23f718ee2bd662a14fea95b764da6f8ba59de8f1d9c7b4ffb7ccf4be5917320dd060b6bb0d9fc825" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "yaml@2.4.3" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/lodash" + } + ] + }, + { + "type": "library", + "name": "pretty", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/pretty@2.0.3", + "description": "TypeScript definitions for pretty", + "licenses": [ { - "ref": "postcss-nested@6.0.1", - "dependsOn": [ - "postcss-selector-parser@6.0.16", - "postcss@8.4.38" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pretty@2.0.3#types/pretty", + "externalReferences": [ { - "ref": "postcss-selector-parser@6.0.16", - "dependsOn": [ - "cssesc@3.0.0", - "util-deprecate@1.0.2" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pretty", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "cssesc@3.0.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "util-deprecate@1.0.2" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "nanoid@3.3.7" - }, + "url": "https://registry.npmjs.org/@types/pretty/-/pretty-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c51f7aa5284d96bc4b777819ab30a76da0266d88624588d6e750831637a4b597a6aa9059040024330c66e2006b6893ffc5280a72c4212d77655cec03356a3855" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "source-map-js@1.2.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pretty" + } + ] + }, + { + "type": "library", + "name": "flat", + "version": "5.0.2", + "bom-ref": "flat@5.0.2", + "author": "Hugh Kennedy", + "description": "Take a nested Javascript object and flatten it, or unflatten an object with delimited keys", + "licenses": [ { - "ref": "is-core-module@2.13.1", - "dependsOn": [ - "hasown@2.0.2" - ] - }, + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/flat@5.0.2", + "externalReferences": [ { - "ref": "path-parse@1.0.7" + "url": "git://github.com/hughsk/flat.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "supports-preserve-symlinks-flag@1.0.0" + "url": "https://github.com/hughsk/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "sucrase@3.35.0", - "dependsOn": [ - "@jridgewell/gen-mapping@0.3.5", - "sucrase@3.35.0|commander@4.1.1", - "sucrase@3.35.0|glob@10.3.12", - "lines-and-columns@1.2.4", - "mz@2.7.0", - "pirates@4.0.6", - "ts-interface-checker@0.1.13" - ] + "url": "https://github.com/hughsk/flat/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "sucrase@3.35.0|commander@4.1.1" - }, + "url": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fab2e103fb9ff7ad3a5405d1b582ea4897c30f14200c034417c269632e1bc250a714bdd138816932f73a6e1827171ceb33e09f703c6356aba38aa66233cf785" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "sucrase@3.35.0|glob@10.3.12", - "dependsOn": [ - "foreground-child@3.1.1", - "jackspeak@2.3.6", - "minimatch@9.0.4", - "sucrase@3.35.0|minipass@7.0.4", - "path-scurry@1.10.2" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "version": "1.2.0", + "bom-ref": "he@1.2.0", + "author": "Mathias Bynens", + "description": "A robust HTML entities encoder/decoder with full Unicode support.", + "licenses": [ { - "ref": "sucrase@3.35.0|minipass@7.0.4" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/he@1.2.0", + "externalReferences": [ { - "ref": "@jridgewell/gen-mapping@0.3.5", - "dependsOn": [ - "@jridgewell/set-array@1.2.1", - "@jridgewell/sourcemap-codec@1.4.15", - "@jridgewell/trace-mapping@0.3.25" - ] + "url": "git+https://github.com/mathiasbynens/he.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@jridgewell/set-array@1.2.1" + "url": "https://mths.be/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@jridgewell/sourcemap-codec@1.4.15" + "url": "https://github.com/mathiasbynens/he/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@jridgewell/trace-mapping@0.3.25", - "dependsOn": [ - "@jridgewell/resolve-uri@3.1.2", - "@jridgewell/sourcemap-codec@1.4.15" - ] - }, + "url": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17fd439d418fa29391662d278be0afac28074391721001d12d2029b9858c9ab6d2c28376327ffb93e1a5dfc8099d1ef2c83664e962d7c221a877524e58d0ca1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "foreground-child@3.1.1", - "dependsOn": [ - "cross-spawn@7.0.3", - "foreground-child@3.1.1|signal-exit@4.1.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/he" + } + ] + }, + { + "type": "library", + "name": "domelementtype", + "version": "2.3.0", + "bom-ref": "domelementtype@2.3.0", + "author": "Felix Boehm", + "description": "all the types of nodes in htmlparser2's dom", + "licenses": [ { - "ref": "foreground-child@3.1.1|signal-exit@4.1.0" - }, + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domelementtype@2.3.0", + "externalReferences": [ { - "ref": "cross-spawn@7.0.3", - "dependsOn": [ - "path-key@3.1.1", - "shebang-command@2.0.0", - "which@2.0.2" - ] + "url": "git://github.com/fb55/domelementtype.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "jackspeak@2.3.6", - "dependsOn": [ - "@isaacs/cliui@8.0.2", - "@pkgjs/parseargs@0.11.0" - ] + "url": "https://github.com/fb55/domelementtype#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@isaacs/cliui@8.0.2", - "dependsOn": [ - "string-width@4.2.3", - "@isaacs/cliui@8.0.2|string-width@5.1.2", - "BomRef.5h3h9846p8.g5nk6qdc128", - "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", - "wrap-ansi@7.0.0", - "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0" - ] + "url": "https://github.com/fb55/domelementtype/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", - "dependsOn": [ - "eastasianwidth@0.2.0", - "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", - "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" - ] - }, + "url": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38b113063eb0d0eb1a801c1d5e73dd37472731f17da2937af5ca3eed9adb7cf1ab7693d5341523d36b298ba07537bc0284b4223e7e02487ff326f5f0e7a8261f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/domelementtype" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "4.1.2", + "bom-ref": "chalk@4.1.2", + "description": "Terminal string styling done right", + "licenses": [ { - "ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", - "dependsOn": [ - "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@4.1.2", + "externalReferences": [ { - "ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", - "dependsOn": [ - "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", - "@isaacs/cliui@8.0.2|string-width@5.1.2", - "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" - ] + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1" + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "string-width@4.2.3", - "dependsOn": [ - "emoji-regex@8.0.0", - "is-fullwidth-code-point@3.0.0", - "strip-ansi@6.0.1" - ] - }, + "url": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a9db845c91217a54b9ecfc881326c846b89db8f820e432ba173fc32f6463bfd654f73020ef5503aebc3eef1190eefed06efa48b44e7b2c3d0a9434eb58b898" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "emoji-regex@8.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "3.0.0", + "bom-ref": "slash@3.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ { - "ref": "is-fullwidth-code-point@3.0.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@3.0.0", + "externalReferences": [ { - "ref": "strip-ansi@6.0.1", - "dependsOn": [ - "ansi-regex@5.0.1" - ] + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "eastasianwidth@0.2.0" + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "BomRef.5h3h9846p8.g5nk6qdc128", - "dependsOn": [ - "ansi-regex@5.0.1" - ] + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "ansi-regex@5.0.1" - }, + "url": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83d43585a79bcb7e8e492b706f89ed08618668ab1a5528d0ebc7c1c6841cbad9797d2d6fb98d7c1f7c12b778c5c85b6b931f8acf45751bce40e0cc80743322d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "wrap-ansi@7.0.0", - "dependsOn": [ - "ansi-styles@4.3.0", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/slash" + } + ] + }, + { + "type": "library", + "name": "v8-coverage", + "group": "@bcoe", + "version": "0.2.3", + "bom-ref": "@bcoe/v8-coverage@0.2.3", + "author": "Charles Samborski", + "description": "Helper functions for V8 coverage files.", + "licenses": [ { - "ref": "ansi-styles@4.3.0", - "dependsOn": [ - "color-convert@2.0.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40bcoe/v8-coverage@0.2.3", + "externalReferences": [ { - "ref": "BomRef.5hrhe0lu5jo.6brcifutiug", - "dependsOn": [ - "emoji-regex@8.0.0", - "is-fullwidth-code-point@3.0.0", - "strip-ansi@6.0.1" - ] + "url": "git://github.com/demurgos/v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@pkgjs/parseargs@0.11.0" + "url": "https://demurgos.github.io/v8-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "minimatch@9.0.4", - "dependsOn": [ - "brace-expansion@2.0.1" - ] + "url": "https://github.com/demurgos/v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "path-scurry@1.10.2", - "dependsOn": [ - "path-scurry@1.10.2|lru-cache@10.2.0", - "path-scurry@1.10.2|minipass@7.0.4" - ] - }, + "url": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21610f120780dbe73bd90786b174c1c6c046908e467316342237d2d562f2050769d25075bdb58a715ab88fad60c0488c626976b1f3744470bc6e49d9c63d9b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "path-scurry@1.10.2|lru-cache@10.2.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@bcoe/v8-coverage" + } + ] + }, + { + "type": "library", + "name": "collect-v8-coverage", + "version": "1.0.2", + "bom-ref": "collect-v8-coverage@1.0.2", + "licenses": [ { - "ref": "path-scurry@1.10.2|minipass@7.0.4" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/collect-v8-coverage@1.0.2", + "externalReferences": [ { - "ref": "lines-and-columns@1.2.4" + "url": "git+https://github.com/SimenB/collect-v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "mz@2.7.0", - "dependsOn": [ - "any-promise@1.3.0", - "object-assign@4.1.1", - "thenify-all@1.6.0" - ] + "url": "https://github.com/SimenB/collect-v8-coverage#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "any-promise@1.3.0" + "url": "https://github.com/SimenB/collect-v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "object-assign@4.1.1" - }, + "url": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "947978779fce3446cb949bda24db6c17f2f3f96bc1d3bbb6c9ca9361b76babb532a435da8a5112e2f6a561bd9e5a2245c599559a919e91faa8c50873c85753e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "thenify-all@1.6.0", - "dependsOn": [ - "thenify@3.3.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/collect-v8-coverage" + } + ] + }, + { + "type": "library", + "name": "exit", + "version": "0.1.2", + "bom-ref": "exit@0.1.2", + "author": "\"Cowboy\" Ben Alman", + "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", + "licenses": [ { - "ref": "thenify@3.3.1", - "dependsOn": [ - "any-promise@1.3.0" - ] - }, + "license": { + "id": "MIT", + "url": "https://github.com/cowboy/node-exit/blob/master/LICENSE-MIT" + } + } + ], + "purl": "pkg:npm/exit@0.1.2", + "externalReferences": [ { - "ref": "pirates@4.0.6" + "url": "git://github.com/cowboy/node-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "ts-interface-checker@0.1.13" + "url": "https://github.com/cowboy/node-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "tw-elements@1.1.0", - "dependsOn": [ - "@popperjs/core@2.11.8", - "chart.js@3.9.1", - "chartjs-plugin-datalabels@2.2.0", - "deepmerge@4.3.1", - "detect-autofill@1.1.4", - "perfect-scrollbar@1.5.5", - "tw-elements@1.1.0|tailwindcss@3.3.0" - ] + "url": "https://github.com/cowboy/node-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "tw-elements@1.1.0|tailwindcss@3.3.0", - "dependsOn": [ - "arg@5.0.2", - "chokidar@3.5.3", - "color-name@1.1.4", - "didyoumean@1.2.2", - "dlv@1.1.3", - "fast-glob@3.3.2", - "glob-parent@6.0.2", - "is-glob@4.0.3", - "jiti@1.21.0", - "lilconfig@2.1.0", - "micromatch@4.0.5", - "normalize-path@3.0.0", - "object-hash@3.0.0", - "picocolors@1.0.0", - "tw-elements@1.1.0|postcss-import@14.1.0", - "postcss-js@4.0.1", - "tw-elements@1.1.0|postcss-load-config@3.1.4", - "tw-elements@1.1.0|postcss-nested@6.0.0", - "postcss-selector-parser@6.0.16", - "postcss-value-parser@4.2.0", - "postcss@8.4.38", - "quick-lru@5.1.1", - "resolve@1.22.8", - "sucrase@3.35.0" - ] - }, + "url": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "664fde34a576cdb8e92b3aec43e9f51baa6855b12b4312742c13895da299d445622f31fe86b2eef5c757238cf0f5d05026c970044a5b4363f5a12ee70f1b3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "tw-elements@1.1.0|postcss-import@14.1.0", - "dependsOn": [ - "postcss-value-parser@4.2.0", - "postcss@8.4.38", - "read-cache@1.0.0", - "resolve@1.22.8" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/exit" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "7.2.3", + "bom-ref": "glob@7.2.3", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ { - "ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", - "dependsOn": [ - "lilconfig@2.1.0", - "postcss@8.4.38", - "ts-node@10.9.2", - "tw-elements@1.1.0|yaml@1.10.2" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@7.2.3", + "externalReferences": [ { - "ref": "tw-elements@1.1.0|yaml@1.10.2" + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "tw-elements@1.1.0|postcss-nested@6.0.0", - "dependsOn": [ - "postcss-selector-parser@6.0.16", - "postcss@8.4.38" - ] + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@popperjs/core@2.11.8" + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "chart.js@3.9.1" - }, + "url": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c5474ccba54d9809a471c28089bcbe94bc21f6245c85548bf04cbb087f6d40b8794cb240358614dd93e2e5609b4e958b7dbfa76fb330f604646a04bfa240af5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "chartjs-plugin-datalabels@2.2.0", - "dependsOn": [ - "chart.js@3.9.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ { - "ref": "deepmerge@4.3.1" - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11", + "externalReferences": [ { - "ref": "detect-autofill@1.1.4", - "dependsOn": [ - "custom-event-polyfill@1.0.7" - ] + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "custom-event-polyfill@1.0.7" + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "perfect-scrollbar@1.5.5" + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "color-name@1.1.4" - }, + "url": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45b279fe398570d342703579a3d7939c12c9fc7b33595d0fef76dcf857f89d2feb263f98692e881b288e2f45680585fe9755ab97793ade1fcaac7fa7849d17bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "quick-lru@5.1.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "version": "3.2.2", + "bom-ref": "istanbul-lib-coverage@3.2.2", + "author": "Krishnan Anantheswaran", + "description": "Data library for istanbul coverage objects", + "licenses": [ { - "ref": "validator@13.12.0" - }, + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-coverage@3.2.2#packages/istanbul-lib-coverage", + "externalReferences": [ { - "ref": "winston@3.13.0", - "dependsOn": [ - "@colors/colors@1.6.0", - "@dabh/diagnostics@2.0.3", - "async@3.2.5", - "is-stream@2.0.1", - "logform@2.6.0", - "one-time@1.0.0", - "readable-stream@3.6.2", - "safe-stable-stringify@2.4.3", - "stack-trace@0.0.10", - "triple-beam@1.4.1", - "winston-transport@4.7.0" - ] + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "xml-formatter@3.6.2", - "dependsOn": [ - "xml-parser-xo@4.1.1" - ] + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "xml-parser-xo@4.1.1" + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "xml2js@0.6.2", - "dependsOn": [ - "sax@1.2.1", - "xmlbuilder@11.0.1" - ] - }, + "url": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc769b05fabd1657ff0c35129f9e6aed09686e2a3c6bab6c3e8e9cc12f95192938b62de5569d63a6591c4595eb0938d99cfb02c01af29064439a9e4a342c54e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/heimdall-lite@2.10.9", - "dependsOn": [ - "express@4.19.2" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/core@7.24.4", + "author": "The Babel Team", + "description": "Babel compiler core.", + "licenses": [ { - "ref": "express@4.19.2", - "dependsOn": [ - "accepts@1.3.8", - "array-flatten@1.1.1", - "body-parser@1.20.2", - "content-disposition@0.5.4", - "content-type@1.0.5", - "cookie-signature@1.0.6", - "cookie@0.6.0", - "express@4.19.2|debug@2.6.9", - "depd@2.0.0", - "encodeurl@1.0.2", - "escape-html@1.0.3", - "etag@1.8.1", - "finalhandler@1.2.0", - "fresh@0.5.2", - "http-errors@2.0.0", - "merge-descriptors@1.0.1", - "methods@1.1.2", - "on-finished@2.4.1", - "parseurl@1.3.3", - "path-to-regexp@0.1.7", - "proxy-addr@2.0.7", - "qs@6.11.0", - "range-parser@1.2.1", - "safe-buffer@5.2.1", - "send@0.18.0", - "serve-static@1.15.0", - "setprototypeof@1.2.0", - "statuses@2.0.1", - "type-is@1.6.18", - "utils-merge@1.0.1", - "vary@1.1.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/core@7.24.4#packages/babel-core", + "externalReferences": [ { - "ref": "express@4.19.2|debug@2.6.9", - "dependsOn": [ - "express@4.19.2|ms@2.0.0" - ] + "url": "git+https://github.com/babel/babel.git#packages/babel-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "express@4.19.2|ms@2.0.0" - }, - { - "ref": "@mitre/inspec-objects@1.0.1", - "dependsOn": [ - "@types/flat@5.0.5", - "@types/he@1.2.3", - "@types/json-diff@0.7.0", - "@types/jstoxml@2.0.4", - "@types/lodash@4.17.4", - "@types/mustache@4.2.5", - "@types/pretty@2.0.3", - "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", - "flat@5.0.2", - "he@1.2.0", - "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", - "inspecjs@2.10.8", - "@mitre/inspec-objects@1.0.1|jest@28.1.3", - "json-diff@0.9.1", - "jstoxml@3.2.10", - "lodash@4.17.21", - "mustache@4.2.0", - "pretty@2.0.0", - "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", - "@mitre/inspec-objects@1.0.1|typescript@4.9.5", - "winston@3.13.0", - "@mitre/inspec-objects@1.0.1|yaml@1.10.2" - ] + "url": "https://babel.dev/docs/en/next/babel-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", - "dependsOn": [ - "strnum@1.0.5" - ] + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20core%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", - "dependsOn": [ - "domelementtype@2.3.0", - "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", - "@mitre/inspec-objects@1.0.1|domutils@2.8.0", - "@mitre/inspec-objects@1.0.1|entities@3.0.1" - ] - }, + "url": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3015653173fe924979dfde1104b4b1c64fe22d37951ae5d35777080d76af3e930caa74a7b7a6a92a06a7fd4f0edd44966425994ff4db81f12929ae2e3203780e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", - "dependsOn": [ - "domelementtype@2.3.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/parser@7.24.4", + "author": "The Babel Team", + "description": "A JavaScript parser", + "licenses": [ { - "ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", - "domelementtype@2.3.0", - "@mitre/inspec-objects@1.0.1|domhandler@4.3.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/parser@7.24.4#packages/babel-parser", + "externalReferences": [ { - "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", - "dependsOn": [ - "domelementtype@2.3.0", - "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", - "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" - ] + "url": "git+https://github.com/babel/babel.git#packages/babel-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + "url": "https://babel.dev/docs/en/next/babel-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1" + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A+parser+%28babylon%29%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "import-local@3.1.0", - "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3" - ] - }, + "url": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd3bc405c82199e0666bd4081ae9d67afbc1029e3f42ef4176afb69343ade1f54c0fabf776c0bd58e71148a93bb5147204cff9df228c264a3dc4e6ad1900304a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "ansi-escapes@4.3.2", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", - "exit@0.1.2", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", - "micromatch@4.0.5", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "rimraf@3.0.2", - "slash@3.0.0", - "strip-ansi@6.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/parser" + } + ] + }, + { + "type": "library", + "name": "schema", + "group": "@istanbuljs", + "version": "0.1.3", + "bom-ref": "@istanbuljs/schema@0.1.3", + "author": "Corey Farrell", + "description": "Schemas describing various structures used by nyc and istanbuljs", + "licenses": [ { - "ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "slash@3.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/schema@0.1.3", + "externalReferences": [ { - "ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", - "@types/istanbul-lib-coverage@2.0.6", - "@types/istanbul-reports@3.0.4", - "@types/node@20.14.1", - "@types/yargs@17.0.32", - "chalk@4.1.2" - ] + "url": "git+https://github.com/istanbuljs/schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "dependsOn": [ - "@babel/code-frame@7.24.2", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/stack-utils@2.0.3", - "chalk@4.1.2", - "graceful-fs@4.2.11", - "micromatch@4.0.5", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "slash@3.0.0", - "stack-utils@2.0.6" - ] + "url": "https://github.com/istanbuljs/schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", - "graceful-fs@4.2.11", - "picomatch@2.3.1" - ] + "url": "https://github.com/istanbuljs/schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", - "dependsOn": [ - "@bcoe/v8-coverage@0.2.3", - "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@jridgewell/trace-mapping@0.3.25", - "@types/node@20.14.1", - "chalk@4.1.2", - "collect-v8-coverage@1.0.2", - "exit@0.1.2", - "glob@7.2.3", - "graceful-fs@4.2.11", - "istanbul-lib-coverage@3.2.2", - "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", - "istanbul-lib-report@3.0.1", - "istanbul-lib-source-maps@4.0.1", - "istanbul-reports@3.1.7", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", - "slash@3.0.0", - "string-length@4.0.2", - "strip-ansi@6.0.1", - "terminal-link@2.1.1", - "v8-to-istanbul@9.2.0" - ] - }, + "url": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "657458e2336f56049543c0cbdcb4dc6a4680b57c13554c44f3586c96cc83d80b685d6ff05686f5d0790e2755ffa4095c23b0fed98a192a0e5da3c1bfc3a45880" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/istanbul-lib-coverage@2.0.6", - "collect-v8-coverage@1.0.2" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/schema" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "version": "3.0.1", + "bom-ref": "istanbul-lib-report@3.0.1", + "author": "Krishnan Anantheswaran", + "description": "Base reporting library for istanbul", + "licenses": [ { - "ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@jridgewell/trace-mapping@0.3.25", - "babel-plugin-istanbul@6.1.1", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", - "fast-json-stable-stringify@2.1.0", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "micromatch@4.0.5", - "pirates@4.0.6", - "slash@3.0.0", - "write-file-atomic@4.0.2" - ] - }, + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-report@3.0.1#packages/istanbul-lib-report", + "externalReferences": [ { - "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/parser@7.24.4", - "@istanbuljs/schema@0.1.3", - "istanbul-lib-coverage@3.2.2", - "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" - ] + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", - "dependsOn": [ - "@types/node@20.14.1", - "merge-stream@2.0.0", - "supports-color@8.1.1" - ] + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0" - }, + "url": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1827c4d66b6c1c63842c253c7bf67b616ce99b26ebc7ff9d4937cbaef63ca9199a63acd74ca5a7e964088da005c34ebd89c9ba19530d920bb437323888f65437" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/graceful-fs@4.1.9", - "@types/node@20.14.1", - "anymatch@3.1.3", - "fb-watchman@2.0.2", - "fsevents@2.3.3", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", - "micromatch@4.0.5", - "walker@1.0.8" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-source-maps", + "version": "4.0.1", + "bom-ref": "istanbul-lib-source-maps@4.0.1", + "author": "Krishnan Anantheswaran", + "description": "Source maps support for istanbul", + "licenses": [ { - "ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2" - }, + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-source-maps@4.0.1#packages/istanbul-lib-source-maps", + "externalReferences": [ { - "ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0" + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-source-maps", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", - "dependsOn": [ - "execa@5.1.1", - "p-limit@3.1.0" - ] + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", - "deepmerge@4.3.1", - "glob@7.2.3", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", - "micromatch@4.0.5", - "parse-json@5.2.0", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "slash@3.0.0", - "strip-json-comments@3.1.1", - "ts-node@10.9.2" - ] + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "slash@3.0.0" - ] - }, + "url": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f7b3c13091d1482421b704f28162fb248171a8cbcf00473bde8248ad93ad0dc5177096d2ce4da1fb09488c457bf0628ae5d10ef5da212371607e7cafccad657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "@types/babel__core@7.20.5", - "babel-plugin-istanbul@6.1.1", - "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", - "chalk@4.1.2", - "graceful-fs@4.2.11", - "slash@3.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-source-maps" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "version": "3.1.7", + "bom-ref": "istanbul-reports@3.1.7", + "author": "Krishnan Anantheswaran", + "description": "istanbul reports", + "licenses": [ { - "ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "co@4.6.0", - "@mitre/inspec-objects@1.0.1|dedent@0.7.0", - "is-generator-fn@2.1.0", - "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "p-limit@3.1.0", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "slash@3.0.0", - "stack-utils@2.0.6" - ] - }, + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-reports@3.1.7#packages/istanbul-reports", + "externalReferences": [ { - "ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3" - ] + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|expect@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" - ] + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" - ] + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/generator@7.24.4", - "@babel/plugin-syntax-typescript@7.24.1", - "@babel/traverse@7.24.1", - "@babel/types@7.24.0", - "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/babel__traverse@7.20.5", - "@types/prettier@2.7.3", - "babel-preset-current-node-syntax@1.0.1", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|expect@28.1.3", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "natural-compare@1.4.0", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "semver@7.6.2" - ] - }, + "url": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05ec265172267ae464d986343d56f180a032b2f8513d4404d21e5044cfbe9d55b2b9b28657497ca90e68a7cf81d833a6c127badc98af8f406390f4157fc7cfe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "merge-stream", + "version": "2.0.0", + "bom-ref": "merge-stream@2.0.0", + "author": "Stephen Sugden", + "description": "Create a stream that emits events from multiple other streams", + "licenses": [ { - "ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-stream@2.0.0", + "externalReferences": [ { - "ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + "url": "git+https://github.com/grncdr/merge-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", - "ansi-regex@5.0.1", - "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", - "react-is@18.2.0" - ] + "url": "https://github.com/grncdr/merge-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", - "dependsOn": [ - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" - ] + "url": "https://github.com/grncdr/merge-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "chalk@4.1.2", - "cjs-module-lexer@1.2.3", - "collect-v8-coverage@1.0.2", - "execa@5.1.1", - "glob@7.2.3", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "slash@3.0.0", - "strip-bom@4.0.0" - ] - }, + "url": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/merge-stream" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "8.1.1", + "bom-ref": "supports-color@8.1.1", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ { - "ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", - "@types/node@20.14.1", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@8.1.1", + "externalReferences": [ { - "ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1" - ] + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", - "dependsOn": [ - "chalk@4.1.2", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "jest-pnp-resolver@1.2.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", - "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", - "resolve@1.22.8", - "slash@3.0.0" - ] + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|emittery@0.10.2", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", - "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", - "p-limit@3.1.0", - "source-map-support@0.5.13" - ] + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "leven@3.1.0", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" - ] - }, + "url": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3295043763a876d533c6f29097bd9c505ed14391221ec1af4ac546d226bd73945b5862f6088e02ec4a4f4bc513048a659e5cd988db95e7ac3e16e371cb7b72d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "string-length", + "version": "4.0.2", + "bom-ref": "string-length@4.0.2", + "author": "Sindre Sorhus", + "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes", + "licenses": [ { - "ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-length@4.0.2", + "externalReferences": [ { - "ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2" + "url": "git+https://github.com/sindresorhus/string-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", - "dependsOn": [ - "detect-newline@3.1.0" - ] + "url": "https://github.com/sindresorhus/string-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" - ] + "url": "https://github.com/sindresorhus/string-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "ansi-escapes@4.3.2", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|emittery@0.10.2", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "string-length@4.0.2" - ] - }, + "url": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa5eab34de5f607361659cb8d515ec629b428c0d88826ab8106ee4640605408d44d554d76abafa64f5c183a7aaed8e9e2b8144858e80265cae1486ffbff4b455" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/string-length" + } + ] + }, + { + "type": "library", + "name": "terminal-link", + "version": "2.1.1", + "bom-ref": "terminal-link@2.1.1", + "author": "Sindre Sorhus", + "description": "Create clickable links in the terminal", + "licenses": [ { - "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", - "dependsOn": [ - "type-detect@4.0.8" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/terminal-link@2.1.1", + "externalReferences": [ { - "ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3" - ] + "url": "git+https://github.com/sindresorhus/terminal-link.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", - "dependsOn": [ - "@jridgewell/trace-mapping@0.3.25", - "callsites@3.1.0", - "graceful-fs@4.2.11" - ] + "url": "https://github.com/sindresorhus/terminal-link#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" - ] + "url": "https://github.com/sindresorhus/terminal-link/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", - "dependsOn": [ - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" - ] - }, + "url": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d059a245440daf93c9ab2f643fb738d05e4139fa469584ebc689c30a111907ba7367144da7f6edfb29a2cbdfe7a705f26bd287f7d9c9fc65c522252460615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/terminal-link" + } + ] + }, + { + "type": "library", + "name": "ansi-escapes", + "version": "4.3.2", + "bom-ref": "ansi-escapes@4.3.2", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for manipulating the terminal", + "licenses": [ { - "ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-escapes@4.3.2", + "externalReferences": [ { - "ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" - ] + "url": "git+https://github.com/sindresorhus/ansi-escapes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0" + "url": "https://github.com/sindresorhus/ansi-escapes#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + "url": "https://github.com/sindresorhus/ansi-escapes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "chalk@4.1.2", - "exit@0.1.2", - "graceful-fs@4.2.11", - "import-local@3.1.0", - "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", - "prompts@2.4.2", - "yargs@17.7.2" - ] - }, + "url": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80a5e3e402eb29640bb181bd8e54d1991ff12a5bb11d5f99f501303488027ccd7fbb03cc0aecd55678799b04ddf8eb8165cc1220c6eab2c356466d65139d5069" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", - "dependsOn": [ - "@babel/core@7.24.4", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", - "bs-logger@0.2.6", - "fast-json-stable-stringify@2.1.0", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest@28.1.3", - "json5@2.2.3", - "lodash.memoize@4.1.2", - "make-error@1.3.6", - "semver@7.6.2", - "@mitre/inspec-objects@1.0.1|typescript@4.9.5", - "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-escapes" + } + ] + }, + { + "type": "library", + "name": "supports-hyperlinks", + "version": "2.3.0", + "bom-ref": "supports-hyperlinks@2.3.0", + "author": "James Talmage", + "description": "Detect if your terminal emulator supports hyperlinks", + "licenses": [ { - "ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", - "babel-preset-current-node-syntax@1.0.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-hyperlinks@2.3.0", + "externalReferences": [ { - "ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", - "dependsOn": [ - "@babel/template@7.24.0", - "@babel/types@7.24.0", - "@types/babel__core@7.20.5", - "@types/babel__traverse@7.20.5" - ] + "url": "git+https://github.com/jamestalmage/supports-hyperlinks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5" + "url": "https://github.com/jamestalmage/supports-hyperlinks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + "url": "https://github.com/jamestalmage/supports-hyperlinks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2" - }, + "url": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "469b00665a56703c0e3d0036d9a087e09d2decbf09980bec0b17ce484c26edc42cdcbb21377e9069393077bd039c13970d61acb30d9e52873c09a4564f45ee9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@types/flat@5.0.5" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks" + } + ] + }, + { + "type": "library", + "name": "v8-to-istanbul", + "version": "9.2.0", + "bom-ref": "v8-to-istanbul@9.2.0", + "author": "Ben Coe", + "description": "convert from v8 coverage format to istanbul's format", + "licenses": [ { - "ref": "@types/he@1.2.3" - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/v8-to-istanbul@9.2.0", + "externalReferences": [ { - "ref": "@types/json-diff@0.7.0" + "url": "git+https://github.com/istanbuljs/v8-to-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@types/jstoxml@2.0.4" + "url": "https://github.com/istanbuljs/v8-to-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@types/lodash@4.17.4" + "url": "https://github.com/istanbuljs/v8-to-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@types/pretty@2.0.3" - }, + "url": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fc41ffb03831536786c5a8ca7702c20e6438156abe9298b7b829811a9c35c49b67031123943f23f0f122196a4220c22cddc88d0201f47774d3262524633c998c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "flat@5.0.2" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/v8-to-istanbul" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "group": "@types", + "version": "2.0.6", + "bom-ref": "@types/istanbul-lib-coverage@2.0.6", + "description": "TypeScript definitions for istanbul-lib-coverage", + "licenses": [ { - "ref": "he@1.2.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6#types/istanbul-lib-coverage", + "externalReferences": [ { - "ref": "domelementtype@2.3.0" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "chalk@4.1.2", - "dependsOn": [ - "ansi-styles@4.3.0", - "chalk@4.1.2|supports-color@7.2.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "chalk@4.1.2|supports-color@7.2.0", - "dependsOn": [ - "has-flag@4.0.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "slash@3.0.0" - }, + "url": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9017fb7f6ae5a6d25b32f17b4a54f1b5f6fdec48e42525efd81d981f8dbfca0411ce19257e276abf4baef5adcabdb9306b2c05e6669a8989a41b313fb3354d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@bcoe/v8-coverage@0.2.3" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-istanbul", + "version": "6.1.1", + "bom-ref": "babel-plugin-istanbul@6.1.1", + "author": "Thai Pangsakulyanont @dtinth", + "description": "A babel plugin that adds istanbul instrumentation to ES6 code", + "licenses": [ { - "ref": "collect-v8-coverage@1.0.2" - }, + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/babel-plugin-istanbul@6.1.1", + "externalReferences": [ { - "ref": "exit@0.1.2" + "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "glob@7.2.3", - "dependsOn": [ - "fs.realpath@1.0.0", - "inflight@1.0.6", - "inherits@2.0.4", - "glob@7.2.3|minimatch@3.1.2", - "once@1.4.0", - "path-is-absolute@1.0.1" - ] + "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "glob@7.2.3|minimatch@3.1.2", - "dependsOn": [ - "glob@7.2.3|brace-expansion@1.1.11" - ] + "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "glob@7.2.3|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] - }, + "url": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635210a24f7cdb5702f689c2c79a2d8057d19bb2e6f88fb0c313b1ef7f0cfd62cf67d438da6e081b95b414d5fc58b2f6818319a37264b97207d833a958cfaac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "graceful-fs@4.2.11" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul" + } + ] + }, + { + "type": "library", + "name": "fast-json-stable-stringify", + "version": "2.1.0", + "bom-ref": "fast-json-stable-stringify@2.1.0", + "author": "James Halliday", + "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify", + "licenses": [ { - "ref": "istanbul-lib-coverage@3.2.2" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", + "externalReferences": [ { - "ref": "@babel/core@7.24.4", - "dependsOn": [ - "@ampproject/remapping@2.3.0", - "@babel/code-frame@7.24.2", - "@babel/generator@7.24.4", - "@babel/helper-compilation-targets@7.23.6", - "@babel/helper-module-transforms@7.23.3", - "@babel/helpers@7.24.4", - "@babel/parser@7.24.4", - "@babel/template@7.24.0", - "@babel/traverse@7.24.1", - "@babel/types@7.24.0", - "convert-source-map@2.0.0", - "debug@4.3.4", - "gensync@1.0.0-beta.2", - "json5@2.2.3", - "@babel/core@7.24.4|semver@6.3.1" - ] + "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@babel/core@7.24.4|semver@6.3.1" + "url": "https://github.com/epoberezkin/fast-json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@babel/parser@7.24.4" + "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@istanbuljs/schema@0.1.3" - }, + "url": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "istanbul-lib-report@3.0.1", - "dependsOn": [ - "istanbul-lib-coverage@3.2.2", - "make-dir@4.0.0", - "istanbul-lib-report@3.0.1|supports-color@7.2.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/fast-json-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "4.0.2", + "bom-ref": "write-file-atomic@4.0.2", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ { - "ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", - "dependsOn": [ - "has-flag@4.0.0" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@4.0.2", + "externalReferences": [ { - "ref": "istanbul-lib-source-maps@4.0.1", - "dependsOn": [ - "debug@4.3.4", - "istanbul-lib-coverage@3.2.2", - "source-map@0.6.1" - ] + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "istanbul-reports@3.1.7", - "dependsOn": [ - "html-escaper@2.0.2", - "istanbul-lib-report@3.0.1" - ] + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "merge-stream@2.0.0" + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "supports-color@8.1.1", - "dependsOn": [ - "has-flag@4.0.0" - ] - }, + "url": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecac5ab947419927569e6a5a18583ea69363285f2e34baf2f0bcb38dab900ce54e35f14b34aacabd03b167f56e4c8712fe081efd835a85fe512084164d26ab96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "string-length@4.0.2", - "dependsOn": [ - "char-regex@1.0.2", - "strip-ansi@6.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/write-file-atomic" + } + ] + }, + { + "type": "library", + "name": "execa", + "version": "5.1.1", + "bom-ref": "execa@5.1.1", + "author": "Sindre Sorhus", + "description": "Process execution for humans", + "licenses": [ { - "ref": "terminal-link@2.1.1", - "dependsOn": [ - "ansi-escapes@4.3.2", - "supports-hyperlinks@2.3.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/execa@5.1.1", + "externalReferences": [ { - "ref": "ansi-escapes@4.3.2", - "dependsOn": [ - "type-fest@0.21.3" - ] + "url": "git+https://github.com/sindresorhus/execa.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "supports-hyperlinks@2.3.0", - "dependsOn": [ - "has-flag@4.0.0", - "supports-hyperlinks@2.3.0|supports-color@7.2.0" - ] + "url": "https://github.com/sindresorhus/execa#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", - "dependsOn": [ - "has-flag@4.0.0" - ] + "url": "https://github.com/sindresorhus/execa/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "v8-to-istanbul@9.2.0", - "dependsOn": [ - "@jridgewell/trace-mapping@0.3.25", - "@types/istanbul-lib-coverage@2.0.6", - "convert-source-map@2.0.0" - ] - }, + "url": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e4a9659a1c01944100f20420d263dcba3d1f21a2b6595ccdcdbb121e586288e3305327f321cc0cc6941c4d89a9fab4e43ff0b9cc08e091944725edd6f721ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@types/istanbul-lib-coverage@2.0.6" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/execa" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "3.1.0", + "bom-ref": "p-limit@3.1.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ { - "ref": "babel-plugin-istanbul@6.1.1", - "dependsOn": [ - "@babel/helper-plugin-utils@7.24.0", - "@istanbuljs/load-nyc-config@1.1.0", - "@istanbuljs/schema@0.1.3", - "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", - "test-exclude@6.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@3.1.0", + "externalReferences": [ { - "ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/parser@7.24.4", - "@istanbuljs/schema@0.1.3", - "istanbul-lib-coverage@3.2.2", - "babel-plugin-istanbul@6.1.1|semver@6.3.1" - ] + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1" + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "fast-json-stable-stringify@2.1.0" + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "write-file-atomic@4.0.2", - "dependsOn": [ - "imurmurhash@0.1.4", - "signal-exit@3.0.7" - ] - }, + "url": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d839a9ccdf01b0346b193767154d83c0af0e39e319d78f9aa6585d5b12801ce3e714fe897b19587ba1d7af8e9d4534776e1dcdca64c70576ec54e5773ab8945" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "execa@5.1.1", - "dependsOn": [ - "cross-spawn@7.0.3", - "get-stream@6.0.1", - "human-signals@2.1.0", - "is-stream@2.0.1", - "merge-stream@2.0.0", - "npm-run-path@4.0.1", - "onetime@5.1.2", - "signal-exit@3.0.7", - "strip-final-newline@2.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "co", + "version": "4.6.0", + "bom-ref": "co@4.6.0", + "description": "generator async control flow goodness", + "licenses": [ { - "ref": "p-limit@3.1.0", - "dependsOn": [ - "yocto-queue@0.1.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/co@4.6.0", + "externalReferences": [ { - "ref": "co@4.6.0" + "url": "git+https://github.com/tj/co.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "is-generator-fn@2.1.0" + "url": "https://github.com/tj/co#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "stack-utils@2.0.6", - "dependsOn": [ - "stack-utils@2.0.6|escape-string-regexp@2.0.0" - ] + "url": "https://github.com/tj/co/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0" - }, + "url": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4156f474ce47bc6fae6b18ad9bcc0e365ee396dc7c76a85f537dc372ab4e65c2d25482920c32c38bbfb42db00a8b223c843f6ee369b66315d290c1964e169e71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "parse-json@5.2.0", - "dependsOn": [ - "@babel/code-frame@7.24.2", - "error-ex@1.3.2", - "json-parse-even-better-errors@2.3.1", - "lines-and-columns@1.2.4" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/co" + } + ] + }, + { + "type": "library", + "name": "is-generator-fn", + "version": "2.1.0", + "bom-ref": "is-generator-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if something is a generator function", + "licenses": [ { - "ref": "strip-json-comments@3.1.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-generator-fn@2.1.0", + "externalReferences": [ { - "ref": "@types/graceful-fs@4.1.9", - "dependsOn": [ - "@types/node@20.14.1" - ] + "url": "git+https://github.com/sindresorhus/is-generator-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "anymatch@3.1.3", - "dependsOn": [ - "normalize-path@3.0.0", - "picomatch@2.3.1" - ] + "url": "https://github.com/sindresorhus/is-generator-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "fb-watchman@2.0.2", - "dependsOn": [ - "bser@2.1.1" - ] + "url": "https://github.com/sindresorhus/is-generator-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "fsevents@2.3.3" - }, + "url": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "walker@1.0.8", - "dependsOn": [ - "makeerror@1.0.12" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/is-generator-fn" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "version": "2.0.6", + "bom-ref": "stack-utils@2.0.6", + "author": "James Talmage", + "description": "Captures and cleans stack traces", + "licenses": [ { - "ref": "@babel/code-frame@7.24.2", - "dependsOn": [ - "@babel/highlight@7.24.2", - "picocolors@1.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-utils@2.0.6", + "externalReferences": [ { - "ref": "@types/stack-utils@2.0.3" + "url": "git+https://github.com/tapjs/stack-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "jest-pnp-resolver@1.2.3", - "dependsOn": [ - "jest-resolve@29.7.0" - ] + "url": "https://github.com/tapjs/stack-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "detect-newline@3.1.0" + "url": "https://github.com/tapjs/stack-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "source-map-support@0.5.13", - "dependsOn": [ - "buffer-from@1.1.2", - "source-map@0.6.1" - ] - }, + "url": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5916bdf226e919ac5ad349c7ebaab4a2d2f1ea856f1520d19ccb5ea63471a132f65ee1aee5fc2298839e3b0b6afa0182a08247bd53a963bc31a5d885e27745" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "type-detect@4.0.8" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils" + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "5.2.0", + "bom-ref": "parse-json@5.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ { - "ref": "callsites@3.1.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@5.2.0", + "externalReferences": [ { - "ref": "cjs-module-lexer@1.2.3" + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "strip-bom@4.0.0" + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@babel/generator@7.24.4", - "dependsOn": [ - "@babel/types@7.24.0", - "@jridgewell/gen-mapping@0.3.5", - "@jridgewell/trace-mapping@0.3.25", - "@babel/generator@7.24.4|jsesc@2.5.2" - ] + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@babel/generator@7.24.4|jsesc@2.5.2" - }, + "url": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b208abe6fe98421b13a461148233cda20f072df3f1289d2120092c56c43eef7ba8c7820b059787d955004f44d810a0a8ae57fa1d845ac6cd05d9c1b89f0bc46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@babel/plugin-syntax-typescript@7.24.1", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "strip-json-comments", + "version": "3.1.1", + "bom-ref": "strip-json-comments@3.1.1", + "author": "Sindre Sorhus", + "description": "Strip comments from JSON. Lets you use comments in your JSON files!", + "licenses": [ { - "ref": "@babel/traverse@7.24.1", - "dependsOn": [ - "@babel/code-frame@7.24.2", - "@babel/generator@7.24.4", - "@babel/helper-environment-visitor@7.22.20", - "@babel/helper-function-name@7.23.0", - "@babel/helper-hoist-variables@7.22.5", - "@babel/helper-split-export-declaration@7.22.6", - "@babel/parser@7.24.4", - "@babel/types@7.24.0", - "debug@4.3.4", - "@babel/traverse@7.24.1|globals@11.12.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-json-comments@3.1.1", + "externalReferences": [ { - "ref": "@babel/traverse@7.24.1|globals@11.12.0" + "url": "git+https://github.com/sindresorhus/strip-json-comments.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@babel/types@7.24.0", - "dependsOn": [ - "@babel/helper-string-parser@7.24.1", - "@babel/helper-validator-identifier@7.22.20", - "to-fast-properties@2.0.0" - ] + "url": "https://github.com/sindresorhus/strip-json-comments#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@types/babel__traverse@7.20.5", - "dependsOn": [ - "@babel/types@7.24.0" - ] + "url": "https://github.com/sindresorhus/strip-json-comments/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@types/prettier@2.7.3" - }, - { - "ref": "babel-preset-current-node-syntax@1.0.1", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/plugin-syntax-async-generators@7.8.4", - "@babel/plugin-syntax-bigint@7.8.3", - "@babel/plugin-syntax-class-properties@7.12.13", - "@babel/plugin-syntax-import-meta@7.10.4", - "@babel/plugin-syntax-json-strings@7.8.3", - "@babel/plugin-syntax-logical-assignment-operators@7.10.4", - "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", - "@babel/plugin-syntax-numeric-separator@7.10.4", - "@babel/plugin-syntax-object-rest-spread@7.8.3", - "@babel/plugin-syntax-optional-catch-binding@7.8.3", - "@babel/plugin-syntax-optional-chaining@7.8.3", - "@babel/plugin-syntax-top-level-await@7.14.5" - ] - }, + "url": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9f3dcf91e22870a8fe8dfda22fd9fd60307f25395b56407a2a0b8c8aea8483555a1cba602c7c2aa39179ea89832198cc12fe61072e9ed57a196ddea97a9448a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "natural-compare@1.4.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/strip-json-comments" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "group": "@types", + "version": "4.1.9", + "bom-ref": "@types/graceful-fs@4.1.9", + "description": "TypeScript definitions for graceful-fs", + "licenses": [ { - "ref": "leven@3.1.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/graceful-fs@4.1.9#types/graceful-fs", + "externalReferences": [ { - "ref": "react-is@18.2.0" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/graceful-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "rimraf@3.0.2", - "dependsOn": [ - "glob@7.2.3" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/graceful-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@types/istanbul-reports@3.0.4", - "dependsOn": [ - "@types/istanbul-lib-report@3.0.3" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@types/yargs@17.0.32", - "dependsOn": [ - "@types/yargs-parser@21.0.3" - ] - }, + "url": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a253f7b1dd6a3847b97574d2685bd01bed3655d45771dcad58b019b00ab53de714f2ea9002192b9db962ec36a08ed5ca5bf065ed825b52c6bc30f72e73c2c711" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "import-local@3.1.0", - "dependsOn": [ - "pkg-dir@4.2.0", - "resolve-cwd@3.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "anymatch", + "version": "3.1.3", + "bom-ref": "anymatch@3.1.3", + "author": "Elan Shanker", + "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions", + "licenses": [ { - "ref": "prompts@2.4.2", - "dependsOn": [ - "kleur@3.0.3", - "sisteransi@1.0.5" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "externalReferences": [ { - "ref": "kleur@3.0.3" + "url": "git+https://github.com/micromatch/anymatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "sisteransi@1.0.5" + "url": "https://github.com/micromatch/anymatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "yargs@17.7.2", - "dependsOn": [ - "cliui@8.0.1", - "escalade@3.1.2", - "get-caller-file@2.0.5", - "require-directory@2.1.1", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "y18n@5.0.8", - "yargs@17.7.2|yargs-parser@21.1.1" - ] + "url": "https://github.com/micromatch/anymatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "yargs@17.7.2|yargs-parser@21.1.1" - }, + "url": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "json-diff@0.9.1", - "dependsOn": [ - "cli-color@2.0.4", - "difflib@0.2.4", - "dreamopt@0.8.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/anymatch" + } + ] + }, + { + "type": "library", + "name": "fb-watchman", + "version": "2.0.2", + "bom-ref": "fb-watchman@2.0.2", + "author": "Wez Furlong", + "description": "Bindings for the Watchman file watching service", + "licenses": [ { - "ref": "cli-color@2.0.4", - "dependsOn": [ - "d@1.0.2", - "es5-ext@0.10.64", - "es6-iterator@2.0.3", - "memoizee@0.4.15", - "timers-ext@0.1.7" - ] - }, + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/fb-watchman@2.0.2", + "externalReferences": [ { - "ref": "d@1.0.2", - "dependsOn": [ - "es5-ext@0.10.64", - "type@2.7.2" - ] + "url": "git+ssh://git@github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "es5-ext@0.10.64", - "dependsOn": [ - "es6-iterator@2.0.3", - "es6-symbol@3.1.4", - "esniff@2.0.1", - "next-tick@1.1.0" - ] + "url": "https://facebook.github.io/watchman/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "type@2.7.2" + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "es6-iterator@2.0.3", - "dependsOn": [ - "d@1.0.2", - "es5-ext@0.10.64", - "es6-symbol@3.1.4" - ] - }, + "url": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79d7ad41a9bb826929c1f2321bcd01ce96982c3e62b9ac95437c328ef75031b39342d6ebb71d1426eb0b7d71df7ff86b504083b9dc97465d7a320e94c0b2060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "es6-symbol@3.1.4", - "dependsOn": [ - "d@1.0.2", - "ext@1.7.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/fb-watchman" + } + ] + }, + { + "type": "library", + "name": "fsevents", + "version": "2.3.3", + "bom-ref": "fsevents@2.3.3", + "description": "Native Access to MacOS FSEvents", + "scope": "optional", + "licenses": [ { - "ref": "ext@1.7.0", - "dependsOn": [ - "type@2.7.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "externalReferences": [ { - "ref": "esniff@2.0.1", - "dependsOn": [ - "d@1.0.2", - "es5-ext@0.10.64", - "event-emitter@0.3.5", - "type@2.7.2" - ] + "url": "git+https://github.com/fsevents/fsevents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "event-emitter@0.3.5", - "dependsOn": [ - "d@1.0.2", - "es5-ext@0.10.64" - ] + "url": "https://github.com/fsevents/fsevents", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "next-tick@1.1.0" + "url": "https://github.com/fsevents/fsevents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "memoizee@0.4.15", - "dependsOn": [ - "d@1.0.2", - "es5-ext@0.10.64", - "es6-weak-map@2.0.3", - "event-emitter@0.3.5", - "is-promise@2.2.2", - "lru-queue@0.1.0", - "next-tick@1.1.0", - "timers-ext@0.1.7" - ] - }, + "url": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "es6-weak-map@2.0.3", - "dependsOn": [ - "d@1.0.2", - "es5-ext@0.10.64", - "es6-iterator@2.0.3", - "es6-symbol@3.1.4" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/fsevents" + } + ] + }, + { + "type": "library", + "name": "walker", + "version": "1.0.8", + "bom-ref": "walker@1.0.8", + "author": "Naitik Shah", + "description": "A simple directory tree walker.", + "licenses": [ { - "ref": "is-promise@2.2.2" - }, + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/walker@1.0.8", + "externalReferences": [ { - "ref": "lru-queue@0.1.0", - "dependsOn": [ - "es5-ext@0.10.64" - ] + "url": "git+https://github.com/daaku/nodejs-walker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "timers-ext@0.1.7", - "dependsOn": [ - "es5-ext@0.10.64", - "next-tick@1.1.0" - ] + "url": "https://github.com/daaku/nodejs-walker", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "difflib@0.2.4", - "dependsOn": [ - "heap@0.2.7" - ] + "url": "https://github.com/daaku/nodejs-walker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "heap@0.2.7" - }, + "url": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6cffc13c9796fb918d2f9562dec0e9035cc98f74b7155781a63902f2c6e4acc0826cc1e78566d02c305ee4d4db33cfe4d8050ae56119b33a7af7f7ccb525e99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "dreamopt@0.8.0", - "dependsOn": [ - "wordwrap@1.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/walker" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/code-frame@7.24.2", + "author": "The Babel Team", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ { - "ref": "wordwrap@1.0.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.24.2#packages/babel-code-frame", + "externalReferences": [ { - "ref": "jstoxml@3.2.10" + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "pretty@2.0.0", - "dependsOn": [ - "condense-newlines@0.2.1", - "extend-shallow@2.0.1", - "js-beautify@1.15.1" - ] + "url": "https://babel.dev/docs/en/next/babel-code-frame", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "condense-newlines@0.2.1", - "dependsOn": [ - "extend-shallow@2.0.1", - "is-whitespace@0.3.0", - "kind-of@3.2.2" - ] + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "extend-shallow@2.0.1", - "dependsOn": [ - "is-extendable@0.1.1" - ] - }, + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb9fad2d0c95f298377ec8a59faec154b0f53f5dc4838961e515bd985d3352ebcbaeff6e210e0c08bf82453f854ec0650637086a7e8f1ac2dc04dd26dc2954c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "is-whitespace@0.3.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/code-frame" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/stack-utils@2.0.3", + "description": "TypeScript definitions for stack-utils", + "licenses": [ { - "ref": "kind-of@3.2.2", - "dependsOn": [ - "is-buffer@1.1.6" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/stack-utils@2.0.3#types/stack-utils", + "externalReferences": [ { - "ref": "is-buffer@1.1.6" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/stack-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "is-extendable@0.1.1" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/stack-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "js-beautify@1.15.1", - "dependsOn": [ - "config-chain@1.1.13", - "editorconfig@1.0.4", - "js-beautify@1.15.1|glob@10.3.12", - "js-cookie@3.0.5", - "nopt@7.2.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "js-beautify@1.15.1|glob@10.3.12", - "dependsOn": [ - "foreground-child@3.1.1", - "jackspeak@2.3.6", - "minimatch@9.0.4", - "js-beautify@1.15.1|minipass@7.0.4", - "path-scurry@1.10.2" - ] - }, + "url": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5a11b619dd36d83339cf75c76bdd2988acb5f00bf00a65741e09ff4f81aa3908a6fc0b21ee117e63cd63d392fade82f85124772944ee81168196f7271a3a463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "js-beautify@1.15.1|minipass@7.0.4" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/stack-utils" + } + ] + }, + { + "type": "library", + "name": "jest-pnp-resolver", + "version": "1.2.3", + "bom-ref": "jest-pnp-resolver@1.2.3", + "description": "plug'n'play resolver for Webpack", + "licenses": [ { - "ref": "config-chain@1.1.13", - "dependsOn": [ - "ini@1.3.8", - "proto-list@1.2.4" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-pnp-resolver@1.2.3", + "externalReferences": [ { - "ref": "ini@1.3.8" + "url": "git+https://github.com/arcanis/jest-pnp-resolver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "proto-list@1.2.4" + "url": "https://github.com/arcanis/jest-pnp-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "editorconfig@1.0.4", - "dependsOn": [ - "@one-ini/wasm@0.1.1", - "commander@10.0.1", - "editorconfig@1.0.4|minimatch@9.0.1", - "semver@7.6.2" - ] + "url": "https://github.com/arcanis/jest-pnp-resolver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "editorconfig@1.0.4|minimatch@9.0.1", - "dependsOn": [ - "brace-expansion@2.0.1" - ] - }, + "url": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb7369c10127468201b71e1fca16e54033e0248d07d48108917ed284b5233c603b4ed513bc8d6888a8b7491e28051d21421411f349785807b946b5c1c16300f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@one-ini/wasm@0.1.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/jest-pnp-resolver" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "3.1.0", + "bom-ref": "detect-newline@3.1.0", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ { - "ref": "commander@10.0.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@3.1.0", + "externalReferences": [ { - "ref": "brace-expansion@2.0.1", - "dependsOn": [ - "balanced-match@1.0.2" - ] + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "js-cookie@3.0.5" + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "nopt@7.2.0", - "dependsOn": [ - "abbrev@2.0.0" - ] + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "abbrev@2.0.0" - }, + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cbcfec7fbc45e6fd8ecfef09f510914d2f1629503e1380ca2cc58e9f0152549c931bba91c13a7731c96506f4ea53687f44043eee148e4b7c482630e739e03b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@types/babel__core@7.20.5", - "dependsOn": [ - "@babel/parser@7.24.4", - "@babel/types@7.24.0", - "@types/babel__generator@7.6.8", - "@types/babel__template@7.4.4", - "@types/babel__traverse@7.20.5" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/detect-newline" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "version": "0.5.13", + "bom-ref": "source-map-support@0.5.13", + "description": "Fixes stack traces for files with source maps", + "licenses": [ { - "ref": "@babel/template@7.24.0", - "dependsOn": [ - "@babel/code-frame@7.24.2", - "@babel/parser@7.24.4", - "@babel/types@7.24.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/source-map-support@0.5.13", + "externalReferences": [ { - "ref": "bs-logger@0.2.6", - "dependsOn": [ - "fast-json-stable-stringify@2.1.0" - ] + "url": "git+https://github.com/evanw/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "json5@2.2.3" - }, - { - "ref": "lodash.memoize@4.1.2" - }, - { - "ref": "@oclif/core@3.26.9", - "dependsOn": [ - "@types/cli-progress@3.11.5", - "ansi-escapes@4.3.2", - "ansi-styles@4.3.0", - "cardinal@2.1.1", - "chalk@4.1.2", - "clean-stack@3.0.1", - "cli-progress@3.12.0", - "color@4.2.3", - "@oclif/core@3.26.9|debug@4.3.5", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "hyperlinker@1.0.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "@oclif/core@3.26.9|js-yaml@3.14.1", - "minimatch@9.0.4", - "natural-orderby@2.0.3", - "object-treeify@1.1.33", - "password-prompt@1.1.3", - "slice-ansi@4.0.0", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1", - "supports-color@8.1.1", - "supports-hyperlinks@2.3.0", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] + "url": "https://github.com/evanw/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@oclif/core@3.26.9|debug@4.3.5", - "dependsOn": [ - "@oclif/core@3.26.9|ms@2.1.2" - ] + "url": "https://github.com/evanw/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@oclif/core@3.26.9|ms@2.1.2" - }, + "url": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "48748a14769d8d5039a11e0f3ea86d01575c056c1161577a83a7005e721b4622307361213eb4ee29405d48bbe510ac883f71827fcf5f96dbdc6623fd30c140d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@oclif/core@3.26.9|js-yaml@3.14.1", - "dependsOn": [ - "@oclif/core@3.26.9|argparse@1.0.10", - "esprima@4.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-support" + } + ] + }, + { + "type": "library", + "name": "type-detect", + "version": "4.0.8", + "bom-ref": "type-detect@4.0.8", + "author": "Jake Luer", + "description": "Improved typeof detection for node.js and the browser.", + "licenses": [ { - "ref": "@oclif/core@3.26.9|argparse@1.0.10", - "dependsOn": [ - "@oclif/core@3.26.9|sprintf-js@1.0.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-detect@4.0.8", + "externalReferences": [ { - "ref": "@oclif/core@3.26.9|sprintf-js@1.0.3" + "url": "git+ssh://git@github.com/chaijs/type-detect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@types/cli-progress@3.11.5", - "dependsOn": [ - "@types/node@20.14.1" - ] + "url": "https://github.com/chaijs/type-detect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "type-fest@0.21.3" + "url": "https://github.com/chaijs/type-detect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "color-convert@2.0.1", - "dependsOn": [ - "color-name@1.1.4" - ] - }, + "url": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1faff9881f57653bec7b4e570ccbe6c80ea28fb30ffbd2d5727875bbf3b828423866a9a65ed74bb02ee8ee6caf6af4b83a162868d4a50a0d8cf467b93b839fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "cardinal@2.1.1", - "dependsOn": [ - "ansicolors@0.3.2", - "redeyed@2.1.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/type-detect" + } + ] + }, + { + "type": "library", + "name": "callsites", + "version": "3.1.0", + "bom-ref": "callsites@3.1.0", + "author": "Sindre Sorhus", + "description": "Get callsites from the V8 stack trace API", + "licenses": [ { - "ref": "ansicolors@0.3.2" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/callsites@3.1.0", + "externalReferences": [ { - "ref": "redeyed@2.1.1", - "dependsOn": [ - "esprima@4.0.1" - ] + "url": "git+https://github.com/sindresorhus/callsites.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "esprima@4.0.1" + "url": "https://github.com/sindresorhus/callsites#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "has-flag@4.0.0" + "url": "https://github.com/sindresorhus/callsites/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "clean-stack@3.0.1", - "dependsOn": [ - "escape-string-regexp@4.0.0" - ] - }, + "url": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "escape-string-regexp@4.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/callsites" + } + ] + }, + { + "type": "library", + "name": "cjs-module-lexer", + "version": "1.2.3", + "bom-ref": "cjs-module-lexer@1.2.3", + "author": "Guy Bedford", + "description": "Lexes CommonJS modules, returning their named exports metadata", + "licenses": [ { - "ref": "cli-progress@3.12.0", - "dependsOn": [ - "BomRef.5hrhe0lu5jo.6brcifutiug" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cjs-module-lexer@1.2.3", + "externalReferences": [ { - "ref": "color@4.2.3", - "dependsOn": [ - "color-convert@2.0.1", - "color-string@1.9.1" - ] + "url": "git+https://github.com/nodejs/cjs-module-lexer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "color-string@1.9.1", - "dependsOn": [ - "color-name@1.1.4", - "simple-swizzle@0.2.2" - ] + "url": "https://github.com/nodejs/cjs-module-lexer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "simple-swizzle@0.2.2", - "dependsOn": [ - "simple-swizzle@0.2.2|is-arrayish@0.3.2" - ] + "url": "https://github.com/nodejs/cjs-module-lexer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2" - }, + "url": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d133621acb5b426085c2de1a9238c1839a4b4534b28ff3e4590d59a0edb39ed9a0f722ea491c7011ae2209f40b1a3aa18aa05f3896bb5bf13cc1f1ab4c39a565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "ejs@3.1.10", - "dependsOn": [ - "jake@10.8.7" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/cjs-module-lexer" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "4.0.0", + "bom-ref": "strip-bom@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "licenses": [ { - "ref": "jake@10.8.7", - "dependsOn": [ - "async@3.2.5", - "chalk@4.1.2", - "filelist@1.0.4", - "jake@10.8.7|minimatch@3.1.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@4.0.0", + "externalReferences": [ { - "ref": "jake@10.8.7|minimatch@3.1.2", - "dependsOn": [ - "jake@10.8.7|brace-expansion@1.1.11" - ] + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "jake@10.8.7|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "async@3.2.5" + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "filelist@1.0.4", - "dependsOn": [ - "filelist@1.0.4|minimatch@5.1.6" - ] - }, + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df1bab16fe6d1208a2df7662f09b69e79c042082d1f5e877e05016d343d97fe2674ac4e657f8a87b04a0425f7b247be08e8446c0f4a1b169be21daf1077e5dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "filelist@1.0.4|minimatch@5.1.6", - "dependsOn": [ - "brace-expansion@2.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom" + } + ] + }, + { + "type": "library", + "name": "generator", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/generator@7.24.4", + "author": "The Babel Team", + "description": "Turns an AST into code.", + "licenses": [ { - "ref": "balanced-match@1.0.2" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/generator@7.24.4#packages/babel-generator", + "externalReferences": [ { - "ref": "concat-map@0.0.1" + "url": "git+https://github.com/babel/babel.git#packages/babel-generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "get-package-type@0.1.0" + "url": "https://babel.dev/docs/en/next/babel-generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "globby@11.1.0", - "dependsOn": [ - "array-union@2.1.0", - "dir-glob@3.0.1", - "fast-glob@3.3.2", - "ignore@5.3.1", - "merge2@1.4.1", - "slash@3.0.0" - ] + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20generator%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "array-union@2.1.0" - }, + "url": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ddebebfa4a78d6571fe7bacfb2d25d6cc4c39338c064c8be3e04875b00bc9ab509c07bf49156300d7833d2098697fa2d62266b8648a7f767e13e57fbdad47bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "dir-glob@3.0.1", - "dependsOn": [ - "path-type@4.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-typescript", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-typescript@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of TypeScript syntax", + "licenses": [ { - "ref": "path-type@4.0.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.24.1#packages/babel-plugin-syntax-typescript", + "externalReferences": [ { - "ref": "ignore@5.3.1" + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-typescript", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "hyperlinker@1.0.0" + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "indent-string@4.0.0" + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "is-wsl@2.2.0", - "dependsOn": [ - "is-docker@2.2.1" - ] - }, + "url": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6219e6bf2e476449c752dcba8befa071f1f5fe5ebc0079c8b451e7682bfa867f5d361d2142fbd026cc698b804c0453790cb78706eb9c4ffd038335e27ff3b247" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "is-docker@2.2.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-typescript" + } + ] + }, + { + "type": "library", + "name": "traverse", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/traverse@7.24.1", + "author": "The Babel Team", + "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes", + "licenses": [ { - "ref": "natural-orderby@2.0.3" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/traverse@7.24.1#packages/babel-traverse", + "externalReferences": [ { - "ref": "object-treeify@1.1.33" + "url": "git+https://github.com/babel/babel.git#packages/babel-traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "password-prompt@1.1.3", - "dependsOn": [ - "ansi-escapes@4.3.2", - "cross-spawn@7.0.3" - ] + "url": "https://babel.dev/docs/en/next/babel-traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "slice-ansi@4.0.0", - "dependsOn": [ - "ansi-styles@4.3.0", - "astral-regex@2.0.0", - "is-fullwidth-code-point@3.0.0" - ] + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20traverse%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "astral-regex@2.0.0" - }, + "url": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6e53aa3d9baf0a7aa65b42e0edd9370a4b1530fe6aecbdabe512a43595e67f07e0bdb64e84e2c456cbded669782fab913e9d4ddc5ccc6fdd628e09a9d530299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "widest-line@3.1.0", - "dependsOn": [ - "BomRef.5hrhe0lu5jo.6brcifutiug" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/types@7.24.0", + "author": "The Babel Team", + "description": "Babel Types is a Lodash-esque utility library for AST nodes", + "licenses": [ { - "ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", - "dependsOn": [ - "ansi-styles@4.3.0", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/types@7.24.0#packages/babel-types", + "externalReferences": [ { - "ref": "@oclif/plugin-help@6.1.0", - "dependsOn": [ - "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13" - ] + "url": "git+https://github.com/babel/babel.git#packages/babel-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", - "dependsOn": [ - "ansi-escapes@4.3.2", - "ansis@3.2.0", - "clean-stack@3.0.1", - "cli-spinners@2.9.2", - "cosmiconfig@9.0.0", - "debug@4.3.4", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "minimatch@9.0.4", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "@oclif/plugin-help@6.1.0|supports-color@9.4.0", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] + "url": "https://babel.dev/docs/en/next/babel-types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0" + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20types%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "ansis@3.2.0" - }, + "url": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa3edae5cdb9dd17ca87c880041872c1cf0d49f3f92d445eed4878aa9b21ea373e68b260baf98850176349d10c42fd9b10dac247931f45d8c6a3bbf34bfa1bef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "cli-spinners@2.9.2" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/types" + } + ] + }, + { + "type": "library", + "name": "babel__traverse", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__traverse@7.20.5", + "description": "TypeScript definitions for @babel/traverse", + "licenses": [ { - "ref": "cosmiconfig@9.0.0", - "dependsOn": [ - "env-paths@2.2.1", - "import-fresh@3.3.0", - "js-yaml@4.1.0", - "parse-json@5.2.0", - "typescript@5.1.6" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__traverse@7.20.5#types/babel__traverse", + "externalReferences": [ { - "ref": "env-paths@2.2.1" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "import-fresh@3.3.0", - "dependsOn": [ - "parent-module@1.0.1", - "resolve-from@4.0.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "js-yaml@4.1.0", - "dependsOn": [ - "argparse@2.0.1" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "error-ex@1.3.2", - "dependsOn": [ - "is-arrayish@0.2.1" - ] - }, + "url": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5970b239c46d1f7ec70149295e151db9ac5d9bcd9be064a5c93a9a8d7be237811f8ae3e0358475d3dc4c08abe997accf229b9ad031a53040c2abe83c11da2179" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "json-parse-even-better-errors@2.3.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__traverse" + } + ] + }, + { + "type": "library", + "name": "prettier", + "group": "@types", + "version": "2.7.3", + "bom-ref": "@types/prettier@2.7.3", + "description": "TypeScript definitions for prettier", + "licenses": [ { - "ref": "typescript@5.1.6" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prettier@2.7.3#types/prettier", + "externalReferences": [ { - "ref": "debug@4.3.4", - "dependsOn": [ - "debug@4.3.4|ms@2.1.2" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prettier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "debug@4.3.4|ms@2.1.2" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prettier", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@oclif/plugin-plugins@5.2.2", - "dependsOn": [ - "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", - "ansis@3.2.0", - "@oclif/plugin-plugins@5.2.2|debug@4.3.5", - "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", - "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", - "npm@10.8.0", - "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", - "semver@7.6.2", - "validate-npm-package-name@5.0.1", - "@oclif/plugin-plugins@5.2.2|which@4.0.0", - "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", - "dependsOn": [ - "ansi-escapes@4.3.2", - "ansis@3.2.0", - "clean-stack@3.0.1", - "cli-spinners@2.9.2", - "cosmiconfig@9.0.0", - "@oclif/plugin-plugins@5.2.2|debug@4.3.5", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "minimatch@9.0.4", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "supports-color@8.1.1", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, + "url": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbaf243fdcb3b382cca7b54d87c81dccc48f6452f8e0c2c6aa21d6bedb5825efbaaa7b95af8124f70481428bdea98febf8bc2309c536f643559227708a6fa460" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", - "dependsOn": [ - "@oclif/plugin-plugins@5.2.2|ms@2.1.2" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prettier" + } + ] + }, + { + "type": "library", + "name": "babel-preset-current-node-syntax", + "version": "1.0.1", + "bom-ref": "babel-preset-current-node-syntax@1.0.1", + "author": "Nicolò Ribaudo", + "description": "A Babel preset that enables parsing of proposals supported by the current Node.js version.", + "licenses": [ { - "ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-current-node-syntax@1.0.1", + "externalReferences": [ { - "ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", - "dependsOn": [ - "hosted-git-info@7.0.2", - "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", - "semver@7.6.2", - "validate-npm-package-name@5.0.1" - ] + "url": "git+https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0" + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", - "dependsOn": [ - "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" - ] + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" - }, + "url": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "33b2d0d1bc5aae4c50a0dfafcf96893ec2c19fbee7f10813166a3c58ad3fe386ae2b6c65097ad8714c47171814eea5b9633c3f0a398b44adae27368277b2efa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-current-node-syntax" + } + ] + }, + { + "type": "library", + "name": "natural-compare", + "version": "1.4.0", + "bom-ref": "natural-compare@1.4.0", + "author": "Lauri Rooden", + "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.", + "licenses": [ { - "ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", - "dependsOn": [ - "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-compare@1.4.0", + "externalReferences": [ { - "ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + "url": "git://github.com/litejs/natural-compare-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + "url": "https://github.com/litejs/natural-compare-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "hosted-git-info@7.0.2", - "dependsOn": [ - "hosted-git-info@7.0.2|lru-cache@10.2.2" - ] + "url": "https://github.com/litejs/natural-compare-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "hosted-git-info@7.0.2|lru-cache@10.2.2" - }, - { - "ref": "validate-npm-package-name@5.0.1" - }, - { - "ref": "npm@10.8.0", - "dependsOn": [ - "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", - "npm@10.8.0|@npmcli/arborist@7.5.2", - "npm@10.8.0|@npmcli/config@8.3.2", - "npm@10.8.0|@npmcli/fs@3.1.1", - "npm@10.8.0|@npmcli/map-workspaces@3.0.6", - "npm@10.8.0|@npmcli/package-json@5.1.0", - "npm@10.8.0|@npmcli/promise-spawn@7.0.2", - "npm@10.8.0|@npmcli/redact@2.0.0", - "npm@10.8.0|@npmcli/run-script@8.1.0", - "npm@10.8.0|@sigstore/tuf@2.3.3", - "npm@10.8.0|abbrev@2.0.0", - "npm@10.8.0|archy@1.0.0", - "npm@10.8.0|cacache@18.0.3", - "npm@10.8.0|chalk@5.3.0", - "npm@10.8.0|ci-info@4.0.0", - "npm@10.8.0|cli-columns@4.0.0", - "npm@10.8.0|fastest-levenshtein@1.0.16", - "npm@10.8.0|fs-minipass@3.0.3", - "npm@10.8.0|glob@10.3.15", - "npm@10.8.0|graceful-fs@4.2.11", - "npm@10.8.0|hosted-git-info@7.0.2", - "npm@10.8.0|ini@4.1.2", - "npm@10.8.0|init-package-json@6.0.3", - "npm@10.8.0|is-cidr@5.0.5", - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|libnpmaccess@8.0.6", - "npm@10.8.0|libnpmdiff@6.1.2", - "npm@10.8.0|libnpmexec@8.1.1", - "npm@10.8.0|libnpmfund@5.0.10", - "npm@10.8.0|libnpmhook@10.0.5", - "npm@10.8.0|libnpmorg@6.0.6", - "npm@10.8.0|libnpmpack@7.0.2", - "npm@10.8.0|libnpmpublish@9.0.8", - "npm@10.8.0|libnpmsearch@7.0.5", - "npm@10.8.0|libnpmteam@6.0.5", - "npm@10.8.0|libnpmversion@6.0.2", - "npm@10.8.0|make-fetch-happen@13.0.1", - "npm@10.8.0|minimatch@9.0.4", - "npm@10.8.0|minipass-pipeline@1.2.4", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|ms@2.1.3", - "npm@10.8.0|node-gyp@10.1.0", - "npm@10.8.0|nopt@7.2.1", - "npm@10.8.0|normalize-package-data@6.0.1", - "npm@10.8.0|npm-audit-report@5.0.0", - "npm@10.8.0|npm-install-checks@6.3.0", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|npm-pick-manifest@9.0.1", - "npm@10.8.0|npm-profile@10.0.0", - "npm@10.8.0|npm-registry-fetch@17.0.1", - "npm@10.8.0|npm-user-validate@2.0.1", - "npm@10.8.0|p-map@4.0.0", - "npm@10.8.0|pacote@18.0.6", - "npm@10.8.0|parse-conflict-json@3.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|qrcode-terminal@0.12.0", - "npm@10.8.0|read@3.0.1", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|spdx-expression-parse@4.0.0", - "npm@10.8.0|ssri@10.0.6", - "npm@10.8.0|supports-color@9.4.0", - "npm@10.8.0|tar@6.2.1", - "npm@10.8.0|text-table@0.2.0", - "npm@10.8.0|tiny-relative-date@1.3.0", - "npm@10.8.0|treeverse@3.0.0", - "npm@10.8.0|validate-npm-package-name@5.0.1", - "npm@10.8.0|which@4.0.0", - "npm@10.8.0|write-file-atomic@5.0.1" - ] - }, + "url": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "396343f1e8b756d342f61ed5eb4a9f7f7495a1b1ebf7de824f0831b9b832418129836f7487d2746eec8408d3497b19059b9b0e6a38791b5d7a45803573c64c4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0" - }, - { - "ref": "npm@10.8.0|@npmcli/arborist@7.5.2", - "dependsOn": [ - "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", - "npm@10.8.0|@npmcli/fs@3.1.1", - "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", - "npm@10.8.0|@npmcli/map-workspaces@3.0.6", - "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", - "npm@10.8.0|@npmcli/name-from-folder@2.0.0", - "npm@10.8.0|@npmcli/node-gyp@3.0.0", - "npm@10.8.0|@npmcli/package-json@5.1.0", - "npm@10.8.0|@npmcli/query@3.1.0", - "npm@10.8.0|@npmcli/redact@2.0.0", - "npm@10.8.0|@npmcli/run-script@8.1.0", - "npm@10.8.0|bin-links@4.0.4", - "npm@10.8.0|cacache@18.0.3", - "npm@10.8.0|common-ancestor-path@1.0.1", - "npm@10.8.0|hosted-git-info@7.0.2", - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|json-stringify-nice@1.1.4", - "npm@10.8.0|lru-cache@10.2.2", - "npm@10.8.0|minimatch@9.0.4", - "npm@10.8.0|nopt@7.2.1", - "npm@10.8.0|npm-install-checks@6.3.0", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|npm-pick-manifest@9.0.1", - "npm@10.8.0|npm-registry-fetch@17.0.1", - "npm@10.8.0|pacote@18.0.6", - "npm@10.8.0|parse-conflict-json@3.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|proggy@2.0.0", - "npm@10.8.0|promise-all-reject-late@1.0.1", - "npm@10.8.0|promise-call-limit@3.0.1", - "npm@10.8.0|read-package-json-fast@3.0.2", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|ssri@10.0.6", - "npm@10.8.0|treeverse@3.0.0", - "npm@10.8.0|walk-up-path@3.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/natural-compare" + } + ] + }, + { + "type": "library", + "name": "leven", + "version": "3.1.0", + "bom-ref": "leven@3.1.0", + "author": "Sindre Sorhus", + "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm", + "licenses": [ { - "ref": "npm@10.8.0|@npmcli/fs@3.1.1", - "dependsOn": [ - "npm@10.8.0|semver@7.6.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/leven@3.1.0", + "externalReferences": [ { - "ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", - "dependsOn": [ - "npm@10.8.0|npm-bundled@3.0.1", - "npm@10.8.0|npm-normalize-package-bin@3.0.1" - ] + "url": "git+https://github.com/sindresorhus/leven.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|npm-bundled@3.0.1", - "dependsOn": [ - "npm@10.8.0|npm-normalize-package-bin@3.0.1" - ] + "url": "https://github.com/sindresorhus/leven#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1" + "url": "https://github.com/sindresorhus/leven/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", - "dependsOn": [ - "npm@10.8.0|@npmcli/name-from-folder@2.0.0", - "npm@10.8.0|glob@10.3.15", - "npm@10.8.0|minimatch@9.0.4", - "npm@10.8.0|read-package-json-fast@3.0.2" - ] - }, + "url": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", - "dependsOn": [ - "npm@10.8.0|cacache@18.0.3", - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|pacote@18.0.6", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|semver@7.6.2" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/leven" + } + ] + }, + { + "type": "library", + "name": "react-is", + "version": "18.2.0", + "bom-ref": "react-is@18.2.0", + "description": "Brand checking of React Elements.", + "licenses": [ { - "ref": "npm@10.8.0|cacache@18.0.3", - "dependsOn": [ - "npm@10.8.0|@npmcli/fs@3.1.1", - "npm@10.8.0|fs-minipass@3.0.3", - "npm@10.8.0|glob@10.3.15", - "npm@10.8.0|lru-cache@10.2.2", - "npm@10.8.0|minipass-collect@2.0.1", - "npm@10.8.0|minipass-flush@1.0.5", - "npm@10.8.0|minipass-pipeline@1.2.4", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|p-map@4.0.0", - "npm@10.8.0|ssri@10.0.6", - "npm@10.8.0|tar@6.2.1", - "npm@10.8.0|unique-filename@3.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/react-is@18.2.0#packages/react-is", + "externalReferences": [ { - "ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2" - }, - { - "ref": "npm@10.8.0|pacote@18.0.6", - "dependsOn": [ - "npm@10.8.0|@npmcli/git@5.0.7", - "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", - "npm@10.8.0|@npmcli/package-json@5.1.0", - "npm@10.8.0|@npmcli/promise-spawn@7.0.2", - "npm@10.8.0|@npmcli/run-script@8.1.0", - "npm@10.8.0|cacache@18.0.3", - "npm@10.8.0|fs-minipass@3.0.3", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|npm-packlist@8.0.2", - "npm@10.8.0|npm-pick-manifest@9.0.1", - "npm@10.8.0|npm-registry-fetch@17.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|promise-retry@2.0.1", - "npm@10.8.0|sigstore@2.3.0", - "npm@10.8.0|ssri@10.0.6", - "npm@10.8.0|tar@6.2.1" - ] + "url": "git+https://github.com/facebook/react.git#packages/react-is", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "npm@10.8.0|proc-log@4.2.0" + "url": "https://reactjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|semver@7.6.2" + "url": "https://github.com/facebook/react/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0" - }, + "url": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c56183216eb1f76d71b733e486250bb6d8491e826f05b177ab6e9fce5a0f08ad21b2fc6d3d57a5bdfb70df38db1d64a4476926f59fb8bb16c30caffa670f41f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/react-is" + } + ] + }, + { + "type": "library", + "name": "rimraf", + "version": "3.0.2", + "bom-ref": "rimraf@3.0.2", + "author": "Isaac Z. Schlueter", + "description": "A deep deletion module for node (like `rm -rf`)", + "licenses": [ { - "ref": "npm@10.8.0|@npmcli/package-json@5.1.0", - "dependsOn": [ - "npm@10.8.0|@npmcli/git@5.0.7", - "npm@10.8.0|glob@10.3.15", - "npm@10.8.0|hosted-git-info@7.0.2", - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|normalize-package-data@6.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|semver@7.6.2" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/rimraf@3.0.2", + "externalReferences": [ { - "ref": "npm@10.8.0|@npmcli/query@3.1.0", - "dependsOn": [ - "npm@10.8.0|postcss-selector-parser@6.0.16" - ] + "url": "git://github.com/isaacs/rimraf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|postcss-selector-parser@6.0.16", - "dependsOn": [ - "npm@10.8.0|cssesc@3.0.0", - "npm@10.8.0|util-deprecate@1.0.2" - ] + "url": "https://github.com/isaacs/rimraf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|cssesc@3.0.0" + "url": "https://github.com/isaacs/rimraf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|util-deprecate@1.0.2" - }, + "url": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "25990931990018514f3f662a5d95cf6cc94c060b31cc4f082ece253085ffda8d0bf54070f4efd8de8eb0170fe2f582daa5c5095b0a9b8b791dc483dd0bad9320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|@npmcli/redact@2.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/rimraf" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "group": "@types", + "version": "3.0.4", + "bom-ref": "@types/istanbul-reports@3.0.4", + "description": "TypeScript definitions for istanbul-reports", + "licenses": [ { - "ref": "npm@10.8.0|@npmcli/run-script@8.1.0", - "dependsOn": [ - "npm@10.8.0|@npmcli/node-gyp@3.0.0", - "npm@10.8.0|@npmcli/package-json@5.1.0", - "npm@10.8.0|@npmcli/promise-spawn@7.0.2", - "npm@10.8.0|node-gyp@10.1.0", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|which@4.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-reports@3.0.4#types/istanbul-reports", + "externalReferences": [ { - "ref": "npm@10.8.0|bin-links@4.0.4", - "dependsOn": [ - "npm@10.8.0|cmd-shim@6.0.3", - "npm@10.8.0|npm-normalize-package-bin@3.0.1", - "npm@10.8.0|read-cmd-shim@4.0.0", - "npm@10.8.0|write-file-atomic@5.0.1" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "npm@10.8.0|cmd-shim@6.0.3" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-reports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|read-cmd-shim@4.0.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|write-file-atomic@5.0.1", - "dependsOn": [ - "npm@10.8.0|imurmurhash@0.1.4", - "npm@10.8.0|signal-exit@4.1.0" - ] - }, + "url": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a64d81d4d59a945f6da0246eea08c1cd1ebdb321633f839df164405fed2699ff6502309189c2ce59cf99af1647c7fd17463a2d82417db7a89a309f9a5dc39d65" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|common-ancestor-path@1.0.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "yargs", + "group": "@types", + "version": "17.0.32", + "bom-ref": "@types/yargs@17.0.32", + "description": "TypeScript definitions for yargs", + "licenses": [ { - "ref": "npm@10.8.0|hosted-git-info@7.0.2", - "dependsOn": [ - "npm@10.8.0|lru-cache@10.2.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs@17.0.32#types/yargs", + "externalReferences": [ { - "ref": "npm@10.8.0|json-stringify-nice@1.1.4" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "npm@10.8.0|lru-cache@10.2.2" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|minimatch@9.0.4", - "dependsOn": [ - "npm@10.8.0|brace-expansion@2.0.1" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|nopt@7.2.1", - "dependsOn": [ - "npm@10.8.0|abbrev@2.0.0" - ] - }, + "url": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c50ebb61cfe568e1b9b8c7d7ff4f77311946182201cd931aad56be81f34a271580220ca462954690175ba84cc60c37c2ad5523e8789f7f8993679040e93980a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|npm-install-checks@6.3.0", - "dependsOn": [ - "npm@10.8.0|semver@7.6.2" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs" + } + ] + }, + { + "type": "library", + "name": "import-local", + "version": "3.1.0", + "bom-ref": "import-local@3.1.0", + "author": "Sindre Sorhus", + "description": "Let a globally installed package use a locally installed version of itself if available", + "licenses": [ { - "ref": "npm@10.8.0|npm-package-arg@11.0.2", - "dependsOn": [ - "npm@10.8.0|hosted-git-info@7.0.2", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|validate-npm-package-name@5.0.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-local@3.1.0", + "externalReferences": [ { - "ref": "npm@10.8.0|npm-pick-manifest@9.0.1", - "dependsOn": [ - "npm@10.8.0|npm-install-checks@6.3.0", - "npm@10.8.0|npm-normalize-package-bin@3.0.1", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|semver@7.6.2" - ] + "url": "git+https://github.com/sindresorhus/import-local.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|npm-registry-fetch@17.0.1", - "dependsOn": [ - "npm@10.8.0|@npmcli/redact@2.0.0", - "npm@10.8.0|make-fetch-happen@13.0.1", - "npm@10.8.0|minipass-fetch@3.0.5", - "npm@10.8.0|minipass-json-stream@1.0.1", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|minizlib@2.1.2", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|proc-log@4.2.0" - ] + "url": "https://github.com/sindresorhus/import-local#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|parse-conflict-json@3.0.1", - "dependsOn": [ - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|just-diff-apply@5.5.0", - "npm@10.8.0|just-diff@6.0.2" - ] + "url": "https://github.com/sindresorhus/import-local/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|proggy@2.0.0" - }, + "url": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012074eee2ed9c3b35a3a1078caa57df804a6034aa9c57ab7d33892f61ef32a17bd0b9f1a639330c1f09e38a13f69bb800c3e44307fc8e5eacce0bcd776b5122" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|promise-all-reject-late@1.0.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/import-local" + } + ] + }, + { + "type": "library", + "name": "prompts", + "version": "2.4.2", + "bom-ref": "prompts@2.4.2", + "author": "Terkel Gjervig", + "description": "Lightweight, beautiful and user-friendly prompts", + "licenses": [ { - "ref": "npm@10.8.0|promise-call-limit@3.0.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompts@2.4.2", + "externalReferences": [ { - "ref": "npm@10.8.0|read-package-json-fast@3.0.2", - "dependsOn": [ - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|npm-normalize-package-bin@3.0.1" - ] + "url": "git+https://github.com/terkelg/prompts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|ssri@10.0.6", - "dependsOn": [ - "npm@10.8.0|minipass@7.1.1" - ] + "url": "https://github.com/terkelg/prompts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|treeverse@3.0.0" + "url": "https://github.com/terkelg/prompts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|walk-up-path@3.0.1" - }, + "url": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37136ffe42e0b8203ba778c4f282f668406cac95a001a901a609a02ba9693d657e5ae3a663aaf6ff36c05673fe4fc6d0940d27cc75d2252256d07abbca5683d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|@npmcli/config@8.3.2", - "dependsOn": [ - "npm@10.8.0|@npmcli/map-workspaces@3.0.6", - "npm@10.8.0|ci-info@4.0.0", - "npm@10.8.0|ini@4.1.2", - "npm@10.8.0|nopt@7.2.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|read-package-json-fast@3.0.2", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|walk-up-path@3.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/prompts" + } + ] + }, + { + "type": "library", + "name": "kleur", + "version": "3.0.3", + "bom-ref": "kleur@3.0.3", + "author": "Luke Edwards", + "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!", + "licenses": [ { - "ref": "npm@10.8.0|ci-info@4.0.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kleur@3.0.3", + "externalReferences": [ { - "ref": "npm@10.8.0|ini@4.1.2" + "url": "git+https://github.com/lukeed/kleur.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|glob@10.3.15", - "dependsOn": [ - "npm@10.8.0|foreground-child@3.1.1", - "npm@10.8.0|jackspeak@2.3.6", - "npm@10.8.0|minimatch@9.0.4", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|path-scurry@1.11.1" - ] + "url": "https://github.com/lukeed/kleur#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|@npmcli/git@5.0.7", - "dependsOn": [ - "npm@10.8.0|@npmcli/promise-spawn@7.0.2", - "npm@10.8.0|lru-cache@10.2.2", - "npm@10.8.0|npm-pick-manifest@9.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|promise-inflight@1.0.1", - "npm@10.8.0|promise-retry@2.0.1", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|which@4.0.0" - ] + "url": "https://github.com/lukeed/kleur/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", - "dependsOn": [ - "npm@10.8.0|which@4.0.0" - ] - }, + "url": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|promise-inflight@1.0.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/kleur" + } + ] + }, + { + "type": "library", + "name": "sisteransi", + "version": "1.0.5", + "bom-ref": "sisteransi@1.0.5", + "author": "Terkel Gjervig", + "description": "ANSI escape codes for some terminal swag", + "licenses": [ { - "ref": "npm@10.8.0|promise-retry@2.0.1", - "dependsOn": [ - "npm@10.8.0|err-code@2.0.3", - "npm@10.8.0|retry@0.12.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sisteransi@1.0.5", + "externalReferences": [ { - "ref": "npm@10.8.0|which@4.0.0", - "dependsOn": [ - "npm@10.8.0|which@4.0.0|isexe@3.1.1" - ] + "url": "git+https://github.com/terkelg/sisteransi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1" + "url": "https://github.com/terkelg/sisteransi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|normalize-package-data@6.0.1", - "dependsOn": [ - "npm@10.8.0|hosted-git-info@7.0.2", - "npm@10.8.0|is-core-module@2.13.1", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|validate-npm-package-license@3.0.4" - ] + "url": "https://github.com/terkelg/sisteransi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|node-gyp@10.1.0", - "dependsOn": [ - "npm@10.8.0|env-paths@2.2.1", - "npm@10.8.0|exponential-backoff@3.1.1", - "npm@10.8.0|glob@10.3.15", - "npm@10.8.0|graceful-fs@4.2.11", - "npm@10.8.0|make-fetch-happen@13.0.1", - "npm@10.8.0|nopt@7.2.1", - "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|tar@6.2.1", - "npm@10.8.0|which@4.0.0" - ] - }, + "url": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/sisteransi" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "17.7.2", + "bom-ref": "yargs@17.7.2", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@17.7.2", + "externalReferences": [ { - "ref": "npm@10.8.0|@sigstore/tuf@2.3.3", - "dependsOn": [ - "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", - "npm@10.8.0|tuf-js@2.2.1" - ] + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|tuf-js@2.2.1", - "dependsOn": [ - "npm@10.8.0|@tufjs/models@2.0.1", - "npm@10.8.0|debug@4.3.4", - "npm@10.8.0|make-fetch-happen@13.0.1" - ] + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|@tufjs/models@2.0.1", - "dependsOn": [ - "npm@10.8.0|@tufjs/canonical-json@2.0.0", - "npm@10.8.0|minimatch@9.0.4" - ] - }, + "url": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd4b3cd143ef822a7348fe4aca9d8455ec928a3d45cc121eb5b286872a0f66ad6121cc55a1167c4fc4697eebd703d4ebbadc2d773543c29e621caefa82b8ceb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/yargs" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "version": "0.9.1", + "bom-ref": "json-diff@0.9.1", + "author": "Andrey Tarantsov", + "description": "JSON diff", + "licenses": [ { - "ref": "npm@10.8.0|debug@4.3.4", - "dependsOn": [ - "npm@10.8.0|debug@4.3.4|ms@2.1.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-diff@0.9.1", + "externalReferences": [ { - "ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2" + "url": "git+ssh://git@github.com/andreyvit/json-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|make-fetch-happen@13.0.1", - "dependsOn": [ - "npm@10.8.0|@npmcli/agent@2.2.2", - "npm@10.8.0|cacache@18.0.3", - "npm@10.8.0|http-cache-semantics@4.1.1", - "npm@10.8.0|is-lambda@1.0.1", - "npm@10.8.0|minipass-fetch@3.0.5", - "npm@10.8.0|minipass-flush@1.0.5", - "npm@10.8.0|minipass-pipeline@1.2.4", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|negotiator@0.6.3", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|promise-retry@2.0.1", - "npm@10.8.0|ssri@10.0.6" - ] + "url": "https://github.com/andreyvit/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|abbrev@2.0.0" + "url": "https://github.com/andreyvit/json-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|archy@1.0.0" - }, + "url": "https://registry.npmjs.org/json-diff/-/json-diff-0.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67778c83a91b55306bde0fc8a6617acf6f322f6b2a8b89242252560d04add1ab905b6cb4405bb746648a8b3be3f3cd04fc453235a9ef598de88bf4f967b640d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|fs-minipass@3.0.3", - "dependsOn": [ - "npm@10.8.0|minipass@7.1.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/json-diff" + } + ] + }, + { + "type": "library", + "name": "cli-color", + "version": "2.0.4", + "bom-ref": "cli-color@2.0.4", + "author": "Mariusz Nowak", + "description": "Colors, formatting and other tools for the console", + "licenses": [ { - "ref": "npm@10.8.0|minipass-collect@2.0.1", - "dependsOn": [ - "npm@10.8.0|minipass@7.1.1" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-color@2.0.4", + "externalReferences": [ { - "ref": "npm@10.8.0|minipass@7.1.1" + "url": "git+https://github.com/medikoo/cli-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|minipass-flush@1.0.5", - "dependsOn": [ - "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6" - ] + "url": "https://github.com/medikoo/cli-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", - "dependsOn": [ - "npm@10.8.0|yallist@4.0.0" - ] + "url": "https://github.com/medikoo/cli-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|yallist@4.0.0" - }, + "url": "https://registry.npmjs.org/cli-color/-/cli-color-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce59e98348cd7226cdaceec61bd21e1c7ee669615e0b3f896b5c31ffbb59354e4049249267efea65c88cd3f2c7098c5276abf9876b1d6d0fcf5d874eb9eb57bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|minipass-pipeline@1.2.4", - "dependsOn": [ - "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/cli-color" + } + ] + }, + { + "type": "library", + "name": "d", + "version": "1.0.2", + "bom-ref": "d@1.0.2", + "author": "Mariusz Nowak", + "description": "Property descriptor factory", + "licenses": [ { - "ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", - "dependsOn": [ - "npm@10.8.0|yallist@4.0.0" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/d@1.0.2", + "externalReferences": [ { - "ref": "npm@10.8.0|p-map@4.0.0", - "dependsOn": [ - "npm@10.8.0|aggregate-error@3.1.0" - ] + "url": "git+https://github.com/medikoo/d.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|tar@6.2.1", - "dependsOn": [ - "npm@10.8.0|chownr@2.0.0", - "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", - "npm@10.8.0|tar@6.2.1|minipass@5.0.0", - "npm@10.8.0|minizlib@2.1.2", - "npm@10.8.0|mkdirp@1.0.4", - "npm@10.8.0|yallist@4.0.0" - ] + "url": "https://github.com/medikoo/d#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", - "dependsOn": [ - "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6" - ] + "url": "https://github.com/medikoo/d/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", - "dependsOn": [ - "npm@10.8.0|yallist@4.0.0" - ] - }, + "url": "https://registry.npmjs.org/d/-/d-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30ea87bcc585f7ff4c5fa9f36b42a0bc51f81e9314d04179b940d7a97fc1b71b54f0d7c1d10cd1b49f0e7bfe92b92e246e1cb3549c2377dec40383caaf327c6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/d" + } + ] + }, + { + "type": "library", + "name": "es5-ext", + "version": "0.10.64", + "bom-ref": "es5-ext@0.10.64", + "author": "Mariusz Nowak", + "description": "ECMAScript extensions and shims", + "licenses": [ { - "ref": "npm@10.8.0|unique-filename@3.0.0", - "dependsOn": [ - "npm@10.8.0|unique-slug@4.0.0" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es5-ext@0.10.64", + "externalReferences": [ { - "ref": "npm@10.8.0|unique-slug@4.0.0", - "dependsOn": [ - "npm@10.8.0|imurmurhash@0.1.4" - ] + "url": "git+https://github.com/medikoo/es5-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|imurmurhash@0.1.4" + "url": "https://github.com/medikoo/es5-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|chalk@5.3.0" + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|cli-columns@4.0.0", - "dependsOn": [ - "npm@10.8.0|string-width@4.2.3", - "npm@10.8.0|strip-ansi@6.0.1" - ] - }, + "url": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.64.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a76b270e188b6977ba75a86cb352dd771a849be4a4b83bd5f1d9c8406d0c5a3c87a5c30d7d728f13efc2734cbe3e1c495f7038c4635e1428f9a1cd01521e9d7a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|string-width@4.2.3", - "dependsOn": [ - "npm@10.8.0|emoji-regex@8.0.0", - "npm@10.8.0|is-fullwidth-code-point@3.0.0", - "npm@10.8.0|strip-ansi@6.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/es5-ext" + } + ] + }, + { + "type": "library", + "name": "type", + "version": "2.7.2", + "bom-ref": "type@2.7.2", + "author": "Mariusz Nowak", + "description": "Runtime validation and processing of JavaScript types", + "licenses": [ { - "ref": "npm@10.8.0|emoji-regex@8.0.0" - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/type@2.7.2", + "externalReferences": [ { - "ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0" + "url": "git+https://github.com/medikoo/type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|strip-ansi@6.0.1", - "dependsOn": [ - "npm@10.8.0|ansi-regex@5.0.1" - ] + "url": "https://github.com/medikoo/type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|ansi-regex@5.0.1" + "url": "https://github.com/medikoo/type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|fastest-levenshtein@1.0.16" - }, + "url": "https://registry.npmjs.org/type/-/type-2.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77396f94d96de805d4ec40527e902c732750ee05c1fa93c6b0f9df26766988d2410e3ec8689cd094165819d122e11f4798f741bf65e6589e9852da136bb9660b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|foreground-child@3.1.1", - "dependsOn": [ - "npm@10.8.0|cross-spawn@7.0.3", - "npm@10.8.0|signal-exit@4.1.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/type" + } + ] + }, + { + "type": "library", + "name": "es6-iterator", + "version": "2.0.3", + "bom-ref": "es6-iterator@2.0.3", + "author": "Mariusz Nowak", + "description": "Iterator abstraction based on ES6 specification", + "licenses": [ { - "ref": "npm@10.8.0|cross-spawn@7.0.3", - "dependsOn": [ - "npm@10.8.0|path-key@3.1.1", - "npm@10.8.0|shebang-command@2.0.0", - "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-iterator@2.0.3", + "externalReferences": [ { - "ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", - "dependsOn": [ - "npm@10.8.0|isexe@2.0.0" - ] + "url": "git://github.com/medikoo/es6-iterator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|path-key@3.1.1" + "url": "https://github.com/medikoo/es6-iterator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|shebang-command@2.0.0", - "dependsOn": [ - "npm@10.8.0|shebang-regex@3.0.0" - ] + "url": "https://github.com/medikoo/es6-iterator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|shebang-regex@3.0.0" - }, + "url": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf0e12473a1491df9c97e668135e40f68d6841df76d016f488e24c4244219778cd734dd8a958c0846eec71ff42e4a59153f475dceadfe7cf2e082eb9db9a34da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|isexe@2.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/es6-iterator" + } + ] + }, + { + "type": "library", + "name": "es6-symbol", + "version": "3.1.4", + "bom-ref": "es6-symbol@3.1.4", + "author": "Mariusz Nowak", + "description": "ECMAScript 6 Symbol polyfill", + "licenses": [ { - "ref": "npm@10.8.0|signal-exit@4.1.0" - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-symbol@3.1.4", + "externalReferences": [ { - "ref": "npm@10.8.0|jackspeak@2.3.6", - "dependsOn": [ - "npm@10.8.0|@isaacs/cliui@8.0.2", - "npm@10.8.0|@pkgjs/parseargs@0.11.0" - ] + "url": "git+https://github.com/medikoo/es6-symbol.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|@isaacs/cliui@8.0.2", - "dependsOn": [ - "BomRef.6h760ft6oi8.7sr4bitkllo", - "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", - "BomRef.uih8rvtlbdo.33q7f9m1mj", - "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", - "npm@10.8.0|wrap-ansi@7.0.0", - "npm@10.8.0|wrap-ansi@8.1.0" - ] + "url": "https://github.com/medikoo/es6-symbol#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", - "dependsOn": [ - "npm@10.8.0|eastasianwidth@0.2.0", - "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", - "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0" - ] + "url": "https://github.com/medikoo/es6-symbol/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2" - }, + "url": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d6c51635fcb458804e0b64275ce0db9f8abe2217a6046f4474bcb1abb719f855cd385142b39e92c3de4f40565b630d66cd4e1162750cf5ce40c9f428a464be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", - "dependsOn": [ - "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/es6-symbol" + } + ] + }, + { + "type": "library", + "name": "ext", + "version": "1.7.0", + "bom-ref": "ext@1.7.0", + "author": "Mariusz Nowak", + "description": "JavaScript utilities with respect to emerging standard", + "licenses": [ { - "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ext@1.7.0#ext", + "externalReferences": [ { - "ref": "BomRef.6h760ft6oi8.7sr4bitkllo", - "dependsOn": [ - "npm@10.8.0|emoji-regex@8.0.0", - "npm@10.8.0|is-fullwidth-code-point@3.0.0", - "npm@10.8.0|strip-ansi@6.0.1" - ] + "url": "git+https://github.com/medikoo/es5-ext.git#ext", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|eastasianwidth@0.2.0" + "url": "https://github.com/medikoo/es5-ext/tree/ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", - "dependsOn": [ - "npm@10.8.0|ansi-regex@5.0.1" - ] + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|wrap-ansi@7.0.0", - "dependsOn": [ - "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", - "npm@10.8.0|string-width@4.2.3", - "npm@10.8.0|strip-ansi@6.0.1" - ] - }, + "url": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ea1c5e25868bd75d1af5be531094a3d20a23c87400980d9c8793acfb2482880d5019d4baf7b5d6635a73b2b4a3a80f4b0c4120741fcaca9225479f5170bb8763" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", - "dependsOn": [ - "npm@10.8.0|color-convert@2.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/ext" + } + ] + }, + { + "type": "library", + "name": "esniff", + "version": "2.0.1", + "bom-ref": "esniff@2.0.1", + "author": "Mariusz Nowak", + "description": "Low footprint ECMAScript source code parser", + "licenses": [ { - "ref": "npm@10.8.0|color-convert@2.0.1", - "dependsOn": [ - "npm@10.8.0|color-name@1.1.4" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/esniff@2.0.1", + "externalReferences": [ { - "ref": "npm@10.8.0|color-name@1.1.4" + "url": "git+https://github.com/medikoo/esniff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|wrap-ansi@8.1.0", - "dependsOn": [ - "npm@10.8.0|ansi-styles@6.2.1", - "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", - "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" - ] + "url": "https://github.com/medikoo/esniff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", - "dependsOn": [ - "npm@10.8.0|eastasianwidth@0.2.0", - "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", - "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" - ] + "url": "https://github.com/medikoo/esniff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2" - }, + "url": "https://registry.npmjs.org/esniff/-/esniff-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91350818a43f9833c5a09d2855f726c899f88810d1a6d8cd548cf020547bb6a59775523dc5f03644cc18fe06d2a491b79647563448cb6a9fcda951d9889b1d7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", - "dependsOn": [ - "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/esniff" + } + ] + }, + { + "type": "library", + "name": "event-emitter", + "version": "0.3.5", + "bom-ref": "event-emitter@0.3.5", + "author": "Mariusz Nowak", + "description": "Environment agnostic event emitter", + "licenses": [ { - "ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/event-emitter@0.3.5", + "externalReferences": [ { - "ref": "npm@10.8.0|ansi-styles@6.2.1" + "url": "git://github.com/medikoo/event-emitter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0" + "url": "https://github.com/medikoo/event-emitter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|path-scurry@1.11.1", - "dependsOn": [ - "npm@10.8.0|lru-cache@10.2.2", - "npm@10.8.0|minipass@7.1.1" - ] + "url": "https://github.com/medikoo/event-emitter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|graceful-fs@4.2.11" - }, + "url": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fdad19fdcbb90b3e727e84cabb4bf9e1be82b0c2f5496a1062d813e6c776ef6ec11d2b75bd8a2f1c0521a33feef6fcb9cce27e9fa37f9d9025f915e4d0aee5c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|init-package-json@6.0.3", - "dependsOn": [ - "npm@10.8.0|@npmcli/package-json@5.1.0", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|promzard@1.0.2", - "npm@10.8.0|read@3.0.1", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|validate-npm-package-license@3.0.4", - "npm@10.8.0|validate-npm-package-name@5.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/event-emitter" + } + ] + }, + { + "type": "library", + "name": "next-tick", + "version": "1.1.0", + "bom-ref": "next-tick@1.1.0", + "author": "Mariusz Nowak", + "description": "Environment agnostic nextTick polyfill", + "licenses": [ { - "ref": "npm@10.8.0|promzard@1.0.2", - "dependsOn": [ - "npm@10.8.0|read@3.0.1" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/next-tick@1.1.0", + "externalReferences": [ { - "ref": "npm@10.8.0|read@3.0.1", - "dependsOn": [ - "npm@10.8.0|mute-stream@1.0.0" - ] + "url": "git://github.com/medikoo/next-tick.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|validate-npm-package-license@3.0.4", - "dependsOn": [ - "npm@10.8.0|spdx-correct@3.2.0", - "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1" - ] + "url": "https://github.com/medikoo/next-tick#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", - "dependsOn": [ - "npm@10.8.0|spdx-exceptions@2.5.0", - "npm@10.8.0|spdx-license-ids@3.0.17" - ] + "url": "https://github.com/medikoo/next-tick/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|spdx-correct@3.2.0", - "dependsOn": [ - "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", - "npm@10.8.0|spdx-license-ids@3.0.17" - ] - }, + "url": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977548897a66ec363b93a10bf16b23d917d56a86dee17b0b2fcb6b0e59a7cbbe2d9ac1f963f66382e9b1c8839d28ad7f0826f58a63dc1843fcc1da4a203ec95" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", - "dependsOn": [ - "npm@10.8.0|spdx-exceptions@2.5.0", - "npm@10.8.0|spdx-license-ids@3.0.17" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/next-tick" + } + ] + }, + { + "type": "library", + "name": "memoizee", + "version": "0.4.15", + "bom-ref": "memoizee@0.4.15", + "author": "Mariusz Nowak", + "description": "Memoize/cache function results", + "licenses": [ { - "ref": "npm@10.8.0|spdx-exceptions@2.5.0" - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/memoizee@0.4.15", + "externalReferences": [ { - "ref": "npm@10.8.0|spdx-license-ids@3.0.17" + "url": "git://github.com/medikoo/memoizee.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|validate-npm-package-name@5.0.1" + "url": "https://github.com/medikoo/memoizee#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|is-cidr@5.0.5", - "dependsOn": [ - "npm@10.8.0|cidr-regex@4.0.5" - ] + "url": "https://github.com/medikoo/memoizee/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|cidr-regex@4.0.5", - "dependsOn": [ - "npm@10.8.0|ip-regex@5.0.0" - ] - }, + "url": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5015a62692d97794933e6ecf31494ec3f4d2cbdef633ecfc81cc90e6f78e9d20d1444cffd1b9a9c937cab77ff9d4384406a099427d6e74cff97e57123d886475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|ip-regex@5.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/memoizee" + } + ] + }, + { + "type": "library", + "name": "es6-weak-map", + "version": "2.0.3", + "bom-ref": "es6-weak-map@2.0.3", + "author": "Mariusz Nowak", + "description": "ECMAScript6 WeakMap polyfill", + "licenses": [ { - "ref": "npm@10.8.0|libnpmaccess@8.0.6", - "dependsOn": [ - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|npm-registry-fetch@17.0.1" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-weak-map@2.0.3", + "externalReferences": [ { - "ref": "npm@10.8.0|libnpmdiff@6.1.2", - "dependsOn": [ - "npm@10.8.0|@npmcli/arborist@7.5.2", - "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", - "npm@10.8.0|binary-extensions@2.3.0", - "npm@10.8.0|diff@5.2.0", - "npm@10.8.0|minimatch@9.0.4", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|pacote@18.0.6", - "npm@10.8.0|tar@6.2.1" - ] + "url": "git://github.com/medikoo/es6-weak-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|binary-extensions@2.3.0" + "url": "https://github.com/medikoo/es6-weak-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|diff@5.2.0" + "url": "https://github.com/medikoo/es6-weak-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|libnpmexec@8.1.1", - "dependsOn": [ - "npm@10.8.0|@npmcli/arborist@7.5.2", - "npm@10.8.0|@npmcli/run-script@8.1.0", - "npm@10.8.0|ci-info@4.0.0", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|pacote@18.0.6", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|read-package-json-fast@3.0.2", - "npm@10.8.0|read@3.0.1", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|walk-up-path@3.0.1" - ] - }, + "url": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79ba6df61ce4ced643fec3b3d19c1fb9950e3767a9aeb8cb8831f7ef0cdf1907819c9e32c157acc64ada5b01220c9380c202f11a6a685edb387209bfd05d7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|libnpmfund@5.0.10", - "dependsOn": [ - "npm@10.8.0|@npmcli/arborist@7.5.2" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/es6-weak-map" + } + ] + }, + { + "type": "library", + "name": "is-promise", + "version": "2.2.2", + "bom-ref": "is-promise@2.2.2", + "author": "ForbesLindesay", + "description": "Test whether an object looks like a promises-a+ promise", + "licenses": [ { - "ref": "npm@10.8.0|libnpmhook@10.0.5", - "dependsOn": [ - "npm@10.8.0|aproba@2.0.0", - "npm@10.8.0|npm-registry-fetch@17.0.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-promise@2.2.2", + "externalReferences": [ { - "ref": "npm@10.8.0|aproba@2.0.0" + "url": "git+https://github.com/then/is-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|libnpmorg@6.0.6", - "dependsOn": [ - "npm@10.8.0|aproba@2.0.0", - "npm@10.8.0|npm-registry-fetch@17.0.1" - ] + "url": "https://github.com/then/is-promise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|libnpmpack@7.0.2", - "dependsOn": [ - "npm@10.8.0|@npmcli/arborist@7.5.2", - "npm@10.8.0|@npmcli/run-script@8.1.0", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|pacote@18.0.6" - ] + "url": "https://github.com/then/is-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|libnpmpublish@9.0.8", - "dependsOn": [ - "npm@10.8.0|ci-info@4.0.0", - "npm@10.8.0|normalize-package-data@6.0.1", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|npm-registry-fetch@17.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|sigstore@2.3.0", - "npm@10.8.0|ssri@10.0.6" - ] - }, + "url": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa53f8ffa94a5017d08d9da97714e166f2d401a7e665bf0e03115bf175ed890992df920d82bf3985d386a04b35db87b3d450a7649b7a8dabbf4fe6a5879f1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|sigstore@2.3.0", - "dependsOn": [ - "npm@10.8.0|@sigstore/bundle@2.3.1", - "npm@10.8.0|@sigstore/core@1.1.0", - "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", - "npm@10.8.0|@sigstore/sign@2.3.1", - "npm@10.8.0|@sigstore/tuf@2.3.3", - "npm@10.8.0|@sigstore/verify@1.2.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/is-promise" + } + ] + }, + { + "type": "library", + "name": "lru-queue", + "version": "0.1.0", + "bom-ref": "lru-queue@0.1.0", + "author": "Mariusz Nowak", + "description": "LRU Queue", + "licenses": [ { - "ref": "npm@10.8.0|@sigstore/bundle@2.3.1", - "dependsOn": [ - "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lru-queue@0.1.0", + "externalReferences": [ { - "ref": "npm@10.8.0|@sigstore/core@1.1.0" + "url": "git://github.com/medikoo/lru-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|@sigstore/sign@2.3.1", - "dependsOn": [ - "npm@10.8.0|@sigstore/bundle@2.3.1", - "npm@10.8.0|@sigstore/core@1.1.0", - "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", - "npm@10.8.0|make-fetch-happen@13.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|promise-retry@2.0.1" - ] + "url": "https://github.com/medikoo/lru-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|@sigstore/verify@1.2.0", - "dependsOn": [ - "npm@10.8.0|@sigstore/bundle@2.3.1", - "npm@10.8.0|@sigstore/core@1.1.0", - "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" - ] + "url": "https://github.com/medikoo/lru-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|libnpmsearch@7.0.5", - "dependsOn": [ - "npm@10.8.0|npm-registry-fetch@17.0.1" - ] - }, + "url": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06975892df44bc697c39f5870d03c8495a5c979c59b616fe5cfb1b10b8f90105f1202f08ae20d92106230493c49b9ad2e36d2c8d9d132c4cd172ae4a741858ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|libnpmteam@6.0.5", - "dependsOn": [ - "npm@10.8.0|aproba@2.0.0", - "npm@10.8.0|npm-registry-fetch@17.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/lru-queue" + } + ] + }, + { + "type": "library", + "name": "timers-ext", + "version": "0.1.7", + "bom-ref": "timers-ext@0.1.7", + "author": "Mariusz Nowak", + "description": "Timers extensions", + "licenses": [ { - "ref": "npm@10.8.0|libnpmversion@6.0.2", - "dependsOn": [ - "npm@10.8.0|@npmcli/git@5.0.7", - "npm@10.8.0|@npmcli/run-script@8.1.0", - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|semver@7.6.2" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/timers-ext@0.1.7", + "externalReferences": [ { - "ref": "npm@10.8.0|@npmcli/agent@2.2.2", - "dependsOn": [ - "npm@10.8.0|agent-base@7.1.1", - "npm@10.8.0|http-proxy-agent@7.0.2", - "npm@10.8.0|https-proxy-agent@7.0.4", - "npm@10.8.0|lru-cache@10.2.2", - "npm@10.8.0|socks-proxy-agent@8.0.3" - ] + "url": "git://github.com/medikoo/timers-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|agent-base@7.1.1", - "dependsOn": [ - "npm@10.8.0|debug@4.3.4" - ] + "url": "https://github.com/medikoo/timers-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|http-proxy-agent@7.0.2", - "dependsOn": [ - "npm@10.8.0|agent-base@7.1.1", - "npm@10.8.0|debug@4.3.4" - ] + "url": "https://github.com/medikoo/timers-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|https-proxy-agent@7.0.4", - "dependsOn": [ - "npm@10.8.0|agent-base@7.1.1", - "npm@10.8.0|debug@4.3.4" - ] - }, + "url": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fce4d50dcd349da1d4a14c86e4cba645d367bc493b5555f0fe7eee1a5d74a11042e9a331fe6c2a492d830f65bb0004ddb00c7edf269a88a17c49a736dfd0da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|socks-proxy-agent@8.0.3", - "dependsOn": [ - "npm@10.8.0|agent-base@7.1.1", - "npm@10.8.0|debug@4.3.4", - "npm@10.8.0|socks@2.8.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/timers-ext" + } + ] + }, + { + "type": "library", + "name": "difflib", + "version": "0.2.4", + "bom-ref": "difflib@0.2.4", + "author": "Xueqiao Xu", + "description": "text diff library ported from Python's difflib module", + "licenses": [ { - "ref": "npm@10.8.0|socks@2.8.3", - "dependsOn": [ - "npm@10.8.0|ip-address@9.0.5", - "npm@10.8.0|smart-buffer@4.2.0" - ] - }, + "license": { + "name": "PSF", + "url": "http://docs.python.org/license.html" + } + } + ], + "purl": "pkg:npm/difflib@0.2.4", + "externalReferences": [ { - "ref": "npm@10.8.0|ip-address@9.0.5", - "dependsOn": [ - "npm@10.8.0|jsbn@1.1.0", - "npm@10.8.0|sprintf-js@1.1.3" - ] + "url": "git://github.com/qiao/difflib.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|jsbn@1.1.0" + "url": "https://github.com/qiao/difflib.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|sprintf-js@1.1.3" + "url": "https://github.com/qiao/difflib.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|smart-buffer@4.2.0" - }, + "url": "https://registry.npmjs.org/difflib/-/difflib-0.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5857098c6f4c101d036be49f66e814a3e9f938a5f1884c640e3acf83f4597e20d38358539fbe1214d6136fe86811d510680bff4d25cc2eefbcd2871574913ef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|http-cache-semantics@4.1.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/difflib" + } + ] + }, + { + "type": "library", + "name": "heap", + "version": "0.2.7", + "bom-ref": "heap@0.2.7", + "author": "Xueqiao Xu", + "description": "binary heap (priority queue) algorithms (ported from Python's heapq module)", + "licenses": [ { - "ref": "npm@10.8.0|is-lambda@1.0.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/heap@0.2.7", + "externalReferences": [ { - "ref": "npm@10.8.0|minipass-fetch@3.0.5", - "dependsOn": [ - "npm@10.8.0|encoding@0.1.13", - "npm@10.8.0|minipass-sized@1.0.3", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|minizlib@2.1.2" - ] + "url": "git://github.com/qiao/heap.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|encoding@0.1.13", - "dependsOn": [ - "npm@10.8.0|iconv-lite@0.6.3" - ] + "url": "https://github.com/qiao/heap.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|iconv-lite@0.6.3", - "dependsOn": [ - "npm@10.8.0|safer-buffer@2.1.2" - ] + "url": "https://github.com/qiao/heap.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|safer-buffer@2.1.2" - }, + "url": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9bb1e8189241cefa1ffd3066e7e8a59c138e5c1d980f00da392d717b12f59d4f4c93d8482e4953b59c3814e5cf3e64e3f0a76bcc35aed816c26155c0d1f5276" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|minipass-sized@1.0.3", - "dependsOn": [ - "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/heap" + } + ] + }, + { + "type": "library", + "name": "dreamopt", + "version": "0.8.0", + "bom-ref": "dreamopt@0.8.0", + "author": "Andrey Tarantsov", + "description": "Command-line parser with readable syntax from your sweetest dreams", + "purl": "pkg:npm/dreamopt@0.8.0", + "externalReferences": [ { - "ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", - "dependsOn": [ - "npm@10.8.0|yallist@4.0.0" - ] + "url": "git://github.com/andreyvit/dreamopt.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|minizlib@2.1.2", - "dependsOn": [ - "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", - "npm@10.8.0|yallist@4.0.0" - ] + "url": "https://github.com/andreyvit/dreamopt.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", - "dependsOn": [ - "npm@10.8.0|yallist@4.0.0" - ] + "url": "https://github.com/andreyvit/dreamopt.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|negotiator@0.6.3" - }, + "url": "https://registry.npmjs.org/dreamopt/-/dreamopt-0.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf2253a7cfa60be1bee5d7e0b18fabddc931973f90317e345633d0b19739831540c4b9a2eb84c1a1590fe7803fa51017317b1bbb618c301ad93f136fdb7c1a32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|err-code@2.0.3" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/dreamopt" + } + ] + }, + { + "type": "library", + "name": "wordwrap", + "version": "1.0.0", + "bom-ref": "wordwrap@1.0.0", + "author": "James Halliday", + "description": "Wrap those words. Show them at what columns to start and stop.", + "licenses": [ { - "ref": "npm@10.8.0|retry@0.12.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wordwrap@1.0.0", + "externalReferences": [ { - "ref": "npm@10.8.0|brace-expansion@2.0.1", - "dependsOn": [ - "npm@10.8.0|balanced-match@1.0.2" - ] + "url": "git://github.com/substack/node-wordwrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|balanced-match@1.0.2" + "url": "https://github.com/substack/node-wordwrap#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|ms@2.1.3" + "url": "https://github.com/substack/node-wordwrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|env-paths@2.2.1" - }, + "url": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "82f57324594fc9c29ce5d64de323e43fcc3b0dcdfb06d3f5c9ccc49de39be2eab7e295d972faed45399657c5be5267be5c2c4a81b8ccfa77af93214f3326dde1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|exponential-backoff@3.1.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/wordwrap" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "version": "3.2.10", + "bom-ref": "jstoxml@3.2.10", + "author": "David Calhoun", + "description": "Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)", + "licenses": [ { - "ref": "npm@10.8.0|is-core-module@2.13.1", - "dependsOn": [ - "npm@10.8.0|hasown@2.0.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jstoxml@3.2.10", + "externalReferences": [ { - "ref": "npm@10.8.0|hasown@2.0.2", - "dependsOn": [ - "npm@10.8.0|function-bind@1.1.2" - ] + "url": "git://github.com/davidcalhoun/jstoxml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|function-bind@1.1.2" + "url": "http://github.com/davidcalhoun/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|npm-audit-report@5.0.0" + "url": "https://github.com/davidcalhoun/jstoxml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|npm-profile@10.0.0", - "dependsOn": [ - "npm@10.8.0|npm-registry-fetch@17.0.1", - "npm@10.8.0|proc-log@4.2.0" - ] - }, + "url": "https://registry.npmjs.org/jstoxml/-/jstoxml-3.2.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "735bf6085c4aae120f5abf9c3ab04e2569029646b945f5161b5d98d60ab2143e1dcca4e5c646ab9e2925c0e4ffeb047565f97ec76655223448411f431621b5ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|minipass-json-stream@1.0.1", - "dependsOn": [ - "npm@10.8.0|jsonparse@1.3.1", - "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/jstoxml" + } + ] + }, + { + "type": "library", + "name": "pretty", + "version": "2.0.0", + "bom-ref": "pretty@2.0.0", + "author": "Jon Schlinkert", + "description": "Some tweaks for beautifying HTML with js-beautify according to my preferences.", + "licenses": [ { - "ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", - "dependsOn": [ - "npm@10.8.0|yallist@4.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty@2.0.0", + "externalReferences": [ { - "ref": "npm@10.8.0|jsonparse@1.3.1" + "url": "git+https://github.com/jonschlinkert/pretty.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|npm-user-validate@2.0.1" + "url": "https://github.com/jonschlinkert/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|aggregate-error@3.1.0", - "dependsOn": [ - "npm@10.8.0|clean-stack@2.2.0", - "npm@10.8.0|indent-string@4.0.0" - ] + "url": "https://github.com/jonschlinkert/pretty/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|clean-stack@2.2.0" - }, + "url": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bdc54721813122369a2b99d60197e3e16b9d20394a2f4f5f08bc07bb118319d7f7fd5bf59630f467fb123af325cd3149374171c3c28ff5c15ff835e8d535ed7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|indent-string@4.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/pretty" + } + ] + }, + { + "type": "library", + "name": "condense-newlines", + "version": "0.2.1", + "bom-ref": "condense-newlines@0.2.1", + "author": "Jon Schlinkert", + "description": "Replace extraneous newlines with a single newline, or pass a specified number of newlines to use.", + "licenses": [ { - "ref": "npm@10.8.0|npm-packlist@8.0.2", - "dependsOn": [ - "npm@10.8.0|ignore-walk@6.0.5" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/condense-newlines@0.2.1", + "externalReferences": [ { - "ref": "npm@10.8.0|ignore-walk@6.0.5", - "dependsOn": [ - "npm@10.8.0|minimatch@9.0.4" - ] + "url": "git+https://github.com/jonschlinkert/condense-newlines.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|just-diff-apply@5.5.0" + "url": "https://github.com/jonschlinkert/condense-newlines", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|just-diff@6.0.2" + "url": "https://github.com/jonschlinkert/condense-newlines/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|qrcode-terminal@0.12.0" - }, + "url": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fb5fe40bf476fd07f73c1c8e411452a68e006ed97a50b85f7c599f5790ef9d046824e57830890cfba354a6a6094d588777e7cd54712d1214059fa0884c1cf7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|mute-stream@1.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/condense-newlines" + } + ] + }, + { + "type": "library", + "name": "extend-shallow", + "version": "2.0.1", + "bom-ref": "extend-shallow@2.0.1", + "author": "Jon Schlinkert", + "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "licenses": [ { - "ref": "npm@10.8.0|spdx-expression-parse@4.0.0", - "dependsOn": [ - "npm@10.8.0|spdx-exceptions@2.5.0", - "npm@10.8.0|spdx-license-ids@3.0.17" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extend-shallow@2.0.1", + "externalReferences": [ { - "ref": "npm@10.8.0|supports-color@9.4.0" + "url": "git+https://github.com/jonschlinkert/extend-shallow.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm@10.8.0|chownr@2.0.0" + "url": "https://github.com/jonschlinkert/extend-shallow", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "npm@10.8.0|mkdirp@1.0.4" + "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "npm@10.8.0|text-table@0.2.0" - }, + "url": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc29d3b65c4da0088373782a636698016171ed759689ab2e1762bc31ee566cdf28b4729350a0708cfb4da51b3fadb5199bb2b158068d8fb3f56bfa79d866d5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "npm@10.8.0|tiny-relative-date@1.3.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/extend-shallow" + } + ] + }, + { + "type": "library", + "name": "is-whitespace", + "version": "0.3.0", + "bom-ref": "is-whitespace@0.3.0", + "author": "Jon Schlinkert", + "description": "Returns true if the value passed is all whitespace.", + "purl": "pkg:npm/is-whitespace@0.3.0", + "externalReferences": [ { - "ref": "@oclif/plugin-version@2.2.2", - "dependsOn": [ - "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", - "ansis@3.2.0" - ] + "url": "git://github.com/jonschlinkert/is-whitespace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", - "dependsOn": [ - "ansi-escapes@4.3.2", - "ansis@3.2.0", - "clean-stack@3.0.1", - "cli-spinners@2.9.2", - "cosmiconfig@9.0.0", - "@oclif/plugin-version@2.2.2|debug@4.3.5", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "minimatch@9.0.4", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "supports-color@8.1.1", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] + "url": "https://github.com/jonschlinkert/is-whitespace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", - "dependsOn": [ - "@oclif/plugin-version@2.2.2|ms@2.1.2" - ] + "url": "https://github.com/jonschlinkert/is-whitespace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@oclif/plugin-version@2.2.2|ms@2.1.2" - }, + "url": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47274f865e12e89c00ca3d09263b215891051ba84dc9ede964505165a4d47d9170187c73a6935a34e56042e4bf13f4a586b029b8c5eba672b51042177dda370e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4", - "dependsOn": [ - "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", - "ansis@3.2.0", - "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", - "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", - "lodash@4.17.21" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/is-whitespace" + } + ] + }, + { + "type": "library", + "name": "kind-of", + "version": "3.2.2", + "bom-ref": "kind-of@3.2.2", + "author": "Jon Schlinkert", + "description": "Get the native type of a value.", + "licenses": [ { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", - "dependsOn": [ - "ansi-escapes@4.3.2", - "ansis@3.2.0", - "clean-stack@3.0.1", - "cli-spinners@2.9.2", - "cosmiconfig@9.0.0", - "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "minimatch@9.0.4", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "supports-color@8.1.1", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@3.2.2", + "externalReferences": [ { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", - "dependsOn": [ - "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" - ] + "url": "git+https://github.com/jonschlinkert/kind-of.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", - "dependsOn": [ - "content-type@1.0.5", - "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", - "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", - "is-stream@2.0.1", - "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", - "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0" - ] + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", - "dependsOn": [ - "error-ex@1.3.2", - "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" - ] - }, + "url": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e5bd4105cca191a0fe8aa754da0d4d320510889dd7adbb5827df50124474cc58029abb98d13b0a9cee7083dcf99420db93e17a3ec8252997de13bea1b94eb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/kind-of" + } + ] + }, + { + "type": "library", + "name": "is-buffer", + "version": "1.1.6", + "bom-ref": "is-buffer@1.1.6", + "author": "Feross Aboukhadijeh", + "description": "Determine if an object is a Buffer", + "licenses": [ { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-buffer@1.1.6", + "externalReferences": [ { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", - "dependsOn": [ - "safe-buffer@5.2.1" - ] + "url": "git://github.com/feross/is-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "content-type@1.0.5" + "url": "https://github.com/feross/is-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "is-stream@2.0.1" + "url": "https://github.com/feross/is-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "is-arrayish@0.2.1" - }, + "url": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "safe-buffer@5.2.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/is-buffer" + } + ] + }, + { + "type": "library", + "name": "is-extendable", + "version": "0.1.1", + "bom-ref": "is-extendable@0.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"", + "licenses": [ { - "ref": "@oclif/test@3.2.15", - "dependsOn": [ - "@oclif/core@3.26.9", - "chai@4.4.1", - "fancy-test@3.0.15" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extendable@0.1.1", + "externalReferences": [ { - "ref": "chai@4.4.1", - "dependsOn": [ - "assertion-error@1.1.0", - "check-error@1.0.3", - "deep-eql@4.1.3", - "get-func-name@2.0.2", - "loupe@2.3.7", - "pathval@1.1.1", - "type-detect@4.0.8" - ] + "url": "git+https://github.com/jonschlinkert/is-extendable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "fancy-test@3.0.15", - "dependsOn": [ - "@types/chai@4.3.14", - "@types/lodash@4.17.4", - "@types/node@20.14.1", - "@types/sinon@17.0.3", - "lodash@4.17.21", - "mock-stdin@1.0.0", - "nock@13.5.4", - "sinon@16.1.3", - "stdout-stderr@0.1.13" - ] + "url": "https://github.com/jonschlinkert/is-extendable", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@types/chai@4.3.14" + "url": "https://github.com/jonschlinkert/is-extendable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@types/sinon@17.0.3", - "dependsOn": [ - "@types/sinonjs__fake-timers@8.1.5" - ] - }, + "url": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e413142cda1bd6f8055fa123430e62cd60f1ade7162bd00cef6aee80daf44c595d30e8b47e3e8993ecde288b74c468f87047d0209b61e30dce296389e1ff8017" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@types/sinonjs__fake-timers@8.1.5" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/is-extendable" + } + ] + }, + { + "type": "library", + "name": "js-beautify", + "version": "1.15.1", + "bom-ref": "js-beautify@1.15.1", + "author": "Einar Lielmanis", + "description": "beautifier.io for node", + "licenses": [ { - "ref": "mock-stdin@1.0.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-beautify@1.15.1", + "externalReferences": [ { - "ref": "nock@13.5.4", - "dependsOn": [ - "debug@4.3.4", - "json-stringify-safe@5.0.1", - "propagate@2.0.1" - ] + "url": "git://github.com/beautifier/js-beautify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "json-stringify-safe@5.0.1" + "url": "https://beautifier.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "propagate@2.0.1" + "url": "https://github.com/beautifier/js-beautify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "sinon@16.1.3", - "dependsOn": [ - "@sinonjs/commons@3.0.1", - "@sinonjs/fake-timers@10.3.0", - "@sinonjs/samsam@8.0.0", - "sinon@16.1.3|diff@5.2.0", - "nise@5.1.9", - "sinon@16.1.3|supports-color@7.2.0" - ] - }, + "url": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1128cdcd296dfec584f2c722647f24045f013e5c173f0851ea958a030f1bc380708fe899727296e8e35652eb49ede39bb81650a6221bf12ece62ca56acab7bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "sinon@16.1.3|diff@5.2.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify" + } + ] + }, + { + "type": "library", + "name": "config-chain", + "version": "1.1.13", + "bom-ref": "config-chain@1.1.13", + "author": "Dominic Tarr", + "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", + "purl": "pkg:npm/config-chain@1.1.13", + "externalReferences": [ { - "ref": "sinon@16.1.3|supports-color@7.2.0", - "dependsOn": [ - "has-flag@4.0.0" - ] + "url": "git+https://github.com/dominictarr/config-chain.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@sinonjs/commons@3.0.1", - "dependsOn": [ - "type-detect@4.0.8" - ] + "url": "http://github.com/dominictarr/config-chain", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@sinonjs/fake-timers@10.3.0", - "dependsOn": [ - "@sinonjs/commons@3.0.1" - ] + "url": "https://github.com/dominictarr/config-chain/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@sinonjs/samsam@8.0.0", - "dependsOn": [ - "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", - "lodash.get@4.4.2", - "type-detect@4.0.8" - ] - }, + "url": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa3f9ff003c04571eb33486b6aa5d86f6fdb395495e0fbc9425359fc3563d10ae634cdaad9eba2ce47ae55c910e7b27e5b49911fa1ef8be939d0ce09ba5d9545" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", - "dependsOn": [ - "type-detect@4.0.8" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/config-chain" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "1.3.8", + "bom-ref": "ini@1.3.8", + "author": "Isaac Z. Schlueter", + "description": "An ini encoder/decoder for node", + "licenses": [ { - "ref": "lodash.get@4.4.2" - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@1.3.8", + "externalReferences": [ { - "ref": "nise@5.1.9", - "dependsOn": [ - "@sinonjs/commons@3.0.1", - "nise@5.1.9|@sinonjs/fake-timers@11.2.2", - "@sinonjs/text-encoding@0.7.2", - "just-extend@6.2.0", - "nise@5.1.9|path-to-regexp@6.2.2" - ] + "url": "git://github.com/isaacs/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", - "dependsOn": [ - "@sinonjs/commons@3.0.1" - ] + "url": "https://github.com/isaacs/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "nise@5.1.9|path-to-regexp@6.2.2" + "url": "https://github.com/isaacs/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@sinonjs/text-encoding@0.7.2" - }, + "url": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "255ff2ba0576bb35b988c4528990320ed41dfa7c6d5278de2edd1a70d770f7c90a2ebbee455c81f34b6c444384ef2bc65606a5859e913570a61079142812b17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "just-extend@6.2.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/ini" + } + ] + }, + { + "type": "library", + "name": "proto-list", + "version": "1.2.4", + "bom-ref": "proto-list@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "A utility for managing a prototype chain", + "licenses": [ { - "ref": "stdout-stderr@0.1.13", - "dependsOn": [ - "debug@4.3.4", - "strip-ansi@6.0.1" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proto-list@1.2.4", + "externalReferences": [ { - "ref": "@smithy/abort-controller@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/isaacs/proto-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@types/express@4.17.21", - "dependsOn": [ - "@types/body-parser@1.19.5", - "@types/express-serve-static-core@4.19.0", - "@types/qs@6.9.15", - "@types/serve-static@1.15.7" - ] + "url": "https://github.com/isaacs/proto-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@types/body-parser@1.19.5", - "dependsOn": [ - "@types/connect@3.4.38", - "@types/node@20.14.1" - ] + "url": "https://github.com/isaacs/proto-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@types/connect@3.4.38", - "dependsOn": [ - "@types/node@20.14.1" - ] - }, + "url": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bed2bff786a4c6c4cc85ed3f71b7e947eb323eeb3372ec21a958c9ab6e82b8d0e01468faf36a1105738fe4c269bf6afb26d13c32c89ea4622abef3930709f6bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@types/express-serve-static-core@4.19.0", - "dependsOn": [ - "@types/node@20.14.1", - "@types/qs@6.9.15", - "@types/range-parser@1.2.7", - "@types/send@0.17.4" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/proto-list" + } + ] + }, + { + "type": "library", + "name": "editorconfig", + "version": "1.0.4", + "bom-ref": "editorconfig@1.0.4", + "author": "EditorConfig Team", + "description": "EditorConfig File Locator and Interpreter for Node.js", + "licenses": [ { - "ref": "@types/qs@6.9.15" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/editorconfig@1.0.4", + "externalReferences": [ { - "ref": "@types/range-parser@1.2.7" + "url": "git://github.com/editorconfig/editorconfig-core-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@types/send@0.17.4", - "dependsOn": [ - "@types/mime@1.3.5", - "@types/node@20.14.1" - ] + "url": "https://github.com/editorconfig/editorconfig-core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@types/mime@1.3.5" + "url": "https://github.com/editorconfig/editorconfig-core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@types/serve-static@1.15.7", - "dependsOn": [ - "@types/http-errors@2.0.4", - "@types/node@20.14.1", - "@types/send@0.17.4" - ] - }, + "url": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fd41ed3c2964e5a98315bcc71322f300765d5c0d4b9bcd13582fe59f0386cb0cc1dee277a62a4a666339339c4d45c0b2aed04126cbaa1b8102b3309ae0e31f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@types/http-errors@2.0.4" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig" + } + ] + }, + { + "type": "library", + "name": "wasm", + "group": "@one-ini", + "version": "0.1.1", + "bom-ref": "@one-ini/wasm@0.1.1", + "description": "Parse EditorConfig-INI file contents into AST", + "licenses": [ { - "ref": "@types/fs-extra@11.0.4", - "dependsOn": [ - "@types/jsonfile@6.1.4", - "@types/node@20.14.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40one-ini/wasm@0.1.1", + "externalReferences": [ { - "ref": "@types/jsonfile@6.1.4", - "dependsOn": [ - "@types/node@20.14.1" - ] + "url": "git+https://github.com/one-ini/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@types/get-installed-path@4.0.3" + "url": "https://github.com/one-ini/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@types/jest@29.5.12", - "dependsOn": [ - "expect@29.7.0", - "pretty-format@29.7.0" - ] + "url": "https://github.com/one-ini/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "expect@29.7.0", - "dependsOn": [ - "@jest/expect-utils@29.7.0", - "jest-get-type@29.6.3", - "jest-matcher-utils@29.7.0", - "jest-message-util@29.7.0", - "jest-util@29.7.0" - ] - }, + "url": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eec921b5137f1849c489a0c96aa2f2ebbb829350d4a38154c88f287ba8c5fa68d3791d8e42b792e14497713bbf49b53cca7f357f6e75a9cfeceab98ac84acbf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@jest/expect-utils@29.7.0", - "dependsOn": [ - "jest-get-type@29.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@one-ini/wasm" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "10.0.1", + "bom-ref": "commander@10.0.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ { - "ref": "jest-get-type@29.6.3" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@10.0.1", + "externalReferences": [ { - "ref": "jest-matcher-utils@29.7.0", - "dependsOn": [ - "chalk@4.1.2", - "jest-diff@29.7.0", - "jest-get-type@29.6.3", - "pretty-format@29.7.0" - ] + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "jest-diff@29.7.0", - "dependsOn": [ - "chalk@4.1.2", - "diff-sequences@29.6.3", - "jest-get-type@29.6.3", - "pretty-format@29.7.0" - ] + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "diff-sequences@29.6.3" + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "pretty-format@29.7.0", - "dependsOn": [ - "@jest/schemas@29.6.3", - "pretty-format@29.7.0|ansi-styles@5.2.0", - "react-is@18.2.0" - ] - }, + "url": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb8320dad5ec8699446d21b3c7b6a6ccfc0a28e086ba84913ff0a311dc3093414e1a551baba94aba8c83653359926c47749b69e7885d7d8fc952b74bed77ddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "pretty-format@29.7.0|ansi-styles@5.2.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ { - "ref": "jest-message-util@29.7.0", - "dependsOn": [ - "@babel/code-frame@7.24.2", - "@jest/types@29.6.3", - "@types/stack-utils@2.0.3", - "chalk@4.1.2", - "graceful-fs@4.2.11", - "micromatch@4.0.5", - "pretty-format@29.7.0", - "slash@3.0.0", - "stack-utils@2.0.6" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1", + "externalReferences": [ { - "ref": "@jest/types@29.6.3", - "dependsOn": [ - "@jest/schemas@29.6.3", - "@types/istanbul-lib-coverage@2.0.6", - "@types/istanbul-reports@3.0.4", - "@types/node@20.14.1", - "@types/yargs@17.0.32", - "chalk@4.1.2" - ] + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "jest-util@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "jest-util@29.7.0|ci-info@3.9.0", - "graceful-fs@4.2.11", - "picomatch@2.3.1" - ] + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "jest-util@29.7.0|ci-info@3.9.0" + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@jest/schemas@29.6.3", - "dependsOn": [ - "@sinclair/typebox@0.27.8" - ] - }, + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7008bd0f1e33e902e9a50bc7ac2e422c15b27cec8bd7775b1cd5dc5a564c6035f45eb6d64c1d6ec01c14a5e02941d95accbe998ea22f5b074f1584142cad0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@sinclair/typebox@0.27.8" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "js-cookie", + "version": "3.0.5", + "bom-ref": "js-cookie@3.0.5", + "author": "Klaus Hartl", + "description": "A simple, lightweight JavaScript API for handling cookies", + "licenses": [ { - "ref": "@types/js-yaml@4.0.9" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-cookie@3.0.5", + "externalReferences": [ { - "ref": "@types/mocha@10.0.6" + "url": "git://github.com/js-cookie/js-cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@types/mock-fs@4.13.4", - "dependsOn": [ - "@types/node@20.14.1" - ] + "url": "https://github.com/js-cookie/js-cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "undici-types@5.26.5" + "url": "https://github.com/js-cookie/js-cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@types/objects-to-csv@1.3.3" - }, + "url": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70488910012821b59f09960a5a157016ebcf5f58044d160fc3a2e56932a8c43decd80917ce40a39e9ea1d15efba33caa8f48da92d789e18a83253f37d3e9551b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@types/prompt-sync@4.2.3" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/js-cookie" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.0", + "bom-ref": "nopt@7.2.0", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ { - "ref": "@types/tmp@0.2.6" - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.0", + "externalReferences": [ { - "ref": "@types/uuid@9.0.8" + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@typescript-eslint/eslint-plugin@7.12.0", - "dependsOn": [ - "@eslint-community/regexpp@4.10.0", - "@typescript-eslint/parser@7.7.1", - "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", - "@typescript-eslint/type-utils@7.12.0", - "@typescript-eslint/utils@7.12.0", - "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "eslint@8.57.0", - "graphemer@1.4.0", - "ignore@5.3.1", - "natural-compare@1.4.0", - "ts-api-utils@1.3.0" - ] + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", - "dependsOn": [ - "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", - "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0" - ] + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0" - }, + "url": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0950edc02761608be703316827a349e9d5f7a206bdfc7c9c8900e71b5bd00e348b31e28b27803ddd9a98283ae0612af5141639fe13180bed950a2db8a60a6418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "dependsOn": [ - "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", - "eslint-visitor-keys@3.4.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/nopt" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ { - "ref": "@eslint-community/regexpp@4.10.0" - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "externalReferences": [ { - "ref": "@typescript-eslint/parser@7.7.1", - "dependsOn": [ - "@typescript-eslint/scope-manager@7.7.1", - "@typescript-eslint/types@7.7.1", - "@typescript-eslint/typescript-estree@7.7.1", - "@typescript-eslint/visitor-keys@7.7.1", - "debug@4.3.4", - "eslint@8.57.0" - ] + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@typescript-eslint/scope-manager@7.7.1", - "dependsOn": [ - "@typescript-eslint/types@7.7.1", - "@typescript-eslint/visitor-keys@7.7.1" - ] + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@typescript-eslint/types@7.7.1" + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@typescript-eslint/visitor-keys@7.7.1", - "dependsOn": [ - "@typescript-eslint/types@7.7.1", - "eslint-visitor-keys@3.4.3" - ] - }, + "url": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ebf9a1d44daed98804b021dd634631e685beeb581953ed6f5daa221c7ae929eb9134d805bd2fbf8ebc07890841e5aa407f9a01ed407b135f689764762ca1fc85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@typescript-eslint/typescript-estree@7.7.1", - "dependsOn": [ - "@typescript-eslint/types@7.7.1", - "@typescript-eslint/visitor-keys@7.7.1", - "debug@4.3.4", - "globby@11.1.0", - "is-glob@4.0.3", - "minimatch@9.0.4", - "semver@7.6.2", - "ts-api-utils@1.3.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/abbrev" + } + ] + }, + { + "type": "library", + "name": "babel__core", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__core@7.20.5", + "description": "TypeScript definitions for @babel/core", + "licenses": [ { - "ref": "ts-api-utils@1.3.0", - "dependsOn": [ - "typescript@5.1.6" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__core@7.20.5#types/babel__core", + "externalReferences": [ { - "ref": "eslint-visitor-keys@3.4.3" - }, - { - "ref": "eslint@8.57.0", - "dependsOn": [ - "@eslint-community/eslint-utils@4.4.0", - "@eslint-community/regexpp@4.10.0", - "@eslint/eslintrc@2.1.4", - "@eslint/js@8.57.0", - "@humanwhocodes/config-array@0.11.14", - "@humanwhocodes/module-importer@1.0.1", - "@nodelib/fs.walk@1.2.8", - "@ungap/structured-clone@1.2.0", - "eslint@8.57.0|ajv@6.12.6", - "chalk@4.1.2", - "cross-spawn@7.0.3", - "debug@4.3.4", - "doctrine@3.0.0", - "escape-string-regexp@4.0.0", - "eslint-scope@7.2.2", - "eslint-visitor-keys@3.4.3", - "espree@9.6.1", - "esquery@1.5.0", - "esutils@2.0.3", - "fast-deep-equal@3.1.3", - "file-entry-cache@6.0.1", - "find-up@5.0.0", - "glob-parent@6.0.2", - "globals@13.24.0", - "graphemer@1.4.0", - "ignore@5.3.1", - "imurmurhash@0.1.4", - "is-glob@4.0.3", - "is-path-inside@3.0.3", - "js-yaml@4.1.0", - "json-stable-stringify-without-jsonify@1.0.1", - "levn@0.4.1", - "lodash.merge@4.6.2", - "eslint@8.57.0|minimatch@3.1.2", - "natural-compare@1.4.0", - "optionator@0.9.3", - "strip-ansi@6.0.1", - "text-table@0.2.0" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "eslint@8.57.0|ajv@6.12.6", - "dependsOn": [ - "fast-deep-equal@3.1.3", - "fast-json-stable-stringify@2.1.0", - "eslint@8.57.0|json-schema-traverse@0.4.1", - "uri-js@4.4.1" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "eslint@8.57.0|json-schema-traverse@0.4.1" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "eslint@8.57.0|minimatch@3.1.2", - "dependsOn": [ - "eslint@8.57.0|brace-expansion@1.1.11" - ] - }, + "url": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa8429ad9bf3e70405270303a9eb1e4575afdeba8cbe18296d715f5725a16f1f57e3b3ce200ea2ffe75779f12664aa0080e69375a22035232a30853ad72472cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "eslint@8.57.0|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__core" + } + ] + }, + { + "type": "library", + "name": "template", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/template@7.24.0", + "author": "The Babel Team", + "description": "Generate an AST from a string template.", + "licenses": [ { - "ref": "@typescript-eslint/type-utils@7.12.0", - "dependsOn": [ - "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", - "@typescript-eslint/utils@7.12.0", - "debug@4.3.4", - "eslint@8.57.0", - "ts-api-utils@1.3.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/template@7.24.0#packages/babel-template", + "externalReferences": [ { - "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", - "dependsOn": [ - "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", - "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "debug@4.3.4", - "globby@11.1.0", - "is-glob@4.0.3", - "minimatch@9.0.4", - "semver@7.6.2", - "ts-api-utils@1.3.0" - ] + "url": "git+https://github.com/babel/babel.git#packages/babel-template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0" + "url": "https://babel.dev/docs/en/next/babel-template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "dependsOn": [ - "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", - "eslint-visitor-keys@3.4.3" - ] + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20template%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@typescript-eslint/utils@7.12.0", - "dependsOn": [ - "@eslint-community/eslint-utils@4.4.0", - "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", - "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", - "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", - "eslint@8.57.0" - ] - }, + "url": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0647f6abc94c074005a57d0d144a926f1d4e9131dfd1ffb48fcda6930f99a73067924edef50974f3dd6f95f822fa41f03a4f2d4238901e9aa1e0b6926b47ca10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", - "dependsOn": [ - "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", - "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/template" + } + ] + }, + { + "type": "library", + "name": "bs-logger", + "version": "0.2.6", + "bom-ref": "bs-logger@0.2.6", + "author": "Huafu Gandon", + "description": "Bare simple logger for NodeJS", + "licenses": [ { - "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bs-logger@0.2.6", + "externalReferences": [ { - "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "dependsOn": [ - "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", - "eslint-visitor-keys@3.4.3" - ] + "url": "git+https://github.com/huafu/bs-logger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", - "dependsOn": [ - "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", - "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "debug@4.3.4", - "globby@11.1.0", - "is-glob@4.0.3", - "minimatch@9.0.4", - "semver@7.6.2", - "ts-api-utils@1.3.0" - ] + "url": "https://github.com/huafu/bs-logger#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@eslint-community/eslint-utils@4.4.0", - "dependsOn": [ - "eslint-visitor-keys@3.4.3", - "eslint@8.57.0" - ] + "url": "https://github.com/huafu/bs-logger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "graphemer@1.4.0" - }, + "url": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5df030a8c666e073b8723ca3afc6da8d7236283ac0013d075c0948c6a77778d95476097d4e46193603cee8aaabb9475924fbbea7b3166ea649b277e315b42a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "accurate-search@1.2.15" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/bs-logger" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "2.2.3", + "bom-ref": "json5@2.2.3", + "author": "Aseem Kishore", + "description": "JSON for Humans", + "licenses": [ { - "ref": "ajv@8.16.0", - "dependsOn": [ - "fast-deep-equal@3.1.3", - "json-schema-traverse@1.0.0", - "require-from-string@2.0.2", - "uri-js@4.4.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@2.2.3", + "externalReferences": [ { - "ref": "fast-deep-equal@3.1.3" + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "json-schema-traverse@1.0.0" + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "require-from-string@2.0.2" + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "uri-js@4.4.1", - "dependsOn": [ - "punycode@2.3.1" - ] - }, + "url": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e63967bb7b21d81f5e1c2dd54fa3283e18e1f7ad85fef8aa73af2949c125bdf2ddcd93e53c5ce97c15628e830b7375bf255c67facd8c035337873167f16acca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "punycode@2.3.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/json5" + } + ] + }, + { + "type": "library", + "name": "lodash.memoize", + "version": "4.1.2", + "bom-ref": "lodash.memoize@4.1.2", + "author": "John-David Dalton", + "description": "The lodash method `_.memoize` exported as a module.", + "licenses": [ { - "ref": "form-data@4.0.0", - "dependsOn": [ - "asynckit@0.4.0", - "combined-stream@1.0.8", - "mime-types@2.1.35" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.memoize@4.1.2", + "externalReferences": [ { - "ref": "proxy-from-env@1.1.0" + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "assertion-error@1.1.0" + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "check-error@1.0.3", - "dependsOn": [ - "get-func-name@2.0.2" - ] + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "get-func-name@2.0.2" - }, + "url": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b8fe3739a09d0cd30185dcb0760b8229a5b4e5753171ed94e59fe868cbf4a8fc18ae45227c39268b71bdb3acf88bd5d7f0f3a34e3f7c219f2d5b3b6976f802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "deep-eql@4.1.3", - "dependsOn": [ - "type-detect@4.0.8" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.memoize" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "3.26.9", + "bom-ref": "@oclif/core@3.26.9", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ { - "ref": "loupe@2.3.7", - "dependsOn": [ - "get-func-name@2.0.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@3.26.9", + "externalReferences": [ { - "ref": "pathval@1.1.1" + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "colors@1.4.0" + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "csv-parse@4.16.3" + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "dotenv@16.4.5" - }, + "url": "https://registry.npmjs.org/@oclif/core/-/core-3.26.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81e58c5deb60ec1eaa822bfeb42fc2221a94d1214e09f9fcc2a9f6cf462218139f9a81f37ade4a6968cf936eac8c05db27b7f3d03a7603f0186cd6ab94afa7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "eslint-config-oclif-typescript@1.0.3", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", - "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", - "eslint-plugin-mocha@9.0.0", - "eslint-plugin-node@11.1.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "group": "@types", + "version": "3.11.5", + "bom-ref": "@types/cli-progress@3.11.5", + "description": "TypeScript definitions for cli-progress", + "licenses": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", - "dependsOn": [ - "@typescript-eslint/experimental-utils@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", - "debug@4.3.4", - "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", - "functional-red-black-tree@1.0.1", - "ignore@5.3.1", - "regexpp@3.2.0", - "semver@7.6.2", - "tsutils@3.21.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/cli-progress@3.11.5#types/cli-progress", + "externalReferences": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", - "debug@4.3.4", - "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/cli-progress", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", - "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" - ] - }, + "url": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f83db3516ef88aca9a52e62bc11b214edbd3ce97248b980d87c94144e29e5019acc030cdc2c2429672f4e5f20bc4952bb1461e853ca2fc5e689d5fcef7a2ee2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", - "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", - "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", - "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", - "chalk@4.1.2", - "cross-spawn@7.0.3", - "debug@4.3.4", - "doctrine@3.0.0", - "enquirer@2.4.1", - "escape-string-regexp@4.0.0", - "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", - "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", - "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", - "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", - "esquery@1.5.0", - "esutils@2.0.3", - "fast-deep-equal@3.1.3", - "file-entry-cache@6.0.1", - "functional-red-black-tree@1.0.1", - "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", - "globals@13.24.0", - "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", - "import-fresh@3.3.0", - "imurmurhash@0.1.4", - "is-glob@4.0.3", - "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", - "json-stable-stringify-without-jsonify@1.0.1", - "levn@0.4.1", - "lodash.merge@4.6.2", - "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", - "natural-compare@1.4.0", - "optionator@0.9.3", - "progress@2.0.3", - "regexpp@3.2.0", - "semver@7.6.2", - "strip-ansi@6.0.1", - "strip-json-comments@3.1.1", - "table@6.8.2", - "text-table@0.2.0", - "v8-compile-cache@2.4.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/cli-progress" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.21.3", + "bom-ref": "type-fest@0.21.3", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6" - }, + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.21.3", + "externalReferences": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", - "dependsOn": [ - "@babel/highlight@7.24.2" - ] + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", - "debug@4.3.4", - "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", - "globals@13.24.0", - "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", - "import-fresh@3.3.0", - "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", - "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", - "strip-json-comments@3.1.1" - ] + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6" + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", - "dependsOn": [ - "fast-deep-equal@3.1.3", - "fast-json-stable-stringify@2.1.0", - "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", - "uri-js@4.4.1" - ] - }, + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b74af306af3b9b77d571db870d41612a6cb25fef5ea3a5908d9bdfe7511afccd10efe4f7ef8269d5a522c9497418ac69f0cfce113547483be69323e0bd7f97db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", - "dependsOn": [ - "acorn-jsx@5.3.2", - "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", - "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/type-fest" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1", + "externalReferences": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", - "esprima@4.0.1" - ] + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11" - ] + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", - "debug@4.3.4", - "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2" - ] + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1" - }, + "url": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "cardinal", + "version": "2.1.1", + "bom-ref": "cardinal@2.1.1", + "author": "Thorsten Lorenz", + "description": "Syntax highlights JavaScript code with ANSI colors to be printed to the terminal.", + "licenses": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", - "dependsOn": [ - "esrecurse@4.3.0", - "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cardinal@2.1.1", + "externalReferences": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + "url": "git://github.com/thlorenz/cardinal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" - ] + "url": "https://github.com/thlorenz/cardinal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + "url": "https://github.com/thlorenz/cardinal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1" - }, + "url": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "252af978e8281329ad607063356ca3acca9eb7d026da68898657ca35da8ba7ace878087428de5d44073195e723e66009ae64289a088e063df9c472eb163a81a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", - "dependsOn": [ - "is-glob@4.0.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/cardinal" + } + ] + }, + { + "type": "library", + "name": "ansicolors", + "version": "0.3.2", + "bom-ref": "ansicolors@0.3.2", + "author": "Thorsten Lorenz", + "description": "Functions that surround a string with ansicolor codes so it prints in color.", + "licenses": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansicolors@0.3.2", + "externalReferences": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + "url": "git://github.com/thlorenz/ansicolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] + "url": "https://github.com/thlorenz/ansicolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", - "debug@4.3.4", - "globby@11.1.0", - "is-glob@4.0.3", - "semver@7.6.2", - "tsutils@3.21.0" - ] + "url": "https://github.com/thlorenz/ansicolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", - "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" - ] - }, + "url": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "417bbb04facfdbd565951c47f06c01ef1e625f9a9628000c2ea2901964de2d656534734ea55309f7576cc50008597a63b96e70aafc6edc977f9d18eb27ed29aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", - "dependsOn": [ - "confusing-browser-globals@1.0.10", - "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/ansicolors" + } + ] + }, + { + "type": "library", + "name": "redeyed", + "version": "2.1.1", + "bom-ref": "redeyed@2.1.1", + "author": "Thorsten Lorenz", + "description": "Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.", + "licenses": [ { - "ref": "@typescript-eslint/experimental-utils@4.33.0", - "dependsOn": [ - "@types/json-schema@7.0.15", - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", - "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", - "eslint-utils@3.0.0", - "eslint@8.57.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/redeyed@2.1.1", + "externalReferences": [ { - "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", - "dependsOn": [ - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0" - ] + "url": "git://github.com/thlorenz/redeyed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0" + "url": "https://github.com/thlorenz/redeyed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", - "dependsOn": [ - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", - "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" - ] + "url": "https://github.com/thlorenz/redeyed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" - }, + "url": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14da461a8d43c9c600767aca17108c98a620a3f9882c0aad4586e47500fc129fc79363d0e7e684004c7e214ef5dd14c39ae05a1f473c3f9668ceeacdbb939b45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", - "dependsOn": [ - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", - "debug@4.3.4", - "globby@11.1.0", - "is-glob@4.0.3", - "semver@7.6.2", - "tsutils@3.21.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/redeyed" + } + ] + }, + { + "type": "library", + "name": "esprima", + "version": "4.0.1", + "bom-ref": "esprima@4.0.1", + "author": "Ariya Hidayat", + "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "licenses": [ { - "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", - "dependsOn": [ - "esrecurse@4.3.0", - "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" - ] - }, + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esprima@4.0.1", + "externalReferences": [ { - "ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + "url": "git+https://github.com/jquery/esprima.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@types/json-schema@7.0.15" + "url": "http://esprima.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "tsutils@3.21.0", - "dependsOn": [ - "tsutils@3.21.0|tslib@1.14.1", - "typescript@5.1.6" - ] + "url": "https://github.com/jquery/esprima/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "tsutils@3.21.0|tslib@1.14.1" - }, + "url": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "esrecurse@4.3.0", - "dependsOn": [ - "estraverse@5.3.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/esprima" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "4.0.0", + "bom-ref": "has-flag@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ { - "ref": "eslint-utils@3.0.0", - "dependsOn": [ - "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", - "eslint@8.57.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@4.0.0", + "externalReferences": [ { - "ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0" + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@babel/highlight@7.24.2", - "dependsOn": [ - "@babel/helper-validator-identifier@7.22.20", - "@babel/highlight@7.24.2|chalk@2.4.2", - "js-tokens@4.0.0", - "picocolors@1.0.0" - ] + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@babel/highlight@7.24.2|chalk@2.4.2", - "dependsOn": [ - "@babel/highlight@7.24.2|ansi-styles@3.2.1", - "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", - "@babel/highlight@7.24.2|supports-color@5.5.0" - ] + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", - "dependsOn": [ - "@babel/highlight@7.24.2|color-convert@1.9.3" - ] - }, + "url": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@babel/highlight@7.24.2|color-convert@1.9.3", - "dependsOn": [ - "@babel/highlight@7.24.2|color-name@1.1.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "3.0.1", + "bom-ref": "clean-stack@3.0.1", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ { - "ref": "@babel/highlight@7.24.2|color-name@1.1.3" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@3.0.1", + "externalReferences": [ { - "ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5" + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@babel/highlight@7.24.2|supports-color@5.5.0", - "dependsOn": [ - "@babel/highlight@7.24.2|has-flag@3.0.0" - ] + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@babel/highlight@7.24.2|has-flag@3.0.0" + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "globals@13.24.0", - "dependsOn": [ - "globals@13.24.0|type-fest@0.20.2" - ] - }, + "url": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "951f70362311715423481ddaef15c62eecf872be3026eb9795a0046d1bad1a8c104e6969ed1ef6fc33a0376d5ef237706e531697d50e24c2576ab5fde29cca76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "globals@13.24.0|type-fest@0.20.2" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/clean-stack" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "4.0.0", + "bom-ref": "escape-string-regexp@4.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ { - "ref": "doctrine@3.0.0", - "dependsOn": [ - "esutils@2.0.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@4.0.0", + "externalReferences": [ { - "ref": "enquirer@2.4.1", - "dependsOn": [ - "ansi-colors@4.1.1", - "strip-ansi@6.0.1" - ] + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "ansi-colors@4.1.1" + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "acorn-jsx@5.3.2", - "dependsOn": [ - "acorn@8.11.3" - ] + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "esquery@1.5.0", - "dependsOn": [ - "estraverse@5.3.0" - ] - }, + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4eda5c349dd7033c771aaf2c591cc96956a346cd2e57103660091d6f58e6d9890fcf81ba7a05050320379f9bed10865e7cf93959ae145db2ae4b97ca90959d80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "esutils@2.0.3" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "version": "3.12.0", + "bom-ref": "cli-progress@3.12.0", + "author": "Andi Dittrich", + "description": "easy to use progress-bar for command-line/terminal applications", + "licenses": [ { - "ref": "file-entry-cache@6.0.1", - "dependsOn": [ - "flat-cache@3.2.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-progress@3.12.0", + "externalReferences": [ { - "ref": "functional-red-black-tree@1.0.1" + "url": "git+https://github.com/npkgz/cli-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "imurmurhash@0.1.4" + "url": "https://github.com/npkgz/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "json-stable-stringify-without-jsonify@1.0.1" + "url": "https://github.com/npkgz/cli-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "levn@0.4.1", - "dependsOn": [ - "prelude-ls@1.2.1", - "type-check@0.4.0" - ] - }, + "url": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b51915dc7275012c26d7d4c78a22c85cb3bb226ef0953b8a9ef918693932a003de7ea8cd83b5bb0c7294946471cbdbf10ef6f2098424428cefa6db8c9060a0f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "lodash.merge@4.6.2" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/cli-progress" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "4.2.3", + "bom-ref": "color@4.2.3", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ { - "ref": "optionator@0.9.3", - "dependsOn": [ - "@aashutoshrathi/word-wrap@1.2.6", - "deep-is@0.1.4", - "optionator@0.9.3|fast-levenshtein@2.0.6", - "levn@0.4.1", - "prelude-ls@1.2.1", - "type-check@0.4.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@4.2.3", + "externalReferences": [ { - "ref": "optionator@0.9.3|fast-levenshtein@2.0.6" + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "progress@2.0.3" + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "regexpp@3.2.0" + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "table@6.8.2", - "dependsOn": [ - "ajv@8.16.0", - "lodash.truncate@4.4.2", - "slice-ansi@4.0.0", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1" - ] - }, + "url": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6b5deb94522186af2921f8278176ee487bb389c229c28106346dcec6091c72e71547cbe9a86aa9292ff8ea42ad0cb5039e61caea133e1a6dce5fd0ab54ed6e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "text-table@0.2.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-string", + "version": "1.9.1", + "bom-ref": "color-string@1.9.1", + "author": "Heather Arthur", + "description": "Parser and generator for CSS color strings", + "licenses": [ { - "ref": "v8-compile-cache@2.4.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-string@1.9.1", + "externalReferences": [ { - "ref": "confusing-browser-globals@1.0.10" + "url": "git+https://github.com/Qix-/color-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "eslint-plugin-mocha@9.0.0", - "dependsOn": [ - "eslint-utils@3.0.0", - "eslint@8.57.0", - "ramda@0.27.2" - ] + "url": "https://github.com/Qix-/color-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "ramda@0.27.2" + "url": "https://github.com/Qix-/color-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "eslint-plugin-node@11.1.0", - "dependsOn": [ - "eslint-plugin-es@3.0.1", - "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", - "eslint@8.57.0", - "ignore@5.3.1", - "eslint-plugin-node@11.1.0|minimatch@3.1.2", - "resolve@1.22.8", - "eslint-plugin-node@11.1.0|semver@6.3.1" - ] - }, + "url": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21ad56b0405a239d9bfac4ce346a7c780a4a033fe7d9b30fd97ab10cb16fe9cb3b116c4969b0bfc30555bbab7131c70bac74d5c8de55e9ba1119933b3ca7912" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", - "dependsOn": [ - "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/color-string" + } + ] + }, + { + "type": "library", + "name": "simple-swizzle", + "version": "0.2.2", + "bom-ref": "simple-swizzle@0.2.2", + "author": "Qix", + "description": "Simply swizzle your arguments", + "licenses": [ { - "ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/simple-swizzle@0.2.2", + "externalReferences": [ { - "ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", - "dependsOn": [ - "eslint-plugin-node@11.1.0|brace-expansion@1.1.11" - ] + "url": "git+https://github.com/qix-/node-simple-swizzle.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] + "url": "https://github.com/qix-/node-simple-swizzle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "eslint-plugin-node@11.1.0|semver@6.3.1" + "url": "https://github.com/qix-/node-simple-swizzle/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "eslint-plugin-es@3.0.1", - "dependsOn": [ - "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", - "eslint@8.57.0", - "regexpp@3.2.0" - ] - }, + "url": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "240fff910819b5bb98f379bec53fad5c9926267706313153f82fa0da1d91f6ec64608ac4db2cbdb2099c2e10a7c39eff5920fe121dc9f7b14f1031676d79c352" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", - "dependsOn": [ - "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle" + } + ] + }, + { + "type": "library", + "name": "ejs", + "version": "3.1.10", + "bom-ref": "ejs@3.1.10", + "author": "Matthew Eernisse", + "description": "Embedded JavaScript templates", + "licenses": [ { - "ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" - }, + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ejs@3.1.10", + "externalReferences": [ { - "ref": "eslint-config-oclif@4.0.0", - "dependsOn": [ - "eslint-config-xo-space@0.27.0", - "eslint-plugin-mocha@9.0.0", - "eslint-plugin-node@11.1.0", - "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0" - ] + "url": "git://github.com/mde/ejs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", - "dependsOn": [ - "@babel/helper-validator-identifier@7.22.20", - "eslint-config-oclif@4.0.0|ci-info@3.9.0", - "clean-regexp@1.0.0", - "eslint-template-visitor@2.3.2", - "eslint-utils@3.0.0", - "eslint@8.57.0", - "is-builtin-module@3.2.1", - "lodash@4.17.21", - "pluralize@8.0.0", - "read-pkg-up@7.0.1", - "regexp-tree@0.1.27", - "safe-regex@2.1.1", - "semver@7.6.2" - ] + "url": "https://github.com/mde/ejs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0" + "url": "https://github.com/mde/ejs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "eslint-config-xo-space@0.27.0", - "dependsOn": [ - "eslint-config-xo@0.35.0", - "eslint@8.57.0" - ] - }, + "url": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51e26615f3ab0104bc38958f678aad807c961316b4f3cfccb4ae54132a091851faedc0c45e4652be23a2291099e178a3d33c48dc9102818b37a0ac7e022cd004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "eslint-config-xo@0.35.0", - "dependsOn": [ - "confusing-browser-globals@1.0.10", - "eslint@8.57.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/ejs" + } + ] + }, + { + "type": "library", + "name": "jake", + "version": "10.8.7", + "bom-ref": "jake@10.8.7", + "author": "Matthew Eernisse", + "description": "JavaScript build tool, similar to Make or Rake", + "licenses": [ { - "ref": "@babel/helper-validator-identifier@7.22.20" - }, + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/jake@10.8.7", + "externalReferences": [ { - "ref": "clean-regexp@1.0.0", - "dependsOn": [ - "clean-regexp@1.0.0|escape-string-regexp@1.0.5" - ] + "url": "git://github.com/jakejs/jake.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + "url": "https://github.com/jakejs/jake#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "eslint-template-visitor@2.3.2", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/eslint-parser@7.24.1", - "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", - "eslint@8.57.0", - "esquery@1.5.0", - "multimap@1.1.0" - ] + "url": "https://github.com/jakejs/jake/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0" - }, + "url": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6438b768ff9f1bf2dc87207350cf34e158dd767c1f49fb1d798930b7c35c6ca46fa38ac592386ce39ea22c59f79366545af35ee22e3c5800836f36bc7e1ab6fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@babel/eslint-parser@7.24.1", - "dependsOn": [ - "@babel/core@7.24.4", - "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", - "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", - "eslint@8.57.0", - "@babel/eslint-parser@7.24.1|semver@6.3.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/jake" + } + ] + }, + { + "type": "library", + "name": "async", + "version": "3.2.5", + "bom-ref": "async@3.2.5", + "author": "Caolan McMahon", + "description": "Higher-order functions and common patterns for asynchronous code", + "licenses": [ { - "ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async@3.2.5", + "externalReferences": [ { - "ref": "@babel/eslint-parser@7.24.1|semver@6.3.1" + "url": "git+https://github.com/caolan/async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", - "dependsOn": [ - "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1" - ] + "url": "https://caolan.github.io/async/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", - "dependsOn": [ - "esrecurse@4.3.0", - "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" - ] + "url": "https://github.com/caolan/async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" - }, + "url": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da359caa69a2e1c8b54a9bf0e5bdd5b4e7531280ee9bf1e55f21ece5f44e4fa96c458332e6ff0427b445b8ccecad55bbab0c4af426500b12974e170bc4acbb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "multimap@1.1.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/async" + } + ] + }, + { + "type": "library", + "name": "filelist", + "version": "1.0.4", + "bom-ref": "filelist@1.0.4", + "author": "Matthew Eernisse", + "description": "Lazy-evaluating list of files, based on globs or regex patterns", + "licenses": [ { - "ref": "is-builtin-module@3.2.1", - "dependsOn": [ - "builtin-modules@3.3.0" - ] - }, + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/filelist@1.0.4", + "externalReferences": [ { - "ref": "pluralize@8.0.0" + "url": "git://github.com/mde/filelist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "read-pkg-up@7.0.1", - "dependsOn": [ - "read-pkg-up@7.0.1|find-up@4.1.0", - "read-pkg@5.2.0", - "read-pkg-up@7.0.1|type-fest@0.8.1" - ] + "url": "https://github.com/mde/filelist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "read-pkg-up@7.0.1|find-up@4.1.0", - "dependsOn": [ - "read-pkg-up@7.0.1|locate-path@5.0.0", - "path-exists@4.0.0" - ] + "url": "https://github.com/mde/filelist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "read-pkg-up@7.0.1|locate-path@5.0.0", - "dependsOn": [ - "read-pkg-up@7.0.1|p-locate@4.1.0" - ] - }, + "url": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c35704b9fdd2f83acb0902fb113ea4cfe82694975babd27bc970928cafce6423c0faa10dd56c85e1901fd186096b8fec84726b6b6b7f77fafc495e098bec7ef1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "read-pkg-up@7.0.1|p-locate@4.1.0", - "dependsOn": [ - "read-pkg-up@7.0.1|p-limit@2.3.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/filelist" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ { - "ref": "read-pkg-up@7.0.1|p-limit@2.3.0", - "dependsOn": [ - "p-try@2.2.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "externalReferences": [ { - "ref": "read-pkg-up@7.0.1|type-fest@0.8.1" + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "regexp-tree@0.1.27" + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "safe-regex@2.1.1", - "dependsOn": [ - "regexp-tree@0.1.27" - ] + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "eslint-plugin-unicorn@52.0.0", - "dependsOn": [ - "@babel/helper-validator-identifier@7.22.20", - "@eslint-community/eslint-utils@4.4.0", - "@eslint/eslintrc@2.1.4", - "ci-info@4.0.0", - "clean-regexp@1.0.0", - "core-js-compat@3.37.0", - "eslint@8.57.0", - "esquery@1.5.0", - "indent-string@4.0.0", - "is-builtin-module@3.2.1", - "jsesc@3.0.2", - "pluralize@8.0.0", - "read-pkg-up@7.0.1", - "regexp-tree@0.1.27", - "regjsparser@0.10.0", - "semver@7.6.2", - "strip-indent@3.0.0" - ] - }, + "url": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@eslint/eslintrc@2.1.4", - "dependsOn": [ - "@eslint/eslintrc@2.1.4|ajv@6.12.6", - "debug@4.3.4", - "espree@9.6.1", - "globals@13.24.0", - "ignore@5.3.1", - "import-fresh@3.3.0", - "js-yaml@4.1.0", - "@eslint/eslintrc@2.1.4|minimatch@3.1.2", - "strip-json-comments@3.1.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/balanced-match" + } + ] + }, + { + "type": "library", + "name": "concat-map", + "version": "0.0.1", + "bom-ref": "concat-map@0.0.1", + "author": "James Halliday", + "description": "concatenative mapdashery", + "licenses": [ { - "ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", - "dependsOn": [ - "fast-deep-equal@3.1.3", - "fast-json-stable-stringify@2.1.0", - "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", - "uri-js@4.4.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "externalReferences": [ { - "ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1" + "url": "git://github.com/substack/node-concat-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", - "dependsOn": [ - "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11" - ] + "url": "https://github.com/substack/node-concat-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] + "url": "https://github.com/substack/node-concat-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "espree@9.6.1", - "dependsOn": [ - "acorn-jsx@5.3.2", - "acorn@8.11.3", - "eslint-visitor-keys@3.4.3" - ] - }, + "url": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "parent-module@1.0.1", - "dependsOn": [ - "callsites@3.1.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/concat-map" + } + ] + }, + { + "type": "library", + "name": "get-package-type", + "version": "0.1.0", + "bom-ref": "get-package-type@0.1.0", + "author": "Corey Farrell", + "description": "Determine the `package.json#type` which applies to a location", + "licenses": [ { - "ref": "resolve-from@4.0.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-package-type@0.1.0", + "externalReferences": [ { - "ref": "ci-info@4.0.0" + "url": "git+https://github.com/cfware/get-package-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "core-js-compat@3.37.0", - "dependsOn": [ - "browserslist@4.23.0" - ] + "url": "https://github.com/cfware/get-package-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "browserslist@4.23.0", - "dependsOn": [ - "caniuse-lite@1.0.30001612", - "electron-to-chromium@1.4.747", - "node-releases@2.0.14", - "update-browserslist-db@1.0.13" - ] + "url": "https://github.com/cfware/get-package-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "caniuse-lite@1.0.30001612" - }, + "url": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cee2ad63ae0661f5a2ccd009d1fafd56ab6d6643622b6892e37d0bb481f38c112be9b5fc026db39b8b16e11a39c23596e5c02544bd6a00c4dc5db8cd00ed9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "electron-to-chromium@1.4.747" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/get-package-type" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "11.1.0", + "bom-ref": "globby@11.1.0", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ { - "ref": "node-releases@2.0.14" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@11.1.0", + "externalReferences": [ { - "ref": "update-browserslist-db@1.0.13", - "dependsOn": [ - "browserslist@4.23.0", - "escalade@3.1.2", - "picocolors@1.0.0" - ] + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "escalade@3.1.2" + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "estraverse@5.3.0" + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "builtin-modules@3.3.0" - }, + "url": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e121768ecf2d6c6fc232a1c6abb964a7d538e69c156cf00ca1732f37ae6c4d27cab6b96282023dc29c963e2a91925c2b9e00f7348b4e6456f54ab4fd6df52de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "jsesc@3.0.2" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/globby" + } + ] + }, + { + "type": "library", + "name": "array-union", + "version": "2.1.0", + "bom-ref": "array-union@2.1.0", + "author": "Sindre Sorhus", + "description": "Create an array of unique values, in order, from the input arrays", + "licenses": [ { - "ref": "p-try@2.2.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-union@2.1.0", + "externalReferences": [ { - "ref": "path-exists@4.0.0" + "url": "git+https://github.com/sindresorhus/array-union.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "read-pkg@5.2.0", - "dependsOn": [ - "@types/normalize-package-data@2.4.4", - "read-pkg@5.2.0|normalize-package-data@2.5.0", - "parse-json@5.2.0", - "read-pkg@5.2.0|type-fest@0.6.0" - ] + "url": "https://github.com/sindresorhus/array-union#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", - "dependsOn": [ - "read-pkg@5.2.0|hosted-git-info@2.8.9", - "resolve@1.22.8", - "read-pkg@5.2.0|semver@5.7.2", - "validate-npm-package-license@3.0.4" - ] + "url": "https://github.com/sindresorhus/array-union/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "read-pkg@5.2.0|hosted-git-info@2.8.9" - }, + "url": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1c6cb1a0e4d853208ceacb547ba1098277781287b0008ef331d7ea3be9068e79599810f3fdc479a5ff2bfdc4785aaeb4b0bfe9d0891c8d41043f04b7185ac8cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "read-pkg@5.2.0|semver@5.7.2" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/array-union" + } + ] + }, + { + "type": "library", + "name": "dir-glob", + "version": "3.0.1", + "bom-ref": "dir-glob@3.0.1", + "author": "Kevin Mårtensson", + "description": "Convert directories to glob compatible strings", + "licenses": [ { - "ref": "read-pkg@5.2.0|type-fest@0.6.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dir-glob@3.0.1", + "externalReferences": [ { - "ref": "@types/normalize-package-data@2.4.4" + "url": "git+https://github.com/kevva/dir-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "validate-npm-package-license@3.0.4", - "dependsOn": [ - "spdx-correct@3.2.0", - "spdx-expression-parse@3.0.1" - ] + "url": "https://github.com/kevva/dir-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "regjsparser@0.10.0", - "dependsOn": [ - "regjsparser@0.10.0|jsesc@0.5.0" - ] + "url": "https://github.com/kevva/dir-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "regjsparser@0.10.0|jsesc@0.5.0" - }, + "url": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a4ad6a7d191e0a5df28663338b993b86562d545857f0b37efb9fd71ce79fed6fa0eeab217aa5c43901b88712c85a0e963dbfaa1a4abd9708389d1a633077320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "strip-indent@3.0.0", - "dependsOn": [ - "min-indent@1.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/dir-glob" + } + ] + }, + { + "type": "library", + "name": "path-type", + "version": "4.0.0", + "bom-ref": "path-type@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", + "licenses": [ { - "ref": "min-indent@1.0.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-type@4.0.0", + "externalReferences": [ { - "ref": "@eslint/js@8.57.0" + "url": "git+https://github.com/sindresorhus/path-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@humanwhocodes/config-array@0.11.14", - "dependsOn": [ - "@humanwhocodes/object-schema@2.0.3", - "debug@4.3.4", - "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2" - ] + "url": "https://github.com/sindresorhus/path-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", - "dependsOn": [ - "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11" - ] + "url": "https://github.com/sindresorhus/path-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] - }, + "url": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@humanwhocodes/object-schema@2.0.3" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/path-type" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "5.3.1", + "bom-ref": "ignore@5.3.1", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.", + "licenses": [ { - "ref": "@humanwhocodes/module-importer@1.0.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@5.3.1", + "externalReferences": [ { - "ref": "@nodelib/fs.scandir@2.1.5", - "dependsOn": [ - "@nodelib/fs.stat@2.0.5", - "run-parallel@1.2.0" - ] + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "run-parallel@1.2.0", - "dependsOn": [ - "queue-microtask@1.2.3" - ] + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "queue-microtask@1.2.3" + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "fastq@1.17.1", - "dependsOn": [ - "reusify@1.0.4" - ] - }, + "url": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45cadcff22b68c8eaa707dddf891edbc3d354c8d98c91b630f9f9b7b384e1e50250d7fc0406bb6f95944bdfd0bebea6c0e412ecc93abddb0c9e8e617be4fc5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "reusify@1.0.4" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/ignore" + } + ] + }, + { + "type": "library", + "name": "hyperlinker", + "version": "1.0.0", + "bom-ref": "hyperlinker@1.0.0", + "author": "James Talmage", + "description": "Write hyperlinks in the terminal.", + "licenses": [ { - "ref": "@ungap/structured-clone@1.2.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hyperlinker@1.0.0", + "externalReferences": [ { - "ref": "path-key@3.1.1" + "url": "git+https://github.com/jamestalmage/hyperlinker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "shebang-command@2.0.0", - "dependsOn": [ - "shebang-regex@3.0.0" - ] + "url": "https://github.com/jamestalmage/hyperlinker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "shebang-regex@3.0.0" + "url": "https://github.com/jamestalmage/hyperlinker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "which@2.0.2", - "dependsOn": [ - "isexe@2.0.0" - ] - }, + "url": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f2f146e545614471f4ae21a6a3337e0b74f5c885bb356a3117fc104fbf6e09f9e9d255a11563adf143a9533bd551612e4b028821206d080c9fa9f883f329441" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "isexe@2.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/hyperlinker" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ { - "ref": "eslint-scope@7.2.2", - "dependsOn": [ - "esrecurse@4.3.0", - "estraverse@5.3.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0", + "externalReferences": [ { - "ref": "acorn@8.11.3" + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "flat-cache@3.2.0", - "dependsOn": [ - "flatted@3.3.1", - "keyv@4.5.4", - "rimraf@3.0.2" - ] + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "flatted@3.3.1" + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "keyv@4.5.4", - "dependsOn": [ - "json-buffer@3.0.1" - ] - }, + "url": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11d0c366ee00d8ec882bb2ebff6cc6fb0e6399bba4d435419c4c11110bc1ceca412640846d16bc1b153596085871a1890a745689b8c35e5abbefd5f5ff2e71c2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "json-buffer@3.0.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/indent-string" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "2.2.0", + "bom-ref": "is-wsl@2.2.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ { - "ref": "find-up@5.0.0", - "dependsOn": [ - "locate-path@6.0.0", - "path-exists@4.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@2.2.0", + "externalReferences": [ { - "ref": "locate-path@6.0.0", - "dependsOn": [ - "p-locate@5.0.0" - ] + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "p-locate@5.0.0", - "dependsOn": [ - "p-limit@3.1.0" - ] + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "is-extglob@2.1.1" + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "is-path-inside@3.0.3" - }, + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cacc0adad2b18951407018180d90766e4e865c9fe4ed5c7a5e0a09a430930c631d6c40361a092ca32414826b69c7d431a6eecde7d68067a21a154c168decbc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "prelude-ls@1.2.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "2.2.1", + "bom-ref": "is-docker@2.2.1", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ { - "ref": "type-check@0.4.0", - "dependsOn": [ - "prelude-ls@1.2.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@2.2.1", + "externalReferences": [ { - "ref": "@aashutoshrathi/word-wrap@1.2.6" + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "deep-is@0.1.4" + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "accepts@1.3.8", - "dependsOn": [ - "mime-types@2.1.35", - "negotiator@0.6.3" - ] + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "mime-types@2.1.35", - "dependsOn": [ - "mime-db@1.52.0" - ] - }, + "url": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17e8b604ab05ac7eba89a505734c280fcb0bcbc81eb64c13c2d3818efb39e82c780a024378a41ea9fcfcc0062249bf093a9ad68471f9a7becf6e6602bef52e5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "negotiator@0.6.3" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "natural-orderby", + "version": "2.0.3", + "bom-ref": "natural-orderby@2.0.3", + "author": "Olaf Ennen", + "description": "Lightweight and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-orderby@2.0.3", + "externalReferences": [ { - "ref": "array-flatten@1.1.1" + "url": "git+https://github.com/yobacca/natural-orderby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "body-parser@1.20.2", - "dependsOn": [ - "bytes@3.1.2", - "content-type@1.0.5", - "body-parser@1.20.2|debug@2.6.9", - "depd@2.0.0", - "destroy@1.2.0", - "http-errors@2.0.0", - "iconv-lite@0.4.24", - "on-finished@2.4.1", - "qs@6.11.0", - "raw-body@2.5.2", - "type-is@1.6.18", - "unpipe@1.0.0" - ] + "url": "https://yobacca.github.io/natural-orderby", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "body-parser@1.20.2|debug@2.6.9", - "dependsOn": [ - "body-parser@1.20.2|ms@2.0.0" - ] + "url": "https://github.com/yobacca/natural-orderby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "body-parser@1.20.2|ms@2.0.0" - }, + "url": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7b2931f1534094adc3977bad997eb6f9675de72ef3e149647fb28de416e954414d2c814965d99d0bc29b0b377e7578e383fa1446bbf17583eeb10df3de0fef9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "bytes@3.1.2" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/natural-orderby" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "1.1.33", + "bom-ref": "object-treeify@1.1.33", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ { - "ref": "depd@2.0.0" + "license": { + "id": "MIT" + } }, { - "ref": "destroy@1.2.0" - }, + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@1.1.33", + "externalReferences": [ { - "ref": "http-errors@2.0.0", - "dependsOn": [ - "depd@2.0.0", - "inherits@2.0.4", - "setprototypeof@1.2.0", - "statuses@2.0.1", - "toidentifier@1.0.1" - ] + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "iconv-lite@0.4.24", - "dependsOn": [ - "safer-buffer@2.1.2" - ] + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "safer-buffer@2.1.2" + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "on-finished@2.4.1", - "dependsOn": [ - "ee-first@1.1.1" - ] - }, + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1055630187f35aa5ac04c4473cc0172c20c8267a4c85d580a91ef11ba33a6b672ce8f305a65ffe676d30f730d6e2f9313857dd75e8012aaf517a17746f1584ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "qs@6.11.0", - "dependsOn": [ - "side-channel@1.0.6" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "password-prompt", + "version": "1.1.3", + "bom-ref": "password-prompt@1.1.3", + "author": "Jeff Dickey @jdxcode", + "description": "cross-platform masked or hidden prompt", + "licenses": [ { - "ref": "raw-body@2.5.2", - "dependsOn": [ - "bytes@3.1.2", - "http-errors@2.0.0", - "iconv-lite@0.4.24", - "unpipe@1.0.0" - ] - }, + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/password-prompt@1.1.3", + "externalReferences": [ { - "ref": "unpipe@1.0.0" + "url": "git+https://github.com/jdxcode/password-prompt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "type-is@1.6.18", - "dependsOn": [ - "media-typer@0.3.0", - "mime-types@2.1.35" - ] + "url": "https://github.com/jdxcode/password-prompt", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "content-disposition@0.5.4", - "dependsOn": [ - "safe-buffer@5.2.1" - ] + "url": "https://github.com/jdxcode/password-prompt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "cookie-signature@1.0.6" - }, + "url": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e4ae31b668996f174b7604c1f47b62c1fc41dfdcb72addf34ccf2e066077106e502f3a5f904238b52f1ed644132aa552bca7e291edb0a0ee8a80317b5d82acb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "cookie@0.6.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/password-prompt" + } + ] + }, + { + "type": "library", + "name": "slice-ansi", + "version": "4.0.0", + "bom-ref": "slice-ansi@4.0.0", + "description": "Slice a string with ANSI escape codes", + "licenses": [ { - "ref": "encodeurl@1.0.2" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slice-ansi@4.0.0", + "externalReferences": [ { - "ref": "escape-html@1.0.3" + "url": "git+https://github.com/chalk/slice-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "etag@1.8.1" + "url": "https://github.com/chalk/slice-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "finalhandler@1.2.0", - "dependsOn": [ - "finalhandler@1.2.0|debug@2.6.9", - "encodeurl@1.0.2", - "escape-html@1.0.3", - "on-finished@2.4.1", - "parseurl@1.3.3", - "statuses@2.0.1", - "unpipe@1.0.0" - ] + "url": "https://github.com/chalk/slice-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "finalhandler@1.2.0|debug@2.6.9", - "dependsOn": [ - "finalhandler@1.2.0|ms@2.0.0" - ] - }, + "url": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8c08c7e1634e347151d3e372bd045ca0a986d43c564a1ce83b2bbde6b5358945bf29c8fddfcdfe08c5de52cdd10943a311520fd606738bc60859b4a2aeac435" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "finalhandler@1.2.0|ms@2.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/slice-ansi" + } + ] + }, + { + "type": "library", + "name": "astral-regex", + "version": "2.0.0", + "bom-ref": "astral-regex@2.0.0", + "author": "Kevin Mårtensson", + "description": "Regular expression for matching astral symbols", + "licenses": [ { - "ref": "parseurl@1.3.3" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/astral-regex@2.0.0", + "externalReferences": [ { - "ref": "statuses@2.0.1" + "url": "git+https://github.com/kevva/astral-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "fresh@0.5.2" + "url": "https://github.com/kevva/astral-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "setprototypeof@1.2.0" + "url": "https://github.com/kevva/astral-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "toidentifier@1.0.1" - }, + "url": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67bb4cc35cad4d7b798ea31c38ff8e42d794d55b8d2bd634daeb89b4a4354afebd8d740a2a0e5c89b2f0189a30f32cd93fe780735f0498b18f6a5d1ba77eabbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "merge-descriptors@1.0.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/astral-regex" + } + ] + }, + { + "type": "library", + "name": "widest-line", + "version": "3.1.0", + "bom-ref": "widest-line@3.1.0", + "author": "Sindre Sorhus", + "description": "Get the visual width of the widest line in a string - the number of columns required to display it", + "licenses": [ { - "ref": "methods@1.1.2" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/widest-line@3.1.0", + "externalReferences": [ { - "ref": "ee-first@1.1.1" + "url": "git+https://github.com/sindresorhus/widest-line.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "path-to-regexp@0.1.7" + "url": "https://github.com/sindresorhus/widest-line#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "proxy-addr@2.0.7", - "dependsOn": [ - "forwarded@0.2.0", - "ipaddr.js@1.9.1" - ] + "url": "https://github.com/sindresorhus/widest-line/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "forwarded@0.2.0" - }, + "url": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36c9a85da96c5950cc1aea71679474f246bd7e56638e22ef1d501660e2ad88a33cba3b595abf5c45f7da93eb92138f3e39bf0e6da957a70c9e522c830fa40582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "ipaddr.js@1.9.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/widest-line" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ { - "ref": "side-channel@1.0.6", - "dependsOn": [ - "call-bind@1.0.7", - "es-errors@1.3.0", - "get-intrinsic@1.2.4", - "object-inspect@1.13.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ { - "ref": "call-bind@1.0.7", - "dependsOn": [ - "es-define-property@1.0.0", - "es-errors@1.3.0", - "function-bind@1.1.2", - "get-intrinsic@1.2.4", - "set-function-length@1.2.2" - ] + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "es-define-property@1.0.0", - "dependsOn": [ - "get-intrinsic@1.2.4" - ] + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "get-intrinsic@1.2.4", - "dependsOn": [ - "es-errors@1.3.0", - "function-bind@1.1.2", - "has-proto@1.0.3", - "has-symbols@1.0.3", - "hasown@2.0.2" - ] + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "es-errors@1.3.0" - }, + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "function-bind@1.1.2" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "plugin-help", + "group": "@oclif", + "version": "6.1.0", + "bom-ref": "@oclif/plugin-help@6.1.0", + "author": "Salesforce", + "description": "Standard help for oclif.", + "licenses": [ { - "ref": "set-function-length@1.2.2", - "dependsOn": [ - "define-data-property@1.1.4", - "es-errors@1.3.0", - "function-bind@1.1.2", - "get-intrinsic@1.2.4", - "gopd@1.0.1", - "has-property-descriptors@1.0.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-help@6.1.0", + "externalReferences": [ { - "ref": "define-data-property@1.1.4", - "dependsOn": [ - "es-define-property@1.0.0", - "es-errors@1.3.0", - "gopd@1.0.1" - ] + "url": "git+https://github.com/oclif/plugin-help.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "gopd@1.0.1", - "dependsOn": [ - "get-intrinsic@1.2.4" - ] + "url": "https://github.com/oclif/plugin-help", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "has-property-descriptors@1.0.2", - "dependsOn": [ - "es-define-property@1.0.0" - ] + "url": "https://github.com/oclif/plugin-help/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "has-proto@1.0.3" - }, + "url": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53e2cd28a69906ba07aa848622961b42691397c696d0d25c3bdb6bd3dd4b24e67be22a840e2ba97c14c232e9255bdb9365d585600a6a4e6b210ee07f238d63c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "has-symbols@1.0.3" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help" + } + ] + }, + { + "type": "library", + "name": "ansis", + "version": "3.2.0", + "bom-ref": "ansis@3.2.0", + "author": "webdiscus", + "description": "Colorize terminal with ANSI colors & styles", + "licenses": [ { - "ref": "hasown@2.0.2", - "dependsOn": [ - "function-bind@1.1.2" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ansis@3.2.0", + "externalReferences": [ { - "ref": "object-inspect@1.13.1" + "url": "git+https://github.com/webdiscus/ansis.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "range-parser@1.2.1" + "url": "https://github.com/webdiscus/ansis", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "send@0.18.0", - "dependsOn": [ - "send@0.18.0|debug@2.6.9", - "depd@2.0.0", - "destroy@1.2.0", - "encodeurl@1.0.2", - "escape-html@1.0.3", - "etag@1.8.1", - "fresh@0.5.2", - "http-errors@2.0.0", - "mime@1.6.0", - "ms@2.1.3", - "on-finished@2.4.1", - "range-parser@1.2.1", - "statuses@2.0.1" - ] + "url": "https://github.com/webdiscus/ansis/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "send@0.18.0|debug@2.6.9", - "dependsOn": [ - "send@0.18.0|debug@2.6.9|ms@2.0.0" - ] - }, + "url": "https://registry.npmjs.org/ansis/-/ansis-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "624dc19071fd53ba0fc8237780be5373b0a96a11bff9416fffa506d370b7d75572f65cd1980e6ea310d3a54f423b7ac61cbe8acc9cffa5d0de5d9099e4cbbf4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "send@0.18.0|debug@2.6.9|ms@2.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/ansis" + } + ] + }, + { + "type": "library", + "name": "cli-spinners", + "version": "2.9.2", + "bom-ref": "cli-spinners@2.9.2", + "author": "Sindre Sorhus", + "description": "Spinners for use in the terminal", + "licenses": [ { - "ref": "mime@1.6.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-spinners@2.9.2", + "externalReferences": [ { - "ref": "serve-static@1.15.0", - "dependsOn": [ - "encodeurl@1.0.2", - "escape-html@1.0.3", - "parseurl@1.3.3", - "send@0.18.0" - ] + "url": "git+https://github.com/sindresorhus/cli-spinners.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "media-typer@0.3.0" + "url": "https://github.com/sindresorhus/cli-spinners#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "utils-merge@1.0.1" + "url": "https://github.com/sindresorhus/cli-spinners/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "vary@1.1.2" - }, + "url": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb0a95fb9326c8be04ef26d780acace03ba065b5f4142e8b9f0ae18eeca42239caf64f0e41a710edac462a78c35d63619ecd31a2dddb648e61e791fcca8f5c26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "asynckit@0.4.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/cli-spinners" + } + ] + }, + { + "type": "library", + "name": "cosmiconfig", + "version": "9.0.0", + "bom-ref": "cosmiconfig@9.0.0", + "author": "Daniel Fischer", + "description": "Find and load configuration from a package.json property, rc file, TypeScript module, and more!", + "licenses": [ { - "ref": "combined-stream@1.0.8", - "dependsOn": [ - "delayed-stream@1.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cosmiconfig@9.0.0", + "externalReferences": [ { - "ref": "delayed-stream@1.0.0" + "url": "git+https://github.com/cosmiconfig/cosmiconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "mime-db@1.52.0" + "url": "https://github.com/cosmiconfig/cosmiconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "fs-extra@11.2.0", - "dependsOn": [ - "graceful-fs@4.2.11", - "jsonfile@6.1.0", - "universalify@2.0.1" - ] + "url": "https://github.com/cosmiconfig/cosmiconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "jsonfile@6.1.0", - "dependsOn": [ - "graceful-fs@4.2.11", - "universalify@2.0.1" - ] - }, + "url": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8adbcbe61f1111300298e4c573851f23207645f1078bbd40c7a13f3e2bd5c6af4db1e29b396a5ec8710e21b980c35aecf0093456eaec40dc30ee57fb62d530ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "universalify@2.0.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/cosmiconfig" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ { - "ref": "get-installed-path@4.0.8", - "dependsOn": [ - "global-modules@1.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1", + "externalReferences": [ { - "ref": "global-modules@1.0.0", - "dependsOn": [ - "global-prefix@1.0.2", - "is-windows@1.0.2", - "resolve-dir@1.0.1" - ] + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "global-prefix@1.0.2", - "dependsOn": [ - "expand-tilde@2.0.2", - "homedir-polyfill@1.0.3", - "ini@1.3.8", - "is-windows@1.0.2", - "global-prefix@1.0.2|which@1.3.1" - ] + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "global-prefix@1.0.2|which@1.3.1", - "dependsOn": [ - "isexe@2.0.0" - ] + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "expand-tilde@2.0.2", - "dependsOn": [ - "homedir-polyfill@1.0.3" - ] - }, + "url": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa1d6590b2a164c4d88e8835544a49346ecd64959cb9cd830e4feab2a49345108e5e22e3790d5dd7fb9dad41a1a8cc5480097028d67471fdaea9a9f918bb92d8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "homedir-polyfill@1.0.3", - "dependsOn": [ - "parse-passwd@1.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/env-paths" + } + ] + }, + { + "type": "library", + "name": "import-fresh", + "version": "3.3.0", + "bom-ref": "import-fresh@3.3.0", + "author": "Sindre Sorhus", + "description": "Import a module while bypassing the cache", + "licenses": [ { - "ref": "parse-passwd@1.0.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-fresh@3.3.0", + "externalReferences": [ { - "ref": "is-windows@1.0.2" + "url": "git+https://github.com/sindresorhus/import-fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "resolve-dir@1.0.1", - "dependsOn": [ - "expand-tilde@2.0.2", - "global-modules@1.0.0" - ] + "url": "https://github.com/sindresorhus/import-fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "domhandler@5.0.3", - "dependsOn": [ - "domelementtype@2.3.0" - ] + "url": "https://github.com/sindresorhus/import-fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "domutils@3.1.0", - "dependsOn": [ - "dom-serializer@2.0.0", - "domelementtype@2.3.0", - "domhandler@5.0.3" - ] - }, + "url": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bde6188506be0f54012b39ef8541f16fc7dac65af0527c6c78301b029e39ec4d302cd8a8d9b3922a78d80e1323f98880abad71acc1a1424f625d593917381033" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "dom-serializer@2.0.0", - "dependsOn": [ - "domelementtype@2.3.0", - "domhandler@5.0.3", - "entities@4.5.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/import-fresh" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "4.1.0", + "bom-ref": "js-yaml@4.1.0", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ { - "ref": "entities@4.5.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@4.1.0", + "externalReferences": [ { - "ref": "https@1.0.0" + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "inquirer-file-tree-selection-prompt@2.0.2", - "dependsOn": [ - "chalk@4.1.2", - "cli-cursor@3.1.0", - "figures@3.2.0", - "lodash@4.17.21", - "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1" - ] + "url": "https://github.com/nodeca/js-yaml#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", - "dependsOn": [ - "tslib@2.6.3" - ] + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "cli-cursor@3.1.0", - "dependsOn": [ - "restore-cursor@3.1.0" - ] - }, + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c29c59b3d368c596891122462194f20c4698a65d0529203e141f5a262c9e98a84cc24c5083ade1e13d4a2605061e94ea3c33517269982ee82b46326506d5af44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "restore-cursor@3.1.0", - "dependsOn": [ - "onetime@5.1.2", - "signal-exit@3.0.7" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "error-ex", + "version": "1.3.2", + "bom-ref": "error-ex@1.3.2", + "description": "Easy error subclassing and stack customization", + "licenses": [ { - "ref": "onetime@5.1.2", - "dependsOn": [ - "mimic-fn@2.1.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.2", + "externalReferences": [ { - "ref": "mimic-fn@2.1.0" + "url": "git+https://github.com/qix-/node-error-ex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "signal-exit@3.0.7" + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "figures@3.2.0", - "dependsOn": [ - "figures@3.2.0|escape-string-regexp@1.0.5" - ] + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "figures@3.2.0|escape-string-regexp@1.0.5" - }, - { - "ref": "inquirer@8.0.0", - "dependsOn": [ - "ansi-escapes@4.3.2", - "chalk@4.1.2", - "cli-cursor@3.1.0", - "cli-width@3.0.0", - "external-editor@3.1.0", - "figures@3.2.0", - "lodash@4.17.21", - "mute-stream@0.0.8", - "run-async@2.4.1", - "rxjs@6.6.7", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1", - "through@2.3.8" - ] - }, + "url": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "cli-width@3.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/error-ex" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "2.3.1", + "bom-ref": "json-parse-even-better-errors@2.3.1", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ { - "ref": "external-editor@3.1.0", - "dependsOn": [ - "chardet@0.7.0", - "iconv-lite@0.4.24", - "external-editor@3.1.0|tmp@0.0.33" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@2.3.1", + "externalReferences": [ { - "ref": "external-editor@3.1.0|tmp@0.0.33", - "dependsOn": [ - "os-tmpdir@1.0.2" - ] + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "chardet@0.7.0" + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "os-tmpdir@1.0.2" + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "mute-stream@0.0.8" - }, + "url": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c72170ca1ae8fc91287fa1a17b68b3d8d717a23dac96836c5abfd7b044432bfa223c27da36197938d7e9fa341d01945043420958dcc7f7321917b962f75921db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "run-async@2.4.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/json-parse-even-better-errors" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "5.1.6", + "bom-ref": "typescript@5.1.6", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ { - "ref": "rxjs@6.6.7", - "dependsOn": [ - "rxjs@6.6.7|tslib@1.14.1" - ] - }, + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@5.1.6", + "externalReferences": [ { - "ref": "rxjs@6.6.7|tslib@1.14.1" + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "through@2.3.8" + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "jest-mock@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "@types/node@20.14.1", - "jest-util@29.7.0" - ] + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@types/istanbul-lib-report@3.0.3", - "dependsOn": [ - "@types/istanbul-lib-coverage@2.0.6" - ] - }, + "url": "https://registry.npmjs.org/typescript/-/typescript-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cda582a33459e832c4580585ad50f3d47e85557cd449f4f2e4550c5ac42553c626e493fd78ee31913211385090be141feb5cfa3bf1baba0c374a0027bef9be1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@types/yargs-parser@21.0.3" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ { - "ref": "jest@29.7.0", - "dependsOn": [ - "@jest/core@29.7.0", - "@jest/types@29.6.3", - "import-local@3.1.0", - "jest-cli@29.7.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4", + "externalReferences": [ { - "ref": "@jest/core@29.7.0", - "dependsOn": [ - "@jest/console@29.7.0", - "@jest/reporters@29.7.0", - "@jest/test-result@29.7.0", - "@jest/transform@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "ansi-escapes@4.3.2", - "chalk@4.1.2", - "@jest/core@29.7.0|ci-info@3.9.0", - "exit@0.1.2", - "graceful-fs@4.2.11", - "jest-changed-files@29.7.0", - "jest-config@29.7.0", - "jest-haste-map@29.7.0", - "jest-message-util@29.7.0", - "jest-regex-util@29.6.3", - "jest-resolve-dependencies@29.7.0", - "jest-resolve@29.7.0", - "jest-runner@29.7.0", - "jest-runtime@29.7.0", - "jest-snapshot@29.7.0", - "jest-util@29.7.0", - "jest-validate@29.7.0", - "jest-watcher@29.7.0", - "micromatch@4.0.5", - "pretty-format@29.7.0", - "slash@3.0.0", - "strip-ansi@6.0.1" - ] + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@jest/core@29.7.0|ci-info@3.9.0" + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@jest/console@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "jest-message-util@29.7.0", - "jest-util@29.7.0", - "slash@3.0.0" - ] + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@jest/reporters@29.7.0", - "dependsOn": [ - "@bcoe/v8-coverage@0.2.3", - "@jest/console@29.7.0", - "@jest/test-result@29.7.0", - "@jest/transform@29.7.0", - "@jest/types@29.6.3", - "@jridgewell/trace-mapping@0.3.25", - "@types/node@20.14.1", - "chalk@4.1.2", - "collect-v8-coverage@1.0.2", - "exit@0.1.2", - "glob@7.2.3", - "graceful-fs@4.2.11", - "istanbul-lib-coverage@3.2.2", - "istanbul-lib-instrument@6.0.2", - "istanbul-lib-report@3.0.1", - "istanbul-lib-source-maps@4.0.1", - "istanbul-reports@3.1.7", - "jest-message-util@29.7.0", - "jest-util@29.7.0", - "jest-worker@29.7.0", - "slash@3.0.0", - "string-length@4.0.2", - "strip-ansi@6.0.1", - "v8-to-istanbul@9.2.0" - ] - }, + "url": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@jest/test-result@29.7.0", - "dependsOn": [ - "@jest/console@29.7.0", - "@jest/types@29.6.3", - "@types/istanbul-lib-coverage@2.0.6", - "collect-v8-coverage@1.0.2" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "plugin-plugins", + "group": "@oclif", + "version": "5.2.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2", + "author": "Salesforce", + "description": "plugins plugin for oclif", + "licenses": [ { - "ref": "@jest/transform@29.7.0", - "dependsOn": [ - "@babel/core@7.24.4", - "@jest/types@29.6.3", - "@jridgewell/trace-mapping@0.3.25", - "babel-plugin-istanbul@6.1.1", - "chalk@4.1.2", - "convert-source-map@2.0.0", - "fast-json-stable-stringify@2.1.0", - "graceful-fs@4.2.11", - "jest-haste-map@29.7.0", - "jest-regex-util@29.6.3", - "jest-util@29.7.0", - "micromatch@4.0.5", - "pirates@4.0.6", - "slash@3.0.0", - "write-file-atomic@4.0.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-plugins@5.2.2", + "externalReferences": [ { - "ref": "fs.realpath@1.0.0" + "url": "git+https://github.com/oclif/plugin-plugins.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "inflight@1.0.6", - "dependsOn": [ - "once@1.4.0", - "wrappy@1.0.2" - ] + "url": "https://github.com/oclif/plugin-plugins", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "path-is-absolute@1.0.1" + "url": "https://github.com/oclif/plugin-plugins/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "istanbul-lib-instrument@6.0.2", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/parser@7.24.4", - "@istanbuljs/schema@0.1.3", - "istanbul-lib-coverage@3.2.2", - "semver@7.6.2" - ] - }, + "url": "https://registry.npmjs.org/@oclif/plugin-plugins/-/plugin-plugins-5.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "054027977f9f374f1c7fb2ea9cb851bf991cf8758e2f3dd32eadedf407f6e5af100a9c5804a6339f283152ba08e744ccd34dbe8b49af8e4b518e0d9b1fd791ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "make-dir@4.0.0", - "dependsOn": [ - "semver@7.6.2" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ { - "ref": "source-map@0.6.1" - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2", + "externalReferences": [ { - "ref": "html-escaper@2.0.2" + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "jest-worker@29.7.0", - "dependsOn": [ - "@types/node@20.14.1", - "jest-util@29.7.0", - "merge-stream@2.0.0", - "supports-color@8.1.1" - ] + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "char-regex@1.0.2" + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "convert-source-map@2.0.0" - }, + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6e519014293e66f19cefb3bd975b2dc7b6f55b4d6963444eba70feb46f127302a7f60e0202a3b9584d8d881d498b9cda6362fc396ef9a81ef3dcd103b66badb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "jest-changed-files@29.7.0", - "dependsOn": [ - "execa@5.1.1", - "jest-util@29.7.0", - "p-limit@3.1.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ { - "ref": "get-stream@6.0.1" - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1", + "externalReferences": [ { - "ref": "human-signals@2.1.0" + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "npm-run-path@4.0.1", - "dependsOn": [ - "path-key@3.1.1" - ] + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "strip-final-newline@2.0.0" - }, - { - "ref": "yocto-queue@0.1.0" - }, - { - "ref": "jest-config@29.7.0", - "dependsOn": [ - "@babel/core@7.24.4", - "@jest/test-sequencer@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "babel-jest@29.7.0", - "chalk@4.1.2", - "jest-config@29.7.0|ci-info@3.9.0", - "deepmerge@4.3.1", - "glob@7.2.3", - "graceful-fs@4.2.11", - "jest-circus@29.7.0", - "jest-environment-node@29.7.0", - "jest-get-type@29.6.3", - "jest-regex-util@29.6.3", - "jest-resolve@29.7.0", - "jest-runner@29.7.0", - "jest-util@29.7.0", - "jest-validate@29.7.0", - "micromatch@4.0.5", - "parse-json@5.2.0", - "pretty-format@29.7.0", - "slash@3.0.0", - "strip-json-comments@3.1.1", - "ts-node@10.9.2" - ] + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "jest-config@29.7.0|ci-info@3.9.0" - }, + "url": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3a58cbad0f5241d394a93690c6a2f97447d95ab5c4c72c96b28cd89405856b03d536e0fcde2825eee243d914e434c6e7888620b7c97cd5e08918875017b6af2d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@jest/test-sequencer@29.7.0", - "dependsOn": [ - "@jest/test-result@29.7.0", - "graceful-fs@4.2.11", - "jest-haste-map@29.7.0", - "slash@3.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-name" + } + ] + }, + { + "type": "library", + "name": "npm", + "version": "10.8.0", + "bom-ref": "npm@10.8.0", + "author": "GitHub Inc.", + "description": "a package manager for JavaScript", + "licenses": [ { - "ref": "jest-haste-map@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "@types/graceful-fs@4.1.9", - "@types/node@20.14.1", - "anymatch@3.1.3", - "fb-watchman@2.0.2", - "fsevents@2.3.3", - "graceful-fs@4.2.11", - "jest-regex-util@29.6.3", - "jest-util@29.7.0", - "jest-worker@29.7.0", - "micromatch@4.0.5", - "walker@1.0.8" - ] - }, + "license": { + "id": "Artistic-2.0" + } + } + ], + "purl": "pkg:npm/npm@10.8.0", + "externalReferences": [ { - "ref": "babel-jest@29.7.0", - "dependsOn": [ - "@babel/core@7.24.4", - "@jest/transform@29.7.0", - "@types/babel__core@7.20.5", - "babel-plugin-istanbul@6.1.1", - "babel-preset-jest@29.6.3", - "chalk@4.1.2", - "graceful-fs@4.2.11", - "slash@3.0.0" - ] + "url": "git+https://github.com/npm/cli.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "jest-circus@29.7.0", - "dependsOn": [ - "@jest/environment@29.7.0", - "@jest/expect@29.7.0", - "@jest/test-result@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "co@4.6.0", - "dedent@1.5.3", - "is-generator-fn@2.1.0", - "jest-each@29.7.0", - "jest-matcher-utils@29.7.0", - "jest-message-util@29.7.0", - "jest-runtime@29.7.0", - "jest-snapshot@29.7.0", - "jest-util@29.7.0", - "p-limit@3.1.0", - "pretty-format@29.7.0", - "pure-rand@6.1.0", - "slash@3.0.0", - "stack-utils@2.0.6" - ] + "url": "https://docs.npmjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@jest/environment@29.7.0", - "dependsOn": [ - "@jest/fake-timers@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "jest-mock@29.7.0" - ] + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@jest/expect@29.7.0", - "dependsOn": [ - "expect@29.7.0", - "jest-snapshot@29.7.0" - ] - }, + "url": "https://registry.npmjs.org/npm/-/npm-10.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c21f77b91733829ec70e73cc88b5dc0a4bf685a81d252d3327d293ff7d5dd05a173f4dbeaa037600ec29696f397f14569229e5dab10b7cfc3e0a30575b8f3f8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "jest-snapshot@29.7.0", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/generator@7.24.4", - "@babel/plugin-syntax-jsx@7.24.1", - "@babel/plugin-syntax-typescript@7.24.1", - "@babel/types@7.24.0", - "@jest/expect-utils@29.7.0", - "@jest/transform@29.7.0", - "@jest/types@29.6.3", - "babel-preset-current-node-syntax@1.0.1", - "chalk@4.1.2", - "expect@29.7.0", - "graceful-fs@4.2.11", - "jest-diff@29.7.0", - "jest-get-type@29.6.3", - "jest-matcher-utils@29.7.0", - "jest-message-util@29.7.0", - "jest-util@29.7.0", - "natural-compare@1.4.0", - "pretty-format@29.7.0", - "semver@7.6.2" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/npm" + } + ] + }, + { + "type": "library", + "name": "plugin-version", + "group": "@oclif", + "version": "2.2.2", + "bom-ref": "@oclif/plugin-version@2.2.2", + "author": "Salesforce", + "description": "A command that shows the CLI version", + "licenses": [ { - "ref": "dedent@1.5.3" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-version@2.2.2", + "externalReferences": [ { - "ref": "jest-each@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "chalk@4.1.2", - "jest-get-type@29.6.3", - "jest-util@29.7.0", - "pretty-format@29.7.0" - ] + "url": "git+https://github.com/oclif/plugin-version.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "jest-runtime@29.7.0", - "dependsOn": [ - "@jest/environment@29.7.0", - "@jest/fake-timers@29.7.0", - "@jest/globals@29.7.0", - "@jest/source-map@29.6.3", - "@jest/test-result@29.7.0", - "@jest/transform@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "cjs-module-lexer@1.2.3", - "collect-v8-coverage@1.0.2", - "glob@7.2.3", - "graceful-fs@4.2.11", - "jest-haste-map@29.7.0", - "jest-message-util@29.7.0", - "jest-mock@29.7.0", - "jest-regex-util@29.6.3", - "jest-resolve@29.7.0", - "jest-snapshot@29.7.0", - "jest-util@29.7.0", - "slash@3.0.0", - "strip-bom@4.0.0" - ] + "url": "https://github.com/oclif/plugin-version", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "pure-rand@6.1.0" + "url": "https://github.com/oclif/plugin-version/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "jest-environment-node@29.7.0", - "dependsOn": [ - "@jest/environment@29.7.0", - "@jest/fake-timers@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "jest-mock@29.7.0", - "jest-util@29.7.0" - ] - }, + "url": "https://registry.npmjs.org/@oclif/plugin-version/-/plugin-version-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1f8b742bb15567ea42c0b01cd3679965b18c816f58717f0b58c976317ccac5019f3eb98164b4e113621e6d1f4fbd10248c3af30a66d979625c0b1f7bb4767a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@jest/fake-timers@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "@sinonjs/fake-timers@10.3.0", - "@types/node@20.14.1", - "jest-message-util@29.7.0", - "jest-mock@29.7.0", - "jest-util@29.7.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version" + } + ] + }, + { + "type": "library", + "name": "plugin-warn-if-update-available", + "group": "@oclif", + "version": "3.1.4", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "author": "Salesforce", + "description": "warns if there is a newer version of CLI released", + "licenses": [ { - "ref": "jest-regex-util@29.6.3" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-warn-if-update-available@3.1.4", + "externalReferences": [ { - "ref": "jest-resolve@29.7.0", - "dependsOn": [ - "chalk@4.1.2", - "graceful-fs@4.2.11", - "jest-haste-map@29.7.0", - "jest-pnp-resolver@1.2.3", - "jest-util@29.7.0", - "jest-validate@29.7.0", - "resolve.exports@2.0.2", - "resolve@1.22.8", - "slash@3.0.0" - ] + "url": "git+https://github.com/oclif/plugin-warn-if-update-available.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "jest-runner@29.7.0", - "dependsOn": [ - "@jest/console@29.7.0", - "@jest/environment@29.7.0", - "@jest/test-result@29.7.0", - "@jest/transform@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "emittery@0.13.1", - "graceful-fs@4.2.11", - "jest-docblock@29.7.0", - "jest-environment-node@29.7.0", - "jest-haste-map@29.7.0", - "jest-leak-detector@29.7.0", - "jest-message-util@29.7.0", - "jest-resolve@29.7.0", - "jest-runtime@29.7.0", - "jest-util@29.7.0", - "jest-watcher@29.7.0", - "jest-worker@29.7.0", - "p-limit@3.1.0", - "source-map-support@0.5.13" - ] + "url": "https://github.com/oclif/plugin-warn-if-update-available", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "jest-validate@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "jest-validate@29.7.0|camelcase@6.3.0", - "chalk@4.1.2", - "jest-get-type@29.6.3", - "leven@3.1.0", - "pretty-format@29.7.0" - ] + "url": "https://github.com/oclif/plugin-warn-if-update-available/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "jest-validate@29.7.0|camelcase@6.3.0" - }, + "url": "https://registry.npmjs.org/@oclif/plugin-warn-if-update-available/-/plugin-warn-if-update-available-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c63eb3830bee105994ac76055c7a2a993a6f394b0482a5e2ca87fd3aa8e0955dd77813cdb109dbb96ff4f391c549606f2885500addb6b954556890b3de8ece0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "bser@2.1.1", - "dependsOn": [ - "node-int64@0.4.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available" + } + ] + }, + { + "type": "library", + "name": "content-type", + "version": "1.0.5", + "bom-ref": "content-type@1.0.5", + "author": "Douglas Christopher Wilson", + "description": "Create and parse HTTP Content-Type header", + "licenses": [ { - "ref": "node-int64@0.4.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "externalReferences": [ { - "ref": "makeerror@1.0.12", - "dependsOn": [ - "tmpl@1.0.5" - ] + "url": "git+https://github.com/jshttp/content-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "tmpl@1.0.5" + "url": "https://github.com/jshttp/content-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "jest-resolve-dependencies@29.7.0", - "dependsOn": [ - "jest-regex-util@29.6.3", - "jest-snapshot@29.7.0" - ] + "url": "https://github.com/jshttp/content-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "resolve.exports@2.0.2" - }, + "url": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "emittery@0.13.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/content-type" + } + ] + }, + { + "type": "library", + "name": "is-stream", + "version": "2.0.1", + "bom-ref": "is-stream@2.0.1", + "author": "Sindre Sorhus", + "description": "Check if something is a Node.js stream", + "licenses": [ { - "ref": "jest-docblock@29.7.0", - "dependsOn": [ - "detect-newline@3.1.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-stream@2.0.1", + "externalReferences": [ { - "ref": "jest-leak-detector@29.7.0", - "dependsOn": [ - "jest-get-type@29.6.3", - "pretty-format@29.7.0" - ] + "url": "git+https://github.com/sindresorhus/is-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "jest-watcher@29.7.0", - "dependsOn": [ - "@jest/test-result@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "ansi-escapes@4.3.2", - "chalk@4.1.2", - "emittery@0.13.1", - "jest-util@29.7.0", - "string-length@4.0.2" - ] + "url": "https://github.com/sindresorhus/is-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@jest/globals@29.7.0", - "dependsOn": [ - "@jest/environment@29.7.0", - "@jest/expect@29.7.0", - "@jest/types@29.6.3", - "jest-mock@29.7.0" - ] + "url": "https://github.com/sindresorhus/is-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@jest/source-map@29.6.3", - "dependsOn": [ - "@jridgewell/trace-mapping@0.3.25", - "callsites@3.1.0", - "graceful-fs@4.2.11" - ] - }, + "url": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "845a222624e5eb79e7fa4b2d1c606d7b05922a740ba726f5e7928785e035977f6ebed3bd9d6228a75a77b9da8f71477fc5b17554b30ee27ece23aa7b45b9e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@babel/plugin-syntax-jsx@7.24.1", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/is-stream" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ { - "ref": "@babel/helper-plugin-utils@7.24.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1", + "externalReferences": [ { - "ref": "@babel/plugin-syntax-async-generators@7.8.4", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@babel/plugin-syntax-bigint@7.8.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@babel/plugin-syntax-class-properties@7.12.13", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@babel/plugin-syntax-import-meta@7.10.4", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf3d3a4bcb74a33a035cc1beb9b7b6eb37824cd5dc2883c96498bc841ac5e227422e6b38086f50b4aeea065d5ba22e4e0f31698ecc1be493e61c26cca63698ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@babel/plugin-syntax-json-strings@7.8.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.2.1", + "bom-ref": "safe-buffer@5.2.1", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ { - "ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "externalReferences": [ { - "ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@babel/plugin-syntax-numeric-separator@7.10.4", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@babel/plugin-syntax-optional-chaining@7.8.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "test", + "group": "@oclif", + "version": "3.2.15", + "bom-ref": "@oclif/test@3.2.15", + "author": "Salesforce", + "description": "test helpers for oclif components", + "licenses": [ { - "ref": "@babel/plugin-syntax-top-level-await@7.14.5", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/test@3.2.15", + "externalReferences": [ { - "ref": "pkg-dir@4.2.0", - "dependsOn": [ - "pkg-dir@4.2.0|find-up@4.1.0" - ] + "url": "git+https://github.com/oclif/test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "pkg-dir@4.2.0|find-up@4.1.0", - "dependsOn": [ - "pkg-dir@4.2.0|locate-path@5.0.0", - "path-exists@4.0.0" - ] + "url": "https://github.com/oclif/test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "pkg-dir@4.2.0|locate-path@5.0.0", - "dependsOn": [ - "pkg-dir@4.2.0|p-locate@4.1.0" - ] + "url": "https://github.com/oclif/test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "pkg-dir@4.2.0|p-locate@4.1.0", - "dependsOn": [ - "pkg-dir@4.2.0|p-limit@2.3.0" - ] - }, + "url": "https://registry.npmjs.org/@oclif/test/-/test-3.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea1b7468b28ccdab24a4c525c89d4d765de736b0f48e92a6072437dd1598961b76bc0b1bb87673e2010be6b3e049b0e94b4267c4425487aa2c9550a38c1e15c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "pkg-dir@4.2.0|p-limit@2.3.0", - "dependsOn": [ - "p-try@2.2.0" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/test" }, { - "ref": "resolve-cwd@3.0.0", - "dependsOn": [ - "resolve-cwd@3.0.0|resolve-from@5.0.0" - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "version": "4.4.1", + "bom-ref": "chai@4.4.1", + "author": "Jake Luer", + "description": "BDD/TDD assertion library for node.js and the browser. Test framework agnostic.", + "licenses": [ { - "ref": "resolve-cwd@3.0.0|resolve-from@5.0.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chai@4.4.1", + "externalReferences": [ { - "ref": "jest-cli@29.7.0", - "dependsOn": [ - "@jest/core@29.7.0", - "@jest/test-result@29.7.0", - "@jest/types@29.6.3", - "chalk@4.1.2", - "create-jest@29.7.0", - "exit@0.1.2", - "import-local@3.1.0", - "jest-config@29.7.0", - "jest-util@29.7.0", - "jest-validate@29.7.0", - "yargs@17.7.2" - ] + "url": "git+https://github.com/chaijs/chai.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "create-jest@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "chalk@4.1.2", - "exit@0.1.2", - "graceful-fs@4.2.11", - "jest-config@29.7.0", - "jest-util@29.7.0", - "prompts@2.4.2" - ] + "url": "http://chaijs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "cliui@8.0.1", - "dependsOn": [ - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] + "url": "https://github.com/chaijs/chai/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "get-caller-file@2.0.5" - }, + "url": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d77b0e7ccbf6f8359db8453eff16ee9f72d270ba2a375ee705e4cb52c9837ca768882d5faf49fd3d4e20baee0085170e54593fb16f0bc99587ba15ad419885fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "require-directory@2.1.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/chai" + } + ] + }, + { + "type": "library", + "name": "fancy-test", + "version": "3.0.15", + "bom-ref": "fancy-test@3.0.15", + "author": "Salesforce", + "description": "extendable utilities for testing", + "licenses": [ { - "ref": "y18n@5.0.8" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fancy-test@3.0.15", + "externalReferences": [ { - "ref": "argparse@2.0.1" + "url": "git+https://github.com/oclif/fancy-test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "json-colorizer@2.2.2", - "dependsOn": [ - "json-colorizer@2.2.2|chalk@2.4.2", - "lodash.get@4.4.2" - ] + "url": "https://github.com/oclif/fancy-test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "json-colorizer@2.2.2|chalk@2.4.2", - "dependsOn": [ - "json-colorizer@2.2.2|ansi-styles@3.2.1", - "json-colorizer@2.2.2|escape-string-regexp@1.0.5", - "json-colorizer@2.2.2|supports-color@5.5.0" - ] + "url": "https://github.com/oclif/fancy-test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", - "dependsOn": [ - "json-colorizer@2.2.2|color-convert@1.9.3" - ] - }, + "url": "https://registry.npmjs.org/fancy-test/-/fancy-test-3.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91964574fcd55ad2b106498b2d47f1862cec78697565946e0a69ae0a4a35a2202cfd7fccbc4e000a6fef973bf17eee0e79bffb309f2154ff2b522566dd1ef6f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "json-colorizer@2.2.2|color-convert@1.9.3", - "dependsOn": [ - "json-colorizer@2.2.2|color-name@1.1.3" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/fancy-test" }, { - "ref": "json-colorizer@2.2.2|color-name@1.1.3" - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "group": "@types", + "version": "4.3.14", + "bom-ref": "@types/chai@4.3.14", + "description": "TypeScript definitions for chai", + "licenses": [ { - "ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/chai@4.3.14#types/chai", + "externalReferences": [ { - "ref": "json-colorizer@2.2.2|supports-color@5.5.0", - "dependsOn": [ - "json-colorizer@2.2.2|has-flag@3.0.0" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/chai", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "json-colorizer@2.2.2|has-flag@3.0.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chai", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "markdown-diff@2.0.0", - "dependsOn": [ - "markdown-diff@2.0.0|diff@5.2.0", - "marked@12.0.2" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "markdown-diff@2.0.0|diff@5.2.0" - }, + "url": "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a3ef5b1713843802419d1bd4efab5bbf7eab8dcfd11d1b82c824cc1554823b6ac8630fff1c7fc7f221f2408d1afa61cb179d213c70e1903ead60a9e47ccfedf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "marked@12.0.2" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/chai" + } + ] + }, + { + "type": "library", + "name": "sinon", + "group": "@types", + "version": "17.0.3", + "bom-ref": "@types/sinon@17.0.3", + "description": "TypeScript definitions for sinon", + "licenses": [ { - "ref": "markdown-table-ts@1.0.3" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinon@17.0.3#types/sinon", + "externalReferences": [ { - "ref": "mocha@10.4.0", - "dependsOn": [ - "ansi-colors@4.1.1", - "browser-stdout@1.3.1", - "chokidar@3.5.3", - "debug@4.3.4", - "mocha@10.4.0|diff@5.0.0", - "escape-string-regexp@4.0.0", - "find-up@5.0.0", - "mocha@10.4.0|glob@8.1.0", - "he@1.2.0", - "js-yaml@4.1.0", - "mocha@10.4.0|log-symbols@4.1.0", - "mocha@10.4.0|minimatch@5.0.1", - "ms@2.1.3", - "serialize-javascript@6.0.0", - "strip-json-comments@3.1.1", - "supports-color@8.1.1", - "workerpool@6.2.1", - "yargs-parser@20.2.4", - "yargs-unparser@2.0.0", - "mocha@10.4.0|yargs@16.2.0" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinon", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "mocha@10.4.0|diff@5.0.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "mocha@10.4.0|glob@8.1.0", - "dependsOn": [ - "fs.realpath@1.0.0", - "inflight@1.0.6", - "inherits@2.0.4", - "mocha@10.4.0|minimatch@5.0.1", - "once@1.4.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "mocha@10.4.0|minimatch@5.0.1", - "dependsOn": [ - "brace-expansion@2.0.1" - ] - }, + "url": "https://registry.npmjs.org/@types/sinon/-/sinon-17.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f7ba8bdd9fc7b0932f644411b5f5b3b06996dec49bbf5e3b641f28ef520b78c5f3c5cf5f1d70e44832a9d887ae85c773e8c2172bf39353e7e7abdfea1589aa7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "mocha@10.4.0|log-symbols@4.1.0", - "dependsOn": [ - "chalk@4.1.2", - "is-unicode-supported@0.1.0" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinon" }, { - "ref": "mocha@10.4.0|yargs@16.2.0", - "dependsOn": [ - "mocha@10.4.0|cliui@7.0.4", - "escalade@3.1.2", - "get-caller-file@2.0.5", - "require-directory@2.1.1", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "y18n@5.0.8", - "yargs-parser@20.2.4" - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinonjs__fake-timers", + "group": "@types", + "version": "8.1.5", + "bom-ref": "@types/sinonjs__fake-timers@8.1.5", + "description": "TypeScript definitions for @sinonjs/fake-timers", + "licenses": [ { - "ref": "mocha@10.4.0|cliui@7.0.4", - "dependsOn": [ - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinonjs__fake-timers@8.1.5#types/sinonjs__fake-timers", + "externalReferences": [ { - "ref": "browser-stdout@1.3.1" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinonjs__fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "fill-range@7.0.1", - "dependsOn": [ - "to-regex-range@5.0.1" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinonjs__fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "to-regex-range@5.0.1", - "dependsOn": [ - "is-number@7.0.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "is-number@7.0.0" - }, + "url": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "990914da363c8c9105ed81e31efb103bcfb7ba08532f599c9e7f7a8a07e138d991f9f50f48a22479f418a527bc6ec972d84a7ba106e7ffa546e7ff7fd2a700ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "is-binary-path@2.1.0", - "dependsOn": [ - "binary-extensions@2.3.0" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinonjs__fake-timers" }, { - "ref": "binary-extensions@2.3.0" - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-stdin", + "version": "1.0.0", + "bom-ref": "mock-stdin@1.0.0", + "author": "Caitlin Potter", + "description": "Mock STDIN file descriptor in Node.js", + "licenses": [ { - "ref": "readdirp@3.6.0", - "dependsOn": [ - "picomatch@2.3.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-stdin@1.0.0", + "externalReferences": [ { - "ref": "wrappy@1.0.2" + "url": "git+https://github.com/caitp/node-mock-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "is-unicode-supported@0.1.0" + "url": "https://github.com/caitp/node-mock-stdin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "serialize-javascript@6.0.0", - "dependsOn": [ - "randombytes@2.1.0" - ] + "url": "https://github.com/caitp/node-mock-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "randombytes@2.1.0", - "dependsOn": [ - "safe-buffer@5.2.1" - ] - }, + "url": "https://registry.npmjs.org/mock-stdin/-/mock-stdin-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6e91175bf417aedbbb7a74df97ced4911eaf49d01fc2a003b2486cc77e7f144df9aa8a9039c8d4ffb03504c987405771e991ae96c7a90e331b8e6dd39ec7ad1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "workerpool@6.2.1" + "name": "cdx:npm:package:path", + "value": "node_modules/mock-stdin" }, { - "ref": "yargs-parser@20.2.4" - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nock", + "version": "13.5.4", + "bom-ref": "nock@13.5.4", + "author": "Pedro Teixeira", + "description": "HTTP server mocking and expectations library for Node.js", + "licenses": [ { - "ref": "yargs-unparser@2.0.0", - "dependsOn": [ - "yargs-unparser@2.0.0|camelcase@6.3.0", - "decamelize@4.0.0", - "flat@5.0.2", - "is-plain-obj@2.1.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nock@13.5.4", + "externalReferences": [ { - "ref": "yargs-unparser@2.0.0|camelcase@6.3.0" + "url": "git+https://github.com/nock/nock.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "decamelize@4.0.0" + "url": "https://github.com/nock/nock#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "is-plain-obj@2.1.0" + "url": "https://github.com/nock/nock/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "mock-fs@5.2.0" - }, + "url": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c80c937dd78d24618117159dcd2282058c6ce45c4b6c28395f94387adb3def885c4331b5faa0b1bc8c8ea388f6472e8c52585654c5f83a860379f008230ba98f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "objects-to-csv@1.3.6", - "dependsOn": [ - "async-csv@2.1.3" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/nock" }, { - "ref": "async-csv@2.1.3", - "dependsOn": [ - "csv@5.5.3" - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-safe", + "version": "5.0.1", + "bom-ref": "json-stringify-safe@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSON.stringify, but doesn't blow up on circular refs.", + "licenses": [ { - "ref": "csv@5.5.3", - "dependsOn": [ - "csv-generate@3.4.3", - "csv-parse@4.16.3", - "csv-stringify@5.6.5", - "stream-transform@2.1.3" - ] - }, + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-safe@5.0.1", + "externalReferences": [ { - "ref": "csv-generate@3.4.3" + "url": "git://github.com/isaacs/json-stringify-safe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "csv-stringify@5.6.5" + "url": "https://github.com/isaacs/json-stringify-safe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "stream-transform@2.1.3", - "dependsOn": [ - "mixme@0.5.10" - ] + "url": "https://github.com/isaacs/json-stringify-safe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "mixme@0.5.10" - }, - { - "ref": "oclif@4.13.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0", - "@aws-sdk/client-s3@3.583.0", - "@inquirer/confirm@3.1.9", - "@inquirer/input@2.1.9", - "@inquirer/select@2.3.5", - "oclif@4.13.0|@oclif/core@4.0.1", - "@oclif/plugin-help@6.1.0", - "@oclif/plugin-not-found@3.2.1", - "@oclif/plugin-warn-if-update-available@3.1.4", - "async-retry@1.3.3", - "chalk@4.1.2", - "change-case@4.1.2", - "oclif@4.13.0|debug@4.3.5", - "ejs@3.1.10", - "find-yarn-workspace-root@2.0.0", - "oclif@4.13.0|fs-extra@8.1.0", - "github-slugger@2.0.0", - "got@13.0.0", - "lodash@4.17.21", - "normalize-package-data@6.0.1", - "semver@7.6.2", - "sort-package-json@2.10.0", - "tiny-jsonc@1.0.1", - "validate-npm-package-name@5.0.1" - ] - }, + "url": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642960e80698bda9af60413cd9ddc8c9ddef49222343ea1d823693cd1b8edeceeda0274529cce86f68b4cc287b244f245a7d7bcaf016854571bea1b051a96c44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "oclif@4.13.0|@oclif/core@4.0.1", - "dependsOn": [ - "ansi-escapes@4.3.2", - "ansis@3.2.0", - "clean-stack@3.0.1", - "cli-spinners@2.9.2", - "cosmiconfig@9.0.0", - "oclif@4.13.0|debug@4.3.5", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "minimatch@9.0.4", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "supports-color@8.1.1", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/json-stringify-safe" }, { - "ref": "oclif@4.13.0|debug@4.3.5", - "dependsOn": [ - "oclif@4.13.0|ms@2.1.2" - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "propagate", + "version": "2.0.1", + "bom-ref": "propagate@2.0.1", + "author": "Pedro Teixeira", + "description": "Propagate events from one event emitter into another", + "licenses": [ { - "ref": "oclif@4.13.0|ms@2.1.2" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/propagate@2.0.1", + "externalReferences": [ { - "ref": "oclif@4.13.0|fs-extra@8.1.0", - "dependsOn": [ - "graceful-fs@4.2.11", - "oclif@4.13.0|jsonfile@4.0.0", - "oclif@4.13.0|universalify@0.1.2" - ] + "url": "git+https://github.com/nock/propagate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "oclif@4.13.0|jsonfile@4.0.0", - "dependsOn": [ - "graceful-fs@4.2.11" - ] + "url": "http://github.com/nock/propagate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "oclif@4.13.0|universalify@0.1.2" - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", - "@aws-sdk/xml-builder@3.575.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-stream@3.0.1", - "@smithy/util-utf8@3.0.0", - "@smithy/util-waiter@3.0.0", - "tslib@2.6.3" - ] + "url": "http://github.com/nock/propagate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bc6ae139abcf493cf841536e04d75c35778f35d34c68ed718fdc81787d527103e393fae183db129425cf84c905b9a34d5bfb324ef62ab276c82713017d16db6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/propagate" }, { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", - "dependsOn": [ - "@smithy/core@2.1.1", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinon", + "version": "16.1.3", + "bom-ref": "sinon@16.1.3", + "author": "Christian Johansen", + "description": "JavaScript test spies, stubs and mocks.", + "licenses": [ { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sinon@16.1.3", + "externalReferences": [ { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "git+ssh://git@github.com/sinonjs/sinon.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://sinonjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "http://github.com/sinonjs/sinon/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a39d659ecb17007fd9c2d1b5dc3e6883badfa813c1d8ae275337305b17df006152e65b0191a76212129ca161f946d627c82d3f9e367dc198a5093f18d750f94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/sinon" }, { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "3.0.1", + "bom-ref": "@sinonjs/commons@3.0.1", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/types@3.0.0", - "@smithy/util-endpoints@2.0.1", - "tslib@2.6.3" - ] - }, + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@3.0.1", + "externalReferences": [ { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/types@3.0.0", - "bowser@2.11.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", - "dependsOn": [ - "strnum@1.0.5" - ] + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b79821ca43db1587ca350bd731930c5a3a65e800c943c42d666321eb8ea39611c06362befab7deb32f6ce58f9754199dc74b0db8d17d6a807dcc8dfd72256a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/node-http-handler@3.0.0", - "@smithy/property-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-stream@3.0.1", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "10.3.0", + "bom-ref": "@sinonjs/fake-timers@10.3.0", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "externalReferences": [ { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578046d3b92e6125244c24811c6f06f1336133e175f635c55a742dce3fb07bc0eb92948109e7bd67732cf328867abfdd96685edf9fd7760ca8dffd2b40a83b60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "samsam", + "group": "@sinonjs", + "version": "8.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0", + "author": "Christian Johansen", + "description": "Value identification and comparison functions", + "licenses": [ { - "ref": "@aws-sdk/xml-builder@3.575.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/samsam@8.0.0", + "externalReferences": [ { - "ref": "@smithy/util-waiter@3.0.0", - "dependsOn": [ - "@smithy/abort-controller@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/sinonjs/samsam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-s3@3.583.0", - "dependsOn": [ - "@aws-crypto/sha1-browser@3.0.0", - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", - "@aws-sdk/middleware-bucket-endpoint@3.577.0", - "@aws-sdk/middleware-expect-continue@3.577.0", - "@aws-sdk/middleware-flexible-checksums@3.577.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-location-constraint@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/middleware-sdk-s3@3.582.0", - "@aws-sdk/middleware-signing@3.577.0", - "@aws-sdk/middleware-ssec@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/signature-v4-multi-region@3.582.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@aws-sdk/xml-builder@3.575.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/eventstream-serde-browser@3.0.0", - "@smithy/eventstream-serde-config-resolver@3.0.0", - "@smithy/eventstream-serde-node@3.0.0", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-blob-browser@3.0.0", - "@smithy/hash-node@3.0.0", - "@smithy/hash-stream-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/md5-js@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-retry@3.0.0", - "@smithy/util-stream@3.0.1", - "@smithy/util-utf8@3.0.0", - "@smithy/util-waiter@3.0.0", - "tslib@2.6.3" - ] + "url": "http://sinonjs.github.io/samsam/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/sinonjs/samsam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "069f0a51594ba7c89b259ae7bead9fa1584fd08557d82229acc24f2b4bea1aa82b0dad0e1d529e67207292ab2492b77157ac8a04f9866ac3bc2d58c0291dc67b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", - "dependsOn": [ - "@smithy/core@2.1.1", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", - "tslib@2.6.3" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam" }, { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", - "dependsOn": [ - "@aws-sdk/credential-provider-env@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", - "@aws-sdk/credential-provider-process@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", - "@aws-sdk/credential-provider-web-identity@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.get", + "version": "4.4.2", + "bom-ref": "lodash.get@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.get` exported as a module.", + "licenses": [ { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.get@4.4.2", + "externalReferences": [ { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "@smithy/util-endpoints@2.0.1", - "tslib@2.6.3" - ] + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", - "dependsOn": [ - "strnum@1.0.5" - ] + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/node-http-handler@3.0.0", - "@smithy/property-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-stream@3.0.1", - "tslib@2.6.3" - ] + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", - "dependsOn": [ - "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", - "@aws-sdk/credential-provider-env@3.577.0", - "@aws-sdk/credential-provider-process@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", - "@aws-sdk/credential-provider-web-identity@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfe530fef2eecba8107bc71f685583ee9d3056ff1f265de66f35e1df7452fb4a16db0bd4aa2457890ebd80b5922e9801e7feac53eafa065411d0c0482da76a4d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", - "dependsOn": [ - "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", - "@aws-sdk/token-providers@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.get" + } + ] + }, + { + "type": "library", + "name": "nise", + "version": "5.1.9", + "bom-ref": "nise@5.1.9", + "description": "Fake XHR and server", + "licenses": [ { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/nise@5.1.9", + "externalReferences": [ { - "ref": "@aws-crypto/sha1-browser@3.0.0", - "dependsOn": [ - "@aws-crypto/ie11-detection@3.0.0", - "@aws-crypto/supports-web-crypto@3.0.0", - "@aws-crypto/util@3.0.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-locate-window@3.535.0", - "@aws-sdk/util-utf8-browser@3.259.0", - "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" - ] + "url": "git+ssh://git@github.com/sinonjs/nise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + "url": "https://github.com/sinonjs/nise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/region-config-resolver@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/sinonjs/nise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/util-user-agent-node@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e9e8ba35b8495e9ee34758c4939bdeebeea0f1ed98bcc89384c5a3e8f48cf2680bee59f718dae6a1f9259a1b10fb1af3e618a6132b392c27aec844846daac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/credential-provider-env@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/nise" }, { - "ref": "@aws-sdk/credential-provider-process@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-encoding", + "group": "@sinonjs", + "version": "0.7.2", + "bom-ref": "@sinonjs/text-encoding@0.7.2", + "author": "Joshua Bell", + "description": "Polyfill for the Encoding Living Standard's API.", + "licenses": [ { - "ref": "@aws-sdk/credential-provider-web-identity@3.577.0", - "dependsOn": [ - "@aws-sdk/client-sts@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "expression": "(Unlicense OR Apache-2.0)" + } + ], + "purl": "pkg:npm/%40sinonjs/text-encoding@0.7.2", + "externalReferences": [ { - "ref": "@aws-sdk/token-providers@3.577.0", - "dependsOn": [ - "@aws-sdk/client-sso-oidc@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/sinonjs/text-encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/client-sso-oidc@3.577.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-sts@3.577.0", - "@aws-sdk/core@3.576.0", - "@aws-sdk/credential-provider-node@3.577.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/middleware-user-agent@3.577.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-endpoints@3.577.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/sinonjs/text-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/client-sts@3.577.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-sso-oidc@3.577.0", - "@aws-sdk/core@3.576.0", - "@aws-sdk/credential-provider-node@3.577.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/middleware-user-agent@3.577.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-endpoints@3.577.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/sinonjs/text-encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/core@3.576.0", - "dependsOn": [ - "@smithy/core@2.1.1", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b175ca1beb8bf48acaa95893b5aa365ace9dcb4ce7bbdb0e68fd5d8bf8ca196d4ce95b2c3bcbe5a5709072967e8e2b10d6d4c5002e49a3f10ecc56e08016a015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", - "dependsOn": [ - "strnum@1.0.5" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/text-encoding" }, { - "ref": "@aws-sdk/credential-provider-node@3.577.0", - "dependsOn": [ - "@aws-sdk/credential-provider-env@3.577.0", - "@aws-sdk/credential-provider-http@3.577.0", - "@aws-sdk/credential-provider-ini@3.577.0", - "@aws-sdk/credential-provider-process@3.577.0", - "@aws-sdk/credential-provider-sso@3.577.0", - "@aws-sdk/credential-provider-web-identity@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-extend", + "version": "6.2.0", + "bom-ref": "just-extend@6.2.0", + "author": "Angus Croll", + "description": "extend an object", + "licenses": [ { - "ref": "@aws-sdk/middleware-user-agent@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-endpoints@3.577.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-extend@6.2.0", + "externalReferences": [ { - "ref": "@aws-sdk/util-endpoints@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "@smithy/util-endpoints@2.0.1", - "tslib@2.6.3" - ] + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/credential-provider-http@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/node-http-handler@3.0.0", - "@smithy/property-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-stream@3.0.1", - "tslib@2.6.3" - ] + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/credential-provider-ini@3.577.0", - "dependsOn": [ - "@aws-sdk/client-sts@3.577.0", - "@aws-sdk/credential-provider-env@3.577.0", - "@aws-sdk/credential-provider-process@3.577.0", - "@aws-sdk/credential-provider-sso@3.577.0", - "@aws-sdk/credential-provider-web-identity@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/credential-provider-sso@3.577.0", - "dependsOn": [ - "@aws-sdk/client-sso@3.577.0", - "@aws-sdk/token-providers@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "718a1f42ed97a689bcd92eaa0fbefc8c10e9c2fbf2dfdb3597f86b6228f6bbd00c750706469681bba918e26561ba7a39909562d43033e1a8a9840d96235fce03" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-sdk/client-sso@3.577.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/core@3.576.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/middleware-user-agent@3.577.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-endpoints@3.577.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/just-extend" }, { - "ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-arn-parser@3.568.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "stdout-stderr", + "version": "0.1.13", + "bom-ref": "stdout-stderr@0.1.13", + "author": "Jeff Dickey @jdxcode", + "description": "mock stdout and stderr", + "licenses": [ { - "ref": "@aws-sdk/util-arn-parser@3.568.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stdout-stderr@0.1.13", + "externalReferences": [ { - "ref": "@aws-sdk/middleware-expect-continue@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/jdxcode/stdout-stderr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", - "dependsOn": [ - "@aws-crypto/crc32@3.0.0", - "@aws-crypto/crc32c@3.0.0", - "@aws-sdk/types@3.577.0", - "@smithy/is-array-buffer@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/jdxcode/stdout-stderr", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-crypto/crc32@3.0.0", - "dependsOn": [ - "@aws-crypto/util@3.0.0", - "@aws-sdk/types@3.577.0", - "@aws-crypto/crc32@3.0.0|tslib@1.14.1" - ] + "url": "https://github.com/jdxcode/stdout-stderr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1" - }, + "url": "https://registry.npmjs.org/stdout-stderr/-/stdout-stderr-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7b7dfc71c761f8d9ecd7902efb900f22f52e76ec6dd760305282b9a40ac0609d266f0b9ecb59217a29fae398dfa511d545d7a075df31b0b52a555d55dd892c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@aws-crypto/crc32c@3.0.0", - "dependsOn": [ - "@aws-crypto/util@3.0.0", - "@aws-sdk/types@3.577.0", - "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/stdout-stderr" }, { - "ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abort-controller", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/abort-controller@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A simple abort controller library", + "licenses": [ { - "ref": "@aws-sdk/middleware-location-constraint@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/abort-controller@3.0.0#packages/abort-controller", + "externalReferences": [ { - "ref": "@aws-sdk/middleware-sdk-s3@3.582.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-arn-parser@3.568.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/abort-controller", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@aws-sdk/middleware-signing@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/types@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/abort-controller", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@aws-sdk/middleware-ssec@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@aws-sdk/signature-v4-multi-region@3.582.0", - "dependsOn": [ - "@aws-sdk/middleware-sdk-s3@3.582.0", - "@aws-sdk/types@3.577.0", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7a1a514606df4ae0c60bbbbd98b89e76dcd551e00f281e50b933624ee8e990a8df2401cfee87526a2c4f858b34e892b4891a0d024af0be06bb261b32adb1928" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@smithy/eventstream-serde-browser@3.0.0", - "dependsOn": [ - "@smithy/eventstream-serde-universal@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/abort-controller" + } + ] + }, + { + "type": "library", + "name": "express", + "group": "@types", + "version": "4.17.21", + "bom-ref": "@types/express@4.17.21", + "description": "TypeScript definitions for express", + "licenses": [ { - "ref": "@smithy/eventstream-serde-universal@3.0.0", - "dependsOn": [ - "@smithy/eventstream-codec@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express@4.17.21#types/express", + "externalReferences": [ { - "ref": "@smithy/eventstream-codec@3.0.0", - "dependsOn": [ - "@aws-crypto/crc32@3.0.0", - "@smithy/types@3.0.0", - "@smithy/util-hex-encoding@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@smithy/eventstream-serde-config-resolver@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@smithy/eventstream-serde-node@3.0.0", - "dependsOn": [ - "@smithy/eventstream-serde-universal@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@smithy/hash-blob-browser@3.0.0", - "dependsOn": [ - "@smithy/chunked-blob-reader-native@3.0.0", - "@smithy/chunked-blob-reader@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a394f337d79ab02e96909500d38cf76c50549ce99b0fe0037a0255a7a203e343b0958bb3d8177615cfe098de3136a7061fec4ffb1e50c0374ad5d86c531b41d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@smithy/chunked-blob-reader-native@3.0.0", - "dependsOn": [ - "@smithy/util-base64@3.0.0", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "group": "@types", + "version": "1.19.5", + "bom-ref": "@types/body-parser@1.19.5", + "description": "TypeScript definitions for body-parser", + "licenses": [ { - "ref": "@smithy/chunked-blob-reader@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/body-parser@1.19.5#types/body-parser", + "externalReferences": [ { - "ref": "@smithy/hash-stream-node@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/body-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@smithy/md5-js@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/body-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@inquirer/confirm@3.1.9", - "dependsOn": [ - "@inquirer/core@8.2.2", - "@inquirer/type@1.3.3" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@inquirer/core@8.2.2", - "dependsOn": [ - "@inquirer/figures@1.0.3", - "@inquirer/type@1.3.3", - "@types/mute-stream@0.0.4", - "@types/node@20.14.1", - "@types/wrap-ansi@3.0.0", - "ansi-escapes@4.3.2", - "chalk@4.1.2", - "cli-spinners@2.9.2", - "@inquirer/core@8.2.2|cli-width@4.1.0", - "@inquirer/core@8.2.2|mute-stream@1.0.0", - "@inquirer/core@8.2.2|signal-exit@4.1.0", - "strip-ansi@6.0.1", - "@inquirer/core@8.2.2|wrap-ansi@6.2.0" - ] - }, + "url": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c1dd9bbddae71abb4890d0930215013b6ff76ff0eb74ecd23729a64890850d5eaf3693878102a51a9de5df95e198f495ac91e4bdcbebb49d7332b2972e42b0a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@inquirer/core@8.2.2|cli-width@4.1.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/body-parser" + } + ] + }, + { + "type": "library", + "name": "connect", + "group": "@types", + "version": "3.4.38", + "bom-ref": "@types/connect@3.4.38", + "description": "TypeScript definitions for connect", + "licenses": [ { - "ref": "@inquirer/core@8.2.2|mute-stream@1.0.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/connect@3.4.38#types/connect", + "externalReferences": [ { - "ref": "@inquirer/core@8.2.2|signal-exit@4.1.0" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/connect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", - "dependsOn": [ - "ansi-styles@4.3.0", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/connect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@inquirer/figures@1.0.3" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@inquirer/type@1.3.3" - }, + "url": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bab9139fd4b0fcf2e0d0a890a4b40e32ccbd586002ba3607ec234bff9938323ca5ac5f50a72745cf48385589e8ebbb519c4642d66fc465cc560946a1946daba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@types/mute-stream@0.0.4", - "dependsOn": [ - "@types/node@20.14.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/connect" + } + ] + }, + { + "type": "library", + "name": "express-serve-static-core", + "group": "@types", + "version": "4.19.0", + "bom-ref": "@types/express-serve-static-core@4.19.0", + "description": "TypeScript definitions for express-serve-static-core", + "licenses": [ { - "ref": "@types/wrap-ansi@3.0.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express-serve-static-core@4.19.0#types/express-serve-static-core", + "externalReferences": [ { - "ref": "@inquirer/input@2.1.9", - "dependsOn": [ - "@inquirer/core@8.2.2", - "@inquirer/type@1.3.3" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express-serve-static-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@inquirer/select@2.3.5", - "dependsOn": [ - "@inquirer/core@8.2.2", - "@inquirer/figures@1.0.3", - "@inquirer/type@1.3.3", - "ansi-escapes@4.3.2", - "chalk@4.1.2" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express-serve-static-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@oclif/plugin-not-found@3.2.1", - "dependsOn": [ - "@inquirer/confirm@3.1.9", - "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", - "ansis@3.2.0", - "fast-levenshtein@3.0.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", - "dependsOn": [ - "ansi-escapes@4.3.2", - "ansis@3.2.0", - "clean-stack@3.0.1", - "cli-spinners@2.9.2", - "cosmiconfig@9.0.0", - "debug@4.3.4", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "minimatch@9.0.4", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "supports-color@8.1.1", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, + "url": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c6c9ea7726a3c246bcb5c2af8ee67ee88818065a67882573e35d70a8f042b4bbc76e6464986abedc1aa77730bd8952c2c6781edf99cd3a298a3d7cb196a8fbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "fast-levenshtein@3.0.0", - "dependsOn": [ - "fastest-levenshtein@1.0.16" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express-serve-static-core" + } + ] + }, + { + "type": "library", + "name": "qs", + "group": "@types", + "version": "6.9.15", + "bom-ref": "@types/qs@6.9.15", + "description": "TypeScript definitions for qs", + "licenses": [ { - "ref": "fastest-levenshtein@1.0.16" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/qs@6.9.15#types/qs", + "externalReferences": [ { - "ref": "async-retry@1.3.3", - "dependsOn": [ - "retry@0.13.1" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/qs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "retry@0.13.1" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "change-case@4.1.2", - "dependsOn": [ - "camel-case@4.1.2", - "capital-case@1.0.4", - "constant-case@3.0.4", - "dot-case@3.0.4", - "header-case@2.0.4", - "no-case@3.0.4", - "param-case@3.0.4", - "pascal-case@3.1.2", - "path-case@3.0.4", - "sentence-case@3.0.4", - "snake-case@3.0.4", - "tslib@2.6.3" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "camel-case@4.1.2", - "dependsOn": [ - "pascal-case@3.1.2", - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b971d02844ba0d028a08b878e355effddc313aad53552dc93d432512aa04825be5851e8cc6795ec3f5eafcb4551e92f293b88adf33837b5a981c8325b4eed71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "pascal-case@3.1.2", - "dependsOn": [ - "no-case@3.0.4", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/qs" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "group": "@types", + "version": "1.2.7", + "bom-ref": "@types/range-parser@1.2.7", + "description": "TypeScript definitions for range-parser", + "licenses": [ { - "ref": "capital-case@1.0.4", - "dependsOn": [ - "no-case@3.0.4", - "tslib@2.6.3", - "upper-case-first@2.0.2" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/range-parser@1.2.7#types/range-parser", + "externalReferences": [ { - "ref": "no-case@3.0.4", - "dependsOn": [ - "lower-case@2.0.2", - "tslib@2.6.3" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/range-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "upper-case-first@2.0.2", - "dependsOn": [ - "tslib@2.6.3" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/range-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "constant-case@3.0.4", - "dependsOn": [ - "no-case@3.0.4", - "tslib@2.6.3", - "upper-case@2.0.2" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "upper-case@2.0.2", - "dependsOn": [ - "tslib@2.6.3" - ] - }, + "url": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84aa2b9896e426acd01a1ce26b1e4f22d0d44cc00cf6e1365d7426337eddc9de2154cfb969597ba15c4c554895427da809014dfcb28265dbd2334a4546a6d299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "dot-case@3.0.4", - "dependsOn": [ - "no-case@3.0.4", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "group": "@types", + "version": "0.17.4", + "bom-ref": "@types/send@0.17.4", + "description": "TypeScript definitions for send", + "licenses": [ { - "ref": "header-case@2.0.4", - "dependsOn": [ - "capital-case@1.0.4", - "tslib@2.6.3" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/send@0.17.4#types/send", + "externalReferences": [ { - "ref": "lower-case@2.0.2", - "dependsOn": [ - "tslib@2.6.3" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/send", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "param-case@3.0.4", - "dependsOn": [ - "dot-case@3.0.4", - "tslib@2.6.3" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/send", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "path-case@3.0.4", - "dependsOn": [ - "dot-case@3.0.4", - "tslib@2.6.3" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "sentence-case@3.0.4", - "dependsOn": [ - "no-case@3.0.4", - "tslib@2.6.3", - "upper-case-first@2.0.2" - ] - }, + "url": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c7610ce9324ec9b79cedce76057d19b293e874cb1051de4be8f4703ae9d5c955215e205229fdc07b30cbf0382f82de68d147ca35fb80d1e30baf6c0b4f802204" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "snake-case@3.0.4", - "dependsOn": [ - "dot-case@3.0.4", - "tslib@2.6.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/mime@1.3.5", + "description": "TypeScript definitions for mime", + "licenses": [ { - "ref": "find-yarn-workspace-root@2.0.0", - "dependsOn": [ - "micromatch@4.0.5" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mime@1.3.5#types/mime", + "externalReferences": [ { - "ref": "github-slugger@2.0.0" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "got@13.0.0", - "dependsOn": [ - "@sindresorhus/is@5.6.0", - "@szmarczak/http-timer@5.0.1", - "cacheable-lookup@7.0.0", - "cacheable-request@10.2.14", - "decompress-response@6.0.0", - "form-data-encoder@2.1.4", - "get-stream@6.0.1", - "http2-wrapper@2.2.1", - "lowercase-keys@3.0.0", - "p-cancelable@3.0.0", - "responselike@3.0.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mime", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@sindresorhus/is@5.6.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@szmarczak/http-timer@5.0.1", - "dependsOn": [ - "defer-to-connect@2.0.1" - ] - }, + "url": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe9c8165648b0f69f475c1c4de1abcb3c66f7044c7b44b85fb713b5d5b74220da7bec5505dd8211d57049085a3cbd034c0a7d39fdedafcf48362884a2259cfff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "defer-to-connect@2.0.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "group": "@types", + "version": "1.15.7", + "bom-ref": "@types/serve-static@1.15.7", + "description": "TypeScript definitions for serve-static", + "licenses": [ { - "ref": "cacheable-lookup@7.0.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/serve-static@1.15.7#types/serve-static", + "externalReferences": [ { - "ref": "cacheable-request@10.2.14", - "dependsOn": [ - "@types/http-cache-semantics@4.0.4", - "get-stream@6.0.1", - "http-cache-semantics@4.1.1", - "keyv@4.5.4", - "mimic-response@4.0.0", - "normalize-url@8.0.1", - "responselike@3.0.0" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/serve-static", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@types/http-cache-semantics@4.0.4" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/serve-static", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "http-cache-semantics@4.1.1" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "mimic-response@4.0.0" - }, + "url": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5bc626fa1f2786e47068a3da0f0df8414930b068ba45ce3262abca168e6b9b61541210856f3556af15d4c6e28af130128d6b32b096349ec98d086842388b2b3b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "normalize-url@8.0.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/serve-static" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/http-errors@2.0.4", + "description": "TypeScript definitions for http-errors", + "licenses": [ { - "ref": "responselike@3.0.0", - "dependsOn": [ - "lowercase-keys@3.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-errors@2.0.4#types/http-errors", + "externalReferences": [ { - "ref": "decompress-response@6.0.0", - "dependsOn": [ - "decompress-response@6.0.0|mimic-response@3.1.0" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-errors", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "decompress-response@6.0.0|mimic-response@3.1.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-errors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "form-data-encoder@2.1.4" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "http2-wrapper@2.2.1", - "dependsOn": [ - "quick-lru@5.1.1", - "resolve-alpn@1.2.1" - ] - }, + "url": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f408530cb7275b2407a0ccec878ed88a3cb96f9e6de24d9c994526682eada64610dd98b7c858e0983df409e1cbb67ab2a0854fbe42f8dc523a7fe61ee1112a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "resolve-alpn@1.2.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-errors" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "group": "@types", + "version": "11.0.4", + "bom-ref": "@types/fs-extra@11.0.4", + "description": "TypeScript definitions for fs-extra", + "licenses": [ { - "ref": "lowercase-keys@3.0.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/fs-extra@11.0.4#types/fs-extra", + "externalReferences": [ { - "ref": "p-cancelable@3.0.0" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/fs-extra", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "normalize-package-data@6.0.1", - "dependsOn": [ - "hosted-git-info@7.0.2", - "is-core-module@2.13.1", - "semver@7.6.2", - "validate-npm-package-license@3.0.4" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "spdx-correct@3.2.0", - "dependsOn": [ - "spdx-expression-parse@3.0.1", - "spdx-license-ids@3.0.17" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "spdx-expression-parse@3.0.1", - "dependsOn": [ - "spdx-exceptions@2.5.0", - "spdx-license-ids@3.0.17" - ] - }, + "url": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-11.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c936c8b4236b791a28103df7aa3ba73ed8517128c444fd6be0ca8265cef0bf4bb6b149334c5a78e6d8147d2e7eafb16b64f76608235f94b85548ffe8f927a6b1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "spdx-license-ids@3.0.17" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "group": "@types", + "version": "6.1.4", + "bom-ref": "@types/jsonfile@6.1.4", + "description": "TypeScript definitions for jsonfile", + "licenses": [ { - "ref": "spdx-exceptions@2.5.0" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jsonfile@6.1.4#types/jsonfile", + "externalReferences": [ { - "ref": "sort-package-json@2.10.0", - "dependsOn": [ - "detect-indent@7.0.1", - "sort-package-json@2.10.0|detect-newline@4.0.1", - "get-stdin@9.0.0", - "git-hooks-list@3.1.0", - "sort-package-json@2.10.0|globby@13.2.2", - "sort-package-json@2.10.0|is-plain-obj@4.1.0", - "semver@7.6.2", - "sort-object-keys@1.1.3" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jsonfile", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "sort-package-json@2.10.0|detect-newline@4.0.1" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonfile", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "sort-package-json@2.10.0|globby@13.2.2", - "dependsOn": [ - "dir-glob@3.0.1", - "fast-glob@3.3.2", - "ignore@5.3.1", - "merge2@1.4.1", - "sort-package-json@2.10.0|slash@4.0.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "sort-package-json@2.10.0|slash@4.0.0" - }, + "url": "https://registry.npmjs.org/@types/jsonfile/-/jsonfile-6.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f9a86518c23be734d7b1b5d539f7ff9f23eb299f0b53166c903f487e3df20e4a435fa54e803880943a49b88b43a74a4f8dca374f26bc420eba34b09b16951a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jsonfile" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "group": "@types", + "version": "4.0.3", + "bom-ref": "@types/get-installed-path@4.0.3", + "description": "TypeScript definitions for get-installed-path", + "licenses": [ { - "ref": "detect-indent@7.0.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/get-installed-path@4.0.3#types/get-installed-path", + "externalReferences": [ { - "ref": "get-stdin@9.0.0" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/get-installed-path", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "git-hooks-list@3.1.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "sort-object-keys@1.1.3" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "tiny-jsonc@1.0.1" - }, + "url": "https://registry.npmjs.org/@types/get-installed-path/-/get-installed-path-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5deea74eebca3b776e98cb29b267f57b092b7bce5f866426335c88bf67e4c99458a9753538d6001fd6f61cc0e2ca43ef76315485eb9de298b3044a48eede8e53" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "open@10.1.0", - "dependsOn": [ - "default-browser@5.2.1", - "define-lazy-prop@3.0.0", - "is-inside-container@1.0.0", - "open@10.1.0|is-wsl@3.1.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "jest", + "group": "@types", + "version": "29.5.12", + "bom-ref": "@types/jest@29.5.12", + "description": "TypeScript definitions for jest", + "licenses": [ { - "ref": "open@10.1.0|is-wsl@3.1.0", - "dependsOn": [ - "is-inside-container@1.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jest@29.5.12#types/jest", + "externalReferences": [ { - "ref": "default-browser@5.2.1", - "dependsOn": [ - "bundle-name@4.1.0", - "default-browser-id@5.0.0" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "bundle-name@4.1.0", - "dependsOn": [ - "run-applescript@7.0.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "run-applescript@7.0.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "default-browser-id@5.0.0" - }, + "url": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7830bc6d3bd3fd0858771240ba542292e7a2818e40b1d0511f6c83296df2bde5bbb2f637f83ccdf38ff6354824c35d114e225b5aa66b4eda0655d625bc525d2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "define-lazy-prop@3.0.0" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jest" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "29.7.0", + "bom-ref": "expect@29.7.0", + "licenses": [ { - "ref": "is-inside-container@1.0.0", - "dependsOn": [ - "is-inside-container@1.0.0|is-docker@3.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@29.7.0#packages/expect", + "externalReferences": [ { - "ref": "is-inside-container@1.0.0|is-docker@3.0.0" + "url": "git+https://github.com/jestjs/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "prompt-sync@4.2.0", - "dependsOn": [ - "prompt-sync@4.2.0|strip-ansi@5.2.0" - ] + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", - "dependsOn": [ - "prompt-sync@4.2.0|ansi-regex@4.1.1" - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "prompt-sync@4.2.0|ansi-regex@4.1.1" - }, + "url": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9992cd217f554b15823591b8742398cfdca1c7c821e991fc87073b125d116097f060f665987cc5bca03f8f74c3e5130cb91cdb11f49bad632ea931e3a1eb59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "lodash.truncate@4.4.2" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect-utils@29.7.0", + "licenses": [ { - "ref": "tmp@0.2.3" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@29.7.0#packages/expect-utils", + "externalReferences": [ { - "ref": "ts-jest@29.1.4", - "dependsOn": [ - "@babel/core@7.24.4", - "@jest/transform@29.7.0", - "@jest/types@29.6.3", - "babel-jest@29.7.0", - "bs-logger@0.2.6", - "fast-json-stable-stringify@2.1.0", - "jest-util@29.7.0", - "jest@29.7.0", - "json5@2.2.3", - "lodash.memoize@4.1.2", - "make-error@1.3.6", - "semver@7.6.2", - "typescript@5.1.6", - "ts-jest@29.1.4|yargs-parser@21.1.1" - ] + "url": "git+https://github.com/jestjs/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "ts-jest@29.1.4|yargs-parser@21.1.1" + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@ampproject/remapping@2.3.0", - "dependsOn": [ - "@jridgewell/gen-mapping@0.3.5", - "@jridgewell/trace-mapping@0.3.25" - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "js-tokens@4.0.0" - }, + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5b0d0568854050958bd4154b1edfe4080c78bc5ef58082b393ee3f63b62dd8c3000f0987d797ee503526aff1757c3759bde1caf94535f6487dc45eb52cd870" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@babel/helper-compilation-targets@7.23.6", - "dependsOn": [ - "@babel/compat-data@7.24.4", - "@babel/helper-validator-option@7.23.5", - "browserslist@4.23.0", - "lru-cache@5.1.1", - "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "29.6.3", + "bom-ref": "jest-get-type@29.6.3", + "description": "A utility function to get the type of a value", + "licenses": [ { - "ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@29.6.3#packages/jest-get-type", + "externalReferences": [ { - "ref": "@babel/compat-data@7.24.4" + "url": "git+https://github.com/jestjs/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@babel/helper-validator-option@7.23.5" + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "lru-cache@5.1.1", - "dependsOn": [ - "yallist@3.1.1" - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "yallist@3.1.1" - }, + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cebb5e5e7a98c5f421ee5e451f22f7f232f7f5d8bc1fcac7a1e70b1f724dc47dc1c0eac1b0d79a6dd6a9e5ed08db7943e071c8f16e5514166a1b811aab92cd73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@babel/helper-module-transforms@7.23.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-environment-visitor@7.22.20", - "@babel/helper-module-imports@7.24.3", - "@babel/helper-simple-access@7.22.5", - "@babel/helper-split-export-declaration@7.22.6", - "@babel/helper-validator-identifier@7.22.20" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "29.7.0", + "bom-ref": "jest-matcher-utils@29.7.0", + "description": "A set of utility functions for expect and related packages", + "licenses": [ { - "ref": "@babel/helper-environment-visitor@7.22.20" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@29.7.0#packages/jest-matcher-utils", + "externalReferences": [ { - "ref": "@babel/helper-module-imports@7.24.3", - "dependsOn": [ - "@babel/types@7.24.0" - ] + "url": "git+https://github.com/jestjs/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@babel/helper-simple-access@7.22.5", - "dependsOn": [ - "@babel/types@7.24.0" - ] + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@babel/helper-split-export-declaration@7.22.6", - "dependsOn": [ - "@babel/types@7.24.0" - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@babel/helpers@7.24.4", - "dependsOn": [ - "@babel/template@7.24.0", - "@babel/traverse@7.24.1", - "@babel/types@7.24.0" - ] - }, + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b01903f978bd0ed70286c2372f7bb4f8dd28a603d89c244fb4671062b817991fa19adfdf61f5802f4c515d853c79639d7ee2e005ed18096dc016d9d12da82afe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@babel/helper-function-name@7.23.0", - "dependsOn": [ - "@babel/template@7.24.0", - "@babel/types@7.24.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "29.7.0", + "bom-ref": "jest-diff@29.7.0", + "licenses": [ { - "ref": "@babel/helper-hoist-variables@7.22.5", - "dependsOn": [ - "@babel/types@7.24.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@29.7.0#packages/jest-diff", + "externalReferences": [ { - "ref": "@babel/helper-string-parser@7.24.1" + "url": "git+https://github.com/jestjs/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "to-fast-properties@2.0.0" + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "gensync@1.0.0-beta.2" + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@jridgewell/resolve-uri@3.1.2" - }, + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cc220888ae18a098faecd37247a71521db22122b7bcb14f900a1d3dea34f81b85ef003616841b904835bbc8016014e19dcbbb7b5a040d47c85d5b93a8b4548f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@istanbuljs/load-nyc-config@1.1.0", - "dependsOn": [ - "camelcase@5.3.1", - "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", - "get-package-type@0.1.0", - "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", - "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "29.6.3", + "bom-ref": "diff-sequences@29.6.3", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ { - "ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", - "dependsOn": [ - "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", - "path-exists@4.0.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@29.6.3#packages/diff-sequences", + "externalReferences": [ { - "ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", - "dependsOn": [ - "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0" - ] + "url": "git+https://github.com/jestjs/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", - "dependsOn": [ - "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0" - ] + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", - "dependsOn": [ - "p-try@2.2.0" - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", - "dependsOn": [ - "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", - "esprima@4.0.1" - ] - }, + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12378f2b5b2b0f73f4f28da3e1fd04c67ca5a91b3907db498dca7db7592b1f6a918bc08276c61fc1ef498122eeac5056c2ae2e3a58a9cdf9397c736fc052abf1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", - "dependsOn": [ - "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "29.7.0", + "bom-ref": "pretty-format@29.7.0", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ { - "ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@29.7.0#packages/pretty-format", + "externalReferences": [ { - "ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + "url": "git+https://github.com/jestjs/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "camelcase@5.3.1" + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "test-exclude@6.0.0", - "dependsOn": [ - "@istanbuljs/schema@0.1.3", - "glob@7.2.3", - "test-exclude@6.0.0|minimatch@3.1.2" - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "test-exclude@6.0.0|minimatch@3.1.2", - "dependsOn": [ - "test-exclude@6.0.0|brace-expansion@1.1.11" - ] - }, + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3dd970fe83f137e69776633d474d09542f56545a022d3289bc354b82627ea807df04cc6c57ce65fcbbbbb0dc78cd2ccfca82f67ae226b84c0784e5dd12034565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "test-exclude@6.0.0|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "29.7.0", + "bom-ref": "jest-message-util@29.7.0", + "licenses": [ { - "ref": "@types/babel__generator@7.6.8", - "dependsOn": [ - "@babel/types@7.24.0" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@29.7.0#packages/jest-message-util", + "externalReferences": [ { - "ref": "@types/babel__template@7.4.4", - "dependsOn": [ - "@babel/parser@7.24.4", - "@babel/types@7.24.0" - ] + "url": "git+https://github.com/jestjs/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "babel-preset-jest@29.6.3", - "dependsOn": [ - "@babel/core@7.24.4", - "babel-plugin-jest-hoist@29.6.3", - "babel-preset-current-node-syntax@1.0.1" - ] + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "babel-plugin-jest-hoist@29.6.3", - "dependsOn": [ - "@babel/template@7.24.0", - "@babel/types@7.24.0", - "@types/babel__core@7.20.5", - "@types/babel__traverse@7.20.5" - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "ts-mocha@10.0.0", - "dependsOn": [ - "mocha@10.4.0", - "ts-mocha@10.0.0|ts-node@7.0.1", - "tsconfig-paths@3.15.0" - ] - }, + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "181115e064400de3feaad076fbabbad6cb5e6bc98670e4f8982b6b608499c1fbbdfc8487149ff9cce31761ba4113d46c4b9f866fadc35b81609a7289efd29feb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "ts-mocha@10.0.0|ts-node@7.0.1", - "dependsOn": [ - "ts-mocha@10.0.0|arrify@1.0.1", - "buffer-from@1.1.2", - "ts-mocha@10.0.0|diff@3.5.0", - "make-error@1.3.6", - "minimist@1.2.8", - "ts-mocha@10.0.0|mkdirp@0.5.6", - "source-map-support@0.5.13", - "ts-mocha@10.0.0|yn@2.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/types@29.6.3", + "licenses": [ { - "ref": "ts-mocha@10.0.0|arrify@1.0.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@29.6.3#packages/jest-types", + "externalReferences": [ { - "ref": "ts-mocha@10.0.0|diff@3.5.0" + "url": "git+https://github.com/jestjs/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "ts-mocha@10.0.0|mkdirp@0.5.6", - "dependsOn": [ - "minimist@1.2.8" - ] + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "ts-mocha@10.0.0|yn@2.0.0" + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "buffer-from@1.1.2" - }, + "url": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb750fb088a558a38cdc5f425edac6f0b10998dc70a02402fd7563e082985efbe9c7b4088bf2a0d4b239b83983a4a95a73ad8d52d5fb78b8d187e8d565c2cecf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "tsconfig-paths@3.15.0", - "dependsOn": [ - "@types/json5@0.0.29", - "tsconfig-paths@3.15.0|json5@1.0.2", - "minimist@1.2.8", - "tsconfig-paths@3.15.0|strip-bom@3.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "29.7.0", + "bom-ref": "jest-util@29.7.0", + "licenses": [ { - "ref": "tsconfig-paths@3.15.0|json5@1.0.2", - "dependsOn": [ - "minimist@1.2.8" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@29.7.0#packages/jest-util", + "externalReferences": [ { - "ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0" + "url": "git+https://github.com/jestjs/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@types/json5@0.0.29" + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@cspotcode/source-map-support@0.8.1", - "dependsOn": [ - "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9" - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", - "dependsOn": [ - "@jridgewell/resolve-uri@3.1.2", - "@jridgewell/sourcemap-codec@1.4.15" - ] - }, + "url": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfa11b29a8c8a6a18a539eb2e4a054832d5db758a18502605b352564702b03ff97d9a77b09be6217e00ad445952ff068ed1cfdbaeae9ab0e9288109e7d46c218" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "@tsconfig/node10@1.0.11" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/schemas@29.6.3", + "licenses": [ { - "ref": "@tsconfig/node12@1.0.11" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@29.6.3#packages/jest-schemas", + "externalReferences": [ { - "ref": "@tsconfig/node14@1.0.3" + "url": "git+https://github.com/jestjs/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "@tsconfig/node16@1.0.4" + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "acorn-walk@8.3.2" + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "create-require@1.1.1" - }, + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a8e63e57fa321998942f78129e4bf72502e7a2a55eca8225f5bcc802c5a9b544d622a84d70eb69f4fed2499c7b635bc647710728e6063ce630379a2d0bfa748" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "diff@4.0.2" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.27.8", + "bom-ref": "@sinclair/typebox@0.27.8", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ { - "ref": "v8-compile-cache-lib@3.0.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.27.8", + "externalReferences": [ { - "ref": "yn@3.1.1" + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "tsimportlib@0.0.5" + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "@colors/colors@1.6.0" + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "@dabh/diagnostics@2.0.3", - "dependsOn": [ - "colorspace@1.1.4", - "enabled@2.0.0", - "kuler@2.0.0" - ] - }, + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f858f8de948cc09b38291ac7ffddfc51ffae0042c881506643383fab5606d74763c9f0374e7ad4f0df17cea0a1fe891976ccea0504d97fdea274c7c4e659f04c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "colorspace@1.1.4", - "dependsOn": [ - "colorspace@1.1.4|color@3.2.1", - "text-hex@1.0.0" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "group": "@types", + "version": "4.0.9", + "bom-ref": "@types/js-yaml@4.0.9", + "description": "TypeScript definitions for js-yaml", + "licenses": [ { - "ref": "colorspace@1.1.4|color@3.2.1", - "dependsOn": [ - "colorspace@1.1.4|color-convert@1.9.3", - "color-string@1.9.1" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/js-yaml@4.0.9#types/js-yaml", + "externalReferences": [ { - "ref": "colorspace@1.1.4|color-convert@1.9.3", - "dependsOn": [ - "colorspace@1.1.4|color-name@1.1.3" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/js-yaml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "colorspace@1.1.4|color-name@1.1.3" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "text-hex@1.0.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "enabled@2.0.0" - }, + "url": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9383066909794c6a3f8a2a6a6f65031b65308d7ce2496921d2ecac41e953949a57d6a1a5a546589bc3e73b80f11b5a81a26b4951d609eaa47ac5d21a875d092e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "kuler@2.0.0" + "name": "cdx:npm:package:path", + "value": "node_modules/@types/js-yaml" }, { - "ref": "logform@2.6.0", - "dependsOn": [ - "@colors/colors@1.6.0", - "@types/triple-beam@1.3.5", - "fecha@4.2.3", - "ms@2.1.3", - "safe-stable-stringify@2.4.3", - "triple-beam@1.4.1" - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mocha", + "group": "@types", + "version": "10.0.6", + "bom-ref": "@types/mocha@10.0.6", + "description": "TypeScript definitions for mocha", + "licenses": [ { - "ref": "fecha@4.2.3" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mocha@10.0.6#types/mocha", + "externalReferences": [ { - "ref": "safe-stable-stringify@2.4.3" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mocha", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "triple-beam@1.4.1" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "one-time@1.0.0", - "dependsOn": [ - "fn.name@1.1.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "fn.name@1.1.0" - }, + "url": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "749beb616c4ffd47179b7e909f7e9fc6150abbc03fc4c457553d9c962145d59ed403d9621b93ec8f77b3352670fb9a6e1f67330d744b7174317fc25b26dd1e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "string_decoder@1.3.0", - "dependsOn": [ - "safe-buffer@5.2.1" - ] - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mocha" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "group": "@types", + "version": "4.13.4", + "bom-ref": "@types/mock-fs@4.13.4", + "description": "TypeScript definitions for mock-fs", + "licenses": [ { - "ref": "stack-trace@0.0.10" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mock-fs@4.13.4#types/mock-fs", + "externalReferences": [ { - "ref": "winston-transport@4.7.0", - "dependsOn": [ - "logform@2.6.0", - "readable-stream@3.6.2", - "triple-beam@1.4.1" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mock-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "xlsx-populate@1.21.0", - "dependsOn": [ - "cfb@1.2.2", - "jszip@3.10.1", - "lodash@4.17.21", - "xlsx-populate@1.21.0|sax@1.3.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "xlsx-populate@1.21.0|sax@1.3.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "cfb@1.2.2", - "dependsOn": [ - "adler-32@1.3.1", - "crc-32@1.2.2" - ] - }, + "url": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "99798cd28ea550b3c8f33dd7367402a4bd011b13f0c75525d705d810f04697879f4a1cb15b64659f424e3c4586c9969864c33a3955ccff5e7352e14c639da58e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "adler-32@1.3.1" + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mock-fs" }, { - "ref": "crc-32@1.2.2" - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "undici-types", + "version": "5.26.5", + "bom-ref": "undici-types@5.26.5", + "description": "A stand-alone types package for Undici", + "licenses": [ { - "ref": "jszip@3.10.1", - "dependsOn": [ - "lie@3.3.0", - "pako@1.0.11", - "jszip@3.10.1|readable-stream@2.3.8", - "setimmediate@1.0.5" - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/undici-types@5.26.5", + "externalReferences": [ { - "ref": "jszip@3.10.1|readable-stream@2.3.8", - "dependsOn": [ - "core-util-is@1.0.3", - "inherits@2.0.4", - "isarray@1.0.0", - "process-nextick-args@2.0.1", - "jszip@3.10.1|safe-buffer@5.1.2", - "jszip@3.10.1|string_decoder@1.1.1", - "util-deprecate@1.0.2" - ] + "url": "git+https://github.com/nodejs/undici.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "ref": "jszip@3.10.1|safe-buffer@5.1.2" + "url": "https://undici.nodejs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "jszip@3.10.1|string_decoder@1.1.1", - "dependsOn": [ - "jszip@3.10.1|safe-buffer@5.1.2" - ] + "url": "https://github.com/nodejs/undici/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "lie@3.3.0", - "dependsOn": [ - "immediate@3.0.6" - ] - }, + "url": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26508c3be7a174420aaa517193a21f568014566833edc53bcc3fe1f57674ab37a8b121e650954ecd242fbd84985979055c2f887cb29221f7e1bf4b1566ea7aa4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "immediate@3.0.6" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/undici-types" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "group": "@types", + "version": "1.3.3", + "bom-ref": "@types/objects-to-csv@1.3.3", + "description": "TypeScript definitions for objects-to-csv", + "licenses": [ { - "ref": "pako@1.0.11" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/objects-to-csv@1.3.3#types/objects-to-csv", + "externalReferences": [ { - "ref": "core-util-is@1.0.3" + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/objects-to-csv", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "isarray@1.0.0" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/objects-to-csv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "process-nextick-args@2.0.1" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "setimmediate@1.0.5" - }, + "url": "https://registry.npmjs.org/@types/objects-to-csv/-/objects-to-csv-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0be7cc752da02beacd51ce620231ff778cfea0d6b272d06ba45e46f433b84a9a81efcc06fd3929d917c8f3fe9a29ffd1f8b39a0117106b14371bfe9498083c19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "sax@1.2.1" - }, + "name": "cdx:npm:package:path", + "value": "node_modules/@types/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "group": "@types", + "version": "4.2.3", + "bom-ref": "@types/prompt-sync@4.2.3", + "description": "TypeScript definitions for prompt-sync", + "licenses": [ { - "ref": "xmlbuilder@11.0.1" - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prompt-sync@4.2.3#types/prompt-sync", + "externalReferences": [ { - "ref": "zip-lib@1.0.4", - "dependsOn": [ - "yauzl@3.1.3", - "yazl@2.5.1" - ] + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prompt-sync", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "ref": "yauzl@3.1.3", - "dependsOn": [ - "buffer-crc32@0.2.13", - "pend@1.2.0" - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prompt-sync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "ref": "buffer-crc32@0.2.13" + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "ref": "pend@1.2.0" - }, + "url": "https://registry.npmjs.org/@types/prompt-sync/-/prompt-sync-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b1efb8024b1d18c9e6a41adfea7ce6544853524a2fac877001a063a20b088ed8a383c78f760499d49bda085d2f801c9b6aa75da233845db98eaf89327d6d8c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "ref": "yazl@2.5.1", - "dependsOn": [ - "buffer-crc32@0.2.13" - ] + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prompt-sync" } ] - } - } - ], - "raw": { - "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.4", - "version": 1, - "serialNumber": "urn:uuid:7103f08b-5c5e-4b5b-b2c7-d4be65fa19fe", - "metadata": { - "timestamp": "2024-07-08T18:08:55.978Z", - "tools": [ - { - "name": "npm", - "version": "10.7.0" - }, - { - "vendor": "@cyclonedx", - "name": "cyclonedx-npm", - "version": "1.19.0", - "externalReferences": [ - { - "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ] - }, - { - "vendor": "@cyclonedx", - "name": "cyclonedx-library", - "version": "6.10.0", - "externalReferences": [ - { - "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ] - } - ], - "component": { - "type": "application", - "name": "saf", - "group": "@mitre", - "version": "1.4.7", - "bom-ref": "@mitre/saf@1.4.7", - "author": "The MITRE Security Automation Framework", - "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + }, + { + "type": "library", + "name": "tmp", + "group": "@types", + "version": "0.2.6", + "bom-ref": "@types/tmp@0.2.6", + "description": "TypeScript definitions for tmp", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40mitre/saf@1.4.7?vcs_url=git%2Bhttps%3A//github.com/mitre/saf.git", + "purl": "pkg:npm/%40types/tmp@0.2.6#types/tmp", "externalReferences": [ { - "url": "git+https://github.com/mitre/saf.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/tmp", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/mitre/saf", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mitre/saf/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72185a35fda82879519031adfad88a136679689eaa6a59bb67dae52dd07098e88001fd3d610befa0b5e358ae0758f175c54fdfaaf3207cd7e956806c700fed28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "" + "value": "node_modules/@types/tmp" } ] - } - }, - "components": [ + }, { "type": "library", - "name": "client-config-service", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Config Service Client for Node.js, Browser and React Native", + "name": "uuid", + "group": "@types", + "version": "9.0.8", + "bom-ref": "@types/uuid@9.0.8", + "description": "TypeScript definitions for uuid", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-config-service@3.590.0#clients/client-config-service", + "purl": "pkg:npm/%40types/uuid@9.0.8#types/uuid", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-config-service", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/uuid", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-config-service", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-config-service/-/client-config-service-3.590.0.tgz", + "url": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1ad29ae81b639104043527461f1bd58d83f0294a7d812a161b7210ff7855d54705dae36775d2b2269d856e08b21e4ed081c2c93ba6c189b90327e25fcb03aa3e" + "content": "8e0fbdec4188718f4018724945a68f5607ad283b2b4e06d18d0e4cb208e1fc340a1059740edc91aff5423b20f54f647530d7963cafeeec9a068650d99ca0407c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -11207,913 +110544,319 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service" + "value": "node_modules/@types/uuid" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@7.12.0#packages/eslint-plugin", + "externalReferences": [ { - "type": "library", - "name": "client-sso-oidc", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso-oidc" - } - ] + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "client-sts", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sts" - } - ] + "url": "https://typescript-eslint.io/packages/eslint-plugin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "core", - "group": "@aws-sdk", - "version": "3.588.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", - "author": "AWS SDK for JavaScript Team", - "description": "Core functions & classes shared by multiple AWS SDK clients", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "ec5f757dc6ee0dffdddd2f28db5fabdd99dc18891effe7969341293b6d4b5e10df2da86b89917d0868f87db01eb448e56817637529bd6ba55e5dba5b4fa678d1" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/core" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "group": "@eslint-community", + "version": "4.10.0", + "bom-ref": "@eslint-community/regexpp@4.10.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/regexpp@4.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "credential-provider-node", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from a Node.JS environment. ", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-node" - } - ] + "url": "https://github.com/eslint-community/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "middleware-user-agent", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/middleware-user-agent" - } - ] + "url": "https://github.com/eslint-community/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "region-config-resolver", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "0aef7a49dd81cbd982353c768b228e9aad74bf6da351542fd25427946372d7aa04f79f3dc84f900033dbacc182900e7570a6528373eefda4c955319f2ffaa350" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/region-config-resolver" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/regexpp" }, { - "type": "library", - "name": "util-endpoints", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "Utilities to help with endpoint resolution", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-endpoints" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/parser@7.7.1", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@7.7.1#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "util-user-agent-node", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-user-agent-node" - } - ] + "url": "https://typescript-eslint.io/packages/parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "fast-xml-parser", - "version": "4.2.5", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", - "author": "Amit Gupta", - "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fast-xml-parser@4.2.5", - "externalReferences": [ - { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/fast-xml-parser" - } - ] + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "credential-provider-env", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from known environment variables", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "be63f304e3adcf8f05e89006552fe46589381245daa3a886ac3f37f2ca75c37350402d16f2bcbfabae35294e0fac6ec028d01fe7a34e711f063a91fc97d14f0b" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-env" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/parser" }, { - "type": "library", - "name": "credential-provider-http", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider for containers and HTTP sources", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-http" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/scope-manager@7.7.1", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.7.1#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "credential-provider-ini", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-ini" - } - ] + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "credential-provider-process", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-process" - } - ] + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "credential-provider-sso", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "3f2b4189fd9217ef52a4450aca7627e60d511c575d254732ca71a9ced5f797f8a4eca99912fd7d5823215019075cf53d7acfd55860f7ff3837c20f74f83876ac" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-sso" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/scope-manager" }, { - "type": "library", - "name": "credential-provider-web-identity", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-web-identity" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/types@7.7.1", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.7.1#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "client-sso", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso" - } - ] + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "token-providers", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "A collection of token providers", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz", + "type": "distribution", + "hashes": [ { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/token-providers" + "alg": "SHA-512", + "content": "0263e69c65b564b4e959afbfda898facf7d1ec171b514e2885ae5521b49b4b56b54eff7ae9b925bcb357c69de6adb73e3f68f830d3937c37df36c938a3473aff" } - ] + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "sha256-browser", - "group": "@aws-crypto", - "version": "3.0.0", - "bom-ref": "@aws-crypto/sha256-browser@3.0.0", - "author": "AWS Crypto Tools Team", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/visitor-keys@7.7.1", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-crypto/sha256-browser@3.0.0", + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.7.1#packages/visitor-keys", "externalReferences": [ { - "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-browser", + "url": "https://typescript-eslint.io", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f152e65b607e82315b539b8c7aab5033a363d3f1756eba3cd31417096e824015a0a2c1565d3c7beda78e17908020099b38aeb849d30125d36be89e35c8fe66bd" + "content": "8012f712adb9b800f0d4b43d915a5fde144cf835b3b34b999271d82b786ae237133ea5420a51c60e707a514515d9215e05e0382961d66db2ea99b19c6781586f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12122,101 +110865,106 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/sha256-browser" + "value": "node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/typescript-estree@7.7.1", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } } ], - "components": [ + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.7.1#packages/typescript-estree", + "externalReferences": [ { - "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", - "licenses": [ - { - "license": { - "id": "0BSD" - } - } - ], - "purl": "pkg:npm/tslib@1.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/Microsoft/tslib.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://www.typescriptlang.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Microsoft/TypeScript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "0977b4247097aeef056b7e9db5e5ea987d98c6780a2639102e3c73a23e8b630cd9eea66f82c2d273e7aa22d0aba88a29f1597650aa008b44ad556bbdec541921" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/sha256-browser/node_modules/tslib" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ie11-detection", - "group": "@aws-crypto", - "version": "3.0.0", - "bom-ref": "@aws-crypto/ie11-detection@3.0.0", - "author": "AWS Crypto Tools Team", - "description": "Provides functions and types for detecting if the host environment is IE11", + "name": "ts-api-utils", + "version": "1.3.0", + "bom-ref": "ts-api-utils@1.3.0", + "author": "JoshuaKGoldberg", + "description": "Utility functions for working with TypeScript's API. Successor to the wonderful tsutils. 🛠️️", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-crypto/ie11-detection@3.0.0", + "purl": "pkg:npm/ts-api-utils@1.3.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "url": "git+https://github.com/JoshuaKGoldberg/ts-api-utils.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/ie11-detection", + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", + "url": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "df8d650419226350df0cd29a8bfc173376ae8cd0645d1eedab55113d00cbf708b70146c8f34351ef8b85d535c7326ee9a3501c9c593c8aed92d88794ffefc0f9" + "content": "510308a3ba5bf1646898a475ffe30554b4eba08bc356d317dcae8e522afcca72f2cc1f097ab8a89edd9b4c0b6634f6b57a402037b60f0f27fa57eca0add53e79" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12225,69 +110973,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/ie11-detection" - } - ], - "components": [ + "value": "node_modules/ts-api-utils" + }, { - "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", - "licenses": [ - { - "license": { - "id": "0BSD" - } - } - ], - "purl": "pkg:npm/tslib@1.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/Microsoft/tslib.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://www.typescriptlang.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Microsoft/TypeScript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/ie11-detection/node_modules/tslib" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "sha256-js", - "group": "@aws-crypto", - "version": "3.0.0", - "bom-ref": "@aws-crypto/sha256-js@3.0.0", - "author": "AWS Crypto Tools Team", + "name": "eslint-visitor-keys", + "version": "3.4.3", + "bom-ref": "eslint-visitor-keys@3.4.3", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", "licenses": [ { "license": { @@ -12295,30 +110995,30 @@ } } ], - "purl": "pkg:npm/%40aws-crypto/sha256-js@3.0.0", + "purl": "pkg:npm/eslint-visitor-keys@3.4.3", "externalReferences": [ { - "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-js", + "url": "https://github.com/eslint/eslint-visitor-keys#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "url": "https://github.com/eslint/eslint-visitor-keys/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3e734dee8b34fb27755ef5c0cb6dc214e9936cc683c60c57b53287c9bac9dfd63c906cc10138011626d624a1fa061cad2c8fd9caccecf3bc4238137206283abd" + "content": "c2973e2d77a2ca28acc4f944914cd4eacbf24b57eb20edcc8318f57ddcbb3e6f1883382e6b1d8ddc56bf0ff6a0d56a9b3a9add23eb98eb031497cfdad86fa26a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12327,101 +111027,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/sha256-js" - } - ], - "components": [ + "value": "node_modules/eslint-visitor-keys" + }, { - "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", - "licenses": [ - { - "license": { - "id": "0BSD" - } - } - ], - "purl": "pkg:npm/tslib@1.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/Microsoft/tslib.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://www.typescriptlang.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Microsoft/TypeScript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/sha256-js/node_modules/tslib" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "supports-web-crypto", - "group": "@aws-crypto", - "version": "3.0.0", - "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0", - "author": "AWS Crypto Tools Team", - "description": "Provides functions for detecting if the host environment supports the WebCrypto API", + "name": "eslint", + "version": "8.57.0", + "bom-ref": "eslint@8.57.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-crypto/supports-web-crypto@3.0.0", + "purl": "pkg:npm/eslint@8.57.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "url": "git+https://github.com/eslint/eslint.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/supports-web-crypto", + "url": "https://eslint.org", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "url": "https://github.com/eslint/eslint/issues/", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", + "url": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d3a84174cc1401bd96153b861bbdcb482d307cfbbddf15b0a39bcbd9eb7d7b29a09aedc8779bc500705b6a355688684f3b7eea72c7426a9fc5a97bc918958f22" + "content": "759ebe99ec6769321b481656828bb9d54e8e9b322160cd9570d76d893b48eea3cd666df9024a6bd1feafb70df0d4a9a7e4f628fad6557e1d775ab8694baa0ba9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12430,100 +111081,106 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/supports-web-crypto" + "value": "node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0", + "description": "Type utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/%40typescript-eslint/type-utils@7.12.0#packages/type-utils", + "externalReferences": [ { - "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", - "licenses": [ - { - "license": { - "id": "0BSD" - } - } - ], - "purl": "pkg:npm/tslib@1.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/Microsoft/tslib.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://www.typescriptlang.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Microsoft/TypeScript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/type-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "9626fdeadc91b4c84bc706ae0d6529fee5b714c84b03a0f4ac9f13ec7987ef1db71a4d46c30bbc519f7834c5c1bce10b9fa7e548f881ac22a57a19225f26aac0" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util", - "group": "@aws-crypto", - "version": "3.0.0", - "bom-ref": "@aws-crypto/util@3.0.0", - "author": "AWS Crypto Tools Team", + "name": "utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0", + "description": "Utilities for working with TypeScript + ESLint together", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-crypto/util@3.0.0", + "purl": "pkg:npm/%40typescript-eslint/utils@7.12.0#packages/utils", "externalReferences": [ { - "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/utils", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/util", + "url": "https://typescript-eslint.io/packages/utils", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d8e265a5e269091e3c082f2bfae2950a1cecf48ba7823f70919ae5f19d38d435845afc881c82d82823cdcc98212ac8af8fe4b798ba3a05573b981373771038eb" + "content": "63a861c31c03c78d473698ee62cc18a7a8036e4899f078a7f417f9689427d5ba53b3769f618e065fe30f63199af23b68215d864704ccfd4266ff6b86095bfe0d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12532,101 +111189,107 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/util" + "value": "node_modules/@typescript-eslint/utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "group": "@eslint-community", + "version": "4.4.0", + "bom-ref": "@eslint-community/eslint-utils@4.4.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/%40eslint-community/eslint-utils@4.4.0", + "externalReferences": [ { - "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/util@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", - "licenses": [ - { - "license": { - "id": "0BSD" - } - } - ], - "purl": "pkg:npm/tslib@1.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/Microsoft/tslib.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://www.typescriptlang.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Microsoft/TypeScript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "git+https://github.com/eslint-community/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "d7fb00e1dc2bcc1032794a10ea8c5a8472a6ad9bec9cb0a0e117f15b76451869909123503c534b57d09410540fd71f446171d3a39a7ac5d85933535ef69fc07c" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/util/node_modules/tslib" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "types", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/types@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "Types for the AWS SDK", + "name": "graphemer", + "version": "1.4.0", + "bom-ref": "graphemer@1.4.0", + "author": "Matt Davies", + "description": "A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/types@3.577.0#packages/types", + "purl": "pkg:npm/graphemer@1.4.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "url": "git+https://github.com/flmnt/graphemer.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "url": "https://github.com/flmnt/graphemer", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/flmnt/graphemer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.577.0.tgz", + "url": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "153d896444b7c0128dfda95f9a1968fb764eabf5c9d02ed039970336ba4a8c1d24a98a0a8e154a67f1f1e80ad1d1cce429f1f304112ceb2e3479b207c769d298" + "content": "12d2b0a0eea4c422fd58ee718a98874d9952cc19bb58b4fadbb4ea0bfb9545dd072a6abc357c9e6e7358c43a018bbc2df1e4d6ad4aca5c2395685abdc759206a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12635,49 +111298,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/types" + "value": "node_modules/graphemer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-utf8-browser", - "group": "@aws-sdk", - "version": "3.259.0", - "bom-ref": "@aws-sdk/util-utf8-browser@3.259.0", - "author": "AWS SDK for JavaScript Team", - "description": "A browser UTF-8 string <-> UInt8Array converter", + "name": "accurate-search", + "version": "1.2.15", + "bom-ref": "accurate-search@1.2.15", + "author": "Florin Mirel Dumitrescu", + "description": "The fastest and most accurate javascript full-text search library. Accurate search uses match distance algorithm to return the accurate order of the matching items.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/%40aws-sdk/util-utf8-browser@3.259.0#packages/util-utf8-browser", + "purl": "pkg:npm/accurate-search@1.2.15", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-utf8-browser", + "url": "git+https://github.com/florind9/accurate-search.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-utf8-browser", + "url": "https://accuratesearch.org", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/florind9/accurate-search/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", + "url": "https://registry.npmjs.org/accurate-search/-/accurate-search-1.2.15.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "52f15afef47e7b5f57a2891917c47315906bc361149105b18815b4c9840086f9370be4151a5d07de8b9c6bc2c306505f40a5f0996de1ba8ff9f47f2bc1bd7027" + "content": "2356977547875158d69468d26c177c35a304fc2414f78d87dad1cc12e6797adff16f9da60e18a421e6c08bdb9f12801ef25c331eb6c29784797ae099f0aff07c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12686,48 +111352,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/util-utf8-browser" + "value": "node_modules/accurate-search" } ] }, { "type": "library", - "name": "util-locate-window", - "group": "@aws-sdk", - "version": "3.535.0", - "bom-ref": "@aws-sdk/util-locate-window@3.535.0", - "author": "AWS SDK for JavaScript Team", + "name": "ajv", + "version": "8.16.0", + "bom-ref": "ajv@8.16.0", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/util-locate-window@3.535.0#packages/util-locate-window", + "purl": "pkg:npm/ajv@8.16.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-locate-window", + "url": "git+https://github.com/ajv-validator/ajv.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-locate-window", + "url": "https://ajv.js.org", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/ajv-validator/ajv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.535.0.tgz", + "url": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3c727748be9dda3a5c81ba9d8223f1917a6eec3adcd8f6158b0c5222abef30a843c33481d56de632fb69cf028ce0813bccb168759a3418a8c9f40b285e775784" + "content": "174b7047c535654ebb24812d7a451c2e45e4a0ee6630c9a0183f2c2bfc5417327cd398f11d097dda1226140aaa5ccc8c62348f3b250f0301d8841ef6839b135f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12736,48 +111402,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/util-locate-window" + "value": "node_modules/ajv" } ] }, { "type": "library", - "name": "tslib", - "version": "2.6.3", - "bom-ref": "tslib@2.6.3", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", + "name": "fast-deep-equal", + "version": "3.1.3", + "bom-ref": "fast-deep-equal@3.1.3", + "author": "Evgeny Poberezkin", + "description": "Fast deep equal", "licenses": [ { "license": { - "id": "0BSD" + "id": "MIT" } } ], - "purl": "pkg:npm/tslib@2.6.3", + "purl": "pkg:npm/fast-deep-equal@3.1.3", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/tslib.git", + "url": "git+https://github.com/epoberezkin/fast-deep-equal.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://github.com/epoberezkin/fast-deep-equal#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/epoberezkin/fast-deep-equal/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "url": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c4dbf12443948963c6854b9475080024f28e3897c69c8c8ac9239cd3d5e42ac81d515ff7136cefc1961d7a38e64603c281cca6d63b8b1f7db6eb203bb0414929" + "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12786,48 +111452,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tslib" + "value": "node_modules/fast-deep-equal" } ] }, { "type": "library", - "name": "middleware-host-header", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-host-header@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "json-schema-traverse", + "version": "1.0.0", + "bom-ref": "json-schema-traverse@1.0.0", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.577.0#packages/middleware-host-header", + "purl": "pkg:npm/json-schema-traverse@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.577.0.tgz", + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f5c6b9309cf8e7908e0c8557b34fec5a6266eeddd03b81146b5cdff2913c82b2e9cdfd09f786f3fec9035a6dfb3e58b5dd3dd66804011c24e21f681455f0ac5a" + "content": "34cf3f3fd9f75e35e12199f594b86415a0024ce5114178d6855e0103f4673aff31be0aadaa9017f483b89914314b1d51968e2dab37aa6f4b0e96bb9a3b2dddba" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12836,48 +111502,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-host-header" + "value": "node_modules/json-schema-traverse" } ] }, { "type": "library", - "name": "middleware-logger", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-logger@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "require-from-string", + "version": "2.0.2", + "bom-ref": "require-from-string@2.0.2", + "author": "Vsevolod Strukchinsky", + "description": "Require module from string", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.577.0#packages/middleware-logger", + "purl": "pkg:npm/require-from-string@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "url": "git+https://github.com/floatdrop/require-from-string.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "url": "https://github.com/floatdrop/require-from-string#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/floatdrop/require-from-string/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.577.0.tgz", + "url": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "68f146a468d365c25893edb86e0ee34f85dd229e369855d2b8fb78f65c392b281e7cbc8933fb01d1b28aa8f6188af5b4adcb99f5bad0e7c79950db61af3600be" + "content": "5dfd2759ee91b1ece214cbbe029f5b8a251b9a996ae92f7fa7eef0ed85cffc904786b5030d48706bebc0372b9bbaa7d9593bde53ffc36151ac0c6ed128bfef13" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12886,48 +111552,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-logger" + "value": "node_modules/require-from-string" } ] }, { "type": "library", - "name": "middleware-recursion-detection", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-recursion-detection@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "uri-js", + "version": "4.4.1", + "bom-ref": "uri-js@4.4.1", + "author": "Gary Court", + "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.577.0#packages/middleware-recursion-detection", + "purl": "pkg:npm/uri-js@4.4.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "url": "git+ssh://git@github.com/garycourt/uri-js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "url": "https://github.com/garycourt/uri-js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/garycourt/uri-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.577.0.tgz", + "url": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a67dd95447768a86ca2654771fe6c38a51e38119cdad0e873262bd673670f3d0a49f70dc6efe3cc4ebf8449beed1a53c4832e5fd2342c69a4a8de2c34cf18134" + "content": "eeb294cb2df7435c9cf7ca50d430262edc17d74f45ed321f5a55b561da3c5a5d628b549e1e279e8741c77cf78bd9f3172bacf4b3c79c2acf5fac2b8b26f9dd06" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12936,48 +111602,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-recursion-detection" + "value": "node_modules/uri-js" } ] }, { "type": "library", - "name": "util-user-agent-browser", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/util-user-agent-browser@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "punycode", + "version": "2.3.1", + "bom-ref": "punycode@2.3.1", + "author": "Mathias Bynens", + "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.577.0#packages/util-user-agent-browser", + "purl": "pkg:npm/punycode@2.3.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "url": "git+https://github.com/mathiasbynens/punycode.js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "url": "https://mths.be/punycode", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/mathiasbynens/punycode.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.577.0.tgz", + "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cc40331e047a1d6a59387ef11607892dcebf0b331cc789f1790a25671559a01e693da25ddc28f246164dd315de641d1721109699be322418328ae8172cd3242c" + "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -12986,48 +111652,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/util-user-agent-browser" + "value": "node_modules/punycode" } ] }, { "type": "library", - "name": "config-resolver", - "group": "@smithy", - "version": "3.0.1", - "bom-ref": "@smithy/config-resolver@3.0.1", - "author": "AWS SDK for JavaScript Team", + "name": "form-data", + "version": "4.0.0", + "bom-ref": "form-data@4.0.0", + "author": "Felix Geisendörfer", + "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/config-resolver@3.0.1#packages/config-resolver", + "purl": "pkg:npm/form-data@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/config-resolver", + "url": "git://github.com/form-data/form-data.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/config-resolver", + "url": "https://github.com/form-data/form-data#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/form-data/form-data/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.1.tgz", + "url": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "85b91825cdb44810f3daaa8bcedb6323f12a5de9ad996934a284739cbb225e9df4eba290453bee2876bb5388c264226ae83a33aafcb4475fef344482f629cf26" + "content": "1131249521a2e6dd10319ba25e803f43abdc9f170b40fe6f76e812a6e0328ba4951a2d9c94f3e9fb180486e31a1c2fb31a09f7d4a776df95b7e5fec7ca491ac3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13036,48 +111702,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/config-resolver" + "value": "node_modules/form-data" } ] }, { "type": "library", - "name": "core", - "group": "@smithy", - "version": "2.1.1", - "bom-ref": "@smithy/core@2.1.1", - "author": "AWS Smithy Team", + "name": "proxy-from-env", + "version": "1.1.0", + "bom-ref": "proxy-from-env@1.1.0", + "author": "Rob Wu", + "description": "Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/core@2.1.1#packages/core", + "purl": "pkg:npm/proxy-from-env@1.1.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/core", + "url": "git+https://github.com/Rob--W/proxy-from-env.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/core", + "url": "https://github.com/Rob--W/proxy-from-env#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/Rob--W/proxy-from-env/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/core/-/core-2.1.1.tgz", + "url": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d2f6c8c3051c83414c85354980c85bb1148014bd2bc1dbb2fce433ed7ab5a495c93b2686bfe3c68e3d6219ac119730543c0e41909bfb4baabe614d94f2093f58" + "content": "0fece439109b03d7f5b5d5912b445a091dc63efe7470cc5caf3e17f24e4b4d2503d43930e3b98a24465036e9c8b514e45b082d6944a8d515454481bd65788562" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13086,49 +111752,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/core" + "value": "node_modules/proxy-from-env" } ] }, { "type": "library", - "name": "fetch-http-handler", - "group": "@smithy", - "version": "3.0.1", - "bom-ref": "@smithy/fetch-http-handler@3.0.1", - "author": "AWS SDK for JavaScript Team", - "description": "Provides a way to make requests", + "name": "assertion-error", + "version": "1.1.0", + "bom-ref": "assertion-error@1.1.0", + "author": "Jake Luer", + "description": "Error constructor for test and validation frameworks that implements standardized AssertionError specification.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/fetch-http-handler@3.0.1#packages/fetch-http-handler", + "purl": "pkg:npm/assertion-error@1.1.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/fetch-http-handler", + "url": "git+ssh://git@github.com/chaijs/assertion-error.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/fetch-http-handler", + "url": "https://github.com/chaijs/assertion-error#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/chaijs/assertion-error/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.0.1.tgz", + "url": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b9a1fbe22e410e3fab070a106978a82a923448704916d395c33ac2a71671a61396d248b98e18fb757bc33183362097a6f13a5d16f4b6882d3cb2339b95f14616" + "content": "8e0b1a35dbb3fa776f1b216ddee4ae5aabf2e250a72098a8beda2e40de4964738a092d90ba111d6dc407161564b33d8dd94f615c9a3ca1d1bb113c969447ae0f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13137,48 +111802,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/fetch-http-handler" + "value": "node_modules/assertion-error" } ] }, { "type": "library", - "name": "hash-node", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/hash-node@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "check-error", + "version": "1.0.3", + "bom-ref": "check-error@1.0.3", + "author": "Jake Luer", + "description": "Error comparison and information related utility for node and the browser", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/hash-node@3.0.0#packages/hash-node", + "purl": "pkg:npm/check-error@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-node", + "url": "git+ssh://git@github.com/chaijs/check-error.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-node", + "url": "https://github.com/chaijs/check-error#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/chaijs/check-error/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.0.tgz", + "url": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f38a97b2d35e98fdd74b98dca1fd1e97af9b0df8f3baf8493d04c47eba37960b5b0ad2a0ccf9b7320892e9e85754f8de439f894b41ea993cfc7ff4587f31d5c7" + "content": "88a1280d869199dd66c4cf746b63847d6863b233e960fb90fa5318b28c41d76ebeb7c7f0ef24843b8f2798383908e4e3c4323ae7f636396a5e10793764e7bcce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13187,48 +111852,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/hash-node" + "value": "node_modules/check-error" } ] }, { "type": "library", - "name": "invalid-dependency", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/invalid-dependency@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "get-func-name", + "version": "2.0.2", + "bom-ref": "get-func-name@2.0.2", + "author": "Jake Luer", + "description": "Utility for getting a function's name for node and the browser", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/invalid-dependency@3.0.0#packages/invalid-dependency", + "purl": "pkg:npm/get-func-name@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/invalid-dependency", + "url": "git+ssh://git@github.com/chaijs/get-func-name.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/invalid-dependency", + "url": "https://github.com/chaijs/get-func-name#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/chaijs/get-func-name/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.0.tgz", + "url": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "17ac0105a105809ce3d2ce0a5259622063e6a977a6c0fe846af82f0ea630087e343b95ebda2307bd2f2da1d986559b6e242a2b0645ec60bc93bb83ee8b356ae6" + "content": "f2f5cebee135ebb0ad21cdcec88b5ca3b37f76946d05b60eb0fb170b3ed7fcf3279468d88d21ae64980cd58ee699ec3b04a7fd06abcb5f6b67395cb504152cc5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13237,48 +111902,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/invalid-dependency" + "value": "node_modules/get-func-name" } ] }, { "type": "library", - "name": "middleware-content-length", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/middleware-content-length@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "deep-eql", + "version": "4.1.3", + "bom-ref": "deep-eql@4.1.3", + "author": "Jake Luer", + "description": "Improved deep equality testing for Node.js and the browser.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/middleware-content-length@3.0.0#packages/middleware-content-length", + "purl": "pkg:npm/deep-eql@4.1.3", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-content-length", + "url": "git+ssh://git@github.com/chaijs/deep-eql.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-content-length", + "url": "https://github.com/chaijs/deep-eql#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/chaijs/deep-eql/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.0.tgz", + "url": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dc2e2ce1dfe21a86e00ad936b67596ebecd24ce060d4f4409b6bed5992ddae2c13ae815b6d6352af795ccb31ddad01e71176020b92b9d846e97e875a21463cb2" + "content": "59a12d00ea51035310d1ea21a998e9183f33748d0ebec9bc9a616168337c76f0d9cf2a1431c6039dfe58ea2bbb1d35f17fc2434b6dea59ae1afa12820f238fcf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13287,48 +111952,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/middleware-content-length" + "value": "node_modules/deep-eql" } ] }, { "type": "library", - "name": "middleware-endpoint", - "group": "@smithy", - "version": "3.0.1", - "bom-ref": "@smithy/middleware-endpoint@3.0.1", - "author": "AWS SDK for JavaScript Team", + "name": "loupe", + "version": "2.3.7", + "bom-ref": "loupe@2.3.7", + "author": "Veselin Todorov", + "description": "Inspect utility for Node.js and browsers", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/middleware-endpoint@3.0.1#packages/middleware-endpoint", + "purl": "pkg:npm/loupe@2.3.7", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-endpoint", + "url": "git+https://github.com/chaijs/loupe.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-endpoint", + "url": "https://github.com/chaijs/loupe", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/chaijs/loupe/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.0.1.tgz", + "url": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "950fd439d183e0a33990b662025d2af10cb774f6f29ef0172807579d896b0353a9694c2bfa7792b15a240d9a58e9955be58c7c8e7bacdbdbafe975a933d3f849" + "content": "cd230834655891da5848e0662e2d03d54a3b254f6755d40aac7c42f1e62557ef5828af5678fa8094bee54a5a2b1bf536170d70d214c199a6bf8eb43751b3c7b4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13337,48 +112002,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/middleware-endpoint" + "value": "node_modules/loupe" } ] }, { "type": "library", - "name": "middleware-retry", - "group": "@smithy", - "version": "3.0.3", - "bom-ref": "@smithy/middleware-retry@3.0.3", - "author": "AWS SDK for JavaScript Team", + "name": "pathval", + "version": "1.1.1", + "bom-ref": "pathval@1.1.1", + "author": "Veselin Todorov", + "description": "Object value retrieval given a string path", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/middleware-retry@3.0.3#packages/middleware-retry", + "purl": "pkg:npm/pathval@1.1.1", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-retry", + "url": "git+ssh://git@github.com/chaijs/pathval.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-retry", + "url": "https://github.com/chaijs/pathval", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/chaijs/pathval/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.3.tgz", + "url": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5af7b5ab325bf3754453feaafbf2347107409039eecc42c2e88bc80700f3504886a4aa97817d6fd74154b9919b452e8ebff3fe1c7b61700a07389650bd934090" + "content": "0e9eb31aaa537444dd47ade57a12583de20eaa988d04db5cec1a5648bace8deed4688b04e5a63ddabfc0ba7400eebb17bdeb7796b277267657dbd50f4ca5f229" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13387,48 +112052,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/middleware-retry" + "value": "node_modules/pathval" } ] }, { "type": "library", - "name": "middleware-serde", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/middleware-serde@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "colors", + "version": "1.4.0", + "bom-ref": "colors@1.4.0", + "author": "Marak Squires", + "description": "get colors in your node.js console", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/middleware-serde@3.0.0#packages/middleware-serde", + "purl": "pkg:npm/colors@1.4.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-serde", + "url": "git+ssh://git@github.com/Marak/colors.js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-serde", + "url": "https://github.com/Marak/colors.js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/Marak/colors.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.0.tgz", + "url": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "235bca1b57e823ea0f806f6bec8318d52fb10679809f5212aa9968cafaa4c07a126fc54fb278070d33a0606601a27b8e2a775a591506259aca6182c1f809deeb" + "content": "6be52a4e1e2481983f4a51af7dbcc31e9811bbb00040e9a6a911c99f185164808a1544fdd5bad584d36de7c08c594f4fb016efdcf0c26541db571b83887da6b4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13437,49 +112102,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/middleware-serde" + "value": "node_modules/colors" } ] }, { "type": "library", - "name": "middleware-stack", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/middleware-stack@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "Provides a means for composing multiple middleware functions into a single handler", + "name": "csv-parse", + "version": "4.16.3", + "bom-ref": "csv-parse@4.16.3", + "author": "David Worms", + "description": "CSV parsing implementing the Node.js `stream.Transform` API", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/middleware-stack@3.0.0#packages/middleware-stack", + "purl": "pkg:npm/csv-parse@4.16.3", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-stack", + "url": "git+https://github.com/wdavidw/node-csv-parse.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-stack", + "url": "https://csv.js.org/parse/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/wdavidw/node-csv-parse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.0.tgz", + "url": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.16.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f87d239b27c0c874455e6eb0ba7b24b8d02ab63ef27e6c0507a169dfb7a7cada76ab4e3bfce77dc5eb446946e5bb22263a51a71a969519a55f8f06b04abfa2e9" + "content": "70ed48ff39b3e30d9d70a1d5be90abec9551bbcfc5ca61b9384a66bec65895c718a253c12e85462941e03687386469057859561840e633204cf934ea45d5bfc2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13488,49 +112152,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/middleware-stack" + "value": "node_modules/csv-parse" } ] }, { "type": "library", - "name": "node-config-provider", - "group": "@smithy", - "version": "3.1.0", - "bom-ref": "@smithy/node-config-provider@3.1.0", - "author": "AWS SDK for JavaScript Team", - "description": "Load config default values from ini config files and environmental variable", + "name": "dotenv", + "version": "16.4.5", + "bom-ref": "dotenv@16.4.5", + "description": "Loads environment variables from .env file", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40smithy/node-config-provider@3.1.0#packages/node-config-provider", + "purl": "pkg:npm/dotenv@16.4.5", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-config-provider", + "url": "git://github.com/motdotla/dotenv.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-config-provider", + "url": "https://github.com/motdotla/dotenv#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/motdotla/dotenv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.0.tgz", + "url": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9e07c1f1022d51f4c54df1ccbcab9cda0d56eb4575bab220647a83d49345642dad4d65da86a7f65ef297a9c052ef266a47b1aa910419cb5d72fe534e516ceaed" + "content": "66674bdabba2f9e07663086c5b38c89d1f0b95db591c60e8435ba01fce69a472b0a541cbee3eeb3744e2f4d0a71a241b85a675d45a51fbb6a8d5d36c99db8d52" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13539,49 +112201,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/node-config-provider" + "value": "node_modules/dotenv" } ] }, { "type": "library", - "name": "node-http-handler", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/node-http-handler@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "Provides a way to make requests", + "name": "eslint-config-oclif-typescript", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3", + "author": "oclif", + "description": "eslint config for Typscript'd oclif", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/node-http-handler@3.0.0#packages/node-http-handler", + "purl": "pkg:npm/eslint-config-oclif-typescript@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-http-handler", + "url": "git+https://github.com/oclif/eslint-config-oclif-typescript.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-http-handler", + "url": "https://github.com/oclif/eslint-config-oclif-typescript", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/oclif/eslint-config-oclif-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.0.0.tgz", + "url": "https://registry.npmjs.org/eslint-config-oclif-typescript/-/eslint-config-oclif-typescript-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dedac3e2becd38cca0c0b6d4268e1ea1dc90bb2a405abeeebcf9de6cd27d6bbd1d421567f944bc8ff9429efa094ba0577d9785ecf924908d037a6549c3e9fe79" + "content": "4de24a5d6050dee28cb73833fbe505356a5ed560b1f267ea46ecd9cb52e2ad112046556feb9e929151b880d65ab79ad13484207c39934be61e6f12b4da47f294" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13590,48 +112251,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/node-http-handler" + "value": "node_modules/eslint-config-oclif-typescript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "protocol-http", - "group": "@smithy", - "version": "4.0.0", - "bom-ref": "@smithy/protocol-http@4.0.0", - "author": "AWS Smithy Team", + "name": "experimental-utils", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0", + "description": "(Experimental) Utilities for working with TypeScript + ESLint together", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/protocol-http@4.0.0#packages/protocol-http", + "purl": "pkg:npm/%40typescript-eslint/experimental-utils@4.33.0#packages/experimental-utils", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/protocol-http", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/experimental-utils", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/protocol-http", + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.0.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.33.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a8e4193842365cb5915813bd020218b87baa8d9d9cb32afcfc89601431c336e2202c0311c76065f1c9395390fa561f433dda1a569bb3c1631ad3171d2f83bf01" + "content": "cde4233a8112e491634e7021239418ed9be27333330e9b65b35e4616c23a8f250eab490e7fdf96a27921b652218744601d19ea8f981d3715b98f512f032620e9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13640,48 +112305,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/protocol-http" + "value": "node_modules/@typescript-eslint/experimental-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "smithy-client", - "group": "@smithy", - "version": "3.1.1", - "bom-ref": "@smithy/smithy-client@3.1.1", - "author": "AWS SDK for JavaScript Team", + "name": "json-schema", + "group": "@types", + "version": "7.0.15", + "bom-ref": "@types/json-schema@7.0.15", + "description": "TypeScript definitions for json-schema", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/smithy-client@3.1.1#packages/smithy-client", + "purl": "pkg:npm/%40types/json-schema@7.0.15#types/json-schema", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/smithy-client", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-schema", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/smithy-client", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.1.tgz", + "url": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b63e0abbb329cd947c72656e3dc49bacb155c66a6d5a4b6624cc124ffb8812ae2c6ab69b11d17c09b99075807bb89fd7e7542ad846309d1b284bb85d47807bac" + "content": "e7e7cff0ff0c14d0be0326420f1ac1da991914f1b3a90594ce949ebae54bbe6f1531ca2b3586af06aa057312bc6d0cf842c6e7e2850411e9b8c032df732b061c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13690,48 +112359,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/smithy-client" + "value": "node_modules/@types/json-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "types", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/types@3.0.0", - "author": "AWS Smithy Team", + "name": "tsutils", + "version": "3.21.0", + "bom-ref": "tsutils@3.21.0", + "author": "Klaus Meinhardt", + "description": "utilities for working with typescript's AST", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/types@3.0.0#packages/types", + "purl": "pkg:npm/tsutils@3.21.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/types", + "url": "git+https://github.com/ajafff/tsutils.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/types", + "url": "https://github.com/ajafff/tsutils#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/ajafff/tsutils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/types/-/types-3.0.0.tgz", + "url": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "56f5ae424d91285b8eafdf201618dc6bb7e4052fb12cb5114fc6d48e4e5742857464b9bb58fc163cf637fc0c334cbb940437a82830ad85f7b502c4d459a48487" + "content": "98728ade25172fedd417ac4be64d0f12129150128f042bfff919043a98d15b1c71dbb28a4419a603ad00f6980e52f322f062a144c3c49a30513f3b365bb3b538" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13740,48 +112413,51 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/types" + "value": "node_modules/tsutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "url-parser", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/url-parser@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "esrecurse", + "version": "4.3.0", + "bom-ref": "esrecurse@4.3.0", + "description": "ECMAScript AST recursive visitor", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40smithy/url-parser@3.0.0#packages/url-parser", + "purl": "pkg:npm/esrecurse@4.3.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/url-parser", + "url": "git+https://github.com/estools/esrecurse.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/url-parser", + "url": "https://github.com/estools/esrecurse", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/estools/esrecurse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.0.tgz", + "url": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d972dacc5814bbe60e187b568a10771522c07c251a8d57cd05718662339a54a8cb02e031c77a52058de10602f3220075ee169fe7d80e1b78a62aa4f2f2672b8f" + "content": "2a67ca2f76fa1be457bcff0dd6faf74ead642ffa021609f63585c4b6a3fcfcbde929aa540381bc70555aa05dd2537db7083e17ca947f7df8a81e692d8bafd36a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13790,49 +112466,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/url-parser" + "value": "node_modules/esrecurse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-base64", - "group": "@smithy", + "name": "eslint-utils", "version": "3.0.0", - "bom-ref": "@smithy/util-base64@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "A Base64 <-> UInt8Array converter", + "bom-ref": "eslint-utils@3.0.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/util-base64@3.0.0#packages/util-base64", + "purl": "pkg:npm/eslint-utils@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-base64", + "url": "git+https://github.com/mysticatea/eslint-utils.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-base64", + "url": "https://github.com/mysticatea/eslint-utils#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/mysticatea/eslint-utils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2b1be887942db74083b1f6a3899382a49c60b4f1d738ac2633e672e30683e3752810c03ea8fc716bdf1a13fed985d9c115915730e881479c5b71a3212edce741" + "content": "bae402e3720672dc3af29240d5181b412f3f34feeb721e82c1de23dd906d828e3ff05963e1e184ed96126513778aae69554bfa18f756e59d511657a8f38b8b0c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13841,49 +112520,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-base64" + "value": "node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-body-length-browser", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/util-body-length-browser@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "Determines the length of a request body in browsers", + "name": "highlight", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/highlight@7.24.2", + "author": "The Babel Team", + "description": "Syntax highlight JavaScript strings for output in terminals.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/util-body-length-browser@3.0.0#packages/util-body-length-browser", + "purl": "pkg:npm/%40babel/highlight@7.24.2#packages/babel-highlight", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-browser", + "url": "git+https://github.com/babel/babel.git#packages/babel-highlight", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-browser", + "url": "https://babel.dev/docs/en/next/babel-highlight", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "url": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "71b8c9b3603598b626aa6c9597cd2ea0b4c984071fccc3b23e08f0018bac58a31d2de36dce6333f58c4d977fe344ba31492df092a91fd23c0d76d5d6b7210169" + "content": "61a7356a8e1f9644f14ed7820d92c4bddc60d9f65fcf5bfc338429686ca9abf58f0ea8378a31d86c37ecf8b1b986fcd2a2a69267dfd9f652923f70a3663bfea4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13892,49 +112575,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-body-length-browser" + "value": "node_modules/@babel/highlight" } ] }, { "type": "library", - "name": "util-body-length-node", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/util-body-length-node@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "Determines the length of a request body in node.js", + "name": "globals", + "version": "13.24.0", + "bom-ref": "globals@13.24.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/util-body-length-node@3.0.0#packages/util-body-length-node", + "purl": "pkg:npm/globals@13.24.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-node", + "url": "git+https://github.com/sindresorhus/globals.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-node", + "url": "https://github.com/sindresorhus/globals#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/sindresorhus/globals/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "url": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4e3ee96786d49683543fa3f3c2137b2b7f3ab664a61044fd42d420d1381d34e9f1859bc2b2c1e38bea194d422ecf110245f1bcadd9b63ccc3658216ce9e21890" + "content": "0213b9414723f2596b6c6d3d89684f536076d38275c673de2fc910995a2b4accbe4a38f5b24f2023287a714a1c1a61f82f452e840272fa124c440e26800e2615" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13943,17 +112625,20 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-body-length-node" + "value": "node_modules/globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-defaults-mode-browser", - "group": "@smithy", - "version": "3.0.3", - "bom-ref": "@smithy/util-defaults-mode-browser@3.0.3", - "author": "AWS SDK for JavaScript Team", + "name": "doctrine", + "version": "3.0.0", + "bom-ref": "doctrine@3.0.0", + "description": "JSDoc parser", "licenses": [ { "license": { @@ -13961,30 +112646,30 @@ } } ], - "purl": "pkg:npm/%40smithy/util-defaults-mode-browser@3.0.3#packages/util-defaults-mode-node", + "purl": "pkg:npm/doctrine@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "url": "git+https://github.com/eslint/doctrine.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "url": "https://github.com/eslint/doctrine", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/eslint/doctrine/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.3.tgz", + "url": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dc314e3766ef5c902e9097bea8580f57fae8ac6ed90f79b88230971c3d55e73fed80a429e4c09308b9edaddebcead5fab63f14962de579f59726e74d8395a608" + "content": "c92f90e62de105fec6064778286f1aede04d3563462d3684c306165228c860cef3ae56033340455c78e33d6956675460ed469d7597880e68bd8c5dc79aa890db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -13993,48 +112678,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-defaults-mode-browser" + "value": "node_modules/doctrine" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-defaults-mode-node", - "group": "@smithy", - "version": "3.0.3", - "bom-ref": "@smithy/util-defaults-mode-node@3.0.3", - "author": "AWS SDK for JavaScript Team", + "name": "enquirer", + "version": "2.4.1", + "bom-ref": "enquirer@2.4.1", + "author": "Jon Schlinkert", + "description": "Stylish, intuitive and user-friendly prompt system. Fast and lightweight enough for small projects, powerful and extensible enough for the most advanced use cases.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/util-defaults-mode-node@3.0.3#packages/util-defaults-mode-node", + "purl": "pkg:npm/enquirer@2.4.1", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "url": "git+https://github.com/enquirer/enquirer.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "url": "https://github.com/enquirer/enquirer", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/enquirer/enquirer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.3.tgz", + "url": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0f46fc1895de713d346daa124372227aede4de667b198f30d739a0f29768818ac6bd625e2dc21c96a93681b906e0ad03681196aceeafeabdb48b02057c362b98" + "content": "ad1a8983fea0779dfc547bd1dcf4ab75105bff5572d987f31eacef6e11884290d12886b816057fe786f9435c584b138ec0abe35f0792dba13443e9c0330a76a5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14043,49 +112732,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-defaults-mode-node" + "value": "node_modules/enquirer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-endpoints", - "group": "@smithy", - "version": "2.0.1", - "bom-ref": "@smithy/util-endpoints@2.0.1", - "author": "AWS SDK for JavaScript Team", - "description": "Utilities to help with endpoint resolution.", + "name": "ansi-colors", + "version": "4.1.1", + "bom-ref": "ansi-colors@4.1.1", + "author": "Brian Woodward", + "description": "Easily add ANSI colors to your text and symbols in the terminal. A faster drop-in replacement for chalk, kleur and turbocolor (without the dependencies and rendering bugs).", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/util-endpoints@2.0.1#packages/util-endpoints", + "purl": "pkg:npm/ansi-colors@4.1.1", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-endpoints", + "url": "git+https://github.com/doowb/ansi-colors.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-endpoints", + "url": "https://github.com/doowb/ansi-colors", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/doowb/ansi-colors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.1.tgz", + "url": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6514f45423a72a556885fa0004c73c956790a3f24416e3d672d7cd4578131dbc8e56cb0c38b60550d5ae931c621d119502157e9f773490f5becd4a9c92354f10" + "content": "2685f46a919b1da50904d97ac85fa9e89005619ebaebf86108628de6df501636c940a514fe0f0c35b1436ef7eb80a5ef23542966994f3a7c08a3df655ff00098" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14094,49 +112786,51 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-endpoints" + "value": "node_modules/ansi-colors" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-middleware", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/util-middleware@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "Shared utilities for to be used in middleware packages.", + "name": "acorn-jsx", + "version": "5.3.2", + "bom-ref": "acorn-jsx@5.3.2", + "description": "Modern, fast React.js JSX parser", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/util-middleware@3.0.0#packages/util-middleware", + "purl": "pkg:npm/acorn-jsx@5.3.2", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-middleware", + "url": "git+https://github.com/acornjs/acorn-jsx.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-middleware", + "url": "https://github.com/acornjs/acorn-jsx", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/acornjs/acorn-jsx/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.0.tgz", + "url": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ab921374e9d5da95c74950e7296af08123530c100c1cba6d144d3bb9aff94f2e56275d5bbebd2f9366bb6a0bbba9186b085450967a39bb70a7794e4410b2be0d" + "content": "aeaf6cf893617f4202863b435f196527b838d68664e52957b69d0b1f0c80e5c7a3c27eef2a62a9e293eb8ba60478fbf63d4eb9b00b1e81b5ed2229e60c50d781" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14145,49 +112839,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-middleware" + "value": "node_modules/acorn-jsx" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-retry", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/util-retry@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "Shared retry utilities to be used in middleware packages.", + "name": "esquery", + "version": "1.5.0", + "bom-ref": "esquery@1.5.0", + "author": "Joel Feenstra", + "description": "A query library for ECMAScript AST using a CSS selector like query language.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/%40smithy/util-retry@3.0.0#packages/util-retry", + "purl": "pkg:npm/esquery@1.5.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-retry", + "url": "git+https://github.com/estools/esquery.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-retry", + "url": "https://github.com/estools/esquery/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/estools/esquery/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.0.tgz", + "url": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9caf7d6ef262ce21affd438a2650ef145e39174d1680f2ca5481947c02be98387354dda16ff4b7dee5b64e5860e4f541a2a63bb4356a2f4ce6bb83b1007828f6" + "content": "6102d7529940c09802c9d43bf08309cb064271ea2a935a07d3538445d48025cffb5360329708e14822c312dab083cd7589d212ffd7c85391a31bbdc882328c56" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14196,49 +112893,51 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-retry" + "value": "node_modules/esquery" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-utf8", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/util-utf8@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "A UTF-8 string <-> UInt8Array converter", + "name": "esutils", + "version": "2.0.3", + "bom-ref": "esutils@2.0.3", + "description": "utility box for ECMAScript language tools", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40smithy/util-utf8@3.0.0#packages/util-utf8", + "purl": "pkg:npm/esutils@2.0.3", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-utf8", + "url": "git+ssh://git@github.com/estools/esutils.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-utf8", + "url": "https://github.com/estools/esutils", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/estools/esutils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "url": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ad4793d766f1167a656037bcd791976eafe88b11061df44516d71317761d0e2fc968434833a6926182c9c9d1bcdd43732d77912392bc69b61dffc4a9fd033490" + "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14247,49 +112946,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-utf8" + "value": "node_modules/esutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "signature-v4", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/signature-v4@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "A standalone implementation of the AWS Signature V4 request signing algorithm", + "name": "file-entry-cache", + "version": "6.0.1", + "bom-ref": "file-entry-cache@6.0.1", + "author": "Roy Riojas", + "description": "Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/signature-v4@3.0.0#packages/signature-v4", + "purl": "pkg:npm/file-entry-cache@6.0.1", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/signature-v4", + "url": "git+https://github.com/royriojas/file-entry-cache.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/signature-v4", + "url": "https://github.com/royriojas/file-entry-cache#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/royriojas/file-entry-cache/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-3.0.0.tgz", + "url": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "91714e90d5fe0501dedaa9cbc693046824466a9f49ead5062f373703d8dd9fe9c3e0974cc0229327ecc5c10db41a463e9805c66adc93c371dca14951dfd1f098" + "content": "ec6a6cfd75b299b2e4d902d82b8373a4c3ab623321748c57b88bf2d9006c2c4ea58eea1d2af7645acfdca72249dc25485691f43a2d47be0d68bdb3332dd14106" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14298,49 +113000,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/signature-v4" + "value": "node_modules/file-entry-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "is-array-buffer", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/is-array-buffer@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "Provides a function for detecting if an argument is an ArrayBuffer", + "name": "functional-red-black-tree", + "version": "1.0.1", + "bom-ref": "functional-red-black-tree@1.0.1", + "author": "Mikola Lysenko", + "description": "A fully persistent balanced binary search tree", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/is-array-buffer@3.0.0#packages/is-array-buffer", + "purl": "pkg:npm/functional-red-black-tree@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/is-array-buffer", + "url": "git://github.com/mikolalysenko/functional-red-black-tree.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/is-array-buffer", + "url": "https://github.com/mikolalysenko/functional-red-black-tree#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/mikolalysenko/functional-red-black-tree/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "url": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f85b2ee90e82e114898b2f3563c780a63101e6056d33ea052937df83e8d2bb0b6fa26249ae150906edb34bcc235d2807fe0d4c2845abcf20a14c17ba7256f915" + "content": "76c28d40d763eb10374fe4250030c0ee6392957d2a88c20d8e7d1c82bf9e1871ac6d21f34da6dc228833dbea7f8aa3f55ece843ffb12d926ea1fe6eb1936ead2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14349,49 +113054,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/is-array-buffer" + "value": "node_modules/functional-red-black-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-hex-encoding", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/util-hex-encoding@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "Converts binary buffers to and from lowercase hexadecimal encoding", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/util-hex-encoding@3.0.0#packages/util-hex-encoding", + "purl": "pkg:npm/imurmurhash@0.1.4", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-hex-encoding", + "url": "git+https://github.com/jensyt/imurmurhash-js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-hex-encoding", + "url": "https://github.com/jensyt/imurmurhash-js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/jensyt/imurmurhash-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "url": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7859dd8755842b960c518bf2de53e5566618fdf65c404d43f2849fe3521ddaf09e2242895cf7180c2643fb8fb156223a6f55d277bb44face40997cf3e6295a6d" + "content": "2665cc67ac2ebc398b88712697dca4cea3ba97015ba1fd061b822470668435d0910c398c5679f2eece47b0880709b6aad30d8cc8f843aa48535204b62d4d8f1c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14400,48 +113108,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-hex-encoding" + "value": "node_modules/imurmurhash" } ] }, { "type": "library", - "name": "util-uri-escape", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/util-uri-escape@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "json-stable-stringify-without-jsonify", + "version": "1.0.1", + "bom-ref": "json-stable-stringify-without-jsonify@1.0.1", + "author": "James Halliday", + "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/util-uri-escape@3.0.0#packages/util-uri-escape", + "purl": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-uri-escape", + "url": "git://github.com/samn/json-stable-stringify.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-uri-escape", + "url": "https://github.com/samn/json-stable-stringify", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/samn/json-stable-stringify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "url": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2ea47ba982e06530fb9d62c179c522e1aaa8970f0c8736bd02ba4d110f3cd4c249214dac13988708ae93772aaacdc0cbcb438f7b5d086384fc72d55db729ee6e" + "content": "05d6e8cbe97bb40dce196e858f21475a43f92ee0728f54e4df72e3caad1ac72cdd93dfff2528b6bb77cfd504a677528dc2ae9538a606940bbcec28ac562afa3f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14450,17 +113158,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-uri-escape" + "value": "node_modules/json-stable-stringify-without-jsonify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "strnum", - "version": "1.0.5", - "bom-ref": "strnum@1.0.5", - "author": "Amit Gupta", - "description": "Parse String to Number based on configuration", + "name": "levn", + "version": "0.4.1", + "bom-ref": "levn@0.4.1", + "author": "George Zahariev", + "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", "licenses": [ { "license": { @@ -14468,30 +113180,30 @@ } } ], - "purl": "pkg:npm/strnum@1.0.5", + "purl": "pkg:npm/levn@0.4.1", "externalReferences": [ { - "url": "git+https://github.com/NaturalIntelligence/strnum.git", + "url": "git://github.com/gkz/levn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/NaturalIntelligence/strnum#readme", + "url": "https://github.com/gkz/levn", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/NaturalIntelligence/strnum/issues", + "url": "https://github.com/gkz/levn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz", + "url": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "27c6db37228a5e5e6a61c477e9320ef16de6546547ae69b1b1de4f008b46926cb3c09bf26e2c36215ab99ea7748b82d2352901fecc7d5479656df15dafd93524" + "content": "f9b4f6b87e04e4b184ee1fe7ddebdc4bfb109495c2a48a7aca6f0e589e5e57afbaec3b2a97f2da693eea24102ddabcdfa1aff94011818710e2c7574cb7691029" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14500,48 +113212,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/strnum" + "value": "node_modules/levn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "property-provider", - "group": "@smithy", - "version": "3.1.0", - "bom-ref": "@smithy/property-provider@3.1.0", - "author": "AWS SDK for JavaScript Team", + "name": "lodash.merge", + "version": "4.6.2", + "bom-ref": "lodash.merge@4.6.2", + "author": "John-David Dalton", + "description": "The Lodash method `_.merge` exported as a module.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/property-provider@3.1.0#packages/property-provider", + "purl": "pkg:npm/lodash.merge@4.6.2", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/property-provider", + "url": "git+https://github.com/lodash/lodash.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/property-provider", + "url": "https://lodash.com/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/lodash/lodash/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.0.tgz", + "url": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4e3dfea1586a75981e9a30a25a31650037e1bcb1780bfb8a0ee2a8effb6512c450f7edde982ade476c67763f7bd104914ac882114f21656dfff0942efa7e70e1" + "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14550,48 +113266,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/property-provider" + "value": "node_modules/lodash.merge" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-stream", - "group": "@smithy", - "version": "3.0.1", - "bom-ref": "@smithy/util-stream@3.0.1", - "author": "AWS SDK for JavaScript Team", + "name": "optionator", + "version": "0.9.3", + "bom-ref": "optionator@0.9.3", + "author": "George Zahariev", + "description": "option parsing and help generation", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/util-stream@3.0.1#packages/util-stream", + "purl": "pkg:npm/optionator@0.9.3", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-stream", + "url": "git://github.com/gkz/optionator.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-stream", + "url": "https://github.com/gkz/optionator", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/gkz/optionator/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.0.1.tgz", + "url": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ec5ed534d840b1f31103c23df3a61d398e5f134fd3d7f663145e8e2ecaa4bd054d3f7bd9feccd80df182ca985bee2a00d3daf7d8aff4a9b4857cd154ebc692cc" + "content": "2630a8ca9a7e8ca9f5b6d105131c617ad08a789b7dce102002f7b91571e2c53bc50d6ff968492d5fd6ee7c128b45131d53b6cdb692df706bbde01ddc7442608e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14600,49 +113320,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-stream" + "value": "node_modules/optionator" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "credential-provider-imds", - "group": "@smithy", - "version": "3.1.0", - "bom-ref": "@smithy/credential-provider-imds@3.1.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service", + "name": "progress", + "version": "2.0.3", + "bom-ref": "progress@2.0.3", + "author": "TJ Holowaychuk", + "description": "Flexible ascii progress bar", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/credential-provider-imds@3.1.0#packages/credential-provider-imds", + "purl": "pkg:npm/progress@2.0.3", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/credential-provider-imds", + "url": "git://github.com/visionmedia/node-progress.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/credential-provider-imds", + "url": "https://github.com/visionmedia/node-progress#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/visionmedia/node-progress/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.1.0.tgz", + "url": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ab8038777f2ff296189ac7aefe34d2dd9e48df35e510e7b939b8be109ade54a8125725941ce77bff26950a29c2eb4406e0c4720acf7cb5cc411f520c0b46eeed" + "content": "ecf887b4b965e4b767288330d74d08fbcc495d1e605b6430598913ea226f6b46d78ad64a6bf5ccad26dd9a0debd979da89dcfd42e99dd153da32b66517d57db0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14651,48 +113374,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/credential-provider-imds" + "value": "node_modules/progress" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "shared-ini-file-loader", - "group": "@smithy", - "version": "3.1.0", - "bom-ref": "@smithy/shared-ini-file-loader@3.1.0", - "author": "AWS SDK for JavaScript Team", + "name": "regexpp", + "version": "3.2.0", + "bom-ref": "regexpp@3.2.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/shared-ini-file-loader@3.1.0#packages/shared-ini-file-loader", + "purl": "pkg:npm/regexpp@3.2.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/shared-ini-file-loader", + "url": "git+https://github.com/mysticatea/regexpp.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/shared-ini-file-loader", + "url": "https://github.com/mysticatea/regexpp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/mysticatea/regexpp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.0.tgz", + "url": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "74033bc125f4351dea4cdc8654dfe7c30a440f37d5f53ff700dd9e0011315a675ae55a99292b2394836aa263b98634161aff88224a177ecdeedaf192373f3e46" + "content": "a6ad9b5a8f66543e379dbb6cdb01afd7b5cb88d2f26be1a4959f246832d5d99d3c8030ac1a99ca9fd04531ea6f5ae1c26f256f63b279a39f8156fa106e69492e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14701,49 +113428,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/shared-ini-file-loader" + "value": "node_modules/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-config-provider", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/util-config-provider@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "Utilities package for configuration providers", + "name": "table", + "version": "6.8.2", + "bom-ref": "table@6.8.2", + "author": "Gajus Kuizinas", + "description": "Formats data into a string table.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/%40smithy/util-config-provider@3.0.0#packages/util-config-provider", + "purl": "pkg:npm/table@6.8.2", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-config-provider", + "url": "git+https://github.com/gajus/table.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-config-provider", + "url": "https://github.com/gajus/table#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/gajus/table/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "url": "https://registry.npmjs.org/table/-/table-6.8.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a5b8e4e2cd1fc2adc38bf00d2feac2bc930a3396f3010744e52ffa44be4d5e0304c45022e9481030f3a6e723da2163e9afe10e5ca5d1a27277168c4a7f898225" + "content": "c36b1fbfcd27ac08765426ea47900adbbc2cc1786a71c9360217e7356efa6de417b24199d55d761b04bfff26156b77777dcbc08a9d8e5276c30235b6937bfd7c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14752,17 +113482,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-config-provider" + "value": "node_modules/table" } ] }, { "type": "library", - "name": "bowser", - "version": "2.11.0", - "bom-ref": "bowser@2.11.0", - "author": "Dustin Diaz", - "description": "Lightweight browser detector", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", "licenses": [ { "license": { @@ -14770,30 +113500,30 @@ } } ], - "purl": "pkg:npm/bowser@2.11.0", + "purl": "pkg:npm/text-table@0.2.0", "externalReferences": [ { - "url": "git+https://github.com/lancedikson/bowser.git", + "url": "git://github.com/substack/text-table.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/lancedikson/bowser", + "url": "https://github.com/substack/text-table", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lancedikson/bowser/issues", + "url": "https://github.com/substack/text-table/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", + "url": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "02571a2418bfa6aa8904843c53d31ca5cf62f00ab19fcf1292fe5dfb1057d34e81639bbc3779862c76b92e0a696bb2ff1dfc20c0b819e8d62cf8083ab9498944" + "content": "37ef148ac0170c693c3c55cfe07033551f676df995277cd82c05a24c8a2a0b9bf98ac8a786bfabe6e68ef3eeebdc131fb8d22e7c8b00ed176956069c0b6712a7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14802,48 +113532,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/bowser" + "value": "node_modules/text-table" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "querystring-builder", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/querystring-builder@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "v8-compile-cache", + "version": "2.4.0", + "bom-ref": "v8-compile-cache@2.4.0", + "author": "Andres Suarez", + "description": "Require hook for automatic V8 compile cache persistence", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/querystring-builder@3.0.0#packages/querystring-builder", + "purl": "pkg:npm/v8-compile-cache@2.4.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-builder", + "url": "git+https://github.com/zertosh/v8-compile-cache.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-builder", + "url": "https://github.com/zertosh/v8-compile-cache#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/zertosh/v8-compile-cache/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.0.tgz", + "url": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6d6f058b4373c9f904d13990a610d7af50260436cad35700e02d59ee0830300539443cf9000bff2a6a11c334004b49315cd7ff0f600b4c48302b45367382ed46" + "content": "a1cc967376c01c107f82ecaa250548e68e016643e1ce73d8506d9e6bcd06a2777f060356a5aa7c4ce98b49e7901bb6e787628c212c6c91d0031b9f63ef3aee87" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14852,48 +113586,51 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/querystring-builder" + "value": "node_modules/v8-compile-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "util-buffer-from", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/util-buffer-from@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "confusing-browser-globals", + "version": "1.0.10", + "bom-ref": "confusing-browser-globals@1.0.10", + "description": "A list of browser globals that are often used by mistake instead of local variables", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/util-buffer-from@3.0.0#packages/util-buffer-from", + "purl": "pkg:npm/confusing-browser-globals@1.0.10#packages/confusing-browser-globals", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-buffer-from", + "url": "git+https://github.com/facebook/create-react-app.git#packages/confusing-browser-globals", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-buffer-from", + "url": "https://github.com/facebook/create-react-app#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/facebook/create-react-app/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "url": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6843870a0ab945615b3fe5033ef3e8b76e842478ce0be6d182c7b903c5771524a1a9de44e54378a9cef3930b2f24f3c056c7fbdd0c18707375fe0b7faed2f040" + "content": "80d95dff7972487c2e85a565b8950a2de3d88ab33740d08acd5c6a01d849208f7f5972955f93d447331526ca52d634ec952aa37ae1b828c5534a8ba2b7960f1c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14902,48 +113639,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-buffer-from" + "value": "node_modules/confusing-browser-globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "service-error-classification", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/service-error-classification@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "eslint-plugin-mocha", + "version": "9.0.0", + "bom-ref": "eslint-plugin-mocha@9.0.0", + "author": "Mathias Schreck", + "description": "Eslint rules for mocha.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/service-error-classification@3.0.0#packages/service-error-classification", + "purl": "pkg:npm/eslint-plugin-mocha@9.0.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/service-error-classification", + "url": "git://github.com/lo1tuma/eslint-plugin-mocha.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/service-error-classification", + "url": "https://github.com/lo1tuma/eslint-plugin-mocha", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/lo1tuma/eslint-plugin-mocha/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.0.tgz", + "url": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-9.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dc1b01b4e52dd86b277375f6ddec3eaf633bd56c2da477c40c684760748383aab5b7c16b5a1d798d3db90cb6a3155d47f8fa71009ea0a9ef7261e454b2649d14" + "content": "77b92701c423d633c2cd97f771a781227dc19d6ea291cbdfcf4912a90a703d871518ba09579b33d25d0e241d8b47c23b76f4c36eaab5a15eb29614a0cc0d74ce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -14952,16 +113693,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/service-error-classification" + "value": "node_modules/eslint-plugin-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "uuid", - "version": "9.0.1", - "bom-ref": "uuid@9.0.1", - "description": "RFC4122 (v1, v4, and v5) UUIDs", + "name": "ramda", + "version": "0.27.2", + "bom-ref": "ramda@0.27.2", + "author": "Scott Sauyet", + "description": "A practical functional library for JavaScript programmers.", "licenses": [ { "license": { @@ -14969,30 +113715,30 @@ } } ], - "purl": "pkg:npm/uuid@9.0.1", + "purl": "pkg:npm/ramda@0.27.2", "externalReferences": [ { - "url": "git+https://github.com/uuidjs/uuid.git", + "url": "git://github.com/ramda/ramda.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/uuidjs/uuid#readme", + "url": "https://ramdajs.com/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/uuidjs/uuid/issues", + "url": "https://github.com/ramda/ramda/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "url": "https://registry.npmjs.org/ramda/-/ramda-0.27.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6fed5e24e96c47d2bc1c9a68c3d3a4ddf896396488708cd7a1dbefd2b42356839536958ca717f5c19369b78cbd875d2874236baa7629d4e073464b5c9017b7b0" + "content": "49b88b3d4e3426e2678877b141202069ddf685fc1df834547701763e556e2394590f4fef6a151ca3b47cbc3f3a27fb5c10a285f6f66b515c20b66182aa508ac8" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -15001,48 +113747,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/uuid" + "value": "node_modules/ramda" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "querystring-parser", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/querystring-parser@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "eslint-plugin-node", + "version": "11.1.0", + "bom-ref": "eslint-plugin-node@11.1.0", + "author": "Toru Nagashima", + "description": "Additional ESLint's rules for Node.js", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/querystring-parser@3.0.0#packages/querystring-parser", + "purl": "pkg:npm/eslint-plugin-node@11.1.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-parser", + "url": "git+https://github.com/mysticatea/eslint-plugin-node.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-parser", + "url": "https://github.com/mysticatea/eslint-plugin-node#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/mysticatea/eslint-plugin-node/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.0.tgz", + "url": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5331f0b6193450471c578747ccfc929c1cb7e005b0dd5f6522a513c66a3343ec0f0c03bd72c09631f38b7bb57d0366a0358cbbc44f8f6f44ba2bf276dc94b37d" + "content": "a14c2d3c9d56d12283d13afec2abbdd9ce71b82790a81de14821dab27fd982315d03d88318d90d7f6662f73b58ed7fa136e3226f6dcb346466ebeb8df8a2c4de" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -15051,49 +113801,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/querystring-parser" + "value": "node_modules/eslint-plugin-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "client-securityhub", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native", + "name": "eslint-plugin-es", + "version": "3.0.1", + "bom-ref": "eslint-plugin-es@3.0.1", + "author": "Toru Nagashima", + "description": "ESLint plugin about ECMAScript syntactic features.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-securityhub@3.590.0#clients/client-securityhub", + "purl": "pkg:npm/eslint-plugin-es@3.0.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-securityhub", + "url": "git+https://github.com/mysticatea/eslint-plugin-es.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-securityhub", + "url": "https://github.com/mysticatea/eslint-plugin-es#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/mysticatea/eslint-plugin-es/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-securityhub/-/client-securityhub-3.590.0.tgz", + "url": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-3.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7cc0da783606c03b91489ecb6ea697c41b66088bb51a013b0e30dcec6364162dfcd31500d89bb9108bf63959a057c2f7b3f54f245c9baebdde57ee35adba1f92" + "content": "194980b0968de0573b19bb65f2e38195aca8d83aa1c16bc4cf290c1d20991d4dd7749f8d4b3cd97158578775715f989ca90fa841d2046b05d7f31911de620599" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -15102,914 +113855,265 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub" + "value": "node_modules/eslint-plugin-es" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } - ], - "components": [ + ] + }, + { + "type": "library", + "name": "eslint-config-oclif", + "version": "4.0.0", + "bom-ref": "eslint-config-oclif@4.0.0", + "author": "Jeff Dickey @jdxcode", + "description": "eslint config for oclif", + "licenses": [ { - "type": "library", - "name": "client-sso-oidc", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso-oidc" - } - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif@4.0.0", + "externalReferences": [ { - "type": "library", - "name": "client-sts", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sts" - } - ] + "url": "git+https://github.com/oclif/eslint-config-oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "core", - "group": "@aws-sdk", - "version": "3.588.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", - "author": "AWS SDK for JavaScript Team", - "description": "Core functions & classes shared by multiple AWS SDK clients", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/core" - } - ] + "url": "https://github.com/oclif/eslint-config-oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "credential-provider-node", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from a Node.JS environment. ", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-node" - } - ] + "url": "https://github.com/oclif/eslint-config-oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "middleware-user-agent", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/eslint-config-oclif/-/eslint-config-oclif-4.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "e6d91441e0b7deb1c0849c5a19e0466087e50cbba6795daa0ffe172c1757841ffa17ff899f075c7bdc181d2be4c74254a9441286942ff09115901a7fcf30fb86" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/middleware-user-agent" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif" }, { - "type": "library", - "name": "region-config-resolver", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/region-config-resolver" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.27.0", + "bom-ref": "eslint-config-xo-space@0.27.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.27.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "util-endpoints", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "Utilities to help with endpoint resolution", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-endpoints" - } - ] + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "util-user-agent-node", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-user-agent-node" - } - ] + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "fast-xml-parser", - "version": "4.2.5", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", - "author": "Amit Gupta", - "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fast-xml-parser@4.2.5", - "externalReferences": [ - { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.27.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "6fc5235be9d0c8e921880355a48a6daa528fc84ed7472438d2e435368061cd57eef798317d91aba658aaf191c1a5a385db008b65a7b14d28e0ed1be6f7dbe3e0" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/fast-xml-parser" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo-space" }, { - "type": "library", - "name": "credential-provider-env", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from known environment variables", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-env" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.35.0", + "bom-ref": "eslint-config-xo@0.35.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "credential-provider-http", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider for containers and HTTP sources", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-http" - } - ] + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "credential-provider-ini", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-ini" - } - ] + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "credential-provider-process", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.35.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "f96c994cb594265bc4c45ac153f2ddc3c001fd2d1ddf1fb6e8941d0566dcaa283665a5a1d338a761c1e893e113e08a0f68471145fdc513d92322d3558c1c2702" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-process" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo" }, { - "type": "library", - "name": "credential-provider-sso", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-sso" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "helper-validator-identifier", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-validator-identifier@7.22.20", + "author": "The Babel Team", + "description": "Validate identifier/keywords name", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-identifier@7.22.20#packages/babel-helper-validator-identifier", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-identifier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "credential-provider-web-identity", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-web-identity" - } - ] + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "client-sso", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso" - } - ] + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "token-providers", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "A collection of token providers", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "638399fb2b656ad47c008fbc2997cab8be6eacaa7ba9ecb4f216b7d4bf1bdc1c1ec0902825a993cf2bf13d1ff90fe2a47490863eaffef13ba41c1958d74157f4" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/token-providers" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-identifier" } ] }, { "type": "library", - "name": "xlsx", - "group": "@e965", - "version": "0.20.1", - "bom-ref": "@e965/xlsx@0.20.1", - "author": "sheetjs", - "description": "SheetJS Spreadsheet data parser and writer", + "name": "clean-regexp", + "version": "1.0.0", + "bom-ref": "clean-regexp@1.0.0", + "author": "Sam Verschueren", + "description": "Clean up regular expressions", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40e965/xlsx@0.20.1", + "purl": "pkg:npm/clean-regexp@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/e965/sheetjs-npm-publisher.git", + "url": "git+https://github.com/SamVerschueren/clean-regexp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://sheetjs.com/", + "url": "https://github.com/SamVerschueren/clean-regexp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://git.sheetjs.com/SheetJS/sheetjs/issues", + "url": "https://github.com/SamVerschueren/clean-regexp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.1.tgz", + "url": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cd1bfc34b0751fa6aa43266ddff80b8ddd31919b07fbf588462e181c0c359281123533cf9b35c96cfa8ed8730dec3641d6f9c5d5448ac50f59bd2d12f4baa66e" + "content": "19f8ac119109bf32ab9865a4bdf860cdccff06594dd5449ea83d95ead835e0e00e81a083d99fcf504bb19c067f9cfbe6687446edaf32efba754ff2114380f51f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16018,49 +114122,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@e965/xlsx" + "value": "node_modules/clean-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "emass_client", - "group": "@mitre", - "version": "3.10.0", - "bom-ref": "@mitre/emass_client@3.10.0", - "author": "OpenAPI-Generator Contributors", - "description": "OpenAPI client for @mitre/emass_client", + "name": "eslint-template-visitor", + "version": "2.3.2", + "bom-ref": "eslint-template-visitor@2.3.2", "licenses": [ { - "license": { - "id": "Apache-2.0" - } + "expression": "GPL-3.0-or-later OR MIT" } ], - "purl": "pkg:npm/%40mitre/emass_client@3.10.0", + "purl": "pkg:npm/eslint-template-visitor@2.3.2", "externalReferences": [ { - "url": "git+https://github.com/mitre/emass_client.git", + "url": "git+https://github.com/futpib/eslint-template-visitor.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mitre/emass_client#readme", + "url": "https://github.com/futpib/eslint-template-visitor#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mitre/emass_client/issues", + "url": "https://github.com/futpib/eslint-template-visitor/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@mitre/emass_client/-/emass_client-3.10.0.tgz", + "url": "https://registry.npmjs.org/eslint-template-visitor/-/eslint-template-visitor-2.3.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e10952e45a11106c15df5d35d150ad7a8e7d7a76cf08d11405e99a1331c422a5284f08bf4b64a4f7c4d429d31838c0a53f826d363e984cfaad76ae2fe821e705" + "content": "df2761a85a6e57bc7533d10ae7604f363e95d0ac2ed0a2a470801fa548701db47ca1c4659ffa141e07f142ea58f0ed61e10bff3ce1c3ba66ff070c0d7f16ed9c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16069,69 +114172,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/emass_client" - } - ], - "components": [ + "value": "node_modules/eslint-template-visitor" + }, { - "type": "library", - "name": "axios", - "version": "0.21.4", - "bom-ref": "@mitre/emass_client@3.10.0|axios@0.21.4", - "author": "Matt Zabriskie", - "description": "Promise based HTTP client for the browser and node.js", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/axios@0.21.4", - "externalReferences": [ - { - "url": "git+https://github.com/axios/axios.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://axios-http.com", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/axios/axios/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bade6f7b0922bbc8e318176aa4ce385f18ee0a3abd2c029e1d59a855f1d5cf2f1e1e0c71abc49b01540da2f0c0f26562d3990fd046bf9ff5337121dc4c941f36" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/emass_client/node_modules/axios" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "follow-redirects", - "version": "1.15.6", - "bom-ref": "follow-redirects@1.15.6", - "author": "Ruben Verborgh", - "description": "HTTP and HTTPS modules that follow redirects.", + "name": "eslint-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/eslint-parser@7.24.1", + "author": "The Babel Team", + "description": "ESLint parser that allows for linting of experimental syntax transformed by Babel", "licenses": [ { "license": { @@ -16139,30 +114195,30 @@ } } ], - "purl": "pkg:npm/follow-redirects@1.15.6", + "purl": "pkg:npm/%40babel/eslint-parser@7.24.1#eslint/babel-eslint-parser", "externalReferences": [ { - "url": "git+ssh://git@github.com/follow-redirects/follow-redirects.git", + "url": "git+https://github.com/babel/babel.git#eslint/babel-eslint-parser", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/follow-redirects/follow-redirects", + "url": "https://babel.dev/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/follow-redirects/follow-redirects/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "url": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c1637ad9821311a3a948ae7ce0465725a7c7d401a93bc45580495f92e5db4ceacf5f87c87cec84a56fc2b2235df09758ac0a0ebda7d14ce127bec3befaa0aa14" + "content": "77982ebb33253de0df6486e943cfa0d4d68236e00604118d1028741d5ab3d6c8ce7952e1d8211a89fb8ecac087d7c5115ba47ba6a5c836f7f93da47f742ea32d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16171,71 +114227,37 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/follow-redirects" - } - ] - }, - { - "type": "library", - "name": "hdf-converters", - "group": "@mitre", - "version": "2.10.8", - "bom-ref": "@mitre/hdf-converters@2.10.8", - "description": "Converter util library used to transform various scan results into HDF format", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40mitre/hdf-converters@2.10.8", - "properties": [ + "value": "node_modules/@babel/eslint-parser" + }, { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/hdf-converters" + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "js", - "group": "@mdi", - "version": "7.4.47", - "bom-ref": "@mdi/js@7.4.47", - "author": "Austin Andrews", - "description": "Dist for Material Design Icons for JS/TypeScript", + "name": "eslint-scope-5-internals", + "group": "@nicolo-ribaudo", + "version": "5.1.1-v1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "description": "Proxy package exposing internals of eslint-scope@5 for @babel/eslint-parser", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40mdi/js@7.4.47", + "purl": "pkg:npm/%40nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", "externalReferences": [ { - "url": "git+https://github.com/Templarian/MaterialDesign-JS.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Templarian/MaterialDesign-JS#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Templarian/MaterialDesign-JS/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@mdi/js/-/js-7.4.47.tgz", + "url": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "28f9cd3ad9b98b6a4c69ba99c69533ee241ffa67eb619c8a099f10373f39733804b7b72e1dc1a8ad67ddcd4316600d120fe6ba1e7e05989f98873cf38e44d9ad" + "content": "e78fc946f90b233cc35ac84259fba169d7eb7d954f884958f057209a0d47ae8125cbf1034accf384102c6ab0aec7e0ff90eb254d1aae373bb21929944934c71a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16244,50 +114266,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mdi/js" + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jsonix", - "group": "@mitre", - "version": "3.0.7", - "bom-ref": "@mitre/jsonix@3.0.7", - "author": "Alexey Valikov", - "description": "Jsonix (JSON interfaces for XML) is a JavaScript library which allows converting between XML and JSON structures.", + "name": "multimap", + "version": "1.1.0", + "bom-ref": "multimap@1.1.0", + "author": "villa.gao", + "description": "multi-map which allow multiple values for the same key", "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "http://github.com/highsource/jsonix/raw/master/LICENSE" + "id": "MIT" } } ], - "purl": "pkg:npm/%40mitre/jsonix@3.0.7", + "purl": "pkg:npm/multimap@1.1.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/mitre/jsonix.git", + "url": "git://github.com/villadora/multi-map.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://github.com/mitre/jsonix", + "url": "https://github.com/villadora/multi-map#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/mitre/jsonix/issues", + "url": "https://github.com/villadora/multi-map/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@mitre/jsonix/-/jsonix-3.0.7.tgz", + "url": "https://registry.npmjs.org/multimap/-/multimap-1.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f1a0cd2f6bf46f606a68e8bedc77fdfc4b8d914315cc53d83aeb0bc7d318fcacbd2cbcf60f90718062fcfa1e669d8a53887c859271a6e16aff3059b3ee81cb63" + "content": "d19211f4f6ac3f1197991b0417c8ec0f39ddcc70e3eed21abfe2549af20507f587b30962167aaec44093fc37bb191e3283df64cbf36544a253f361b5cb6ef56f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16296,17 +114320,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/jsonix" + "value": "node_modules/multimap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "xmldom", - "group": "@xmldom", - "version": "0.8.10", - "bom-ref": "@xmldom/xmldom@0.8.10", - "description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.", + "name": "is-builtin-module", + "version": "3.2.1", + "bom-ref": "is-builtin-module@3.2.1", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", "licenses": [ { "license": { @@ -16314,30 +114342,30 @@ } } ], - "purl": "pkg:npm/%40xmldom/xmldom@0.8.10", + "purl": "pkg:npm/is-builtin-module@3.2.1", "externalReferences": [ { - "url": "git://github.com/xmldom/xmldom.git", + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/xmldom/xmldom", + "url": "https://github.com/sindresorhus/is-builtin-module#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/xmldom/xmldom/issues", + "url": "https://github.com/sindresorhus/is-builtin-module/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz", + "url": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d9600b7d3978c68d9290609846deab0d315f93d475733981bd4432d7680ad8ab91288a5612171b6f3cbc1195edcff8e446a1d7f1b14473a142d478d7e1351663" + "content": "0522c4dc79d5dacc99d052b488c03fc941a995478c98dcf8016e5f9d3ba76c222a662e2f1b75a3253f451cccb90faf719806011d742125d00b769c15c55e74d4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16346,45 +114374,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@xmldom/xmldom" + "value": "node_modules/is-builtin-module" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "amdefine", - "version": "0.0.4", - "bom-ref": "amdefine@0.0.4", - "author": "James Burke", - "description": "Provide AMD's define() API for declaring modules in the AMD format", + "name": "pluralize", + "version": "8.0.0", + "bom-ref": "pluralize@8.0.0", + "author": "Blake Embrey", + "description": "Pluralize and singularize any word", "licenses": [ { "license": { - "name": "BSD", - "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" - } - }, - { - "license": { - "id": "MIT", - "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + "id": "MIT" } } ], - "purl": "pkg:npm/amdefine@0.0.4", + "purl": "pkg:npm/pluralize@8.0.0", "externalReferences": [ { - "url": "http://github.com/jrburke/amdefine.js", + "url": "git+https://github.com/blakeembrey/pluralize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://registry.npmjs.org/amdefine/-/amdefine-0.0.4.tgz", + "url": "https://github.com/blakeembrey/pluralize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fbdb8d95aaa6f246746d80ee845b759aa3682ccd88e00b12781fba75d74d8927e6465251ab7f0852e36d503e3ec4eccea0f96d387cd2be795282c70c7e99c30e" + "content": "35cdc84f9c87cdf9537db8e0a967023e9a3b0da2b2e059e907497fcc2016d1373b8f1022baa4b11dab27b41dc3efcf3b2d2ac0f7790327d217a2fc49631c8b08" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16393,17 +114428,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/amdefine" + "value": "node_modules/pluralize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "xmlhttprequest", - "version": "1.8.0", - "bom-ref": "xmlhttprequest@1.8.0", - "author": "Dan DeFelippi", - "description": "XMLHttpRequest for Node", + "name": "read-pkg-up", + "version": "7.0.1", + "bom-ref": "read-pkg-up@7.0.1", + "author": "Sindre Sorhus", + "description": "Read the closest package.json file", "licenses": [ { "license": { @@ -16411,30 +114450,30 @@ } } ], - "purl": "pkg:npm/xmlhttprequest@1.8.0", + "purl": "pkg:npm/read-pkg-up@7.0.1", "externalReferences": [ { - "url": "git://github.com/driverdan/node-XMLHttpRequest.git", + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/driverdan/node-XMLHttpRequest#readme", + "url": "https://github.com/sindresorhus/read-pkg-up#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/driverdan/node-XMLHttpRequest/issues", + "url": "https://github.com/sindresorhus/read-pkg-up/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/xmlhttprequest/-/xmlhttprequest-1.8.0.tgz", + "url": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e7c226fd4d2695504b337f0d7598c7ca1b8cb42a9aeb5e3af64d983ff01a3dbbc2a15f5a4065296c9063d50466db2b518954010ff7ecc3b2f66c9183550b3004" + "content": "ccad1307b5dde89a422e694b9ae7eaca4184fbf4e539e3c3eaa28294d5bb8470ca161fc9effee0096191ee3a044045b56caab76b7c9465239b3a858b150e2886" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16443,17 +114482,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/xmlhttprequest" + "value": "node_modules/read-pkg-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "csv2json", - "group": "@types", - "version": "1.4.5", - "bom-ref": "@types/csv2json@1.4.5", - "description": "TypeScript definitions for csv2json", + "name": "regexp-tree", + "version": "0.1.27", + "bom-ref": "regexp-tree@0.1.27", + "author": "Dmitry Soshnikov", + "description": "Regular Expressions parser in JavaScript", "licenses": [ { "license": { @@ -16461,30 +114504,30 @@ } } ], - "purl": "pkg:npm/%40types/csv2json@1.4.5#types/csv2json", + "purl": "pkg:npm/regexp-tree@0.1.27", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/csv2json", + "url": "git+https://github.com/DmitrySoshnikov/regexp-tree.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/csv2json", + "url": "https://github.com/DmitrySoshnikov/regexp-tree", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/DmitrySoshnikov/regexp-tree/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/csv2json/-/csv2json-1.4.5.tgz", + "url": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d79d88c649cffcca76149023a6968d23036bdae7d65ed55c6cd814fb651371ac12af61569ea85a4e4dac2153a6967b4503226b19d3400acdc0ccacf9808a4d38" + "content": "8844f1a632ba628456246e68ea15cbc2f8d80285be144667f68b343c3fdbe803fac50c2c6bf63b942560222c416d43cc7e1bbe8b62ed75e02a5538069506ab7c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16493,17 +114536,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/csv2json" + "value": "node_modules/regexp-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "pumpify", - "group": "@types", - "version": "1.4.4", - "bom-ref": "@types/pumpify@1.4.4", - "description": "TypeScript definitions for pumpify", + "name": "safe-regex", + "version": "2.1.1", + "bom-ref": "safe-regex@2.1.1", + "author": "James C.", + "description": "detect possibly catastrophic, exponential-time regular expressions", "licenses": [ { "license": { @@ -16511,30 +114558,30 @@ } } ], - "purl": "pkg:npm/%40types/pumpify@1.4.4#types/pumpify", + "purl": "pkg:npm/safe-regex@2.1.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pumpify", + "url": "git://github.com/davisjam/safe-regex.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pumpify", + "url": "https://github.com/davisjam/safe-regex", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/davisjam/safe-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/pumpify/-/pumpify-1.4.4.tgz", + "url": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f9c59b41479c0f4e0c41892334184f99c5083f7ebc6a5a189aa9be22674c280f2b329c51340859003ea0223fac0154c5d43962aab4ffa94a7a686362ffd537b7" + "content": "af1fb1f0033329be50e6543de59a22e996c9ab008b92a8b75ee257a793f7ad3f0e11ceac642246e40139754de5b2046bfc5e01b37d634a554dfa3e4aaec1aef4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16543,17 +114590,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/pumpify" + "value": "node_modules/safe-regex" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "duplexify", - "group": "@types", - "version": "3.6.4", - "bom-ref": "@types/duplexify@3.6.4", - "description": "TypeScript definitions for duplexify", + "name": "eslint-plugin-unicorn", + "version": "52.0.0", + "bom-ref": "eslint-plugin-unicorn@52.0.0", + "author": "Sindre Sorhus", + "description": "More than 100 powerful ESLint rules", "licenses": [ { "license": { @@ -16561,30 +114612,30 @@ } } ], - "purl": "pkg:npm/%40types/duplexify@3.6.4#types/duplexify", + "purl": "pkg:npm/eslint-plugin-unicorn@52.0.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/duplexify", + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/duplexify", + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/duplexify/-/duplexify-3.6.4.tgz", + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-52.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d9e6a154fb1df9dcb708be85ba003325cc68ada5a15208591844099ecd644ca7c25d6289e621bf564681d39c1156b0ca1df3852aa6f45f491787dd5e13df5166" + "content": "d58ce6eff9bed11e1d8c7d2d8c38df55e8bf8eedb0dc0cd41a31baabc267b8d20be71230b1f9720a8a16e6c7c1bd0a76a4c61015259608538db2309ac751079e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16593,17 +114644,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/duplexify" + "value": "node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "node", - "group": "@types", - "version": "20.14.1", - "bom-ref": "@types/node@20.14.1", - "description": "TypeScript definitions for node", + "name": "eslintrc", + "group": "@eslint", + "version": "2.1.4", + "bom-ref": "@eslint/eslintrc@2.1.4", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", "licenses": [ { "license": { @@ -16611,30 +114667,30 @@ } } ], - "purl": "pkg:npm/%40types/node@20.14.1#types/node", + "purl": "pkg:npm/%40eslint/eslintrc@2.1.4", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/node", + "url": "git+https://github.com/eslint/eslintrc.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node", + "url": "https://github.com/eslint/eslintrc#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/eslint/eslintrc/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/node/-/node-20.14.1.tgz", + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4f633348612efb2b01fc59167ea9a15773cbc90968c1da6d9a6803db40ba431b12f059afe528e96756b25da102d12db5fe1e5427d880e96ff9bd2354e65d3438" + "content": "dbaf59dfd312eb0549b6ca14975d0beb459d92125574f1b6e10e1e6531f79e717a969bd24a110adf04230d7f494560143ef3e1ec23a8b8fa54f48aea69916fb5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16643,48 +114699,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/node" + "value": "node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ms", - "group": "@types", - "version": "0.7.34", - "bom-ref": "@types/ms@0.7.34", - "description": "TypeScript definitions for ms", + "name": "espree", + "version": "9.6.1", + "bom-ref": "espree@9.6.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40types/ms@0.7.34#types/ms", + "purl": "pkg:npm/espree@9.6.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/ms", + "url": "git+https://github.com/eslint/espree.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/ms", + "url": "https://github.com/eslint/espree", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/eslint/espree/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "url": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9c6f7a1b75a9e9a73202026a19ab233836fe69cac8eca96d3e2471cc73d79cfdcd808dbc6e940346fe77a256ea1976df7201796a288798edf1a701294b92ddf6" + "content": "a2bb99685923a2b4e9177da40d2239ffbe558b019e6608a7186cb636839283743d6e7c259e60e6e072e7925d111379fe9e30d7474dfb698d7ec79f19ff315dc1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16693,17 +114753,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/ms" + "value": "node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "mustache", - "group": "@types", - "version": "4.2.5", - "bom-ref": "@types/mustache@4.2.5", - "description": "TypeScript definitions for mustache", + "name": "parent-module", + "version": "1.0.1", + "bom-ref": "parent-module@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the path of the parent module", "licenses": [ { "license": { @@ -16711,30 +114775,30 @@ } } ], - "purl": "pkg:npm/%40types/mustache@4.2.5#types/mustache", + "purl": "pkg:npm/parent-module@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mustache", + "url": "git+https://github.com/sindresorhus/parent-module.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mustache", + "url": "https://github.com/sindresorhus/parent-module#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/sindresorhus/parent-module/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/mustache/-/mustache-4.2.5.tgz", + "url": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3cbc2256f4c1839f6d1852fff15a5c1afa8ebb72f83aebde36f3e2d0461b59c85174454ffbec9151724f165f82029284ab5df4d7bff835feda439953b4750db0" + "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16743,17 +114807,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/mustache" + "value": "node_modules/parent-module" } ] }, { "type": "library", - "name": "papaparse", - "group": "@types", - "version": "5.3.14", - "bom-ref": "@types/papaparse@5.3.14", - "description": "TypeScript definitions for papaparse", + "name": "resolve-from", + "version": "4.0.0", + "bom-ref": "resolve-from@4.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", "licenses": [ { "license": { @@ -16761,30 +114825,30 @@ } } ], - "purl": "pkg:npm/%40types/papaparse@5.3.14#types/papaparse", + "purl": "pkg:npm/resolve-from@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/papaparse", + "url": "git+https://github.com/sindresorhus/resolve-from.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/papaparse", + "url": "https://github.com/sindresorhus/resolve-from#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/sindresorhus/resolve-from/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/papaparse/-/papaparse-5.3.14.tgz", + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2f127888415ca6a73a3044f0a7d7fa055e9555ce379ba31f1f456a168b07beb5207d78857bac30ed1de2b64390f9308ae98f88bfff919e7bed4599e473929cf6" + "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16793,17 +114857,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/papaparse" + "value": "node_modules/resolve-from" } ] }, { "type": "library", - "name": "revalidator", - "group": "@types", - "version": "0.3.12", - "bom-ref": "@types/revalidator@0.3.12", - "description": "TypeScript definitions for revalidator", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", "licenses": [ { "license": { @@ -16811,30 +114875,30 @@ } } ], - "purl": "pkg:npm/%40types/revalidator@0.3.12#types/revalidator", + "purl": "pkg:npm/ci-info@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/revalidator", + "url": "git+https://github.com/watson/ci-info.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/revalidator", + "url": "https://github.com/watson/ci-info", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/watson/ci-info/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/revalidator/-/revalidator-0.3.12.tgz", + "url": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0ec0368c77f3ef725a211395a0c0ddff1ee75565c19847434a85c1e324250f3bff342064158d9f30793213a0c6aefa282c30057b9408ea5f56ab44e0768a4cb6" + "content": "4dd1ea8067fda1d77c49736ec6d501571f0dbfea9939e8c4eaacaa8b2e4db5b61840e7856bace61e4c653f399a2f15961ec53a9c9981ec01137553e2fb634152" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16843,17 +114907,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/revalidator" + "value": "node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "triple-beam", - "group": "@types", - "version": "1.3.5", - "bom-ref": "@types/triple-beam@1.3.5", - "description": "TypeScript definitions for triple-beam", + "name": "core-js-compat", + "version": "3.37.0", + "bom-ref": "core-js-compat@3.37.0", + "author": "Denis Pushkarev", + "description": "core-js compat", "licenses": [ { "license": { @@ -16861,30 +114929,30 @@ } } ], - "purl": "pkg:npm/%40types/triple-beam@1.3.5#types/triple-beam", + "purl": "pkg:npm/core-js-compat@3.37.0#packages/core-js-compat", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/triple-beam", + "url": "git+https://github.com/zloirock/core-js.git#packages/core-js-compat", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/triple-beam", + "url": "https://github.com/zloirock/core-js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/zloirock/core-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", + "url": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e966987ac4e144c0a5d7d8abc8c60feffc76395802b5b2157e50c61695a76fd8ab5c8dd48d8138033998ba250a635009b2d1a28e863e32052cccc811c4861363" + "content": "bd8ab82fe4fc692e54b858385300e173b60d45655e559c25b5a77d0bf8d5dd1d8b8153a94bd043afb97f58be8137475b5779355de8cf4c7aaa133260b1ad1fac" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16893,17 +114961,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/triple-beam" + "value": "node_modules/core-js-compat" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "validator", - "group": "@types", - "version": "13.12.0", - "bom-ref": "@types/validator@13.12.0", - "description": "TypeScript definitions for validator", + "name": "browserslist", + "version": "4.23.0", + "bom-ref": "browserslist@4.23.0", + "author": "Andrey Sitnik", + "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset", "licenses": [ { "license": { @@ -16911,30 +114983,30 @@ } } ], - "purl": "pkg:npm/%40types/validator@13.12.0#types/validator", + "purl": "pkg:npm/browserslist@4.23.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/validator", + "url": "git+https://github.com/browserslist/browserslist.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/validator", + "url": "https://github.com/browserslist/browserslist#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/browserslist/browserslist/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "url": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9c7e392e4ee83c8275455385e8980523a0f2d10a47133ab841e71986f82ec583c3c13f1cf77a6b08ca80b6222db66dfdbe867e0c347eaa436732926630146a6a" + "content": "416f0788cd6c8614f61aece4be495f8dc2838961571ce78508803f86e24fc07b2c97073276093b5fecf6cd7a448a33fdf14098ec76ee6d9b79276660bdfd0269" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16943,48 +115015,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/validator" + "value": "node_modules/browserslist" } ] }, { "type": "library", - "name": "xml2js", - "group": "@types", - "version": "0.4.14", - "bom-ref": "@types/xml2js@0.4.14", - "description": "TypeScript definitions for xml2js", + "name": "caniuse-lite", + "version": "1.0.30001612", + "bom-ref": "caniuse-lite@1.0.30001612", + "author": "Ben Briggs", + "description": "A smaller version of caniuse-db, with only the essentials!", "licenses": [ { "license": { - "id": "MIT" + "id": "CC-BY-4.0" } } ], - "purl": "pkg:npm/%40types/xml2js@0.4.14#types/xml2js", + "purl": "pkg:npm/caniuse-lite@1.0.30001612", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/xml2js", + "url": "git+https://github.com/browserslist/caniuse-lite.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/xml2js", + "url": "https://github.com/browserslist/caniuse-lite#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/browserslist/caniuse-lite/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/xml2js/-/xml2js-0.4.14.tgz", + "url": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001612.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e189eb45e9814a15913b6423bd48a7f04480e35ac7fbd9d018b506655ff5203862dd22fd3a1769342fccaee9535aea6d5cac21c7f683c44eeda15d1fff2a485d" + "content": "945827674ed485a09cb12660596d0ae63e1eebd74ad6efe5b6b2fd95352214ec0d1ecd764b750c204620055d19e82ea14437afee2467333cd898a69b61d5c5f6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -16993,48 +115065,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/xml2js" + "value": "node_modules/caniuse-lite" } ] }, { "type": "library", - "name": "axios", - "version": "1.7.2", - "bom-ref": "axios@1.7.2", - "author": "Matt Zabriskie", - "description": "Promise based HTTP client for the browser and node.js", + "name": "electron-to-chromium", + "version": "1.4.747", + "bom-ref": "electron-to-chromium@1.4.747", + "author": "Kilian Valkhof", + "description": "Provides a list of electron-to-chromium version mappings", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/axios@1.7.2", + "purl": "pkg:npm/electron-to-chromium@1.4.747", "externalReferences": [ { - "url": "git+https://github.com/axios/axios.git", + "url": "git+https://github.com/kilian/electron-to-chromium.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://axios-http.com", + "url": "https://github.com/kilian/electron-to-chromium#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/axios/axios/issues", + "url": "https://github.com/kilian/electron-to-chromium/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/axios/-/axios-1.7.2.tgz", + "url": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.747.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d80f1084e32b6e89a50ee88b78af5789b201cee1de45caaa34e1e9d02ca9e44a09d4814387e5d91f703a0645edbf42b880518223463804cec1d703848b446683" + "content": "f859d2599200bc51dbb0d566531844a9689a3a23cc71fba6d464339560a0ff02e2815b6c84eb235c7c8415f9ade9c14aebe1e44b740e241bfaff738fba66c17f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17043,17 +115115,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/axios" + "value": "node_modules/electron-to-chromium" } ] }, { "type": "library", - "name": "compare-versions", - "version": "6.1.0", - "bom-ref": "compare-versions@6.1.0", - "author": "Ole Michelsen", - "description": "Compare semver version strings to find greater, equal or lesser.", + "name": "node-releases", + "version": "2.0.14", + "bom-ref": "node-releases@2.0.14", + "author": "Sergey Rubanov", + "description": "Node.js releases data", "licenses": [ { "license": { @@ -17061,30 +115133,30 @@ } } ], - "purl": "pkg:npm/compare-versions@6.1.0", + "purl": "pkg:npm/node-releases@2.0.14", "externalReferences": [ { - "url": "git+https://github.com/omichelsen/compare-versions.git", + "url": "git+https://github.com/chicoxyzzy/node-releases.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/omichelsen/compare-versions#readme", + "url": "https://github.com/chicoxyzzy/node-releases#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/omichelsen/compare-versions/issues", + "url": "https://github.com/chicoxyzzy/node-releases/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz", + "url": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2cd6505e1a94bea513a2da59d34a8b49a89fcb76f85450f9f3c691afc30a170e02314afdf32b73096e700c7e6ac7f0c46399020d771b711b82a8bd2ccc47f6b6" + "content": "cb5d30396b7cc99a6a5e63a0468efb59a1c49a1610606340eb2e36d4f2ac2985842bc696f9ca80a616e8ad90e1a9fc8aadb64437dd823755f629b69f636b3b63" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17093,48 +115165,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/compare-versions" + "value": "node_modules/node-releases" } ] }, { "type": "library", - "name": "csv2json", - "version": "2.0.2", - "bom-ref": "csv2json@2.0.2", - "author": "Julien Fontanet", - "description": "Stream and CLI to convert CSV to JSON", + "name": "update-browserslist-db", + "version": "1.0.13", + "bom-ref": "update-browserslist-db@1.0.13", + "author": "Andrey Sitnik", + "description": "CLI tool to update caniuse-lite to refresh target browsers from Browserslist config", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/csv2json@2.0.2", + "purl": "pkg:npm/update-browserslist-db@1.0.13", "externalReferences": [ { - "url": "git+https://github.com/julien-f/csv2json.git", + "url": "git+https://github.com/browserslist/update-db.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/julien-f/csv2json", + "url": "https://github.com/browserslist/update-db#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/julien-f/csv2json/issues", + "url": "https://github.com/browserslist/update-db/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/csv2json/-/csv2json-2.0.2.tgz", + "url": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "61567bd8e7a14acf7e8f694c135d28b2624d1de23475c1e55fea8dabcc5c4744fe46df1668e09c84a884545dc6b0ae0e7f7cff2c4eb8c746dad5ca542e601c97" + "content": "c5e6cff3548d70fb8da4f3f7bb3796d4d617c48debc72273177a43eac1f88c4ee8fc85fe5ad4a9c27554faa22c0cfca4d1dde198543b9a3a9ce80b55eb4e216e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17143,17 +115215,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/csv2json" + "value": "node_modules/update-browserslist-db" } ] }, { "type": "library", - "name": "csv-parser", - "version": "2.3.5", - "bom-ref": "csv-parser@2.3.5", - "author": "mafintosh", - "description": "Streaming CSV parser that aims for maximum speed as well as compatibility with the csv-spectrum test suite", + "name": "escalade", + "version": "3.1.2", + "bom-ref": "escalade@3.1.2", + "author": "Luke Edwards", + "description": "A tiny (183B to 210B) and fast utility to ascend parent directories", "licenses": [ { "license": { @@ -17161,30 +115233,30 @@ } } ], - "purl": "pkg:npm/csv-parser@2.3.5", + "purl": "pkg:npm/escalade@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/mafintosh/csv-parser.git", + "url": "git+https://github.com/lukeed/escalade.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mafintosh/csv-parser", + "url": "https://github.com/lukeed/escalade#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mafintosh/csv-parser/issues", + "url": "https://github.com/lukeed/escalade/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/csv-parser/-/csv-parser-2.3.5.tgz", + "url": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2c21e8942e0094dc0bfb912e0f92c7d9554d2a90fc422c595b6cf32b55e6ad56146ac945638739068a0444738222e6c6f62bff0c0c858ece31d07bd6359bb25a" + "content": "12b08730269ed7dbd1f2f4067b9d3122c5689b2d7dae0ea016edfeaf78e410ee3ab2e2cc58192cbd5ca81a0415fa339f97ce1948e4a59afe86c5af3d3e64c698" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17193,48 +115265,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/csv-parser" + "value": "node_modules/escalade" } ] }, { "type": "library", - "name": "minimist", - "version": "1.2.8", - "bom-ref": "minimist@1.2.8", - "author": "James Halliday", - "description": "parse argument options", + "name": "estraverse", + "version": "5.3.0", + "bom-ref": "estraverse@5.3.0", + "description": "ECMAScript JS AST traversal functions", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/minimist@1.2.8", + "purl": "pkg:npm/estraverse@5.3.0", "externalReferences": [ { - "url": "git://github.com/minimistjs/minimist.git", + "url": "git+ssh://git@github.com/estools/estraverse.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/minimistjs/minimist", + "url": "https://github.com/estools/estraverse", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/minimistjs/minimist/issues", + "url": "https://github.com/estools/estraverse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "url": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + "content": "30c74046e54443388d4de243f0380caa6870475d41450fdc04ffa92ed61d4939dfdcc20ef1f15e8883446d7dfa65d3657d4ffb03d7f7814c38f41de842cbf004" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17243,17 +115314,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/minimist" + "value": "node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "through2", - "version": "3.0.2", - "bom-ref": "through2@3.0.2", - "author": "Rod Vagg", - "description": "A tiny wrapper around Node.js streams.Transform (Streams2/3) to avoid explicit subclassing noise", + "name": "builtin-modules", + "version": "3.3.0", + "bom-ref": "builtin-modules@3.3.0", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", "licenses": [ { "license": { @@ -17261,30 +115336,30 @@ } } ], - "purl": "pkg:npm/through2@3.0.2", + "purl": "pkg:npm/builtin-modules@3.3.0", "externalReferences": [ { - "url": "git+https://github.com/rvagg/through2.git", + "url": "git+https://github.com/sindresorhus/builtin-modules.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/rvagg/through2#readme", + "url": "https://github.com/sindresorhus/builtin-modules#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/rvagg/through2/issues", + "url": "https://github.com/sindresorhus/builtin-modules/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/through2/-/through2-3.0.2.tgz", + "url": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7a7683438314c8fd96e99c93e84b0ccea04f65a33f6af83c8aea3e976777402b3427ee916aa90757fdbf94ec034ee7811de27fd8b1bd96b2d6ddde6b58fb9cb9" + "content": "ce16820e271d2ee58de546cde4832716a34c84d7e8f75f6c1fce72dbf79afb9620f53b1391e671a4bf892dba7a7206054b8b112e9dd85784bac83baa5561d83b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17293,17 +115368,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/through2" + "value": "node_modules/builtin-modules" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "exec-promise", - "version": "0.7.0", - "bom-ref": "exec-promise@0.7.0", - "author": "Julien Fontanet", - "description": "Testable CLIs with promises", + "name": "jsesc", + "version": "3.0.2", + "bom-ref": "jsesc@3.0.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", "licenses": [ { "license": { @@ -17311,30 +115390,30 @@ } } ], - "purl": "pkg:npm/exec-promise@0.7.0", + "purl": "pkg:npm/jsesc@3.0.2", "externalReferences": [ { - "url": "git+https://github.com/JsCommunity/exec-promise.git", + "url": "git+https://github.com/mathiasbynens/jsesc.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/JsCommunity/exec-promise", + "url": "https://mths.be/jsesc", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/JsCommunity/exec-promise/issues", + "url": "https://github.com/mathiasbynens/jsesc/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/exec-promise/-/exec-promise-0.7.0.tgz", + "url": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c6b817e065a23cdb0f42b28227c5f754e6ec89d6afe89ad61853209a95362bd4d202ee90f3d27ec98ea4a7fa2d85845727852199e3bc8c18f8e99411af9e1780" + "content": "c4aab3cd65c3b6d26e39c6b006de0a9ca1c721fe6843f0b16b1fb43d6146f83143807340762f935c40800c8f91622154326c7cefddb1b0c6db8178f80b09cfe2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17343,17 +115422,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/exec-promise" + "value": "node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "log-symbols", - "version": "1.0.2", - "bom-ref": "log-symbols@1.0.2", + "name": "p-try", + "version": "2.2.0", + "bom-ref": "p-try@2.2.0", "author": "Sindre Sorhus", - "description": "Colored symbols for various log levels. Example: ✔︎ success", + "description": "`Start a promise chain", "licenses": [ { "license": { @@ -17361,30 +115444,30 @@ } } ], - "purl": "pkg:npm/log-symbols@1.0.2", + "purl": "pkg:npm/p-try@2.2.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/log-symbols.git", + "url": "git+https://github.com/sindresorhus/p-try.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/log-symbols#readme", + "url": "https://github.com/sindresorhus/p-try#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/log-symbols/issues", + "url": "https://github.com/sindresorhus/p-try/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz", + "url": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9a63eb5b4161d9fc4ecdd05b16fe20d66ea947bda16852cf2761b94891042dfd72fa2690ac31ba71608f8f2e7844761b640b7b5fe96cebdd0ac3ad807565c1cd" + "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17393,318 +115476,67 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols" + "value": "node_modules/p-try" } - ], - "components": [ - { - "type": "library", - "name": "chalk", - "version": "1.1.3", - "bom-ref": "log-symbols@1.0.2|chalk@1.1.3", - "description": "Terminal string styling done right. Much color.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/chalk@1.1.3", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/chalk.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/chalk#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/chalk/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "53795154b31296c09f8ea60f6cbc95bf5d4cf423d6e08ef6f1de9308a300389b9e11e07dffca3e792b0c9f13c90fe43e2bdd3db1d11283b0beb489281faa27d4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols/node_modules/chalk" - } - ] - }, + ] + }, + { + "type": "library", + "name": "path-exists", + "version": "4.0.0", + "bom-ref": "path-exists@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path exists", + "licenses": [ { - "type": "library", - "name": "ansi-styles", - "version": "2.2.1", - "bom-ref": "log-symbols@1.0.2|ansi-styles@2.2.1", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-styles@2.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-styles.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-styles#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-styles/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "92609ebc582146258cec7079cd33d42e5e2bf5b5454968f3eb6321aa2cc3194aead8d5ae34c432bafe2d1c7a0a247b3af4cfcc17ae2511c1dd608a1cadd59060" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols/node_modules/ansi-styles" - } - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@4.0.0", + "externalReferences": [ { - "type": "library", - "name": "escape-string-regexp", - "version": "1.0.5", - "bom-ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/escape-string-regexp@1.0.5", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols/node_modules/escape-string-regexp" - } - ] + "url": "git+https://github.com/sindresorhus/path-exists.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "strip-ansi", - "version": "3.0.1", - "bom-ref": "log-symbols@1.0.2|strip-ansi@3.0.1", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/strip-ansi@3.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/strip-ansi.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/strip-ansi#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/strip-ansi/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "561ba64926c1a834cff29d992ca8f8d148c1095e3ebfc6d4484a546f82a34605a4f696ea185e111058fa2846a089d6f67ff33a0330b41261720cd19ac3d382ce" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols/node_modules/strip-ansi" - } - ] + "url": "https://github.com/sindresorhus/path-exists#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "ansi-regex", - "version": "2.1.1", - "bom-ref": "log-symbols@1.0.2|ansi-regex@2.1.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-regex@2.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols/node_modules/ansi-regex" - } - ] + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "supports-color", - "version": "2.0.0", - "bom-ref": "log-symbols@1.0.2|supports-color@2.0.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/supports-color@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "28a355b5dea909880f20a538729dbbdf71d6602a6995085d7592c152bc9a007a2eef6df1f854734390dff36e058fe232cae8904d1a2e6f84a72057c872ba7bd2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "6a4f50cb943b8d86f65b071ecb9169be0d8aa0073f64884b48b392066466ca03ec1b091556dd1f65ad2aaed333fa6ead2530077d943c167981e0c1b82d6cbbff" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols/node_modules/supports-color" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-exists" } ] }, { "type": "library", - "name": "has-ansi", - "version": "2.0.0", - "bom-ref": "has-ansi@2.0.0", + "name": "read-pkg", + "version": "5.2.0", + "bom-ref": "read-pkg@5.2.0", "author": "Sindre Sorhus", - "description": "Check if a string has ANSI escape codes", + "description": "Read a package.json file", "licenses": [ { "license": { @@ -17712,30 +115544,30 @@ } } ], - "purl": "pkg:npm/has-ansi@2.0.0", + "purl": "pkg:npm/read-pkg@5.2.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/has-ansi.git", + "url": "git+https://github.com/sindresorhus/read-pkg.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/has-ansi#readme", + "url": "https://github.com/sindresorhus/read-pkg#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/has-ansi/issues", + "url": "https://github.com/sindresorhus/read-pkg/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "url": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0bcbc127c0f0502c75f6f866eeeae14ee52caf8fc8c8fea5e15ccd403bfeaf21d039b5b74d34e9f7207af16a588117b66db686b99fec7bbe08a857959cc9cb66" + "content": "520ebd98d3a97ef28301cd90f034693238f376dae7bfd1dc48c5fee15b19c43d5a67a673ac813bae5cd706d593ca150b48c2a0d3be805ba591e626690f42623a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17744,100 +115576,106 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/has-ansi" + "value": "node_modules/read-pkg" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "group": "@types", + "version": "2.4.4", + "bom-ref": "@types/normalize-package-data@2.4.4", + "description": "TypeScript definitions for normalize-package-data", + "licenses": [ + { + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/%40types/normalize-package-data@2.4.4#types/normalize-package-data", + "externalReferences": [ { - "type": "library", - "name": "ansi-regex", - "version": "2.1.1", - "bom-ref": "has-ansi@2.0.0|ansi-regex@2.1.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-regex@2.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/normalize-package-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/normalize-package-data", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "dfb8be39a59387da9e2b82d21cfb32442ecd6a19c6a2d36e66f8cb4a070fcdb9691c1debac227100e808e6009d2a6edca289ec697d4e7f420b8937276636dfc4" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/has-ansi/node_modules/ansi-regex" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "promise-toolbox", - "version": "0.14.0", - "bom-ref": "promise-toolbox@0.14.0", - "author": "Julien Fontanet", - "description": "Essential utils for promises", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/promise-toolbox@0.14.0", + "purl": "pkg:npm/validate-npm-package-license@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/JsCommunity/promise-toolbox.git", + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/JsCommunity/promise-toolbox", + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/JsCommunity/promise-toolbox/issues", + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/promise-toolbox/-/promise-toolbox-0.14.0.tgz", + "url": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "555e655cae255da3c1f6804ee74a297b5a9dd0028df0dde72b5e2362f57dfea1667d95b63f1fdb2633d90678868d770825fe89e58fdca0d809b4f1c3ca2515fe" + "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17846,48 +115684,51 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/promise-toolbox" + "value": "node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "make-error", - "version": "1.3.6", - "bom-ref": "make-error@1.3.6", - "author": "Julien Fontanet", - "description": "Make your own error types!", + "name": "regjsparser", + "version": "0.10.0", + "bom-ref": "regjsparser@0.10.0", + "author": "'Julian Viereck'", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/make-error@1.3.6", + "purl": "pkg:npm/regjsparser@0.10.0", "externalReferences": [ { - "url": "git://github.com/JsCommunity/make-error.git", + "url": "git+ssh://git@github.com/jviereck/regjsparser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/JsCommunity/make-error", + "url": "https://github.com/jviereck/regjsparser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/JsCommunity/make-error/issues", + "url": "https://github.com/jviereck/regjsparser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "url": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b3c52194d7bbbcf2a8990842d6a15e94ca24aff49cdc080d6eca379fbe2654f0392d3670901f4d9577f85cf6a62f1244f21d2087bdeb33de31bf0453d825489f" + "content": "ab1fb1406655b32e79087d1ad61895c079aa8cbaf27e1ef04321791ced3b5c9f5fedd40c63f80f407865c83908cc9282fb1d9f502a42714383514505ae6ed21c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17896,17 +115737,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/make-error" + "value": "node_modules/regjsparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "pump", + "name": "strip-indent", "version": "3.0.0", - "bom-ref": "pump@3.0.0", - "author": "Mathias Buus Madsen", - "description": "pipe streams together and close all of them if one of them closes", + "bom-ref": "strip-indent@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip leading whitespace from each line in a string", "licenses": [ { "license": { @@ -17914,30 +115759,30 @@ } } ], - "purl": "pkg:npm/pump@3.0.0", + "purl": "pkg:npm/strip-indent@3.0.0", "externalReferences": [ { - "url": "git://github.com/mafintosh/pump.git", + "url": "git+https://github.com/sindresorhus/strip-indent.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mafintosh/pump#readme", + "url": "https://github.com/sindresorhus/strip-indent#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mafintosh/pump/issues", + "url": "https://github.com/sindresorhus/strip-indent/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", + "url": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2f0672fa9dd216cd4fcad77f8d872de30a6fe3d1e2602a9df5195ce5955d93457ef18cefea34790659374d198f2f57edebd4f13f420c64627e58f154d81161c3" + "content": "95a2536b725bf95429682e83b1e1e117b75756a1d37c93c24436846e277f76b3a1822b60624bbf95eb4c52a397168595d3320851b8e9747dadfad623e1b40c45" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17946,17 +115791,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pump" + "value": "node_modules/strip-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "end-of-stream", - "version": "1.4.4", - "bom-ref": "end-of-stream@1.4.4", - "author": "Mathias Buus", - "description": "Call a callback when a readable/writable/duplex stream has completed or failed.", + "name": "min-indent", + "version": "1.0.1", + "bom-ref": "min-indent@1.0.1", + "author": "James Kyle", + "description": "Get the shortest leading whitespace from lines in a string", "licenses": [ { "license": { @@ -17964,30 +115813,30 @@ } } ], - "purl": "pkg:npm/end-of-stream@1.4.4", + "purl": "pkg:npm/min-indent@1.0.1", "externalReferences": [ { - "url": "git://github.com/mafintosh/end-of-stream.git", + "url": "git+https://github.com/thejameskyle/min-indent.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mafintosh/end-of-stream", + "url": "https://github.com/thejameskyle/min-indent#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mafintosh/end-of-stream/issues", + "url": "https://github.com/thejameskyle/min-indent/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", + "url": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "faec358a720754f428695b87cd1c97776d6270cf9c9ede02cc3e6b5be342d708ce5124ceb3e4deec53afec084deef4bdc7fa08ca12cfe4f4751fea614001eee5" + "content": "23d8f0327d3b4b2fc8c0e8f7cd59158a4d894ef8296b29036448a02fa471e8df4b6cccb0c1448cb71113fbb955a032cb7773b7217c09c2fbae9ecf1407f1de02" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -17996,48 +115845,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/end-of-stream" + "value": "node_modules/min-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "once", - "version": "1.4.0", - "bom-ref": "once@1.4.0", - "author": "Isaac Z. Schlueter", - "description": "Run a function exactly one time", + "name": "js", + "group": "@eslint", + "version": "8.57.0", + "bom-ref": "@eslint/js@8.57.0", + "description": "ESLint JavaScript language implementation", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/once@1.4.0", + "purl": "pkg:npm/%40eslint/js@8.57.0#packages/js", "externalReferences": [ { - "url": "git://github.com/isaacs/once.git", + "url": "git+https://github.com/eslint/eslint.git#packages/js", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/isaacs/once#readme", + "url": "https://eslint.org", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/once/issues", + "url": "https://github.com/eslint/eslint/issues/", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "url": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "94d689808fb643951140191c7042874d038f697754c67659125413658d0c15402e684a9ed44f8dcaf81dcff688c8d8ba67d3333b976fd47f27e7cfc610ba77fb" + "content": "62cfb78364da5bb8000ce2733edf37489b420e13239dd703305550fd38fd880d417c9cc5283f660145d3dce7a7a6e3c76c8e8ffe6c840b1449ae87d4b03c7fe6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18046,48 +115899,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/once" + "value": "node_modules/@eslint/js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "pumpify", - "version": "2.0.1", - "bom-ref": "pumpify@2.0.1", - "author": "Mathias Buus", - "description": "Combine an array of streams into a single duplex stream using pump and duplexify", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.11.14", + "bom-ref": "@humanwhocodes/config-array@0.11.14", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/pumpify@2.0.1", + "purl": "pkg:npm/%40humanwhocodes/config-array@0.11.14", "externalReferences": [ { - "url": "git://github.com/mafintosh/pumpify.git", + "url": "git+https://github.com/humanwhocodes/config-array.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mafintosh/pumpify", + "url": "https://github.com/humanwhocodes/config-array#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mafintosh/pumpify/issues", + "url": "https://github.com/humanwhocodes/config-array/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pumpify/-/pumpify-2.0.1.tgz", + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9bb28e8deee3671ae6bad6a79644b575a8f5752eb3e8182c97339799c484a48942c4cdd5247ee51b940b79c93fea1805e85e1cac57f4d54b5098db097f079303" + "content": "dd3f0b90e9a0e39055e452026f5e5040cb325125ab43c0328157c2ed91b7db339a967aab8a59b4d7c6550b0d1e6a95eec7c16d037deaf0f4914acb6379ede34a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18096,48 +115954,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pumpify" + "value": "node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "duplexify", - "version": "4.1.3", - "bom-ref": "duplexify@4.1.3", - "author": "Mathias Buus", - "description": "Turn a writable and readable stream into a streams2 duplex stream with support for async initialization and streams1/streams2 input", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "2.0.3", + "bom-ref": "@humanwhocodes/object-schema@2.0.3", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/duplexify@4.1.3", + "purl": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", "externalReferences": [ { - "url": "git://github.com/mafintosh/duplexify.git", + "url": "git+https://github.com/humanwhocodes/object-schema.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mafintosh/duplexify", + "url": "https://github.com/humanwhocodes/object-schema#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mafintosh/duplexify/issues", + "url": "https://github.com/humanwhocodes/object-schema/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "337066061c09459b12c77f25672844e770ac75d83397947bc4624d93b09575d643e82726c0c087f09fbb029ac8ad0287ed3a272b16828dcbf6ed099ffac43ea0" + "content": "f77cd874c112fdcd43ebdc9988a0c18f4576e2fa8dcc1fe4a05dba28f69a8007dddcfff8814961dc3cace688002be1318bd432ce50fcc7fd3c66def020a70370" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18146,47 +116009,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/duplexify" + "value": "node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "inherits", - "version": "2.0.4", - "bom-ref": "inherits@2.0.4", - "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", + "name": "module-importer", + "group": "@humanwhocodes", + "version": "1.0.1", + "bom-ref": "@humanwhocodes/module-importer@1.0.1", + "author": "Nicholas C. Zaks", + "description": "Universal module importer for Node.js", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/inherits@2.0.4", + "purl": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", "externalReferences": [ { - "url": "git://github.com/isaacs/inherits.git", + "url": "git+https://github.com/humanwhocodes/module-importer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/inherits#readme", + "url": "https://github.com/humanwhocodes/module-importer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/inherits/issues", + "url": "https://github.com/humanwhocodes/module-importer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "url": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + "content": "6f1bde57857cbf961be277054d3deb3d281904ea429237cad32e28555549c08b8354144c0d7acfc9744bf7cf22e5aa7d9bd6e7c8412359f9b95a4066b5f7cb7c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18195,16 +116064,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/inherits" + "value": "node_modules/@humanwhocodes/module-importer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "readable-stream", - "version": "3.6.2", - "bom-ref": "readable-stream@3.6.2", - "description": "Streams3, a user-land copy of the stream library from Node.js", + "name": "fs.scandir", + "group": "@nodelib", + "version": "2.1.5", + "bom-ref": "@nodelib/fs.scandir@2.1.5", + "description": "List files and directories inside the specified directory", "licenses": [ { "license": { @@ -18212,30 +116086,30 @@ } } ], - "purl": "pkg:npm/readable-stream@3.6.2", + "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5#master", "externalReferences": [ { - "url": "git://github.com/nodejs/readable-stream.git", + "url": "git+https://github.com/nodelib/nodelib.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodejs/readable-stream#readme", + "url": "https://github.com/nodelib/nodelib/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodejs/readable-stream/issues", + "url": "https://github.com/nodelib/nodelib/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "url": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f6efec9e20ab6370f959db04447cc71381b66025eaa06e454c7522082e1221bafa5dc2d9058d39c9af442a361e93d3b9c4e0308c6abed497460404bb43d49ca0" + "content": "beadb806adf29b91c4426d8d282af7c970f08dceef4ec1138510e7929d832bda75baa2d1f831eeae6fcd393a34286ec760753b7a9a4a663dcccaa62e3017fada" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18244,17 +116118,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/readable-stream" + "value": "node_modules/@nodelib/fs.scandir" } ] }, { "type": "library", - "name": "stream-shift", - "version": "1.0.3", - "bom-ref": "stream-shift@1.0.3", - "author": "Mathias Buus", - "description": "Returns the next buffer/object in a stream's readable queue", + "name": "run-parallel", + "version": "1.2.0", + "bom-ref": "run-parallel@1.2.0", + "author": "Feross Aboukhadijeh", + "description": "Run an array of functions in parallel", "licenses": [ { "license": { @@ -18262,30 +116136,30 @@ } } ], - "purl": "pkg:npm/stream-shift@1.0.3", + "purl": "pkg:npm/run-parallel@1.2.0", "externalReferences": [ { - "url": "git+https://github.com/mafintosh/stream-shift.git", + "url": "git://github.com/feross/run-parallel.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mafintosh/stream-shift", + "url": "https://github.com/feross/run-parallel", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mafintosh/stream-shift/issues", + "url": "https://github.com/feross/run-parallel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "url": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "efa3914740ced68d6194ac136e2fc33371175867f764960ef1c5d7e512709ee9760c4836a32a19ca32cda1033c5acbd988528245f0b53b427b882be27b745999" + "content": "e65e15c9947ce8b67f943c594d1ea3a8bf00144d92d0814b30fdba01b8ec2d5003c4776107f734194b07fb2dfd51f0a2dddcf3f0e950b8f9a768938ca031d004" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18294,17 +116168,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/stream-shift" + "value": "node_modules/run-parallel" } ] }, { "type": "library", - "name": "strip-bom-stream", - "version": "4.0.0", - "bom-ref": "strip-bom-stream@4.0.0", - "author": "Sindre Sorhus", - "description": "Strip UTF-8 byte order mark (BOM) from a stream", + "name": "queue-microtask", + "version": "1.2.3", + "bom-ref": "queue-microtask@1.2.3", + "author": "Feross Aboukhadijeh", + "description": "fast, tiny `queueMicrotask` shim for modern engines", "licenses": [ { "license": { @@ -18312,30 +116186,30 @@ } } ], - "purl": "pkg:npm/strip-bom-stream@4.0.0", + "purl": "pkg:npm/queue-microtask@1.2.3", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/strip-bom-stream.git", + "url": "git://github.com/feross/queue-microtask.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/strip-bom-stream#readme", + "url": "https://github.com/feross/queue-microtask", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/strip-bom-stream/issues", + "url": "https://github.com/feross/queue-microtask/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strip-bom-stream/-/strip-bom-stream-4.0.0.tgz", + "url": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d00a4ade20241efe966e02c80b0fc9e278701de0d9b01c4822c383fa01e064808be92789d12f5ffd666a7a691af5c8e44f230de6078877a7bc5395861409f771" + "content": "36e68d49ae9f94a4f925a498433268934e09cd32f5080e9a1a1bf9adf2d6dcf82a03e3360a1a59427002f21f22e19164052f17e51aa40c11c0eebe217a3dcaf4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18344,48 +116218,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/strip-bom-stream" + "value": "node_modules/queue-microtask" } ] }, { "type": "library", - "name": "first-chunk-stream", - "version": "3.0.0", - "bom-ref": "first-chunk-stream@3.0.0", - "author": "Sindre Sorhus", - "description": "Transform the first chunk in a stream", + "name": "fastq", + "version": "1.17.1", + "bom-ref": "fastq@1.17.1", + "author": "Matteo Collina", + "description": "Fast, in memory work queue", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/first-chunk-stream@3.0.0", + "purl": "pkg:npm/fastq@1.17.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/first-chunk-stream.git", + "url": "git+https://github.com/mcollina/fastq.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/first-chunk-stream#readme", + "url": "https://github.com/mcollina/fastq#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/first-chunk-stream/issues", + "url": "https://github.com/mcollina/fastq/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-3.0.0.tgz", + "url": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2cd46f47886bfd2f1c5d7908639a538153fb2f7b6ae8b95859c83d9d606e5bba3534cc4a668ea83956bfe8621e90c188d08c3bb82f875a298c7bdbbf54078aab" + "content": "b11543de55952175a0e81cbaf1937bbe1a3d6b5a5070dfd604568002c0c31739498efa06c743fccfb575b7bda0ac525f261bb760f641baedb97fb29ac368cdd7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18394,17 +116268,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/first-chunk-stream" + "value": "node_modules/fastq" } ] }, { "type": "library", - "name": "strip-bom-buf", - "version": "2.0.0", - "bom-ref": "strip-bom-buf@2.0.0", - "author": "Sindre Sorhus", - "description": "Strip UTF-8 byte order mark (BOM) from a buffer", + "name": "reusify", + "version": "1.0.4", + "bom-ref": "reusify@1.0.4", + "author": "Matteo Collina", + "description": "Reuse objects and functions with style", "licenses": [ { "license": { @@ -18412,30 +116286,30 @@ } } ], - "purl": "pkg:npm/strip-bom-buf@2.0.0", + "purl": "pkg:npm/reusify@1.0.4", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/strip-bom-buf.git", + "url": "git+https://github.com/mcollina/reusify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/strip-bom-buf#readme", + "url": "https://github.com/mcollina/reusify#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/strip-bom-buf/issues", + "url": "https://github.com/mcollina/reusify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strip-bom-buf/-/strip-bom-buf-2.0.0.tgz", + "url": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "80b14d1ee71dea0cdbf2332c9794266774209d4266a7baa7e2e5121cdc045ee980a7b622ce8198c35f595157eeab868139052dca7da4f17fc2c33581ef75b695" + "content": "53d9c7f3c6b77dcfde902175974fd43f5228b22b888f24e1ee106f5d530762055c7c6bedf3ded782e8f650e2c3788e411b69bbfeec3268b553e9f6ed0b04f2cf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18444,48 +116318,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/strip-bom-buf" + "value": "node_modules/reusify" } ] }, { "type": "library", - "name": "is-utf8", - "version": "0.2.1", - "bom-ref": "is-utf8@0.2.1", - "author": "wayfind", - "description": "Detect if a buffer is utf8 encoded.", + "name": "structured-clone", + "group": "@ungap", + "version": "1.2.0", + "bom-ref": "@ungap/structured-clone@1.2.0", + "author": "Andrea Giammarchi", + "description": "A structuredClone polyfill", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/is-utf8@0.2.1", + "purl": "pkg:npm/%40ungap/structured-clone@1.2.0", "externalReferences": [ { - "url": "git+https://github.com/wayfind/is-utf8.git", + "url": "git+https://github.com/ungap/structured-clone.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/wayfind/is-utf8#readme", + "url": "https://github.com/ungap/structured-clone#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/wayfind/is-utf8/issues", + "url": "https://github.com/ungap/structured-clone/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", + "url": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "acc60f62f0b3b17cb022c95d80b692a0f970e4f7e807fb2cafb858e292df72876b03933f780af36b56bd5664e234804d323386af53b0f664f2536a3af54e94f5" + "content": "cee55d16b3098ae083414302cd0683e8a2f6f0c8e7aaa37c5e702a884abd3cd9bf8423d34867eb5c239fc23d68c382c56ffb4dca624fc2c35b55e3dcd7116aad" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18494,17 +116369,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-utf8" + "value": "node_modules/@ungap/structured-clone" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "fast-xml-parser", - "version": "4.4.0", - "bom-ref": "fast-xml-parser@4.4.0", - "author": "Amit Gupta", - "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", "licenses": [ { "license": { @@ -18512,30 +116391,30 @@ } } ], - "purl": "pkg:npm/fast-xml-parser@4.4.0", + "purl": "pkg:npm/path-key@3.1.1", "externalReferences": [ { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "url": "git+https://github.com/sindresorhus/path-key.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "url": "https://github.com/sindresorhus/path-key#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "url": "https://github.com/sindresorhus/path-key/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.0.tgz", + "url": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "90b6378c5970218c01343a237252ac3400b5dac7c3e8dc16ef8401d82a0d18fbed5718e58987a156e9c1dc7632362fa7e13b75740720c18be6285fd9d7c7e5aa" + "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18544,17 +116423,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fast-xml-parser" + "value": "node_modules/path-key" } ] }, { "type": "library", - "name": "html-entities", - "version": "2.5.2", - "bom-ref": "html-entities@2.5.2", - "author": "Marat Dulin", - "description": "Fastest HTML entities encode/decode library.", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", "licenses": [ { "license": { @@ -18562,30 +116441,30 @@ } } ], - "purl": "pkg:npm/html-entities@2.5.2", + "purl": "pkg:npm/shebang-command@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/mdevils/html-entities.git", + "url": "git+https://github.com/kevva/shebang-command.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mdevils/html-entities#readme", + "url": "https://github.com/kevva/shebang-command#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mdevils/html-entities/issues", + "url": "https://github.com/kevva/shebang-command/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/html-entities/-/html-entities-2.5.2.tgz", + "url": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2bffcf491310938159efc2b26aefa666eac79f7147d15c2bf87dfa784d2b3db798911462f58c5c7983e1b8deb45305a8af1c8a1e1aa800997638529ae0156d68" + "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18594,17 +116473,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/html-entities" + "value": "node_modules/shebang-command" } ] }, { "type": "library", - "name": "htmlparser2", - "version": "9.1.0", - "bom-ref": "htmlparser2@9.1.0", - "author": "Felix Boehm", - "description": "Fast & forgiving HTML/XML parser", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", "licenses": [ { "license": { @@ -18612,30 +116491,30 @@ } } ], - "purl": "pkg:npm/htmlparser2@9.1.0", + "purl": "pkg:npm/shebang-regex@3.0.0", "externalReferences": [ { - "url": "git://github.com/fb55/htmlparser2.git", + "url": "git+https://github.com/sindresorhus/shebang-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/fb55/htmlparser2#readme", + "url": "https://github.com/sindresorhus/shebang-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/fb55/htmlparser2/issues", + "url": "https://github.com/sindresorhus/shebang-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz", + "url": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e737e0ea61d4a1a7abffded3c671a9c666d1ef326d3f021814c67f1f9b9c4e53d984abedba6d39ca23cadcc81a8b76b40f2571bfba98aa8c1e6847769eb610cd" + "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18644,47 +116523,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/htmlparser2" + "value": "node_modules/shebang-regex" } ] }, { "type": "library", - "name": "inspecjs", - "version": "2.10.8", - "bom-ref": "inspecjs@2.10.8", - "description": "Schema definitions, classes on top, and utilities to deal with HDF files", + "name": "which", + "version": "2.0.2", + "bom-ref": "which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/inspecjs@2.10.8", + "purl": "pkg:npm/which@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/mitre/heimdall2.git", + "url": "git://github.com/isaacs/node-which.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mitre/heimdall2#readme", + "url": "https://github.com/isaacs/node-which#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mitre/heimdall2/issues", + "url": "https://github.com/isaacs/node-which/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/inspecjs/-/inspecjs-2.10.8.tgz", + "url": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7254873aba523f31f309f195a81cf5f5fa6162c37032af4b2383ed3d690a45521ee79e1bb2a255b7f49f665859d4be7919ac4ff7e3e49d8b026984338d276109" + "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18693,48 +116573,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/inspecjs" + "value": "node_modules/which" } ] }, { "type": "library", - "name": "lodash", - "version": "4.17.21", - "bom-ref": "lodash@4.17.21", - "author": "John-David Dalton", - "description": "Lodash modular utilities.", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/lodash@4.17.21", + "purl": "pkg:npm/isexe@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/lodash/lodash.git", + "url": "git+https://github.com/isaacs/isexe.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://lodash.com/", + "url": "https://github.com/isaacs/isexe#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lodash/lodash/issues", + "url": "https://github.com/isaacs/isexe/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "url": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bf690311ee7b95e713ba568322e3533f2dd1cb880b189e99d4edef13592b81764daec43e2c54c61d5c558dc5cfb35ecb85b65519e74026ff17675b6f8f916f4a" + "content": "447c4c2e9f659ca1c61d19e0f5016144231b600715a67ebdb2648672addfdfac638155564e18f8aaa2db4cb96aed2b23f01f9f210d44b8210623694ab3241e23" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18743,48 +116623,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lodash" + "value": "node_modules/isexe" } ] }, { "type": "library", - "name": "moment", - "version": "2.30.1", - "bom-ref": "moment@2.30.1", - "author": "Iskren Ivov Chernev", - "description": "Parse, validate, manipulate, and display dates", + "name": "eslint-scope", + "version": "7.2.2", + "bom-ref": "eslint-scope@7.2.2", + "description": "ECMAScript scope analyzer for ESLint", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/moment@2.30.1", + "purl": "pkg:npm/eslint-scope@7.2.2", "externalReferences": [ { - "url": "git+https://github.com/moment/moment.git", + "url": "git+https://github.com/eslint/eslint-scope.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://momentjs.com", + "url": "http://github.com/eslint/eslint-scope", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/moment/moment/issues", + "url": "https://github.com/eslint/eslint-scope/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz", + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b849ad3616c33ab58f152fa176314205fcbd7f6628cb3469c1c97e0eaa42ead697db5173b132d055b315fd6ecfccd497eb1fdb842d73037736510e4dcc7ea1a3" + "content": "74eb76d4eee54cc84333e5fd981e065fe0d9ad9b425093cbff095c4eac72af1e48bced0862d20b76dad0190a7ef27e52d20c1256639ff4d42b8cc3a07d066522" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18793,16 +116672,20 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/moment" + "value": "node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ms", - "version": "2.1.3", - "bom-ref": "ms@2.1.3", - "description": "Tiny millisecond conversion utility", + "name": "acorn", + "version": "8.11.3", + "bom-ref": "acorn@8.11.3", + "description": "ECMAScript parser", "licenses": [ { "license": { @@ -18810,30 +116693,30 @@ } } ], - "purl": "pkg:npm/ms@2.1.3", + "purl": "pkg:npm/acorn@8.11.3", "externalReferences": [ { - "url": "git+https://github.com/vercel/ms.git", + "url": "git+https://github.com/acornjs/acorn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/vercel/ms#readme", + "url": "https://github.com/acornjs/acorn", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/vercel/ms/issues", + "url": "https://github.com/acornjs/acorn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "url": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + "content": "63dad17c91b98dc28e13408b8ac61ba2352322b20413b00633303f4a6e01b2500d85b4be70332980175c3d3f75a09eceb89f61609071e7d4636e1c559eb17c5e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18842,17 +116725,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ms" + "value": "node_modules/acorn" } ] }, { "type": "library", - "name": "mustache", - "version": "4.2.0", - "bom-ref": "mustache@4.2.0", - "author": "mustache.js Authors", - "description": "Logic-less {{mustache}} templates with JavaScript", + "name": "flat-cache", + "version": "3.2.0", + "bom-ref": "flat-cache@3.2.0", + "author": "Jared Wray", + "description": "A stupidly simple key/value storage using files to persist some data", "licenses": [ { "license": { @@ -18860,30 +116743,30 @@ } } ], - "purl": "pkg:npm/mustache@4.2.0", + "purl": "pkg:npm/flat-cache@3.2.0", "externalReferences": [ { - "url": "git+https://github.com/janl/mustache.js.git", + "url": "git+https://github.com/jaredwray/flat-cache.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/janl/mustache.js", + "url": "https://github.com/jaredwray/flat-cache#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/janl/mustache.js/issues", + "url": "https://github.com/jaredwray/flat-cache/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz", + "url": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ef58a9a52cb0ab961beffb5563219b9018206d4f07deee51cf9e9f1fad2318582bf2e1f0c6cf9a48a7aa9a5b885733349b4901ef1423292eaa3df7746f6668a9" + "content": "09870435af85b5c50a2e6861ab272da5c96cabb405dfca4a8d91ec18d892405e6be05b6828359a6c50e5de1cda11032f4f52c7132b30e6dc202efa5861be2f6f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18892,48 +116775,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mustache" + "value": "node_modules/flat-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "papaparse", - "version": "5.4.1", - "bom-ref": "papaparse@5.4.1", - "author": "Matthew Holt", - "description": "Fast and powerful CSV parser for the browser that supports web workers and streaming large files. Converts CSV to JSON and JSON to CSV.", + "name": "flatted", + "version": "3.3.1", + "bom-ref": "flatted@3.3.1", + "author": "Andrea Giammarchi", + "description": "A super light and fast circular JSON parser.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/papaparse@5.4.1", + "purl": "pkg:npm/flatted@3.3.1", "externalReferences": [ { - "url": "git+https://github.com/mholt/PapaParse.git", + "url": "git+https://github.com/WebReflection/flatted.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://papaparse.com", + "url": "https://github.com/WebReflection/flatted#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mholt/PapaParse/issues", + "url": "https://github.com/WebReflection/flatted/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/papaparse/-/papaparse-5.4.1.tgz", + "url": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1e2a4cb2026466ef1baf6de95b5e6ebe8eac89beb09deff8c282d93e515fdeba43c8c7bdcb011752cb83efee8af4f464265553e758ffb023980ca1864b7649af" + "content": "5fc72a30b2e27bb2ac3540d277378df0560af6b12de03b7aeceb06fc33469d84d20c11b8b850091419d47a257ecc2540bf0172e7a22333db07e758d568484dc7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18942,48 +116829,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/papaparse" + "value": "node_modules/flatted" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "revalidator", - "version": "0.3.1", - "bom-ref": "revalidator@0.3.1", - "author": "Charlie Robbins", - "description": "A cross-browser / node.js validator powered by JSON Schema", + "name": "keyv", + "version": "4.5.4", + "bom-ref": "keyv@4.5.4", + "author": "Jared Wray", + "description": "Simple key-value storage with support for multiple backends", "licenses": [ { "license": { - "name": "Apache 2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/revalidator@0.3.1", + "purl": "pkg:npm/keyv@4.5.4", "externalReferences": [ { - "url": "git+ssh://git@github.com/flatiron/revalidator.git", + "url": "git+https://github.com/jaredwray/keyv.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/flatiron/revalidator#readme", + "url": "https://github.com/jaredwray/keyv", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/flatiron/revalidator/issues", + "url": "https://github.com/jaredwray/keyv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/revalidator/-/revalidator-0.3.1.tgz", + "url": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a2babe370f95e690e9430184b8dda7d40809fb403c5aa8451cab792a09317c0a3050a80ed42595df6211dd3341e20f7f157de026df6a0493bc0d8970a279c1d1" + "content": "a3154790747f1097f608d5e75b144b5ba9a0ec9c82094706d03b441a62f672d528d4f3538a7d4f52297eafffb8af93295600bf7e7d648ecc7b9a34ae8caa88a7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -18992,17 +116883,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/revalidator" + "value": "node_modules/keyv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "run-script-os", - "version": "1.1.6", - "bom-ref": "run-script-os@1.1.6", - "author": "Charlie Guse", - "description": "run-script-os is a tool that will let you use generic npm script commands that will pass through to os specific commands.", + "name": "json-buffer", + "version": "3.0.1", + "bom-ref": "json-buffer@3.0.1", + "author": "Dominic Tarr", + "description": "JSON parse & stringify that supports binary via bops & base64", "licenses": [ { "license": { @@ -19010,30 +116905,30 @@ } } ], - "purl": "pkg:npm/run-script-os@1.1.6", + "purl": "pkg:npm/json-buffer@3.0.1", "externalReferences": [ { - "url": "git+https://github.com/charlesguse/run-script-os.git", + "url": "git://github.com/dominictarr/json-buffer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/charlesguse/run-script-os#readme", + "url": "https://github.com/dominictarr/json-buffer", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/charlesguse/run-script-os/issues", + "url": "https://github.com/dominictarr/json-buffer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/run-script-os/-/run-script-os-1.1.6.tgz", + "url": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aa5e8fd8bce10534c37f32adb3e428e07f785542a9c4a0c5cfa431c7069464dd26c2f8bb2f7969388ec1a8f0aaee58038775cb974769797c1f715222b65ad8af" + "content": "e1b57905f4769aa7d04c99be579b4f3dd7fe669ba1888bd3b8007983c91cad7399a534ff430c15456072c17d68cebea512e3dd6c7c70689966f46ea6236b1f49" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19042,48 +116937,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/run-script-os" + "value": "node_modules/json-buffer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "semver", - "version": "7.6.2", - "bom-ref": "semver@7.6.2", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", + "name": "find-up", + "version": "5.0.0", + "bom-ref": "find-up@5.0.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/semver@7.6.2", + "purl": "pkg:npm/find-up@5.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/node-semver.git", + "url": "git+https://github.com/sindresorhus/find-up.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/node-semver#readme", + "url": "https://github.com/sindresorhus/find-up#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/node-semver/issues", + "url": "https://github.com/sindresorhus/find-up/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "url": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "14d0080560b1f6a7118681dc81c27482f53b48dd65614d995ee49f974e1b482e4ea6f0c71722428dd347a263d7c6342508153aed85bae0fcd8eff548107ec5db" + "content": "efcfcf5d3d7094b2c3813cc3b3bb23abd873cf4bd70fece7fbbc32a447b87d74310a6766a9f1ac10f4319a2092408dda8c557dd5b552b2f36dac94625ba9c69e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19092,16 +116991,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/semver" + "value": "node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "tailwindcss", - "version": "3.4.3", - "bom-ref": "tailwindcss@3.4.3", - "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "name": "locate-path", + "version": "6.0.0", + "bom-ref": "locate-path@6.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", "licenses": [ { "license": { @@ -19109,30 +117013,30 @@ } } ], - "purl": "pkg:npm/tailwindcss@3.4.3", + "purl": "pkg:npm/locate-path@6.0.0", "externalReferences": [ { - "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "url": "git+https://github.com/sindresorhus/locate-path.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://tailwindcss.com", + "url": "https://github.com/sindresorhus/locate-path#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "url": "https://github.com/sindresorhus/locate-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz", + "url": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "53bb31424fe7dfdec19b1e091db271fe248e3afe46f882377f59292e963641e52fe4370f75c4ec60b96eb197ead4db611d2d5cd5c668c859a691ec75af391ed0" + "content": "88f64ae9e6236f146edee078fd667712c10830914ca80a28a65dd1fb3baad148dc026fcc3ba282c1e0e03df3f77a54f3b6828fdcab67547c539f63470520d553" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19141,18 +117045,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tailwindcss" + "value": "node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "quick-lru", - "group": "@alloc", - "version": "5.2.0", - "bom-ref": "@alloc/quick-lru@5.2.0", + "name": "p-locate", + "version": "5.0.0", + "bom-ref": "p-locate@5.0.0", "author": "Sindre Sorhus", - "description": "Simple “Least Recently Used” (LRU) cache", + "description": "Get the first fulfilled promise that satisfies the provided testing function", "licenses": [ { "license": { @@ -19160,30 +117067,30 @@ } } ], - "purl": "pkg:npm/%40alloc/quick-lru@5.2.0", + "purl": "pkg:npm/p-locate@5.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/quick-lru.git", + "url": "git+https://github.com/sindresorhus/p-locate.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/quick-lru#readme", + "url": "https://github.com/sindresorhus/p-locate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/quick-lru/issues", + "url": "https://github.com/sindresorhus/p-locate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", + "url": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "52b700041fb86d4ac5001c1b96e4c8044ad7c2f6ec53f57b4d959f99b8097db930881bb3892f60c5d383532ba279c7dd190f398e094c5ba8ee4b7fb3e53b0a2f" + "content": "2da363b51594058fbecc1e6713f37071aa0cca548f93e4be647341d53cdd6cc24c9f2e9dca7a401aded7fed97f418ab74c8784ea7c47a696e8d8b1b29ab1b93f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19192,17 +117099,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@alloc/quick-lru" + "value": "node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "arg", - "version": "5.0.2", - "bom-ref": "arg@5.0.2", - "author": "Josh Junon", - "description": "Unopinionated, no-frills CLI argument parser", + "name": "is-extglob", + "version": "2.1.1", + "bom-ref": "is-extglob@2.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a string has an extglob.", "licenses": [ { "license": { @@ -19210,30 +117121,30 @@ } } ], - "purl": "pkg:npm/arg@5.0.2", + "purl": "pkg:npm/is-extglob@2.1.1", "externalReferences": [ { - "url": "git+https://github.com/vercel/arg.git", + "url": "git+https://github.com/jonschlinkert/is-extglob.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/vercel/arg#readme", + "url": "https://github.com/jonschlinkert/is-extglob", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/vercel/arg/issues", + "url": "https://github.com/jonschlinkert/is-extglob/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "url": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3d88f214e2ca43dcb9ec9bd0e902e8f1d02036ab3087c33544c25875076e4fac5b59280adfa3ff67fbfea7cf3ca4cebd8cc31f4bc5ddf05e88d6443f23d1d41a" + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19242,17 +117153,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/arg" + "value": "node_modules/is-extglob" } ] }, { "type": "library", - "name": "chokidar", - "version": "3.5.3", - "bom-ref": "chokidar@3.5.3", - "author": "Paul Miller", - "description": "Minimal and efficient cross-platform file watching library", + "name": "is-path-inside", + "version": "3.0.3", + "bom-ref": "is-path-inside@3.0.3", + "author": "Sindre Sorhus", + "description": "Check if a path is inside another path", "licenses": [ { "license": { @@ -19260,30 +117171,30 @@ } } ], - "purl": "pkg:npm/chokidar@3.5.3", + "purl": "pkg:npm/is-path-inside@3.0.3", "externalReferences": [ { - "url": "git+https://github.com/paulmillr/chokidar.git", + "url": "git+https://github.com/sindresorhus/is-path-inside.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/paulmillr/chokidar", + "url": "https://github.com/sindresorhus/is-path-inside#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/paulmillr/chokidar/issues", + "url": "https://github.com/sindresorhus/is-path-inside/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "url": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + "content": "15de200016fec9c18098aa2ef1e31fb42ba94a2af9951c6a7f8683fef774703daa7381cbd3b3a309eb8732bf11a380a831a782283074fc40813955a34f052f3d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19292,100 +117203,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/chokidar" - } - ], - "components": [ + "value": "node_modules/is-path-inside" + }, { - "type": "library", - "name": "glob-parent", - "version": "5.1.2", - "bom-ref": "chokidar@3.5.3|glob-parent@5.1.2", - "author": "Gulp Team", - "description": "Extract the non-magic parent path from a glob string.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/glob-parent@5.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/gulpjs/glob-parent.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/gulpjs/glob-parent#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/gulpjs/glob-parent/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/chokidar/node_modules/glob-parent" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "didyoumean", - "version": "1.2.2", - "bom-ref": "didyoumean@1.2.2", - "author": "Dave Porter", - "description": "Match human-quality input to potential matches by edit distance.", + "name": "prelude-ls", + "version": "1.2.1", + "bom-ref": "prelude-ls@1.2.1", + "author": "George Zahariev", + "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/didyoumean@1.2.2", + "purl": "pkg:npm/prelude-ls@1.2.1", "externalReferences": [ { - "url": "git+https://github.com/dcporter/didyoumean.js.git", + "url": "git://github.com/gkz/prelude-ls.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/dcporter/didyoumean.js", + "url": "http://preludels.com", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dcporter/didyoumean.js/issues", + "url": "https://github.com/gkz/prelude-ls/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", + "url": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "831b727ea320ec62b285099bd39e8aeccdf1b33cbf9b21fcc3e078453f905c142cbc039d7375f29aa0c33c7c750603e0b1d000e522227e89daf3d62d4404c3cf" + "content": "be47033eb459a354192db9f944b18fa60fd698843ae6aa165a170629ffdbe5ea659246ab5f49bdcfca6909ab789a53aa52c5a9c8db9880edd5472ad81d2cd7e6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19394,17 +117257,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/didyoumean" + "value": "node_modules/prelude-ls" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "dlv", - "version": "1.1.3", - "bom-ref": "dlv@1.1.3", - "author": "Jason Miller", - "description": "Safely get a dot-notated property within an object.", + "name": "type-check", + "version": "0.4.0", + "bom-ref": "type-check@0.4.0", + "author": "George Zahariev", + "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", "licenses": [ { "license": { @@ -19412,30 +117279,30 @@ } } ], - "purl": "pkg:npm/dlv@1.1.3", + "purl": "pkg:npm/type-check@0.4.0", "externalReferences": [ { - "url": "git+https://github.com/developit/dlv.git", + "url": "git://github.com/gkz/type-check.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/developit/dlv#readme", + "url": "https://github.com/gkz/type-check", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/developit/dlv/issues", + "url": "https://github.com/gkz/type-check/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", + "url": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f87972b728e53ca9c81bc5ee446f16be604ff31b3c3fbd72f9228a4ba6575a81202ee78fc6d0e8504887ed691d78f5ab439241a44e9aa15a9f65f2544248d7c0" + "content": "5e5794a1cf6ec065ea8d6c176944d9026ccc705679f39f10036befc7552be7121c8b15c83fef0b9c50e0469954df4bacead7aa765b2415fbbe69ee0aefd3a87b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19444,17 +117311,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/dlv" + "value": "node_modules/type-check" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "fast-glob", - "version": "3.3.2", - "bom-ref": "fast-glob@3.3.2", - "author": "Denis Malinochkin", - "description": "It's a very fast and efficient glob library for Node.js", + "name": "word-wrap", + "group": "@aashutoshrathi", + "version": "1.2.6", + "bom-ref": "@aashutoshrathi/word-wrap@1.2.6", + "author": "Jon Schlinkert", + "description": "Wrap words to a specified length.", "licenses": [ { "license": { @@ -19462,30 +117334,30 @@ } } ], - "purl": "pkg:npm/fast-glob@3.3.2", + "purl": "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6", "externalReferences": [ { - "url": "git+https://github.com/mrmlnc/fast-glob.git", + "url": "git+https://github.com/aashutoshrathi/word-wrap.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mrmlnc/fast-glob#readme", + "url": "https://github.com/aashutoshrathi/word-wrap", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mrmlnc/fast-glob/issues", + "url": "https://github.com/aashutoshrathi/word-wrap/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "url": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a17dabb80150c1ffceae3f26ef7ed8e5a7710d03b42c007bfd2e4c9f109d4cd0dde29e81b32215b2ff4942c0136d34aaf0a1d1a4bc081db56550d6adc5dfb53b" + "content": "d588ecd92bccf137e5111fce0f770e8e15963996f9f00dadef0a44d92f577c161388897e5c58501b66e3cb83eed48f8402508d533443603745c056142af5dc20" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19494,69 +117366,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fast-glob" - } - ], - "components": [ + "value": "node_modules/@aashutoshrathi/word-wrap" + }, { - "type": "library", - "name": "glob-parent", - "version": "5.1.2", - "bom-ref": "fast-glob@3.3.2|glob-parent@5.1.2", - "author": "Gulp Team", - "description": "Extract the non-magic parent path from a glob string.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/glob-parent@5.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/gulpjs/glob-parent.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/gulpjs/glob-parent#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/gulpjs/glob-parent/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/fast-glob/node_modules/glob-parent" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "fs.stat", - "group": "@nodelib", - "version": "2.0.5", - "bom-ref": "@nodelib/fs.stat@2.0.5", - "description": "Get the status of a file with some features", + "name": "deep-is", + "version": "0.1.4", + "bom-ref": "deep-is@0.1.4", + "author": "Thorsten Lorenz", + "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN", "licenses": [ { "license": { @@ -19564,30 +117388,30 @@ } } ], - "purl": "pkg:npm/%40nodelib/fs.stat@2.0.5#master", + "purl": "pkg:npm/deep-is@0.1.4", "externalReferences": [ { - "url": "git+https://github.com/nodelib/nodelib.git#master", + "url": "git+ssh://git@github.com/thlorenz/deep-is.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "url": "https://github.com/thlorenz/deep-is#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodelib/nodelib/issues", + "url": "https://github.com/thlorenz/deep-is/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "url": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "46484f3e9db3aea0c0400ff68cd867ced70f025bfae17761229edaef8e78039a2f23b06e93182decc5fbb9dc00bb7ce0d437293d4d2bcf7555d5279aaaf638f8" + "content": "a083f392c993838fccae289a6063bea245c34fbced9ffc37129b6fffe81221d31d2ac268d2ee027d834524fcbee1228cb82a86c36c319c0f9444c837b7c6bf6d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19596,17 +117420,20 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@nodelib/fs.stat" + "value": "node_modules/deep-is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "fs.walk", - "group": "@nodelib", - "version": "1.2.8", - "bom-ref": "@nodelib/fs.walk@1.2.8", - "description": "A library for efficiently walking a directory recursively", + "name": "accepts", + "version": "1.3.8", + "bom-ref": "accepts@1.3.8", + "description": "Higher-level content negotiation", "licenses": [ { "license": { @@ -19614,30 +117441,30 @@ } } ], - "purl": "pkg:npm/%40nodelib/fs.walk@1.2.8#master", + "purl": "pkg:npm/accepts@1.3.8", "externalReferences": [ { - "url": "git+https://github.com/nodelib/nodelib.git#master", + "url": "git+https://github.com/jshttp/accepts.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "url": "https://github.com/jshttp/accepts#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodelib/nodelib/issues", + "url": "https://github.com/jshttp/accepts/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "url": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a0607e53196059c810920c28f067041b07a6a1316ddc520ef5a6da6c199a1b05c8a01299f864f2d293f5f396de1a0ecb96287f3521d25765c0b35967ce7a1c4a" + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19646,17 +117473,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@nodelib/fs.walk" + "value": "node_modules/accepts" } ] }, { "type": "library", - "name": "is-glob", - "version": "4.0.3", - "bom-ref": "is-glob@4.0.3", - "author": "Jon Schlinkert", - "description": "Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.", + "name": "mime-types", + "version": "2.1.35", + "bom-ref": "mime-types@2.1.35", + "description": "The ultimate javascript content-type utility.", "licenses": [ { "license": { @@ -19664,30 +117490,30 @@ } } ], - "purl": "pkg:npm/is-glob@4.0.3", + "purl": "pkg:npm/mime-types@2.1.35", "externalReferences": [ { - "url": "git+https://github.com/micromatch/is-glob.git", + "url": "git+https://github.com/jshttp/mime-types.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/micromatch/is-glob", + "url": "https://github.com/jshttp/mime-types#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/micromatch/is-glob/issues", + "url": "https://github.com/jshttp/mime-types/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "url": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19696,16 +117522,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-glob" + "value": "node_modules/mime-types" } ] }, { "type": "library", - "name": "merge2", - "version": "1.4.1", - "bom-ref": "merge2@1.4.1", - "description": "Merge multiple streams into one stream in sequence or parallel.", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "negotiator@0.6.3", + "description": "HTTP content negotiation", "licenses": [ { "license": { @@ -19713,30 +117539,30 @@ } } ], - "purl": "pkg:npm/merge2@1.4.1", + "purl": "pkg:npm/negotiator@0.6.3", "externalReferences": [ { - "url": "git+ssh://git@github.com/teambition/merge2.git", + "url": "git+https://github.com/jshttp/negotiator.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/teambition/merge2", + "url": "https://github.com/jshttp/negotiator#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/teambition/merge2/issues", + "url": "https://github.com/jshttp/negotiator/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "url": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f2aed51203095b827cb5c7d53f2f20d3d35c43065d6f0144aa17bf5999282338e7ff74c60f0b4e098b571b10373bcb4fce97330820e0bfe3f63f9cb4d1924e3a" + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19745,17 +117571,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/merge2" + "value": "node_modules/negotiator" } ] }, { "type": "library", - "name": "micromatch", - "version": "4.0.5", - "bom-ref": "micromatch@4.0.5", - "author": "Jon Schlinkert", - "description": "Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.", + "name": "array-flatten", + "version": "1.1.1", + "bom-ref": "array-flatten@1.1.1", + "author": "Blake Embrey", + "description": "Flatten an array of nested arrays into a single flat array", "licenses": [ { "license": { @@ -19763,30 +117589,30 @@ } } ], - "purl": "pkg:npm/micromatch@4.0.5", + "purl": "pkg:npm/array-flatten@1.1.1", "externalReferences": [ { - "url": "git+https://github.com/micromatch/micromatch.git", + "url": "git://github.com/blakeembrey/array-flatten.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/micromatch/micromatch", + "url": "https://github.com/blakeembrey/array-flatten", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/micromatch/micromatch/issues", + "url": "https://github.com/blakeembrey/array-flatten/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "url": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0cccbe1117045b6abc6763e8f96357bb0ddce586944858c03b91ac26a7c497b523bed22e14a3ba66b2af708b5dcbdf1dc05236375b60df334874a6904fe68d74" + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19795,48 +117621,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/micromatch" + "value": "node_modules/array-flatten" } ] }, { "type": "library", - "name": "glob-parent", - "version": "6.0.2", - "bom-ref": "glob-parent@6.0.2", - "author": "Gulp Team", - "description": "Extract the non-magic parent path from a glob string.", + "name": "body-parser", + "version": "1.20.2", + "bom-ref": "body-parser@1.20.2", + "description": "Node.js body parsing middleware", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/glob-parent@6.0.2", + "purl": "pkg:npm/body-parser@1.20.2", "externalReferences": [ { - "url": "git+https://github.com/gulpjs/glob-parent.git", + "url": "git+https://github.com/expressjs/body-parser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/gulpjs/glob-parent#readme", + "url": "https://github.com/expressjs/body-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/gulpjs/glob-parent/issues", + "url": "https://github.com/expressjs/body-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "url": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5f1c08f043a1550816a7a8832feddbd2bf3a7f877a017eb3494e791df078c9d084b972d773915c61e3aefa79c67ed4b84c48eeff5d6bb782893d33206df9afe0" + "content": "9a5f6945e0aedcceb590696aa139b6ba64974e5453b864f1d1b7d88feb8850a298c9c1b936d49b79eb55ddf69253a47b6a338fc3483f2753ef2b8a8dcbbb396c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19845,16 +117670,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/glob-parent" + "value": "node_modules/body-parser" } ] }, { "type": "library", - "name": "jiti", - "version": "1.21.0", - "bom-ref": "jiti@1.21.0", - "description": "Runtime typescript and ESM support for Node.js", + "name": "bytes", + "version": "3.1.2", + "bom-ref": "bytes@3.1.2", + "author": "TJ Holowaychuk", + "description": "Utility to parse a string bytes to bytes and vice-versa", "licenses": [ { "license": { @@ -19862,30 +117688,30 @@ } } ], - "purl": "pkg:npm/jiti@1.21.0", + "purl": "pkg:npm/bytes@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/unjs/jiti.git", + "url": "git+https://github.com/visionmedia/bytes.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/unjs/jiti#readme", + "url": "https://github.com/visionmedia/bytes.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/unjs/jiti/issues", + "url": "https://github.com/visionmedia/bytes.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz", + "url": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "805a8021bb8acb2b28ff71b6aa188ed8e33ab2163a10f3ff474fa69036f2b29c4a6b387c0570c2e45885b148e573381d373fef7eb6b475adb2f9a1ebbac2c6fd" + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19894,17 +117720,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jiti" + "value": "node_modules/bytes" } ] }, { "type": "library", - "name": "lilconfig", - "version": "2.1.0", - "bom-ref": "lilconfig@2.1.0", - "author": "antonk52", - "description": "A zero-dependency alternative to cosmiconfig", + "name": "depd", + "version": "2.0.0", + "bom-ref": "depd@2.0.0", + "author": "Douglas Christopher Wilson", + "description": "Deprecate all the things", "licenses": [ { "license": { @@ -19912,30 +117738,30 @@ } } ], - "purl": "pkg:npm/lilconfig@2.1.0", + "purl": "pkg:npm/depd@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/antonk52/lilconfig.git", + "url": "git+https://github.com/dougwilson/nodejs-depd.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/antonk52/lilconfig#readme", + "url": "https://github.com/dougwilson/nodejs-depd#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/antonk52/lilconfig/issues", + "url": "https://github.com/dougwilson/nodejs-depd/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", + "url": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bad58eb7f187cee5319cb2b107a764f3546839ea0d78781bad78ae1a4e32c85e6a951cfe888556bb9e84d9fa861c5ad7cf440d5212c1ffc9caaaf447eba24a19" + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19944,17 +117770,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lilconfig" + "value": "node_modules/depd" } ] }, { "type": "library", - "name": "braces", - "version": "3.0.2", - "bom-ref": "braces@3.0.2", - "author": "Jon Schlinkert", - "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.", + "name": "destroy", + "version": "1.2.0", + "bom-ref": "destroy@1.2.0", + "author": "Jonathan Ong", + "description": "destroy a stream if possible", "licenses": [ { "license": { @@ -19962,30 +117788,30 @@ } } ], - "purl": "pkg:npm/braces@3.0.2", + "purl": "pkg:npm/destroy@1.2.0", "externalReferences": [ { - "url": "git+https://github.com/micromatch/braces.git", + "url": "git+https://github.com/stream-utils/destroy.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/micromatch/braces", + "url": "https://github.com/stream-utils/destroy#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/micromatch/braces/issues", + "url": "https://github.com/stream-utils/destroy/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "url": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -19994,17 +117820,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/braces" + "value": "node_modules/destroy" } ] }, { "type": "library", - "name": "picomatch", - "version": "2.3.1", - "bom-ref": "picomatch@2.3.1", - "author": "Jon Schlinkert", - "description": "Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.", + "name": "http-errors", + "version": "2.0.0", + "bom-ref": "http-errors@2.0.0", + "author": "Jonathan Ong", + "description": "Create HTTP error objects", "licenses": [ { "license": { @@ -20012,30 +117838,30 @@ } } ], - "purl": "pkg:npm/picomatch@2.3.1", + "purl": "pkg:npm/http-errors@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/micromatch/picomatch.git", + "url": "git+https://github.com/jshttp/http-errors.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/micromatch/picomatch", + "url": "https://github.com/jshttp/http-errors#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/micromatch/picomatch/issues", + "url": "https://github.com/jshttp/http-errors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "url": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20044,17 +117870,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/picomatch" + "value": "node_modules/http-errors" } ] }, { "type": "library", - "name": "normalize-path", - "version": "3.0.0", - "bom-ref": "normalize-path@3.0.0", - "author": "Jon Schlinkert", - "description": "Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.", + "name": "iconv-lite", + "version": "0.4.24", + "bom-ref": "iconv-lite@0.4.24", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", "licenses": [ { "license": { @@ -20062,30 +117888,30 @@ } } ], - "purl": "pkg:npm/normalize-path@3.0.0", + "purl": "pkg:npm/iconv-lite@0.4.24", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/normalize-path.git", + "url": "git://github.com/ashtuchkin/iconv-lite.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/normalize-path", + "url": "https://github.com/ashtuchkin/iconv-lite", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/normalize-path/issues", + "url": "https://github.com/ashtuchkin/iconv-lite/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "url": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20094,17 +117920,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/normalize-path" + "value": "node_modules/iconv-lite" } ] }, { "type": "library", - "name": "object-hash", - "version": "3.0.0", - "bom-ref": "object-hash@3.0.0", - "author": "Scott Puleo", - "description": "Generate hashes from javascript objects in node and the browser.", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", "licenses": [ { "license": { @@ -20112,30 +117938,30 @@ } } ], - "purl": "pkg:npm/object-hash@3.0.0", + "purl": "pkg:npm/safer-buffer@2.1.2", "externalReferences": [ { - "url": "git+https://github.com/puleos/object-hash.git", + "url": "git+https://github.com/ChALkeR/safer-buffer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/puleos/object-hash", + "url": "https://github.com/ChALkeR/safer-buffer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/puleos/object-hash/issues", + "url": "https://github.com/ChALkeR/safer-buffer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", + "url": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4529fd17af0f8c7f47aad96db129ea602d575e859ef418eee7edb5dd1f7c70d1adb5a83dabdc80393cdd6ecaaf21aeda366e567df059169598af6696ae495603" + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20144,48 +117970,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/object-hash" + "value": "node_modules/safer-buffer" } ] }, { "type": "library", - "name": "picocolors", - "version": "1.0.0", - "bom-ref": "picocolors@1.0.0", - "author": "Alexey Raspopov", - "description": "The tiniest and the fastest library for terminal output formatting with ANSI colors", + "name": "on-finished", + "version": "2.4.1", + "bom-ref": "on-finished@2.4.1", + "description": "Execute a callback when a request closes, finishes, or errors", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/picocolors@1.0.0", + "purl": "pkg:npm/on-finished@2.4.1", "externalReferences": [ { - "url": "git+https://github.com/alexeyraspopov/picocolors.git", + "url": "git+https://github.com/jshttp/on-finished.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/alexeyraspopov/picocolors#readme", + "url": "https://github.com/jshttp/on-finished#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/alexeyraspopov/picocolors/issues", + "url": "https://github.com/jshttp/on-finished/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "url": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d5fca0ae84cb947bbaeb38b6e95a130eff324609b415c71e72cb2da3e321b19d03fc3196dac9bc13c0235bb354e5555346de46c5b799e6a06e26bf87c8b6248d" + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20194,48 +118019,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/picocolors" + "value": "node_modules/on-finished" } ] }, { "type": "library", - "name": "postcss-import", - "version": "15.1.0", - "bom-ref": "postcss-import@15.1.0", - "author": "Maxime Thirouin", - "description": "PostCSS plugin to import CSS files", + "name": "qs", + "version": "6.11.0", + "bom-ref": "qs@6.11.0", + "description": "A querystring parser that supports nesting and arrays, with a depth limit", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/postcss-import@15.1.0", + "purl": "pkg:npm/qs@6.11.0", "externalReferences": [ { - "url": "git+https://github.com/postcss/postcss-import.git", + "url": "git+https://github.com/ljharb/qs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/postcss/postcss-import#readme", + "url": "https://github.com/ljharb/qs", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/postcss/postcss-import/issues", + "url": "https://github.com/ljharb/qs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", + "url": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "869afe274e41d855585005c778ad58c88dbaec9fdd0c384c53a07a722be6f21498d636099c15f1cca0ca0ecc33266b4b1ebcab8e19c38eaaa9ff8f6df0500b7b" + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20244,17 +118068,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/postcss-import" + "value": "node_modules/qs" } ] }, { "type": "library", - "name": "postcss-value-parser", - "version": "4.2.0", - "bom-ref": "postcss-value-parser@4.2.0", - "author": "Bogdan Chadkin", - "description": "Transforms css values and at-rule params into the tree", + "name": "raw-body", + "version": "2.5.2", + "bom-ref": "raw-body@2.5.2", + "author": "Jonathan Ong", + "description": "Get and validate the raw body of a readable stream.", "licenses": [ { "license": { @@ -20262,30 +118086,30 @@ } } ], - "purl": "pkg:npm/postcss-value-parser@4.2.0", + "purl": "pkg:npm/raw-body@2.5.2", "externalReferences": [ { - "url": "git+https://github.com/TrySound/postcss-value-parser.git", + "url": "git+https://github.com/stream-utils/raw-body.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/TrySound/postcss-value-parser", + "url": "https://github.com/stream-utils/raw-body#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/TrySound/postcss-value-parser/issues", + "url": "https://github.com/stream-utils/raw-body/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "url": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d4d342b3abaeadf9156de5c6e12f09153f6dd7d9b8e480a789ff3358b779a0f499e74427c0c7caf87de3bf8d3c7788f0ffb06db6fe5ac52e48887a0b69534779" + "content": "f331aaca97c4363088a868605d3a02f1a076afb62b057f804007c83ecfcc964f81b4f4f3b4ebd34b4d4d456ff7121eb427e6b8f25b7caac0b38ab43a9680957c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20294,17 +118118,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/postcss-value-parser" + "value": "node_modules/raw-body" } ] }, { "type": "library", - "name": "postcss", - "version": "8.4.38", - "bom-ref": "postcss@8.4.38", - "author": "Andrey Sitnik", - "description": "Tool for transforming styles with JS plugins", + "name": "unpipe", + "version": "1.0.0", + "bom-ref": "unpipe@1.0.0", + "author": "Douglas Christopher Wilson", + "description": "Unpipe a stream from all destinations", "licenses": [ { "license": { @@ -20312,30 +118136,30 @@ } } ], - "purl": "pkg:npm/postcss@8.4.38", + "purl": "pkg:npm/unpipe@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/postcss/postcss.git", + "url": "git+https://github.com/stream-utils/unpipe.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://postcss.org/", + "url": "https://github.com/stream-utils/unpipe#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/postcss/postcss/issues", + "url": "https://github.com/stream-utils/unpipe/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", + "url": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5a0969764d370527d7907a106b76ffa2e96ba2d024c2b94b0d148e6fd0f46cdf3a15d47213d969a52a77dda1cd3e005ad09282a01f9dac52d9910a1145869ee4" + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20344,17 +118168,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/postcss" + "value": "node_modules/unpipe" } ] }, { "type": "library", - "name": "read-cache", - "version": "1.0.0", - "bom-ref": "read-cache@1.0.0", - "author": "Bogdan Chadkin", - "description": "Reads and caches the entire contents of a file until it is modified", + "name": "type-is", + "version": "1.6.18", + "bom-ref": "type-is@1.6.18", + "description": "Infer the content-type of a request.", "licenses": [ { "license": { @@ -20362,30 +118185,30 @@ } } ], - "purl": "pkg:npm/read-cache@1.0.0", + "purl": "pkg:npm/type-is@1.6.18", "externalReferences": [ { - "url": "git+https://github.com/TrySound/read-cache.git", + "url": "git+https://github.com/jshttp/type-is.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/TrySound/read-cache#readme", + "url": "https://github.com/jshttp/type-is#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/TrySound/read-cache/issues", + "url": "https://github.com/jshttp/type-is/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", + "url": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3b076ffc5b7b2233a09bf8b4c6f3436752eb4403517dec386f6a6b1773963102f12dfbb76d2f055610acad208c2b8951e7a63dc9af804e1a13a43093c429a944" + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20394,17 +118217,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/read-cache" + "value": "node_modules/type-is" } ] }, { "type": "library", - "name": "pify", - "version": "2.3.0", - "bom-ref": "pify@2.3.0", - "author": "Sindre Sorhus", - "description": "Promisify a callback-style function", + "name": "content-disposition", + "version": "0.5.4", + "bom-ref": "content-disposition@0.5.4", + "author": "Douglas Christopher Wilson", + "description": "Create and parse Content-Disposition header", "licenses": [ { "license": { @@ -20412,30 +118235,30 @@ } } ], - "purl": "pkg:npm/pify@2.3.0", + "purl": "pkg:npm/content-disposition@0.5.4", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/pify.git", + "url": "git+https://github.com/jshttp/content-disposition.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/pify#readme", + "url": "https://github.com/jshttp/content-disposition#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/pify/issues", + "url": "https://github.com/jshttp/content-disposition/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "url": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b9d82c018f9f4e7befee423b69ac5bab058d6f4007881d2a04ef3d3d928f9284e618e81d6eb1c3283fb40765f8b937c9fc54f5474f6bf604ec8d48cd268b6ea2" + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20444,17 +118267,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pify" + "value": "node_modules/content-disposition" } ] }, { "type": "library", - "name": "resolve", - "version": "1.22.8", - "bom-ref": "resolve@1.22.8", - "author": "James Halliday", - "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously", + "name": "cookie-signature", + "version": "1.0.6", + "bom-ref": "cookie-signature@1.0.6", + "author": "TJ Holowaychuk", + "description": "Sign and unsign cookies", "licenses": [ { "license": { @@ -20462,30 +118285,30 @@ } } ], - "purl": "pkg:npm/resolve@1.22.8", + "purl": "pkg:npm/cookie-signature@1.0.6", "externalReferences": [ { - "url": "git://github.com/browserify/resolve.git", + "url": "git+https://github.com/visionmedia/node-cookie-signature.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/browserify/resolve#readme", + "url": "https://github.com/visionmedia/node-cookie-signature#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/browserify/resolve/issues", + "url": "https://github.com/visionmedia/node-cookie-signature/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "url": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a0a59e3c2c6aa5de8594bbc6575554d31edb90f9a608da25c738cc7f835cce80e741c216ac017e70fb599f98ba9fe45f0f677d8b4b73a4a9c6e98935ebcc88cb" + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20494,17 +118317,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/resolve" + "value": "node_modules/cookie-signature" } ] - }, - { - "type": "library", - "name": "postcss-js", - "version": "4.0.1", - "bom-ref": "postcss-js@4.0.1", - "author": "Andrey Sitnik", - "description": "PostCSS for CSS-in-JS and styles in JS objects", + }, + { + "type": "library", + "name": "cookie", + "version": "0.6.0", + "bom-ref": "cookie@0.6.0", + "author": "Roman Shtylman", + "description": "HTTP server cookie parsing and serialization", "licenses": [ { "license": { @@ -20512,30 +118335,30 @@ } } ], - "purl": "pkg:npm/postcss-js@4.0.1", + "purl": "pkg:npm/cookie@0.6.0", "externalReferences": [ { - "url": "git+https://github.com/postcss/postcss-js.git", + "url": "git+https://github.com/jshttp/cookie.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/postcss/postcss-js#readme", + "url": "https://github.com/jshttp/cookie#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/postcss/postcss-js/issues", + "url": "https://github.com/jshttp/cookie/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz", + "url": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7432c5f2910ed7dd6124cb651c53d16bcc6c8b31da33cd8c2df364507754b55115ded813a79a23fbca9b12a60ce7b48b7dcef82926f0fffe1278999ad8b45523" + "content": "53bd5cc936a6ba1d4244d09fa4663ab68dbc971bcdc0f1b81aecff1158e07f7266cefd2f943a756ad4fd792e5d0e33181ee7291db5a7b3a2f07f704acfab2f77" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20544,17 +118367,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/postcss-js" + "value": "node_modules/cookie" } ] }, { "type": "library", - "name": "camelcase-css", - "version": "2.0.1", - "bom-ref": "camelcase-css@2.0.1", - "author": "Steven Vachon", - "description": "Convert a kebab-cased CSS property into a camelCased DOM property.", + "name": "encodeurl", + "version": "1.0.2", + "bom-ref": "encodeurl@1.0.2", + "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", "licenses": [ { "license": { @@ -20562,30 +118384,30 @@ } } ], - "purl": "pkg:npm/camelcase-css@2.0.1", + "purl": "pkg:npm/encodeurl@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/stevenvachon/camelcase-css.git", + "url": "git+https://github.com/pillarjs/encodeurl.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/stevenvachon/camelcase-css#readme", + "url": "https://github.com/pillarjs/encodeurl#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/stevenvachon/camelcase-css/issues", + "url": "https://github.com/pillarjs/encodeurl/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", + "url": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "40e4af7af86c9628e0630471e91bfbcca74c17c95b466c7eb901b1dbebc373e288fde067b32f648ade5a8f6dc0806bb7a5ae2df408306e75d6a92fa2398fb668" + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20594,17 +118416,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/camelcase-css" + "value": "node_modules/encodeurl" } ] }, { "type": "library", - "name": "postcss-load-config", - "version": "4.0.2", - "bom-ref": "postcss-load-config@4.0.2", - "author": "Michael Ciniawky", - "description": "Autoload Config for PostCSS", + "name": "escape-html", + "version": "1.0.3", + "bom-ref": "escape-html@1.0.3", + "description": "Escape string for use in HTML", "licenses": [ { "license": { @@ -20612,30 +118433,30 @@ } } ], - "purl": "pkg:npm/postcss-load-config@4.0.2", + "purl": "pkg:npm/escape-html@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/postcss/postcss-load-config.git", + "url": "git+https://github.com/component/escape-html.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/postcss/postcss-load-config#readme", + "url": "https://github.com/component/escape-html#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/postcss/postcss-load-config/issues", + "url": "https://github.com/component/escape-html/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz", + "url": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6d2561c8918bd34c0c5683d4cc05409db1285b2a91c648efeb8b54978dbb48a9cfac436daba849c14a23ae8333d9507e43579d9a2e087eb00fa5a9a2e5556031" + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20644,69 +118465,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/postcss-load-config" - } - ], - "components": [ - { - "type": "library", - "name": "lilconfig", - "version": "3.1.1", - "bom-ref": "postcss-load-config@4.0.2|lilconfig@3.1.1", - "author": "antonk52", - "description": "A zero-dependency alternative to cosmiconfig", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/lilconfig@3.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/antonk52/lilconfig.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/antonk52/lilconfig#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/antonk52/lilconfig/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3b5f297fb9f2bc74dc92e9cf5825755d4357535a62bb4d72d9bec04c9d29a6452493ca1ca95581ad88c9042c070e30ff65671fcab0343f880a8735868b910835" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/postcss-load-config/node_modules/lilconfig" - } - ] + "value": "node_modules/escape-html" } ] }, { "type": "library", - "name": "ts-node", - "version": "10.9.2", - "bom-ref": "ts-node@10.9.2", - "author": "Blake Embrey", - "description": "TypeScript execution environment and REPL for node.js, with source map support", + "name": "etag", + "version": "1.8.1", + "bom-ref": "etag@1.8.1", + "description": "Create simple HTTP ETags", "licenses": [ { "license": { @@ -20714,30 +118482,30 @@ } } ], - "purl": "pkg:npm/ts-node@10.9.2", + "purl": "pkg:npm/etag@1.8.1", "externalReferences": [ { - "url": "git://github.com/TypeStrong/ts-node.git", + "url": "git+https://github.com/jshttp/etag.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typestrong.org/ts-node", + "url": "https://github.com/jshttp/etag#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/TypeStrong/ts-node/issues", + "url": "https://github.com/jshttp/etag/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "url": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7f4145a4875c1e09fccdc3d26dfd5d45ebf0b74e3b60c9da889337bb6c3645ec2b07e7e86ffcde3d972b3b24282cc30eeda04875d2dc40810ae5d62390b9c6ad" + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20746,100 +118514,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ts-node" - } - ], - "components": [ - { - "type": "library", - "name": "arg", - "version": "4.1.3", - "bom-ref": "ts-node@10.9.2|arg@4.1.3", - "author": "Josh Junon", - "description": "Another simple argument parser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/arg@4.1.3", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/arg.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/arg#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/arg/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e7c4bd403a86d17c76ed8c0f4adf5f2718af8d8978df6602c1f0cc7d9fbbd5102a52b65e7fb2eb2906772c72cec024b814b341a653f9df7671f3de5278e087bc" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ts-node/node_modules/arg" - } - ] + "value": "node_modules/etag" } ] }, { "type": "library", - "name": "yaml", - "version": "2.4.3", - "bom-ref": "yaml@2.4.3", - "author": "Eemeli Aro", - "description": "JavaScript parser and stringifier for YAML", + "name": "finalhandler", + "version": "1.2.0", + "bom-ref": "finalhandler@1.2.0", + "author": "Douglas Christopher Wilson", + "description": "Node.js final http responder", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/yaml@2.4.3", + "purl": "pkg:npm/finalhandler@1.2.0", "externalReferences": [ { - "url": "git+https://github.com/eemeli/yaml.git", + "url": "git+https://github.com/pillarjs/finalhandler.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://eemeli.org/yaml/", + "url": "https://github.com/pillarjs/finalhandler#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eemeli/yaml/issues", + "url": "https://github.com/pillarjs/finalhandler/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yaml/-/yaml-2.4.3.tgz", + "url": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b27b609b18fca3b0c4ee0fd08bad1caa92c10371c6dd24dc0c0d243be59f074e6310a85931b63bba6366dab06942fb26675ebf94f5c22465b6ebbd9d80e524ae" + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20848,17 +118564,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yaml" + "value": "node_modules/finalhandler" } ] }, { "type": "library", - "name": "postcss-nested", - "version": "6.0.1", - "bom-ref": "postcss-nested@6.0.1", - "author": "Andrey Sitnik", - "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "name": "parseurl", + "version": "1.3.3", + "bom-ref": "parseurl@1.3.3", + "description": "parse a url with memoization", "licenses": [ { "license": { @@ -20866,30 +118581,30 @@ } } ], - "purl": "pkg:npm/postcss-nested@6.0.1", + "purl": "pkg:npm/parseurl@1.3.3", "externalReferences": [ { - "url": "git+https://github.com/postcss/postcss-nested.git", + "url": "git+https://github.com/pillarjs/parseurl.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/postcss/postcss-nested#readme", + "url": "https://github.com/pillarjs/parseurl#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/postcss/postcss-nested/issues", + "url": "https://github.com/pillarjs/parseurl/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", + "url": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "984a78c4f322e5b49688c6ec8283df70fef896c58b1e441b65cdec63e8d661deb9094c17ad4693a747e63696b4d597044ca94881474537f3294b6c59b6a2fd75" + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20898,15 +118613,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/postcss-nested" + "value": "node_modules/parseurl" } ] }, { "type": "library", - "name": "postcss-selector-parser", - "version": "6.0.16", - "bom-ref": "postcss-selector-parser@6.0.16", + "name": "statuses", + "version": "2.0.1", + "bom-ref": "statuses@2.0.1", + "description": "HTTP status utility", "licenses": [ { "license": { @@ -20914,30 +118630,30 @@ } } ], - "purl": "pkg:npm/postcss-selector-parser@6.0.16", + "purl": "pkg:npm/statuses@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "url": "git+https://github.com/jshttp/statuses.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/postcss/postcss-selector-parser", + "url": "https://github.com/jshttp/statuses#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/postcss/postcss-selector-parser/issues", + "url": "https://github.com/jshttp/statuses/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.16.tgz", + "url": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "03445526b5fe21491565b5b70a5ae8456bab7ab70586279ebc7077f2caf6fa5f5e50294caa899edcb9849a7865372fb932bd8460de81d8a6b0f7061d77e5478b" + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20946,17 +118662,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/postcss-selector-parser" + "value": "node_modules/statuses" } ] }, { "type": "library", - "name": "cssesc", - "version": "3.0.0", - "bom-ref": "cssesc@3.0.0", - "author": "Mathias Bynens", - "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "name": "fresh", + "version": "0.5.2", + "bom-ref": "fresh@0.5.2", + "author": "TJ Holowaychuk", + "description": "HTTP response freshness testing", "licenses": [ { "license": { @@ -20964,30 +118680,30 @@ } } ], - "purl": "pkg:npm/cssesc@3.0.0", + "purl": "pkg:npm/fresh@0.5.2", "externalReferences": [ { - "url": "git+https://github.com/mathiasbynens/cssesc.git", + "url": "git+https://github.com/jshttp/fresh.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://mths.be/cssesc", + "url": "https://github.com/jshttp/fresh#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mathiasbynens/cssesc/issues", + "url": "https://github.com/jshttp/fresh/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "url": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fd36ff25c8cad75d67352706a1be4c36db27b4d3356823540e2a41fd39306458720ebac4e3b48ec7fd7cc05d9b6e381cdd9cc248a5b54f99ede446c5a00cff56" + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -20996,48 +118712,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cssesc" + "value": "node_modules/fresh" } ] }, { "type": "library", - "name": "util-deprecate", - "version": "1.0.2", - "bom-ref": "util-deprecate@1.0.2", - "author": "Nathan Rajlich", - "description": "The Node.js `util.deprecate()` function with browser support", + "name": "setprototypeof", + "version": "1.2.0", + "bom-ref": "setprototypeof@1.2.0", + "author": "Wes Todd", + "description": "A small polyfill for Object.setprototypeof", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/util-deprecate@1.0.2", + "purl": "pkg:npm/setprototypeof@1.2.0", "externalReferences": [ { - "url": "git://github.com/TooTallNate/util-deprecate.git", + "url": "git+https://github.com/wesleytodd/setprototypeof.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/TooTallNate/util-deprecate", + "url": "https://github.com/wesleytodd/setprototypeof", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/TooTallNate/util-deprecate/issues", + "url": "https://github.com/wesleytodd/setprototypeof/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "url": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21046,17 +118762,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/util-deprecate" + "value": "node_modules/setprototypeof" } ] }, { "type": "library", - "name": "nanoid", - "version": "3.3.7", - "bom-ref": "nanoid@3.3.7", - "author": "Andrey Sitnik", - "description": "A tiny (116 bytes), secure URL-friendly unique string ID generator", + "name": "toidentifier", + "version": "1.0.1", + "bom-ref": "toidentifier@1.0.1", + "author": "Douglas Christopher Wilson", + "description": "Convert a string of words to a JavaScript identifier", "licenses": [ { "license": { @@ -21064,30 +118780,30 @@ } } ], - "purl": "pkg:npm/nanoid@3.3.7", + "purl": "pkg:npm/toidentifier@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/ai/nanoid.git", + "url": "git+https://github.com/component/toidentifier.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ai/nanoid#readme", + "url": "https://github.com/component/toidentifier#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ai/nanoid/issues", + "url": "https://github.com/component/toidentifier/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "url": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "792469a6370f21ab5120c0b553a52780ff1715ccfc31058641db75313050ecd6809af5c37ef3716ef595df1db2e8274451c8824ac0c70d065b858681f10128da" + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21096,48 +118812,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/nanoid" + "value": "node_modules/toidentifier" } ] }, { "type": "library", - "name": "source-map-js", - "version": "1.2.0", - "bom-ref": "source-map-js@1.2.0", - "author": "Valentin 7rulnik Semirulnik", - "description": "Generates and consumes source maps", + "name": "merge-descriptors", + "version": "1.0.1", + "bom-ref": "merge-descriptors@1.0.1", + "author": "Jonathan Ong", + "description": "Merge objects using descriptors", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/source-map-js@1.2.0", + "purl": "pkg:npm/merge-descriptors@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/7rulnik/source-map-js.git", + "url": "git+https://github.com/component/merge-descriptors.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/7rulnik/source-map-js", + "url": "https://github.com/component/merge-descriptors#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/7rulnik/source-map-js/issues", + "url": "https://github.com/component/merge-descriptors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz", + "url": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8ad256f25bd20344d71298624686b0b0292c9e57fc4b2be617322196da801e5b9777cf2990277e7172551d30f0742af4233c29b529b4df9207424b54bb541432" + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21146,17 +118862,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/source-map-js" + "value": "node_modules/merge-descriptors" } ] }, { "type": "library", - "name": "is-core-module", - "version": "2.13.1", - "bom-ref": "is-core-module@2.13.1", - "author": "Jordan Harband", - "description": "Is this specifier a node.js core module?", + "name": "methods", + "version": "1.1.2", + "bom-ref": "methods@1.1.2", + "description": "HTTP methods that node supports", "licenses": [ { "license": { @@ -21164,30 +118879,30 @@ } } ], - "purl": "pkg:npm/is-core-module@2.13.1", + "purl": "pkg:npm/methods@1.1.2", "externalReferences": [ { - "url": "git+https://github.com/inspect-js/is-core-module.git", + "url": "git+https://github.com/jshttp/methods.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/inspect-js/is-core-module", + "url": "https://github.com/jshttp/methods#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/inspect-js/is-core-module/issues", + "url": "https://github.com/jshttp/methods/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "url": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "847ac88ef66c7ed3acbca4a7d9345897adf3bf1b201342bed2660ca07ea00f8a264792160762b29e2bc141cce8dfec05d5c0a48f3be9b6723d434b0f53aea297" + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21196,17 +118911,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-core-module" + "value": "node_modules/methods" } ] }, { "type": "library", - "name": "path-parse", - "version": "1.0.7", - "bom-ref": "path-parse@1.0.7", - "author": "Javier Blanco", - "description": "Node.js path.parse() ponyfill", + "name": "ee-first", + "version": "1.1.1", + "bom-ref": "ee-first@1.1.1", + "author": "Jonathan Ong", + "description": "return the first event in a set of ee/event pairs", "licenses": [ { "license": { @@ -21214,30 +118929,30 @@ } } ], - "purl": "pkg:npm/path-parse@1.0.7", + "purl": "pkg:npm/ee-first@1.1.1", "externalReferences": [ { - "url": "git+https://github.com/jbgutierrez/path-parse.git", + "url": "git+https://github.com/jonathanong/ee-first.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jbgutierrez/path-parse#readme", + "url": "https://github.com/jonathanong/ee-first#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jbgutierrez/path-parse/issues", + "url": "https://github.com/jonathanong/ee-first/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "url": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2c32733d510410f47ecb8f33f7703411dd325dbf29001c865a8fe4e5861d620a58dbfd84b0eb24b09aeaee5387c6bcab54e9f57a31baa00a7c6a1bce2100fcb3" + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21246,17 +118961,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/path-parse" + "value": "node_modules/ee-first" } ] }, { "type": "library", - "name": "supports-preserve-symlinks-flag", - "version": "1.0.0", - "bom-ref": "supports-preserve-symlinks-flag@1.0.0", - "author": "Jordan Harband", - "description": "Determine if the current node version supports the `--preserve-symlinks` flag.", + "name": "path-to-regexp", + "version": "0.1.7", + "bom-ref": "path-to-regexp@0.1.7", + "description": "Express style path to RegExp utility", "licenses": [ { "license": { @@ -21264,30 +118978,30 @@ } } ], - "purl": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "purl": "pkg:npm/path-to-regexp@0.1.7", "externalReferences": [ { - "url": "git+https://github.com/inspect-js/node-supports-preserve-symlinks-flag.git", + "url": "git+https://github.com/component/path-to-regexp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag#readme", + "url": "https://github.com/component/path-to-regexp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag/issues", + "url": "https://github.com/component/path-to-regexp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a2dd169d74bd7e076480871e3dee911cd935580f3e9ae3dae9c4a3791dd5f0adbbabd041d6b4c4dd1d69ec7bf4cf567201cf2ce95beff0323259febcd4c02dd3" + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21296,17 +119010,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/supports-preserve-symlinks-flag" + "value": "node_modules/path-to-regexp" } ] }, { "type": "library", - "name": "sucrase", - "version": "3.35.0", - "bom-ref": "sucrase@3.35.0", - "author": "Alan Pierce", - "description": "Super-fast alternative to Babel for when you can target modern JS runtimes", + "name": "proxy-addr", + "version": "2.0.7", + "bom-ref": "proxy-addr@2.0.7", + "author": "Douglas Christopher Wilson", + "description": "Determine address of proxied request", "licenses": [ { "license": { @@ -21314,30 +119028,30 @@ } } ], - "purl": "pkg:npm/sucrase@3.35.0", + "purl": "pkg:npm/proxy-addr@2.0.7", "externalReferences": [ { - "url": "git+https://github.com/alangpierce/sucrase.git", + "url": "git+https://github.com/jshttp/proxy-addr.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/alangpierce/sucrase#readme", + "url": "https://github.com/jshttp/proxy-addr#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/alangpierce/sucrase/issues", + "url": "https://github.com/jshttp/proxy-addr/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz", + "url": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f046d50e2bbd88dfe7112c31792c4329ed1dba7b5ad463a51ee7e64925f1303db3dbfb4c6690cca6f5d01ac73e6a31a8f32dae6149a2c5a49151cfd03e843418" + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21346,170 +119060,66 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sucrase" + "value": "node_modules/proxy-addr" } - ], - "components": [ + ] + }, + { + "type": "library", + "name": "forwarded", + "version": "0.2.0", + "bom-ref": "forwarded@0.2.0", + "description": "Parse HTTP X-Forwarded-For header", + "licenses": [ { - "type": "library", - "name": "commander", - "version": "4.1.1", - "bom-ref": "sucrase@3.35.0|commander@4.1.1", - "author": "TJ Holowaychuk", - "description": "the complete solution for node.js command-line programs", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/commander@4.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/tj/commander.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/tj/commander.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/tj/commander.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "34e2a6f31864cc08f3171f01dafe4e0074febb9a5141cd9409ad95abd8d82ffdf5a36c22f66c4103b2c816cdec5795520b8f73ea91217db3142ef4a12a3dba58" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/sucrase/node_modules/commander" - } - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "externalReferences": [ { - "type": "library", - "name": "glob", - "version": "10.3.12", - "bom-ref": "sucrase@3.35.0|glob@10.3.12", - "author": "Isaac Z. Schlueter", - "description": "the most correct and second fastest glob implementation in JavaScript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/glob@10.3.12", - "externalReferences": [ - { - "url": "git://github.com/isaacs/node-glob.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-glob#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-glob/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/sucrase/node_modules/glob" - } - ] + "url": "git+https://github.com/jshttp/forwarded.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "minipass", - "version": "7.0.4", - "bom-ref": "sucrase@3.35.0|minipass@7.0.4", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass@7.0.4", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/jshttp/forwarded#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/forwarded/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/sucrase/node_modules/minipass" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/forwarded" } ] }, { "type": "library", - "name": "gen-mapping", - "group": "@jridgewell", - "version": "0.3.5", - "bom-ref": "@jridgewell/gen-mapping@0.3.5", - "author": "Justin Ridgewell", - "description": "Generate source maps", + "name": "ipaddr.js", + "version": "1.9.1", + "bom-ref": "ipaddr.js@1.9.1", + "author": "whitequark", + "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", "licenses": [ { "license": { @@ -21517,30 +119127,30 @@ } } ], - "purl": "pkg:npm/%40jridgewell/gen-mapping@0.3.5", + "purl": "pkg:npm/ipaddr.js@1.9.1", "externalReferences": [ { - "url": "git+https://github.com/jridgewell/gen-mapping.git", + "url": "git://github.com/whitequark/ipaddr.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jridgewell/gen-mapping#readme", + "url": "https://github.com/whitequark/ipaddr.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jridgewell/gen-mapping/issues", + "url": "https://github.com/whitequark/ipaddr.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", + "url": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2332fc66810320145613394271184e682ba963237981d20af90e9f6c574f0e0e87a97ea3a6422d9fb0c52295bd2d0cd71ba0dff6c03bf8e2a7ab4aa5cff19a42" + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21549,18 +119159,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jridgewell/gen-mapping" + "value": "node_modules/ipaddr.js" } ] }, { "type": "library", - "name": "set-array", - "group": "@jridgewell", - "version": "1.2.1", - "bom-ref": "@jridgewell/set-array@1.2.1", - "author": "Justin Ridgewell", - "description": "Like a Set, but provides the index of the `key` in the backing array", + "name": "side-channel", + "version": "1.0.6", + "bom-ref": "side-channel@1.0.6", + "author": "Jordan Harband", + "description": "Store information about any JS value in a side channel. Uses WeakMap if available.", "licenses": [ { "license": { @@ -21568,30 +119177,30 @@ } } ], - "purl": "pkg:npm/%40jridgewell/set-array@1.2.1", + "purl": "pkg:npm/side-channel@1.0.6", "externalReferences": [ { - "url": "git+https://github.com/jridgewell/set-array.git", + "url": "git+https://github.com/ljharb/side-channel.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jridgewell/set-array#readme", + "url": "https://github.com/ljharb/side-channel#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jridgewell/set-array/issues", + "url": "https://github.com/ljharb/side-channel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", + "url": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "47c80b45365eca9d37ca6ccfffa2e297fdbcb46786133871d6ada4ef4dca19644023555dbcf217746ef4549736a40330dcd03a24a2f986116ed6c257d0c9e7fc" + "content": "7c35bf119e90f5188ef1e146f078feeeefe85be5eb3d320287008e336fad87603a39b943b58608a6f7bd9be2af23d6780bda9211795a191e9b4c460745eba094" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21600,18 +119209,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jridgewell/set-array" + "value": "node_modules/side-channel" } ] }, { "type": "library", - "name": "sourcemap-codec", - "group": "@jridgewell", - "version": "1.4.15", - "bom-ref": "@jridgewell/sourcemap-codec@1.4.15", - "author": "Rich Harris", - "description": "Encode/decode sourcemap mappings", + "name": "call-bind", + "version": "1.0.7", + "bom-ref": "call-bind@1.0.7", + "author": "Jordan Harband", + "description": "Robustly `.call.bind()` a function", "licenses": [ { "license": { @@ -21619,30 +119227,30 @@ } } ], - "purl": "pkg:npm/%40jridgewell/sourcemap-codec@1.4.15", + "purl": "pkg:npm/call-bind@1.0.7", "externalReferences": [ { - "url": "git+https://github.com/jridgewell/sourcemap-codec.git", + "url": "git+https://github.com/ljharb/call-bind.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jridgewell/sourcemap-codec#readme", + "url": "https://github.com/ljharb/call-bind#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jridgewell/sourcemap-codec/issues", + "url": "https://github.com/ljharb/call-bind/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "url": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "785dabc4246e9442971d34620eb0f2e9eacc616a8dc382cf750f14400e21baec5a42c55e44f165da833ca031b130584951665ff4c7292ed25ab030d96ff0697a" + "content": "1874d2352608090eec707eec67e336ac5a294682e1f2dd9b2d25ba05b82bb4bb1a84e201e62c805497fd1a358addc6130da323e17741a4cd5c03aa484b42afdb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21651,18 +119259,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jridgewell/sourcemap-codec" + "value": "node_modules/call-bind" } ] }, { "type": "library", - "name": "trace-mapping", - "group": "@jridgewell", - "version": "0.3.25", - "bom-ref": "@jridgewell/trace-mapping@0.3.25", - "author": "Justin Ridgewell", - "description": "Trace the original position through a source map", + "name": "es-define-property", + "version": "1.0.0", + "bom-ref": "es-define-property@1.0.0", + "author": "Jordan Harband", + "description": "`Object.defineProperty`, but not IE 8's broken one.", "licenses": [ { "license": { @@ -21670,30 +119277,30 @@ } } ], - "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.25", + "purl": "pkg:npm/es-define-property@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/jridgewell/trace-mapping.git", + "url": "git+https://github.com/ljharb/es-define-property.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jridgewell/trace-mapping#readme", + "url": "https://github.com/ljharb/es-define-property#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jridgewell/trace-mapping/issues", + "url": "https://github.com/ljharb/es-define-property/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", + "url": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bcd93a684c326c6b5ac169b2fcfcf09c60ce8c290b5920f6c2abe3186020380c02196c926177d8a31b74d082644c5fbc2dbe7b0f039bdc06b4a3d080a5ea6261" + "content": "8f16b22ca4a1ac4aaacc9d1eba641b5614d840cdbb09f4f54f7e7e8028031682fcd892ec5ea4c9efacefe80d182ce8049cb50cbcbcec0ec188ae5f0d1694f681" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21702,48 +119309,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jridgewell/trace-mapping" + "value": "node_modules/es-define-property" } ] }, { "type": "library", - "name": "foreground-child", - "version": "3.1.1", - "bom-ref": "foreground-child@3.1.1", - "author": "Isaac Z. Schlueter", - "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "name": "get-intrinsic", + "version": "1.2.4", + "bom-ref": "get-intrinsic@1.2.4", + "author": "Jordan Harband", + "description": "Get and robustly cache all JS language-level intrinsics at first require time", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/foreground-child@3.1.1", + "purl": "pkg:npm/get-intrinsic@1.2.4", "externalReferences": [ { - "url": "git+https://github.com/tapjs/foreground-child.git", + "url": "git+https://github.com/ljharb/get-intrinsic.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tapjs/foreground-child#readme", + "url": "https://github.com/ljharb/get-intrinsic#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tapjs/foreground-child/issues", + "url": "https://github.com/ljharb/get-intrinsic/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "url": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4cc28352722d7ba6df6f99d6bfb57f71a235ebd38782fc236fb5785a4794bdb410763af9ad62aa1c588a59bfdf70ec01f82cc14fea9b5a3be3f8357046c92922" + "content": "e6e621b091fc549053bfba2c960e01ce7258843a1123ac1a602c4c9827674eb702ac703f7c214aa13173d8928a1341dd0c5505effa10ba1cee99724aee968145" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21752,69 +119359,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/foreground-child" - } - ], - "components": [ - { - "type": "library", - "name": "signal-exit", - "version": "4.1.0", - "bom-ref": "foreground-child@3.1.1|signal-exit@4.1.0", - "author": "Ben Coe", - "description": "when you want to fire an event no matter how a process exits.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/signal-exit@4.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/tapjs/signal-exit.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/tapjs/signal-exit#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/tapjs/signal-exit/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/foreground-child/node_modules/signal-exit" - } - ] + "value": "node_modules/get-intrinsic" } ] }, { "type": "library", - "name": "cross-spawn", - "version": "7.0.3", - "bom-ref": "cross-spawn@7.0.3", - "author": "André Cruz", - "description": "Cross platform child_process#spawn and child_process#spawnSync", + "name": "es-errors", + "version": "1.3.0", + "bom-ref": "es-errors@1.3.0", + "author": "Jordan Harband", + "description": "A simple cache for a few of the JS Error constructors.", "licenses": [ { "license": { @@ -21822,30 +119377,30 @@ } } ], - "purl": "pkg:npm/cross-spawn@7.0.3", + "purl": "pkg:npm/es-errors@1.3.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "url": "git+https://github.com/ljharb/es-errors.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/moxystudio/node-cross-spawn", + "url": "https://github.com/ljharb/es-errors#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "url": "https://github.com/ljharb/es-errors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "url": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8910cf24a50f544343edd1cf3bcae46ce9cfa720f281c0c5b568e9796342832f163f6ad77315cbf13b2445e425e8eac1d86efe509ada82cd6ad7916e75cec6eb" + "content": "65fe47d8ac6ddb18d3bdb26f3f66562c4202c40ea3fa1026333225ca9cb8c5c060d6f2959f1f3d5b2d066d2fa47f9730095145cdd0858765d20853542d2e9cb3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21854,48 +119409,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cross-spawn" + "value": "node_modules/es-errors" } ] }, { "type": "library", - "name": "jackspeak", - "version": "2.3.6", - "bom-ref": "jackspeak@2.3.6", - "author": "Isaac Z. Schlueter", - "description": "A very strict and proper argument parser.", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", "licenses": [ { "license": { - "id": "BlueOak-1.0.0" + "id": "MIT" } } ], - "purl": "pkg:npm/jackspeak@2.3.6", + "purl": "pkg:npm/function-bind@1.1.2", "externalReferences": [ { - "url": "git+https://github.com/isaacs/jackspeak.git", + "url": "git+https://github.com/Raynos/function-bind.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/jackspeak#readme", + "url": "https://github.com/Raynos/function-bind", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/jackspeak/issues", + "url": "https://github.com/Raynos/function-bind/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "url": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "377c824bf35e82c381a2473c18074cf147267ec2a2492f1c8a985e0ff9e2bf3afbd341fe9ec30ec498d09efc0e711615b8591d1f4c0652f5b659b5c69ab6466d" + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21904,49 +119459,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jackspeak" + "value": "node_modules/function-bind" } ] }, { "type": "library", - "name": "cliui", - "group": "@isaacs", - "version": "8.0.2", - "bom-ref": "@isaacs/cliui@8.0.2", - "author": "Ben Coe", - "description": "easily create complex multi-column command-line-interfaces", + "name": "set-function-length", + "version": "1.2.2", + "bom-ref": "set-function-length@1.2.2", + "author": "Jordan Harband", + "description": "Set a function's length property", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40isaacs/cliui@8.0.2", + "purl": "pkg:npm/set-function-length@1.2.2", "externalReferences": [ { - "url": "git+https://github.com/yargs/cliui.git", + "url": "git+https://github.com/ljharb/set-function-length.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/yargs/cliui#readme", + "url": "https://github.com/ljharb/set-function-length#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/cliui/issues", + "url": "https://github.com/ljharb/set-function-length/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "url": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3bc8dc8da6d76a578e1bd0d0d3e0115d66414df9cfe16340ab3ba224aee5978e009b118abff2763384cf8f18d8df39c109fbc15c5cee726d6dc1dc85c9b16a10" + "content": "a6045ce21278fec363582492f409a74b8d31ddb34c0d39271e02f951a3014ccc899d4f741205a1d51cfe302f5e16ee01b8dfd4c198ca42e63fd6fdeb33b1cc7e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -21955,319 +119509,67 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui" + "value": "node_modules/set-function-length" } - ], - "components": [ + ] + }, + { + "type": "library", + "name": "define-data-property", + "version": "1.1.4", + "bom-ref": "define-data-property@1.1.4", + "author": "Jordan Harband", + "description": "Define a data property on an object. Will fall back to assignment in an engine without descriptors.", + "licenses": [ { - "type": "library", - "name": "string-width", - "version": "5.1.2", - "bom-ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", - "author": "Sindre Sorhus", - "description": "Get the visual width of a string - the number of columns required to display it", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/string-width@5.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/string-width.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/string-width#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/string-width/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1e72ce091def8dc63c6dea0d2ed723679fe7c67d9a7e6304ea586b0eb79ba24a8c6a9f976de5bc9fd4d7a4f0cea9d18ae6a708de84f418a4d6eb00bb10c895a8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui/node_modules/string-width" - } - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-data-property@1.1.4", + "externalReferences": [ { - "type": "library", - "name": "emoji-regex", - "version": "9.2.2", - "bom-ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", - "author": "Mathias Bynens", - "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/emoji-regex@9.2.2", - "externalReferences": [ - { - "url": "git+https://github.com/mathiasbynens/emoji-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://mths.be/emoji-regex", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mathiasbynens/emoji-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2f5f03689b17494936fb8da9bfc98bb398c94f686a164144e23db5c0e9a06d4aac67684bef636c514efce60f515e0a37b3464d815978d93887a7766d3affd5ca" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui/node_modules/emoji-regex" - } - ] + "url": "git+https://github.com/ljharb/define-data-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "strip-ansi", - "version": "7.1.0", - "bom-ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/strip-ansi@7.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/strip-ansi.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/strip-ansi#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/strip-ansi/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8aae9e55523ae274104d162ad8ab44836776b94ecb125853270b07e18cc81d9b21c658199acff021ce15a03413946fc8bd522b04a1b4e82ad99e9d2abfb86471" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui/node_modules/strip-ansi" - } - ] + "url": "https://github.com/ljharb/define-data-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "ansi-regex", - "version": "6.0.1", - "bom-ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-regex@6.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9f933ce797ca6f64ac7cc222145a15ac0047242f10b47c15c7e98758fdd0704a811d889e9e3e5d1d28236f1b42d161195d8b78c1c0faceb4049433e116e6607c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui/node_modules/ansi-regex" - } - ] + "url": "https://github.com/ljharb/define-data-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "wrap-ansi", - "version": "8.1.0", - "bom-ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", - "author": "Sindre Sorhus", - "description": "Wordwrap a string with ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/wrap-ansi@8.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/wrap-ansi.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/wrap-ansi#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/wrap-ansi/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b22ed0588eb350cab9e9b11216f6a0b66ccc7463ada317d1f927b3d753286df73bb66f9591472493d6d6d9479f7d319551b3a4b31992c34000da0b3c83bd4d09" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "ac132f23396903cbfa13e489668a3ef87018aac2eb920ecc49f2229cc3c5866928af0ed7f9d39754942cf904faf731a4cccc9f0e720c3765a2775f8d6cbdd3f8" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui/node_modules/wrap-ansi" - } - ] - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "type": "library", - "name": "ansi-styles", - "version": "6.2.1", - "bom-ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-styles@6.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-styles.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-styles#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-styles/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6cdefdf2015f417faf8b0dd1ef2ac6591aa7acdda84641245238e5e09367e04f06c716e3b46dc56eb108218de5f3f86bc14c0878266f8b842e3933f8304ad5ba" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui/node_modules/ansi-styles" - } - ] + "name": "cdx:npm:package:path", + "value": "node_modules/define-data-property" } ] }, { "type": "library", - "name": "string-width", - "version": "4.2.3", - "bom-ref": "string-width@4.2.3", - "author": "Sindre Sorhus", - "description": "Get the visual width of a string - the number of columns required to display it", + "name": "gopd", + "version": "1.0.1", + "bom-ref": "gopd@1.0.1", + "author": "Jordan Harband", + "description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.", "licenses": [ { "license": { @@ -22275,30 +119577,30 @@ } } ], - "purl": "pkg:npm/string-width@4.2.3", + "purl": "pkg:npm/gopd@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/string-width.git", + "url": "git+https://github.com/ljharb/gopd.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/string-width#readme", + "url": "https://github.com/ljharb/gopd#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/string-width/issues", + "url": "https://github.com/ljharb/gopd/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "url": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22307,17 +119609,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/string-width-cjs" + "value": "node_modules/gopd" } ] }, { "type": "library", - "name": "emoji-regex", - "version": "8.0.0", - "bom-ref": "emoji-regex@8.0.0", - "author": "Mathias Bynens", - "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "name": "has-property-descriptors", + "version": "1.0.2", + "bom-ref": "has-property-descriptors@1.0.2", + "author": "Jordan Harband", + "description": "Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.", "licenses": [ { "license": { @@ -22325,30 +119627,30 @@ } } ], - "purl": "pkg:npm/emoji-regex@8.0.0", + "purl": "pkg:npm/has-property-descriptors@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "url": "git+https://github.com/inspect-js/has-property-descriptors.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://mths.be/emoji-regex", + "url": "https://github.com/inspect-js/has-property-descriptors#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "url": "https://github.com/inspect-js/has-property-descriptors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "url": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3128d8cdc58d380d1ec001e9cf4331a5816fc20eb28f2d4d1b7c6d7a8ab3eb8e150a8fd13e09ebd7f186b7e89cde2253cd0f04bb74dd335e126b09d5526184e8" + "content": "e7924d2ae216fafab829ed418ce4e333661cb5022f093ec61731f099f64f1a8e709eb82489dd1842d9c095e152aae9999b86b3de7d814be7ab6f2e62a49760ae" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22357,17 +119659,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/emoji-regex" + "value": "node_modules/has-property-descriptors" } ] }, { "type": "library", - "name": "is-fullwidth-code-point", - "version": "3.0.0", - "bom-ref": "is-fullwidth-code-point@3.0.0", - "author": "Sindre Sorhus", - "description": "Check if the character represented by a given Unicode code point is fullwidth", + "name": "has-proto", + "version": "1.0.3", + "bom-ref": "has-proto@1.0.3", + "author": "Jordan Harband", + "description": "Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?", "licenses": [ { "license": { @@ -22375,30 +119677,30 @@ } } ], - "purl": "pkg:npm/is-fullwidth-code-point@3.0.0", + "purl": "pkg:npm/has-proto@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "url": "git+https://github.com/inspect-js/has-proto.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "url": "https://github.com/inspect-js/has-proto#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "url": "https://github.com/inspect-js/has-proto/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "url": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cf29a6e7ebbeb02b125b20fda8d69e8d5dc316f84229c94a762cd868952e1c0f3744b8dbee74ae1a775d0871afd2193e298ec130096c59e2b851e83a115e9742" + "content": "489d5a999009522652f8f86c54b7f9b46c9d95a541f04745a5a48ee209a250a50ec64f2ace7e40232e19789526876db39c8764fee300513da9977171cd5507f9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22407,17 +119709,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-fullwidth-code-point" + "value": "node_modules/has-proto" } ] }, { "type": "library", - "name": "strip-ansi", - "version": "6.0.1", - "bom-ref": "strip-ansi@6.0.1", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", + "name": "has-symbols", + "version": "1.0.3", + "bom-ref": "has-symbols@1.0.3", + "author": "Jordan Harband", + "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", "licenses": [ { "license": { @@ -22425,30 +119727,30 @@ } } ], - "purl": "pkg:npm/strip-ansi@6.0.1", + "purl": "pkg:npm/has-symbols@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/chalk/strip-ansi.git", + "url": "git://github.com/inspect-js/has-symbols.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/strip-ansi#readme", + "url": "https://github.com/ljharb/has-symbols#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/strip-ansi/issues", + "url": "https://github.com/ljharb/has-symbols/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "url": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22457,17 +119759,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/strip-ansi" + "value": "node_modules/has-symbols" } ] }, { "type": "library", - "name": "eastasianwidth", - "version": "0.2.0", - "bom-ref": "eastasianwidth@0.2.0", - "author": "Masaki Komagata", - "description": "Get East Asian Width from a character.", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", "licenses": [ { "license": { @@ -22475,30 +119777,30 @@ } } ], - "purl": "pkg:npm/eastasianwidth@0.2.0", + "purl": "pkg:npm/hasown@2.0.2", "externalReferences": [ { - "url": "git://github.com/komagata/eastasianwidth.git", + "url": "git+https://github.com/inspect-js/hasOwn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/komagata/eastasianwidth#readme", + "url": "https://github.com/inspect-js/hasOwn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/komagata/eastasianwidth/issues", + "url": "https://github.com/inspect-js/hasOwn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "url": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "23cf1361959cf578981d1438ff7739ae38df8248e12f25b696e18885e18445b350e8e63bc93c9b6a74a90d765af32ed550ff589837186be7b2ab871aee22ea58" + "content": "d21254f5208fbe633320175916a34f5d66ba76a87b59d1f470823dcbe0b24bcac6de72f8f01725adaf4798a8555541f23d6347e58ef10f0001edb7e04a391431" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22507,17 +119809,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eastasianwidth" + "value": "node_modules/hasown" } ] }, { "type": "library", - "name": "strip-ansi", - "version": "6.0.1", - "bom-ref": "BomRef.5h3h9846p8.g5nk6qdc128", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", + "name": "object-inspect", + "version": "1.13.1", + "bom-ref": "object-inspect@1.13.1", + "author": "James Halliday", + "description": "string representations of objects in node and the browser", "licenses": [ { "license": { @@ -22525,30 +119827,30 @@ } } ], - "purl": "pkg:npm/strip-ansi@6.0.1", + "purl": "pkg:npm/object-inspect@1.13.1", "externalReferences": [ { - "url": "git+https://github.com/chalk/strip-ansi.git", + "url": "git://github.com/inspect-js/object-inspect.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/strip-ansi#readme", + "url": "https://github.com/inspect-js/object-inspect", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/strip-ansi/issues", + "url": "https://github.com/inspect-js/object-inspect/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "url": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22557,17 +119859,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/strip-ansi-cjs" + "value": "node_modules/object-inspect" } ] }, { "type": "library", - "name": "ansi-regex", - "version": "5.0.1", - "bom-ref": "ansi-regex@5.0.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", + "name": "range-parser", + "version": "1.2.1", + "bom-ref": "range-parser@1.2.1", + "author": "TJ Holowaychuk", + "description": "Range header field string parser", "licenses": [ { "license": { @@ -22575,30 +119877,30 @@ } } ], - "purl": "pkg:npm/ansi-regex@5.0.1", + "purl": "pkg:npm/range-parser@1.2.1", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-regex.git", + "url": "git+https://github.com/jshttp/range-parser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/ansi-regex#readme", + "url": "https://github.com/jshttp/range-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-regex/issues", + "url": "https://github.com/jshttp/range-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "url": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aae2505e54d25062f62c7f52517a3c570b18e2ca1a9e1828e8b3529bce04d4b05c13cb373b4c29762473c91f73fd9649325316bf7eea38e6fda5d26531410a15" + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22607,17 +119909,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ansi-regex" + "value": "node_modules/range-parser" } ] }, { "type": "library", - "name": "wrap-ansi", - "version": "7.0.0", - "bom-ref": "wrap-ansi@7.0.0", - "author": "Sindre Sorhus", - "description": "Wordwrap a string with ANSI escape codes", + "name": "send", + "version": "0.18.0", + "bom-ref": "send@0.18.0", + "author": "TJ Holowaychuk", + "description": "Better streaming static file server with Range and conditional-GET support", "licenses": [ { "license": { @@ -22625,30 +119927,30 @@ } } ], - "purl": "pkg:npm/wrap-ansi@7.0.0", + "purl": "pkg:npm/send@0.18.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/wrap-ansi.git", + "url": "git+https://github.com/pillarjs/send.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/wrap-ansi#readme", + "url": "https://github.com/pillarjs/send#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/wrap-ansi/issues", + "url": "https://github.com/pillarjs/send/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "url": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22657,17 +119959,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/wrap-ansi-cjs" + "value": "node_modules/send" } ] }, { "type": "library", - "name": "ansi-styles", - "version": "4.3.0", - "bom-ref": "ansi-styles@4.3.0", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", + "name": "mime", + "version": "1.6.0", + "bom-ref": "mime@1.6.0", + "author": "Robert Kieffer", + "description": "A comprehensive library for mime-type mapping", "licenses": [ { "license": { @@ -22675,30 +119977,30 @@ } } ], - "purl": "pkg:npm/ansi-styles@4.3.0", + "purl": "pkg:npm/mime@1.6.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-styles.git", + "url": "git+https://github.com/broofa/node-mime.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/ansi-styles#readme", + "url": "https://github.com/broofa/node-mime#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-styles/issues", + "url": "https://github.com/broofa/node-mime/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "url": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cdb07dac22404f5adb8e25436f686a2851cd60bc60b64f0d511c59dc86700f717a36dc5b5d94029e74a2d4b931f880e885d3e5169db6db05402c885e64941212" + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22707,17 +120009,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ansi-styles" + "value": "node_modules/mime" } ] }, { "type": "library", - "name": "string-width", - "version": "4.2.3", - "bom-ref": "BomRef.5hrhe0lu5jo.6brcifutiug", - "author": "Sindre Sorhus", - "description": "Get the visual width of a string - the number of columns required to display it", + "name": "serve-static", + "version": "1.15.0", + "bom-ref": "serve-static@1.15.0", + "author": "Douglas Christopher Wilson", + "description": "Serve static files", "licenses": [ { "license": { @@ -22725,30 +120027,30 @@ } } ], - "purl": "pkg:npm/string-width@4.2.3", + "purl": "pkg:npm/serve-static@1.15.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/string-width.git", + "url": "git+https://github.com/expressjs/serve-static.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/string-width#readme", + "url": "https://github.com/expressjs/serve-static#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/string-width/issues", + "url": "https://github.com/expressjs/serve-static/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "url": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22757,18 +120059,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/string-width" + "value": "node_modules/serve-static" } ] }, { "type": "library", - "name": "parseargs", - "group": "@pkgjs", - "version": "0.11.0", - "bom-ref": "@pkgjs/parseargs@0.11.0", - "description": "Polyfill of future proposal for `util.parseArgs()`", - "scope": "optional", + "name": "media-typer", + "version": "0.3.0", + "bom-ref": "media-typer@0.3.0", + "author": "Douglas Christopher Wilson", + "description": "Simple RFC 6838 media type parser and formatter", "licenses": [ { "license": { @@ -22776,30 +120077,30 @@ } } ], - "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "purl": "pkg:npm/media-typer@0.3.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "url": "git+https://github.com/jshttp/media-typer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/pkgjs/parseargs#readme", + "url": "https://github.com/jshttp/media-typer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/pkgjs/parseargs/issues", + "url": "https://github.com/jshttp/media-typer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "url": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fb55648dd0f44012cfa1d1ab2547aa6ab1fc54022f40e0c86f087d5e93f94b28ac7fb628420b0928f345a2aa8b425bbe550fed552b21311ea5a0f327f14f9d3e" + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22808,48 +120109,54 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@pkgjs/parseargs" + "value": "node_modules/media-typer" } ] }, { "type": "library", - "name": "minimatch", - "version": "9.0.4", - "bom-ref": "minimatch@9.0.4", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", + "name": "utils-merge", + "version": "1.0.1", + "bom-ref": "utils-merge@1.0.1", + "author": "Jared Hanson", + "description": "merge() utility function", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "http://opensource.org/licenses/MIT" } } ], - "purl": "pkg:npm/minimatch@9.0.4", + "purl": "pkg:npm/utils-merge@1.0.1", "externalReferences": [ { - "url": "git://github.com/isaacs/minimatch.git", + "url": "git://github.com/jaredhanson/utils-merge.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minimatch#readme", + "url": "https://github.com/jaredhanson/utils-merge#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minimatch/issues", + "url": "http://github.com/jaredhanson/utils-merge/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "url": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2aa5a1f957217f170c3510098e3dad9ec48974d6c7b1582790185336b5bb023568e8ebcbb71c3ccdf4fda0bc35252a21945cc9f230a84e06a85ef27e907b7a7f" + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22858,48 +120165,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/minimatch" + "value": "node_modules/utils-merge" } ] }, { "type": "library", - "name": "path-scurry", - "version": "1.10.2", - "bom-ref": "path-scurry@1.10.2", - "author": "Isaac Z. Schlueter", - "description": "walk paths fast and efficiently", + "name": "vary", + "version": "1.1.2", + "bom-ref": "vary@1.1.2", + "author": "Douglas Christopher Wilson", + "description": "Manipulate the HTTP Vary header", "licenses": [ { "license": { - "id": "BlueOak-1.0.0" + "id": "MIT" } } ], - "purl": "pkg:npm/path-scurry@1.10.2", + "purl": "pkg:npm/vary@1.1.2", "externalReferences": [ { - "url": "git+https://github.com/isaacs/path-scurry.git", + "url": "git+https://github.com/jshttp/vary.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/path-scurry#readme", + "url": "https://github.com/jshttp/vary#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/path-scurry/issues", + "url": "https://github.com/jshttp/vary/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.2.tgz", + "url": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ef14dabcdcb94505e7b2300dbd5bcc9048ef9683a29e4023bff67a225773f6fd918a767848129358539545b685f29d2fa479f28d5fd4c0d0dd2ae52fe8ce6a70" + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -22908,119 +120215,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/path-scurry" - } - ], - "components": [ - { - "type": "library", - "name": "lru-cache", - "version": "10.2.0", - "bom-ref": "path-scurry@1.10.2|lru-cache@10.2.0", - "author": "Isaac Z. Schlueter", - "description": "A cache object that deletes the least-recently-used items.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/lru-cache@10.2.0", - "externalReferences": [ - { - "url": "git://github.com/isaacs/node-lru-cache.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-lru-cache#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-lru-cache/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d9b20cf31f9501fe894f86ca0258d2d6a51680cb2a6513c6252e8549a84830f56f72d70d872569ec026eeeabb1396f63c24af205178a658e6d639258bf69ffed" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/path-scurry/node_modules/lru-cache" - } - ] - }, - { - "type": "library", - "name": "minipass", - "version": "7.0.4", - "bom-ref": "path-scurry@1.10.2|minipass@7.0.4", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass@7.0.4", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/path-scurry/node_modules/minipass" - } - ] + "value": "node_modules/vary" } ] }, { "type": "library", - "name": "lines-and-columns", - "version": "1.2.4", - "bom-ref": "lines-and-columns@1.2.4", - "author": "Brian Donovan", - "description": "Maps lines and columns to character offsets and back.", + "name": "asynckit", + "version": "0.4.0", + "bom-ref": "asynckit@0.4.0", + "author": "Alex Indigo", + "description": "Minimal async jobs utility library, with streams support", "licenses": [ { "license": { @@ -23028,30 +120233,30 @@ } } ], - "purl": "pkg:npm/lines-and-columns@1.2.4", + "purl": "pkg:npm/asynckit@0.4.0", "externalReferences": [ { - "url": "git+https://github.com/eventualbuddha/lines-and-columns.git", + "url": "git+https://github.com/alexindigo/asynckit.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/eventualbuddha/lines-and-columns#readme", + "url": "https://github.com/alexindigo/asynckit#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eventualbuddha/lines-and-columns/issues", + "url": "https://github.com/alexindigo/asynckit/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "url": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ef297295eb1943f3d5dbd8e110397751f8e8e995fb802a89af917b3caaea73ddefedfcd2ca6b75069c0453c9c0517b3cab3cefaa16e384ae50660e8cb7f1e406" + "content": "39e8bd387e2d461d18a94dc6c615fbf5d33f9b0560bdb64969235a464f9bb21923d12e5c7c772061a92b7818eb1f06ad5ca6f3f88a087582f1aca8a6d8c8d6d1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23060,17 +120265,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lines-and-columns" + "value": "node_modules/asynckit" } ] }, { "type": "library", - "name": "mz", - "version": "2.7.0", - "bom-ref": "mz@2.7.0", - "author": "Jonathan Ong", - "description": "modernize node.js to current ECMAScript standards", + "name": "combined-stream", + "version": "1.0.8", + "bom-ref": "combined-stream@1.0.8", + "author": "Felix Geisendörfer", + "description": "A stream that emits multiple other streams one after another.", "licenses": [ { "license": { @@ -23078,30 +120283,30 @@ } } ], - "purl": "pkg:npm/mz@2.7.0", + "purl": "pkg:npm/combined-stream@1.0.8", "externalReferences": [ { - "url": "git+https://github.com/normalize/mz.git", + "url": "git://github.com/felixge/node-combined-stream.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/normalize/mz#readme", + "url": "https://github.com/felixge/node-combined-stream", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/normalize/mz/issues", + "url": "https://github.com/felixge/node-combined-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", + "url": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cfcd4634eee79d830486b1a1f4b7b29a8138f98af45a7e4c70721930ae5c7d00a5f8d0d7d3cb0266051cf7fe8c1e78bd216b852e6d59dc74c25eedb3f5f37ad9" + "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23110,17 +120315,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mz" + "value": "node_modules/combined-stream" } ] }, { "type": "library", - "name": "any-promise", - "version": "1.3.0", - "bom-ref": "any-promise@1.3.0", - "author": "Kevin Beaty", - "description": "Resolve any installed ES6 compatible promise", + "name": "delayed-stream", + "version": "1.0.0", + "bom-ref": "delayed-stream@1.0.0", + "author": "Felix Geisendörfer", + "description": "Buffers events from a stream until you are ready to handle them.", "licenses": [ { "license": { @@ -23128,30 +120333,30 @@ } } ], - "purl": "pkg:npm/any-promise@1.3.0", + "purl": "pkg:npm/delayed-stream@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/kevinbeaty/any-promise.git", + "url": "git://github.com/felixge/node-delayed-stream.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://github.com/kevinbeaty/any-promise", + "url": "https://github.com/felixge/node-delayed-stream", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kevinbeaty/any-promise/issues", + "url": "https://github.com/felixge/node-delayed-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", + "url": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ed4be629a95646dd708232f546b1b1a12256ff44191487a0a5e1af646f648e9f2fad1bb9e574c76f09eaab61a95e6f6e2db72e8719b722a5fd381e0c651d5bd8" + "content": "672483ecd7fdd5a2c1d11c4be0a1ab28705797b11db350c098475ca156b05e72c3ed20e1a4d82db88236680920edaed04b8d63c4f499d7ba7855d1a730793731" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23160,17 +120365,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/any-promise" + "value": "node_modules/delayed-stream" } ] }, { "type": "library", - "name": "object-assign", - "version": "4.1.1", - "bom-ref": "object-assign@4.1.1", - "author": "Sindre Sorhus", - "description": "ES2015 `Object.assign()` ponyfill", + "name": "mime-db", + "version": "1.52.0", + "bom-ref": "mime-db@1.52.0", + "description": "Media Type Database", "licenses": [ { "license": { @@ -23178,30 +120382,30 @@ } } ], - "purl": "pkg:npm/object-assign@4.1.1", + "purl": "pkg:npm/mime-db@1.52.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/object-assign.git", + "url": "git+https://github.com/jshttp/mime-db.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/object-assign#readme", + "url": "https://github.com/jshttp/mime-db#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/object-assign/issues", + "url": "https://github.com/jshttp/mime-db/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "url": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23210,17 +120414,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/object-assign" + "value": "node_modules/mime-db" } ] }, { "type": "library", - "name": "thenify-all", - "version": "1.6.0", - "bom-ref": "thenify-all@1.6.0", - "author": "Jonathan Ong", - "description": "Promisifies all the selected functions in an object", + "name": "fs-extra", + "version": "11.2.0", + "bom-ref": "fs-extra@11.2.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.", "licenses": [ { "license": { @@ -23228,30 +120432,30 @@ } } ], - "purl": "pkg:npm/thenify-all@1.6.0", + "purl": "pkg:npm/fs-extra@11.2.0", "externalReferences": [ { - "url": "git+https://github.com/thenables/thenify-all.git", + "url": "git+https://github.com/jprichardson/node-fs-extra.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/thenables/thenify-all#readme", + "url": "https://github.com/jprichardson/node-fs-extra", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thenables/thenify-all/issues", + "url": "https://github.com/jprichardson/node-fs-extra/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "44dc501ffa88f3fb77b615c90f072cb543b8cdeaa8eb8f94cbffac355441c785e7d8e5fe399f683fe8899cd16aa6516b6b665455e28249ada85568b74f8b9598" + "content": "3e60e2deec0ae6716e5e1ed70d39559d2d7bc494bbbd6dfa8acdbec37c5cbfc495c620783720137f872d9156396e44a35f46389dbbd90aad7f123b44cabf64b7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23260,17 +120464,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/thenify-all" + "value": "node_modules/fs-extra" } ] }, { "type": "library", - "name": "thenify", - "version": "3.3.1", - "bom-ref": "thenify@3.3.1", - "author": "Jonathan Ong", - "description": "Promisify a callback-based function", + "name": "jsonfile", + "version": "6.1.0", + "bom-ref": "jsonfile@6.1.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", "licenses": [ { "license": { @@ -23278,30 +120482,30 @@ } } ], - "purl": "pkg:npm/thenify@3.3.1", + "purl": "pkg:npm/jsonfile@6.1.0", "externalReferences": [ { - "url": "git+https://github.com/thenables/thenify.git", + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/thenables/thenify#readme", + "url": "https://github.com/jprichardson/node-jsonfile#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thenables/thenify/issues", + "url": "https://github.com/jprichardson/node-jsonfile/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "455652215e481b5d079377a7a2dae1bf3d13f5e9ba7321c12e41ff60066e2aa77c85190a8527c218870fd8a518d043f19ddcc034198d965cd63f06a4f9b85e4b" + "content": "e5d8277563ab8984a6e5c9d86893616a52cd0ca3aa170c8307faebd44f59b067221af28fb3c476c5818269cb9fdf3e8ad58283cf5f367ddf9f637727de932a5d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23310,17 +120514,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/thenify" + "value": "node_modules/jsonfile" } ] }, { "type": "library", - "name": "pirates", - "version": "4.0.6", - "bom-ref": "pirates@4.0.6", - "author": "Ari Porad", - "description": "Properly hijack require, i.e., properly define require hooks and customizations", + "name": "universalify", + "version": "2.0.1", + "bom-ref": "universalify@2.0.1", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", "licenses": [ { "license": { @@ -23328,30 +120532,30 @@ } } ], - "purl": "pkg:npm/pirates@4.0.6", + "purl": "pkg:npm/universalify@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/danez/pirates.git", + "url": "git+https://github.com/RyanZim/universalify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/danez/pirates#readme", + "url": "https://github.com/RyanZim/universalify#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/danez/pirates/issues", + "url": "https://github.com/RyanZim/universalify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", + "url": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b1a2ec1fb59e6183e20f6e4b0ee2d1458fe2fba1da3d8afa1b539494ddfda2dce4493c4a9ee6d1f514f14b7fca939d2cd60d894e01705900d0ca9942e7f48766" + "content": "829b4735082120d9dcfef4c6224d12385185357c3b255ae5454b42a2725196f6b0e83b97d303b925e928f6c5ab301861f8fb18019ee85c088e9dffd42a88328b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23360,48 +120564,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pirates" + "value": "node_modules/universalify" } ] }, { "type": "library", - "name": "ts-interface-checker", - "version": "0.1.13", - "bom-ref": "ts-interface-checker@0.1.13", - "author": "Dmitry S, Grist Labs", - "description": "Runtime library to validate data against TypeScript interfaces", + "name": "get-installed-path", + "version": "4.0.8", + "bom-ref": "get-installed-path@4.0.8", + "author": "Charlike Mike Reagent", + "description": "Get installation path where the given package is installed. Works for globally and locally installed packages", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/ts-interface-checker@0.1.13", + "purl": "pkg:npm/get-installed-path@4.0.8", "externalReferences": [ { - "url": "git+https://github.com/gristlabs/ts-interface-checker.git", + "url": "git+https://github.com/tunnckoCore/get-installed-path.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/gristlabs/ts-interface-checker#readme", + "url": "https://github.com/tunnckoCore/get-installed-path", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/gristlabs/ts-interface-checker/issues", + "url": "https://github.com/tunnckoCore/get-installed-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", + "url": "https://registry.npmjs.org/get-installed-path/-/get-installed-path-4.0.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "63f6abbdb9feaebcf72422a5f42e2454d7d37d29b6fe6129e454b3e44b194803463d2950ae9448e4ce0f285fa6267139da338ef743e73d273752bddb4d0c3480" + "content": "3e600d2b5c449481e51c7dad5df3a84e74835235f55f71af28ae99c8b6d49d20829f5a400f0bbaede556b6db8fcc95ab5c30d3d8c7ceeae01a2882ce15f8ad98" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23410,47 +120614,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ts-interface-checker" + "value": "node_modules/get-installed-path" } ] }, { "type": "library", - "name": "tw-elements", - "version": "1.1.0", - "bom-ref": "tw-elements@1.1.0", - "author": "MDBootstrap", + "name": "global-modules", + "version": "1.0.0", + "bom-ref": "global-modules@1.0.0", + "author": "Jon Schlinkert", + "description": "The directory used by npm for globally installed npm modules.", "licenses": [ { "license": { - "name": "AGPL" + "id": "MIT" } } ], - "purl": "pkg:npm/tw-elements@1.1.0", + "purl": "pkg:npm/global-modules@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/mdbootstrap/Tailwind-Elements.git", + "url": "git+https://github.com/jonschlinkert/global-modules.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://tailwind-elements.com/", + "url": "https://github.com/jonschlinkert/global-modules", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mdbootstrap/Tailwind-Elements/issues", + "url": "https://github.com/jonschlinkert/global-modules/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tw-elements/-/tw-elements-1.1.0.tgz", + "url": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "214afd616da5f7da13559c6e563420eaba6e0a9a3a559a9b68a19899950d555b2849553f9633e9909018d8f9ff9a8ae55f028f84ff4c4cf3503255a8b2a1cbe3" + "content": "b0ace91247f5d46a4e16ec346738f39ade01e146708ce706ef9ecf3efadf87170b15bab4c29b20a4eab1a71b71162086e03b46f7733a5d155b176a0675ebfb6e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23459,269 +120664,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tw-elements" - } - ], - "components": [ - { - "type": "library", - "name": "tailwindcss", - "version": "3.3.0", - "bom-ref": "tw-elements@1.1.0|tailwindcss@3.3.0", - "description": "A utility-first CSS framework for rapidly building custom user interfaces.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/tailwindcss@3.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/tailwindlabs/tailwindcss.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://tailwindcss.com", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/tailwindlabs/tailwindcss/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "84e5e5171f98724949f245e20807e4fc5332af83e6f5c938efb1b49bfbacdb7e3856e8f7e79229a040c1e5498602c4a94c19abfb86618f35b4e09b855e46ff7f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tw-elements/node_modules/tailwindcss" - } - ] - }, - { - "type": "library", - "name": "postcss-import", - "version": "14.1.0", - "bom-ref": "tw-elements@1.1.0|postcss-import@14.1.0", - "author": "Maxime Thirouin", - "description": "PostCSS plugin to import CSS files", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/postcss-import@14.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/postcss/postcss-import.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/postcss/postcss-import#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/postcss/postcss-import/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7e5c08f95826e1212539b1553e94c84fb494ed1dea9362fb3f276e31ca2489a54ab96bfd77f53e1a6fd001df0d0cbbb291359391cae339e0f63e9d6b31e0531b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tw-elements/node_modules/postcss-import" - } - ] - }, - { - "type": "library", - "name": "postcss-load-config", - "version": "3.1.4", - "bom-ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", - "author": "Michael Ciniawky", - "description": "Autoload Config for PostCSS", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/postcss-load-config@3.1.4", - "externalReferences": [ - { - "url": "git+https://github.com/postcss/postcss-load-config.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/postcss/postcss-load-config#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/postcss/postcss-load-config/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e8388ce04eefe1ca13138bb303c53ffd686d3f0ca18a29b77b28c43050a7529cdbae42bdc091e02834f6991f876ed4ab77f36e6d56984cea52a63525f0d41e46" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tw-elements/node_modules/postcss-load-config" - } - ] - }, - { - "type": "library", - "name": "yaml", - "version": "1.10.2", - "bom-ref": "tw-elements@1.1.0|yaml@1.10.2", - "author": "Eemeli Aro", - "description": "JavaScript parser and stringifier for YAML", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/yaml@1.10.2", - "externalReferences": [ - { - "url": "git+https://github.com/eemeli/yaml.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://eemeli.org/yaml/v1/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eemeli/yaml/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tw-elements/node_modules/yaml" - } - ] - }, - { - "type": "library", - "name": "postcss-nested", - "version": "6.0.0", - "bom-ref": "tw-elements@1.1.0|postcss-nested@6.0.0", - "author": "Andrey Sitnik", - "description": "PostCSS plugin to unwrap nested rules like how Sass does it", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/postcss-nested@6.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/postcss/postcss-nested.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/postcss/postcss-nested#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/postcss/postcss-nested/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d0391a9aaacf7269010ec2e7faf40322bb6449b364bf9003fccdf6db24a8f64a85902218925ca6db11265a4c28f98dffa99a37e2dcc43cd530e32ef230276fe7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tw-elements/node_modules/postcss-nested" - } - ] + "value": "node_modules/global-modules" } ] }, { "type": "library", - "name": "core", - "group": "@popperjs", - "version": "2.11.8", - "bom-ref": "@popperjs/core@2.11.8", - "author": "Federico Zivolo", - "description": "Tooltip and Popover Positioning Engine", + "name": "global-prefix", + "version": "1.0.2", + "bom-ref": "global-prefix@1.0.2", + "author": "Jon Schlinkert", + "description": "Get the npm global path prefix.", "licenses": [ { "license": { @@ -23729,30 +120682,30 @@ } } ], - "purl": "pkg:npm/%40popperjs/core@2.11.8", + "purl": "pkg:npm/global-prefix@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/popperjs/popper-core.git", + "url": "git+https://github.com/jonschlinkert/global-prefix.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/popperjs/popper-core#readme", + "url": "https://github.com/jonschlinkert/global-prefix", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/popperjs/popper-core/issues", + "url": "https://github.com/jonschlinkert/global-prefix/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", + "url": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3f5b2dd1a92c0ab9fdb06661a7c18c63006742c6ef016b19017e38a1734dbcb1c6a8039ca15c668d98a886cb7043b4aa2a76d1e3b6a474d8beba57960fcfa0e8" + "content": "e65b31d4d5031ed4a37e0d1e1e5998bd92aff3f9d5a97e1c9056ccf85ac6710fb4e0a59c585a3d3f93313d9612cd4bf2ce67536c8ec48b1f10e086c42c3ab32a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23761,16 +120714,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@popperjs/core" + "value": "node_modules/global-prefix" } ] }, { "type": "library", - "name": "chart.js", - "version": "3.9.1", - "bom-ref": "chart.js@3.9.1", - "description": "Simple HTML5 charts using the canvas element.", + "name": "expand-tilde", + "version": "2.0.2", + "bom-ref": "expand-tilde@2.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or `~+` to the cwd.", "licenses": [ { "license": { @@ -23778,30 +120732,30 @@ } } ], - "purl": "pkg:npm/chart.js@3.9.1", + "purl": "pkg:npm/expand-tilde@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/chartjs/Chart.js.git", + "url": "git+https://github.com/jonschlinkert/expand-tilde.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://www.chartjs.org", + "url": "https://github.com/jonschlinkert/expand-tilde", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chartjs/Chart.js/issues", + "url": "https://github.com/jonschlinkert/expand-tilde/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/chart.js/-/chart.js-3.9.1.tgz", + "url": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "468d896cb9af83cde05c5e45e2c9e2690fa54db4afd7c13e4c87f670e7a21f522a7763c614eb5e9be0d4b9f319b02270144ef2c0f3a97d7141c114c6abb761eb" + "content": "0391267ac1d6eab7e767dcac1d08cf7494678b44916abd2d8ed1b930db66f67e5352fb1853ca28ce9aed443e00a87c5c6565a556e026428da758a7cdf68ca34f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23810,16 +120764,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/chart.js" + "value": "node_modules/expand-tilde" } ] }, { "type": "library", - "name": "chartjs-plugin-datalabels", - "version": "2.2.0", - "bom-ref": "chartjs-plugin-datalabels@2.2.0", - "description": "Chart.js plugin to display labels on data elements", + "name": "homedir-polyfill", + "version": "1.0.3", + "bom-ref": "homedir-polyfill@1.0.3", + "author": "Brian Woodward", + "description": "Node.js os.homedir polyfill for older versions of node.js.", "licenses": [ { "license": { @@ -23827,30 +120782,30 @@ } } ], - "purl": "pkg:npm/chartjs-plugin-datalabels@2.2.0", + "purl": "pkg:npm/homedir-polyfill@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/chartjs/chartjs-plugin-datalabels.git", + "url": "git+https://github.com/doowb/homedir-polyfill.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://chartjs-plugin-datalabels.netlify.app", + "url": "https://github.com/doowb/homedir-polyfill", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chartjs/chartjs-plugin-datalabels/issues", + "url": "https://github.com/doowb/homedir-polyfill/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/chartjs-plugin-datalabels/-/chartjs-plugin-datalabels-2.2.0.tgz", + "url": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d78654df4947ee7f3da2af80e1b59a24f9c01bc6bb65393b74a7f8f1803332f26342d8eb820e43a64f5ff8b6e3085e9ba71dd10064de2f5dc85e929063246f97" + "content": "7929a6584e5b6532b6368bb8834008df367daecc29ec644aa0a5d2d412d492f3ef88eaace184cdd5d8d022aad7cbd939804b5d2cfcbce898d1c2c34cf6d9c370" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23859,16 +120814,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/chartjs-plugin-datalabels" + "value": "node_modules/homedir-polyfill" } ] }, { "type": "library", - "name": "deepmerge", - "version": "4.3.1", - "bom-ref": "deepmerge@4.3.1", - "description": "A library for deep (recursive) merging of Javascript objects", + "name": "parse-passwd", + "version": "1.0.0", + "bom-ref": "parse-passwd@1.0.0", + "author": "Brian Woodward", + "description": "Parse a passwd file into a list of users.", "licenses": [ { "license": { @@ -23876,30 +120832,30 @@ } } ], - "purl": "pkg:npm/deepmerge@4.3.1", + "purl": "pkg:npm/parse-passwd@1.0.0", "externalReferences": [ { - "url": "git://github.com/TehShrike/deepmerge.git", + "url": "git+https://github.com/doowb/parse-passwd.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/TehShrike/deepmerge", + "url": "https://github.com/doowb/parse-passwd", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/TehShrike/deepmerge/issues", + "url": "https://github.com/doowb/parse-passwd/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "url": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dec52a6cc11cefb5eaa5d34eec547246883e796de987e19809b8feacafae63244cbb0b15cb4acc895b4f9fe40994a16f58fff53d8a5aa6a627d0c7b6927167f8" + "content": "d58d40fff4145c464aed82b3fab0fd5b275c135f84b8fafa64180a79c001f2d9a85ba505bf435111525ed69fa3471b5386471b6ca91fc086d625efc8784ea6d9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23908,17 +120864,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/deepmerge" + "value": "node_modules/parse-passwd" } ] }, { "type": "library", - "name": "detect-autofill", - "version": "1.1.4", - "bom-ref": "detect-autofill@1.1.4", - "author": "Matteo Badini", - "description": "Small javascript library to detect and even prevent browsers autofill of form elements. Usefull for implementing floating labels or applying custom logics/styles.", + "name": "is-windows", + "version": "1.0.2", + "bom-ref": "is-windows@1.0.2", + "author": "Jon Schlinkert", + "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", "licenses": [ { "license": { @@ -23926,30 +120882,30 @@ } } ], - "purl": "pkg:npm/detect-autofill@1.1.4", + "purl": "pkg:npm/is-windows@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/matteobad/detect-autofill.git", + "url": "git+https://github.com/jonschlinkert/is-windows.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/matteobad/detect-autofill#readme", + "url": "https://github.com/jonschlinkert/is-windows", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/matteobad/detect-autofill/issues", + "url": "https://github.com/jonschlinkert/is-windows/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/detect-autofill/-/detect-autofill-1.1.4.tgz", + "url": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bad081430091fdb7929c00d09810bb0b8b53b9e0419180a5e964a97c652460a3bff8cccfc6a6068fa1b832f1f370a987d600932be56e9d7daf69a82f9115cfbc" + "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -23958,16 +120914,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/detect-autofill" + "value": "node_modules/is-windows" } ] }, { "type": "library", - "name": "custom-event-polyfill", - "version": "1.0.7", - "bom-ref": "custom-event-polyfill@1.0.7", - "author": "Evan Krambuhl", + "name": "resolve-dir", + "version": "1.0.1", + "bom-ref": "resolve-dir@1.0.1", + "author": "Jon Schlinkert", + "description": "Resolve a directory that is either local, global or in the user's home directory.", "licenses": [ { "license": { @@ -23975,30 +120932,30 @@ } } ], - "purl": "pkg:npm/custom-event-polyfill@1.0.7", + "purl": "pkg:npm/resolve-dir@1.0.1", "externalReferences": [ { - "url": "git+ssh://git@github.com/kumarharsh/custom-event-polyfill.git", + "url": "git+https://github.com/jonschlinkert/resolve-dir.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kumarharsh/custom-event-polyfill#readme", + "url": "https://github.com/jonschlinkert/resolve-dir", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kumarharsh/custom-event-polyfill/issues", + "url": "https://github.com/jonschlinkert/resolve-dir/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/custom-event-polyfill/-/custom-event-polyfill-1.0.7.tgz", + "url": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4c30e47790e4699c5914cf29fb5237c8096f337ad2af5c1bace9621b8c898b08a731937ccff8862fb05394392b25c6139a05126f8cb054273765a52d3ad0bbeb" + "content": "47bba24e3102cef3ac5927dd33440a14d05515c2b6eda1ce53076f2b9dc1716f33aa719d629d056e3f36732e78fb60383f6b45336d89e6445f7b547e94cff5ca" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -24007,48 +120964,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/custom-event-polyfill" + "value": "node_modules/resolve-dir" } ] }, { "type": "library", - "name": "perfect-scrollbar", - "version": "1.5.5", - "bom-ref": "perfect-scrollbar@1.5.5", - "author": "Hyunje Jun", - "description": "Minimalistic but perfect custom scrollbar plugin", + "name": "domhandler", + "version": "5.0.3", + "bom-ref": "domhandler@5.0.3", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/perfect-scrollbar@1.5.5", + "purl": "pkg:npm/domhandler@5.0.3", "externalReferences": [ { - "url": "git+https://github.com/mdbootstrap/perfect-scrollbar.git", + "url": "git://github.com/fb55/domhandler.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://perfectscrollbar.com/", + "url": "https://github.com/fb55/domhandler#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mdbootstrap/perfect-scrollbar/issues", + "url": "https://github.com/fb55/domhandler/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/perfect-scrollbar/-/perfect-scrollbar-1.5.5.tgz", + "url": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7736a57eeb723f77bf14ea5d96156bc8de002795c355ab955b1c9b4a42d999a905136b12df2de97382674a9af0f2d1a61ef91a1b911daf94fb2c14d9f96594da" + "content": "720c25bffd621508859d4f7a5d78113a1f314de7adb272620ec4dced36022c577dfbf58d908a8f4f188cffca5277c548ae15c64dfd4dcb5ab586ab95a83241e7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -24057,48 +121014,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/perfect-scrollbar" + "value": "node_modules/domhandler" } ] }, { "type": "library", - "name": "color-name", - "version": "1.1.4", - "bom-ref": "color-name@1.1.4", - "author": "DY", - "description": "A list of color names and its values", + "name": "domutils", + "version": "3.1.0", + "bom-ref": "domutils@3.1.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/color-name@1.1.4", + "purl": "pkg:npm/domutils@3.1.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/colorjs/color-name.git", + "url": "git://github.com/fb55/domutils.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/colorjs/color-name", + "url": "https://github.com/fb55/domutils#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/colorjs/color-name/issues", + "url": "https://github.com/fb55/domutils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "url": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "74ecbedc0b96ddadb035b64722e319a537208c6b8b53fb812ffb9b71917d3976c3a3c7dfe0ef32569e417f479f4bcb84a18a39ab8171edd63d3a04065e002c40" + "content": "1fbf2e32642d23602180326359e4261f0249d9b2cf0f718c98eed98dafd9661f38c249bee2eb7e2149d47516bcb82197f3c0e2571d63e8545ed577f11208c464" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -24107,17 +121064,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/color-name" + "value": "node_modules/domutils" } ] }, { "type": "library", - "name": "quick-lru", - "version": "5.1.1", - "bom-ref": "quick-lru@5.1.1", - "author": "Sindre Sorhus", - "description": "Simple “Least Recently Used” (LRU) cache", + "name": "dom-serializer", + "version": "2.0.0", + "bom-ref": "dom-serializer@2.0.0", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", "licenses": [ { "license": { @@ -24125,30 +121082,30 @@ } } ], - "purl": "pkg:npm/quick-lru@5.1.1", + "purl": "pkg:npm/dom-serializer@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/quick-lru.git", + "url": "git://github.com/cheeriojs/dom-serializer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/quick-lru#readme", + "url": "https://github.com/cheeriojs/dom-serializer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/quick-lru/issues", + "url": "https://github.com/cheeriojs/dom-serializer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5aec802d18d63c31adb7fc3326269d3b901763ef2167cd215697ba3328af82b691116ef9d57dd26e146f1b778b28e60dfbc544bea2dc7f7c1d9ede386784b848" + "content": "c08900af28aab7f9d5e4440aa90a68dd24e848e57d2740e76c9ab02bb5affd3adcf76cc801867816532ef893c55b50df185b7cd594c21a00c469b7df5de2f226" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -24157,48 +121114,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/quick-lru" + "value": "node_modules/dom-serializer" } ] }, { "type": "library", - "name": "validator", - "version": "13.12.0", - "bom-ref": "validator@13.12.0", - "author": "Chris O'Hara", - "description": "String validation and sanitization", + "name": "entities", + "version": "4.5.0", + "bom-ref": "entities@4.5.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease & speed", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/validator@13.12.0", + "purl": "pkg:npm/entities@4.5.0", "externalReferences": [ { - "url": "git+https://github.com/validatorjs/validator.js.git", + "url": "git://github.com/fb55/entities.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/validatorjs/validator.js", + "url": "https://github.com/fb55/entities#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/validatorjs/validator.js/issues", + "url": "https://github.com/fb55/entities/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz", + "url": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "73543498288f960753555548248ac1bb136271813eb7fee829e23d3162e3ddf87fbaad8fc61ff779e59b559e0e7065b54d47f9dc0b749e31f0e5231d037b6632" + "content": "5748631f87463e1f40a39a74328458e8156ab700a3873eaf2392d3f00279e47fb883dff8bdb1f1d48e787d2d17b9c94b8431c0acf40288c8c3c6368bf1f3f187" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -24207,48 +121164,33 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/validator" + "value": "node_modules/entities" } ] }, { "type": "library", - "name": "winston", - "version": "3.13.0", - "bom-ref": "winston@3.13.0", - "author": "Charlie Robbins", - "description": "A logger for just about everything.", + "name": "https", + "version": "1.0.0", + "bom-ref": "https@1.0.0", + "author": "hardus van der berg", + "description": "https mediation", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/winston@3.13.0", + "purl": "pkg:npm/https@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/winstonjs/winston.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/winstonjs/winston#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/winstonjs/winston/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz", + "url": "https://registry.npmjs.org/https/-/https-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "af089d980d70dd21388f413932e22e7c587224f0431bb36eef5464668af5a76faa1ef25267d1980c0f3503295e41c65b87ff95e878de05d7e74d9266f6b49e41" + "content": "e040b9edd757ae4685d31f373a3f2c33a48b4070165f0f744a4aaed8ce0011610d677174d9d14913f180440f2280eefdb5c818a86ac3eda7b87f92f7ba6da582" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -24257,48 +121199,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/winston" + "value": "node_modules/https" } ] }, { "type": "library", - "name": "xml-formatter", - "version": "3.6.2", - "bom-ref": "xml-formatter@3.6.2", - "author": "Chris Bottin", - "description": "Converts a XML string into a human readable format (pretty print) while respecting the xml:space attribute", + "name": "inquirer-file-tree-selection-prompt", + "version": "2.0.2", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2", + "author": "anc95", + "description": "inquerer file tree selection prompt", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/xml-formatter@3.6.2", + "purl": "pkg:npm/inquirer-file-tree-selection-prompt@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/chrisbottin/xml-formatter.git", + "url": "git+https://github.com/anc95/inquirer-file-tree-selection.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chrisbottin/xml-formatter#readme", + "url": "https://github.com/anc95/inquirer-file-tree-selection#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chrisbottin/xml-formatter/issues", + "url": "https://github.com/anc95/inquirer-file-tree-selection/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/xml-formatter/-/xml-formatter-3.6.2.tgz", + "url": "https://registry.npmjs.org/inquirer-file-tree-selection-prompt/-/inquirer-file-tree-selection-prompt-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7a75a17af64d3b07df645521ce5d5631c85af2514b654809ecdcc5b39520e193850a8361786617cf527d233fdef9c4e7f6b0a4b93d46c1369ccfe6259851ce1b" + "content": "ae56d0ec1ca4819fdf9aded259cdac681072b8cb10ad487e8aa9f2e1a32868bab6e426354ed643a7171a3bea0407335e5410fbe7d7789936884877e74a75414b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -24307,17 +121249,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/xml-formatter" + "value": "node_modules/inquirer-file-tree-selection-prompt" } ] }, { "type": "library", - "name": "xml-parser-xo", - "version": "4.1.1", - "bom-ref": "xml-parser-xo@4.1.1", - "author": "Chris Bottin", - "description": "Parse a XML string into a proprietary syntax tree", + "name": "cli-cursor", + "version": "3.1.0", + "bom-ref": "cli-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Toggle the CLI cursor", "licenses": [ { "license": { @@ -24325,30 +121267,30 @@ } } ], - "purl": "pkg:npm/xml-parser-xo@4.1.1", + "purl": "pkg:npm/cli-cursor@3.1.0", "externalReferences": [ { - "url": "git+https://github.com/chrisbottin/xml-parser.git", + "url": "git+https://github.com/sindresorhus/cli-cursor.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chrisbottin/xml-parser#readme", + "url": "https://github.com/sindresorhus/cli-cursor#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chrisbottin/xml-parser/issues", + "url": "https://github.com/sindresorhus/cli-cursor/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/xml-parser-xo/-/xml-parser-xo-4.1.1.tgz", + "url": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1a07f6cbdd3e63a7bd20ae61a0fb9e99b547274dcf84349d8657449a0cdb8a1ceef64d17068d2c7dc1716928b85b53e5512488d6893e309d09097527f94e0897" + "content": "23fcc7030b0a7fd16a1a85cce16591002a1bf7e48dba465377de03585e7b138b68a2e46e95b0b171487a44a5043909584c7267ce43ccc92bcf35a6922cd7cb67" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -24357,17 +121299,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/xml-parser-xo" + "value": "node_modules/cli-cursor" } ] }, { "type": "library", - "name": "xml2js", - "version": "0.6.2", - "bom-ref": "xml2js@0.6.2", - "author": "Marek Kubica", - "description": "Simple XML to JavaScript object converter.", + "name": "restore-cursor", + "version": "3.1.0", + "bom-ref": "restore-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Gracefully restore the CLI cursor on exit", "licenses": [ { "license": { @@ -24375,30 +121317,30 @@ } } ], - "purl": "pkg:npm/xml2js@0.6.2", + "purl": "pkg:npm/restore-cursor@3.1.0", "externalReferences": [ { - "url": "git+https://github.com/Leonidas-from-XIV/node-xml2js.git", + "url": "git+https://github.com/sindresorhus/restore-cursor.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Leonidas-from-XIV/node-xml2js", + "url": "https://github.com/sindresorhus/restore-cursor#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Leonidas-from-XIV/node-xml2js/issues", + "url": "https://github.com/sindresorhus/restore-cursor/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "url": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4f8ae2787682d445dc112d0ac718f825681a5101c393eab01dc60e0851df8b02b3eed3953cbabb1e3abd74cd5608c87296a3047cfee131c3880a1be8b6265e80" + "content": "97eb1279fcc7a63e6a8a6845484e5af27b9f65800cdec05254c00fb589260bee041f66a7486684317483d22cd141bbbd9dfc90f72e49ad59a9ec4f2866b523bc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -24407,48 +121349,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/xml2js" + "value": "node_modules/restore-cursor" } ] }, { "type": "library", - "name": "heimdall-lite", - "group": "@mitre", - "version": "2.10.9", - "bom-ref": "@mitre/heimdall-lite@2.10.9", - "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.", + "name": "onetime", + "version": "5.1.2", + "bom-ref": "onetime@5.1.2", + "author": "Sindre Sorhus", + "description": "Ensure a function is only called once", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40mitre/heimdall-lite@2.10.9", + "purl": "pkg:npm/onetime@5.1.2", "externalReferences": [ { - "url": "git+https://github.com/mitre/heimdall2.git", + "url": "git+https://github.com/sindresorhus/onetime.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mitre/heimdall2#readme", + "url": "https://github.com/sindresorhus/onetime#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mitre/heimdall2/issues", + "url": "https://github.com/sindresorhus/onetime/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@mitre/heimdall-lite/-/heimdall-lite-2.10.9.tgz", + "url": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2461c6dd654cc64d0fe72259a9ce9c523f6cc15b5f4dab68a0b6408109cca569420a5f72a47f4d15c350a49f04c5300a91b4c4aa9d260f00155d13e8d4cec663" + "content": "91ba5a4921894d674063928f55e30e2974ab3edafc0bc0bbc287496dcb1de758d19e60fe199bbc63456853a0e6e59e2f5abd0883fd4d2ae59129fee3e5a6984a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -24457,17 +121399,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/heimdall-lite" + "value": "node_modules/onetime" } ] }, { "type": "library", - "name": "express", - "version": "4.19.2", - "bom-ref": "express@4.19.2", - "author": "TJ Holowaychuk", - "description": "Fast, unopinionated, minimalist web framework", + "name": "mimic-fn", + "version": "2.1.0", + "bom-ref": "mimic-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Make a function mimic another one", "licenses": [ { "license": { @@ -24475,30 +121417,30 @@ } } ], - "purl": "pkg:npm/express@4.19.2", + "purl": "pkg:npm/mimic-fn@2.1.0", "externalReferences": [ { - "url": "git+https://github.com/expressjs/express.git", + "url": "git+https://github.com/sindresorhus/mimic-fn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://expressjs.com/", + "url": "https://github.com/sindresorhus/mimic-fn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/expressjs/express/issues", + "url": "https://github.com/sindresorhus/mimic-fn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "url": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e53ea7863b13f8438ccee724f098c11c04531df321b743cece503ad16576a4c0f78325f0d8b66767eb9e19d3711bed1c6a538971629ba4572eccb67dd585aaf5" + "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -24507,150 +121449,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/express" - } - ], - "components": [ - { - "type": "library", - "name": "debug", - "version": "2.6.9", - "bom-ref": "express@4.19.2|debug@2.6.9", - "author": "TJ Holowaychuk", - "description": "small debugging utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/debug@2.6.9", - "externalReferences": [ - { - "url": "git://github.com/visionmedia/debug.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/visionmedia/debug#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/visionmedia/debug/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/express/node_modules/debug" - } - ] - }, - { - "type": "library", - "name": "ms", - "version": "2.0.0", - "bom-ref": "express@4.19.2|ms@2.0.0", - "description": "Tiny milisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/express/node_modules/ms" - } - ] + "value": "node_modules/mimic-fn" } ] }, { "type": "library", - "name": "inspec-objects", - "group": "@mitre", - "version": "1.0.1", - "bom-ref": "@mitre/inspec-objects@1.0.1", - "author": "The MITRE Security Automation Framework", - "description": "Typescript objects for normalizing between InSpec profiles and XCCDF benchmarks", + "name": "signal-exit", + "version": "3.0.7", + "bom-ref": "signal-exit@3.0.7", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/%40mitre/inspec-objects@1.0.1", + "purl": "pkg:npm/signal-exit@3.0.7", "externalReferences": [ { - "url": "git+https://github.com/mitre/ts-inspec-objects.git", + "url": "git+https://github.com/tapjs/signal-exit.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mitre/ts-inspec-objects#readme", + "url": "https://github.com/tapjs/signal-exit", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mitre/ts-inspec-objects/issues", + "url": "https://github.com/tapjs/signal-exit/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@mitre/inspec-objects/-/inspec-objects-1.0.1.tgz", + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5a7136eb75cf5d4548971c289f5e7466f82a8cf013f3f797022b0b49b04307009b52f45647794525979c232788ae0db3f437334472066b39cea8733e4fcd8038" + "content": "c270f6644fa5f923c2feea12d2f5de13d2f5fb4c2e68ca8a95fcfd00c528dfc26cc8b48159215c1d1d51ae2eb62d9735daf2ebd606f78e5ee2c10860c2901b19" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -24659,3393 +121499,1242 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects" + "value": "node_modules/signal-exit" } - ], - "components": [ - { - "type": "library", - "name": "fast-xml-parser", - "version": "3.21.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", - "author": "Amit Gupta", - "description": "Validate XML or Parse XML to JS/JSON very fast without C/C++ based libraries", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fast-xml-parser@3.21.1", - "externalReferences": [ - { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1531558d8a013994c97a4894b1ac06b12615f502f403ecc3602463ef2df820ee8983ed8831812d41af9b6e272da5da55f1d1f15f2c2a53b0b48110c4385b4116" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/fast-xml-parser" - } - ] - }, - { - "type": "library", - "name": "htmlparser2", - "version": "7.2.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", - "author": "Felix Boehm", - "description": "Fast & forgiving HTML/XML parser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/htmlparser2@7.2.0", - "externalReferences": [ - { - "url": "git://github.com/fb55/htmlparser2.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fb55/htmlparser2#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fb55/htmlparser2/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1fb308980e0c4ba730ee76f2511b4b3ced539acec2e47eb4d8b4444eff79cf53313bfec23fbac355139e85461e60151810e37de0d5d70c43e666eabe857e2ca2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/htmlparser2" - } - ] - }, - { - "type": "library", - "name": "domhandler", - "version": "4.3.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", - "author": "Felix Boehm", - "description": "Handler for htmlparser2 that turns pages into a dom", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/domhandler@4.3.1", - "externalReferences": [ - { - "url": "git://github.com/fb55/domhandler.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fb55/domhandler#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fb55/domhandler/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1abc28c5837eb969733bcba1517465d0ffa41c4e06b553df63354b714c4f2fb28d7472a3ebabef9618b07881ea6185d6970f93f222cca78d8b9baee0870e1631" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/domhandler" - } - ] - }, - { - "type": "library", - "name": "domutils", - "version": "2.8.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", - "author": "Felix Boehm", - "description": "Utilities for working with htmlparser2's dom", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/domutils@2.8.0", - "externalReferences": [ - { - "url": "git://github.com/fb55/domutils.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fb55/domutils#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fb55/domutils/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c3de828e87e9ef63392088698e0a1b06299811fa0f8f1d55c740525fd3f7d1605d656d9620a5344f505dd24cf678d67d8a48ca8076c4c8ac7c041e87d4bde1dc" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/domutils" - } - ] - }, - { - "type": "library", - "name": "dom-serializer", - "version": "1.4.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", - "author": "Felix Boehm", - "description": "render domhandler DOM nodes to a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/dom-serializer@1.4.1", - "externalReferences": [ - { - "url": "git://github.com/cheeriojs/dom-renderer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/cheeriojs/dom-renderer#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/cheeriojs/dom-renderer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "547c01dca7eb70e3a47a5106d9939fc6a2d975f92297c3ed262e0ff0dd8c317b9c66adb22e9ef90a5562525395c32a071038d8538df702afb9cd63fad7e4466a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer" - } - ], - "components": [ - { - "type": "library", - "name": "entities", - "version": "2.2.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0", - "author": "Felix Boehm", - "description": "Encode & decode XML and HTML entities with ease", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/entities@2.2.0", - "externalReferences": [ - { - "url": "git://github.com/fb55/entities.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fb55/entities#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fb55/entities/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a7dda27f9373eb5f48d30f9a909acb647d0c5f43dbe435f7f573b0413b5749d41039a607d374b5b88429e2684e66d017af1ab85623baed84e22c1a36eb7f28f4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer/node_modules/entities" - } - ] - } - ] - }, - { - "type": "library", - "name": "entities", - "version": "3.0.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1", - "author": "Felix Boehm", - "description": "Encode & decode XML and HTML entities with ease", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/entities@3.0.1", - "externalReferences": [ - { - "url": "git://github.com/fb55/entities.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fb55/entities#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fb55/entities/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5a2c81aa8a26af031d146d5ed24aaf01261f9e56f4969f0ce68e45c36385ab584d671c5c364f089345e6ecbc73061ba2767641fd4b41a950a0533de404e3f9d5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/entities" - } - ] - }, - { - "type": "library", - "name": "jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", - "description": "Delightful JavaScript Testing.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest@28.1.3#packages/jest", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest/-/jest-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "378193e689fc5246601f43b92d46af3115751031213532f42847d198321e647495ee9d9780ba18f6df550d480bea8fb27dd8181d5c6ecfcd46f2807d546e6ec8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest" - } - ] - }, - { - "type": "library", - "name": "core", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", - "description": "Delightful JavaScript Testing.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/core@28.1.3#packages/jest-core", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-core", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/core/-/core-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "088281ae568a3b303b606d7d044a82c3748b22c1308d991e2737f96dda285675b86c7e5c92da9edc95fe1b6615d5a2b9bcff0df676b5206585cd8693a7a93a34" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/core" - } - ] - }, - { - "type": "library", - "name": "console", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/console@28.1.3#packages/jest-console", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-console", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "40f0243f913029d2bf6f122be82d48e15b34ae6da71e200dce3fd9e57d89424ad9a3a22abc2e25759f4af79b45d0776276103c068e9e8314b35053d829c1172f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/console" - } - ] - }, - { - "type": "library", - "name": "types", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/types@28.1.3#packages/jest-types", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-types", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4728e2c8c519acacff73ece53053b5a66ef40dc225493f007964e4a147597af7b0e38c1c359407b0454e88256d8159e51450fcd853da5f2732b39f1c7f69ae55" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/types" - } - ] - }, + ] + }, + { + "type": "library", + "name": "figures", + "version": "3.2.0", + "bom-ref": "figures@3.2.0", + "author": "Sindre Sorhus", + "description": "Unicode symbols with Windows CMD fallbacks", + "licenses": [ { - "type": "library", - "name": "jest-message-util", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-message-util@28.1.3#packages/jest-message-util", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-message-util", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3c5767f487b06ede7be7328f7f5dbce87b7d10fa099984fb3f4918f9189b7986765ed3abe77a432c41684d65db7758782621a25a94c10bce1f73cc4c5d031bee" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-message-util" - } - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/figures@3.2.0", + "externalReferences": [ { - "type": "library", - "name": "jest-util", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-util@28.1.3#packages/jest-util", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-util", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5dda9fa47c29712464a3f0b7e6e2d814cd9e991025b4820a66227d7809a18ec8f40aa64c6b4a7589bd11e5f588a86867d5ad74dc379b4dba6a21a3f5a8243ab5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-util" - } - ] + "url": "git+https://github.com/sindresorhus/figures.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "reporters", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", - "description": "Jest's reporters", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/reporters@28.1.3#packages/jest-reporters", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-reporters", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "26e032ef093141954d53f57a83dc4acc2182e4b557c7d14370004ab125e9e4c88a3c4136d78e1afef5d3103a32ce352964a7d5c29d3c5aa83903859f4cc0338e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/reporters" - } - ] + "url": "https://github.com/sindresorhus/figures#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "test-result", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/test-result@28.1.3#packages/jest-test-result", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-test-result", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "919024c67484f85a84f188d6f2036ea159240bd23b4b5aa67a797cb0670338bae8a4048ff8191c18ac215e8caa42e18e19e618d32fe2c63addfe2111a445c736" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-result" - } - ] + "url": "https://github.com/sindresorhus/figures/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "transform", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/transform@28.1.3#packages/jest-transform", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-transform", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@jest/transform/-/transform-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bb9753e5d8bea0523a85f70b38719301f994c4546b8cafaf9da3f4924568c3d31dfcced5fccc6a40c3b3fd5576e5464ef29cde03d3e37d3a4ebba043bb048f40" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "c9a76e40544a2d760e1a0127e8065abbdd23de08123b28aa5d4d05f4965f79762135af899385feb38e40db38398e7b3cec60056b7e01066da45f0e17a4d71b76" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/transform" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures" + } + ] + }, + { + "type": "library", + "name": "inquirer", + "version": "8.0.0", + "bom-ref": "inquirer@8.0.0", + "author": "Simon Boudrias", + "description": "A collection of common interactive command line user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/inquirer@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "istanbul-lib-instrument", - "version": "5.2.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", - "author": "Krishnan Anantheswaran", - "description": "Core istanbul API for JS code coverage", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://istanbul.js.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/istanbuljs/istanbuljs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument" - } - ], - "components": [ - { - "type": "library", - "name": "semver", - "version": "6.3.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/semver@6.3.1", - "externalReferences": [ - { - "url": "git+https://github.com/npm/node-semver.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/node-semver#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/node-semver/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument/node_modules/semver" - } - ] - } - ] + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jest-worker", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-worker@28.1.3#packages/jest-worker", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-worker", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0aa440db6d1857fea30a8f155af02dd4a2b1e9e7a4d5520730f78b11ba5c7d27e411e5b204da69ca733fa3aabe5a6c3eb0e868b369a5df8c196d25f71b5dfffe" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-worker" - } - ] + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "convert-source-map", - "version": "1.9.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", - "author": "Thorsten Lorenz", - "description": "Converts a source-map from/to different formats and allows adding/changing properties.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/convert-source-map@1.9.0", - "externalReferences": [ - { - "url": "git://github.com/thlorenz/convert-source-map.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/thlorenz/convert-source-map", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/thlorenz/convert-source-map/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/inquirer/-/inquirer-8.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "012141ba9d0ccf5bb28888c035a9f58f32d06a68bdcf53e86126428a2616d857333db7a75dce3915974164bcce4feafafa2722b8432876d982b62fa18da024d0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "38df291093cf09dca3c63f9cc6c6117ba5df0897a94f100d74d9d379bb13b90817a51c994514fdb78749c2346e6e09af9f6d022d2127a334546b25f233d5535c" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/convert-source-map" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "3.0.0", + "bom-ref": "cli-width@3.0.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "jest-haste-map", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-haste-map@28.1.3#packages/jest-haste-map", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-haste-map", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dd2f914160d771c5c32925a79076bf74fc2dfb6ab003c089cd1eb5c37168602be8a373e7f2dbc6732b26305d018f4117e5162f008d8422f0b9ece9a8b5f76d28" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-haste-map" - } - ] + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jest-regex-util", - "version": "28.0.2", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-regex-util@28.0.2#packages/jest-regex-util", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-regex-util", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e2cd08832348cb4cbd14af9c8e8558a316a64fb65ea3b321cea446c7b6036266909f5c2e718f6ba2d886901cf370c5d3b63ac200ffdfedff84d05efe7f13cd77" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-regex-util" - } - ] + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "ci-info", - "version": "3.9.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ci-info@3.9.0", - "externalReferences": [ - { - "url": "git+https://github.com/watson/ci-info.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/watson/ci-info", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/watson/ci-info/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "171aa990f3f0bb51e3b8df773a67e6e21f2e21a9d7a1f5b44715445b793944ac7e9892584ad873361a77d8acf1c72dd800467f0dcfc458dd6f651634fa43a16f" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/ci-info" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-width" + } + ] + }, + { + "type": "library", + "name": "external-editor", + "version": "3.1.0", + "bom-ref": "external-editor@3.1.0", + "author": "Kevin Gravier", + "description": "Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/external-editor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mrkmg/node-external-editor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "jest-changed-files", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-changed-files@28.1.3#packages/jest-changed-files", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-changed-files", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7ac68e7d45895e4da77d9b7d48fc82f2003590d7dd28b9105b2cec325aaaf26b184a534a7e66717d18199f809de0c195505fbbbfa741b347794ce00a6bb88888" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-changed-files" - } - ] + "url": "https://github.com/mrkmg/node-external-editor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jest-config", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-config@28.1.3#packages/jest-config", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-config", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-config/-/jest-config-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "306dc836307227427802c3419bb4f786cbb1290a85222468fc052a6f5abd2d1288e5453a01aafd2476ebf48be7d535707d40fd2a2ad1a0cfd3eaef1795c40f1d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-config" - } - ] + "url": "https://github.com/mrkmg/node-external-editor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "test-sequencer", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", - "licenses": [ + "url": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "MIT" - } + "alg": "SHA-512", + "content": "84c438097d69d62ce6b8b63266a2cc3bfa86370d74c12bfd40308f7f35dfc85ace682492a117ea13529fd6ce5a9fae89e49642eb635ec06fa62b8f63382b507b" } ], - "purl": "pkg:npm/%40jest/test-sequencer@28.1.3#packages/jest-test-sequencer", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-test-sequencer", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor" + } + ] + }, + { + "type": "library", + "name": "chardet", + "version": "0.7.0", + "bom-ref": "chardet@0.7.0", + "author": "Dmitry Shirokov", + "description": "Character detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chardet@0.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/runk/node-chardet.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/runk/node-chardet", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/runk/node-chardet/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "34830f12aa9ae7d3169c38b592f5d7a586eab1f426489b086e777ce667551a48837d0f564104d738bb2f21251fa279a7053fb0f395848277828a01047470c5c7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "993f220dcae1d37a83191466a00da1981267c69965311fb4ff4aa5ce3a99112e8d762583719902340938acf159f50f39af6eee9e488d360f193a2c195c11f070" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-sequencer" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chardet" + } + ] + }, + { + "type": "library", + "name": "os-tmpdir", + "version": "1.0.2", + "bom-ref": "os-tmpdir@1.0.2", + "author": "Sindre Sorhus", + "description": "Node.js os.tmpdir() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-tmpdir@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/os-tmpdir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "babel-jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", - "description": "Jest plugin to use babel for transformation.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/babel-jest@28.1.3#packages/babel-jest", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/babel-jest", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7a951a3ce116324ddc597d0cfec3ef0871c27bd7cc1406bff615c480a3fc9c57cd97f8e51a413db9cabd36a9191972c376e089612d14bd294f5300b44beac7e9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/babel-jest" - } - ] + "url": "https://github.com/sindresorhus/os-tmpdir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jest-circus", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-circus@28.1.3#packages/jest-circus", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-circus", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "719f9e4b9cdcefd301c2df88850862129d0e78175da5cd67f0c068d67301f00ee83cc2843be4ab7bec0768b25ec50523f586bff0d3816344444948188c1e9fa3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-circus" - } - ] + "url": "https://github.com/sindresorhus/os-tmpdir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "environment", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/environment@28.1.3#packages/jest-environment", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-environment", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@jest/environment/-/environment-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d5b7f8d1c3054c490ac847f9f3947d233d566b20e31e81eabedb345c5604ab228cddc1560e978ca2a28a4c017d2d261032874f52587c14aa6da0cd9870c5805c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "0f6151d37562afb148bb8e57058db49936fefd9496074d2c8d4f637505edf37803ac8e19b73e45b3bff2cbbe20d8de52550638c58d6a0ebe2b35d770611557d2" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/environment" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/os-tmpdir" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "0.0.8", + "bom-ref": "mute-stream@0.0.8", + "author": "Isaac Z. Schlueter", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@0.0.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "expect", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/expect@28.1.3#packages/jest-expect", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-expect", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/expect/-/expect-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "97373c0a951b4a813876a4f453e835a8e0d08c14473e908f5e2b2c5c3e264bdfac5907669a9789f73487d6b4b51c492bb0c3747dbee72ab27d822011d5ddf007" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect" - } - ] + "url": "https://github.com/isaacs/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "expect", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/expect@28.1.3#packages/expect", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/expect", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/expect/-/expect-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "784874c67f0796cb8e07116022cb3eda65fce55012e10cb739292357bae5056963b40e28587dfb825546c8e65266f12b0d3ff2072c1974f1b0097b93bd21bce6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/expect" - } - ] + "url": "https://github.com/isaacs/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "jest-snapshot", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-snapshot@28.1.3#packages/jest-snapshot", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-snapshot", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e25ccc82d88d95cdc353ff2565f9aac4ddc0603e8618b6e5fbbdab741a57bdc57ec215fb983ad113390f769d919e67c8896060d586ee15291776e17625c69f26" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "9e76d658e9285b252c4e32ab8600f475ccf6da67644a7a58a9b123226da787086ec654a4a72c09981a3c87466a25d929ef799bf744acb0790de2bb1168101f00" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-snapshot" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mute-stream" + } + ] + }, + { + "type": "library", + "name": "run-async", + "version": "2.4.1", + "bom-ref": "run-async@2.4.1", + "author": "Simon Boudrias", + "description": "Utility method to run function either synchronously or asynchronously using the common `this.async()` style.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-async@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/run-async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "dedent", - "version": "0.7.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0", - "author": "Desmond Brand", - "description": "An ES6 string tag that strips indentation from multi-line strings", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/dedent@0.7.0", - "externalReferences": [ - { - "url": "git://github.com/dmnd/dedent.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/dmnd/dedent", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/dmnd/dedent/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "43a7ca50faa7007032862520154ec15332e2bf491df2c687f5a97bb67bb943fa248fa767ba9c724e01480635732404dd7c8026f4d02cbd73738da29af9bc55c8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/dedent" - } - ] + "url": "https://github.com/SBoudrias/run-async#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jest-each", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", - "author": "Matt Phillips", - "description": "Parameterised tests for Jest", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-each@28.1.3#packages/jest-each", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-each", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-each/-/jest-each-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6ab4f5cf8b20db2001539ba880e6d53ef4a548c4250c0e3ca30c74ec10cf0226ac5b4c98a581d83a8e071cbcfdab4055cc3554e2120b163cc9c344a8f5a08bfe" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-each" - } - ] + "url": "https://github.com/SBoudrias/run-async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "jest-get-type", - "version": "28.0.2", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "description": "A utility function to get the type of a value", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-get-type@28.0.2#packages/jest-get-type", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-get-type", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-28.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8a88f6c3dfc3c526077ce9b994928275c0263c9cd05e66ccfd4ae5deb865821acfbd3dedb7eedaffea1773d6b390a98bbe88978ed57cddb116aa2fafb399e53c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "b6f56756fd356fc73546b03a129ec9912b63f391aebff62b31cc2a6109f08ec012d9c4e698f181063023a425bb46b4a874d4a8136fea83d3b86dc78dbd4b8381" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-get-type" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-async" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "6.6.7", + "bom-ref": "rxjs@6.6.7", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@6.6.7", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "pretty-format", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "author": "James Kyle", - "description": "Stringify any JavaScript value.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/pretty-format@28.1.3#packages/pretty-format", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/pretty-format", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f2015bfd3a343a6c4747df994dbd780dfdaf371746097f20d71586513a94c394e266f7107f9b0728e6dde5470fc8b2f2a303700c03131775d6386d41ea6c65d5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/pretty-format" - } - ] + "url": "https://github.com/ReactiveX/RxJS", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jest-matcher-utils", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", - "description": "A set of utility functions for expect and related packages", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-matcher-utils@28.1.3#packages/jest-matcher-utils", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-matcher-utils", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "910789eea1de98a7dbccaa068c71eb44a1fa6ad831324f049e493688f4375f03baa04fca603f253183b388291e481f46e1a74f3389d1d4313c4dfe497961fa07" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-matcher-utils" - } - ] + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "jest-runtime", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", - "licenses": [ + "url": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "MIT" - } + "alg": "SHA-512", + "content": "853770afeef260d213e67e00318a7ce4a03acb0d956b414b6b7460baf6e96b85b7239c729da059a38d5c3375ccfb843a7d1323dec058211d5502664c5d826f45" } ], - "purl": "pkg:npm/jest-runtime@28.1.3#packages/jest-runtime", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-runtime", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs" + } + ] + }, + { + "type": "library", + "name": "through", + "version": "2.3.8", + "bom-ref": "through@2.3.8", + "author": "Dominic Tarr", + "description": "simplified stream construction", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through@2.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/through.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/through", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/through/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "354fbcf3549c05040b7352471b9789194ed48b790b2ab9b008f3ed62c26d072922c6b3363a15509693261562633320df7641a004c3635c2181fde6f3b2034643" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "c3cf6a83b3c8f3001dbd7eb46cc0cff9b1680f90ef866f682e1785a793b86b6405d1c4811ac057e2a66669d3ccbd5aa52c9041722f96a8618e00fbdc0de35256" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runtime" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "29.7.0", + "bom-ref": "jest-mock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@29.7.0#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jest-environment-node", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-environment-node@28.1.3#packages/jest-environment-node", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-environment-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ba03fa5ce844a6300484662fa795e3f7cf67b39701d4ae99763058b92df4ba64f80901044dac5288f719fc4d64164b57e0692b70ce2abb4ec82250d85f5829f8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-environment-node" - } - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "fake-timers", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/fake-timers@28.1.3#packages/jest-fake-timers", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-fake-timers", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0ffc0e90bd8f387bf9da1fa89393a3ff580e1bd1d2cb07683ed16c44252694220b5cd9f97885a67277770c88969499e91af42d99a8ea04ff79122d048a6c5f2f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "21338c667f949184b864587cdf16003b3592b65a0dcc914edacf035ab138961b460fe028ae09db92228445ee3041507274818fc74e7d83aae25b906da7a2e59f" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/fake-timers" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "group": "@types", + "version": "3.0.3", + "bom-ref": "@types/istanbul-lib-report@3.0.3", + "description": "TypeScript definitions for istanbul-lib-report", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.3#types/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "jest-mock", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-mock@28.1.3#packages/jest-mock", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-mock", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a372768ebe9d30c598547e0b87f34a9835dda2caec2608b802f892f285cbba3723a423016f514cb1b9439ce5ca64a7d28872f162e6f5792d081ee457b22a3d78" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-mock" - } - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-report", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jest-resolve", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-resolve@28.1.3#packages/jest-resolve", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6755b7b538c4e9068d23dd2aa3f049a5f9efa71b5a153170e420e0c29c84fcacfc53fd3a3751e37f889af6ab94842877f6a206585d59bb1162062250c1211829" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve" - } - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "jest-runner", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-runner@28.1.3#packages/jest-runner", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-runner", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1a4330e03ff451277ad8e54ed281208e7db74ccf9825ad94d96bb9cf3f71b1007533158a0ce96b9f290fc6732c374b6726595f2cf8a71d391aeb5bb44216b104" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "3509fb00742793f4522cec6b05b1b224cfda550fa98e3e470a06ac1717342bf2a1a004df43fe3b032525d79236c815298a18e66acf9af952413aa79cac51feb8" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runner" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "group": "@types", + "version": "21.0.3", + "bom-ref": "@types/yargs-parser@21.0.3", + "description": "TypeScript definitions for yargs-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs-parser@21.0.3#types/yargs-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "jest-validate", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-validate@28.1.3#packages/jest-validate", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-validate", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4996ce181584b1a4f104608ea6c45695796f364bd3918d17c517e1ef3626bddf2e2f9433ca0d021c05e25ca44e7e587cd35aae03afbf0ec4f83830ed84e0bf38" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-validate" - } - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jest-resolve-dependencies", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-resolve-dependencies@28.1.3#packages/jest-resolve-dependencies", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve-dependencies", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a9ad103b64345f342834fa2e31b09cec1bedb1e9bc7908153cd9309fd2e74be4769fc0da5433cbfd4d609e00b42d39754585c9534b896b604c0b60db4df16b1c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve-dependencies" - } - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "resolve.exports", - "version": "1.1.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", - "author": "Luke Edwards", - "description": "A tiny (813b), correct, general-purpose, and configurable \"exports\" resolver without file-system reliance", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/resolve.exports@1.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/lukeed/resolve.exports.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/lukeed/resolve.exports#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/lukeed/resolve.exports/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "fcdb691cd0cdee35a101a43d06f054619e984d7b110607ea58558fec16416a83093bf2371b9385cef4ee58d9590b768f8e29ecd45f9336b2cab066c7e2b7ec45" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "238abd414f4c42fe2810ecf8b401c9b4dcf5730b8bc67d85df171cda257959da8b3e95278f7d1a52ec6dd660316131bea1ef0264c57ffbaad4e12e20443ceab5" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/resolve.exports" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "29.7.0", + "bom-ref": "jest@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@29.7.0#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "emittery", - "version": "0.10.2", - "bom-ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2", - "author": "Sindre Sorhus", - "description": "Simple and modern async event emitter", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/emittery@0.10.2", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/emittery.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/emittery#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/emittery/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6884ea3b09cb6a7a472cd5d924435b3a08d405e1e8703fb1b1226636b8e8bca056e476d2a56dddd69125b3b18540f5165e2c06f7ed0fe06b477c4a82ff833423" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/emittery" - } - ] + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jest-docblock", - "version": "28.1.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-docblock@28.1.1#packages/jest-docblock", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-docblock", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-28.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "df06b2055362398c7473001b97daf09b990a14ff321c7dddfdf90468bd3634f4e40e88cfb6178607b1d9485638c335fe0f1cabbe15f3d0a482564b260a49c2b8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-docblock" - } - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "jest-leak-detector", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-leak-detector@28.1.3#packages/jest-leak-detector", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-leak-detector", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "58554986742c88ab43128e651b698cd2fe344169c133eccc7471f226cf00599ec9d106494b9f4cb3229e2475a1a416411f7d92e3c14e56f1b23854f58740e5a8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "348cb7a00169f6c85d6b5f61cb81cad0745358ab4f26619d9efcb0bb4d673aa342daf660f99f9fbc90f1a4c400f3c79bd88f4471a7dc763620b03b619d84ef1b" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-leak-detector" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/core@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@29.7.0#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "jest-watcher", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", - "description": "Delightful JavaScript Testing.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-watcher@28.1.3#packages/jest-watcher", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-watcher", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b78a9caa3f61cdefa3be214f50ddd802d0047859ebfdacc84d740430045fe5c330298d923014670904d72e2c53976d0e47a98b87d28b32b8152602484b29bed6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "9fb69e5d628c9c6b43038f32f132d624f2662e6999eb8d827a8efc718584a620fb1730e098d0d5fc6095468acf0017572c967ff70cf38190251e35e3c431c6b2" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-watcher" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/console@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@29.7.0#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "fake-timers", - "group": "@sinonjs", - "version": "9.1.2", - "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", - "author": "Christian Johansen", - "description": "Fake JavaScript timers", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/%40sinonjs/fake-timers@9.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/sinonjs/fake-timers.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sinonjs/fake-timers", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sinonjs/fake-timers/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "04f4b8ca7256fe8f763d4478c20ae2cf651de60a524f9bf3e8641f322c440cad19f19094bf633b4a404bca41f9e93fbe5ecfbc967f734c66cebcd1887b4dbf8f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "e4d8b8094ed71d08b7d88277f7c1043f846b07c795d3db173f644ea83e1b92c1eb9d3ade7b9d8fb31bd7f2da4bf0bbd3677a45cd7c8f6cd411792378d420213a" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/fake-timers" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/reporters@29.7.0", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@29.7.0#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "commons", - "group": "@sinonjs", - "version": "1.8.6", - "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", - "description": "Simple functions shared among the sinon end user libraries", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/%40sinonjs/commons@1.8.6", - "externalReferences": [ - { - "url": "git+https://github.com/sinonjs/commons.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sinonjs/commons#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sinonjs/commons/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2b2f9790092a3d94a6dcd2c17949e0efb101425ddc99e2612136861dd607f248d507e6ae9f74b85c146d8b6cedd7b9adb7498850388dc587a8266e9dad5bc125" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/commons" - } - ] + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "globals", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/globals@28.1.3#packages/jest-globals", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-globals", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/globals/-/globals-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5c55383f8a61cabc825eed696dca8c3b419241c61ed48b1a958083cd137285eb727b2c4c708c5ad75a8f343a5534b7ab7ad22d36a126618427d54633ff9c7534" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/globals" - } - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "source-map", - "group": "@jest", - "version": "28.1.2", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/source-map@28.1.2#packages/jest-source-map", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-source-map", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-28.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "715f0bc7705e4ad25bf22a4f1e7a95c3f20cd9508c58eddcad6673628752224c579d1717262a42771d4908ad0ae4cb09268b994131fbde6cdfe2f83145a1fdc3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "0c0a6ad0a25b24e1330056231c00cd371004dca6e1c50075cb92a995be566aac3acd56ee59ab529cc8c4e60b3c1548043e636c9d90373425a5f4d1b489ad383e" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/source-map" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-result@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@29.7.0#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "expect-utils", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/expect-utils@28.1.3#packages/expect-utils", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/expect-utils", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c2f6e2f4b52b1c92e7dcd9435bac05da1bc832d77825497640d56b8eaf880521e2ae07eb477a3d46756dc7374418eda7f49c885b01e72df6f2e4acea04683660" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect-utils" - } - ] + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jest-diff", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-diff@28.1.3#packages/jest-diff", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-diff", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f11a8fd41fce5f38e34d692a317ebb8aa830055251802c8a0f72fd9eafba66a24c76f8c4f1180792da99ea336b91d313f9d26e60d237ae1429c5acfb76b2477f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-diff" - } - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "diff-sequences", - "version": "28.1.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", - "description": "Compare items in two sequences to find a longest common subsequence", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/diff-sequences@28.1.1#packages/diff-sequences", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/diff-sequences", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-28.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "154d2215a1ff136ddaf9aef5f25f106bfd7d6c5f69d3a9201342a2a4c38c69dc1add28e768494accf6940b4be789bb3afc1ffd9e2f7bb3ad6671e8e4f16d5f43" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "15dc7eb6feb1d7396424f7165e6303006d87067691f573d277968359056c7eb6662d54f7954d5cc32c4b81199747dcabab8341a049bd04cb1f805cd34006c960" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/diff-sequences" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/transform@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@29.7.0#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "camelcase", - "version": "6.3.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", - "author": "Sindre Sorhus", - "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/camelcase@6.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/camelcase.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/camelcase#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/camelcase/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/camelcase" - } - ] + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "schemas", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/schemas@28.1.3#packages/jest-schemas", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-schemas", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "fe5fd55ac76dfda057823b212d6385c85b77215758ca9bb9cb65a7dab38ed6e9fa9e4a889fc48b5f38083185c5c98b11583c85e44b6198a24c21d26f934f20ae" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/schemas" - } - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "ansi-styles", - "version": "5.2.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-styles@5.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-styles.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-styles#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-styles/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "a24fc14cf17314a54cc0ee5e38746bbe70551dd472f48aecad6d46a4c690f4c0a78a534b5d02a6017f2cd585c315a6a2f7126969cdb24b357461e451102af657" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/ansi-styles" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "fs.realpath", + "version": "1.0.0", + "bom-ref": "fs.realpath@1.0.0", + "author": "Isaac Z. Schlueter", + "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs.realpath@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/fs.realpath.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "typebox", - "group": "@sinclair", - "version": "0.24.51", - "bom-ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51", - "author": "sinclairzx81", - "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40sinclair/typebox@0.24.51", - "externalReferences": [ - { - "url": "git+https://github.com/sinclairzx81/typebox.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sinclairzx81/typebox#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sinclairzx81/typebox/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d4fd4e44e9bfaddb9b3f96850d265020b534beb2c22787ef1ede84a2a1c433ed83fc6e4c2b76c86b299428b8adf09b3d81b9ece54c899e43ff4d944e2f0e2d50" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@sinclair/typebox" - } - ] + "url": "https://github.com/isaacs/fs.realpath#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jest-cli", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", - "description": "Delightful JavaScript Testing.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-cli@28.1.3#packages/jest-cli", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-cli", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/isaacs/fs.realpath/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ae863792faefe7b0339f5c8f81d4de6cf017bdd476c5f7b368a298cd5c59e88b7fe4d0b1cc9ca6ead508e4fd7391d5a17d4624c4423db9959c41d6852e8f2625" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "38ed291f694ae9ad2166701d6aee48b731cf23aa5496f23b8cc567c54411b70e28c05db093c94e49a6ed1830933f81a0ae0d8c6c69d63bd5fc2b5b78f9f18c0f" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-cli" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs.realpath" + } + ] + }, + { + "type": "library", + "name": "inflight", + "version": "1.0.6", + "bom-ref": "inflight@1.0.6", + "author": "Isaac Z. Schlueter", + "description": "Add callbacks to requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inflight@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/npm/inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inflight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "ts-jest", - "version": "28.0.8", - "bom-ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", - "author": "Kulshekhar Kabra", - "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ts-jest@28.0.8", - "externalReferences": [ - { - "url": "git+https://github.com/kulshekhar/ts-jest.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://kulshekhar.github.io/ts-jest", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kulshekhar/ts-jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-28.0.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e45686d255e644fcc0a62c7ca051bc44a8c0cf87a1b66f3230a393cb91d7ddf63a5bc926bceae6718d212831255b9d85268bfe7258546eb280aa87e78f89974e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "93dd88fdbd3cab8c2f16c71708bbea7ec1c2ae3ac5ef2897b10b8856f544ecdf365b7f9aaa9cee51d05b7e159ccbf159477ff82207e532028b3acbcf0eb18224" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/ts-jest" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inflight" + } + ] + }, + { + "type": "library", + "name": "path-is-absolute", + "version": "1.0.1", + "bom-ref": "path-is-absolute@1.0.1", + "author": "Sindre Sorhus", + "description": "Node.js 0.12 path.isAbsolute() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-is-absolute@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-is-absolute.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "babel-preset-jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/babel-preset-jest@28.1.3#packages/babel-preset-jest", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/babel-preset-jest", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2fe7eea49be55801db41f9fbe1ca0d5f7cdfeb42d7309b1eccdbefc7c78887b88e47596e275a68c5881093517c3d8b4dabfe903830c70aab129d3152582e3dd4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/babel-preset-jest" - } - ] + "url": "https://github.com/sindresorhus/path-is-absolute#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "babel-plugin-jest-hoist", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/babel-plugin-jest-hoist@28.1.3#packages/babel-plugin-jest-hoist", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/babel-plugin-jest-hoist", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-28.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "62cded50a0267e79115293dda5af7c798ac04749d5fac4855196441ae43611b15dd72e1238bb43e500cd1c0abe6dbf5af9b6d7bd8402e1bf880ff4c720c714e9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/babel-plugin-jest-hoist" - } - ] + "url": "https://github.com/sindresorhus/path-is-absolute/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "typescript", - "version": "4.9.5", - "bom-ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5", - "author": "Microsoft Corp.", - "description": "TypeScript is a language for application scale JavaScript development", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/typescript@4.9.5", - "externalReferences": [ - { - "url": "git+https://github.com/Microsoft/TypeScript.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://www.typescriptlang.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Microsoft/TypeScript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d455e4f44d879be433650ef3f8c7098872f8356d45d84cccbbd36af62df301a1aa89b69fa98c02554e96c9602ec90451cce971a2ef31652c972c437ca0a8f6e2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "0156f0dd42767bd6eaeb8bd2692f409b47e37b53daf296c6a934ec9977da2223299ebe4394385f24eb8b8fd49ff7964f5430147ab0df124f3c30f98f7bb50242" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/typescript" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-is-absolute" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "6.0.2", + "bom-ref": "istanbul-lib-instrument@6.0.2", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@6.0.2#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "yargs-parser", - "version": "21.1.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1", - "author": "Ben Coe", - "description": "the mighty option parser used by yargs", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/yargs-parser@21.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/yargs/yargs-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/yargs/yargs-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/yargs/yargs-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/yargs-parser" - } - ] + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "yaml", - "version": "1.10.2", - "bom-ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2", - "author": "Eemeli Aro", - "description": "JavaScript parser and stringifier for YAML", - "licenses": [ + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.2.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "ISC" - } + "alg": "SHA-512", + "content": "d5652c67d475940d07b414a8853926dfd5933e534a489e62164ed4c2a5e404ba07413fa17ea3ec7ec4c356e65d286681c27edd8a7f5b4bb4ac9e802bf78de1bf" } ], - "purl": "pkg:npm/yaml@1.10.2", - "externalReferences": [ - { - "url": "git+https://github.com/eemeli/yaml.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://eemeli.org/yaml/v1/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eemeli/yaml/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "make-dir", + "version": "4.0.0", + "bom-ref": "make-dir@4.0.0", + "author": "Sindre Sorhus", + "description": "Make a directory and its parents if needed - Think `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/make-dir@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/make-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "8577544d960854eb75131fff8c0422fb04d9669529c018ffd10b0ecea7a06f7ac630c78989212ee712c79d87c1ad1578447dbe38248e3bde48b3fef1d562786f" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/yaml" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-dir" } ] }, { "type": "library", - "name": "flat", - "group": "@types", - "version": "5.0.5", - "bom-ref": "@types/flat@5.0.5", - "description": "TypeScript definitions for flat", + "name": "source-map", + "version": "0.6.1", + "bom-ref": "source-map@0.6.1", + "author": "Nick Fitzgerald", + "description": "Generates and consumes source maps", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/%40types/flat@5.0.5#types/flat", + "purl": "pkg:npm/source-map@0.6.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/flat", + "url": "git+ssh://git@github.com/mozilla/source-map.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/flat", + "url": "https://github.com/mozilla/source-map", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/mozilla/source-map/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/flat/-/flat-5.0.5.tgz", + "url": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9cf2e58d940a4a769ce77283503ceecdd45f188d130dbe6a3eb6fe4ab43237732d750ace9c6b0a9e21cdd62619b0910121542f7bde18ea0373db6b2021266af9" + "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28054,17 +122743,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/flat" + "value": "node_modules/source-map" } ] }, { "type": "library", - "name": "he", - "group": "@types", - "version": "1.2.3", - "bom-ref": "@types/he@1.2.3", - "description": "TypeScript definitions for he", + "name": "html-escaper", + "version": "2.0.2", + "bom-ref": "html-escaper@2.0.2", + "author": "Andrea Giammarchi", + "description": "fast and safe way to escape and unescape &<>'\" chars", "licenses": [ { "license": { @@ -28072,30 +122761,30 @@ } } ], - "purl": "pkg:npm/%40types/he@1.2.3#types/he", + "purl": "pkg:npm/html-escaper@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/he", + "url": "git+https://github.com/WebReflection/html-escaper.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/he", + "url": "https://github.com/WebReflection/html-escaper", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/WebReflection/html-escaper/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", + "url": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "abaeffab09716e50f3103bf31e1564c1cd60cd55b168dc5ec87501178c4496bbe32f5d4ef98b737bed5f1a904796bfc7f66ca20546945cd9cd3e6047c717c070" + "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28104,17 +122793,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/he" + "value": "node_modules/html-escaper" } ] }, { "type": "library", - "name": "json-diff", - "group": "@types", - "version": "0.7.0", - "bom-ref": "@types/json-diff@0.7.0", - "description": "TypeScript definitions for json-diff", + "name": "jest-worker", + "version": "29.7.0", + "bom-ref": "jest-worker@29.7.0", "licenses": [ { "license": { @@ -28122,30 +122809,30 @@ } } ], - "purl": "pkg:npm/%40types/json-diff@0.7.0#types/json-diff", + "purl": "pkg:npm/jest-worker@29.7.0#packages/jest-worker", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-diff", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-worker", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-diff", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/json-diff/-/json-diff-0.7.0.tgz", + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "db4209aaea461f2c2d21a13a7d2df48b2821ddd56a55dce6b27ad89ff545b916902b12f1fd1187e4af618427dcb55c6037b2b32659c3ee060500eacdc220a0b4" + "content": "788cf69ac2ff1332fd5054c5171ee305391e65f92ed32500c99659989f771f64d8122ae8231d8f42311773062d625f335c2c5bf8f02603684b22dffa64490f1f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28154,17 +122841,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/json-diff" + "value": "node_modules/jest-worker" } ] }, { "type": "library", - "name": "jstoxml", - "group": "@types", - "version": "2.0.4", - "bom-ref": "@types/jstoxml@2.0.4", - "description": "TypeScript definitions for jstoxml", + "name": "char-regex", + "version": "1.0.2", + "bom-ref": "char-regex@1.0.2", + "author": "Richie Bendall", + "description": "A regex to match any full character, considering weird character ranges.", "licenses": [ { "license": { @@ -28172,30 +122859,30 @@ } } ], - "purl": "pkg:npm/%40types/jstoxml@2.0.4#types/jstoxml", + "purl": "pkg:npm/char-regex@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jstoxml", + "url": "git+https://github.com/Richienb/char-regex.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jstoxml", + "url": "https://github.com/Richienb/char-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/Richienb/char-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/jstoxml/-/jstoxml-2.0.4.tgz", + "url": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5c750ca76b7c09f254b0ab7caa396ca595a59157af785836785fe4455f022a2350f8577798991f7b12035ed6449c6ff868965109534d9f8eb335d75254850dd3" + "content": "916597cedbd9e5205057e79180a15e87cab9b0bb99636fbc5942339715954e0fa81b0635e2aca5c7529b2b31ddf0fe99624020d31c880d4f4930787224c6758f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28204,17 +122891,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/jstoxml" + "value": "node_modules/char-regex" } ] }, { "type": "library", - "name": "lodash", - "group": "@types", - "version": "4.17.4", - "bom-ref": "@types/lodash@4.17.4", - "description": "TypeScript definitions for lodash", + "name": "convert-source-map", + "version": "2.0.0", + "bom-ref": "convert-source-map@2.0.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", "licenses": [ { "license": { @@ -28222,30 +122909,30 @@ } } ], - "purl": "pkg:npm/%40types/lodash@4.17.4#types/lodash", + "purl": "pkg:npm/convert-source-map@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/lodash", + "url": "git://github.com/thlorenz/convert-source-map.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash", + "url": "https://github.com/thlorenz/convert-source-map", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/thlorenz/convert-source-map/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c1808fdba64bc5a4f7477f6488ddbe1dc278913777535c1a23f718ee2bd662a14fea95b764da6f8ba59de8f1d9c7b4ffb7ccf4be5917320dd060b6bb0d9fc825" + "content": "2afa78e7d1eb576144275080b22d4abbe318de46ac1f5f53172913cf6c5698c7aae9b936354dd75ef7c9f90eb59b4c64b56c2dfb51d261fdc966c4e6b3769126" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28254,17 +122941,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/lodash" + "value": "node_modules/convert-source-map" } ] }, { "type": "library", - "name": "pretty", - "group": "@types", - "version": "2.0.3", - "bom-ref": "@types/pretty@2.0.3", - "description": "TypeScript definitions for pretty", + "name": "jest-changed-files", + "version": "29.7.0", + "bom-ref": "jest-changed-files@29.7.0", "licenses": [ { "license": { @@ -28272,30 +122957,30 @@ } } ], - "purl": "pkg:npm/%40types/pretty@2.0.3#types/pretty", + "purl": "pkg:npm/jest-changed-files@29.7.0#packages/jest-changed-files", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pretty", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-changed-files", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pretty", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/pretty/-/pretty-2.0.3.tgz", + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c51f7aa5284d96bc4b777819ab30a76da0266d88624588d6e750831637a4b597a6aa9059040024330c66e2006b6893ffc5280a72c4212d77655cec03356a3855" + "content": "7c402b162c1fd41a50fb86d74a9adc0dcdffc781d2ccbe1a976b68cf05690c5a6cc402e32d87728882b87b9573eba1902486d727cdbedf93edcaca1fa6d357db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28304,48 +122989,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/pretty" + "value": "node_modules/jest-changed-files" } ] }, { "type": "library", - "name": "flat", - "version": "5.0.2", - "bom-ref": "flat@5.0.2", - "author": "Hugh Kennedy", - "description": "Take a nested Javascript object and flatten it, or unflatten an object with delimited keys", + "name": "get-stream", + "version": "6.0.1", + "bom-ref": "get-stream@6.0.1", + "author": "Sindre Sorhus", + "description": "Get a stream as a string, buffer, or array", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/flat@5.0.2", + "purl": "pkg:npm/get-stream@6.0.1", "externalReferences": [ { - "url": "git://github.com/hughsk/flat.git", + "url": "git+https://github.com/sindresorhus/get-stream.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/hughsk/flat", + "url": "https://github.com/sindresorhus/get-stream#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/hughsk/flat/issues", + "url": "https://github.com/sindresorhus/get-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "url": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6fab2e103fb9ff7ad3a5405d1b582ea4897c30f14200c034417c269632e1bc250a714bdd138816932f73a6e1827171ceb33e09f703c6356aba38aa66233cf785" + "content": "b6ce968beda3de3423aa2ef4c3902537c0c59e44b00be32a9b113374400b076a976585775ff6f50937e03cb18934c7805b174f7d4f053b59acdcd51f68708f62" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28354,48 +123039,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/flat" + "value": "node_modules/get-stream" } ] }, { "type": "library", - "name": "he", - "version": "1.2.0", - "bom-ref": "he@1.2.0", - "author": "Mathias Bynens", - "description": "A robust HTML entities encoder/decoder with full Unicode support.", + "name": "human-signals", + "version": "2.1.0", + "bom-ref": "human-signals@2.1.0", + "author": "ehmicky", + "description": "Human-friendly process signals", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/he@1.2.0", + "purl": "pkg:npm/human-signals@2.1.0", "externalReferences": [ { - "url": "git+https://github.com/mathiasbynens/he.git", + "url": "git+https://github.com/ehmicky/human-signals.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://mths.be/he", + "url": "https://git.io/JeluP", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mathiasbynens/he/issues", + "url": "https://github.com/ehmicky/human-signals/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "url": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "17fd439d418fa29391662d278be0afac28074391721001d12d2029b9858c9ab6d2c28376327ffb93e1a5dfc8099d1ef2c83664e962d7c221a877524e58d0ca1b" + "content": "07814567aabf4f68e1864b2091b116dc706f5887c35bce6c9e44206b0b74ed2ec9e505d393a064355fb4c80799acce50a4c01d625a1c1a89639f4b09fd642417" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28404,48 +123089,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/he" + "value": "node_modules/human-signals" } ] }, { "type": "library", - "name": "domelementtype", - "version": "2.3.0", - "bom-ref": "domelementtype@2.3.0", - "author": "Felix Boehm", - "description": "all the types of nodes in htmlparser2's dom", + "name": "npm-run-path", + "version": "4.0.1", + "bom-ref": "npm-run-path@4.0.1", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/domelementtype@2.3.0", + "purl": "pkg:npm/npm-run-path@4.0.1", "externalReferences": [ { - "url": "git://github.com/fb55/domelementtype.git", + "url": "git+https://github.com/sindresorhus/npm-run-path.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/fb55/domelementtype#readme", + "url": "https://github.com/sindresorhus/npm-run-path#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/fb55/domelementtype/issues", + "url": "https://github.com/sindresorhus/npm-run-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "38b113063eb0d0eb1a801c1d5e73dd37472731f17da2937af5ca3eed9adb7cf1ab7693d5341523d36b298ba07537bc0284b4223e7e02487ff326f5f0e7a8261f" + "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28454,16 +123139,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/domelementtype" + "value": "node_modules/npm-run-path" } ] }, { "type": "library", - "name": "chalk", - "version": "4.1.2", - "bom-ref": "chalk@4.1.2", - "description": "Terminal string styling done right", + "name": "strip-final-newline", + "version": "2.0.0", + "bom-ref": "strip-final-newline@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip the final newline character from a string/buffer", "licenses": [ { "license": { @@ -28471,30 +123157,30 @@ } } ], - "purl": "pkg:npm/chalk@4.1.2", + "purl": "pkg:npm/strip-final-newline@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/chalk.git", + "url": "git+https://github.com/sindresorhus/strip-final-newline.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/chalk#readme", + "url": "https://github.com/sindresorhus/strip-final-newline#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/chalk/issues", + "url": "https://github.com/sindresorhus/strip-final-newline/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "url": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a0a9db845c91217a54b9ecfc881326c846b89db8f820e432ba173fc32f6463bfd654f73020ef5503aebc3eef1190eefed06efa48b44e7b2c3d0a9434eb58b898" + "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28503,69 +123189,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/chalk" - } - ], - "components": [ - { - "type": "library", - "name": "supports-color", - "version": "7.2.0", - "bom-ref": "chalk@4.1.2|supports-color@7.2.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/supports-color@7.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/chalk/node_modules/supports-color" - } - ] + "value": "node_modules/strip-final-newline" } ] }, { "type": "library", - "name": "slash", - "version": "3.0.0", - "bom-ref": "slash@3.0.0", + "name": "yocto-queue", + "version": "0.1.0", + "bom-ref": "yocto-queue@0.1.0", "author": "Sindre Sorhus", - "description": "Convert Windows backslash paths to slash paths", + "description": "Tiny queue data structure", "licenses": [ { "license": { @@ -28573,30 +123207,30 @@ } } ], - "purl": "pkg:npm/slash@3.0.0", + "purl": "pkg:npm/yocto-queue@0.1.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/slash.git", + "url": "git+https://github.com/sindresorhus/yocto-queue.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/slash#readme", + "url": "https://github.com/sindresorhus/yocto-queue#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/slash/issues", + "url": "https://github.com/sindresorhus/yocto-queue/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "url": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "83d43585a79bcb7e8e492b706f89ed08618668ab1a5528d0ebc7c1c6841cbad9797d2d6fb98d7c1f7c12b778c5c85b6b931f8acf45751bce40e0cc80743322d9" + "content": "ad592cbec9cd09d27fa2119ceb180fc3237c7a1782c6c88b33c9b1b84fedfe6395a897b03ee3b59a22e94c74224604ca08b7b12f831e00555a82db3b1e6359d9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28605,18 +123239,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/slash" + "value": "node_modules/yocto-queue" } ] }, { "type": "library", - "name": "v8-coverage", - "group": "@bcoe", - "version": "0.2.3", - "bom-ref": "@bcoe/v8-coverage@0.2.3", - "author": "Charles Samborski", - "description": "Helper functions for V8 coverage files.", + "name": "jest-config", + "version": "29.7.0", + "bom-ref": "jest-config@29.7.0", "licenses": [ { "license": { @@ -28624,30 +123255,30 @@ } } ], - "purl": "pkg:npm/%40bcoe/v8-coverage@0.2.3", + "purl": "pkg:npm/jest-config@29.7.0#packages/jest-config", "externalReferences": [ { - "url": "git://github.com/demurgos/v8-coverage.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-config", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://demurgos.github.io/v8-coverage", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/demurgos/v8-coverage/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "url": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d21610f120780dbe73bd90786b174c1c6c046908e467316342237d2d562f2050769d25075bdb58a715ab88fad60c0488c626976b1f3744470bc6e49d9c63d9b7" + "content": "b976e97de43b47a4d906a237fd3c42538ab8b6d937bb43c9782f84d336df4a84a3aba6c9edbb813f1cd03cbd227eb918e0336ee0951d9342269415188bce3479" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28656,15 +123287,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@bcoe/v8-coverage" + "value": "node_modules/jest-config" } ] }, { "type": "library", - "name": "collect-v8-coverage", - "version": "1.0.2", - "bom-ref": "collect-v8-coverage@1.0.2", + "name": "test-sequencer", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-sequencer@29.7.0", "licenses": [ { "license": { @@ -28672,30 +123304,30 @@ } } ], - "purl": "pkg:npm/collect-v8-coverage@1.0.2", + "purl": "pkg:npm/%40jest/test-sequencer@29.7.0#packages/jest-test-sequencer", "externalReferences": [ { - "url": "git+https://github.com/SimenB/collect-v8-coverage.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-sequencer", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/SimenB/collect-v8-coverage#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SimenB/collect-v8-coverage/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "947978779fce3446cb949bda24db6c17f2f3f96bc1d3bbb6c9ca9361b76babb532a435da8a5112e2f6a561bd9e5a2245c599559a919e91faa8c50873c85753e1" + "content": "190c09e56655aca9ce26e898880179d94354257813671d4d1e3152101d2a10c99264a02474ca08cf0fc28fac7a345e00bd5db7014a83a45cd090dfde602613c7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28704,49 +123336,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/collect-v8-coverage" + "value": "node_modules/@jest/test-sequencer" } ] }, { "type": "library", - "name": "exit", - "version": "0.1.2", - "bom-ref": "exit@0.1.2", - "author": "\"Cowboy\" Ben Alman", - "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", + "name": "jest-haste-map", + "version": "29.7.0", + "bom-ref": "jest-haste-map@29.7.0", "licenses": [ { "license": { - "id": "MIT", - "url": "https://github.com/cowboy/node-exit/blob/master/LICENSE-MIT" + "id": "MIT" } } ], - "purl": "pkg:npm/exit@0.1.2", + "purl": "pkg:npm/jest-haste-map@29.7.0#packages/jest-haste-map", "externalReferences": [ { - "url": "git://github.com/cowboy/node-exit.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-haste-map", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/cowboy/node-exit", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/cowboy/node-exit/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "664fde34a576cdb8e92b3aec43e9f51baa6855b12b4312742c13895da299d445622f31fe86b2eef5c757238cf0f5d05026c970044a5b4363f5a12ee70f1b3a8d" + "content": "7cff2eda9c9fab1d0ad6b1a7d51f69c84d3f2939fe1bb3f192d5a274e053a853cb617d1bf64b1a3059212b9beb4b70d5ba7d3da5c90b765c7dd10b61956ec098" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28755,48 +123384,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/exit" + "value": "node_modules/jest-haste-map" } ] }, { "type": "library", - "name": "glob", - "version": "7.2.3", - "bom-ref": "glob@7.2.3", - "author": "Isaac Z. Schlueter", - "description": "a little globber", + "name": "babel-jest", + "version": "29.7.0", + "bom-ref": "babel-jest@29.7.0", + "description": "Jest plugin to use babel for transformation.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/glob@7.2.3", + "purl": "pkg:npm/babel-jest@29.7.0#packages/babel-jest", "externalReferences": [ { - "url": "git://github.com/isaacs/node-glob.git", + "url": "git+https://github.com/jestjs/jest.git#packages/babel-jest", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/isaacs/node-glob#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-glob/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9c5474ccba54d9809a471c28089bcbe94bc21f6245c85548bf04cbb087f6d40b8794cb240358614dd93e2e5609b4e958b7dbfa76fb330f604646a04bfa240af5" + "content": "06bbc6637c594b011c0b32af2ac0a2d86807a83aac62438fe3f6f2e710a023019743120487ef1ec37826ac4d72ed7451e8b1d9223eb22d89d48bf9a6d8a5ca06" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28805,149 +123433,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/glob" - } - ], - "components": [ - { - "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "glob@7.2.3|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minimatch@3.1.2", - "externalReferences": [ - { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/glob/node_modules/minimatch" - } - ] - }, - { - "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "glob@7.2.3|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/brace-expansion@1.1.11", - "externalReferences": [ - { - "url": "git://github.com/juliangruber/brace-expansion.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/glob/node_modules/brace-expansion" - } - ] + "value": "node_modules/babel-jest" } ] }, { "type": "library", - "name": "graceful-fs", - "version": "4.2.11", - "bom-ref": "graceful-fs@4.2.11", - "description": "A drop-in replacement for fs, making various improvements.", + "name": "jest-circus", + "version": "29.7.0", + "bom-ref": "jest-circus@29.7.0", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/graceful-fs@4.2.11", + "purl": "pkg:npm/jest-circus@29.7.0#packages/jest-circus", "externalReferences": [ { - "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-circus", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/isaacs/node-graceful-fs#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-graceful-fs/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "45b279fe398570d342703579a3d7939c12c9fc7b33595d0fef76dcf857f89d2feb263f98692e881b288e2f45680585fe9755ab97793ade1fcaac7fa7849d17bd" + "content": "dc4d6708c822a5c4e40a8705c0cf745d741a6fd6d2f8632c8dda663eb95e95ac700fddc077c8951235ffbef1cf74b3e715ff8be34bbee7e8aeb51740d4df66cb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -28956,48 +123481,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/graceful-fs" + "value": "node_modules/jest-circus" } ] }, { "type": "library", - "name": "istanbul-lib-coverage", - "version": "3.2.2", - "bom-ref": "istanbul-lib-coverage@3.2.2", - "author": "Krishnan Anantheswaran", - "description": "Data library for istanbul coverage objects", + "name": "environment", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/environment@29.7.0", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/istanbul-lib-coverage@3.2.2#packages/istanbul-lib-coverage", + "purl": "pkg:npm/%40jest/environment@29.7.0#packages/jest-environment", "externalReferences": [ { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-coverage", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://istanbul.js.org/", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/istanbuljs/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", + "url": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3bc769b05fabd1657ff0c35129f9e6aed09686e2a3c6bab6c3e8e9cc12f95192938b62de5569d63a6591c4595eb0938d99cfb02c01af29064439a9e4a342c54e" + "content": "69021f1c3ab7dc4c6c3788cfd4d5865e1c6043fc22c6ceb480388a3be5d531df0c9f43563d681cdf86500d36f68ca694590eccbb0a22b5702c3765d55cd32903" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29006,18 +123530,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/istanbul-lib-coverage" + "value": "node_modules/@jest/environment" } ] }, { "type": "library", - "name": "core", - "group": "@babel", - "version": "7.24.4", - "bom-ref": "@babel/core@7.24.4", - "author": "The Babel Team", - "description": "Babel compiler core.", + "name": "expect", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect@29.7.0", "licenses": [ { "license": { @@ -29025,30 +123547,30 @@ } } ], - "purl": "pkg:npm/%40babel/core@7.24.4#packages/babel-core", + "purl": "pkg:npm/%40jest/expect@29.7.0#packages/jest-expect", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-core", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-expect", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://babel.dev/docs/en/next/babel-core", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20core%22+is%3Aopen", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", + "url": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3015653173fe924979dfde1104b4b1c64fe22d37951ae5d35777080d76af3e930caa74a7b7a6a92a06a7fd4f0edd44966425994ff4db81f12929ae2e3203780e" + "content": "f2e31e00cc9cb6da6f6b73f59411c1f157224bd5745c0af71b298fa62a5dc905db05cba190b40e49ef04fe9f7647201d4e84ba643d6d1645fe0a486810213475" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29057,70 +123579,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/core" - } - ], - "components": [ - { - "type": "library", - "name": "semver", - "version": "6.3.1", - "bom-ref": "@babel/core@7.24.4|semver@6.3.1", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/semver@6.3.1", - "externalReferences": [ - { - "url": "git+https://github.com/npm/node-semver.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/node-semver#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/node-semver/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/core/node_modules/semver" - } - ] + "value": "node_modules/@jest/expect" } ] }, { "type": "library", - "name": "parser", - "group": "@babel", - "version": "7.24.4", - "bom-ref": "@babel/parser@7.24.4", - "author": "The Babel Team", - "description": "A JavaScript parser", + "name": "jest-snapshot", + "version": "29.7.0", + "bom-ref": "jest-snapshot@29.7.0", "licenses": [ { "license": { @@ -29128,30 +123595,30 @@ } } ], - "purl": "pkg:npm/%40babel/parser@7.24.4#packages/babel-parser", + "purl": "pkg:npm/jest-snapshot@29.7.0#packages/jest-snapshot", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-parser", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-snapshot", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://babel.dev/docs/en/next/babel-parser", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A+parser+%28babylon%29%22+is%3Aopen", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cd3bc405c82199e0666bd4081ae9d67afbc1029e3f42ef4176afb69343ade1f54c0fabf776c0bd58e71148a93bb5147204cff9df228c264a3dc4e6ad1900304a" + "content": "466d01316b7105c8a81ebd7f397e5808ff14a2fe2b887bca3e49ce1acf34e1983d2466609880646ed971242ffb6789ac29855b209b5f53eb4a6fcc6560d7dd93" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29160,18 +123627,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/parser" + "value": "node_modules/jest-snapshot" } ] }, { "type": "library", - "name": "schema", - "group": "@istanbuljs", - "version": "0.1.3", - "bom-ref": "@istanbuljs/schema@0.1.3", - "author": "Corey Farrell", - "description": "Schemas describing various structures used by nyc and istanbuljs", + "name": "dedent", + "version": "1.5.3", + "bom-ref": "dedent@1.5.3", + "author": "Desmond Brand", + "description": "A string tag that strips indentation from multi-line strings. ⬅️", "licenses": [ { "license": { @@ -29179,30 +123645,30 @@ } } ], - "purl": "pkg:npm/%40istanbuljs/schema@0.1.3", + "purl": "pkg:npm/dedent@1.5.3", "externalReferences": [ { - "url": "git+https://github.com/istanbuljs/schema.git", + "url": "git+https://github.com/dmnd/dedent.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/istanbuljs/schema#readme", + "url": "https://github.com/dmnd/dedent", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/schema/issues", + "url": "https://github.com/dmnd/dedent/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "url": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "657458e2336f56049543c0cbdcb4dc6a4680b57c13554c44f3586c96cc83d80b685d6ff05686f5d0790e2755ffa4095c23b0fed98a192a0e5da3c1bfc3a45880" + "content": "34742d7ce396ebc583f25832a5b2c0e684fe06dd315c986262fa11e929a635765fa733865f074a5a67301bc37b3f0555595dde17febc9e60fd05a252b13061c9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29211,48 +123677,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/schema" + "value": "node_modules/dedent" } ] }, { "type": "library", - "name": "istanbul-lib-report", - "version": "3.0.1", - "bom-ref": "istanbul-lib-report@3.0.1", - "author": "Krishnan Anantheswaran", - "description": "Base reporting library for istanbul", + "name": "jest-each", + "version": "29.7.0", + "bom-ref": "jest-each@29.7.0", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/istanbul-lib-report@3.0.1#packages/istanbul-lib-report", + "purl": "pkg:npm/jest-each@29.7.0#packages/jest-each", "externalReferences": [ { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-report", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-each", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://istanbul.js.org/", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/istanbuljs/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", + "url": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1827c4d66b6c1c63842c253c7bf67b616ce99b26ebc7ff9d4937cbaef63ca9199a63acd74ca5a7e964088da005c34ebd89c9ba19530d920bb437323888f65437" + "content": "827b3e12bd78f99ac4a02e5f84e7d8098d4b3871ebd1323ead0507652f13b70da5ee097ef3478773f8057f62ad930d3e4880020d3796be915cbf7074e157a66d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29261,100 +123727,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/istanbul-lib-report" - } - ], - "components": [ - { - "type": "library", - "name": "supports-color", - "version": "7.2.0", - "bom-ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/supports-color@7.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/istanbul-lib-report/node_modules/supports-color" - } - ] + "value": "node_modules/jest-each" } ] }, { "type": "library", - "name": "istanbul-lib-source-maps", - "version": "4.0.1", - "bom-ref": "istanbul-lib-source-maps@4.0.1", - "author": "Krishnan Anantheswaran", - "description": "Source maps support for istanbul", + "name": "jest-runtime", + "version": "29.7.0", + "bom-ref": "jest-runtime@29.7.0", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/istanbul-lib-source-maps@4.0.1#packages/istanbul-lib-source-maps", + "purl": "pkg:npm/jest-runtime@29.7.0#packages/jest-runtime", "externalReferences": [ { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-source-maps", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runtime", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://istanbul.js.org/", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/istanbuljs/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9f7b3c13091d1482421b704f28162fb248171a8cbcf00473bde8248ad93ad0dc5177096d2ce4da1fb09488c457bf0628ae5d10ef5da212371607e7cafccad657" + "content": "8149cb8e0c1d1aa5bb0782ef38891b2acf5619b9fe40ba91410f63b82e879dd78389ecc8c210cffa684cc0758211c7d0e515176ba38f9c517c049879c5e830c1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29363,48 +123775,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/istanbul-lib-source-maps" + "value": "node_modules/jest-runtime" } ] }, { "type": "library", - "name": "istanbul-reports", - "version": "3.1.7", - "bom-ref": "istanbul-reports@3.1.7", - "author": "Krishnan Anantheswaran", - "description": "istanbul reports", + "name": "pure-rand", + "version": "6.1.0", + "bom-ref": "pure-rand@6.1.0", + "author": "Nicolas DUBIEN", + "description": " Pure random number generator written in TypeScript", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/istanbul-reports@3.1.7#packages/istanbul-reports", + "purl": "pkg:npm/pure-rand@6.1.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-reports", + "url": "git+https://github.com/dubzzz/pure-rand.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://istanbul.js.org/", + "url": "https://github.com/dubzzz/pure-rand#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/istanbuljs/issues", + "url": "https://github.com/dubzzz/pure-rand/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", + "url": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "05ec265172267ae464d986343d56f180a032b2f8513d4404d21e5044cfbe9d55b2b9b28657497ca90e68a7cf81d833a6c127badc98af8f406390f4157fc7cfe6" + "content": "6d559ac2fa19a01629a7ac88a10b505c76639b3df94525479d439379f97c55c8ebf2c9d33d8d709e948f3167a4705c1bc48ea0b664fbad260f16fcfbd6576238" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29413,17 +123825,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/istanbul-reports" + "value": "node_modules/pure-rand" } ] - }, - { - "type": "library", - "name": "merge-stream", - "version": "2.0.0", - "bom-ref": "merge-stream@2.0.0", - "author": "Stephen Sugden", - "description": "Create a stream that emits events from multiple other streams", + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "29.7.0", + "bom-ref": "jest-environment-node@29.7.0", "licenses": [ { "license": { @@ -29431,30 +123841,30 @@ } } ], - "purl": "pkg:npm/merge-stream@2.0.0", + "purl": "pkg:npm/jest-environment-node@29.7.0#packages/jest-environment-node", "externalReferences": [ { - "url": "git+https://github.com/grncdr/merge-stream.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/grncdr/merge-stream#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/grncdr/merge-stream/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf" + "content": "0ce4b0091a978ab4ceca178cfb87796193ab59c76ed0b359f3b7b0528cb06dc6f65d1e302a0aa21bcbcd798c218c531b1247e3bbbc31d86607d0fda07af1af17" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29463,17 +123873,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/merge-stream" + "value": "node_modules/jest-environment-node" } ] }, { "type": "library", - "name": "supports-color", - "version": "8.1.1", - "bom-ref": "supports-color@8.1.1", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", + "name": "fake-timers", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/fake-timers@29.7.0", "licenses": [ { "license": { @@ -29481,30 +123890,30 @@ } } ], - "purl": "pkg:npm/supports-color@8.1.1", + "purl": "pkg:npm/%40jest/fake-timers@29.7.0#packages/jest-fake-timers", "externalReferences": [ { - "url": "git+https://github.com/chalk/supports-color.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-fake-timers", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/chalk/supports-color#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/supports-color/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3295043763a876d533c6f29097bd9c505ed14391221ec1af4ac546d226bd73945b5862f6088e02ec4a4f4bc513048a659e5cd988db95e7ac3e16e371cb7b72d9" + "content": "ab80c7d476b84d314f7712eca835cad5ddfe8a848bef22f9a023096600d89ba8bee82ca05b9139c55aff0f51ddb06c63b7565649f500b3d3b1481fc135e956ad" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29513,17 +123922,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/supports-color" + "value": "node_modules/@jest/fake-timers" } ] }, { "type": "library", - "name": "string-length", - "version": "4.0.2", - "bom-ref": "string-length@4.0.2", - "author": "Sindre Sorhus", - "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes", + "name": "jest-regex-util", + "version": "29.6.3", + "bom-ref": "jest-regex-util@29.6.3", "licenses": [ { "license": { @@ -29531,30 +123938,30 @@ } } ], - "purl": "pkg:npm/string-length@4.0.2", + "purl": "pkg:npm/jest-regex-util@29.6.3#packages/jest-regex-util", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/string-length.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-regex-util", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/string-length#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/string-length/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fa5eab34de5f607361659cb8d515ec629b428c0d88826ab8106ee4640605408d44d554d76abafa64f5c183a7aaed8e9e2b8144858e80265cae1486ffbff4b455" + "content": "289241b110b2c8b35608d04ebd9c910e70087d489127cbfe84e0506069fc803c85dd47a0c223f8830451dff4836b8da0d586d5c9c4e2754177aca8f22c50d66e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29563,17 +123970,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/string-length" + "value": "node_modules/jest-regex-util" } ] }, { "type": "library", - "name": "terminal-link", - "version": "2.1.1", - "bom-ref": "terminal-link@2.1.1", - "author": "Sindre Sorhus", - "description": "Create clickable links in the terminal", + "name": "jest-resolve", + "version": "29.7.0", + "bom-ref": "jest-resolve@29.7.0", "licenses": [ { "license": { @@ -29581,30 +123986,30 @@ } } ], - "purl": "pkg:npm/terminal-link@2.1.1", + "purl": "pkg:npm/jest-resolve@29.7.0#packages/jest-resolve", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/terminal-link.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/terminal-link#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/terminal-link/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ba7d059a245440daf93c9ab2f643fb738d05e4139fa469584ebc689c30a111907ba7367144da7f6edfb29a2cbdfe7a705f26bd287f7d9c9fc65c522252460615" + "content": "20e561652ae0f94bd502c843483b47c8508205497f43700026ff2267a6639d9ef8c73bf0bb32d789df482083e04e763ad922637eeba930a66c65046c0afc4480" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29613,17 +124018,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/terminal-link" + "value": "node_modules/jest-resolve" } ] }, { "type": "library", - "name": "ansi-escapes", - "version": "4.3.2", - "bom-ref": "ansi-escapes@4.3.2", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for manipulating the terminal", + "name": "jest-runner", + "version": "29.7.0", + "bom-ref": "jest-runner@29.7.0", "licenses": [ { "license": { @@ -29631,30 +124034,30 @@ } } ], - "purl": "pkg:npm/ansi-escapes@4.3.2", + "purl": "pkg:npm/jest-runner@29.7.0#packages/jest-runner", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/ansi-escapes.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runner", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/ansi-escapes#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/ansi-escapes/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "80a5e3e402eb29640bb181bd8e54d1991ff12a5bb11d5f99f501303488027ccd7fbb03cc0aecd55678799b04ddf8eb8165cc1220c6eab2c356466d65139d5069" + "content": "7ec73837a70f0806a1c9b1817d345cab9c0547a7e92f39cc838eec639683a6ca1e8ce7156056f4ec01ee4a747496231c3d3801b00dd924bea414e8cf768362a5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29663,17 +124066,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ansi-escapes" + "value": "node_modules/jest-runner" } ] }, { "type": "library", - "name": "supports-hyperlinks", - "version": "2.3.0", - "bom-ref": "supports-hyperlinks@2.3.0", - "author": "James Talmage", - "description": "Detect if your terminal emulator supports hyperlinks", + "name": "jest-validate", + "version": "29.7.0", + "bom-ref": "jest-validate@29.7.0", "licenses": [ { "license": { @@ -29681,30 +124082,30 @@ } } ], - "purl": "pkg:npm/supports-hyperlinks@2.3.0", + "purl": "pkg:npm/jest-validate@29.7.0#packages/jest-validate", "externalReferences": [ { - "url": "git+https://github.com/jamestalmage/supports-hyperlinks.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-validate", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jamestalmage/supports-hyperlinks#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jamestalmage/supports-hyperlinks/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "469b00665a56703c0e3d0036d9a087e09d2decbf09980bec0b17ce484c26edc42cdcbb21377e9069393077bd039c13970d61acb30d9e52873c09a4564f45ee9c" + "content": "641ef01ea691195c3ff61493fceb85511786eccf2f29eab4fc9d9e80818b76f8c70a662a180461cd79ad822fa055e679b97145db5f5a39cdcbb36c8b836eed93" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29713,100 +124114,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/supports-hyperlinks" - } - ], - "components": [ - { - "type": "library", - "name": "supports-color", - "version": "7.2.0", - "bom-ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/supports-color@7.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/supports-hyperlinks/node_modules/supports-color" - } - ] + "value": "node_modules/jest-validate" } ] }, { "type": "library", - "name": "v8-to-istanbul", - "version": "9.2.0", - "bom-ref": "v8-to-istanbul@9.2.0", - "author": "Ben Coe", - "description": "convert from v8 coverage format to istanbul's format", + "name": "bser", + "version": "2.1.1", + "bom-ref": "bser@2.1.1", + "author": "Wez Furlong", + "description": "JavaScript implementation of the BSER Binary Serialization", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/v8-to-istanbul@9.2.0", + "purl": "pkg:npm/bser@2.1.1", "externalReferences": [ { - "url": "git+https://github.com/istanbuljs/v8-to-istanbul.git", + "url": "git+https://github.com/facebook/watchman.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/istanbuljs/v8-to-istanbul#readme", + "url": "https://facebook.github.io/watchman/docs/bser.html", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/v8-to-istanbul/issues", + "url": "https://github.com/facebook/watchman/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.2.0.tgz", + "url": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fc41ffb03831536786c5a8ca7702c20e6438156abe9298b7b829811a9c35c49b67031123943f23f0f122196a4220c22cddc88d0201f47774d3262524633c998c" + "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29815,17 +124164,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/v8-to-istanbul" + "value": "node_modules/bser" } ] }, { "type": "library", - "name": "istanbul-lib-coverage", - "group": "@types", - "version": "2.0.6", - "bom-ref": "@types/istanbul-lib-coverage@2.0.6", - "description": "TypeScript definitions for istanbul-lib-coverage", + "name": "node-int64", + "version": "0.4.0", + "bom-ref": "node-int64@0.4.0", + "author": "Robert Kieffer", + "description": "Support for representing 64-bit integers in JavaScript", "licenses": [ { "license": { @@ -29833,30 +124182,30 @@ } } ], - "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6#types/istanbul-lib-coverage", + "purl": "pkg:npm/node-int64@0.4.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-coverage", + "url": "git+https://github.com/broofa/node-int64.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-coverage", + "url": "https://github.com/broofa/node-int64#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/broofa/node-int64/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "url": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d9017fb7f6ae5a6d25b32f17b4a54f1b5f6fdec48e42525efd81d981f8dbfca0411ce19257e276abf4baef5adcabdb9306b2c05e6669a8989a41b313fb3354d7" + "content": "3b9973f75c5239ea173fa0ee9721df965a6af84834d0c5a2b5921bb4f7e8484bea207765e607dc63a858cc35a78f4a83e6dcf9d8f234f2ef6a52f49579405e1f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29865,17 +124214,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/istanbul-lib-coverage" + "value": "node_modules/node-int64" } ] }, { "type": "library", - "name": "babel-plugin-istanbul", - "version": "6.1.1", - "bom-ref": "babel-plugin-istanbul@6.1.1", - "author": "Thai Pangsakulyanont @dtinth", - "description": "A babel plugin that adds istanbul instrumentation to ES6 code", + "name": "makeerror", + "version": "1.0.12", + "bom-ref": "makeerror@1.0.12", + "author": "Naitik Shah", + "description": "A library to make errors.", "licenses": [ { "license": { @@ -29883,30 +124232,30 @@ } } ], - "purl": "pkg:npm/babel-plugin-istanbul@6.1.1", + "purl": "pkg:npm/makeerror@1.0.12", "externalReferences": [ { - "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git", + "url": "git+https://github.com/daaku/nodejs-makeerror.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme", + "url": "https://github.com/daaku/nodejs-makeerror#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues", + "url": "https://github.com/daaku/nodejs-makeerror/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "url": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "635210a24f7cdb5702f689c2c79a2d8057d19bb2e6f88fb0c313b1ef7f0cfd62cf67d438da6e081b95b414d5fc58b2f6818319a37264b97207d833a958cfaac0" + "content": "266a82bd4866b78de669d9691731b8050cc6d99de6eadbd00cd29d0a56673b755b22e749626c6c4f414d24c7a2076f894d295341349b53c41d7ac566c097262e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -29915,150 +124264,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/babel-plugin-istanbul" - } - ], - "components": [ - { - "type": "library", - "name": "istanbul-lib-instrument", - "version": "5.2.1", - "bom-ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", - "author": "Krishnan Anantheswaran", - "description": "Core istanbul API for JS code coverage", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://istanbul.js.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/istanbuljs/istanbuljs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument" - } - ] - }, - { - "type": "library", - "name": "semver", - "version": "6.3.1", - "bom-ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/semver@6.3.1", - "externalReferences": [ - { - "url": "git+https://github.com/npm/node-semver.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/node-semver#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/node-semver/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/babel-plugin-istanbul/node_modules/semver" - } - ] + "value": "node_modules/makeerror" } ] }, { "type": "library", - "name": "fast-json-stable-stringify", - "version": "2.1.0", - "bom-ref": "fast-json-stable-stringify@2.1.0", - "author": "James Halliday", - "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify", + "name": "tmpl", + "version": "1.0.5", + "bom-ref": "tmpl@1.0.5", + "author": "Naitik Shah", + "description": "JavaScript micro templates.", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", + "purl": "pkg:npm/tmpl@1.0.5", "externalReferences": [ { - "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", + "url": "git+https://github.com/daaku/nodejs-tmpl.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/epoberezkin/fast-json-stable-stringify", + "url": "https://github.com/daaku/nodejs-tmpl", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", + "url": "https://github.com/daaku/nodejs-tmpl/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "url": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f" + "content": "ddfd2e384010c08a86b965b6315cd883c7d5fd036773f229b89346f37eeb2ee73301a2d51ec9561d9423e081a2125e47b379246e1c0bf406fb1ebb26ba3f929b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30067,48 +124314,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fast-json-stable-stringify" + "value": "node_modules/tmpl" } ] }, { "type": "library", - "name": "write-file-atomic", - "version": "4.0.2", - "bom-ref": "write-file-atomic@4.0.2", - "author": "GitHub Inc.", - "description": "Write files in an atomic fashion w/configurable ownership", + "name": "jest-resolve-dependencies", + "version": "29.7.0", + "bom-ref": "jest-resolve-dependencies@29.7.0", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/write-file-atomic@4.0.2", + "purl": "pkg:npm/jest-resolve-dependencies@29.7.0#packages/jest-resolve-dependencies", "externalReferences": [ { - "url": "git+https://github.com/npm/write-file-atomic.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve-dependencies", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/write-file-atomic", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/write-file-atomic/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ecac5ab947419927569e6a5a18583ea69363285f2e34baf2f0bcb38dab900ce54e35f14b34aacabd03b167f56e4c8712fe081efd835a85fe512084164d26ab96" + "content": "ba7d330ffeaac49f92d1eb7b5b1788dc7e5749ef654c1051edb3870875e4291ea5b86e66c030e5233550d15e5c642ba84e011d71dc334e085891359fb9b8be9c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30117,17 +124362,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/write-file-atomic" + "value": "node_modules/jest-resolve-dependencies" } ] }, { "type": "library", - "name": "execa", - "version": "5.1.1", - "bom-ref": "execa@5.1.1", - "author": "Sindre Sorhus", - "description": "Process execution for humans", + "name": "resolve.exports", + "version": "2.0.2", + "bom-ref": "resolve.exports@2.0.2", + "author": "Luke Edwards", + "description": "A tiny (952b), correct, general-purpose, and configurable \"exports\" and \"imports\" resolver without file-system reliance", "licenses": [ { "license": { @@ -30135,30 +124380,30 @@ } } ], - "purl": "pkg:npm/execa@5.1.1", + "purl": "pkg:npm/resolve.exports@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/execa.git", + "url": "git+https://github.com/lukeed/resolve.exports.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/execa#readme", + "url": "https://github.com/lukeed/resolve.exports#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/execa/issues", + "url": "https://github.com/lukeed/resolve.exports/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f2e4a9659a1c01944100f20420d263dcba3d1f21a2b6595ccdcdbb121e586288e3305327f321cc0cc6941c4d89a9fab4e43ff0b9cc08e091944725edd6f721ca" + "content": "5f6516e8dc379ff68c803572fb4ad2aa01e5bf7f56640959ad709d9dbc8488a9b5ec34aa1d7e0c99031a493dc56de591e454ee45c530600ce265a8e38b463b9a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30167,17 +124412,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/execa" + "value": "node_modules/resolve.exports" } ] }, { "type": "library", - "name": "p-limit", - "version": "3.1.0", - "bom-ref": "p-limit@3.1.0", + "name": "emittery", + "version": "0.13.1", + "bom-ref": "emittery@0.13.1", "author": "Sindre Sorhus", - "description": "Run multiple promise-returning & async functions with limited concurrency", + "description": "Simple and modern async event emitter", "licenses": [ { "license": { @@ -30185,30 +124430,30 @@ } } ], - "purl": "pkg:npm/p-limit@3.1.0", + "purl": "pkg:npm/emittery@0.13.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/p-limit.git", + "url": "git+https://github.com/sindresorhus/emittery.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/p-limit#readme", + "url": "https://github.com/sindresorhus/emittery#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/p-limit/issues", + "url": "https://github.com/sindresorhus/emittery/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "url": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4d839a9ccdf01b0346b193767154d83c0af0e39e319d78f9aa6585d5b12801ce3e714fe897b19587ba1d7af8e9d4534776e1dcdca64c70576ec54e5773ab8945" + "content": "0de5b06b093aaf9c91f631609c3298b78b0b4b42e61c9262dd93a76f9fc975b6308f79d6f85c509c72238412b3f182c2ee844d3d533d350e3b237095c77e1ea9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30217,16 +124462,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/p-limit" + "value": "node_modules/emittery" } ] }, { "type": "library", - "name": "co", - "version": "4.6.0", - "bom-ref": "co@4.6.0", - "description": "generator async control flow goodness", + "name": "jest-docblock", + "version": "29.7.0", + "bom-ref": "jest-docblock@29.7.0", "licenses": [ { "license": { @@ -30234,30 +124478,30 @@ } } ], - "purl": "pkg:npm/co@4.6.0", + "purl": "pkg:npm/jest-docblock@29.7.0#packages/jest-docblock", "externalReferences": [ { - "url": "git+https://github.com/tj/co.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-docblock", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/tj/co#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tj/co/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4156f474ce47bc6fae6b18ad9bcc0e365ee396dc7c76a85f537dc372ab4e65c2d25482920c32c38bbfb42db00a8b223c843f6ee369b66315d290c1964e169e71" + "content": "abad7b02ec3703ad7682ec9a160b1b15e62934fe6dd9aa1434bc0151b73fd240f5478b7d8b10dbc854c77759e89387a9a15169afb3e67961eb86fb95dd7689e2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30266,17 +124510,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/co" + "value": "node_modules/jest-docblock" } ] }, { "type": "library", - "name": "is-generator-fn", - "version": "2.1.0", - "bom-ref": "is-generator-fn@2.1.0", - "author": "Sindre Sorhus", - "description": "Check if something is a generator function", + "name": "jest-leak-detector", + "version": "29.7.0", + "bom-ref": "jest-leak-detector@29.7.0", "licenses": [ { "license": { @@ -30284,30 +124526,30 @@ } } ], - "purl": "pkg:npm/is-generator-fn@2.1.0", + "purl": "pkg:npm/jest-leak-detector@29.7.0#packages/jest-leak-detector", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-generator-fn.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-leak-detector", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/is-generator-fn#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-generator-fn/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49" + "content": "91803c20971262d493d8163d23e48c0b7da70e9053dc9d8dbd6271f3e242b82765fc247523810a50944e88ff17b42731aa04d304624d75b07503c5d129b4deb7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30316,17 +124558,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-generator-fn" + "value": "node_modules/jest-leak-detector" } ] }, { "type": "library", - "name": "stack-utils", - "version": "2.0.6", - "bom-ref": "stack-utils@2.0.6", - "author": "James Talmage", - "description": "Captures and cleans stack traces", + "name": "jest-watcher", + "version": "29.7.0", + "bom-ref": "jest-watcher@29.7.0", + "description": "Delightful JavaScript Testing.", "licenses": [ { "license": { @@ -30334,101 +124575,48 @@ } } ], - "purl": "pkg:npm/stack-utils@2.0.6", + "purl": "pkg:npm/jest-watcher@29.7.0#packages/jest-watcher", "externalReferences": [ { - "url": "git+https://github.com/tapjs/stack-utils.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-watcher", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/tapjs/stack-utils#readme", + "url": "https://jestjs.io/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tapjs/stack-utils/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", "type": "distribution", "hashes": [ { - "alg": "SHA-512", - "content": "5e5916bdf226e919ac5ad349c7ebaab4a2d2f1ea856f1520d19ccb5ea63471a132f65ee1aee5fc2298839e3b0b6afa0182a08247bd53a963bc31a5d885e27745" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/stack-utils" - } - ], - "components": [ - { - "type": "library", - "name": "escape-string-regexp", - "version": "2.0.0", - "bom-ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/escape-string-regexp@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "529cdc2c25e895459c36ee47b5530761d5c98c0ae3b05f42d1a367aae658638b96fd5bb49a2cb96285af6d5df8e476ae56f700527a51ba130c72a4dc18e636fb" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/stack-utils/node_modules/escape-string-regexp" + "alg": "SHA-512", + "content": "e3d160ed65e4537565da1e8b6cbb4c43f1f207aad74885fb4aabc12d09acb1104637d2343cdbcf980982592398e923afae3848fc5eff6c602ff51b67b0f034de" } - ] + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-watcher" } ] }, { "type": "library", - "name": "parse-json", - "version": "5.2.0", - "bom-ref": "parse-json@5.2.0", - "author": "Sindre Sorhus", - "description": "Parse JSON with more helpful errors", + "name": "globals", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/globals@29.7.0", "licenses": [ { "license": { @@ -30436,30 +124624,30 @@ } } ], - "purl": "pkg:npm/parse-json@5.2.0", + "purl": "pkg:npm/%40jest/globals@29.7.0#packages/jest-globals", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/parse-json.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-globals", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/parse-json#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/parse-json/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "url": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6b208abe6fe98421b13a461148233cda20f072df3f1289d2120092c56c43eef7ba8c7820b059787d955004f44d810a0a8ae57fa1d845ac6cd05d9c1b89f0bc46" + "content": "9a98b3dddbad2db916d8c345b9b50650454b9131a2a96eb22d54c0f896cfe9f23a27988bf58d0d960f24f79a5c17c72d2b0092ed6571b5e06cdbd8617c0a2dcd" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30468,17 +124656,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/parse-json" + "value": "node_modules/@jest/globals" } ] }, { "type": "library", - "name": "strip-json-comments", - "version": "3.1.1", - "bom-ref": "strip-json-comments@3.1.1", - "author": "Sindre Sorhus", - "description": "Strip comments from JSON. Lets you use comments in your JSON files!", + "name": "source-map", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/source-map@29.6.3", "licenses": [ { "license": { @@ -30486,30 +124673,30 @@ } } ], - "purl": "pkg:npm/strip-json-comments@3.1.1", + "purl": "pkg:npm/%40jest/source-map@29.6.3#packages/jest-source-map", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/strip-json-comments.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-source-map", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/strip-json-comments#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/strip-json-comments/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e9f3dcf91e22870a8fe8dfda22fd9fd60307f25395b56407a2a0b8c8aea8483555a1cba602c7c2aa39179ea89832198cc12fe61072e9ed57a196ddea97a9448a" + "content": "3078d3f7942e8a970fae92ccfbc24c4b3171e9e1e9e419bee177850c9970b2f5418e628d88802f6ac18ad9fc73d966c64659efa9e8456e1d3b30c6bb9f76099f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30518,17 +124705,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/strip-json-comments" + "value": "node_modules/@jest/source-map" } ] }, { "type": "library", - "name": "graceful-fs", - "group": "@types", - "version": "4.1.9", - "bom-ref": "@types/graceful-fs@4.1.9", - "description": "TypeScript definitions for graceful-fs", + "name": "plugin-syntax-jsx", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-jsx@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of jsx", "licenses": [ { "license": { @@ -30536,30 +124724,30 @@ } } ], - "purl": "pkg:npm/%40types/graceful-fs@4.1.9#types/graceful-fs", + "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.24.1#packages/babel-plugin-syntax-jsx", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/graceful-fs", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-jsx", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/graceful-fs", + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-jsx", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a253f7b1dd6a3847b97574d2685bd01bed3655d45771dcad58b019b00ab53de714f2ea9002192b9db962ec36a08ed5ca5bf065ed825b52c6bc30f72e73c2c711" + "content": "d9e0adc595dffa46e4308b174b8a684ef4f862ee6b5e245afbdc46553e7aada8218e605328ca4535cf51e080e20787a66a8f5e3b6d8ec7b0b1b891bb060131a8" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30568,48 +124756,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/graceful-fs" + "value": "node_modules/@babel/plugin-syntax-jsx" } ] }, { "type": "library", - "name": "anymatch", - "version": "3.1.3", - "bom-ref": "anymatch@3.1.3", - "author": "Elan Shanker", - "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions", + "name": "helper-plugin-utils", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/helper-plugin-utils@7.24.0", + "author": "The Babel Team", + "description": "General utilities for plugins to use", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/anymatch@3.1.3", + "purl": "pkg:npm/%40babel/helper-plugin-utils@7.24.0#packages/babel-helper-plugin-utils", "externalReferences": [ { - "url": "git+https://github.com/micromatch/anymatch.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-plugin-utils", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/micromatch/anymatch", + "url": "https://babel.dev/docs/en/next/babel-helper-plugin-utils", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/micromatch/anymatch/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "url": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + "content": "f5c5339d7306d3e17146e25fbcbf364254ea2338555bdb0bd0a8cc3c784038ebe94062fc42d7719c12882e306ac651f2962cf4c826b51bdd3765723f16e1f2db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30618,48 +124807,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/anymatch" + "value": "node_modules/@babel/helper-plugin-utils" } ] }, { "type": "library", - "name": "fb-watchman", - "version": "2.0.2", - "bom-ref": "fb-watchman@2.0.2", - "author": "Wez Furlong", - "description": "Bindings for the Watchman file watching service", + "name": "plugin-syntax-async-generators", + "group": "@babel", + "version": "7.8.4", + "bom-ref": "@babel/plugin-syntax-async-generators@7.8.4", + "description": "Allow parsing of async generator functions", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/fb-watchman@2.0.2", + "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4#master", "externalReferences": [ { - "url": "git+ssh://git@github.com/facebook/watchman.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://facebook.github.io/watchman/", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/watchman/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a79d7ad41a9bb826929c1f2321bcd01ce96982c3e62b9ac95437c328ef75031b39342d6ebb71d1426eb0b7d71df7ff86b504083b9dc97465d7a320e94c0b2060" + "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30668,17 +124857,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fb-watchman" + "value": "node_modules/@babel/plugin-syntax-async-generators" } ] }, { "type": "library", - "name": "fsevents", - "version": "2.3.3", - "bom-ref": "fsevents@2.3.3", - "description": "Native Access to MacOS FSEvents", - "scope": "optional", + "name": "plugin-syntax-bigint", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-bigint@7.8.3", + "description": "Allow parsing of BigInt literals", "licenses": [ { "license": { @@ -30686,30 +124875,30 @@ } } ], - "purl": "pkg:npm/fsevents@2.3.3", + "purl": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3#master", "externalReferences": [ { - "url": "git+https://github.com/fsevents/fsevents.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/fsevents/fsevents", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/fsevents/fsevents/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + "content": "c274e71651be631426def0f1a46139ecf8f4b2b454e2c1c4fe60e4b75aafd9824949e50079cda66b858b52750f78a8f2adf9ed5707bf37a7425e953eccbdcda6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30718,48 +124907,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fsevents" + "value": "node_modules/@babel/plugin-syntax-bigint" } ] }, { "type": "library", - "name": "walker", - "version": "1.0.8", - "bom-ref": "walker@1.0.8", - "author": "Naitik Shah", - "description": "A simple directory tree walker.", + "name": "plugin-syntax-class-properties", + "group": "@babel", + "version": "7.12.13", + "bom-ref": "@babel/plugin-syntax-class-properties@7.12.13", + "description": "Allow parsing of class properties", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/walker@1.0.8", + "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13#packages/babel-plugin-syntax-class-properties", "externalReferences": [ { - "url": "git+https://github.com/daaku/nodejs-walker.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-class-properties", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/daaku/nodejs-walker", + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-class-properties", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/daaku/nodejs-walker/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b6cffc13c9796fb918d2f9562dec0e9035cc98f74b7155781a63902f2c6e4acc0826cc1e78566d02c305ee4d4db33cfe4d8050ae56119b33a7af7f7ccb525e99" + "content": "7e6e227632a56b461a85436014d2c2074ab249db283e264fde2404deb932d26054b4c676df20c9f5225d83a7574d20e7ba5395aa21771e0afd9db5ef5d341960" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30768,18 +124957,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/walker" + "value": "node_modules/@babel/plugin-syntax-class-properties" } ] }, { "type": "library", - "name": "code-frame", + "name": "plugin-syntax-import-meta", "group": "@babel", - "version": "7.24.2", - "bom-ref": "@babel/code-frame@7.24.2", - "author": "The Babel Team", - "description": "Generate errors that contain a code frame that point to source locations.", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-import-meta@7.10.4", + "description": "Allow parsing of import.meta", "licenses": [ { "license": { @@ -30787,30 +124975,30 @@ } } ], - "purl": "pkg:npm/%40babel/code-frame@7.24.2#packages/babel-code-frame", + "purl": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4#packages/babel-plugin-syntax-import-meta", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-import-meta", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://babel.dev/docs/en/next/babel-code-frame", + "url": "https://github.com/babel/babel#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cb9fad2d0c95f298377ec8a59faec154b0f53f5dc4838961e515bd985d3352ebcbaeff6e210e0c08bf82453f854ec0650637086a7e8f1ac2dc04dd26dc2954c9" + "content": "62a7e6f970f1d3e3eb8775527844023d4f35c82f89599da90cf1524b865da5f661a7832414c6830b552ab1ea2f10ac125299c82fbfaf2be0a5a7b6df874883ee" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30819,17 +125007,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/code-frame" + "value": "node_modules/@babel/plugin-syntax-import-meta" } ] }, { "type": "library", - "name": "stack-utils", - "group": "@types", - "version": "2.0.3", - "bom-ref": "@types/stack-utils@2.0.3", - "description": "TypeScript definitions for stack-utils", + "name": "plugin-syntax-json-strings", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-json-strings@7.8.3", + "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings", "licenses": [ { "license": { @@ -30837,30 +125025,30 @@ } } ], - "purl": "pkg:npm/%40types/stack-utils@2.0.3#types/stack-utils", + "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3#master", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/stack-utils", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/stack-utils", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f5a11b619dd36d83339cf75c76bdd2988acb5f00bf00a65741e09ff4f81aa3908a6fc0b21ee117e63cd63d392fade82f85124772944ee81168196f7271a3a463" + "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30869,16 +125057,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/stack-utils" + "value": "node_modules/@babel/plugin-syntax-json-strings" } ] }, { "type": "library", - "name": "jest-pnp-resolver", - "version": "1.2.3", - "bom-ref": "jest-pnp-resolver@1.2.3", - "description": "plug'n'play resolver for Webpack", + "name": "plugin-syntax-logical-assignment-operators", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "description": "Allow parsing of the logical assignment operators", "licenses": [ { "license": { @@ -30886,30 +125075,30 @@ } } ], - "purl": "pkg:npm/jest-pnp-resolver@1.2.3", + "purl": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4#packages/babel-plugin-syntax-logical-assignment-operators", "externalReferences": [ { - "url": "git+https://github.com/arcanis/jest-pnp-resolver.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-logical-assignment-operators", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/arcanis/jest-pnp-resolver", + "url": "https://github.com/babel/babel#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/arcanis/jest-pnp-resolver/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fb7369c10127468201b71e1fca16e54033e0248d07d48108917ed284b5233c603b4ed513bc8d6888a8b7491e28051d21421411f349785807b946b5c1c16300f3" + "content": "77cc1a4a19691438a743932dbc653dc4300ecca1f8efe145a277b2d9b68522832bf79da128e2e9d4747b56cce866f3ac57fe3e451b33358ec3d7b6dad2d7b48a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30918,17 +125107,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-pnp-resolver" + "value": "node_modules/@babel/plugin-syntax-logical-assignment-operators" } ] }, { "type": "library", - "name": "detect-newline", - "version": "3.1.0", - "bom-ref": "detect-newline@3.1.0", - "author": "Sindre Sorhus", - "description": "Detect the dominant newline character of a string", + "name": "plugin-syntax-nullish-coalescing-operator", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "description": "Allow parsing of the nullish-coalescing operator", "licenses": [ { "license": { @@ -30936,30 +125125,30 @@ } } ], - "purl": "pkg:npm/detect-newline@3.1.0", + "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3#master", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/detect-newline.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/detect-newline#readme", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/detect-newline/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4cbcfec7fbc45e6fd8ecfef09f510914d2f1629503e1380ca2cc58e9f0152549c931bba91c13a7731c96506f4ea53687f44043eee148e4b7c482630e739e03b0" + "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -30968,16 +125157,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/detect-newline" + "value": "node_modules/@babel/plugin-syntax-nullish-coalescing-operator" } ] }, { "type": "library", - "name": "source-map-support", - "version": "0.5.13", - "bom-ref": "source-map-support@0.5.13", - "description": "Fixes stack traces for files with source maps", + "name": "plugin-syntax-numeric-separator", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator", "licenses": [ { "license": { @@ -30985,30 +125175,30 @@ } } ], - "purl": "pkg:npm/source-map-support@0.5.13", + "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4#packages/babel-plugin-syntax-numeric-separator", "externalReferences": [ { - "url": "git+https://github.com/evanw/node-source-map-support.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-numeric-separator", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/evanw/node-source-map-support#readme", + "url": "https://github.com/babel/babel#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/evanw/node-source-map-support/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "48748a14769d8d5039a11e0f3ea86d01575c056c1161577a83a7005e721b4622307361213eb4ee29405d48bbe510ac883f71827fcf5f96dbdc6623fd30c140d7" + "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31017,17 +125207,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/source-map-support" + "value": "node_modules/@babel/plugin-syntax-numeric-separator" } ] }, { "type": "library", - "name": "type-detect", - "version": "4.0.8", - "bom-ref": "type-detect@4.0.8", - "author": "Jake Luer", - "description": "Improved typeof detection for node.js and the browser.", + "name": "plugin-syntax-object-rest-spread", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "description": "Allow parsing of object rest/spread", "licenses": [ { "license": { @@ -31035,30 +125225,30 @@ } } ], - "purl": "pkg:npm/type-detect@4.0.8", + "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3#master", "externalReferences": [ { - "url": "git+ssh://git@github.com/chaijs/type-detect.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chaijs/type-detect#readme", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chaijs/type-detect/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d1faff9881f57653bec7b4e570ccbe6c80ea28fb30ffbd2d5727875bbf3b828423866a9a65ed74bb02ee8ee6caf6af4b83a162868d4a50a0d8cf467b93b839fe" + "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31067,17 +125257,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/type-detect" + "value": "node_modules/@babel/plugin-syntax-object-rest-spread" } ] }, { "type": "library", - "name": "callsites", - "version": "3.1.0", - "bom-ref": "callsites@3.1.0", - "author": "Sindre Sorhus", - "description": "Get callsites from the V8 stack trace API", + "name": "plugin-syntax-optional-catch-binding", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "description": "Allow parsing of optional catch bindings", "licenses": [ { "license": { @@ -31085,30 +125275,30 @@ } } ], - "purl": "pkg:npm/callsites@3.1.0", + "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3#master", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/callsites.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/callsites#readme", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/callsites/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69" + "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31117,17 +125307,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/callsites" + "value": "node_modules/@babel/plugin-syntax-optional-catch-binding" } ] }, { "type": "library", - "name": "cjs-module-lexer", - "version": "1.2.3", - "bom-ref": "cjs-module-lexer@1.2.3", - "author": "Guy Bedford", - "description": "Lexes CommonJS modules, returning their named exports metadata", + "name": "plugin-syntax-optional-chaining", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "description": "Allow parsing of optional properties", "licenses": [ { "license": { @@ -31135,30 +125325,30 @@ } } ], - "purl": "pkg:npm/cjs-module-lexer@1.2.3", + "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3#master", "externalReferences": [ { - "url": "git+https://github.com/nodejs/cjs-module-lexer.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodejs/cjs-module-lexer#readme", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodejs/cjs-module-lexer/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d133621acb5b426085c2de1a9238c1839a4b4534b28ff3e4590d59a0edb39ed9a0f722ea491c7011ae2209f40b1a3aa18aa05f3896bb5bf13cc1f1ab4c39a565" + "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31167,17 +125357,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cjs-module-lexer" + "value": "node_modules/@babel/plugin-syntax-optional-chaining" } ] }, { "type": "library", - "name": "strip-bom", - "version": "4.0.0", - "bom-ref": "strip-bom@4.0.0", - "author": "Sindre Sorhus", - "description": "Strip UTF-8 byte order mark (BOM) from a string", + "name": "plugin-syntax-top-level-await", + "group": "@babel", + "version": "7.14.5", + "bom-ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "author": "The Babel Team", + "description": "Allow parsing of top-level await in modules", "licenses": [ { "license": { @@ -31185,30 +125376,30 @@ } } ], - "purl": "pkg:npm/strip-bom@4.0.0", + "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5#packages/babel-plugin-syntax-top-level-await", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/strip-bom.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-top-level-await", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/strip-bom#readme", + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-top-level-await", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/strip-bom/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "df1bab16fe6d1208a2df7662f09b69e79c042082d1f5e877e05016d343d97fe2674ac4e657f8a87b04a0425f7b247be08e8446c0f4a1b169be21daf1077e5dd3" + "content": "871fbeba92efe54d6b8187f07b5c41414851994e35344be952fae9f2392b48276f1929cce7fa9d44cb72949e8f1b938590168791b4c02939dddff63211244717" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31217,18 +125408,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/strip-bom" + "value": "node_modules/@babel/plugin-syntax-top-level-await" } ] }, { "type": "library", - "name": "generator", - "group": "@babel", - "version": "7.24.4", - "bom-ref": "@babel/generator@7.24.4", - "author": "The Babel Team", - "description": "Turns an AST into code.", + "name": "pkg-dir", + "version": "4.2.0", + "bom-ref": "pkg-dir@4.2.0", + "author": "Sindre Sorhus", + "description": "Find the root directory of a Node.js project or npm package", "licenses": [ { "license": { @@ -31236,30 +125426,30 @@ } } ], - "purl": "pkg:npm/%40babel/generator@7.24.4#packages/babel-generator", + "purl": "pkg:npm/pkg-dir@4.2.0", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-generator", + "url": "git+https://github.com/sindresorhus/pkg-dir.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-generator", + "url": "https://github.com/sindresorhus/pkg-dir#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20generator%22+is%3Aopen", + "url": "https://github.com/sindresorhus/pkg-dir/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", + "url": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5ddebebfa4a78d6571fe7bacfb2d25d6cc4c39338c064c8be3e04875b00bc9ab509c07bf49156300d7833d2098697fa2d62266b8648a7f767e13e57fbdad47bf" + "content": "1d10f36da2a30be00e5955f1014ff1e7808e19e22ff5e6fee82903490a0d4ede17c96a0826fb8fb178b3c6efc5af6dc489e91bb59c2687521c206fe5fdad7419" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31268,70 +125458,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/generator" - } - ], - "components": [ - { - "type": "library", - "name": "jsesc", - "version": "2.5.2", - "bom-ref": "@babel/generator@7.24.4|jsesc@2.5.2", - "author": "Mathias Bynens", - "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jsesc@2.5.2", - "externalReferences": [ - { - "url": "git+https://github.com/mathiasbynens/jsesc.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://mths.be/jsesc", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mathiasbynens/jsesc/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/generator/node_modules/jsesc" - } - ] + "value": "node_modules/pkg-dir" } ] }, { "type": "library", - "name": "plugin-syntax-typescript", - "group": "@babel", - "version": "7.24.1", - "bom-ref": "@babel/plugin-syntax-typescript@7.24.1", - "author": "The Babel Team", - "description": "Allow parsing of TypeScript syntax", + "name": "resolve-cwd", + "version": "3.0.0", + "bom-ref": "resolve-cwd@3.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from the current working directory", "licenses": [ { "license": { @@ -31339,30 +125476,30 @@ } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.24.1#packages/babel-plugin-syntax-typescript", + "purl": "pkg:npm/resolve-cwd@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-typescript", + "url": "git+https://github.com/sindresorhus/resolve-cwd.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-typescript", + "url": "https://github.com/sindresorhus/resolve-cwd#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/sindresorhus/resolve-cwd/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz", + "url": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6219e6bf2e476449c752dcba8befa071f1f5fe5ebc0079c8b451e7682bfa867f5d361d2142fbd026cc698b804c0453790cb78706eb9c4ffd038335e27ff3b247" + "content": "3ab65a5f631bfab242a47ffa0a94aab7dc4556937efb1d355e737689ef60e8fe7fdf17a52c0917595003a5dcf52070ff2857c45f213a574534d4e43750edab12" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31371,18 +125508,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-typescript" + "value": "node_modules/resolve-cwd" } ] }, { "type": "library", - "name": "traverse", - "group": "@babel", - "version": "7.24.1", - "bom-ref": "@babel/traverse@7.24.1", - "author": "The Babel Team", - "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes", + "name": "jest-cli", + "version": "29.7.0", + "bom-ref": "jest-cli@29.7.0", + "description": "Delightful JavaScript Testing.", "licenses": [ { "license": { @@ -31390,30 +125525,30 @@ } } ], - "purl": "pkg:npm/%40babel/traverse@7.24.1#packages/babel-traverse", + "purl": "pkg:npm/jest-cli@29.7.0#packages/jest-cli", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-traverse", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-cli", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://babel.dev/docs/en/next/babel-traverse", + "url": "https://jestjs.io/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20traverse%22+is%3Aopen", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c6e53aa3d9baf0a7aa65b42e0edd9370a4b1530fe6aecbdabe512a43595e67f07e0bdb64e84e2c456cbded669782fab913e9d4ddc5ccc6fdd628e09a9d530299" + "content": "3955686f0d88b9b37f19262cc444e2fa039eeca6b9f4414c47fb70394dc96f61a728a78c189079486514ac4cf7485566240494759533cbcdec2cd350da066c96" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31422,70 +125557,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/traverse" - } - ], - "components": [ - { - "type": "library", - "name": "globals", - "version": "11.12.0", - "bom-ref": "@babel/traverse@7.24.1|globals@11.12.0", - "author": "Sindre Sorhus", - "description": "Global identifiers from different JavaScript environments", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/globals@11.12.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/globals.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/globals#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/globals/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/traverse/node_modules/globals" - } - ] + "value": "node_modules/jest-cli" } ] }, { "type": "library", - "name": "types", - "group": "@babel", - "version": "7.24.0", - "bom-ref": "@babel/types@7.24.0", - "author": "The Babel Team", - "description": "Babel Types is a Lodash-esque utility library for AST nodes", + "name": "create-jest", + "version": "29.7.0", + "bom-ref": "create-jest@29.7.0", + "description": "Create a new Jest project", "licenses": [ { "license": { @@ -31493,30 +125574,30 @@ } } ], - "purl": "pkg:npm/%40babel/types@7.24.0#packages/babel-types", + "purl": "pkg:npm/create-jest@29.7.0#packages/create-jest", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-types", + "url": "git+https://github.com/jestjs/jest.git#packages/create-jest", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://babel.dev/docs/en/next/babel-types", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20types%22+is%3Aopen", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", + "url": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fa3edae5cdb9dd17ca87c880041872c1cf0d49f3f92d445eed4878aa9b21ea373e68b260baf98850176349d10c42fd9b10dac247931f45d8c6a3bbf34bfa1bef" + "content": "01dcf66dd1f456adc5e772843093a87ed405bad582ba49ba276e306cf5913b893590c63b812eddb3fba826436e57cc030ad5969eec06709c2959c8a1fb3116d5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31525,48 +125606,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/types" + "value": "node_modules/create-jest" } ] }, { "type": "library", - "name": "babel__traverse", - "group": "@types", - "version": "7.20.5", - "bom-ref": "@types/babel__traverse@7.20.5", - "description": "TypeScript definitions for @babel/traverse", + "name": "cliui", + "version": "8.0.1", + "bom-ref": "cliui@8.0.1", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40types/babel__traverse@7.20.5#types/babel__traverse", + "purl": "pkg:npm/cliui@8.0.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__traverse", + "url": "git+https://github.com/yargs/cliui.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse", + "url": "https://github.com/yargs/cliui#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/yargs/cliui/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.5.tgz", + "url": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5970b239c46d1f7ec70149295e151db9ac5d9bcd9be064a5c93a9a8d7be237811f8ae3e0358475d3dc4c08abe997accf229b9ad031a53040c2abe83c11da2179" + "content": "05278d9f2bacef90b8fff350f6042dd7f72c4d7ca8ffc49bf9a7cb024cc0a6d16e32ca1df4716890636e759a62fe8415ef786754afac47ee4f55131df83afb61" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31575,48 +125656,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/babel__traverse" + "value": "node_modules/cliui" } ] }, { "type": "library", - "name": "prettier", - "group": "@types", - "version": "2.7.3", - "bom-ref": "@types/prettier@2.7.3", - "description": "TypeScript definitions for prettier", + "name": "get-caller-file", + "version": "2.0.5", + "bom-ref": "get-caller-file@2.0.5", + "author": "Stefan Penner", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40types/prettier@2.7.3#types/prettier", + "purl": "pkg:npm/get-caller-file@2.0.5", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prettier", + "url": "git+https://github.com/stefanpenner/get-caller-file.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prettier", + "url": "https://github.com/stefanpenner/get-caller-file#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/stefanpenner/get-caller-file/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", + "url": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fbaf243fdcb3b382cca7b54d87c81dccc48f6452f8e0c2c6aa21d6bedb5825efbaaa7b95af8124f70481428bdea98febf8bc2309c536f643559227708a6fa460" + "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31625,17 +125705,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/prettier" + "value": "node_modules/get-caller-file" } ] }, { "type": "library", - "name": "babel-preset-current-node-syntax", - "version": "1.0.1", - "bom-ref": "babel-preset-current-node-syntax@1.0.1", - "author": "Nicolò Ribaudo", - "description": "A Babel preset that enables parsing of proposals supported by the current Node.js version.", + "name": "require-directory", + "version": "2.1.1", + "bom-ref": "require-directory@2.1.1", + "author": "Troy Goode", + "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.", "licenses": [ { "license": { @@ -31643,30 +125723,30 @@ } } ], - "purl": "pkg:npm/babel-preset-current-node-syntax@1.0.1", + "purl": "pkg:npm/require-directory@2.1.1", "externalReferences": [ { - "url": "git+https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax.git", + "url": "git://github.com/troygoode/node-require-directory.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax#readme", + "url": "https://github.com/troygoode/node-require-directory/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax/issues", + "url": "http://github.com/troygoode/node-require-directory/issues/", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "url": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "33b2d0d1bc5aae4c50a0dfafcf96893ec2c19fbee7f10813166a3c58ad3fe386ae2b6c65097ad8714c47171814eea5b9633c3f0a398b44adae27368277b2efa9" + "content": "7c6c4423bfb0b06f71aef763b2b9662f6d8e3134e21d1c0032ba2211e320abc833a0b0bf3d0afb46c4434932d483f6d9019b45f9354890773aff84482abba2f9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31675,48 +125755,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/babel-preset-current-node-syntax" + "value": "node_modules/require-directory" } ] }, { "type": "library", - "name": "natural-compare", - "version": "1.4.0", - "bom-ref": "natural-compare@1.4.0", - "author": "Lauri Rooden", - "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.", + "name": "y18n", + "version": "5.0.8", + "bom-ref": "y18n@5.0.8", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/natural-compare@1.4.0", + "purl": "pkg:npm/y18n@5.0.8", "externalReferences": [ { - "url": "git://github.com/litejs/natural-compare-lite.git", + "url": "git+https://github.com/yargs/y18n.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/litejs/natural-compare-lite#readme", + "url": "https://github.com/yargs/y18n", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/litejs/natural-compare-lite/issues", + "url": "https://github.com/yargs/y18n/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "url": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "396343f1e8b756d342f61ed5eb4a9f7f7495a1b1ebf7de824f0831b9b832418129836f7487d2746eec8408d3497b19059b9b0e6a38791b5d7a45803573c64c4b" + "content": "d297c5cde81e0d62472480264cb44fd83c078dd179b3b8e8f6dbb3b5d43102120d09dbd2fb79c620da8f774d00a61a8947fd0b8403544baffeed209bf7c60e7c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31725,48 +125805,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/natural-compare" + "value": "node_modules/y18n" } ] }, { "type": "library", - "name": "leven", - "version": "3.1.0", - "bom-ref": "leven@3.1.0", - "author": "Sindre Sorhus", - "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm", + "name": "argparse", + "version": "2.0.1", + "bom-ref": "argparse@2.0.1", + "description": "CLI arguments parser. Native port of python's argparse.", "licenses": [ { "license": { - "id": "MIT" + "id": "Python-2.0" } } ], - "purl": "pkg:npm/leven@3.1.0", + "purl": "pkg:npm/argparse@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/leven.git", + "url": "git+https://github.com/nodeca/argparse.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/leven#readme", + "url": "https://github.com/nodeca/argparse#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/leven/issues", + "url": "https://github.com/nodeca/argparse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "url": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4" + "content": "f3ef56a9e6db173a57f4e47e59ae8edbd6ac22881e44ccdc1ad00835da4c1c7c80835d1fd3969215505b704a867ff3d7c35123019faadbf6c4060dc3beeacadd" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31775,16 +125854,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/leven" + "value": "node_modules/argparse" } ] }, { "type": "library", - "name": "react-is", - "version": "18.2.0", - "bom-ref": "react-is@18.2.0", - "description": "Brand checking of React Elements.", + "name": "json-colorizer", + "version": "2.2.2", + "bom-ref": "json-colorizer@2.2.2", + "author": "Joe Attardi", + "description": "A library to format JSON with colors for display in the console", "licenses": [ { "license": { @@ -31792,30 +125872,30 @@ } } ], - "purl": "pkg:npm/react-is@18.2.0#packages/react-is", + "purl": "pkg:npm/json-colorizer@2.2.2", "externalReferences": [ { - "url": "git+https://github.com/facebook/react.git#packages/react-is", + "url": "git+ssh://git@github.com/joeattardi/json-colorizer.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://reactjs.org/", + "url": "https://github.com/joeattardi/json-colorizer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/react/issues", + "url": "https://github.com/joeattardi/json-colorizer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", + "url": "https://registry.npmjs.org/json-colorizer/-/json-colorizer-2.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c56183216eb1f76d71b733e486250bb6d8491e826f05b177ab6e9fce5a0f08ad21b2fc6d3d57a5bdfb70df38db1d64a4476926f59fb8bb16c30caffa670f41f3" + "content": "e7aa19b70575a625eb42744d4ed25ea91bfe07d63f7570182ea04169897f08e71476867180b04b00ef3cf829e46d3e8cc4db3473913d98f0486f6b0570dcf7bf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31824,48 +125904,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/react-is" + "value": "node_modules/json-colorizer" } ] }, { "type": "library", - "name": "rimraf", - "version": "3.0.2", - "bom-ref": "rimraf@3.0.2", - "author": "Isaac Z. Schlueter", - "description": "A deep deletion module for node (like `rm -rf`)", + "name": "markdown-diff", + "version": "2.0.0", + "bom-ref": "markdown-diff@2.0.0", + "author": "Martijn van Duijneveldt", + "description": "Generate a diff between two markdown files in markdown format", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/rimraf@3.0.2", + "purl": "pkg:npm/markdown-diff@2.0.0", "externalReferences": [ { - "url": "git://github.com/isaacs/rimraf.git", + "url": "git+https://github.com/martijnvanduijneveldt/markdown-diff.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/rimraf#readme", + "url": "https://github.com/martijnvanduijneveldt/markdown-diff#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/rimraf/issues", + "url": "https://github.com/martijnvanduijneveldt/markdown-diff/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "url": "https://registry.npmjs.org/markdown-diff/-/markdown-diff-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "25990931990018514f3f662a5d95cf6cc94c060b31cc4f082ece253085ffda8d0bf54070f4efd8de8eb0170fe2f582daa5c5095b0a9b8b791dc483dd0bad9320" + "content": "625ac74890b6ac0b1e707082ddce556a178aec6a6dd749040552aa2b9012ead91b4e2fa1bfe9393d73e517e8aa010ff7e9720d36aaab2baf13f6811a66a49174" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31874,17 +125954,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/rimraf" + "value": "node_modules/markdown-diff" } ] }, { "type": "library", - "name": "istanbul-reports", - "group": "@types", - "version": "3.0.4", - "bom-ref": "@types/istanbul-reports@3.0.4", - "description": "TypeScript definitions for istanbul-reports", + "name": "marked", + "version": "12.0.2", + "bom-ref": "marked@12.0.2", + "author": "Christopher Jeffrey", + "description": "A markdown parser built for speed", "licenses": [ { "license": { @@ -31892,30 +125972,30 @@ } } ], - "purl": "pkg:npm/%40types/istanbul-reports@3.0.4#types/istanbul-reports", + "purl": "pkg:npm/marked@12.0.2", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-reports", + "url": "git://github.com/markedjs/marked.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-reports", + "url": "https://marked.js.org", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "http://github.com/markedjs/marked/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "url": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a64d81d4d59a945f6da0246eea08c1cd1ebdb321633f839df164405fed2699ff6502309189c2ce59cf99af1647c7fd17463a2d82417db7a89a309f9a5dc39d65" + "content": "a97526edefd8285a2a14f60f6b752483dc6523973202d1a6c8423331f5bffe6ea45f00b2d8fb3d0d87f98a88a314a43cab2bac72b1e8634e2224672dbb62a0d1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31924,17 +126004,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/istanbul-reports" + "value": "node_modules/marked" } ] }, { "type": "library", - "name": "yargs", - "group": "@types", - "version": "17.0.32", - "bom-ref": "@types/yargs@17.0.32", - "description": "TypeScript definitions for yargs", + "name": "markdown-table-ts", + "version": "1.0.3", + "bom-ref": "markdown-table-ts@1.0.3", + "author": "Jiri Hajek", + "description": "A zero-dependency library for generating Markdown tables written in TypeScript.", "licenses": [ { "license": { @@ -31942,30 +126022,30 @@ } } ], - "purl": "pkg:npm/%40types/yargs@17.0.32#types/yargs", + "purl": "pkg:npm/markdown-table-ts@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs", + "url": "git+https://gitlab.com/jiri.hajek/markdown-table-ts.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs", + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts/-/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", + "url": "https://registry.npmjs.org/markdown-table-ts/-/markdown-table-ts-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c50ebb61cfe568e1b9b8c7d7ff4f77311946182201cd931aad56be81f34a271580220ca462954690175ba84cc60c37c2ad5523e8789f7f8993679040e93980a2" + "content": "958ae9ec55e606aa661a6b0417dd969d2ba476062f2e6d7914f20e0d93b1f7ede7a1b9312718c161cb33a997f956a4e306d2123d2342ef38d4f68df3c292fa01" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -31974,17 +126054,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/yargs" + "value": "node_modules/markdown-table-ts" } ] }, { "type": "library", - "name": "import-local", - "version": "3.1.0", - "bom-ref": "import-local@3.1.0", - "author": "Sindre Sorhus", - "description": "Let a globally installed package use a locally installed version of itself if available", + "name": "mocha", + "version": "10.4.0", + "bom-ref": "mocha@10.4.0", + "author": "TJ Holowaychuk", + "description": "simple, flexible, fun test framework", "licenses": [ { "license": { @@ -31992,30 +126072,30 @@ } } ], - "purl": "pkg:npm/import-local@3.1.0", + "purl": "pkg:npm/mocha@10.4.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/import-local.git", + "url": "git+https://github.com/mochajs/mocha.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/import-local#readme", + "url": "https://mochajs.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/import-local/issues", + "url": "https://github.com/mochajs/mocha/issues/", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "url": "https://registry.npmjs.org/mocha/-/mocha-10.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "012074eee2ed9c3b35a3a1078caa57df804a6034aa9c57ab7d33892f61ef32a17bd0b9f1a639330c1f09e38a13f69bb800c3e44307fc8e5eacce0bcd776b5122" + "content": "7aa84607c24a6a9118702e32b57ff1af329fa2b8047378f5a469405d5cb7791c2bb40cb9fe721f4f54af806cdf3745d967178bab46905a4394026a88262bfe6c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32024,48 +126104,51 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/import-local" + "value": "node_modules/mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "prompts", - "version": "2.4.2", - "bom-ref": "prompts@2.4.2", - "author": "Terkel Gjervig", - "description": "Lightweight, beautiful and user-friendly prompts", + "name": "browser-stdout", + "version": "1.3.1", + "bom-ref": "browser-stdout@1.3.1", + "author": "kumavis", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/prompts@2.4.2", + "purl": "pkg:npm/browser-stdout@1.3.1", "externalReferences": [ { - "url": "git+https://github.com/terkelg/prompts.git", + "url": "git+ssh://git@github.com/kumavis/browser-stdout.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/terkelg/prompts#readme", + "url": "https://github.com/kumavis/browser-stdout#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/terkelg/prompts/issues", + "url": "https://github.com/kumavis/browser-stdout/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "url": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "37136ffe42e0b8203ba778c4f282f668406cac95a001a901a609a02ba9693d657e5ae3a663aaf6ff36c05673fe4fc6d0940d27cc75d2252256d07abbca5683d9" + "content": "aa1015235f80bf65fba9e94e7c0218c1738da2877a5e5644fdf5da052996fd3e52ccb0260a0ce2f9e89613b7d4bdb1da78d0501f5dd47ed8e95f1b1f2e432983" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32074,17 +126157,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/prompts" + "value": "node_modules/browser-stdout" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "kleur", - "version": "3.0.3", - "bom-ref": "kleur@3.0.3", - "author": "Luke Edwards", - "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!", + "name": "fill-range", + "version": "7.0.1", + "bom-ref": "fill-range@7.0.1", + "author": "Jon Schlinkert", + "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`", "licenses": [ { "license": { @@ -32092,30 +126179,30 @@ } } ], - "purl": "pkg:npm/kleur@3.0.3", + "purl": "pkg:npm/fill-range@7.0.1", "externalReferences": [ { - "url": "git+https://github.com/lukeed/kleur.git", + "url": "git+https://github.com/jonschlinkert/fill-range.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/lukeed/kleur#readme", + "url": "https://github.com/jonschlinkert/fill-range", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lukeed/kleur/issues", + "url": "https://github.com/jonschlinkert/fill-range/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "url": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3" + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32124,17 +126211,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/kleur" + "value": "node_modules/fill-range" } ] }, { "type": "library", - "name": "sisteransi", - "version": "1.0.5", - "bom-ref": "sisteransi@1.0.5", - "author": "Terkel Gjervig", - "description": "ANSI escape codes for some terminal swag", + "name": "to-regex-range", + "version": "5.0.1", + "bom-ref": "to-regex-range@5.0.1", + "author": "Jon Schlinkert", + "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", "licenses": [ { "license": { @@ -32142,30 +126229,30 @@ } } ], - "purl": "pkg:npm/sisteransi@1.0.5", + "purl": "pkg:npm/to-regex-range@5.0.1", "externalReferences": [ { - "url": "git+https://github.com/terkelg/sisteransi.git", + "url": "git+https://github.com/micromatch/to-regex-range.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/terkelg/sisteransi#readme", + "url": "https://github.com/micromatch/to-regex-range", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/terkelg/sisteransi/issues", + "url": "https://github.com/micromatch/to-regex-range/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "url": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56" + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32174,16 +126261,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sisteransi" + "value": "node_modules/to-regex-range" } ] }, { "type": "library", - "name": "yargs", - "version": "17.7.2", - "bom-ref": "yargs@17.7.2", - "description": "yargs the modern, pirate-themed, successor to optimist.", + "name": "is-number", + "version": "7.0.0", + "bom-ref": "is-number@7.0.0", + "author": "Jon Schlinkert", + "description": "Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.", "licenses": [ { "license": { @@ -32191,30 +126279,30 @@ } } ], - "purl": "pkg:npm/yargs@17.7.2", + "purl": "pkg:npm/is-number@7.0.0", "externalReferences": [ { - "url": "git+https://github.com/yargs/yargs.git", + "url": "git+https://github.com/jonschlinkert/is-number.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://yargs.js.org/", + "url": "https://github.com/jonschlinkert/is-number", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/yargs/issues", + "url": "https://github.com/jonschlinkert/is-number/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "url": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "edd4b3cd143ef822a7348fe4aca9d8455ec928a3d45cc121eb5b286872a0f66ad6121cc55a1167c4fc4697eebd703d4ebbadc2d773543c29e621caefa82b8ceb" + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32223,69 +126311,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yargs" - } - ], - "components": [ - { - "type": "library", - "name": "yargs-parser", - "version": "21.1.1", - "bom-ref": "yargs@17.7.2|yargs-parser@21.1.1", - "author": "Ben Coe", - "description": "the mighty option parser used by yargs", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/yargs-parser@21.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/yargs/yargs-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/yargs/yargs-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/yargs/yargs-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/yargs/node_modules/yargs-parser" - } - ] + "value": "node_modules/is-number" } ] }, { "type": "library", - "name": "json-diff", - "version": "0.9.1", - "bom-ref": "json-diff@0.9.1", - "author": "Andrey Tarantsov", - "description": "JSON diff", + "name": "is-binary-path", + "version": "2.1.0", + "bom-ref": "is-binary-path@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a file path is a binary file", "licenses": [ { "license": { @@ -32293,30 +126329,30 @@ } } ], - "purl": "pkg:npm/json-diff@0.9.1", + "purl": "pkg:npm/is-binary-path@2.1.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/andreyvit/json-diff.git", + "url": "git+https://github.com/sindresorhus/is-binary-path.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/andreyvit/json-diff", + "url": "https://github.com/sindresorhus/is-binary-path#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/andreyvit/json-diff/issues", + "url": "https://github.com/sindresorhus/is-binary-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-diff/-/json-diff-0.9.1.tgz", + "url": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "67778c83a91b55306bde0fc8a6617acf6f322f6b2a8b89242252560d04add1ab905b6cb4405bb746648a8b3be3f3cd04fc453235a9ef598de88bf4f967b640d6" + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32325,48 +126361,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-diff" + "value": "node_modules/is-binary-path" } ] }, { "type": "library", - "name": "cli-color", - "version": "2.0.4", - "bom-ref": "cli-color@2.0.4", - "author": "Mariusz Nowak", - "description": "Colors, formatting and other tools for the console", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/cli-color@2.0.4", + "purl": "pkg:npm/binary-extensions@2.3.0", "externalReferences": [ { - "url": "git+https://github.com/medikoo/cli-color.git", + "url": "git+https://github.com/sindresorhus/binary-extensions.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/cli-color#readme", + "url": "https://github.com/sindresorhus/binary-extensions#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/cli-color/issues", + "url": "https://github.com/sindresorhus/binary-extensions/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cli-color/-/cli-color-2.0.4.tgz", + "url": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ce59e98348cd7226cdaceec61bd21e1c7ee669615e0b3f896b5c31ffbb59354e4049249267efea65c88cd3f2c7098c5276abf9876b1d6d0fcf5d874eb9eb57bc" + "content": "09e87eee8c79a9eecb26e2c7a18d1f7a1de91ee5031c071151ec8bd95620859c1fa64348cbffbc39c8346b752e4a86336af9b2970b8b59039fde19748e330c23" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32375,48 +126411,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cli-color" + "value": "node_modules/binary-extensions" } ] }, { "type": "library", - "name": "d", - "version": "1.0.2", - "bom-ref": "d@1.0.2", - "author": "Mariusz Nowak", - "description": "Property descriptor factory", + "name": "readdirp", + "version": "3.6.0", + "bom-ref": "readdirp@3.6.0", + "author": "Thorsten Lorenz", + "description": "Recursive version of fs.readdir with streaming API.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/d@1.0.2", + "purl": "pkg:npm/readdirp@3.6.0", "externalReferences": [ { - "url": "git+https://github.com/medikoo/d.git", + "url": "git://github.com/paulmillr/readdirp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/d#readme", + "url": "https://github.com/paulmillr/readdirp", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/d/issues", + "url": "https://github.com/paulmillr/readdirp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/d/-/d-1.0.2.tgz", + "url": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "30ea87bcc585f7ff4c5fa9f36b42a0bc51f81e9314d04179b940d7a97fc1b71b54f0d7c1d10cd1b49f0e7bfe92b92e246e1cb3549c2377dec40383caaf327c6f" + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32425,17 +126461,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/d" + "value": "node_modules/readdirp" } ] }, { "type": "library", - "name": "es5-ext", - "version": "0.10.64", - "bom-ref": "es5-ext@0.10.64", - "author": "Mariusz Nowak", - "description": "ECMAScript extensions and shims", + "name": "wrappy", + "version": "1.0.2", + "bom-ref": "wrappy@1.0.2", + "author": "Isaac Z. Schlueter", + "description": "Callback wrapping utility", "licenses": [ { "license": { @@ -32443,30 +126479,30 @@ } } ], - "purl": "pkg:npm/es5-ext@0.10.64", + "purl": "pkg:npm/wrappy@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/medikoo/es5-ext.git", + "url": "git+https://github.com/npm/wrappy.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/es5-ext#readme", + "url": "https://github.com/npm/wrappy", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/es5-ext/issues", + "url": "https://github.com/npm/wrappy/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.64.tgz", + "url": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a76b270e188b6977ba75a86cb352dd771a849be4a4b83bd5f1d9c8406d0c5a3c87a5c30d7d728f13efc2734cbe3e1c495f7038c4635e1428f9a1cd01521e9d7a" + "content": "9784a9fc346c7a8afdc0be84bd5dbe4ee427eb774c90f8d9feca7d5e48214c46d5f4a94f4b5c54b19deeeff2103b8c31b5c141e1b82940f45c477402bdeccf71" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32475,48 +126511,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/es5-ext" + "value": "node_modules/wrappy" } ] }, { "type": "library", - "name": "type", - "version": "2.7.2", - "bom-ref": "type@2.7.2", - "author": "Mariusz Nowak", - "description": "Runtime validation and processing of JavaScript types", + "name": "is-unicode-supported", + "version": "0.1.0", + "bom-ref": "is-unicode-supported@0.1.0", + "author": "Sindre Sorhus", + "description": "Detect whether the terminal supports Unicode", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/type@2.7.2", + "purl": "pkg:npm/is-unicode-supported@0.1.0", "externalReferences": [ { - "url": "git+https://github.com/medikoo/type.git", + "url": "git+https://github.com/sindresorhus/is-unicode-supported.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/type#readme", + "url": "https://github.com/sindresorhus/is-unicode-supported#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/type/issues", + "url": "https://github.com/sindresorhus/is-unicode-supported/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/type/-/type-2.7.2.tgz", + "url": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "77396f94d96de805d4ec40527e902c732750ee05c1fa93c6b0f9df26766988d2410e3ec8689cd094165819d122e11f4798f741bf65e6589e9852da136bb9660b" + "content": "927c46daae140b7bbcb2d446c8054908e771166bf90d989171d94868041701b49f2726be3a1a29368b4b42bb2d061aaeaaee19a6e29b0dcffc4ba9a05e03c53f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32525,48 +126561,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/type" + "value": "node_modules/is-unicode-supported" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "es6-iterator", - "version": "2.0.3", - "bom-ref": "es6-iterator@2.0.3", - "author": "Mariusz Nowak", - "description": "Iterator abstraction based on ES6 specification", + "name": "serialize-javascript", + "version": "6.0.0", + "bom-ref": "serialize-javascript@6.0.0", + "author": "Eric Ferraiuolo", + "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/es6-iterator@2.0.3", + "purl": "pkg:npm/serialize-javascript@6.0.0", "externalReferences": [ { - "url": "git://github.com/medikoo/es6-iterator.git", + "url": "git+https://github.com/yahoo/serialize-javascript.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/es6-iterator#readme", + "url": "https://github.com/yahoo/serialize-javascript", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/es6-iterator/issues", + "url": "https://github.com/yahoo/serialize-javascript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", + "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cf0e12473a1491df9c97e668135e40f68d6841df76d016f488e24c4244219778cd734dd8a958c0846eec71ff42e4a59153f475dceadfe7cf2e082eb9db9a34da" + "content": "42bdd3a2cbe0b85b7c78f5aab2f45facac905c8896fa719b629cbc5cadb83501c4f3771ac56b7e988ca64d3d7d0c615b35634b7c4c2cae44a637ae2555607d6a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32575,48 +126615,51 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/es6-iterator" + "value": "node_modules/serialize-javascript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "es6-symbol", - "version": "3.1.4", - "bom-ref": "es6-symbol@3.1.4", - "author": "Mariusz Nowak", - "description": "ECMAScript 6 Symbol polyfill", + "name": "randombytes", + "version": "2.1.0", + "bom-ref": "randombytes@2.1.0", + "description": "random bytes from browserify stand alone", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/es6-symbol@3.1.4", + "purl": "pkg:npm/randombytes@2.1.0", "externalReferences": [ { - "url": "git+https://github.com/medikoo/es6-symbol.git", + "url": "git+ssh://git@github.com/crypto-browserify/randombytes.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/es6-symbol#readme", + "url": "https://github.com/crypto-browserify/randombytes", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/es6-symbol/issues", + "url": "https://github.com/crypto-browserify/randombytes/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.4.tgz", + "url": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "53d6c51635fcb458804e0b64275ce0db9f8abe2217a6046f4474bcb1abb719f855cd385142b39e92c3de4f40565b630d66cd4e1162750cf5ce40c9f428a464be" + "content": "bd897788e5fee022945aec468bd5248627ba7eca97a92f4513665a89ce2d3450f637641069738c15bb8a2b84260c70b424ee81d59a78d49d0ba53d2847af1a99" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32625,48 +126668,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/es6-symbol" + "value": "node_modules/randombytes" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ext", - "version": "1.7.0", - "bom-ref": "ext@1.7.0", - "author": "Mariusz Nowak", - "description": "JavaScript utilities with respect to emerging standard", + "name": "workerpool", + "version": "6.2.1", + "bom-ref": "workerpool@6.2.1", + "author": "Jos de Jong", + "description": "Offload tasks to a pool of workers on node.js and in the browser", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/ext@1.7.0#ext", + "purl": "pkg:npm/workerpool@6.2.1", "externalReferences": [ { - "url": "git+https://github.com/medikoo/es5-ext.git#ext", + "url": "git://github.com/josdejong/workerpool.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/es5-ext/tree/ext#readme", + "url": "https://github.com/josdejong/workerpool", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/es5-ext/issues", + "url": "https://github.com/josdejong/workerpool/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", + "url": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ea1c5e25868bd75d1af5be531094a3d20a23c87400980d9c8793acfb2482880d5019d4baf7b5d6635a73b2b4a3a80f4b0c4120741fcaca9225479f5170bb8763" + "content": "20b10813dee40d9bc5f566fd7fa8796972b8b304a528651c3841a22186f638ebbf22b0d4f62c23d1f0fffd2b00e84e626f0271a44be1ba59496384a5e0672903" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32675,17 +126722,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ext" + "value": "node_modules/workerpool" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "esniff", - "version": "2.0.1", - "bom-ref": "esniff@2.0.1", - "author": "Mariusz Nowak", - "description": "Low footprint ECMAScript source code parser", + "name": "yargs-parser", + "version": "20.2.4", + "bom-ref": "yargs-parser@20.2.4", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", "licenses": [ { "license": { @@ -32693,30 +126744,30 @@ } } ], - "purl": "pkg:npm/esniff@2.0.1", + "purl": "pkg:npm/yargs-parser@20.2.4", "externalReferences": [ { - "url": "git+https://github.com/medikoo/esniff.git", + "url": "git+https://github.com/yargs/yargs-parser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/esniff#readme", + "url": "https://github.com/yargs/yargs-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/esniff/issues", + "url": "https://github.com/yargs/yargs-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/esniff/-/esniff-2.0.1.tgz", + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "91350818a43f9833c5a09d2855f726c899f88810d1a6d8cd548cf020547bb6a59775523dc5f03644cc18fe06d2a491b79647563448cb6a9fcda951d9889b1d7e" + "content": "58e92980d84f4e513bde1e1514016c3a7a262556a8bcef15a8b0f3cb9b1a0a1441150141a0c622ae8c325be43d1c1e07145e19ed5653886de24b3249036f7244" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32725,17 +126776,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/esniff" + "value": "node_modules/yargs-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "event-emitter", - "version": "0.3.5", - "bom-ref": "event-emitter@0.3.5", - "author": "Mariusz Nowak", - "description": "Environment agnostic event emitter", + "name": "yargs-unparser", + "version": "2.0.0", + "bom-ref": "yargs-unparser@2.0.0", + "author": "André Cruz", + "description": "Converts back a yargs argv object to its original array form", "licenses": [ { "license": { @@ -32743,30 +126798,30 @@ } } ], - "purl": "pkg:npm/event-emitter@0.3.5", + "purl": "pkg:npm/yargs-unparser@2.0.0", "externalReferences": [ { - "url": "git://github.com/medikoo/event-emitter.git", + "url": "git+https://github.com/yargs/yargs-unparser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/event-emitter#readme", + "url": "https://github.com/yargs/yargs-unparser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/event-emitter/issues", + "url": "https://github.com/yargs/yargs-unparser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz", + "url": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0fdad19fdcbb90b3e727e84cabb4bf9e1be82b0c2f5496a1062d813e6c776ef6ec11d2b75bd8a2f1c0521a33feef6fcb9cce27e9fa37f9d9025f915e4d0aee5c" + "content": "ee9453200f5073571a6746d9e9161119b1c9b61256b9a91ff969872b4ad578b90daeb1a17e869b04d76e7ba91d20d23aaf889fee872af5a0ff9fbc7028e77338" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32775,48 +126830,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/event-emitter" + "value": "node_modules/yargs-unparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "next-tick", - "version": "1.1.0", - "bom-ref": "next-tick@1.1.0", - "author": "Mariusz Nowak", - "description": "Environment agnostic nextTick polyfill", + "name": "decamelize", + "version": "4.0.0", + "bom-ref": "decamelize@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/next-tick@1.1.0", + "purl": "pkg:npm/decamelize@4.0.0", "externalReferences": [ { - "url": "git://github.com/medikoo/next-tick.git", + "url": "git+https://github.com/sindresorhus/decamelize.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/next-tick#readme", + "url": "https://github.com/sindresorhus/decamelize#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/next-tick/issues", + "url": "https://github.com/sindresorhus/decamelize/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", + "url": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0977548897a66ec363b93a10bf16b23d917d56a86dee17b0b2fcb6b0e59a7cbbe2d9ac1f963f66382e9b1c8839d28ad7f0826f58a63dc1843fcc1da4a203ec95" + "content": "f621353e04a293d1de208c3624ef78222767137781a10ac5277c3bb05bb3497e03a66677bf9b19a54895e52c1c7fa990105f98d2bbbc35ea3ea7e9f287627e85" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32825,48 +126884,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/next-tick" + "value": "node_modules/decamelize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "memoizee", - "version": "0.4.15", - "bom-ref": "memoizee@0.4.15", - "author": "Mariusz Nowak", - "description": "Memoize/cache function results", + "name": "is-plain-obj", + "version": "2.1.0", + "bom-ref": "is-plain-obj@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/memoizee@0.4.15", + "purl": "pkg:npm/is-plain-obj@2.1.0", "externalReferences": [ { - "url": "git://github.com/medikoo/memoizee.git", + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/memoizee#readme", + "url": "https://github.com/sindresorhus/is-plain-obj#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/memoizee/issues", + "url": "https://github.com/sindresorhus/is-plain-obj/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz", + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5015a62692d97794933e6ecf31494ec3f4d2cbdef633ecfc81cc90e6f78e9d20d1444cffd1b9a9c937cab77ff9d4384406a099427d6e74cff97e57123d886475" + "content": "6169dfc91c312fff92b2b5987cea54b73e5bdd80fe9f27e41ef8db71a9f393cce0c8ee00483ebbb95311b7c9396cce252cc0e75dfae24613a97a6c3e35f4f578" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32875,48 +126938,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/memoizee" + "value": "node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "es6-weak-map", - "version": "2.0.3", - "bom-ref": "es6-weak-map@2.0.3", - "author": "Mariusz Nowak", - "description": "ECMAScript6 WeakMap polyfill", + "name": "mock-fs", + "version": "5.2.0", + "bom-ref": "mock-fs@5.2.0", + "author": "Tim Schaub", + "description": "A configurable mock file system. You know, for testing.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/es6-weak-map@2.0.3", + "purl": "pkg:npm/mock-fs@5.2.0", "externalReferences": [ { - "url": "git://github.com/medikoo/es6-weak-map.git", + "url": "git://github.com/tschaub/mock-fs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/es6-weak-map#readme", + "url": "https://github.com/tschaub/mock-fs", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/es6-weak-map/issues", + "url": "https://github.com/tschaub/mock-fs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz", + "url": "https://registry.npmjs.org/mock-fs/-/mock-fs-5.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a79ba6df61ce4ced643fec3b3d19c1fb9950e3767a9aeb8cb8831f7ef0cdf1907819c9e32c157acc64ada5b01220c9380c202f11a6a685edb387209bfd05d7b0" + "content": "d9d17647a60c4996e98a9d55d561ca18b363aff938f2e40296a3156f91f730ebf073daa1622b37fc859b8f4daa220fd8f0c0d7285178739bf4af1c76a3ac5367" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32925,48 +126992,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/es6-weak-map" + "value": "node_modules/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "is-promise", - "version": "2.2.2", - "bom-ref": "is-promise@2.2.2", - "author": "ForbesLindesay", - "description": "Test whether an object looks like a promises-a+ promise", + "name": "objects-to-csv", + "version": "1.3.6", + "bom-ref": "objects-to-csv@1.3.6", + "author": "Anton Ivanov", + "description": "Converts an array of objects into a CSV file. Saves CSV to disk or returns as string.", "licenses": [ { "license": { - "id": "MIT" + "id": "Unlicense" } } ], - "purl": "pkg:npm/is-promise@2.2.2", + "purl": "pkg:npm/objects-to-csv@1.3.6", "externalReferences": [ { - "url": "git+https://github.com/then/is-promise.git", + "url": "git+https://github.com/anton-bot/objects-to-csv.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/then/is-promise#readme", + "url": "https://github.com/anton-bot/objects-to-csv#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/then/is-promise/issues", + "url": "https://github.com/anton-bot/objects-to-csv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", + "url": "https://registry.npmjs.org/objects-to-csv/-/objects-to-csv-1.3.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fa53f8ffa94a5017d08d9da97714e166f2d401a7e665bf0e03115bf175ed890992df920d82bf3985d386a04b35db87b3d450a7649b7a8dabbf4fe6a5879f1015" + "content": "dfcdde4a94b786680292c5bce4a22a06d71b8125b90c356c0a6ccba0ce82deae32cce5f6ae6b56c45e296cb27be9fcfeb9f03ee3f4b0013e1075a63a2145a602" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -32975,48 +127046,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-promise" + "value": "node_modules/objects-to-csv" } ] }, { "type": "library", - "name": "lru-queue", - "version": "0.1.0", - "bom-ref": "lru-queue@0.1.0", - "author": "Mariusz Nowak", - "description": "LRU Queue", + "name": "async-csv", + "version": "2.1.3", + "bom-ref": "async-csv@2.1.3", + "author": "Anton Ivanov", + "description": "ES7 async-await wrapper for the csv package.", "licenses": [ { "license": { - "id": "MIT" + "id": "Unlicense" } } ], - "purl": "pkg:npm/lru-queue@0.1.0", + "purl": "pkg:npm/async-csv@2.1.3", "externalReferences": [ { - "url": "git://github.com/medikoo/lru-queue.git", + "url": "git+https://github.com/anton-bot/async-csv.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/lru-queue#readme", + "url": "https://github.com/catcher-in-the-try/async-csv#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/lru-queue/issues", + "url": "https://github.com/catcher-in-the-try/async-csv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz", + "url": "https://registry.npmjs.org/async-csv/-/async-csv-2.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "06975892df44bc697c39f5870d03c8495a5c979c59b616fe5cfb1b10b8f90105f1202f08ae20d92106230493c49b9ad2e36d2c8d9d132c4cd172ae4a741858ad" + "content": "9a9b0237e0fb9b365eaab943c3b5133e1bc3403971d62f35f44f5f6ca22df1dae48040f91523a506fdd193ffac5dd7af9cedb0c2546454e43891d4f4032a8fa9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33025,48 +127096,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lru-queue" + "value": "node_modules/async-csv" } ] }, { "type": "library", - "name": "timers-ext", - "version": "0.1.7", - "bom-ref": "timers-ext@0.1.7", - "author": "Mariusz Nowak", - "description": "Timers extensions", + "name": "csv", + "version": "5.5.3", + "bom-ref": "csv@5.5.3", + "author": "David Worms", + "description": "A mature CSV toolset with simple api, full of options and tested against large datasets.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/timers-ext@0.1.7", + "purl": "pkg:npm/csv@5.5.3", "externalReferences": [ { - "url": "git://github.com/medikoo/timers-ext.git", + "url": "git+https://github.com/adaltas/node-csv.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/timers-ext#readme", + "url": "https://csv.js.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/timers-ext/issues", + "url": "https://github.com/adaltas/node-csv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz", + "url": "https://registry.npmjs.org/csv/-/csv-5.5.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6fce4d50dcd349da1d4a14c86e4cba645d367bc493b5555f0fe7eee1a5d74a11042e9a331fe6c2a492d830f65bb0004ddb00c7edf269a88a17c49a736dfd0da9" + "content": "413698d178e385340e760b80445d2518a9b9fe612af4f0fdfd585965e8070c806adad43080da47737767783e261a8da226cf9f4cabf9069d1f67e051b98dd9d2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33075,49 +127146,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/timers-ext" + "value": "node_modules/csv" } ] }, { "type": "library", - "name": "difflib", - "version": "0.2.4", - "bom-ref": "difflib@0.2.4", - "author": "Xueqiao Xu", - "description": "text diff library ported from Python's difflib module", + "name": "csv-generate", + "version": "3.4.3", + "bom-ref": "csv-generate@3.4.3", + "author": "David Worms", + "description": "CSV and object generation implementing the Node.js `stream.Readable` API", "licenses": [ { "license": { - "name": "PSF", - "url": "http://docs.python.org/license.html" + "id": "MIT" } } ], - "purl": "pkg:npm/difflib@0.2.4", + "purl": "pkg:npm/csv-generate@3.4.3", "externalReferences": [ { - "url": "git://github.com/qiao/difflib.js.git", + "url": "git+ssh://git@github.com/adaltas/node-csv-generate.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/qiao/difflib.js", + "url": "https://csv.js.org/generate/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/qiao/difflib.js/issues", + "url": "https://github.com/adaltas/node-csv-generate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/difflib/-/difflib-0.2.4.tgz", + "url": "https://registry.npmjs.org/csv-generate/-/csv-generate-3.4.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f5857098c6f4c101d036be49f66e814a3e9f938a5f1884c640e3acf83f4597e20d38358539fbe1214d6136fe86811d510680bff4d25cc2eefbcd2871574913ef" + "content": "c3f4feaea474bf0bc7a96b3fd59c8c0d6b471d225a374ea4951a895c11290c968cffe75992ca3438a87555cbae62f2b75cce772b2b1536af0aa3f7a908af303b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33126,17 +127196,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/difflib" + "value": "node_modules/csv-generate" } ] }, { "type": "library", - "name": "heap", - "version": "0.2.7", - "bom-ref": "heap@0.2.7", - "author": "Xueqiao Xu", - "description": "binary heap (priority queue) algorithms (ported from Python's heapq module)", + "name": "csv-stringify", + "version": "5.6.5", + "bom-ref": "csv-stringify@5.6.5", + "author": "David Worms", + "description": "CSV stringifier implementing the Node.js `stream.Transform` API", "licenses": [ { "license": { @@ -33144,30 +127214,30 @@ } } ], - "purl": "pkg:npm/heap@0.2.7", + "purl": "pkg:npm/csv-stringify@5.6.5", "externalReferences": [ { - "url": "git://github.com/qiao/heap.js.git", + "url": "git+ssh://git@github.com/adaltas/node-csv-stringify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/qiao/heap.js", + "url": "https://csv.js.org/stringify/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/qiao/heap.js/issues", + "url": "https://github.com/adaltas/node-csv-stringify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", + "url": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d9bb1e8189241cefa1ffd3066e7e8a59c138e5c1d980f00da392d717b12f59d4f4c93d8482e4953b59c3814e5cf3e64e3f0a76bcc35aed816c26155c0d1f5276" + "content": "3e3890eb9f5a43e7d44d0a92addd571039ceaf9da3877d1106eadfce4b1c684dad3da16c0c7e703801c98b0f17007a614649c2c0c504f4a45ac9ce0afcd6cef0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33176,41 +127246,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/heap" + "value": "node_modules/csv-stringify" } ] }, { "type": "library", - "name": "dreamopt", - "version": "0.8.0", - "bom-ref": "dreamopt@0.8.0", - "author": "Andrey Tarantsov", - "description": "Command-line parser with readable syntax from your sweetest dreams", - "purl": "pkg:npm/dreamopt@0.8.0", + "name": "stream-transform", + "version": "2.1.3", + "bom-ref": "stream-transform@2.1.3", + "author": "David Worms", + "description": "Object transformations implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-transform@2.1.3", "externalReferences": [ { - "url": "git://github.com/andreyvit/dreamopt.js.git", + "url": "git+ssh://git@github.com/adaltas/node-stream-transform.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/andreyvit/dreamopt.js", + "url": "https://csv.js.org/transform/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/andreyvit/dreamopt.js/issues", + "url": "https://github.com/adaltas/node-stream-transform/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/dreamopt/-/dreamopt-0.8.0.tgz", + "url": "https://registry.npmjs.org/stream-transform/-/stream-transform-2.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bf2253a7cfa60be1bee5d7e0b18fabddc931973f90317e345633d0b19739831540c4b9a2eb84c1a1590fe7803fa51017317b1bbb618c301ad93f136fdb7c1a32" + "content": "f461d488ce613220a2e98d378c3d80442d5eb6d0579100684007bb9c9b0f9279c8d28c35d1a5e34e77b0f10b584262e3ce7f7be019e658400980263a64fd4379" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33219,17 +127296,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/dreamopt" + "value": "node_modules/stream-transform" } ] }, { "type": "library", - "name": "wordwrap", - "version": "1.0.0", - "bom-ref": "wordwrap@1.0.0", - "author": "James Halliday", - "description": "Wrap those words. Show them at what columns to start and stop.", + "name": "mixme", + "version": "0.5.10", + "bom-ref": "mixme@0.5.10", + "author": "David Worms", + "description": "A library for recursively merging JavaScript objects", "licenses": [ { "license": { @@ -33237,30 +127314,30 @@ } } ], - "purl": "pkg:npm/wordwrap@1.0.0", + "purl": "pkg:npm/mixme@0.5.10", "externalReferences": [ { - "url": "git://github.com/substack/node-wordwrap.git", + "url": "git+https://github.com/adaltas/node-mixme.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/substack/node-wordwrap#readme", + "url": "https://github.com/adaltas/node-mixme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/substack/node-wordwrap/issues", + "url": "https://github.com/adaltas/node-mixme/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "url": "https://registry.npmjs.org/mixme/-/mixme-0.5.10.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "82f57324594fc9c29ce5d64de323e43fcc3b0dcdfb06d3f5c9ccc49de39be2eab7e295d972faed45399657c5be5267be5c2c4a81b8ccfa77af93214f3326dde1" + "content": "e47efa00d5a29c1d47dedc2927a258f2ebc0b69985bc7340ae98a52408d744a5d20c32cf20ca1902bc39487d2af73fa52ecf08accc3b436556a568a614a153d5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33269,17 +127346,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/wordwrap" + "value": "node_modules/mixme" } ] }, { "type": "library", - "name": "jstoxml", - "version": "3.2.10", - "bom-ref": "jstoxml@3.2.10", - "author": "David Calhoun", - "description": "Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)", + "name": "oclif", + "version": "4.13.0", + "bom-ref": "oclif@4.13.0", + "author": "Salesforce", + "description": "oclif: create your own CLI", "licenses": [ { "license": { @@ -33287,30 +127364,30 @@ } } ], - "purl": "pkg:npm/jstoxml@3.2.10", + "purl": "pkg:npm/oclif@4.13.0", "externalReferences": [ { - "url": "git://github.com/davidcalhoun/jstoxml.git", + "url": "git+https://github.com/oclif/oclif.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://github.com/davidcalhoun/jstoxml", + "url": "https://github.com/oclif/oclif", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/davidcalhoun/jstoxml/issues", + "url": "https://github.com/oclif/oclif/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jstoxml/-/jstoxml-3.2.10.tgz", + "url": "https://registry.npmjs.org/oclif/-/oclif-4.13.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "735bf6085c4aae120f5abf9c3ab04e2569029646b945f5161b5d98d60ab2143e1dcca4e5c646ab9e2925c0e4ffeb047565f97ec76655223448411f431621b5ad" + "content": "c12b4e4be3963c2c513ca2bc87a037648009aeed940377b6f568d791ad2085e0fd64a60375495d8e3b6df2d2930dfac3ac64009d17f06de32f4baea28620726d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33319,48 +127396,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jstoxml" + "value": "node_modules/oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "pretty", - "version": "2.0.0", - "bom-ref": "pretty@2.0.0", - "author": "Jon Schlinkert", - "description": "Some tweaks for beautifying HTML with js-beautify according to my preferences.", + "name": "client-cloudfront", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Cloudfront Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/pretty@2.0.0", + "purl": "pkg:npm/%40aws-sdk/client-cloudfront@3.575.0#clients/client-cloudfront", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/pretty.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-cloudfront", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jonschlinkert/pretty", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-cloudfront", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/pretty/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1bdc54721813122369a2b99d60197e3e16b9d20394a2f4f5f08bc07bb118319d7f7fd5bf59630f467fb123af325cd3149374171c3c28ff5c15ff835e8d535ed7" + "content": "1a3a39ffdc9954b510287ef7fc531f8267a2b003663279a9c563b7b40ef5cad4106549b9183585e20e327c7a14d6745e453c284854a1c3b32f69d641a6e08693" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33369,48 +127451,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pretty" + "value": "node_modules/@aws-sdk/client-cloudfront" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "condense-newlines", - "version": "0.2.1", - "bom-ref": "condense-newlines@0.2.1", - "author": "Jon Schlinkert", - "description": "Replace extraneous newlines with a single newline, or pass a specified number of newlines to use.", + "name": "xml-builder", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/xml-builder@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "XML builder for the AWS SDK", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/condense-newlines@0.2.1", + "purl": "pkg:npm/%40aws-sdk/xml-builder@3.575.0#packages/xml-builder", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/condense-newlines.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/xml-builder", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jonschlinkert/condense-newlines", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/xml-builder", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/condense-newlines/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3fb5fe40bf476fd07f73c1c8e411452a68e006ed97a50b85f7c599f5790ef9d046824e57830890cfba354a6a6094d588777e7cd54712d1214059fa0884c1cf7e" + "content": "716800c266c560d085ccfc312fbd39fa55a9b3417766f39c92e7ddd8a2a8119526b69570f7fb7151736b3f24945d29914d2461a1ab4830004d7d2b56474e376d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33419,48 +127506,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/condense-newlines" + "value": "node_modules/@aws-sdk/xml-builder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "extend-shallow", - "version": "2.0.1", - "bom-ref": "extend-shallow@2.0.1", - "author": "Jon Schlinkert", - "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "name": "util-waiter", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-waiter@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for client waiters for the AWS SDK", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/extend-shallow@2.0.1", + "purl": "pkg:npm/%40smithy/util-waiter@3.0.0#packages/util-waiter", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/extend-shallow.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-waiter", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jonschlinkert/extend-shallow", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-waiter", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "url": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cc29d3b65c4da0088373782a636698016171ed759689ab2e1762bc31ee566cdf28b4729350a0708cfb4da51b3fadb5199bb2b158068d8fb3f56bfa79d866d5ba" + "content": "f9f1172711832c2a2a44a5529a8d1ab86c5aa9b882a3ef28a61fb86ae79f62368dc6338b2926363315507d1ce8eb93da66fe1fafee655a0f9abbbbd2b8927fcf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33469,41 +127561,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/extend-shallow" + "value": "node_modules/@smithy/util-waiter" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "is-whitespace", - "version": "0.3.0", - "bom-ref": "is-whitespace@0.3.0", - "author": "Jon Schlinkert", - "description": "Returns true if the value passed is all whitespace.", - "purl": "pkg:npm/is-whitespace@0.3.0", + "name": "client-s3", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-s3@3.583.0#clients/client-s3", "externalReferences": [ { - "url": "git://github.com/jonschlinkert/is-whitespace.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-s3", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jonschlinkert/is-whitespace", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/is-whitespace/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.583.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "47274f865e12e89c00ca3d09263b215891051ba84dc9ede964505165a4d47d9170187c73a6935a34e56042e4bf13f4a586b029b8c5eba672b51042177dda370e" + "content": "a52ef09dcba04ae210f1182d44813d0f2b2d76677798c9e37e388ed62035521197932020a09cd0e231f4afee57f9e5a660761071fcbd7d44174f682a577b7d18" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33512,48 +127616,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-whitespace" + "value": "node_modules/@aws-sdk/client-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "kind-of", - "version": "3.2.2", - "bom-ref": "kind-of@3.2.2", - "author": "Jon Schlinkert", - "description": "Get the native type of a value.", + "name": "sha1-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0", + "author": "AWS Crypto Tools Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/kind-of@3.2.2", + "purl": "pkg:npm/%40aws-crypto/sha1-browser@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/kind-of.git", + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/kind-of", + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/kind-of/issues", + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "url": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "34e5bd4105cca191a0fe8aa754da0d4d320510889dd7adbb5827df50124474cc58029abb98d13b0a9cee7083dcf99420db93e17a3ec8252997de13bea1b94eb5" + "content": "349b61e5cf7dec62c7b3a9ce613cc52936d874c340ebfd5794a5609d9a1a65c43bcfb50994e823d8975b1c4f2d8982d2ddfcd734282e72defb48f19ab76ada4b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33562,48 +127670,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/kind-of" + "value": "node_modules/@aws-crypto/sha1-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "is-buffer", - "version": "1.1.6", - "bom-ref": "is-buffer@1.1.6", - "author": "Feross Aboukhadijeh", - "description": "Determine if an object is a Buffer", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/region-config-resolver@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/is-buffer@1.1.6", + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.577.0#packages/region-config-resolver", "externalReferences": [ { - "url": "git://github.com/feross/is-buffer.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/feross/is-buffer#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/feross/is-buffer/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7" + "content": "e0284214008dc33ab1ff18e0df3805716f00962e91f42f797051022964ffec250cd43d0c1af91c9521f670b6ab9870a626053aa272a426ba05b56a74907860ca" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33612,48 +127724,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-buffer" + "value": "node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "is-extendable", - "version": "0.1.1", - "bom-ref": "is-extendable@0.1.1", - "author": "Jon Schlinkert", - "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-node@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/is-extendable@0.1.1", + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.577.0#packages/util-user-agent-node", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/is-extendable.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jonschlinkert/is-extendable", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/is-extendable/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e413142cda1bd6f8055fa123430e62cd60f1ade7162bd00cef6aee80daf44c595d30e8b47e3e8993ecde288b74c468f87047d0209b61e30dce296389e1ff8017" + "content": "5eabed1636d232dc9c653595c037bc0d15a8beea0c6c0e789e1528670554eab5bd3920fa359586479d7605418715a5b35b45a0f3ef838f5d05aca4c6d97b6a7c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33662,48 +127778,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-extendable" + "value": "node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "js-beautify", - "version": "1.15.1", - "bom-ref": "js-beautify@1.15.1", - "author": "Einar Lielmanis", - "description": "beautifier.io for node", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-env@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/js-beautify@1.15.1", + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.577.0#packages/credential-provider-env", "externalReferences": [ { - "url": "git://github.com/beautifier/js-beautify.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://beautifier.io/", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/beautifier/js-beautify/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1128cdcd296dfec584f2c722647f24045f013e5c173f0851ea958a030f1bc380708fe899727296e8e35652eb49ede39bb81650a6221bf12ece62ca56acab7bac" + "content": "271bb6e798f4813a0c1848aab9f3fc66d288f075bdd2538b8f02772eb7650ff34bb00634b4e41fd5f59ce77bb6f215a698d18cc660ab2f6a7ae883a030384353" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33712,143 +127833,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/js-beautify" - } - ], - "components": [ - { - "type": "library", - "name": "glob", - "version": "10.3.12", - "bom-ref": "js-beautify@1.15.1|glob@10.3.12", - "author": "Isaac Z. Schlueter", - "description": "the most correct and second fastest glob implementation in JavaScript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/glob@10.3.12", - "externalReferences": [ - { - "url": "git://github.com/isaacs/node-glob.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-glob#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-glob/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/js-beautify/node_modules/glob" - } - ] + "value": "node_modules/@aws-sdk/credential-provider-env" }, { - "type": "library", - "name": "minipass", - "version": "7.0.4", - "bom-ref": "js-beautify@1.15.1|minipass@7.0.4", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass@7.0.4", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/js-beautify/node_modules/minipass" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "config-chain", - "version": "1.1.13", - "bom-ref": "config-chain@1.1.13", - "author": "Dominic Tarr", - "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", - "purl": "pkg:npm/config-chain@1.1.13", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-process@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.577.0#packages/credential-provider-process", "externalReferences": [ { - "url": "git+https://github.com/dominictarr/config-chain.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "http://github.com/dominictarr/config-chain", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dominictarr/config-chain/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aa3f9ff003c04571eb33486b6aa5d86f6fdb395495e0fbc9425359fc3563d10ae634cdaad9eba2ce47ae55c910e7b27e5b49911fa1ef8be939d0ce09ba5d9545" + "content": "1a29fa056b4e897c488084eb27737073e6363f5b954fa86e611e0471b03f0c950f5b23b49fdcb95052dec0fbd56cb9119f5e49784a84ac12d4ac772592238ab7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33857,48 +127888,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/config-chain" + "value": "node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ini", - "version": "1.3.8", - "bom-ref": "ini@1.3.8", - "author": "Isaac Z. Schlueter", - "description": "An ini encoder/decoder for node", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/ini@1.3.8", + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.577.0#packages/credential-provider-web-identity", "externalReferences": [ { - "url": "git://github.com/isaacs/ini.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/isaacs/ini#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/ini/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "255ff2ba0576bb35b988c4528990320ed41dfa7c6d5278de2edd1a70d770f7c90a2ebbee455c81f34b6c444384ef2bc65606a5859e913570a61079142812b17b" + "content": "6461c6351682b49266b336fd5139c2ee2ccd0ad454b6d74f94b74c921e3528f4b7daf7ddac10c7b3526ba5b6628c8b518f5c4ab8e5ec8984972c068719c2e1f1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33907,48 +127943,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ini" + "value": "node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "proto-list", - "version": "1.2.4", - "bom-ref": "proto-list@1.2.4", - "author": "Isaac Z. Schlueter", - "description": "A utility for managing a prototype chain", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/token-providers@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/proto-list@1.2.4", + "purl": "pkg:npm/%40aws-sdk/token-providers@3.577.0#packages/token-providers", "externalReferences": [ { - "url": "git+https://github.com/isaacs/proto-list.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/isaacs/proto-list#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/proto-list/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bed2bff786a4c6c4cc85ed3f71b7e947eb323eeb3372ec21a958c9ab6e82b8d0e01468faf36a1105738fe4c269bf6afb26d13c32c89ea4622abef3930709f6bc" + "content": "d02908669702dc3350250d610e39b66dd4b2fd78ececdcb962f4ac69c6ac18e90d7e4f85764890cba37aedb657dd96dcf4a231f8dcf86eede20de3523699679d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -33957,48 +127998,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/proto-list" + "value": "node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "editorconfig", - "version": "1.0.4", - "bom-ref": "editorconfig@1.0.4", - "author": "EditorConfig Team", - "description": "EditorConfig File Locator and Interpreter for Node.js", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso-oidc@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/editorconfig@1.0.4", + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.577.0#clients/client-sso-oidc", "externalReferences": [ { - "url": "git://github.com/editorconfig/editorconfig-core-js.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/editorconfig/editorconfig-core-js#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/editorconfig/editorconfig-core-js/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2fd41ed3c2964e5a98315bcc71322f300765d5c0d4b9bcd13582fe59f0386cb0cc1dee277a62a4a666339339c4d45c0b2aed04126cbaa1b8102b3309ae0e31f5" + "content": "9e398a48f0d6b9e59661516915c6763f77c8ebfa5d4150dad05802c986613a724b8041d921c04183502c9e455669c06e2e8a69f5756dda6fbb84eeae818d7fd6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34007,100 +128053,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/editorconfig" - } - ], - "components": [ + "value": "node_modules/@aws-sdk/client-sso-oidc" + }, { - "type": "library", - "name": "minimatch", - "version": "9.0.1", - "bom-ref": "editorconfig@1.0.4|minimatch@9.0.1", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minimatch@9.0.1", - "externalReferences": [ - { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d235a12690ff31d84f5f03ee8919026df61f48aa76aa79f678e736efda88edffa8b25fe5fa9aca4abbe1835e7bcd262fc7fd679a09f636a753ea4d99ef3487f7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/editorconfig/node_modules/minimatch" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "wasm", - "group": "@one-ini", - "version": "0.1.1", - "bom-ref": "@one-ini/wasm@0.1.1", - "description": "Parse EditorConfig-INI file contents into AST", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sts@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40one-ini/wasm@0.1.1", + "purl": "pkg:npm/%40aws-sdk/client-sts@3.577.0#clients/client-sts", "externalReferences": [ { - "url": "git+https://github.com/one-ini/core.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/one-ini/core#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/one-ini/core/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5eec921b5137f1849c489a0c96aa2f2ebbb829350d4a38154c88f287ba8c5fa68d3791d8e42b792e14497713bbf49b53cca7f357f6e75a9cfeceab98ac84acbf" + "content": "e74f4a9258a6bdad575658466e94e9797de438fe8e4699b8e2dc09c431e96bd4d445b9a86b18fbbde5a59cb09b0e8af10d3adbb03821bd866c86f70bb288d5a6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34109,48 +128108,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@one-ini/wasm" + "value": "node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "commander", - "version": "10.0.1", - "bom-ref": "commander@10.0.1", - "author": "TJ Holowaychuk", - "description": "the complete solution for node.js command-line programs", + "name": "core", + "group": "@aws-sdk", + "version": "3.576.0", + "bom-ref": "@aws-sdk/core@3.576.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/commander@10.0.1", + "purl": "pkg:npm/%40aws-sdk/core@3.576.0#packages/core", "externalReferences": [ { - "url": "git+https://github.com/tj/commander.js.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/tj/commander.js#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tj/commander.js/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.576.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cb8320dad5ec8699446d21b3c7b6a6ccfc0a28e086ba84913ff0a311dc3093414e1a551baba94aba8c83653359926c47749b69e7885d7d8fc952b74bed77ddba" + "content": "283bc395b7a2a524c87fe7df2ad4e0d66e35f532bbb3d9994960bc6efb99f6ac7afec8d014e5c828e56acae962e839dfc466ef45cc2846e63df4e7021f537fd3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34159,48 +128163,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/commander" + "value": "node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "brace-expansion", - "version": "2.0.1", - "bom-ref": "brace-expansion@2.0.1", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/brace-expansion@2.0.1", + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.577.0#packages/credential-provider-node", "externalReferences": [ { - "url": "git://github.com/juliangruber/brace-expansion.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/juliangruber/brace-expansion", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/brace-expansion/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e7008bd0f1e33e902e9a50bc7ac2e422c15b27cec8bd7775b1cd5dc5a564c6035f45eb6d64c1d6ec01c14a5e02941d95accbe998ea22f5b074f1584142cad0c" + "content": "7a96751ce32cad704d7337341d0a6fd15323a80129734f43500ed183781425f9fcba684c2fb03b6d79d4caa3c0f92e78ab7f7b51883595e40a7529f6dce8b041" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34209,48 +128218,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/brace-expansion" + "value": "node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "js-cookie", - "version": "3.0.5", - "bom-ref": "js-cookie@3.0.5", - "author": "Klaus Hartl", - "description": "A simple, lightweight JavaScript API for handling cookies", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-user-agent@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/js-cookie@3.0.5", + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.577.0#packages/middleware-user-agent", "externalReferences": [ { - "url": "git://github.com/js-cookie/js-cookie.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/js-cookie/js-cookie#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/js-cookie/js-cookie/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "70488910012821b59f09960a5a157016ebcf5f58044d160fc3a2e56932a8c43decd80917ce40a39e9ea1d15efba33caa8f48da92d789e18a83253f37d3e9551b" + "content": "3f9e470178309a21c7a45c792443ef3a701b7e137bbfab16bfd3c142cfb3dad0bb42205c3d2d1c74947a3df57b2759f854f2b9dbf3a7acade5f55c5d43b32cd2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34259,48 +128272,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/js-cookie" + "value": "node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "nopt", - "version": "7.2.0", - "bom-ref": "nopt@7.2.0", - "author": "GitHub Inc.", - "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-endpoints@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/nopt@7.2.0", + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.577.0#packages/util-endpoints", "externalReferences": [ { - "url": "git+https://github.com/npm/nopt.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/nopt#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/nopt/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0950edc02761608be703316827a349e9d5f7a206bdfc7c9c8900e71b5bd00e348b31e28b27803ddd9a98283ae0612af5141639fe13180bed950a2db8a60a6418" + "content": "163b94cf529dcb8665cb6abf739f2da5da8777acfb88e754fdc698ce873c8f08001c10c16c824d40b094f615c99cf57633ca56c500f2219b28570b66bc4acfcf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34309,48 +128327,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/nopt" + "value": "node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "abbrev", - "version": "2.0.0", - "bom-ref": "abbrev@2.0.0", - "author": "GitHub Inc.", - "description": "Like ruby's abbrev module, but in js", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-http@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/abbrev@2.0.0", + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.577.0#packages/credential-provider-http", "externalReferences": [ { - "url": "git+https://github.com/npm/abbrev-js.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/abbrev-js#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/abbrev-js/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ebf9a1d44daed98804b021dd634631e685beeb581953ed6f5daa221c7ae929eb9134d805bd2fbf8ebc07890841e5aa407f9a01ed407b135f689764762ca1fc85" + "content": "9fefb2842a7aedbf7e651184758d6385a981e44fcef90b080ce3d2b9199d69218c08e77cda850428f8085445356e4ab10ec071822116bafb5f84aeac3620d2d0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34359,48 +128382,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/abbrev" + "value": "node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "babel__core", - "group": "@types", - "version": "7.20.5", - "bom-ref": "@types/babel__core@7.20.5", - "description": "TypeScript definitions for @babel/core", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-ini@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40types/babel__core@7.20.5#types/babel__core", + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.577.0#packages/credential-provider-ini", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__core", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__core", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aa8429ad9bf3e70405270303a9eb1e4575afdeba8cbe18296d715f5725a16f1f57e3b3ce200ea2ffe75779f12664aa0080e69375a22035232a30853ad72472cc" + "content": "abb9473edbfa06346f0a1504de6d2d21a1192b13d3699d41de52b1198b0597754b02ee4df3218250ac2e0358b37f8b9c4fe2f22ac7151aa2ba543671d5ebf79f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34409,49 +128437,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/babel__core" + "value": "node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "template", - "group": "@babel", - "version": "7.24.0", - "bom-ref": "@babel/template@7.24.0", - "author": "The Babel Team", - "description": "Generate an AST from a string template.", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40babel/template@7.24.0#packages/babel-template", + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.577.0#packages/credential-provider-sso", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-template", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://babel.dev/docs/en/next/babel-template", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20template%22+is%3Aopen", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0647f6abc94c074005a57d0d144a926f1d4e9131dfd1ffb48fcda6930f99a73067924edef50974f3dd6f95f822fa41f03a4f2d4238901e9aa1e0b6926b47ca10" + "content": "8959b9490bd2ec48194c9b116aa50e9834290503cf3dab78d9209b585bc540e2eb97ca9ec2af0e3fde21152e70da63fadb39e0798cea8499c37a5efd1d76f17b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34460,48 +128492,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/template" + "value": "node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "bs-logger", - "version": "0.2.6", - "bom-ref": "bs-logger@0.2.6", - "author": "Huafu Gandon", - "description": "Bare simple logger for NodeJS", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/bs-logger@0.2.6", + "purl": "pkg:npm/%40aws-sdk/client-sso@3.577.0#clients/client-sso", "externalReferences": [ { - "url": "git+https://github.com/huafu/bs-logger.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/huafu/bs-logger#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/huafu/bs-logger/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a5df030a8c666e073b8723ca3afc6da8d7236283ac0013d075c0948c6a77778d95476097d4e46193603cee8aaabb9475924fbbea7b3166ea649b277e315b42a2" + "content": "070ba3757af276593a504c8f99ec26e46a86e27910e8e5724614bf4b264fffa50a485bf6fec7f7f750a6cf484dd22b544c7d6b4785de2e59fc5c23ad6ab92bce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34510,48 +128547,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/bs-logger" + "value": "node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "json5", - "version": "2.2.3", - "bom-ref": "json5@2.2.3", - "author": "Aseem Kishore", - "description": "JSON for Humans", + "name": "middleware-bucket-endpoint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/json5@2.2.3", + "purl": "pkg:npm/%40aws-sdk/middleware-bucket-endpoint@3.577.0#packages/middleware-bucket-endpoint", "externalReferences": [ { - "url": "git+https://github.com/json5/json5.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-bucket-endpoint", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "http://json5.org/", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-bucket-endpoint", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/json5/json5/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e63967bb7b21d81f5e1c2dd54fa3283e18e1f7ad85fef8aa73af2949c125bdf2ddcd93e53c5ce97c15628e830b7375bf255c67facd8c035337873167f16acca" + "content": "b70964357d95a1f33a9075f30c48893a260273db550017b971bcb1300ad15ac708b02586f666a63e10bbedecc6e17b0df5d144c157711180f90aba66ff91148b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34560,48 +128601,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json5" + "value": "node_modules/@aws-sdk/middleware-bucket-endpoint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "lodash.memoize", - "version": "4.1.2", - "bom-ref": "lodash.memoize@4.1.2", - "author": "John-David Dalton", - "description": "The lodash method `_.memoize` exported as a module.", + "name": "util-arn-parser", + "group": "@aws-sdk", + "version": "3.568.0", + "bom-ref": "@aws-sdk/util-arn-parser@3.568.0", + "author": "AWS SDK for JavaScript Team", + "description": "A parser to Amazon Resource Names", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/lodash.memoize@4.1.2", + "purl": "pkg:npm/%40aws-sdk/util-arn-parser@3.568.0#packages/util-arn-parser", "externalReferences": [ { - "url": "git+https://github.com/lodash/lodash.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-arn-parser", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://lodash.com/", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-arn-parser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lodash/lodash/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b7b8fe3739a09d0cd30185dcb0760b8229a5b4e5753171ed94e59fe868cbf4a8fc18ae45227c39268b71bdb3acf88bd5d7f0f3a34e3f7c219f2d5b3b6976f802" + "content": "5d4289596a3e28e07b7db9cf3f4fa0fe8e54964bbf5f9dedee2fe1fac3c7af9c71613249f426276d3a28f799b3c5eef15af90baec36d27c2fe327367f4836cdb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34610,49 +128656,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lodash.memoize" + "value": "node_modules/@aws-sdk/util-arn-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "core", - "group": "@oclif", - "version": "3.26.9", - "bom-ref": "@oclif/core@3.26.9", - "author": "Salesforce", - "description": "base library for oclif CLIs", + "name": "middleware-expect-continue", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40oclif/core@3.26.9", + "purl": "pkg:npm/%40aws-sdk/middleware-expect-continue@3.577.0#packages/middleware-expect-continue", "externalReferences": [ { - "url": "git+https://github.com/oclif/core.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-expect-continue", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/oclif/core", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-expect-continue", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/core/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/core/-/core-3.26.9.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c81e58c5deb60ec1eaa822bfeb42fc2221a94d1214e09f9fcc2a9f6cf462218139f9a81f37ade4a6968cf936eac8c05db27b7f3d03a7603f0186cd6ab94afa7e" + "content": "e9d3e9f13bf8174a1fe2e9f9200c86eaafbe1ab46b3504383f6340301d56d153b826812ed42f0689ebdb6c32e2f3c4c52059ad2a99c70743830b3c27a1ef09b0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34661,298 +128710,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/core" - } - ], - "components": [ - { - "type": "library", - "name": "debug", - "version": "4.3.5", - "bom-ref": "@oclif/core@3.26.9|debug@4.3.5", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/debug@4.3.5", - "externalReferences": [ - { - "url": "git://github.com/debug-js/debug.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/debug-js/debug#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/debug-js/debug/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/core/node_modules/debug" - } - ] - }, - { - "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "@oclif/core@3.26.9|ms@2.1.2", - "description": "Tiny millisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/core/node_modules/ms" - } - ] - }, - { - "type": "library", - "name": "js-yaml", - "version": "3.14.1", - "bom-ref": "@oclif/core@3.26.9|js-yaml@3.14.1", - "author": "Vladimir Zapparov", - "description": "YAML 1.2 parser and serializer", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/js-yaml@3.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/nodeca/js-yaml.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/nodeca/js-yaml", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/nodeca/js-yaml/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/core/node_modules/js-yaml" - } - ] - }, - { - "type": "library", - "name": "argparse", - "version": "1.0.10", - "bom-ref": "@oclif/core@3.26.9|argparse@1.0.10", - "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/argparse@1.0.10", - "externalReferences": [ - { - "url": "git+https://github.com/nodeca/argparse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/nodeca/argparse#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/nodeca/argparse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/core/node_modules/argparse" - } - ] + "value": "node_modules/@aws-sdk/middleware-expect-continue" }, { - "type": "library", - "name": "sprintf-js", - "version": "1.0.3", - "bom-ref": "@oclif/core@3.26.9|sprintf-js@1.0.3", - "author": "Alexandru Marasteanu", - "description": "JavaScript sprintf implementation", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/sprintf-js@1.0.3", - "externalReferences": [ - { - "url": "git+https://github.com/alexei/sprintf.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/alexei/sprintf.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/alexei/sprintf.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/core/node_modules/sprintf-js" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "cli-progress", - "group": "@types", - "version": "3.11.5", - "bom-ref": "@types/cli-progress@3.11.5", - "description": "TypeScript definitions for cli-progress", + "name": "middleware-flexible-checksums", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40types/cli-progress@3.11.5#types/cli-progress", + "purl": "pkg:npm/%40aws-sdk/middleware-flexible-checksums@3.577.0#packages/middleware-flexible-checksums", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/cli-progress", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-flexible-checksums", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cli-progress", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.5.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0f83db3516ef88aca9a52e62bc11b214edbd3ce97248b980d87c94144e29e5019acc030cdc2c2429672f4e5f20bc4952bb1461e853ca2fc5e689d5fcef7a2ee2" + "content": "207014122a487da823c3dd8b57c48e48188217b667a9f1dcc35e0891c656dbf99fac2cb5161fe4e343284bfb774eba36b50f75ae040fc14a12801fd00a2d8eae" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -34961,46 +128764,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/cli-progress" + "value": "node_modules/@aws-sdk/middleware-flexible-checksums" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "type-fest", - "version": "0.21.3", - "bom-ref": "type-fest@0.21.3", - "author": "Sindre Sorhus", - "description": "A collection of essential TypeScript types", + "name": "crc32", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32@3.0.0", + "author": "AWS Crypto Tools Team", "licenses": [ { - "expression": "(MIT OR CC0-1.0)" + "license": { + "id": "Apache-2.0" + } } ], - "purl": "pkg:npm/type-fest@0.21.3", + "purl": "pkg:npm/%40aws-crypto/crc32@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/type-fest.git", + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/type-fest#readme", + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/type-fest/issues", + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "url": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b74af306af3b9b77d571db870d41612a6cb25fef5ea3a5908d9bdfe7511afccd10efe4f7ef8269d5a522c9497418ac69f0cfce113547483be69323e0bd7f97db" + "content": "2334a0b2bc5472cade8d06cf5629482b2d7a9004f9d84c01eb349a23e337c712212a1e7e6a5744caf23ecfa7ab33b4c22c1d8126c16bb478e9ebfe3fb2bfb774" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35009,48 +128818,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/type-fest" + "value": "node_modules/@aws-crypto/crc32" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "color-convert", - "version": "2.0.1", - "bom-ref": "color-convert@2.0.1", - "author": "Heather Arthur", - "description": "Plain color conversion functions", + "name": "crc32c", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32c@3.0.0", + "author": "AWS Crypto Tools Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/color-convert@2.0.1", + "purl": "pkg:npm/%40aws-crypto/crc32c@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/Qix-/color-convert.git", + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Qix-/color-convert#readme", + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32c", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Qix-/color-convert/issues", + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "url": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529" + "content": "10d34f3cc6a79a7549e014d794e8c0803ed446275b0339d446a0f42af7d1132738a36d033d874495d5357f9710ec96e3d0224948f68c224ffd66c85d077db5d3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35059,48 +128872,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/color-convert" + "value": "node_modules/@aws-crypto/crc32c" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "cardinal", - "version": "2.1.1", - "bom-ref": "cardinal@2.1.1", - "author": "Thorsten Lorenz", - "description": "Syntax highlights JavaScript code with ANSI colors to be printed to the terminal.", + "name": "middleware-location-constraint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/cardinal@2.1.1", + "purl": "pkg:npm/%40aws-sdk/middleware-location-constraint@3.577.0#packages/middleware-location-constraint", "externalReferences": [ { - "url": "git://github.com/thlorenz/cardinal.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-location-constraint", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/thlorenz/cardinal#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-location-constraint", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thlorenz/cardinal/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "252af978e8281329ad607063356ca3acca9eb7d026da68898657ca35da8ba7ace878087428de5d44073195e723e66009ae64289a088e063df9c472eb163a81a7" + "content": "0ca3d30f60f6b3eb76414a3f21762d55affa527f0667ea61493064c81371da47d9cf82b06af865fc92734aa4d5dc67c25e455d16eec2ae3a17ec167aa9679350" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35109,48 +128926,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cardinal" + "value": "node_modules/@aws-sdk/middleware-location-constraint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ansicolors", - "version": "0.3.2", - "bom-ref": "ansicolors@0.3.2", - "author": "Thorsten Lorenz", - "description": "Functions that surround a string with ansicolor codes so it prints in color.", + "name": "middleware-sdk-s3", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/ansicolors@0.3.2", + "purl": "pkg:npm/%40aws-sdk/middleware-sdk-s3@3.582.0#packages/middleware-sdk-s3", "externalReferences": [ { - "url": "git://github.com/thlorenz/ansicolors.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-sdk-s3", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/thlorenz/ansicolors#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-sdk-s3", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thlorenz/ansicolors/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.582.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "417bbb04facfdbd565951c47f06c01ef1e625f9a9628000c2ea2901964de2d656534734ea55309f7576cc50008597a63b96e70aafc6edc977f9d18eb27ed29aa" + "content": "3c9a90a4ba0b6993d12382ff5d951e1e477d5152bc540afd477f30bf4a2c19e313bf30fd8b0cf39342364ed06a15d6bfe71101d58815619c32aaf992b579adb6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35159,48 +128980,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ansicolors" + "value": "node_modules/@aws-sdk/middleware-sdk-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "redeyed", - "version": "2.1.1", - "bom-ref": "redeyed@2.1.1", - "author": "Thorsten Lorenz", - "description": "Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.", + "name": "middleware-signing", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-signing@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/redeyed@2.1.1", + "purl": "pkg:npm/%40aws-sdk/middleware-signing@3.577.0#packages/middleware-signing", "externalReferences": [ { - "url": "git://github.com/thlorenz/redeyed.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-signing", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/thlorenz/redeyed#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-signing", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thlorenz/redeyed/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "14da461a8d43c9c600767aca17108c98a620a3f9882c0aad4586e47500fc129fc79363d0e7e684004c7e214ef5dd14c39ae05a1f473c3f9668ceeacdbb939b45" + "content": "412fdd877f8da996d7b58d23fc367cebba203f8d77a46e5c146a81cbd39e3a10ccb2895cc0bad06e2d12d1ceb6d5d73540dabe7abf5f7da32167f68f9325d722" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35209,48 +129034,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/redeyed" + "value": "node_modules/@aws-sdk/middleware-signing" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "esprima", - "version": "4.0.1", - "bom-ref": "esprima@4.0.1", - "author": "Ariya Hidayat", - "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "name": "middleware-ssec", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-ssec@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/esprima@4.0.1", + "purl": "pkg:npm/%40aws-sdk/middleware-ssec@3.577.0#packages/middleware-ssec", "externalReferences": [ { - "url": "git+https://github.com/jquery/esprima.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-ssec", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "http://esprima.org", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-ssec", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jquery/esprima/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0" + "content": "8b604f251faba7cc6645520673487590344570cd89f469c296aaa973e34b4a399869d95c83898f9258accfd1f3c0555c44f2795dc19fdd4e0162ce46f3e893ca" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35259,48 +129088,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/esprima" + "value": "node_modules/@aws-sdk/middleware-ssec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "has-flag", - "version": "4.0.0", - "bom-ref": "has-flag@4.0.0", - "author": "Sindre Sorhus", - "description": "Check if argv has a specific flag", + "name": "signature-v4-multi-region", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/has-flag@4.0.0", + "purl": "pkg:npm/%40aws-sdk/signature-v4-multi-region@3.582.0#packages/signature-v4-multi-region", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/has-flag.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/signature-v4-multi-region", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/has-flag#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/signature-v4-multi-region", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/has-flag/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.582.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d" + "content": "68508e8e336a117da5f95f108ce5b2e45ec2b47202fd1958741bafdcda3acb19fea4cbd55147bacdd324db21d672e755a475accaf719cc050196200f7852cfb1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35309,48 +129142,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/has-flag" + "value": "node_modules/@aws-sdk/signature-v4-multi-region" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "clean-stack", - "version": "3.0.1", - "bom-ref": "clean-stack@3.0.1", - "author": "Sindre Sorhus", - "description": "Clean up error stack traces", + "name": "eventstream-serde-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/clean-stack@3.0.1", + "purl": "pkg:npm/%40smithy/eventstream-serde-browser@3.0.0#packages/eventstream-serde-browser", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/clean-stack.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-browser", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/clean-stack#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-browser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/clean-stack/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "951f70362311715423481ddaef15c62eecf872be3026eb9795a0046d1bad1a8c104e6969ed1ef6fc33a0376d5ef237706e531697d50e24c2576ab5fde29cca76" + "content": "341ec01623cde0dc4ffd80809ebbd8475f33dbf66c887885ed5b46df482c84ef466c5ac86f5ac2f1ea78346a49496af3e8feb8ba13d77a8e0cd14b022e764aab" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35359,48 +129196,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/clean-stack" + "value": "node_modules/@smithy/eventstream-serde-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "escape-string-regexp", - "version": "4.0.0", - "bom-ref": "escape-string-regexp@4.0.0", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", + "name": "eventstream-serde-universal", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-universal@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/escape-string-regexp@4.0.0", + "purl": "pkg:npm/%40smithy/eventstream-serde-universal@3.0.0#packages/eventstream-serde-universal", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-universal", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-universal", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4eda5c349dd7033c771aaf2c591cc96956a346cd2e57103660091d6f58e6d9890fcf81ba7a05050320379f9bed10865e7cf93959ae145db2ae4b97ca90959d80" + "content": "1cd15f4a19a8b5619e0285b8ba33fc99e57d0596af72999eac36cf2239096f129b37c46c51ca5143fd8ec88c563715cd1f6196080c6e481ef29e62062654370f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35409,48 +129250,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/escape-string-regexp" + "value": "node_modules/@smithy/eventstream-serde-universal" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "cli-progress", - "version": "3.12.0", - "bom-ref": "cli-progress@3.12.0", - "author": "Andi Dittrich", - "description": "easy to use progress-bar for command-line/terminal applications", + "name": "eventstream-codec", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-codec@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/cli-progress@3.12.0", + "purl": "pkg:npm/%40smithy/eventstream-codec@3.0.0#packages/eventstream-codec", "externalReferences": [ { - "url": "git+https://github.com/npkgz/cli-progress.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-codec", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npkgz/cli-progress", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-codec", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npkgz/cli-progress/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "url": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b51915dc7275012c26d7d4c78a22c85cb3bb226ef0953b8a9ef918693932a003de7ea8cd83b5bb0c7294946471cbdbf10ef6f2098424428cefa6db8c9060a0f0" + "content": "3d4b72100d0e8a4e7449a105099d163d5b45f6dcffb5ecded9f0e9b56e9645797e46b11e9c7f146c48ee74ecfc89a922325de513794256a61fd98fb39cbf1015" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35459,47 +129304,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cli-progress" + "value": "node_modules/@smithy/eventstream-codec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "color", - "version": "4.2.3", - "bom-ref": "color@4.2.3", - "description": "Color conversion and manipulation with CSS string support", + "name": "eventstream-serde-config-resolver", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/color@4.2.3", + "purl": "pkg:npm/%40smithy/eventstream-serde-config-resolver@3.0.0#packages/eventstream-serde-config-resolver", "externalReferences": [ { - "url": "git+https://github.com/Qix-/color.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-config-resolver", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/Qix-/color#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-config-resolver", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Qix-/color/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d6b5deb94522186af2921f8278176ee487bb389c229c28106346dcec6091c72e71547cbe9a86aa9292ff8ea42ad0cb5039e61caea133e1a6dce5fd0ab54ed6e0" + "content": "454406def4372d7ee97aaa8701b99aca182b1796938a53e76b38a7692185d4fd3eb60337bef21158f1e694b233daa16a07d2ea148c5d8adc5cf0ed99ea9b2b47" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35508,48 +129358,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/color" + "value": "node_modules/@smithy/eventstream-serde-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "color-string", - "version": "1.9.1", - "bom-ref": "color-string@1.9.1", - "author": "Heather Arthur", - "description": "Parser and generator for CSS color strings", + "name": "eventstream-serde-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-node@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/color-string@1.9.1", + "purl": "pkg:npm/%40smithy/eventstream-serde-node@3.0.0#packages/eventstream-serde-node", "externalReferences": [ { - "url": "git+https://github.com/Qix-/color-string.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/Qix-/color-string#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Qix-/color-string/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b21ad56b0405a239d9bfac4ce346a7c780a4a033fe7d9b30fd97ab10cb16fe9cb3b116c4969b0bfc30555bbab7131c70bac74d5c8de55e9ba1119933b3ca7912" + "content": "6da44f74c0433011316572140283c69bf867b62c63b7f545a54ebe5660b2898258cd11d1c68688d4c37ee5713e8484bc009d860872cc14420e2f3abdc71d4481" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35558,48 +129412,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/color-string" + "value": "node_modules/@smithy/eventstream-serde-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "simple-swizzle", - "version": "0.2.2", - "bom-ref": "simple-swizzle@0.2.2", - "author": "Qix", - "description": "Simply swizzle your arguments", + "name": "hash-blob-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-blob-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/simple-swizzle@0.2.2", + "purl": "pkg:npm/%40smithy/hash-blob-browser@3.0.0#packages/hash-blob-browser", "externalReferences": [ { - "url": "git+https://github.com/qix-/node-simple-swizzle.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-blob-browser", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/qix-/node-simple-swizzle#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-blob-browser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/qix-/node-simple-swizzle/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", + "url": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "240fff910819b5bb98f379bec53fad5c9926267706313153f82fa0da1d91f6ec64608ac4db2cbdb2099c2e10a7c39eff5920fe121dc9f7b14f1031676d79c352" + "content": "fd66e9760f9bc09bd6ee5c51ff3a5601cd7fc7f62472a82eb85d9b033909aef5eb899bb5be6f2bf8f51d138b32895c1083b3cf476757a62dc22c16fda910da55" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35608,69 +129466,75 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/simple-swizzle" + "value": "node_modules/@smithy/hash-blob-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader-native", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader-native@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } } ], - "components": [ + "purl": "pkg:npm/%40smithy/chunked-blob-reader-native@3.0.0#packages/chunked-blob-reader-native", + "externalReferences": [ { - "type": "library", - "name": "is-arrayish", - "version": "0.3.2", - "bom-ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2", - "author": "Qix", - "description": "Determines if an object can be used as an array", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-arrayish@0.3.2", - "externalReferences": [ - { - "url": "git+https://github.com/qix-/node-is-arrayish.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/qix-/node-is-arrayish#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/qix-/node-is-arrayish/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader-native", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader-native", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "79546a0af56565bbb0dc6acceb7a2f352340780d4ad7a91a47f2d163ff76c34cf1439ff5633c1b9545fae768b85ecf51c001a35bd77dcba5fcf2df0e68025f59" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "5439290985bea5e4ae338cc98a9e560dfaaf836328fdef32c4ebf7545d66d75cbb07c28a30a545b666560dedfa16f93cac6b96acf6471d767bad1eee339c96ca" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/simple-swizzle/node_modules/is-arrayish" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader-native" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ejs", - "version": "3.1.10", - "bom-ref": "ejs@3.1.10", - "author": "Matthew Eernisse", - "description": "Embedded JavaScript templates", + "name": "chunked-blob-reader", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { @@ -35678,30 +129542,30 @@ } } ], - "purl": "pkg:npm/ejs@3.1.10", + "purl": "pkg:npm/%40smithy/chunked-blob-reader@3.0.0#packages/chunked-blob-reader", "externalReferences": [ { - "url": "git://github.com/mde/ejs.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/mde/ejs", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mde/ejs/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "51e26615f3ab0104bc38958f678aad807c961316b4f3cfccb4ae54132a091851faedc0c45e4652be23a2291099e178a3d33c48dc9102818b37a0ac7e022cd004" + "content": "b1b9d4442c231748124e81a5b0188099dd654429929fbda7bbd6b17c9bb9948c7a4541201eee86c1331ba827614128b43ee99c9b9bc5c6c8bd5d65dbda64daa0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35710,17 +129574,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ejs" + "value": "node_modules/@smithy/chunked-blob-reader" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jake", - "version": "10.8.7", - "bom-ref": "jake@10.8.7", - "author": "Matthew Eernisse", - "description": "JavaScript build tool, similar to Make or Rake", + "name": "hash-stream-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-stream-node@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { @@ -35728,30 +129596,30 @@ } } ], - "purl": "pkg:npm/jake@10.8.7", + "purl": "pkg:npm/%40smithy/hash-stream-node@3.0.0#packages/hash-stream-node", "externalReferences": [ { - "url": "git://github.com/jakejs/jake.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-stream-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jakejs/jake#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-stream-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jakejs/jake/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", + "url": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6438b768ff9f1bf2dc87207350cf34e158dd767c1f49fb1d798930b7c35c6ca46fa38ac592386ce39ea22c59f79366545af35ee22e3c5800836f36bc7e1ab6fb" + "content": "2748bb75ef848170c41884c3e1fc7398c5fc0b208d1134c84579718cc88d52fbeeefa5e7dc6277d70411f39ca794f936c08d65aa892700525a0f57e234395b20" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35760,150 +129628,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jake" - } - ], - "components": [ - { - "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "jake@10.8.7|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minimatch@3.1.2", - "externalReferences": [ - { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jake/node_modules/minimatch" - } - ] + "value": "node_modules/@smithy/hash-stream-node" }, { - "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "jake@10.8.7|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/brace-expansion@1.1.11", - "externalReferences": [ - { - "url": "git://github.com/juliangruber/brace-expansion.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jake/node_modules/brace-expansion" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "async", - "version": "3.2.5", - "bom-ref": "async@3.2.5", - "author": "Caolan McMahon", - "description": "Higher-order functions and common patterns for asynchronous code", + "name": "md5-js", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/md5-js@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/async@3.2.5", + "purl": "pkg:npm/%40smithy/md5-js@3.0.0#packages/md5-js", "externalReferences": [ { - "url": "git+https://github.com/caolan/async.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/md5-js", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://caolan.github.io/async/", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/md5-js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/caolan/async/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", + "url": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6da359caa69a2e1c8b54a9bf0e5bdd5b4e7531280ee9bf1e55f21ece5f44e4fa96c458332e6ff0427b445b8ccecad55bbab0c4af426500b12974e170bc4acbb2" + "content": "4e6d2faeb5738e50fee910904f1ec3dcbb39f12dc5507d590ad53530887fa9099a3a8d47f6530dd9ab3a0a291c13081ab6d9c0f5251149da09276ef131c11f30" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35912,48 +129682,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/async" + "value": "node_modules/@smithy/md5-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "filelist", - "version": "1.0.4", - "bom-ref": "filelist@1.0.4", - "author": "Matthew Eernisse", - "description": "Lazy-evaluating list of files, based on globs or regex patterns", + "name": "confirm", + "group": "@inquirer", + "version": "3.1.9", + "bom-ref": "@inquirer/confirm@3.1.9", + "author": "Simon Boudrias", + "description": "Inquirer confirm prompt", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/filelist@1.0.4", + "purl": "pkg:npm/%40inquirer/confirm@3.1.9", "externalReferences": [ { - "url": "git://github.com/mde/filelist.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mde/filelist", + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/confirm/README.md", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mde/filelist/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "url": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-3.1.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c35704b9fdd2f83acb0902fb113ea4cfe82694975babd27bc970928cafce6423c0faa10dd56c85e1901fd186096b8fec84726b6b6b7f77fafc495e098bec7ef1" + "content": "505d3d69e8f10a2e17aa6e8dfe32408855c0ad77e2f5a979d8015a483fb6b881e78591ad77577a94819344c3e8b95489c5b1848be1e43964986a2118ffeb3353" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -35962,69 +129737,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/filelist" - } - ], - "components": [ + "value": "node_modules/@inquirer/confirm" + }, { - "type": "library", - "name": "minimatch", - "version": "5.1.6", - "bom-ref": "filelist@1.0.4|minimatch@5.1.6", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minimatch@5.1.6", - "externalReferences": [ - { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "94ac15ff56eba46ea6054147b5becd526b400426f65996669b6c0d88e0398406fc55d092e01dddb4c5b2bdca1589c730016fc23844635cbb74ccfd735d4376ea" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/filelist/node_modules/minimatch" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "balanced-match", - "version": "1.0.2", - "bom-ref": "balanced-match@1.0.2", - "author": "Julian Gruber", - "description": "Match balanced character pairs, like \"{\" and \"}\"", + "name": "core", + "group": "@inquirer", + "version": "8.2.2", + "bom-ref": "@inquirer/core@8.2.2", + "author": "Simon Boudrias", + "description": "Core Inquirer prompt API", "licenses": [ { "license": { @@ -36032,30 +129760,30 @@ } } ], - "purl": "pkg:npm/balanced-match@1.0.2", + "purl": "pkg:npm/%40inquirer/core@8.2.2", "externalReferences": [ { - "url": "git://github.com/juliangruber/balanced-match.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/juliangruber/balanced-match", + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/core/README.md", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/balanced-match/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "url": "https://registry.npmjs.org/@inquirer/core/-/core-8.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + "content": "2bc4ae357e398c41655f7101269bbd07e4b64c84b330f197648b89f4c13ddb84aa6dd5ba3ede9f2242af5e0ee638438a2785b1a50b318f45137dc2ff038df85b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36064,17 +129792,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/balanced-match" + "value": "node_modules/@inquirer/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "concat-map", - "version": "0.0.1", - "bom-ref": "concat-map@0.0.1", - "author": "James Halliday", - "description": "concatenative mapdashery", + "name": "figures", + "group": "@inquirer", + "version": "1.0.3", + "bom-ref": "@inquirer/figures@1.0.3", + "author": "Simon Boudrias", + "description": "Vendored version of figures, for CJS compatibility", "licenses": [ { "license": { @@ -36082,30 +129815,30 @@ } } ], - "purl": "pkg:npm/concat-map@0.0.1", + "purl": "pkg:npm/%40inquirer/figures@1.0.3", "externalReferences": [ { - "url": "git://github.com/substack/node-concat-map.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/substack/node-concat-map#readme", + "url": "https://github.com/SBoudrias/Inquirer.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/substack/node-concat-map/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "url": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + "content": "12b5d7cc434c1f9a49b79fecb175740df59466a972f271b37f451c055f714e73fe2b27df1369aacb120c06b67c8a341c9369d4d13426e34110079dd8adec961f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36114,17 +129847,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/concat-map" + "value": "node_modules/@inquirer/figures" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "get-package-type", - "version": "0.1.0", - "bom-ref": "get-package-type@0.1.0", - "author": "Corey Farrell", - "description": "Determine the `package.json#type` which applies to a location", + "name": "type", + "group": "@inquirer", + "version": "1.3.3", + "bom-ref": "@inquirer/type@1.3.3", + "author": "Simon Boudrias", + "description": "Inquirer core TS types", "licenses": [ { "license": { @@ -36132,30 +129870,30 @@ } } ], - "purl": "pkg:npm/get-package-type@0.1.0", + "purl": "pkg:npm/%40inquirer/type@1.3.3", "externalReferences": [ { - "url": "git+https://github.com/cfware/get-package-type.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/cfware/get-package-type#readme", + "url": "https://github.com/SBoudrias/Inquirer.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/cfware/get-package-type/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "url": "https://registry.npmjs.org/@inquirer/type/-/type-1.3.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a63cee2ad63ae0661f5a2ccd009d1fafd56ab6d6643622b6892e37d0bb481f38c112be9b5fc026db39b8b16e11a39c23596e5c02544bd6a00c4dc5db8cd00ed9" + "content": "c5352dd0dba5ca55f6effcccc74e1961aaff92bd6b69a8854d5bd0e5f7a58d0b22020766d163e3e12ef7ff27b47dbb2587ed7942b22e0ef7c25d37a4ee9318e4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36164,17 +129902,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/get-package-type" + "value": "node_modules/@inquirer/type" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "globby", - "version": "11.1.0", - "bom-ref": "globby@11.1.0", - "author": "Sindre Sorhus", - "description": "User-friendly glob matching", + "name": "mute-stream", + "group": "@types", + "version": "0.0.4", + "bom-ref": "@types/mute-stream@0.0.4", + "description": "TypeScript definitions for mute-stream", "licenses": [ { "license": { @@ -36182,30 +129924,30 @@ } } ], - "purl": "pkg:npm/globby@11.1.0", + "purl": "pkg:npm/%40types/mute-stream@0.0.4#types/mute-stream", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/globby.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mute-stream", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/globby#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mute-stream", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/globby/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "url": "https://registry.npmjs.org/@types/mute-stream/-/mute-stream-0.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8e121768ecf2d6c6fc232a1c6abb964a7d538e69c156cf00ca1732f37ae6c4d27cab6b96282023dc29c963e2a91925c2b9e00f7348b4e6456f54ab4fd6df52de" + "content": "08f33d9f3ac23cf24740d03d91e1fd09591523e591e6431afbb5c4b398dc190d15a001a72efdb8db0f252158300047e6138a2e7c945a4dcf4f34b425d22a00a3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36214,17 +129956,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/globby" + "value": "node_modules/@types/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "array-union", - "version": "2.1.0", - "bom-ref": "array-union@2.1.0", - "author": "Sindre Sorhus", - "description": "Create an array of unique values, in order, from the input arrays", + "name": "wrap-ansi", + "group": "@types", + "version": "3.0.0", + "bom-ref": "@types/wrap-ansi@3.0.0", + "description": "TypeScript definitions for wrap-ansi", "licenses": [ { "license": { @@ -36232,30 +129978,30 @@ } } ], - "purl": "pkg:npm/array-union@2.1.0", + "purl": "pkg:npm/%40types/wrap-ansi@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/array-union.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/array-union#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/array-union/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "url": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1c6cb1a0e4d853208ceacb547ba1098277781287b0008ef331d7ea3be9068e79599810f3fdc479a5ff2bfdc4785aaeb4b0bfe9d0891c8d41043f04b7185ac8cb" + "content": "96d229c7e90cee0fcc2d165f91b2fb12c0848dfcc271270ba64837ede5c4b71e649ab00a0644c9c1dd462008c348bf304e933a1f39f960ee2949bf75044c2ed6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36264,17 +130010,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/array-union" + "value": "node_modules/@types/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "dir-glob", - "version": "3.0.1", - "bom-ref": "dir-glob@3.0.1", - "author": "Kevin Mårtensson", - "description": "Convert directories to glob compatible strings", + "name": "input", + "group": "@inquirer", + "version": "2.1.9", + "bom-ref": "@inquirer/input@2.1.9", + "author": "Simon Boudrias", + "description": "Inquirer input text prompt", "licenses": [ { "license": { @@ -36282,30 +130033,30 @@ } } ], - "purl": "pkg:npm/dir-glob@3.0.1", + "purl": "pkg:npm/%40inquirer/input@2.1.9", "externalReferences": [ { - "url": "git+https://github.com/kevva/dir-glob.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kevva/dir-glob#readme", + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/input/README.md", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kevva/dir-glob/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "url": "https://registry.npmjs.org/@inquirer/input/-/input-2.1.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5a4ad6a7d191e0a5df28663338b993b86562d545857f0b37efb9fd71ce79fed6fa0eeab217aa5c43901b88712c85a0e963dbfaa1a4abd9708389d1a633077320" + "content": "d714c21e621ee3cc7d086d7ef209401eb555747f907d887380151b832a15a69e4da2f9d78117234a7fd236e95ea717fd3a5f070eade0cf0dd908052bfa1d44ca" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36314,17 +130065,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/dir-glob" + "value": "node_modules/@inquirer/input" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "path-type", - "version": "4.0.0", - "bom-ref": "path-type@4.0.0", - "author": "Sindre Sorhus", - "description": "Check if a path is a file, directory, or symlink", + "name": "select", + "group": "@inquirer", + "version": "2.3.5", + "bom-ref": "@inquirer/select@2.3.5", + "author": "Simon Boudrias", + "description": "Inquirer select/list prompt", "licenses": [ { "license": { @@ -36332,30 +130088,30 @@ } } ], - "purl": "pkg:npm/path-type@4.0.0", + "purl": "pkg:npm/%40inquirer/select@2.3.5", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/path-type.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/path-type#readme", + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/select/README.md", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/path-type/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "url": "https://registry.npmjs.org/@inquirer/select/-/select-2.3.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf" + "content": "232063f2812d99d1761b1e052533ed1326b7ecc0fab342804cab07aa09a5b3494aec441b8584aaf46425705aba701b187bf720434160d9c0aa6183e2fddfdfc5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36364,17 +130120,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/path-type" + "value": "node_modules/@inquirer/select" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ignore", - "version": "5.3.1", - "bom-ref": "ignore@5.3.1", - "author": "kael", - "description": "Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.", + "name": "plugin-not-found", + "group": "@oclif", + "version": "3.2.1", + "bom-ref": "@oclif/plugin-not-found@3.2.1", + "author": "Salesforce", + "description": "\"did you mean\" for oclif", "licenses": [ { "license": { @@ -36382,30 +130143,30 @@ } } ], - "purl": "pkg:npm/ignore@5.3.1", + "purl": "pkg:npm/%40oclif/plugin-not-found@3.2.1", "externalReferences": [ { - "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "url": "git+https://github.com/oclif/plugin-not-found.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kaelzhang/node-ignore#readme", + "url": "https://github.com/oclif/plugin-not-found", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kaelzhang/node-ignore/issues", + "url": "https://github.com/oclif/plugin-not-found/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "url": "https://registry.npmjs.org/@oclif/plugin-not-found/-/plugin-not-found-3.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e45cadcff22b68c8eaa707dddf891edbc3d354c8d98c91b630f9f9b7b384e1e50250d7fc0406bb6f95944bdfd0bebea6c0e412ecc93abddb0c9e8e617be4fc5f" + "content": "63617258b133893ae0750c1de0bb59718bf754e31e0e15b4a56ea16c4d2eddf25dc6cf1fdc92df38724f77c14fa2b56dda576c6a3e3371751603abcc40a78a6d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36414,17 +130175,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ignore" + "value": "node_modules/@oclif/plugin-not-found" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "hyperlinker", - "version": "1.0.0", - "bom-ref": "hyperlinker@1.0.0", - "author": "James Talmage", - "description": "Write hyperlinks in the terminal.", + "name": "fast-levenshtein", + "version": "3.0.0", + "bom-ref": "fast-levenshtein@3.0.0", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", "licenses": [ { "license": { @@ -36432,30 +130197,30 @@ } } ], - "purl": "pkg:npm/hyperlinker@1.0.0", + "purl": "pkg:npm/fast-levenshtein@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/jamestalmage/hyperlinker.git", + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jamestalmage/hyperlinker#readme", + "url": "https://github.com/hiddentao/fast-levenshtein#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jamestalmage/hyperlinker/issues", + "url": "https://github.com/hiddentao/fast-levenshtein/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4f2f146e545614471f4ae21a6a3337e0b74f5c885bb356a3117fc104fbf6e09f9e9d255a11563adf143a9533bd551612e4b028821206d080c9fa9f883f329441" + "content": "84a28d6a39b8eae3664e58474b2664993a00739eae649c18abbcab722663a8ec6795f4301110d02661cf529ee6d66f70c7cbe039ef08682299e4abf69350dd09" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36464,17 +130229,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/hyperlinker" + "value": "node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "indent-string", - "version": "4.0.0", - "bom-ref": "indent-string@4.0.0", - "author": "Sindre Sorhus", - "description": "Indent each line in a string", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", "licenses": [ { "license": { @@ -36482,30 +130251,30 @@ } } ], - "purl": "pkg:npm/indent-string@4.0.0", + "purl": "pkg:npm/fastest-levenshtein@1.0.16", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/indent-string.git", + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/indent-string#readme", + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/indent-string/issues", + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "url": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "11d0c366ee00d8ec882bb2ebff6cc6fb0e6399bba4d435419c4c11110bc1ceca412640846d16bc1b153596085871a1890a745689b8c35e5abbefd5f5ff2e71c2" + "content": "7919c2b534ed199169402c2126250ebb13d05915d52980e7d1bd8f7877d72fafd98b9dd22c0cc01df5615562b602bc82fd61f4e6419fc611483ef4c5d125d0ce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36514,17 +130283,20 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/indent-string" + "value": "node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "is-wsl", - "version": "2.2.0", - "bom-ref": "is-wsl@2.2.0", - "author": "Sindre Sorhus", - "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "name": "async-retry", + "version": "1.3.3", + "bom-ref": "async-retry@1.3.3", + "description": "Retrying made simple, easy and async", "licenses": [ { "license": { @@ -36532,30 +130304,30 @@ } } ], - "purl": "pkg:npm/is-wsl@2.2.0", + "purl": "pkg:npm/async-retry@1.3.3", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-wsl.git", + "url": "git+https://github.com/vercel/async-retry.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-wsl#readme", + "url": "https://github.com/vercel/async-retry#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-wsl/issues", + "url": "https://github.com/vercel/async-retry/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "url": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7cacc0adad2b18951407018180d90766e4e865c9fe4ed5c7a5e0a09a430930c631d6c40361a092ca32414826b69c7d431a6eecde7d68067a21a154c168decbc3" + "content": "c1faff8ecb70f71362ff4b5e307ad15bb76ccf72ede4046160d6767b0a5a76785a229e666c02e13803fe10076c0bbb7867ac2ab0356ff7e5ba826d4393d984cb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36564,17 +130336,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-wsl" + "value": "node_modules/async-retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "is-docker", - "version": "2.2.1", - "bom-ref": "is-docker@2.2.1", - "author": "Sindre Sorhus", - "description": "Check if the process is running inside a Docker container", + "name": "retry", + "version": "0.13.1", + "bom-ref": "retry@0.13.1", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", "licenses": [ { "license": { @@ -36582,30 +130358,30 @@ } } ], - "purl": "pkg:npm/is-docker@2.2.1", + "purl": "pkg:npm/retry@0.13.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-docker.git", + "url": "git://github.com/tim-kos/node-retry.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-docker#readme", + "url": "https://github.com/tim-kos/node-retry", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-docker/issues", + "url": "https://github.com/tim-kos/node-retry/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "url": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "17e8b604ab05ac7eba89a505734c280fcb0bcbc81eb64c13c2d3818efb39e82c780a024378a41ea9fcfcc0062249bf093a9ad68471f9a7becf6e6602bef52e5d" + "content": "5d0050dc8f16d4281ed127a1fba8238f4dcb6e64455aea2cce02bda280a9c1822b861a0ef34a5fab8714914e439249f07ce7c5b5e470959e7a3d838663215676" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36614,17 +130390,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-docker" + "value": "node_modules/retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "natural-orderby", - "version": "2.0.3", - "bom-ref": "natural-orderby@2.0.3", - "author": "Olaf Ennen", - "description": "Lightweight and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.", + "name": "change-case", + "version": "4.1.2", + "bom-ref": "change-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform a string between `camelCase`, `PascalCase`, `Capital Case`, `snake_case`, `param-case`, `CONSTANT_CASE` and others", "licenses": [ { "license": { @@ -36632,30 +130412,30 @@ } } ], - "purl": "pkg:npm/natural-orderby@2.0.3", + "purl": "pkg:npm/change-case@4.1.2", "externalReferences": [ { - "url": "git+https://github.com/yobacca/natural-orderby.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://yobacca.github.io/natural-orderby", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yobacca/natural-orderby/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "url": "https://registry.npmjs.org/change-case/-/change-case-4.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a7b2931f1534094adc3977bad997eb6f9675de72ef3e149647fb28de416e954414d2c814965d99d0bc29b0b377e7578e383fa1446bbf17583eeb10df3de0fef9" + "content": "6d2c58db0b3d3adbe220b1b51226392bb34dc64aa0fc99d19c5c4bb4a43de896af8a22318bb76332b49dd04093f400be96db429666302b0e77056a4e31b968ec" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36664,54 +130444,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/natural-orderby" + "value": "node_modules/change-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "object-treeify", - "version": "1.1.33", - "bom-ref": "object-treeify@1.1.33", - "author": "Lukas Siemon", - "description": "Stringify Object as tree structure", + "name": "camel-case", + "version": "4.1.2", + "bom-ref": "camel-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform into a string with the separator denoted by the next word capitalized", "licenses": [ { "license": { "id": "MIT" } - }, - { - "license": { - "id": "MIT", - "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" - } } ], - "purl": "pkg:npm/object-treeify@1.1.33", + "purl": "pkg:npm/camel-case@4.1.2", "externalReferences": [ { - "url": "git+https://github.com/blackflux/object-treeify.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blackflux/object-treeify#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blackflux/object-treeify/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "url": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1055630187f35aa5ac04c4473cc0172c20c8267a4c85d580a91ef11ba33a6b672ce8f305a65ffe676d30f730d6e2f9313857dd75e8012aaf517a17746f1584ec" + "content": "83119606b4d3d49b8cc7a47ea393d35cc9949e19d5ccb43d48dbad0f862a2ad23a6a9f3deedded28409895aea0096124a655e794dc9b124660f46106c4a14283" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36720,48 +130498,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/object-treeify" + "value": "node_modules/camel-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "password-prompt", - "version": "1.1.3", - "bom-ref": "password-prompt@1.1.3", - "author": "Jeff Dickey @jdxcode", - "description": "cross-platform masked or hidden prompt", + "name": "pascal-case", + "version": "3.1.2", + "bom-ref": "pascal-case@3.1.2", + "author": "Blake Embrey", + "description": "Transform into a string of capitalized words without separators", "licenses": [ { "license": { - "id": "0BSD" + "id": "MIT" } } ], - "purl": "pkg:npm/password-prompt@1.1.3", + "purl": "pkg:npm/pascal-case@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/jdxcode/password-prompt.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jdxcode/password-prompt", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/pascal-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jdxcode/password-prompt/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "url": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1e4ae31b668996f174b7604c1f47b62c1fc41dfdcb72addf34ccf2e066077106e502f3a5f904238b52f1ed644132aa552bca7e291edb0a0ee8a80317b5d82acb" + "content": "b969464f76129caf71dc140968e75c670ae757a84fa5df23147d7fb9ca622d13e1ff6cc2549292d7d1381af607bda09c0029f77e85d9d1c2c1f56af1d4a19ee6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36770,16 +130552,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/password-prompt" + "value": "node_modules/pascal-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "slice-ansi", - "version": "4.0.0", - "bom-ref": "slice-ansi@4.0.0", - "description": "Slice a string with ANSI escape codes", + "name": "capital-case", + "version": "1.0.4", + "bom-ref": "capital-case@1.0.4", + "author": "Blake Embrey", + "description": "Transform into a space separated string with each word capitalized", "licenses": [ { "license": { @@ -36787,30 +130574,30 @@ } } ], - "purl": "pkg:npm/slice-ansi@4.0.0", + "purl": "pkg:npm/capital-case@1.0.4", "externalReferences": [ { - "url": "git+https://github.com/chalk/slice-ansi.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/slice-ansi#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/capital-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/slice-ansi/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "url": "https://registry.npmjs.org/capital-case/-/capital-case-1.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a8c08c7e1634e347151d3e372bd045ca0a986d43c564a1ce83b2bbde6b5358945bf29c8fddfcdfe08c5de52cdd10943a311520fd606738bc60859b4a2aeac435" + "content": "76cdfb5bc0b2b478309e11864e2f3ca5c3f2475e6aa0d90ea58c2630c7e75aaa9680449aa4baaf0f1ea1b858d0e6fa964a7d99d3ad7bdd7340ecbb4c39e521d4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36819,17 +130606,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/slice-ansi" + "value": "node_modules/capital-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "astral-regex", - "version": "2.0.0", - "bom-ref": "astral-regex@2.0.0", - "author": "Kevin Mårtensson", - "description": "Regular expression for matching astral symbols", + "name": "no-case", + "version": "3.0.4", + "bom-ref": "no-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with spaces between words", "licenses": [ { "license": { @@ -36837,30 +130628,30 @@ } } ], - "purl": "pkg:npm/astral-regex@2.0.0", + "purl": "pkg:npm/no-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/kevva/astral-regex.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kevva/astral-regex#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/no-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kevva/astral-regex/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "url": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "67bb4cc35cad4d7b798ea31c38ff8e42d794d55b8d2bd634daeb89b4a4354afebd8d740a2a0e5c89b2f0189a30f32cd93fe780735f0498b18f6a5d1ba77eabbd" + "content": "7e000dde318087e468c541991d348e2c922a51cdb09a8070191e2d6e93402a69a8bc5a16ab439d4646f456495d45e3b66b68814ff384ba51bd5d251cd74af7ce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36869,17 +130660,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/astral-regex" + "value": "node_modules/no-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "widest-line", - "version": "3.1.0", - "bom-ref": "widest-line@3.1.0", - "author": "Sindre Sorhus", - "description": "Get the visual width of the widest line in a string - the number of columns required to display it", + "name": "upper-case-first", + "version": "2.0.2", + "bom-ref": "upper-case-first@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string with the first character in upper cased", "licenses": [ { "license": { @@ -36887,30 +130682,30 @@ } } ], - "purl": "pkg:npm/widest-line@3.1.0", + "purl": "pkg:npm/upper-case-first@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/widest-line.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/widest-line#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case-first#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/widest-line/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "url": "https://registry.npmjs.org/upper-case-first/-/upper-case-first-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "36c9a85da96c5950cc1aea71679474f246bd7e56638e22ef1d501660e2ad88a33cba3b595abf5c45f7da93eb92138f3e39bf0e6da957a70c9e522c830fa40582" + "content": "e75e29a581c168ac1f2512bfa4d0ba73f3b17c66b4a1b4a7025d74eaef7b11dd08eb6e4d8a7f7a2808edb5917a64bdded572eda61c67aab3a2f625a09bebbe6e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36919,17 +130714,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/widest-line" + "value": "node_modules/upper-case-first" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "wrap-ansi", - "version": "7.0.0", - "bom-ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", - "author": "Sindre Sorhus", - "description": "Wordwrap a string with ANSI escape codes", + "name": "constant-case", + "version": "3.0.4", + "bom-ref": "constant-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into upper case string with an underscore between words", "licenses": [ { "license": { @@ -36937,30 +130736,30 @@ } } ], - "purl": "pkg:npm/wrap-ansi@7.0.0", + "purl": "pkg:npm/constant-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/chalk/wrap-ansi.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/wrap-ansi#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/constant-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/wrap-ansi/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "url": "https://registry.npmjs.org/constant-case/-/constant-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + "content": "236852062ed5becec112e243af97431dfcdbfd1ba3dc5caf17287b28b8a5023350c3705efb182a5010365bab1c54470bd212f57703d1b48a843d55022a44acc9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -36969,18 +130768,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/wrap-ansi" + "value": "node_modules/constant-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "plugin-help", - "group": "@oclif", - "version": "6.1.0", - "bom-ref": "@oclif/plugin-help@6.1.0", - "author": "Salesforce", - "description": "Standard help for oclif.", + "name": "upper-case", + "version": "2.0.2", + "bom-ref": "upper-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to upper case", "licenses": [ { "license": { @@ -36988,30 +130790,30 @@ } } ], - "purl": "pkg:npm/%40oclif/plugin-help@6.1.0", + "purl": "pkg:npm/upper-case@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/oclif/plugin-help.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/plugin-help", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/plugin-help/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.1.0.tgz", + "url": "https://registry.npmjs.org/upper-case/-/upper-case-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "53e2cd28a69906ba07aa848622961b42691397c696d0d25c3bdb6bd3dd4b24e67be22a840e2ba97c14c232e9255bdb9365d585600a6a4e6b210ee07f238d63c5" + "content": "2a07600c626dd93a6ec015088e01ba973c36196151096f5091f922bf40f1a871cb6091e6b6675420a71977cac78054a3a29553970ea08330a6d5bf0c150c2292" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -37020,151 +130822,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-help" - } - ], - "components": [ - { - "type": "library", - "name": "core", - "group": "@oclif", - "version": "4.0.0-beta.13", - "bom-ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", - "author": "Salesforce", - "description": "base library for oclif CLIs", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40oclif/core@4.0.0-beta.13", - "externalReferences": [ - { - "url": "git+https://github.com/oclif/core.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/oclif/core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/oclif/core/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.13.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ba0f02654089a6181eb5265581de07420c9ec256151861b52c87855c6c63818b2367f7f92379d20a3ef1a403040ea8d50ff970992ba3b55c1aeedbc480b1880b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-help/node_modules/@oclif/core" - } - ] + "value": "node_modules/upper-case" }, { - "type": "library", - "name": "supports-color", - "version": "9.4.0", - "bom-ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/supports-color@9.4.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-9.4.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "54bfa536b128217c30d5ca0b3ce9a21262bfd2c1a2824a3908ec48d3d2b31dcd9525726c437ed4690fbcaaebb18c3780efe2a72c64d647239748b2d1d966f88f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-help/node_modules/supports-color" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ansis", - "version": "3.2.0", - "bom-ref": "ansis@3.2.0", - "author": "webdiscus", - "description": "Colorize terminal with ANSI colors & styles", + "name": "dot-case", + "version": "3.0.4", + "bom-ref": "dot-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with a period between words", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/ansis@3.2.0", + "purl": "pkg:npm/dot-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/webdiscus/ansis.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/webdiscus/ansis", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/dot-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/webdiscus/ansis/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansis/-/ansis-3.2.0.tgz", + "url": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "624dc19071fd53ba0fc8237780be5373b0a96a11bff9416fffa506d370b7d75572f65cd1980e6ea310d3a54f423b7ac61cbe8acc9cffa5d0de5d9099e4cbbf4a" + "content": "2afe672a587ac91addac6bf1789d9ee72d9e454a64528b085b8036012dfccf04b3dbbceeeee7c3c103e2e4986cdd702518d7ad9776e69c6850b0cb642899e3df" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -37173,17 +130876,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ansis" + "value": "node_modules/dot-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "cli-spinners", - "version": "2.9.2", - "bom-ref": "cli-spinners@2.9.2", - "author": "Sindre Sorhus", - "description": "Spinners for use in the terminal", + "name": "header-case", + "version": "2.0.4", + "bom-ref": "header-case@2.0.4", + "author": "Blake Embrey", + "description": "Transform into a dash separated string of capitalized words", "licenses": [ { "license": { @@ -37191,30 +130898,30 @@ } } ], - "purl": "pkg:npm/cli-spinners@2.9.2", + "purl": "pkg:npm/header-case@2.0.4", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/cli-spinners.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/cli-spinners#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/header-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/cli-spinners/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "url": "https://registry.npmjs.org/header-case/-/header-case-2.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cb0a95fb9326c8be04ef26d780acace03ba065b5f4142e8b9f0ae18eeca42239caf64f0e41a710edac462a78c35d63619ecd31a2dddb648e61e791fcca8f5c26" + "content": "1ffbee9394c4115670ad1d25a76cde77d382a35b8020b325c742443200b6eabcf2249dcdd6fe979301c75c941d4767684a37063cce8e28f6282607f4a65275d5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -37223,17 +130930,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cli-spinners" + "value": "node_modules/header-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "cosmiconfig", - "version": "9.0.0", - "bom-ref": "cosmiconfig@9.0.0", - "author": "Daniel Fischer", - "description": "Find and load configuration from a package.json property, rc file, TypeScript module, and more!", + "name": "lower-case", + "version": "2.0.2", + "bom-ref": "lower-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to lower case", "licenses": [ { "license": { @@ -37241,30 +130952,30 @@ } } ], - "purl": "pkg:npm/cosmiconfig@9.0.0", + "purl": "pkg:npm/lower-case@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/cosmiconfig/cosmiconfig.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/cosmiconfig/cosmiconfig#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/lower-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/cosmiconfig/cosmiconfig/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", + "url": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8adbcbe61f1111300298e4c573851f23207645f1078bbd40c7a13f3e2bd5c6af4db1e29b396a5ec8710e21b980c35aecf0093456eaec40dc30ee57fb62d530ce" + "content": "edf9b797734017d59f37a5b724e99fe5daf0a55a97efc26da0627703a5b46ba66795d338d70d9f5790f8f74a6c2854e931db3c4c9b1efde1cb145b0d1c78c782" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -37273,17 +130984,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cosmiconfig" + "value": "node_modules/lower-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "env-paths", - "version": "2.2.1", - "bom-ref": "env-paths@2.2.1", - "author": "Sindre Sorhus", - "description": "Get paths for storing things like data, config, cache, etc", + "name": "param-case", + "version": "3.0.4", + "bom-ref": "param-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with dashes between words", "licenses": [ { "license": { @@ -37291,30 +131006,30 @@ } } ], - "purl": "pkg:npm/env-paths@2.2.1", + "purl": "pkg:npm/param-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/env-paths.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/env-paths#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/param-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/env-paths/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "url": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fa1d6590b2a164c4d88e8835544a49346ecd64959cb9cd830e4feab2a49345108e5e22e3790d5dd7fb9dad41a1a8cc5480097028d67471fdaea9a9f918bb92d8" + "content": "457963ef3098a2445ea96a4e3c7f68622bd4ccb619e6f00f21f1260933558a8b02efc17c1741fdcbb4fb806d8cdfdca682eb7117981c144b326504a987d069dc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -37323,17 +131038,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/env-paths" + "value": "node_modules/param-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "import-fresh", - "version": "3.3.0", - "bom-ref": "import-fresh@3.3.0", - "author": "Sindre Sorhus", - "description": "Import a module while bypassing the cache", + "name": "path-case", + "version": "3.0.4", + "bom-ref": "path-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with slashes between words", "licenses": [ { "license": { @@ -37341,30 +131060,30 @@ } } ], - "purl": "pkg:npm/import-fresh@3.3.0", + "purl": "pkg:npm/path-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/import-fresh.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/import-fresh#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/path-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/import-fresh/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "url": "https://registry.npmjs.org/path-case/-/path-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bde6188506be0f54012b39ef8541f16fc7dac65af0527c6c78301b029e39ec4d302cd8a8d9b3922a78d80e1323f98880abad71acc1a1424f625d593917381033" + "content": "a8ee2a0858d7a954eb71b3edfe141f85343e56116ca8d28e3edcad80d2a42b14a8129dd73d443c39b16e78fca5388a24e608e7ebdaf2f178942f10b0a2ddd67e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -37373,17 +131092,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/import-fresh" + "value": "node_modules/path-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "js-yaml", - "version": "4.1.0", - "bom-ref": "js-yaml@4.1.0", - "author": "Vladimir Zapparov", - "description": "YAML 1.2 parser and serializer", + "name": "sentence-case", + "version": "3.0.4", + "bom-ref": "sentence-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case with spaces between words, then capitalize the string", "licenses": [ { "license": { @@ -37391,30 +131114,30 @@ } } ], - "purl": "pkg:npm/js-yaml@4.1.0", + "purl": "pkg:npm/sentence-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/nodeca/js-yaml.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodeca/js-yaml#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/sentence-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodeca/js-yaml/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "url": "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c29c59b3d368c596891122462194f20c4698a65d0529203e141f5a262c9e98a84cc24c5083ade1e13d4a2605061e94ea3c33517269982ee82b46326506d5af44" + "content": "f0b4b42489da40c091a10ed8532b40a3fc54bb95b65e74315761c8ffab8ce94ec22134b546a3c496bdf457ab88ab230a33d949191545cb9ff80aecdc8b13584a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -37423,16 +131146,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/js-yaml" + "value": "node_modules/sentence-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "error-ex", - "version": "1.3.2", - "bom-ref": "error-ex@1.3.2", - "description": "Easy error subclassing and stack customization", + "name": "snake-case", + "version": "3.0.4", + "bom-ref": "snake-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with underscores between words", "licenses": [ { "license": { @@ -37440,30 +131168,30 @@ } } ], - "purl": "pkg:npm/error-ex@1.3.2", + "purl": "pkg:npm/snake-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/qix-/node-error-ex.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/qix-/node-error-ex#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/snake-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/qix-/node-error-ex/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "url": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2" + "content": "2c03a1e33f3d6c642f97da457cd17c575e3a8bba3bfc2a853dbab36203fec98cc3203792f4768d16d5c005a9915be010cc454e0dcbc4efd96327ef1af5849d32" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -37472,48 +131200,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/error-ex" + "value": "node_modules/snake-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "json-parse-even-better-errors", - "version": "2.3.1", - "bom-ref": "json-parse-even-better-errors@2.3.1", - "author": "Kat Marchán", - "description": "JSON.parse with context information on error", + "name": "find-yarn-workspace-root", + "version": "2.0.0", + "bom-ref": "find-yarn-workspace-root@2.0.0", + "author": "Square, Inc.", + "description": "Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/json-parse-even-better-errors@2.3.1", + "purl": "pkg:npm/find-yarn-workspace-root@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "url": "git+https://github.com/square/find-yarn-workspace-root.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "url": "https://github.com/square/find-yarn-workspace-root#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "url": "https://github.com/square/find-yarn-workspace-root/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "url": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c72170ca1ae8fc91287fa1a17b68b3d8d717a23dac96836c5abfd7b044432bfa223c27da36197938d7e9fa341d01945043420958dcc7f7321917b962f75921db" + "content": "d483276e3b782b3b107e7867ccd77cc141205d9e3823365a6669cb631ec3e45665687b76816db40ab8bc43e13fb79b488f8f9ea5306e6fed99c6efef3482f3a9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -37522,48 +131254,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-parse-even-better-errors" + "value": "node_modules/find-yarn-workspace-root" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "typescript", - "version": "5.1.6", - "bom-ref": "typescript@5.1.6", - "author": "Microsoft Corp.", - "description": "TypeScript is a language for application scale JavaScript development", + "name": "github-slugger", + "version": "2.0.0", + "bom-ref": "github-slugger@2.0.0", + "author": "Dan Flettre", + "description": "Generate a slug just like GitHub does for markdown headings.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/typescript@5.1.6", + "purl": "pkg:npm/github-slugger@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/TypeScript.git", + "url": "git+https://github.com/Flet/github-slugger.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://github.com/Flet/github-slugger", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/Flet/github-slugger/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/typescript/-/typescript-5.1.6.tgz", + "url": "https://registry.npmjs.org/github-slugger/-/github-slugger-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cda582a33459e832c4580585ad50f3d47e85557cd449f4f2e4550c5ac42553c626e493fd78ee31913211385090be141feb5cfa3bf1baba0c374a0027bef9be1c" + "content": "21a390f69b98b63ae4abb63462097d283667adffda89425852955ff3dcbc9326b16d11bb6354ab5ff8daba6aeff35bdceb5fa488c7a6a6e8ec337630ef0e6a73" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -37572,17 +131308,20 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/typescript" + "value": "node_modules/github-slugger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "debug", - "version": "4.3.4", - "bom-ref": "debug@4.3.4", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", + "name": "got", + "version": "13.0.0", + "bom-ref": "got@13.0.0", + "description": "Human-friendly and powerful HTTP request library for Node.js", "licenses": [ { "license": { @@ -37590,30 +131329,30 @@ } } ], - "purl": "pkg:npm/debug@4.3.4", + "purl": "pkg:npm/got@13.0.0", "externalReferences": [ { - "url": "git://github.com/debug-js/debug.git", + "url": "git+https://github.com/sindresorhus/got.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/debug-js/debug#readme", + "url": "https://github.com/sindresorhus/got#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/debug-js/debug/issues", + "url": "https://github.com/sindresorhus/got/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "url": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + "content": "5df064d42c4e39270370cafd3b5c8a90d690cb2f3ae4d6d8b3e17b76be07d0b64c5600a3d8b7b9f64e8fa9b347a0be53a1e684414621e9ceb231f55c73a489c4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -37622,69 +131361,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/debug" - } - ], - "components": [ + "value": "node_modules/got" + }, { - "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "debug@4.3.4|ms@2.1.2", - "description": "Tiny millisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/debug/node_modules/ms" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "plugin-plugins", - "group": "@oclif", - "version": "5.2.2", - "bom-ref": "@oclif/plugin-plugins@5.2.2", - "author": "Salesforce", - "description": "plugins plugin for oclif", + "name": "is", + "group": "@sindresorhus", + "version": "5.6.0", + "bom-ref": "@sindresorhus/is@5.6.0", + "author": "Sindre Sorhus", + "description": "Type check values", "licenses": [ { "license": { @@ -37692,30 +131384,30 @@ } } ], - "purl": "pkg:npm/%40oclif/plugin-plugins@5.2.2", + "purl": "pkg:npm/%40sindresorhus/is@5.6.0", "externalReferences": [ { - "url": "git+https://github.com/oclif/plugin-plugins.git", + "url": "git+https://github.com/sindresorhus/is.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/plugin-plugins", + "url": "https://github.com/sindresorhus/is#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/plugin-plugins/issues", + "url": "https://github.com/sindresorhus/is/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/plugin-plugins/-/plugin-plugins-5.2.2.tgz", + "url": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "054027977f9f374f1c7fb2ea9cb851bf991cf8758e2f3dd32eadedf407f6e5af100a9c5804a6339f283152ba08e744ccd34dbe8b49af8e4b518e0d9b1fd791ce" + "content": "4d5eedf062986895ac9f4d2d143a81c3cf94aa6afc0347d1535b6f4d08726731afd2c24219140bdc918c237b9cb8aa375c865d50ff8bc7bfe0876b7795ec32ee" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -37724,709 +131416,107 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins" - } - ], - "components": [ - { - "type": "library", - "name": "core", - "group": "@oclif", - "version": "4.0.1", - "bom-ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", - "author": "Salesforce", - "description": "base library for oclif CLIs", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40oclif/core@4.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/oclif/core.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/oclif/core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/oclif/core/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/@oclif/core" - } - ] - }, - { - "type": "library", - "name": "debug", - "version": "4.3.5", - "bom-ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/debug@4.3.5", - "externalReferences": [ - { - "url": "git://github.com/debug-js/debug.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/debug-js/debug#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/debug-js/debug/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/debug" - } - ] - }, - { - "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2", - "description": "Tiny millisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/ms" - } - ] - }, - { - "type": "library", - "name": "npm-package-arg", - "version": "11.0.2", - "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", - "author": "GitHub Inc.", - "description": "Parse the things that can be arguments to `npm install`", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/npm-package-arg@11.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/npm/npm-package-arg.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/npm-package-arg", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/npm-package-arg/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "206374200c26843270cb5dd673c93ee0f11b4cf86926732d7d1e7765b3b28e4be611c2d2e270b0a7a9af3168d2e6c5237a25b79a9c7a7079ae84a12ef5799c43" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-package-arg" - } - ] - }, - { - "type": "library", - "name": "proc-log", - "version": "4.2.0", - "bom-ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", - "author": "GitHub Inc.", - "description": "just emit 'log' events on the process object", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/proc-log@4.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/npm/proc-log.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/proc-log#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/proc-log/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "83cf8e9d4fcbdaffb0ca254af83e5f037e09ec41fc8d9f030e5bf085108cc66323ed4081bf188ed6619e37edfa25720a178cdebd4e2444177c955806f6f2de94" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/proc-log" - } - ] - }, - { - "type": "library", - "name": "npm-run-path", - "version": "5.3.0", - "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", - "author": "Sindre Sorhus", - "description": "Get your PATH prepended with locally installed binaries", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/npm-run-path@5.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/npm-run-path.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/npm-run-path#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/npm-run-path/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a69c13b62259ab43bf6a2d33ef27ee76d069588a3133cc84ea71e2d57e3b785476116391a9f6eee829cf94db2378debcdde4f4a86e87fcfc9ff5f09cbe39e79d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path" - } - ], - "components": [ - { - "type": "library", - "name": "path-key", - "version": "4.0.0", - "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0", - "author": "Sindre Sorhus", - "description": "Get the PATH environment variable key cross-platform", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/path-key@4.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/path-key.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/path-key#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/path-key/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "85a444ca9abbc6433b12b7e0232034cfe063e0018a94c49d9501368ef268ea1b960f511d90a615f86fd3e27ab4604176be04d3f24a8c14aa35b879fde74af849" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path/node_modules/path-key" - } - ] - } - ] - }, - { - "type": "library", - "name": "object-treeify", - "version": "4.0.1", - "bom-ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", - "author": "Lukas Siemon", - "description": "Stringify Object as tree structure", - "licenses": [ - { - "license": { - "id": "MIT" - } - }, - { - "license": { - "id": "MIT", - "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" - } - } - ], - "purl": "pkg:npm/object-treeify@4.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/blackflux/object-treeify.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blackflux/object-treeify#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blackflux/object-treeify/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-4.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "63ab60e6b1dfb1e7d291f2ae8efd92c07ba522744ecbfac22f9178c3440e5b1badf009f16317f46263614e1f7965fcb1a6cb9da3aeaeaa4bb1d000859f231281" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/object-treeify" - } - ] - }, - { - "type": "library", - "name": "which", - "version": "4.0.0", - "bom-ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", - "author": "GitHub Inc.", - "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/which@4.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/npm/node-which.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/node-which#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/node-which/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1a5698c846f4ec33f16022a12b3a65096049b6fc5971932b2fee1492b4d22471cfc99538998613bf7a9a39eefb1fb10e0cb492a2901414073a5bc538caabec72" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/which" - } - ] - }, - { - "type": "library", - "name": "isexe", - "version": "3.1.1", - "bom-ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1", - "author": "Isaac Z. Schlueter", - "description": "Minimal module to check if a file is executable.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/isexe@3.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/isexe.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/isexe#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/isexe/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2e907fe7807eff627986a43b8a66477dd537d4e96042ac7b6627159649bd93383dff0f0628b11c15f265fedec30840ee78ec81003eb3082c133ba173b3436811" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/isexe" - } - ] + "value": "node_modules/@sindresorhus/is" }, { - "type": "library", - "name": "yarn", - "version": "1.22.22", - "bom-ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22", - "description": "📦🐈 Fast, reliable, and secure dependency management.", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/yarn@1.22.22", - "externalReferences": [ - { - "url": "git+https://github.com/yarnpkg/yarn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/yarnpkg/yarn#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/yarnpkg/yarn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/yarn" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "hosted-git-info", - "version": "7.0.2", - "bom-ref": "hosted-git-info@7.0.2", - "author": "GitHub Inc.", - "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "name": "http-timer", + "group": "@szmarczak", + "version": "5.0.1", + "bom-ref": "@szmarczak/http-timer@5.0.1", + "author": "Szymon Marczak", + "description": "Timings for HTTP requests", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/hosted-git-info@7.0.2", + "purl": "pkg:npm/%40szmarczak/http-timer@5.0.1", "externalReferences": [ { - "url": "git+https://github.com/npm/hosted-git-info.git", + "url": "git+https://github.com/szmarczak/http-timer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/hosted-git-info", + "url": "https://github.com/szmarczak/http-timer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/hosted-git-info/issues", + "url": "https://github.com/szmarczak/http-timer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "url": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a6e519014293e66f19cefb3bd975b2dc7b6f55b4d6963444eba70feb46f127302a7f60e0202a3b9584d8d881d498b9cda6362fc396ef9a81ef3dcd103b66badb" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/hosted-git-info" - } - ], - "components": [ - { - "type": "library", - "name": "lru-cache", - "version": "10.2.2", - "bom-ref": "hosted-git-info@7.0.2|lru-cache@10.2.2", - "author": "Isaac Z. Schlueter", - "description": "A cache object that deletes the least-recently-used items.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/lru-cache@10.2.2", - "externalReferences": [ - { - "url": "git://github.com/isaacs/node-lru-cache.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-lru-cache#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-lru-cache/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f61a77569dbf845414888c0aa3c5c2785567ae0f0f9374d834f211eed2400ca8b961f705eef11a2bb6af1474e54b2de438a61a25069a95f128e98b9775c78139" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "content": "f8f9905f43e20183cc79561edb7ecb24062f38c616d63dab1f96113b24b76f8093549ba6df81df46f2af033a331c0406d139c735d51f63d9c2794c9102cfff73" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/hosted-git-info/node_modules/lru-cache" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@szmarczak/http-timer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "validate-npm-package-name", - "version": "5.0.1", - "bom-ref": "validate-npm-package-name@5.0.1", - "author": "GitHub Inc.", - "description": "Give me a string and I'll tell you if it's a valid npm package name", + "name": "defer-to-connect", + "version": "2.0.1", + "bom-ref": "defer-to-connect@2.0.1", + "author": "Szymon Marczak", + "description": "The safe way to handle the `connect` socket event", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/validate-npm-package-name@5.0.1", + "purl": "pkg:npm/defer-to-connect@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/npm/validate-npm-package-name.git", + "url": "git+https://github.com/szmarczak/defer-to-connect.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/validate-npm-package-name", + "url": "https://github.com/szmarczak/defer-to-connect#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/validate-npm-package-name/issues", + "url": "https://github.com/szmarczak/defer-to-connect/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz", + "url": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3a58cbad0f5241d394a93690c6a2f97447d95ab5c4c72c96b28cd89405856b03d536e0fcde2825eee243d914e434c6e7888620b7c97cd5e08918875017b6af2d" + "content": "e2dbedb5ea571b555a606ad189b93913025dd6de2e76e9d239531d2d200bea621dd62c78dfca0fc0f64c00b638d450a28ee90ed4bd2dc0d706b1dcd2edd1e00e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -38435,48 +131525,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/validate-npm-package-name" + "value": "node_modules/defer-to-connect" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "npm", - "version": "10.8.0", - "bom-ref": "npm@10.8.0", - "author": "GitHub Inc.", - "description": "a package manager for JavaScript", + "name": "cacheable-lookup", + "version": "7.0.0", + "bom-ref": "cacheable-lookup@7.0.0", + "author": "Szymon Marczak", + "description": "A cacheable dns.lookup(…) that respects TTL", "licenses": [ { "license": { - "id": "Artistic-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/npm@10.8.0", + "purl": "pkg:npm/cacheable-lookup@7.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git", + "url": "git+https://github.com/szmarczak/cacheable-lookup.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://docs.npmjs.com/", + "url": "https://github.com/szmarczak/cacheable-lookup#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cli/issues", + "url": "https://github.com/szmarczak/cacheable-lookup/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/npm/-/npm-10.8.0.tgz", + "url": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c21f77b91733829ec70e73cc88b5dc0a4bf685a81d252d3327d293ff7d5dd05a173f4dbeaa037600ec29696f397f14569229e5dab10b7cfc3e0a30575b8f3f8d" + "content": "faa272c78c622ab6bc999adcc218cc44c5210f9351d51f1eb0f933218c57f7a26279c168c405c5bb3fc6a51dfe7afe0f13559a9878a9efcc15d2f7263d0b69f3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -38485,8851 +131579,3065 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm" - } - ], - "components": [ - { - "type": "library", - "name": "string-locale-compare", - "group": "@isaacs", - "version": "1.1.0", - "bom-ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", - "author": "Isaac Z. Schlueter", - "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40isaacs/string-locale-compare@1.1.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/string-locale-compare.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/string-locale-compare.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/string-locale-compare#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/string-locale-compare/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@isaacs/string-locale-compare" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "arborist", - "group": "@npmcli", - "version": "7.5.2", - "bom-ref": "npm@10.8.0|@npmcli/arborist@7.5.2", - "author": "GitHub Inc.", - "description": "Manage node_modules trees", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/arborist@7.5.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/arborist", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/arborist", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/npm/cli#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/cli/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/arborist" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "fs", - "group": "@npmcli", - "version": "3.1.1", - "bom-ref": "npm@10.8.0|@npmcli/fs@3.1.1", - "author": "GitHub Inc.", - "description": "filesystem utilities for the npm cli", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/fs@3.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/fs.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/fs.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/fs#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/fs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/fs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "installed-package-contents", - "group": "@npmcli", - "version": "2.1.0", - "bom-ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", - "author": "GitHub Inc.", - "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/installed-package-contents@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/installed-package-contents.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/installed-package-contents.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/installed-package-contents#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/installed-package-contents/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/installed-package-contents" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "npm-bundled", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|npm-bundled@3.0.1", - "author": "GitHub Inc.", - "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/npm-bundled@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-bundled.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/npm-bundled.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/npm-bundled#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/npm-bundled/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-bundled" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "value": "node_modules/cacheable-lookup" }, { - "type": "library", - "name": "npm-normalize-package-bin", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1", - "author": "GitHub Inc.", - "description": "Turn any flavor of allowable package.json bin into a normalized object", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/npm-normalize-package-bin@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-normalize-package-bin.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/npm-normalize-package-bin.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/npm-normalize-package-bin#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/npm-normalize-package-bin/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-normalize-package-bin" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-request", + "version": "10.2.14", + "bom-ref": "cacheable-request@10.2.14", + "author": "Jared Wray", + "description": "Wrap native HTTP requests with RFC compliant cache support", + "licenses": [ { - "type": "library", - "name": "map-workspaces", - "group": "@npmcli", - "version": "3.0.6", - "bom-ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", - "author": "GitHub Inc.", - "description": "Retrieves a name:pathname Map for a given workspaces config", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/map-workspaces@3.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/map-workspaces.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/map-workspaces.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/map-workspaces#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/map-workspaces/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/map-workspaces" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-request@10.2.14", + "externalReferences": [ { - "type": "library", - "name": "metavuln-calculator", - "group": "@npmcli", - "version": "7.1.1", - "bom-ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", - "author": "GitHub Inc.", - "description": "Calculate meta-vulnerabilities from package security advisories", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/metavuln-calculator@7.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/metavuln-calculator.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/metavuln-calculator.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/metavuln-calculator#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/metavuln-calculator/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/metavuln-calculator" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "git+https://github.com/jaredwray/cacheable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "cacache", - "version": "18.0.3", - "bom-ref": "npm@10.8.0|cacache@18.0.3", - "author": "GitHub Inc.", - "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/cacache@18.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cacache.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cacache.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/cacache#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/cacache/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cacache" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/jaredwray/cacheable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "json-parse-even-better-errors", - "version": "3.0.2", - "bom-ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "author": "GitHub Inc.", - "description": "JSON.parse with context information on error", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/json-parse-even-better-errors@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/json-parse-even-better-errors.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/json-parse-even-better-errors.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/json-parse-even-better-errors#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/json-parse-even-better-errors/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/json-parse-even-better-errors" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/jaredwray/cacheable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "pacote", - "version": "18.0.6", - "bom-ref": "npm@10.8.0|pacote@18.0.6", - "author": "GitHub Inc.", - "description": "JavaScript package downloader", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/pacote@18.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/pacote.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/pacote.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/pacote#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/pacote/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "ce40d3e56005e21492a148327e0e6d148c73f1740afb6e56fd32d5a2325330a05ac5ebcb041b4bc60aa0b80b95401f0f556efd1558c7714f8627db556c367d99" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/pacote" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "type": "library", - "name": "proc-log", - "version": "4.2.0", - "bom-ref": "npm@10.8.0|proc-log@4.2.0", - "author": "GitHub Inc.", - "description": "just emit 'log' events on the process object", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/proc-log@4.2.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/proc-log.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/proc-log#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/proc-log/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/proc-log" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-request" }, { - "type": "library", - "name": "semver", - "version": "7.6.2", - "bom-ref": "npm@10.8.0|semver@7.6.2", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/semver@7.6.2?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/node-semver.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/node-semver#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/node-semver/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/semver" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "group": "@types", + "version": "4.0.4", + "bom-ref": "@types/http-cache-semantics@4.0.4", + "description": "TypeScript definitions for http-cache-semantics", + "licenses": [ { - "type": "library", - "name": "name-from-folder", - "group": "@npmcli", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0", - "author": "GitHub Inc.", - "description": "Get the package name from a folder path", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/name-from-folder@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/name-from-folder.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/name-from-folder.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/name-from-folder#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/name-from-folder/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/name-from-folder" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-cache-semantics@4.0.4#types/http-cache-semantics", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-cache-semantics", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "node-gyp", - "group": "@npmcli", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0", - "author": "GitHub Inc.", - "description": "Tools for dealing with node-gyp packages", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/node-gyp@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-gyp.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/node-gyp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/node-gyp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/node-gyp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/node-gyp" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-cache-semantics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "package-json", - "group": "@npmcli", - "version": "5.1.0", - "bom-ref": "npm@10.8.0|@npmcli/package-json@5.1.0", - "author": "GitHub Inc.", - "description": "Programmatic API to update package.json", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/package-json@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/package-json.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/package-json.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/package-json#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/package-json/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/package-json" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "query", - "group": "@npmcli", - "version": "3.1.0", - "bom-ref": "npm@10.8.0|@npmcli/query@3.1.0", - "author": "GitHub Inc.", - "description": "npm query parser and tools", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/query@3.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/query.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/query.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/query#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/query/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "d66d1b20555cede256caf7bd4b4467b9181c42a17f5dde50b1464065e405af5437fe9f495a841012a995cbe0cf4cda465f086021eb40a1817c252737deadbd40" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/query" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-cache-semantics" }, { - "type": "library", - "name": "postcss-selector-parser", - "version": "6.0.16", - "bom-ref": "npm@10.8.0|postcss-selector-parser@6.0.16", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/postcss-selector-parser@6.0.16?vcs_url=git%2Bhttps%3A//github.com/postcss/postcss-selector-parser.git", - "externalReferences": [ - { - "url": "git+https://github.com/postcss/postcss-selector-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/postcss/postcss-selector-parser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/postcss/postcss-selector-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/postcss-selector-parser" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "cssesc", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|cssesc@3.0.0", - "author": "Mathias Bynens", - "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/cssesc@3.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/cssesc.git", - "externalReferences": [ - { - "url": "git+https://github.com/mathiasbynens/cssesc.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://mths.be/cssesc", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mathiasbynens/cssesc/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cssesc" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "util-deprecate", - "version": "1.0.2", - "bom-ref": "npm@10.8.0|util-deprecate@1.0.2", - "author": "Nathan Rajlich", - "description": "The Node.js `util.deprecate()` function with browser support", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/util-deprecate@1.0.2?vcs_url=git%3A//github.com/TooTallNate/util-deprecate.git", - "externalReferences": [ - { - "url": "git://github.com/TooTallNate/util-deprecate.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/TooTallNate/util-deprecate", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/TooTallNate/util-deprecate/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/util-deprecate" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "redact", - "group": "@npmcli", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|@npmcli/redact@2.0.0", - "author": "GitHub Inc.", - "description": "Redact sensitive npm information from output", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/redact@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/redact.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/redact.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/redact#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/redact/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "7abdbde4328f56c57cda3e64c351a3b7e00303f5d81ec6a397cd9c18d406d9eca83e4be05215fe9c32327a5ce12166dbb173f7f441dc23a979b58b36158a985d" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/redact" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-cache-semantics" }, { - "type": "library", - "name": "run-script", - "group": "@npmcli", - "version": "8.1.0", - "bom-ref": "npm@10.8.0|@npmcli/run-script@8.1.0", - "author": "GitHub Inc.", - "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/run-script@8.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/run-script.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/run-script.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/run-script#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/run-script/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/run-script" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "4.0.0", + "bom-ref": "mimic-response@4.0.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "bin-links", - "version": "4.0.4", - "bom-ref": "npm@10.8.0|bin-links@4.0.4", - "author": "GitHub Inc.", - "description": "JavaScript package binary linker", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/bin-links@4.0.4?vcs_url=git%2Bhttps%3A//github.com/npm/bin-links.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/bin-links.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/bin-links#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/bin-links/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/bin-links" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "cmd-shim", - "version": "6.0.3", - "bom-ref": "npm@10.8.0|cmd-shim@6.0.3", - "author": "GitHub Inc.", - "description": "Used in npm for command line application support", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/cmd-shim@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cmd-shim.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cmd-shim.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/cmd-shim#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/cmd-shim/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cmd-shim" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "read-cmd-shim", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|read-cmd-shim@4.0.0", - "author": "GitHub Inc.", - "description": "Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/read-cmd-shim@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/read-cmd-shim.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/read-cmd-shim.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/read-cmd-shim#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/read-cmd-shim/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "7b92121fdc4c614d03ceb4fe8e5f2adb37bd0fa79606da3e23c08da5ef9523e2b627f17f9373dd91d4ddcf8c2f1951f8353a68f8d4584d522e31010c31cb0baa" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/read-cmd-shim" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-response" }, { - "type": "library", - "name": "write-file-atomic", - "version": "5.0.1", - "bom-ref": "npm@10.8.0|write-file-atomic@5.0.1", - "author": "GitHub Inc.", - "description": "Write files in an atomic fashion w/configurable ownership", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/write-file-atomic@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/write-file-atomic.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/write-file-atomic.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/write-file-atomic", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/write-file-atomic/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/write-file-atomic" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-url", + "version": "8.0.1", + "bom-ref": "normalize-url@8.0.1", + "author": "Sindre Sorhus", + "description": "Normalize a URL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-url@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/normalize-url.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "common-ancestor-path", - "version": "1.0.1", - "bom-ref": "npm@10.8.0|common-ancestor-path@1.0.1", - "author": "Isaac Z. Schlueter", - "description": "Find the common ancestor of 2 or more paths on Windows or Unix", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/common-ancestor-path@1.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/common-ancestor-path.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/common-ancestor-path.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/common-ancestor-path#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/common-ancestor-path/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/common-ancestor-path" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/normalize-url#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "hosted-git-info", - "version": "7.0.2", - "bom-ref": "npm@10.8.0|hosted-git-info@7.0.2", - "author": "GitHub Inc.", - "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/hosted-git-info@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/hosted-git-info.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/hosted-git-info", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/hosted-git-info/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/hosted-git-info" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/normalize-url/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "json-stringify-nice", - "version": "1.1.4", - "bom-ref": "npm@10.8.0|json-stringify-nice@1.1.4", - "author": "Isaac Z. Schlueter", - "description": "Stringify an object sorting scalars before objects, and defaulting to 2-space indent", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/json-stringify-nice@1.1.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/json-stringify-nice.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/json-stringify-nice.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/json-stringify-nice#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/isaacs/json-stringify-nice/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "20ef50be350c5b13d0421b3ad283aed740919160a26734949336d718657da6f8989757d761cbe4cd0e6357dcfc63aba7f0046855197812d0babfa8cda9b689ff" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/json-stringify-nice" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-url" }, { - "type": "library", - "name": "lru-cache", - "version": "10.2.2", - "bom-ref": "npm@10.8.0|lru-cache@10.2.2", - "author": "Isaac Z. Schlueter", - "description": "A cache object that deletes the least-recently-used items.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/lru-cache@10.2.2?vcs_url=git%3A//github.com/isaacs/node-lru-cache.git", - "externalReferences": [ - { - "url": "git://github.com/isaacs/node-lru-cache.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-lru-cache#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-lru-cache/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/lru-cache" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "responselike", + "version": "3.0.0", + "bom-ref": "responselike@3.0.0", + "author": "Luke Childs", + "description": "A response-like object for mocking a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/responselike@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/responselike.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "minimatch", - "version": "9.0.4", - "bom-ref": "npm@10.8.0|minimatch@9.0.4", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minimatch@9.0.4?vcs_url=git%3A//github.com/isaacs/minimatch.git", - "externalReferences": [ - { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minimatch" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/responselike#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "nopt", - "version": "7.2.1", - "bom-ref": "npm@10.8.0|nopt@7.2.1", - "author": "GitHub Inc.", - "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/nopt@7.2.1?vcs_url=git%2Bhttps%3A//github.com/npm/nopt.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/nopt.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/nopt#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/nopt/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/nopt" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/responselike/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "npm-install-checks", - "version": "6.3.0", - "bom-ref": "npm@10.8.0|npm-install-checks@6.3.0", - "author": "GitHub Inc.", - "description": "Check the engines and platform fields in package.json", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/npm-install-checks@6.3.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-install-checks.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/npm-install-checks.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/npm-install-checks#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/npm-install-checks/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "e34c87c5b35c976fabcd7bd9b9592b62885ab61b122653135caaf21b9cbcb9c887bf5fb10cb1d0a608c6eb82543bd9eb12ada318b1fa219f01719cb0df0af07a" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-install-checks" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/responselike" }, { - "type": "library", - "name": "npm-package-arg", - "version": "11.0.2", - "bom-ref": "npm@10.8.0|npm-package-arg@11.0.2", - "author": "GitHub Inc.", - "description": "Parse the things that can be arguments to `npm install`", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/npm-package-arg@11.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-package-arg.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/npm-package-arg.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/npm-package-arg", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/npm-package-arg/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-package-arg" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decompress-response", + "version": "6.0.0", + "bom-ref": "decompress-response@6.0.0", + "author": "Sindre Sorhus", + "description": "Decompress a HTTP response if needed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-response@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decompress-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "npm-pick-manifest", - "version": "9.0.1", - "bom-ref": "npm@10.8.0|npm-pick-manifest@9.0.1", - "author": "GitHub Inc.", - "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/npm-pick-manifest@9.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-pick-manifest.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/npm-pick-manifest.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/npm-pick-manifest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/npm-pick-manifest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-pick-manifest" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/decompress-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "npm-registry-fetch", - "version": "17.0.1", - "bom-ref": "npm@10.8.0|npm-registry-fetch@17.0.1", - "author": "GitHub Inc.", - "description": "Fetch-based http client for use with npm registry APIs", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/npm-registry-fetch@17.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-registry-fetch.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/npm-registry-fetch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/npm-registry-fetch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/npm-registry-fetch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-registry-fetch" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/decompress-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "parse-conflict-json", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|parse-conflict-json@3.0.1", - "author": "GitHub Inc.", - "description": "Parse a JSON string that has git merge conflicts, resolving if possible", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/parse-conflict-json@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/parse-conflict-json.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/parse-conflict-json.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/parse-conflict-json#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/parse-conflict-json/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "696df9c9933a05bff8a099599dc307d8b0a866d2574d1c444b5eef137868462a305369161da24a1644810e70d1f9c9bd27ef5085799113221fbf4a638bd7a309" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/parse-conflict-json" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response" }, { - "type": "library", - "name": "proggy", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|proggy@2.0.0", - "author": "GitHub Inc.", - "description": "Progress bar updates at a distance", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/proggy@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proggy.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/proggy.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/proggy#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/proggy/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/proggy" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "form-data-encoder", + "version": "2.1.4", + "bom-ref": "form-data-encoder@2.1.4", + "author": "Nick K.", + "description": "Encode FormData content into the multipart/form-data format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data-encoder@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/octet-stream/form-data-encoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "promise-all-reject-late", - "version": "1.0.1", - "bom-ref": "npm@10.8.0|promise-all-reject-late@1.0.1", - "author": "Isaac Z. Schlueter", - "description": "Like Promise.all, but save rejections until all promises are resolved", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/promise-all-reject-late@1.0.1", - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/promise-all-reject-late" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/octet-stream/form-data-encoder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "promise-call-limit", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|promise-call-limit@3.0.1", - "author": "Isaac Z. Schlueter", - "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.", - "licenses": [ + "url": "https://github.com/octet-stream/form-data-encoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "ISC" - } + "alg": "SHA-512", + "content": "c8361280d32b6aabe7c621173b8862f3cf986716870ba40acdbe4df388910930de44eed900ba62aff95599ffee5d4867c14af63b81d4f2cfe7eb1fb23634241f" } ], - "purl": "pkg:npm/promise-call-limit@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/promise-call-limit.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/promise-call-limit.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/promise-call-limit#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data-encoder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http2-wrapper", + "version": "2.2.1", + "bom-ref": "http2-wrapper@2.2.1", + "author": "Szymon Marczak", + "description": "HTTP2 client, just with the familiar `https` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http2-wrapper@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http2-wrapper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/isaacs/promise-call-limit/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "5799d5c353c03a07c8dcb99e6a3d84c667a0edf7a78e1454833d653d27b3cb50ae84f61b810b5b423e2365f10010c95a2febeea6cbe18ea0b28f3a1bd32c6c99" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/promise-call-limit" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http2-wrapper" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "resolve-alpn", + "version": "1.2.1", + "bom-ref": "resolve-alpn@1.2.1", + "author": "Szymon Marczak", + "description": "Detects the ALPN protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-alpn@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/resolve-alpn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "read-package-json-fast", - "version": "3.0.2", - "bom-ref": "npm@10.8.0|read-package-json-fast@3.0.2", - "author": "GitHub Inc.", - "description": "Like read-package-json, but faster", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/read-package-json-fast@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/read-package-json-fast.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/read-package-json-fast.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/read-package-json-fast#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/read-package-json-fast/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/read-package-json-fast" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/szmarczak/resolve-alpn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "ssri", - "version": "10.0.6", - "bom-ref": "npm@10.8.0|ssri@10.0.6", - "author": "GitHub Inc.", - "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/ssri@10.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/ssri.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/ssri.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/ssri#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/ssri/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ssri" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/szmarczak/resolve-alpn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "treeverse", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|treeverse@3.0.0", - "author": "GitHub Inc.", - "description": "Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/treeverse@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/treeverse.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/treeverse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/treeverse#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/treeverse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "d1ad45e25ef7fd915939a9099d0dc5be4276fa0493416cffaf6284e4e7436344f13e6e61e0692a91659f338ed3ec7b1b9ceb5c255105e1ea42572eaeed0dcafa" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/treeverse" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-alpn" }, { - "type": "library", - "name": "walk-up-path", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|walk-up-path@3.0.1", - "author": "Isaac Z. Schlueter", - "description": "Given a path string, return a generator that walks up the path, emitting each dirname.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/walk-up-path@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/walk-up-path.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/walk-up-path.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/walk-up-path#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/walk-up-path/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/walk-up-path" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lowercase-keys", + "version": "3.0.0", + "bom-ref": "lowercase-keys@3.0.0", + "author": "Sindre Sorhus", + "description": "Lowercase the keys of an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lowercase-keys@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/lowercase-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "config", - "group": "@npmcli", - "version": "8.3.2", - "bom-ref": "npm@10.8.0|@npmcli/config@8.3.2", - "author": "GitHub Inc.", - "description": "Configuration management for the npm cli", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/config@8.3.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/config", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/config", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/npm/cli#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/cli/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/config" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/lowercase-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "ci-info", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|ci-info@4.0.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ci-info@4.0.0?vcs_url=git%2Bhttps%3A//github.com/watson/ci-info.git", - "externalReferences": [ - { - "url": "git+https://github.com/watson/ci-info.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/watson/ci-info", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/watson/ci-info/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ci-info" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/lowercase-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "ini", - "version": "4.1.2", - "bom-ref": "npm@10.8.0|ini@4.1.2", - "author": "GitHub Inc.", - "description": "An ini encoder/decoder for node", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/ini@4.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/ini.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/ini.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/ini#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/ini/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "a33082ea0750fa0957390b2f78a0f462c0f2f034901630d3cf8cf2cc41cd579f893f90fad8b99f0d9ea8d5cc9c171f68b86f78d0ce5d13c0bc0937b0763d9859" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ini" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lowercase-keys" }, { - "type": "library", - "name": "glob", - "version": "10.3.15", - "bom-ref": "npm@10.8.0|glob@10.3.15", - "author": "Isaac Z. Schlueter", - "description": "the most correct and second fastest glob implementation in JavaScript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/glob@10.3.15?vcs_url=git%3A//github.com/isaacs/node-glob.git", - "externalReferences": [ - { - "url": "git://github.com/isaacs/node-glob.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-glob#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-glob/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/glob" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-cancelable", + "version": "3.0.0", + "bom-ref": "p-cancelable@3.0.0", + "author": "Sindre Sorhus", + "description": "Create a promise that can be canceled", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-cancelable@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-cancelable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "git", - "group": "@npmcli", - "version": "5.0.7", - "bom-ref": "npm@10.8.0|@npmcli/git@5.0.7", - "author": "GitHub Inc.", - "description": "a util for spawning git from npm CLI contexts", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/git@5.0.7?vcs_url=git%2Bhttps%3A//github.com/npm/git.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/git.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/git#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/git/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/git" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/p-cancelable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "promise-spawn", - "group": "@npmcli", - "version": "7.0.2", - "bom-ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", - "author": "GitHub Inc.", - "description": "spawn processes the way the npm cli likes to do", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/promise-spawn@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promise-spawn.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/promise-spawn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/promise-spawn#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/promise-spawn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/promise-spawn" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/p-cancelable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "promise-inflight", - "version": "1.0.1", - "bom-ref": "npm@10.8.0|promise-inflight@1.0.1", - "author": "Rebecca Turner", - "description": "One promise for multiple requests in flight to avoid async duplication", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/promise-inflight@1.0.1?vcs_url=git%2Bhttps%3A//github.com/iarna/promise-inflight.git", - "externalReferences": [ - { - "url": "git+https://github.com/iarna/promise-inflight.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/iarna/promise-inflight#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/iarna/promise-inflight/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "9a55604773c6bb3968d0c993764e1c5ea5d69704032e738d4c083ab26eb65e430912247137718bdd27df918beac289db90905cac8ed4befe5987dca3be7da253" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/promise-inflight" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-cancelable" }, { - "type": "library", - "name": "promise-retry", - "version": "2.0.1", - "bom-ref": "npm@10.8.0|promise-retry@2.0.1", - "author": "IndigoUnited", - "description": "Retries a function that returns a promise, leveraging the power of the retry module.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/promise-retry@2.0.1?vcs_url=git%3A//github.com/IndigoUnited/node-promise-retry.git", - "externalReferences": [ - { - "url": "git://github.com/IndigoUnited/node-promise-retry.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/IndigoUnited/node-promise-retry#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/IndigoUnited/node-promise-retry/issues/", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/promise-retry" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "which", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|which@4.0.0", - "author": "GitHub Inc.", - "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/which@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-which.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/node-which.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/node-which#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/node-which/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "eabbc27de456f8e1196a0001e2530b48db933586562d5b4a71c2bbf554937ffff24d8e5538281ca47f343be6d92bc35ea6cee95277791be425320d7257fda265" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/which" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "isexe", - "version": "3.1.1", - "bom-ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1", - "author": "Isaac Z. Schlueter", - "description": "Minimal module to check if a file is executable.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/isexe@3.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/isexe.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/isexe#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/isexe/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/which/node_modules/isexe" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "normalize-package-data", - "version": "6.0.1", - "bom-ref": "npm@10.8.0|normalize-package-data@6.0.1", - "author": "GitHub Inc.", - "description": "Normalizes data that can be found in package.json files.", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/normalize-package-data@6.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/normalize-package-data.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/normalize-package-data.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/normalize-package-data#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/normalize-package-data/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/normalize-package-data" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "node-gyp", - "version": "10.1.0", - "bom-ref": "npm@10.8.0|node-gyp@10.1.0", - "author": "Nathan Rajlich", - "description": "Node.js native addon build tool", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/node-gyp@10.1.0?vcs_url=git%3A//github.com/nodejs/node-gyp.git", - "externalReferences": [ - { - "url": "git://github.com/nodejs/node-gyp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/nodejs/node-gyp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/nodejs/node-gyp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/node-gyp" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "proc-log", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", - "author": "GitHub Inc.", - "description": "just emit 'log' events on the process object", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/proc-log@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/proc-log.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/proc-log#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/proc-log/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/node-gyp/node_modules/proc-log" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "tuf", - "group": "@sigstore", - "version": "2.3.3", - "bom-ref": "npm@10.8.0|@sigstore/tuf@2.3.3", - "author": "bdehamer@github.com", - "description": "Client for the Sigstore TUF repository", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40sigstore/tuf@2.3.3?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", - "externalReferences": [ - { - "url": "git+https://github.com/sigstore/sigstore-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/sigstore/sigstore-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "90df5d25bbe7c921d42c896e0c7cb7d961d152edce83b07db1b63bb6c14b72d42422a9cc877844ad881d3234d8baa99c5d7fa52b94f596752ddc6ef336cc2664" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@sigstore/tuf" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-correct" }, { - "type": "library", - "name": "protobuf-specs", - "group": "@sigstore", - "version": "0.3.2", - "bom-ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", - "author": "bdehamer@github.com", - "description": "code-signing for npm packages", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40sigstore/protobuf-specs@0.3.2?vcs_url=git%2Bhttps%3A//github.com/sigstore/protobuf-specs.git", - "externalReferences": [ - { - "url": "git+https://github.com/sigstore/protobuf-specs.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sigstore/protobuf-specs#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sigstore/protobuf-specs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@sigstore/protobuf-specs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "tuf-js", - "version": "2.2.1", - "bom-ref": "npm@10.8.0|tuf-js@2.2.1", - "author": "bdehamer@github.com", - "description": "JavaScript implementation of The Update Framework (TUF)", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/tuf-js@2.2.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", - "externalReferences": [ - { - "url": "git+https://github.com/theupdateframework/tuf-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/theupdateframework/tuf-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/tuf-js" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "models", - "group": "@tufjs", - "version": "2.0.1", - "bom-ref": "npm@10.8.0|@tufjs/models@2.0.1", - "author": "bdehamer@github.com", - "description": "TUF metadata models", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40tufjs/models@2.0.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", - "externalReferences": [ - { - "url": "git+https://github.com/theupdateframework/tuf-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/theupdateframework/tuf-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@tufjs/models" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "canonical-json", - "group": "@tufjs", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0", - "author": "bdehamer@github.com", - "description": "OLPC JSON canonicalization", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40tufjs/canonical-json@2.0.0?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", - "externalReferences": [ - { - "url": "git+https://github.com/theupdateframework/tuf-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/canonical-json#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/theupdateframework/tuf-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@tufjs/canonical-json" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-expression-parse" }, { - "type": "library", - "name": "debug", - "version": "4.3.4", - "bom-ref": "npm@10.8.0|debug@4.3.4", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/debug@4.3.4?vcs_url=git%3A//github.com/debug-js/debug.git", - "externalReferences": [ - { - "url": "git://github.com/debug-js/debug.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/debug-js/debug#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/debug-js/debug/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/debug" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2", - "description": "Tiny millisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.1.2?vcs_url=git%2Bhttps%3A//github.com/zeit/ms.git", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/debug/node_modules/ms" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "make-fetch-happen", - "version": "13.0.1", - "bom-ref": "npm@10.8.0|make-fetch-happen@13.0.1", - "author": "GitHub Inc.", - "description": "Opinionated, caching, retrying fetch client", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/make-fetch-happen@13.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/make-fetch-happen.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/make-fetch-happen.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/make-fetch-happen#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/make-fetch-happen/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/make-fetch-happen" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "abbrev", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|abbrev@2.0.0", - "author": "GitHub Inc.", - "description": "Like ruby's abbrev module, but in js", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/abbrev@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/abbrev-js.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/abbrev-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/abbrev-js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/abbrev-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/abbrev" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "archy", - "version": "1.0.0", - "bom-ref": "npm@10.8.0|archy@1.0.0", - "author": "James Halliday", - "description": "render nested hierarchies `npm ls` style with unicode pipes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/archy@1.0.0?vcs_url=git%2Bssh%3A//git%40github.com/substack/node-archy.git", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/substack/node-archy.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/substack/node-archy#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/substack/node-archy/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "b21f0f59cfdfb4ca8001d16206ee85cba2543988ea0c9049bc88697c33321ebaf445ba7996266a7784e3b50fd181f2e328565bf8b331e61a66979a8e5b2d2abe" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/archy" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-license-ids" }, { - "type": "library", - "name": "fs-minipass", - "version": "3.0.3", - "bom-ref": "npm@10.8.0|fs-minipass@3.0.3", - "author": "GitHub Inc.", - "description": "fs read and write streams based on minipass", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/fs-minipass@3.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/fs-minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/fs-minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/fs-minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/fs-minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "minipass-collect", - "version": "2.0.1", - "bom-ref": "npm@10.8.0|minipass-collect@2.0.1", - "author": "Isaac Z. Schlueter", - "description": "A Minipass stream that collects all the data into a single chunk", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass-collect@2.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-collect.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass-collect.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass-collect#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass-collect/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-collect" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "minipass", - "version": "7.1.1", - "bom-ref": "npm@10.8.0|minipass@7.1.1", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass@7.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "minipass-flush", - "version": "1.0.5", - "bom-ref": "npm@10.8.0|minipass-flush@1.0.5", - "author": "Isaac Z. Schlueter", - "description": "A Minipass stream that calls a flush function before emitting 'end'", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass-flush@1.0.5?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-flush.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass-flush.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass-flush#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/isaacs/minipass-flush/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "3e2538dabfb13b851b512d5bba8dcb3c992394eef8df45e7e5254085da73cec3c7b236d855f9679c57404e069b9cbb9d7be0aabb6e69e8dfa0da5c3f3c5b1ae3" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-flush" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "minipass", - "version": "3.3.6", - "bom-ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-flush/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-exceptions" }, { - "type": "library", - "name": "yallist", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|yallist@4.0.0", - "author": "Isaac Z. Schlueter", - "description": "Yet Another Linked List", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/yallist@4.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/yallist.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/yallist.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/yallist#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/yallist/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/yallist" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-package-json", + "version": "2.10.0", + "bom-ref": "sort-package-json@2.10.0", + "author": "Keith Cirkel", + "description": "Sort an Object or package.json based on the well-known package.json keys", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-package-json@2.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "minipass-pipeline", - "version": "1.2.4", - "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4", - "author": "Isaac Z. Schlueter", - "description": "create a pipeline of streams using Minipass", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass-pipeline@1.2.4", - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-pipeline" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "minipass", - "version": "3.3.6", - "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "url": "https://github.com/keithamus/sort-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "p-map", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|p-map@4.0.0", - "author": "Sindre Sorhus", - "description": "Map over promises concurrently", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/p-map@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/p-map.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/p-map.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/p-map#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/p-map/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/p-map" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/keithamus/sort-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "tar", - "version": "6.2.1", - "bom-ref": "npm@10.8.0|tar@6.2.1", - "author": "GitHub Inc.", - "description": "tar for node", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/tar@6.2.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-tar.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/node-tar.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-tar#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-2.10.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/isaacs/node-tar/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "31879c7ef39b3302638c9b2487161fb8e003917a7564c3270850bcca1a7ef470ec93b1e1477dfa85dede881b3dea54d77e2aa650d23e59009e08c441865db9d6" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/tar" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "fs-minipass", - "version": "2.1.0", - "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", - "author": "Isaac Z. Schlueter", - "description": "fs read and write streams based on minipass", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/fs-minipass@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/fs-minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/fs-minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/fs-minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "minipass", - "version": "3.3.6", - "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] - }, - { - "type": "library", - "name": "minipass", - "version": "5.0.0", - "bom-ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass@5.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/tar/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json" }, { - "type": "library", - "name": "unique-filename", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|unique-filename@3.0.0", - "author": "GitHub Inc.", - "description": "Generate a unique filename for use in temporary directories or caches.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/unique-filename@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-filename.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/unique-filename.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/iarna/unique-filename", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/iarna/unique-filename/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/unique-filename" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "detect-indent", + "version": "7.0.1", + "bom-ref": "detect-indent@7.0.1", + "author": "Sindre Sorhus", + "description": "Detect the indentation of code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-indent@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "unique-slug", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|unique-slug@4.0.0", - "author": "GitHub Inc.", - "description": "Generate a unique character string suitible for use in files and URLs.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/unique-slug@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-slug.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/unique-slug.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/unique-slug#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/unique-slug/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/unique-slug" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/detect-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "imurmurhash", - "version": "0.1.4", - "bom-ref": "npm@10.8.0|imurmurhash@0.1.4", - "author": "Jens Taylor", - "description": "An incremental implementation of MurmurHash3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/imurmurhash@0.1.4?vcs_url=git%2Bhttps%3A//github.com/jensyt/imurmurhash-js.git", - "externalReferences": [ - { - "url": "git+https://github.com/jensyt/imurmurhash-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jensyt/imurmurhash-js", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jensyt/imurmurhash-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/imurmurhash" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/detect-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "chalk", - "version": "5.3.0", - "bom-ref": "npm@10.8.0|chalk@5.3.0", - "description": "Terminal string styling done right", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/chalk@5.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/chalk.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/chalk.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/chalk#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/detect-indent/-/detect-indent-7.0.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/chalk/chalk/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "31ced0850f2cf9c2eb9d47d4fc98bde2f1bfafc336ea6f1ffbebf2adeb38668a236910e9675792221fc4a732cdc255aebf3499dd46c316ca6316f4c35dee9efe" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/chalk" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-indent" }, { - "type": "library", - "name": "cli-columns", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|cli-columns@4.0.0", - "author": "Shannon Moeller", - "description": "Columnated lists for the CLI.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/cli-columns@4.0.0?vcs_url=git%2Bhttps%3A//github.com/shannonmoeller/cli-columns.git", - "externalReferences": [ - { - "url": "git+https://github.com/shannonmoeller/cli-columns.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/shannonmoeller/cli-columns#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/shannonmoeller/cli-columns/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cli-columns" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "get-stdin", + "version": "9.0.0", + "bom-ref": "get-stdin@9.0.0", + "author": "Sindre Sorhus", + "description": "Get stdin as a string or buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stdin@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "string-width", - "version": "4.2.3", - "bom-ref": "npm@10.8.0|string-width@4.2.3", - "author": "Sindre Sorhus", - "description": "Get the visual width of a string - the number of columns required to display it", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/string-width.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/string-width#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/string-width/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/string-width" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/get-stdin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "emoji-regex", - "version": "8.0.0", - "bom-ref": "npm@10.8.0|emoji-regex@8.0.0", - "author": "Mathias Bynens", - "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", - "licenses": [ + "url": "https://github.com/sindresorhus/get-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "MIT" - } + "alg": "SHA-512", + "content": "7552818df5a2b0b02271aac8d927fe26e044fc382157853334055ef7284426ecde44477726139313d7146894de49aefb7ec6d050ade970ea497cce7df9529968" } ], - "purl": "pkg:npm/emoji-regex@8.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", - "externalReferences": [ - { - "url": "git+https://github.com/mathiasbynens/emoji-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://mths.be/emoji-regex", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git-hooks-list", + "version": "3.1.0", + "bom-ref": "git-hooks-list@3.1.0", + "author": "fisker Cheung", + "description": "List of Git hooks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/git-hooks-list@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/fisker/git-hooks-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-3.1.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/mathiasbynens/emoji-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "2c5f15787791eeffb001b5ea7e04654d25ffd41251f50d6f10c47c240cf570483a197d3bfb3ca3dec01d0ef6238ffc679487d5b86823e2a05e8b52b784a1fe3c" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/emoji-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/git-hooks-list" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-object-keys", + "version": "1.1.3", + "bom-ref": "sort-object-keys@1.1.3", + "author": "Keith Cirkel", + "description": "Sort an object's keys, including an optional key list", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-object-keys@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-object-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "is-fullwidth-code-point", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0", - "author": "Sindre Sorhus", - "description": "Check if the character represented by a given Unicode code point is fullwidth", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-fullwidth-code-point@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/is-fullwidth-code-point" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/keithamus/sort-object-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "strip-ansi", - "version": "6.0.1", - "bom-ref": "npm@10.8.0|strip-ansi@6.0.1", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/strip-ansi.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/strip-ansi#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/strip-ansi/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/strip-ansi" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/keithamus/sort-object-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "ansi-regex", - "version": "5.0.1", - "bom-ref": "npm@10.8.0|ansi-regex@5.0.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-regex@5.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/chalk/ansi-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "f39e69bcaf95914ecf68a60f73e2639e6b781337a3407ca1845df7ab7d6a1bcc7b99a0f391e1610004e174261acb5d422123bea803308ce04ff9f3d97b420fca" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ansi-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-object-keys" }, { - "type": "library", - "name": "fastest-levenshtein", - "version": "1.0.16", - "bom-ref": "npm@10.8.0|fastest-levenshtein@1.0.16", - "author": "Kasper U. Weihe", - "description": "Fastest Levenshtein distance implementation in JS.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fastest-levenshtein@1.0.16?vcs_url=git%2Bhttps%3A//github.com/ka-weihe/fastest-levenshtein.git", - "externalReferences": [ - { - "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ka-weihe/fastest-levenshtein#README", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/fastest-levenshtein" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-jsonc", + "version": "1.0.1", + "bom-ref": "tiny-jsonc@1.0.1", + "description": "An absurdly small JSONC parser.", + "purl": "pkg:npm/tiny-jsonc@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/fabiospampinato/jsonc-simple-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "foreground-child", - "version": "3.1.1", - "bom-ref": "npm@10.8.0|foreground-child@3.1.1", - "author": "Isaac Z. Schlueter", - "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/foreground-child@3.1.1?vcs_url=git%2Bhttps%3A//github.com/tapjs/foreground-child.git", - "externalReferences": [ - { - "url": "git+https://github.com/tapjs/foreground-child.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/tapjs/foreground-child#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/tapjs/foreground-child/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/foreground-child" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/fabiospampinato/jsonc-simple-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "cross-spawn", - "version": "7.0.3", - "bom-ref": "npm@10.8.0|cross-spawn@7.0.3", - "author": "André Cruz", - "description": "Cross platform child_process#spawn and child_process#spawnSync", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/cross-spawn@7.0.3?vcs_url=git%2Bssh%3A//git%40github.com/moxystudio/node-cross-spawn.git", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/moxystudio/node-cross-spawn", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/moxystudio/node-cross-spawn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cross-spawn" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "which", - "version": "2.0.2", - "bom-ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", - "author": "Isaac Z. Schlueter", - "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/which@2.0.2?vcs_url=git%3A//github.com/isaacs/node-which.git", - "externalReferences": [ - { - "url": "git://github.com/isaacs/node-which.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-which#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-which/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cross-spawn/node_modules/which" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "url": "https://github.com/fabiospampinato/jsonc-simple-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "path-key", - "version": "3.1.1", - "bom-ref": "npm@10.8.0|path-key@3.1.1", - "author": "Sindre Sorhus", - "description": "Get the PATH environment variable key cross-platform", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/path-key@3.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-key.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/path-key.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/path-key#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/tiny-jsonc/-/tiny-jsonc-1.0.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/sindresorhus/path-key/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "8a4e810b1cef6bd0e88847c35ff962d0bd9c58a3cf10d62f8b1529ac5765dd83e2e1b6595210e7348f5852469caeffae206f74767c51e6636a6a80fa5210fa07" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/path-key" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tiny-jsonc" }, { - "type": "library", - "name": "shebang-command", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|shebang-command@2.0.0", - "author": "Kevin Mårtensson", - "description": "Get the command from a shebang", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/shebang-command@2.0.0?vcs_url=git%2Bhttps%3A//github.com/kevva/shebang-command.git", - "externalReferences": [ - { - "url": "git+https://github.com/kevva/shebang-command.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kevva/shebang-command#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kevva/shebang-command/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/shebang-command" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "open", + "version": "10.1.0", + "bom-ref": "open@10.1.0", + "author": "Sindre Sorhus", + "description": "Open stuff like URLs, files, executables. Cross-platform.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/open@10.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/open.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "shebang-regex", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|shebang-regex@3.0.0", - "author": "Sindre Sorhus", - "description": "Regular expression for matching a shebang line", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/shebang-regex@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/shebang-regex.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/shebang-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/shebang-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/shebang-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/shebang-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/open#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "isexe", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|isexe@2.0.0", - "author": "Isaac Z. Schlueter", - "description": "Minimal module to check if a file is executable.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/isexe@2.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/isexe.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/isexe#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/isexe/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/isexe" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/open/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "signal-exit", - "version": "4.1.0", - "bom-ref": "npm@10.8.0|signal-exit@4.1.0", - "author": "Ben Coe", - "description": "when you want to fire an event no matter how a process exits.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/signal-exit@4.1.0?vcs_url=git%2Bhttps%3A//github.com/tapjs/signal-exit.git", - "externalReferences": [ - { - "url": "git+https://github.com/tapjs/signal-exit.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/tapjs/signal-exit#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/open/-/open-10.1.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/tapjs/signal-exit/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "9a791e435a8fe547b6c1df9a8af4c3dcd1ddfe567de8bbb48e07f4a7092d2cfb71e9c4d9887eedc9e191447b34cd7d2b6eb6a15cf9d79549db797c9a041b886b" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/signal-exit" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open" + } + ] + }, + { + "type": "library", + "name": "default-browser", + "version": "5.2.1", + "bom-ref": "default-browser@5.2.1", + "author": "Sindre Sorhus", + "description": "Get the default browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser@5.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "jackspeak", - "version": "2.3.6", - "bom-ref": "npm@10.8.0|jackspeak@2.3.6", - "author": "Isaac Z. Schlueter", - "description": "A very strict and proper argument parser.", - "licenses": [ - { - "license": { - "id": "BlueOak-1.0.0" - } - } - ], - "purl": "pkg:npm/jackspeak@2.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/jackspeak.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/jackspeak.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/jackspeak#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/jackspeak/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/jackspeak" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/default-browser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "cliui", - "group": "@isaacs", - "version": "8.0.2", - "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2", - "author": "Ben Coe", - "description": "easily create complex multi-column command-line-interfaces", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40isaacs/cliui@8.0.2?vcs_url=git%2Bhttps%3A//github.com/yargs/cliui.git", - "externalReferences": [ - { - "url": "git+https://github.com/yargs/cliui.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/yargs/cliui#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://github.com/sindresorhus/default-browser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/yargs/cliui/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "598ff74d4304d31dca3d875147110926f5d11d5e0fc8fa14b31b596bbf25c08b7045044785dd94f713ac71a4ff6137fcb825c8023789385055121ffb16d0fc5e" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@isaacs/cliui" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "string-width", - "version": "5.1.2", - "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", - "author": "Sindre Sorhus", - "description": "Get the visual width of a string - the number of columns required to display it", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/string-width.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/string-width#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/string-width/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "emoji-regex", - "version": "9.2.2", - "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", - "author": "Mathias Bynens", - "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", - "externalReferences": [ - { - "url": "git+https://github.com/mathiasbynens/emoji-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://mths.be/emoji-regex", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mathiasbynens/emoji-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "strip-ansi", - "version": "7.1.0", - "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/strip-ansi.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/strip-ansi#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/strip-ansi/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "ansi-regex", - "version": "6.0.1", - "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser" + } + ] + }, + { + "type": "library", + "name": "bundle-name", + "version": "4.1.0", + "bom-ref": "bundle-name@4.1.0", + "author": "Sindre Sorhus", + "description": "Get bundle name from a bundle identifier (macOS): `com.apple.Safari` → `Safari`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bundle-name@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/bundle-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "string-width", - "version": "4.2.3", - "bom-ref": "BomRef.6h760ft6oi8.7sr4bitkllo", - "author": "Sindre Sorhus", - "description": "Get the visual width of a string - the number of columns required to display it", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/string-width.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/string-width#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/string-width/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/string-width-cjs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/bundle-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "eastasianwidth", - "version": "0.2.0", - "bom-ref": "npm@10.8.0|eastasianwidth@0.2.0", - "author": "Masaki Komagata", - "description": "Get East Asian Width from a character.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eastasianwidth@0.2.0?vcs_url=git%3A//github.com/komagata/eastasianwidth.git", - "externalReferences": [ - { - "url": "git://github.com/komagata/eastasianwidth.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/komagata/eastasianwidth#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/komagata/eastasianwidth/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/eastasianwidth" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/bundle-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "strip-ansi", - "version": "6.0.1", - "bom-ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/strip-ansi.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/strip-ansi#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/chalk/strip-ansi/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "b63c0ce5ec4c83a046448fa43664e7b4db2f7594b55fc045612ead9c9da1747d2457133afde559db1cbe16a4ad496bd89ad7c53032c8c6eae8ac7c0329f0f3e5" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/strip-ansi-cjs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-name" + } + ] + }, + { + "type": "library", + "name": "run-applescript", + "version": "7.0.0", + "bom-ref": "run-applescript@7.0.0", + "author": "Sindre Sorhus", + "description": "Run AppleScript and get the result", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-applescript@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/run-applescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "wrap-ansi", - "version": "7.0.0", - "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0", - "author": "Sindre Sorhus", - "description": "Wordwrap a string with ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/wrap-ansi@7.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/wrap-ansi.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/wrap-ansi#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/wrap-ansi/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi-cjs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "ansi-styles", - "version": "4.3.0", - "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-styles@4.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-styles.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-styles#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-styles/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "url": "https://github.com/sindresorhus/run-applescript#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "color-convert", - "version": "2.0.1", - "bom-ref": "npm@10.8.0|color-convert@2.0.1", - "author": "Heather Arthur", - "description": "Plain color conversion functions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/color-convert@2.0.1?vcs_url=git%2Bhttps%3A//github.com/Qix-/color-convert.git", - "externalReferences": [ - { - "url": "git+https://github.com/Qix-/color-convert.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Qix-/color-convert#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Qix-/color-convert/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/color-convert" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/run-applescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "color-name", - "version": "1.1.4", - "bom-ref": "npm@10.8.0|color-name@1.1.4", - "author": "DY", - "description": "A list of color names and its values", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/color-name@1.1.4?vcs_url=git%2Bssh%3A//git%40github.com/colorjs/color-name.git", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/colorjs/color-name.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/colorjs/color-name", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/colorjs/color-name/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "f5bcb8223f7d254aff3021415240ca2d62b71bd1d55e669b2b3f54e4c948008bafbb39223a271162cf1724bc57fb16a10fe98b8a20980ea17d74a020b7328fd4" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/color-name" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-applescript" + } + ] + }, + { + "type": "library", + "name": "default-browser-id", + "version": "5.0.0", + "bom-ref": "default-browser-id@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the bundle identifier of the default browser (macOS). Example: com.apple.Safari", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser-id@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser-id.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "wrap-ansi", - "version": "8.1.0", - "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0", - "author": "Sindre Sorhus", - "description": "Wordwrap a string with ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/wrap-ansi@8.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/wrap-ansi.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/wrap-ansi#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/wrap-ansi/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "string-width", - "version": "5.1.2", - "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", - "author": "Sindre Sorhus", - "description": "Get the visual width of a string - the number of columns required to display it", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/string-width.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/string-width#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/string-width/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/string-width" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "emoji-regex", - "version": "9.2.2", - "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", - "author": "Mathias Bynens", - "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", - "externalReferences": [ - { - "url": "git+https://github.com/mathiasbynens/emoji-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://mths.be/emoji-regex", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mathiasbynens/emoji-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "strip-ansi", - "version": "7.1.0", - "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/strip-ansi.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/strip-ansi#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/strip-ansi/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "ansi-regex", - "version": "6.0.1", - "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "url": "https://github.com/sindresorhus/default-browser-id#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "ansi-styles", - "version": "6.2.1", - "bom-ref": "npm@10.8.0|ansi-styles@6.2.1", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-styles@6.2.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-styles.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-styles#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-styles/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ansi-styles" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/default-browser-id/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "parseargs", - "group": "@pkgjs", - "version": "0.11.0", - "bom-ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0", - "description": "Polyfill of future proposal for `util.parseArgs()`", - "scope": "optional", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0?vcs_url=git%2Bssh%3A//git%40github.com/pkgjs/parseargs.git", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/pkgjs/parseargs.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/pkgjs/parseargs#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/pkgjs/parseargs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "03aa7fa6effa7f205c0354d1cff1aa5983d58a996b7ed716da0642f6aefd9e0342280791fd7de070475740797828d5d5fb7c20209d423e4250dc81ccea572cc8" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@pkgjs/parseargs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser-id" + } + ] + }, + { + "type": "library", + "name": "define-lazy-prop", + "version": "3.0.0", + "bom-ref": "define-lazy-prop@3.0.0", + "author": "Sindre Sorhus", + "description": "Define a lazily evaluated property on an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-lazy-prop@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/define-lazy-prop.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "path-scurry", - "version": "1.11.1", - "bom-ref": "npm@10.8.0|path-scurry@1.11.1", - "author": "Isaac Z. Schlueter", - "description": "walk paths fast and efficiently", - "licenses": [ - { - "license": { - "id": "BlueOak-1.0.0" - } - } - ], - "purl": "pkg:npm/path-scurry@1.11.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/path-scurry.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/path-scurry.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/path-scurry#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/path-scurry/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/path-scurry" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/define-lazy-prop#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "graceful-fs", - "version": "4.2.11", - "bom-ref": "npm@10.8.0|graceful-fs@4.2.11", - "description": "A drop-in replacement for fs, making various improvements.", - "licenses": [ + "url": "https://github.com/sindresorhus/define-lazy-prop/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "ISC" - } + "alg": "SHA-512", + "content": "37e31e5d8a2aaf7a4e827f317f244f44437b8076a42d88e1b07856193ddf58088be08900b74883c35e108a2126d9b137d1ce575f9ab416d000dc22b97fdfc152" } ], - "purl": "pkg:npm/graceful-fs@4.2.11?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/node-graceful-fs.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-graceful-fs#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-lazy-prop" + } + ] + }, + { + "type": "library", + "name": "is-inside-container", + "version": "1.0.0", + "bom-ref": "is-inside-container@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a container (Docker/Podman)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-inside-container@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-inside-container.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/isaacs/node-graceful-fs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "28860b08226085f1d9c6a8d8044eeb132d0e06e4dde710874bbb47560bc22e4c7b4ad2286b1c0d5b784200b80452315f79193e306fd0c66a7fbed113105ded44" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/graceful-fs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "version": "4.2.0", + "bom-ref": "prompt-sync@4.2.0", + "description": "a synchronous prompt for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompt-sync@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/heapwolf/prompt-sync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "init-package-json", - "version": "6.0.3", - "bom-ref": "npm@10.8.0|init-package-json@6.0.3", - "author": "GitHub Inc.", - "description": "A node module to get your node module started", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/init-package-json@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/init-package-json.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/init-package-json.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/init-package-json#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/prompt-sync/-/prompt-sync-4.2.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/init-package-json/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "06e133cdce73a6d3f92ec815e4c6444e30da29259f72197953d2ee8aef122a9ee26560f9b596a53b1bcd719470bfe776a61345afcc656f198535c44a7c93b327" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/init-package-json" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "lodash.truncate", + "version": "4.4.2", + "bom-ref": "lodash.truncate@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.truncate` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.truncate@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "promzard", - "version": "1.0.2", - "bom-ref": "npm@10.8.0|promzard@1.0.2", - "author": "GitHub Inc.", - "description": "prompting wizardly", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/promzard@1.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promzard.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/promzard.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/promzard#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/promzard/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/promzard" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "read", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|read@3.0.1", - "author": "GitHub Inc.", - "description": "read(1) for node programs", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/read@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/read.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/read.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/read#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/read/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/read" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "validate-npm-package-license", - "version": "3.0.4", - "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4", - "author": "Kyle E. Mitchell", - "description": "Give me a string and I'll tell you if it's a valid npm package license string", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/validate-npm-package-license@3.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", - "externalReferences": [ - { - "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "8edb6645eedb46c7b9d8eb1620c0cb697c56a91026b4851c70043781aaef882a898da7d739f34c3b4c8c7cda5d0facdb19a4d4d0fe4dcfb7bb8004fa70a98947" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/validate-npm-package-license" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "spdx-expression-parse", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", - "author": "Kyle E. Mitchell", - "description": "parse SPDX license expressions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", - "externalReferences": [ - { - "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.truncate" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.2.3", + "bom-ref": "tmp@0.2.3", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "spdx-correct", - "version": "3.2.0", - "bom-ref": "npm@10.8.0|spdx-correct@3.2.0", - "description": "correct invalid SPDX expressions", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/spdx-correct@3.2.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-correct.js.git", - "externalReferences": [ - { - "url": "git+https://github.com/jslicense/spdx-correct.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jslicense/spdx-correct.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jslicense/spdx-correct.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/spdx-correct" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "spdx-expression-parse", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", - "author": "Kyle E. Mitchell", - "description": "parse SPDX license expressions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", - "externalReferences": [ - { - "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "spdx-exceptions", - "version": "2.5.0", - "bom-ref": "npm@10.8.0|spdx-exceptions@2.5.0", - "author": "The Linux Foundation", - "description": "list of SPDX standard license exceptions", - "licenses": [ - { - "license": { - "id": "CC-BY-3.0" - } - } - ], - "purl": "pkg:npm/spdx-exceptions@2.5.0?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", - "externalReferences": [ - { - "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/spdx-exceptions" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "spdx-license-ids", - "version": "3.0.17", - "bom-ref": "npm@10.8.0|spdx-license-ids@3.0.17", - "author": "Shinnosuke Watanabe", - "description": "A list of SPDX license identifiers", - "licenses": [ - { - "license": { - "id": "CC0-1.0" - } - } - ], - "purl": "pkg:npm/spdx-license-ids@3.0.17?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-license-ids.git", - "externalReferences": [ - { - "url": "git+https://github.com/jslicense/spdx-license-ids.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jslicense/spdx-license-ids#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/jslicense/spdx-license-ids/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "9d90fb9bd8823c2e60d2962671ac688182a08127cbb1dc65f287f743fa086ea0aa2cb20ef48005d065a35f5cfd3594473e25eff167b1e320c2699b20130d18f3" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/spdx-license-ids" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmp" }, { - "type": "library", - "name": "validate-npm-package-name", - "version": "5.0.1", - "bom-ref": "npm@10.8.0|validate-npm-package-name@5.0.1", - "author": "GitHub Inc.", - "description": "Give me a string and I'll tell you if it's a valid npm package name", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/validate-npm-package-name@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/validate-npm-package-name.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/validate-npm-package-name.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/validate-npm-package-name", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/validate-npm-package-name/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/validate-npm-package-name" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "29.1.4", + "bom-ref": "ts-jest@29.1.4", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@29.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "is-cidr", - "version": "5.0.5", - "bom-ref": "npm@10.8.0|is-cidr@5.0.5", - "author": "silverwind", - "description": "Check if a string is an IP address in CIDR notation", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/is-cidr@5.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/is-cidr.git", - "externalReferences": [ - { - "url": "git+https://github.com/silverwind/is-cidr.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/silverwind/is-cidr#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/silverwind/is-cidr/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/is-cidr" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "cidr-regex", - "version": "4.0.5", - "bom-ref": "npm@10.8.0|cidr-regex@4.0.5", - "author": "silverwind", - "description": "Regular expression for matching IP addresses in CIDR notation", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/cidr-regex@4.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/cidr-regex.git", - "externalReferences": [ - { - "url": "git+https://github.com/silverwind/cidr-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/silverwind/cidr-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/silverwind/cidr-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cidr-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "ip-regex", - "version": "5.0.0", - "bom-ref": "npm@10.8.0|ip-regex@5.0.0", - "author": "Sindre Sorhus", - "description": "Regular expression for matching IP addresses (IPv4 & IPv6)", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ip-regex@5.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ip-regex.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/ip-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/ip-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/sindresorhus/ip-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "6221f00e14af0a222da0082c2ada0b142b9a903cc3b09d432c39d2a2e4da4e674e70ec08912cdb2d776e690e8ce4345586e642fcd61a699fe6b476d632ffd2e9" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ip-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "remapping", + "group": "@ampproject", + "version": "2.3.0", + "bom-ref": "@ampproject/remapping@2.3.0", + "author": "Justin Ridgewell", + "description": "Remap sequential sourcemaps through transformations to point at the original source code", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40ampproject/remapping@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ampproject/remapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "libnpmaccess", - "version": "8.0.6", - "bom-ref": "npm@10.8.0|libnpmaccess@8.0.6", - "author": "GitHub Inc.", - "description": "programmatic library for `npm access` commands", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/libnpmaccess@8.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmaccess", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmaccess", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://npmjs.com/package/libnpmaccess", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://github.com/ampproject/remapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ampproject/remapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/libnpmaccess/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "df4899b403e0cfe2d3218a1e8afa98a3ce777f4da305849de6e1a71a9905574337c4eb7d68def77ab920600999538df1e157ea7272f15bd2a98374792c2e1863" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmaccess" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ampproject/remapping" + } + ] + }, + { + "type": "library", + "name": "js-tokens", + "version": "4.0.0", + "bom-ref": "js-tokens@4.0.0", + "author": "Simon Lydell", + "description": "A regex that tokenizes JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-tokens@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/lydell/js-tokens.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "libnpmdiff", - "version": "6.1.2", - "bom-ref": "npm@10.8.0|libnpmdiff@6.1.2", - "author": "GitHub Inc.", - "description": "The registry diff", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/libnpmdiff@6.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmdiff", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmdiff", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/npm/cli#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/cli/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmdiff" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/lydell/js-tokens#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "binary-extensions", - "version": "2.3.0", - "bom-ref": "npm@10.8.0|binary-extensions@2.3.0", - "author": "Sindre Sorhus", - "description": "List of binary file extensions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/binary-extensions@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/binary-extensions.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/binary-extensions.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/binary-extensions#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/binary-extensions/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/binary-extensions" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/lydell/js-tokens/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "diff", - "version": "5.2.0", - "bom-ref": "npm@10.8.0|diff@5.2.0", - "description": "A JavaScript text diff implementation.", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/diff@5.2.0?vcs_url=git%3A//github.com/kpdecker/jsdiff.git", - "externalReferences": [ - { - "url": "git://github.com/kpdecker/jsdiff.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kpdecker/jsdiff#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "http://github.com/kpdecker/jsdiff/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/diff" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-tokens" + } + ] + }, + { + "type": "library", + "name": "helper-compilation-targets", + "group": "@babel", + "version": "7.23.6", + "bom-ref": "@babel/helper-compilation-targets@7.23.6", + "author": "The Babel Team", + "description": "Helper functions on Babel compilation targets", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-compilation-targets@7.23.6#packages/babel-helper-compilation-targets", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-compilation-targets", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "libnpmexec", - "version": "8.1.1", - "bom-ref": "npm@10.8.0|libnpmexec@8.1.1", - "author": "GitHub Inc.", - "description": "npm exec (npx) programmatic API", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/libnpmexec@8.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmexec", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmexec", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/npm/cli#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/cli/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmexec" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "libnpmfund", - "version": "5.0.10", - "bom-ref": "npm@10.8.0|libnpmfund@5.0.10", - "author": "GitHub Inc.", - "description": "Programmatic API for npm fund", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/libnpmfund@5.0.10?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmfund", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmfund", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/npm/cli#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/cli/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmfund" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "libnpmhook", - "version": "10.0.5", - "bom-ref": "npm@10.8.0|libnpmhook@10.0.5", - "author": "GitHub Inc.", - "description": "programmatic API for managing npm registry hooks", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/libnpmhook@10.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmhook", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmhook", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/npm/cli#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/cli/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "f49079e3c199a10566ceb160a7ca3b2b17609131a6eb1b3d0d6d28fcf8a6ef65038f3af939b510e99cd83ea03e83d3934b66c142872d2c9ae4cb444308059181" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmhook" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets" + } + ] + }, + { + "type": "library", + "name": "compat-data", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/compat-data@7.24.4", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/compat-data@7.24.4#packages/babel-compat-data", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-compat-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "aproba", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|aproba@2.0.0", - "author": "Rebecca Turner", - "description": "A ridiculously light-weight argument validator (now browser friendly)", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/aproba@2.0.0?vcs_url=git%2Bhttps%3A//github.com/iarna/aproba.git", - "externalReferences": [ - { - "url": "git+https://github.com/iarna/aproba.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/iarna/aproba", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/iarna/aproba/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/aproba" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "libnpmorg", - "version": "6.0.6", - "bom-ref": "npm@10.8.0|libnpmorg@6.0.6", - "author": "GitHub Inc.", - "description": "Programmatic api for `npm org` commands", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/libnpmorg@6.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmorg", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmorg", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://npmjs.com/package/libnpmorg", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/libnpmorg/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmorg" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "libnpmpack", - "version": "7.0.2", - "bom-ref": "npm@10.8.0|libnpmpack@7.0.2", - "author": "GitHub Inc.", - "description": "Programmatic API for the bits behind npm pack", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/libnpmpack@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpack", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpack", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://npmjs.com/package/libnpmpack", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.4.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/libnpmpack/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "be0f068a1d8c2cafa43a41c9a788011089326888b4d23816a2dd83f503a699f2c2f2320d48ece608bb5ae81bf3fc94810aa9de815d0bf348e1c64a25e4658d7d" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmpack" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/compat-data" + } + ] + }, + { + "type": "library", + "name": "helper-validator-option", + "group": "@babel", + "version": "7.23.5", + "bom-ref": "@babel/helper-validator-option@7.23.5", + "author": "The Babel Team", + "description": "Validate plugin/preset options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-option@7.23.5#packages/babel-helper-validator-option", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-option", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "libnpmpublish", - "version": "9.0.8", - "bom-ref": "npm@10.8.0|libnpmpublish@9.0.8", - "author": "GitHub Inc.", - "description": "Programmatic API for the bits behind npm publish and unpublish", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/libnpmpublish@9.0.8?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpublish", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpublish", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://npmjs.com/package/libnpmpublish", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/cli/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmpublish" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "sigstore", - "version": "2.3.0", - "bom-ref": "npm@10.8.0|sigstore@2.3.0", - "author": "bdehamer@github.com", - "description": "code-signing for npm packages", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/sigstore@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", - "externalReferences": [ - { - "url": "git+https://github.com/sigstore/sigstore-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sigstore/sigstore-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/sigstore" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "bundle", - "group": "@sigstore", - "version": "2.3.1", - "bom-ref": "npm@10.8.0|@sigstore/bundle@2.3.1", - "author": "bdehamer@github.com", - "description": "Sigstore bundle type", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40sigstore/bundle@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", - "externalReferences": [ - { - "url": "git+https://github.com/sigstore/sigstore-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/sigstore/sigstore-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "f39b6d00e30bb2be775605e44db931f2803a6137d3e2aeff1f35d22c46268dc49324f30f42dbead410fbf41c9ea79c4c5186c64731290ec8d47f7772a79e082b" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@sigstore/bundle" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-option" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "5.1.1", + "bom-ref": "lru-cache@5.1.1", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@5.1.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "core", - "group": "@sigstore", - "version": "1.1.0", - "bom-ref": "npm@10.8.0|@sigstore/core@1.1.0", - "author": "bdehamer@github.com", - "description": "Base library for Sigstore", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40sigstore/core@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", - "externalReferences": [ - { - "url": "git+https://github.com/sigstore/sigstore-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sigstore/sigstore-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@sigstore/core" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "sign", - "group": "@sigstore", - "version": "2.3.1", - "bom-ref": "npm@10.8.0|@sigstore/sign@2.3.1", - "author": "bdehamer@github.com", - "description": "Sigstore signing library", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40sigstore/sign@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", - "externalReferences": [ - { - "url": "git+https://github.com/sigstore/sigstore-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/sigstore/sigstore-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "2a9340450037230bfe8d3034bad51555bae1f8996baf516fd1ee7a186cc014e5cdedd93f16f89a0d6f0b1e62b9d8395c1f858fda7ea023cbcdd5a7ac045828f7" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@sigstore/sign" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "3.1.1", + "bom-ref": "yallist@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "verify", - "group": "@sigstore", - "version": "1.2.0", - "bom-ref": "npm@10.8.0|@sigstore/verify@1.2.0", - "author": "bdehamer@github.com", - "description": "Verification of Sigstore signatures", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40sigstore/verify@1.2.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", - "externalReferences": [ - { - "url": "git+https://github.com/sigstore/sigstore-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sigstore/sigstore-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@sigstore/verify" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "libnpmsearch", - "version": "7.0.5", - "bom-ref": "npm@10.8.0|libnpmsearch@7.0.5", - "author": "GitHub Inc.", - "description": "Programmatic API for searching in npm and compatible registries.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/libnpmsearch@7.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmsearch", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmsearch", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://npmjs.com/package/libnpmsearch", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/libnpmsearch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmsearch" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "libnpmteam", - "version": "6.0.5", - "bom-ref": "npm@10.8.0|libnpmteam@6.0.5", - "author": "GitHub Inc.", - "description": "npm Team management APIs", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/libnpmteam@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmteam", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmteam", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://npmjs.com/package/libnpmteam", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/cli/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "6b850641a58f1f9f663975189c01b67b09dc412e22e05e374efdc9a0033eb365430264bd36c2bc1a90cc2eb0873e4b054fb8772ba4cea14367da96fb4685f1e2" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmteam" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yallist" + } + ] + }, + { + "type": "library", + "name": "helper-module-transforms", + "group": "@babel", + "version": "7.23.3", + "bom-ref": "@babel/helper-module-transforms@7.23.3", + "author": "The Babel Team", + "description": "Babel helper functions for implementing ES6 module transformations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-transforms@7.23.3#packages/babel-helper-module-transforms", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-transforms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "libnpmversion", - "version": "6.0.2", - "bom-ref": "npm@10.8.0|libnpmversion@6.0.2", - "author": "GitHub Inc.", - "description": "library to do the things that 'npm version' does", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/libnpmversion@6.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmversion", - "externalReferences": [ - { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmversion", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/npm/cli#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/cli/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmversion" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://babel.dev/docs/en/next/babel-helper-module-transforms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "agent", - "group": "@npmcli", - "version": "2.2.2", - "bom-ref": "npm@10.8.0|@npmcli/agent@2.2.2", - "author": "GitHub Inc.", - "description": "the http/https agent used by the npm cli", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40npmcli/agent@2.2.2?vcs_url=git%2Bhttps%3A//github.com/npm/agent.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/agent.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/agent#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/agent/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/agent" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "agent-base", - "version": "7.1.1", - "bom-ref": "npm@10.8.0|agent-base@7.1.1", - "author": "Nathan Rajlich", - "description": "Turn a function into an `http.Agent` instance", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/agent-base@7.1.1?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/agent-base", - "externalReferences": [ - { - "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/agent-base", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/TooTallNate/proxy-agents#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/TooTallNate/proxy-agents/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "edb06ce040fd3a6b3075f0f3a73e0ca56812ad5ec55e5737cc86a0bcb1634b91fe324ed29ebdb5bd0e90c2bb2808631f342e1ee0b40f76850b12de32933d1245" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/agent-base" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-transforms" + } + ] + }, + { + "type": "library", + "name": "helper-environment-visitor", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-environment-visitor@7.22.20", + "author": "The Babel Team", + "description": "Helper visitor to only visit nodes in the current 'this' context", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-environment-visitor@7.22.20#packages/babel-helper-environment-visitor", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-environment-visitor", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "http-proxy-agent", - "version": "7.0.2", - "bom-ref": "npm@10.8.0|http-proxy-agent@7.0.2", - "author": "Nathan Rajlich", - "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/http-proxy-agent@7.0.2?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", - "externalReferences": [ - { - "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/TooTallNate/proxy-agents#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/TooTallNate/proxy-agents/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/http-proxy-agent" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://babel.dev/docs/en/next/babel-helper-environment-visitor", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "https-proxy-agent", - "version": "7.0.4", - "bom-ref": "npm@10.8.0|https-proxy-agent@7.0.4", - "author": "Nathan Rajlich", - "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/https-proxy-agent@7.0.4?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", - "externalReferences": [ - { - "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/TooTallNate/proxy-agents#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/TooTallNate/proxy-agents/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/https-proxy-agent" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "socks-proxy-agent", - "version": "8.0.3", - "bom-ref": "npm@10.8.0|socks-proxy-agent@8.0.3", - "author": "Nathan Rajlich", - "description": "A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/socks-proxy-agent@8.0.3?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", - "externalReferences": [ - { - "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/TooTallNate/proxy-agents#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/TooTallNate/proxy-agents/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "cdf79d488cc585ab7f8058567c7b605af95e7349ea07d604215ae9bb08ebb8b9577d44a703c7090749a21cac2a0e743b777d9a2a8db1b7cf3fc59a6dc316df84" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/socks-proxy-agent" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-environment-visitor" + } + ] + }, + { + "type": "library", + "name": "helper-module-imports", + "group": "@babel", + "version": "7.24.3", + "bom-ref": "@babel/helper-module-imports@7.24.3", + "author": "The Babel Team", + "description": "Babel helper functions for inserting module loads", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-imports@7.24.3#packages/babel-helper-module-imports", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-imports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "socks", - "version": "2.8.3", - "bom-ref": "npm@10.8.0|socks@2.8.3", - "author": "Josh Glazebrook", - "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/socks@2.8.3?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/socks.git", - "externalReferences": [ - { - "url": "git+https://github.com/JoshGlazebrook/socks.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/JoshGlazebrook/socks/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/JoshGlazebrook/socks/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/socks" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://babel.dev/docs/en/next/babel-helper-module-imports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "ip-address", - "version": "9.0.5", - "bom-ref": "npm@10.8.0|ip-address@9.0.5", - "author": "Beau Gunderson", - "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ip-address@9.0.5?vcs_url=git%3A//github.com/beaugunderson/ip-address.git", - "externalReferences": [ - { - "url": "git://github.com/beaugunderson/ip-address.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/beaugunderson/ip-address#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/beaugunderson/ip-address/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "be229bd05f5fdacd01092db6412177d3ccfffb5616295ffbea6c2deb5341cd2e62ccccc33f076ad694ebcdff8b8b79e90565fd29d41b91e0add6348033b959aa" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ip-address" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-imports" + } + ] + }, + { + "type": "library", + "name": "helper-simple-access", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-simple-access@7.22.5", + "author": "The Babel Team", + "description": "Babel helper for ensuring that access to a given value is performed through simple accesses", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-simple-access@7.22.5#packages/babel-helper-simple-access", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-simple-access", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-simple-access", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "jsbn", - "version": "1.1.0", - "bom-ref": "npm@10.8.0|jsbn@1.1.0", - "author": "Tom Wu", - "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jsbn@1.1.0?vcs_url=git%2Bhttps%3A//github.com/andyperlitch/jsbn.git", - "externalReferences": [ - { - "url": "git+https://github.com/andyperlitch/jsbn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/andyperlitch/jsbn#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/andyperlitch/jsbn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/jsbn" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "sprintf-js", - "version": "1.1.3", - "bom-ref": "npm@10.8.0|sprintf-js@1.1.3", - "author": "Alexandru Mărășteanu", - "description": "JavaScript sprintf implementation", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/sprintf-js@1.1.3?vcs_url=git%2Bhttps%3A//github.com/alexei/sprintf.js.git", - "externalReferences": [ - { - "url": "git+https://github.com/alexei/sprintf.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/alexei/sprintf.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/alexei/sprintf.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "9f41fdf44fcaf818a46b7fbe58d2f5ecf3afa38aca599ee5644a7543e7d2b556d48bc9f13d01013a54e608ec56ff426c4b9e9228a43ea2301eda91ca247377e7" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/sprintf-js" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-simple-access" + } + ] + }, + { + "type": "library", + "name": "helper-split-export-declaration", + "group": "@babel", + "version": "7.22.6", + "bom-ref": "@babel/helper-split-export-declaration@7.22.6", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.22.6#packages/babel-helper-split-export-declaration", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-split-export-declaration", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "smart-buffer", - "version": "4.2.0", - "bom-ref": "npm@10.8.0|smart-buffer@4.2.0", - "author": "Josh Glazebrook", - "description": "smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/smart-buffer@4.2.0?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/smart-buffer.git", - "externalReferences": [ - { - "url": "git+https://github.com/JoshGlazebrook/smart-buffer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/JoshGlazebrook/smart-buffer/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/JoshGlazebrook/smart-buffer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/smart-buffer" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://babel.dev/docs/en/next/babel-helper-split-export-declaration", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "http-cache-semantics", - "version": "4.1.1", - "bom-ref": "npm@10.8.0|http-cache-semantics@4.1.1", - "author": "Kornel Lesiński", - "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/http-cache-semantics@4.1.1?vcs_url=git%2Bhttps%3A//github.com/kornelski/http-cache-semantics.git", - "externalReferences": [ - { - "url": "git+https://github.com/kornelski/http-cache-semantics.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kornelski/http-cache-semantics#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kornelski/http-cache-semantics/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/http-cache-semantics" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "is-lambda", - "version": "1.0.1", - "bom-ref": "npm@10.8.0|is-lambda@1.0.1", - "author": "Thomas Watson Steen", - "description": "Detect if your code is running on an AWS Lambda server", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-lambda@1.0.1?vcs_url=git%2Bhttps%3A//github.com/watson/is-lambda.git", - "externalReferences": [ - { - "url": "git+https://github.com/watson/is-lambda.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/watson/is-lambda", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/watson/is-lambda/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "02c527c6e2e1458b22b0589a270be9d5017e2372a30f914ec6eb75e2afc6ce8bd47baa2b1cb7ac5b60bb77be789119b9de1e60aabcfab0597ab31738055b44fe" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/is-lambda" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-split-export-declaration" + } + ] + }, + { + "type": "library", + "name": "helpers", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/helpers@7.24.4", + "author": "The Babel Team", + "description": "Collection of helper functions used by Babel transforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helpers@7.24.4#packages/babel-helpers", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helpers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "minipass-fetch", - "version": "3.0.5", - "bom-ref": "npm@10.8.0|minipass-fetch@3.0.5", - "author": "GitHub Inc.", - "description": "An implementation of window.fetch in Node.js using Minipass streams", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/minipass-fetch@3.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-fetch.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/minipass-fetch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/minipass-fetch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/minipass-fetch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-fetch" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://babel.dev/docs/en/next/babel-helpers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "encoding", - "version": "0.1.13", - "bom-ref": "npm@10.8.0|encoding@0.1.13", - "author": "Andris Reinman", - "description": "Convert encodings, uses iconv-lite", - "scope": "optional", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/encoding@0.1.13?vcs_url=git%2Bhttps%3A//github.com/andris9/encoding.git", - "externalReferences": [ - { - "url": "git+https://github.com/andris9/encoding.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/andris9/encoding#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/andris9/encoding/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/encoding" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "iconv-lite", - "version": "0.6.3", - "bom-ref": "npm@10.8.0|iconv-lite@0.6.3", - "author": "Alexander Shtuchkin", - "description": "Convert character encodings in pure javascript.", - "scope": "optional", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/iconv-lite@0.6.3?vcs_url=git%3A//github.com/ashtuchkin/iconv-lite.git", - "externalReferences": [ - { - "url": "git://github.com/ashtuchkin/iconv-lite.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ashtuchkin/iconv-lite", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/ashtuchkin/iconv-lite/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "15ec1d9596d28b06951a5813d433c0343b821da0cc88ea3e0ff2036111588c73aebfaeb131227b7d0c30383c113403e400320eff3d44a05fe5d810969560010f" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/iconv-lite" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helpers" + } + ] + }, + { + "type": "library", + "name": "helper-function-name", + "group": "@babel", + "version": "7.23.0", + "bom-ref": "@babel/helper-function-name@7.23.0", + "author": "The Babel Team", + "description": "Helper function to change the property 'name' of every function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-function-name@7.23.0#packages/babel-helper-function-name", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-function-name", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "safer-buffer", - "version": "2.1.2", - "bom-ref": "npm@10.8.0|safer-buffer@2.1.2", - "author": "Nikita Skovoroda", - "description": "Modern Buffer API polyfill without footguns", - "scope": "optional", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/safer-buffer@2.1.2?vcs_url=git%2Bhttps%3A//github.com/ChALkeR/safer-buffer.git", - "externalReferences": [ - { - "url": "git+https://github.com/ChALkeR/safer-buffer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ChALkeR/safer-buffer#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ChALkeR/safer-buffer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/safer-buffer" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://babel.dev/docs/en/next/babel-helper-function-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "minipass-sized", - "version": "1.0.3", - "bom-ref": "npm@10.8.0|minipass-sized@1.0.3", - "author": "Isaac Z. Schlueter", - "description": "A Minipass stream that raises an error if you get a different number of bytes than expected", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass-sized@1.0.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-sized.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass-sized.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass-sized#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass-sized/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-sized" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "minipass", - "version": "3.3.6", - "bom-ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-sized/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "minizlib", - "version": "2.1.2", - "bom-ref": "npm@10.8.0|minizlib@2.1.2", - "author": "Isaac Z. Schlueter", - "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/minizlib@2.1.2?vcs_url=git%2Bhttps%3A//github.com/isaacs/minizlib.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minizlib.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minizlib#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/isaacs/minizlib/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "384ac4aacaf18d94c97226783a8f9ea19a9e5bd50888e72e60a449038640815f66c80fa93978619a97cd08a8c41ff6ae55f11854527acb54dce2bd1e200a6a8b" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minizlib" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "minipass", - "version": "3.3.6", - "bom-ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minizlib/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-function-name" + } + ] + }, + { + "type": "library", + "name": "helper-hoist-variables", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-hoist-variables@7.22.5", + "author": "The Babel Team", + "description": "Helper function to hoist variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-hoist-variables@7.22.5#packages/babel-helper-hoist-variables", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-hoist-variables", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "negotiator", - "version": "0.6.3", - "bom-ref": "npm@10.8.0|negotiator@0.6.3", - "description": "HTTP content negotiation", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/negotiator@0.6.3?vcs_url=git%2Bhttps%3A//github.com/jshttp/negotiator.git", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/negotiator.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/negotiator#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/negotiator/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/negotiator" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://babel.dev/docs/en/next/babel-helper-hoist-variables", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "err-code", - "version": "2.0.3", - "bom-ref": "npm@10.8.0|err-code@2.0.3", - "author": "IndigoUnited", - "description": "Create an error with a code", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/err-code@2.0.3?vcs_url=git%3A//github.com/IndigoUnited/js-err-code.git", - "externalReferences": [ - { - "url": "git://github.com/IndigoUnited/js-err-code.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/IndigoUnited/js-err-code#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/IndigoUnited/js-err-code/issues/", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/err-code" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "retry", - "version": "0.12.0", - "bom-ref": "npm@10.8.0|retry@0.12.0", - "author": "Tim Koschützki", - "description": "Abstraction for exponential and custom retry strategies for failed operations.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/retry@0.12.0?vcs_url=git%3A//github.com/tim-kos/node-retry.git", - "externalReferences": [ - { - "url": "git://github.com/tim-kos/node-retry.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/tim-kos/node-retry", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/tim-kos/node-retry/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "c068e4f50655cef92703ac8a2145116fccd8de0ad709c399b7effb59ccbc3b6b9cb7186996650f90e76582836199d55e7b673dd895db7f5c6932d54d6dfa3147" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/retry" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-hoist-variables" + } + ] + }, + { + "type": "library", + "name": "helper-string-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/helper-string-parser@7.24.1", + "author": "The Babel Team", + "description": "A utility package to parse strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-string-parser@7.24.1#packages/babel-helper-string-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-string-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "brace-expansion", - "version": "2.0.1", - "bom-ref": "npm@10.8.0|brace-expansion@2.0.1", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/brace-expansion@2.0.1?vcs_url=git%3A//github.com/juliangruber/brace-expansion.git", - "externalReferences": [ - { - "url": "git://github.com/juliangruber/brace-expansion.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/brace-expansion" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://babel.dev/docs/en/next/babel-helper-string-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "balanced-match", - "version": "1.0.2", - "bom-ref": "npm@10.8.0|balanced-match@1.0.2", - "author": "Julian Gruber", - "description": "Match balanced character pairs, like \"{\" and \"}\"", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/balanced-match@1.0.2?vcs_url=git%3A//github.com/juliangruber/balanced-match.git", - "externalReferences": [ - { - "url": "git://github.com/juliangruber/balanced-match.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/juliangruber/balanced-match", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/juliangruber/balanced-match/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/balanced-match" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "ms", - "version": "2.1.3", - "bom-ref": "npm@10.8.0|ms@2.1.3", - "description": "Tiny millisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.1.3?vcs_url=git%2Bhttps%3A//github.com/vercel/ms.git", - "externalReferences": [ - { - "url": "git+https://github.com/vercel/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/vercel/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/vercel/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "da87d10a39e703dcbec24f1bf4801112ba1e50fd36287a78df53769a12a78b2db22880caa5bac7bfd797c26f1c05e59061c266cefe6a282bbae4fe3b78217b09" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ms" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-string-parser" + } + ] + }, + { + "type": "library", + "name": "to-fast-properties", + "version": "2.0.0", + "bom-ref": "to-fast-properties@2.0.0", + "author": "Sindre Sorhus", + "description": "Force V8 to use fast properties for an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-fast-properties@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/to-fast-properties.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "env-paths", - "version": "2.2.1", - "bom-ref": "npm@10.8.0|env-paths@2.2.1", - "author": "Sindre Sorhus", - "description": "Get paths for storing things like data, config, cache, etc", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/env-paths@2.2.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/env-paths.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/env-paths.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/env-paths#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/env-paths/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/env-paths" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/to-fast-properties#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "exponential-backoff", - "version": "3.1.1", - "bom-ref": "npm@10.8.0|exponential-backoff@3.1.1", - "author": "Sami Sayegh", - "description": "A utility that allows retrying a function with an exponential delay between attempts.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/exponential-backoff@3.1.1?vcs_url=git%2Bhttps%3A//github.com/coveo/exponential-backoff.git", - "externalReferences": [ - { - "url": "git+https://github.com/coveo/exponential-backoff.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/coveo/exponential-backoff#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/coveo/exponential-backoff/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/exponential-backoff" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/to-fast-properties/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "is-core-module", - "version": "2.13.1", - "bom-ref": "npm@10.8.0|is-core-module@2.13.1", - "author": "Jordan Harband", - "description": "Is this specifier a node.js core module?", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-core-module@2.13.1?vcs_url=git%2Bhttps%3A//github.com/inspect-js/is-core-module.git", - "externalReferences": [ - { - "url": "git+https://github.com/inspect-js/is-core-module.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/inspect-js/is-core-module", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/inspect-js/is-core-module/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "fce68a2b4c58aecdc39b1458a8bff20dcf85c455156210e55cc8519afdf3f75e70d87175b67375a26077e788fc55418efe16d1cf20fa637b00eefec64bf71ea2" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/is-core-module" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-fast-properties" + } + ] + }, + { + "type": "library", + "name": "gensync", + "version": "1.0.0-beta.2", + "bom-ref": "gensync@1.0.0-beta.2", + "author": "Logan Smyth", + "description": "Allows users to use generators in order to write common functions that can be both sync or async.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gensync@1.0.0-beta.2", + "externalReferences": [ + { + "url": "git+https://github.com/loganfsmyth/gensync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "hasown", - "version": "2.0.2", - "bom-ref": "npm@10.8.0|hasown@2.0.2", - "author": "Jordan Harband", - "description": "A robust, ES3 compatible, \"has own property\" predicate.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/hasown@2.0.2?vcs_url=git%2Bhttps%3A//github.com/inspect-js/hasOwn.git", - "externalReferences": [ - { - "url": "git+https://github.com/inspect-js/hasOwn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/inspect-js/hasOwn#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/inspect-js/hasOwn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/hasown" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/loganfsmyth/gensync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "function-bind", - "version": "1.1.2", - "bom-ref": "npm@10.8.0|function-bind@1.1.2", - "author": "Raynos", - "description": "Implementation of Function.prototype.bind", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/function-bind@1.1.2?vcs_url=git%2Bhttps%3A//github.com/Raynos/function-bind.git", - "externalReferences": [ - { - "url": "git+https://github.com/Raynos/function-bind.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Raynos/function-bind", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Raynos/function-bind/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/function-bind" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/loganfsmyth/gensync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "npm-audit-report", - "version": "5.0.0", - "bom-ref": "npm@10.8.0|npm-audit-report@5.0.0", - "author": "GitHub Inc.", - "description": "Given a response from the npm security api, render it into a variety of security reports", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/npm-audit-report@5.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-audit-report.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/npm-audit-report.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/npm-audit-report#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/npm-audit-report/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "de137b35ab2462f3032d0639e609d6dcd43e99eb0401ea53aa583e5446e3ef3cea10c055361cdc19861ea85a3f4e5633e9e42215ca751dcb0264efa71a04bcce" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-audit-report" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gensync" + } + ] + }, + { + "type": "library", + "name": "resolve-uri", + "group": "@jridgewell", + "version": "3.1.2", + "bom-ref": "@jridgewell/resolve-uri@3.1.2", + "author": "Justin Ridgewell", + "description": "Resolve a URI relative to an optional base URI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/resolve-uri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "npm-profile", - "version": "10.0.0", - "bom-ref": "npm@10.8.0|npm-profile@10.0.0", - "author": "GitHub Inc.", - "description": "Library for updating an npmjs.com profile", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/npm-profile@10.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-profile.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/npm-profile.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/npm-profile#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/npm-profile/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-profile" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/jridgewell/resolve-uri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "minipass-json-stream", - "version": "1.0.1", - "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1", - "author": "Isaac Z. Schlueter", - "description": "Like JSONStream, but using Minipass streams", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/minipass-json-stream@1.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-json-stream.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/minipass-json-stream.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/minipass-json-stream#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://github.com/jridgewell/resolve-uri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/minipass-json-stream/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "6d12128022233f6d3fb5b5923d63048b9e1054f45913192e0fd9492fe508c542adc15240f305b54eb6f58ccb354455e8d42053359ff98690bd42f98a59da292b" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-json-stream" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "minipass", - "version": "3.3.6", - "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-json-stream/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/resolve-uri" + } + ] + }, + { + "type": "library", + "name": "load-nyc-config", + "group": "@istanbuljs", + "version": "1.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0", + "description": "Utility function to load nyc configuration", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/load-nyc-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "jsonparse", - "version": "1.3.1", - "bom-ref": "npm@10.8.0|jsonparse@1.3.1", - "author": "Tim Caswell", - "description": "This is a pure-js JSON streaming parser for node.js", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jsonparse@1.3.1?vcs_url=git%2Bssh%3A//git%40github.com/creationix/jsonparse.git", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/creationix/jsonparse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/creationix/jsonparse#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/creationix/jsonparse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/jsonparse" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/istanbuljs/load-nyc-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "npm-user-validate", - "version": "2.0.1", - "bom-ref": "npm@10.8.0|npm-user-validate@2.0.1", - "author": "GitHub Inc.", - "description": "User validations for npm", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/npm-user-validate@2.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-user-validate.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/npm-user-validate.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/npm-user-validate#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/npm-user-validate/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-user-validate" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/istanbuljs/load-nyc-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "aggregate-error", - "version": "3.1.0", - "bom-ref": "npm@10.8.0|aggregate-error@3.1.0", - "author": "Sindre Sorhus", - "description": "Create an error from multiple errors", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/aggregate-error@3.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/aggregate-error.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/aggregate-error.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/aggregate-error#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/sindresorhus/aggregate-error/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "5637874a5233a6ffcdc83dcdd18b877d738f0c88b1700d6ad9957df30b0ca9c6253e6bf69f761bda560ff5730496768555783903b60b4de2eee95f38b900e399" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/aggregate-error" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "5.3.1", + "bom-ref": "camelcase@5.3.1", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@5.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "clean-stack", - "version": "2.2.0", - "bom-ref": "npm@10.8.0|clean-stack@2.2.0", - "author": "Sindre Sorhus", - "description": "Clean up error stack traces", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/clean-stack@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/clean-stack.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/clean-stack.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/clean-stack#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/clean-stack/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/clean-stack" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "indent-string", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|indent-string@4.0.0", - "author": "Sindre Sorhus", - "description": "Indent each line in a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/indent-string@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/indent-string.git", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/indent-string.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/indent-string#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/indent-string/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/indent-string" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "npm-packlist", - "version": "8.0.2", - "bom-ref": "npm@10.8.0|npm-packlist@8.0.2", - "author": "GitHub Inc.", - "description": "Get a list of the files to add from a folder into an npm package", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/npm-packlist@8.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-packlist.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/npm-packlist.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/npm-packlist#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/npm/npm-packlist/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-packlist" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "test-exclude", + "version": "6.0.0", + "bom-ref": "test-exclude@6.0.0", + "author": "Ben Coe", + "description": "test for inclusion or exclusion of paths using globs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/test-exclude@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/test-exclude.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "ignore-walk", - "version": "6.0.5", - "bom-ref": "npm@10.8.0|ignore-walk@6.0.5", - "author": "GitHub Inc.", - "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/ignore-walk@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/ignore-walk.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/ignore-walk.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/ignore-walk#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/ignore-walk/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ignore-walk" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "just-diff-apply", - "version": "5.5.0", - "bom-ref": "npm@10.8.0|just-diff-apply@5.5.0", - "author": "Angus Croll", - "description": "Apply a diff to an object. Optionally supports jsonPatch protocol", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/just-diff-apply@5.5.0?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", - "externalReferences": [ - { - "url": "git+https://github.com/angus-c/just.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/angus-c/just#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/angus-c/just/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/just-diff-apply" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/istanbuljs/test-exclude/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "just-diff", - "version": "6.0.2", - "bom-ref": "npm@10.8.0|just-diff@6.0.2", - "author": "Angus Croll", - "description": "Return an object representing the diffs between two objects. Supports jsonPatch protocol", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/just-diff@6.0.2?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", - "externalReferences": [ - { - "url": "git+https://github.com/angus-c/just.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/angus-c/just#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/angus-c/just/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "7001963c8c8e1d4eb396683cf23c26ed54725e730dee257af0e1806d80e4fcc87fc42fe9cd53e542d63a9e0a081ffe7fb5c8ae8467ef11253c1ab1eb7310f9eb" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/just-diff" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude" + } + ] + }, + { + "type": "library", + "name": "babel__generator", + "group": "@types", + "version": "7.6.8", + "bom-ref": "@types/babel__generator@7.6.8", + "description": "TypeScript definitions for @babel/generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__generator@7.6.8#types/babel__generator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "qrcode-terminal", - "version": "0.12.0", - "bom-ref": "npm@10.8.0|qrcode-terminal@0.12.0", - "description": "QRCodes, in the terminal", - "licenses": [ - { - "license": { - "name": "Apache 2.0" - } - } - ], - "purl": "pkg:npm/qrcode-terminal@0.12.0?vcs_url=git%2Bhttps%3A//github.com/gtanner/qrcode-terminal.git", - "externalReferences": [ - { - "url": "git+https://github.com/gtanner/qrcode-terminal.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/gtanner/qrcode-terminal", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/gtanner/qrcode-terminal/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/qrcode-terminal" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "mute-stream", - "version": "1.0.0", - "bom-ref": "npm@10.8.0|mute-stream@1.0.0", - "author": "GitHub Inc.", - "description": "Bytes go in, but they don't come out (when muted).", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/mute-stream@1.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/mute-stream.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/mute-stream.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/mute-stream#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/mute-stream/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/mute-stream" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "spdx-expression-parse", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|spdx-expression-parse@4.0.0", - "author": "Kyle E. Mitchell", - "description": "parse SPDX license expressions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/spdx-expression-parse@4.0.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", - "externalReferences": [ - { - "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "012b23fada440ec12216bd5aad6ae537a57799d7e344c66de8bb4afd5a7f92b7852e7af9407e7e0e1bc3e6720d6195f3c09bd7786abed398945dc03356ba96b7" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/spdx-expression-parse" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__generator" + } + ] + }, + { + "type": "library", + "name": "babel__template", + "group": "@types", + "version": "7.4.4", + "bom-ref": "@types/babel__template@7.4.4", + "description": "TypeScript definitions for @babel/template", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__template@7.4.4#types/babel__template", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "supports-color", - "version": "9.4.0", - "bom-ref": "npm@10.8.0|supports-color@9.4.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/supports-color@9.4.0?vcs_url=git%2Bhttps%3A//github.com/chalk/supports-color.git", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/supports-color" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "chownr", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|chownr@2.0.0", - "author": "Isaac Z. Schlueter", - "description": "like `chown -R`", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/chownr@2.0.0?vcs_url=git%3A//github.com/isaacs/chownr.git", - "externalReferences": [ - { - "url": "git://github.com/isaacs/chownr.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/chownr#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/isaacs/chownr/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "87f354692c86e44cb1048a7c611c68e1131edbfa9082fca8c11c1533385884108e35b5bc3d4b20e2590532b86066151ee73dcbdcc88b0eebf227f09a3dad80f0" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/chownr" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__template" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "29.6.3", + "bom-ref": "babel-preset-jest@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@29.6.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "mkdirp", - "version": "1.0.4", - "bom-ref": "npm@10.8.0|mkdirp@1.0.4", - "description": "Recursively mkdir, like `mkdir -p`", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/mkdirp@1.0.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-mkdirp.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/node-mkdirp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-mkdirp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-mkdirp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/mkdirp" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "text-table", - "version": "0.2.0", - "bom-ref": "npm@10.8.0|text-table@0.2.0", - "author": "James Halliday", - "description": "borderless text tables with alignment", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/text-table@0.2.0?vcs_url=git%3A//github.com/substack/text-table.git", - "externalReferences": [ - { - "url": "git://github.com/substack/text-table.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/substack/text-table", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/substack/text-table/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/text-table" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "tiny-relative-date", - "version": "1.3.0", - "bom-ref": "npm@10.8.0|tiny-relative-date@1.3.0", - "author": "Joseph Wynn", - "description": "Tiny function that provides relative, human-readable dates.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/tiny-relative-date@1.3.0?vcs_url=git%2Bhttps%3A//github.com/wildlyinaccurate/relative-date.git", - "externalReferences": [ - { - "url": "git+https://github.com/wildlyinaccurate/relative-date.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/wildlyinaccurate/relative-date#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://github.com/wildlyinaccurate/relative-date/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "alg": "SHA-512", + "content": "d01ddb87147ab27597259b51fd19621d30cf4609f5b0d1ce474c95b6afc8890172b8e563152fb0ba2a3f478812364c9898a989078c0666fd8d65a9e62a64e734" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/tiny-relative-date" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-jest" } ] }, { "type": "library", - "name": "plugin-version", - "group": "@oclif", - "version": "2.2.2", - "bom-ref": "@oclif/plugin-version@2.2.2", - "author": "Salesforce", - "description": "A command that shows the CLI version", + "name": "babel-plugin-jest-hoist", + "version": "29.6.3", + "bom-ref": "babel-plugin-jest-hoist@29.6.3", "licenses": [ { "license": { @@ -47337,30 +134645,30 @@ } } ], - "purl": "pkg:npm/%40oclif/plugin-version@2.2.2", + "purl": "pkg:npm/babel-plugin-jest-hoist@29.6.3#packages/babel-plugin-jest-hoist", "externalReferences": [ { - "url": "git+https://github.com/oclif/plugin-version.git", + "url": "git+https://github.com/jestjs/jest.git#packages/babel-plugin-jest-hoist", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/oclif/plugin-version", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/plugin-version/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/plugin-version/-/plugin-version-2.2.2.tgz", + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e1f8b742bb15567ea42c0b01cd3679965b18c816f58717f0b58c976317ccac5019f3eb98164b4e113621e6d1f4fbd10248c3af30a66d979625c0b1f7bb4767a2" + "content": "11201cfd126f193144cd1c0e4d3e3e94d0e4fc634732429b373b2f4f4a8a45f0f2c984ec931079ae75369e3203615c570811c7108d5cd18c07a1bdd6698ba33a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -47369,170 +134677,69 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-version" + "value": "node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "ts-mocha", + "version": "10.0.0", + "bom-ref": "ts-mocha@10.0.0", + "author": "Piotr Witek", + "description": "Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity", + "licenses": [ + { + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/ts-mocha@10.0.0", + "externalReferences": [ { - "type": "library", - "name": "core", - "group": "@oclif", - "version": "4.0.1", - "bom-ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", - "author": "Salesforce", - "description": "base library for oclif CLIs", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40oclif/core@4.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/oclif/core.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/oclif/core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/oclif/core/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-version/node_modules/@oclif/core" - } - ] + "url": "git+https://github.com/piotrwitek/ts-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "debug", - "version": "4.3.5", - "bom-ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/debug@4.3.5", - "externalReferences": [ - { - "url": "git://github.com/debug-js/debug.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/debug-js/debug#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/debug-js/debug/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-version/node_modules/debug" - } - ] + "url": "https://github.com/piotrwitek/ts-mocha#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "@oclif/plugin-version@2.2.2|ms@2.1.2", - "description": "Tiny millisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/piotrwitek/ts-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-mocha/-/ts-mocha-10.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "5517e00cefa28ae24594d075f2dcce7f2a49db5c67db16ee6720ef26faa94db5a0900803d7b38d1abf2df9397cadc06d3817635e9e5efd193e777f5fed704747" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-version/node_modules/ms" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "plugin-warn-if-update-available", - "group": "@oclif", - "version": "3.1.4", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4", - "author": "Salesforce", - "description": "warns if there is a newer version of CLI released", + "name": "buffer-from", + "version": "1.1.2", + "bom-ref": "buffer-from@1.1.2", "licenses": [ { "license": { @@ -47540,30 +134747,30 @@ } } ], - "purl": "pkg:npm/%40oclif/plugin-warn-if-update-available@3.1.4", + "purl": "pkg:npm/buffer-from@1.1.2", "externalReferences": [ { - "url": "git+https://github.com/oclif/plugin-warn-if-update-available.git", + "url": "git+https://github.com/LinusU/buffer-from.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/plugin-warn-if-update-available", + "url": "https://github.com/LinusU/buffer-from#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/plugin-warn-if-update-available/issues", + "url": "https://github.com/LinusU/buffer-from/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/plugin-warn-if-update-available/-/plugin-warn-if-update-available-3.1.4.tgz", + "url": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c63eb3830bee105994ac76055c7a2a993a6f394b0482a5e2ca87fd3aa8e0955dd77813cdb109dbb96ff4f391c549606f2885500addb6b954556890b3de8ece0f" + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -47572,421 +134779,128 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available" + "value": "node_modules/buffer-from" + } + ] + }, + { + "type": "library", + "name": "tsconfig-paths", + "version": "3.15.0", + "bom-ref": "tsconfig-paths@3.15.0", + "author": "Jonas Kello", + "description": "Load node modules according to tsconfig paths, in run-time or via API.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/tsconfig-paths@3.15.0", + "externalReferences": [ { - "type": "library", - "name": "core", - "group": "@oclif", - "version": "4.0.1", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", - "author": "Salesforce", - "description": "base library for oclif CLIs", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40oclif/core@4.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/oclif/core.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/oclif/core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/oclif/core/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/core" - } - ] + "url": "git+https://github.com/dividab/tsconfig-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "debug", - "version": "4.3.5", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/debug@4.3.5", - "externalReferences": [ - { - "url": "git://github.com/debug-js/debug.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/debug-js/debug#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/debug-js/debug/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/debug" - } - ] + "url": "https://github.com/dividab/tsconfig-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2", - "description": "Tiny millisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/ms" - } - ] + "url": "https://github.com/dividab/tsconfig-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "http-call", - "version": "5.3.0", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", - "author": "Jeff Dickey @jdxcode", - "description": "make http requests", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/http-call@5.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/heroku/http-call.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/heroku/http-call", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/heroku/http-call/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/http-call/-/http-call-5.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6a1c229ac0b6dc8084e243e5f714c18ca0788a76d169e2f265e46e9c2ff5272fd9e97f2dbf6d8c1008caf8a04e31254b6aa5cf4d399df3adfcc1a54828b1b1db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "d80736460cc37bf727e3c1af39edccfa8f36a4415ec03dd43dbca85071dd29ab07c092a376ce1f2d759ffd4c799004c128ddb4a1a146bbe8db125a75a68b349a" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call" - } - ], - "components": [ - { - "type": "library", - "name": "parse-json", - "version": "4.0.0", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", - "author": "Sindre Sorhus", - "description": "Parse JSON with more helpful errors", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/parse-json@4.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/parse-json.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/parse-json#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/parse-json/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-1", - "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call/node_modules/parse-json" - } - ] - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths" }, { - "type": "library", - "name": "is-retry-allowed", - "version": "1.1.0", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", - "author": "Vsevolod Strukchinsky", - "description": "My prime module", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-retry-allowed@1.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/floatdrop/is-retry-allowed.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/floatdrop/is-retry-allowed#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/floatdrop/is-retry-allowed/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-1", - "content": "11a060568b67339444033d0125a61a20d564fb34" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/is-retry-allowed" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json5", + "group": "@types", + "version": "0.0.29", + "bom-ref": "@types/json5@0.0.29", + "author": "Jason Swearingen", + "description": "TypeScript definitions for JSON5", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json5@0.0.29", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "json-parse-better-errors", - "version": "1.0.2", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2", - "author": "Kat Marchán", - "description": "JSON.parse with context information on error", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/json-parse-better-errors@1.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/zkat/json-parse-better-errors.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zkat/json-parse-better-errors#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zkat/json-parse-better-errors/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/json-parse-better-errors" - } - ] + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "tunnel-agent", - "version": "0.6.0", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", - "author": "Mikeal Rogers", - "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/tunnel-agent@0.6.0", - "externalReferences": [ - { - "url": "git+https://github.com/mikeal/tunnel-agent.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mikeal/tunnel-agent#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mikeal/tunnel-agent/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-1", - "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "7512e30961d8838a1a03bedcc4eeb8a0efbb2700b09c8ce464f76bac2ef58d0990b6584ce79ea9c0aa396d4ceabd99dd9156de14b2088bef530b8d09345e6135" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/tunnel-agent" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "content-type", - "version": "1.0.5", - "bom-ref": "content-type@1.0.5", - "author": "Douglas Christopher Wilson", - "description": "Create and parse HTTP Content-Type header", + "name": "source-map-support", + "group": "@cspotcode", + "version": "0.8.1", + "bom-ref": "@cspotcode/source-map-support@0.8.1", + "description": "Fixes stack traces for files with source maps", "licenses": [ { "license": { @@ -47994,30 +134908,30 @@ } } ], - "purl": "pkg:npm/content-type@1.0.5", + "purl": "pkg:npm/%40cspotcode/source-map-support@0.8.1", "externalReferences": [ { - "url": "git+https://github.com/jshttp/content-type.git", + "url": "git+https://github.com/cspotcode/node-source-map-support.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/content-type#readme", + "url": "https://github.com/cspotcode/node-source-map-support#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/content-type/issues", + "url": "https://github.com/cspotcode/node-source-map-support/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "url": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + "content": "21c84d7fa74de2d1e8305227ffb384f0b599d7d63aabfebb0667fabe719112ff1149b0556fd2cf27111c9f0adcc17ea2c52bda886a2898052fbb8612c57ad583" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48026,17 +134940,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/content-type" + "value": "node_modules/@cspotcode/source-map-support" } ] }, { "type": "library", - "name": "is-stream", - "version": "2.0.1", - "bom-ref": "is-stream@2.0.1", - "author": "Sindre Sorhus", - "description": "Check if something is a Node.js stream", + "name": "node10", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node10@1.0.11", + "description": "A base TSConfig for working with Node 10.", "licenses": [ { "license": { @@ -48044,30 +134958,30 @@ } } ], - "purl": "pkg:npm/is-stream@2.0.1", + "purl": "pkg:npm/%40tsconfig/node10@1.0.11#bases", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-stream.git", + "url": "git+https://github.com/tsconfig/bases.git#bases", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/is-stream#readme", + "url": "https://github.com/tsconfig/bases#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-stream/issues", + "url": "https://github.com/tsconfig/bases/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "url": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "845a222624e5eb79e7fa4b2d1c606d7b05922a740ba726f5e7928785e035977f6ebed3bd9d6228a75a77b9da8f71477fc5b17554b30ee27ece23aa7b45b9e00e" + "content": "0dc4630c2ba32bf90293f7147bc5f3f194a99bc992de634da6d6be8c6080e944840df92d94dbe6d7e22e67d7937036cd938d411f0a471de5be37594a0b3e333b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48076,17 +134990,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-stream" + "value": "node_modules/@tsconfig/node10" } ] }, { "type": "library", - "name": "is-arrayish", - "version": "0.2.1", - "bom-ref": "is-arrayish@0.2.1", - "author": "Qix", - "description": "Determines if an object can be used as an array", + "name": "node12", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node12@1.0.11", + "description": "A base TSConfig for working with Node 12.", "licenses": [ { "license": { @@ -48094,30 +135008,30 @@ } } ], - "purl": "pkg:npm/is-arrayish@0.2.1", + "purl": "pkg:npm/%40tsconfig/node12@1.0.11#bases", "externalReferences": [ { - "url": "git+https://github.com/qix-/node-is-arrayish.git", + "url": "git+https://github.com/tsconfig/bases.git#bases", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/qix-/node-is-arrayish#readme", + "url": "https://github.com/tsconfig/bases#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/qix-/node-is-arrayish/issues", + "url": "https://github.com/tsconfig/bases/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "url": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cf3d3a4bcb74a33a035cc1beb9b7b6eb37824cd5dc2883c96498bc841ac5e227422e6b38086f50b4aeea065d5ba22e4e0f31698ecc1be493e61c26cca63698ce" + "content": "72a79fb91b21d76a56c86b08a0128903d96e16ede6471080f8e459bc0e24b4b4b322e094b56571188b978a01303b9ff2c1614c67640418a5af9191b5cc33136a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48126,17 +135040,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-arrayish" + "value": "node_modules/@tsconfig/node12" } ] }, { "type": "library", - "name": "safe-buffer", - "version": "5.2.1", - "bom-ref": "safe-buffer@5.2.1", - "author": "Feross Aboukhadijeh", - "description": "Safer Node.js Buffer API", + "name": "node14", + "group": "@tsconfig", + "version": "1.0.3", + "bom-ref": "@tsconfig/node14@1.0.3", + "description": "A base TSConfig for working with Node 14.", "licenses": [ { "license": { @@ -48144,30 +135058,30 @@ } } ], - "purl": "pkg:npm/safe-buffer@5.2.1", + "purl": "pkg:npm/%40tsconfig/node14@1.0.3#bases", "externalReferences": [ { - "url": "git://github.com/feross/safe-buffer.git", + "url": "git+https://github.com/tsconfig/bases.git#bases", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/feross/safe-buffer", + "url": "https://github.com/tsconfig/bases#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/feross/safe-buffer/issues", + "url": "https://github.com/tsconfig/bases/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "url": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + "content": "cac4fc9a1762c562ba1f0de2d55d80791a99e567d78351b8de6aa86253369dceb7f3c16ae63717cabe6646ca9588bc7f18961da0bd1b7d70fc9e617e667fc8a3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48176,18 +135090,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/safe-buffer" + "value": "node_modules/@tsconfig/node14" } ] }, { "type": "library", - "name": "test", - "group": "@oclif", - "version": "3.2.15", - "bom-ref": "@oclif/test@3.2.15", - "author": "Salesforce", - "description": "test helpers for oclif components", + "name": "node16", + "group": "@tsconfig", + "version": "1.0.4", + "bom-ref": "@tsconfig/node16@1.0.4", + "description": "A base TSConfig for working with Node 16.", "licenses": [ { "license": { @@ -48195,30 +135108,30 @@ } } ], - "purl": "pkg:npm/%40oclif/test@3.2.15", + "purl": "pkg:npm/%40tsconfig/node16@1.0.4#bases", "externalReferences": [ { - "url": "git+https://github.com/oclif/test.git", + "url": "git+https://github.com/tsconfig/bases.git#bases", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/oclif/test", + "url": "https://github.com/tsconfig/bases#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/test/issues", + "url": "https://github.com/tsconfig/bases/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/test/-/test-3.2.15.tgz", + "url": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5ea1b7468b28ccdab24a4c525c89d4d765de736b0f48e92a6072437dd1598961b76bc0b1bb87673e2010be6b3e049b0e94b4267c4425487aa2c9550a38c1e15c" + "content": "bf1854cb827c9727b28a71fb033975a5d778dc6261647fed3f6c1e37c4e7b506e5398f80d176d3f03264d7fa023ee38eca0fc96bbe7bac6d028077160bc39f30" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48227,21 +135140,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/test" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@tsconfig/node16" } ] }, { "type": "library", - "name": "chai", - "version": "4.4.1", - "bom-ref": "chai@4.4.1", - "author": "Jake Luer", - "description": "BDD/TDD assertion library for node.js and the browser. Test framework agnostic.", + "name": "acorn-walk", + "version": "8.3.2", + "bom-ref": "acorn-walk@8.3.2", + "description": "ECMAScript (ESTree) AST walker", "licenses": [ { "license": { @@ -48249,30 +135157,30 @@ } } ], - "purl": "pkg:npm/chai@4.4.1", + "purl": "pkg:npm/acorn-walk@8.3.2", "externalReferences": [ { - "url": "git+https://github.com/chaijs/chai.git", + "url": "git+https://github.com/acornjs/acorn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://chaijs.com", + "url": "https://github.com/acornjs/acorn", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chaijs/chai/issues", + "url": "https://github.com/acornjs/acorn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", + "url": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d77b0e7ccbf6f8359db8453eff16ee9f72d270ba2a375ee705e4cb52c9837ca768882d5faf49fd3d4e20baee0085170e54593fb16f0bc99587ba15ad419885fa" + "content": "723932bf83ad34221eaa11eb7d2f354165e80813c4c51fc9eb6a3212a7a9570f16690792aa95b6ba1b8b3e1d66f5e5a10ee3a8fe35175539627ef7ac396a7fe0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48281,17 +135189,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/chai" + "value": "node_modules/acorn-walk" } ] }, { "type": "library", - "name": "fancy-test", - "version": "3.0.15", - "bom-ref": "fancy-test@3.0.15", - "author": "Salesforce", - "description": "extendable utilities for testing", + "name": "create-require", + "version": "1.1.1", + "bom-ref": "create-require@1.1.1", + "description": "Polyfill for Node.js module.createRequire (<= v12.2.0)", "licenses": [ { "license": { @@ -48299,30 +135206,30 @@ } } ], - "purl": "pkg:npm/fancy-test@3.0.15", + "purl": "pkg:npm/create-require@1.1.1", "externalReferences": [ { - "url": "git+https://github.com/oclif/fancy-test.git", + "url": "git+https://github.com/nuxt-contrib/create-require.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/fancy-test", + "url": "https://github.com/nuxt-contrib/create-require#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/fancy-test/issues", + "url": "https://github.com/nuxt-contrib/create-require/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fancy-test/-/fancy-test-3.0.15.tgz", + "url": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "91964574fcd55ad2b106498b2d47f1862cec78697565946e0a69ae0a4a35a2202cfd7fccbc4e000a6fef973bf17eee0e79bffb309f2154ff2b522566dd1ef6f5" + "content": "75c2855f78e7d0ca486978e2b2846f7b12095442b36aaef3dab64ac5ff8c4abf5391d9879ac5389b695c2e88eb8ff14797c9a4e55c4c99803e7ed4643ffde829" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48331,52 +135238,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fancy-test" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/create-require" } ] }, { "type": "library", - "name": "chai", - "group": "@types", - "version": "4.3.14", - "bom-ref": "@types/chai@4.3.14", - "description": "TypeScript definitions for chai", + "name": "diff", + "version": "4.0.2", + "bom-ref": "diff@4.0.2", + "description": "A javascript text diff implementation.", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/%40types/chai@4.3.14#types/chai", + "purl": "pkg:npm/diff@4.0.2", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/chai", + "url": "git://github.com/kpdecker/jsdiff.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chai", + "url": "https://github.com/kpdecker/jsdiff#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "http://github.com/kpdecker/jsdiff/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz", + "url": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5a3ef5b1713843802419d1bd4efab5bbf7eab8dcfd11d1b82c824cc1554823b6ac8630fff1c7fc7f221f2408d1afa61cb179d213c70e1903ead60a9e47ccfedf" + "content": "e7c966c4a480e013722f3f871cc53394e129834f4557e7afe9931edef262860771ce073067c5681043e600b0991bd2e6a9f56834c30aa6db48613546eae0d8ec" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48385,17 +135287,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/chai" + "value": "node_modules/diff" } ] }, { "type": "library", - "name": "sinon", - "group": "@types", - "version": "17.0.3", - "bom-ref": "@types/sinon@17.0.3", - "description": "TypeScript definitions for sinon", + "name": "v8-compile-cache-lib", + "version": "3.0.1", + "bom-ref": "v8-compile-cache-lib@3.0.1", + "author": "Andrew Bradley", + "description": "Require hook for automatic V8 compile cache persistence", "licenses": [ { "license": { @@ -48403,30 +135305,30 @@ } } ], - "purl": "pkg:npm/%40types/sinon@17.0.3#types/sinon", + "purl": "pkg:npm/v8-compile-cache-lib@3.0.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinon", + "url": "git+https://github.com/cspotcode/v8-compile-cache-lib.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon", + "url": "https://github.com/cspotcode/v8-compile-cache-lib#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/cspotcode/v8-compile-cache-lib/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/sinon/-/sinon-17.0.3.tgz", + "url": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8f7ba8bdd9fc7b0932f644411b5f5b3b06996dec49bbf5e3b641f28ef520b78c5f3c5cf5f1d70e44832a9d887ae85c773e8c2172bf39353e7e7abdfea1589aa7" + "content": "c1aed88f25067cd667808fefb4ad141c037e9600c2c413c2ca55571a9d33bb9f45cf96a21ad3576aadc3848a2fd3adcca2b07e55fb9f2e1dc9945d8a7532b7c6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48435,21 +135337,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/sinon" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/v8-compile-cache-lib" } ] }, { "type": "library", - "name": "sinonjs__fake-timers", - "group": "@types", - "version": "8.1.5", - "bom-ref": "@types/sinonjs__fake-timers@8.1.5", - "description": "TypeScript definitions for @sinonjs/fake-timers", + "name": "yn", + "version": "3.1.1", + "bom-ref": "yn@3.1.1", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", "licenses": [ { "license": { @@ -48457,30 +135355,30 @@ } } ], - "purl": "pkg:npm/%40types/sinonjs__fake-timers@8.1.5#types/sinonjs__fake-timers", + "purl": "pkg:npm/yn@3.1.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinonjs__fake-timers", + "url": "git+https://github.com/sindresorhus/yn.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinonjs__fake-timers", + "url": "https://github.com/sindresorhus/yn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/sindresorhus/yn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.5.tgz", + "url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "990914da363c8c9105ed81e31efb103bcfb7ba08532f599c9e7f7a8a07e138d991f9f50f48a22479f418a527bc6ec972d84a7ba106e7ffa546e7ff7fd2a700ad" + "content": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48489,21 +135387,55 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/sinonjs__fake-timers" + "value": "node_modules/yn" + } + ] + }, + { + "type": "library", + "name": "tsimportlib", + "version": "0.0.5", + "bom-ref": "tsimportlib@0.0.5", + "author": "Andrew Bradley", + "purl": "pkg:npm/tsimportlib@0.0.5", + "externalReferences": [ + { + "url": "https://github.com/cspotcode/tsimportlib", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "name": "cdx:npm:package:development", - "value": "true" + "url": "https://github.com/cspotcode/tsimportlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsimportlib/-/tsimportlib-0.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9642ffc2dd80783f08fbed9d8794e45fcb912c58771262deba55094c334c5988a5f0b687b54b17e9ce61d7eb6b1d260cd4e9eb2b046b72448971e8ed8e14fad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsimportlib" } ] }, { "type": "library", - "name": "mock-stdin", - "version": "1.0.0", - "bom-ref": "mock-stdin@1.0.0", - "author": "Caitlin Potter", - "description": "Mock STDIN file descriptor in Node.js", + "name": "colors", + "group": "@colors", + "version": "1.6.0", + "bom-ref": "@colors/colors@1.6.0", + "author": "DABH", + "description": "get colors in your node.js console", "licenses": [ { "license": { @@ -48511,30 +135443,30 @@ } } ], - "purl": "pkg:npm/mock-stdin@1.0.0", + "purl": "pkg:npm/%40colors/colors@1.6.0", "externalReferences": [ { - "url": "git+https://github.com/caitp/node-mock-stdin.git", + "url": "git+ssh://git@github.com/DABH/colors.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/caitp/node-mock-stdin", + "url": "https://github.com/DABH/colors.js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/caitp/node-mock-stdin/issues", + "url": "https://github.com/DABH/colors.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/mock-stdin/-/mock-stdin-1.0.0.tgz", + "url": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b6e91175bf417aedbbb7a74df97ced4911eaf49d01fc2a003b2486cc77e7f144df9aa8a9039c8d4ffb03504c987405771e991ae96c7a90e331b8e6dd39ec7ad1" + "content": "22bf803a26eaceb22c2fa6a3b77473dcbb2407b3a23151ea96d666b296d6fd326e4d5bb238c8ab56a0248df63a2484a22c783236a89c002f00c871c6ccd77f74" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48543,21 +135475,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mock-stdin" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@colors/colors" } ] }, { "type": "library", - "name": "nock", - "version": "13.5.4", - "bom-ref": "nock@13.5.4", - "author": "Pedro Teixeira", - "description": "HTTP server mocking and expectations library for Node.js", + "name": "diagnostics", + "group": "@dabh", + "version": "2.0.3", + "bom-ref": "@dabh/diagnostics@2.0.3", + "author": "Arnout Kazemier", + "description": "Tools for debugging your node.js modules and event loop", "licenses": [ { "license": { @@ -48565,30 +135494,30 @@ } } ], - "purl": "pkg:npm/nock@13.5.4", + "purl": "pkg:npm/%40dabh/diagnostics@2.0.3", "externalReferences": [ { - "url": "git+https://github.com/nock/nock.git", + "url": "git://github.com/3rd-Eden/diagnostics.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nock/nock#readme", + "url": "https://github.com/3rd-Eden/diagnostics", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nock/nock/issues", + "url": "https://github.com/3rd-Eden/diagnostics/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "url": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c80c937dd78d24618117159dcd2282058c6ce45c4b6c28395f94387adb3def885c4331b5faa0b1bc8c8ea388f6472e8c52585654c5f83a860379f008230ba98f" + "content": "86b9503888bb8407f3b0caa519217256e72bc77f0efa3eb088639ffff1f679cbc812a60de000c1492da22cc879505c83ba708d9e25083e4feadeb885bf8e7144" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48597,52 +135526,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/nock" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@dabh/diagnostics" } ] }, { "type": "library", - "name": "json-stringify-safe", - "version": "5.0.1", - "bom-ref": "json-stringify-safe@5.0.1", - "author": "Isaac Z. Schlueter", - "description": "Like JSON.stringify, but doesn't blow up on circular refs.", + "name": "colorspace", + "version": "1.1.4", + "bom-ref": "colorspace@1.1.4", + "author": "Arnout Kazemier", + "description": "Generate HEX colors for a given namespace.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/json-stringify-safe@5.0.1", + "purl": "pkg:npm/colorspace@1.1.4", "externalReferences": [ { - "url": "git://github.com/isaacs/json-stringify-safe.git", + "url": "git+https://github.com/3rd-Eden/colorspace.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/json-stringify-safe", + "url": "https://github.com/3rd-Eden/colorspace", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/json-stringify-safe/issues", + "url": "https://github.com/3rd-Eden/colorspace/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "url": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "642960e80698bda9af60413cd9ddc8c9ddef49222343ea1d823693cd1b8edeceeda0274529cce86f68b4cc287b244f245a7d7bcaf016854571bea1b051a96c44" + "content": "060bca262b95bb58a00541769048d10995e897ac228866d8e62a4bfe854fc26d012fdb08a4c23333c20aeefc2ec48233397315dc4cb9c3ebf1866d2b47f4cdf3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48651,21 +135576,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-stringify-safe" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/colorspace" } ] }, { "type": "library", - "name": "propagate", - "version": "2.0.1", - "bom-ref": "propagate@2.0.1", - "author": "Pedro Teixeira", - "description": "Propagate events from one event emitter into another", + "name": "text-hex", + "version": "1.0.0", + "bom-ref": "text-hex@1.0.0", + "author": "Arnout Kazemier", + "description": "Generate a hex color from the given text", "licenses": [ { "license": { @@ -48673,30 +135594,30 @@ } } ], - "purl": "pkg:npm/propagate@2.0.1", + "purl": "pkg:npm/text-hex@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/nock/propagate.git", + "url": "git+https://github.com/3rd-Eden/text-hex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://github.com/nock/propagate#readme", + "url": "https://github.com/3rd-Eden/text-hex", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/nock/propagate/issues", + "url": "https://github.com/3rd-Eden/text-hex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "url": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bc6ae139abcf493cf841536e04d75c35778f35d34c68ed718fdc81787d527103e393fae183db129425cf84c905b9a34d5bfb324ef62ab276c82713017d16db6a" + "content": "bae546356ce0278ca145a3528ae6cf63b3a3212c38b30e04e54bf4c1b8e9f8ecdc6e6554febb13f2e8e07172619fdca9cec82be6f973a4fa8ff8c04129c1af6e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48705,52 +135626,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/propagate" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/text-hex" } ] }, { "type": "library", - "name": "sinon", - "version": "16.1.3", - "bom-ref": "sinon@16.1.3", - "author": "Christian Johansen", - "description": "JavaScript test spies, stubs and mocks.", + "name": "enabled", + "version": "2.0.0", + "bom-ref": "enabled@2.0.0", + "author": "Arnout Kazemier", + "description": "Check if a certain debug flag is enabled.", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/sinon@16.1.3", + "purl": "pkg:npm/enabled@2.0.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/sinonjs/sinon.git", + "url": "git://github.com/3rd-Eden/enabled.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://sinonjs.org/", + "url": "https://github.com/3rd-Eden/enabled#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/sinonjs/sinon/issues", + "url": "https://github.com/3rd-Eden/enabled/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", + "url": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9a39d659ecb17007fd9c2d1b5dc3e6883badfa813c1d8ae275337305b17df006152e65b0191a76212129ca161f946d627c82d3f9e367dc198a5093f18d750f94" + "content": "00aacdf7c92ec0eccc21d022cd7188f3a505068a36e822f6d5433beb7cb587f18c489e3f38753d936625b26069c92705a3fc1b2f35902413025b8f883b7ffe39" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48759,161 +135676,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sinon" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "diff", - "version": "5.2.0", - "bom-ref": "sinon@16.1.3|diff@5.2.0", - "description": "A JavaScript text diff implementation.", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/diff@5.2.0", - "externalReferences": [ - { - "url": "git://github.com/kpdecker/jsdiff.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kpdecker/jsdiff#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/kpdecker/jsdiff/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/sinon/node_modules/diff" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "supports-color", - "version": "7.2.0", - "bom-ref": "sinon@16.1.3|supports-color@7.2.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/supports-color@7.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/sinon/node_modules/supports-color" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/enabled" } ] }, { "type": "library", - "name": "commons", - "group": "@sinonjs", - "version": "3.0.1", - "bom-ref": "@sinonjs/commons@3.0.1", - "description": "Simple functions shared among the sinon end user libraries", + "name": "kuler", + "version": "2.0.0", + "bom-ref": "kuler@2.0.0", + "author": "Arnout Kazemier", + "description": "Color your terminal using CSS/hex color codes", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/%40sinonjs/commons@3.0.1", + "purl": "pkg:npm/kuler@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/sinonjs/commons.git", + "url": "git+https://github.com/3rd-Eden/kuler.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sinonjs/commons#readme", + "url": "https://github.com/3rd-Eden/kuler", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinonjs/commons/issues", + "url": "https://github.com/3rd-Eden/kuler/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", + "url": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2b79821ca43db1587ca350bd731930c5a3a65e800c943c42d666321eb8ea39611c06362befab7deb32f6ce58f9754199dc74b0db8d17d6a807dcc8dfd72256a5" + "content": "5eaf671fb2a559999702da1d5c30d113bbece8353581353ccd80c70e258b4a2a78e44830ab7a652c7ccf9f6ecd82fccbdabd4b30f0b5bddaa1f7cb10c6daa3e0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48922,49 +135726,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@sinonjs/commons" + "value": "node_modules/kuler" } ] }, { "type": "library", - "name": "fake-timers", - "group": "@sinonjs", - "version": "10.3.0", - "bom-ref": "@sinonjs/fake-timers@10.3.0", - "author": "Christian Johansen", - "description": "Fake JavaScript timers", + "name": "logform", + "version": "2.6.0", + "bom-ref": "logform@2.6.0", + "author": "Charlie Robbins", + "description": "An mutable object-based log format designed for chaining & objectMode streams.", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "purl": "pkg:npm/logform@2.6.0", "externalReferences": [ { - "url": "git+https://github.com/sinonjs/fake-timers.git", + "url": "git+https://github.com/winstonjs/logform.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sinonjs/fake-timers", + "url": "https://github.com/winstonjs/logform#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinonjs/fake-timers/issues", + "url": "https://github.com/winstonjs/logform/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", + "url": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "578046d3b92e6125244c24811c6f06f1336133e175f635c55a742dce3fb07bc0eb92948109e7bd67732cf328867abfdd96685edf9fd7760ca8dffd2b40a83b60" + "content": "d6e94778d3e9ea4fcb0fc1fdd68ed56050678398b504313b1e82b155b66218589d4b5463eb9a9ccb02f15fea557c03e840912345dbca72eb0ac0eba91c254e55" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -48973,49 +135776,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@sinonjs/fake-timers" + "value": "node_modules/logform" } ] }, { "type": "library", - "name": "samsam", - "group": "@sinonjs", - "version": "8.0.0", - "bom-ref": "@sinonjs/samsam@8.0.0", - "author": "Christian Johansen", - "description": "Value identification and comparison functions", + "name": "fecha", + "version": "4.2.3", + "bom-ref": "fecha@4.2.3", + "author": "Taylor Hakes", + "description": "Date formatting and parsing", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/%40sinonjs/samsam@8.0.0", + "purl": "pkg:npm/fecha@4.2.3", "externalReferences": [ { - "url": "git+https://github.com/sinonjs/samsam.git", + "url": "git+https://taylorhakes@github.com/taylorhakes/fecha.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://sinonjs.github.io/samsam/", + "url": "https://github.com/taylorhakes/fecha", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinonjs/samsam/issues", + "url": "https://github.com/taylorhakes/fecha/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", + "url": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "069f0a51594ba7c89b259ae7bead9fa1584fd08557d82229acc24f2b4bea1aa82b0dad0e1d529e67207292ab2492b77157ac8a04f9866ac3bc2d58c0291dc67b" + "content": "38fd88514e877982898b78b4cf8035f641cc4282d5b381dcf833eaab123687f0cf6474e6fef8ec7c2e8fd1be2308ccb5e178b32c1aaf9dd43e522943efbd3b27" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49024,77 +135826,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@sinonjs/samsam" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "commons", - "group": "@sinonjs", - "version": "2.0.0", - "bom-ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", - "description": "Simple functions shared among the sinon end user libraries", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/%40sinonjs/commons@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sinonjs/commons.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sinonjs/commons#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sinonjs/commons/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b8b6b48fce7d98cae0dac97041874efc092b39f987f97e8b4d598d4d2f42a9ec6e13622f54e448912a492ea78f01b127289efb68c982c2bd4d519e7bd76d1772" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@sinonjs/samsam/node_modules/@sinonjs/commons" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/fecha" } ] }, { "type": "library", - "name": "lodash.get", - "version": "4.4.2", - "bom-ref": "lodash.get@4.4.2", - "author": "John-David Dalton", - "description": "The lodash method `_.get` exported as a module.", + "name": "safe-stable-stringify", + "version": "2.4.3", + "bom-ref": "safe-stable-stringify@2.4.3", + "author": "Ruben Bridgewater", + "description": "Deterministic and safely JSON.stringify to quickly serialize JavaScript objects", "licenses": [ { "license": { @@ -49102,30 +135844,30 @@ } } ], - "purl": "pkg:npm/lodash.get@4.4.2", + "purl": "pkg:npm/safe-stable-stringify@2.4.3", "externalReferences": [ { - "url": "git+https://github.com/lodash/lodash.git", + "url": "git+https://github.com/BridgeAR/safe-stable-stringify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://lodash.com/", + "url": "https://github.com/BridgeAR/safe-stable-stringify#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lodash/lodash/issues", + "url": "https://github.com/BridgeAR/safe-stable-stringify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "url": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cfe530fef2eecba8107bc71f685583ee9d3056ff1f265de66f35e1df7452fb4a16db0bd4aa2457890ebd80b5922e9801e7feac53eafa065411d0c0482da76a4d" + "content": "7b66c30365894f4c31b1e55de25b033f8fb738d5fa1e931741ad5984543b494f868ef3910a64a16c2325b6bb480df9188551eb39c3ed8fe2a198305d3dd643d6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49134,47 +135876,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lodash.get" + "value": "node_modules/safe-stable-stringify" } ] }, { "type": "library", - "name": "nise", - "version": "5.1.9", - "bom-ref": "nise@5.1.9", - "description": "Fake XHR and server", + "name": "triple-beam", + "version": "1.4.1", + "bom-ref": "triple-beam@1.4.1", + "author": "Charlie Robbins", + "description": "Definitions of levels for logging purposes & shareable Symbol constants.", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/nise@5.1.9", + "purl": "pkg:npm/triple-beam@1.4.1", "externalReferences": [ { - "url": "git+ssh://git@github.com/sinonjs/nise.git", + "url": "git+https://github.com/winstonjs/triple-beam.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sinonjs/nise#readme", + "url": "https://github.com/winstonjs/triple-beam#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinonjs/nise/issues", + "url": "https://github.com/winstonjs/triple-beam/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", + "url": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a8e9e8ba35b8495e9ee34758c4939bdeebeea0f1ed98bcc89384c5a3e8f48cf2680bee59f718dae6a1f9259a1b10fb1af3e618a6132b392c27aec844846daac3" + "content": "6996e056266b83540d706f8b50b6bb9e16692536522e6fe65e71d79db01b8e63796926b4cbb57ec2fbfafb859a06da48489cd384acbe3c83f173536ad4427d9a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49183,161 +135926,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/nise" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "fake-timers", - "group": "@sinonjs", - "version": "11.2.2", - "bom-ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", - "author": "Christian Johansen", - "description": "Fake JavaScript timers", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/%40sinonjs/fake-timers@11.2.2", - "externalReferences": [ - { - "url": "git+https://github.com/sinonjs/fake-timers.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sinonjs/fake-timers", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sinonjs/fake-timers/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1b6a62092c50ee858ec701920321477cf22cc9e2465d8b5cea615b9c503e9115e48849d397c73ff23ba5d92df6f621419c323d1c6a1e596019beebce91971c83" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/nise/node_modules/@sinonjs/fake-timers" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "path-to-regexp", - "version": "6.2.2", - "bom-ref": "nise@5.1.9|path-to-regexp@6.2.2", - "description": "Express style path to RegExp utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/path-to-regexp@6.2.2", - "externalReferences": [ - { - "url": "git+https://github.com/pillarjs/path-to-regexp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/pillarjs/path-to-regexp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/pillarjs/path-to-regexp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1905f749232892781bdfafb085da515c4fb77fd57c533c80a2b958bce1b1f3bb9f1877a13539f9942c6b2ad2f2678625ff010a9cd9ebf7c6733b0c03655e6883" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/nise/node_modules/path-to-regexp" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/triple-beam" } ] }, { "type": "library", - "name": "text-encoding", - "group": "@sinonjs", - "version": "0.7.2", - "bom-ref": "@sinonjs/text-encoding@0.7.2", - "author": "Joshua Bell", - "description": "Polyfill for the Encoding Living Standard's API.", + "name": "one-time", + "version": "1.0.0", + "bom-ref": "one-time@1.0.0", + "author": "Arnout Kazemier", + "description": "Run the supplied function exactly one time (once)", "licenses": [ { - "expression": "(Unlicense OR Apache-2.0)" + "license": { + "id": "MIT" + } } ], - "purl": "pkg:npm/%40sinonjs/text-encoding@0.7.2", + "purl": "pkg:npm/one-time@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/sinonjs/text-encoding.git", + "url": "git+https://github.com/3rd-Eden/one-time.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sinonjs/text-encoding", + "url": "https://github.com/3rd-Eden/one-time#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinonjs/text-encoding/issues", + "url": "https://github.com/3rd-Eden/one-time/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "url": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b175ca1beb8bf48acaa95893b5aa365ace9dcb4ce7bbdb0e68fd5d8bf8ca196d4ce95b2c3bcbe5a5709072967e8e2b10d6d4c5002e49a3f10ecc56e08016a015" + "content": "e435ce8912b0b9211c43f974906085e90de37000c5bf9b52991689724fceaa454570eceeb41d77e0a4527c5d310eb2f7f4c367ab16c705b51472364885381bda" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49346,21 +135976,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@sinonjs/text-encoding" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/one-time" } ] }, { "type": "library", - "name": "just-extend", - "version": "6.2.0", - "bom-ref": "just-extend@6.2.0", - "author": "Angus Croll", - "description": "extend an object", + "name": "fn.name", + "version": "1.1.0", + "bom-ref": "fn.name@1.1.0", + "author": "Arnout Kazemier", + "description": "Extract names from functions", "licenses": [ { "license": { @@ -49368,30 +135994,30 @@ } } ], - "purl": "pkg:npm/just-extend@6.2.0", + "purl": "pkg:npm/fn.name@1.1.0", "externalReferences": [ { - "url": "git+https://github.com/angus-c/just.git", + "url": "git+https://github.com/3rd-Eden/fn.name.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/angus-c/just#readme", + "url": "https://github.com/3rd-Eden/fn.name", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/angus-c/just/issues", + "url": "https://github.com/3rd-Eden/fn.name/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", + "url": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "718a1f42ed97a689bcd92eaa0fbefc8c10e9c2fbf2dfdb3597f86b6228f6bbd00c750706469681bba918e26561ba7a39909562d43033e1a8a9840d96235fce03" + "content": "1919e607980fc89a4085341d4994d2a7db9a3d2be5d3d2a861c310b6c07dad0a0e9b3b3d747e9f7de71c1fe67e72fe8febc1eee5b0ba263461e0087f98748d47" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49400,21 +136026,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/just-extend" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/fn.name" } ] }, { "type": "library", - "name": "stdout-stderr", - "version": "0.1.13", - "bom-ref": "stdout-stderr@0.1.13", - "author": "Jeff Dickey @jdxcode", - "description": "mock stdout and stderr", + "name": "string_decoder", + "version": "1.3.0", + "bom-ref": "string_decoder@1.3.0", + "description": "The string_decoder module from Node core", "licenses": [ { "license": { @@ -49422,30 +136043,30 @@ } } ], - "purl": "pkg:npm/stdout-stderr@0.1.13", + "purl": "pkg:npm/string_decoder@1.3.0", "externalReferences": [ { - "url": "git+https://github.com/jdxcode/stdout-stderr.git", + "url": "git://github.com/nodejs/string_decoder.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jdxcode/stdout-stderr", + "url": "https://github.com/nodejs/string_decoder", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jdxcode/stdout-stderr/issues", + "url": "https://github.com/nodejs/string_decoder/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/stdout-stderr/-/stdout-stderr-0.1.13.tgz", + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e7b7dfc71c761f8d9ecd7902efb900f22f52e76ec6dd760305282b9a40ac0609d266f0b9ecb59217a29fae398dfa511d545d7a075df31b0b52a555d55dd892c" + "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49454,53 +136075,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/stdout-stderr" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/string_decoder" } ] }, { "type": "library", - "name": "abort-controller", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/abort-controller@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "A simple abort controller library", + "name": "stack-trace", + "version": "0.0.10", + "bom-ref": "stack-trace@0.0.10", + "author": "Felix Geisendörfer", + "description": "Get v8 stack traces as an array of CallSite objects.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/abort-controller@3.0.0#packages/abort-controller", + "purl": "pkg:npm/stack-trace@0.0.10", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/abort-controller", + "url": "git://github.com/felixge/node-stack-trace.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/abort-controller", + "url": "https://github.com/felixge/node-stack-trace", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/felixge/node-stack-trace/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.0.0.tgz", + "url": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a7a1a514606df4ae0c60bbbbd98b89e76dcd551e00f281e50b933624ee8e990a8df2401cfee87526a2c4f858b34e892b4891a0d024af0be06bb261b32adb1928" + "content": "286cda85cee9b942a4cf232df88a807a9f9354d6ca3fe9362e6c21b9bdfd9b502c4d291a0eeb71e7a6830a8f872c3cdffc3dba0481d32563624c6d4a0098900a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49509,17 +136125,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/abort-controller" + "value": "node_modules/stack-trace" } ] }, { "type": "library", - "name": "express", - "group": "@types", - "version": "4.17.21", - "bom-ref": "@types/express@4.17.21", - "description": "TypeScript definitions for express", + "name": "winston-transport", + "version": "4.7.0", + "bom-ref": "winston-transport@4.7.0", + "author": "Charlie Robbins", + "description": "Base stream implementations for winston@3 and up.", "licenses": [ { "license": { @@ -49527,30 +136143,30 @@ } } ], - "purl": "pkg:npm/%40types/express@4.17.21#types/express", + "purl": "pkg:npm/winston-transport@4.7.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express", + "url": "git+ssh://git@github.com/winstonjs/winston-transport.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express", + "url": "https://github.com/winstonjs/winston-transport#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/winstonjs/winston-transport/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "url": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7a394f337d79ab02e96909500d38cf76c50549ce99b0fe0037a0255a7a203e343b0958bb3d8177615cfe098de3136a7061fec4ffb1e50c0374ad5d86c531b41d" + "content": "6a3063eb92b923b75e9f37abd88616ebed9b34856a2c60c7a83c373b0f0e861faf756fabbf8319e9e883bc7a0a85f2456766aec8df1bc9789e0c327de9588e36" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49559,17 +136175,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/express" + "value": "node_modules/winston-transport" } ] }, { "type": "library", - "name": "body-parser", - "group": "@types", - "version": "1.19.5", - "bom-ref": "@types/body-parser@1.19.5", - "description": "TypeScript definitions for body-parser", + "name": "xlsx-populate", + "version": "1.21.0", + "bom-ref": "xlsx-populate@1.21.0", + "author": "Dave T. Johnson", + "description": "Excel XLSX parser/generator written in JavaScript with Node.js and browser support, jQuery/d3-style method chaining, and a focus on keeping existing workbook features and styles in tact.", "licenses": [ { "license": { @@ -49577,30 +136193,30 @@ } } ], - "purl": "pkg:npm/%40types/body-parser@1.19.5#types/body-parser", + "purl": "pkg:npm/xlsx-populate@1.21.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/body-parser", + "url": "git+https://github.com/dtjohnson/xlsx-populate.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/body-parser", + "url": "https://github.com/dtjohnson/xlsx-populate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/dtjohnson/xlsx-populate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "url": "https://registry.npmjs.org/xlsx-populate/-/xlsx-populate-1.21.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7c1dd9bbddae71abb4890d0930215013b6ff76ff0eb74ecd23729a64890850d5eaf3693878102a51a9de5df95e198f495ac91e4bdcbebb49d7332b2972e42b0a" + "content": "f2fd869bc05e857a3a2d4eca4fcd364285d33e4618d522a4e55f20fd4b98667341dc9cd7aae77f3fdf4fc6bdb25de2b2b7eb0a9426ad9a2773ea340d89ed6147" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49609,48 +136225,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/body-parser" + "value": "node_modules/xlsx-populate" } ] }, { "type": "library", - "name": "connect", - "group": "@types", - "version": "3.4.38", - "bom-ref": "@types/connect@3.4.38", - "description": "TypeScript definitions for connect", + "name": "cfb", + "version": "1.2.2", + "bom-ref": "cfb@1.2.2", + "author": "sheetjs", + "description": "Compound File Binary File Format extractor", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40types/connect@3.4.38#types/connect", + "purl": "pkg:npm/cfb@1.2.2", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/connect", + "url": "git://github.com/SheetJS/js-cfb.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/connect", + "url": "http://sheetjs.com/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/SheetJS/js-cfb/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "url": "https://registry.npmjs.org/cfb/-/cfb-1.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2bab9139fd4b0fcf2e0d0a890a4b40e32ccbd586002ba3607ec234bff9938323ca5ac5f50a72745cf48385589e8ebbb519c4642d66fc465cc560946a1946daba" + "content": "29f75466c48ec35f7f39b1166acbc13ff01ce2b799bc019ab9986ce92fe0a8d857848edc2b0be51fbba58fe74e1189dc6b86e6e121a8f02d5b4c042f9d38e040" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49659,48 +136275,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/connect" + "value": "node_modules/cfb" } ] }, { "type": "library", - "name": "express-serve-static-core", - "group": "@types", - "version": "4.19.0", - "bom-ref": "@types/express-serve-static-core@4.19.0", - "description": "TypeScript definitions for express-serve-static-core", + "name": "adler-32", + "version": "1.3.1", + "bom-ref": "adler-32@1.3.1", + "author": "sheetjs", + "description": "Pure-JS ADLER-32", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40types/express-serve-static-core@4.19.0#types/express-serve-static-core", + "purl": "pkg:npm/adler-32@1.3.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express-serve-static-core", + "url": "git://github.com/SheetJS/js-adler32.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express-serve-static-core", + "url": "http://sheetjs.com/opensource", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/SheetJS/js-adler32/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.0.tgz", + "url": "https://registry.npmjs.org/adler-32/-/adler-32-1.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6c6c9ea7726a3c246bcb5c2af8ee67ee88818065a67882573e35d70a8f042b4bbc76e6464986abedc1aa77730bd8952c2c6781edf99cd3a298a3d7cb196a8fbd" + "content": "ca7678c3f9d452fe6baec47c5141a87b5542f61663e95e6153d430d4794c0c9184270e52ed37d312b5938cccace8ceefaf461670faacdea02be2cb349c37cff8" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49709,48 +136325,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/express-serve-static-core" + "value": "node_modules/adler-32" } ] }, { "type": "library", - "name": "qs", - "group": "@types", - "version": "6.9.15", - "bom-ref": "@types/qs@6.9.15", - "description": "TypeScript definitions for qs", + "name": "crc-32", + "version": "1.2.2", + "bom-ref": "crc-32@1.2.2", + "author": "sheetjs", + "description": "Pure-JS CRC-32", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40types/qs@6.9.15#types/qs", + "purl": "pkg:npm/crc-32@1.2.2", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/qs", + "url": "git://github.com/SheetJS/js-crc32.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/qs", + "url": "https://sheetjs.com/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/SheetJS/js-crc32/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", + "url": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b971d02844ba0d028a08b878e355effddc313aad53552dc93d432512aa04825be5851e8cc6795ec3f5eafcb4551e92f293b88adf33837b5a981c8325b4eed71a" + "content": "44e9b308aad39cec326cf709029000e960568a3db71d57c654d2aaaab669bb264e1ea2b60b01d2be91aecadfd434dbda22311df17e48146a78321f887b520725" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49759,48 +136375,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/qs" + "value": "node_modules/crc-32" } ] }, { "type": "library", - "name": "range-parser", - "group": "@types", - "version": "1.2.7", - "bom-ref": "@types/range-parser@1.2.7", - "description": "TypeScript definitions for range-parser", + "name": "jszip", + "version": "3.10.1", + "bom-ref": "jszip@3.10.1", + "author": "Stuart Knightley", + "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip", "licenses": [ { - "license": { - "id": "MIT" - } + "expression": "(MIT OR GPL-3.0-or-later)" } ], - "purl": "pkg:npm/%40types/range-parser@1.2.7#types/range-parser", + "purl": "pkg:npm/jszip@3.10.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/range-parser", + "url": "git+https://github.com/Stuk/jszip.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/range-parser", + "url": "https://github.com/Stuk/jszip#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/Stuk/jszip/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "url": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "84aa2b9896e426acd01a1ce26b1e4f22d0d44cc00cf6e1365d7426337eddc9de2154cfb969597ba15c4c554895427da809014dfcb28265dbd2334a4546a6d299" + "content": "c570ef79cc93a462eba85aef92b512a31c5f248e401fb53ccf1c6d55c969b14b4c0aae09436f742d8f005b973b1a09ebfd8fe82be6d031ba8adaa9ad937a4de2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49809,17 +136423,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/range-parser" + "value": "node_modules/jszip" } ] }, { "type": "library", - "name": "send", - "group": "@types", - "version": "0.17.4", - "bom-ref": "@types/send@0.17.4", - "description": "TypeScript definitions for send", + "name": "lie", + "version": "3.3.0", + "bom-ref": "lie@3.3.0", + "description": "A basic but performant promise implementation", "licenses": [ { "license": { @@ -49827,30 +136440,30 @@ } } ], - "purl": "pkg:npm/%40types/send@0.17.4#types/send", + "purl": "pkg:npm/lie@3.3.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/send", + "url": "git+https://github.com/calvinmetcalf/lie.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/send", + "url": "https://github.com/calvinmetcalf/lie#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/calvinmetcalf/lie/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", + "url": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c7610ce9324ec9b79cedce76057d19b293e874cb1051de4be8f4703ae9d5c955215e205229fdc07b30cbf0382f82de68d147ca35fb80d1e30baf6c0b4f802204" + "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49859,17 +136472,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/send" + "value": "node_modules/lie" } ] }, { "type": "library", - "name": "mime", - "group": "@types", - "version": "1.3.5", - "bom-ref": "@types/mime@1.3.5", - "description": "TypeScript definitions for mime", + "name": "immediate", + "version": "3.0.6", + "bom-ref": "immediate@3.0.6", + "description": "A cross browser microtask library", "licenses": [ { "license": { @@ -49877,30 +136489,30 @@ } } ], - "purl": "pkg:npm/%40types/mime@1.3.5#types/mime", + "purl": "pkg:npm/immediate@3.0.6", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mime", + "url": "git://github.com/calvinmetcalf/immediate.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mime", + "url": "https://github.com/calvinmetcalf/immediate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/calvinmetcalf/immediate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "url": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fe9c8165648b0f69f475c1c4de1abcb3c66f7044c7b44b85fb713b5d5b74220da7bec5505dd8211d57049085a3cbd034c0a7d39fdedafcf48362884a2259cfff" + "content": "5d7385b72a838cd0c043155f631b85ee0f4897f21b5a69a5420d8c60a387f04c484f5aa0eb1738cf24b71da10401382cd5bb5fcf1ab5e5c894898ee08d25d119" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49909,48 +136521,45 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/mime" + "value": "node_modules/immediate" } ] }, { "type": "library", - "name": "serve-static", - "group": "@types", - "version": "1.15.7", - "bom-ref": "@types/serve-static@1.15.7", - "description": "TypeScript definitions for serve-static", + "name": "pako", + "version": "1.0.11", + "bom-ref": "pako@1.0.11", + "description": "zlib port to javascript - fast, modularized, with browser support", "licenses": [ { - "license": { - "id": "MIT" - } + "expression": "(MIT AND Zlib)" } ], - "purl": "pkg:npm/%40types/serve-static@1.15.7#types/serve-static", + "purl": "pkg:npm/pako@1.0.11", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/serve-static", + "url": "git+https://github.com/nodeca/pako.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/serve-static", + "url": "https://github.com/nodeca/pako", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/nodeca/pako/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", + "url": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5bc626fa1f2786e47068a3da0f0df8414930b068ba45ce3262abca168e6b9b61541210856f3556af15d4c6e28af130128d6b32b096349ec98d086842388b2b3b" + "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -49959,17 +136568,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/serve-static" + "value": "node_modules/pako" } ] }, { "type": "library", - "name": "http-errors", - "group": "@types", - "version": "2.0.4", - "bom-ref": "@types/http-errors@2.0.4", - "description": "TypeScript definitions for http-errors", + "name": "core-util-is", + "version": "1.0.3", + "bom-ref": "core-util-is@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "The `util.is*` functions introduced in Node v0.12.", "licenses": [ { "license": { @@ -49977,30 +136586,30 @@ } } ], - "purl": "pkg:npm/%40types/http-errors@2.0.4#types/http-errors", + "purl": "pkg:npm/core-util-is@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-errors", + "url": "git://github.com/isaacs/core-util-is.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-errors", + "url": "https://github.com/isaacs/core-util-is#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/isaacs/core-util-is/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", + "url": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0f408530cb7275b2407a0ccec878ed88a3cb96f9e6de24d9c994526682eada64610dd98b7c858e0983df409e1cbb67ab2a0854fbe42f8dc523a7fe61ee1112a4" + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50009,17 +136618,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/http-errors" + "value": "node_modules/core-util-is" } ] }, { "type": "library", - "name": "fs-extra", - "group": "@types", - "version": "11.0.4", - "bom-ref": "@types/fs-extra@11.0.4", - "description": "TypeScript definitions for fs-extra", + "name": "isarray", + "version": "1.0.0", + "bom-ref": "isarray@1.0.0", + "author": "Julian Gruber", + "description": "Array#isArray for older browsers", "licenses": [ { "license": { @@ -50027,30 +136636,30 @@ } } ], - "purl": "pkg:npm/%40types/fs-extra@11.0.4#types/fs-extra", + "purl": "pkg:npm/isarray@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/fs-extra", + "url": "git://github.com/juliangruber/isarray.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/fs-extra", + "url": "https://github.com/juliangruber/isarray", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/juliangruber/isarray/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-11.0.4.tgz", + "url": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c936c8b4236b791a28103df7aa3ba73ed8517128c444fd6be0ca8265cef0bf4bb6b149334c5a78e6d8147d2e7eafb16b64f76608235f94b85548ffe8f927a6b1" + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50059,17 +136668,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/fs-extra" + "value": "node_modules/isarray" } ] }, { "type": "library", - "name": "jsonfile", - "group": "@types", - "version": "6.1.4", - "bom-ref": "@types/jsonfile@6.1.4", - "description": "TypeScript definitions for jsonfile", + "name": "process-nextick-args", + "version": "2.0.1", + "bom-ref": "process-nextick-args@2.0.1", + "description": "process.nextTick but always with args", "licenses": [ { "license": { @@ -50077,30 +136685,30 @@ } } ], - "purl": "pkg:npm/%40types/jsonfile@6.1.4#types/jsonfile", + "purl": "pkg:npm/process-nextick-args@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jsonfile", + "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonfile", + "url": "https://github.com/calvinmetcalf/process-nextick-args", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/jsonfile/-/jsonfile-6.1.4.tgz", + "url": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0f9a86518c23be734d7b1b5d539f7ff9f23eb299f0b53166c903f487e3df20e4a435fa54e803880943a49b88b43a74a4f8dca374f26bc420eba34b09b16951a5" + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50109,17 +136717,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/jsonfile" + "value": "node_modules/process-nextick-args" } ] }, { "type": "library", - "name": "get-installed-path", - "group": "@types", - "version": "4.0.3", - "bom-ref": "@types/get-installed-path@4.0.3", - "description": "TypeScript definitions for get-installed-path", + "name": "setimmediate", + "version": "1.0.5", + "bom-ref": "setimmediate@1.0.5", + "author": "YuzuJS", + "description": "A shim for the setImmediate efficient script yielding API", "licenses": [ { "license": { @@ -50127,30 +136735,30 @@ } } ], - "purl": "pkg:npm/%40types/get-installed-path@4.0.3#types/get-installed-path", + "purl": "pkg:npm/setimmediate@1.0.5", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/get-installed-path", + "url": "git+https://github.com/YuzuJS/setImmediate.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/get-installed-path", + "url": "https://github.com/YuzuJS/setImmediate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/YuzuJS/setImmediate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/get-installed-path/-/get-installed-path-4.0.3.tgz", + "url": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5deea74eebca3b776e98cb29b267f57b092b7bce5f866426335c88bf67e4c99458a9753538d6001fd6f61cc0e2ca43ef76315485eb9de298b3044a48eede8e53" + "content": "3004c9759a7cb0ba8397febc2df4266cff3328f2d0355e81219a0882bb1c14343e46cbcafc1c5e0d03a0cb128aa21d32ffc87706a5459c2a90fe077eade8885c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50159,48 +136767,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/get-installed-path" + "value": "node_modules/setimmediate" } ] }, { "type": "library", - "name": "jest", - "group": "@types", - "version": "29.5.12", - "bom-ref": "@types/jest@29.5.12", - "description": "TypeScript definitions for jest", + "name": "sax", + "version": "1.2.1", + "bom-ref": "sax@1.2.1", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40types/jest@29.5.12#types/jest", + "purl": "pkg:npm/sax@1.2.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jest", + "url": "git://github.com/isaacs/sax-js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest", + "url": "https://github.com/isaacs/sax-js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/isaacs/sax-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", + "url": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7830bc6d3bd3fd0858771240ba542292e7a2818e40b1d0511f6c83296df2bde5bbb2f637f83ccdf38ff6354824c35d114e225b5aa66b4eda0655d625bc525d2f" + "content": "f08d9adcba2f1d33a99bb355e723b23bc207aa056c7cae3e52ec92ad753c617912457ee4ea1095f5bdc7ae4282af79cca608fed1b9a871a2495a9be9d6873b64" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50209,15 +136817,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/jest" + "value": "node_modules/sax" } ] }, { "type": "library", - "name": "expect", - "version": "29.7.0", - "bom-ref": "expect@29.7.0", + "name": "xmlbuilder", + "version": "11.0.1", + "bom-ref": "xmlbuilder@11.0.1", + "author": "Ozgur Ozcitak", + "description": "An XML builder for node.js", "licenses": [ { "license": { @@ -50225,30 +136835,30 @@ } } ], - "purl": "pkg:npm/expect@29.7.0#packages/expect", + "purl": "pkg:npm/xmlbuilder@11.0.1", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/expect", + "url": "git://github.com/oozcitak/xmlbuilder-js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "http://github.com/oozcitak/xmlbuilder-js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "http://github.com/oozcitak/xmlbuilder-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", + "url": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d9992cd217f554b15823591b8742398cfdca1c7c821e991fc87073b125d116097f060f665987cc5bca03f8f74c3e5130cb91cdb11f49bad632ea931e3a1eb59f" + "content": "7c396c23f905131ee02ef6de71cd3fa212c6e747ee810a7caf21f3313b96f6f49ad462745d858a9e1b14c7ba227b71bdf3eaf9e9a4d0214078921b78d91dc9bc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50257,16 +136867,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/expect" + "value": "node_modules/xmlbuilder" } ] }, { "type": "library", - "name": "expect-utils", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/expect-utils@29.7.0", + "name": "zip-lib", + "version": "1.0.4", + "bom-ref": "zip-lib@1.0.4", + "author": "fpsqdb", + "description": "zip and unzip library for node", "licenses": [ { "license": { @@ -50274,30 +136885,30 @@ } } ], - "purl": "pkg:npm/%40jest/expect-utils@29.7.0#packages/expect-utils", + "purl": "pkg:npm/zip-lib@1.0.4", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/expect-utils", + "url": "git+https://github.com/fpsqdb/zip-lib.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/fpsqdb/zip-lib#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/fpsqdb/zip-lib/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", + "url": "https://registry.npmjs.org/zip-lib/-/zip-lib-1.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1a5b0d0568854050958bd4154b1edfe4080c78bc5ef58082b393ee3f63b62dd8c3000f0987d797ee503526aff1757c3759bde1caf94535f6487dc45eb52cd870" + "content": "b5cc0c2d4b13fddc60110330c685add0148fdd054af6f57faf0ece46452f1ba4045bc1a06550d3873844f050de44e0f4beb306f500c52eb789f5e4ce61ce7a4f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50306,16 +136917,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/expect-utils" + "value": "node_modules/zip-lib" } ] }, { "type": "library", - "name": "jest-get-type", - "version": "29.6.3", - "bom-ref": "jest-get-type@29.6.3", - "description": "A utility function to get the type of a value", + "name": "yauzl", + "version": "3.1.3", + "bom-ref": "yauzl@3.1.3", + "author": "Josh Wolfe", + "description": "yet another unzip library for node", "licenses": [ { "license": { @@ -50323,30 +136935,30 @@ } } ], - "purl": "pkg:npm/jest-get-type@29.6.3#packages/jest-get-type", + "purl": "pkg:npm/yauzl@3.1.3", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-get-type", + "url": "git+https://github.com/thejoshwolfe/yauzl.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/thejoshwolfe/yauzl", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/thejoshwolfe/yauzl/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", + "url": "https://registry.npmjs.org/yauzl/-/yauzl-3.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cebb5e5e7a98c5f421ee5e451f22f7f232f7f5d8bc1fcac7a1e70b1f724dc47dc1c0eac1b0d79a6dd6a9e5ed08db7943e071c8f16e5514166a1b811aab92cd73" + "content": "24209d9a52495afecbd2afcaca539e93245a52b744a14c5691655c828ae8b1344e0855a24bda7634d3c4f586fdd5a93b6f53794b1019125896a6ca5b65c722bf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50355,47 +136967,54 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-get-type" + "value": "node_modules/yauzl" } ] }, { "type": "library", - "name": "jest-matcher-utils", - "version": "29.7.0", - "bom-ref": "jest-matcher-utils@29.7.0", - "description": "A set of utility functions for expect and related packages", + "name": "buffer-crc32", + "version": "0.2.13", + "bom-ref": "buffer-crc32@0.2.13", + "author": "Brian J. Brennan", + "description": "A pure javascript CRC32 algorithm that plays nice with binary data", "licenses": [ { "license": { "id": "MIT" } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE" + } } ], - "purl": "pkg:npm/jest-matcher-utils@29.7.0#packages/jest-matcher-utils", + "purl": "pkg:npm/buffer-crc32@0.2.13", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-matcher-utils", + "url": "git://github.com/brianloveswords/buffer-crc32.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/brianloveswords/buffer-crc32", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/brianloveswords/buffer-crc32/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", + "url": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b01903f978bd0ed70286c2372f7bb4f8dd28a603d89c244fb4671062b817991fa19adfdf61f5802f4c515d853c79639d7ee2e005ed18096dc016d9d12da82afe" + "content": "54ef47b7ffa9dd237b48a5aa72b804ce319b4522584f1f90d694d00b4c2b5aa1f1d2fa49ada43a1ad1f1f2dbdc835ae52b56f2854e6071cc603a08fb0744c391" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50404,15 +137023,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-matcher-utils" + "value": "node_modules/buffer-crc32" } ] }, { "type": "library", - "name": "jest-diff", - "version": "29.7.0", - "bom-ref": "jest-diff@29.7.0", + "name": "pend", + "version": "1.2.0", + "bom-ref": "pend@1.2.0", + "author": "Andrew Kelley", + "description": "dead-simple optimistic async helper", "licenses": [ { "license": { @@ -50420,30 +137041,30 @@ } } ], - "purl": "pkg:npm/jest-diff@29.7.0#packages/jest-diff", + "purl": "pkg:npm/pend@1.2.0", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-diff", + "url": "git://github.com/andrewrk/node-pend.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/andrewrk/node-pend#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/andrewrk/node-pend/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", + "url": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2cc220888ae18a098faecd37247a71521db22122b7bcb14f900a1d3dea34f81b85ef003616841b904835bbc8016014e19dcbbb7b5a040d47c85d5b93a8b4548f" + "content": "1776acbf8d94b97721773b7ec57a9f5b538695505efa6c5ada6a88d29839c801d93ef16663763a76b49ffc643503ce9681610df4ace1fd6ae029aea219c1d72e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50452,16 +137073,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-diff" + "value": "node_modules/pend" } ] }, { "type": "library", - "name": "diff-sequences", - "version": "29.6.3", - "bom-ref": "diff-sequences@29.6.3", - "description": "Compare items in two sequences to find a longest common subsequence", + "name": "yazl", + "version": "2.5.1", + "bom-ref": "yazl@2.5.1", + "author": "Josh Wolfe", + "description": "yet another zip library for node", "licenses": [ { "license": { @@ -50469,30 +137091,30 @@ } } ], - "purl": "pkg:npm/diff-sequences@29.6.3#packages/diff-sequences", + "purl": "pkg:npm/yazl@2.5.1", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/diff-sequences", + "url": "git+https://github.com/thejoshwolfe/yazl.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/thejoshwolfe/yazl", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/thejoshwolfe/yazl/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", + "url": "https://registry.npmjs.org/yazl/-/yazl-2.5.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "12378f2b5b2b0f73f4f28da3e1fd04c67ca5a91b3907db498dca7db7592b1f6a918bc08276c61fc1ef498122eeac5056c2ae2e3a58a9cdf9397c736fc052abf1" + "content": "a6110d8b63cb8879c76fa401568b7e7499da019d31a2c8fba777d697ece7223043967308d8fb19089677d3a04f4c539a1dfe6a743108f31e6a16b48e04de6faf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50501,48 +137123,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/diff-sequences" + "value": "node_modules/yazl" } ] }, { "type": "library", - "name": "pretty-format", - "version": "29.7.0", - "bom-ref": "pretty-format@29.7.0", - "author": "James Kyle", - "description": "Stringify any JavaScript value.", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/pretty-format@29.7.0#packages/pretty-format", + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/pretty-format", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3dd970fe83f137e69776633d474d09542f56545a022d3289bc354b82627ea807df04cc6c57ce65fcbbbbb0dc78cd2ccfca82f67ae226b84c0784e5dd12034565" + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50551,98 +137174,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pretty-format" - } - ], - "components": [ - { - "type": "library", - "name": "ansi-styles", - "version": "5.2.0", - "bom-ref": "pretty-format@29.7.0|ansi-styles@5.2.0", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-styles@5.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-styles.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-styles#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-styles/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/pretty-format/node_modules/ansi-styles" - } - ] + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso-oidc" } ] }, { "type": "library", - "name": "jest-message-util", - "version": "29.7.0", - "bom-ref": "jest-message-util@29.7.0", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/jest-message-util@29.7.0#packages/jest-message-util", + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-message-util", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "181115e064400de3feaad076fbabbad6cb5e6bc98670e4f8982b6b608499c1fbbdfc8487149ff9cce31761ba4113d46c4b9f866fadc35b81609a7289efd29feb" + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50651,47 +137225,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-message-util" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sts" } ] }, { "type": "library", - "name": "types", - "group": "@jest", - "version": "29.6.3", - "bom-ref": "@jest/types@29.6.3", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40jest/types@29.6.3#packages/jest-types", + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-types", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bb750fb088a558a38cdc5f425edac6f0b10998dc70a02402fd7563e082985efbe9c7b4088bf2a0d4b239b83983a4a95a73ad8d52d5fb78b8d187e8d565c2cecf" + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50700,46 +137276,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/types" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/core" } ] }, { "type": "library", - "name": "jest-util", - "version": "29.7.0", - "bom-ref": "jest-util@29.7.0", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/jest-util@29.7.0#packages/jest-util", + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-util", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cfa11b29a8c8a6a18a539eb2e4a054832d5db758a18502605b352564702b03ff97d9a77b09be6217e00ad445952ff068ed1cfdbaeae9ab0e9288109e7d46c218" + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50748,99 +137327,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-util" - } - ], - "components": [ - { - "type": "library", - "name": "ci-info", - "version": "3.9.0", - "bom-ref": "jest-util@29.7.0|ci-info@3.9.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ci-info@3.9.0", - "externalReferences": [ - { - "url": "git+https://github.com/watson/ci-info.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/watson/ci-info", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/watson/ci-info/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-util/node_modules/ci-info" - } - ] + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-node" } ] }, { "type": "library", - "name": "schemas", - "group": "@jest", - "version": "29.6.3", - "bom-ref": "@jest/schemas@29.6.3", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40jest/schemas@29.6.3#packages/jest-schemas", + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-schemas", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9a8e63e57fa321998942f78129e4bf72502e7a2a55eca8225f5bcc802c5a9b544d622a84d70eb69f4fed2499c7b635bc647710728e6063ce630379a2d0bfa748" + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50849,49 +137377,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/schemas" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/middleware-user-agent" } ] }, { "type": "library", - "name": "typebox", - "group": "@sinclair", - "version": "0.27.8", - "bom-ref": "@sinclair/typebox@0.27.8", - "author": "sinclairzx81", - "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40sinclair/typebox@0.27.8", + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", "externalReferences": [ { - "url": "git+https://github.com/sinclairzx81/typebox.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sinclairzx81/typebox#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinclairzx81/typebox/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f858f8de948cc09b38291ac7ffddfc51ffae0042c881506643383fab5606d74763c9f0374e7ad4f0df17cea0a1fe891976ccea0504d97fdea274c7c4e659f04c" + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50900,48 +137427,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@sinclair/typebox" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/region-config-resolver" } ] }, { "type": "library", - "name": "js-yaml", - "group": "@types", - "version": "4.0.9", - "bom-ref": "@types/js-yaml@4.0.9", - "description": "TypeScript definitions for js-yaml", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40types/js-yaml@4.0.9#types/js-yaml", + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/js-yaml", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9383066909794c6a3f8a2a6a6f65031b65308d7ce2496921d2ecac41e953949a57d6a1a5a546589bc3e73b80f11b5a81a26b4951d609eaa47ac5d21a875d092e" + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -50950,52 +137478,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/js-yaml" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-endpoints" } ] }, { "type": "library", - "name": "mocha", - "group": "@types", - "version": "10.0.6", - "bom-ref": "@types/mocha@10.0.6", - "description": "TypeScript definitions for mocha", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40types/mocha@10.0.6#types/mocha", + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mocha", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mocha", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.6.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "749beb616c4ffd47179b7e909f7e9fc6150abbc03fc4c457553d9c962145d59ed403d9621b93ec8f77b3352670fb9a6e1f67330d744b7174317fc25b26dd1e8e" + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51004,17 +137528,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/mocha" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-user-agent-node" } ] }, { "type": "library", - "name": "mock-fs", - "group": "@types", - "version": "4.13.4", - "bom-ref": "@types/mock-fs@4.13.4", - "description": "TypeScript definitions for mock-fs", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", "licenses": [ { "license": { @@ -51022,30 +137546,30 @@ } } ], - "purl": "pkg:npm/%40types/mock-fs@4.13.4#types/mock-fs", + "purl": "pkg:npm/fast-xml-parser@4.2.5", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mock-fs", + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mock-fs", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "99798cd28ea550b3c8f33dd7367402a4bd011b13f0c75525d705d810f04697879f4a1cb15b64659f424e3c4586c9969864c33a3955ccff5e7352e14c639da58e" + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51054,51 +137578,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/mock-fs" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/fast-xml-parser" } ] }, { "type": "library", - "name": "undici-types", - "version": "5.26.5", - "bom-ref": "undici-types@5.26.5", - "description": "A stand-alone types package for Undici", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/undici-types@5.26.5", + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", "externalReferences": [ { - "url": "git+https://github.com/nodejs/undici.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://undici.nodejs.org", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodejs/undici/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "26508c3be7a174420aaa517193a21f568014566833edc53bcc3fe1f57674ab37a8b121e650954ecd242fbd84985979055c2f887cb29221f7e1bf4b1566ea7aa4" + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51107,48 +137629,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/undici-types" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-env" } ] }, { "type": "library", - "name": "objects-to-csv", - "group": "@types", - "version": "1.3.3", - "bom-ref": "@types/objects-to-csv@1.3.3", - "description": "TypeScript definitions for objects-to-csv", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40types/objects-to-csv@1.3.3#types/objects-to-csv", + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/objects-to-csv", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/objects-to-csv", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/objects-to-csv/-/objects-to-csv-1.3.3.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0be7cc752da02beacd51ce620231ff778cfea0d6b272d06ba45e46f433b84a9a81efcc06fd3929d917c8f3fe9a29ffd1f8b39a0117106b14371bfe9498083c19" + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51157,48 +137680,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/objects-to-csv" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-http" } ] }, { "type": "library", - "name": "prompt-sync", - "group": "@types", - "version": "4.2.3", - "bom-ref": "@types/prompt-sync@4.2.3", - "description": "TypeScript definitions for prompt-sync", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40types/prompt-sync@4.2.3#types/prompt-sync", + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prompt-sync", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prompt-sync", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/prompt-sync/-/prompt-sync-4.2.3.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3b1efb8024b1d18c9e6a41adfea7ce6544853524a2fac877001a063a20b088ed8a383c78f760499d49bda085d2f801c9b6aa75da233845db98eaf89327d6d8c0" + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51207,48 +137731,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/prompt-sync" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-ini" } ] }, { "type": "library", - "name": "tmp", - "group": "@types", - "version": "0.2.6", - "bom-ref": "@types/tmp@0.2.6", - "description": "TypeScript definitions for tmp", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40types/tmp@0.2.6#types/tmp", + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/tmp", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "72185a35fda82879519031adfad88a136679689eaa6a59bb67dae52dd07098e88001fd3d610befa0b5e358ae0758f175c54fdfaaf3207cd7e956806c700fed28" + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51257,48 +137782,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/tmp" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-process" } ] }, { "type": "library", - "name": "uuid", - "group": "@types", - "version": "9.0.8", - "bom-ref": "@types/uuid@9.0.8", - "description": "TypeScript definitions for uuid", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40types/uuid@9.0.8#types/uuid", + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/uuid", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8e0fbdec4188718f4018724945a68f5607ad283b2b4e06d18d0e4cb208e1fc340a1059740edc91aff5423b20f54f647530d7963cafeeec9a068650d99ca0407c" + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51307,48 +137833,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/uuid" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-sso" } ] }, { "type": "library", - "name": "eslint-plugin", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0", - "description": "TypeScript plugin for ESLint", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@7.12.0#packages/eslint-plugin", + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://typescript-eslint.io/packages/eslint-plugin", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ec5f757dc6ee0dffdddd2f28db5fabdd99dc18891effe7969341293b6d4b5e10df2da86b89917d0868f87db01eb448e56817637529bd6ba55e5dba5b4fa678d1" + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51357,217 +137884,100 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/eslint-plugin" - }, + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ { - "name": "cdx:npm:package:development", - "value": "true" + "license": { + "id": "Apache-2.0" + } } ], - "components": [ + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ { - "type": "library", - "name": "scope-manager", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", - "description": "TypeScript scope analyser for ESLint", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io/packages/scope-manager", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "types", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", - "description": "Types for the TypeScript-ESTree AST spec", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "visitor-keys", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso" } ] }, { "type": "library", - "name": "regexpp", - "group": "@eslint-community", - "version": "4.10.0", - "bom-ref": "@eslint-community/regexpp@4.10.0", - "author": "Toru Nagashima", - "description": "Regular expression parser for ECMAScript.", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40eslint-community/regexpp@4.10.0", + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", "externalReferences": [ { - "url": "git+https://github.com/eslint-community/regexpp.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/eslint-community/regexpp#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint-community/regexpp/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0aef7a49dd81cbd982353c768b228e9aad74bf6da351542fd25427946372d7aa04f79f3dc84f900033dbacc182900e7570a6528373eefda4c955319f2ffaa350" + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51576,52 +137986,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@eslint-community/regexpp" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/token-providers" } ] }, { "type": "library", - "name": "parser", - "group": "@typescript-eslint", - "version": "7.7.1", - "bom-ref": "@typescript-eslint/parser@7.7.1", - "description": "An ESLint custom parser which leverages TypeScript ESTree", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "0BSD" } } ], - "purl": "pkg:npm/%40typescript-eslint/parser@7.7.1#packages/parser", + "purl": "pkg:npm/tslib@1.14.1", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "url": "git+https://github.com/Microsoft/tslib.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io/packages/parser", + "url": "https://www.typescriptlang.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/Microsoft/TypeScript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.1.tgz", + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "be63f304e3adcf8f05e89006552fe46589381245daa3a886ac3f37f2ca75c37350402d16f2bcbfabae35294e0fac6ec028d01fe7a34e711f063a91fc97d14f0b" + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51630,52 +138036,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/parser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@aws-crypto/sha256-browser/node_modules/tslib" } ] }, { "type": "library", - "name": "scope-manager", - "group": "@typescript-eslint", - "version": "7.7.1", - "bom-ref": "@typescript-eslint/scope-manager@7.7.1", - "description": "TypeScript scope analyser for ESLint", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", "licenses": [ { "license": { - "id": "MIT" + "id": "0BSD" } } ], - "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.7.1#packages/scope-manager", + "purl": "pkg:npm/tslib@1.14.1", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "url": "git+https://github.com/Microsoft/tslib.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io/packages/scope-manager", + "url": "https://www.typescriptlang.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/Microsoft/TypeScript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz", + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3f2b4189fd9217ef52a4450aca7627e60d511c575d254732ca71a9ced5f797f8a4eca99912fd7d5823215019075cf53d7acfd55860f7ff3837c20f74f83876ac" + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51684,52 +138086,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/scope-manager" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@aws-crypto/ie11-detection/node_modules/tslib" } ] }, { "type": "library", - "name": "types", - "group": "@typescript-eslint", - "version": "7.7.1", - "bom-ref": "@typescript-eslint/types@7.7.1", - "description": "Types for the TypeScript-ESTree AST spec", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", "licenses": [ { "license": { - "id": "MIT" + "id": "0BSD" } } ], - "purl": "pkg:npm/%40typescript-eslint/types@7.7.1#packages/types", + "purl": "pkg:npm/tslib@1.14.1", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "url": "git+https://github.com/Microsoft/tslib.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io", + "url": "https://www.typescriptlang.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/Microsoft/TypeScript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz", + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0263e69c65b564b4e959afbfda898facf7d1ec171b514e2885ae5521b49b4b56b54eff7ae9b925bcb357c69de6adb73e3f68f830d3937c37df36c938a3473aff" + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51738,52 +138136,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/types" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@aws-crypto/sha256-js/node_modules/tslib" } ] }, { "type": "library", - "name": "visitor-keys", - "group": "@typescript-eslint", - "version": "7.7.1", - "bom-ref": "@typescript-eslint/visitor-keys@7.7.1", - "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", "licenses": [ { "license": { - "id": "MIT" + "id": "0BSD" } } ], - "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.7.1#packages/visitor-keys", + "purl": "pkg:npm/tslib@1.14.1", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "url": "git+https://github.com/Microsoft/tslib.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io", + "url": "https://www.typescriptlang.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/Microsoft/TypeScript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz", + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8012f712adb9b800f0d4b43d915a5fde144cf835b3b34b999271d82b786ae237133ea5420a51c60e707a514515d9215e05e0382961d66db2ea99b19c6781586f" + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51792,52 +138186,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib" } ] }, { "type": "library", - "name": "typescript-estree", - "group": "@typescript-eslint", - "version": "7.7.1", - "bom-ref": "@typescript-eslint/typescript-estree@7.7.1", - "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/util@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "0BSD" } } ], - "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.7.1#packages/typescript-estree", + "purl": "pkg:npm/tslib@1.14.1", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "url": "git+https://github.com/Microsoft/tslib.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io/packages/typescript-estree", + "url": "https://www.typescriptlang.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/Microsoft/TypeScript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz", + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0977b4247097aeef056b7e9db5e5ea987d98c6780a2639102e3c73a23e8b630cd9eea66f82c2d273e7aa22d0aba88a29f1597650aa008b44ad556bbdec541921" + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51846,52 +138236,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/typescript-estree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@aws-crypto/util/node_modules/tslib" } ] }, { "type": "library", - "name": "ts-api-utils", - "version": "1.3.0", - "bom-ref": "ts-api-utils@1.3.0", - "author": "JoshuaKGoldberg", - "description": "Utility functions for working with TypeScript's API. Successor to the wonderful tsutils. 🛠️️", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/ts-api-utils@1.3.0", + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", "externalReferences": [ { - "url": "git+https://github.com/JoshuaKGoldberg/ts-api-utils.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/JoshuaKGoldberg/ts-api-utils#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/JoshuaKGoldberg/ts-api-utils/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "510308a3ba5bf1646898a475ffe30554b4eba08bc356d317dcae8e522afcca72f2cc1f097ab8a89edd9b4c0b6634f6b57a402037b60f0f27fa57eca0add53e79" + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51900,21 +138287,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ts-api-utils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso-oidc" } ] }, { "type": "library", - "name": "eslint-visitor-keys", - "version": "3.4.3", - "bom-ref": "eslint-visitor-keys@3.4.3", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", "licenses": [ { "license": { @@ -51922,30 +138306,30 @@ } } ], - "purl": "pkg:npm/eslint-visitor-keys@3.4.3", + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c2973e2d77a2ca28acc4f944914cd4eacbf24b57eb20edcc8318f57ddcbb3e6f1883382e6b1d8ddc56bf0ff6a0d56a9b3a9add23eb98eb031497cfdad86fa26a" + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -51954,52 +138338,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sts" } ] }, { "type": "library", - "name": "eslint", - "version": "8.57.0", - "bom-ref": "eslint@8.57.0", - "author": "Nicholas C. Zakas", - "description": "An AST-based pattern checker for JavaScript.", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/eslint@8.57.0", + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://eslint.org", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint/issues/", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "759ebe99ec6769321b481656828bb9d54e8e9b322160cd9570d76d893b48eea3cd666df9024a6bd1feafb70df0d4a9a7e4f628fad6557e1d775ab8694baa0ba9" + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -52008,270 +138389,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "ajv", - "version": "6.12.6", - "bom-ref": "eslint@8.57.0|ajv@6.12.6", - "author": "Evgeny Poberezkin", - "description": "Another JSON Schema Validator", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ajv@6.12.6", - "externalReferences": [ - { - "url": "git+https://github.com/ajv-validator/ajv.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ajv-validator/ajv", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ajv-validator/ajv/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint/node_modules/ajv" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "json-schema-traverse", - "version": "0.4.1", - "bom-ref": "eslint@8.57.0|json-schema-traverse@0.4.1", - "author": "Evgeny Poberezkin", - "description": "Traverse JSON Schema passing each schema object to callback", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/json-schema-traverse@0.4.1", - "externalReferences": [ - { - "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/epoberezkin/json-schema-traverse#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/epoberezkin/json-schema-traverse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint/node_modules/json-schema-traverse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "eslint@8.57.0|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minimatch@3.1.2", - "externalReferences": [ - { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint/node_modules/minimatch" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "eslint@8.57.0|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/brace-expansion@1.1.11", - "externalReferences": [ - { - "url": "git://github.com/juliangruber/brace-expansion.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint/node_modules/brace-expansion" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/core" } ] }, { "type": "library", - "name": "type-utils", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/type-utils@7.12.0", - "description": "Type utilities for working with TypeScript + ESLint together", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40typescript-eslint/type-utils@7.12.0#packages/type-utils", + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/type-utils", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://typescript-eslint.io", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9626fdeadc91b4c84bc706ae0d6529fee5b714c84b03a0f4ac9f13ec7987ef1db71a4d46c30bbc519f7834c5c1bce10b9fa7e548f881ac22a57a19225f26aac0" + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -52280,216 +138440,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/type-utils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "typescript-estree", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", - "description": "A parser that converts TypeScript source code into an ESTree compatible form", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io/packages/typescript-estree", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "types", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", - "description": "Types for the TypeScript-ESTree AST spec", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "visitor-keys", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-node" } ] }, { "type": "library", - "name": "utils", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/utils@7.12.0", - "description": "Utilities for working with TypeScript + ESLint together", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40typescript-eslint/utils@7.12.0#packages/utils", + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/utils", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://typescript-eslint.io/packages/utils", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "63a861c31c03c78d473698ee62cc18a7a8036e4899f078a7f417f9689427d5ba53b3769f618e065fe30f63199af23b68215d864704ccfd4266ff6b86095bfe0d" + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -52498,271 +138490,149 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/utils" - }, + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ { - "name": "cdx:npm:package:development", - "value": "true" + "license": { + "id": "Apache-2.0" + } } ], - "components": [ + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ { - "type": "library", - "name": "scope-manager", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", - "description": "TypeScript scope analyser for ESLint", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io/packages/scope-manager", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "types", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", - "description": "Types for the TypeScript-ESTree AST spec", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "visitor-keys", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "typescript-estree", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", - "description": "A parser that converts TypeScript source code into an ESTree compatible form", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io/packages/typescript-estree", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-endpoints" } ] }, { "type": "library", - "name": "eslint-utils", - "group": "@eslint-community", - "version": "4.4.0", - "bom-ref": "@eslint-community/eslint-utils@4.4.0", - "author": "Toru Nagashima", - "description": "Utilities for ESLint plugins.", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40eslint-community/eslint-utils@4.4.0", + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", "externalReferences": [ { - "url": "git+https://github.com/eslint-community/eslint-utils.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/eslint-community/eslint-utils#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint-community/eslint-utils/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d7fb00e1dc2bcc1032794a10ea8c5a8472a6ad9bec9cb0a0e117f15b76451869909123503c534b57d09410540fd71f446171d3a39a7ac5d85933535ef69fc07c" + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -52771,21 +138641,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@eslint-community/eslint-utils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-user-agent-node" } ] }, { "type": "library", - "name": "graphemer", - "version": "1.4.0", - "bom-ref": "graphemer@1.4.0", - "author": "Matt Davies", - "description": "A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", "licenses": [ { "license": { @@ -52793,30 +138659,30 @@ } } ], - "purl": "pkg:npm/graphemer@1.4.0", + "purl": "pkg:npm/fast-xml-parser@4.2.5", "externalReferences": [ { - "url": "git+https://github.com/flmnt/graphemer.git", + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/flmnt/graphemer", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/flmnt/graphemer/issues", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "12d2b0a0eea4c422fd58ee718a98874d9952cc19bb58b4fadbb4ea0bfb9545dd072a6abc357c9e6e7358c43a018bbc2df1e4d6ad4aca5c2395685abdc759206a" + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -52825,52 +138691,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/graphemer" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/fast-xml-parser" } ] }, { "type": "library", - "name": "accurate-search", - "version": "1.2.15", - "bom-ref": "accurate-search@1.2.15", - "author": "Florin Mirel Dumitrescu", - "description": "The fastest and most accurate javascript full-text search library. Accurate search uses match distance algorithm to return the accurate order of the matching items.", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/accurate-search@1.2.15", + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", "externalReferences": [ { - "url": "git+https://github.com/florind9/accurate-search.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://accuratesearch.org", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/florind9/accurate-search/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/accurate-search/-/accurate-search-1.2.15.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2356977547875158d69468d26c177c35a304fc2414f78d87dad1cc12e6797adff16f9da60e18a421e6c08bdb9f12801ef25c331eb6c29784797ae099f0aff07c" + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -52879,48 +138742,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/accurate-search" + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-env" } ] }, { "type": "library", - "name": "ajv", - "version": "8.16.0", - "bom-ref": "ajv@8.16.0", - "author": "Evgeny Poberezkin", - "description": "Another JSON Schema Validator", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/ajv@8.16.0", + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", "externalReferences": [ { - "url": "git+https://github.com/ajv-validator/ajv.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://ajv.js.org", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ajv-validator/ajv/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "174b7047c535654ebb24812d7a451c2e45e4a0ee6630c9a0183f2c2bfc5417327cd398f11d097dda1226140aaa5ccc8c62348f3b250f0301d8841ef6839b135f" + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -52929,48 +138793,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ajv" + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-http" } ] }, { "type": "library", - "name": "fast-deep-equal", - "version": "3.1.3", - "bom-ref": "fast-deep-equal@3.1.3", - "author": "Evgeny Poberezkin", - "description": "Fast deep equal", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/fast-deep-equal@3.1.3", + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", "externalReferences": [ { - "url": "git+https://github.com/epoberezkin/fast-deep-equal.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/epoberezkin/fast-deep-equal#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/epoberezkin/fast-deep-equal/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1" + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -52979,48 +138844,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fast-deep-equal" + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-ini" } ] }, { "type": "library", - "name": "json-schema-traverse", - "version": "1.0.0", - "bom-ref": "json-schema-traverse@1.0.0", - "author": "Evgeny Poberezkin", - "description": "Traverse JSON Schema passing each schema object to callback", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/json-schema-traverse@1.0.0", + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", "externalReferences": [ { - "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "34cf3f3fd9f75e35e12199f594b86415a0024ce5114178d6855e0103f4673aff31be0aadaa9017f483b89914314b1d51968e2dab37aa6f4b0e96bb9a3b2dddba" + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53029,48 +138895,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-schema-traverse" + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-process" } ] }, { "type": "library", - "name": "require-from-string", - "version": "2.0.2", - "bom-ref": "require-from-string@2.0.2", - "author": "Vsevolod Strukchinsky", - "description": "Require module from string", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/require-from-string@2.0.2", + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", "externalReferences": [ { - "url": "git+https://github.com/floatdrop/require-from-string.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/floatdrop/require-from-string#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/floatdrop/require-from-string/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5dfd2759ee91b1ece214cbbe029f5b8a251b9a996ae92f7fa7eef0ed85cffc904786b5030d48706bebc0372b9bbaa7d9593bde53ffc36151ac0c6ed128bfef13" + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53079,48 +138946,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/require-from-string" + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-sso" } ] }, { "type": "library", - "name": "uri-js", - "version": "4.4.1", - "bom-ref": "uri-js@4.4.1", - "author": "Gary Court", - "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/uri-js@4.4.1", + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", "externalReferences": [ { - "url": "git+ssh://git@github.com/garycourt/uri-js.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/garycourt/uri-js", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/garycourt/uri-js/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "eeb294cb2df7435c9cf7ca50d430262edc17d74f45ed321f5a55b561da3c5a5d628b549e1e279e8741c77cf78bd9f3172bacf4b3c79c2acf5fac2b8b26f9dd06" + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53129,48 +138997,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/uri-js" + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-web-identity" } ] }, { "type": "library", - "name": "punycode", - "version": "2.3.1", - "bom-ref": "punycode@2.3.1", - "author": "Mathias Bynens", - "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/punycode@2.3.1", + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", "externalReferences": [ { - "url": "git+https://github.com/mathiasbynens/punycode.js.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://mths.be/punycode", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mathiasbynens/punycode.js/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53179,48 +139048,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/punycode" + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso" } ] }, { "type": "library", - "name": "form-data", - "version": "4.0.0", - "bom-ref": "form-data@4.0.0", - "author": "Felix Geisendörfer", - "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/form-data@4.0.0", + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", "externalReferences": [ { - "url": "git://github.com/form-data/form-data.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/form-data/form-data#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/form-data/form-data/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1131249521a2e6dd10319ba25e803f43abdc9f170b40fe6f76e812a6e0328ba4951a2d9c94f3e9fb180486e31a1c2fb31a09f7d4a776df95b7e5fec7ca491ac3" + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53229,17 +139099,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/form-data" + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/token-providers" } ] }, { "type": "library", - "name": "proxy-from-env", - "version": "1.1.0", - "bom-ref": "proxy-from-env@1.1.0", - "author": "Rob Wu", - "description": "Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.", + "name": "axios", + "version": "0.21.4", + "bom-ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", "licenses": [ { "license": { @@ -53247,30 +139117,30 @@ } } ], - "purl": "pkg:npm/proxy-from-env@1.1.0", + "purl": "pkg:npm/axios@0.21.4", "externalReferences": [ { - "url": "git+https://github.com/Rob--W/proxy-from-env.git", + "url": "git+https://github.com/axios/axios.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Rob--W/proxy-from-env#readme", + "url": "https://axios-http.com", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Rob--W/proxy-from-env/issues", + "url": "https://github.com/axios/axios/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "url": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0fece439109b03d7f5b5d5912b445a091dc63efe7470cc5caf3e17f24e4b4d2503d43930e3b98a24465036e9c8b514e45b082d6944a8d515454481bd65788562" + "content": "bade6f7b0922bbc8e318176aa4ce385f18ee0a3abd2c029e1d59a855f1d5cf2f1e1e0c71abc49b01540da2f0c0f26562d3990fd046bf9ff5337121dc4c941f36" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53279,17 +139149,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/proxy-from-env" + "value": "node_modules/@mitre/emass_client/node_modules/axios" } ] }, { "type": "library", - "name": "assertion-error", - "version": "1.1.0", - "bom-ref": "assertion-error@1.1.0", - "author": "Jake Luer", - "description": "Error constructor for test and validation frameworks that implements standardized AssertionError specification.", + "name": "chalk", + "version": "1.1.3", + "bom-ref": "log-symbols@1.0.2|chalk@1.1.3", + "description": "Terminal string styling done right. Much color.", "licenses": [ { "license": { @@ -53297,30 +139166,30 @@ } } ], - "purl": "pkg:npm/assertion-error@1.1.0", + "purl": "pkg:npm/chalk@1.1.3", "externalReferences": [ { - "url": "git+ssh://git@github.com/chaijs/assertion-error.git", + "url": "git+https://github.com/chalk/chalk.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chaijs/assertion-error#readme", + "url": "https://github.com/chalk/chalk#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chaijs/assertion-error/issues", + "url": "https://github.com/chalk/chalk/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "url": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8e0b1a35dbb3fa776f1b216ddee4ae5aabf2e250a72098a8beda2e40de4964738a092d90ba111d6dc407161564b33d8dd94f615c9a3ca1d1bb113c969447ae0f" + "content": "53795154b31296c09f8ea60f6cbc95bf5d4cf423d6e08ef6f1de9308a300389b9e11e07dffca3e792b0c9f13c90fe43e2bdd3db1d11283b0beb489281faa27d4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53329,17 +139198,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/assertion-error" + "value": "node_modules/log-symbols/node_modules/chalk" } ] }, { "type": "library", - "name": "check-error", - "version": "1.0.3", - "bom-ref": "check-error@1.0.3", - "author": "Jake Luer", - "description": "Error comparison and information related utility for node and the browser", + "name": "ansi-styles", + "version": "2.2.1", + "bom-ref": "log-symbols@1.0.2|ansi-styles@2.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", "licenses": [ { "license": { @@ -53347,30 +139216,30 @@ } } ], - "purl": "pkg:npm/check-error@1.0.3", + "purl": "pkg:npm/ansi-styles@2.2.1", "externalReferences": [ { - "url": "git+ssh://git@github.com/chaijs/check-error.git", + "url": "git+https://github.com/chalk/ansi-styles.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chaijs/check-error#readme", + "url": "https://github.com/chalk/ansi-styles#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chaijs/check-error/issues", + "url": "https://github.com/chalk/ansi-styles/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "88a1280d869199dd66c4cf746b63847d6863b233e960fb90fa5318b28c41d76ebeb7c7f0ef24843b8f2798383908e4e3c4323ae7f636396a5e10793764e7bcce" + "content": "92609ebc582146258cec7079cd33d42e5e2bf5b5454968f3eb6321aa2cc3194aead8d5ae34c432bafe2d1c7a0a247b3af4cfcc17ae2511c1dd608a1cadd59060" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53379,17 +139248,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/check-error" + "value": "node_modules/log-symbols/node_modules/ansi-styles" } ] }, { "type": "library", - "name": "get-func-name", - "version": "2.0.2", - "bom-ref": "get-func-name@2.0.2", - "author": "Jake Luer", - "description": "Utility for getting a function's name for node and the browser", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", "licenses": [ { "license": { @@ -53397,30 +139266,30 @@ } } ], - "purl": "pkg:npm/get-func-name@2.0.2", + "purl": "pkg:npm/escape-string-regexp@1.0.5", "externalReferences": [ { - "url": "git+ssh://git@github.com/chaijs/get-func-name.git", + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chaijs/get-func-name#readme", + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chaijs/get-func-name/issues", + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f2f5cebee135ebb0ad21cdcec88b5ca3b37f76946d05b60eb0fb170b3ed7fcf3279468d88d21ae64980cd58ee699ec3b04a7fd06abcb5f6b67395cb504152cc5" + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53429,17 +139298,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/get-func-name" + "value": "node_modules/log-symbols/node_modules/escape-string-regexp" } ] }, { "type": "library", - "name": "deep-eql", - "version": "4.1.3", - "bom-ref": "deep-eql@4.1.3", - "author": "Jake Luer", - "description": "Improved deep equality testing for Node.js and the browser.", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", "licenses": [ { "license": { @@ -53447,30 +139316,30 @@ } } ], - "purl": "pkg:npm/deep-eql@4.1.3", + "purl": "pkg:npm/strip-ansi@3.0.1", "externalReferences": [ { - "url": "git+ssh://git@github.com/chaijs/deep-eql.git", + "url": "git+https://github.com/chalk/strip-ansi.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chaijs/deep-eql#readme", + "url": "https://github.com/chalk/strip-ansi#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chaijs/deep-eql/issues", + "url": "https://github.com/chalk/strip-ansi/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "59a12d00ea51035310d1ea21a998e9183f33748d0ebec9bc9a616168337c76f0d9cf2a1431c6039dfe58ea2bbb1d35f17fc2434b6dea59ae1afa12820f238fcf" + "content": "561ba64926c1a834cff29d992ca8f8d148c1095e3ebfc6d4484a546f82a34605a4f696ea185e111058fa2846a089d6f67ff33a0330b41261720cd19ac3d382ce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53479,17 +139348,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/deep-eql" + "value": "node_modules/log-symbols/node_modules/strip-ansi" } ] }, { "type": "library", - "name": "loupe", - "version": "2.3.7", - "bom-ref": "loupe@2.3.7", - "author": "Veselin Todorov", - "description": "Inspect utility for Node.js and browsers", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "log-symbols@1.0.2|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", "licenses": [ { "license": { @@ -53497,30 +139366,30 @@ } } ], - "purl": "pkg:npm/loupe@2.3.7", + "purl": "pkg:npm/ansi-regex@2.1.1", "externalReferences": [ { - "url": "git+https://github.com/chaijs/loupe.git", + "url": "git+https://github.com/chalk/ansi-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chaijs/loupe", + "url": "https://github.com/chalk/ansi-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chaijs/loupe/issues", + "url": "https://github.com/chalk/ansi-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cd230834655891da5848e0662e2d03d54a3b254f6755d40aac7c42f1e62557ef5828af5678fa8094bee54a5a2b1bf536170d70d214c199a6bf8eb43751b3c7b4" + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53529,17 +139398,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/loupe" + "value": "node_modules/log-symbols/node_modules/ansi-regex" } ] }, { "type": "library", - "name": "pathval", - "version": "1.1.1", - "bom-ref": "pathval@1.1.1", - "author": "Veselin Todorov", - "description": "Object value retrieval given a string path", + "name": "supports-color", + "version": "2.0.0", + "bom-ref": "log-symbols@1.0.2|supports-color@2.0.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", "licenses": [ { "license": { @@ -53547,30 +139416,30 @@ } } ], - "purl": "pkg:npm/pathval@1.1.1", + "purl": "pkg:npm/supports-color@2.0.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/chaijs/pathval.git", + "url": "git+https://github.com/chalk/supports-color.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chaijs/pathval", + "url": "https://github.com/chalk/supports-color#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chaijs/pathval/issues", + "url": "https://github.com/chalk/supports-color/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "url": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0e9eb31aaa537444dd47ade57a12583de20eaa988d04db5cec1a5648bace8deed4688b04e5a63ddabfc0ba7400eebb17bdeb7796b277267657dbd50f4ca5f229" + "content": "28a355b5dea909880f20a538729dbbdf71d6602a6995085d7592c152bc9a007a2eef6df1f854734390dff36e058fe232cae8904d1a2e6f84a72057c872ba7bd2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53579,17 +139448,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pathval" + "value": "node_modules/log-symbols/node_modules/supports-color" } ] }, { "type": "library", - "name": "colors", - "version": "1.4.0", - "bom-ref": "colors@1.4.0", - "author": "Marak Squires", - "description": "get colors in your node.js console", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "has-ansi@2.0.0|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", "licenses": [ { "license": { @@ -53597,30 +139466,30 @@ } } ], - "purl": "pkg:npm/colors@1.4.0", + "purl": "pkg:npm/ansi-regex@2.1.1", "externalReferences": [ { - "url": "git+ssh://git@github.com/Marak/colors.js.git", + "url": "git+https://github.com/chalk/ansi-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Marak/colors.js", + "url": "https://github.com/chalk/ansi-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Marak/colors.js/issues", + "url": "https://github.com/chalk/ansi-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6be52a4e1e2481983f4a51af7dbcc31e9811bbb00040e9a6a911c99f185164808a1544fdd5bad584d36de7c08c594f4fb016efdcf0c26541db571b83887da6b4" + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53629,48 +139498,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/colors" + "value": "node_modules/has-ansi/node_modules/ansi-regex" } ] }, { "type": "library", - "name": "csv-parse", - "version": "4.16.3", - "bom-ref": "csv-parse@4.16.3", - "author": "David Worms", - "description": "CSV parsing implementing the Node.js `stream.Transform` API", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "chokidar@3.5.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/csv-parse@4.16.3", + "purl": "pkg:npm/glob-parent@5.1.2", "externalReferences": [ { - "url": "git+https://github.com/wdavidw/node-csv-parse.git", + "url": "git+https://github.com/gulpjs/glob-parent.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://csv.js.org/parse/", + "url": "https://github.com/gulpjs/glob-parent#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/wdavidw/node-csv-parse/issues", + "url": "https://github.com/gulpjs/glob-parent/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.16.3.tgz", + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "70ed48ff39b3e30d9d70a1d5be90abec9551bbcfc5ca61b9384a66bec65895c718a253c12e85462941e03687386469057859561840e633204cf934ea45d5bfc2" + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53679,47 +139548,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/csv-parse" + "value": "node_modules/chokidar/node_modules/glob-parent" } ] }, { - "type": "library", - "name": "dotenv", - "version": "16.4.5", - "bom-ref": "dotenv@16.4.5", - "description": "Loads environment variables from .env file", + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "ISC" } } ], - "purl": "pkg:npm/dotenv@16.4.5", + "purl": "pkg:npm/glob-parent@5.1.2", "externalReferences": [ { - "url": "git://github.com/motdotla/dotenv.git", + "url": "git+https://github.com/gulpjs/glob-parent.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/motdotla/dotenv#readme", + "url": "https://github.com/gulpjs/glob-parent#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/motdotla/dotenv/issues", + "url": "https://github.com/gulpjs/glob-parent/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "66674bdabba2f9e07663086c5b38c89d1f0b95db591c60e8435ba01fce69a472b0a541cbee3eeb3744e2f4d0a71a241b85a675d45a51fbb6a8d5d36c99db8d52" + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53728,17 +139598,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/dotenv" + "value": "node_modules/fast-glob/node_modules/glob-parent" } ] }, { "type": "library", - "name": "eslint-config-oclif-typescript", - "version": "1.0.3", - "bom-ref": "eslint-config-oclif-typescript@1.0.3", - "author": "oclif", - "description": "eslint config for Typscript'd oclif", + "name": "lilconfig", + "version": "3.1.1", + "bom-ref": "postcss-load-config@4.0.2|lilconfig@3.1.1", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", "licenses": [ { "license": { @@ -53746,30 +139616,30 @@ } } ], - "purl": "pkg:npm/eslint-config-oclif-typescript@1.0.3", + "purl": "pkg:npm/lilconfig@3.1.1", "externalReferences": [ { - "url": "git+https://github.com/oclif/eslint-config-oclif-typescript.git", + "url": "git+https://github.com/antonk52/lilconfig.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/eslint-config-oclif-typescript", + "url": "https://github.com/antonk52/lilconfig#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/eslint-config-oclif-typescript/issues", + "url": "https://github.com/antonk52/lilconfig/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-config-oclif-typescript/-/eslint-config-oclif-typescript-1.0.3.tgz", + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4de24a5d6050dee28cb73833fbe505356a5ed560b1f267ea46ecd9cb52e2ad112046556feb9e929151b880d65ab79ad13484207c39934be61e6f12b4da47f294" + "content": "3b5f297fb9f2bc74dc92e9cf5825755d4357535a62bb4d72d9bec04c9d29a6452493ca1ca95581ad88c9042c070e30ff65671fcab0343f880a8735868b910835" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -53778,1705 +139648,1015 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript" - }, + "value": "node_modules/postcss-load-config/node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "4.1.3", + "bom-ref": "ts-node@10.9.2|arg@4.1.3", + "author": "Josh Junon", + "description": "Another simple argument parser", + "licenses": [ { - "name": "cdx:npm:package:development", - "value": "true" + "license": { + "id": "MIT" + } } ], - "components": [ - { - "type": "library", - "name": "eslint-plugin", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", - "description": "TypeScript plugin for ESLint", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@4.33.0#packages/eslint-plugin", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "68836203119574e975789c958da5a7fd871502ae068bf628df9a871829ea6d6573eb5837f43d21db7bde63f300d2b14519fc4aed3c92836bb00de36ff89815a6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/eslint-plugin" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "parser", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", - "description": "An ESLint custom parser which leverages TypeScript ESTree", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/parser@4.33.0#packages/parser", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.33.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "66885db1b5da76318148ad3fafe77ced7d120662b33aae3f4b99f32ba481809b29168f7f0940c9ee18dacaecdef892bb09940b0ccae8ab2b69ee939c14a4f164" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/parser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "scope-manager", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", - "description": "TypeScript scope analyser for ESLint", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/scope-manager" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "types", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", - "description": "Types for the TypeScript-ESTree AST spec", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/types" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "visitor-keys", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", - "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-visitor-keys", - "version": "2.1.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/eslint-visitor-keys@2.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint", - "version": "7.32.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", - "author": "Nicholas C. Zakas", - "description": "An AST-based pattern checker for JavaScript.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint@7.32.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://eslint.org", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint/issues/", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "54767c817f840dfcfef7b8c6720c860b24626bf74f39de9787dc8fbfc065d7e4a8688c03f9afef96b3a6191532398bbb33052173b0b1a9e683654d774b8f84a4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "ignore", - "version": "4.0.6", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", - "author": "kael", - "description": "Ignore is a manager and filter for .gitignore rules.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ignore@4.0.6", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kaelzhang/node-ignore#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kaelzhang/node-ignore/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint/node_modules/ignore" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - } - ] - }, - { - "type": "library", - "name": "code-frame", - "group": "@babel", - "version": "7.12.11", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", - "author": "Sebastian McKenzie", - "description": "Generate errors that contain a code frame that point to source locations.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/code-frame@7.12.11#packages/babel-code-frame", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://babeljs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "66dd72a1d071d5473289e3cc4a45a753884faa1c2aee11a2da714bd4b780dc4525faad8b431d7a3084a0274fb3edd9e682f3fd42d2257ae11318e88e1f545c23" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@babel/code-frame" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslintrc", - "group": "@eslint", - "version": "0.4.3", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", - "author": "Nicholas C. Zakas", - "description": "The legacy ESLintRC config file format for ESLint", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40eslint/eslintrc@0.4.3", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslintrc.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/eslintrc#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslintrc/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "27a285173e50098509ab7a5fd268c47022551116f3bfbd4f5080dccee87d264c0613371e77a08ee400cb1c1d6b6dfffea0f06da0f7cc60d3a9183cc200d95b5f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "ignore", - "version": "4.0.6", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", - "author": "kael", - "description": "Ignore is a manager and filter for .gitignore rules.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ignore@4.0.6", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kaelzhang/node-ignore#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kaelzhang/node-ignore/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc/node_modules/ignore" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - } - ] - }, - { - "type": "library", - "name": "ajv", - "version": "6.12.6", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", - "author": "Evgeny Poberezkin", - "description": "Another JSON Schema Validator", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ajv@6.12.6", - "externalReferences": [ - { - "url": "git+https://github.com/ajv-validator/ajv.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ajv-validator/ajv", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ajv-validator/ajv/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/ajv" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "espree", - "version": "7.3.1", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", - "author": "Nicholas C. Zakas", - "description": "An Esprima-compatible JavaScript parser built on Acorn", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/espree@7.3.1", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/espree.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/espree", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/eslint/espree.git", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bf724234213ae2e9a41699a4146ab354ab0e4f4b4dd59afeb9ea8b65fa55d4e6fc7be08480f59af8ec42a061f7b6786298c2886819b89bfbda46927f92b473da" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "eslint-visitor-keys", - "version": "1.3.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/eslint-visitor-keys@1.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree/node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - } - ] - }, - { - "type": "library", - "name": "js-yaml", - "version": "3.14.1", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", - "author": "Vladimir Zapparov", - "description": "YAML 1.2 parser and serializer", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/js-yaml@3.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/nodeca/js-yaml.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/nodeca/js-yaml", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/nodeca/js-yaml/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/js-yaml" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minimatch@3.1.2", - "externalReferences": [ - { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/minimatch" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, + "purl": "pkg:npm/arg@4.1.3", + "externalReferences": [ { - "type": "library", - "name": "config-array", - "group": "@humanwhocodes", - "version": "0.5.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", - "author": "Nicholas C. Zakas", - "description": "Glob-based configuration matching.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40humanwhocodes/config-array@0.5.0", - "externalReferences": [ - { - "url": "git+https://github.com/humanwhocodes/config-array.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/humanwhocodes/config-array#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/humanwhocodes/config-array/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "15a82d285cfbe17ad397bcba1c2cd0a700df5cfd328717bd9472c3d546718ef64871bc91cfccd3145ff260d7d27f3538d78783c19d52aced10bedc9ffb014c42" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/config-array" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git+https://github.com/zeit/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "object-schema", - "group": "@humanwhocodes", - "version": "1.2.1", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", - "author": "Nicholas C. Zakas", - "description": "An object schema merger/validator", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/%40humanwhocodes/object-schema@1.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/humanwhocodes/object-schema.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/humanwhocodes/object-schema#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/humanwhocodes/object-schema/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "66740c9cb5787bb843954bf0f07f94f0048bd36492d869fafbd01cdf01862c87bbfa37b601e00ec4f63e8b320f2437c50dbede0e37afd14b3c30ed6215137c84" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/object-schema" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/zeit/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "json-schema-traverse", - "version": "0.4.1", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", - "author": "Evgeny Poberezkin", - "description": "Traverse JSON Schema passing each schema object to callback", - "licenses": [ + "url": "https://github.com/zeit/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "MIT" - } + "alg": "SHA-512", + "content": "e7c4bd403a86d17c76ed8c0f4adf5f2718af8d8978df6602c1f0cc7d9fbbd5102a52b65e7fb2eb2906772c72cec024b814b341a653f9df7671f3de5278e087bc" } ], - "purl": "pkg:npm/json-schema-traverse@0.4.1", - "externalReferences": [ - { - "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/epoberezkin/json-schema-traverse#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/epoberezkin/json-schema-traverse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node/node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "4.1.1", + "bom-ref": "sucrase@3.35.0|commander@4.1.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "34e2a6f31864cc08f3171f01dafe4e0074febb9a5141cd9409ad95abd8d82ffdf5a36c22f66c4103b2c816cdec5795520b8f73ea91217db3142ef4a12a3dba58" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/json-schema-traverse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "sucrase@3.35.0|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "eslint-scope", - "version": "5.1.1", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", - "description": "ECMAScript scope analyzer for ESLint", - "licenses": [ + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "BSD-2-Clause" - } + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" } ], - "purl": "pkg:npm/eslint-scope@5.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-scope.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "http://github.com/eslint/eslint-scope", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-scope/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "sucrase@3.35.0|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-scope" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "foreground-child@3.1.1|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "estraverse", - "version": "4.3.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0", - "description": "ECMAScript JS AST traversal functions", - "licenses": [ + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "BSD-2-Clause" - } + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" } ], - "purl": "pkg:npm/estraverse@4.3.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/estools/estraverse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/estools/estraverse", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/estools/estraverse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child/node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "1e72ce091def8dc63c6dea0d2ed723679fe7c67d9a7e6304ea586b0eb79ba24a8c6a9f976de5bc9fd4d7a4f0cea9d18ae6a708de84f418a4d6eb00bb10c895a8" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/estraverse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "eslint-utils", - "version": "2.1.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", - "author": "Toru Nagashima", - "description": "Utilities for ESLint plugins.", - "licenses": [ + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "MIT" - } + "alg": "SHA-512", + "content": "2f5f03689b17494936fb8da9bfc98bb398c94f686a164144e23db5c0e9a06d4aac67684bef636c514efce60f515e0a37b3464d815978d93887a7766d3affd5ca" } ], - "purl": "pkg:npm/eslint-utils@2.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/mysticatea/eslint-utils.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mysticatea/eslint-utils#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mysticatea/eslint-utils/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "8aae9e55523ae274104d162ad8ab44836776b94ecb125853270b07e18cc81d9b21c658199acff021ce15a03413946fc8bd522b04a1b4e82ad99e9d2abfb86471" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "eslint-visitor-keys", - "version": "1.3.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/eslint-visitor-keys@1.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils/node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "acorn", - "version": "7.4.1", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", - "description": "ECMAScript parser", - "licenses": [ + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "MIT" - } + "alg": "SHA-512", + "content": "9f933ce797ca6f64ac7cc222145a15ac0047242f10b47c15c7e98758fdd0704a811d889e9e3e5d1d28236f1b42d161195d8b78c1c0faceb4049433e116e6607c" } ], - "purl": "pkg:npm/acorn@7.4.1", - "externalReferences": [ - { - "url": "git+https://github.com/acornjs/acorn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/acornjs/acorn", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/acornjs/acorn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9d0ca9d28d7f98d75b4ced4f3ba9079304ab9a0674313fe3082a4d8b06d48c6a11378765061a89b6842e0a710e2b3813570834656882a10cba4b131e6d0561f0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "b22ed0588eb350cab9e9b11216f6a0b66ccc7463ada317d1f927b3d753286df73bb66f9591472493d6d6d9479f7d319551b3a4b31992c34000da0b3c83bd4d09" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/acorn" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "glob-parent", - "version": "5.1.2", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", - "author": "Gulp Team", - "description": "Extract the non-magic parent path from a glob string.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/glob-parent@5.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/gulpjs/glob-parent.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/gulpjs/glob-parent#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/gulpjs/glob-parent/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/glob-parent" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "argparse", - "version": "1.0.10", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", - "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/argparse@1.0.10", - "externalReferences": [ - { - "url": "git+https://github.com/nodeca/argparse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/nodeca/argparse#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/nodeca/argparse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "6cdefdf2015f417faf8b0dd1ef2ac6591aa7acdda84641245238e5e09367e04f06c716e3b46dc56eb108218de5f3f86bc14c0878266f8b842e3933f8304ad5ba" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/argparse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.0", + "bom-ref": "path-scurry@1.10.2|lru-cache@10.2.0", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "sprintf-js", - "version": "1.0.3", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3", - "author": "Alexandru Marasteanu", - "description": "JavaScript sprintf implementation", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/sprintf-js@1.0.3", - "externalReferences": [ - { - "url": "git+https://github.com/alexei/sprintf.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/alexei/sprintf.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/alexei/sprintf.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "d9b20cf31f9501fe894f86ca0258d2d6a51680cb2a6513c6252e8549a84830f56f72d70d872569ec026eeeabb1396f63c24af205178a658e6d639258bf69ffed" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/sprintf-js" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "path-scurry@1.10.2|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", - "licenses": [ + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "MIT" - } + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" } ], - "purl": "pkg:npm/brace-expansion@1.1.11", - "externalReferences": [ - { - "url": "git://github.com/juliangruber/brace-expansion.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.3.0", + "bom-ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "84e5e5171f98724949f245e20807e4fc5332af83e6f5c938efb1b49bfbacdb7e3856e8f7e79229a040c1e5498602c4a94c19abfb86618f35b4e09b855e46ff7f" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/brace-expansion" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "14.1.0", + "bom-ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@14.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "typescript-estree", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", - "description": "A parser that converts TypeScript source code into an ESTree compatible form", - "licenses": [ + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "BSD-2-Clause" - } + "alg": "SHA-512", + "content": "7e5c08f95826e1212539b1553e94c84fb494ed1dea9362fb3f276e31ca2489a54ab96bfd77f53e1a6fd001df0d0cbbb291359391cae339e0f63e9d6b31e0531b" } ], - "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "3.1.4", + "bom-ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "e8388ce04eefe1ca13138bb303c53ffd686d3f0ca18a29b77b28c43050a7529cdbae42bdc091e02834f6991f876ed4ab77f36e6d56984cea52a63525f0d41e46" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/typescript-estree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "tw-elements@1.1.0|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "eslint-config-xo-space", - "version": "0.29.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", - "author": "Sindre Sorhus", - "description": "ESLint shareable config for XO with 2-space indent", - "licenses": [ + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "MIT" - } + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" } ], - "purl": "pkg:npm/eslint-config-xo-space@0.29.0", - "externalReferences": [ - { - "url": "git+https://github.com/xojs/eslint-config-xo-space.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/xojs/eslint-config-xo-space#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/xojs/eslint-config-xo-space/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.0", + "bom-ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.29.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7a65195478e6ce5dc8d5a3b633fda0129a9afc61d74e5ecb17fbd07805f85be990214fb6932a98f7b16432749cd89f0eb28abebc2497098fc78c552614817f02" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "d0391a9aaacf7269010ec2e7faf40322bb6449b364bf9003fccdf6db24a8f64a85902218925ca6db11265a4c28f98dffa99a37e2dcc43cd530e32ef230276fe7" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo-space" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "express@4.19.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "eslint-config-xo", - "version": "0.38.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", - "author": "Sindre Sorhus", - "description": "ESLint shareable config for XO", - "licenses": [ + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "MIT" - } + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" } ], - "purl": "pkg:npm/eslint-config-xo@0.38.0", - "externalReferences": [ - { - "url": "git+https://github.com/xojs/eslint-config-xo.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/xojs/eslint-config-xo#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/xojs/eslint-config-xo/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "express@4.19.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.38.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1b68cbf95c9f91c656f06a139aa2ec131beb5acb0179d4a8690435d6fca17e50de4f772c31d055a743a7f805628eb46ebe09a459e0f0c142f9463d2a0d11caea" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/ms" } ] }, { "type": "library", - "name": "experimental-utils", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0", - "description": "(Experimental) Utilities for working with TypeScript + ESLint together", + "name": "fast-xml-parser", + "version": "3.21.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "author": "Amit Gupta", + "description": "Validate XML or Parse XML to JS/JSON very fast without C/C++ based libraries", "licenses": [ { "license": { @@ -55484,30 +140664,30 @@ } } ], - "purl": "pkg:npm/%40typescript-eslint/experimental-utils@4.33.0#packages/experimental-utils", + "purl": "pkg:npm/fast-xml-parser@3.21.1", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/experimental-utils", + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.33.0.tgz", + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cde4233a8112e491634e7021239418ed9be27333330e9b65b35e4616c23a8f250eab490e7fdf96a27921b652218744601d19ea8f981d3715b98f512f032620e9" + "content": "1531558d8a013994c97a4894b1ac06b12615f502f403ecc3602463ef2df820ee8983ed8831812d41af9b6e272da5da55f1d1f15f2c2a53b0b48110c4385b4116" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -55516,399 +140696,365 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils" - }, + "value": "node_modules/@mitre/inspec-objects/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "7.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ { - "name": "cdx:npm:package:development", - "value": "true" + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/htmlparser2@7.2.0", + "externalReferences": [ { - "type": "library", - "name": "scope-manager", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", - "description": "TypeScript scope analyser for ESLint", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "types", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", - "description": "Types for the TypeScript-ESTree AST spec", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "visitor-keys", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", - "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "eslint-visitor-keys", - "version": "2.1.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/eslint-visitor-keys@2.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "1fb308980e0c4ba730ee76f2511b4b3ced539acec2e47eb4d8b4444eff79cf53313bfec23fbac355139e85461e60151810e37de0d5d70c43e666eabe857e2ca2" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "4.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "typescript-estree", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", - "description": "A parser that converts TypeScript source code into an ESTree compatible form", - "licenses": [ + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "BSD-2-Clause" - } + "alg": "SHA-512", + "content": "1abc28c5837eb969733bcba1517465d0ffa41c4e06b553df63354b714c4f2fb28d7472a3ebabef9618b07881ea6185d6970f93f222cca78d8b9baee0870e1631" } ], - "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "2.8.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@2.8.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "c3de828e87e9ef63392088698e0a1b06299811fa0f8f1d55c740525fd3f7d1605d656d9620a5344f505dd24cf678d67d8a48ca8076c4c8ac7c041e87d4bde1dc" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "1.4.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@1.4.1", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-renderer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "eslint-scope", - "version": "5.1.1", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", - "description": "ECMAScript scope analyzer for ESLint", - "licenses": [ + "url": "https://github.com/cheeriojs/dom-renderer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "BSD-2-Clause" - } + "alg": "SHA-512", + "content": "547c01dca7eb70e3a47a5106d9939fc6a2d975f92297c3ed262e0ff0dd8c317b9c66adb22e9ef90a5562525395c32a071038d8538df702afb9cd63fad7e4466a" } ], - "purl": "pkg:npm/eslint-scope@5.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-scope.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "http://github.com/eslint/eslint-scope", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-scope/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "3.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "5a2c81aa8a26af031d146d5ed24aaf01261f9e56f4969f0ce68e45c36385ab584d671c5c364f089345e6ecbc73061ba2767641fd4b41a950a0533de404e3f9d5" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-scope" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@28.1.3#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "estraverse", - "version": "4.3.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0", - "description": "ECMAScript JS AST traversal functions", - "licenses": [ + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "BSD-2-Clause" - } + "alg": "SHA-512", + "content": "378193e689fc5246601f43b92d46af3115751031213532f42847d198321e647495ee9d9780ba18f6df550d480bea8fb27dd8181d5c6ecfcd46f2807d546e6ec8" } ], - "purl": "pkg:npm/estraverse@4.3.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/estools/estraverse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/estools/estraverse", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/estools/estraverse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@28.1.3#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-28.1.3.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "088281ae568a3b303b606d7d044a82c3748b22c1308d991e2737f96dda285675b86c7e5c92da9edc95fe1b6615d5a2b9bcff0df676b5206585cd8693a7a93a34" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/estraverse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/core" } ] }, { "type": "library", - "name": "json-schema", - "group": "@types", - "version": "7.0.15", - "bom-ref": "@types/json-schema@7.0.15", - "description": "TypeScript definitions for json-schema", + "name": "console", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", "licenses": [ { "license": { @@ -55916,30 +141062,30 @@ } } ], - "purl": "pkg:npm/%40types/json-schema@7.0.15#types/json-schema", + "purl": "pkg:npm/%40jest/console@28.1.3#packages/jest-console", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-schema", + "url": "git+https://github.com/facebook/jest.git#packages/jest-console", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "url": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e7e7cff0ff0c14d0be0326420f1ac1da991914f1b3a90594ce949ebae54bbe6f1531ca2b3586af06aa057312bc6d0cf842c6e7e2850411e9b8c032df732b061c" + "content": "40f0243f913029d2bf6f122be82d48e15b34ae6da71e200dce3fd9e57d89424ad9a3a22abc2e25759f4af79b45d0776276103c068e9e8314b35053d829c1172f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -55948,21 +141094,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/json-schema" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/console" } ] }, { - "type": "library", - "name": "tsutils", - "version": "3.21.0", - "bom-ref": "tsutils@3.21.0", - "author": "Klaus Meinhardt", - "description": "utilities for working with typescript's AST", + "type": "library", + "name": "types", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", "licenses": [ { "license": { @@ -55970,30 +141111,30 @@ } } ], - "purl": "pkg:npm/tsutils@3.21.0", + "purl": "pkg:npm/%40jest/types@28.1.3#packages/jest-types", "externalReferences": [ { - "url": "git+https://github.com/ajafff/tsutils.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-types", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/ajafff/tsutils#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ajafff/tsutils/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", + "url": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "98728ade25172fedd417ac4be64d0f12129150128f042bfff919043a98d15b1c71dbb28a4419a603ad00f6980e52f322f062a144c3c49a30513f3b365bb3b538" + "content": "4728e2c8c519acacff73ece53053b5a66ef40dc225493f007964e4a147597af7b0e38c1c359407b0454e88256d8159e51450fcd853da5f2732b39f1c7f69ae55" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -56002,107 +141143,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tsutils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "tsutils@3.21.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", - "licenses": [ - { - "license": { - "id": "0BSD" - } - } - ], - "purl": "pkg:npm/tslib@1.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/Microsoft/tslib.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://www.typescriptlang.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Microsoft/TypeScript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tsutils/node_modules/tslib" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/types" } ] }, { "type": "library", - "name": "esrecurse", - "version": "4.3.0", - "bom-ref": "esrecurse@4.3.0", - "description": "ECMAScript AST recursive visitor", + "name": "jest-message-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/esrecurse@4.3.0", + "purl": "pkg:npm/jest-message-util@28.1.3#packages/jest-message-util", "externalReferences": [ { - "url": "git+https://github.com/estools/esrecurse.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-message-util", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/estools/esrecurse", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/estools/esrecurse/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2a67ca2f76fa1be457bcff0dd6faf74ead642ffa021609f63585c4b6a3fcfcbde929aa540381bc70555aa05dd2537db7083e17ca947f7df8a81e692d8bafd36a" + "content": "3c5767f487b06ede7be7328f7f5dbce87b7d10fa099984fb3f4918f9189b7986765ed3abe77a432c41684d65db7758782621a25a94c10bce1f73cc4c5d031bee" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -56111,21 +141191,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/esrecurse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-message-util" } ] }, { "type": "library", - "name": "eslint-utils", - "version": "3.0.0", - "bom-ref": "eslint-utils@3.0.0", - "author": "Toru Nagashima", - "description": "Utilities for ESLint plugins.", + "name": "jest-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", "licenses": [ { "license": { @@ -56133,30 +141207,30 @@ } } ], - "purl": "pkg:npm/eslint-utils@3.0.0", + "purl": "pkg:npm/jest-util@28.1.3#packages/jest-util", "externalReferences": [ { - "url": "git+https://github.com/mysticatea/eslint-utils.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-util", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/mysticatea/eslint-utils#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mysticatea/eslint-utils/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", + "url": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bae402e3720672dc3af29240d5181b412f3f34feeb721e82c1de23dd906d828e3ff05963e1e184ed96126513778aae69554bfa18f756e59d511657a8f38b8b0c" + "content": "5dda9fa47c29712464a3f0b7e6e2d814cd9e991025b4820a66227d7809a18ec8f40aa64c6b4a7589bd11e5f588a86867d5ad74dc379b4dba6a21a3f5a8243ab5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -56165,78 +141239,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-utils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "eslint-visitor-keys", - "version": "2.1.0", - "bom-ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/eslint-visitor-keys@2.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-utils/node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-util" } ] }, { "type": "library", - "name": "highlight", - "group": "@babel", - "version": "7.24.2", - "bom-ref": "@babel/highlight@7.24.2", - "author": "The Babel Team", - "description": "Syntax highlight JavaScript strings for output in terminals.", + "name": "reporters", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "description": "Jest's reporters", "licenses": [ { "license": { @@ -56244,30 +141257,30 @@ } } ], - "purl": "pkg:npm/%40babel/highlight@7.24.2#packages/babel-highlight", + "purl": "pkg:npm/%40jest/reporters@28.1.3#packages/jest-reporters", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-highlight", + "url": "git+https://github.com/facebook/jest.git#packages/jest-reporters", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://babel.dev/docs/en/next/babel-highlight", + "url": "https://jestjs.io/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "61a7356a8e1f9644f14ed7820d92c4bddc60d9f65fcf5bfc338429686ca9abf58f0ea8378a31d86c37ecf8b1b986fcd2a2a69267dfd9f652923f70a3663bfea4" + "content": "26e032ef093141954d53f57a83dc4acc2182e4b557c7d14370004ab125e9e4c88a3c4136d78e1afef5d3103a32ce352964a7d5c29d3c5aa83903859f4cc0338e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -56276,368 +141289,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight" - } - ], - "components": [ - { - "type": "library", - "name": "chalk", - "version": "2.4.2", - "bom-ref": "@babel/highlight@7.24.2|chalk@2.4.2", - "description": "Terminal string styling done right", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/chalk@2.4.2", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/chalk.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/chalk#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/chalk/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/chalk" - } - ] - }, - { - "type": "library", - "name": "ansi-styles", - "version": "3.2.1", - "bom-ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-styles@3.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-styles.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-styles#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-styles/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/ansi-styles" - } - ] - }, - { - "type": "library", - "name": "color-convert", - "version": "1.9.3", - "bom-ref": "@babel/highlight@7.24.2|color-convert@1.9.3", - "author": "Heather Arthur", - "description": "Plain color conversion functions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/color-convert@1.9.3", - "externalReferences": [ - { - "url": "git+https://github.com/Qix-/color-convert.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Qix-/color-convert#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Qix-/color-convert/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/color-convert" - } - ] - }, - { - "type": "library", - "name": "color-name", - "version": "1.1.3", - "bom-ref": "@babel/highlight@7.24.2|color-name@1.1.3", - "author": "DY", - "description": "A list of color names and its values", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/color-name@1.1.3", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/dfcreative/color-name.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/dfcreative/color-name", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/dfcreative/color-name/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/color-name" - } - ] - }, - { - "type": "library", - "name": "escape-string-regexp", - "version": "1.0.5", - "bom-ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/escape-string-regexp@1.0.5", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/escape-string-regexp" - } - ] - }, - { - "type": "library", - "name": "supports-color", - "version": "5.5.0", - "bom-ref": "@babel/highlight@7.24.2|supports-color@5.5.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/supports-color@5.5.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/supports-color" - } - ] - }, - { - "type": "library", - "name": "has-flag", - "version": "3.0.0", - "bom-ref": "@babel/highlight@7.24.2|has-flag@3.0.0", - "author": "Sindre Sorhus", - "description": "Check if argv has a specific flag", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/has-flag@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/has-flag.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/has-flag#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/has-flag/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/has-flag" - } - ] + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/reporters" } ] }, { "type": "library", - "name": "globals", - "version": "13.24.0", - "bom-ref": "globals@13.24.0", - "author": "Sindre Sorhus", - "description": "Global identifiers from different JavaScript environments", + "name": "test-result", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", "licenses": [ { "license": { @@ -56645,30 +141306,30 @@ } } ], - "purl": "pkg:npm/globals@13.24.0", + "purl": "pkg:npm/%40jest/test-result@28.1.3#packages/jest-test-result", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/globals.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-result", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/globals#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/globals/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0213b9414723f2596b6c6d3d89684f536076d38275c673de2fc910995a2b4accbe4a38f5b24f2023287a714a1c1a61f82f452e840272fa124c440e26800e2615" + "content": "919024c67484f85a84f188d6f2036ea159240bd23b4b5aa67a797cb0670338bae8a4048ff8191c18ac215e8caa42e18e19e618d32fe2c63addfe2111a445c736" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -56677,105 +141338,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/globals" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "type-fest", - "version": "0.20.2", - "bom-ref": "globals@13.24.0|type-fest@0.20.2", - "author": "Sindre Sorhus", - "description": "A collection of essential TypeScript types", - "licenses": [ - { - "expression": "(MIT OR CC0-1.0)" - } - ], - "purl": "pkg:npm/type-fest@0.20.2", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/type-fest.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/type-fest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/type-fest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "35ef9e138af4fe25a7a40c43f39db3dc0f8dd01b7944dfff36327045dd95147126af2c317f9bec66587847a962c65e81fb0cfff1dfa669348090dd452242372d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/globals/node_modules/type-fest" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-result" } ] }, { "type": "library", - "name": "doctrine", - "version": "3.0.0", - "bom-ref": "doctrine@3.0.0", - "description": "JSDoc parser", + "name": "transform", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/doctrine@3.0.0", + "purl": "pkg:npm/%40jest/transform@28.1.3#packages/jest-transform", "externalReferences": [ { - "url": "git+https://github.com/eslint/doctrine.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-transform", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/eslint/doctrine", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/doctrine/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "url": "https://registry.npmjs.org/@jest/transform/-/transform-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c92f90e62de105fec6064778286f1aede04d3563462d3684c306165228c860cef3ae56033340455c78e33d6956675460ed469d7597880e68bd8c5dc79aa890db" + "content": "bb9753e5d8bea0523a85f70b38719301f994c4546b8cafaf9da3f4924568c3d31dfcced5fccc6a40c3b3fd5576e5464ef29cde03d3e37d3a4ebba043bb048f40" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -56784,52 +141387,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/doctrine" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/transform" } ] }, { "type": "library", - "name": "enquirer", - "version": "2.4.1", - "bom-ref": "enquirer@2.4.1", - "author": "Jon Schlinkert", - "description": "Stylish, intuitive and user-friendly prompt system. Fast and lightweight enough for small projects, powerful and extensible enough for the most advanced use cases.", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/enquirer@2.4.1", + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", "externalReferences": [ { - "url": "git+https://github.com/enquirer/enquirer.git", + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/enquirer/enquirer", + "url": "https://istanbul.js.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/enquirer/enquirer/issues", + "url": "https://github.com/istanbuljs/istanbuljs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ad1a8983fea0779dfc547bd1dcf4ab75105bff5572d987f31eacef6e11884290d12886b816057fe786f9435c584b138ec0abe35f0792dba13443e9c0330a76a5" + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -56838,21 +141437,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/enquirer" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument" } ] }, { "type": "library", - "name": "ansi-colors", - "version": "4.1.1", - "bom-ref": "ansi-colors@4.1.1", - "author": "Brian Woodward", - "description": "Easily add ANSI colors to your text and symbols in the terminal. A faster drop-in replacement for chalk, kleur and turbocolor (without the dependencies and rendering bugs).", + "name": "jest-worker", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", "licenses": [ { "license": { @@ -56860,30 +141453,30 @@ } } ], - "purl": "pkg:npm/ansi-colors@4.1.1", + "purl": "pkg:npm/jest-worker@28.1.3#packages/jest-worker", "externalReferences": [ { - "url": "git+https://github.com/doowb/ansi-colors.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-worker", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/doowb/ansi-colors", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/doowb/ansi-colors/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2685f46a919b1da50904d97ac85fa9e89005619ebaebf86108628de6df501636c940a514fe0f0c35b1436ef7eb80a5ef23542966994f3a7c08a3df655ff00098" + "content": "0aa440db6d1857fea30a8f155af02dd4a2b1e9e7a4d5520730f78b11ba5c7d27e411e5b204da69ca733fa3aabe5a6c3eb0e868b369a5df8c196d25f71b5dfffe" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -56892,20 +141485,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ansi-colors" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-worker" } ] }, { "type": "library", - "name": "acorn-jsx", - "version": "5.3.2", - "bom-ref": "acorn-jsx@5.3.2", - "description": "Modern, fast React.js JSX parser", + "name": "convert-source-map", + "version": "1.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", "licenses": [ { "license": { @@ -56913,30 +141503,30 @@ } } ], - "purl": "pkg:npm/acorn-jsx@5.3.2", + "purl": "pkg:npm/convert-source-map@1.9.0", "externalReferences": [ { - "url": "git+https://github.com/acornjs/acorn-jsx.git", + "url": "git://github.com/thlorenz/convert-source-map.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/acornjs/acorn-jsx", + "url": "https://github.com/thlorenz/convert-source-map", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/acornjs/acorn-jsx/issues", + "url": "https://github.com/thlorenz/convert-source-map/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aeaf6cf893617f4202863b435f196527b838d68664e52957b69d0b1f0c80e5c7a3c27eef2a62a9e293eb8ba60478fbf63d4eb9b00b1e81b5ed2229e60c50d781" + "content": "012141ba9d0ccf5bb28888c035a9f58f32d06a68bdcf53e86126428a2616d857333db7a75dce3915974164bcce4feafafa2722b8432876d982b62fa18da024d0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -56945,52 +141535,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/acorn-jsx" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/convert-source-map" } ] }, { "type": "library", - "name": "esquery", - "version": "1.5.0", - "bom-ref": "esquery@1.5.0", - "author": "Joel Feenstra", - "description": "A query library for ECMAScript AST using a CSS selector like query language.", + "name": "jest-haste-map", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/esquery@1.5.0", + "purl": "pkg:npm/jest-haste-map@28.1.3#packages/jest-haste-map", "externalReferences": [ { - "url": "git+https://github.com/estools/esquery.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-haste-map", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/estools/esquery/", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/estools/esquery/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6102d7529940c09802c9d43bf08309cb064271ea2a935a07d3538445d48025cffb5360329708e14822c312dab083cd7589d212ffd7c85391a31bbdc882328c56" + "content": "dd2f914160d771c5c32925a79076bf74fc2dfb6ab003c089cd1eb5c37168602be8a373e7f2dbc6732b26305d018f4117e5162f008d8422f0b9ece9a8b5f76d28" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -56999,51 +141583,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/esquery" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-haste-map" } ] }, { "type": "library", - "name": "esutils", - "version": "2.0.3", - "bom-ref": "esutils@2.0.3", - "description": "utility box for ECMAScript language tools", + "name": "jest-regex-util", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/esutils@2.0.3", + "purl": "pkg:npm/jest-regex-util@28.0.2#packages/jest-regex-util", "externalReferences": [ { - "url": "git+ssh://git@github.com/estools/esutils.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-regex-util", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/estools/esutils", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/estools/esutils/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea" + "content": "e2cd08832348cb4cbd14af9c8e8558a316a64fb65ea3b321cea446c7b6036266909f5c2e718f6ba2d886901cf370c5d3b63ac200ffdfedff84d05efe7f13cd77" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57052,21 +141631,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/esutils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-regex-util" } ] }, { "type": "library", - "name": "file-entry-cache", - "version": "6.0.1", - "bom-ref": "file-entry-cache@6.0.1", - "author": "Roy Riojas", - "description": "Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", "licenses": [ { "license": { @@ -57074,30 +141649,30 @@ } } ], - "purl": "pkg:npm/file-entry-cache@6.0.1", + "purl": "pkg:npm/ci-info@3.9.0", "externalReferences": [ { - "url": "git+https://github.com/royriojas/file-entry-cache.git", + "url": "git+https://github.com/watson/ci-info.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/royriojas/file-entry-cache#readme", + "url": "https://github.com/watson/ci-info", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/royriojas/file-entry-cache/issues", + "url": "https://github.com/watson/ci-info/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ec6a6cfd75b299b2e4d902d82b8373a4c3ab623321748c57b88bf2d9006c2c4ea58eea1d2af7645acfdca72249dc25485691f43a2d47be0d68bdb3332dd14106" + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57106,21 +141681,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/file-entry-cache" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/ci-info" } ] }, { "type": "library", - "name": "functional-red-black-tree", - "version": "1.0.1", - "bom-ref": "functional-red-black-tree@1.0.1", - "author": "Mikola Lysenko", - "description": "A fully persistent balanced binary search tree", + "name": "jest-changed-files", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", "licenses": [ { "license": { @@ -57128,30 +141697,30 @@ } } ], - "purl": "pkg:npm/functional-red-black-tree@1.0.1", + "purl": "pkg:npm/jest-changed-files@28.1.3#packages/jest-changed-files", "externalReferences": [ { - "url": "git://github.com/mikolalysenko/functional-red-black-tree.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-changed-files", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/mikolalysenko/functional-red-black-tree#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mikolalysenko/functional-red-black-tree/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "76c28d40d763eb10374fe4250030c0ee6392957d2a88c20d8e7d1c82bf9e1871ac6d21f34da6dc228833dbea7f8aa3f55ece843ffb12d926ea1fe6eb1936ead2" + "content": "7ac68e7d45895e4da77d9b7d48fc82f2003590d7dd28b9105b2cec325aaaf26b184a534a7e66717d18199f809de0c195505fbbbfa741b347794ce00a6bb88888" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57160,21 +141729,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/functional-red-black-tree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-changed-files" } ] }, { "type": "library", - "name": "imurmurhash", - "version": "0.1.4", - "bom-ref": "imurmurhash@0.1.4", - "author": "Jens Taylor", - "description": "An incremental implementation of MurmurHash3", + "name": "jest-config", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", "licenses": [ { "license": { @@ -57182,30 +141745,30 @@ } } ], - "purl": "pkg:npm/imurmurhash@0.1.4", + "purl": "pkg:npm/jest-config@28.1.3#packages/jest-config", "externalReferences": [ { - "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-config", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jensyt/imurmurhash-js", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jensyt/imurmurhash-js/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "url": "https://registry.npmjs.org/jest-config/-/jest-config-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2665cc67ac2ebc398b88712697dca4cea3ba97015ba1fd061b822470668435d0910c398c5679f2eece47b0880709b6aad30d8cc8f843aa48535204b62d4d8f1c" + "content": "306dc836307227427802c3419bb4f786cbb1290a85222468fc052a6f5abd2d1288e5453a01aafd2476ebf48be7d535707d40fd2a2ad1a0cfd3eaef1795c40f1d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57214,17 +141777,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/imurmurhash" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-config" } ] }, { "type": "library", - "name": "json-stable-stringify-without-jsonify", - "version": "1.0.1", - "bom-ref": "json-stable-stringify-without-jsonify@1.0.1", - "author": "James Halliday", - "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies", + "name": "test-sequencer", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", "licenses": [ { "license": { @@ -57232,30 +141794,30 @@ } } ], - "purl": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", + "purl": "pkg:npm/%40jest/test-sequencer@28.1.3#packages/jest-test-sequencer", "externalReferences": [ { - "url": "git://github.com/samn/json-stable-stringify.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-sequencer", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/samn/json-stable-stringify", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/samn/json-stable-stringify/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "05d6e8cbe97bb40dce196e858f21475a43f92ee0728f54e4df72e3caad1ac72cdd93dfff2528b6bb77cfd504a677528dc2ae9538a606940bbcec28ac562afa3f" + "content": "34830f12aa9ae7d3169c38b592f5d7a586eab1f426489b086e777ce667551a48837d0f564104d738bb2f21251fa279a7053fb0f395848277828a01047470c5c7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57264,21 +141826,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-stable-stringify-without-jsonify" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-sequencer" } ] }, { "type": "library", - "name": "levn", - "version": "0.4.1", - "bom-ref": "levn@0.4.1", - "author": "George Zahariev", - "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", + "name": "babel-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "description": "Jest plugin to use babel for transformation.", "licenses": [ { "license": { @@ -57286,30 +141843,30 @@ } } ], - "purl": "pkg:npm/levn@0.4.1", + "purl": "pkg:npm/babel-jest@28.1.3#packages/babel-jest", "externalReferences": [ { - "url": "git://github.com/gkz/levn.git", + "url": "git+https://github.com/facebook/jest.git#packages/babel-jest", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/gkz/levn", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/gkz/levn/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f9b4f6b87e04e4b184ee1fe7ddebdc4bfb109495c2a48a7aca6f0e589e5e57afbaec3b2a97f2da693eea24102ddabcdfa1aff94011818710e2c7574cb7691029" + "content": "7a951a3ce116324ddc597d0cfec3ef0871c27bd7cc1406bff615c480a3fc9c57cd97f8e51a413db9cabd36a9191972c376e089612d14bd294f5300b44beac7e9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57318,21 +141875,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/levn" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-jest" } ] }, { "type": "library", - "name": "lodash.merge", - "version": "4.6.2", - "bom-ref": "lodash.merge@4.6.2", - "author": "John-David Dalton", - "description": "The Lodash method `_.merge` exported as a module.", + "name": "jest-circus", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", "licenses": [ { "license": { @@ -57340,30 +141891,30 @@ } } ], - "purl": "pkg:npm/lodash.merge@4.6.2", + "purl": "pkg:npm/jest-circus@28.1.3#packages/jest-circus", "externalReferences": [ { - "url": "git+https://github.com/lodash/lodash.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-circus", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://lodash.com/", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lodash/lodash/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321" + "content": "719f9e4b9cdcefd301c2df88850862129d0e78175da5cd67f0c068d67301f00ee83cc2843be4ab7bec0768b25ec50523f586bff0d3816344444948188c1e9fa3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57372,21 +141923,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lodash.merge" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-circus" } ] }, { "type": "library", - "name": "optionator", - "version": "0.9.3", - "bom-ref": "optionator@0.9.3", - "author": "George Zahariev", - "description": "option parsing and help generation", + "name": "environment", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", "licenses": [ { "license": { @@ -57394,30 +141940,30 @@ } } ], - "purl": "pkg:npm/optionator@0.9.3", + "purl": "pkg:npm/%40jest/environment@28.1.3#packages/jest-environment", "externalReferences": [ { - "url": "git://github.com/gkz/optionator.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/gkz/optionator", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/gkz/optionator/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", + "url": "https://registry.npmjs.org/@jest/environment/-/environment-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2630a8ca9a7e8ca9f5b6d105131c617ad08a789b7dce102002f7b91571e2c53bc50d6ff968492d5fd6ee7c128b45131d53b6cdb692df706bbde01ddc7442608e" + "content": "d5b7f8d1c3054c490ac847f9f3947d233d566b20e31e81eabedb345c5604ab228cddc1560e978ca2a28a4c017d2d261032874f52587c14aa6da0cd9870c5805c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57426,77 +141972,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/optionator" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "fast-levenshtein", - "version": "2.0.6", - "bom-ref": "optionator@0.9.3|fast-levenshtein@2.0.6", - "author": "Ramesh Nair", - "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fast-levenshtein@2.0.6", - "externalReferences": [ - { - "url": "git+https://github.com/hiddentao/fast-levenshtein.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/hiddentao/fast-levenshtein#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/hiddentao/fast-levenshtein/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0c25eee887e1a9c92ced364a6371f1a77cbaaa9858e522599ab58c0eb29c11148e5d641d32153d220fcf62bcf2c3fba5f63388ca1d0de0cd2d6c2e61a1d83c77" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/optionator/node_modules/fast-levenshtein" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/environment" } ] }, { "type": "library", - "name": "progress", - "version": "2.0.3", - "bom-ref": "progress@2.0.3", - "author": "TJ Holowaychuk", - "description": "Flexible ascii progress bar", + "name": "expect", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", "licenses": [ { "license": { @@ -57504,30 +141989,30 @@ } } ], - "purl": "pkg:npm/progress@2.0.3", + "purl": "pkg:npm/%40jest/expect@28.1.3#packages/jest-expect", "externalReferences": [ { - "url": "git://github.com/visionmedia/node-progress.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-expect", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/visionmedia/node-progress#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/visionmedia/node-progress/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", + "url": "https://registry.npmjs.org/@jest/expect/-/expect-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ecf887b4b965e4b767288330d74d08fbcc495d1e605b6430598913ea226f6b46d78ad64a6bf5ccad26dd9a0debd979da89dcfd42e99dd153da32b66517d57db0" + "content": "97373c0a951b4a813876a4f453e835a8e0d08c14473e908f5e2b2c5c3e264bdfac5907669a9789f73487d6b4b51c492bb0c3747dbee72ab27d822011d5ddf007" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57536,21 +142021,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/progress" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect" } ] }, { "type": "library", - "name": "regexpp", - "version": "3.2.0", - "bom-ref": "regexpp@3.2.0", - "author": "Toru Nagashima", - "description": "Regular expression parser for ECMAScript.", + "name": "expect", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", "licenses": [ { "license": { @@ -57558,30 +142037,30 @@ } } ], - "purl": "pkg:npm/regexpp@3.2.0", + "purl": "pkg:npm/expect@28.1.3#packages/expect", "externalReferences": [ { - "url": "git+https://github.com/mysticatea/regexpp.git", + "url": "git+https://github.com/facebook/jest.git#packages/expect", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/mysticatea/regexpp#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mysticatea/regexpp/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", + "url": "https://registry.npmjs.org/expect/-/expect-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a6ad9b5a8f66543e379dbb6cdb01afd7b5cb88d2f26be1a4959f246832d5d99d3c8030ac1a99ca9fd04531ea6f5ae1c26f256f63b279a39f8156fa106e69492e" + "content": "784874c67f0796cb8e07116022cb3eda65fce55012e10cb739292357bae5056963b40e28587dfb825546c8e65266f12b0d3ff2072c1974f1b0097b93bd21bce6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57590,52 +142069,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/regexpp" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/expect" } ] }, { "type": "library", - "name": "table", - "version": "6.8.2", - "bom-ref": "table@6.8.2", - "author": "Gajus Kuizinas", - "description": "Formats data into a string table.", + "name": "jest-snapshot", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/table@6.8.2", + "purl": "pkg:npm/jest-snapshot@28.1.3#packages/jest-snapshot", "externalReferences": [ { - "url": "git+https://github.com/gajus/table.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-snapshot", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/gajus/table#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/gajus/table/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/table/-/table-6.8.2.tgz", + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c36b1fbfcd27ac08765426ea47900adbbc2cc1786a71c9360217e7356efa6de417b24199d55d761b04bfff26156b77777dcbc08a9d8e5276c30235b6937bfd7c" + "content": "e25ccc82d88d95cdc353ff2565f9aac4ddc0603e8618b6e5fbbdab741a57bdc57ec215fb983ad113390f769d919e67c8896060d586ee15291776e17625c69f26" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57644,17 +142117,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/table" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-snapshot" } ] }, { "type": "library", - "name": "text-table", - "version": "0.2.0", - "bom-ref": "text-table@0.2.0", - "author": "James Halliday", - "description": "borderless text tables with alignment", + "name": "dedent", + "version": "0.7.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "author": "Desmond Brand", + "description": "An ES6 string tag that strips indentation from multi-line strings", "licenses": [ { "license": { @@ -57662,30 +142135,30 @@ } } ], - "purl": "pkg:npm/text-table@0.2.0", + "purl": "pkg:npm/dedent@0.7.0", "externalReferences": [ { - "url": "git://github.com/substack/text-table.git", + "url": "git://github.com/dmnd/dedent.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/substack/text-table", + "url": "https://github.com/dmnd/dedent", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/substack/text-table/issues", + "url": "https://github.com/dmnd/dedent/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "url": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "37ef148ac0170c693c3c55cfe07033551f676df995277cd82c05a24c8a2a0b9bf98ac8a786bfabe6e68ef3eeebdc131fb8d22e7c8b00ed176956069c0b6712a7" + "content": "43a7ca50faa7007032862520154ec15332e2bf491df2c687f5a97bb67bb943fa248fa767ba9c724e01480635732404dd7c8026f4d02cbd73738da29af9bc55c8" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57694,21 +142167,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/text-table" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/dedent" } ] }, { "type": "library", - "name": "v8-compile-cache", - "version": "2.4.0", - "bom-ref": "v8-compile-cache@2.4.0", - "author": "Andres Suarez", - "description": "Require hook for automatic V8 compile cache persistence", + "name": "jest-each", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", "licenses": [ { "license": { @@ -57716,30 +142185,30 @@ } } ], - "purl": "pkg:npm/v8-compile-cache@2.4.0", + "purl": "pkg:npm/jest-each@28.1.3#packages/jest-each", "externalReferences": [ { - "url": "git+https://github.com/zertosh/v8-compile-cache.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-each", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/zertosh/v8-compile-cache#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zertosh/v8-compile-cache/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", + "url": "https://registry.npmjs.org/jest-each/-/jest-each-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a1cc967376c01c107f82ecaa250548e68e016643e1ce73d8506d9e6bcd06a2777f060356a5aa7c4ce98b49e7901bb6e787628c212c6c91d0031b9f63ef3aee87" + "content": "6ab4f5cf8b20db2001539ba880e6d53ef4a548c4250c0e3ca30c74ec10cf0226ac5b4c98a581d83a8e071cbcfdab4055cc3554e2120b163cc9c344a8f5a08bfe" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57748,20 +142217,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/v8-compile-cache" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-each" } ] }, { "type": "library", - "name": "confusing-browser-globals", - "version": "1.0.10", - "bom-ref": "confusing-browser-globals@1.0.10", - "description": "A list of browser globals that are often used by mistake instead of local variables", + "name": "jest-get-type", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "description": "A utility function to get the type of a value", "licenses": [ { "license": { @@ -57769,30 +142234,30 @@ } } ], - "purl": "pkg:npm/confusing-browser-globals@1.0.10#packages/confusing-browser-globals", + "purl": "pkg:npm/jest-get-type@28.0.2#packages/jest-get-type", "externalReferences": [ { - "url": "git+https://github.com/facebook/create-react-app.git#packages/confusing-browser-globals", + "url": "git+https://github.com/facebook/jest.git#packages/jest-get-type", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/facebook/create-react-app#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/create-react-app/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz", + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-28.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "80d95dff7972487c2e85a565b8950a2de3d88ab33740d08acd5c6a01d849208f7f5972955f93d447331526ca52d634ec952aa37ae1b828c5534a8ba2b7960f1c" + "content": "8a88f6c3dfc3c526077ce9b994928275c0263c9cd05e66ccfd4ae5deb865821acfbd3dedb7eedaffea1773d6b390a98bbe88978ed57cddb116aa2fafb399e53c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57801,21 +142266,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/confusing-browser-globals" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-get-type" } ] }, { "type": "library", - "name": "eslint-plugin-mocha", - "version": "9.0.0", - "bom-ref": "eslint-plugin-mocha@9.0.0", - "author": "Mathias Schreck", - "description": "Eslint rules for mocha.", + "name": "pretty-format", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", "licenses": [ { "license": { @@ -57823,30 +142284,30 @@ } } ], - "purl": "pkg:npm/eslint-plugin-mocha@9.0.0", + "purl": "pkg:npm/pretty-format@28.1.3#packages/pretty-format", "externalReferences": [ { - "url": "git://github.com/lo1tuma/eslint-plugin-mocha.git", + "url": "git+https://github.com/facebook/jest.git#packages/pretty-format", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/lo1tuma/eslint-plugin-mocha", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lo1tuma/eslint-plugin-mocha/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-9.0.0.tgz", + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "77b92701c423d633c2cd97f771a781227dc19d6ea291cbdfcf4912a90a703d871518ba09579b33d25d0e241d8b47c23b76f4c36eaab5a15eb29614a0cc0d74ce" + "content": "f2015bfd3a343a6c4747df994dbd780dfdaf371746097f20d71586513a94c394e266f7107f9b0728e6dde5470fc8b2f2a303700c03131775d6386d41ea6c65d5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57855,21 +142316,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-mocha" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/pretty-format" } ] }, { "type": "library", - "name": "ramda", - "version": "0.27.2", - "bom-ref": "ramda@0.27.2", - "author": "Scott Sauyet", - "description": "A practical functional library for JavaScript programmers.", + "name": "jest-matcher-utils", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "description": "A set of utility functions for expect and related packages", "licenses": [ { "license": { @@ -57877,30 +142333,30 @@ } } ], - "purl": "pkg:npm/ramda@0.27.2", + "purl": "pkg:npm/jest-matcher-utils@28.1.3#packages/jest-matcher-utils", "externalReferences": [ { - "url": "git://github.com/ramda/ramda.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-matcher-utils", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://ramdajs.com/", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ramda/ramda/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ramda/-/ramda-0.27.2.tgz", + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "49b88b3d4e3426e2678877b141202069ddf685fc1df834547701763e556e2394590f4fef6a151ca3b47cbc3f3a27fb5c10a285f6f66b515c20b66182aa508ac8" + "content": "910789eea1de98a7dbccaa068c71eb44a1fa6ad831324f049e493688f4375f03baa04fca603f253183b388291e481f46e1a74f3389d1d4313c4dfe497961fa07" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57909,21 +142365,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ramda" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-matcher-utils" } ] }, { "type": "library", - "name": "eslint-plugin-node", - "version": "11.1.0", - "bom-ref": "eslint-plugin-node@11.1.0", - "author": "Toru Nagashima", - "description": "Additional ESLint's rules for Node.js", + "name": "jest-runtime", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", "licenses": [ { "license": { @@ -57931,30 +142381,30 @@ } } ], - "purl": "pkg:npm/eslint-plugin-node@11.1.0", + "purl": "pkg:npm/jest-runtime@28.1.3#packages/jest-runtime", "externalReferences": [ { - "url": "git+https://github.com/mysticatea/eslint-plugin-node.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-runtime", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/mysticatea/eslint-plugin-node#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mysticatea/eslint-plugin-node/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a14c2d3c9d56d12283d13afec2abbdd9ce71b82790a81de14821dab27fd982315d03d88318d90d7f6662f73b58ed7fa136e3226f6dcb346466ebeb8df8a2c4de" + "content": "354fbcf3549c05040b7352471b9789194ed48b790b2ab9b008f3ed62c26d072922c6b3363a15509693261562633320df7641a004c3635c2181fde6f3b2034643" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -57963,293 +142413,64 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-node" - }, + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "licenses": [ { - "name": "cdx:npm:package:development", - "value": "true" + "license": { + "id": "MIT" + } } ], - "components": [ - { - "type": "library", - "name": "eslint-utils", - "version": "2.1.0", - "bom-ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", - "author": "Toru Nagashima", - "description": "Utilities for ESLint plugins.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint-utils@2.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/mysticatea/eslint-utils.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mysticatea/eslint-utils#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mysticatea/eslint-utils/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-node/node_modules/eslint-utils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, + "purl": "pkg:npm/jest-environment-node@28.1.3#packages/jest-environment-node", + "externalReferences": [ { - "type": "library", - "name": "eslint-visitor-keys", - "version": "1.3.0", - "bom-ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/eslint-visitor-keys@1.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-node/node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minimatch@3.1.2", - "externalReferences": [ - { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-node/node_modules/minimatch" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/brace-expansion@1.1.11", - "externalReferences": [ - { - "url": "git://github.com/juliangruber/brace-expansion.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-node/node_modules/brace-expansion" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "semver", - "version": "6.3.1", - "bom-ref": "eslint-plugin-node@11.1.0|semver@6.3.1", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/semver@6.3.1", - "externalReferences": [ - { - "url": "git+https://github.com/npm/node-semver.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/node-semver#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/node-semver/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-node/node_modules/semver" - }, + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-28.1.3.tgz", + "type": "distribution", + "hashes": [ { - "name": "cdx:npm:package:development", - "value": "true" + "alg": "SHA-512", + "content": "ba03fa5ce844a6300484662fa795e3f7cf67b39701d4ae99763058b92df4ba64f80901044dac5288f719fc4d64164b57e0692b70ce2abb4ec82250d85f5829f8" } - ] + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-environment-node" } ] }, { "type": "library", - "name": "eslint-plugin-es", - "version": "3.0.1", - "bom-ref": "eslint-plugin-es@3.0.1", - "author": "Toru Nagashima", - "description": "ESLint plugin about ECMAScript syntactic features.", + "name": "fake-timers", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", "licenses": [ { "license": { @@ -58257,30 +142478,30 @@ } } ], - "purl": "pkg:npm/eslint-plugin-es@3.0.1", + "purl": "pkg:npm/%40jest/fake-timers@28.1.3#packages/jest-fake-timers", "externalReferences": [ { - "url": "git+https://github.com/mysticatea/eslint-plugin-es.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-fake-timers", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/mysticatea/eslint-plugin-es#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mysticatea/eslint-plugin-es/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-3.0.1.tgz", + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "194980b0968de0573b19bb65f2e38195aca8d83aa1c16bc4cf290c1d20991d4dd7749f8d4b3cd97158578775715f989ca90fa841d2046b05d7f31911de620599" + "content": "0ffc0e90bd8f387bf9da1fa89393a3ff580e1bd1d2cb07683ed16c44252694220b5cd9f97885a67277770c88969499e91af42d99a8ea04ff79122d048a6c5f2f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -58289,131 +142510,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-es" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "eslint-utils", - "version": "2.1.0", - "bom-ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", - "author": "Toru Nagashima", - "description": "Utilities for ESLint plugins.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint-utils@2.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/mysticatea/eslint-utils.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mysticatea/eslint-utils#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mysticatea/eslint-utils/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-es/node_modules/eslint-utils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-visitor-keys", - "version": "1.3.0", - "bom-ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/eslint-visitor-keys@1.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-es/node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/fake-timers" } ] }, { "type": "library", - "name": "eslint-config-oclif", - "version": "4.0.0", - "bom-ref": "eslint-config-oclif@4.0.0", - "author": "Jeff Dickey @jdxcode", - "description": "eslint config for oclif", + "name": "jest-mock", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", "licenses": [ { "license": { @@ -58421,30 +142526,30 @@ } } ], - "purl": "pkg:npm/eslint-config-oclif@4.0.0", + "purl": "pkg:npm/jest-mock@28.1.3#packages/jest-mock", "externalReferences": [ { - "url": "git+https://github.com/oclif/eslint-config-oclif.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-mock", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/oclif/eslint-config-oclif", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/eslint-config-oclif/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-config-oclif/-/eslint-config-oclif-4.0.0.tgz", + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e6d91441e0b7deb1c0849c5a19e0466087e50cbba6795daa0ffe172c1757841ffa17ff899f075c7bdc181d2be4c74254a9441286942ff09115901a7fcf30fb86" + "content": "a372768ebe9d30c598547e0b87f34a9835dda2caec2608b802f892f285cbba3723a423016f514cb1b9439ce5ca64a7d28872f162e6f5792d081ee457b22a3d78" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -58453,131 +142558,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "eslint-plugin-unicorn", - "version": "36.0.0", - "bom-ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", - "author": "Sindre Sorhus", - "description": "Various awesome ESLint rules", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint-plugin-unicorn@36.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-36.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c71376bd272d1969c35ba68b1259bf2ca23072b9a4ea676211c5b9e54bf992b72b55c20549632612073f870a5e9987d969c299e67a4511118dcf869386ca7500" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif/node_modules/eslint-plugin-unicorn" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "ci-info", - "version": "3.9.0", - "bom-ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ci-info@3.9.0", - "externalReferences": [ - { - "url": "git+https://github.com/watson/ci-info.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/watson/ci-info", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/watson/ci-info/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif/node_modules/ci-info" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-mock" } ] }, { "type": "library", - "name": "eslint-config-xo-space", - "version": "0.27.0", - "bom-ref": "eslint-config-xo-space@0.27.0", - "author": "Sindre Sorhus", - "description": "ESLint shareable config for XO with 2-space indent", + "name": "jest-resolve", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", "licenses": [ { "license": { @@ -58585,30 +142574,30 @@ } } ], - "purl": "pkg:npm/eslint-config-xo-space@0.27.0", + "purl": "pkg:npm/jest-resolve@28.1.3#packages/jest-resolve", "externalReferences": [ { - "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.27.0.tgz", + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6fc5235be9d0c8e921880355a48a6daa528fc84ed7472438d2e435368061cd57eef798317d91aba658aaf191c1a5a385db008b65a7b14d28e0ed1be6f7dbe3e0" + "content": "6755b7b538c4e9068d23dd2aa3f049a5f9efa71b5a153170e420e0c29c84fcacfc53fd3a3751e37f889af6ab94842877f6a206585d59bb1162062250c1211829" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -58617,21 +142606,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-xo-space" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve" } ] }, { "type": "library", - "name": "eslint-config-xo", - "version": "0.35.0", - "bom-ref": "eslint-config-xo@0.35.0", - "author": "Sindre Sorhus", - "description": "ESLint shareable config for XO", + "name": "jest-runner", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", "licenses": [ { "license": { @@ -58639,30 +142622,30 @@ } } ], - "purl": "pkg:npm/eslint-config-xo@0.35.0", + "purl": "pkg:npm/jest-runner@28.1.3#packages/jest-runner", "externalReferences": [ { - "url": "git+https://github.com/xojs/eslint-config-xo.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-runner", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/xojs/eslint-config-xo#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/xojs/eslint-config-xo/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.35.0.tgz", + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f96c994cb594265bc4c45ac153f2ddc3c001fd2d1ddf1fb6e8941d0566dcaa283665a5a1d338a761c1e893e113e08a0f68471145fdc513d92322d3558c1c2702" + "content": "1a4330e03ff451277ad8e54ed281208e7db74ccf9825ad94d96bb9cf3f71b1007533158a0ce96b9f290fc6732c374b6726595f2cf8a71d391aeb5bb44216b104" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -58671,22 +142654,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-xo" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runner" } ] }, { "type": "library", - "name": "helper-validator-identifier", - "group": "@babel", - "version": "7.22.20", - "bom-ref": "@babel/helper-validator-identifier@7.22.20", - "author": "The Babel Team", - "description": "Validate identifier/keywords name", + "name": "jest-validate", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", "licenses": [ { "license": { @@ -58694,30 +142670,30 @@ } } ], - "purl": "pkg:npm/%40babel/helper-validator-identifier@7.22.20#packages/babel-helper-validator-identifier", + "purl": "pkg:npm/jest-validate@28.1.3#packages/jest-validate", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-identifier", + "url": "git+https://github.com/facebook/jest.git#packages/jest-validate", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/babel/babel#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "638399fb2b656ad47c008fbc2997cab8be6eacaa7ba9ecb4f216b7d4bf1bdc1c1ec0902825a993cf2bf13d1ff90fe2a47490863eaffef13ba41c1958d74157f4" + "content": "4996ce181584b1a4f104608ea6c45695796f364bd3918d17c517e1ef3626bddf2e2f9433ca0d021c05e25ca44e7e587cd35aae03afbf0ec4f83830ed84e0bf38" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -58726,17 +142702,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-validator-identifier" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-validate" } ] }, { "type": "library", - "name": "clean-regexp", - "version": "1.0.0", - "bom-ref": "clean-regexp@1.0.0", - "author": "Sam Verschueren", - "description": "Clean up regular expressions", + "name": "jest-resolve-dependencies", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", "licenses": [ { "license": { @@ -58744,30 +142718,30 @@ } } ], - "purl": "pkg:npm/clean-regexp@1.0.0", + "purl": "pkg:npm/jest-resolve-dependencies@28.1.3#packages/jest-resolve-dependencies", "externalReferences": [ { - "url": "git+https://github.com/SamVerschueren/clean-regexp.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve-dependencies", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/SamVerschueren/clean-regexp#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SamVerschueren/clean-regexp/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "19f8ac119109bf32ab9865a4bdf860cdccff06594dd5449ea83d95ead835e0e00e81a083d99fcf504bb19c067f9cfbe6687446edaf32efba754ff2114380f51f" + "content": "a9ad103b64345f342834fa2e31b09cec1bedb1e9bc7908153cd9309fd2e74be4769fc0da5433cbfd4d609e00b42d39754585c9534b896b604c0b60db4df16b1c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -58776,104 +142750,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/clean-regexp" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "escape-string-regexp", - "version": "1.0.5", - "bom-ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/escape-string-regexp@1.0.5", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/clean-regexp/node_modules/escape-string-regexp" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve-dependencies" } ] }, { "type": "library", - "name": "eslint-template-visitor", - "version": "2.3.2", - "bom-ref": "eslint-template-visitor@2.3.2", + "name": "resolve.exports", + "version": "1.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "author": "Luke Edwards", + "description": "A tiny (813b), correct, general-purpose, and configurable \"exports\" resolver without file-system reliance", "licenses": [ { - "expression": "GPL-3.0-or-later OR MIT" + "license": { + "id": "MIT" + } } ], - "purl": "pkg:npm/eslint-template-visitor@2.3.2", + "purl": "pkg:npm/resolve.exports@1.1.1", "externalReferences": [ { - "url": "git+https://github.com/futpib/eslint-template-visitor.git", + "url": "git+https://github.com/lukeed/resolve.exports.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/futpib/eslint-template-visitor#readme", + "url": "https://github.com/lukeed/resolve.exports#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/futpib/eslint-template-visitor/issues", + "url": "https://github.com/lukeed/resolve.exports/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-template-visitor/-/eslint-template-visitor-2.3.2.tgz", + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "df2761a85a6e57bc7533d10ae7604f363e95d0ac2ed0a2a470801fa548701db47ca1c4659ffa141e07f142ea58f0ed61e10bff3ce1c3ba66ff070c0d7f16ed9c" + "content": "fcdb691cd0cdee35a101a43d06f054619e984d7b110607ea58558fec16416a83093bf2371b9385cef4ee58d9590b768f8e29ecd45f9336b2cab066c7e2b7ec45" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -58882,78 +142800,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-template-visitor" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "eslint-visitor-keys", - "version": "2.1.0", - "bom-ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/eslint-visitor-keys@2.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-template-visitor/node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/@mitre/inspec-objects/node_modules/resolve.exports" } ] }, { "type": "library", - "name": "eslint-parser", - "group": "@babel", - "version": "7.24.1", - "bom-ref": "@babel/eslint-parser@7.24.1", - "author": "The Babel Team", - "description": "ESLint parser that allows for linting of experimental syntax transformed by Babel", + "name": "emittery", + "version": "0.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", "licenses": [ { "license": { @@ -58961,30 +142818,30 @@ } } ], - "purl": "pkg:npm/%40babel/eslint-parser@7.24.1#eslint/babel-eslint-parser", + "purl": "pkg:npm/emittery@0.10.2", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#eslint/babel-eslint-parser", + "url": "git+https://github.com/sindresorhus/emittery.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/", + "url": "https://github.com/sindresorhus/emittery#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/sindresorhus/emittery/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz", + "url": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "77982ebb33253de0df6486e943cfa0d4d68236e00604118d1028741d5ab3d6c8ce7952e1d8211a89fb8ecac087d7c5115ba47ba6a5c836f7f93da47f742ea32d" + "content": "6884ea3b09cb6a7a472cd5d924435b3a08d405e1e8703fb1b1226636b8e8bca056e476d2a56dddd69125b3b18540f5165e2c06f7ed0fe06b477c4a82ff833423" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -58993,131 +142850,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/eslint-parser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "eslint-visitor-keys", - "version": "2.1.0", - "bom-ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/eslint-visitor-keys@2.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "semver", - "version": "6.3.1", - "bom-ref": "@babel/eslint-parser@7.24.1|semver@6.3.1", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/semver@6.3.1", - "externalReferences": [ - { - "url": "git+https://github.com/npm/node-semver.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/node-semver#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/node-semver/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/eslint-parser/node_modules/semver" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/@mitre/inspec-objects/node_modules/emittery" } ] }, { "type": "library", - "name": "eslint-scope-5-internals", - "group": "@nicolo-ribaudo", - "version": "5.1.1-v1", - "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", - "description": "Proxy package exposing internals of eslint-scope@5 for @babel/eslint-parser", + "name": "jest-docblock", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", "licenses": [ { "license": { @@ -59125,15 +142866,30 @@ } } ], - "purl": "pkg:npm/%40nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "purl": "pkg:npm/jest-docblock@28.1.1#packages/jest-docblock", "externalReferences": [ { - "url": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", + "url": "git+https://github.com/facebook/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-28.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e78fc946f90b233cc35ac84259fba169d7eb7d954f884958f057209a0d47ae8125cbf1034accf384102c6ab0aec7e0ff90eb254d1aae373bb21929944934c71a" + "content": "df06b2055362398c7473001b97daf09b990a14ff321c7dddfdf90468bd3634f4e40e88cfb6178607b1d9485638c335fe0f1cabbe15f3d0a482564b260a49c2b8" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -59142,129 +142898,64 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals" - }, + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "licenses": [ { - "name": "cdx:npm:package:development", - "value": "true" + "license": { + "id": "MIT" + } } ], - "components": [ - { - "type": "library", - "name": "eslint-scope", - "version": "5.1.1", - "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", - "description": "ECMAScript scope analyzer for ESLint", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/eslint-scope@5.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-scope.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "http://github.com/eslint/eslint-scope", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-scope/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "estraverse", - "version": "4.3.0", - "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0", - "description": "ECMAScript JS AST traversal functions", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/estraverse@4.3.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/estools/estraverse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/estools/estraverse", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/estools/estraverse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "purl": "pkg:npm/jest-leak-detector@28.1.3#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-28.1.3.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "58554986742c88ab43128e651b698cd2fe344169c133eccc7471f226cf00599ec9d106494b9f4cb3229e2475a1a416411f7d92e3c14e56f1b23854f58740e5a8" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-leak-detector" } ] }, { "type": "library", - "name": "multimap", - "version": "1.1.0", - "bom-ref": "multimap@1.1.0", - "author": "villa.gao", - "description": "multi-map which allow multiple values for the same key", + "name": "jest-watcher", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "description": "Delightful JavaScript Testing.", "licenses": [ { "license": { @@ -59272,30 +142963,30 @@ } } ], - "purl": "pkg:npm/multimap@1.1.0", + "purl": "pkg:npm/jest-watcher@28.1.3#packages/jest-watcher", "externalReferences": [ { - "url": "git://github.com/villadora/multi-map.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-watcher", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/villadora/multi-map#readme", + "url": "https://jestjs.io/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/villadora/multi-map/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/multimap/-/multimap-1.1.0.tgz", + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d19211f4f6ac3f1197991b0417c8ec0f39ddcc70e3eed21abfe2549af20507f587b30962167aaec44093fc37bb191e3283df64cbf36544a253f361b5cb6ef56f" + "content": "b78a9caa3f61cdefa3be214f50ddd802d0047859ebfdacc84d740430045fe5c330298d923014670904d72e2c53976d0e47a98b87d28b32b8152602484b29bed6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -59304,52 +142995,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/multimap" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-watcher" } ] }, { "type": "library", - "name": "is-builtin-module", - "version": "3.2.1", - "bom-ref": "is-builtin-module@3.2.1", - "author": "Sindre Sorhus", - "description": "Check if a string matches the name of a Node.js builtin module", + "name": "fake-timers", + "group": "@sinonjs", + "version": "9.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/is-builtin-module@3.2.1", + "purl": "pkg:npm/%40sinonjs/fake-timers@9.1.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-builtin-module.git", + "url": "git+https://github.com/sinonjs/fake-timers.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-builtin-module#readme", + "url": "https://github.com/sinonjs/fake-timers", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-builtin-module/issues", + "url": "https://github.com/sinonjs/fake-timers/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0522c4dc79d5dacc99d052b488c03fc941a995478c98dcf8016e5f9d3ba76c222a662e2f1b75a3253f451cccb90faf719806011d742125d00b769c15c55e74d4" + "content": "04f4b8ca7256fe8f763d4478c20ae2cf651de60a524f9bf3e8641f322c440cad19f19094bf633b4a404bca41f9e93fbe5ecfbc967f734c66cebcd1887b4dbf8f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -59358,52 +143046,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-builtin-module" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/fake-timers" } ] }, { "type": "library", - "name": "pluralize", - "version": "8.0.0", - "bom-ref": "pluralize@8.0.0", - "author": "Blake Embrey", - "description": "Pluralize and singularize any word", + "name": "commons", + "group": "@sinonjs", + "version": "1.8.6", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "description": "Simple functions shared among the sinon end user libraries", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/pluralize@8.0.0", + "purl": "pkg:npm/%40sinonjs/commons@1.8.6", "externalReferences": [ { - "url": "git+https://github.com/blakeembrey/pluralize.git", + "url": "git+https://github.com/sinonjs/commons.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/pluralize#readme", + "url": "https://github.com/sinonjs/commons#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/pluralize/issues", + "url": "https://github.com/sinonjs/commons/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "35cdc84f9c87cdf9537db8e0a967023e9a3b0da2b2e059e907497fcc2016d1373b8f1022baa4b11dab27b41dc3efcf3b2d2ac0f7790327d217a2fc49631c8b08" + "content": "2b2f9790092a3d94a6dcd2c17949e0efb101425ddc99e2612136861dd607f248d507e6ae9f74b85c146d8b6cedd7b9adb7498850388dc587a8266e9dad5bc125" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -59412,21 +143096,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pluralize" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/commons" } ] }, { "type": "library", - "name": "read-pkg-up", - "version": "7.0.1", - "bom-ref": "read-pkg-up@7.0.1", - "author": "Sindre Sorhus", - "description": "Read the closest package.json file", + "name": "globals", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", "licenses": [ { "license": { @@ -59434,30 +143113,30 @@ } } ], - "purl": "pkg:npm/read-pkg-up@7.0.1", + "purl": "pkg:npm/%40jest/globals@28.1.3#packages/jest-globals", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/read-pkg-up.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-globals", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/read-pkg-up#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/read-pkg-up/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", + "url": "https://registry.npmjs.org/@jest/globals/-/globals-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ccad1307b5dde89a422e694b9ae7eaca4184fbf4e539e3c3eaa28294d5bb8470ca161fc9effee0096191ee3a044045b56caab76b7c9465239b3a858b150e2886" + "content": "5c55383f8a61cabc825eed696dca8c3b419241c61ed48b1a958083cd137285eb727b2c4c708c5ad75a8f343a5534b7ab7ad22d36a126618427d54633ff9c7534" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -59466,291 +143145,65 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg-up" - }, + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "28.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "licenses": [ { - "name": "cdx:npm:package:development", - "value": "true" + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/%40jest/source-map@28.1.2#packages/jest-source-map", + "externalReferences": [ { - "type": "library", - "name": "find-up", - "version": "4.1.0", - "bom-ref": "read-pkg-up@7.0.1|find-up@4.1.0", - "author": "Sindre Sorhus", - "description": "Find a file or directory by walking up parent directories", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/find-up@4.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/find-up.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/find-up#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/find-up/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg-up/node_modules/find-up" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git+https://github.com/facebook/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "locate-path", - "version": "5.0.0", - "bom-ref": "read-pkg-up@7.0.1|locate-path@5.0.0", - "author": "Sindre Sorhus", - "description": "Get the first path that exists on disk of multiple paths", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/locate-path@5.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/locate-path.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/locate-path#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/locate-path/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg-up/node_modules/locate-path" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "p-locate", - "version": "4.1.0", - "bom-ref": "read-pkg-up@7.0.1|p-locate@4.1.0", - "author": "Sindre Sorhus", - "description": "Get the first fulfilled promise that satisfies the provided testing function", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/p-locate@4.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/p-locate.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/p-locate#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/p-locate/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg-up/node_modules/p-locate" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "p-limit", - "version": "2.3.0", - "bom-ref": "read-pkg-up@7.0.1|p-limit@2.3.0", - "author": "Sindre Sorhus", - "description": "Run multiple promise-returning & async functions with limited concurrency", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/p-limit@2.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/p-limit.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/p-limit#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/p-limit/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-28.1.2.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "715f0bc7705e4ad25bf22a4f1e7a95c3f20cd9508c58eddcad6673628752224c579d1717262a42771d4908ad0ae4cb09268b994131fbde6cdfe2f83145a1fdc3" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg-up/node_modules/p-limit" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "type": "library", - "name": "type-fest", - "version": "0.8.1", - "bom-ref": "read-pkg-up@7.0.1|type-fest@0.8.1", - "author": "Sindre Sorhus", - "description": "A collection of essential TypeScript types", - "licenses": [ - { - "expression": "(MIT OR CC0-1.0)" - } - ], - "purl": "pkg:npm/type-fest@0.8.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/type-fest.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/type-fest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/type-fest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e1d6f3233aaf8ed822339af0d64e6b107b4100d2a676e7611b20446a3374d5f13285a00886ca0a372eb2efe20df7721fa45b7063d8aa8bb903fb1c0a850b0d24" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg-up/node_modules/type-fest" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/source-map" } ] }, { "type": "library", - "name": "regexp-tree", - "version": "0.1.27", - "bom-ref": "regexp-tree@0.1.27", - "author": "Dmitry Soshnikov", - "description": "Regular Expressions parser in JavaScript", + "name": "expect-utils", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", "licenses": [ { "license": { @@ -59758,30 +143211,30 @@ } } ], - "purl": "pkg:npm/regexp-tree@0.1.27", + "purl": "pkg:npm/%40jest/expect-utils@28.1.3#packages/expect-utils", "externalReferences": [ { - "url": "git+https://github.com/DmitrySoshnikov/regexp-tree.git", + "url": "git+https://github.com/facebook/jest.git#packages/expect-utils", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DmitrySoshnikov/regexp-tree", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DmitrySoshnikov/regexp-tree/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8844f1a632ba628456246e68ea15cbc2f8d80285be144667f68b343c3fdbe803fac50c2c6bf63b942560222c416d43cc7e1bbe8b62ed75e02a5538069506ab7c" + "content": "c2f6e2f4b52b1c92e7dcd9435bac05da1bc832d77825497640d56b8eaf880521e2ae07eb477a3d46756dc7374418eda7f49c885b01e72df6f2e4acea04683660" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -59790,21 +143243,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/regexp-tree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect-utils" } ] }, { "type": "library", - "name": "safe-regex", - "version": "2.1.1", - "bom-ref": "safe-regex@2.1.1", - "author": "James C.", - "description": "detect possibly catastrophic, exponential-time regular expressions", + "name": "jest-diff", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", "licenses": [ { "license": { @@ -59812,30 +143259,30 @@ } } ], - "purl": "pkg:npm/safe-regex@2.1.1", + "purl": "pkg:npm/jest-diff@28.1.3#packages/jest-diff", "externalReferences": [ { - "url": "git://github.com/davisjam/safe-regex.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-diff", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/davisjam/safe-regex", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/davisjam/safe-regex/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "af1fb1f0033329be50e6543de59a22e996c9ab008b92a8b75ee257a793f7ad3f0e11ceac642246e40139754de5b2046bfc5e01b37d634a554dfa3e4aaec1aef4" + "content": "f11a8fd41fce5f38e34d692a317ebb8aa830055251802c8a0f72fd9eafba66a24c76f8c4f1180792da99ea336b91d313f9d26e60d237ae1429c5acfb76b2477f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -59844,21 +143291,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/safe-regex" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-diff" } ] }, { "type": "library", - "name": "eslint-plugin-unicorn", - "version": "52.0.0", - "bom-ref": "eslint-plugin-unicorn@52.0.0", - "author": "Sindre Sorhus", - "description": "More than 100 powerful ESLint rules", + "name": "diff-sequences", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "description": "Compare items in two sequences to find a longest common subsequence", "licenses": [ { "license": { @@ -59866,30 +143308,30 @@ } } ], - "purl": "pkg:npm/eslint-plugin-unicorn@52.0.0", + "purl": "pkg:npm/diff-sequences@28.1.1#packages/diff-sequences", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "url": "git+https://github.com/facebook/jest.git#packages/diff-sequences", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-52.0.0.tgz", + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-28.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d58ce6eff9bed11e1d8c7d2d8c38df55e8bf8eedb0dc0cd41a31baabc267b8d20be71230b1f9720a8a16e6c7c1bd0a76a4c61015259608538db2309ac751079e" + "content": "154d2215a1ff136ddaf9aef5f25f106bfd7d6c5f69d3a9201342a2a4c38c69dc1add28e768494accf6940b4be789bb3afc1ffd9e2f7bb3ad6671e8e4f16d5f43" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -59898,22 +143340,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-unicorn" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/diff-sequences" } ] }, { "type": "library", - "name": "eslintrc", - "group": "@eslint", - "version": "2.1.4", - "bom-ref": "@eslint/eslintrc@2.1.4", - "author": "Nicholas C. Zakas", - "description": "The legacy ESLintRC config file format for ESLint", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", "licenses": [ { "license": { @@ -59921,30 +143358,30 @@ } } ], - "purl": "pkg:npm/%40eslint/eslintrc@2.1.4", + "purl": "pkg:npm/camelcase@6.3.0", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslintrc.git", + "url": "git+https://github.com/sindresorhus/camelcase.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/eslint/eslintrc#readme", + "url": "https://github.com/sindresorhus/camelcase#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslintrc/issues", + "url": "https://github.com/sindresorhus/camelcase/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dbaf59dfd312eb0549b6ca14975d0beb459d92125574f1b6e10e1e6531f79e717a969bd24a110adf04230d7f494560143ef3e1ec23a8b8fa54f48aea69916fb5" + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -59953,270 +143390,97 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@eslint/eslintrc" - }, + "value": "node_modules/@mitre/inspec-objects/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "licenses": [ { - "name": "cdx:npm:package:development", - "value": "true" + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/%40jest/schemas@28.1.3#packages/jest-schemas", + "externalReferences": [ { - "type": "library", - "name": "ajv", - "version": "6.12.6", - "bom-ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", - "author": "Evgeny Poberezkin", - "description": "Another JSON Schema Validator", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ajv@6.12.6", - "externalReferences": [ - { - "url": "git+https://github.com/ajv-validator/ajv.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ajv-validator/ajv", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ajv-validator/ajv/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@eslint/eslintrc/node_modules/ajv" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git+https://github.com/facebook/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "json-schema-traverse", - "version": "0.4.1", - "bom-ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", - "author": "Evgeny Poberezkin", - "description": "Traverse JSON Schema passing each schema object to callback", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/json-schema-traverse@0.4.1", - "externalReferences": [ - { - "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/epoberezkin/json-schema-traverse#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/epoberezkin/json-schema-traverse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minimatch@3.1.2", - "externalReferences": [ - { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@eslint/eslintrc/node_modules/minimatch" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/brace-expansion@1.1.11", - "externalReferences": [ - { - "url": "git://github.com/juliangruber/brace-expansion.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "fe5fd55ac76dfda057823b212d6385c85b77215758ca9bb9cb65a7dab38ed6e9fa9e4a889fc48b5f38083185c5c98b11583c85e44b6198a24c21d26f934f20ae" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@eslint/eslintrc/node_modules/brace-expansion" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/schemas" } ] }, { "type": "library", - "name": "espree", - "version": "9.6.1", - "bom-ref": "espree@9.6.1", - "author": "Nicholas C. Zakas", - "description": "An Esprima-compatible JavaScript parser built on Acorn", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/espree@9.6.1", + "purl": "pkg:npm/ansi-styles@5.2.0", "externalReferences": [ { - "url": "git+https://github.com/eslint/espree.git", + "url": "git+https://github.com/chalk/ansi-styles.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/eslint/espree", + "url": "https://github.com/chalk/ansi-styles#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/espree/issues", + "url": "https://github.com/chalk/ansi-styles/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a2bb99685923a2b4e9177da40d2239ffbe558b019e6608a7186cb636839283743d6e7c259e60e6e072e7925d111379fe9e30d7474dfb698d7ec79f19ff315dc1" + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60225,21 +143489,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/espree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/ansi-styles" } ] }, { "type": "library", - "name": "parent-module", - "version": "1.0.1", - "bom-ref": "parent-module@1.0.1", - "author": "Sindre Sorhus", - "description": "Get the path of the parent module", + "name": "typebox", + "group": "@sinclair", + "version": "0.24.51", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", "licenses": [ { "license": { @@ -60247,30 +143508,30 @@ } } ], - "purl": "pkg:npm/parent-module@1.0.1", + "purl": "pkg:npm/%40sinclair/typebox@0.24.51", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/parent-module.git", + "url": "git+https://github.com/sinclairzx81/typebox.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/parent-module#readme", + "url": "https://github.com/sinclairzx81/typebox#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/parent-module/issues", + "url": "https://github.com/sinclairzx81/typebox/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa" + "content": "d4fd4e44e9bfaddb9b3f96850d265020b534beb2c22787ef1ede84a2a1c433ed83fc6e4c2b76c86b299428b8adf09b3d81b9ece54c899e43ff4d944e2f0e2d50" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60279,17 +143540,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/parent-module" + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinclair/typebox" } ] }, { "type": "library", - "name": "resolve-from", - "version": "4.0.0", - "bom-ref": "resolve-from@4.0.0", - "author": "Sindre Sorhus", - "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "name": "jest-cli", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "description": "Delightful JavaScript Testing.", "licenses": [ { "license": { @@ -60297,30 +143557,30 @@ } } ], - "purl": "pkg:npm/resolve-from@4.0.0", + "purl": "pkg:npm/jest-cli@28.1.3#packages/jest-cli", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/resolve-from.git", + "url": "git+https://github.com/facebook/jest.git#packages/jest-cli", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/resolve-from#readme", + "url": "https://jestjs.io/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/resolve-from/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2" + "content": "ae863792faefe7b0339f5c8f81d4de6cf017bdd476c5f7b368a298cd5c59e88b7fe4d0b1cc9ca6ead508e4fd7391d5a17d4624c4423db9959c41d6852e8f2625" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60329,17 +143589,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/resolve-from" + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-cli" } ] }, { "type": "library", - "name": "ci-info", - "version": "4.0.0", - "bom-ref": "ci-info@4.0.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", + "name": "ts-jest", + "version": "28.0.8", + "bom-ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", "licenses": [ { "license": { @@ -60347,30 +143607,30 @@ } } ], - "purl": "pkg:npm/ci-info@4.0.0", + "purl": "pkg:npm/ts-jest@28.0.8", "externalReferences": [ { - "url": "git+https://github.com/watson/ci-info.git", + "url": "git+https://github.com/kulshekhar/ts-jest.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/watson/ci-info", + "url": "https://kulshekhar.github.io/ts-jest", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/watson/ci-info/issues", + "url": "https://github.com/kulshekhar/ts-jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-28.0.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4dd1ea8067fda1d77c49736ec6d501571f0dbfea9939e8c4eaacaa8b2e4db5b61840e7856bace61e4c653f399a2f15961ec53a9c9981ec01137553e2fb634152" + "content": "e45686d255e644fcc0a62c7ca051bc44a8c0cf87a1b66f3230a393cb91d7ddf63a5bc926bceae6718d212831255b9d85268bfe7258546eb280aa87e78f89974e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60379,21 +143639,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ci-info" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/ts-jest" } ] }, { "type": "library", - "name": "core-js-compat", - "version": "3.37.0", - "bom-ref": "core-js-compat@3.37.0", - "author": "Denis Pushkarev", - "description": "core-js compat", + "name": "babel-preset-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", "licenses": [ { "license": { @@ -60401,30 +143655,30 @@ } } ], - "purl": "pkg:npm/core-js-compat@3.37.0#packages/core-js-compat", + "purl": "pkg:npm/babel-preset-jest@28.1.3#packages/babel-preset-jest", "externalReferences": [ { - "url": "git+https://github.com/zloirock/core-js.git#packages/core-js-compat", + "url": "git+https://github.com/facebook/jest.git#packages/babel-preset-jest", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/zloirock/core-js#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zloirock/core-js/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.0.tgz", + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bd8ab82fe4fc692e54b858385300e173b60d45655e559c25b5a77d0bf8d5dd1d8b8153a94bd043afb97f58be8137475b5779355de8cf4c7aaa133260b1ad1fac" + "content": "2fe7eea49be55801db41f9fbe1ca0d5f7cdfeb42d7309b1eccdbefc7c78887b88e47596e275a68c5881093517c3d8b4dabfe903830c70aab129d3152582e3dd4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60433,21 +143687,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/core-js-compat" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-preset-jest" } ] }, { "type": "library", - "name": "browserslist", - "version": "4.23.0", - "bom-ref": "browserslist@4.23.0", - "author": "Andrey Sitnik", - "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset", + "name": "babel-plugin-jest-hoist", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", "licenses": [ { "license": { @@ -60455,30 +143703,30 @@ } } ], - "purl": "pkg:npm/browserslist@4.23.0", + "purl": "pkg:npm/babel-plugin-jest-hoist@28.1.3#packages/babel-plugin-jest-hoist", "externalReferences": [ { - "url": "git+https://github.com/browserslist/browserslist.git", + "url": "git+https://github.com/facebook/jest.git#packages/babel-plugin-jest-hoist", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/browserslist/browserslist#readme", + "url": "https://github.com/facebook/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/browserslist/browserslist/issues", + "url": "https://github.com/facebook/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-28.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "416f0788cd6c8614f61aece4be495f8dc2838961571ce78508803f86e24fc07b2c97073276093b5fecf6cd7a448a33fdf14098ec76ee6d9b79276660bdfd0269" + "content": "62cded50a0267e79115293dda5af7c798ac04749d5fac4855196441ae43611b15dd72e1238bb43e500cd1c0abe6dbf5af9b6d7bd8402e1bf880ff4c720c714e9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60487,48 +143735,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/browserslist" + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-plugin-jest-hoist" } ] }, { "type": "library", - "name": "caniuse-lite", - "version": "1.0.30001612", - "bom-ref": "caniuse-lite@1.0.30001612", - "author": "Ben Briggs", - "description": "A smaller version of caniuse-db, with only the essentials!", + "name": "typescript", + "version": "4.9.5", + "bom-ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", "licenses": [ { "license": { - "id": "CC-BY-4.0" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/caniuse-lite@1.0.30001612", + "purl": "pkg:npm/typescript@4.9.5", "externalReferences": [ { - "url": "git+https://github.com/browserslist/caniuse-lite.git", + "url": "git+https://github.com/Microsoft/TypeScript.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/browserslist/caniuse-lite#readme", + "url": "https://www.typescriptlang.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/browserslist/caniuse-lite/issues", + "url": "https://github.com/Microsoft/TypeScript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001612.tgz", + "url": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "945827674ed485a09cb12660596d0ae63e1eebd74ad6efe5b6b2fd95352214ec0d1ecd764b750c204620055d19e82ea14437afee2467333cd898a69b61d5c5f6" + "content": "d455e4f44d879be433650ef3f8c7098872f8356d45d84cccbbd36af62df301a1aa89b69fa98c02554e96c9602ec90451cce971a2ef31652c972c437ca0a8f6e2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60537,17 +143785,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/caniuse-lite" + "value": "node_modules/@mitre/inspec-objects/node_modules/typescript" } ] }, { "type": "library", - "name": "electron-to-chromium", - "version": "1.4.747", - "bom-ref": "electron-to-chromium@1.4.747", - "author": "Kilian Valkhof", - "description": "Provides a list of electron-to-chromium version mappings", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", "licenses": [ { "license": { @@ -60555,30 +143803,30 @@ } } ], - "purl": "pkg:npm/electron-to-chromium@1.4.747", + "purl": "pkg:npm/yargs-parser@21.1.1", "externalReferences": [ { - "url": "git+https://github.com/kilian/electron-to-chromium.git", + "url": "git+https://github.com/yargs/yargs-parser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kilian/electron-to-chromium#readme", + "url": "https://github.com/yargs/yargs-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kilian/electron-to-chromium/issues", + "url": "https://github.com/yargs/yargs-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.747.tgz", + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f859d2599200bc51dbb0d566531844a9689a3a23cc71fba6d464339560a0ff02e2815b6c84eb235c7c8415f9ade9c14aebe1e44b740e241bfaff738fba66c17f" + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60587,48 +143835,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/electron-to-chromium" + "value": "node_modules/@mitre/inspec-objects/node_modules/yargs-parser" } ] }, { "type": "library", - "name": "node-releases", - "version": "2.0.14", - "bom-ref": "node-releases@2.0.14", - "author": "Sergey Rubanov", - "description": "Node.js releases data", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/node-releases@2.0.14", + "purl": "pkg:npm/yaml@1.10.2", "externalReferences": [ { - "url": "git+https://github.com/chicoxyzzy/node-releases.git", + "url": "git+https://github.com/eemeli/yaml.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chicoxyzzy/node-releases#readme", + "url": "https://eemeli.org/yaml/v1/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chicoxyzzy/node-releases/issues", + "url": "https://github.com/eemeli/yaml/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cb5d30396b7cc99a6a5e63a0468efb59a1c49a1610606340eb2e36d4f2ac2985842bc696f9ca80a616e8ad90e1a9fc8aadb64437dd823755f629b69f636b3b63" + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60637,17 +143885,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/node-releases" + "value": "node_modules/@mitre/inspec-objects/node_modules/yaml" } ] }, { "type": "library", - "name": "update-browserslist-db", - "version": "1.0.13", - "bom-ref": "update-browserslist-db@1.0.13", - "author": "Andrey Sitnik", - "description": "CLI tool to update caniuse-lite to refresh target browsers from Browserslist config", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "chalk@4.1.2|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", "licenses": [ { "license": { @@ -60655,30 +143903,30 @@ } } ], - "purl": "pkg:npm/update-browserslist-db@1.0.13", + "purl": "pkg:npm/supports-color@7.2.0", "externalReferences": [ { - "url": "git+https://github.com/browserslist/update-db.git", + "url": "git+https://github.com/chalk/supports-color.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/browserslist/update-db#readme", + "url": "https://github.com/chalk/supports-color#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/browserslist/update-db/issues", + "url": "https://github.com/chalk/supports-color/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c5e6cff3548d70fb8da4f3f7bb3796d4d617c48debc72273177a43eac1f88c4ee8fc85fe5ad4a9c27554faa22c0cfca4d1dde198543b9a3a9ce80b55eb4e216e" + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60687,48 +143935,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/update-browserslist-db" + "value": "node_modules/chalk/node_modules/supports-color" } ] }, { "type": "library", - "name": "escalade", + "name": "minimatch", "version": "3.1.2", - "bom-ref": "escalade@3.1.2", - "author": "Luke Edwards", - "description": "A tiny (183B to 210B) and fast utility to ascend parent directories", + "bom-ref": "glob@7.2.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/escalade@3.1.2", + "purl": "pkg:npm/minimatch@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/lukeed/escalade.git", + "url": "git://github.com/isaacs/minimatch.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/lukeed/escalade#readme", + "url": "https://github.com/isaacs/minimatch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lukeed/escalade/issues", + "url": "https://github.com/isaacs/minimatch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "12b08730269ed7dbd1f2f4067b9d3122c5689b2d7dae0ea016edfeaf78e410ee3ab2e2cc58192cbd5ca81a0415fa339f97ce1948e4a59afe86c5af3d3e64c698" + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60737,47 +143985,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/escalade" + "value": "node_modules/glob/node_modules/minimatch" } ] }, { "type": "library", - "name": "estraverse", - "version": "5.3.0", - "bom-ref": "estraverse@5.3.0", - "description": "ECMAScript JS AST traversal functions", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "glob@7.2.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/estraverse@5.3.0", + "purl": "pkg:npm/brace-expansion@1.1.11", "externalReferences": [ { - "url": "git+ssh://git@github.com/estools/estraverse.git", + "url": "git://github.com/juliangruber/brace-expansion.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/estools/estraverse", + "url": "https://github.com/juliangruber/brace-expansion", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/estools/estraverse/issues", + "url": "https://github.com/juliangruber/brace-expansion/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "30c74046e54443388d4de243f0380caa6870475d41450fdc04ffa92ed61d4939dfdcc20ef1f15e8883446d7dfa65d3657d4ffb03d7f7814c38f41de842cbf004" + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60786,52 +144035,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/estraverse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/glob/node_modules/brace-expansion" } ] }, { "type": "library", - "name": "builtin-modules", - "version": "3.3.0", - "bom-ref": "builtin-modules@3.3.0", - "author": "Sindre Sorhus", - "description": "List of the Node.js builtin modules", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/core@7.24.4|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/builtin-modules@3.3.0", + "purl": "pkg:npm/semver@6.3.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/builtin-modules.git", + "url": "git+https://github.com/npm/node-semver.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/builtin-modules#readme", + "url": "https://github.com/npm/node-semver#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/builtin-modules/issues", + "url": "https://github.com/npm/node-semver/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ce16820e271d2ee58de546cde4832716a34c84d7e8f75f6c1fce72dbf79afb9620f53b1391e671a4bf892dba7a7206054b8b112e9dd85784bac83baa5561d83b" + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60840,21 +144085,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/builtin-modules" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/core/node_modules/semver" } ] }, { "type": "library", - "name": "jsesc", - "version": "3.0.2", - "bom-ref": "jsesc@3.0.2", - "author": "Mathias Bynens", - "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", "licenses": [ { "license": { @@ -60862,30 +144103,30 @@ } } ], - "purl": "pkg:npm/jsesc@3.0.2", + "purl": "pkg:npm/supports-color@7.2.0", "externalReferences": [ { - "url": "git+https://github.com/mathiasbynens/jsesc.git", + "url": "git+https://github.com/chalk/supports-color.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://mths.be/jsesc", + "url": "https://github.com/chalk/supports-color#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mathiasbynens/jsesc/issues", + "url": "https://github.com/chalk/supports-color/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c4aab3cd65c3b6d26e39c6b006de0a9ca1c721fe6843f0b16b1fb43d6146f83143807340762f935c40800c8f91622154326c7cefddb1b0c6db8178f80b09cfe2" + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60894,21 +144135,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jsesc" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/istanbul-lib-report/node_modules/supports-color" } ] }, { "type": "library", - "name": "p-try", - "version": "2.2.0", - "bom-ref": "p-try@2.2.0", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", "author": "Sindre Sorhus", - "description": "`Start a promise chain", + "description": "Detect whether a terminal supports color", "licenses": [ { "license": { @@ -60916,30 +144153,30 @@ } } ], - "purl": "pkg:npm/p-try@2.2.0", + "purl": "pkg:npm/supports-color@7.2.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/p-try.git", + "url": "git+https://github.com/chalk/supports-color.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/p-try#readme", + "url": "https://github.com/chalk/supports-color#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/p-try/issues", + "url": "https://github.com/chalk/supports-color/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75" + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60948,48 +144185,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/p-try" + "value": "node_modules/supports-hyperlinks/node_modules/supports-color" } ] }, { "type": "library", - "name": "path-exists", - "version": "4.0.0", - "bom-ref": "path-exists@4.0.0", - "author": "Sindre Sorhus", - "description": "Check if a path exists", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/path-exists@4.0.0", + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/path-exists.git", + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/path-exists#readme", + "url": "https://istanbul.js.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/path-exists/issues", + "url": "https://github.com/istanbuljs/istanbuljs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6a4f50cb943b8d86f65b071ecb9169be0d8aa0073f64884b48b392066466ca03ec1b091556dd1f65ad2aaed333fa6ead2530077d943c167981e0c1b82d6cbbff" + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -60998,48 +144235,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/path-exists" + "value": "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument" } ] }, { "type": "library", - "name": "read-pkg", - "version": "5.2.0", - "bom-ref": "read-pkg@5.2.0", - "author": "Sindre Sorhus", - "description": "Read a package.json file", + "name": "semver", + "version": "6.3.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/read-pkg@5.2.0", + "purl": "pkg:npm/semver@6.3.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/read-pkg.git", + "url": "git+https://github.com/npm/node-semver.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/read-pkg#readme", + "url": "https://github.com/npm/node-semver#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/read-pkg/issues", + "url": "https://github.com/npm/node-semver/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "520ebd98d3a97ef28301cd90f034693238f376dae7bfd1dc48c5fee15b19c43d5a67a673ac813bae5cd706d593ca150b48c2a0d3be805ba591e626690f42623a" + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -61048,237 +144285,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "normalize-package-data", - "version": "2.5.0", - "bom-ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", - "author": "Meryn Stol", - "description": "Normalizes data that can be found in package.json files.", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/normalize-package-data@2.5.0", - "externalReferences": [ - { - "url": "git://github.com/npm/normalize-package-data.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/normalize-package-data#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/normalize-package-data/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg/node_modules/normalize-package-data" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "hosted-git-info", - "version": "2.8.9", - "bom-ref": "read-pkg@5.2.0|hosted-git-info@2.8.9", - "author": "Rebecca Turner", - "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/hosted-git-info@2.8.9", - "externalReferences": [ - { - "url": "git+https://github.com/npm/hosted-git-info.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/hosted-git-info", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/hosted-git-info/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9b120301bf4bb26e83a0e27bc47fb9f97e32d4b53fe078b9d0bf42e6c22cc0adc9cd42d2e1bc24d45be374182f611e1bcd3e2db944220b5e451367f91db2ef63" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg/node_modules/hosted-git-info" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "semver", - "version": "5.7.2", - "bom-ref": "read-pkg@5.2.0|semver@5.7.2", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/semver@5.7.2", - "externalReferences": [ - { - "url": "git+https://github.com/npm/node-semver.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/node-semver#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/node-semver/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "701ce79d0f4a8c9a94ebb079d91302eb908c6ab2b6eb4d161676e471a8b05aadf1cbfe61685265b21827a63a2f31527e1df7f8f5df06127d1bf3b0b9a43435d2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg/node_modules/semver" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "type-fest", - "version": "0.6.0", - "bom-ref": "read-pkg@5.2.0|type-fest@0.6.0", - "author": "Sindre Sorhus", - "description": "A collection of essential TypeScript types", - "licenses": [ - { - "expression": "(MIT OR CC0-1.0)" - } - ], - "purl": "pkg:npm/type-fest@0.6.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/type-fest.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/type-fest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/type-fest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "abe301f27611d4a0cbae0af81b9c9e99fb69302eff40ba959dd06610476ace6363e5d70538ee0ea3caa5c1913750b4f7f998a6d45f0aab87019e290d86508c96" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg/node_modules/type-fest" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/babel-plugin-istanbul/node_modules/semver" } ] }, { "type": "library", - "name": "normalize-package-data", - "group": "@types", - "version": "2.4.4", - "bom-ref": "@types/normalize-package-data@2.4.4", - "description": "TypeScript definitions for normalize-package-data", + "name": "escape-string-regexp", + "version": "2.0.0", + "bom-ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", "licenses": [ { "license": { @@ -61286,30 +144303,30 @@ } } ], - "purl": "pkg:npm/%40types/normalize-package-data@2.4.4#types/normalize-package-data", + "purl": "pkg:npm/escape-string-regexp@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/normalize-package-data", + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/normalize-package-data", + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dfb8be39a59387da9e2b82d21cfb32442ecd6a19c6a2d36e66f8cb4a070fcdb9691c1debac227100e808e6009d2a6edca289ec697d4e7f420b8937276636dfc4" + "content": "529cdc2c25e895459c36ee47b5530761d5c98c0ae3b05f42d1a367aae658638b96fd5bb49a2cb96285af6d5df8e476ae56f700527a51ba130c72a4dc18e636fb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -61318,52 +144335,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/normalize-package-data" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/stack-utils/node_modules/escape-string-regexp" } ] }, { "type": "library", - "name": "validate-npm-package-license", - "version": "3.0.4", - "bom-ref": "validate-npm-package-license@3.0.4", - "author": "Kyle E. Mitchell", - "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "name": "jsesc", + "version": "2.5.2", + "bom-ref": "@babel/generator@7.24.4|jsesc@2.5.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/validate-npm-package-license@3.0.4", + "purl": "pkg:npm/jsesc@2.5.2", "externalReferences": [ { - "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "url": "git+https://github.com/mathiasbynens/jsesc.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "url": "https://mths.be/jsesc", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "url": "https://github.com/mathiasbynens/jsesc/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", + "url": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13" + "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -61372,51 +144385,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/validate-npm-package-license" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/generator/node_modules/jsesc" } ] }, { "type": "library", - "name": "regjsparser", - "version": "0.10.0", - "bom-ref": "regjsparser@0.10.0", - "author": "'Julian Viereck'", + "name": "globals", + "version": "11.12.0", + "bom-ref": "@babel/traverse@7.24.1|globals@11.12.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/regjsparser@0.10.0", + "purl": "pkg:npm/globals@11.12.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/jviereck/regjsparser.git", + "url": "git+https://github.com/sindresorhus/globals.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jviereck/regjsparser", + "url": "https://github.com/sindresorhus/globals#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jviereck/regjsparser/issues", + "url": "https://github.com/sindresorhus/globals/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", + "url": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ab1fb1406655b32e79087d1ad61895c079aa8cbaf27e1ef04321791ced3b5c9f5fedd40c63f80f407865c83908cc9282fb1d9f502a42714383514505ae6ed21c" + "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -61425,109 +144435,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/regjsparser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "jsesc", - "version": "0.5.0", - "bom-ref": "regjsparser@0.10.0|jsesc@0.5.0", - "author": "Mathias Bynens", - "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "http://mths.be/mit" - } - } - ], - "purl": "pkg:npm/jsesc@0.5.0", - "externalReferences": [ - { - "url": "git+https://github.com/mathiasbynens/jsesc.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "http://mths.be/jsesc", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mathiasbynens/jsesc/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b99cf952707bbb84fd2efc2616a5e28bba594a8b9a44fa2b1ace70868d48a7b54ed30c5a9c5bc12fb1a433a7531e5817fa384102945eb5a5a99c369b39e4dc9c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/regjsparser/node_modules/jsesc" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/@babel/traverse/node_modules/globals" } ] }, { "type": "library", - "name": "strip-indent", - "version": "3.0.0", - "bom-ref": "strip-indent@3.0.0", - "author": "Sindre Sorhus", - "description": "Strip leading whitespace from each line in a string", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "yargs@17.7.2|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/strip-indent@3.0.0", + "purl": "pkg:npm/yargs-parser@21.1.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/strip-indent.git", + "url": "git+https://github.com/yargs/yargs-parser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/strip-indent#readme", + "url": "https://github.com/yargs/yargs-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/strip-indent/issues", + "url": "https://github.com/yargs/yargs-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "95a2536b725bf95429682e83b1e1e117b75756a1d37c93c24436846e277f76b3a1822b60624bbf95eb4c52a397168595d3320851b8e9747dadfad623e1b40c45" + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -61536,52 +144485,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/strip-indent" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/yargs/node_modules/yargs-parser" } ] }, { "type": "library", - "name": "min-indent", - "version": "1.0.1", - "bom-ref": "min-indent@1.0.1", - "author": "James Kyle", - "description": "Get the shortest leading whitespace from lines in a string", + "name": "glob", + "version": "10.3.12", + "bom-ref": "js-beautify@1.15.1|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/min-indent@1.0.1", + "purl": "pkg:npm/glob@10.3.12", "externalReferences": [ { - "url": "git+https://github.com/thejameskyle/min-indent.git", + "url": "git://github.com/isaacs/node-glob.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/thejameskyle/min-indent#readme", + "url": "https://github.com/isaacs/node-glob#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thejameskyle/min-indent/issues", + "url": "https://github.com/isaacs/node-glob/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "23d8f0327d3b4b2fc8c0e8f7cd59158a4d894ef8296b29036448a02fa471e8df4b6cccb0c1448cb71113fbb955a032cb7773b7217c09c2fbae9ecf1407f1de02" + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -61590,52 +144535,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/min-indent" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/js-beautify/node_modules/glob" } ] }, { "type": "library", - "name": "js", - "group": "@eslint", - "version": "8.57.0", - "bom-ref": "@eslint/js@8.57.0", - "description": "ESLint JavaScript language implementation", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "js-beautify@1.15.1|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40eslint/js@8.57.0#packages/js", + "purl": "pkg:npm/minipass@7.0.4", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint.git#packages/js", + "url": "git+https://github.com/isaacs/minipass.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://eslint.org", + "url": "https://github.com/isaacs/minipass#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint/issues/", + "url": "https://github.com/isaacs/minipass/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "62cfb78364da5bb8000ce2733edf37489b420e13239dd703305550fd38fd880d417c9cc5283f660145d3dce7a7a6e3c76c8e8ffe6c840b1449ae87d4b03c7fe6" + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -61644,53 +144585,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@eslint/js" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/js-beautify/node_modules/minipass" } ] }, { "type": "library", - "name": "config-array", - "group": "@humanwhocodes", - "version": "0.11.14", - "bom-ref": "@humanwhocodes/config-array@0.11.14", - "author": "Nicholas C. Zakas", - "description": "Glob-based configuration matching.", + "name": "minimatch", + "version": "9.0.1", + "bom-ref": "editorconfig@1.0.4|minimatch@9.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/%40humanwhocodes/config-array@0.11.14", + "purl": "pkg:npm/minimatch@9.0.1", "externalReferences": [ { - "url": "git+https://github.com/humanwhocodes/config-array.git", + "url": "git://github.com/isaacs/minimatch.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/humanwhocodes/config-array#readme", + "url": "https://github.com/isaacs/minimatch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/humanwhocodes/config-array/issues", + "url": "https://github.com/isaacs/minimatch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dd3f0b90e9a0e39055e452026f5e5040cb325125ab43c0328157c2ed91b7db339a967aab8a59b4d7c6550b0d1e6a95eec7c16d037deaf0f4914acb6379ede34a" + "content": "d235a12690ff31d84f5f03ee8919026df61f48aa76aa79f678e736efda88edffa8b25fe5fa9aca4abbe1835e7bcd262fc7fd679a09f636a753ea4d99ef3487f7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -61699,163 +144635,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@humanwhocodes/config-array" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minimatch@3.1.2", - "externalReferences": [ - { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@humanwhocodes/config-array/node_modules/minimatch" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/brace-expansion@1.1.11", - "externalReferences": [ - { - "url": "git://github.com/juliangruber/brace-expansion.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/editorconfig/node_modules/minimatch" } ] }, { "type": "library", - "name": "object-schema", - "group": "@humanwhocodes", - "version": "2.0.3", - "bom-ref": "@humanwhocodes/object-schema@2.0.3", - "author": "Nicholas C. Zakas", - "description": "An object schema merger/validator", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/core@3.26.9|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", + "purl": "pkg:npm/debug@4.3.5", "externalReferences": [ { - "url": "git+https://github.com/humanwhocodes/object-schema.git", + "url": "git://github.com/debug-js/debug.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/humanwhocodes/object-schema#readme", + "url": "https://github.com/debug-js/debug#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/humanwhocodes/object-schema/issues", + "url": "https://github.com/debug-js/debug/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f77cd874c112fdcd43ebdc9988a0c18f4576e2fa8dcc1fe4a05dba28f69a8007dddcfff8814961dc3cace688002be1318bd432ce50fcc7fd3c66def020a70370" + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -61864,53 +144685,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@humanwhocodes/object-schema" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@oclif/core/node_modules/debug" } ] }, { "type": "library", - "name": "module-importer", - "group": "@humanwhocodes", - "version": "1.0.1", - "bom-ref": "@humanwhocodes/module-importer@1.0.1", - "author": "Nicholas C. Zaks", - "description": "Universal module importer for Node.js", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/core@3.26.9|ms@2.1.2", + "description": "Tiny millisecond conversion utility", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", + "purl": "pkg:npm/ms@2.1.2", "externalReferences": [ { - "url": "git+https://github.com/humanwhocodes/module-importer.git", + "url": "git+https://github.com/zeit/ms.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/humanwhocodes/module-importer#readme", + "url": "https://github.com/zeit/ms#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/humanwhocodes/module-importer/issues", + "url": "https://github.com/zeit/ms/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6f1bde57857cbf961be277054d3deb3d281904ea429237cad32e28555549c08b8354144c0d7acfc9744bf7cf22e5aa7d9bd6e7c8412359f9b95a4066b5f7cb7c" + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -61919,21 +144734,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@humanwhocodes/module-importer" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@oclif/core/node_modules/ms" } ] }, { "type": "library", - "name": "fs.scandir", - "group": "@nodelib", - "version": "2.1.5", - "bom-ref": "@nodelib/fs.scandir@2.1.5", - "description": "List files and directories inside the specified directory", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", "licenses": [ { "license": { @@ -61941,30 +144752,30 @@ } } ], - "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5#master", + "purl": "pkg:npm/js-yaml@3.14.1", "externalReferences": [ { - "url": "git+https://github.com/nodelib/nodelib.git#master", + "url": "git+https://github.com/nodeca/js-yaml.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "url": "https://github.com/nodeca/js-yaml", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodelib/nodelib/issues", + "url": "https://github.com/nodeca/js-yaml/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "beadb806adf29b91c4426d8d282af7c970f08dceef4ec1138510e7929d832bda75baa2d1f831eeae6fcd393a34286ec760753b7a9a4a663dcccaa62e3017fada" + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -61973,17 +144784,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@nodelib/fs.scandir" + "value": "node_modules/@oclif/core/node_modules/js-yaml" } ] }, { "type": "library", - "name": "run-parallel", - "version": "1.2.0", - "bom-ref": "run-parallel@1.2.0", - "author": "Feross Aboukhadijeh", - "description": "Run an array of functions in parallel", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@oclif/core@3.26.9|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", "licenses": [ { "license": { @@ -61991,30 +144801,30 @@ } } ], - "purl": "pkg:npm/run-parallel@1.2.0", + "purl": "pkg:npm/argparse@1.0.10", "externalReferences": [ { - "url": "git://github.com/feross/run-parallel.git", + "url": "git+https://github.com/nodeca/argparse.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/feross/run-parallel", + "url": "https://github.com/nodeca/argparse#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/feross/run-parallel/issues", + "url": "https://github.com/nodeca/argparse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e65e15c9947ce8b67f943c594d1ea3a8bf00144d92d0814b30fdba01b8ec2d5003c4776107f734194b07fb2dfd51f0a2dddcf3f0e950b8f9a768938ca031d004" + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62023,48 +144833,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/run-parallel" + "value": "node_modules/@oclif/core/node_modules/argparse" } ] }, { "type": "library", - "name": "queue-microtask", - "version": "1.2.3", - "bom-ref": "queue-microtask@1.2.3", - "author": "Feross Aboukhadijeh", - "description": "fast, tiny `queueMicrotask` shim for modern engines", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@oclif/core@3.26.9|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/queue-microtask@1.2.3", + "purl": "pkg:npm/sprintf-js@1.0.3", "externalReferences": [ { - "url": "git://github.com/feross/queue-microtask.git", + "url": "git+https://github.com/alexei/sprintf.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/feross/queue-microtask", + "url": "https://github.com/alexei/sprintf.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/feross/queue-microtask/issues", + "url": "https://github.com/alexei/sprintf.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "36e68d49ae9f94a4f925a498433268934e09cd32f5080e9a1a1bf9adf2d6dcf82a03e3360a1a59427002f21f22e19164052f17e51aa40c11c0eebe217a3dcaf4" + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62073,48 +144883,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/queue-microtask" + "value": "node_modules/@oclif/core/node_modules/sprintf-js" } ] }, { "type": "library", - "name": "fastq", - "version": "1.17.1", - "bom-ref": "fastq@1.17.1", - "author": "Matteo Collina", - "description": "Fast, in memory work queue", + "name": "is-arrayish", + "version": "0.3.2", + "bom-ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2", + "author": "Qix", + "description": "Determines if an object can be used as an array", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/fastq@1.17.1", + "purl": "pkg:npm/is-arrayish@0.3.2", "externalReferences": [ { - "url": "git+https://github.com/mcollina/fastq.git", + "url": "git+https://github.com/qix-/node-is-arrayish.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mcollina/fastq#readme", + "url": "https://github.com/qix-/node-is-arrayish#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mcollina/fastq/issues", + "url": "https://github.com/qix-/node-is-arrayish/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b11543de55952175a0e81cbaf1937bbe1a3d6b5a5070dfd604568002c0c31739498efa06c743fccfb575b7bda0ac525f261bb760f641baedb97fb29ac368cdd7" + "content": "79546a0af56565bbb0dc6acceb7a2f352340780d4ad7a91a47f2d163ff76c34cf1439ff5633c1b9545fae768b85ecf51c001a35bd77dcba5fcf2df0e68025f59" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62123,48 +144933,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fastq" + "value": "node_modules/simple-swizzle/node_modules/is-arrayish" } ] }, { "type": "library", - "name": "reusify", - "version": "1.0.4", - "bom-ref": "reusify@1.0.4", - "author": "Matteo Collina", - "description": "Reuse objects and functions with style", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "jake@10.8.7|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/reusify@1.0.4", + "purl": "pkg:npm/minimatch@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/mcollina/reusify.git", + "url": "git://github.com/isaacs/minimatch.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mcollina/reusify#readme", + "url": "https://github.com/isaacs/minimatch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mcollina/reusify/issues", + "url": "https://github.com/isaacs/minimatch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "53d9c7f3c6b77dcfde902175974fd43f5228b22b888f24e1ee106f5d530762055c7c6bedf3ded782e8f650e2c3788e411b69bbfeec3268b553e9f6ed0b04f2cf" + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62173,49 +144983,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/reusify" + "value": "node_modules/jake/node_modules/minimatch" } ] }, { "type": "library", - "name": "structured-clone", - "group": "@ungap", - "version": "1.2.0", - "bom-ref": "@ungap/structured-clone@1.2.0", - "author": "Andrea Giammarchi", - "description": "A structuredClone polyfill", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "jake@10.8.7|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40ungap/structured-clone@1.2.0", + "purl": "pkg:npm/brace-expansion@1.1.11", "externalReferences": [ { - "url": "git+https://github.com/ungap/structured-clone.git", + "url": "git://github.com/juliangruber/brace-expansion.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ungap/structured-clone#readme", + "url": "https://github.com/juliangruber/brace-expansion", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ungap/structured-clone/issues", + "url": "https://github.com/juliangruber/brace-expansion/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cee55d16b3098ae083414302cd0683e8a2f6f0c8e7aaa37c5e702a884abd3cd9bf8423d34867eb5c239fc23d68c382c56ffb4dca624fc2c35b55e3dcd7116aad" + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62224,52 +145033,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@ungap/structured-clone" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/jake/node_modules/brace-expansion" } ] }, { "type": "library", - "name": "path-key", - "version": "3.1.1", - "bom-ref": "path-key@3.1.1", - "author": "Sindre Sorhus", - "description": "Get the PATH environment variable key cross-platform", + "name": "minimatch", + "version": "5.1.6", + "bom-ref": "filelist@1.0.4|minimatch@5.1.6", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/path-key@3.1.1", + "purl": "pkg:npm/minimatch@5.1.6", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/path-key.git", + "url": "git://github.com/isaacs/minimatch.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/path-key#readme", + "url": "https://github.com/isaacs/minimatch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/path-key/issues", + "url": "https://github.com/isaacs/minimatch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9" + "content": "94ac15ff56eba46ea6054147b5becd526b400426f65996669b6c0d88e0398406fc55d092e01dddb4c5b2bdca1589c730016fc23844635cbb74ccfd735d4376ea" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62278,17 +145083,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/path-key" + "value": "node_modules/filelist/node_modules/minimatch" } ] }, { "type": "library", - "name": "shebang-command", - "version": "2.0.0", - "bom-ref": "shebang-command@2.0.0", - "author": "Kevin Mårtensson", - "description": "Get the command from a shebang", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.13", + "bom-ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "author": "Salesforce", + "description": "base library for oclif CLIs", "licenses": [ { "license": { @@ -62296,30 +145102,30 @@ } } ], - "purl": "pkg:npm/shebang-command@2.0.0", + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.13", "externalReferences": [ { - "url": "git+https://github.com/kevva/shebang-command.git", + "url": "git+https://github.com/oclif/core.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kevva/shebang-command#readme", + "url": "https://github.com/oclif/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kevva/shebang-command/issues", + "url": "https://github.com/oclif/core/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.13.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c" + "content": "ba0f02654089a6181eb5265581de07420c9ec256151861b52c87855c6c63818b2367f7f92379d20a3ef1a403040ea8d50ff970992ba3b55c1aeedbc480b1880b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62328,17 +145134,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/shebang-command" + "value": "node_modules/@oclif/plugin-help/node_modules/@oclif/core" } ] }, { "type": "library", - "name": "shebang-regex", - "version": "3.0.0", - "bom-ref": "shebang-regex@3.0.0", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0", "author": "Sindre Sorhus", - "description": "Regular expression for matching a shebang line", + "description": "Detect whether a terminal supports color", "licenses": [ { "license": { @@ -62346,30 +145152,30 @@ } } ], - "purl": "pkg:npm/shebang-regex@3.0.0", + "purl": "pkg:npm/supports-color@9.4.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "url": "git+https://github.com/chalk/supports-color.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/shebang-regex#readme", + "url": "https://github.com/chalk/supports-color#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/shebang-regex/issues", + "url": "https://github.com/chalk/supports-color/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "url": "https://registry.npmjs.org/supports-color/-/supports-color-9.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4" + "content": "54bfa536b128217c30d5ca0b3ce9a21262bfd2c1a2824a3908ec48d3d2b31dcd9525726c437ed4690fbcaaebb18c3780efe2a72c64d647239748b2d1d966f88f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62378,48 +145184,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/shebang-regex" + "value": "node_modules/@oclif/plugin-help/node_modules/supports-color" } ] }, { "type": "library", - "name": "which", - "version": "2.0.2", - "bom-ref": "which@2.0.2", - "author": "Isaac Z. Schlueter", - "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "name": "ms", + "version": "2.1.2", + "bom-ref": "debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/which@2.0.2", + "purl": "pkg:npm/ms@2.1.2", "externalReferences": [ { - "url": "git://github.com/isaacs/node-which.git", + "url": "git+https://github.com/zeit/ms.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-which#readme", + "url": "https://github.com/zeit/ms#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-which/issues", + "url": "https://github.com/zeit/ms/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c" + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62428,48 +145233,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/which" + "value": "node_modules/debug/node_modules/ms" } ] }, { "type": "library", - "name": "isexe", - "version": "2.0.0", - "bom-ref": "isexe@2.0.0", - "author": "Isaac Z. Schlueter", - "description": "Minimal module to check if a file is executable.", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/isexe@2.0.0", + "purl": "pkg:npm/%40oclif/core@4.0.1", "externalReferences": [ { - "url": "git+https://github.com/isaacs/isexe.git", + "url": "git+https://github.com/oclif/core.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/isexe#readme", + "url": "https://github.com/oclif/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/isexe/issues", + "url": "https://github.com/oclif/core/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "447c4c2e9f659ca1c61d19e0f5016144231b600715a67ebdb2648672addfdfac638155564e18f8aaa2db4cb96aed2b23f01f9f210d44b8210623694ab3241e23" + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62478,47 +145284,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/isexe" + "value": "node_modules/@oclif/plugin-plugins/node_modules/@oclif/core" } ] }, { "type": "library", - "name": "eslint-scope", - "version": "7.2.2", - "bom-ref": "eslint-scope@7.2.2", - "description": "ECMAScript scope analyzer for ESLint", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/eslint-scope@7.2.2", + "purl": "pkg:npm/debug@4.3.5", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-scope.git", + "url": "git://github.com/debug-js/debug.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://github.com/eslint/eslint-scope", + "url": "https://github.com/debug-js/debug#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-scope/issues", + "url": "https://github.com/debug-js/debug/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "74eb76d4eee54cc84333e5fd981e065fe0d9ad9b425093cbff095c4eac72af1e48bced0862d20b76dad0190a7ef27e52d20c1256639ff4d42b8cc3a07d066522" + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62527,20 +145334,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-scope" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@oclif/plugin-plugins/node_modules/debug" } ] }, { "type": "library", - "name": "acorn", - "version": "8.11.3", - "bom-ref": "acorn@8.11.3", - "description": "ECMAScript parser", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", "licenses": [ { "license": { @@ -62548,30 +145351,30 @@ } } ], - "purl": "pkg:npm/acorn@8.11.3", + "purl": "pkg:npm/ms@2.1.2", "externalReferences": [ { - "url": "git+https://github.com/acornjs/acorn.git", + "url": "git+https://github.com/zeit/ms.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/acornjs/acorn", + "url": "https://github.com/zeit/ms#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/acornjs/acorn/issues", + "url": "https://github.com/zeit/ms/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "63dad17c91b98dc28e13408b8ac61ba2352322b20413b00633303f4a6e01b2500d85b4be70332980175c3d3f75a09eceb89f61609071e7d4636e1c559eb17c5e" + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62580,48 +145383,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/acorn" + "value": "node_modules/@oclif/plugin-plugins/node_modules/ms" } ] }, { "type": "library", - "name": "flat-cache", - "version": "3.2.0", - "bom-ref": "flat-cache@3.2.0", - "author": "Jared Wray", - "description": "A stupidly simple key/value storage using files to persist some data", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/flat-cache@3.2.0", + "purl": "pkg:npm/npm-package-arg@11.0.2", "externalReferences": [ { - "url": "git+https://github.com/jaredwray/flat-cache.git", + "url": "git+https://github.com/npm/npm-package-arg.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jaredwray/flat-cache#readme", + "url": "https://github.com/npm/npm-package-arg", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jaredwray/flat-cache/issues", + "url": "https://github.com/npm/npm-package-arg/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", + "url": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "09870435af85b5c50a2e6861ab272da5c96cabb405dfca4a8d91ec18d892405e6be05b6828359a6c50e5de1cda11032f4f52c7132b30e6dc202efa5861be2f6f" + "content": "206374200c26843270cb5dd673c93ee0f11b4cf86926732d7d1e7765b3b28e4be611c2d2e270b0a7a9af3168d2e6c5237a25b79a9c7a7079ae84a12ef5799c43" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62630,21 +145433,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/flat-cache" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-package-arg" } ] }, { "type": "library", - "name": "flatted", - "version": "3.3.1", - "bom-ref": "flatted@3.3.1", - "author": "Andrea Giammarchi", - "description": "A super light and fast circular JSON parser.", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", "licenses": [ { "license": { @@ -62652,30 +145451,30 @@ } } ], - "purl": "pkg:npm/flatted@3.3.1", + "purl": "pkg:npm/proc-log@4.2.0", "externalReferences": [ { - "url": "git+https://github.com/WebReflection/flatted.git", + "url": "git+https://github.com/npm/proc-log.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/WebReflection/flatted#readme", + "url": "https://github.com/npm/proc-log#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/WebReflection/flatted/issues", + "url": "https://github.com/npm/proc-log/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", + "url": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5fc72a30b2e27bb2ac3540d277378df0560af6b12de03b7aeceb06fc33469d84d20c11b8b850091419d47a257ecc2540bf0172e7a22333db07e758d568484dc7" + "content": "83cf8e9d4fcbdaffb0ca254af83e5f037e09ec41fc8d9f030e5bf085108cc66323ed4081bf188ed6619e37edfa25720a178cdebd4e2444177c955806f6f2de94" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62684,21 +145483,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/flatted" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@oclif/plugin-plugins/node_modules/proc-log" } ] }, { "type": "library", - "name": "keyv", - "version": "4.5.4", - "bom-ref": "keyv@4.5.4", - "author": "Jared Wray", - "description": "Simple key-value storage with support for multiple backends", + "name": "npm-run-path", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", "licenses": [ { "license": { @@ -62706,30 +145501,30 @@ } } ], - "purl": "pkg:npm/keyv@4.5.4", + "purl": "pkg:npm/npm-run-path@5.3.0", "externalReferences": [ { - "url": "git+https://github.com/jaredwray/keyv.git", + "url": "git+https://github.com/sindresorhus/npm-run-path.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jaredwray/keyv", + "url": "https://github.com/sindresorhus/npm-run-path#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jaredwray/keyv/issues", + "url": "https://github.com/sindresorhus/npm-run-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a3154790747f1097f608d5e75b144b5ba9a0ec9c82094706d03b441a62f672d528d4f3538a7d4f52297eafffb8af93295600bf7e7d648ecc7b9a34ae8caa88a7" + "content": "a69c13b62259ab43bf6a2d33ef27ee76d069588a3133cc84ea71e2d57e3b785476116391a9f6eee829cf94db2378debcdde4f4a86e87fcfc9ff5f09cbe39e79d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62738,52 +145533,54 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/keyv" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path" } ] }, { "type": "library", - "name": "json-buffer", - "version": "3.0.1", - "bom-ref": "json-buffer@3.0.1", - "author": "Dominic Tarr", - "description": "JSON parse & stringify that supports binary via bops & base64", + "name": "object-treeify", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", "licenses": [ { "license": { "id": "MIT" } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } } ], - "purl": "pkg:npm/json-buffer@3.0.1", + "purl": "pkg:npm/object-treeify@4.0.1", "externalReferences": [ { - "url": "git://github.com/dominictarr/json-buffer.git", + "url": "git+https://github.com/blackflux/object-treeify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/dominictarr/json-buffer", + "url": "https://github.com/blackflux/object-treeify#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dominictarr/json-buffer/issues", + "url": "https://github.com/blackflux/object-treeify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-4.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e1b57905f4769aa7d04c99be579b4f3dd7fe669ba1888bd3b8007983c91cad7399a534ff430c15456072c17d68cebea512e3dd6c7c70689966f46ea6236b1f49" + "content": "63ab60e6b1dfb1e7d291f2ae8efd92c07ba522744ecbfac22f9178c3440e5b1badf009f16317f46263614e1f7965fcb1a6cb9da3aeaeaa4bb1d000859f231281" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62792,52 +145589,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-buffer" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@oclif/plugin-plugins/node_modules/object-treeify" } ] }, { "type": "library", - "name": "find-up", - "version": "5.0.0", - "bom-ref": "find-up@5.0.0", - "author": "Sindre Sorhus", - "description": "Find a file or directory by walking up parent directories", + "name": "which", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/find-up@5.0.0", + "purl": "pkg:npm/which@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/find-up.git", + "url": "git+https://github.com/npm/node-which.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/find-up#readme", + "url": "https://github.com/npm/node-which#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/find-up/issues", + "url": "https://github.com/npm/node-which/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "url": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "efcfcf5d3d7094b2c3813cc3b3bb23abd873cf4bd70fece7fbbc32a447b87d74310a6766a9f1ac10f4319a2092408dda8c557dd5b552b2f36dac94625ba9c69e" + "content": "1a5698c846f4ec33f16022a12b3a65096049b6fc5971932b2fee1492b4d22471cfc99538998613bf7a9a39eefb1fb10e0cb492a2901414073a5bc538caabec72" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62846,52 +145639,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/find-up" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@oclif/plugin-plugins/node_modules/which" } ] }, { "type": "library", - "name": "locate-path", - "version": "6.0.0", - "bom-ref": "locate-path@6.0.0", - "author": "Sindre Sorhus", - "description": "Get the first path that exists on disk of multiple paths", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/locate-path@6.0.0", + "purl": "pkg:npm/isexe@3.1.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/locate-path.git", + "url": "git+https://github.com/isaacs/isexe.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/locate-path#readme", + "url": "https://github.com/isaacs/isexe#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/locate-path/issues", + "url": "https://github.com/isaacs/isexe/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "url": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "88f64ae9e6236f146edee078fd667712c10830914ca80a28a65dd1fb3baad148dc026fcc3ba282c1e0e03df3f77a54f3b6828fdcab67547c539f63470520d553" + "content": "2e907fe7807eff627986a43b8a66477dd537d4e96042ac7b6627159649bd93383dff0f0628b11c15f265fedec30840ee78ec81003eb3082c133ba173b3436811" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62900,52 +145689,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/locate-path" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@oclif/plugin-plugins/node_modules/isexe" } ] }, { "type": "library", - "name": "p-locate", - "version": "5.0.0", - "bom-ref": "p-locate@5.0.0", - "author": "Sindre Sorhus", - "description": "Get the first fulfilled promise that satisfies the provided testing function", + "name": "yarn", + "version": "1.22.22", + "bom-ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22", + "description": "📦🐈 Fast, reliable, and secure dependency management.", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/p-locate@5.0.0", + "purl": "pkg:npm/yarn@1.22.22", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/p-locate.git", + "url": "git+https://github.com/yarnpkg/yarn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/p-locate#readme", + "url": "https://github.com/yarnpkg/yarn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/p-locate/issues", + "url": "https://github.com/yarnpkg/yarn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "url": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2da363b51594058fbecc1e6713f37071aa0cca548f93e4be647341d53cdd6cc24c9f2e9dca7a401aded7fed97f418ab74c8784ea7c47a696e8d8b1b29ab1b93f" + "content": "a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -62954,52 +145738,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/p-locate" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@oclif/plugin-plugins/node_modules/yarn" } ] }, { "type": "library", - "name": "is-extglob", - "version": "2.1.1", - "bom-ref": "is-extglob@2.1.1", - "author": "Jon Schlinkert", - "description": "Returns true if a string has an extglob.", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "hosted-git-info@7.0.2|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/is-extglob@2.1.1", + "purl": "pkg:npm/lru-cache@10.2.2", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/is-extglob.git", + "url": "git://github.com/isaacs/node-lru-cache.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/is-extglob", + "url": "https://github.com/isaacs/node-lru-cache#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/is-extglob/issues", + "url": "https://github.com/isaacs/node-lru-cache/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + "content": "f61a77569dbf845414888c0aa3c5c2785567ae0f0f9374d834f211eed2400ca8b961f705eef11a2bb6af1474e54b2de438a61a25069a95f128e98b9775c78139" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -63008,484 +145788,410 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-extglob" + "value": "node_modules/hosted-git-info/node_modules/lru-cache" } ] }, { "type": "library", - "name": "is-path-inside", - "version": "3.0.3", - "bom-ref": "is-path-inside@3.0.3", - "author": "Sindre Sorhus", - "description": "Check if a path is inside another path", + "name": "string-locale-compare", + "group": "@isaacs", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "author": "Isaac Z. Schlueter", + "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/is-path-inside@3.0.3", + "purl": "pkg:npm/%40isaacs/string-locale-compare@1.1.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/string-locale-compare.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-path-inside.git", + "url": "git+https://github.com/isaacs/string-locale-compare.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-path-inside#readme", + "url": "https://github.com/isaacs/string-locale-compare#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-path-inside/issues", + "url": "https://github.com/isaacs/string-locale-compare/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "15de200016fec9c18098aa2ef1e31fb42ba94a2af9951c6a7f8683fef774703daa7381cbd3b3a309eb8732bf11a380a831a782283074fc40813955a34f052f3d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-path-inside" + "value": "node_modules/npm/node_modules/@isaacs/string-locale-compare" }, { - "name": "cdx:npm:package:development", + "name": "cdx:npm:package:bundled", "value": "true" } ] }, { "type": "library", - "name": "prelude-ls", - "version": "1.2.1", - "bom-ref": "prelude-ls@1.2.1", - "author": "George Zahariev", - "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", + "name": "arborist", + "group": "@npmcli", + "version": "7.5.2", + "bom-ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "author": "GitHub Inc.", + "description": "Manage node_modules trees", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/prelude-ls@1.2.1", + "purl": "pkg:npm/%40npmcli/arborist@7.5.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/arborist", "externalReferences": [ { - "url": "git://github.com/gkz/prelude-ls.git", + "url": "git+https://github.com/npm/cli.git#workspaces/arborist", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "http://preludels.com", + "url": "https://github.com/npm/cli#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/gkz/prelude-ls/issues", + "url": "https://github.com/npm/cli/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "be47033eb459a354192db9f944b18fa60fd698843ae6aa165a170629ffdbe5ea659246ab5f49bdcfca6909ab789a53aa52c5a9c8db9880edd5472ad81d2cd7e6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/prelude-ls" + "value": "node_modules/npm/node_modules/@npmcli/arborist" }, { - "name": "cdx:npm:package:development", + "name": "cdx:npm:package:bundled", "value": "true" } ] }, { "type": "library", - "name": "type-check", - "version": "0.4.0", - "bom-ref": "type-check@0.4.0", - "author": "George Zahariev", - "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", + "name": "fs", + "group": "@npmcli", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "author": "GitHub Inc.", + "description": "filesystem utilities for the npm cli", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/type-check@0.4.0", + "purl": "pkg:npm/%40npmcli/fs@3.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/fs.git", "externalReferences": [ { - "url": "git://github.com/gkz/type-check.git", + "url": "git+https://github.com/npm/fs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/gkz/type-check", + "url": "https://github.com/npm/fs#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/gkz/type-check/issues", + "url": "https://github.com/npm/fs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e5794a1cf6ec065ea8d6c176944d9026ccc705679f39f10036befc7552be7121c8b15c83fef0b9c50e0469954df4bacead7aa765b2415fbbe69ee0aefd3a87b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/type-check" + "value": "node_modules/npm/node_modules/@npmcli/fs" }, { - "name": "cdx:npm:package:development", + "name": "cdx:npm:package:bundled", "value": "true" } ] }, { "type": "library", - "name": "word-wrap", - "group": "@aashutoshrathi", - "version": "1.2.6", - "bom-ref": "@aashutoshrathi/word-wrap@1.2.6", - "author": "Jon Schlinkert", - "description": "Wrap words to a specified length.", + "name": "installed-package-contents", + "group": "@npmcli", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "author": "GitHub Inc.", + "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6", + "purl": "pkg:npm/%40npmcli/installed-package-contents@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/installed-package-contents.git", "externalReferences": [ { - "url": "git+https://github.com/aashutoshrathi/word-wrap.git", + "url": "git+https://github.com/npm/installed-package-contents.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aashutoshrathi/word-wrap", + "url": "https://github.com/npm/installed-package-contents#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aashutoshrathi/word-wrap/issues", + "url": "https://github.com/npm/installed-package-contents/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d588ecd92bccf137e5111fce0f770e8e15963996f9f00dadef0a44d92f577c161388897e5c58501b66e3cb83eed48f8402508d533443603745c056142af5dc20" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aashutoshrathi/word-wrap" + "value": "node_modules/npm/node_modules/@npmcli/installed-package-contents" }, { - "name": "cdx:npm:package:development", + "name": "cdx:npm:package:bundled", "value": "true" } ] }, { "type": "library", - "name": "deep-is", - "version": "0.1.4", - "bom-ref": "deep-is@0.1.4", - "author": "Thorsten Lorenz", - "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN", + "name": "npm-bundled", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-bundled@3.0.1", + "author": "GitHub Inc.", + "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/deep-is@0.1.4", + "purl": "pkg:npm/npm-bundled@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-bundled.git", "externalReferences": [ { - "url": "git+ssh://git@github.com/thlorenz/deep-is.git", + "url": "git+https://github.com/npm/npm-bundled.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/thlorenz/deep-is#readme", + "url": "https://github.com/npm/npm-bundled#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thlorenz/deep-is/issues", + "url": "https://github.com/npm/npm-bundled/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a083f392c993838fccae289a6063bea245c34fbced9ffc37129b6fffe81221d31d2ac268d2ee027d834524fcbee1228cb82a86c36c319c0f9444c837b7c6bf6d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/deep-is" + "value": "node_modules/npm/node_modules/npm-bundled" }, { - "name": "cdx:npm:package:development", + "name": "cdx:npm:package:bundled", "value": "true" } ] }, { "type": "library", - "name": "accepts", - "version": "1.3.8", - "bom-ref": "accepts@1.3.8", - "description": "Higher-level content negotiation", + "name": "npm-normalize-package-bin", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "author": "GitHub Inc.", + "description": "Turn any flavor of allowable package.json bin into a normalized object", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/accepts@1.3.8", + "purl": "pkg:npm/npm-normalize-package-bin@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-normalize-package-bin.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/accepts.git", + "url": "git+https://github.com/npm/npm-normalize-package-bin.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/accepts#readme", + "url": "https://github.com/npm/npm-normalize-package-bin#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/accepts/issues", + "url": "https://github.com/npm/npm-normalize-package-bin/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/accepts" + "value": "node_modules/npm/node_modules/npm-normalize-package-bin" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "mime-types", - "version": "2.1.35", - "bom-ref": "mime-types@2.1.35", - "description": "The ultimate javascript content-type utility.", + "name": "map-workspaces", + "group": "@npmcli", + "version": "3.0.6", + "bom-ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "author": "GitHub Inc.", + "description": "Retrieves a name:pathname Map for a given workspaces config", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/mime-types@2.1.35", + "purl": "pkg:npm/%40npmcli/map-workspaces@3.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/map-workspaces.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/mime-types.git", + "url": "git+https://github.com/npm/map-workspaces.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/mime-types#readme", + "url": "https://github.com/npm/map-workspaces#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/mime-types/issues", + "url": "https://github.com/npm/map-workspaces/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mime-types" + "value": "node_modules/npm/node_modules/@npmcli/map-workspaces" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "negotiator", - "version": "0.6.3", - "bom-ref": "negotiator@0.6.3", - "description": "HTTP content negotiation", + "name": "metavuln-calculator", + "group": "@npmcli", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "author": "GitHub Inc.", + "description": "Calculate meta-vulnerabilities from package security advisories", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/negotiator@0.6.3", + "purl": "pkg:npm/%40npmcli/metavuln-calculator@7.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/metavuln-calculator.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/negotiator.git", + "url": "git+https://github.com/npm/metavuln-calculator.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/negotiator#readme", + "url": "https://github.com/npm/metavuln-calculator#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/negotiator/issues", + "url": "https://github.com/npm/metavuln-calculator/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/negotiator" + "value": "node_modules/npm/node_modules/@npmcli/metavuln-calculator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "array-flatten", - "version": "1.1.1", - "bom-ref": "array-flatten@1.1.1", - "author": "Blake Embrey", - "description": "Flatten an array of nested arrays into a single flat array", + "name": "cacache", + "version": "18.0.3", + "bom-ref": "npm@10.8.0|cacache@18.0.3", + "author": "GitHub Inc.", + "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/array-flatten@1.1.1", + "purl": "pkg:npm/cacache@18.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cacache.git", "externalReferences": [ { - "url": "git://github.com/blakeembrey/array-flatten.git", + "url": "git+https://github.com/npm/cacache.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/array-flatten", + "url": "https://github.com/npm/cacache#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/array-flatten/issues", + "url": "https://github.com/npm/cacache/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/array-flatten" + "value": "node_modules/npm/node_modules/cacache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "body-parser", - "version": "1.20.2", - "bom-ref": "body-parser@1.20.2", - "description": "Node.js body parsing middleware", + "name": "json-parse-even-better-errors", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "author": "GitHub Inc.", + "description": "JSON.parse with context information on error", "licenses": [ { "license": { @@ -63493,449 +146199,345 @@ } } ], - "purl": "pkg:npm/body-parser@1.20.2", + "purl": "pkg:npm/json-parse-even-better-errors@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/json-parse-even-better-errors.git", "externalReferences": [ { - "url": "git+https://github.com/expressjs/body-parser.git", + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/expressjs/body-parser#readme", + "url": "https://github.com/npm/json-parse-even-better-errors#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/expressjs/body-parser/issues", + "url": "https://github.com/npm/json-parse-even-better-errors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9a5f6945e0aedcceb590696aa139b6ba64974e5453b864f1d1b7d88feb8850a298c9c1b936d49b79eb55ddf69253a47b6a338fc3483f2753ef2b8a8dcbbb396c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/body-parser" + "value": "node_modules/npm/node_modules/json-parse-even-better-errors" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pacote", + "version": "18.0.6", + "bom-ref": "npm@10.8.0|pacote@18.0.6", + "author": "GitHub Inc.", + "description": "JavaScript package downloader", + "licenses": [ + { + "license": { + "id": "ISC" + } } ], - "components": [ + "purl": "pkg:npm/pacote@18.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/pacote.git", + "externalReferences": [ { - "type": "library", - "name": "debug", - "version": "2.6.9", - "bom-ref": "body-parser@1.20.2|debug@2.6.9", - "author": "TJ Holowaychuk", - "description": "small debugging utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/debug@2.6.9", - "externalReferences": [ - { - "url": "git://github.com/visionmedia/debug.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/visionmedia/debug#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/visionmedia/debug/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/body-parser/node_modules/debug" - } - ] + "url": "git+https://github.com/npm/pacote.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "ms", - "version": "2.0.0", - "bom-ref": "body-parser@1.20.2|ms@2.0.0", - "description": "Tiny milisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/body-parser/node_modules/ms" - } - ] + "url": "https://github.com/npm/pacote#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/pacote/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/pacote" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "bytes", - "version": "3.1.2", - "bom-ref": "bytes@3.1.2", - "author": "TJ Holowaychuk", - "description": "Utility to parse a string bytes to bytes and vice-versa", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/bytes@3.1.2", + "purl": "pkg:npm/proc-log@4.2.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", "externalReferences": [ { - "url": "git+https://github.com/visionmedia/bytes.js.git", + "url": "git+https://github.com/npm/proc-log.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/visionmedia/bytes.js#readme", + "url": "https://github.com/npm/proc-log#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/visionmedia/bytes.js/issues", + "url": "https://github.com/npm/proc-log/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/bytes" + "value": "node_modules/npm/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "depd", - "version": "2.0.0", - "bom-ref": "depd@2.0.0", - "author": "Douglas Christopher Wilson", - "description": "Deprecate all the things", + "name": "semver", + "version": "7.6.2", + "bom-ref": "npm@10.8.0|semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/depd@2.0.0", + "purl": "pkg:npm/semver@7.6.2?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", "externalReferences": [ { - "url": "git+https://github.com/dougwilson/nodejs-depd.git", + "url": "git+https://github.com/npm/node-semver.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/dougwilson/nodejs-depd#readme", + "url": "https://github.com/npm/node-semver#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dougwilson/nodejs-depd/issues", + "url": "https://github.com/npm/node-semver/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/depd" + "value": "node_modules/npm/node_modules/semver" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "destroy", - "version": "1.2.0", - "bom-ref": "destroy@1.2.0", - "author": "Jonathan Ong", - "description": "destroy a stream if possible", + "name": "name-from-folder", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "author": "GitHub Inc.", + "description": "Get the package name from a folder path", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/destroy@1.2.0", + "purl": "pkg:npm/%40npmcli/name-from-folder@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/name-from-folder.git", "externalReferences": [ { - "url": "git+https://github.com/stream-utils/destroy.git", + "url": "git+https://github.com/npm/name-from-folder.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/stream-utils/destroy#readme", + "url": "https://github.com/npm/name-from-folder#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/stream-utils/destroy/issues", + "url": "https://github.com/npm/name-from-folder/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/destroy" + "value": "node_modules/npm/node_modules/@npmcli/name-from-folder" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "http-errors", - "version": "2.0.0", - "bom-ref": "http-errors@2.0.0", - "author": "Jonathan Ong", - "description": "Create HTTP error objects", + "name": "node-gyp", + "group": "@npmcli", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "author": "GitHub Inc.", + "description": "Tools for dealing with node-gyp packages", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/http-errors@2.0.0", + "purl": "pkg:npm/%40npmcli/node-gyp@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-gyp.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/http-errors.git", + "url": "git+https://github.com/npm/node-gyp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/http-errors#readme", + "url": "https://github.com/npm/node-gyp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/http-errors/issues", + "url": "https://github.com/npm/node-gyp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/http-errors" + "value": "node_modules/npm/node_modules/@npmcli/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "iconv-lite", - "version": "0.4.24", - "bom-ref": "iconv-lite@0.4.24", - "author": "Alexander Shtuchkin", - "description": "Convert character encodings in pure javascript.", + "name": "package-json", + "group": "@npmcli", + "version": "5.1.0", + "bom-ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "author": "GitHub Inc.", + "description": "Programmatic API to update package.json", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/iconv-lite@0.4.24", + "purl": "pkg:npm/%40npmcli/package-json@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/package-json.git", "externalReferences": [ { - "url": "git://github.com/ashtuchkin/iconv-lite.git", + "url": "git+https://github.com/npm/package-json.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ashtuchkin/iconv-lite", + "url": "https://github.com/npm/package-json#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "url": "https://github.com/npm/package-json/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/iconv-lite" + "value": "node_modules/npm/node_modules/@npmcli/package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "safer-buffer", - "version": "2.1.2", - "bom-ref": "safer-buffer@2.1.2", - "author": "Nikita Skovoroda", - "description": "Modern Buffer API polyfill without footguns", + "name": "query", + "group": "@npmcli", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|@npmcli/query@3.1.0", + "author": "GitHub Inc.", + "description": "npm query parser and tools", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/safer-buffer@2.1.2", + "purl": "pkg:npm/%40npmcli/query@3.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/query.git", "externalReferences": [ { - "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "url": "git+https://github.com/npm/query.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ChALkeR/safer-buffer#readme", + "url": "https://github.com/npm/query#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ChALkeR/safer-buffer/issues", + "url": "https://github.com/npm/query/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/safer-buffer" + "value": "node_modules/npm/node_modules/@npmcli/query" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "on-finished", - "version": "2.4.1", - "bom-ref": "on-finished@2.4.1", - "description": "Execute a callback when a request closes, finishes, or errors", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "npm@10.8.0|postcss-selector-parser@6.0.16", "licenses": [ { "license": { @@ -63943,98 +146545,85 @@ } } ], - "purl": "pkg:npm/on-finished@2.4.1", + "purl": "pkg:npm/postcss-selector-parser@6.0.16?vcs_url=git%2Bhttps%3A//github.com/postcss/postcss-selector-parser.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/on-finished.git", + "url": "git+https://github.com/postcss/postcss-selector-parser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/on-finished#readme", + "url": "https://github.com/postcss/postcss-selector-parser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/on-finished/issues", + "url": "https://github.com/postcss/postcss-selector-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/on-finished" + "value": "node_modules/npm/node_modules/postcss-selector-parser" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "qs", - "version": "6.11.0", - "bom-ref": "qs@6.11.0", - "description": "A querystring parser that supports nesting and arrays, with a depth limit", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/qs@6.11.0", + "purl": "pkg:npm/cssesc@3.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/cssesc.git", "externalReferences": [ { - "url": "git+https://github.com/ljharb/qs.git", + "url": "git+https://github.com/mathiasbynens/cssesc.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ljharb/qs", + "url": "https://mths.be/cssesc", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ljharb/qs/issues", + "url": "https://github.com/mathiasbynens/cssesc/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/qs" + "value": "node_modules/npm/node_modules/cssesc" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "raw-body", - "version": "2.5.2", - "bom-ref": "raw-body@2.5.2", - "author": "Jonathan Ong", - "description": "Get and validate the raw body of a readable stream.", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", "licenses": [ { "license": { @@ -64042,1341 +146631,1103 @@ } } ], - "purl": "pkg:npm/raw-body@2.5.2", + "purl": "pkg:npm/util-deprecate@1.0.2?vcs_url=git%3A//github.com/TooTallNate/util-deprecate.git", "externalReferences": [ { - "url": "git+https://github.com/stream-utils/raw-body.git", + "url": "git://github.com/TooTallNate/util-deprecate.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/stream-utils/raw-body#readme", + "url": "https://github.com/TooTallNate/util-deprecate", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/stream-utils/raw-body/issues", + "url": "https://github.com/TooTallNate/util-deprecate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f331aaca97c4363088a868605d3a02f1a076afb62b057f804007c83ecfcc964f81b4f4f3b4ebd34b4d4d456ff7121eb427e6b8f25b7caac0b38ab43a9680957c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/raw-body" + "value": "node_modules/npm/node_modules/util-deprecate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "unpipe", - "version": "1.0.0", - "bom-ref": "unpipe@1.0.0", - "author": "Douglas Christopher Wilson", - "description": "Unpipe a stream from all destinations", + "name": "redact", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/redact@2.0.0", + "author": "GitHub Inc.", + "description": "Redact sensitive npm information from output", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/unpipe@1.0.0", + "purl": "pkg:npm/%40npmcli/redact@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/redact.git", "externalReferences": [ { - "url": "git+https://github.com/stream-utils/unpipe.git", + "url": "git+https://github.com/npm/redact.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/stream-utils/unpipe#readme", + "url": "https://github.com/npm/redact#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/stream-utils/unpipe/issues", + "url": "https://github.com/npm/redact/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/unpipe" + "value": "node_modules/npm/node_modules/@npmcli/redact" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "type-is", - "version": "1.6.18", - "bom-ref": "type-is@1.6.18", - "description": "Infer the content-type of a request.", + "name": "run-script", + "group": "@npmcli", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "author": "GitHub Inc.", + "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/type-is@1.6.18", + "purl": "pkg:npm/%40npmcli/run-script@8.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/run-script.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/type-is.git", + "url": "git+https://github.com/npm/run-script.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/type-is#readme", + "url": "https://github.com/npm/run-script#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/type-is/issues", + "url": "https://github.com/npm/run-script/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/type-is" + "value": "node_modules/npm/node_modules/@npmcli/run-script" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "content-disposition", - "version": "0.5.4", - "bom-ref": "content-disposition@0.5.4", - "author": "Douglas Christopher Wilson", - "description": "Create and parse Content-Disposition header", + "name": "bin-links", + "version": "4.0.4", + "bom-ref": "npm@10.8.0|bin-links@4.0.4", + "author": "GitHub Inc.", + "description": "JavaScript package binary linker", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/content-disposition@0.5.4", + "purl": "pkg:npm/bin-links@4.0.4?vcs_url=git%2Bhttps%3A//github.com/npm/bin-links.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/content-disposition.git", + "url": "git+https://github.com/npm/bin-links.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/content-disposition#readme", + "url": "https://github.com/npm/bin-links#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/content-disposition/issues", + "url": "https://github.com/npm/bin-links/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/content-disposition" + "value": "node_modules/npm/node_modules/bin-links" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "cookie-signature", - "version": "1.0.6", - "bom-ref": "cookie-signature@1.0.6", - "author": "TJ Holowaychuk", - "description": "Sign and unsign cookies", + "name": "cmd-shim", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|cmd-shim@6.0.3", + "author": "GitHub Inc.", + "description": "Used in npm for command line application support", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/cookie-signature@1.0.6", + "purl": "pkg:npm/cmd-shim@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cmd-shim.git", "externalReferences": [ { - "url": "git+https://github.com/visionmedia/node-cookie-signature.git", + "url": "git+https://github.com/npm/cmd-shim.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/visionmedia/node-cookie-signature#readme", + "url": "https://github.com/npm/cmd-shim#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/visionmedia/node-cookie-signature/issues", + "url": "https://github.com/npm/cmd-shim/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cookie-signature" + "value": "node_modules/npm/node_modules/cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "cookie", - "version": "0.6.0", - "bom-ref": "cookie@0.6.0", - "author": "Roman Shtylman", - "description": "HTTP server cookie parsing and serialization", + "name": "read-cmd-shim", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|read-cmd-shim@4.0.0", + "author": "GitHub Inc.", + "description": "Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/cookie@0.6.0", + "purl": "pkg:npm/read-cmd-shim@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/read-cmd-shim.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/cookie.git", + "url": "git+https://github.com/npm/read-cmd-shim.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/cookie#readme", + "url": "https://github.com/npm/read-cmd-shim#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/cookie/issues", + "url": "https://github.com/npm/read-cmd-shim/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "53bd5cc936a6ba1d4244d09fa4663ab68dbc971bcdc0f1b81aecff1158e07f7266cefd2f943a756ad4fd792e5d0e33181ee7291db5a7b3a2f07f704acfab2f77" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cookie" + "value": "node_modules/npm/node_modules/read-cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "encodeurl", - "version": "1.0.2", - "bom-ref": "encodeurl@1.0.2", - "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", + "name": "write-file-atomic", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|write-file-atomic@5.0.1", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/encodeurl@1.0.2", + "purl": "pkg:npm/write-file-atomic@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/write-file-atomic.git", "externalReferences": [ { - "url": "git+https://github.com/pillarjs/encodeurl.git", + "url": "git+https://github.com/npm/write-file-atomic.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/pillarjs/encodeurl#readme", + "url": "https://github.com/npm/write-file-atomic", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/pillarjs/encodeurl/issues", + "url": "https://github.com/npm/write-file-atomic/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/encodeurl" + "value": "node_modules/npm/node_modules/write-file-atomic" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "escape-html", - "version": "1.0.3", - "bom-ref": "escape-html@1.0.3", - "description": "Escape string for use in HTML", + "name": "common-ancestor-path", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|common-ancestor-path@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Find the common ancestor of 2 or more paths on Windows or Unix", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/escape-html@1.0.3", + "purl": "pkg:npm/common-ancestor-path@1.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/common-ancestor-path.git", "externalReferences": [ { - "url": "git+https://github.com/component/escape-html.git", + "url": "git+https://github.com/isaacs/common-ancestor-path.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/component/escape-html#readme", + "url": "https://github.com/isaacs/common-ancestor-path#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/component/escape-html/issues", + "url": "https://github.com/isaacs/common-ancestor-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/escape-html" + "value": "node_modules/npm/node_modules/common-ancestor-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "etag", - "version": "1.8.1", - "bom-ref": "etag@1.8.1", - "description": "Create simple HTTP ETags", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/etag@1.8.1", + "purl": "pkg:npm/hosted-git-info@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/etag.git", + "url": "git+https://github.com/npm/hosted-git-info.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/etag#readme", + "url": "https://github.com/npm/hosted-git-info", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/etag/issues", + "url": "https://github.com/npm/hosted-git-info/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/etag" + "value": "node_modules/npm/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "finalhandler", - "version": "1.2.0", - "bom-ref": "finalhandler@1.2.0", - "author": "Douglas Christopher Wilson", - "description": "Node.js final http responder", + "name": "json-stringify-nice", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|json-stringify-nice@1.1.4", + "author": "Isaac Z. Schlueter", + "description": "Stringify an object sorting scalars before objects, and defaulting to 2-space indent", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/finalhandler@1.2.0", + "purl": "pkg:npm/json-stringify-nice@1.1.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/json-stringify-nice.git", "externalReferences": [ { - "url": "git+https://github.com/pillarjs/finalhandler.git", + "url": "git+https://github.com/isaacs/json-stringify-nice.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/pillarjs/finalhandler#readme", + "url": "https://github.com/isaacs/json-stringify-nice#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/pillarjs/finalhandler/issues", + "url": "https://github.com/isaacs/json-stringify-nice/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/finalhandler" - } - ], - "components": [ - { - "type": "library", - "name": "debug", - "version": "2.6.9", - "bom-ref": "finalhandler@1.2.0|debug@2.6.9", - "author": "TJ Holowaychuk", - "description": "small debugging utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/debug@2.6.9", - "externalReferences": [ - { - "url": "git://github.com/visionmedia/debug.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/visionmedia/debug#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/visionmedia/debug/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/finalhandler/node_modules/debug" - } - ] + "value": "node_modules/npm/node_modules/json-stringify-nice" }, { - "type": "library", - "name": "ms", - "version": "2.0.0", - "bom-ref": "finalhandler@1.2.0|ms@2.0.0", - "description": "Tiny milisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/finalhandler/node_modules/ms" - } - ] + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "parseurl", - "version": "1.3.3", - "bom-ref": "parseurl@1.3.3", - "description": "parse a url with memoization", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "npm@10.8.0|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/parseurl@1.3.3", + "purl": "pkg:npm/lru-cache@10.2.2?vcs_url=git%3A//github.com/isaacs/node-lru-cache.git", "externalReferences": [ { - "url": "git+https://github.com/pillarjs/parseurl.git", + "url": "git://github.com/isaacs/node-lru-cache.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/pillarjs/parseurl#readme", + "url": "https://github.com/isaacs/node-lru-cache#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/pillarjs/parseurl/issues", + "url": "https://github.com/isaacs/node-lru-cache/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/parseurl" + "value": "node_modules/npm/node_modules/lru-cache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "statuses", - "version": "2.0.1", - "bom-ref": "statuses@2.0.1", - "description": "HTTP status utility", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "npm@10.8.0|minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/statuses@2.0.1", + "purl": "pkg:npm/minimatch@9.0.4?vcs_url=git%3A//github.com/isaacs/minimatch.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/statuses.git", + "url": "git://github.com/isaacs/minimatch.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/statuses#readme", + "url": "https://github.com/isaacs/minimatch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/statuses/issues", + "url": "https://github.com/isaacs/minimatch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/statuses" + "value": "node_modules/npm/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "fresh", - "version": "0.5.2", - "bom-ref": "fresh@0.5.2", - "author": "TJ Holowaychuk", - "description": "HTTP response freshness testing", + "name": "nopt", + "version": "7.2.1", + "bom-ref": "npm@10.8.0|nopt@7.2.1", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/fresh@0.5.2", + "purl": "pkg:npm/nopt@7.2.1?vcs_url=git%2Bhttps%3A//github.com/npm/nopt.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/fresh.git", + "url": "git+https://github.com/npm/nopt.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/fresh#readme", + "url": "https://github.com/npm/nopt#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/fresh/issues", + "url": "https://github.com/npm/nopt/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fresh" + "value": "node_modules/npm/node_modules/nopt" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "setprototypeof", - "version": "1.2.0", - "bom-ref": "setprototypeof@1.2.0", - "author": "Wes Todd", - "description": "A small polyfill for Object.setprototypeof", + "name": "npm-install-checks", + "version": "6.3.0", + "bom-ref": "npm@10.8.0|npm-install-checks@6.3.0", + "author": "GitHub Inc.", + "description": "Check the engines and platform fields in package.json", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/setprototypeof@1.2.0", + "purl": "pkg:npm/npm-install-checks@6.3.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-install-checks.git", "externalReferences": [ { - "url": "git+https://github.com/wesleytodd/setprototypeof.git", + "url": "git+https://github.com/npm/npm-install-checks.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/wesleytodd/setprototypeof", + "url": "https://github.com/npm/npm-install-checks#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/wesleytodd/setprototypeof/issues", + "url": "https://github.com/npm/npm-install-checks/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/setprototypeof" + "value": "node_modules/npm/node_modules/npm-install-checks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "toidentifier", - "version": "1.0.1", - "bom-ref": "toidentifier@1.0.1", - "author": "Douglas Christopher Wilson", - "description": "Convert a string of words to a JavaScript identifier", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "npm@10.8.0|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/toidentifier@1.0.1", + "purl": "pkg:npm/npm-package-arg@11.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-package-arg.git", "externalReferences": [ { - "url": "git+https://github.com/component/toidentifier.git", + "url": "git+https://github.com/npm/npm-package-arg.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/component/toidentifier#readme", + "url": "https://github.com/npm/npm-package-arg", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/component/toidentifier/issues", + "url": "https://github.com/npm/npm-package-arg/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/toidentifier" + "value": "node_modules/npm/node_modules/npm-package-arg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "merge-descriptors", - "version": "1.0.1", - "bom-ref": "merge-descriptors@1.0.1", - "author": "Jonathan Ong", - "description": "Merge objects using descriptors", + "name": "npm-pick-manifest", + "version": "9.0.1", + "bom-ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "author": "GitHub Inc.", + "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/merge-descriptors@1.0.1", + "purl": "pkg:npm/npm-pick-manifest@9.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-pick-manifest.git", "externalReferences": [ { - "url": "git+https://github.com/component/merge-descriptors.git", + "url": "git+https://github.com/npm/npm-pick-manifest.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/component/merge-descriptors#readme", + "url": "https://github.com/npm/npm-pick-manifest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/component/merge-descriptors/issues", + "url": "https://github.com/npm/npm-pick-manifest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/merge-descriptors" + "value": "node_modules/npm/node_modules/npm-pick-manifest" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "methods", - "version": "1.1.2", - "bom-ref": "methods@1.1.2", - "description": "HTTP methods that node supports", + "name": "npm-registry-fetch", + "version": "17.0.1", + "bom-ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "author": "GitHub Inc.", + "description": "Fetch-based http client for use with npm registry APIs", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/methods@1.1.2", + "purl": "pkg:npm/npm-registry-fetch@17.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-registry-fetch.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/methods.git", + "url": "git+https://github.com/npm/npm-registry-fetch.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/methods#readme", + "url": "https://github.com/npm/npm-registry-fetch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/methods/issues", + "url": "https://github.com/npm/npm-registry-fetch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/methods" + "value": "node_modules/npm/node_modules/npm-registry-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "ee-first", - "version": "1.1.1", - "bom-ref": "ee-first@1.1.1", - "author": "Jonathan Ong", - "description": "return the first event in a set of ee/event pairs", + "name": "parse-conflict-json", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "author": "GitHub Inc.", + "description": "Parse a JSON string that has git merge conflicts, resolving if possible", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/ee-first@1.1.1", + "purl": "pkg:npm/parse-conflict-json@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/parse-conflict-json.git", "externalReferences": [ { - "url": "git+https://github.com/jonathanong/ee-first.git", + "url": "git+https://github.com/npm/parse-conflict-json.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonathanong/ee-first#readme", + "url": "https://github.com/npm/parse-conflict-json#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonathanong/ee-first/issues", + "url": "https://github.com/npm/parse-conflict-json/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ee-first" + "value": "node_modules/npm/node_modules/parse-conflict-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "path-to-regexp", - "version": "0.1.7", - "bom-ref": "path-to-regexp@0.1.7", - "description": "Express style path to RegExp utility", + "name": "proggy", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|proggy@2.0.0", + "author": "GitHub Inc.", + "description": "Progress bar updates at a distance", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/path-to-regexp@0.1.7", + "purl": "pkg:npm/proggy@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proggy.git", "externalReferences": [ { - "url": "git+https://github.com/component/path-to-regexp.git", + "url": "git+https://github.com/npm/proggy.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/component/path-to-regexp#readme", + "url": "https://github.com/npm/proggy#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/component/path-to-regexp/issues", + "url": "https://github.com/npm/proggy/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proggy" }, { - "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-all-reject-late", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-all-reject-late@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like Promise.all, but save rejections until all promises are resolved", + "licenses": [ + { + "license": { + "id": "ISC" + } } ], + "purl": "pkg:npm/promise-all-reject-late@1.0.1", "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/path-to-regexp" + "value": "node_modules/npm/node_modules/promise-all-reject-late" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "proxy-addr", - "version": "2.0.7", - "bom-ref": "proxy-addr@2.0.7", - "author": "Douglas Christopher Wilson", - "description": "Determine address of proxied request", + "name": "promise-call-limit", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|promise-call-limit@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/proxy-addr@2.0.7", + "purl": "pkg:npm/promise-call-limit@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/promise-call-limit.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/proxy-addr.git", + "url": "git+https://github.com/isaacs/promise-call-limit.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/proxy-addr#readme", + "url": "https://github.com/isaacs/promise-call-limit#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/proxy-addr/issues", + "url": "https://github.com/isaacs/promise-call-limit/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/proxy-addr" + "value": "node_modules/npm/node_modules/promise-call-limit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "forwarded", - "version": "0.2.0", - "bom-ref": "forwarded@0.2.0", - "description": "Parse HTTP X-Forwarded-For header", + "name": "read-package-json-fast", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "author": "GitHub Inc.", + "description": "Like read-package-json, but faster", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/forwarded@0.2.0", + "purl": "pkg:npm/read-package-json-fast@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/read-package-json-fast.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/forwarded.git", + "url": "git+https://github.com/npm/read-package-json-fast.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/forwarded#readme", + "url": "https://github.com/npm/read-package-json-fast#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/forwarded/issues", + "url": "https://github.com/npm/read-package-json-fast/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/forwarded" + "value": "node_modules/npm/node_modules/read-package-json-fast" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "ipaddr.js", - "version": "1.9.1", - "bom-ref": "ipaddr.js@1.9.1", - "author": "whitequark", - "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", + "name": "ssri", + "version": "10.0.6", + "bom-ref": "npm@10.8.0|ssri@10.0.6", + "author": "GitHub Inc.", + "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/ipaddr.js@1.9.1", + "purl": "pkg:npm/ssri@10.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/ssri.git", "externalReferences": [ { - "url": "git://github.com/whitequark/ipaddr.js.git", + "url": "git+https://github.com/npm/ssri.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/whitequark/ipaddr.js#readme", + "url": "https://github.com/npm/ssri#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/whitequark/ipaddr.js/issues", + "url": "https://github.com/npm/ssri/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ipaddr.js" + "value": "node_modules/npm/node_modules/ssri" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "side-channel", - "version": "1.0.6", - "bom-ref": "side-channel@1.0.6", - "author": "Jordan Harband", - "description": "Store information about any JS value in a side channel. Uses WeakMap if available.", + "name": "treeverse", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|treeverse@3.0.0", + "author": "GitHub Inc.", + "description": "Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/side-channel@1.0.6", + "purl": "pkg:npm/treeverse@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/treeverse.git", "externalReferences": [ { - "url": "git+https://github.com/ljharb/side-channel.git", + "url": "git+https://github.com/npm/treeverse.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ljharb/side-channel#readme", + "url": "https://github.com/npm/treeverse#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ljharb/side-channel/issues", + "url": "https://github.com/npm/treeverse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7c35bf119e90f5188ef1e146f078feeeefe85be5eb3d320287008e336fad87603a39b943b58608a6f7bd9be2af23d6780bda9211795a191e9b4c460745eba094" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/side-channel" + "value": "node_modules/npm/node_modules/treeverse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "call-bind", - "version": "1.0.7", - "bom-ref": "call-bind@1.0.7", - "author": "Jordan Harband", - "description": "Robustly `.call.bind()` a function", + "name": "walk-up-path", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|walk-up-path@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Given a path string, return a generator that walks up the path, emitting each dirname.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/call-bind@1.0.7", + "purl": "pkg:npm/walk-up-path@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/walk-up-path.git", "externalReferences": [ { - "url": "git+https://github.com/ljharb/call-bind.git", + "url": "git+https://github.com/isaacs/walk-up-path.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ljharb/call-bind#readme", + "url": "https://github.com/isaacs/walk-up-path#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ljharb/call-bind/issues", + "url": "https://github.com/isaacs/walk-up-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1874d2352608090eec707eec67e336ac5a294682e1f2dd9b2d25ba05b82bb4bb1a84e201e62c805497fd1a358addc6130da323e17741a4cd5c03aa484b42afdb" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/call-bind" + "value": "node_modules/npm/node_modules/walk-up-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "es-define-property", - "version": "1.0.0", - "bom-ref": "es-define-property@1.0.0", - "author": "Jordan Harband", - "description": "`Object.defineProperty`, but not IE 8's broken one.", + "name": "config", + "group": "@npmcli", + "version": "8.3.2", + "bom-ref": "npm@10.8.0|@npmcli/config@8.3.2", + "author": "GitHub Inc.", + "description": "Configuration management for the npm cli", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/es-define-property@1.0.0", + "purl": "pkg:npm/%40npmcli/config@8.3.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/config", "externalReferences": [ { - "url": "git+https://github.com/ljharb/es-define-property.git", + "url": "git+https://github.com/npm/cli.git#workspaces/config", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/ljharb/es-define-property#readme", + "url": "https://github.com/npm/cli#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ljharb/es-define-property/issues", + "url": "https://github.com/npm/cli/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8f16b22ca4a1ac4aaacc9d1eba641b5614d840cdbb09f4f54f7e7e8028031682fcd892ec5ea4c9efacefe80d182ce8049cb50cbcbcec0ec188ae5f0d1694f681" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/es-define-property" + "value": "node_modules/npm/node_modules/@npmcli/config" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "get-intrinsic", - "version": "1.2.4", - "bom-ref": "get-intrinsic@1.2.4", - "author": "Jordan Harband", - "description": "Get and robustly cache all JS language-level intrinsics at first require time", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", "licenses": [ { "license": { @@ -65384,299 +147735,259 @@ } } ], - "purl": "pkg:npm/get-intrinsic@1.2.4", + "purl": "pkg:npm/ci-info@4.0.0?vcs_url=git%2Bhttps%3A//github.com/watson/ci-info.git", "externalReferences": [ { - "url": "git+https://github.com/ljharb/get-intrinsic.git", + "url": "git+https://github.com/watson/ci-info.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ljharb/get-intrinsic#readme", + "url": "https://github.com/watson/ci-info", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ljharb/get-intrinsic/issues", + "url": "https://github.com/watson/ci-info/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e6e621b091fc549053bfba2c960e01ce7258843a1123ac1a602c4c9827674eb702ac703f7c214aa13173d8928a1341dd0c5505effa10ba1cee99724aee968145" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/get-intrinsic" + "value": "node_modules/npm/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "es-errors", - "version": "1.3.0", - "bom-ref": "es-errors@1.3.0", - "author": "Jordan Harband", - "description": "A simple cache for a few of the JS Error constructors.", + "name": "ini", + "version": "4.1.2", + "bom-ref": "npm@10.8.0|ini@4.1.2", + "author": "GitHub Inc.", + "description": "An ini encoder/decoder for node", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/es-errors@1.3.0", + "purl": "pkg:npm/ini@4.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/ini.git", "externalReferences": [ { - "url": "git+https://github.com/ljharb/es-errors.git", + "url": "git+https://github.com/npm/ini.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ljharb/es-errors#readme", + "url": "https://github.com/npm/ini#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ljharb/es-errors/issues", + "url": "https://github.com/npm/ini/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "65fe47d8ac6ddb18d3bdb26f3f66562c4202c40ea3fa1026333225ca9cb8c5c060d6f2959f1f3d5b2d066d2fa47f9730095145cdd0858765d20853542d2e9cb3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/es-errors" + "value": "node_modules/npm/node_modules/ini" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "function-bind", - "version": "1.1.2", - "bom-ref": "function-bind@1.1.2", - "author": "Raynos", - "description": "Implementation of Function.prototype.bind", + "name": "glob", + "version": "10.3.15", + "bom-ref": "npm@10.8.0|glob@10.3.15", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/function-bind@1.1.2", + "purl": "pkg:npm/glob@10.3.15?vcs_url=git%3A//github.com/isaacs/node-glob.git", "externalReferences": [ { - "url": "git+https://github.com/Raynos/function-bind.git", + "url": "git://github.com/isaacs/node-glob.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Raynos/function-bind", + "url": "https://github.com/isaacs/node-glob#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Raynos/function-bind/issues", + "url": "https://github.com/isaacs/node-glob/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/function-bind" + "value": "node_modules/npm/node_modules/glob" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "set-function-length", - "version": "1.2.2", - "bom-ref": "set-function-length@1.2.2", - "author": "Jordan Harband", - "description": "Set a function's length property", + "name": "git", + "group": "@npmcli", + "version": "5.0.7", + "bom-ref": "npm@10.8.0|@npmcli/git@5.0.7", + "author": "GitHub Inc.", + "description": "a util for spawning git from npm CLI contexts", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/set-function-length@1.2.2", + "purl": "pkg:npm/%40npmcli/git@5.0.7?vcs_url=git%2Bhttps%3A//github.com/npm/git.git", "externalReferences": [ { - "url": "git+https://github.com/ljharb/set-function-length.git", + "url": "git+https://github.com/npm/git.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ljharb/set-function-length#readme", + "url": "https://github.com/npm/git#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ljharb/set-function-length/issues", + "url": "https://github.com/npm/git/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a6045ce21278fec363582492f409a74b8d31ddb34c0d39271e02f951a3014ccc899d4f741205a1d51cfe302f5e16ee01b8dfd4c198ca42e63fd6fdeb33b1cc7e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/set-function-length" + "value": "node_modules/npm/node_modules/@npmcli/git" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "define-data-property", - "version": "1.1.4", - "bom-ref": "define-data-property@1.1.4", - "author": "Jordan Harband", - "description": "Define a data property on an object. Will fall back to assignment in an engine without descriptors.", + "name": "promise-spawn", + "group": "@npmcli", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "author": "GitHub Inc.", + "description": "spawn processes the way the npm cli likes to do", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/define-data-property@1.1.4", + "purl": "pkg:npm/%40npmcli/promise-spawn@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promise-spawn.git", "externalReferences": [ { - "url": "git+https://github.com/ljharb/define-data-property.git", + "url": "git+https://github.com/npm/promise-spawn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ljharb/define-data-property#readme", + "url": "https://github.com/npm/promise-spawn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ljharb/define-data-property/issues", + "url": "https://github.com/npm/promise-spawn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ac132f23396903cbfa13e489668a3ef87018aac2eb920ecc49f2229cc3c5866928af0ed7f9d39754942cf904faf731a4cccc9f0e720c3765a2775f8d6cbdd3f8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/define-data-property" + "value": "node_modules/npm/node_modules/@npmcli/promise-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "gopd", + "name": "promise-inflight", "version": "1.0.1", - "bom-ref": "gopd@1.0.1", - "author": "Jordan Harband", - "description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.", + "bom-ref": "npm@10.8.0|promise-inflight@1.0.1", + "author": "Rebecca Turner", + "description": "One promise for multiple requests in flight to avoid async duplication", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/gopd@1.0.1", + "purl": "pkg:npm/promise-inflight@1.0.1?vcs_url=git%2Bhttps%3A//github.com/iarna/promise-inflight.git", "externalReferences": [ { - "url": "git+https://github.com/ljharb/gopd.git", + "url": "git+https://github.com/iarna/promise-inflight.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ljharb/gopd#readme", + "url": "https://github.com/iarna/promise-inflight#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ljharb/gopd/issues", + "url": "https://github.com/iarna/promise-inflight/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/gopd" + "value": "node_modules/npm/node_modules/promise-inflight" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "has-property-descriptors", - "version": "1.0.2", - "bom-ref": "has-property-descriptors@1.0.2", - "author": "Jordan Harband", - "description": "Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.", + "name": "promise-retry", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|promise-retry@2.0.1", + "author": "IndigoUnited", + "description": "Retries a function that returns a promise, leveraging the power of the retry module.", "licenses": [ { "license": { @@ -65684,149 +147995,128 @@ } } ], - "purl": "pkg:npm/has-property-descriptors@1.0.2", + "purl": "pkg:npm/promise-retry@2.0.1?vcs_url=git%3A//github.com/IndigoUnited/node-promise-retry.git", "externalReferences": [ { - "url": "git+https://github.com/inspect-js/has-property-descriptors.git", + "url": "git://github.com/IndigoUnited/node-promise-retry.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/inspect-js/has-property-descriptors#readme", + "url": "https://github.com/IndigoUnited/node-promise-retry#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/inspect-js/has-property-descriptors/issues", + "url": "https://github.com/IndigoUnited/node-promise-retry/issues/", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e7924d2ae216fafab829ed418ce4e333661cb5022f093ec61731f099f64f1a8e709eb82489dd1842d9c095e152aae9999b86b3de7d814be7ab6f2e62a49760ae" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/has-property-descriptors" + "value": "node_modules/npm/node_modules/promise-retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "has-proto", - "version": "1.0.3", - "bom-ref": "has-proto@1.0.3", - "author": "Jordan Harband", - "description": "Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?", + "name": "which", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/has-proto@1.0.3", + "purl": "pkg:npm/which@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-which.git", "externalReferences": [ { - "url": "git+https://github.com/inspect-js/has-proto.git", + "url": "git+https://github.com/npm/node-which.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/inspect-js/has-proto#readme", + "url": "https://github.com/npm/node-which#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/inspect-js/has-proto/issues", + "url": "https://github.com/npm/node-which/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "489d5a999009522652f8f86c54b7f9b46c9d95a541f04745a5a48ee209a250a50ec64f2ace7e40232e19789526876db39c8764fee300513da9977171cd5507f9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/has-proto" + "value": "node_modules/npm/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "has-symbols", - "version": "1.0.3", - "bom-ref": "has-symbols@1.0.3", - "author": "Jordan Harband", - "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/has-symbols@1.0.3", + "purl": "pkg:npm/normalize-package-data@6.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/normalize-package-data.git", "externalReferences": [ { - "url": "git://github.com/inspect-js/has-symbols.git", + "url": "git+https://github.com/npm/normalize-package-data.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ljharb/has-symbols#readme", + "url": "https://github.com/npm/normalize-package-data#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ljharb/has-symbols/issues", + "url": "https://github.com/npm/normalize-package-data/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/has-symbols" + "value": "node_modules/npm/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "hasown", - "version": "2.0.2", - "bom-ref": "hasown@2.0.2", - "author": "Jordan Harband", - "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "name": "node-gyp", + "version": "10.1.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0", + "author": "Nathan Rajlich", + "description": "Node.js native addon build tool", "licenses": [ { "license": { @@ -65834,149 +148124,130 @@ } } ], - "purl": "pkg:npm/hasown@2.0.2", + "purl": "pkg:npm/node-gyp@10.1.0?vcs_url=git%3A//github.com/nodejs/node-gyp.git", "externalReferences": [ { - "url": "git+https://github.com/inspect-js/hasOwn.git", + "url": "git://github.com/nodejs/node-gyp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/inspect-js/hasOwn#readme", + "url": "https://github.com/nodejs/node-gyp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/inspect-js/hasOwn/issues", + "url": "https://github.com/nodejs/node-gyp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d21254f5208fbe633320175916a34f5d66ba76a87b59d1f470823dcbe0b24bcac6de72f8f01725adaf4798a8555541f23d6347e58ef10f0001edb7e04a391431" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/hasown" + "value": "node_modules/npm/node_modules/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "object-inspect", - "version": "1.13.1", - "bom-ref": "object-inspect@1.13.1", - "author": "James Halliday", - "description": "string representations of objects in node and the browser", + "name": "tuf", + "group": "@sigstore", + "version": "2.3.3", + "bom-ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "author": "bdehamer@github.com", + "description": "Client for the Sigstore TUF repository", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/object-inspect@1.13.1", + "purl": "pkg:npm/%40sigstore/tuf@2.3.3?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", "externalReferences": [ { - "url": "git://github.com/inspect-js/object-inspect.git", + "url": "git+https://github.com/sigstore/sigstore-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/inspect-js/object-inspect", + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/inspect-js/object-inspect/issues", + "url": "https://github.com/sigstore/sigstore-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/object-inspect" + "value": "node_modules/npm/node_modules/@sigstore/tuf" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "range-parser", - "version": "1.2.1", - "bom-ref": "range-parser@1.2.1", - "author": "TJ Holowaychuk", - "description": "Range header field string parser", + "name": "protobuf-specs", + "group": "@sigstore", + "version": "0.3.2", + "bom-ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/range-parser@1.2.1", + "purl": "pkg:npm/%40sigstore/protobuf-specs@0.3.2?vcs_url=git%2Bhttps%3A//github.com/sigstore/protobuf-specs.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/range-parser.git", + "url": "git+https://github.com/sigstore/protobuf-specs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/range-parser#readme", + "url": "https://github.com/sigstore/protobuf-specs#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/range-parser/issues", + "url": "https://github.com/sigstore/protobuf-specs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/range-parser" + "value": "node_modules/npm/node_modules/@sigstore/protobuf-specs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "send", - "version": "0.18.0", - "bom-ref": "send@0.18.0", - "author": "TJ Holowaychuk", - "description": "Better streaming static file server with Range and conditional-GET support", + "name": "tuf-js", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|tuf-js@2.2.1", + "author": "bdehamer@github.com", + "description": "JavaScript implementation of The Update Framework (TUF)", "licenses": [ { "license": { @@ -65984,152 +148255,43 @@ } } ], - "purl": "pkg:npm/send@0.18.0", + "purl": "pkg:npm/tuf-js@2.2.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", "externalReferences": [ { - "url": "git+https://github.com/pillarjs/send.git", + "url": "git+https://github.com/theupdateframework/tuf-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/pillarjs/send#readme", + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/pillarjs/send/issues", + "url": "https://github.com/theupdateframework/tuf-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/send" - } - ], - "components": [ + "value": "node_modules/npm/node_modules/tuf-js" + }, { - "type": "library", - "name": "debug", - "version": "2.6.9", - "bom-ref": "send@0.18.0|debug@2.6.9", - "author": "TJ Holowaychuk", - "description": "small debugging utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/debug@2.6.9", - "externalReferences": [ - { - "url": "git://github.com/visionmedia/debug.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/visionmedia/debug#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/visionmedia/debug/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/send/node_modules/debug" - } - ], - "components": [ - { - "type": "library", - "name": "ms", - "version": "2.0.0", - "bom-ref": "send@0.18.0|debug@2.6.9|ms@2.0.0", - "description": "Tiny milisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/send/node_modules/debug/node_modules/ms" - } - ] - } - ] + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "mime", - "version": "1.6.0", - "bom-ref": "mime@1.6.0", - "author": "Robert Kieffer", - "description": "A comprehensive library for mime-type mapping", + "name": "models", + "group": "@tufjs", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|@tufjs/models@2.0.1", + "author": "bdehamer@github.com", + "description": "TUF metadata models", "licenses": [ { "license": { @@ -66137,49 +148299,43 @@ } } ], - "purl": "pkg:npm/mime@1.6.0", + "purl": "pkg:npm/%40tufjs/models@2.0.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", "externalReferences": [ { - "url": "git+https://github.com/broofa/node-mime.git", + "url": "git+https://github.com/theupdateframework/tuf-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/broofa/node-mime#readme", + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/broofa/node-mime/issues", + "url": "https://github.com/theupdateframework/tuf-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mime" + "value": "node_modules/npm/node_modules/@tufjs/models" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "serve-static", - "version": "1.15.0", - "bom-ref": "serve-static@1.15.0", - "author": "Douglas Christopher Wilson", - "description": "Serve static files", + "name": "canonical-json", + "group": "@tufjs", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "author": "bdehamer@github.com", + "description": "OLPC JSON canonicalization", "licenses": [ { "license": { @@ -66187,49 +148343,42 @@ } } ], - "purl": "pkg:npm/serve-static@1.15.0", + "purl": "pkg:npm/%40tufjs/canonical-json@2.0.0?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", "externalReferences": [ { - "url": "git+https://github.com/expressjs/serve-static.git", + "url": "git+https://github.com/theupdateframework/tuf-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/expressjs/serve-static#readme", + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/canonical-json#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/expressjs/serve-static/issues", + "url": "https://github.com/theupdateframework/tuf-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/serve-static" + "value": "node_modules/npm/node_modules/@tufjs/canonical-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "media-typer", - "version": "0.3.0", - "bom-ref": "media-typer@0.3.0", - "author": "Douglas Christopher Wilson", - "description": "Simple RFC 6838 media type parser and formatter", + "name": "debug", + "version": "4.3.4", + "bom-ref": "npm@10.8.0|debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", "licenses": [ { "license": { @@ -66237,155 +148386,128 @@ } } ], - "purl": "pkg:npm/media-typer@0.3.0", + "purl": "pkg:npm/debug@4.3.4?vcs_url=git%3A//github.com/debug-js/debug.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/media-typer.git", + "url": "git://github.com/debug-js/debug.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/media-typer#readme", + "url": "https://github.com/debug-js/debug#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/media-typer/issues", + "url": "https://github.com/debug-js/debug/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/media-typer" + "value": "node_modules/npm/node_modules/debug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "utils-merge", - "version": "1.0.1", - "bom-ref": "utils-merge@1.0.1", - "author": "Jared Hanson", - "description": "merge() utility function", + "name": "make-fetch-happen", + "version": "13.0.1", + "bom-ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "author": "GitHub Inc.", + "description": "Opinionated, caching, retrying fetch client", "licenses": [ { "license": { - "id": "MIT" - } - }, - { - "license": { - "id": "MIT", - "url": "http://opensource.org/licenses/MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/utils-merge@1.0.1", + "purl": "pkg:npm/make-fetch-happen@13.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/make-fetch-happen.git", "externalReferences": [ { - "url": "git://github.com/jaredhanson/utils-merge.git", + "url": "git+https://github.com/npm/make-fetch-happen.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jaredhanson/utils-merge#readme", + "url": "https://github.com/npm/make-fetch-happen#readme", "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/jaredhanson/utils-merge/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/utils-merge" + "value": "node_modules/npm/node_modules/make-fetch-happen" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "vary", - "version": "1.1.2", - "bom-ref": "vary@1.1.2", - "author": "Douglas Christopher Wilson", - "description": "Manipulate the HTTP Vary header", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/vary@1.1.2", + "purl": "pkg:npm/abbrev@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/abbrev-js.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/vary.git", + "url": "git+https://github.com/npm/abbrev-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/vary#readme", + "url": "https://github.com/npm/abbrev-js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/vary/issues", + "url": "https://github.com/npm/abbrev-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/vary" + "value": "node_modules/npm/node_modules/abbrev" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "asynckit", - "version": "0.4.0", - "bom-ref": "asynckit@0.4.0", - "author": "Alex Indigo", - "description": "Minimal async jobs utility library, with streams support", + "name": "archy", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|archy@1.0.0", + "author": "James Halliday", + "description": "render nested hierarchies `npm ls` style with unicode pipes", "licenses": [ { "license": { @@ -66393,298 +148515,283 @@ } } ], - "purl": "pkg:npm/asynckit@0.4.0", + "purl": "pkg:npm/archy@1.0.0?vcs_url=git%2Bssh%3A//git%40github.com/substack/node-archy.git", "externalReferences": [ { - "url": "git+https://github.com/alexindigo/asynckit.git", + "url": "git+ssh://git@github.com/substack/node-archy.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/alexindigo/asynckit#readme", + "url": "https://github.com/substack/node-archy#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/alexindigo/asynckit/issues", + "url": "https://github.com/substack/node-archy/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "39e8bd387e2d461d18a94dc6c615fbf5d33f9b0560bdb64969235a464f9bb21923d12e5c7c772061a92b7818eb1f06ad5ca6f3f88a087582f1aca8a6d8c8d6d1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/asynckit" + "value": "node_modules/npm/node_modules/archy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "combined-stream", - "version": "1.0.8", - "bom-ref": "combined-stream@1.0.8", - "author": "Felix Geisendörfer", - "description": "A stream that emits multiple other streams one after another.", + "name": "fs-minipass", + "version": "3.0.3", + "bom-ref": "npm@10.8.0|fs-minipass@3.0.3", + "author": "GitHub Inc.", + "description": "fs read and write streams based on minipass", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/combined-stream@1.0.8", + "purl": "pkg:npm/fs-minipass@3.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", "externalReferences": [ { - "url": "git://github.com/felixge/node-combined-stream.git", + "url": "git+https://github.com/npm/fs-minipass.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/felixge/node-combined-stream", + "url": "https://github.com/npm/fs-minipass#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/felixge/node-combined-stream/issues", + "url": "https://github.com/npm/fs-minipass/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/combined-stream" + "value": "node_modules/npm/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "delayed-stream", - "version": "1.0.0", - "bom-ref": "delayed-stream@1.0.0", - "author": "Felix Geisendörfer", - "description": "Buffers events from a stream until you are ready to handle them.", + "name": "minipass-collect", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|minipass-collect@2.0.1", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that collects all the data into a single chunk", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/delayed-stream@1.0.0", + "purl": "pkg:npm/minipass-collect@2.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-collect.git", "externalReferences": [ { - "url": "git://github.com/felixge/node-delayed-stream.git", + "url": "git+https://github.com/isaacs/minipass-collect.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/felixge/node-delayed-stream", + "url": "https://github.com/isaacs/minipass-collect#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/felixge/node-delayed-stream/issues", + "url": "https://github.com/isaacs/minipass-collect/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "672483ecd7fdd5a2c1d11c4be0a1ab28705797b11db350c098475ca156b05e72c3ed20e1a4d82db88236680920edaed04b8d63c4f499d7ba7855d1a730793731" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/delayed-stream" + "value": "node_modules/npm/node_modules/minipass-collect" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "mime-db", - "version": "1.52.0", - "bom-ref": "mime-db@1.52.0", - "description": "Media Type Database", + "name": "minipass", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|minipass@7.1.1", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/mime-db@1.52.0", + "purl": "pkg:npm/minipass@7.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", "externalReferences": [ { - "url": "git+https://github.com/jshttp/mime-db.git", + "url": "git+https://github.com/isaacs/minipass.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/mime-db#readme", + "url": "https://github.com/isaacs/minipass#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/mime-db/issues", + "url": "https://github.com/isaacs/minipass/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mime-db" + "value": "node_modules/npm/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "fs-extra", - "version": "11.2.0", - "bom-ref": "fs-extra@11.2.0", - "author": "JP Richardson", - "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.", + "name": "minipass-flush", + "version": "1.0.5", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that calls a flush function before emitting 'end'", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/fs-extra@11.2.0", + "purl": "pkg:npm/minipass-flush@1.0.5?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-flush.git", "externalReferences": [ { - "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "url": "git+https://github.com/isaacs/minipass-flush.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jprichardson/node-fs-extra", + "url": "https://github.com/isaacs/minipass-flush#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jprichardson/node-fs-extra/issues", + "url": "https://github.com/isaacs/minipass-flush/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3e60e2deec0ae6716e5e1ed70d39559d2d7bc494bbbd6dfa8acdbec37c5cbfc495c620783720137f872d9156396e44a35f46389dbbd90aad7f123b44cabf64b7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fs-extra" + "value": "node_modules/npm/node_modules/minipass-flush" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jsonfile", - "version": "6.1.0", - "bom-ref": "jsonfile@6.1.0", - "author": "JP Richardson", - "description": "Easily read/write JSON files.", + "name": "yallist", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|yallist@4.0.0", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/jsonfile@6.1.0", + "purl": "pkg:npm/yallist@4.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/yallist.git", "externalReferences": [ { - "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "url": "git+https://github.com/isaacs/yallist.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jprichardson/node-jsonfile#readme", + "url": "https://github.com/isaacs/yallist#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jprichardson/node-jsonfile/issues", + "url": "https://github.com/isaacs/yallist/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/yallist" }, { - "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e5d8277563ab8984a6e5c9d86893616a52cd0ca3aa170c8307faebd44f59b067221af28fb3c476c5818269cb9fdf3e8ad58283cf5f367ddf9f637727de932a5d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-pipeline", + "version": "1.2.4", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "create a pipeline of streams using Minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } } ], + "purl": "pkg:npm/minipass-pipeline@1.2.4", "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jsonfile" + "value": "node_modules/npm/node_modules/minipass-pipeline" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "universalify", - "version": "2.0.1", - "bom-ref": "universalify@2.0.1", - "author": "Ryan Zimmerman", - "description": "Make a callback- or promise-based function support both promises and callbacks.", + "name": "p-map", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|p-map@4.0.0", + "author": "Sindre Sorhus", + "description": "Map over promises concurrently", "licenses": [ { "license": { @@ -66692,251 +148799,171 @@ } } ], - "purl": "pkg:npm/universalify@2.0.1", + "purl": "pkg:npm/p-map@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/p-map.git", "externalReferences": [ { - "url": "git+https://github.com/RyanZim/universalify.git", + "url": "git+https://github.com/sindresorhus/p-map.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/RyanZim/universalify#readme", + "url": "https://github.com/sindresorhus/p-map#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/RyanZim/universalify/issues", + "url": "https://github.com/sindresorhus/p-map/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "829b4735082120d9dcfef4c6224d12385185357c3b255ae5454b42a2725196f6b0e83b97d303b925e928f6c5ab301861f8fb18019ee85c088e9dffd42a88328b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/universalify" + "value": "node_modules/npm/node_modules/p-map" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "get-installed-path", - "version": "4.0.8", - "bom-ref": "get-installed-path@4.0.8", - "author": "Charlike Mike Reagent", - "description": "Get installation path where the given package is installed. Works for globally and locally installed packages", + "name": "tar", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|tar@6.2.1", + "author": "GitHub Inc.", + "description": "tar for node", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/get-installed-path@4.0.8", + "purl": "pkg:npm/tar@6.2.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-tar.git", "externalReferences": [ { - "url": "git+https://github.com/tunnckoCore/get-installed-path.git", + "url": "git+https://github.com/isaacs/node-tar.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tunnckoCore/get-installed-path", + "url": "https://github.com/isaacs/node-tar#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tunnckoCore/get-installed-path/issues", + "url": "https://github.com/isaacs/node-tar/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/get-installed-path/-/get-installed-path-4.0.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3e600d2b5c449481e51c7dad5df3a84e74835235f55f71af28ae99c8b6d49d20829f5a400f0bbaede556b6db8fcc95ab5c30d3d8c7ceeae01a2882ce15f8ad98" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/get-installed-path" + "value": "node_modules/npm/node_modules/tar" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "global-modules", - "version": "1.0.0", - "bom-ref": "global-modules@1.0.0", - "author": "Jon Schlinkert", - "description": "The directory used by npm for globally installed npm modules.", + "name": "unique-filename", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|unique-filename@3.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique filename for use in temporary directories or caches.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/global-modules@1.0.0", + "purl": "pkg:npm/unique-filename@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-filename.git", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/global-modules.git", + "url": "git+https://github.com/npm/unique-filename.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/global-modules", + "url": "https://github.com/iarna/unique-filename", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/global-modules/issues", + "url": "https://github.com/iarna/unique-filename/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0ace91247f5d46a4e16ec346738f39ade01e146708ce706ef9ecf3efadf87170b15bab4c29b20a4eab1a71b71162086e03b46f7733a5d155b176a0675ebfb6e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/global-modules" + "value": "node_modules/npm/node_modules/unique-filename" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "global-prefix", - "version": "1.0.2", - "bom-ref": "global-prefix@1.0.2", - "author": "Jon Schlinkert", - "description": "Get the npm global path prefix.", + "name": "unique-slug", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|unique-slug@4.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique character string suitible for use in files and URLs.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/global-prefix@1.0.2", + "purl": "pkg:npm/unique-slug@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-slug.git", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/global-prefix.git", + "url": "git+https://github.com/npm/unique-slug.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/global-prefix", + "url": "https://github.com/npm/unique-slug#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/global-prefix/issues", + "url": "https://github.com/npm/unique-slug/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e65b31d4d5031ed4a37e0d1e1e5998bd92aff3f9d5a97e1c9056ccf85ac6710fb4e0a59c585a3d3f93313d9612cd4bf2ce67536c8ec48b1f10e086c42c3ab32a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/global-prefix" - } - ], - "components": [ + "value": "node_modules/npm/node_modules/unique-slug" + }, { - "type": "library", - "name": "which", - "version": "1.3.1", - "bom-ref": "global-prefix@1.0.2|which@1.3.1", - "author": "Isaac Z. Schlueter", - "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/which@1.3.1", - "externalReferences": [ - { - "url": "git://github.com/isaacs/node-which.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-which#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-which/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/global-prefix/node_modules/which" - } - ] + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "expand-tilde", - "version": "2.0.2", - "bom-ref": "expand-tilde@2.0.2", - "author": "Jon Schlinkert", - "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or `~+` to the cwd.", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "npm@10.8.0|imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", "licenses": [ { "license": { @@ -66944,49 +148971,41 @@ } } ], - "purl": "pkg:npm/expand-tilde@2.0.2", + "purl": "pkg:npm/imurmurhash@0.1.4?vcs_url=git%2Bhttps%3A//github.com/jensyt/imurmurhash-js.git", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/expand-tilde.git", + "url": "git+https://github.com/jensyt/imurmurhash-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/expand-tilde", + "url": "https://github.com/jensyt/imurmurhash-js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/expand-tilde/issues", + "url": "https://github.com/jensyt/imurmurhash-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0391267ac1d6eab7e767dcac1d08cf7494678b44916abd2d8ed1b930db66f67e5352fb1853ca28ce9aed443e00a87c5c6565a556e026428da758a7cdf68ca34f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/expand-tilde" + "value": "node_modules/npm/node_modules/imurmurhash" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "homedir-polyfill", - "version": "1.0.3", - "bom-ref": "homedir-polyfill@1.0.3", - "author": "Brian Woodward", - "description": "Node.js os.homedir polyfill for older versions of node.js.", + "name": "chalk", + "version": "5.3.0", + "bom-ref": "npm@10.8.0|chalk@5.3.0", + "description": "Terminal string styling done right", "licenses": [ { "license": { @@ -66994,49 +149013,42 @@ } } ], - "purl": "pkg:npm/homedir-polyfill@1.0.3", + "purl": "pkg:npm/chalk@5.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/chalk.git", "externalReferences": [ { - "url": "git+https://github.com/doowb/homedir-polyfill.git", + "url": "git+https://github.com/chalk/chalk.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/doowb/homedir-polyfill", + "url": "https://github.com/chalk/chalk#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/doowb/homedir-polyfill/issues", + "url": "https://github.com/chalk/chalk/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7929a6584e5b6532b6368bb8834008df367daecc29ec644aa0a5d2d412d492f3ef88eaace184cdd5d8d022aad7cbd939804b5d2cfcbce898d1c2c34cf6d9c370" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/homedir-polyfill" + "value": "node_modules/npm/node_modules/chalk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "parse-passwd", - "version": "1.0.0", - "bom-ref": "parse-passwd@1.0.0", - "author": "Brian Woodward", - "description": "Parse a passwd file into a list of users.", + "name": "cli-columns", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|cli-columns@4.0.0", + "author": "Shannon Moeller", + "description": "Columnated lists for the CLI.", "licenses": [ { "license": { @@ -67044,49 +149056,42 @@ } } ], - "purl": "pkg:npm/parse-passwd@1.0.0", + "purl": "pkg:npm/cli-columns@4.0.0?vcs_url=git%2Bhttps%3A//github.com/shannonmoeller/cli-columns.git", "externalReferences": [ { - "url": "git+https://github.com/doowb/parse-passwd.git", + "url": "git+https://github.com/shannonmoeller/cli-columns.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/doowb/parse-passwd", + "url": "https://github.com/shannonmoeller/cli-columns#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/doowb/parse-passwd/issues", + "url": "https://github.com/shannonmoeller/cli-columns/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d58d40fff4145c464aed82b3fab0fd5b275c135f84b8fafa64180a79c001f2d9a85ba505bf435111525ed69fa3471b5386471b6ca91fc086d625efc8784ea6d9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/parse-passwd" + "value": "node_modules/npm/node_modules/cli-columns" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "is-windows", - "version": "1.0.2", - "bom-ref": "is-windows@1.0.2", - "author": "Jon Schlinkert", - "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "npm@10.8.0|string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", "licenses": [ { "license": { @@ -67094,49 +149099,42 @@ } } ], - "purl": "pkg:npm/is-windows@1.0.2", + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/is-windows.git", + "url": "git+https://github.com/sindresorhus/string-width.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/is-windows", + "url": "https://github.com/sindresorhus/string-width#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/is-windows/issues", + "url": "https://github.com/sindresorhus/string-width/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-windows" + "value": "node_modules/npm/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "resolve-dir", - "version": "1.0.1", - "bom-ref": "resolve-dir@1.0.1", - "author": "Jon Schlinkert", - "description": "Resolve a directory that is either local, global or in the user's home directory.", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "npm@10.8.0|emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", "licenses": [ { "license": { @@ -67144,149 +149142,128 @@ } } ], - "purl": "pkg:npm/resolve-dir@1.0.1", + "purl": "pkg:npm/emoji-regex@8.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/resolve-dir.git", + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/resolve-dir", + "url": "https://mths.be/emoji-regex", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/resolve-dir/issues", + "url": "https://github.com/mathiasbynens/emoji-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "47bba24e3102cef3ac5927dd33440a14d05515c2b6eda1ce53076f2b9dc1716f33aa719d629d056e3f36732e78fb60383f6b45336d89e6445f7b547e94cff5ca" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/resolve-dir" + "value": "node_modules/npm/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "domhandler", - "version": "5.0.3", - "bom-ref": "domhandler@5.0.3", - "author": "Felix Boehm", - "description": "Handler for htmlparser2 that turns pages into a dom", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/domhandler@5.0.3", + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", "externalReferences": [ { - "url": "git://github.com/fb55/domhandler.git", + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/fb55/domhandler#readme", + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/fb55/domhandler/issues", + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "720c25bffd621508859d4f7a5d78113a1f314de7adb272620ec4dced36022c577dfbf58d908a8f4f188cffca5277c548ae15c64dfd4dcb5ab586ab95a83241e7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/domhandler" + "value": "node_modules/npm/node_modules/is-fullwidth-code-point" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "domutils", - "version": "3.1.0", - "bom-ref": "domutils@3.1.0", - "author": "Felix Boehm", - "description": "Utilities for working with htmlparser2's dom", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/domutils@3.1.0", + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", "externalReferences": [ { - "url": "git://github.com/fb55/domutils.git", + "url": "git+https://github.com/chalk/strip-ansi.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/fb55/domutils#readme", + "url": "https://github.com/chalk/strip-ansi#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/fb55/domutils/issues", + "url": "https://github.com/chalk/strip-ansi/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1fbf2e32642d23602180326359e4261f0249d9b2cf0f718c98eed98dafd9661f38c249bee2eb7e2149d47516bcb82197f3c0e2571d63e8545ed577f11208c464" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/domutils" + "value": "node_modules/npm/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "dom-serializer", - "version": "2.0.0", - "bom-ref": "dom-serializer@2.0.0", - "author": "Felix Boehm", - "description": "render domhandler DOM nodes to a string", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", "licenses": [ { "license": { @@ -67294,99 +149271,85 @@ } } ], - "purl": "pkg:npm/dom-serializer@2.0.0", + "purl": "pkg:npm/ansi-regex@5.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", "externalReferences": [ { - "url": "git://github.com/cheeriojs/dom-serializer.git", + "url": "git+https://github.com/chalk/ansi-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/cheeriojs/dom-serializer#readme", + "url": "https://github.com/chalk/ansi-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/cheeriojs/dom-serializer/issues", + "url": "https://github.com/chalk/ansi-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c08900af28aab7f9d5e4440aa90a68dd24e848e57d2740e76c9ab02bb5affd3adcf76cc801867816532ef893c55b50df185b7cd594c21a00c469b7df5de2f226" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/dom-serializer" + "value": "node_modules/npm/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "entities", - "version": "4.5.0", - "bom-ref": "entities@4.5.0", - "author": "Felix Boehm", - "description": "Encode & decode XML and HTML entities with ease & speed", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "npm@10.8.0|fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/entities@4.5.0", + "purl": "pkg:npm/fastest-levenshtein@1.0.16?vcs_url=git%2Bhttps%3A//github.com/ka-weihe/fastest-levenshtein.git", "externalReferences": [ { - "url": "git://github.com/fb55/entities.git", + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/fb55/entities#readme", + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/fb55/entities/issues", + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5748631f87463e1f40a39a74328458e8156ab700a3873eaf2392d3f00279e47fb883dff8bdb1f1d48e787d2d17b9c94b8431c0acf40288c8c3c6368bf1f3f187" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/entities" + "value": "node_modules/npm/node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "https", - "version": "1.0.0", - "bom-ref": "https@1.0.0", - "author": "hardus van der berg", - "description": "https mediation", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", "licenses": [ { "license": { @@ -67394,136 +149357,85 @@ } } ], - "purl": "pkg:npm/https@1.0.0", + "purl": "pkg:npm/foreground-child@3.1.1?vcs_url=git%2Bhttps%3A//github.com/tapjs/foreground-child.git", "externalReferences": [ { - "url": "https://registry.npmjs.org/https/-/https-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e040b9edd757ae4685d31f373a3f2c33a48b4070165f0f744a4aaed8ce0011610d677174d9d14913f180440f2280eefdb5c818a86ac3eda7b87f92f7ba6da582" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/https" + "value": "node_modules/npm/node_modules/foreground-child" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "inquirer-file-tree-selection-prompt", - "version": "2.0.2", - "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2", - "author": "anc95", - "description": "inquerer file tree selection prompt", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/inquirer-file-tree-selection-prompt@2.0.2", + "purl": "pkg:npm/cross-spawn@7.0.3?vcs_url=git%2Bssh%3A//git%40github.com/moxystudio/node-cross-spawn.git", "externalReferences": [ { - "url": "git+https://github.com/anc95/inquirer-file-tree-selection.git", + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/anc95/inquirer-file-tree-selection#readme", + "url": "https://github.com/moxystudio/node-cross-spawn", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/anc95/inquirer-file-tree-selection/issues", + "url": "https://github.com/moxystudio/node-cross-spawn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/inquirer-file-tree-selection-prompt/-/inquirer-file-tree-selection-prompt-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ae56d0ec1ca4819fdf9aded259cdac681072b8cb10ad487e8aa9f2e1a32868bab6e426354ed643a7171a3bea0407335e5410fbe7d7789936884877e74a75414b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/inquirer-file-tree-selection-prompt" - } - ], - "components": [ + "value": "node_modules/npm/node_modules/cross-spawn" + }, { - "type": "library", - "name": "rxjs", - "version": "7.8.1", - "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", - "author": "Ben Lesh", - "description": "Reactive Extensions for modern JavaScript", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/rxjs@7.8.1", - "externalReferences": [ - { - "url": "git+https://github.com/reactivex/rxjs.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://rxjs.dev", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ReactiveX/RxJS/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "000dd3563fb40368ae2284245842bfb6a16306ada3fba3cee98d3325cbf32c016110520edc72f4be5b3d8562e77196c001b2b499aafba19e15d3bf48fea3ccc6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/inquirer-file-tree-selection-prompt/node_modules/rxjs" - } - ] + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "cli-cursor", - "version": "3.1.0", - "bom-ref": "cli-cursor@3.1.0", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|path-key@3.1.1", "author": "Sindre Sorhus", - "description": "Toggle the CLI cursor", + "description": "Get the PATH environment variable key cross-platform", "licenses": [ { "license": { @@ -67531,49 +149443,42 @@ } } ], - "purl": "pkg:npm/cli-cursor@3.1.0", + "purl": "pkg:npm/path-key@3.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-key.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/cli-cursor.git", + "url": "git+https://github.com/sindresorhus/path-key.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/cli-cursor#readme", + "url": "https://github.com/sindresorhus/path-key#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/cli-cursor/issues", + "url": "https://github.com/sindresorhus/path-key/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "23fcc7030b0a7fd16a1a85cce16591002a1bf7e48dba465377de03585e7b138b68a2e46e95b0b171487a44a5043909584c7267ce43ccc92bcf35a6922cd7cb67" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cli-cursor" + "value": "node_modules/npm/node_modules/path-key" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "restore-cursor", - "version": "3.1.0", - "bom-ref": "restore-cursor@3.1.0", - "author": "Sindre Sorhus", - "description": "Gracefully restore the CLI cursor on exit", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", "licenses": [ { "license": { @@ -67581,49 +149486,42 @@ } } ], - "purl": "pkg:npm/restore-cursor@3.1.0", + "purl": "pkg:npm/shebang-command@2.0.0?vcs_url=git%2Bhttps%3A//github.com/kevva/shebang-command.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/restore-cursor.git", + "url": "git+https://github.com/kevva/shebang-command.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/restore-cursor#readme", + "url": "https://github.com/kevva/shebang-command#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/restore-cursor/issues", + "url": "https://github.com/kevva/shebang-command/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "97eb1279fcc7a63e6a8a6845484e5af27b9f65800cdec05254c00fb589260bee041f66a7486684317483d22cd141bbbd9dfc90f72e49ad59a9ec4f2866b523bc" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/restore-cursor" + "value": "node_modules/npm/node_modules/shebang-command" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "onetime", - "version": "5.1.2", - "bom-ref": "onetime@5.1.2", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|shebang-regex@3.0.0", "author": "Sindre Sorhus", - "description": "Ensure a function is only called once", + "description": "Regular expression for matching a shebang line", "licenses": [ { "license": { @@ -67631,97 +149529,83 @@ } } ], - "purl": "pkg:npm/onetime@5.1.2", + "purl": "pkg:npm/shebang-regex@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/shebang-regex.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/onetime.git", + "url": "git+https://github.com/sindresorhus/shebang-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/onetime#readme", + "url": "https://github.com/sindresorhus/shebang-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/onetime/issues", + "url": "https://github.com/sindresorhus/shebang-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "91ba5a4921894d674063928f55e30e2974ab3edafc0bc0bbc287496dcb1de758d19e60fe199bbc63456853a0e6e59e2f5abd0883fd4d2ae59129fee3e5a6984a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/onetime" + "value": "node_modules/npm/node_modules/shebang-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "mimic-fn", - "version": "2.1.0", - "bom-ref": "mimic-fn@2.1.0", - "author": "Sindre Sorhus", - "description": "Make a function mimic another one", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/mimic-fn@2.1.0", + "purl": "pkg:npm/isexe@2.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/mimic-fn.git", + "url": "git+https://github.com/isaacs/isexe.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/mimic-fn#readme", + "url": "https://github.com/isaacs/isexe#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/mimic-fn/issues", + "url": "https://github.com/isaacs/isexe/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mimic-fn" + "value": "node_modules/npm/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", "name": "signal-exit", - "version": "3.0.7", - "bom-ref": "signal-exit@3.0.7", + "version": "4.1.0", + "bom-ref": "npm@10.8.0|signal-exit@4.1.0", "author": "Ben Coe", "description": "when you want to fire an event no matter how a process exits.", "licenses": [ @@ -67731,7 +149615,7 @@ } } ], - "purl": "pkg:npm/signal-exit@3.0.7", + "purl": "pkg:npm/signal-exit@4.1.0?vcs_url=git%2Bhttps%3A//github.com/tapjs/signal-exit.git", "externalReferences": [ { "url": "git+https://github.com/tapjs/signal-exit.git", @@ -67739,7 +149623,7 @@ "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tapjs/signal-exit", + "url": "https://github.com/tapjs/signal-exit#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, @@ -67747,135 +149631,113 @@ "url": "https://github.com/tapjs/signal-exit/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c270f6644fa5f923c2feea12d2f5de13d2f5fb4c2e68ca8a95fcfd00c528dfc26cc8b48159215c1d1d51ae2eb62d9735daf2ebd606f78e5ee2c10860c2901b19" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/signal-exit" + "value": "node_modules/npm/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "figures", - "version": "3.2.0", - "bom-ref": "figures@3.2.0", - "author": "Sindre Sorhus", - "description": "Unicode symbols with Windows CMD fallbacks", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "npm@10.8.0|jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", "licenses": [ { "license": { - "id": "MIT" + "id": "BlueOak-1.0.0" } } ], - "purl": "pkg:npm/figures@3.2.0", + "purl": "pkg:npm/jackspeak@2.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/jackspeak.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/figures.git", + "url": "git+https://github.com/isaacs/jackspeak.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/figures#readme", + "url": "https://github.com/isaacs/jackspeak#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/figures/issues", + "url": "https://github.com/isaacs/jackspeak/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c9a76e40544a2d760e1a0127e8065abbdd23de08123b28aa5d4d05f4965f79762135af899385feb38e40db38398e7b3cec60056b7e01066da45f0e17a4d71b76" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/figures" + "value": "node_modules/npm/node_modules/jackspeak" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } } ], - "components": [ + "purl": "pkg:npm/%40isaacs/cliui@8.0.2?vcs_url=git%2Bhttps%3A//github.com/yargs/cliui.git", + "externalReferences": [ { - "type": "library", - "name": "escape-string-regexp", - "version": "1.0.5", - "bom-ref": "figures@3.2.0|escape-string-regexp@1.0.5", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/escape-string-regexp@1.0.5", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/figures/node_modules/escape-string-regexp" - } - ] + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "inquirer", - "version": "8.0.0", - "bom-ref": "inquirer@8.0.0", - "author": "Simon Boudrias", - "description": "A collection of common interactive command line user interfaces.", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", "licenses": [ { "license": { @@ -67883,99 +149745,85 @@ } } ], - "purl": "pkg:npm/inquirer@8.0.0", + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", "externalReferences": [ { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "url": "git+https://github.com/sindresorhus/string-width.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "url": "https://github.com/sindresorhus/string-width#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "url": "https://github.com/sindresorhus/string-width/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/inquirer/-/inquirer-8.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "38df291093cf09dca3c63f9cc6c6117ba5df0897a94f100d74d9d379bb13b90817a51c994514fdb78749c2346e6e09af9f6d022d2127a334546b25f233d5535c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/inquirer" + "value": "node_modules/npm/node_modules/string-width-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "cli-width", - "version": "3.0.0", - "bom-ref": "cli-width@3.0.0", - "author": "Ilya Radchenko", - "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/cli-width@3.0.0", + "purl": "pkg:npm/eastasianwidth@0.2.0?vcs_url=git%3A//github.com/komagata/eastasianwidth.git", "externalReferences": [ { - "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "url": "git://github.com/komagata/eastasianwidth.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/knownasilya/cli-width", + "url": "https://github.com/komagata/eastasianwidth#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/knownasilya/cli-width/issues", + "url": "https://github.com/komagata/eastasianwidth/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "171aa990f3f0bb51e3b8df773a67e6e21f2e21a9d7a1f5b44715445b793944ac7e9892584ad873361a77d8acf1c72dd800467f0dcfc458dd6f651634fa43a16f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cli-width" + "value": "node_modules/npm/node_modules/eastasianwidth" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "external-editor", - "version": "3.1.0", - "bom-ref": "external-editor@3.1.0", - "author": "Kevin Gravier", - "description": "Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", "licenses": [ { "license": { @@ -67983,101 +149831,42 @@ } } ], - "purl": "pkg:npm/external-editor@3.1.0", + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", "externalReferences": [ { - "url": "git+https://github.com/mrkmg/node-external-editor.git", + "url": "git+https://github.com/chalk/strip-ansi.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mrkmg/node-external-editor#readme", + "url": "https://github.com/chalk/strip-ansi#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mrkmg/node-external-editor/issues", + "url": "https://github.com/chalk/strip-ansi/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "84c438097d69d62ce6b8b63266a2cc3bfa86370d74c12bfd40308f7f35dfc85ace682492a117ea13529fd6ce5a9fae89e49642eb635ec06fa62b8f63382b507b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/external-editor" - } - ], - "components": [ + "value": "node_modules/npm/node_modules/strip-ansi-cjs" + }, { - "type": "library", - "name": "tmp", - "version": "0.0.33", - "bom-ref": "external-editor@3.1.0|tmp@0.0.33", - "author": "KARASZI István", - "description": "Temporary file and directory creator", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/tmp@0.0.33", - "externalReferences": [ - { - "url": "git+https://github.com/raszi/node-tmp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "http://github.com/raszi/node-tmp", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/raszi/node-tmp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/external-editor/node_modules/tmp" - } - ] + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "chardet", - "version": "0.7.0", - "bom-ref": "chardet@0.7.0", - "author": "Dmitry Shirokov", - "description": "Character detector", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", "licenses": [ { "license": { @@ -68085,49 +149874,42 @@ } } ], - "purl": "pkg:npm/chardet@0.7.0", + "purl": "pkg:npm/wrap-ansi@7.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", "externalReferences": [ { - "url": "git+ssh://git@github.com/runk/node-chardet.git", + "url": "git+https://github.com/chalk/wrap-ansi.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/runk/node-chardet", + "url": "https://github.com/chalk/wrap-ansi#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/runk/node-chardet/issues", + "url": "https://github.com/chalk/wrap-ansi/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "993f220dcae1d37a83191466a00da1981267c69965311fb4ff4aa5ce3a99112e8d762583719902340938acf159f50f39af6eee9e488d360f193a2c195c11f070" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/chardet" + "value": "node_modules/npm/node_modules/wrap-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "os-tmpdir", - "version": "1.0.2", - "bom-ref": "os-tmpdir@1.0.2", - "author": "Sindre Sorhus", - "description": "Node.js os.tmpdir() ponyfill", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", "licenses": [ { "license": { @@ -68135,99 +149917,85 @@ } } ], - "purl": "pkg:npm/os-tmpdir@1.0.2", + "purl": "pkg:npm/color-convert@2.0.1?vcs_url=git%2Bhttps%3A//github.com/Qix-/color-convert.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/os-tmpdir.git", + "url": "git+https://github.com/Qix-/color-convert.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/os-tmpdir#readme", + "url": "https://github.com/Qix-/color-convert#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/os-tmpdir/issues", + "url": "https://github.com/Qix-/color-convert/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0f6151d37562afb148bb8e57058db49936fefd9496074d2c8d4f637505edf37803ac8e19b73e45b3bff2cbbe20d8de52550638c58d6a0ebe2b35d770611557d2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/os-tmpdir" + "value": "node_modules/npm/node_modules/color-convert" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "mute-stream", - "version": "0.0.8", - "bom-ref": "mute-stream@0.0.8", - "author": "Isaac Z. Schlueter", - "description": "Bytes go in, but they don't come out (when muted).", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/mute-stream@0.0.8", + "purl": "pkg:npm/color-name@1.1.4?vcs_url=git%2Bssh%3A//git%40github.com/colorjs/color-name.git", "externalReferences": [ { - "url": "git://github.com/isaacs/mute-stream.git", + "url": "git+ssh://git@github.com/colorjs/color-name.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/mute-stream#readme", + "url": "https://github.com/colorjs/color-name", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/mute-stream/issues", + "url": "https://github.com/colorjs/color-name/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9e76d658e9285b252c4e32ab8600f475ccf6da67644a7a58a9b123226da787086ec654a4a72c09981a3c87466a25d929ef799bf744acb0790de2bb1168101f00" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mute-stream" + "value": "node_modules/npm/node_modules/color-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "run-async", - "version": "2.4.1", - "bom-ref": "run-async@2.4.1", - "author": "Simon Boudrias", - "description": "Utility method to run function either synchronously or asynchronously using the common `this.async()` style.", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", "licenses": [ { "license": { @@ -68235,151 +150003,86 @@ } } ], - "purl": "pkg:npm/run-async@2.4.1", + "purl": "pkg:npm/wrap-ansi@8.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", "externalReferences": [ { - "url": "git+https://github.com/SBoudrias/run-async.git", + "url": "git+https://github.com/chalk/wrap-ansi.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/SBoudrias/run-async#readme", + "url": "https://github.com/chalk/wrap-ansi#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SBoudrias/run-async/issues", + "url": "https://github.com/chalk/wrap-ansi/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b6f56756fd356fc73546b03a129ec9912b63f391aebff62b31cc2a6109f08ec012d9c4e698f181063023a425bb46b4a874d4a8136fea83d3b86dc78dbd4b8381" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/run-async" + "value": "node_modules/npm/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "rxjs", - "version": "6.6.7", - "bom-ref": "rxjs@6.6.7", - "author": "Ben Lesh", - "description": "Reactive Extensions for modern JavaScript", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/rxjs@6.6.7", + "purl": "pkg:npm/ansi-styles@6.2.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", "externalReferences": [ { - "url": "git+https://github.com/reactivex/rxjs.git", + "url": "git+https://github.com/chalk/ansi-styles.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ReactiveX/RxJS", + "url": "https://github.com/chalk/ansi-styles#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ReactiveX/RxJS/issues", + "url": "https://github.com/chalk/ansi-styles/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "853770afeef260d213e67e00318a7ce4a03acb0d956b414b6b7460baf6e96b85b7239c729da059a38d5c3375ccfb843a7d1323dec058211d5502664c5d826f45" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/rxjs" - } - ], - "components": [ + "value": "node_modules/npm/node_modules/ansi-styles" + }, { - "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "rxjs@6.6.7|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", - "licenses": [ - { - "license": { - "id": "0BSD" - } - } - ], - "purl": "pkg:npm/tslib@1.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/Microsoft/tslib.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://www.typescriptlang.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Microsoft/TypeScript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/rxjs/node_modules/tslib" - } - ] + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "through", - "version": "2.3.8", - "bom-ref": "through@2.3.8", - "author": "Dominic Tarr", - "description": "simplified stream construction", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", "licenses": [ { "license": { @@ -68387,545 +150090,427 @@ } } ], - "purl": "pkg:npm/through@2.3.8", + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0?vcs_url=git%2Bssh%3A//git%40github.com/pkgjs/parseargs.git", "externalReferences": [ { - "url": "git+https://github.com/dominictarr/through.git", + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/dominictarr/through", + "url": "https://github.com/pkgjs/parseargs#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dominictarr/through/issues", + "url": "https://github.com/pkgjs/parseargs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c3cf6a83b3c8f3001dbd7eb46cc0cff9b1680f90ef866f682e1785a793b86b6405d1c4811ac057e2a66669d3ccbd5aa52c9041722f96a8618e00fbdc0de35256" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/through" + "value": "node_modules/npm/node_modules/@pkgjs/parseargs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-mock", - "version": "29.7.0", - "bom-ref": "jest-mock@29.7.0", + "name": "path-scurry", + "version": "1.11.1", + "bom-ref": "npm@10.8.0|path-scurry@1.11.1", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", "licenses": [ { "license": { - "id": "MIT" + "id": "BlueOak-1.0.0" } } ], - "purl": "pkg:npm/jest-mock@29.7.0#packages/jest-mock", + "purl": "pkg:npm/path-scurry@1.11.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/path-scurry.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-mock", + "url": "git+https://github.com/isaacs/path-scurry.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/isaacs/path-scurry#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/isaacs/path-scurry/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "21338c667f949184b864587cdf16003b3592b65a0dcc914edacf035ab138961b460fe028ae09db92228445ee3041507274818fc74e7d83aae25b906da7a2e59f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-mock" + "value": "node_modules/npm/node_modules/path-scurry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "istanbul-lib-report", - "group": "@types", - "version": "3.0.3", - "bom-ref": "@types/istanbul-lib-report@3.0.3", - "description": "TypeScript definitions for istanbul-lib-report", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "npm@10.8.0|graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.3#types/istanbul-lib-report", + "purl": "pkg:npm/graceful-fs@4.2.11?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-report", + "url": "git+https://github.com/isaacs/node-graceful-fs.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-report", + "url": "https://github.com/isaacs/node-graceful-fs#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/isaacs/node-graceful-fs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3509fb00742793f4522cec6b05b1b224cfda550fa98e3e470a06ac1717342bf2a1a004df43fe3b032525d79236c815298a18e66acf9af952413aa79cac51feb8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/istanbul-lib-report" + "value": "node_modules/npm/node_modules/graceful-fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "yargs-parser", - "group": "@types", - "version": "21.0.3", - "bom-ref": "@types/yargs-parser@21.0.3", - "description": "TypeScript definitions for yargs-parser", + "name": "init-package-json", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|init-package-json@6.0.3", + "author": "GitHub Inc.", + "description": "A node module to get your node module started", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40types/yargs-parser@21.0.3#types/yargs-parser", + "purl": "pkg:npm/init-package-json@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/init-package-json.git", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs-parser", + "url": "git+https://github.com/npm/init-package-json.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs-parser", + "url": "https://github.com/npm/init-package-json#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/npm/init-package-json/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "238abd414f4c42fe2810ecf8b401c9b4dcf5730b8bc67d85df171cda257959da8b3e95278f7d1a52ec6dd660316131bea1ef0264c57ffbaad4e12e20443ceab5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/yargs-parser" + "value": "node_modules/npm/node_modules/init-package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest", - "version": "29.7.0", - "bom-ref": "jest@29.7.0", - "description": "Delightful JavaScript Testing.", + "name": "promzard", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|promzard@1.0.2", + "author": "GitHub Inc.", + "description": "prompting wizardly", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/jest@29.7.0#packages/jest", + "purl": "pkg:npm/promzard@1.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promzard.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest", + "url": "git+https://github.com/npm/promzard.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://jestjs.io/", + "url": "https://github.com/npm/promzard#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/npm/promzard/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "348cb7a00169f6c85d6b5f61cb81cad0745358ab4f26619d9efcb0bb4d673aa342daf660f99f9fbc90f1a4c400f3c79bd88f4471a7dc763620b03b619d84ef1b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest" + "value": "node_modules/npm/node_modules/promzard" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "core", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/core@29.7.0", - "description": "Delightful JavaScript Testing.", + "name": "read", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|read@3.0.1", + "author": "GitHub Inc.", + "description": "read(1) for node programs", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40jest/core@29.7.0#packages/jest-core", + "purl": "pkg:npm/read@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/read.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-core", + "url": "git+https://github.com/npm/read.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://jestjs.io/", + "url": "https://github.com/npm/read#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/npm/read/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9fb69e5d628c9c6b43038f32f132d624f2662e6999eb8d827a8efc718584a620fb1730e098d0d5fc6095468acf0017572c967ff70cf38190251e35e3c431c6b2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/core" - } - ], - "components": [ + "value": "node_modules/npm/node_modules/read" + }, { - "type": "library", - "name": "ci-info", - "version": "3.9.0", - "bom-ref": "@jest/core@29.7.0|ci-info@3.9.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ci-info@3.9.0", - "externalReferences": [ - { - "url": "git+https://github.com/watson/ci-info.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/watson/ci-info", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/watson/ci-info/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/core/node_modules/ci-info" - } - ] + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "console", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/console@29.7.0", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40jest/console@29.7.0#packages/jest-console", + "purl": "pkg:npm/validate-npm-package-license@3.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-console", + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e4d8b8094ed71d08b7d88277f7c1043f846b07c795d3db173f644ea83e1b92c1eb9d3ade7b9d8fb31bd7f2da4bf0bbd3677a45cd7c8f6cd411792378d420213a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/console" + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "reporters", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/reporters@29.7.0", - "description": "Jest's reporters", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40jest/reporters@29.7.0#packages/jest-reporters", + "purl": "pkg:npm/spdx-correct@3.2.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-correct.js.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-reporters", + "url": "git+https://github.com/jslicense/spdx-correct.js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://jestjs.io/", + "url": "https://github.com/jslicense/spdx-correct.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/jslicense/spdx-correct.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0c0a6ad0a25b24e1330056231c00cd371004dca6e1c50075cb92a995be566aac3acd56ee59ab529cc8c4e60b3c1548043e636c9d90373425a5f4d1b489ad383e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/reporters" + "value": "node_modules/npm/node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "test-result", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/test-result@29.7.0", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "npm@10.8.0|spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", "licenses": [ { "license": { - "id": "MIT" + "id": "CC-BY-3.0" } } ], - "purl": "pkg:npm/%40jest/test-result@29.7.0#packages/jest-test-result", + "purl": "pkg:npm/spdx-exceptions@2.5.0?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-result", + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "15dc7eb6feb1d7396424f7165e6303006d87067691f573d277968359056c7eb6662d54f7954d5cc32c4b81199747dcabab8341a049bd04cb1f805cd34006c960" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/test-result" + "value": "node_modules/npm/node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "transform", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/transform@29.7.0", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "npm@10.8.0|spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", "licenses": [ { "license": { - "id": "MIT" + "id": "CC0-1.0" } } ], - "purl": "pkg:npm/%40jest/transform@29.7.0#packages/jest-transform", + "purl": "pkg:npm/spdx-license-ids@3.0.17?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-license-ids.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-transform", + "url": "git+https://github.com/jslicense/spdx-license-ids.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/jslicense/spdx-license-ids#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/jslicense/spdx-license-ids/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a24fc14cf17314a54cc0ee5e38746bbe70551dd472f48aecad6d46a4c690f4c0a78a534b5d02a6017f2cd585c315a6a2f7126969cdb24b357461e451102af657" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/transform" + "value": "node_modules/npm/node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "fs.realpath", - "version": "1.0.0", - "bom-ref": "fs.realpath@1.0.0", - "author": "Isaac Z. Schlueter", - "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", "licenses": [ { "license": { @@ -68933,299 +150518,257 @@ } } ], - "purl": "pkg:npm/fs.realpath@1.0.0", + "purl": "pkg:npm/validate-npm-package-name@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/validate-npm-package-name.git", "externalReferences": [ { - "url": "git+https://github.com/isaacs/fs.realpath.git", + "url": "git+https://github.com/npm/validate-npm-package-name.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/fs.realpath#readme", + "url": "https://github.com/npm/validate-npm-package-name", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/fs.realpath/issues", + "url": "https://github.com/npm/validate-npm-package-name/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "38ed291f694ae9ad2166701d6aee48b731cf23aa5496f23b8cc567c54411b70e28c05db093c94e49a6ed1830933f81a0ae0d8c6c69d63bd5fc2b5b78f9f18c0f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fs.realpath" + "value": "node_modules/npm/node_modules/validate-npm-package-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "inflight", - "version": "1.0.6", - "bom-ref": "inflight@1.0.6", - "author": "Isaac Z. Schlueter", - "description": "Add callbacks to requests in flight to avoid async duplication", + "name": "is-cidr", + "version": "5.0.5", + "bom-ref": "npm@10.8.0|is-cidr@5.0.5", + "author": "silverwind", + "description": "Check if a string is an IP address in CIDR notation", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/inflight@1.0.6", + "purl": "pkg:npm/is-cidr@5.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/is-cidr.git", "externalReferences": [ { - "url": "git+https://github.com/npm/inflight.git", + "url": "git+https://github.com/silverwind/is-cidr.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/inflight", + "url": "https://github.com/silverwind/is-cidr#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/inflight/issues", + "url": "https://github.com/silverwind/is-cidr/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "93dd88fdbd3cab8c2f16c71708bbea7ec1c2ae3ac5ef2897b10b8856f544ecdf365b7f9aaa9cee51d05b7e159ccbf159477ff82207e532028b3acbcf0eb18224" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/inflight" + "value": "node_modules/npm/node_modules/is-cidr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "path-is-absolute", - "version": "1.0.1", - "bom-ref": "path-is-absolute@1.0.1", - "author": "Sindre Sorhus", - "description": "Node.js 0.12 path.isAbsolute() ponyfill", + "name": "cidr-regex", + "version": "4.0.5", + "bom-ref": "npm@10.8.0|cidr-regex@4.0.5", + "author": "silverwind", + "description": "Regular expression for matching IP addresses in CIDR notation", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/path-is-absolute@1.0.1", + "purl": "pkg:npm/cidr-regex@4.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/cidr-regex.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/path-is-absolute.git", + "url": "git+https://github.com/silverwind/cidr-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/path-is-absolute#readme", + "url": "https://github.com/silverwind/cidr-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/path-is-absolute/issues", + "url": "https://github.com/silverwind/cidr-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0156f0dd42767bd6eaeb8bd2692f409b47e37b53daf296c6a934ec9977da2223299ebe4394385f24eb8b8fd49ff7964f5430147ab0df124f3c30f98f7bb50242" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/path-is-absolute" + "value": "node_modules/npm/node_modules/cidr-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "istanbul-lib-instrument", - "version": "6.0.2", - "bom-ref": "istanbul-lib-instrument@6.0.2", - "author": "Krishnan Anantheswaran", - "description": "Core istanbul API for JS code coverage", + "name": "ip-regex", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|ip-regex@5.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching IP addresses (IPv4 & IPv6)", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/istanbul-lib-instrument@6.0.2#packages/istanbul-lib-instrument", + "purl": "pkg:npm/ip-regex@5.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ip-regex.git", "externalReferences": [ { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "url": "git+https://github.com/sindresorhus/ip-regex.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://istanbul.js.org/", + "url": "https://github.com/sindresorhus/ip-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/istanbuljs/issues", + "url": "https://github.com/sindresorhus/ip-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d5652c67d475940d07b414a8853926dfd5933e534a489e62164ed4c2a5e404ba07413fa17ea3ec7ec4c356e65d286681c27edd8a7f5b4bb4ac9e802bf78de1bf" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/istanbul-lib-instrument" + "value": "node_modules/npm/node_modules/ip-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "make-dir", - "version": "4.0.0", - "bom-ref": "make-dir@4.0.0", - "author": "Sindre Sorhus", - "description": "Make a directory and its parents if needed - Think `mkdir -p`", + "name": "libnpmaccess", + "version": "8.0.6", + "bom-ref": "npm@10.8.0|libnpmaccess@8.0.6", + "author": "GitHub Inc.", + "description": "programmatic library for `npm access` commands", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/make-dir@4.0.0", + "purl": "pkg:npm/libnpmaccess@8.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmaccess", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/make-dir.git", + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmaccess", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/make-dir#readme", + "url": "https://npmjs.com/package/libnpmaccess", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/make-dir/issues", + "url": "https://github.com/npm/libnpmaccess/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8577544d960854eb75131fff8c0422fb04d9669529c018ffd10b0ecea7a06f7ac630c78989212ee712c79d87c1ad1578447dbe38248e3bde48b3fef1d562786f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/make-dir" + "value": "node_modules/npm/node_modules/libnpmaccess" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "source-map", - "version": "0.6.1", - "bom-ref": "source-map@0.6.1", - "author": "Nick Fitzgerald", - "description": "Generates and consumes source maps", + "name": "libnpmdiff", + "version": "6.1.2", + "bom-ref": "npm@10.8.0|libnpmdiff@6.1.2", + "author": "GitHub Inc.", + "description": "The registry diff", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "ISC" } } ], - "purl": "pkg:npm/source-map@0.6.1", + "purl": "pkg:npm/libnpmdiff@6.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmdiff", "externalReferences": [ { - "url": "git+ssh://git@github.com/mozilla/source-map.git", + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmdiff", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/mozilla/source-map", + "url": "https://github.com/npm/cli#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mozilla/source-map/issues", + "url": "https://github.com/npm/cli/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/source-map" + "value": "node_modules/npm/node_modules/libnpmdiff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "html-escaper", - "version": "2.0.2", - "bom-ref": "html-escaper@2.0.2", - "author": "Andrea Giammarchi", - "description": "fast and safe way to escape and unescape &<>'\" chars", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", "licenses": [ { "license": { @@ -69233,935 +150776,777 @@ } } ], - "purl": "pkg:npm/html-escaper@2.0.2", + "purl": "pkg:npm/binary-extensions@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/binary-extensions.git", "externalReferences": [ { - "url": "git+https://github.com/WebReflection/html-escaper.git", + "url": "git+https://github.com/sindresorhus/binary-extensions.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/WebReflection/html-escaper", + "url": "https://github.com/sindresorhus/binary-extensions#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/WebReflection/html-escaper/issues", + "url": "https://github.com/sindresorhus/binary-extensions/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/html-escaper" + "value": "node_modules/npm/node_modules/binary-extensions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-worker", - "version": "29.7.0", - "bom-ref": "jest-worker@29.7.0", + "name": "diff", + "version": "5.2.0", + "bom-ref": "npm@10.8.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/jest-worker@29.7.0#packages/jest-worker", + "purl": "pkg:npm/diff@5.2.0?vcs_url=git%3A//github.com/kpdecker/jsdiff.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-worker", + "url": "git://github.com/kpdecker/jsdiff.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/kpdecker/jsdiff#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "http://github.com/kpdecker/jsdiff/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "788cf69ac2ff1332fd5054c5171ee305391e65f92ed32500c99659989f771f64d8122ae8231d8f42311773062d625f335c2c5bf8f02603684b22dffa64490f1f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-worker" + "value": "node_modules/npm/node_modules/diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "char-regex", - "version": "1.0.2", - "bom-ref": "char-regex@1.0.2", - "author": "Richie Bendall", - "description": "A regex to match any full character, considering weird character ranges.", + "name": "libnpmexec", + "version": "8.1.1", + "bom-ref": "npm@10.8.0|libnpmexec@8.1.1", + "author": "GitHub Inc.", + "description": "npm exec (npx) programmatic API", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/char-regex@1.0.2", + "purl": "pkg:npm/libnpmexec@8.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmexec", "externalReferences": [ { - "url": "git+https://github.com/Richienb/char-regex.git", + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmexec", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/Richienb/char-regex#readme", + "url": "https://github.com/npm/cli#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Richienb/char-regex/issues", + "url": "https://github.com/npm/cli/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "916597cedbd9e5205057e79180a15e87cab9b0bb99636fbc5942339715954e0fa81b0635e2aca5c7529b2b31ddf0fe99624020d31c880d4f4930787224c6758f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/char-regex" + "value": "node_modules/npm/node_modules/libnpmexec" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "convert-source-map", - "version": "2.0.0", - "bom-ref": "convert-source-map@2.0.0", - "author": "Thorsten Lorenz", - "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "name": "libnpmfund", + "version": "5.0.10", + "bom-ref": "npm@10.8.0|libnpmfund@5.0.10", + "author": "GitHub Inc.", + "description": "Programmatic API for npm fund", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/convert-source-map@2.0.0", + "purl": "pkg:npm/libnpmfund@5.0.10?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmfund", "externalReferences": [ { - "url": "git://github.com/thlorenz/convert-source-map.git", + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmfund", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/thlorenz/convert-source-map", + "url": "https://github.com/npm/cli#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thlorenz/convert-source-map/issues", + "url": "https://github.com/npm/cli/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2afa78e7d1eb576144275080b22d4abbe318de46ac1f5f53172913cf6c5698c7aae9b936354dd75ef7c9f90eb59b4c64b56c2dfb51d261fdc966c4e6b3769126" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/convert-source-map" + "value": "node_modules/npm/node_modules/libnpmfund" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-changed-files", - "version": "29.7.0", - "bom-ref": "jest-changed-files@29.7.0", + "name": "libnpmhook", + "version": "10.0.5", + "bom-ref": "npm@10.8.0|libnpmhook@10.0.5", + "author": "GitHub Inc.", + "description": "programmatic API for managing npm registry hooks", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/jest-changed-files@29.7.0#packages/jest-changed-files", + "purl": "pkg:npm/libnpmhook@10.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmhook", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-changed-files", + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmhook", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/npm/cli#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/npm/cli/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7c402b162c1fd41a50fb86d74a9adc0dcdffc781d2ccbe1a976b68cf05690c5a6cc402e32d87728882b87b9573eba1902486d727cdbedf93edcaca1fa6d357db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-changed-files" + "value": "node_modules/npm/node_modules/libnpmhook" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "get-stream", - "version": "6.0.1", - "bom-ref": "get-stream@6.0.1", - "author": "Sindre Sorhus", - "description": "Get a stream as a string, buffer, or array", + "name": "aproba", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|aproba@2.0.0", + "author": "Rebecca Turner", + "description": "A ridiculously light-weight argument validator (now browser friendly)", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/get-stream@6.0.1", + "purl": "pkg:npm/aproba@2.0.0?vcs_url=git%2Bhttps%3A//github.com/iarna/aproba.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/get-stream.git", + "url": "git+https://github.com/iarna/aproba.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/get-stream#readme", + "url": "https://github.com/iarna/aproba", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/get-stream/issues", + "url": "https://github.com/iarna/aproba/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b6ce968beda3de3423aa2ef4c3902537c0c59e44b00be32a9b113374400b076a976585775ff6f50937e03cb18934c7805b174f7d4f053b59acdcd51f68708f62" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/get-stream" + "value": "node_modules/npm/node_modules/aproba" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "human-signals", - "version": "2.1.0", - "bom-ref": "human-signals@2.1.0", - "author": "ehmicky", - "description": "Human-friendly process signals", + "name": "libnpmorg", + "version": "6.0.6", + "bom-ref": "npm@10.8.0|libnpmorg@6.0.6", + "author": "GitHub Inc.", + "description": "Programmatic api for `npm org` commands", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/human-signals@2.1.0", + "purl": "pkg:npm/libnpmorg@6.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmorg", "externalReferences": [ { - "url": "git+https://github.com/ehmicky/human-signals.git", + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmorg", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://git.io/JeluP", + "url": "https://npmjs.com/package/libnpmorg", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ehmicky/human-signals/issues", + "url": "https://github.com/npm/libnpmorg/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "07814567aabf4f68e1864b2091b116dc706f5887c35bce6c9e44206b0b74ed2ec9e505d393a064355fb4c80799acce50a4c01d625a1c1a89639f4b09fd642417" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/human-signals" + "value": "node_modules/npm/node_modules/libnpmorg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "npm-run-path", - "version": "4.0.1", - "bom-ref": "npm-run-path@4.0.1", - "author": "Sindre Sorhus", - "description": "Get your PATH prepended with locally installed binaries", + "name": "libnpmpack", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|libnpmpack@7.0.2", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm pack", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/npm-run-path@4.0.1", + "purl": "pkg:npm/libnpmpack@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpack", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpack", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/npm-run-path#readme", + "url": "https://npmjs.com/package/libnpmpack", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/npm-run-path/issues", + "url": "https://github.com/npm/libnpmpack/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm-run-path" + "value": "node_modules/npm/node_modules/libnpmpack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "strip-final-newline", - "version": "2.0.0", - "bom-ref": "strip-final-newline@2.0.0", - "author": "Sindre Sorhus", - "description": "Strip the final newline character from a string/buffer", + "name": "libnpmpublish", + "version": "9.0.8", + "bom-ref": "npm@10.8.0|libnpmpublish@9.0.8", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm publish and unpublish", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/strip-final-newline@2.0.0", + "purl": "pkg:npm/libnpmpublish@9.0.8?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpublish", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/strip-final-newline.git", + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpublish", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/strip-final-newline#readme", + "url": "https://npmjs.com/package/libnpmpublish", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/strip-final-newline/issues", + "url": "https://github.com/npm/cli/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/strip-final-newline" + "value": "node_modules/npm/node_modules/libnpmpublish" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "yocto-queue", - "version": "0.1.0", - "bom-ref": "yocto-queue@0.1.0", - "author": "Sindre Sorhus", - "description": "Tiny queue data structure", + "name": "sigstore", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|sigstore@2.3.0", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/yocto-queue@0.1.0", + "purl": "pkg:npm/sigstore@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/yocto-queue.git", + "url": "git+https://github.com/sigstore/sigstore-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/yocto-queue#readme", + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/yocto-queue/issues", + "url": "https://github.com/sigstore/sigstore-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ad592cbec9cd09d27fa2119ceb180fc3237c7a1782c6c88b33c9b1b84fedfe6395a897b03ee3b59a22e94c74224604ca08b7b12f831e00555a82db3b1e6359d9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yocto-queue" + "value": "node_modules/npm/node_modules/sigstore" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-config", - "version": "29.7.0", - "bom-ref": "jest-config@29.7.0", + "name": "bundle", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore bundle type", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/jest-config@29.7.0#packages/jest-config", + "purl": "pkg:npm/%40sigstore/bundle@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-config", + "url": "git+https://github.com/sigstore/sigstore-js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/sigstore/sigstore-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b976e97de43b47a4d906a237fd3c42538ab8b6d937bb43c9782f84d336df4a84a3aba6c9edbb813f1cd03cbd227eb918e0336ee0951d9342269415188bce3479" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-config" - } - ], - "components": [ + "value": "node_modules/npm/node_modules/@sigstore/bundle" + }, { - "type": "library", - "name": "ci-info", - "version": "3.9.0", - "bom-ref": "jest-config@29.7.0|ci-info@3.9.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ci-info@3.9.0", - "externalReferences": [ - { - "url": "git+https://github.com/watson/ci-info.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/watson/ci-info", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/watson/ci-info/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-config/node_modules/ci-info" - } - ] + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "test-sequencer", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/test-sequencer@29.7.0", + "name": "core", + "group": "@sigstore", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@sigstore/core@1.1.0", + "author": "bdehamer@github.com", + "description": "Base library for Sigstore", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40jest/test-sequencer@29.7.0#packages/jest-test-sequencer", + "purl": "pkg:npm/%40sigstore/core@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-sequencer", + "url": "git+https://github.com/sigstore/sigstore-js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/sigstore/sigstore-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "190c09e56655aca9ce26e898880179d94354257813671d4d1e3152101d2a10c99264a02474ca08cf0fc28fac7a345e00bd5db7014a83a45cd090dfde602613c7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/test-sequencer" + "value": "node_modules/npm/node_modules/@sigstore/core" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-haste-map", - "version": "29.7.0", - "bom-ref": "jest-haste-map@29.7.0", + "name": "sign", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore signing library", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/jest-haste-map@29.7.0#packages/jest-haste-map", + "purl": "pkg:npm/%40sigstore/sign@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-haste-map", + "url": "git+https://github.com/sigstore/sigstore-js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/sigstore/sigstore-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7cff2eda9c9fab1d0ad6b1a7d51f69c84d3f2939fe1bb3f192d5a274e053a853cb617d1bf64b1a3059212b9beb4b70d5ba7d3da5c90b765c7dd10b61956ec098" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-haste-map" + "value": "node_modules/npm/node_modules/@sigstore/sign" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "babel-jest", - "version": "29.7.0", - "bom-ref": "babel-jest@29.7.0", - "description": "Jest plugin to use babel for transformation.", + "name": "verify", + "group": "@sigstore", + "version": "1.2.0", + "bom-ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "author": "bdehamer@github.com", + "description": "Verification of Sigstore signatures", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/babel-jest@29.7.0#packages/babel-jest", + "purl": "pkg:npm/%40sigstore/verify@1.2.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/babel-jest", + "url": "git+https://github.com/sigstore/sigstore-js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/sigstore/sigstore-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "06bbc6637c594b011c0b32af2ac0a2d86807a83aac62438fe3f6f2e710a023019743120487ef1ec37826ac4d72ed7451e8b1d9223eb22d89d48bf9a6d8a5ca06" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/babel-jest" + "value": "node_modules/npm/node_modules/@sigstore/verify" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-circus", - "version": "29.7.0", - "bom-ref": "jest-circus@29.7.0", + "name": "libnpmsearch", + "version": "7.0.5", + "bom-ref": "npm@10.8.0|libnpmsearch@7.0.5", + "author": "GitHub Inc.", + "description": "Programmatic API for searching in npm and compatible registries.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/jest-circus@29.7.0#packages/jest-circus", + "purl": "pkg:npm/libnpmsearch@7.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmsearch", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-circus", + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmsearch", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://npmjs.com/package/libnpmsearch", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/npm/libnpmsearch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dc4d6708c822a5c4e40a8705c0cf745d741a6fd6d2f8632c8dda663eb95e95ac700fddc077c8951235ffbef1cf74b3e715ff8be34bbee7e8aeb51740d4df66cb" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-circus" + "value": "node_modules/npm/node_modules/libnpmsearch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "environment", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/environment@29.7.0", + "name": "libnpmteam", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|libnpmteam@6.0.5", + "author": "GitHub Inc.", + "description": "npm Team management APIs", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40jest/environment@29.7.0#packages/jest-environment", + "purl": "pkg:npm/libnpmteam@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmteam", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment", + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmteam", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://npmjs.com/package/libnpmteam", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/npm/cli/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "69021f1c3ab7dc4c6c3788cfd4d5865e1c6043fc22c6ceb480388a3be5d531df0c9f43563d681cdf86500d36f68ca694590eccbb0a22b5702c3765d55cd32903" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/environment" + "value": "node_modules/npm/node_modules/libnpmteam" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "expect", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/expect@29.7.0", + "name": "libnpmversion", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|libnpmversion@6.0.2", + "author": "GitHub Inc.", + "description": "library to do the things that 'npm version' does", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40jest/expect@29.7.0#packages/jest-expect", + "purl": "pkg:npm/libnpmversion@6.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmversion", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-expect", + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmversion", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/npm/cli#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/npm/cli/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f2e31e00cc9cb6da6f6b73f59411c1f157224bd5745c0af71b298fa62a5dc905db05cba190b40e49ef04fe9f7647201d4e84ba643d6d1645fe0a486810213475" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/expect" + "value": "node_modules/npm/node_modules/libnpmversion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-snapshot", - "version": "29.7.0", - "bom-ref": "jest-snapshot@29.7.0", + "name": "agent", + "group": "@npmcli", + "version": "2.2.2", + "bom-ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "author": "GitHub Inc.", + "description": "the http/https agent used by the npm cli", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/jest-snapshot@29.7.0#packages/jest-snapshot", + "purl": "pkg:npm/%40npmcli/agent@2.2.2?vcs_url=git%2Bhttps%3A//github.com/npm/agent.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-snapshot", + "url": "git+https://github.com/npm/agent.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/npm/agent#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/npm/agent/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "466d01316b7105c8a81ebd7f397e5808ff14a2fe2b887bca3e49ce1acf34e1983d2466609880646ed971242ffb6789ac29855b209b5f53eb4a6fcc6560d7dd93" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-snapshot" + "value": "node_modules/npm/node_modules/@npmcli/agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "dedent", - "version": "1.5.3", - "bom-ref": "dedent@1.5.3", - "author": "Desmond Brand", - "description": "A string tag that strips indentation from multi-line strings. ⬅️", + "name": "agent-base", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|agent-base@7.1.1", + "author": "Nathan Rajlich", + "description": "Turn a function into an `http.Agent` instance", "licenses": [ { "license": { @@ -70169,49 +151554,42 @@ } } ], - "purl": "pkg:npm/dedent@1.5.3", + "purl": "pkg:npm/agent-base@7.1.1?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/agent-base", "externalReferences": [ { - "url": "git+https://github.com/dmnd/dedent.git", + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/agent-base", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/dmnd/dedent", + "url": "https://github.com/TooTallNate/proxy-agents#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dmnd/dedent/issues", + "url": "https://github.com/TooTallNate/proxy-agents/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "34742d7ce396ebc583f25832a5b2c0e684fe06dd315c986262fa11e929a635765fa733865f074a5a67301bc37b3f0555595dde17febc9e60fd05a252b13061c9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/dedent" + "value": "node_modules/npm/node_modules/agent-base" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-each", - "version": "29.7.0", - "bom-ref": "jest-each@29.7.0", - "author": "Matt Phillips", - "description": "Parameterised tests for Jest", + "name": "http-proxy-agent", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP", "licenses": [ { "license": { @@ -70219,47 +151597,42 @@ } } ], - "purl": "pkg:npm/jest-each@29.7.0#packages/jest-each", + "purl": "pkg:npm/http-proxy-agent@7.0.2?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-each", + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/TooTallNate/proxy-agents#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/TooTallNate/proxy-agents/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "827b3e12bd78f99ac4a02e5f84e7d8098d4b3871ebd1323ead0507652f13b70da5ee097ef3478773f8057f62ad930d3e4880020d3796be915cbf7074e157a66d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-each" + "value": "node_modules/npm/node_modules/http-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-runtime", - "version": "29.7.0", - "bom-ref": "jest-runtime@29.7.0", + "name": "https-proxy-agent", + "version": "7.0.4", + "bom-ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", "licenses": [ { "license": { @@ -70267,49 +151640,42 @@ } } ], - "purl": "pkg:npm/jest-runtime@29.7.0#packages/jest-runtime", + "purl": "pkg:npm/https-proxy-agent@7.0.4?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-runtime", + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/TooTallNate/proxy-agents#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/TooTallNate/proxy-agents/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8149cb8e0c1d1aa5bb0782ef38891b2acf5619b9fe40ba91410f63b82e879dd78389ecc8c210cffa684cc0758211c7d0e515176ba38f9c517c049879c5e830c1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-runtime" + "value": "node_modules/npm/node_modules/https-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "pure-rand", - "version": "6.1.0", - "bom-ref": "pure-rand@6.1.0", - "author": "Nicolas DUBIEN", - "description": " Pure random number generator written in TypeScript", + "name": "socks-proxy-agent", + "version": "8.0.3", + "bom-ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "author": "Nathan Rajlich", + "description": "A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS", "licenses": [ { "license": { @@ -70317,47 +151683,42 @@ } } ], - "purl": "pkg:npm/pure-rand@6.1.0", + "purl": "pkg:npm/socks-proxy-agent@8.0.3?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", "externalReferences": [ { - "url": "git+https://github.com/dubzzz/pure-rand.git", + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/dubzzz/pure-rand#readme", + "url": "https://github.com/TooTallNate/proxy-agents#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dubzzz/pure-rand/issues", + "url": "https://github.com/TooTallNate/proxy-agents/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6d559ac2fa19a01629a7ac88a10b505c76639b3df94525479d439379f97c55c8ebf2c9d33d8d709e948f3167a4705c1bc48ea0b664fbad260f16fcfbd6576238" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pure-rand" + "value": "node_modules/npm/node_modules/socks-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-environment-node", - "version": "29.7.0", - "bom-ref": "jest-environment-node@29.7.0", + "name": "socks", + "version": "2.8.3", + "bom-ref": "npm@10.8.0|socks@2.8.3", + "author": "Josh Glazebrook", + "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.", "licenses": [ { "license": { @@ -70365,48 +151726,42 @@ } } ], - "purl": "pkg:npm/jest-environment-node@29.7.0#packages/jest-environment-node", + "purl": "pkg:npm/socks@2.8.3?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/socks.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment-node", + "url": "git+https://github.com/JoshGlazebrook/socks.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/JoshGlazebrook/socks/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/JoshGlazebrook/socks/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0ce4b0091a978ab4ceca178cfb87796193ab59c76ed0b359f3b7b0528cb06dc6f65d1e302a0aa21bcbcd798c218c531b1247e3bbbc31d86607d0fda07af1af17" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-environment-node" + "value": "node_modules/npm/node_modules/socks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "fake-timers", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/fake-timers@29.7.0", + "name": "ip-address", + "version": "9.0.5", + "bom-ref": "npm@10.8.0|ip-address@9.0.5", + "author": "Beau Gunderson", + "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.", "licenses": [ { "license": { @@ -70414,47 +151769,42 @@ } } ], - "purl": "pkg:npm/%40jest/fake-timers@29.7.0#packages/jest-fake-timers", + "purl": "pkg:npm/ip-address@9.0.5?vcs_url=git%3A//github.com/beaugunderson/ip-address.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-fake-timers", + "url": "git://github.com/beaugunderson/ip-address.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/beaugunderson/ip-address#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/beaugunderson/ip-address/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ab80c7d476b84d314f7712eca835cad5ddfe8a848bef22f9a023096600d89ba8bee82ca05b9139c55aff0f51ddb06c63b7565649f500b3d3b1481fc135e956ad" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/fake-timers" + "value": "node_modules/npm/node_modules/ip-address" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-regex-util", - "version": "29.6.3", - "bom-ref": "jest-regex-util@29.6.3", + "name": "jsbn", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|jsbn@1.1.0", + "author": "Tom Wu", + "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", "licenses": [ { "license": { @@ -70462,95 +151812,85 @@ } } ], - "purl": "pkg:npm/jest-regex-util@29.6.3#packages/jest-regex-util", + "purl": "pkg:npm/jsbn@1.1.0?vcs_url=git%2Bhttps%3A//github.com/andyperlitch/jsbn.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-regex-util", + "url": "git+https://github.com/andyperlitch/jsbn.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/andyperlitch/jsbn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/andyperlitch/jsbn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "289241b110b2c8b35608d04ebd9c910e70087d489127cbfe84e0506069fc803c85dd47a0c223f8830451dff4836b8da0d586d5c9c4e2754177aca8f22c50d66e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-regex-util" + "value": "node_modules/npm/node_modules/jsbn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-resolve", - "version": "29.7.0", - "bom-ref": "jest-resolve@29.7.0", + "name": "sprintf-js", + "version": "1.1.3", + "bom-ref": "npm@10.8.0|sprintf-js@1.1.3", + "author": "Alexandru Mărășteanu", + "description": "JavaScript sprintf implementation", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/jest-resolve@29.7.0#packages/jest-resolve", + "purl": "pkg:npm/sprintf-js@1.1.3?vcs_url=git%2Bhttps%3A//github.com/alexei/sprintf.js.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve", + "url": "git+https://github.com/alexei/sprintf.js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/alexei/sprintf.js#readme", "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "20e561652ae0f94bd502c843483b47c8508205497f43700026ff2267a6639d9ef8c73bf0bb32d789df482083e04e763ad922637eeba930a66c65046c0afc4480" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-resolve" + "value": "node_modules/npm/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-runner", - "version": "29.7.0", - "bom-ref": "jest-runner@29.7.0", + "name": "smart-buffer", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|smart-buffer@4.2.0", + "author": "Josh Glazebrook", + "description": "smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.", "licenses": [ { "license": { @@ -70558,199 +151898,128 @@ } } ], - "purl": "pkg:npm/jest-runner@29.7.0#packages/jest-runner", + "purl": "pkg:npm/smart-buffer@4.2.0?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/smart-buffer.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-runner", + "url": "git+https://github.com/JoshGlazebrook/smart-buffer.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/JoshGlazebrook/smart-buffer/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/JoshGlazebrook/smart-buffer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7ec73837a70f0806a1c9b1817d345cab9c0547a7e92f39cc838eec639683a6ca1e8ce7156056f4ec01ee4a747496231c3d3801b00dd924bea414e8cf768362a5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-runner" + "value": "node_modules/npm/node_modules/smart-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-validate", - "version": "29.7.0", - "bom-ref": "jest-validate@29.7.0", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "npm@10.8.0|http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/jest-validate@29.7.0#packages/jest-validate", + "purl": "pkg:npm/http-cache-semantics@4.1.1?vcs_url=git%2Bhttps%3A//github.com/kornelski/http-cache-semantics.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-validate", + "url": "git+https://github.com/kornelski/http-cache-semantics.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/kornelski/http-cache-semantics#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/kornelski/http-cache-semantics/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "641ef01ea691195c3ff61493fceb85511786eccf2f29eab4fc9d9e80818b76f8c70a662a180461cd79ad822fa055e679b97145db5f5a39cdcbb36c8b836eed93" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-validate" - } - ], - "components": [ + "value": "node_modules/npm/node_modules/http-cache-semantics" + }, { - "type": "library", - "name": "camelcase", - "version": "6.3.0", - "bom-ref": "jest-validate@29.7.0|camelcase@6.3.0", - "author": "Sindre Sorhus", - "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/camelcase@6.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/camelcase.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/camelcase#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/camelcase/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-validate/node_modules/camelcase" - } - ] + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "bser", - "version": "2.1.1", - "bom-ref": "bser@2.1.1", - "author": "Wez Furlong", - "description": "JavaScript implementation of the BSER Binary Serialization", + "name": "is-lambda", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|is-lambda@1.0.1", + "author": "Thomas Watson Steen", + "description": "Detect if your code is running on an AWS Lambda server", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/bser@2.1.1", + "purl": "pkg:npm/is-lambda@1.0.1?vcs_url=git%2Bhttps%3A//github.com/watson/is-lambda.git", "externalReferences": [ { - "url": "git+https://github.com/facebook/watchman.git", + "url": "git+https://github.com/watson/is-lambda.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://facebook.github.io/watchman/docs/bser.html", + "url": "https://github.com/watson/is-lambda", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/watchman/issues", + "url": "https://github.com/watson/is-lambda/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/bser" + "value": "node_modules/npm/node_modules/is-lambda" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "node-int64", - "version": "0.4.0", - "bom-ref": "node-int64@0.4.0", - "author": "Robert Kieffer", - "description": "Support for representing 64-bit integers in JavaScript", + "name": "minipass-fetch", + "version": "3.0.5", + "bom-ref": "npm@10.8.0|minipass-fetch@3.0.5", + "author": "GitHub Inc.", + "description": "An implementation of window.fetch in Node.js using Minipass streams", "licenses": [ { "license": { @@ -70758,147 +152027,131 @@ } } ], - "purl": "pkg:npm/node-int64@0.4.0", + "purl": "pkg:npm/minipass-fetch@3.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-fetch.git", "externalReferences": [ { - "url": "git+https://github.com/broofa/node-int64.git", + "url": "git+https://github.com/npm/minipass-fetch.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/broofa/node-int64#readme", + "url": "https://github.com/npm/minipass-fetch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/broofa/node-int64/issues", + "url": "https://github.com/npm/minipass-fetch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3b9973f75c5239ea173fa0ee9721df965a6af84834d0c5a2b5921bb4f7e8484bea207765e607dc63a858cc35a78f4a83e6dcf9d8f234f2ef6a52f49579405e1f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/node-int64" + "value": "node_modules/npm/node_modules/minipass-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "makeerror", - "version": "1.0.12", - "bom-ref": "makeerror@1.0.12", - "author": "Naitik Shah", - "description": "A library to make errors.", + "name": "encoding", + "version": "0.1.13", + "bom-ref": "npm@10.8.0|encoding@0.1.13", + "author": "Andris Reinman", + "description": "Convert encodings, uses iconv-lite", + "scope": "optional", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/makeerror@1.0.12", + "purl": "pkg:npm/encoding@0.1.13?vcs_url=git%2Bhttps%3A//github.com/andris9/encoding.git", "externalReferences": [ { - "url": "git+https://github.com/daaku/nodejs-makeerror.git", + "url": "git+https://github.com/andris9/encoding.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/daaku/nodejs-makeerror#readme", + "url": "https://github.com/andris9/encoding#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/daaku/nodejs-makeerror/issues", + "url": "https://github.com/andris9/encoding/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "266a82bd4866b78de669d9691731b8050cc6d99de6eadbd00cd29d0a56673b755b22e749626c6c4f414d24c7a2076f894d295341349b53c41d7ac566c097262e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/makeerror" + "value": "node_modules/npm/node_modules/encoding" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "tmpl", - "version": "1.0.5", - "bom-ref": "tmpl@1.0.5", - "author": "Naitik Shah", - "description": "JavaScript micro templates.", + "name": "iconv-lite", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|iconv-lite@0.6.3", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "scope": "optional", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/tmpl@1.0.5", + "purl": "pkg:npm/iconv-lite@0.6.3?vcs_url=git%3A//github.com/ashtuchkin/iconv-lite.git", "externalReferences": [ { - "url": "git+https://github.com/daaku/nodejs-tmpl.git", + "url": "git://github.com/ashtuchkin/iconv-lite.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/daaku/nodejs-tmpl", + "url": "https://github.com/ashtuchkin/iconv-lite", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/daaku/nodejs-tmpl/issues", + "url": "https://github.com/ashtuchkin/iconv-lite/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ddfd2e384010c08a86b965b6315cd883c7d5fd036773f229b89346f37eeb2ee73301a2d51ec9561d9423e081a2125e47b379246e1c0bf406fb1ebb26ba3f929b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tmpl" + "value": "node_modules/npm/node_modules/iconv-lite" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-resolve-dependencies", - "version": "29.7.0", - "bom-ref": "jest-resolve-dependencies@29.7.0", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "scope": "optional", "licenses": [ { "license": { @@ -70906,99 +152159,85 @@ } } ], - "purl": "pkg:npm/jest-resolve-dependencies@29.7.0#packages/jest-resolve-dependencies", + "purl": "pkg:npm/safer-buffer@2.1.2?vcs_url=git%2Bhttps%3A//github.com/ChALkeR/safer-buffer.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve-dependencies", + "url": "git+https://github.com/ChALkeR/safer-buffer.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/ChALkeR/safer-buffer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/ChALkeR/safer-buffer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ba7d330ffeaac49f92d1eb7b5b1788dc7e5749ef654c1051edb3870875e4291ea5b86e66c030e5233550d15e5c642ba84e011d71dc334e085891359fb9b8be9c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-resolve-dependencies" + "value": "node_modules/npm/node_modules/safer-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "resolve.exports", - "version": "2.0.2", - "bom-ref": "resolve.exports@2.0.2", - "author": "Luke Edwards", - "description": "A tiny (952b), correct, general-purpose, and configurable \"exports\" and \"imports\" resolver without file-system reliance", + "name": "minipass-sized", + "version": "1.0.3", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that raises an error if you get a different number of bytes than expected", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/resolve.exports@2.0.2", + "purl": "pkg:npm/minipass-sized@1.0.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-sized.git", "externalReferences": [ { - "url": "git+https://github.com/lukeed/resolve.exports.git", + "url": "git+https://github.com/isaacs/minipass-sized.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/lukeed/resolve.exports#readme", + "url": "https://github.com/isaacs/minipass-sized#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lukeed/resolve.exports/issues", + "url": "https://github.com/isaacs/minipass-sized/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5f6516e8dc379ff68c803572fb4ad2aa01e5bf7f56640959ad709d9dbc8488a9b5ec34aa1d7e0c99031a493dc56de591e454ee45c530600ce265a8e38b463b9a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/resolve.exports" + "value": "node_modules/npm/node_modules/minipass-sized" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "emittery", - "version": "0.13.1", - "bom-ref": "emittery@0.13.1", - "author": "Sindre Sorhus", - "description": "Simple and modern async event emitter", + "name": "minizlib", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|minizlib@2.1.2", + "author": "Isaac Z. Schlueter", + "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", "licenses": [ { "license": { @@ -71006,47 +152245,41 @@ } } ], - "purl": "pkg:npm/emittery@0.13.1", + "purl": "pkg:npm/minizlib@2.1.2?vcs_url=git%2Bhttps%3A//github.com/isaacs/minizlib.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/emittery.git", + "url": "git+https://github.com/isaacs/minizlib.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/emittery#readme", + "url": "https://github.com/isaacs/minizlib#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/emittery/issues", + "url": "https://github.com/isaacs/minizlib/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0de5b06b093aaf9c91f631609c3298b78b0b4b42e61c9262dd93a76f9fc975b6308f79d6f85c509c72238412b3f182c2ee844d3d533d350e3b237095c77e1ea9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/emittery" + "value": "node_modules/npm/node_modules/minizlib" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-docblock", - "version": "29.7.0", - "bom-ref": "jest-docblock@29.7.0", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|negotiator@0.6.3", + "description": "HTTP content negotiation", "licenses": [ { "license": { @@ -71054,47 +152287,42 @@ } } ], - "purl": "pkg:npm/jest-docblock@29.7.0#packages/jest-docblock", + "purl": "pkg:npm/negotiator@0.6.3?vcs_url=git%2Bhttps%3A//github.com/jshttp/negotiator.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-docblock", + "url": "git+https://github.com/jshttp/negotiator.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/jshttp/negotiator#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/jshttp/negotiator/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "abad7b02ec3703ad7682ec9a160b1b15e62934fe6dd9aa1434bc0151b73fd240f5478b7d8b10dbc854c77759e89387a9a15169afb3e67961eb86fb95dd7689e2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-docblock" + "value": "node_modules/npm/node_modules/negotiator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-leak-detector", - "version": "29.7.0", - "bom-ref": "jest-leak-detector@29.7.0", + "name": "err-code", + "version": "2.0.3", + "bom-ref": "npm@10.8.0|err-code@2.0.3", + "author": "IndigoUnited", + "description": "Create an error with a code", "licenses": [ { "license": { @@ -71102,48 +152330,42 @@ } } ], - "purl": "pkg:npm/jest-leak-detector@29.7.0#packages/jest-leak-detector", + "purl": "pkg:npm/err-code@2.0.3?vcs_url=git%3A//github.com/IndigoUnited/js-err-code.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-leak-detector", + "url": "git://github.com/IndigoUnited/js-err-code.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/IndigoUnited/js-err-code#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/IndigoUnited/js-err-code/issues/", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "91803c20971262d493d8163d23e48c0b7da70e9053dc9d8dbd6271f3e242b82765fc247523810a50944e88ff17b42731aa04d304624d75b07503c5d129b4deb7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-leak-detector" + "value": "node_modules/npm/node_modules/err-code" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-watcher", - "version": "29.7.0", - "bom-ref": "jest-watcher@29.7.0", - "description": "Delightful JavaScript Testing.", + "name": "retry", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|retry@0.12.0", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", "licenses": [ { "license": { @@ -71151,48 +152373,42 @@ } } ], - "purl": "pkg:npm/jest-watcher@29.7.0#packages/jest-watcher", + "purl": "pkg:npm/retry@0.12.0?vcs_url=git%3A//github.com/tim-kos/node-retry.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-watcher", + "url": "git://github.com/tim-kos/node-retry.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://jestjs.io/", + "url": "https://github.com/tim-kos/node-retry", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/tim-kos/node-retry/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e3d160ed65e4537565da1e8b6cbb4c43f1f207aad74885fb4aabc12d09acb1104637d2343cdbcf980982592398e923afae3848fc5eff6c602ff51b67b0f034de" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-watcher" + "value": "node_modules/npm/node_modules/retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "globals", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/globals@29.7.0", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", "licenses": [ { "license": { @@ -71200,48 +152416,42 @@ } } ], - "purl": "pkg:npm/%40jest/globals@29.7.0#packages/jest-globals", + "purl": "pkg:npm/brace-expansion@2.0.1?vcs_url=git%3A//github.com/juliangruber/brace-expansion.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-globals", + "url": "git://github.com/juliangruber/brace-expansion.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/juliangruber/brace-expansion", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/juliangruber/brace-expansion/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9a98b3dddbad2db916d8c345b9b50650454b9131a2a96eb22d54c0f896cfe9f23a27988bf58d0d960f24f79a5c17c72d2b0092ed6571b5e06cdbd8617c0a2dcd" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/globals" + "value": "node_modules/npm/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "source-map", - "group": "@jest", - "version": "29.6.3", - "bom-ref": "@jest/source-map@29.6.3", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", "licenses": [ { "license": { @@ -71249,50 +152459,41 @@ } } ], - "purl": "pkg:npm/%40jest/source-map@29.6.3#packages/jest-source-map", + "purl": "pkg:npm/balanced-match@1.0.2?vcs_url=git%3A//github.com/juliangruber/balanced-match.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-source-map", + "url": "git://github.com/juliangruber/balanced-match.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/juliangruber/balanced-match", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/juliangruber/balanced-match/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3078d3f7942e8a970fae92ccfbc24c4b3171e9e1e9e419bee177850c9970b2f5418e628d88802f6ac18ad9fc73d966c64659efa9e8456e1d3b30c6bb9f76099f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/source-map" + "value": "node_modules/npm/node_modules/balanced-match" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-jsx", - "group": "@babel", - "version": "7.24.1", - "bom-ref": "@babel/plugin-syntax-jsx@7.24.1", - "author": "The Babel Team", - "description": "Allow parsing of jsx", + "name": "ms", + "version": "2.1.3", + "bom-ref": "npm@10.8.0|ms@2.1.3", + "description": "Tiny millisecond conversion utility", "licenses": [ { "license": { @@ -71300,50 +152501,42 @@ } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.24.1#packages/babel-plugin-syntax-jsx", + "purl": "pkg:npm/ms@2.1.3?vcs_url=git%2Bhttps%3A//github.com/vercel/ms.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-jsx", + "url": "git+https://github.com/vercel/ms.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-jsx", + "url": "https://github.com/vercel/ms#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/vercel/ms/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d9e0adc595dffa46e4308b174b8a684ef4f862ee6b5e245afbdc46553e7aada8218e605328ca4535cf51e080e20787a66a8f5e3b6d8ec7b0b1b891bb060131a8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-jsx" + "value": "node_modules/npm/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "helper-plugin-utils", - "group": "@babel", - "version": "7.24.0", - "bom-ref": "@babel/helper-plugin-utils@7.24.0", - "author": "The Babel Team", - "description": "General utilities for plugins to use", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", "licenses": [ { "license": { @@ -71351,99 +152544,85 @@ } } ], - "purl": "pkg:npm/%40babel/helper-plugin-utils@7.24.0#packages/babel-helper-plugin-utils", + "purl": "pkg:npm/env-paths@2.2.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/env-paths.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-plugin-utils", + "url": "git+https://github.com/sindresorhus/env-paths.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-helper-plugin-utils", + "url": "https://github.com/sindresorhus/env-paths#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/sindresorhus/env-paths/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f5c5339d7306d3e17146e25fbcbf364254ea2338555bdb0bd0a8cc3c784038ebe94062fc42d7719c12882e306ac651f2962cf4c826b51bdd3765723f16e1f2db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-plugin-utils" + "value": "node_modules/npm/node_modules/env-paths" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-async-generators", - "group": "@babel", - "version": "7.8.4", - "bom-ref": "@babel/plugin-syntax-async-generators@7.8.4", - "description": "Allow parsing of async generator functions", + "name": "exponential-backoff", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|exponential-backoff@3.1.1", + "author": "Sami Sayegh", + "description": "A utility that allows retrying a function with an exponential delay between attempts.", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4#master", + "purl": "pkg:npm/exponential-backoff@3.1.1?vcs_url=git%2Bhttps%3A//github.com/coveo/exponential-backoff.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#master", + "url": "git+https://github.com/coveo/exponential-backoff.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/babel/babel/tree/master#readme", + "url": "https://github.com/coveo/exponential-backoff#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/coveo/exponential-backoff/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-async-generators" + "value": "node_modules/npm/node_modules/exponential-backoff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-bigint", - "group": "@babel", - "version": "7.8.3", - "bom-ref": "@babel/plugin-syntax-bigint@7.8.3", - "description": "Allow parsing of BigInt literals", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "npm@10.8.0|is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", "licenses": [ { "license": { @@ -71451,49 +152630,42 @@ } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3#master", + "purl": "pkg:npm/is-core-module@2.13.1?vcs_url=git%2Bhttps%3A//github.com/inspect-js/is-core-module.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#master", + "url": "git+https://github.com/inspect-js/is-core-module.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/babel/babel/tree/master#readme", + "url": "https://github.com/inspect-js/is-core-module", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/inspect-js/is-core-module/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c274e71651be631426def0f1a46139ecf8f4b2b454e2c1c4fe60e4b75aafd9824949e50079cda66b858b52750f78a8f2adf9ed5707bf37a7425e953eccbdcda6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-bigint" + "value": "node_modules/npm/node_modules/is-core-module" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-class-properties", - "group": "@babel", - "version": "7.12.13", - "bom-ref": "@babel/plugin-syntax-class-properties@7.12.13", - "description": "Allow parsing of class properties", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", "licenses": [ { "license": { @@ -71501,49 +152673,42 @@ } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13#packages/babel-plugin-syntax-class-properties", + "purl": "pkg:npm/hasown@2.0.2?vcs_url=git%2Bhttps%3A//github.com/inspect-js/hasOwn.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-class-properties", + "url": "git+https://github.com/inspect-js/hasOwn.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-class-properties", + "url": "https://github.com/inspect-js/hasOwn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/inspect-js/hasOwn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7e6e227632a56b461a85436014d2c2074ab249db283e264fde2404deb932d26054b4c676df20c9f5225d83a7574d20e7ba5395aa21771e0afd9db5ef5d341960" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-class-properties" + "value": "node_modules/npm/node_modules/hasown" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-import-meta", - "group": "@babel", - "version": "7.10.4", - "bom-ref": "@babel/plugin-syntax-import-meta@7.10.4", - "description": "Allow parsing of import.meta", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "npm@10.8.0|function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", "licenses": [ { "license": { @@ -71551,149 +152716,128 @@ } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4#packages/babel-plugin-syntax-import-meta", + "purl": "pkg:npm/function-bind@1.1.2?vcs_url=git%2Bhttps%3A//github.com/Raynos/function-bind.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-import-meta", + "url": "git+https://github.com/Raynos/function-bind.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/babel/babel#readme", + "url": "https://github.com/Raynos/function-bind", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/Raynos/function-bind/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "62a7e6f970f1d3e3eb8775527844023d4f35c82f89599da90cf1524b865da5f661a7832414c6830b552ab1ea2f10ac125299c82fbfaf2be0a5a7b6df874883ee" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-import-meta" + "value": "node_modules/npm/node_modules/function-bind" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-json-strings", - "group": "@babel", - "version": "7.8.3", - "bom-ref": "@babel/plugin-syntax-json-strings@7.8.3", - "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings", + "name": "npm-audit-report", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|npm-audit-report@5.0.0", + "author": "GitHub Inc.", + "description": "Given a response from the npm security api, render it into a variety of security reports", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3#master", + "purl": "pkg:npm/npm-audit-report@5.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-audit-report.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#master", + "url": "git+https://github.com/npm/npm-audit-report.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/babel/babel/tree/master#readme", + "url": "https://github.com/npm/npm-audit-report#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/npm/npm-audit-report/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-json-strings" + "value": "node_modules/npm/node_modules/npm-audit-report" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-logical-assignment-operators", - "group": "@babel", - "version": "7.10.4", - "bom-ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", - "description": "Allow parsing of the logical assignment operators", + "name": "npm-profile", + "version": "10.0.0", + "bom-ref": "npm@10.8.0|npm-profile@10.0.0", + "author": "GitHub Inc.", + "description": "Library for updating an npmjs.com profile", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4#packages/babel-plugin-syntax-logical-assignment-operators", + "purl": "pkg:npm/npm-profile@10.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-profile.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-logical-assignment-operators", + "url": "git+https://github.com/npm/npm-profile.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/babel/babel#readme", + "url": "https://github.com/npm/npm-profile#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/npm/npm-profile/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "77cc1a4a19691438a743932dbc653dc4300ecca1f8efe145a277b2d9b68522832bf79da128e2e9d4747b56cce866f3ac57fe3e451b33358ec3d7b6dad2d7b48a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-logical-assignment-operators" + "value": "node_modules/npm/node_modules/npm-profile" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-nullish-coalescing-operator", - "group": "@babel", - "version": "7.8.3", - "bom-ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", - "description": "Allow parsing of the nullish-coalescing operator", + "name": "minipass-json-stream", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSONStream, but using Minipass streams", "licenses": [ { "license": { @@ -71701,49 +152845,42 @@ } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3#master", + "purl": "pkg:npm/minipass-json-stream@1.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-json-stream.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#master", + "url": "git+https://github.com/npm/minipass-json-stream.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/babel/babel/tree/master#readme", + "url": "https://github.com/npm/minipass-json-stream#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/npm/minipass-json-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-nullish-coalescing-operator" + "value": "node_modules/npm/node_modules/minipass-json-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-numeric-separator", - "group": "@babel", - "version": "7.10.4", - "bom-ref": "@babel/plugin-syntax-numeric-separator@7.10.4", - "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator", + "name": "jsonparse", + "version": "1.3.1", + "bom-ref": "npm@10.8.0|jsonparse@1.3.1", + "author": "Tim Caswell", + "description": "This is a pure-js JSON streaming parser for node.js", "licenses": [ { "license": { @@ -71751,99 +152888,85 @@ } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4#packages/babel-plugin-syntax-numeric-separator", + "purl": "pkg:npm/jsonparse@1.3.1?vcs_url=git%2Bssh%3A//git%40github.com/creationix/jsonparse.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-numeric-separator", + "url": "git+ssh://git@github.com/creationix/jsonparse.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/babel/babel#readme", + "url": "https://github.com/creationix/jsonparse#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "http://github.com/creationix/jsonparse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-numeric-separator" + "value": "node_modules/npm/node_modules/jsonparse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-object-rest-spread", - "group": "@babel", - "version": "7.8.3", - "bom-ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", - "description": "Allow parsing of object rest/spread", + "name": "npm-user-validate", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|npm-user-validate@2.0.1", + "author": "GitHub Inc.", + "description": "User validations for npm", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3#master", + "purl": "pkg:npm/npm-user-validate@2.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-user-validate.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#master", + "url": "git+https://github.com/npm/npm-user-validate.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/babel/babel/tree/master#readme", + "url": "https://github.com/npm/npm-user-validate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/npm/npm-user-validate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-object-rest-spread" + "value": "node_modules/npm/node_modules/npm-user-validate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-optional-catch-binding", - "group": "@babel", - "version": "7.8.3", - "bom-ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", - "description": "Allow parsing of optional catch bindings", + "name": "aggregate-error", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|aggregate-error@3.1.0", + "author": "Sindre Sorhus", + "description": "Create an error from multiple errors", "licenses": [ { "license": { @@ -71851,49 +152974,42 @@ } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3#master", + "purl": "pkg:npm/aggregate-error@3.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/aggregate-error.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#master", + "url": "git+https://github.com/sindresorhus/aggregate-error.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/babel/babel/tree/master#readme", + "url": "https://github.com/sindresorhus/aggregate-error#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/sindresorhus/aggregate-error/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-optional-catch-binding" + "value": "node_modules/npm/node_modules/aggregate-error" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-optional-chaining", - "group": "@babel", - "version": "7.8.3", - "bom-ref": "@babel/plugin-syntax-optional-chaining@7.8.3", - "description": "Allow parsing of optional properties", + "name": "clean-stack", + "version": "2.2.0", + "bom-ref": "npm@10.8.0|clean-stack@2.2.0", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", "licenses": [ { "license": { @@ -71901,50 +153017,42 @@ } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3#master", + "purl": "pkg:npm/clean-stack@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/clean-stack.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#master", + "url": "git+https://github.com/sindresorhus/clean-stack.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/babel/babel/tree/master#readme", + "url": "https://github.com/sindresorhus/clean-stack#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/sindresorhus/clean-stack/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-optional-chaining" + "value": "node_modules/npm/node_modules/clean-stack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "plugin-syntax-top-level-await", - "group": "@babel", - "version": "7.14.5", - "bom-ref": "@babel/plugin-syntax-top-level-await@7.14.5", - "author": "The Babel Team", - "description": "Allow parsing of top-level await in modules", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", "licenses": [ { "license": { @@ -71952,301 +153060,128 @@ } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5#packages/babel-plugin-syntax-top-level-await", + "purl": "pkg:npm/indent-string@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/indent-string.git", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-top-level-await", + "url": "git+https://github.com/sindresorhus/indent-string.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-top-level-await", + "url": "https://github.com/sindresorhus/indent-string#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/sindresorhus/indent-string/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "871fbeba92efe54d6b8187f07b5c41414851994e35344be952fae9f2392b48276f1929cce7fa9d44cb72949e8f1b938590168791b4c02939dddff63211244717" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-top-level-await" + "value": "node_modules/npm/node_modules/indent-string" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "pkg-dir", - "version": "4.2.0", - "bom-ref": "pkg-dir@4.2.0", - "author": "Sindre Sorhus", - "description": "Find the root directory of a Node.js project or npm package", + "name": "npm-packlist", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|npm-packlist@8.0.2", + "author": "GitHub Inc.", + "description": "Get a list of the files to add from a folder into an npm package", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/pkg-dir@4.2.0", + "purl": "pkg:npm/npm-packlist@8.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-packlist.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/pkg-dir.git", + "url": "git+https://github.com/npm/npm-packlist.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/pkg-dir#readme", + "url": "https://github.com/npm/npm-packlist#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/pkg-dir/issues", + "url": "https://github.com/npm/npm-packlist/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1d10f36da2a30be00e5955f1014ff1e7808e19e22ff5e6fee82903490a0d4ede17c96a0826fb8fb178b3c6efc5af6dc489e91bb59c2687521c206fe5fdad7419" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pkg-dir" - } - ], - "components": [ - { - "type": "library", - "name": "find-up", - "version": "4.1.0", - "bom-ref": "pkg-dir@4.2.0|find-up@4.1.0", - "author": "Sindre Sorhus", - "description": "Find a file or directory by walking up parent directories", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/find-up@4.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/find-up.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/find-up#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/find-up/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/pkg-dir/node_modules/find-up" - } - ] + "value": "node_modules/npm/node_modules/npm-packlist" }, { - "type": "library", - "name": "locate-path", - "version": "5.0.0", - "bom-ref": "pkg-dir@4.2.0|locate-path@5.0.0", - "author": "Sindre Sorhus", - "description": "Get the first path that exists on disk of multiple paths", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/locate-path@5.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/locate-path.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/locate-path#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/locate-path/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/pkg-dir/node_modules/locate-path" - } - ] - }, + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore-walk", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|ignore-walk@6.0.5", + "author": "GitHub Inc.", + "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", + "licenses": [ { - "type": "library", - "name": "p-locate", - "version": "4.1.0", - "bom-ref": "pkg-dir@4.2.0|p-locate@4.1.0", - "author": "Sindre Sorhus", - "description": "Get the first fulfilled promise that satisfies the provided testing function", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/p-locate@4.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/p-locate.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/p-locate#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/p-locate/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/pkg-dir/node_modules/p-locate" - } - ] + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ignore-walk@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/ignore-walk.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ignore-walk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "p-limit", - "version": "2.3.0", - "bom-ref": "pkg-dir@4.2.0|p-limit@2.3.0", - "author": "Sindre Sorhus", - "description": "Run multiple promise-returning & async functions with limited concurrency", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/p-limit@2.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/p-limit.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/p-limit#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/p-limit/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/pkg-dir/node_modules/p-limit" - } - ] + "url": "https://github.com/npm/ignore-walk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ignore-walk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ignore-walk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "resolve-cwd", - "version": "3.0.0", - "bom-ref": "resolve-cwd@3.0.0", - "author": "Sindre Sorhus", - "description": "Resolve the path of a module like `require.resolve()` but from the current working directory", + "name": "just-diff-apply", + "version": "5.5.0", + "bom-ref": "npm@10.8.0|just-diff-apply@5.5.0", + "author": "Angus Croll", + "description": "Apply a diff to an object. Optionally supports jsonPatch protocol", "licenses": [ { "license": { @@ -72254,100 +153189,42 @@ } } ], - "purl": "pkg:npm/resolve-cwd@3.0.0", + "purl": "pkg:npm/just-diff-apply@5.5.0?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/resolve-cwd.git", + "url": "git+https://github.com/angus-c/just.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/resolve-cwd#readme", + "url": "https://github.com/angus-c/just#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/resolve-cwd/issues", + "url": "https://github.com/angus-c/just/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3ab65a5f631bfab242a47ffa0a94aab7dc4556937efb1d355e737689ef60e8fe7fdf17a52c0917595003a5dcf52070ff2857c45f213a574534d4e43750edab12" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/resolve-cwd" - } - ], - "components": [ + "value": "node_modules/npm/node_modules/just-diff-apply" + }, { - "type": "library", - "name": "resolve-from", - "version": "5.0.0", - "bom-ref": "resolve-cwd@3.0.0|resolve-from@5.0.0", - "author": "Sindre Sorhus", - "description": "Resolve the path of a module like `require.resolve()` but from a given path", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/resolve-from@5.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/resolve-from.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/resolve-from#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/resolve-from/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/resolve-cwd/node_modules/resolve-from" - } - ] + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jest-cli", - "version": "29.7.0", - "bom-ref": "jest-cli@29.7.0", - "description": "Delightful JavaScript Testing.", + "name": "just-diff", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|just-diff@6.0.2", + "author": "Angus Croll", + "description": "Return an object representing the diffs between two objects. Supports jsonPatch protocol", "licenses": [ { "license": { @@ -72355,98 +153232,84 @@ } } ], - "purl": "pkg:npm/jest-cli@29.7.0#packages/jest-cli", + "purl": "pkg:npm/just-diff@6.0.2?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-cli", + "url": "git+https://github.com/angus-c/just.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://jestjs.io/", + "url": "https://github.com/angus-c/just#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/angus-c/just/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3955686f0d88b9b37f19262cc444e2fa039eeca6b9f4414c47fb70394dc96f61a728a78c189079486514ac4cf7485566240494759533cbcdec2cd350da066c96" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-cli" + "value": "node_modules/npm/node_modules/just-diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "create-jest", - "version": "29.7.0", - "bom-ref": "create-jest@29.7.0", - "description": "Create a new Jest project", + "name": "qrcode-terminal", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|qrcode-terminal@0.12.0", + "description": "QRCodes, in the terminal", "licenses": [ { "license": { - "id": "MIT" + "name": "Apache 2.0" } } ], - "purl": "pkg:npm/create-jest@29.7.0#packages/create-jest", + "purl": "pkg:npm/qrcode-terminal@0.12.0?vcs_url=git%2Bhttps%3A//github.com/gtanner/qrcode-terminal.git", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/create-jest", + "url": "git+https://github.com/gtanner/qrcode-terminal.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/gtanner/qrcode-terminal", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/gtanner/qrcode-terminal/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "01dcf66dd1f456adc5e772843093a87ed405bad582ba49ba276e306cf5913b893590c63b812eddb3fba826436e57cc030ad5969eec06709c2959c8a1fb3116d5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/create-jest" + "value": "node_modules/npm/node_modules/qrcode-terminal" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "cliui", - "version": "8.0.1", - "bom-ref": "cliui@8.0.1", - "author": "Ben Coe", - "description": "easily create complex multi-column command-line-interfaces", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", "licenses": [ { "license": { @@ -72454,98 +153317,85 @@ } } ], - "purl": "pkg:npm/cliui@8.0.1", + "purl": "pkg:npm/mute-stream@1.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/mute-stream.git", "externalReferences": [ { - "url": "git+https://github.com/yargs/cliui.git", + "url": "git+https://github.com/npm/mute-stream.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/yargs/cliui#readme", + "url": "https://github.com/npm/mute-stream#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/cliui/issues", + "url": "https://github.com/npm/mute-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "05278d9f2bacef90b8fff350f6042dd7f72c4d7ca8ffc49bf9a7cb024cc0a6d16e32ca1df4716890636e759a62fe8415ef786754afac47ee4f55131df83afb61" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cliui" + "value": "node_modules/npm/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "get-caller-file", - "version": "2.0.5", - "bom-ref": "get-caller-file@2.0.5", - "author": "Stefan Penner", + "name": "spdx-expression-parse", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/get-caller-file@2.0.5", + "purl": "pkg:npm/spdx-expression-parse@4.0.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", "externalReferences": [ { - "url": "git+https://github.com/stefanpenner/get-caller-file.git", + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/stefanpenner/get-caller-file#readme", + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/stefanpenner/get-caller-file/issues", + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/get-caller-file" + "value": "node_modules/npm/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "require-directory", - "version": "2.1.1", - "bom-ref": "require-directory@2.1.1", - "author": "Troy Goode", - "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "npm@10.8.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", "licenses": [ { "license": { @@ -72553,49 +153403,42 @@ } } ], - "purl": "pkg:npm/require-directory@2.1.1", + "purl": "pkg:npm/supports-color@9.4.0?vcs_url=git%2Bhttps%3A//github.com/chalk/supports-color.git", "externalReferences": [ { - "url": "git://github.com/troygoode/node-require-directory.git", + "url": "git+https://github.com/chalk/supports-color.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/troygoode/node-require-directory/", + "url": "https://github.com/chalk/supports-color#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/troygoode/node-require-directory/issues/", + "url": "https://github.com/chalk/supports-color/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7c6c4423bfb0b06f71aef763b2b9662f6d8e3134e21d1c0032ba2211e320abc833a0b0bf3d0afb46c4434932d483f6d9019b45f9354890773aff84482abba2f9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/require-directory" + "value": "node_modules/npm/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "y18n", - "version": "5.0.8", - "bom-ref": "y18n@5.0.8", - "author": "Ben Coe", - "description": "the bare-bones internationalization library used by yargs", + "name": "chownr", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|chownr@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "like `chown -R`", "licenses": [ { "license": { @@ -72603,98 +153446,84 @@ } } ], - "purl": "pkg:npm/y18n@5.0.8", + "purl": "pkg:npm/chownr@2.0.0?vcs_url=git%3A//github.com/isaacs/chownr.git", "externalReferences": [ { - "url": "git+https://github.com/yargs/y18n.git", + "url": "git://github.com/isaacs/chownr.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/yargs/y18n", + "url": "https://github.com/isaacs/chownr#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/y18n/issues", + "url": "https://github.com/isaacs/chownr/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d297c5cde81e0d62472480264cb44fd83c078dd179b3b8e8f6dbb3b5d43102120d09dbd2fb79c620da8f774d00a61a8947fd0b8403544baffeed209bf7c60e7c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/y18n" + "value": "node_modules/npm/node_modules/chownr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "argparse", - "version": "2.0.1", - "bom-ref": "argparse@2.0.1", - "description": "CLI arguments parser. Native port of python's argparse.", + "name": "mkdirp", + "version": "1.0.4", + "bom-ref": "npm@10.8.0|mkdirp@1.0.4", + "description": "Recursively mkdir, like `mkdir -p`", "licenses": [ { "license": { - "id": "Python-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/argparse@2.0.1", + "purl": "pkg:npm/mkdirp@1.0.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-mkdirp.git", "externalReferences": [ { - "url": "git+https://github.com/nodeca/argparse.git", + "url": "git+https://github.com/isaacs/node-mkdirp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodeca/argparse#readme", + "url": "https://github.com/isaacs/node-mkdirp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodeca/argparse/issues", + "url": "https://github.com/isaacs/node-mkdirp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f3ef56a9e6db173a57f4e47e59ae8edbd6ac22881e44ccdc1ad00835da4c1c7c80835d1fd3969215505b704a867ff3d7c35123019faadbf6c4060dc3beeacadd" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/argparse" + "value": "node_modules/npm/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "json-colorizer", - "version": "2.2.2", - "bom-ref": "json-colorizer@2.2.2", - "author": "Joe Attardi", - "description": "A library to format JSON with colors for display in the console", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", "licenses": [ { "license": { @@ -72702,400 +153531,86 @@ } } ], - "purl": "pkg:npm/json-colorizer@2.2.2", + "purl": "pkg:npm/text-table@0.2.0?vcs_url=git%3A//github.com/substack/text-table.git", "externalReferences": [ { - "url": "git+ssh://git@github.com/joeattardi/json-colorizer.git", + "url": "git://github.com/substack/text-table.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/joeattardi/json-colorizer#readme", + "url": "https://github.com/substack/text-table", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/joeattardi/json-colorizer/issues", + "url": "https://github.com/substack/text-table/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/json-colorizer/-/json-colorizer-2.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e7aa19b70575a625eb42744d4ed25ea91bfe07d63f7570182ea04169897f08e71476867180b04b00ef3cf829e46d3e8cc4db3473913d98f0486f6b0570dcf7bf" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer" - } - ], - "components": [ - { - "type": "library", - "name": "chalk", - "version": "2.4.2", - "bom-ref": "json-colorizer@2.2.2|chalk@2.4.2", - "description": "Terminal string styling done right", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/chalk@2.4.2", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/chalk.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/chalk#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/chalk/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/chalk" - } - ] - }, - { - "type": "library", - "name": "ansi-styles", - "version": "3.2.1", - "bom-ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-styles@3.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-styles.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-styles#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-styles/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/ansi-styles" - } - ] + "value": "node_modules/npm/node_modules/text-table" }, { - "type": "library", - "name": "color-convert", - "version": "1.9.3", - "bom-ref": "json-colorizer@2.2.2|color-convert@1.9.3", - "author": "Heather Arthur", - "description": "Plain color conversion functions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/color-convert@1.9.3", - "externalReferences": [ - { - "url": "git+https://github.com/Qix-/color-convert.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Qix-/color-convert#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Qix-/color-convert/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/color-convert" - } - ] - }, + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-relative-date", + "version": "1.3.0", + "bom-ref": "npm@10.8.0|tiny-relative-date@1.3.0", + "author": "Joseph Wynn", + "description": "Tiny function that provides relative, human-readable dates.", + "licenses": [ { - "type": "library", - "name": "color-name", - "version": "1.1.3", - "bom-ref": "json-colorizer@2.2.2|color-name@1.1.3", - "author": "DY", - "description": "A list of color names and its values", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/color-name@1.1.3", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/dfcreative/color-name.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/dfcreative/color-name", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/dfcreative/color-name/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/color-name" - } - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tiny-relative-date@1.3.0?vcs_url=git%2Bhttps%3A//github.com/wildlyinaccurate/relative-date.git", + "externalReferences": [ { - "type": "library", - "name": "escape-string-regexp", - "version": "1.0.5", - "bom-ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/escape-string-regexp@1.0.5", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/escape-string-regexp" - } - ] + "url": "git+https://github.com/wildlyinaccurate/relative-date.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "supports-color", - "version": "5.5.0", - "bom-ref": "json-colorizer@2.2.2|supports-color@5.5.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/supports-color@5.5.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/supports-color" - } - ] + "url": "https://github.com/wildlyinaccurate/relative-date#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "has-flag", - "version": "3.0.0", - "bom-ref": "json-colorizer@2.2.2|has-flag@3.0.0", - "author": "Sindre Sorhus", - "description": "Check if argv has a specific flag", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/has-flag@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/has-flag.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/has-flag#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/has-flag/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/has-flag" - } - ] + "url": "https://github.com/wildlyinaccurate/relative-date/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tiny-relative-date" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "markdown-diff", - "version": "2.0.0", - "bom-ref": "markdown-diff@2.0.0", - "author": "Martijn van Duijneveldt", - "description": "Generate a diff between two markdown files in markdown format", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", "licenses": [ { "license": { @@ -73103,30 +153618,30 @@ } } ], - "purl": "pkg:npm/markdown-diff@2.0.0", + "purl": "pkg:npm/%40oclif/core@4.0.1", "externalReferences": [ { - "url": "git+https://github.com/martijnvanduijneveldt/markdown-diff.git", + "url": "git+https://github.com/oclif/core.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/martijnvanduijneveldt/markdown-diff#readme", + "url": "https://github.com/oclif/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/martijnvanduijneveldt/markdown-diff/issues", + "url": "https://github.com/oclif/core/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/markdown-diff/-/markdown-diff-2.0.0.tgz", + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "625ac74890b6ac0b1e707082ddce556a178aec6a6dd749040552aa2b9012ead91b4e2fa1bfe9393d73e517e8aa010ff7e9720d36aaab2baf13f6811a66a49174" + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -73135,68 +153650,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/markdown-diff" - } - ], - "components": [ - { - "type": "library", - "name": "diff", - "version": "5.2.0", - "bom-ref": "markdown-diff@2.0.0|diff@5.2.0", - "description": "A JavaScript text diff implementation.", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/diff@5.2.0", - "externalReferences": [ - { - "url": "git://github.com/kpdecker/jsdiff.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kpdecker/jsdiff#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/kpdecker/jsdiff/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/markdown-diff/node_modules/diff" - } - ] + "value": "node_modules/@oclif/plugin-version/node_modules/@oclif/core" } ] }, { "type": "library", - "name": "marked", - "version": "12.0.2", - "bom-ref": "marked@12.0.2", - "author": "Christopher Jeffrey", - "description": "A markdown parser built for speed", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", "licenses": [ { "license": { @@ -73204,30 +153668,30 @@ } } ], - "purl": "pkg:npm/marked@12.0.2", + "purl": "pkg:npm/debug@4.3.5", "externalReferences": [ { - "url": "git://github.com/markedjs/marked.git", + "url": "git://github.com/debug-js/debug.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://marked.js.org", + "url": "https://github.com/debug-js/debug#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/markedjs/marked/issues", + "url": "https://github.com/debug-js/debug/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a97526edefd8285a2a14f60f6b752483dc6523973202d1a6c8423331f5bffe6ea45f00b2d8fb3d0d87f98a88a314a43cab2bac72b1e8634e2224672dbb62a0d1" + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -73236,17 +153700,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/marked" + "value": "node_modules/@oclif/plugin-version/node_modules/debug" } ] }, { "type": "library", - "name": "markdown-table-ts", - "version": "1.0.3", - "bom-ref": "markdown-table-ts@1.0.3", - "author": "Jiri Hajek", - "description": "A zero-dependency library for generating Markdown tables written in TypeScript.", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-version@2.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", "licenses": [ { "license": { @@ -73254,30 +153717,30 @@ } } ], - "purl": "pkg:npm/markdown-table-ts@1.0.3", + "purl": "pkg:npm/ms@2.1.2", "externalReferences": [ { - "url": "git+https://gitlab.com/jiri.hajek/markdown-table-ts.git", + "url": "git+https://github.com/zeit/ms.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://gitlab.com/jiri.hajek/markdown-table-ts", + "url": "https://github.com/zeit/ms#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://gitlab.com/jiri.hajek/markdown-table-ts/-/issues", + "url": "https://github.com/zeit/ms/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/markdown-table-ts/-/markdown-table-ts-1.0.3.tgz", + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "958ae9ec55e606aa661a6b0417dd969d2ba476062f2e6d7914f20e0d93b1f7ede7a1b9312718c161cb33a997f956a4e306d2123d2342ef38d4f68df3c292fa01" + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -73286,17 +153749,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/markdown-table-ts" + "value": "node_modules/@oclif/plugin-version/node_modules/ms" } ] }, { "type": "library", - "name": "mocha", - "version": "10.4.0", - "bom-ref": "mocha@10.4.0", - "author": "TJ Holowaychuk", - "description": "simple, flexible, fun test framework", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", "licenses": [ { "license": { @@ -73304,30 +153768,30 @@ } } ], - "purl": "pkg:npm/mocha@10.4.0", + "purl": "pkg:npm/%40oclif/core@4.0.1", "externalReferences": [ { - "url": "git+https://github.com/mochajs/mocha.git", + "url": "git+https://github.com/oclif/core.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://mochajs.org/", + "url": "https://github.com/oclif/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mochajs/mocha/issues/", + "url": "https://github.com/oclif/core/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/mocha/-/mocha-10.4.0.tgz", + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7aa84607c24a6a9118702e32b57ff1af329fa2b8047378f5a469405d5cb7791c2bb40cb9fe721f4f54af806cdf3745d967178bab46905a4394026a88262bfe6c" + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -73336,375 +153800,97 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mocha" - }, + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ { - "name": "cdx:npm:package:development", - "value": "true" + "license": { + "id": "MIT" + } } ], - "components": [ - { - "type": "library", - "name": "diff", - "version": "5.0.0", - "bom-ref": "mocha@10.4.0|diff@5.0.0", - "description": "A javascript text diff implementation.", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/diff@5.0.0", - "externalReferences": [ - { - "url": "git://github.com/kpdecker/jsdiff.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kpdecker/jsdiff#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/kpdecker/jsdiff/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "fd54c2aef9b9674246b72fc158796387e0408b0dc82beda3f3b34632ef0dc1cfdfe3c5a80c00b7f79ba898ef590f5d7b64e05a1e6917d68c8bbe454cfda213df" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mocha/node_modules/diff" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ { - "type": "library", - "name": "glob", - "version": "8.1.0", - "bom-ref": "mocha@10.4.0|glob@8.1.0", - "author": "Isaac Z. Schlueter", - "description": "a little globber", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/glob@8.1.0", - "externalReferences": [ - { - "url": "git://github.com/isaacs/node-glob.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-glob#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-glob/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "afc869123890118945d9053475fddd4be9f1c5222b797412d6a461309334439343751dfce82ee36fb1f0c2877c1608ae7b1fa4d0616381fb75f32bf19b95e809" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mocha/node_modules/glob" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "minimatch", - "version": "5.0.1", - "bom-ref": "mocha@10.4.0|minimatch@5.0.1", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minimatch@5.0.1", - "externalReferences": [ - { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9cb0f12054728436e5cf7a8cbaaf92a116440f8fa6889fc6fad743ae39249119e302c05ec5e1a98232c44346e5272eeb1e14766fddeb8506384afc96bbdbf4de" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mocha/node_modules/minimatch" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "log-symbols", - "version": "4.1.0", - "bom-ref": "mocha@10.4.0|log-symbols@4.1.0", - "author": "Sindre Sorhus", - "description": "Colored symbols for various log levels. Example: `✔︎ Success`", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/log-symbols@4.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/log-symbols.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/log-symbols#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/log-symbols/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f173efa4003cbb285fb5ebbca48bd0c69259ed2618769522bd9a46cbab05b01b8a458ffbad019abde75e07c68af99932ababa930554bffd016eaf398cdf4722e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mocha/node_modules/log-symbols" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "yargs", - "version": "16.2.0", - "bom-ref": "mocha@10.4.0|yargs@16.2.0", - "description": "yargs the modern, pirate-themed, successor to optimist.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/yargs@16.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/yargs/yargs.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://yargs.js.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/yargs/yargs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0f59afbed0c6d0be5fb7f8c65a42e91b5fa6d1e43139f681bd33442eb6968f6db049550c5b1654bd880961c2a1ea3186224245847e0864f4214784caa5cf2607" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mocha/node_modules/yargs" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "type": "library", - "name": "cliui", - "version": "7.0.4", - "bom-ref": "mocha@10.4.0|cliui@7.0.4", - "author": "Ben Coe", - "description": "easily create complex multi-column command-line-interfaces", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/cliui@7.0.4", - "externalReferences": [ - { - "url": "git+https://github.com/yargs/cliui.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/yargs/cliui#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/yargs/cliui/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "39c444ebc70eb15317a7562fa2797f7f39103b28cb4aeffc6e13c37d0b747b4fc46f6f374ca3f6d05b3632aa0fb2bf52c00e7de6b44203e40ccd873d9c13fe25" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mocha/node_modules/cliui" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/debug" } ] }, { "type": "library", - "name": "browser-stdout", - "version": "1.3.1", - "bom-ref": "browser-stdout@1.3.1", - "author": "kumavis", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/browser-stdout@1.3.1", + "purl": "pkg:npm/ms@2.1.2", "externalReferences": [ { - "url": "git+ssh://git@github.com/kumavis/browser-stdout.git", + "url": "git+https://github.com/zeit/ms.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kumavis/browser-stdout#readme", + "url": "https://github.com/zeit/ms#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kumavis/browser-stdout/issues", + "url": "https://github.com/zeit/ms/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aa1015235f80bf65fba9e94e7c0218c1738da2877a5e5644fdf5da052996fd3e52ccb0260a0ce2f9e89613b7d4bdb1da78d0501f5dd47ed8e95f1b1f2e432983" + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -73713,52 +153899,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/browser-stdout" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/ms" } ] }, { "type": "library", - "name": "fill-range", - "version": "7.0.1", - "bom-ref": "fill-range@7.0.1", - "author": "Jon Schlinkert", - "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`", + "name": "http-call", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "author": "Jeff Dickey @jdxcode", + "description": "make http requests", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/fill-range@7.0.1", + "purl": "pkg:npm/http-call@5.3.0", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/fill-range.git", + "url": "git+https://github.com/heroku/http-call.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/fill-range", + "url": "https://github.com/heroku/http-call", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/fill-range/issues", + "url": "https://github.com/heroku/http-call/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "url": "https://registry.npmjs.org/http-call/-/http-call-5.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + "content": "6a1c229ac0b6dc8084e243e5f714c18ca0788a76d169e2f265e46e9c2ff5272fd9e97f2dbf6d8c1008caf8a04e31254b6aa5cf4d399df3adfcc1a54828b1b1db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -73767,17 +153949,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fill-range" + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call" } ] }, { "type": "library", - "name": "to-regex-range", - "version": "5.0.1", - "bom-ref": "to-regex-range@5.0.1", - "author": "Jon Schlinkert", - "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", + "name": "is-retry-allowed", + "version": "1.1.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "author": "Vsevolod Strukchinsky", + "description": "My prime module", "licenses": [ { "license": { @@ -73785,30 +153967,30 @@ } } ], - "purl": "pkg:npm/to-regex-range@5.0.1", + "purl": "pkg:npm/is-retry-allowed@1.1.0", "externalReferences": [ { - "url": "git+https://github.com/micromatch/to-regex-range.git", + "url": "git+https://github.com/floatdrop/is-retry-allowed.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/micromatch/to-regex-range", + "url": "https://github.com/floatdrop/is-retry-allowed#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/micromatch/to-regex-range/issues", + "url": "https://github.com/floatdrop/is-retry-allowed/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "url": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", "type": "distribution", "hashes": [ { - "alg": "SHA-512", - "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + "alg": "SHA-1", + "content": "11a060568b67339444033d0125a61a20d564fb34" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -73817,17 +153999,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/to-regex-range" + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/is-retry-allowed" } ] }, { "type": "library", - "name": "is-number", - "version": "7.0.0", - "bom-ref": "is-number@7.0.0", - "author": "Jon Schlinkert", - "description": "Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.", + "name": "json-parse-better-errors", + "version": "1.0.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", "licenses": [ { "license": { @@ -73835,30 +154017,30 @@ } } ], - "purl": "pkg:npm/is-number@7.0.0", + "purl": "pkg:npm/json-parse-better-errors@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/is-number.git", + "url": "git+https://github.com/zkat/json-parse-better-errors.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/is-number", + "url": "https://github.com/zkat/json-parse-better-errors#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/is-number/issues", + "url": "https://github.com/zkat/json-parse-better-errors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "url": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -73867,48 +154049,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-number" + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/json-parse-better-errors" } ] }, { "type": "library", - "name": "is-binary-path", - "version": "2.1.0", - "bom-ref": "is-binary-path@2.1.0", - "author": "Sindre Sorhus", - "description": "Check if a file path is a binary file", + "name": "tunnel-agent", + "version": "0.6.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "author": "Mikeal Rogers", + "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/is-binary-path@2.1.0", + "purl": "pkg:npm/tunnel-agent@0.6.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-binary-path.git", + "url": "git+https://github.com/mikeal/tunnel-agent.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-binary-path#readme", + "url": "https://github.com/mikeal/tunnel-agent#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-binary-path/issues", + "url": "https://github.com/mikeal/tunnel-agent/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "url": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", "type": "distribution", "hashes": [ { - "alg": "SHA-512", - "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + "alg": "SHA-1", + "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -73917,48 +154099,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-binary-path" + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/tunnel-agent" } ] }, { "type": "library", - "name": "binary-extensions", - "version": "2.3.0", - "bom-ref": "binary-extensions@2.3.0", - "author": "Sindre Sorhus", - "description": "List of binary file extensions", + "name": "diff", + "version": "5.2.0", + "bom-ref": "sinon@16.1.3|diff@5.2.0", + "description": "A JavaScript text diff implementation.", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/binary-extensions@2.3.0", + "purl": "pkg:npm/diff@5.2.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "url": "git://github.com/kpdecker/jsdiff.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/binary-extensions#readme", + "url": "https://github.com/kpdecker/jsdiff#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/binary-extensions/issues", + "url": "http://github.com/kpdecker/jsdiff/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "09e87eee8c79a9eecb26e2c7a18d1f7a1de91ee5031c071151ec8bd95620859c1fa64348cbffbc39c8346b752e4a86336af9b2970b8b59039fde19748e330c23" + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -73967,17 +154148,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/binary-extensions" + "value": "node_modules/sinon/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "readdirp", - "version": "3.6.0", - "bom-ref": "readdirp@3.6.0", - "author": "Thorsten Lorenz", - "description": "Recursive version of fs.readdir with streaming API.", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "sinon@16.1.3|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", "licenses": [ { "license": { @@ -73985,30 +154170,30 @@ } } ], - "purl": "pkg:npm/readdirp@3.6.0", + "purl": "pkg:npm/supports-color@7.2.0", "externalReferences": [ { - "url": "git://github.com/paulmillr/readdirp.git", + "url": "git+https://github.com/chalk/supports-color.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/paulmillr/readdirp", + "url": "https://github.com/chalk/supports-color#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/paulmillr/readdirp/issues", + "url": "https://github.com/chalk/supports-color/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74017,48 +154202,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/readdirp" + "value": "node_modules/sinon/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "wrappy", - "version": "1.0.2", - "bom-ref": "wrappy@1.0.2", - "author": "Isaac Z. Schlueter", - "description": "Callback wrapping utility", + "name": "commons", + "group": "@sinonjs", + "version": "2.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "description": "Simple functions shared among the sinon end user libraries", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/wrappy@1.0.2", + "purl": "pkg:npm/%40sinonjs/commons@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/wrappy.git", + "url": "git+https://github.com/sinonjs/commons.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/wrappy", + "url": "https://github.com/sinonjs/commons#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/wrappy/issues", + "url": "https://github.com/sinonjs/commons/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9784a9fc346c7a8afdc0be84bd5dbe4ee427eb774c90f8d9feca7d5e48214c46d5f4a94f4b5c54b19deeeff2103b8c31b5c141e1b82940f45c477402bdeccf71" + "content": "b8b6b48fce7d98cae0dac97041874efc092b39f987f97e8b4d598d4d2f42a9ec6e13622f54e448912a492ea78f01b127289efb68c982c2bd4d519e7bd76d1772" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74067,48 +154256,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/wrappy" + "value": "node_modules/@sinonjs/samsam/node_modules/@sinonjs/commons" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "is-unicode-supported", - "version": "0.1.0", - "bom-ref": "is-unicode-supported@0.1.0", - "author": "Sindre Sorhus", - "description": "Detect whether the terminal supports Unicode", + "name": "fake-timers", + "group": "@sinonjs", + "version": "11.2.2", + "bom-ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/is-unicode-supported@0.1.0", + "purl": "pkg:npm/%40sinonjs/fake-timers@11.2.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-unicode-supported.git", + "url": "git+https://github.com/sinonjs/fake-timers.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-unicode-supported#readme", + "url": "https://github.com/sinonjs/fake-timers", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-unicode-supported/issues", + "url": "https://github.com/sinonjs/fake-timers/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "927c46daae140b7bbcb2d446c8054908e771166bf90d989171d94868041701b49f2726be3a1a29368b4b42bb2d061aaeaaee19a6e29b0dcffc4ba9a05e03c53f" + "content": "1b6a62092c50ee858ec701920321477cf22cc9e2465d8b5cea615b9c503e9115e48849d397c73ff23ba5d92df6f621419c323d1c6a1e596019beebce91971c83" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74117,7 +154311,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-unicode-supported" + "value": "node_modules/nise/node_modules/@sinonjs/fake-timers" }, { "name": "cdx:npm:package:development", @@ -74127,42 +154321,41 @@ }, { "type": "library", - "name": "serialize-javascript", - "version": "6.0.0", - "bom-ref": "serialize-javascript@6.0.0", - "author": "Eric Ferraiuolo", - "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.", + "name": "path-to-regexp", + "version": "6.2.2", + "bom-ref": "nise@5.1.9|path-to-regexp@6.2.2", + "description": "Express style path to RegExp utility", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/serialize-javascript@6.0.0", + "purl": "pkg:npm/path-to-regexp@6.2.2", "externalReferences": [ { - "url": "git+https://github.com/yahoo/serialize-javascript.git", + "url": "git+https://github.com/pillarjs/path-to-regexp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/yahoo/serialize-javascript", + "url": "https://github.com/pillarjs/path-to-regexp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yahoo/serialize-javascript/issues", + "url": "https://github.com/pillarjs/path-to-regexp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "42bdd3a2cbe0b85b7c78f5aab2f45facac905c8896fa719b629cbc5cadb83501c4f3771ac56b7e988ca64d3d7d0c615b35634b7c4c2cae44a637ae2555607d6a" + "content": "1905f749232892781bdfafb085da515c4fb77fd57c533c80a2b958bce1b1f3bb9f1877a13539f9942c6b2ad2f2678625ff010a9cd9ebf7c6733b0c03655e6883" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74171,7 +154364,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/serialize-javascript" + "value": "node_modules/nise/node_modules/path-to-regexp" }, { "name": "cdx:npm:package:development", @@ -74180,11 +154373,12 @@ ] }, { - "type": "library", - "name": "randombytes", - "version": "2.1.0", - "bom-ref": "randombytes@2.1.0", - "description": "random bytes from browserify stand alone", + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "pretty-format@29.7.0|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", "licenses": [ { "license": { @@ -74192,30 +154386,30 @@ } } ], - "purl": "pkg:npm/randombytes@2.1.0", + "purl": "pkg:npm/ansi-styles@5.2.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/crypto-browserify/randombytes.git", + "url": "git+https://github.com/chalk/ansi-styles.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/crypto-browserify/randombytes", + "url": "https://github.com/chalk/ansi-styles#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/crypto-browserify/randombytes/issues", + "url": "https://github.com/chalk/ansi-styles/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bd897788e5fee022945aec468bd5248627ba7eca97a92f4513665a89ce2d3450f637641069738c15bb8a2b84260c70b424ee81d59a78d49d0ba53d2847af1a99" + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74224,52 +154418,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/randombytes" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/pretty-format/node_modules/ansi-styles" } ] }, { "type": "library", - "name": "workerpool", - "version": "6.2.1", - "bom-ref": "workerpool@6.2.1", - "author": "Jos de Jong", - "description": "Offload tasks to a pool of workers on node.js and in the browser", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-util@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/workerpool@6.2.1", + "purl": "pkg:npm/ci-info@3.9.0", "externalReferences": [ { - "url": "git://github.com/josdejong/workerpool.git", + "url": "git+https://github.com/watson/ci-info.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/josdejong/workerpool", + "url": "https://github.com/watson/ci-info", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/josdejong/workerpool/issues", + "url": "https://github.com/watson/ci-info/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "20b10813dee40d9bc5f566fd7fa8796972b8b304a528651c3841a22186f638ebbf22b0d4f62c23d1f0fffd2b00e84e626f0271a44be1ba59496384a5e0672903" + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74278,52 +154468,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/workerpool" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/jest-util/node_modules/ci-info" } ] }, { "type": "library", - "name": "yargs-parser", - "version": "20.2.4", - "bom-ref": "yargs-parser@20.2.4", - "author": "Ben Coe", - "description": "the mighty option parser used by yargs", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/yargs-parser@20.2.4", + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", "externalReferences": [ { - "url": "git+https://github.com/yargs/yargs-parser.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/yargs/yargs-parser#readme", + "url": "https://typescript-eslint.io/packages/scope-manager", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/yargs-parser/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "58e92980d84f4e513bde1e1514016c3a7a262556a8bcef15a8b0f3cb9b1a0a1441150141a0c622ae8c325be43d1c1e07145e19ed5653886de24b3249036f7244" + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74332,7 +154518,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yargs-parser" + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager" }, { "name": "cdx:npm:package:development", @@ -74342,11 +154528,11 @@ }, { "type": "library", - "name": "yargs-unparser", - "version": "2.0.0", - "bom-ref": "yargs-unparser@2.0.0", - "author": "André Cruz", - "description": "Converts back a yargs argv object to its original array form", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", "licenses": [ { "license": { @@ -74354,30 +154540,30 @@ } } ], - "purl": "pkg:npm/yargs-unparser@2.0.0", + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", "externalReferences": [ { - "url": "git+https://github.com/yargs/yargs-unparser.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/yargs/yargs-unparser", + "url": "https://typescript-eslint.io", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/yargs-unparser/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ee9453200f5073571a6746d9e9161119b1c9b61256b9a91ff969872b4ad578b90daeb1a17e869b04d76e7ba91d20d23aaf889fee872af5a0ff9fbc7028e77338" + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74386,77 +154572,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yargs-unparser" + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types" }, { "name": "cdx:npm:package:development", "value": "true" } - ], - "components": [ - { - "type": "library", - "name": "camelcase", - "version": "6.3.0", - "bom-ref": "yargs-unparser@2.0.0|camelcase@6.3.0", - "author": "Sindre Sorhus", - "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/camelcase@6.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/camelcase.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/camelcase#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/camelcase/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/yargs-unparser/node_modules/camelcase" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - } ] }, { "type": "library", - "name": "decamelize", - "version": "4.0.0", - "bom-ref": "decamelize@4.0.0", - "author": "Sindre Sorhus", - "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", "licenses": [ { "license": { @@ -74464,30 +154594,30 @@ } } ], - "purl": "pkg:npm/decamelize@4.0.0", + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/decamelize.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/decamelize#readme", + "url": "https://typescript-eslint.io", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/decamelize/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f621353e04a293d1de208c3624ef78222767137781a10ac5277c3bb05bb3497e03a66677bf9b19a54895e52c1c7fa990105f98d2bbbc35ea3ea7e9f287627e85" + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74496,7 +154626,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/decamelize" + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys" }, { "name": "cdx:npm:package:development", @@ -74506,11 +154636,11 @@ }, { "type": "library", - "name": "is-plain-obj", - "version": "2.1.0", - "bom-ref": "is-plain-obj@2.1.0", - "author": "Sindre Sorhus", - "description": "Check if a value is a plain object", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint@8.57.0|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", "licenses": [ { "license": { @@ -74518,30 +154648,30 @@ } } ], - "purl": "pkg:npm/is-plain-obj@2.1.0", + "purl": "pkg:npm/ajv@6.12.6", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "url": "git+https://github.com/ajv-validator/ajv.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "url": "https://github.com/ajv-validator/ajv", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "url": "https://github.com/ajv-validator/ajv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6169dfc91c312fff92b2b5987cea54b73e5bdd80fe9f27e41ef8db71a9f393cce0c8ee00483ebbb95311b7c9396cce252cc0e75dfae24613a97a6c3e35f4f578" + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74550,7 +154680,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-plain-obj" + "value": "node_modules/eslint/node_modules/ajv" }, { "name": "cdx:npm:package:development", @@ -74560,11 +154690,11 @@ }, { "type": "library", - "name": "mock-fs", - "version": "5.2.0", - "bom-ref": "mock-fs@5.2.0", - "author": "Tim Schaub", - "description": "A configurable mock file system. You know, for testing.", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint@8.57.0|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", "licenses": [ { "license": { @@ -74572,30 +154702,30 @@ } } ], - "purl": "pkg:npm/mock-fs@5.2.0", + "purl": "pkg:npm/json-schema-traverse@0.4.1", "externalReferences": [ { - "url": "git://github.com/tschaub/mock-fs.git", + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tschaub/mock-fs", + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tschaub/mock-fs/issues", + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/mock-fs/-/mock-fs-5.2.0.tgz", + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d9d17647a60c4996e98a9d55d561ca18b363aff938f2e40296a3156f91f730ebf073daa1622b37fc859b8f4daa220fd8f0c0d7285178739bf4af1c76a3ac5367" + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74604,7 +154734,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mock-fs" + "value": "node_modules/eslint/node_modules/json-schema-traverse" }, { "name": "cdx:npm:package:development", @@ -74614,42 +154744,42 @@ }, { "type": "library", - "name": "objects-to-csv", - "version": "1.3.6", - "bom-ref": "objects-to-csv@1.3.6", - "author": "Anton Ivanov", - "description": "Converts an array of objects into a CSV file. Saves CSV to disk or returns as string.", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint@8.57.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", "licenses": [ { "license": { - "id": "Unlicense" + "id": "ISC" } } ], - "purl": "pkg:npm/objects-to-csv@1.3.6", + "purl": "pkg:npm/minimatch@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/anton-bot/objects-to-csv.git", + "url": "git://github.com/isaacs/minimatch.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/anton-bot/objects-to-csv#readme", + "url": "https://github.com/isaacs/minimatch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/anton-bot/objects-to-csv/issues", + "url": "https://github.com/isaacs/minimatch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/objects-to-csv/-/objects-to-csv-1.3.6.tgz", + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dfcdde4a94b786680292c5bce4a22a06d71b8125b90c356c0a6ccba0ce82deae32cce5f6ae6b56c45e296cb27be9fcfeb9f03ee3f4b0013e1075a63a2145a602" + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74658,48 +154788,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/objects-to-csv" + "value": "node_modules/eslint/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "async-csv", - "version": "2.1.3", - "bom-ref": "async-csv@2.1.3", - "author": "Anton Ivanov", - "description": "ES7 async-await wrapper for the csv package.", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint@8.57.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", "licenses": [ { "license": { - "id": "Unlicense" + "id": "MIT" } } ], - "purl": "pkg:npm/async-csv@2.1.3", + "purl": "pkg:npm/brace-expansion@1.1.11", "externalReferences": [ { - "url": "git+https://github.com/anton-bot/async-csv.git", + "url": "git://github.com/juliangruber/brace-expansion.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/catcher-in-the-try/async-csv#readme", + "url": "https://github.com/juliangruber/brace-expansion", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/catcher-in-the-try/async-csv/issues", + "url": "https://github.com/juliangruber/brace-expansion/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/async-csv/-/async-csv-2.1.3.tgz", + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9a9b0237e0fb9b365eaab943c3b5133e1bc3403971d62f35f44f5f6ca22df1dae48040f91523a506fdd193ffac5dd7af9cedb0c2546454e43891d4f4032a8fa9" + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74708,48 +154842,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/async-csv" + "value": "node_modules/eslint/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "csv", - "version": "5.5.3", - "bom-ref": "csv@5.5.3", - "author": "David Worms", - "description": "A mature CSV toolset with simple api, full of options and tested against large datasets.", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/csv@5.5.3", + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", "externalReferences": [ { - "url": "git+https://github.com/adaltas/node-csv.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://csv.js.org/", + "url": "https://typescript-eslint.io/packages/typescript-estree", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/adaltas/node-csv/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/csv/-/csv-5.5.3.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "413698d178e385340e760b80445d2518a9b9fe612af4f0fdfd585965e8070c806adad43080da47737767783e261a8da226cf9f4cabf9069d1f67e051b98dd9d2" + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74758,17 +154896,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/csv" + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "csv-generate", - "version": "3.4.3", - "bom-ref": "csv-generate@3.4.3", - "author": "David Worms", - "description": "CSV and object generation implementing the Node.js `stream.Readable` API", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", "licenses": [ { "license": { @@ -74776,30 +154918,30 @@ } } ], - "purl": "pkg:npm/csv-generate@3.4.3", + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", "externalReferences": [ { - "url": "git+ssh://git@github.com/adaltas/node-csv-generate.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://csv.js.org/generate/", + "url": "https://typescript-eslint.io", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/adaltas/node-csv-generate/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/csv-generate/-/csv-generate-3.4.3.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c3f4feaea474bf0bc7a96b3fd59c8c0d6b471d225a374ea4951a895c11290c968cffe75992ca3438a87555cbae62f2b75cce772b2b1536af0aa3f7a908af303b" + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74808,17 +154950,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/csv-generate" + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "csv-stringify", - "version": "5.6.5", - "bom-ref": "csv-stringify@5.6.5", - "author": "David Worms", - "description": "CSV stringifier implementing the Node.js `stream.Transform` API", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", "licenses": [ { "license": { @@ -74826,30 +154972,30 @@ } } ], - "purl": "pkg:npm/csv-stringify@5.6.5", + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", "externalReferences": [ { - "url": "git+ssh://git@github.com/adaltas/node-csv-stringify.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://csv.js.org/stringify/", + "url": "https://typescript-eslint.io", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/adaltas/node-csv-stringify/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3e3890eb9f5a43e7d44d0a92addd571039ceaf9da3877d1106eadfce4b1c684dad3da16c0c7e703801c98b0f17007a614649c2c0c504f4a45ac9ce0afcd6cef0" + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74858,17 +155004,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/csv-stringify" + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "stream-transform", - "version": "2.1.3", - "bom-ref": "stream-transform@2.1.3", - "author": "David Worms", - "description": "Object transformations implementing the Node.js `stream.Transform` API", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", "licenses": [ { "license": { @@ -74876,30 +155026,30 @@ } } ], - "purl": "pkg:npm/stream-transform@2.1.3", + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", "externalReferences": [ { - "url": "git+ssh://git@github.com/adaltas/node-stream-transform.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://csv.js.org/transform/", + "url": "https://typescript-eslint.io/packages/scope-manager", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/adaltas/node-stream-transform/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/stream-transform/-/stream-transform-2.1.3.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f461d488ce613220a2e98d378c3d80442d5eb6d0579100684007bb9c9b0f9279c8d28c35d1a5e34e77b0f10b584262e3ce7f7be019e658400980263a64fd4379" + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74908,17 +155058,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/stream-transform" + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "mixme", - "version": "0.5.10", - "bom-ref": "mixme@0.5.10", - "author": "David Worms", - "description": "A library for recursively merging JavaScript objects", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", "licenses": [ { "license": { @@ -74926,30 +155080,30 @@ } } ], - "purl": "pkg:npm/mixme@0.5.10", + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", "externalReferences": [ { - "url": "git+https://github.com/adaltas/node-mixme.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/adaltas/node-mixme", + "url": "https://typescript-eslint.io", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/adaltas/node-mixme/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/mixme/-/mixme-0.5.10.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e47efa00d5a29c1d47dedc2927a258f2ebc0b69985bc7340ae98a52408d744a5d20c32cf20ca1902bc39487d2af73fa52ecf08accc3b436556a568a614a153d5" + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -74958,17 +155112,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mixme" + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "oclif", - "version": "4.13.0", - "bom-ref": "oclif@4.13.0", - "author": "Salesforce", - "description": "oclif: create your own CLI", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", "licenses": [ { "license": { @@ -74976,30 +155134,30 @@ } } ], - "purl": "pkg:npm/oclif@4.13.0", + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", "externalReferences": [ { - "url": "git+https://github.com/oclif/oclif.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/oclif/oclif", + "url": "https://typescript-eslint.io", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/oclif/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/oclif/-/oclif-4.13.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c12b4e4be3963c2c513ca2bc87a037648009aeed940377b6f568d791ad2085e0fd64a60375495d8e3b6df2d2930dfac3ac64009d17f06de32f4baea28620726d" + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -75008,379 +155166,106 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/oclif" + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys" }, { "name": "cdx:npm:package:development", "value": "true" } - ], - "components": [ - { - "type": "library", - "name": "core", - "group": "@oclif", - "version": "4.0.1", - "bom-ref": "oclif@4.13.0|@oclif/core@4.0.1", - "author": "Salesforce", - "description": "base library for oclif CLIs", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40oclif/core@4.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/oclif/core.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/oclif/core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/oclif/core/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/oclif/node_modules/@oclif/core" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "debug", - "version": "4.3.5", - "bom-ref": "oclif@4.13.0|debug@4.3.5", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/debug@4.3.5", - "externalReferences": [ - { - "url": "git://github.com/debug-js/debug.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/debug-js/debug#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/debug-js/debug/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/oclif/node_modules/debug" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ { - "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "oclif@4.13.0|ms@2.1.2", - "description": "Tiny millisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/oclif/node_modules/ms" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ { - "type": "library", - "name": "fs-extra", - "version": "8.1.0", - "bom-ref": "oclif@4.13.0|fs-extra@8.1.0", - "author": "JP Richardson", - "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fs-extra@8.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/jprichardson/node-fs-extra.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jprichardson/node-fs-extra", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jprichardson/node-fs-extra/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ca1950800ea69ce25428eb11505b2025d402be42a1733f2d9591b91c141f45e619cb8e8ec0b718f9989ad26b5d1ec3a8f72fe13fe0b130dd1353d431a0eb46e2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/oclif/node_modules/fs-extra" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "jsonfile", - "version": "4.0.0", - "bom-ref": "oclif@4.13.0|jsonfile@4.0.0", - "author": "JP Richardson", - "description": "Easily read/write JSON files.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jsonfile@4.0.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jprichardson/node-jsonfile#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jprichardson/node-jsonfile/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9ba175477cfc8e395fda29901d2d907b3e6c8ca590cdbbae86e27f14a605459bcf1373ee1dc48c559cdfb0b84654e91f776d286cbe5258405ec394a196ab8dc6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/oclif/node_modules/jsonfile" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "universalify", - "version": "0.1.2", - "bom-ref": "oclif@4.13.0|universalify@0.1.2", - "author": "Ryan Zimmerman", - "description": "Make a callback- or promise-based function support both promises and callbacks.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/universalify@0.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/RyanZim/universalify.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/RyanZim/universalify#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/RyanZim/universalify/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ac125e2390970259b2d6957eeb5ed607d27add4e9771acc71c5d9fd9d6c98b1e17ce9505d114b765b8f414620e080bdae4ffddfc604e61a002435c3ed1acd492" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/oclif/node_modules/universalify" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "client-cloudfront", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Cloudfront Client for Node.js, Browser and React Native", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "description": "TypeScript plugin for ESLint", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-cloudfront@3.575.0#clients/client-cloudfront", + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@4.33.0#packages/eslint-plugin", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-cloudfront", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-cloudfront", + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.575.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1a3a39ffdc9954b510287ef7fc531f8267a2b003663279a9c563b7b40ef5cad4106549b9183585e20e327c7a14d6745e453c284854a1c3b32f69d641a6e08693" + "content": "68836203119574e975789c958da5a7fd871502ae068bf628df9a871829ea6d6573eb5837f43d21db7bde63f300d2b14519fc4aed3c92836bb00de36ff89815a6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -75389,1257 +155274,1186 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront" + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/eslint-plugin" }, { "name": "cdx:npm:package:development", "value": "true" } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } ], - "components": [ + "purl": "pkg:npm/%40typescript-eslint/parser@4.33.0#packages/parser", + "externalReferences": [ { - "type": "library", - "name": "client-sso-oidc", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.575.0#clients/client-sso-oidc", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "602b2d55a5b9b40bd7b3ebf82d1f603403be55184839b8e4d7f92709d550e504114debed550b5d25678dac3658a38013a343871b2a860a3e59d3d4d632ff9ed5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso-oidc" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "client-sts", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sts@3.575.0#clients/client-sts", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f0cad3e09d9d462b247f42453062f954d06a3ef73a8a035adb5f0b1812731d798bb26d567c60869dc7bce11ed4d944abf283ce7a7bb45f34822ef310c996c659" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sts" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "core", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "Core functions & classes shared by multiple AWS SDK clients", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/core@3.575.0#packages/core", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d75ed4fa44248b65e829c6107dea6695170dc67eab10b1a538538143c6762530571181db956da47b4ebb6b408b9b1170a7fcc25ae73b2068ddde29f7c78437ae" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/core" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "credential-provider-node", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from a Node.JS environment. ", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.575.0#packages/credential-provider-node", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.33.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ac474da6a5b68c47399306dffecf57432c0c2d094890c8ee08aea6c3db05d8e5511871959e1fba7a1ff5245c7c2a3f9e539d5cb627d0eca6877bc746728f0761" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "66885db1b5da76318148ad3fafe77ced7d120662b33aae3f4b99f32ba481809b29168f7f0940c9ee18dacaecdef892bb09940b0ccae8ab2b69ee939c14a4f164" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-node" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/parser" }, { - "type": "library", - "name": "middleware-host-header", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.575.0#packages/middleware-host-header", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5765a82c1897342738ac8599b7a15470fe13374564d3603d3cf0815a44dfc8ea288aa7eaf96666663451069c25d7ee54b2f011b25aca585d15ce178c4573c92d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-host-header" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "middleware-logger", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.575.0#packages/middleware-logger", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ec310ac7d675d4c69ac9eec57e162d0bcae36ccfcf70570c3b637840401fca97205828fec3882c784d8e19d7c01fd3850e815ce98bcba79defd7abdb3e3cd04a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-logger" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "middleware-recursion-detection", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.575.0#packages/middleware-recursion-detection", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ae2f3d95d445a2ce8a64319a92758f4b65cf3bdaabfa067bfa63daa14f189123355b8b8aaad9d448e37273e3b7085189aea45eb861e146ad25d9295dd1b8f03b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-recursion-detection" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "middleware-user-agent", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.575.0#packages/middleware-user-agent", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7d696be117eb50d4b64773e03fe5aca0c60e44082fff8ecba742747dbddd5ced58bdd73335675d45b152517d8c43133fcbd5c57d03cba4b83396e8682f70a37a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-user-agent" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/scope-manager" }, { - "type": "library", - "name": "region-config-resolver", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.575.0#packages/region-config-resolver", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0124ac1358a096bbdcbc1735c88a3606c242abded0e43d733b072953a1ee96fad1a4a783a2ad5e225eb580f7345e3704d37a9a311ee7e87ea8c62bd06d708f2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/region-config-resolver" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "types", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "Types for the AWS SDK", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/types@3.575.0#packages/types", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5eb9e89501acd305f176036e762ad1d783a034e6ab1fb59489fdfcfb63dde289d91fe2fb5e820b7a6d04800d6d469805a70da914795908d6801c33520446a5ee" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/types" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "util-endpoints", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "Utilities to help with endpoint resolution", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.575.0#packages/util-endpoints", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c02e71f95eb0de446547a5fa5d520db003c3606f93cecdd6b61970f982ed8ee3ce0d435921002ab000476a1c677a417202fb1efb5f76f47c28f8268bf811d918" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-endpoints" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "util-user-agent-browser", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.575.0#packages/util-user-agent-browser", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8800e89d7c9a5e0c2f0b84f4a91b8358274a227cfcd865f67327b3abfa2a5652fc6cf63b1c3f23c1966bbae25dab9b646898b51216cee3e7f592c66a3a264abd" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-browser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/types" }, { - "type": "library", - "name": "util-user-agent-node", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "Apache-2.0" - } + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" } ], - "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.575.0#packages/util-user-agent-node", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "930cef05f0342e820b0ce152e8157cb8e924b011eb62e94fea43577a00797999c348d89ae436c1b17ab143f1e49cd1796b8dbd496430d9a690244810bd907554" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-node" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-visitor-keys" }, { - "type": "library", - "name": "fast-xml-parser", - "version": "4.2.5", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", - "author": "Amit Gupta", - "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", - "licenses": [ + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "7.32.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@7.32.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "MIT" - } + "alg": "SHA-512", + "content": "54767c817f840dfcfef7b8c6720c860b24626bf74f39de9787dc8fbfc065d7e4a8688c03f9afef96b3a6191532398bbb33052173b0b1a9e683654d774b8f84a4" } ], - "purl": "pkg:npm/fast-xml-parser@4.2.5", - "externalReferences": [ - { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.12.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "author": "Sebastian McKenzie", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.12.11#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babeljs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "66dd72a1d071d5473289e3cc4a45a753884faa1c2aee11a2da714bd4b780dc4525faad8b431d7a3084a0274fb3edd9e682f3fd42d2257ae11318e88e1f545c23" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/fast-xml-parser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@babel/code-frame" }, { - "type": "library", - "name": "credential-provider-env", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from known environment variables", - "licenses": [ + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "0.4.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@0.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "Apache-2.0" - } + "alg": "SHA-512", + "content": "27a285173e50098509ab7a5fd268c47022551116f3bfbd4f5080dccee87d264c0613371e77a08ee400cb1c1d6b6dfffea0f06da0f7cc60d3a9183cc200d95b5f" } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.575.0#packages/credential-provider-env", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "613829ab7aef6015f35ba3930c1d34704efd7af42db2cfe5cf61a525782aa955c3d26ee2efb84603ccdbe3855ebcffd6c6d0da8925bb4928eebbc542046b20e2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-env" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/ajv" }, { - "type": "library", - "name": "credential-provider-http", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider for containers and HTTP sources", - "licenses": [ + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "7.3.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@7.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/eslint/espree.git", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "Apache-2.0" - } + "alg": "SHA-512", + "content": "bf724234213ae2e9a41699a4146ab354ab0e4f4b4dd59afeb9ea8b65fa55d4e6fc7be08480f59af8ec42a061f7b6786298c2886819b89bfbda46927f92b473da" } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.575.0#packages/credential-provider-http", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c507d599823ef4aa91be1598f1fc84967a5c5540415208bf1e88e2de853a58bad48eb5fdf24f771deee0283412c877fbca430b5002585b0b15e008d0da3ea78c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-http" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "credential-provider-ini", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.575.0#packages/credential-provider-ini", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "05d33a6bfe5552e3607b773ac91bb1bcefb8b2b2e849fa877e44067d40df8537532699639697e773d877cf6362d7e6ae78e1cf64c34558892d1c3717e7050606" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-ini" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/minimatch" }, { - "type": "library", - "name": "credential-provider-process", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", - "licenses": [ + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.5.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "Apache-2.0" - } + "alg": "SHA-512", + "content": "15a82d285cfbe17ad397bcba1c2cd0a700df5cfd328717bd9472c3d546718ef64871bc91cfccd3145ff260d7d27f3538d78783c19d52aced10bedc9ffb014c42" } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.575.0#packages/credential-provider-process", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "1.2.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dbfe4d255ecc672b0a825a89490fcef0e10b35cc0b707df192769b2fd35a82dcc1ed1341da9d405174745254decbdb120cb2f8a0298d6bffae9d8ba0956fc086" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "66740c9cb5787bb843954bf0f07f94f0048bd36492d869fafbd01cdf01862c87bbfa37b601e00ec4f63e8b320f2437c50dbede0e37afd14b3c30ed6215137c84" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-process" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/object-schema" }, { - "type": "library", - "name": "credential-provider-sso", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", - "licenses": [ + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "Apache-2.0" - } + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.575.0#packages/credential-provider-sso", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "36d5c0f4e3c82aca9abecd85ee184b4ffb766438f026cbd07af8f7d68bf536999335831cece585583a6d386eeba69b1632c93928a99f88bdaa5624099decd734" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-sso" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-scope" }, { - "type": "library", - "name": "credential-provider-web-identity", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", - "licenses": [ + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "Apache-2.0" - } + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.575.0#packages/credential-provider-web-identity", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "41cbd51fbc29be91515c600680205f41e885fe9b43d0d27e1eb73c74361f3c6845799d04a1540160da612e2db9c5eec967e5db6aa08aad444766daf87c010e27" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-web-identity" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils" }, { - "type": "library", - "name": "client-sso", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", - "licenses": [ + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "7.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@7.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "Apache-2.0" - } + "alg": "SHA-512", + "content": "9d0ca9d28d7f98d75b4ced4f3ba9079304ab9a0674313fe3082a4d8b06d48c6a11378765061a89b6842e0a710e2b3813570834656882a10cba4b131e6d0561f0" } ], - "purl": "pkg:npm/%40aws-sdk/client-sso@3.575.0#clients/client-sso", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/acorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7a5156a40b64b43dd7072e3b7ad1bcd062972bd2e1dec3423172e3712b34352d1f751210252db32b10bca8adb651099d14aa57c6d84d0f914a93b7cd12aad1fa" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/glob-parent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "token-providers", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "A collection of token providers", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/token-providers@3.575.0#packages/token-providers", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "10f3433d0a109232aa9f80f6b7bd2a5736df76d95a032f4a05d1b9f2a0f5c8d595c6af1187f957770981f9a1363d26a1b727d58a465d091a19885cf10e1e4850" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/token-providers" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/argparse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "xml-builder", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/xml-builder@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "XML builder for the AWS SDK", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/%40aws-sdk/xml-builder@3.575.0#packages/xml-builder", + "purl": "pkg:npm/sprintf-js@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/xml-builder", + "url": "git+https://github.com/alexei/sprintf.js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/xml-builder", + "url": "https://github.com/alexei/sprintf.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/alexei/sprintf.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.575.0.tgz", + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "716800c266c560d085ccfc312fbd39fa55a9b3417766f39c92e7ddd8a2a8119526b69570f7fb7151736b3f24945d29914d2461a1ab4830004d7d2b56474e376d" + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -76648,7 +156462,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/xml-builder" + "value": "node_modules/eslint-config-oclif-typescript/node_modules/sprintf-js" }, { "name": "cdx:npm:package:development", @@ -76658,43 +156472,42 @@ }, { "type": "library", - "name": "util-waiter", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/util-waiter@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "Shared utilities for client waiters for the AWS SDK", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/util-waiter@3.0.0#packages/util-waiter", + "purl": "pkg:npm/brace-expansion@1.1.11", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-waiter", + "url": "git://github.com/juliangruber/brace-expansion.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-waiter", + "url": "https://github.com/juliangruber/brace-expansion", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/juliangruber/brace-expansion/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.0.0.tgz", + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f9f1172711832c2a2a44a5529a8d1ab86c5aa9b882a3ef28a61fb86ae79f62368dc6338b2926363315507d1ce8eb93da66fe1fafee655a0f9abbbbd2b8927fcf" + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -76703,7 +156516,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-waiter" + "value": "node_modules/eslint-config-oclif-typescript/node_modules/brace-expansion" }, { "name": "cdx:npm:package:development", @@ -76713,43 +156526,42 @@ }, { "type": "library", - "name": "client-s3", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40aws-sdk/client-s3@3.583.0#clients/client-s3", + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-s3", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3", + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.583.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a52ef09dcba04ae210f1182d44813d0f2b2d76677798c9e37e388ed62035521197932020a09cd0e231f4afee57f9e5a660761071fcbd7d44174f682a577b7d18" + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -76758,626 +156570,291 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3" + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/typescript-estree" }, { "name": "cdx:npm:package:development", "value": "true" } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.29.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } ], - "components": [ + "purl": "pkg:npm/eslint-config-xo-space@0.29.0", + "externalReferences": [ { - "type": "library", - "name": "client-sso-oidc", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.583.0#clients/client-sso-oidc", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.583.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2cedf09ab1573e2da4344e3a943d570137d1aef74dc577780e54c5a2ea169abee5beaa1491c6e6b64576aff5c2859036cf41e20daba9842d5ef1bf2568955e4a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso-oidc" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "client-sts", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sts@3.583.0#clients/client-sts", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.583.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c4333189e98f0d6afd758d90e00ca2c6446793f86f4ba7ece8e5b1b950b3d563b8ed885a01f3ac10602040c8032cb68e7e3fe82d4e43d78b9334110f1a1e2b04" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sts" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "core", - "group": "@aws-sdk", - "version": "3.582.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", - "author": "AWS SDK for JavaScript Team", - "description": "Core functions & classes shared by multiple AWS SDK clients", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/core@3.582.0#packages/core", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.582.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a1f983f7a21073d83575bcaa942cb1bb97c21bb90897da75368379faf1815322dd6e63c25773dd83df6744760426ebf63201b1e405051833cc1dca9b2699d923" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/core" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "credential-provider-node", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from a Node.JS environment. ", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.583.0#packages/credential-provider-node", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.29.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.583.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c81372a415e7cbbcc91fce52cf10e3f2cd666cb5eff5cfd56ead2a4774773ce8f689d67acb007faa52110b55f006ebf8f56be0f24035c0a5e4dcade3ae971523" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "7a65195478e6ce5dc8d5a3b633fda0129a9afc61d74e5ecb17fbd07805f85be990214fb6932a98f7b16432749cd89f0eb28abebc2497098fc78c552614817f02" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-node" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo-space" }, { - "type": "library", - "name": "middleware-user-agent", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.583.0#packages/middleware-user-agent", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.583.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c553575d70d6bc1548fc0795b52740f5256e9aac6265a11293f269527f463249ad4ca7ed7abd02c1e6a9fb5890f63f1b4403b4bcd8662246dcbdd0754b859553" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/middleware-user-agent" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.38.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.38.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "util-endpoints", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "Utilities to help with endpoint resolution", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.583.0#packages/util-endpoints", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.583.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "642f666f68eae811573d8b14b03dad99872796677ef4f18dc2714d9fc8e4e1a6e76b9263936c0392737cd726e4b66051e6db4df56f2e82692db8ab6f00c20309" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/util-endpoints" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "fast-xml-parser", - "version": "4.2.5", - "bom-ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", - "author": "Amit Gupta", - "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fast-xml-parser@4.2.5", - "externalReferences": [ - { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.38.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "1b68cbf95c9f91c656f06a139aa2ec131beb5acb0179d4a8690435d6fca17e50de4f772c31d055a743a7f805628eb46ebe09a459e0f0c142f9463d2a0d11caea" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/fast-xml-parser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo" }, { - "type": "library", - "name": "credential-provider-http", - "group": "@aws-sdk", - "version": "3.582.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider for containers and HTTP sources", - "licenses": [ + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "Apache-2.0" - } + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.582.0#packages/credential-provider-http", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.582.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9063942b0e6bc8f90321807af4f8cadd289c54b4db581d3aa2e14dd96d44bea509a644063c0506cd872898ab6dde625a0937ffd647e8687c0044097a28a48ff1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-http" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "type": "library", - "name": "credential-provider-ini", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.583.0#packages/credential-provider-ini", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.583.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f08d2858d83fca9b3a72d8e111e2ffa89f4121affec573fb44f0d0a85299db306459b98b2cea0c59746f97cb8a5010faa827be0c699cbbdb247d55de5d27ac11" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-ini" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "credential-provider-sso", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.583.0#packages/credential-provider-sso", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.583.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1bfd44bcbf6d05ecd2894fb4ead1b82bf90ebc57cf8e785e4f82525ea8cf33bfaf8cace0a768f1a7527d30c77af73b388d55a89fddf6ccc786823ac2a65ccc12" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-sso" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "client-sso", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sso@3.583.0#clients/client-sso", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.583.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "14d276326881b596708248f8f862d5af3ab0983e83f05069b6b15993b3e71a449feefd50f2dc58348ea063ddfc4518582789415b870d6e13ef5a80f1025f741f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "sha1-browser", - "group": "@aws-crypto", - "version": "3.0.0", - "bom-ref": "@aws-crypto/sha1-browser@3.0.0", - "author": "AWS Crypto Tools Team", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", "licenses": [ { "license": { @@ -77385,30 +156862,30 @@ } } ], - "purl": "pkg:npm/%40aws-crypto/sha1-browser@3.0.0", + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser", + "url": "https://github.com/eslint/eslint-visitor-keys#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "url": "https://github.com/eslint/eslint-visitor-keys/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "349b61e5cf7dec62c7b3a9ce613cc52936d874c340ebfd5794a5609d9a1a65c43bcfb50994e823d8975b1c4f2d8982d2ddfcd734282e72defb48f19ab76ada4b" + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -77417,108 +156894,158 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/sha1-browser" + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-visitor-keys" }, { "name": "cdx:npm:package:development", "value": "true" } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } ], - "components": [ + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ { - "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", - "licenses": [ + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ { - "license": { - "id": "0BSD" - } + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" } ], - "purl": "pkg:npm/tslib@1.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/Microsoft/tslib.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://www.typescriptlang.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Microsoft/TypeScript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/sha1-browser/node_modules/tslib" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "region-config-resolver", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/region-config-resolver@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.577.0#packages/region-config-resolver", + "purl": "pkg:npm/estraverse@4.3.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "url": "git+ssh://git@github.com/estools/estraverse.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "url": "https://github.com/estools/estraverse", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/estools/estraverse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.577.0.tgz", + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e0284214008dc33ab1ff18e0df3805716f00962e91f42f797051022964ffec250cd43d0c1af91c9521f670b6ab9870a626053aa272a426ba05b56a74907860ca" + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -77527,7 +157054,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/region-config-resolver" + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/estraverse" }, { "name": "cdx:npm:package:development", @@ -77537,42 +157064,42 @@ }, { "type": "library", - "name": "util-user-agent-node", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/util-user-agent-node@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "tsutils@3.21.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "0BSD" } } ], - "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.577.0#packages/util-user-agent-node", + "purl": "pkg:npm/tslib@1.14.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "url": "git+https://github.com/Microsoft/tslib.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "url": "https://www.typescriptlang.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/Microsoft/TypeScript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.577.0.tgz", + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5eabed1636d232dc9c653595c037bc0d15a8beea0c6c0e789e1528670554eab5bd3920fa359586479d7605418715a5b35b45a0f3ef838f5d05aca4c6d97b6a7c" + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -77581,7 +157108,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/util-user-agent-node" + "value": "node_modules/tsutils/node_modules/tslib" }, { "name": "cdx:npm:package:development", @@ -77591,12 +157118,11 @@ }, { "type": "library", - "name": "credential-provider-env", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-env@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from known environment variables", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", "licenses": [ { "license": { @@ -77604,30 +157130,30 @@ } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.577.0#packages/credential-provider-env", + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "url": "https://github.com/eslint/eslint-visitor-keys#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/eslint/eslint-visitor-keys/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.577.0.tgz", + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "271bb6e798f4813a0c1848aab9f3fc66d288f075bdd2538b8f02772eb7650ff34bb00634b4e41fd5f59ce77bb6f215a698d18cc660ab2f6a7ae883a030384353" + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -77636,7 +157162,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-env" + "value": "node_modules/eslint-utils/node_modules/eslint-visitor-keys" }, { "name": "cdx:npm:package:development", @@ -77646,43 +157172,41 @@ }, { "type": "library", - "name": "credential-provider-process", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-process@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "description": "Terminal string styling done right", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.577.0#packages/credential-provider-process", + "purl": "pkg:npm/chalk@2.4.2", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "url": "git+https://github.com/chalk/chalk.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "url": "https://github.com/chalk/chalk#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/chalk/chalk/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.577.0.tgz", + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1a29fa056b4e897c488084eb27737073e6363f5b954fa86e611e0471b03f0c950f5b23b49fdcb95052dec0fbd56cb9119f5e49784a84ac12d4ac772592238ab7" + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -77691,53 +157215,98 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-process" + "value": "node_modules/@babel/highlight/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "name": "cdx:npm:package:development", - "value": "true" + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/ansi-styles" } ] }, { "type": "library", - "name": "credential-provider-web-identity", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-web-identity@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.577.0#packages/credential-provider-web-identity", + "purl": "pkg:npm/color-convert@1.9.3", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "url": "git+https://github.com/Qix-/color-convert.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "url": "https://github.com/Qix-/color-convert#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/Qix-/color-convert/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.577.0.tgz", + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6461c6351682b49266b336fd5139c2ee2ccd0ad454b6d74f94b74c921e3528f4b7daf7ddac10c7b3526ba5b6628c8b518f5c4ab8e5ec8984972c068719c2e1f1" + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -77746,53 +157315,98 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-web-identity" + "value": "node_modules/@babel/highlight/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "@babel/highlight@7.24.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "name": "cdx:npm:package:development", - "value": "true" + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-name" } ] }, { "type": "library", - "name": "token-providers", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/token-providers@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "A collection of token providers", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/token-providers@3.577.0#packages/token-providers", + "purl": "pkg:npm/escape-string-regexp@1.0.5", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.577.0.tgz", + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d02908669702dc3350250d610e39b66dd4b2fd78ececdcb962f4ac69c6ac18e90d7e4f85764890cba37aedb657dd96dcf4a231f8dcf86eede20de3523699679d" + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -77801,53 +157415,98 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/token-providers" + "value": "node_modules/@babel/highlight/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "name": "cdx:npm:package:development", - "value": "true" + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/supports-color" } ] }, { "type": "library", - "name": "client-sso-oidc", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/client-sso-oidc@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "@babel/highlight@7.24.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.577.0#clients/client-sso-oidc", + "purl": "pkg:npm/has-flag@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "url": "git+https://github.com/sindresorhus/has-flag.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "url": "https://github.com/sindresorhus/has-flag#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/has-flag/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.577.0.tgz", + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9e398a48f0d6b9e59661516915c6763f77c8ebfa5d4150dad05802c986613a724b8041d921c04183502c9e455669c06e2e8a69f5756dda6fbb84eeae818d7fd6" + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -77856,53 +157515,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-sso-oidc" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/highlight/node_modules/has-flag" } ] }, { "type": "library", - "name": "client-sts", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/client-sts@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "name": "type-fest", + "version": "0.20.2", + "bom-ref": "globals@13.24.0|type-fest@0.20.2", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", "licenses": [ { - "license": { - "id": "Apache-2.0" - } + "expression": "(MIT OR CC0-1.0)" } ], - "purl": "pkg:npm/%40aws-sdk/client-sts@3.577.0#clients/client-sts", + "purl": "pkg:npm/type-fest@0.20.2", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "url": "git+https://github.com/sindresorhus/type-fest.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "url": "https://github.com/sindresorhus/type-fest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/type-fest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.577.0.tgz", + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e74f4a9258a6bdad575658466e94e9797de438fe8e4699b8e2dc09c431e96bd4d445b9a86b18fbbde5a59cb09b0e8af10d3adbb03821bd866c86f70bb288d5a6" + "content": "35ef9e138af4fe25a7a40c43f39db3dc0f8dd01b7944dfff36327045dd95147126af2c317f9bec66587847a962c65e81fb0cfff1dfa669348090dd452242372d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -77911,7 +157563,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-sts" + "value": "node_modules/globals/node_modules/type-fest" }, { "name": "cdx:npm:package:development", @@ -77921,43 +157573,42 @@ }, { "type": "library", - "name": "core", - "group": "@aws-sdk", - "version": "3.576.0", - "bom-ref": "@aws-sdk/core@3.576.0", - "author": "AWS SDK for JavaScript Team", - "description": "Core functions & classes shared by multiple AWS SDK clients", + "name": "fast-levenshtein", + "version": "2.0.6", + "bom-ref": "optionator@0.9.3|fast-levenshtein@2.0.6", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/core@3.576.0#packages/core", + "purl": "pkg:npm/fast-levenshtein@2.0.6", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "url": "https://github.com/hiddentao/fast-levenshtein#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/hiddentao/fast-levenshtein/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.576.0.tgz", + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "283bc395b7a2a524c87fe7df2ad4e0d66e35f532bbb3d9994960bc6efb99f6ac7afec8d014e5c828e56acae962e839dfc466ef45cc2846e63df4e7021f537fd3" + "content": "0c25eee887e1a9c92ced364a6371f1a77cbaaa9858e522599ab58c0eb29c11148e5d641d32153d220fcf62bcf2c3fba5f63388ca1d0de0cd2d6c2e61a1d83c77" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -77966,109 +157617,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/core" + "value": "node_modules/optionator/node_modules/fast-levenshtein" }, { "name": "cdx:npm:package:development", "value": "true" } - ], - "components": [ - { - "type": "library", - "name": "fast-xml-parser", - "version": "4.2.5", - "bom-ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", - "author": "Amit Gupta", - "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fast-xml-parser@4.2.5", - "externalReferences": [ - { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/core/node_modules/fast-xml-parser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - } ] }, { "type": "library", - "name": "credential-provider-node", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-node@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.577.0#packages/credential-provider-node", + "purl": "pkg:npm/eslint-utils@2.1.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "url": "git+https://github.com/mysticatea/eslint-utils.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "url": "https://github.com/mysticatea/eslint-utils#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/mysticatea/eslint-utils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.577.0.tgz", + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7a96751ce32cad704d7337341d0a6fd15323a80129734f43500ed183781425f9fcba684c2fb03b6d79d4caa3c0f92e78ab7f7b51883595e40a7529f6dce8b041" + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78077,7 +157671,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-node" + "value": "node_modules/eslint-plugin-node/node_modules/eslint-utils" }, { "name": "cdx:npm:package:development", @@ -78087,11 +157681,11 @@ }, { "type": "library", - "name": "middleware-user-agent", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-user-agent@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", "licenses": [ { "license": { @@ -78099,30 +157693,30 @@ } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.577.0#packages/middleware-user-agent", + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "url": "https://github.com/eslint/eslint-visitor-keys#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/eslint/eslint-visitor-keys/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.577.0.tgz", + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3f9e470178309a21c7a45c792443ef3a701b7e137bbfab16bfd3c142cfb3dad0bb42205c3d2d1c74947a3df57b2759f854f2b9dbf3a7acade5f55c5d43b32cd2" + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78131,7 +157725,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-user-agent" + "value": "node_modules/eslint-plugin-node/node_modules/eslint-visitor-keys" }, { "name": "cdx:npm:package:development", @@ -78141,43 +157735,42 @@ }, { "type": "library", - "name": "util-endpoints", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/util-endpoints@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "Utilities to help with endpoint resolution", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.577.0#packages/util-endpoints", + "purl": "pkg:npm/minimatch@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "url": "git://github.com/isaacs/minimatch.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "url": "https://github.com/isaacs/minimatch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/isaacs/minimatch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.577.0.tgz", + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "163b94cf529dcb8665cb6abf739f2da5da8777acfb88e754fdc698ce873c8f08001c10c16c824d40b094f615c99cf57633ca56c500f2219b28570b66bc4acfcf" + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78186,7 +157779,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/util-endpoints" + "value": "node_modules/eslint-plugin-node/node_modules/minimatch" }, { "name": "cdx:npm:package:development", @@ -78196,43 +157789,42 @@ }, { "type": "library", - "name": "credential-provider-http", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-http@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider for containers and HTTP sources", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.577.0#packages/credential-provider-http", + "purl": "pkg:npm/brace-expansion@1.1.11", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "url": "git://github.com/juliangruber/brace-expansion.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "url": "https://github.com/juliangruber/brace-expansion", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/juliangruber/brace-expansion/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.577.0.tgz", + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9fefb2842a7aedbf7e651184758d6385a981e44fcef90b080ce3d2b9199d69218c08e77cda850428f8085445356e4ab10ec071822116bafb5f84aeac3620d2d0" + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78241,7 +157833,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-http" + "value": "node_modules/eslint-plugin-node/node_modules/brace-expansion" }, { "name": "cdx:npm:package:development", @@ -78251,43 +157843,42 @@ }, { "type": "library", - "name": "credential-provider-ini", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-ini@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "name": "semver", + "version": "6.3.1", + "bom-ref": "eslint-plugin-node@11.1.0|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.577.0#packages/credential-provider-ini", + "purl": "pkg:npm/semver@6.3.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "url": "git+https://github.com/npm/node-semver.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "url": "https://github.com/npm/node-semver#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/npm/node-semver/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.577.0.tgz", + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "abb9473edbfa06346f0a1504de6d2d21a1192b13d3699d41de52b1198b0597754b02ee4df3218250ac2e0358b37f8b9c4fe2f22ac7151aa2ba543671d5ebf79f" + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78296,7 +157887,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-ini" + "value": "node_modules/eslint-plugin-node/node_modules/semver" }, { "name": "cdx:npm:package:development", @@ -78306,43 +157897,42 @@ }, { "type": "library", - "name": "credential-provider-sso", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-sso@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.577.0#packages/credential-provider-sso", + "purl": "pkg:npm/eslint-utils@2.1.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "url": "git+https://github.com/mysticatea/eslint-utils.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "url": "https://github.com/mysticatea/eslint-utils#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/mysticatea/eslint-utils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.577.0.tgz", + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8959b9490bd2ec48194c9b116aa50e9834290503cf3dab78d9209b585bc540e2eb97ca9ec2af0e3fde21152e70da63fadb39e0798cea8499c37a5efd1d76f17b" + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78351,7 +157941,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-sso" + "value": "node_modules/eslint-plugin-es/node_modules/eslint-utils" }, { "name": "cdx:npm:package:development", @@ -78361,12 +157951,11 @@ }, { "type": "library", - "name": "client-sso", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/client-sso@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", "licenses": [ { "license": { @@ -78374,30 +157963,30 @@ } } ], - "purl": "pkg:npm/%40aws-sdk/client-sso@3.577.0#clients/client-sso", + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "url": "https://github.com/eslint/eslint-visitor-keys#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/eslint/eslint-visitor-keys/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.577.0.tgz", + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "070ba3757af276593a504c8f99ec26e46a86e27910e8e5724614bf4b264fffa50a485bf6fec7f7f750a6cf484dd22b544c7d6b4785de2e59fc5c23ad6ab92bce" + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78406,7 +157995,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-sso" + "value": "node_modules/eslint-plugin-es/node_modules/eslint-visitor-keys" }, { "name": "cdx:npm:package:development", @@ -78416,42 +158005,42 @@ }, { "type": "library", - "name": "middleware-bucket-endpoint", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "eslint-plugin-unicorn", + "version": "36.0.0", + "bom-ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "author": "Sindre Sorhus", + "description": "Various awesome ESLint rules", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-bucket-endpoint@3.577.0#packages/middleware-bucket-endpoint", + "purl": "pkg:npm/eslint-plugin-unicorn@36.0.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-bucket-endpoint", + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-bucket-endpoint", + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.577.0.tgz", + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-36.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b70964357d95a1f33a9075f30c48893a260273db550017b971bcb1300ad15ac708b02586f666a63e10bbedecc6e17b0df5d144c157711180f90aba66ff91148b" + "content": "c71376bd272d1969c35ba68b1259bf2ca23072b9a4ea676211c5b9e54bf992b72b55c20549632612073f870a5e9987d969c299e67a4511118dcf869386ca7500" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78460,7 +158049,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-bucket-endpoint" + "value": "node_modules/eslint-config-oclif/node_modules/eslint-plugin-unicorn" }, { "name": "cdx:npm:package:development", @@ -78470,43 +158059,42 @@ }, { "type": "library", - "name": "util-arn-parser", - "group": "@aws-sdk", - "version": "3.568.0", - "bom-ref": "@aws-sdk/util-arn-parser@3.568.0", - "author": "AWS SDK for JavaScript Team", - "description": "A parser to Amazon Resource Names", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/util-arn-parser@3.568.0#packages/util-arn-parser", + "purl": "pkg:npm/ci-info@3.9.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-arn-parser", + "url": "git+https://github.com/watson/ci-info.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-arn-parser", + "url": "https://github.com/watson/ci-info", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/watson/ci-info/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5d4289596a3e28e07b7db9cf3f4fa0fe8e54964bbf5f9dedee2fe1fac3c7af9c71613249f426276d3a28f799b3c5eef15af90baec36d27c2fe327367f4836cdb" + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78515,7 +158103,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/util-arn-parser" + "value": "node_modules/eslint-config-oclif/node_modules/ci-info" }, { "name": "cdx:npm:package:development", @@ -78525,42 +158113,42 @@ }, { "type": "library", - "name": "middleware-expect-continue", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-expect-continue@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-expect-continue@3.577.0#packages/middleware-expect-continue", + "purl": "pkg:npm/escape-string-regexp@1.0.5", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-expect-continue", + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-expect-continue", + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.577.0.tgz", + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e9d3e9f13bf8174a1fe2e9f9200c86eaafbe1ab46b3504383f6340301d56d153b826812ed42f0689ebdb6c32e2f3c4c52059ad2a99c70743830b3c27a1ef09b0" + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78569,7 +158157,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-expect-continue" + "value": "node_modules/clean-regexp/node_modules/escape-string-regexp" }, { "name": "cdx:npm:package:development", @@ -78579,11 +158167,11 @@ }, { "type": "library", - "name": "middleware-flexible-checksums", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", "licenses": [ { "license": { @@ -78591,30 +158179,30 @@ } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-flexible-checksums@3.577.0#packages/middleware-flexible-checksums", + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-flexible-checksums", + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", + "url": "https://github.com/eslint/eslint-visitor-keys#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/eslint/eslint-visitor-keys/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.577.0.tgz", + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "207014122a487da823c3dd8b57c48e48188217b667a9f1dcc35e0891c656dbf99fac2cb5161fe4e343284bfb774eba36b50f75ae040fc14a12801fd00a2d8eae" + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78623,7 +158211,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-flexible-checksums" + "value": "node_modules/eslint-template-visitor/node_modules/eslint-visitor-keys" }, { "name": "cdx:npm:package:development", @@ -78633,11 +158221,11 @@ }, { "type": "library", - "name": "crc32", - "group": "@aws-crypto", - "version": "3.0.0", - "bom-ref": "@aws-crypto/crc32@3.0.0", - "author": "AWS Crypto Tools Team", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", "licenses": [ { "license": { @@ -78645,30 +158233,30 @@ } } ], - "purl": "pkg:npm/%40aws-crypto/crc32@3.0.0", + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32", + "url": "https://github.com/eslint/eslint-visitor-keys#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "url": "https://github.com/eslint/eslint-visitor-keys/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2334a0b2bc5472cade8d06cf5629482b2d7a9004f9d84c01eb349a23e337c712212a1e7e6a5744caf23ecfa7ab33b4c22c1d8126c16bb478e9ebfe3fb2bfb774" + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78677,108 +158265,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/crc32" + "value": "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys" }, { "name": "cdx:npm:package:development", "value": "true" } - ], - "components": [ - { - "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", - "licenses": [ - { - "license": { - "id": "0BSD" - } - } - ], - "purl": "pkg:npm/tslib@1.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/Microsoft/tslib.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://www.typescriptlang.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Microsoft/TypeScript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/crc32/node_modules/tslib" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - } ] }, { "type": "library", - "name": "crc32c", - "group": "@aws-crypto", - "version": "3.0.0", - "bom-ref": "@aws-crypto/crc32c@3.0.0", - "author": "AWS Crypto Tools Team", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/eslint-parser@7.24.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/%40aws-crypto/crc32c@3.0.0", + "purl": "pkg:npm/semver@6.3.1", "externalReferences": [ { - "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "url": "git+https://github.com/npm/node-semver.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32c", + "url": "https://github.com/npm/node-semver#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "url": "https://github.com/npm/node-semver/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "10d34f3cc6a79a7549e014d794e8c0803ed446275b0339d446a0f42af7d1132738a36d033d874495d5357f9710ec96e3d0224948f68c224ffd66c85d077db5d3" + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78787,108 +158319,51 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/crc32c" + "value": "node_modules/@babel/eslint-parser/node_modules/semver" }, { "name": "cdx:npm:package:development", "value": "true" } - ], - "components": [ - { - "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", - "licenses": [ - { - "license": { - "id": "0BSD" - } - } - ], - "purl": "pkg:npm/tslib@1.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/Microsoft/tslib.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://www.typescriptlang.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Microsoft/TypeScript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/crc32c/node_modules/tslib" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - } ] }, { "type": "library", - "name": "middleware-location-constraint", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-location-constraint@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-location-constraint@3.577.0#packages/middleware-location-constraint", + "purl": "pkg:npm/eslint-scope@5.1.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-location-constraint", + "url": "git+https://github.com/eslint/eslint-scope.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-location-constraint", + "url": "http://github.com/eslint/eslint-scope", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/eslint/eslint-scope/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.577.0.tgz", + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0ca3d30f60f6b3eb76414a3f21762d55affa527f0667ea61493064c81371da47d9cf82b06af865fc92734aa4d5dc67c25e455d16eec2ae3a17ec167aa9679350" + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78897,7 +158372,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-location-constraint" + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope" }, { "name": "cdx:npm:package:development", @@ -78907,42 +158382,41 @@ }, { "type": "library", - "name": "middleware-sdk-s3", - "group": "@aws-sdk", - "version": "3.582.0", - "bom-ref": "@aws-sdk/middleware-sdk-s3@3.582.0", - "author": "AWS SDK for JavaScript Team", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-sdk-s3@3.582.0#packages/middleware-sdk-s3", + "purl": "pkg:npm/estraverse@4.3.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-sdk-s3", + "url": "git+ssh://git@github.com/estools/estraverse.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-sdk-s3", + "url": "https://github.com/estools/estraverse", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/estools/estraverse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.582.0.tgz", + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3c9a90a4ba0b6993d12382ff5d951e1e477d5152bc540afd477f30bf4a2c19e313bf30fd8b0cf39342364ed06a15d6bfe71101d58815619c32aaf992b579adb6" + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -78951,7 +158425,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-sdk-s3" + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse" }, { "name": "cdx:npm:package:development", @@ -78961,42 +158435,42 @@ }, { "type": "library", - "name": "middleware-signing", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-signing@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-signing@3.577.0#packages/middleware-signing", + "purl": "pkg:npm/find-up@4.1.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-signing", + "url": "git+https://github.com/sindresorhus/find-up.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-signing", + "url": "https://github.com/sindresorhus/find-up#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/find-up/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.577.0.tgz", + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "412fdd877f8da996d7b58d23fc367cebba203f8d77a46e5c146a81cbd39e3a10ccb2895cc0bad06e2d12d1ceb6d5d73540dabe7abf5f7da32167f68f9325d722" + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79005,7 +158479,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-signing" + "value": "node_modules/read-pkg-up/node_modules/find-up" }, { "name": "cdx:npm:package:development", @@ -79015,42 +158489,42 @@ }, { "type": "library", - "name": "middleware-ssec", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-ssec@3.577.0", - "author": "AWS SDK for JavaScript Team", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-ssec@3.577.0#packages/middleware-ssec", + "purl": "pkg:npm/locate-path@5.0.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-ssec", + "url": "git+https://github.com/sindresorhus/locate-path.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-ssec", + "url": "https://github.com/sindresorhus/locate-path#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/locate-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.577.0.tgz", + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8b604f251faba7cc6645520673487590344570cd89f469c296aaa973e34b4a399869d95c83898f9258accfd1f3c0555c44f2795dc19fdd4e0162ce46f3e893ca" + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79059,7 +158533,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-ssec" + "value": "node_modules/read-pkg-up/node_modules/locate-path" }, { "name": "cdx:npm:package:development", @@ -79069,42 +158543,42 @@ }, { "type": "library", - "name": "signature-v4-multi-region", - "group": "@aws-sdk", - "version": "3.582.0", - "bom-ref": "@aws-sdk/signature-v4-multi-region@3.582.0", - "author": "AWS SDK for JavaScript Team", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/signature-v4-multi-region@3.582.0#packages/signature-v4-multi-region", + "purl": "pkg:npm/p-locate@4.1.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/signature-v4-multi-region", + "url": "git+https://github.com/sindresorhus/p-locate.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/signature-v4-multi-region", + "url": "https://github.com/sindresorhus/p-locate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/p-locate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.582.0.tgz", + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "68508e8e336a117da5f95f108ce5b2e45ec2b47202fd1958741bafdcda3acb19fea4cbd55147bacdd324db21d672e755a475accaf719cc050196200f7852cfb1" + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79113,7 +158587,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/signature-v4-multi-region" + "value": "node_modules/read-pkg-up/node_modules/p-locate" }, { "name": "cdx:npm:package:development", @@ -79123,42 +158597,42 @@ }, { "type": "library", - "name": "eventstream-serde-browser", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/eventstream-serde-browser@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/eventstream-serde-browser@3.0.0#packages/eventstream-serde-browser", + "purl": "pkg:npm/p-limit@2.3.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-browser", + "url": "git+https://github.com/sindresorhus/p-limit.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-browser", + "url": "https://github.com/sindresorhus/p-limit#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/sindresorhus/p-limit/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.0.tgz", + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "341ec01623cde0dc4ffd80809ebbd8475f33dbf66c887885ed5b46df482c84ef466c5ac86f5ac2f1ea78346a49496af3e8feb8ba13d77a8e0cd14b022e764aab" + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79167,7 +158641,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/eventstream-serde-browser" + "value": "node_modules/read-pkg-up/node_modules/p-limit" }, { "name": "cdx:npm:package:development", @@ -79177,42 +158651,40 @@ }, { "type": "library", - "name": "eventstream-serde-universal", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/eventstream-serde-universal@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "type-fest", + "version": "0.8.1", + "bom-ref": "read-pkg-up@7.0.1|type-fest@0.8.1", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", "licenses": [ { - "license": { - "id": "Apache-2.0" - } + "expression": "(MIT OR CC0-1.0)" } ], - "purl": "pkg:npm/%40smithy/eventstream-serde-universal@3.0.0#packages/eventstream-serde-universal", + "purl": "pkg:npm/type-fest@0.8.1", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-universal", + "url": "git+https://github.com/sindresorhus/type-fest.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-universal", + "url": "https://github.com/sindresorhus/type-fest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/sindresorhus/type-fest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.0.tgz", + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1cd15f4a19a8b5619e0285b8ba33fc99e57d0596af72999eac36cf2239096f129b37c46c51ca5143fd8ec88c563715cd1f6196080c6e481ef29e62062654370f" + "content": "e1d6f3233aaf8ed822339af0d64e6b107b4100d2a676e7611b20446a3374d5f13285a00886ca0a372eb2efe20df7721fa45b7063d8aa8bb903fb1c0a850b0d24" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79221,7 +158693,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/eventstream-serde-universal" + "value": "node_modules/read-pkg-up/node_modules/type-fest" }, { "name": "cdx:npm:package:development", @@ -79231,42 +158703,42 @@ }, { "type": "library", - "name": "eventstream-codec", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/eventstream-codec@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/eventstream-codec@3.0.0#packages/eventstream-codec", + "purl": "pkg:npm/ajv@6.12.6", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-codec", + "url": "git+https://github.com/ajv-validator/ajv.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-codec", + "url": "https://github.com/ajv-validator/ajv", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/ajv-validator/ajv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.0.0.tgz", + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3d4b72100d0e8a4e7449a105099d163d5b45f6dcffb5ecded9f0e9b56e9645797e46b11e9c7f146c48ee74ecfc89a922325de513794256a61fd98fb39cbf1015" + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79275,7 +158747,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/eventstream-codec" + "value": "node_modules/@eslint/eslintrc/node_modules/ajv" }, { "name": "cdx:npm:package:development", @@ -79285,42 +158757,42 @@ }, { "type": "library", - "name": "eventstream-serde-config-resolver", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/eventstream-serde-config-resolver@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/eventstream-serde-config-resolver@3.0.0#packages/eventstream-serde-config-resolver", + "purl": "pkg:npm/json-schema-traverse@0.4.1", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-config-resolver", + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-config-resolver", + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.0.tgz", + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "454406def4372d7ee97aaa8701b99aca182b1796938a53e76b38a7692185d4fd3eb60337bef21158f1e694b233daa16a07d2ea148c5d8adc5cf0ed99ea9b2b47" + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79329,7 +158801,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/eventstream-serde-config-resolver" + "value": "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse" }, { "name": "cdx:npm:package:development", @@ -79339,42 +158811,42 @@ }, { "type": "library", - "name": "eventstream-serde-node", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/eventstream-serde-node@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/%40smithy/eventstream-serde-node@3.0.0#packages/eventstream-serde-node", + "purl": "pkg:npm/minimatch@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-node", + "url": "git://github.com/isaacs/minimatch.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-node", + "url": "https://github.com/isaacs/minimatch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/isaacs/minimatch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.0.tgz", + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6da44f74c0433011316572140283c69bf867b62c63b7f545a54ebe5660b2898258cd11d1c68688d4c37ee5713e8484bc009d860872cc14420e2f3abdc71d4481" + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79383,7 +158855,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/eventstream-serde-node" + "value": "node_modules/@eslint/eslintrc/node_modules/minimatch" }, { "name": "cdx:npm:package:development", @@ -79393,42 +158865,42 @@ }, { "type": "library", - "name": "hash-blob-browser", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/hash-blob-browser@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40smithy/hash-blob-browser@3.0.0#packages/hash-blob-browser", + "purl": "pkg:npm/brace-expansion@1.1.11", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-blob-browser", + "url": "git://github.com/juliangruber/brace-expansion.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-blob-browser", + "url": "https://github.com/juliangruber/brace-expansion", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/juliangruber/brace-expansion/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.0.0.tgz", + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fd66e9760f9bc09bd6ee5c51ff3a5601cd7fc7f62472a82eb85d9b033909aef5eb899bb5be6f2bf8f51d138b32895c1083b3cf476757a62dc22c16fda910da55" + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79437,7 +158909,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/hash-blob-browser" + "value": "node_modules/@eslint/eslintrc/node_modules/brace-expansion" }, { "name": "cdx:npm:package:development", @@ -79447,42 +158919,42 @@ }, { "type": "library", - "name": "chunked-blob-reader-native", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/chunked-blob-reader-native@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "normalize-package-data", + "version": "2.5.0", + "bom-ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40smithy/chunked-blob-reader-native@3.0.0#packages/chunked-blob-reader-native", + "purl": "pkg:npm/normalize-package-data@2.5.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader-native", + "url": "git://github.com/npm/normalize-package-data.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader-native", + "url": "https://github.com/npm/normalize-package-data#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/npm/normalize-package-data/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5439290985bea5e4ae338cc98a9e560dfaaf836328fdef32c4ebf7545d66d75cbb07c28a30a545b666560dedfa16f93cac6b96acf6471d767bad1eee339c96ca" + "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79491,7 +158963,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/chunked-blob-reader-native" + "value": "node_modules/read-pkg/node_modules/normalize-package-data" }, { "name": "cdx:npm:package:development", @@ -79501,42 +158973,42 @@ }, { "type": "library", - "name": "chunked-blob-reader", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/chunked-blob-reader@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "hosted-git-info", + "version": "2.8.9", + "bom-ref": "read-pkg@5.2.0|hosted-git-info@2.8.9", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/%40smithy/chunked-blob-reader@3.0.0#packages/chunked-blob-reader", + "purl": "pkg:npm/hosted-git-info@2.8.9", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader", + "url": "git+https://github.com/npm/hosted-git-info.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader", + "url": "https://github.com/npm/hosted-git-info", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/npm/hosted-git-info/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b1b9d4442c231748124e81a5b0188099dd654429929fbda7bbd6b17c9bb9948c7a4541201eee86c1331ba827614128b43ee99c9b9bc5c6c8bd5d65dbda64daa0" + "content": "9b120301bf4bb26e83a0e27bc47fb9f97e32d4b53fe078b9d0bf42e6c22cc0adc9cd42d2e1bc24d45be374182f611e1bcd3e2db944220b5e451367f91db2ef63" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79545,7 +159017,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/chunked-blob-reader" + "value": "node_modules/read-pkg/node_modules/hosted-git-info" }, { "name": "cdx:npm:package:development", @@ -79555,42 +159027,42 @@ }, { "type": "library", - "name": "hash-stream-node", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/hash-stream-node@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "semver", + "version": "5.7.2", + "bom-ref": "read-pkg@5.2.0|semver@5.7.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/%40smithy/hash-stream-node@3.0.0#packages/hash-stream-node", + "purl": "pkg:npm/semver@5.7.2", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-stream-node", + "url": "git+https://github.com/npm/node-semver.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-stream-node", + "url": "https://github.com/npm/node-semver#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/npm/node-semver/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.0.0.tgz", + "url": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2748bb75ef848170c41884c3e1fc7398c5fc0b208d1134c84579718cc88d52fbeeefa5e7dc6277d70411f39ca794f936c08d65aa892700525a0f57e234395b20" + "content": "701ce79d0f4a8c9a94ebb079d91302eb908c6ab2b6eb4d161676e471a8b05aadf1cbfe61685265b21827a63a2f31527e1df7f8f5df06127d1bf3b0b9a43435d2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79599,7 +159071,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/hash-stream-node" + "value": "node_modules/read-pkg/node_modules/semver" }, { "name": "cdx:npm:package:development", @@ -79609,42 +159081,40 @@ }, { "type": "library", - "name": "md5-js", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/md5-js@3.0.0", - "author": "AWS SDK for JavaScript Team", + "name": "type-fest", + "version": "0.6.0", + "bom-ref": "read-pkg@5.2.0|type-fest@0.6.0", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", "licenses": [ { - "license": { - "id": "Apache-2.0" - } + "expression": "(MIT OR CC0-1.0)" } ], - "purl": "pkg:npm/%40smithy/md5-js@3.0.0#packages/md5-js", + "purl": "pkg:npm/type-fest@0.6.0", "externalReferences": [ { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/md5-js", + "url": "git+https://github.com/sindresorhus/type-fest.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/md5-js", + "url": "https://github.com/sindresorhus/type-fest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/issues", + "url": "https://github.com/sindresorhus/type-fest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.0.tgz", + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4e6d2faeb5738e50fee910904f1ec3dcbb39f12dc5507d590ad53530887fa9099a3a8d47f6530dd9ab3a0a291c13081ab6d9c0f5251149da09276ef131c11f30" + "content": "abe301f27611d4a0cbae0af81b9c9e99fb69302eff40ba959dd06610476ace6363e5d70538ee0ea3caa5c1913750b4f7f998a6d45f0aab87019e290d86508c96" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79653,7 +159123,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/md5-js" + "value": "node_modules/read-pkg/node_modules/type-fest" }, { "name": "cdx:npm:package:development", @@ -79663,43 +159133,43 @@ }, { "type": "library", - "name": "confirm", - "group": "@inquirer", - "version": "3.1.9", - "bom-ref": "@inquirer/confirm@3.1.9", - "author": "Simon Boudrias", - "description": "Inquirer confirm prompt", + "name": "jsesc", + "version": "0.5.0", + "bom-ref": "regjsparser@0.10.0|jsesc@0.5.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.", "licenses": [ { "license": { - "id": "MIT" + "id": "MIT", + "url": "http://mths.be/mit" } } ], - "purl": "pkg:npm/%40inquirer/confirm@3.1.9", + "purl": "pkg:npm/jsesc@0.5.0", "externalReferences": [ { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "url": "git+https://github.com/mathiasbynens/jsesc.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/confirm/README.md", + "url": "http://mths.be/jsesc", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "url": "https://github.com/mathiasbynens/jsesc/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-3.1.9.tgz", + "url": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "505d3d69e8f10a2e17aa6e8dfe32408855c0ad77e2f5a979d8015a483fb6b881e78591ad77577a94819344c3e8b95489c5b1848be1e43964986a2118ffeb3353" + "content": "b99cf952707bbb84fd2efc2616a5e28bba594a8b9a44fa2b1ace70868d48a7b54ed30c5a9c5bc12fb1a433a7531e5817fa384102945eb5a5a99c369b39e4dc9c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79708,7 +159178,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/confirm" + "value": "node_modules/regjsparser/node_modules/jsesc" }, { "name": "cdx:npm:package:development", @@ -79718,43 +159188,42 @@ }, { "type": "library", - "name": "core", - "group": "@inquirer", - "version": "8.2.2", - "bom-ref": "@inquirer/core@8.2.2", - "author": "Simon Boudrias", - "description": "Core Inquirer prompt API", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40inquirer/core@8.2.2", + "purl": "pkg:npm/minimatch@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "url": "git://github.com/isaacs/minimatch.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/core/README.md", + "url": "https://github.com/isaacs/minimatch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "url": "https://github.com/isaacs/minimatch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@inquirer/core/-/core-8.2.2.tgz", + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2bc4ae357e398c41655f7101269bbd07e4b64c84b330f197648b89f4c13ddb84aa6dd5ba3ede9f2242af5e0ee638438a2785b1a50b318f45137dc2ff038df85b" + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -79763,240 +159232,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/core" + "value": "node_modules/@humanwhocodes/config-array/node_modules/minimatch" }, { "name": "cdx:npm:package:development", "value": "true" } - ], - "components": [ - { - "type": "library", - "name": "cli-width", - "version": "4.1.0", - "bom-ref": "@inquirer/core@8.2.2|cli-width@4.1.0", - "author": "Ilya Radchenko", - "description": "Get stdout window width, with two fallbacks, tty and then a default.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/cli-width@4.1.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/knownasilya/cli-width.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/knownasilya/cli-width", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/knownasilya/cli-width/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a2eb99778fdd9b64b0e469aacba6c6c8d34d7b5aadf51a66c6f78b48eeca720b139d4ed15dfb30fbf6ee9161a8d5a6e006230089cd3af2b72566c3b82169a6c5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/core/node_modules/cli-width" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "mute-stream", - "version": "1.0.0", - "bom-ref": "@inquirer/core@8.2.2|mute-stream@1.0.0", - "author": "GitHub Inc.", - "description": "Bytes go in, but they don't come out (when muted).", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/mute-stream@1.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/npm/mute-stream.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/mute-stream#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/mute-stream/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6afb09421c9dfbaf3480a5f21bfb107349d7682eab0643ce7f21d87056fdfa1764a90911f5b767909d003198647b4a1eb0fa883be985149f8874173b9acb7820" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/core/node_modules/mute-stream" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "signal-exit", - "version": "4.1.0", - "bom-ref": "@inquirer/core@8.2.2|signal-exit@4.1.0", - "author": "Ben Coe", - "description": "when you want to fire an event no matter how a process exits.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/signal-exit@4.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/tapjs/signal-exit.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/tapjs/signal-exit#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/tapjs/signal-exit/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/core/node_modules/signal-exit" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "wrap-ansi", - "version": "6.2.0", - "bom-ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", - "author": "Sindre Sorhus", - "description": "Wordwrap a string with ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/wrap-ansi@6.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/wrap-ansi.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/wrap-ansi#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/wrap-ansi/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "afa94f7011b1657948732984bbb227c43321756d0a0f1a4b82814b720b9ab3109a27f48e219c0835ab4af4a63fb5ff99ae5cb038a5345038f70135d405fc495c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/core/node_modules/wrap-ansi" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - } ] }, { "type": "library", - "name": "figures", - "group": "@inquirer", - "version": "1.0.3", - "bom-ref": "@inquirer/figures@1.0.3", - "author": "Simon Boudrias", - "description": "Vendored version of figures, for CJS compatibility", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", "licenses": [ { "license": { @@ -80004,30 +159254,30 @@ } } ], - "purl": "pkg:npm/%40inquirer/figures@1.0.3", + "purl": "pkg:npm/brace-expansion@1.1.11", "externalReferences": [ { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "url": "git://github.com/juliangruber/brace-expansion.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "url": "https://github.com/juliangruber/brace-expansion", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "url": "https://github.com/juliangruber/brace-expansion/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.3.tgz", + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "12b5d7cc434c1f9a49b79fecb175740df59466a972f271b37f451c055f714e73fe2b27df1369aacb120c06b67c8a341c9369d4d13426e34110079dd8adec961f" + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80036,7 +159286,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/figures" + "value": "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion" }, { "name": "cdx:npm:package:development", @@ -80046,12 +159296,11 @@ }, { "type": "library", - "name": "type", - "group": "@inquirer", - "version": "1.3.3", - "bom-ref": "@inquirer/type@1.3.3", - "author": "Simon Boudrias", - "description": "Inquirer core TS types", + "name": "debug", + "version": "2.6.9", + "bom-ref": "body-parser@1.20.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", "licenses": [ { "license": { @@ -80059,30 +159308,30 @@ } } ], - "purl": "pkg:npm/%40inquirer/type@1.3.3", + "purl": "pkg:npm/debug@2.6.9", "externalReferences": [ { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "url": "git://github.com/visionmedia/debug.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "url": "https://github.com/visionmedia/debug#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "url": "https://github.com/visionmedia/debug/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@inquirer/type/-/type-1.3.3.tgz", + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c5352dd0dba5ca55f6effcccc74e1961aaff92bd6b69a8854d5bd0e5f7a58d0b22020766d163e3e12ef7ff27b47dbb2587ed7942b22e0ef7c25d37a4ee9318e4" + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80091,21 +159340,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/type" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/body-parser/node_modules/debug" } ] }, { "type": "library", - "name": "mute-stream", - "group": "@types", - "version": "0.0.4", - "bom-ref": "@types/mute-stream@0.0.4", - "description": "TypeScript definitions for mute-stream", + "name": "ms", + "version": "2.0.0", + "bom-ref": "body-parser@1.20.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", "licenses": [ { "license": { @@ -80113,30 +159357,30 @@ } } ], - "purl": "pkg:npm/%40types/mute-stream@0.0.4#types/mute-stream", + "purl": "pkg:npm/ms@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mute-stream", + "url": "git+https://github.com/zeit/ms.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mute-stream", + "url": "https://github.com/zeit/ms#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/zeit/ms/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/mute-stream/-/mute-stream-0.0.4.tgz", + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "08f33d9f3ac23cf24740d03d91e1fd09591523e591e6431afbb5c4b398dc190d15a001a72efdb8db0f252158300047e6138a2e7c945a4dcf4f34b425d22a00a3" + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80145,21 +159389,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/mute-stream" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/body-parser/node_modules/ms" } ] }, { "type": "library", - "name": "wrap-ansi", - "group": "@types", - "version": "3.0.0", - "bom-ref": "@types/wrap-ansi@3.0.0", - "description": "TypeScript definitions for wrap-ansi", + "name": "debug", + "version": "2.6.9", + "bom-ref": "finalhandler@1.2.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", "licenses": [ { "license": { @@ -80167,30 +159407,30 @@ } } ], - "purl": "pkg:npm/%40types/wrap-ansi@3.0.0", + "purl": "pkg:npm/debug@2.6.9", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "url": "git://github.com/visionmedia/debug.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "url": "https://github.com/visionmedia/debug#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/visionmedia/debug/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz", + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "96d229c7e90cee0fcc2d165f91b2fb12c0848dfcc271270ba64837ede5c4b71e649ab00a0644c9c1dd462008c348bf304e933a1f39f960ee2949bf75044c2ed6" + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80199,22 +159439,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/wrap-ansi" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/finalhandler/node_modules/debug" } ] }, { "type": "library", - "name": "input", - "group": "@inquirer", - "version": "2.1.9", - "bom-ref": "@inquirer/input@2.1.9", - "author": "Simon Boudrias", - "description": "Inquirer input text prompt", + "name": "ms", + "version": "2.0.0", + "bom-ref": "finalhandler@1.2.0|ms@2.0.0", + "description": "Tiny milisecond conversion utility", "licenses": [ { "license": { @@ -80222,30 +159456,30 @@ } } ], - "purl": "pkg:npm/%40inquirer/input@2.1.9", + "purl": "pkg:npm/ms@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "url": "git+https://github.com/zeit/ms.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/input/README.md", + "url": "https://github.com/zeit/ms#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "url": "https://github.com/zeit/ms/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@inquirer/input/-/input-2.1.9.tgz", + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d714c21e621ee3cc7d086d7ef209401eb555747f907d887380151b832a15a69e4da2f9d78117234a7fd236e95ea717fd3a5f070eade0cf0dd908052bfa1d44ca" + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80254,22 +159488,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/input" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/finalhandler/node_modules/ms" } ] }, { "type": "library", - "name": "select", - "group": "@inquirer", - "version": "2.3.5", - "bom-ref": "@inquirer/select@2.3.5", - "author": "Simon Boudrias", - "description": "Inquirer select/list prompt", + "name": "debug", + "version": "2.6.9", + "bom-ref": "send@0.18.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", "licenses": [ { "license": { @@ -80277,30 +159506,30 @@ } } ], - "purl": "pkg:npm/%40inquirer/select@2.3.5", + "purl": "pkg:npm/debug@2.6.9", "externalReferences": [ { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "url": "git://github.com/visionmedia/debug.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/select/README.md", + "url": "https://github.com/visionmedia/debug#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "url": "https://github.com/visionmedia/debug/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@inquirer/select/-/select-2.3.5.tgz", + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "232063f2812d99d1761b1e052533ed1326b7ecc0fab342804cab07aa09a5b3494aec441b8584aaf46425705aba701b187bf720434160d9c0aa6183e2fddfdfc5" + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80309,53 +159538,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/select" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/send/node_modules/debug" } ] }, { "type": "library", - "name": "plugin-not-found", - "group": "@oclif", - "version": "3.2.1", - "bom-ref": "@oclif/plugin-not-found@3.2.1", - "author": "Salesforce", - "description": "\"did you mean\" for oclif", + "name": "which", + "version": "1.3.1", + "bom-ref": "global-prefix@1.0.2|which@1.3.1", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40oclif/plugin-not-found@3.2.1", + "purl": "pkg:npm/which@1.3.1", "externalReferences": [ { - "url": "git+https://github.com/oclif/plugin-not-found.git", + "url": "git://github.com/isaacs/node-which.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/plugin-not-found", + "url": "https://github.com/isaacs/node-which#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/plugin-not-found/issues", + "url": "https://github.com/isaacs/node-which/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/plugin-not-found/-/plugin-not-found-3.2.1.tgz", + "url": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "63617258b133893ae0750c1de0bb59718bf754e31e0e15b4a56ea16c4d2eddf25dc6cf1fdc92df38724f77c14fa2b56dda576c6a3e3371751603abcc40a78a6d" + "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80364,109 +159588,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-not-found" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ], - "components": [ - { - "type": "library", - "name": "core", - "group": "@oclif", - "version": "4.0.0-beta.15", - "bom-ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", - "author": "Salesforce", - "description": "base library for oclif CLIs", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40oclif/core@4.0.0-beta.15", - "externalReferences": [ - { - "url": "git+https://github.com/oclif/core.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/oclif/core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/oclif/core/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.15.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a66b5993c211e31a8fae5994a6365c83f7712363ad317a5911177dae63d41ac4bd7ad6bb80504a1545eac5f2f9132ff48cbf2c266b1b987b120039a5d27b4c3a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-not-found/node_modules/@oclif/core" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "value": "node_modules/global-prefix/node_modules/which" } ] }, { "type": "library", - "name": "fast-levenshtein", - "version": "3.0.0", - "bom-ref": "fast-levenshtein@3.0.0", - "author": "Ramesh Nair", - "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "name": "rxjs", + "version": "7.8.1", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/fast-levenshtein@3.0.0", + "purl": "pkg:npm/rxjs@7.8.1", "externalReferences": [ { - "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "url": "git+https://github.com/reactivex/rxjs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "url": "https://rxjs.dev", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "url": "https://github.com/ReactiveX/RxJS/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", + "url": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "84a28d6a39b8eae3664e58474b2664993a00739eae649c18abbcab722663a8ec6795f4301110d02661cf529ee6d66f70c7cbe039ef08682299e4abf69350dd09" + "content": "000dd3563fb40368ae2284245842bfb6a16306ada3fba3cee98d3325cbf32c016110520edc72f4be5b3d8562e77196c001b2b499aafba19e15d3bf48fea3ccc6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80475,21 +159638,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fast-levenshtein" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/inquirer-file-tree-selection-prompt/node_modules/rxjs" } ] }, { "type": "library", - "name": "fastest-levenshtein", - "version": "1.0.16", - "bom-ref": "fastest-levenshtein@1.0.16", - "author": "Kasper U. Weihe", - "description": "Fastest Levenshtein distance implementation in JS.", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "figures@3.2.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", "licenses": [ { "license": { @@ -80497,30 +159656,30 @@ } } ], - "purl": "pkg:npm/fastest-levenshtein@1.0.16", + "purl": "pkg:npm/escape-string-regexp@1.0.5", "externalReferences": [ { - "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz", + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7919c2b534ed199169402c2126250ebb13d05915d52980e7d1bd8f7877d72fafd98b9dd22c0cc01df5615562b602bc82fd61f4e6419fc611483ef4c5d125d0ce" + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80529,20 +159688,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fastest-levenshtein" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/figures/node_modules/escape-string-regexp" } ] }, { "type": "library", - "name": "async-retry", - "version": "1.3.3", - "bom-ref": "async-retry@1.3.3", - "description": "Retrying made simple, easy and async", + "name": "tmp", + "version": "0.0.33", + "bom-ref": "external-editor@3.1.0|tmp@0.0.33", + "author": "KARASZI István", + "description": "Temporary file and directory creator", "licenses": [ { "license": { @@ -80550,30 +159706,30 @@ } } ], - "purl": "pkg:npm/async-retry@1.3.3", + "purl": "pkg:npm/tmp@0.0.33", "externalReferences": [ { - "url": "git+https://github.com/vercel/async-retry.git", + "url": "git+https://github.com/raszi/node-tmp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/vercel/async-retry#readme", + "url": "http://github.com/raszi/node-tmp", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/vercel/async-retry/issues", + "url": "http://github.com/raszi/node-tmp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", + "url": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c1faff8ecb70f71362ff4b5e307ad15bb76ccf72ede4046160d6767b0a5a76785a229e666c02e13803fe10076c0bbb7867ac2ab0356ff7e5ba826d4393d984cb" + "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80582,52 +159738,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/async-retry" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/external-editor/node_modules/tmp" } ] }, { "type": "library", - "name": "retry", - "version": "0.13.1", - "bom-ref": "retry@0.13.1", - "author": "Tim Koschützki", - "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "rxjs@6.6.7|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", "licenses": [ { "license": { - "id": "MIT" + "id": "0BSD" } } ], - "purl": "pkg:npm/retry@0.13.1", + "purl": "pkg:npm/tslib@1.14.1", "externalReferences": [ { - "url": "git://github.com/tim-kos/node-retry.git", + "url": "git+https://github.com/Microsoft/tslib.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tim-kos/node-retry", + "url": "https://www.typescriptlang.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tim-kos/node-retry/issues", + "url": "https://github.com/Microsoft/TypeScript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5d0050dc8f16d4281ed127a1fba8238f4dcb6e64455aea2cce02bda280a9c1822b861a0ef34a5fab8714914e439249f07ce7c5b5e470959e7a3d838663215676" + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80636,21 +159788,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/retry" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/rxjs/node_modules/tslib" } ] }, { "type": "library", - "name": "change-case", - "version": "4.1.2", - "bom-ref": "change-case@4.1.2", - "author": "Blake Embrey", - "description": "Transform a string between `camelCase`, `PascalCase`, `Capital Case`, `snake_case`, `param-case`, `CONSTANT_CASE` and others", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@jest/core@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", "licenses": [ { "license": { @@ -80658,30 +159806,30 @@ } } ], - "purl": "pkg:npm/change-case@4.1.2", + "purl": "pkg:npm/ci-info@3.9.0", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/watson/ci-info.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "url": "https://github.com/watson/ci-info", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/watson/ci-info/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/change-case/-/change-case-4.1.2.tgz", + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6d2c58db0b3d3adbe220b1b51226392bb34dc64aa0fc99d19c5c4bb4a43de896af8a22318bb76332b49dd04093f400be96db429666302b0e77056a4e31b968ec" + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80690,21 +159838,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/change-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@jest/core/node_modules/ci-info" } ] }, { "type": "library", - "name": "camel-case", - "version": "4.1.2", - "bom-ref": "camel-case@4.1.2", - "author": "Blake Embrey", - "description": "Transform into a string with the separator denoted by the next word capitalized", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-config@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", "licenses": [ { "license": { @@ -80712,30 +159856,30 @@ } } ], - "purl": "pkg:npm/camel-case@4.1.2", + "purl": "pkg:npm/ci-info@3.9.0", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/watson/ci-info.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "url": "https://github.com/watson/ci-info", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/watson/ci-info/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "83119606b4d3d49b8cc7a47ea393d35cc9949e19d5ccb43d48dbad0f862a2ad23a6a9f3deedded28409895aea0096124a655e794dc9b124660f46106c4a14283" + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80744,21 +159888,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/camel-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/jest-config/node_modules/ci-info" } ] }, { "type": "library", - "name": "pascal-case", - "version": "3.1.2", - "bom-ref": "pascal-case@3.1.2", - "author": "Blake Embrey", - "description": "Transform into a string of capitalized words without separators", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "jest-validate@29.7.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", "licenses": [ { "license": { @@ -80766,30 +159906,30 @@ } } ], - "purl": "pkg:npm/pascal-case@3.1.2", + "purl": "pkg:npm/camelcase@6.3.0", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/sindresorhus/camelcase.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/pascal-case#readme", + "url": "https://github.com/sindresorhus/camelcase#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/sindresorhus/camelcase/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b969464f76129caf71dc140968e75c670ae757a84fa5df23147d7fb9ca622d13e1ff6cc2549292d7d1381af607bda09c0029f77e85d9d1c2c1f56af1d4a19ee6" + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80798,21 +159938,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pascal-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/jest-validate/node_modules/camelcase" } ] }, { "type": "library", - "name": "capital-case", - "version": "1.0.4", - "bom-ref": "capital-case@1.0.4", - "author": "Blake Embrey", - "description": "Transform into a space separated string with each word capitalized", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", "licenses": [ { "license": { @@ -80820,30 +159956,30 @@ } } ], - "purl": "pkg:npm/capital-case@1.0.4", + "purl": "pkg:npm/find-up@4.1.0", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/sindresorhus/find-up.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/capital-case#readme", + "url": "https://github.com/sindresorhus/find-up#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/sindresorhus/find-up/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/capital-case/-/capital-case-1.0.4.tgz", + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "76cdfb5bc0b2b478309e11864e2f3ca5c3f2475e6aa0d90ea58c2630c7e75aaa9680449aa4baaf0f1ea1b858d0e6fa964a7d99d3ad7bdd7340ecbb4c39e521d4" + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80852,21 +159988,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/capital-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/pkg-dir/node_modules/find-up" } ] }, { "type": "library", - "name": "no-case", - "version": "3.0.4", - "bom-ref": "no-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into a lower cased string with spaces between words", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", "licenses": [ { "license": { @@ -80874,30 +160006,30 @@ } } ], - "purl": "pkg:npm/no-case@3.0.4", + "purl": "pkg:npm/locate-path@5.0.0", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/sindresorhus/locate-path.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/no-case#readme", + "url": "https://github.com/sindresorhus/locate-path#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/sindresorhus/locate-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7e000dde318087e468c541991d348e2c922a51cdb09a8070191e2d6e93402a69a8bc5a16ab439d4646f456495d45e3b66b68814ff384ba51bd5d251cd74af7ce" + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80906,21 +160038,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/no-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/pkg-dir/node_modules/locate-path" } ] }, { "type": "library", - "name": "upper-case-first", - "version": "2.0.2", - "bom-ref": "upper-case-first@2.0.2", - "author": "Blake Embrey", - "description": "Transforms the string with the first character in upper cased", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", "licenses": [ { "license": { @@ -80928,30 +160056,30 @@ } } ], - "purl": "pkg:npm/upper-case-first@2.0.2", + "purl": "pkg:npm/p-locate@4.1.0", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/sindresorhus/p-locate.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case-first#readme", + "url": "https://github.com/sindresorhus/p-locate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/sindresorhus/p-locate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/upper-case-first/-/upper-case-first-2.0.2.tgz", + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e75e29a581c168ac1f2512bfa4d0ba73f3b17c66b4a1b4a7025d74eaef7b11dd08eb6e4d8a7f7a2808edb5917a64bdded572eda61c67aab3a2f625a09bebbe6e" + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -80960,21 +160088,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/upper-case-first" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/pkg-dir/node_modules/p-locate" } ] }, { "type": "library", - "name": "constant-case", - "version": "3.0.4", - "bom-ref": "constant-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into upper case string with an underscore between words", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", "licenses": [ { "license": { @@ -80982,30 +160106,30 @@ } } ], - "purl": "pkg:npm/constant-case@3.0.4", + "purl": "pkg:npm/p-limit@2.3.0", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/sindresorhus/p-limit.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/constant-case#readme", + "url": "https://github.com/sindresorhus/p-limit#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/sindresorhus/p-limit/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/constant-case/-/constant-case-3.0.4.tgz", + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "236852062ed5becec112e243af97431dfcdbfd1ba3dc5caf17287b28b8a5023350c3705efb182a5010365bab1c54470bd212f57703d1b48a843d55022a44acc9" + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81014,21 +160138,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/constant-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/pkg-dir/node_modules/p-limit" } ] }, { "type": "library", - "name": "upper-case", - "version": "2.0.2", - "bom-ref": "upper-case@2.0.2", - "author": "Blake Embrey", - "description": "Transforms the string to upper case", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "resolve-cwd@3.0.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", "licenses": [ { "license": { @@ -81036,30 +160156,30 @@ } } ], - "purl": "pkg:npm/upper-case@2.0.2", + "purl": "pkg:npm/resolve-from@5.0.0", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/sindresorhus/resolve-from.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case#readme", + "url": "https://github.com/sindresorhus/resolve-from#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/sindresorhus/resolve-from/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/upper-case/-/upper-case-2.0.2.tgz", + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2a07600c626dd93a6ec015088e01ba973c36196151096f5091f922bf40f1a871cb6091e6b6675420a71977cac78054a3a29553970ea08330a6d5bf0c150c2292" + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81068,21 +160188,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/upper-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/resolve-cwd/node_modules/resolve-from" } ] }, { "type": "library", - "name": "dot-case", - "version": "3.0.4", - "bom-ref": "dot-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into a lower case string with a period between words", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "json-colorizer@2.2.2|chalk@2.4.2", + "description": "Terminal string styling done right", "licenses": [ { "license": { @@ -81090,30 +160205,30 @@ } } ], - "purl": "pkg:npm/dot-case@3.0.4", + "purl": "pkg:npm/chalk@2.4.2", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/chalk/chalk.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/dot-case#readme", + "url": "https://github.com/chalk/chalk#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/chalk/chalk/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2afe672a587ac91addac6bf1789d9ee72d9e454a64528b085b8036012dfccf04b3dbbceeeee7c3c103e2e4986cdd702518d7ad9776e69c6850b0cb642899e3df" + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81122,21 +160237,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/dot-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/json-colorizer/node_modules/chalk" } ] }, { "type": "library", - "name": "header-case", - "version": "2.0.4", - "bom-ref": "header-case@2.0.4", - "author": "Blake Embrey", - "description": "Transform into a dash separated string of capitalized words", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", "licenses": [ { "license": { @@ -81144,30 +160255,30 @@ } } ], - "purl": "pkg:npm/header-case@2.0.4", + "purl": "pkg:npm/ansi-styles@3.2.1", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/chalk/ansi-styles.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/header-case#readme", + "url": "https://github.com/chalk/ansi-styles#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/chalk/ansi-styles/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/header-case/-/header-case-2.0.4.tgz", + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1ffbee9394c4115670ad1d25a76cde77d382a35b8020b325c742443200b6eabcf2249dcdd6fe979301c75c941d4767684a37063cce8e28f6282607f4a65275d5" + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81176,21 +160287,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/header-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/json-colorizer/node_modules/ansi-styles" } ] }, { "type": "library", - "name": "lower-case", - "version": "2.0.2", - "bom-ref": "lower-case@2.0.2", - "author": "Blake Embrey", - "description": "Transforms the string to lower case", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", "licenses": [ { "license": { @@ -81198,30 +160305,30 @@ } } ], - "purl": "pkg:npm/lower-case@2.0.2", + "purl": "pkg:npm/color-convert@1.9.3", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/Qix-/color-convert.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/lower-case#readme", + "url": "https://github.com/Qix-/color-convert#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/Qix-/color-convert/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "edf9b797734017d59f37a5b724e99fe5daf0a55a97efc26da0627703a5b46ba66795d338d70d9f5790f8f74a6c2854e931db3c4c9b1efde1cb145b0d1c78c782" + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81230,21 +160337,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lower-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/json-colorizer/node_modules/color-convert" } ] }, { "type": "library", - "name": "param-case", - "version": "3.0.4", - "bom-ref": "param-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into a lower cased string with dashes between words", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "json-colorizer@2.2.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", "licenses": [ { "license": { @@ -81252,30 +160355,30 @@ } } ], - "purl": "pkg:npm/param-case@3.0.4", + "purl": "pkg:npm/color-name@1.1.3", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+ssh://git@github.com/dfcreative/color-name.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/param-case#readme", + "url": "https://github.com/dfcreative/color-name", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/dfcreative/color-name/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "457963ef3098a2445ea96a4e3c7f68622bd4ccb619e6f00f21f1260933558a8b02efc17c1741fdcbb4fb806d8cdfdca682eb7117981c144b326504a987d069dc" + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81284,21 +160387,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/param-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/json-colorizer/node_modules/color-name" } ] }, { "type": "library", - "name": "path-case", - "version": "3.0.4", - "bom-ref": "path-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into a lower case string with slashes between words", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", "licenses": [ { "license": { @@ -81306,30 +160405,30 @@ } } ], - "purl": "pkg:npm/path-case@3.0.4", + "purl": "pkg:npm/escape-string-regexp@1.0.5", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/path-case#readme", + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/path-case/-/path-case-3.0.4.tgz", + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a8ee2a0858d7a954eb71b3edfe141f85343e56116ca8d28e3edcad80d2a42b14a8129dd73d443c39b16e78fca5388a24e608e7ebdaf2f178942f10b0a2ddd67e" + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81338,21 +160437,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/path-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/json-colorizer/node_modules/escape-string-regexp" } ] }, { "type": "library", - "name": "sentence-case", - "version": "3.0.4", - "bom-ref": "sentence-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into a lower case with spaces between words, then capitalize the string", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", "licenses": [ { "license": { @@ -81360,30 +160455,30 @@ } } ], - "purl": "pkg:npm/sentence-case@3.0.4", + "purl": "pkg:npm/supports-color@5.5.0", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/chalk/supports-color.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/sentence-case#readme", + "url": "https://github.com/chalk/supports-color#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/chalk/supports-color/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz", + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f0b4b42489da40c091a10ed8532b40a3fc54bb95b65e74315761c8ffab8ce94ec22134b546a3c496bdf457ab88ab230a33d949191545cb9ff80aecdc8b13584a" + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81392,21 +160487,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sentence-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/json-colorizer/node_modules/supports-color" } ] }, { "type": "library", - "name": "snake-case", - "version": "3.0.4", - "bom-ref": "snake-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into a lower case string with underscores between words", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "json-colorizer@2.2.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", "licenses": [ { "license": { @@ -81414,30 +160505,30 @@ } } ], - "purl": "pkg:npm/snake-case@3.0.4", + "purl": "pkg:npm/has-flag@3.0.0", "externalReferences": [ { - "url": "git://github.com/blakeembrey/change-case.git", + "url": "git+https://github.com/sindresorhus/has-flag.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/snake-case#readme", + "url": "https://github.com/sindresorhus/has-flag#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blakeembrey/change-case/issues", + "url": "https://github.com/sindresorhus/has-flag/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2c03a1e33f3d6c642f97da457cd17c575e3a8bba3bfc2a853dbab36203fec98cc3203792f4768d16d5c005a9915be010cc454e0dcbc4efd96327ef1af5849d32" + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81446,52 +160537,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/snake-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/json-colorizer/node_modules/has-flag" } ] }, { "type": "library", - "name": "find-yarn-workspace-root", - "version": "2.0.0", - "bom-ref": "find-yarn-workspace-root@2.0.0", - "author": "Square, Inc.", - "description": "Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com", + "name": "diff", + "version": "5.2.0", + "bom-ref": "markdown-diff@2.0.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/find-yarn-workspace-root@2.0.0", + "purl": "pkg:npm/diff@5.2.0", "externalReferences": [ { - "url": "git+https://github.com/square/find-yarn-workspace-root.git", + "url": "git://github.com/kpdecker/jsdiff.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/square/find-yarn-workspace-root#readme", + "url": "https://github.com/kpdecker/jsdiff#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/square/find-yarn-workspace-root/issues", + "url": "http://github.com/kpdecker/jsdiff/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d483276e3b782b3b107e7867ccd77cc141205d9e3823365a6669cb631ec3e45665687b76816db40ab8bc43e13fb79b488f8f9ea5306e6fed99c6efef3482f3a9" + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81500,52 +160586,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/find-yarn-workspace-root" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/markdown-diff/node_modules/diff" } ] }, { "type": "library", - "name": "github-slugger", - "version": "2.0.0", - "bom-ref": "github-slugger@2.0.0", - "author": "Dan Flettre", - "description": "Generate a slug just like GitHub does for markdown headings.", + "name": "diff", + "version": "5.0.0", + "bom-ref": "mocha@10.4.0|diff@5.0.0", + "description": "A javascript text diff implementation.", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/github-slugger@2.0.0", + "purl": "pkg:npm/diff@5.0.0", "externalReferences": [ { - "url": "git+https://github.com/Flet/github-slugger.git", + "url": "git://github.com/kpdecker/jsdiff.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Flet/github-slugger", + "url": "https://github.com/kpdecker/jsdiff#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Flet/github-slugger/issues", + "url": "http://github.com/kpdecker/jsdiff/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/github-slugger/-/github-slugger-2.0.0.tgz", + "url": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "21a390f69b98b63ae4abb63462097d283667adffda89425852955ff3dcbc9326b16d11bb6354ab5ff8daba6aeff35bdceb5fa488c7a6a6e8ec337630ef0e6a73" + "content": "fd54c2aef9b9674246b72fc158796387e0408b0dc82beda3f3b34632ef0dc1cfdfe3c5a80c00b7f79ba898ef590f5d7b64e05a1e6917d68c8bbe454cfda213df" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81554,7 +160635,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/github-slugger" + "value": "node_modules/mocha/node_modules/diff" }, { "name": "cdx:npm:package:development", @@ -81564,41 +160645,42 @@ }, { "type": "library", - "name": "got", - "version": "13.0.0", - "bom-ref": "got@13.0.0", - "description": "Human-friendly and powerful HTTP request library for Node.js", + "name": "glob", + "version": "8.1.0", + "bom-ref": "mocha@10.4.0|glob@8.1.0", + "author": "Isaac Z. Schlueter", + "description": "a little globber", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/got@13.0.0", + "purl": "pkg:npm/glob@8.1.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/got.git", + "url": "git://github.com/isaacs/node-glob.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/got#readme", + "url": "https://github.com/isaacs/node-glob#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/got/issues", + "url": "https://github.com/isaacs/node-glob/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", + "url": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5df064d42c4e39270370cafd3b5c8a90d690cb2f3ae4d6d8b3e17b76be07d0b64c5600a3d8b7b9f64e8fa9b347a0be53a1e684414621e9ceb231f55c73a489c4" + "content": "afc869123890118945d9053475fddd4be9f1c5222b797412d6a461309334439343751dfce82ee36fb1f0c2877c1608ae7b1fa4d0616381fb75f32bf19b95e809" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81607,7 +160689,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/got" + "value": "node_modules/mocha/node_modules/glob" }, { "name": "cdx:npm:package:development", @@ -81617,43 +160699,42 @@ }, { "type": "library", - "name": "is", - "group": "@sindresorhus", - "version": "5.6.0", - "bom-ref": "@sindresorhus/is@5.6.0", - "author": "Sindre Sorhus", - "description": "Type check values", + "name": "minimatch", + "version": "5.0.1", + "bom-ref": "mocha@10.4.0|minimatch@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40sindresorhus/is@5.6.0", + "purl": "pkg:npm/minimatch@5.0.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is.git", + "url": "git://github.com/isaacs/minimatch.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is#readme", + "url": "https://github.com/isaacs/minimatch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is/issues", + "url": "https://github.com/isaacs/minimatch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4d5eedf062986895ac9f4d2d143a81c3cf94aa6afc0347d1535b6f4d08726731afd2c24219140bdc918c237b9cb8aa375c865d50ff8bc7bfe0876b7795ec32ee" + "content": "9cb0f12054728436e5cf7a8cbaaf92a116440f8fa6889fc6fad743ae39249119e302c05ec5e1a98232c44346e5272eeb1e14766fddeb8506384afc96bbdbf4de" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81662,7 +160743,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@sindresorhus/is" + "value": "node_modules/mocha/node_modules/minimatch" }, { "name": "cdx:npm:package:development", @@ -81672,12 +160753,11 @@ }, { "type": "library", - "name": "http-timer", - "group": "@szmarczak", - "version": "5.0.1", - "bom-ref": "@szmarczak/http-timer@5.0.1", - "author": "Szymon Marczak", - "description": "Timings for HTTP requests", + "name": "log-symbols", + "version": "4.1.0", + "bom-ref": "mocha@10.4.0|log-symbols@4.1.0", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: `✔︎ Success`", "licenses": [ { "license": { @@ -81685,30 +160765,30 @@ } } ], - "purl": "pkg:npm/%40szmarczak/http-timer@5.0.1", + "purl": "pkg:npm/log-symbols@4.1.0", "externalReferences": [ { - "url": "git+https://github.com/szmarczak/http-timer.git", + "url": "git+https://github.com/sindresorhus/log-symbols.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/szmarczak/http-timer#readme", + "url": "https://github.com/sindresorhus/log-symbols#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/szmarczak/http-timer/issues", + "url": "https://github.com/sindresorhus/log-symbols/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f8f9905f43e20183cc79561edb7ecb24062f38c616d63dab1f96113b24b76f8093549ba6df81df46f2af033a331c0406d139c735d51f63d9c2794c9102cfff73" + "content": "f173efa4003cbb285fb5ebbca48bd0c69259ed2618769522bd9a46cbab05b01b8a458ffbad019abde75e07c68af99932ababa930554bffd016eaf398cdf4722e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81717,7 +160797,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@szmarczak/http-timer" + "value": "node_modules/mocha/node_modules/log-symbols" }, { "name": "cdx:npm:package:development", @@ -81727,11 +160807,10 @@ }, { "type": "library", - "name": "defer-to-connect", - "version": "2.0.1", - "bom-ref": "defer-to-connect@2.0.1", - "author": "Szymon Marczak", - "description": "The safe way to handle the `connect` socket event", + "name": "yargs", + "version": "16.2.0", + "bom-ref": "mocha@10.4.0|yargs@16.2.0", + "description": "yargs the modern, pirate-themed, successor to optimist.", "licenses": [ { "license": { @@ -81739,30 +160818,30 @@ } } ], - "purl": "pkg:npm/defer-to-connect@2.0.1", + "purl": "pkg:npm/yargs@16.2.0", "externalReferences": [ { - "url": "git+https://github.com/szmarczak/defer-to-connect.git", + "url": "git+https://github.com/yargs/yargs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/szmarczak/defer-to-connect#readme", + "url": "https://yargs.js.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/szmarczak/defer-to-connect/issues", + "url": "https://github.com/yargs/yargs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "url": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e2dbedb5ea571b555a606ad189b93913025dd6de2e76e9d239531d2d200bea621dd62c78dfca0fc0f64c00b638d450a28ee90ed4bd2dc0d706b1dcd2edd1e00e" + "content": "0f59afbed0c6d0be5fb7f8c65a42e91b5fa6d1e43139f681bd33442eb6968f6db049550c5b1654bd880961c2a1ea3186224245847e0864f4214784caa5cf2607" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81771,7 +160850,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/defer-to-connect" + "value": "node_modules/mocha/node_modules/yargs" }, { "name": "cdx:npm:package:development", @@ -81781,42 +160860,42 @@ }, { "type": "library", - "name": "cacheable-lookup", - "version": "7.0.0", - "bom-ref": "cacheable-lookup@7.0.0", - "author": "Szymon Marczak", - "description": "A cacheable dns.lookup(…) that respects TTL", + "name": "cliui", + "version": "7.0.4", + "bom-ref": "mocha@10.4.0|cliui@7.0.4", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/cacheable-lookup@7.0.0", + "purl": "pkg:npm/cliui@7.0.4", "externalReferences": [ { - "url": "git+https://github.com/szmarczak/cacheable-lookup.git", + "url": "git+https://github.com/yargs/cliui.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/szmarczak/cacheable-lookup#readme", + "url": "https://github.com/yargs/cliui#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/szmarczak/cacheable-lookup/issues", + "url": "https://github.com/yargs/cliui/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "url": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "faa272c78c622ab6bc999adcc218cc44c5210f9351d51f1eb0f933218c57f7a26279c168c405c5bb3fc6a51dfe7afe0f13559a9878a9efcc15d2f7263d0b69f3" + "content": "39c444ebc70eb15317a7562fa2797f7f39103b28cb4aeffc6e13c37d0b747b4fc46f6f374ca3f6d05b3632aa0fb2bf52c00e7de6b44203e40ccd873d9c13fe25" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81825,7 +160904,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cacheable-lookup" + "value": "node_modules/mocha/node_modules/cliui" }, { "name": "cdx:npm:package:development", @@ -81835,11 +160914,11 @@ }, { "type": "library", - "name": "cacheable-request", - "version": "10.2.14", - "bom-ref": "cacheable-request@10.2.14", - "author": "Jared Wray", - "description": "Wrap native HTTP requests with RFC compliant cache support", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "yargs-unparser@2.0.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", "licenses": [ { "license": { @@ -81847,30 +160926,30 @@ } } ], - "purl": "pkg:npm/cacheable-request@10.2.14", + "purl": "pkg:npm/camelcase@6.3.0", "externalReferences": [ { - "url": "git+https://github.com/jaredwray/cacheable.git", + "url": "git+https://github.com/sindresorhus/camelcase.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jaredwray/cacheable#readme", + "url": "https://github.com/sindresorhus/camelcase#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jaredwray/cacheable/issues", + "url": "https://github.com/sindresorhus/camelcase/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ce40d3e56005e21492a148327e0e6d148c73f1740afb6e56fd32d5a2325330a05ac5ebcb041b4bc60aa0b80b95401f0f556efd1558c7714f8627db556c367d99" + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81879,7 +160958,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cacheable-request" + "value": "node_modules/yargs-unparser/node_modules/camelcase" }, { "name": "cdx:npm:package:development", @@ -81889,11 +160968,12 @@ }, { "type": "library", - "name": "http-cache-semantics", - "group": "@types", - "version": "4.0.4", - "bom-ref": "@types/http-cache-semantics@4.0.4", - "description": "TypeScript definitions for http-cache-semantics", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "oclif@4.13.0|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", "licenses": [ { "license": { @@ -81901,30 +160981,30 @@ } } ], - "purl": "pkg:npm/%40types/http-cache-semantics@4.0.4#types/http-cache-semantics", + "purl": "pkg:npm/%40oclif/core@4.0.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-cache-semantics", + "url": "git+https://github.com/oclif/core.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-cache-semantics", + "url": "https://github.com/oclif/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/oclif/core/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d66d1b20555cede256caf7bd4b4467b9181c42a17f5dde50b1464065e405af5437fe9f495a841012a995cbe0cf4cda465f086021eb40a1817c252737deadbd40" + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81933,7 +161013,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/http-cache-semantics" + "value": "node_modules/oclif/node_modules/@oclif/core" }, { "name": "cdx:npm:package:development", @@ -81943,42 +161023,42 @@ }, { "type": "library", - "name": "http-cache-semantics", - "version": "4.1.1", - "bom-ref": "http-cache-semantics@4.1.1", - "author": "Kornel Lesiński", - "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "name": "debug", + "version": "4.3.5", + "bom-ref": "oclif@4.13.0|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/http-cache-semantics@4.1.1", + "purl": "pkg:npm/debug@4.3.5", "externalReferences": [ { - "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "url": "git://github.com/debug-js/debug.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kornelski/http-cache-semantics#readme", + "url": "https://github.com/debug-js/debug#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kornelski/http-cache-semantics/issues", + "url": "https://github.com/debug-js/debug/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7abdbde4328f56c57cda3e64c351a3b7e00303f5d81ec6a397cd9c18d406d9eca83e4be05215fe9c32327a5ce12166dbb173f7f441dc23a979b58b36158a985d" + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -81987,7 +161067,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/http-cache-semantics" + "value": "node_modules/oclif/node_modules/debug" }, { "name": "cdx:npm:package:development", @@ -81997,11 +161077,10 @@ }, { "type": "library", - "name": "mimic-response", - "version": "4.0.0", - "bom-ref": "mimic-response@4.0.0", - "author": "Sindre Sorhus", - "description": "Mimic a Node.js HTTP response stream", + "name": "ms", + "version": "2.1.2", + "bom-ref": "oclif@4.13.0|ms@2.1.2", + "description": "Tiny millisecond conversion utility", "licenses": [ { "license": { @@ -82009,30 +161088,30 @@ } } ], - "purl": "pkg:npm/mimic-response@4.0.0", + "purl": "pkg:npm/ms@2.1.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/mimic-response.git", + "url": "git+https://github.com/zeit/ms.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/mimic-response#readme", + "url": "https://github.com/zeit/ms#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/mimic-response/issues", + "url": "https://github.com/zeit/ms/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7b92121fdc4c614d03ceb4fe8e5f2adb37bd0fa79606da3e23c08da5ef9523e2b627f17f9373dd91d4ddcf8c2f1951f8353a68f8d4584d522e31010c31cb0baa" + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82041,7 +161120,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mimic-response" + "value": "node_modules/oclif/node_modules/ms" }, { "name": "cdx:npm:package:development", @@ -82051,11 +161130,11 @@ }, { "type": "library", - "name": "normalize-url", - "version": "8.0.1", - "bom-ref": "normalize-url@8.0.1", - "author": "Sindre Sorhus", - "description": "Normalize a URL", + "name": "fs-extra", + "version": "8.1.0", + "bom-ref": "oclif@4.13.0|fs-extra@8.1.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", "licenses": [ { "license": { @@ -82063,30 +161142,30 @@ } } ], - "purl": "pkg:npm/normalize-url@8.0.1", + "purl": "pkg:npm/fs-extra@8.1.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/normalize-url.git", + "url": "git+https://github.com/jprichardson/node-fs-extra.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/normalize-url#readme", + "url": "https://github.com/jprichardson/node-fs-extra", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/normalize-url/issues", + "url": "https://github.com/jprichardson/node-fs-extra/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "20ef50be350c5b13d0421b3ad283aed740919160a26734949336d718657da6f8989757d761cbe4cd0e6357dcfc63aba7f0046855197812d0babfa8cda9b689ff" + "content": "ca1950800ea69ce25428eb11505b2025d402be42a1733f2d9591b91c141f45e619cb8e8ec0b718f9989ad26b5d1ec3a8f72fe13fe0b130dd1353d431a0eb46e2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82095,7 +161174,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/normalize-url" + "value": "node_modules/oclif/node_modules/fs-extra" }, { "name": "cdx:npm:package:development", @@ -82105,11 +161184,11 @@ }, { "type": "library", - "name": "responselike", - "version": "3.0.0", - "bom-ref": "responselike@3.0.0", - "author": "Luke Childs", - "description": "A response-like object for mocking a Node.js HTTP response stream", + "name": "jsonfile", + "version": "4.0.0", + "bom-ref": "oclif@4.13.0|jsonfile@4.0.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", "licenses": [ { "license": { @@ -82117,30 +161196,30 @@ } } ], - "purl": "pkg:npm/responselike@3.0.0", + "purl": "pkg:npm/jsonfile@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/responselike.git", + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/responselike#readme", + "url": "https://github.com/jprichardson/node-jsonfile#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/responselike/issues", + "url": "https://github.com/jprichardson/node-jsonfile/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e34c87c5b35c976fabcd7bd9b9592b62885ab61b122653135caaf21b9cbcb9c887bf5fb10cb1d0a608c6eb82543bd9eb12ada318b1fa219f01719cb0df0af07a" + "content": "9ba175477cfc8e395fda29901d2d907b3e6c8ca590cdbbae86e27f14a605459bcf1373ee1dc48c559cdfb0b84654e91f776d286cbe5258405ec394a196ab8dc6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82149,7 +161228,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/responselike" + "value": "node_modules/oclif/node_modules/jsonfile" }, { "name": "cdx:npm:package:development", @@ -82159,11 +161238,11 @@ }, { "type": "library", - "name": "decompress-response", - "version": "6.0.0", - "bom-ref": "decompress-response@6.0.0", - "author": "Sindre Sorhus", - "description": "Decompress a HTTP response if needed", + "name": "universalify", + "version": "0.1.2", + "bom-ref": "oclif@4.13.0|universalify@0.1.2", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", "licenses": [ { "license": { @@ -82171,30 +161250,30 @@ } } ], - "purl": "pkg:npm/decompress-response@6.0.0", + "purl": "pkg:npm/universalify@0.1.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/decompress-response.git", + "url": "git+https://github.com/RyanZim/universalify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/decompress-response#readme", + "url": "https://github.com/RyanZim/universalify#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/decompress-response/issues", + "url": "https://github.com/RyanZim/universalify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "url": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "696df9c9933a05bff8a099599dc307d8b0a866d2574d1c444b5eef137868462a305369161da24a1644810e70d1f9c9bd27ef5085799113221fbf4a638bd7a309" + "content": "ac125e2390970259b2d6957eeb5ed607d27add4e9771acc71c5d9fd9d6c98b1e17ce9505d114b765b8f414620e080bdae4ffddfc604e61a002435c3ed1acd492" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82203,108 +161282,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/decompress-response" + "value": "node_modules/oclif/node_modules/universalify" }, { "name": "cdx:npm:package:development", "value": "true" } - ], - "components": [ - { - "type": "library", - "name": "mimic-response", - "version": "3.1.0", - "bom-ref": "decompress-response@6.0.0|mimic-response@3.1.0", - "author": "Sindre Sorhus", - "description": "Mimic a Node.js HTTP response stream", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/mimic-response@3.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/mimic-response.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/mimic-response#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/mimic-response/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "cf4c9623ee050ebaf0792f199ade048f91dd266932d79f8bd9ee96827dfe88ae5f5b36fa4f77e1345ab6f8c79345bd3ae1ce96af837fc2fd03cd04e33731cd19" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/decompress-response/node_modules/mimic-response" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - } ] }, { "type": "library", - "name": "form-data-encoder", - "version": "2.1.4", - "bom-ref": "form-data-encoder@2.1.4", - "author": "Nick K.", - "description": "Encode FormData content into the multipart/form-data format", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/form-data-encoder@2.1.4", + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.575.0#clients/client-sso-oidc", "externalReferences": [ { - "url": "git+https://github.com/octet-stream/form-data-encoder.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/octet-stream/form-data-encoder#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/octet-stream/form-data-encoder/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c8361280d32b6aabe7c621173b8862f3cf986716870ba40acdbe4df388910930de44eed900ba62aff95599ffee5d4867c14af63b81d4f2cfe7eb1fb23634241f" + "content": "602b2d55a5b9b40bd7b3ebf82d1f603403be55184839b8e4d7f92709d550e504114debed550b5d25678dac3658a38013a343871b2a860a3e59d3d4d632ff9ed5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82313,7 +161337,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/form-data-encoder" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso-oidc" }, { "name": "cdx:npm:package:development", @@ -82323,42 +161347,43 @@ }, { "type": "library", - "name": "http2-wrapper", - "version": "2.2.1", - "bom-ref": "http2-wrapper@2.2.1", - "author": "Szymon Marczak", - "description": "HTTP2 client, just with the familiar `https` API", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/http2-wrapper@2.2.1", + "purl": "pkg:npm/%40aws-sdk/client-sts@3.575.0#clients/client-sts", "externalReferences": [ { - "url": "git+https://github.com/szmarczak/http2-wrapper.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/szmarczak/http2-wrapper#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/szmarczak/http2-wrapper/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5799d5c353c03a07c8dcb99e6a3d84c667a0edf7a78e1454833d653d27b3cb50ae84f61b810b5b423e2365f10010c95a2febeea6cbe18ea0b28f3a1bd32c6c99" + "content": "f0cad3e09d9d462b247f42453062f954d06a3ef73a8a035adb5f0b1812731d798bb26d567c60869dc7bce11ed4d944abf283ce7a7bb45f34822ef310c996c659" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82367,7 +161392,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/http2-wrapper" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sts" }, { "name": "cdx:npm:package:development", @@ -82377,42 +161402,43 @@ }, { "type": "library", - "name": "resolve-alpn", - "version": "1.2.1", - "bom-ref": "resolve-alpn@1.2.1", - "author": "Szymon Marczak", - "description": "Detects the ALPN protocol", + "name": "core", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/resolve-alpn@1.2.1", + "purl": "pkg:npm/%40aws-sdk/core@3.575.0#packages/core", "externalReferences": [ { - "url": "git+https://github.com/szmarczak/resolve-alpn.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/szmarczak/resolve-alpn#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/szmarczak/resolve-alpn/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d1ad45e25ef7fd915939a9099d0dc5be4276fa0493416cffaf6284e4e7436344f13e6e61e0692a91659f338ed3ec7b1b9ceb5c255105e1ea42572eaeed0dcafa" + "content": "d75ed4fa44248b65e829c6107dea6695170dc67eab10b1a538538143c6762530571181db956da47b4ebb6b408b9b1170a7fcc25ae73b2068ddde29f7c78437ae" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82421,7 +161447,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/resolve-alpn" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/core" }, { "name": "cdx:npm:package:development", @@ -82431,42 +161457,43 @@ }, { "type": "library", - "name": "lowercase-keys", - "version": "3.0.0", - "bom-ref": "lowercase-keys@3.0.0", - "author": "Sindre Sorhus", - "description": "Lowercase the keys of an object", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/lowercase-keys@3.0.0", + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.575.0#packages/credential-provider-node", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/lowercase-keys.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/lowercase-keys#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/lowercase-keys/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a33082ea0750fa0957390b2f78a0f462c0f2f034901630d3cf8cf2cc41cd579f893f90fad8b99f0d9ea8d5cc9c171f68b86f78d0ce5d13c0bc0937b0763d9859" + "content": "ac474da6a5b68c47399306dffecf57432c0c2d094890c8ee08aea6c3db05d8e5511871959e1fba7a1ff5245c7c2a3f9e539d5cb627d0eca6877bc746728f0761" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82475,7 +161502,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lowercase-keys" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-node" }, { "name": "cdx:npm:package:development", @@ -82485,42 +161512,42 @@ }, { "type": "library", - "name": "p-cancelable", - "version": "3.0.0", - "bom-ref": "p-cancelable@3.0.0", - "author": "Sindre Sorhus", - "description": "Create a promise that can be canceled", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/p-cancelable@3.0.0", + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.575.0#packages/middleware-host-header", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/p-cancelable.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/p-cancelable#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/p-cancelable/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9a55604773c6bb3968d0c993764e1c5ea5d69704032e738d4c083ab26eb65e430912247137718bdd27df918beac289db90905cac8ed4befe5987dca3be7da253" + "content": "5765a82c1897342738ac8599b7a15470fe13374564d3603d3cf0815a44dfc8ea288aa7eaf96666663451069c25d7ee54b2f011b25aca585d15ce178c4573c92d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82529,7 +161556,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/p-cancelable" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-host-header" }, { "name": "cdx:npm:package:development", @@ -82539,42 +161566,42 @@ }, { "type": "library", - "name": "normalize-package-data", - "version": "6.0.1", - "bom-ref": "normalize-package-data@6.0.1", - "author": "GitHub Inc.", - "description": "Normalizes data that can be found in package.json files.", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/normalize-package-data@6.0.1", + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.575.0#packages/middleware-logger", "externalReferences": [ { - "url": "git+https://github.com/npm/normalize-package-data.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/normalize-package-data#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/normalize-package-data/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "eabbc27de456f8e1196a0001e2530b48db933586562d5b4a71c2bbf554937ffff24d8e5538281ca47f343be6d92bc35ea6cee95277791be425320d7257fda265" + "content": "ec310ac7d675d4c69ac9eec57e162d0bcae36ccfcf70570c3b637840401fca97205828fec3882c784d8e19d7c01fd3850e815ce98bcba79defd7abdb3e3cd04a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82583,7 +161610,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/normalize-package-data" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-logger" }, { "name": "cdx:npm:package:development", @@ -82593,10 +161620,11 @@ }, { "type": "library", - "name": "spdx-correct", - "version": "3.2.0", - "bom-ref": "spdx-correct@3.2.0", - "description": "correct invalid SPDX expressions", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { @@ -82604,30 +161632,30 @@ } } ], - "purl": "pkg:npm/spdx-correct@3.2.0", + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.575.0#packages/middleware-recursion-detection", "externalReferences": [ { - "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jslicense/spdx-correct.js#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jslicense/spdx-correct.js/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "90df5d25bbe7c921d42c896e0c7cb7d961d152edce83b07db1b63bb6c14b72d42422a9cc877844ad881d3234d8baa99c5d7fa52b94f596752ddc6ef336cc2664" + "content": "ae2f3d95d445a2ce8a64319a92758f4b65cf3bdaabfa067bfa63daa14f189123355b8b8aaad9d448e37273e3b7085189aea45eb861e146ad25d9295dd1b8f03b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82636,7 +161664,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/spdx-correct" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-recursion-detection" }, { "name": "cdx:npm:package:development", @@ -82646,42 +161674,42 @@ }, { "type": "library", - "name": "spdx-expression-parse", - "version": "3.0.1", - "bom-ref": "spdx-expression-parse@3.0.1", - "author": "Kyle E. Mitchell", - "description": "parse SPDX license expressions", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/spdx-expression-parse@3.0.1", + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.575.0#packages/middleware-user-agent", "externalReferences": [ { - "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1" + "content": "7d696be117eb50d4b64773e03fe5aca0c60e44082fff8ecba742747dbddd5ced58bdd73335675d45b152517d8c43133fcbd5c57d03cba4b83396e8682f70a37a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82690,7 +161718,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/spdx-expression-parse" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-user-agent" }, { "name": "cdx:npm:package:development", @@ -82698,44 +161726,44 @@ } ] }, - { - "type": "library", - "name": "spdx-license-ids", - "version": "3.0.17", - "bom-ref": "spdx-license-ids@3.0.17", - "author": "Shinnosuke Watanabe", - "description": "A list of SPDX license identifiers", + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "CC0-1.0" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/spdx-license-ids@3.0.17", + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.575.0#packages/region-config-resolver", "externalReferences": [ { - "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jslicense/spdx-license-ids#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jslicense/spdx-license-ids/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b21f0f59cfdfb4ca8001d16206ee85cba2543988ea0c9049bc88697c33321ebaf445ba7996266a7784e3b50fd181f2e328565bf8b331e61a66979a8e5b2d2abe" + "content": "b0124ac1358a096bbdcbc1735c88a3606c242abded0e43d733b072953a1ee96fad1a4a783a2ad5e225eb580f7345e3704d37a9a311ee7e87ea8c62bd06d708f2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82744,7 +161772,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/spdx-license-ids" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/region-config-resolver" }, { "name": "cdx:npm:package:development", @@ -82754,42 +161782,43 @@ }, { "type": "library", - "name": "spdx-exceptions", - "version": "2.5.0", - "bom-ref": "spdx-exceptions@2.5.0", - "author": "The Linux Foundation", - "description": "list of SPDX standard license exceptions", + "name": "types", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", "licenses": [ { "license": { - "id": "CC-BY-3.0" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/spdx-exceptions@2.5.0", + "purl": "pkg:npm/%40aws-sdk/types@3.575.0#packages/types", "externalReferences": [ { - "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3e2538dabfb13b851b512d5bba8dcb3c992394eef8df45e7e5254085da73cec3c7b236d855f9679c57404e069b9cbb9d7be0aabb6e69e8dfa0da5c3f3c5b1ae3" + "content": "5eb9e89501acd305f176036e762ad1d783a034e6ab1fb59489fdfcfb63dde289d91fe2fb5e820b7a6d04800d6d469805a70da914795908d6801c33520446a5ee" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82798,7 +161827,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/spdx-exceptions" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/types" }, { "name": "cdx:npm:package:development", @@ -82808,42 +161837,43 @@ }, { "type": "library", - "name": "sort-package-json", - "version": "2.10.0", - "bom-ref": "sort-package-json@2.10.0", - "author": "Keith Cirkel", - "description": "Sort an Object or package.json based on the well-known package.json keys", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/sort-package-json@2.10.0", + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.575.0#packages/util-endpoints", "externalReferences": [ { - "url": "git+ssh://git@github.com/keithamus/sort-package-json.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/keithamus/sort-package-json#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/keithamus/sort-package-json/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-2.10.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "31879c7ef39b3302638c9b2487161fb8e003917a7564c3270850bcca1a7ef470ec93b1e1477dfa85dede881b3dea54d77e2aa650d23e59009e08c441865db9d6" + "content": "c02e71f95eb0de446547a5fa5d520db003c3606f93cecdd6b61970f982ed8ee3ce0d435921002ab000476a1c677a417202fb1efb5f76f47c28f8268bf811d918" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -82852,270 +161882,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sort-package-json" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-endpoints" }, { "name": "cdx:npm:package:development", "value": "true" } - ], - "components": [ - { - "type": "library", - "name": "detect-newline", - "version": "4.0.1", - "bom-ref": "sort-package-json@2.10.0|detect-newline@4.0.1", - "author": "Sindre Sorhus", - "description": "Detect the dominant newline character of a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/detect-newline@4.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/detect-newline.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/detect-newline#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/detect-newline/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-4.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a84dd57a0d585f3187421940ea3cde6d9376a957fa357f80ee6eea9610861b7d1d262c6b0108583ac263b270632640929ae38fa42937d35e397ebf055746f3a2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/sort-package-json/node_modules/detect-newline" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "globby", - "version": "13.2.2", - "bom-ref": "sort-package-json@2.10.0|globby@13.2.2", - "author": "Sindre Sorhus", - "description": "User-friendly glob matching", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/globby@13.2.2", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/globby.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/globby#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/globby/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "635ccd195fa9cd0761ec7dfd97dce00783c9aa344dab276f7580831b81c55cce17baf49a41094473dd48535c802cbf205130e89a00407f3dd725d9944bea28d3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/sort-package-json/node_modules/globby" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "slash", - "version": "4.0.0", - "bom-ref": "sort-package-json@2.10.0|slash@4.0.0", - "author": "Sindre Sorhus", - "description": "Convert Windows backslash paths to slash paths", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/slash@4.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/slash.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/slash#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/slash/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ddd3ac0075d7524413a4e61ca00c4b228acc4e9e20210af9216de255bec0ee5148a74547867ca79bd8b3c7a4ecb1dac87152044809558ed9ced8af1b83e0a87b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/sort-package-json/node_modules/slash" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "is-plain-obj", - "version": "4.1.0", - "bom-ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0", - "author": "Sindre Sorhus", - "description": "Check if a value is a plain object", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-plain-obj@4.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/is-plain-obj.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/is-plain-obj#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/is-plain-obj/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f8f822faf32e50d909c84c62301b792251683322a7af9ce127852ca73e7c58e841179428219905c8d1c86c102d1f0cd502093946d9dd54db0344deb5fe6983aa" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/sort-package-json/node_modules/is-plain-obj" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - } ] }, { "type": "library", - "name": "detect-indent", - "version": "7.0.1", - "bom-ref": "detect-indent@7.0.1", - "author": "Sindre Sorhus", - "description": "Detect the indentation of code", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/detect-indent@7.0.1", + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.575.0#packages/util-user-agent-browser", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/detect-indent.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/detect-indent#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/detect-indent/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/detect-indent/-/detect-indent-7.0.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "31ced0850f2cf9c2eb9d47d4fc98bde2f1bfafc336ea6f1ffbebf2adeb38668a236910e9675792221fc4a732cdc255aebf3499dd46c316ca6316f4c35dee9efe" + "content": "8800e89d7c9a5e0c2f0b84f4a91b8358274a227cfcd865f67327b3abfa2a5652fc6cf63b1c3f23c1966bbae25dab9b646898b51216cee3e7f592c66a3a264abd" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83124,7 +161936,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/detect-indent" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-browser" }, { "name": "cdx:npm:package:development", @@ -83134,42 +161946,42 @@ }, { "type": "library", - "name": "get-stdin", - "version": "9.0.0", - "bom-ref": "get-stdin@9.0.0", - "author": "Sindre Sorhus", - "description": "Get stdin as a string or buffer", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/get-stdin@9.0.0", + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.575.0#packages/util-user-agent-node", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/get-stdin.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/get-stdin#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/get-stdin/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7552818df5a2b0b02271aac8d927fe26e044fc382157853334055ef7284426ecde44477726139313d7146894de49aefb7ec6d050ade970ea497cce7df9529968" + "content": "930cef05f0342e820b0ce152e8157cb8e924b011eb62e94fea43577a00797999c348d89ae436c1b17ab143f1e49cd1796b8dbd496430d9a690244810bd907554" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83178,7 +161990,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/get-stdin" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-node" }, { "name": "cdx:npm:package:development", @@ -83188,11 +162000,11 @@ }, { "type": "library", - "name": "git-hooks-list", - "version": "3.1.0", - "bom-ref": "git-hooks-list@3.1.0", - "author": "fisker Cheung", - "description": "List of Git hooks", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", "licenses": [ { "license": { @@ -83200,30 +162012,30 @@ } } ], - "purl": "pkg:npm/git-hooks-list@3.1.0", + "purl": "pkg:npm/fast-xml-parser@4.2.5", "externalReferences": [ { - "url": "git+https://github.com/fisker/git-hooks-list.git", + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/fisker/git-hooks-list#readme", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/fisker/git-hooks-list/issues", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-3.1.0.tgz", + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2c5f15787791eeffb001b5ea7e04654d25ffd41251f50d6f10c47c240cf570483a197d3bfb3ca3dec01d0ef6238ffc679487d5b86823e2a05e8b52b784a1fe3c" + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83232,7 +162044,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/git-hooks-list" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/fast-xml-parser" }, { "name": "cdx:npm:package:development", @@ -83242,42 +162054,43 @@ }, { "type": "library", - "name": "sort-object-keys", - "version": "1.1.3", - "bom-ref": "sort-object-keys@1.1.3", - "author": "Keith Cirkel", - "description": "Sort an object's keys, including an optional key list", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/sort-object-keys@1.1.3", + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.575.0#packages/credential-provider-env", "externalReferences": [ { - "url": "git+ssh://git@github.com/keithamus/sort-object-keys.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/keithamus/sort-object-keys#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/keithamus/sort-object-keys/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f39e69bcaf95914ecf68a60f73e2639e6b781337a3407ca1845df7ab7d6a1bcc7b99a0f391e1610004e174261acb5d422123bea803308ce04ff9f3d97b420fca" + "content": "613829ab7aef6015f35ba3930c1d34704efd7af42db2cfe5cf61a525782aa955c3d26ee2efb84603ccdbe3855ebcffd6c6d0da8925bb4928eebbc542046b20e2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83286,7 +162099,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sort-object-keys" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-env" }, { "name": "cdx:npm:package:development", @@ -83296,34 +162109,43 @@ }, { "type": "library", - "name": "tiny-jsonc", - "version": "1.0.1", - "bom-ref": "tiny-jsonc@1.0.1", - "description": "An absurdly small JSONC parser.", - "purl": "pkg:npm/tiny-jsonc@1.0.1", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.575.0#packages/credential-provider-http", "externalReferences": [ { - "url": "git+https://github.com/fabiospampinato/jsonc-simple-parser.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/fabiospampinato/jsonc-simple-parser#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/fabiospampinato/jsonc-simple-parser/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tiny-jsonc/-/tiny-jsonc-1.0.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8a4e810b1cef6bd0e88847c35ff962d0bd9c58a3cf10d62f8b1529ac5765dd83e2e1b6595210e7348f5852469caeffae206f74767c51e6636a6a80fa5210fa07" + "content": "c507d599823ef4aa91be1598f1fc84967a5c5540415208bf1e88e2de853a58bad48eb5fdf24f771deee0283412c877fbca430b5002585b0b15e008d0da3ea78c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83332,7 +162154,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tiny-jsonc" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-http" }, { "name": "cdx:npm:package:development", @@ -83342,42 +162164,43 @@ }, { "type": "library", - "name": "open", - "version": "10.1.0", - "bom-ref": "open@10.1.0", - "author": "Sindre Sorhus", - "description": "Open stuff like URLs, files, executables. Cross-platform.", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/open@10.1.0", + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.575.0#packages/credential-provider-ini", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/open.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/open#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/open/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/open/-/open-10.1.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9a791e435a8fe547b6c1df9a8af4c3dcd1ddfe567de8bbb48e07f4a7092d2cfb71e9c4d9887eedc9e191447b34cd7d2b6eb6a15cf9d79549db797c9a041b886b" + "content": "05d33a6bfe5552e3607b773ac91bb1bcefb8b2b2e849fa877e44067d40df8537532699639697e773d877cf6362d7e6ae78e1cf64c34558892d1c3717e7050606" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83386,100 +162209,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/open" - } - ], - "components": [ + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-ini" + }, { - "type": "library", - "name": "is-wsl", - "version": "3.1.0", - "bom-ref": "open@10.1.0|is-wsl@3.1.0", - "author": "Sindre Sorhus", - "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-wsl@3.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/is-wsl.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/is-wsl#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/is-wsl/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "51c55f55f68ae127389bb5f77544a81e8a3340604415e0c2fb3568d3ab7df317bc0b31d265905e90d5c7fadbb435a947a25709fd0006a92e3a1de7fb41704833" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/open/node_modules/is-wsl" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "default-browser", - "version": "5.2.1", - "bom-ref": "default-browser@5.2.1", - "author": "Sindre Sorhus", - "description": "Get the default browser", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/default-browser@5.2.1", + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.575.0#packages/credential-provider-process", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/default-browser.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/default-browser#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/default-browser/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "598ff74d4304d31dca3d875147110926f5d11d5e0fc8fa14b31b596bbf25c08b7045044785dd94f713ac71a4ff6137fcb825c8023789385055121ffb16d0fc5e" + "content": "dbfe4d255ecc672b0a825a89490fcef0e10b35cc0b707df192769b2fd35a82dcc1ed1341da9d405174745254decbdb120cb2f8a0298d6bffae9d8ba0956fc086" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83488,48 +162264,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/default-browser" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "bundle-name", - "version": "4.1.0", - "bom-ref": "bundle-name@4.1.0", - "author": "Sindre Sorhus", - "description": "Get bundle name from a bundle identifier (macOS): `com.apple.Safari` → `Safari`", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/bundle-name@4.1.0", + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.575.0#packages/credential-provider-sso", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/bundle-name.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/bundle-name#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/bundle-name/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b63c0ce5ec4c83a046448fa43664e7b4db2f7594b55fc045612ead9c9da1747d2457133afde559db1cbe16a4ad496bd89ad7c53032c8c6eae8ac7c0329f0f3e5" + "content": "36d5c0f4e3c82aca9abecd85ee184b4ffb766438f026cbd07af8f7d68bf536999335831cece585583a6d386eeba69b1632c93928a99f88bdaa5624099decd734" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83538,48 +162319,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/bundle-name" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "run-applescript", - "version": "7.0.0", - "bom-ref": "run-applescript@7.0.0", - "author": "Sindre Sorhus", - "description": "Run AppleScript and get the result", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/run-applescript@7.0.0", + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.575.0#packages/credential-provider-web-identity", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/run-applescript.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/run-applescript#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/run-applescript/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f5bcb8223f7d254aff3021415240ca2d62b71bd1d55e669b2b3f54e4c948008bafbb39223a271162cf1724bc57fb16a10fe98b8a20980ea17d74a020b7328fd4" + "content": "41cbd51fbc29be91515c600680205f41e885fe9b43d0d27e1eb73c74361f3c6845799d04a1540160da612e2db9c5eec967e5db6aa08aad444766daf87c010e27" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83588,48 +162374,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/run-applescript" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "default-browser-id", - "version": "5.0.0", - "bom-ref": "default-browser-id@5.0.0", - "author": "Sindre Sorhus", - "description": "Get the bundle identifier of the default browser (macOS). Example: com.apple.Safari", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/default-browser-id@5.0.0", + "purl": "pkg:npm/%40aws-sdk/client-sso@3.575.0#clients/client-sso", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/default-browser-id.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/default-browser-id#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/default-browser-id/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "03aa7fa6effa7f205c0354d1cff1aa5983d58a996b7ed716da0642f6aefd9e0342280791fd7de070475740797828d5d5fb7c20209d423e4250dc81ccea572cc8" + "content": "7a5156a40b64b43dd7072e3b7ad1bcd062972bd2e1dec3423172e3712b34352d1f751210252db32b10bca8adb651099d14aa57c6d84d0f914a93b7cd12aad1fa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83638,48 +162429,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/default-browser-id" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "define-lazy-prop", - "version": "3.0.0", - "bom-ref": "define-lazy-prop@3.0.0", - "author": "Sindre Sorhus", - "description": "Define a lazily evaluated property on an object", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/define-lazy-prop@3.0.0", + "purl": "pkg:npm/%40aws-sdk/token-providers@3.575.0#packages/token-providers", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/define-lazy-prop.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/define-lazy-prop#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/define-lazy-prop/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "37e31e5d8a2aaf7a4e827f317f244f44437b8076a42d88e1b07856193ddf58088be08900b74883c35e108a2126d9b137d1ce575f9ab416d000dc22b97fdfc152" + "content": "10f3433d0a109232aa9f80f6b7bd2a5736df76d95a032f4a05d1b9f2a0f5c8d595c6af1187f957770981f9a1363d26a1b727d58a465d091a19885cf10e1e4850" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83688,48 +162484,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/define-lazy-prop" + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "is-inside-container", - "version": "1.0.0", - "bom-ref": "is-inside-container@1.0.0", - "author": "Sindre Sorhus", - "description": "Check if the process is running inside a container (Docker/Podman)", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/is-inside-container@1.0.0", + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.583.0#clients/client-sso-oidc", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-inside-container.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/is-inside-container#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-inside-container/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.583.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "28860b08226085f1d9c6a8d8044eeb132d0e06e4dde710874bbb47560bc22e4c7b4ad2286b1c0d5b784200b80452315f79193e306fd0c66a7fbed113105ded44" + "content": "2cedf09ab1573e2da4344e3a943d570137d1aef74dc577780e54c5a2ea169abee5beaa1491c6e6b64576aff5c2859036cf41e20daba9842d5ef1bf2568955e4a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83738,99 +162539,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-inside-container" - } - ], - "components": [ + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso-oidc" + }, { - "type": "library", - "name": "is-docker", - "version": "3.0.0", - "bom-ref": "is-inside-container@1.0.0|is-docker@3.0.0", - "author": "Sindre Sorhus", - "description": "Check if the process is running inside a Docker container", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-docker@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/is-docker.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/is-docker#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/is-docker/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7a58dc8040e5127b3fec05c5a2c0792bfda708ce0fec540f90673f0d62f2e6b985116bd96b21ab8a4d5df7f4086399c9e1ff58b15bc1900ea42691e7f6b21275" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/is-inside-container/node_modules/is-docker" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "prompt-sync", - "version": "4.2.0", - "bom-ref": "prompt-sync@4.2.0", - "description": "a synchronous prompt for node.js", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/prompt-sync@4.2.0", + "purl": "pkg:npm/%40aws-sdk/client-sts@3.583.0#clients/client-sts", "externalReferences": [ { - "url": "git+https://github.com/heapwolf/prompt-sync.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/heapwolf/prompt-sync#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/heapwolf/prompt-sync/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/prompt-sync/-/prompt-sync-4.2.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.583.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "06e133cdce73a6d3f92ec815e4c6444e30da29259f72197953d2ee8aef122a9ee26560f9b596a53b1bcd719470bfe776a61345afcc656f198535c44a7c93b327" + "content": "c4333189e98f0d6afd758d90e00ca2c6446793f86f4ba7ece8e5b1b950b3d563b8ed885a01f3ac10602040c8032cb68e7e3fe82d4e43d78b9334110f1a1e2b04" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83839,150 +162594,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/prompt-sync" - } - ], - "components": [ - { - "type": "library", - "name": "strip-ansi", - "version": "5.2.0", - "bom-ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/strip-ansi@5.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/strip-ansi.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/strip-ansi#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/strip-ansi/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/prompt-sync/node_modules/strip-ansi" - } - ] + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sts" }, { - "type": "library", - "name": "ansi-regex", - "version": "4.1.1", - "bom-ref": "prompt-sync@4.2.0|ansi-regex@4.1.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-regex@4.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "20b96fe24ff77fabdf4383a83f6006be2ace92d950f7c6442f593d15a423c5adcbd5a6c181bb930c074f3a9bdb1a7702d014d542b97e38cf316462bab565edee" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/prompt-sync/node_modules/ansi-regex" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "lodash.truncate", - "version": "4.4.2", - "bom-ref": "lodash.truncate@4.4.2", - "author": "John-David Dalton", - "description": "The lodash method `_.truncate` exported as a module.", + "name": "core", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/lodash.truncate@4.4.2", + "purl": "pkg:npm/%40aws-sdk/core@3.582.0#packages/core", "externalReferences": [ { - "url": "git+https://github.com/lodash/lodash.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://lodash.com/", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lodash/lodash/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.582.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8edb6645eedb46c7b9d8eb1620c0cb697c56a91026b4851c70043781aaef882a898da7d739f34c3b4c8c7cda5d0facdb19a4d4d0fe4dcfb7bb8004fa70a98947" + "content": "a1f983f7a21073d83575bcaa942cb1bb97c21bb90897da75368379faf1815322dd6e63c25773dd83df6744760426ebf63201b1e405051833cc1dca9b2699d923" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -83991,48 +162649,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lodash.truncate" + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "tmp", - "version": "0.2.3", - "bom-ref": "tmp@0.2.3", - "author": "KARASZI István", - "description": "Temporary file and directory creator", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/tmp@0.2.3", + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.583.0#packages/credential-provider-node", "externalReferences": [ { - "url": "git+https://github.com/raszi/node-tmp.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "http://github.com/raszi/node-tmp", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/raszi/node-tmp/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.583.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9d90fb9bd8823c2e60d2962671ac688182a08127cbb1dc65f287f743fa086ea0aa2cb20ef48005d065a35f5cfd3594473e25eff167b1e320c2699b20130d18f3" + "content": "c81372a415e7cbbcc91fce52cf10e3f2cd666cb5eff5cfd56ead2a4774773ce8f689d67acb007faa52110b55f006ebf8f56be0f24035c0a5e4dcade3ae971523" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84041,7 +162704,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tmp" + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-node" }, { "name": "cdx:npm:package:development", @@ -84051,42 +162714,42 @@ }, { "type": "library", - "name": "ts-jest", - "version": "29.1.4", - "bom-ref": "ts-jest@29.1.4", - "author": "Kulshekhar Kabra", - "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/ts-jest@29.1.4", + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.583.0#packages/middleware-user-agent", "externalReferences": [ { - "url": "git+https://github.com/kulshekhar/ts-jest.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://kulshekhar.github.io/ts-jest", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kulshekhar/ts-jest/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.583.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6221f00e14af0a222da0082c2ada0b142b9a903cc3b09d432c39d2a2e4da4e674e70ec08912cdb2d776e690e8ce4345586e642fcd61a699fe6b476d632ffd2e9" + "content": "c553575d70d6bc1548fc0795b52740f5256e9aac6265a11293f269527f463249ad4ca7ed7abd02c1e6a9fb5890f63f1b4403b4bcd8662246dcbdd0754b859553" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84095,70 +162758,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ts-jest" - } - ], - "components": [ + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/middleware-user-agent" + }, { - "type": "library", - "name": "yargs-parser", - "version": "21.1.1", - "bom-ref": "ts-jest@29.1.4|yargs-parser@21.1.1", - "author": "Ben Coe", - "description": "the mighty option parser used by yargs", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/yargs-parser@21.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/yargs/yargs-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/yargs/yargs-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/yargs/yargs-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ts-jest/node_modules/yargs-parser" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "remapping", - "group": "@ampproject", - "version": "2.3.0", - "bom-ref": "@ampproject/remapping@2.3.0", - "author": "Justin Ridgewell", - "description": "Remap sequential sourcemaps through transformations to point at the original source code", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", "licenses": [ { "license": { @@ -84166,30 +162781,30 @@ } } ], - "purl": "pkg:npm/%40ampproject/remapping@2.3.0", + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.583.0#packages/util-endpoints", "externalReferences": [ { - "url": "git+https://github.com/ampproject/remapping.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/ampproject/remapping#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ampproject/remapping/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.583.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "df4899b403e0cfe2d3218a1e8afa98a3ce777f4da305849de6e1a71a9905574337c4eb7d68def77ab920600999538df1e157ea7272f15bd2a98374792c2e1863" + "content": "642f666f68eae811573d8b14b03dad99872796677ef4f18dc2714d9fc8e4e1a6e76b9263936c0392737cd726e4b66051e6db4df56f2e82692db8ab6f00c20309" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84198,17 +162813,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@ampproject/remapping" + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "js-tokens", - "version": "4.0.0", - "bom-ref": "js-tokens@4.0.0", - "author": "Simon Lydell", - "description": "A regex that tokenizes JavaScript.", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", "licenses": [ { "license": { @@ -84216,30 +162835,30 @@ } } ], - "purl": "pkg:npm/js-tokens@4.0.0", + "purl": "pkg:npm/fast-xml-parser@4.2.5", "externalReferences": [ { - "url": "git+https://github.com/lydell/js-tokens.git", + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/lydell/js-tokens#readme", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lydell/js-tokens/issues", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29" + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84248,49 +162867,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/js-tokens" + "value": "node_modules/@aws-sdk/client-s3/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "helper-compilation-targets", - "group": "@babel", - "version": "7.23.6", - "bom-ref": "@babel/helper-compilation-targets@7.23.6", - "author": "The Babel Team", - "description": "Helper functions on Babel compilation targets", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40babel/helper-compilation-targets@7.23.6#packages/babel-helper-compilation-targets", + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.582.0#packages/credential-provider-http", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-compilation-targets", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/babel/babel#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.582.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f49079e3c199a10566ceb160a7ca3b2b17609131a6eb1b3d0d6d28fcf8a6ef65038f3af939b510e99cd83ea03e83d3934b66c142872d2c9ae4cb444308059181" + "content": "9063942b0e6bc8f90321807af4f8cadd289c54b4db581d3aa2e14dd96d44bea509a644063c0506cd872898ab6dde625a0937ffd647e8687c0044097a28a48ff1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84299,100 +162922,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-compilation-targets" - } - ], - "components": [ + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-http" + }, { - "type": "library", - "name": "semver", - "version": "6.3.1", - "bom-ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/semver@6.3.1", - "externalReferences": [ - { - "url": "git+https://github.com/npm/node-semver.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/node-semver#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/node-semver/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-compilation-targets/node_modules/semver" - } - ] + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "compat-data", - "group": "@babel", - "version": "7.24.4", - "bom-ref": "@babel/compat-data@7.24.4", - "author": "The Babel Team", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40babel/compat-data@7.24.4#packages/babel-compat-data", + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.583.0#packages/credential-provider-ini", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-compat-data", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/babel/babel#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.4.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.583.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "be0f068a1d8c2cafa43a41c9a788011089326888b4d23816a2dd83f503a699f2c2f2320d48ece608bb5ae81bf3fc94810aa9de815d0bf348e1c64a25e4658d7d" + "content": "f08d2858d83fca9b3a72d8e111e2ffa89f4121affec573fb44f0d0a85299db306459b98b2cea0c59746f97cb8a5010faa827be0c699cbbdb247d55de5d27ac11" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84401,49 +162977,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/compat-data" + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "helper-validator-option", - "group": "@babel", - "version": "7.23.5", - "bom-ref": "@babel/helper-validator-option@7.23.5", - "author": "The Babel Team", - "description": "Validate plugin/preset options", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40babel/helper-validator-option@7.23.5#packages/babel-helper-validator-option", + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.583.0#packages/credential-provider-sso", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-option", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/babel/babel#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.583.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f39b6d00e30bb2be775605e44db931f2803a6137d3e2aeff1f35d22c46268dc49324f30f42dbead410fbf41c9ea79c4c5186c64731290ec8d47f7772a79e082b" + "content": "1bfd44bcbf6d05ecd2894fb4ead1b82bf90ebc57cf8e785e4f82525ea8cf33bfaf8cace0a768f1a7527d30c77af73b388d55a89fddf6ccc786823ac2a65ccc12" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84452,48 +163032,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-validator-option" + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "lru-cache", - "version": "5.1.1", - "bom-ref": "lru-cache@5.1.1", - "author": "Isaac Z. Schlueter", - "description": "A cache object that deletes the least-recently-used items.", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/lru-cache@5.1.1", + "purl": "pkg:npm/%40aws-sdk/client-sso@3.583.0#clients/client-sso", "externalReferences": [ { - "url": "git://github.com/isaacs/node-lru-cache.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/isaacs/node-lru-cache#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-lru-cache/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.583.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2a9340450037230bfe8d3034bad51555bae1f8996baf516fd1ee7a186cc014e5cdedd93f16f89a0d6f0b1e62b9d8395c1f858fda7ea023cbcdd5a7ac045828f7" + "content": "14d276326881b596708248f8f862d5af3ab0983e83f05069b6b15993b3e71a449feefd50f2dc58348ea063ddfc4518582789415b870d6e13ef5a80f1025f741f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84502,48 +163087,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lru-cache" + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "yallist", - "version": "3.1.1", - "bom-ref": "yallist@3.1.1", - "author": "Isaac Z. Schlueter", - "description": "Yet Another Linked List", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", "licenses": [ { "license": { - "id": "ISC" + "id": "0BSD" } } ], - "purl": "pkg:npm/yallist@3.1.1", + "purl": "pkg:npm/tslib@1.14.1", "externalReferences": [ { - "url": "git+https://github.com/isaacs/yallist.git", + "url": "git+https://github.com/Microsoft/tslib.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/yallist#readme", + "url": "https://www.typescriptlang.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/yallist/issues", + "url": "https://github.com/Microsoft/TypeScript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6b850641a58f1f9f663975189c01b67b09dc412e22e05e374efdc9a0033eb365430264bd36c2bc1a90cc2eb0873e4b054fb8772ba4cea14367da96fb4685f1e2" + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84552,18 +163141,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yallist" + "value": "node_modules/@aws-crypto/sha1-browser/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "helper-module-transforms", - "group": "@babel", - "version": "7.23.3", - "bom-ref": "@babel/helper-module-transforms@7.23.3", - "author": "The Babel Team", - "description": "Babel helper functions for implementing ES6 module transformations", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", "licenses": [ { "license": { @@ -84571,30 +163163,30 @@ } } ], - "purl": "pkg:npm/%40babel/helper-module-transforms@7.23.3#packages/babel-helper-module-transforms", + "purl": "pkg:npm/fast-xml-parser@4.2.5", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-transforms", + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-helper-module-transforms", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "edb06ce040fd3a6b3075f0f3a73e0ca56812ad5ec55e5737cc86a0bcb1634b91fe324ed29ebdb5bd0e90c2bb2808631f342e1ee0b40f76850b12de32933d1245" + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84603,49 +163195,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-module-transforms" + "value": "node_modules/@aws-sdk/core/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "helper-environment-visitor", - "group": "@babel", - "version": "7.22.20", - "bom-ref": "@babel/helper-environment-visitor@7.22.20", - "author": "The Babel Team", - "description": "Helper visitor to only visit nodes in the current 'this' context", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", "licenses": [ { "license": { - "id": "MIT" + "id": "0BSD" } } ], - "purl": "pkg:npm/%40babel/helper-environment-visitor@7.22.20#packages/babel-helper-environment-visitor", + "purl": "pkg:npm/tslib@1.14.1", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-environment-visitor", + "url": "git+https://github.com/Microsoft/tslib.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-helper-environment-visitor", + "url": "https://www.typescriptlang.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/Microsoft/TypeScript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cdf79d488cc585ab7f8058567c7b605af95e7349ea07d604215ae9bb08ebb8b9577d44a703c7090749a21cac2a0e743b777d9a2a8db1b7cf3fc59a6dc316df84" + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84654,49 +163249,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-environment-visitor" + "value": "node_modules/@aws-crypto/crc32/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "helper-module-imports", - "group": "@babel", - "version": "7.24.3", - "bom-ref": "@babel/helper-module-imports@7.24.3", - "author": "The Babel Team", - "description": "Babel helper functions for inserting module loads", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", "licenses": [ { "license": { - "id": "MIT" + "id": "0BSD" } } ], - "purl": "pkg:npm/%40babel/helper-module-imports@7.24.3#packages/babel-helper-module-imports", + "purl": "pkg:npm/tslib@1.14.1", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-imports", + "url": "git+https://github.com/Microsoft/tslib.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-helper-module-imports", + "url": "https://www.typescriptlang.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/Microsoft/TypeScript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz", + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "be229bd05f5fdacd01092db6412177d3ccfffb5616295ffbea6c2deb5341cd2e62ccccc33f076ad694ebcdff8b8b79e90565fd29d41b91e0add6348033b959aa" + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84705,49 +163303,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-module-imports" + "value": "node_modules/@aws-crypto/crc32c/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "helper-simple-access", - "group": "@babel", - "version": "7.22.5", - "bom-ref": "@babel/helper-simple-access@7.22.5", - "author": "The Babel Team", - "description": "Babel helper for ensuring that access to a given value is performed through simple accesses", + "name": "cli-width", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|cli-width@4.1.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40babel/helper-simple-access@7.22.5#packages/babel-helper-simple-access", + "purl": "pkg:npm/cli-width@4.1.0", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-simple-access", + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-helper-simple-access", + "url": "https://github.com/knownasilya/cli-width", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/knownasilya/cli-width/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", + "url": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9f41fdf44fcaf818a46b7fbe58d2f5ecf3afa38aca599ee5644a7543e7d2b556d48bc9f13d01013a54e608ec56ff426c4b9e9228a43ea2301eda91ca247377e7" + "content": "a2eb99778fdd9b64b0e469aacba6c6c8d34d7b5aadf51a66c6f78b48eeca720b139d4ed15dfb30fbf6ee9161a8d5a6e006230089cd3af2b72566c3b82169a6c5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84756,48 +163357,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-simple-access" + "value": "node_modules/@inquirer/core/node_modules/cli-width" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "helper-split-export-declaration", - "group": "@babel", - "version": "7.22.6", - "bom-ref": "@babel/helper-split-export-declaration@7.22.6", - "author": "The Babel Team", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "@inquirer/core@8.2.2|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.22.6#packages/babel-helper-split-export-declaration", + "purl": "pkg:npm/mute-stream@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-split-export-declaration", + "url": "git+https://github.com/npm/mute-stream.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-helper-split-export-declaration", + "url": "https://github.com/npm/mute-stream#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/npm/mute-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "02c527c6e2e1458b22b0589a270be9d5017e2372a30f914ec6eb75e2afc6ce8bd47baa2b1cb7ac5b60bb77be789119b9de1e60aabcfab0597ab31738055b44fe" + "content": "6afb09421c9dfbaf3480a5f21bfb107349d7682eab0643ce7f21d87056fdfa1764a90911f5b767909d003198647b4a1eb0fa883be985149f8874173b9acb7820" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84806,49 +163411,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-split-export-declaration" + "value": "node_modules/@inquirer/core/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "helpers", - "group": "@babel", - "version": "7.24.4", - "bom-ref": "@babel/helpers@7.24.4", - "author": "The Babel Team", - "description": "Collection of helper functions used by Babel transforms.", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40babel/helpers@7.24.4#packages/babel-helpers", + "purl": "pkg:npm/signal-exit@4.1.0", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helpers", + "url": "git+https://github.com/tapjs/signal-exit.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-helpers", + "url": "https://github.com/tapjs/signal-exit#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/tapjs/signal-exit/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "15ec1d9596d28b06951a5813d433c0343b821da0cc88ea3e0ff2036111588c73aebfaeb131227b7d0c30383c113403e400320eff3d44a05fe5d810969560010f" + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84857,18 +163465,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helpers" + "value": "node_modules/@inquirer/core/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "helper-function-name", - "group": "@babel", - "version": "7.23.0", - "bom-ref": "@babel/helper-function-name@7.23.0", - "author": "The Babel Team", - "description": "Helper function to change the property 'name' of every function", + "name": "wrap-ansi", + "version": "6.2.0", + "bom-ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", "licenses": [ { "license": { @@ -84876,30 +163487,30 @@ } } ], - "purl": "pkg:npm/%40babel/helper-function-name@7.23.0#packages/babel-helper-function-name", + "purl": "pkg:npm/wrap-ansi@6.2.0", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-function-name", + "url": "git+https://github.com/chalk/wrap-ansi.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-helper-function-name", + "url": "https://github.com/chalk/wrap-ansi#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/chalk/wrap-ansi/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "384ac4aacaf18d94c97226783a8f9ea19a9e5bd50888e72e60a449038640815f66c80fa93978619a97cd08a8c41ff6ae55f11854527acb54dce2bd1e200a6a8b" + "content": "afa94f7011b1657948732984bbb227c43321756d0a0f1a4b82814b720b9ab3109a27f48e219c0835ab4af4a63fb5ff99ae5cb038a5345038f70135d405fc495c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84908,18 +163519,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-function-name" + "value": "node_modules/@inquirer/core/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "helper-hoist-variables", - "group": "@babel", - "version": "7.22.5", - "bom-ref": "@babel/helper-hoist-variables@7.22.5", - "author": "The Babel Team", - "description": "Helper function to hoist variables", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.15", + "bom-ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "author": "Salesforce", + "description": "base library for oclif CLIs", "licenses": [ { "license": { @@ -84927,30 +163542,30 @@ } } ], - "purl": "pkg:npm/%40babel/helper-hoist-variables@7.22.5#packages/babel-helper-hoist-variables", + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.15", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-hoist-variables", + "url": "git+https://github.com/oclif/core.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-helper-hoist-variables", + "url": "https://github.com/oclif/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/oclif/core/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.15.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c068e4f50655cef92703ac8a2145116fccd8de0ad709c399b7effb59ccbc3b6b9cb7186996650f90e76582836199d55e7b673dd895db7f5c6932d54d6dfa3147" + "content": "a66b5993c211e31a8fae5994a6365c83f7712363ad317a5911177dae63d41ac4bd7ad6bb80504a1545eac5f2f9132ff48cbf2c266b1b987b120039a5d27b4c3a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -84959,18 +163574,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-hoist-variables" + "value": "node_modules/@oclif/plugin-not-found/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "helper-string-parser", - "group": "@babel", - "version": "7.24.1", - "bom-ref": "@babel/helper-string-parser@7.24.1", - "author": "The Babel Team", - "description": "A utility package to parse strings", + "name": "mimic-response", + "version": "3.1.0", + "bom-ref": "decompress-response@6.0.0|mimic-response@3.1.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", "licenses": [ { "license": { @@ -84978,30 +163596,30 @@ } } ], - "purl": "pkg:npm/%40babel/helper-string-parser@7.24.1#packages/babel-helper-string-parser", + "purl": "pkg:npm/mimic-response@3.1.0", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-string-parser", + "url": "git+https://github.com/sindresorhus/mimic-response.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-helper-string-parser", + "url": "https://github.com/sindresorhus/mimic-response#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/sindresorhus/mimic-response/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz", + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "da87d10a39e703dcbec24f1bf4801112ba1e50fd36287a78df53769a12a78b2db22880caa5bac7bfd797c26f1c05e59061c266cefe6a282bbae4fe3b78217b09" + "content": "cf4c9623ee050ebaf0792f199ade048f91dd266932d79f8bd9ee96827dfe88ae5f5b36fa4f77e1345ab6f8c79345bd3ae1ce96af837fc2fd03cd04e33731cd19" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -85010,17 +163628,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-string-parser" + "value": "node_modules/decompress-response/node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "to-fast-properties", - "version": "2.0.0", - "bom-ref": "to-fast-properties@2.0.0", + "name": "detect-newline", + "version": "4.0.1", + "bom-ref": "sort-package-json@2.10.0|detect-newline@4.0.1", "author": "Sindre Sorhus", - "description": "Force V8 to use fast properties for an object", + "description": "Detect the dominant newline character of a string", "licenses": [ { "license": { @@ -85028,30 +163650,30 @@ } } ], - "purl": "pkg:npm/to-fast-properties@2.0.0", + "purl": "pkg:npm/detect-newline@4.0.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/to-fast-properties.git", + "url": "git+https://github.com/sindresorhus/detect-newline.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/to-fast-properties#readme", + "url": "https://github.com/sindresorhus/detect-newline#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/to-fast-properties/issues", + "url": "https://github.com/sindresorhus/detect-newline/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-4.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fce68a2b4c58aecdc39b1458a8bff20dcf85c455156210e55cc8519afdf3f75e70d87175b67375a26077e788fc55418efe16d1cf20fa637b00eefec64bf71ea2" + "content": "a84dd57a0d585f3187421940ea3cde6d9376a957fa357f80ee6eea9610861b7d1d262c6b0108583ac263b270632640929ae38fa42937d35e397ebf055746f3a2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -85060,17 +163682,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/to-fast-properties" + "value": "node_modules/sort-package-json/node_modules/detect-newline" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "gensync", - "version": "1.0.0-beta.2", - "bom-ref": "gensync@1.0.0-beta.2", - "author": "Logan Smyth", - "description": "Allows users to use generators in order to write common functions that can be both sync or async.", + "name": "globby", + "version": "13.2.2", + "bom-ref": "sort-package-json@2.10.0|globby@13.2.2", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", "licenses": [ { "license": { @@ -85078,30 +163704,30 @@ } } ], - "purl": "pkg:npm/gensync@1.0.0-beta.2", + "purl": "pkg:npm/globby@13.2.2", "externalReferences": [ { - "url": "git+https://github.com/loganfsmyth/gensync.git", + "url": "git+https://github.com/sindresorhus/globby.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/loganfsmyth/gensync", + "url": "https://github.com/sindresorhus/globby#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/loganfsmyth/gensync/issues", + "url": "https://github.com/sindresorhus/globby/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "url": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "de137b35ab2462f3032d0639e609d6dcd43e99eb0401ea53aa583e5446e3ef3cea10c055361cdc19861ea85a3f4e5633e9e42215ca751dcb0264efa71a04bcce" + "content": "635ccd195fa9cd0761ec7dfd97dce00783c9aa344dab276f7580831b81c55cce17baf49a41094473dd48535c802cbf205130e89a00407f3dd725d9944bea28d3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -85110,18 +163736,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/gensync" + "value": "node_modules/sort-package-json/node_modules/globby" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "resolve-uri", - "group": "@jridgewell", - "version": "3.1.2", - "bom-ref": "@jridgewell/resolve-uri@3.1.2", - "author": "Justin Ridgewell", - "description": "Resolve a URI relative to an optional base URI", + "name": "slash", + "version": "4.0.0", + "bom-ref": "sort-package-json@2.10.0|slash@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", "licenses": [ { "license": { @@ -85129,30 +163758,30 @@ } } ], - "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "purl": "pkg:npm/slash@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/jridgewell/resolve-uri.git", + "url": "git+https://github.com/sindresorhus/slash.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jridgewell/resolve-uri#readme", + "url": "https://github.com/sindresorhus/slash#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jridgewell/resolve-uri/issues", + "url": "https://github.com/sindresorhus/slash/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "url": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6d12128022233f6d3fb5b5923d63048b9e1054f45913192e0fd9492fe508c542adc15240f305b54eb6f58ccb354455e8d42053359ff98690bd42f98a59da292b" + "content": "ddd3ac0075d7524413a4e61ca00c4b228acc4e9e20210af9216de255bec0ee5148a74547867ca79bd8b3c7a4ecb1dac87152044809558ed9ced8af1b83e0a87b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -85161,48 +163790,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jridgewell/resolve-uri" + "value": "node_modules/sort-package-json/node_modules/slash" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "load-nyc-config", - "group": "@istanbuljs", - "version": "1.1.0", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0", - "description": "Utility function to load nyc configuration", + "name": "is-plain-obj", + "version": "4.1.0", + "bom-ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", + "purl": "pkg:npm/is-plain-obj@4.1.0", "externalReferences": [ { - "url": "git+https://github.com/istanbuljs/load-nyc-config.git", + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/istanbuljs/load-nyc-config#readme", + "url": "https://github.com/sindresorhus/is-plain-obj#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/load-nyc-config/issues", + "url": "https://github.com/sindresorhus/is-plain-obj/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5637874a5233a6ffcdc83dcdd18b877d738f0c88b1700d6ad9957df30b0ca9c6253e6bf69f761bda560ff5730496768555783903b60b4de2eee95f38b900e399" + "content": "f8f822faf32e50d909c84c62301b792251683322a7af9ce127852ca73e7c58e841179428219905c8d1c86c102d1f0cd502093946d9dd54db0344deb5fe6983aa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -85211,418 +163844,71 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config" - } - ], - "components": [ - { - "type": "library", - "name": "find-up", - "version": "4.1.0", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", - "author": "Sindre Sorhus", - "description": "Find a file or directory by walking up parent directories", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/find-up@4.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/find-up.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/find-up#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/find-up/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up" - } - ] - }, - { - "type": "library", - "name": "locate-path", - "version": "5.0.0", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", - "author": "Sindre Sorhus", - "description": "Get the first path that exists on disk of multiple paths", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/locate-path@5.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/locate-path.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/locate-path#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/locate-path/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path" - } - ] + "value": "node_modules/sort-package-json/node_modules/is-plain-obj" }, { - "type": "library", - "name": "p-locate", - "version": "4.1.0", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", - "author": "Sindre Sorhus", - "description": "Get the first fulfilled promise that satisfies the provided testing function", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/p-locate@4.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/p-locate.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/p-locate#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/p-locate/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate" - } - ] - }, + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "3.1.0", + "bom-ref": "open@10.1.0|is-wsl@3.1.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ { - "type": "library", - "name": "p-limit", - "version": "2.3.0", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", - "author": "Sindre Sorhus", - "description": "Run multiple promise-returning & async functions with limited concurrency", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/p-limit@2.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/p-limit.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/p-limit#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/p-limit/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit" - } - ] - }, + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@3.1.0", + "externalReferences": [ { - "type": "library", - "name": "js-yaml", - "version": "3.14.1", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", - "author": "Vladimir Zapparov", - "description": "YAML 1.2 parser and serializer", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/js-yaml@3.14.1", - "externalReferences": [ - { - "url": "git+https://github.com/nodeca/js-yaml.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/nodeca/js-yaml", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/nodeca/js-yaml/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml" - } - ] + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "argparse", - "version": "1.0.10", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", - "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/argparse@1.0.10", - "externalReferences": [ - { - "url": "git+https://github.com/nodeca/argparse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/nodeca/argparse#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/nodeca/argparse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse" - } - ] + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "sprintf-js", - "version": "1.0.3", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3", - "author": "Alexandru Marasteanu", - "description": "JavaScript sprintf implementation", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/sprintf-js@1.0.3", - "externalReferences": [ - { - "url": "git+https://github.com/alexei/sprintf.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/alexei/sprintf.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/alexei/sprintf.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/sprintf-js" - } - ] + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "resolve-from", - "version": "5.0.0", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0", - "author": "Sindre Sorhus", - "description": "Resolve the path of a module like `require.resolve()` but from a given path", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/resolve-from@5.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/resolve-from.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/resolve-from#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/resolve-from/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", + "type": "distribution", + "hashes": [ { - "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from" + "alg": "SHA-512", + "content": "51c55f55f68ae127389bb5f77544a81e8a3340604415e0c2fb3568d3ab7df317bc0b31d265905e90d5c7fadbb435a947a25709fd0006a92e3a1de7fb41704833" } - ] + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open/node_modules/is-wsl" } ] }, { "type": "library", - "name": "camelcase", - "version": "5.3.1", - "bom-ref": "camelcase@5.3.1", + "name": "is-docker", + "version": "3.0.0", + "bom-ref": "is-inside-container@1.0.0|is-docker@3.0.0", "author": "Sindre Sorhus", - "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "description": "Check if the process is running inside a Docker container", "licenses": [ { "license": { @@ -85630,30 +163916,30 @@ } } ], - "purl": "pkg:npm/camelcase@5.3.1", + "purl": "pkg:npm/is-docker@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/camelcase.git", + "url": "git+https://github.com/sindresorhus/is-docker.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/camelcase#readme", + "url": "https://github.com/sindresorhus/is-docker#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/camelcase/issues", + "url": "https://github.com/sindresorhus/is-docker/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "url": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026" + "content": "7a58dc8040e5127b3fec05c5a2c0792bfda708ce0fec540f90673f0d62f2e6b985116bd96b21ab8a4d5df7f4086399c9e1ff58b15bc1900ea42691e7f6b21275" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -85662,48 +163948,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/camelcase" + "value": "node_modules/is-inside-container/node_modules/is-docker" } ] }, { "type": "library", - "name": "test-exclude", - "version": "6.0.0", - "bom-ref": "test-exclude@6.0.0", - "author": "Ben Coe", - "description": "test for inclusion or exclusion of paths using globs", + "name": "strip-ansi", + "version": "5.2.0", + "bom-ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/test-exclude@6.0.0", + "purl": "pkg:npm/strip-ansi@5.2.0", "externalReferences": [ { - "url": "git+https://github.com/istanbuljs/test-exclude.git", + "url": "git+https://github.com/chalk/strip-ansi.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://istanbul.js.org/", + "url": "https://github.com/chalk/strip-ansi#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/test-exclude/issues", + "url": "https://github.com/chalk/strip-ansi/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7001963c8c8e1d4eb396683cf23c26ed54725e730dee257af0e1806d80e4fcc87fc42fe9cd53e542d63a9e0a081ffe7fb5c8ae8467ef11253c1ab1eb7310f9eb" + "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -85712,150 +163998,98 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/test-exclude" + "value": "node_modules/prompt-sync/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "4.1.1", + "bom-ref": "prompt-sync@4.2.0|ansi-regex@4.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/ansi-regex@4.1.1", + "externalReferences": [ { - "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "test-exclude@6.0.0|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minimatch@3.1.2", - "externalReferences": [ - { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/test-exclude/node_modules/minimatch" - } - ] + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "test-exclude@6.0.0|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/brace-expansion@1.1.11", - "externalReferences": [ - { - "url": "git://github.com/juliangruber/brace-expansion.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "20b96fe24ff77fabdf4383a83f6006be2ace92d950f7c6442f593d15a423c5adcbd5a6c181bb930c074f3a9bdb1a7702d014d542b97e38cf316462bab565edee" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/test-exclude/node_modules/brace-expansion" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/ansi-regex" } ] }, { "type": "library", - "name": "babel__generator", - "group": "@types", - "version": "7.6.8", - "bom-ref": "@types/babel__generator@7.6.8", - "description": "TypeScript definitions for @babel/generator", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "ts-jest@29.1.4|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40types/babel__generator@7.6.8#types/babel__generator", + "purl": "pkg:npm/yargs-parser@21.1.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__generator", + "url": "git+https://github.com/yargs/yargs-parser.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__generator", + "url": "https://github.com/yargs/yargs-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/yargs/yargs-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "012b23fada440ec12216bd5aad6ae537a57799d7e344c66de8bb4afd5a7f92b7852e7af9407e7e0e1bc3e6720d6195f3c09bd7786abed398945dc03356ba96b7" + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -85864,48 +164098,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/babel__generator" + "value": "node_modules/ts-jest/node_modules/yargs-parser" } ] }, { "type": "library", - "name": "babel__template", - "group": "@types", - "version": "7.4.4", - "bom-ref": "@types/babel__template@7.4.4", - "description": "TypeScript definitions for @babel/template", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40types/babel__template@7.4.4#types/babel__template", + "purl": "pkg:npm/semver@6.3.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__template", + "url": "git+https://github.com/npm/node-semver.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__template", + "url": "https://github.com/npm/node-semver#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/npm/node-semver/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "87f354692c86e44cb1048a7c611c68e1131edbfa9082fca8c11c1533385884108e35b5bc3d4b20e2590532b86066151ee73dcbdcc88b0eebf227f09a3dad80f0" + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -85914,15 +164148,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/babel__template" + "value": "node_modules/@babel/helper-compilation-targets/node_modules/semver" } ] }, { "type": "library", - "name": "babel-preset-jest", - "version": "29.6.3", - "bom-ref": "babel-preset-jest@29.6.3", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", "licenses": [ { "license": { @@ -85930,30 +164166,30 @@ } } ], - "purl": "pkg:npm/babel-preset-jest@29.6.3#packages/babel-preset-jest", + "purl": "pkg:npm/find-up@4.1.0", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/babel-preset-jest", + "url": "git+https://github.com/sindresorhus/find-up.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/sindresorhus/find-up#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/sindresorhus/find-up/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d01ddb87147ab27597259b51fd19621d30cf4609f5b0d1ce474c95b6afc8890172b8e563152fb0ba2a3f478812364c9898a989078c0666fd8d65a9e62a64e734" + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -85962,15 +164198,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/babel-preset-jest" + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up" } ] }, { "type": "library", - "name": "babel-plugin-jest-hoist", - "version": "29.6.3", - "bom-ref": "babel-plugin-jest-hoist@29.6.3", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", "licenses": [ { "license": { @@ -85978,30 +164216,30 @@ } } ], - "purl": "pkg:npm/babel-plugin-jest-hoist@29.6.3#packages/babel-plugin-jest-hoist", + "purl": "pkg:npm/locate-path@5.0.0", "externalReferences": [ { - "url": "git+https://github.com/jestjs/jest.git#packages/babel-plugin-jest-hoist", + "url": "git+https://github.com/sindresorhus/locate-path.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jestjs/jest#readme", + "url": "https://github.com/sindresorhus/locate-path#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jestjs/jest/issues", + "url": "https://github.com/sindresorhus/locate-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "11201cfd126f193144cd1c0e4d3e3e94d0e4fc634732429b373b2f4f4a8a45f0f2c984ec931079ae75369e3203615c570811c7108d5cd18c07a1bdd6698ba33a" + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -86010,17 +164248,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/babel-plugin-jest-hoist" + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path" } ] }, { "type": "library", - "name": "ts-mocha", - "version": "10.0.0", - "bom-ref": "ts-mocha@10.0.0", - "author": "Piotr Witek", - "description": "Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", "licenses": [ { "license": { @@ -86028,30 +164266,30 @@ } } ], - "purl": "pkg:npm/ts-mocha@10.0.0", + "purl": "pkg:npm/p-locate@4.1.0", "externalReferences": [ { - "url": "git+https://github.com/piotrwitek/ts-mocha.git", + "url": "git+https://github.com/sindresorhus/p-locate.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/piotrwitek/ts-mocha#readme", + "url": "https://github.com/sindresorhus/p-locate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/piotrwitek/ts-mocha/issues", + "url": "https://github.com/sindresorhus/p-locate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ts-mocha/-/ts-mocha-10.0.0.tgz", + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5517e00cefa28ae24594d075f2dcce7f2a49db5c67db16ee6720ef26faa94db5a0900803d7b38d1abf2df9397cadc06d3817635e9e5efd193e777f5fed704747" + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -86060,290 +164298,67 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ts-mocha" - }, + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ { - "name": "cdx:npm:package:development", - "value": "true" + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ { - "type": "library", - "name": "ts-node", - "version": "7.0.1", - "bom-ref": "ts-mocha@10.0.0|ts-node@7.0.1", - "author": "Blake Embrey", - "description": "TypeScript execution environment and REPL for node.js, with source map support", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ts-node@7.0.1", - "externalReferences": [ - { - "url": "git://github.com/TypeStrong/ts-node.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/TypeStrong/ts-node", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/TypeStrong/ts-node/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ts-node/-/ts-node-7.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "055c156cf251b29ccd876c9fb25c93d4f49b979b88934dc46656f8f7744a1cde2a7a3fc3d3a9f570486394e246ebda05b04ece4fc5e3a5351c61fea92932cc87" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ts-mocha/node_modules/ts-node" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "arrify", - "version": "1.0.1", - "bom-ref": "ts-mocha@10.0.0|arrify@1.0.1", - "author": "Sindre Sorhus", - "description": "Convert a value to an array", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/arrify@1.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/arrify.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/arrify#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/arrify/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dc26337b1f4cf451908c218c1b28baff7d5cf0625b81bd2a1b2af1e475b13ddd1a0b0878701d988cc6f65dff54ba8a20accae53bd713aa7079ac8e461d94dc50" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ts-mocha/node_modules/arrify" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "diff", - "version": "3.5.0", - "bom-ref": "ts-mocha@10.0.0|diff@3.5.0", - "description": "A javascript text diff implementation.", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/diff@3.5.0", - "externalReferences": [ - { - "url": "git://github.com/kpdecker/jsdiff.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kpdecker/jsdiff#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/kpdecker/jsdiff/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "038eaab4581dfa0ee90d98a7a67c22449b716c2d61a607f4bb33f7886f3db1c1e4d00502ec0d531b17f93a288e52ffc931947c18eb7c84bf74d215746cecb9c4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ts-mocha/node_modules/diff" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "type": "library", - "name": "mkdirp", - "version": "0.5.6", - "bom-ref": "ts-mocha@10.0.0|mkdirp@0.5.6", - "author": "James Halliday", - "description": "Recursively mkdir, like `mkdir -p`", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/mkdirp@0.5.6", - "externalReferences": [ - { - "url": "git+https://github.com/substack/node-mkdirp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/substack/node-mkdirp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/substack/node-mkdirp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ts-mocha/node_modules/mkdirp" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "type": "library", - "name": "yn", - "version": "2.0.0", - "bom-ref": "ts-mocha@10.0.0|yn@2.0.0", - "author": "Sindre Sorhus", - "description": "Parse yes/no like values", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/yn@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/yn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/yn#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/yn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/yn/-/yn-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b93bfc27fc225938144e0fbdbcb4e2fff95e525e6f0d04baba28bf7a67936f6b2c63bbe5e9059fd9f15b2081a39e18ef6dd2a553479ded03e063586d4c2f3a8d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ts-mocha/node_modules/yn" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit" } ] }, { "type": "library", - "name": "buffer-from", - "version": "1.1.2", - "bom-ref": "buffer-from@1.1.2", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", "licenses": [ { "license": { @@ -86351,30 +164366,30 @@ } } ], - "purl": "pkg:npm/buffer-from@1.1.2", + "purl": "pkg:npm/js-yaml@3.14.1", "externalReferences": [ { - "url": "git+https://github.com/LinusU/buffer-from.git", + "url": "git+https://github.com/nodeca/js-yaml.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/LinusU/buffer-from#readme", + "url": "https://github.com/nodeca/js-yaml", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/LinusU/buffer-from/issues", + "url": "https://github.com/nodeca/js-yaml/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -86383,18 +164398,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/buffer-from" + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml" } ] }, { "type": "library", - "name": "tsconfig-paths", - "version": "3.15.0", - "bom-ref": "tsconfig-paths@3.15.0", - "author": "Jonas Kello", - "description": "Load node modules according to tsconfig paths, in run-time or via API.", - "scope": "optional", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", "licenses": [ { "license": { @@ -86402,30 +164415,30 @@ } } ], - "purl": "pkg:npm/tsconfig-paths@3.15.0", + "purl": "pkg:npm/argparse@1.0.10", "externalReferences": [ { - "url": "git+https://github.com/dividab/tsconfig-paths.git", + "url": "git+https://github.com/nodeca/argparse.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/dividab/tsconfig-paths#readme", + "url": "https://github.com/nodeca/argparse#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dividab/tsconfig-paths/issues", + "url": "https://github.com/nodeca/argparse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz", + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d80736460cc37bf727e3c1af39edccfa8f36a4415ec03dd43dbca85071dd29ab07c092a376ce1f2d759ffd4c799004c128ddb4a1a146bbe8db125a75a68b349a" + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -86434,135 +164447,67 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tsconfig-paths" - }, + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ { - "name": "cdx:npm:package:development", - "value": "true" + "license": { + "id": "BSD-3-Clause" + } } ], - "components": [ + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ { - "type": "library", - "name": "json5", - "version": "1.0.2", - "bom-ref": "tsconfig-paths@3.15.0|json5@1.0.2", - "author": "Aseem Kishore", - "description": "JSON for humans.", - "scope": "optional", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/json5@1.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/json5/json5.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "http://json5.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/json5/json5/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "83531630b062cfc14a8b57b8c3453254bdf0fa225c7960050406819e718a3a935ae5ff132e4b646eb7b5facea8202c9d5809be1d15064e623efffc6fda1bd760" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tsconfig-paths/node_modules/json5" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "strip-bom", - "version": "3.0.0", - "bom-ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0", - "author": "Sindre Sorhus", - "description": "Strip UTF-8 byte order mark (BOM) from a string", - "scope": "optional", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/strip-bom@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/strip-bom.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/strip-bom#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/strip-bom/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bdabc03115ce80154d17a9f210498bdc304ad7d891a437282305beb3043e09b1a2bbb963bbab7e264940d4c1f07a85ad69d82de0849552c5cbc83ab7e1d75cc0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tsconfig-paths/node_modules/strip-bom" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/sprintf-js" } ] }, { "type": "library", - "name": "json5", - "group": "@types", - "version": "0.0.29", - "bom-ref": "@types/json5@0.0.29", - "author": "Jason Swearingen", - "description": "TypeScript definitions for JSON5", - "scope": "optional", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", "licenses": [ { "license": { @@ -86570,30 +164515,30 @@ } } ], - "purl": "pkg:npm/%40types/json5@0.0.29", + "purl": "pkg:npm/resolve-from@5.0.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "url": "git+https://github.com/sindresorhus/resolve-from.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "url": "https://github.com/sindresorhus/resolve-from#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/sindresorhus/resolve-from/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7512e30961d8838a1a03bedcc4eeb8a0efbb2700b09c8ce464f76bac2ef58d0990b6584ce79ea9c0aa396d4ceabd99dd9156de14b2088bef530b8d09345e6135" + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -86602,52 +164547,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/json5" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from" } ] }, { "type": "library", - "name": "source-map-support", - "group": "@cspotcode", - "version": "0.8.1", - "bom-ref": "@cspotcode/source-map-support@0.8.1", - "description": "Fixes stack traces for files with source maps", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "test-exclude@6.0.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40cspotcode/source-map-support@0.8.1", + "purl": "pkg:npm/minimatch@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/cspotcode/node-source-map-support.git", + "url": "git://github.com/isaacs/minimatch.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/cspotcode/node-source-map-support#readme", + "url": "https://github.com/isaacs/minimatch#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/cspotcode/node-source-map-support/issues", + "url": "https://github.com/isaacs/minimatch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "21c84d7fa74de2d1e8305227ffb384f0b599d7d63aabfebb0667fabe719112ff1149b0556fd2cf27111c9f0adcc17ea2c52bda886a2898052fbb8612c57ad583" + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -86656,70 +164597,67 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@cspotcode/source-map-support" + "value": "node_modules/test-exclude/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ { - "type": "library", - "name": "trace-mapping", - "group": "@jridgewell", - "version": "0.3.9", - "bom-ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", - "author": "Justin Ridgewell", - "description": "Trace the original position through a source map", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.9", - "externalReferences": [ - { - "url": "git+https://github.com/jridgewell/trace-mapping.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jridgewell/trace-mapping#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jridgewell/trace-mapping/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ { - "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dc17a5b7ab5d73c6cf800b5b72676d349962ad5a139846f97b6802f783e7930116f6323a0801d47a81bce6d8d63f95aabaa7dabe832d330886e0ff76e9928ab9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" } ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping" - } - ] + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/brace-expansion" } ] }, { "type": "library", - "name": "node10", - "group": "@tsconfig", - "version": "1.0.11", - "bom-ref": "@tsconfig/node10@1.0.11", - "description": "A base TSConfig for working with Node 10.", + "name": "ts-node", + "version": "7.0.1", + "bom-ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", "licenses": [ { "license": { @@ -86727,30 +164665,30 @@ } } ], - "purl": "pkg:npm/%40tsconfig/node10@1.0.11#bases", + "purl": "pkg:npm/ts-node@7.0.1", "externalReferences": [ { - "url": "git+https://github.com/tsconfig/bases.git#bases", + "url": "git://github.com/TypeStrong/ts-node.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tsconfig/bases#readme", + "url": "https://github.com/TypeStrong/ts-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tsconfig/bases/issues", + "url": "https://github.com/TypeStrong/ts-node/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "url": "https://registry.npmjs.org/ts-node/-/ts-node-7.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0dc4630c2ba32bf90293f7147bc5f3f194a99bc992de634da6d6be8c6080e944840df92d94dbe6d7e22e67d7937036cd938d411f0a471de5be37594a0b3e333b" + "content": "055c156cf251b29ccd876c9fb25c93d4f49b979b88934dc46656f8f7744a1cde2a7a3fc3d3a9f570486394e246ebda05b04ece4fc5e3a5351c61fea92932cc87" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -86759,17 +164697,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@tsconfig/node10" + "value": "node_modules/ts-mocha/node_modules/ts-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "node12", - "group": "@tsconfig", - "version": "1.0.11", - "bom-ref": "@tsconfig/node12@1.0.11", - "description": "A base TSConfig for working with Node 12.", + "name": "arrify", + "version": "1.0.1", + "bom-ref": "ts-mocha@10.0.0|arrify@1.0.1", + "author": "Sindre Sorhus", + "description": "Convert a value to an array", "licenses": [ { "license": { @@ -86777,30 +164719,30 @@ } } ], - "purl": "pkg:npm/%40tsconfig/node12@1.0.11#bases", + "purl": "pkg:npm/arrify@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/tsconfig/bases.git#bases", + "url": "git+https://github.com/sindresorhus/arrify.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tsconfig/bases#readme", + "url": "https://github.com/sindresorhus/arrify#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tsconfig/bases/issues", + "url": "https://github.com/sindresorhus/arrify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "url": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "72a79fb91b21d76a56c86b08a0128903d96e16ede6471080f8e459bc0e24b4b4b322e094b56571188b978a01303b9ff2c1614c67640418a5af9191b5cc33136a" + "content": "dc26337b1f4cf451908c218c1b28baff7d5cf0625b81bd2a1b2af1e475b13ddd1a0b0878701d988cc6f65dff54ba8a20accae53bd713aa7079ac8e461d94dc50" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -86809,48 +164751,51 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@tsconfig/node12" + "value": "node_modules/ts-mocha/node_modules/arrify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "node14", - "group": "@tsconfig", - "version": "1.0.3", - "bom-ref": "@tsconfig/node14@1.0.3", - "description": "A base TSConfig for working with Node 14.", + "name": "diff", + "version": "3.5.0", + "bom-ref": "ts-mocha@10.0.0|diff@3.5.0", + "description": "A javascript text diff implementation.", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/%40tsconfig/node14@1.0.3#bases", + "purl": "pkg:npm/diff@3.5.0", "externalReferences": [ { - "url": "git+https://github.com/tsconfig/bases.git#bases", + "url": "git://github.com/kpdecker/jsdiff.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tsconfig/bases#readme", + "url": "https://github.com/kpdecker/jsdiff#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tsconfig/bases/issues", + "url": "http://github.com/kpdecker/jsdiff/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "url": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cac4fc9a1762c562ba1f0de2d55d80791a99e567d78351b8de6aa86253369dceb7f3c16ae63717cabe6646ca9588bc7f18961da0bd1b7d70fc9e617e667fc8a3" + "content": "038eaab4581dfa0ee90d98a7a67c22449b716c2d61a607f4bb33f7886f3db1c1e4d00502ec0d531b17f93a288e52ffc931947c18eb7c84bf74d215746cecb9c4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -86859,17 +164804,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@tsconfig/node14" + "value": "node_modules/ts-mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "node16", - "group": "@tsconfig", - "version": "1.0.4", - "bom-ref": "@tsconfig/node16@1.0.4", - "description": "A base TSConfig for working with Node 16.", + "name": "mkdirp", + "version": "0.5.6", + "bom-ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "author": "James Halliday", + "description": "Recursively mkdir, like `mkdir -p`", "licenses": [ { "license": { @@ -86877,30 +164826,30 @@ } } ], - "purl": "pkg:npm/%40tsconfig/node16@1.0.4#bases", + "purl": "pkg:npm/mkdirp@0.5.6", "externalReferences": [ { - "url": "git+https://github.com/tsconfig/bases.git#bases", + "url": "git+https://github.com/substack/node-mkdirp.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tsconfig/bases#readme", + "url": "https://github.com/substack/node-mkdirp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tsconfig/bases/issues", + "url": "https://github.com/substack/node-mkdirp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "url": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bf1854cb827c9727b28a71fb033975a5d778dc6261647fed3f6c1e37c4e7b506e5398f80d176d3f03264d7fa023ee38eca0fc96bbe7bac6d028077160bc39f30" + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -86909,16 +164858,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@tsconfig/node16" + "value": "node_modules/ts-mocha/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "acorn-walk", - "version": "8.3.2", - "bom-ref": "acorn-walk@8.3.2", - "description": "ECMAScript (ESTree) AST walker", + "name": "yn", + "version": "2.0.0", + "bom-ref": "ts-mocha@10.0.0|yn@2.0.0", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", "licenses": [ { "license": { @@ -86926,30 +164880,30 @@ } } ], - "purl": "pkg:npm/acorn-walk@8.3.2", + "purl": "pkg:npm/yn@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/acornjs/acorn.git", + "url": "git+https://github.com/sindresorhus/yn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/acornjs/acorn", + "url": "https://github.com/sindresorhus/yn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/acornjs/acorn/issues", + "url": "https://github.com/sindresorhus/yn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", + "url": "https://registry.npmjs.org/yn/-/yn-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "723932bf83ad34221eaa11eb7d2f354165e80813c4c51fc9eb6a3212a7a9570f16690792aa95b6ba1b8b3e1d66f5e5a10ee3a8fe35175539627ef7ac396a7fe0" + "content": "b93bfc27fc225938144e0fbdbcb4e2fff95e525e6f0d04baba28bf7a67936f6b2c63bbe5e9059fd9f15b2081a39e18ef6dd2a553479ded03e063586d4c2f3a8d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -86958,16 +164912,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/acorn-walk" + "value": "node_modules/ts-mocha/node_modules/yn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "create-require", - "version": "1.1.1", - "bom-ref": "create-require@1.1.1", - "description": "Polyfill for Node.js module.createRequire (<= v12.2.0)", + "name": "json5", + "version": "1.0.2", + "bom-ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "author": "Aseem Kishore", + "description": "JSON for humans.", + "scope": "optional", "licenses": [ { "license": { @@ -86975,30 +164935,30 @@ } } ], - "purl": "pkg:npm/create-require@1.1.1", + "purl": "pkg:npm/json5@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/nuxt-contrib/create-require.git", + "url": "git+https://github.com/json5/json5.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nuxt-contrib/create-require#readme", + "url": "http://json5.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nuxt-contrib/create-require/issues", + "url": "https://github.com/json5/json5/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "url": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "75c2855f78e7d0ca486978e2b2846f7b12095442b36aaef3dab64ac5ff8c4abf5391d9879ac5389b695c2e88eb8ff14797c9a4e55c4c99803e7ed4643ffde829" + "content": "83531630b062cfc14a8b57b8c3453254bdf0fa225c7960050406819e718a3a935ae5ff132e4b646eb7b5facea8202c9d5809be1d15064e623efffc6fda1bd760" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -87007,47 +164967,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/create-require" + "value": "node_modules/tsconfig-paths/node_modules/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "diff", - "version": "4.0.2", - "bom-ref": "diff@4.0.2", - "description": "A javascript text diff implementation.", + "name": "strip-bom", + "version": "3.0.0", + "bom-ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "scope": "optional", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/diff@4.0.2", + "purl": "pkg:npm/strip-bom@3.0.0", "externalReferences": [ { - "url": "git://github.com/kpdecker/jsdiff.git", + "url": "git+https://github.com/sindresorhus/strip-bom.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kpdecker/jsdiff#readme", + "url": "https://github.com/sindresorhus/strip-bom#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/kpdecker/jsdiff/issues", + "url": "https://github.com/sindresorhus/strip-bom/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e7c966c4a480e013722f3f871cc53394e129834f4557e7afe9931edef262860771ce073067c5681043e600b0991bd2e6a9f56834c30aa6db48613546eae0d8ec" + "content": "bdabc03115ce80154d17a9f210498bdc304ad7d891a437282305beb3043e09b1a2bbb963bbab7e264940d4c1f07a85ad69d82de0849552c5cbc83ab7e1d75cc0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -87056,17 +165022,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/diff" + "value": "node_modules/tsconfig-paths/node_modules/strip-bom" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "v8-compile-cache-lib", - "version": "3.0.1", - "bom-ref": "v8-compile-cache-lib@3.0.1", - "author": "Andrew Bradley", - "description": "Require hook for automatic V8 compile cache persistence", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.9", + "bom-ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", "licenses": [ { "license": { @@ -87074,30 +165045,30 @@ } } ], - "purl": "pkg:npm/v8-compile-cache-lib@3.0.1", + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.9", "externalReferences": [ { - "url": "git+https://github.com/cspotcode/v8-compile-cache-lib.git", + "url": "git+https://github.com/jridgewell/trace-mapping.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/cspotcode/v8-compile-cache-lib#readme", + "url": "https://github.com/jridgewell/trace-mapping#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/cspotcode/v8-compile-cache-lib/issues", + "url": "https://github.com/jridgewell/trace-mapping/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c1aed88f25067cd667808fefb4ad141c037e9600c2c413c2ca55571a9d33bb9f45cf96a21ad3576aadc3848a2fd3adcca2b07e55fb9f2e1dc9945d8a7532b7c6" + "content": "dc17a5b7ab5d73c6cf800b5b72676d349962ad5a139846f97b6802f783e7930116f6323a0801d47a81bce6d8d63f95aabaa7dabe832d330886e0ff76e9928ab9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -87106,17 +165077,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/v8-compile-cache-lib" + "value": "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping" } ] }, { "type": "library", - "name": "yn", - "version": "3.1.1", - "bom-ref": "yn@3.1.1", - "author": "Sindre Sorhus", - "description": "Parse yes/no like values", + "name": "color", + "version": "3.2.1", + "bom-ref": "colorspace@1.1.4|color@3.2.1", + "description": "Color conversion and manipulation with CSS string support", "licenses": [ { "license": { @@ -87124,30 +165094,30 @@ } } ], - "purl": "pkg:npm/yn@3.1.1", + "purl": "pkg:npm/color@3.2.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/yn.git", + "url": "git+https://github.com/Qix-/color.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/yn#readme", + "url": "https://github.com/Qix-/color#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/yn/issues", + "url": "https://github.com/Qix-/color/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "url": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9" + "content": "68197b75923d10d37a7d4182ee65a93133cd1e659448d6a7f6db9637a6a187964b364f5b68b24e9d2325ad090772b7c5833dbf462823515023771dfa55c7a628" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -87156,35 +165126,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yn" + "value": "node_modules/colorspace/node_modules/color" } ] }, { "type": "library", - "name": "tsimportlib", - "version": "0.0.5", - "bom-ref": "tsimportlib@0.0.5", - "author": "Andrew Bradley", - "purl": "pkg:npm/tsimportlib@0.0.5", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "colorspace@1.1.4|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", "externalReferences": [ { - "url": "https://github.com/cspotcode/tsimportlib", + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/cspotcode/tsimportlib/issues", + "url": "https://github.com/Qix-/color-convert/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tsimportlib/-/tsimportlib-0.0.5.tgz", + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a9642ffc2dd80783f08fbed9d8794e45fcb912c58771262deba55094c334c5988a5f0b687b54b17e9ce61d7eb6b1d260cd4e9eb2b046b72448971e8ed8e14fad" + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -87193,18 +165176,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tsimportlib" + "value": "node_modules/colorspace/node_modules/color-convert" } ] }, { "type": "library", - "name": "colors", - "group": "@colors", - "version": "1.6.0", - "bom-ref": "@colors/colors@1.6.0", - "author": "DABH", - "description": "get colors in your node.js console", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "colorspace@1.1.4|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", "licenses": [ { "license": { @@ -87212,30 +165194,30 @@ } } ], - "purl": "pkg:npm/%40colors/colors@1.6.0", + "purl": "pkg:npm/color-name@1.1.3", "externalReferences": [ { - "url": "git+ssh://git@github.com/DABH/colors.js.git", + "url": "git+ssh://git@github.com/dfcreative/color-name.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DABH/colors.js", + "url": "https://github.com/dfcreative/color-name", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DABH/colors.js/issues", + "url": "https://github.com/dfcreative/color-name/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "22bf803a26eaceb22c2fa6a3b77473dcbb2407b3a23151ea96d666b296d6fd326e4d5bb238c8ab56a0248df63a2484a22c783236a89c002f00c871c6ccd77f74" + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -87244,49 +165226,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@colors/colors" + "value": "node_modules/colorspace/node_modules/color-name" } ] }, { "type": "library", - "name": "diagnostics", - "group": "@dabh", - "version": "2.0.3", - "bom-ref": "@dabh/diagnostics@2.0.3", - "author": "Arnout Kazemier", - "description": "Tools for debugging your node.js modules and event loop", + "name": "sax", + "version": "1.3.0", + "bom-ref": "xlsx-populate@1.21.0|sax@1.3.0", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40dabh/diagnostics@2.0.3", + "purl": "pkg:npm/sax@1.3.0", "externalReferences": [ { - "url": "git://github.com/3rd-Eden/diagnostics.git", + "url": "git://github.com/isaacs/sax-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/3rd-Eden/diagnostics", + "url": "https://github.com/isaacs/sax-js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/3rd-Eden/diagnostics/issues", + "url": "https://github.com/isaacs/sax-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", + "url": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "86b9503888bb8407f3b0caa519217256e72bc77f0efa3eb088639ffff1f679cbc812a60de000c1492da22cc879505c83ba708d9e25083e4feadeb885bf8e7144" + "content": "d2cfa8026c3dccb975575712f41b5937b240774716e5ed101f85b72d610ae9ae0b68b100d8e4e919858363ee976ac04bb73eb0926deed71470f79991b89e7d58" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -87295,17 +165276,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@dabh/diagnostics" + "value": "node_modules/xlsx-populate/node_modules/sax" } ] }, { "type": "library", - "name": "colorspace", - "version": "1.1.4", - "bom-ref": "colorspace@1.1.4", - "author": "Arnout Kazemier", - "description": "Generate HEX colors for a given namespace.", + "name": "readable-stream", + "version": "2.3.8", + "bom-ref": "jszip@3.10.1|readable-stream@2.3.8", + "description": "Streams3, a user-land copy of the stream library from Node.js", "licenses": [ { "license": { @@ -87313,30 +165293,30 @@ } } ], - "purl": "pkg:npm/colorspace@1.1.4", + "purl": "pkg:npm/readable-stream@2.3.8", "externalReferences": [ { - "url": "git+https://github.com/3rd-Eden/colorspace.git", + "url": "git://github.com/nodejs/readable-stream.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/3rd-Eden/colorspace", + "url": "https://github.com/nodejs/readable-stream#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/3rd-Eden/colorspace/issues", + "url": "https://github.com/nodejs/readable-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "060bca262b95bb58a00541769048d10995e897ac228866d8e62a4bfe854fc26d012fdb08a4c23333c20aeefc2ec48233397315dc4cb9c3ebf1866d2b47f4cdf3" + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -87345,168 +165325,66 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/colorspace" + "value": "node_modules/jszip/node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.1.2", + "bom-ref": "jszip@3.10.1|safe-buffer@5.1.2", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } } ], - "components": [ + "purl": "pkg:npm/safe-buffer@5.1.2", + "externalReferences": [ { - "type": "library", - "name": "color", - "version": "3.2.1", - "bom-ref": "colorspace@1.1.4|color@3.2.1", - "description": "Color conversion and manipulation with CSS string support", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/color@3.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/Qix-/color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Qix-/color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Qix-/color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "68197b75923d10d37a7d4182ee65a93133cd1e659448d6a7f6db9637a6a187964b364f5b68b24e9d2325ad090772b7c5833dbf462823515023771dfa55c7a628" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/colorspace/node_modules/color" - } - ] + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "type": "library", - "name": "color-convert", - "version": "1.9.3", - "bom-ref": "colorspace@1.1.4|color-convert@1.9.3", - "author": "Heather Arthur", - "description": "Plain color conversion functions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/color-convert@1.9.3", - "externalReferences": [ - { - "url": "git+https://github.com/Qix-/color-convert.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Qix-/color-convert#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Qix-/color-convert/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/colorspace/node_modules/color-convert" - } - ] + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" }, { - "type": "library", - "name": "color-name", - "version": "1.1.3", - "bom-ref": "colorspace@1.1.4|color-name@1.1.3", - "author": "DY", - "description": "A list of color names and its values", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/color-name@1.1.3", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/dfcreative/color-name.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/dfcreative/color-name", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/dfcreative/color-name/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "type": "distribution", + "hashes": [ { - "name": "cdx:npm:package:path", - "value": "node_modules/colorspace/node_modules/color-name" + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" } - ] + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/safe-buffer" } ] }, { "type": "library", - "name": "text-hex", - "version": "1.0.0", - "bom-ref": "text-hex@1.0.0", - "author": "Arnout Kazemier", - "description": "Generate a hex color from the given text", + "name": "string_decoder", + "version": "1.1.1", + "bom-ref": "jszip@3.10.1|string_decoder@1.1.1", + "description": "The string_decoder module from Node core", "licenses": [ { "license": { @@ -87514,30 +165392,30 @@ } } ], - "purl": "pkg:npm/text-hex@1.0.0", + "purl": "pkg:npm/string_decoder@1.1.1", "externalReferences": [ { - "url": "git+https://github.com/3rd-Eden/text-hex.git", + "url": "git://github.com/nodejs/string_decoder.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/3rd-Eden/text-hex", + "url": "https://github.com/nodejs/string_decoder", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/3rd-Eden/text-hex/issues", + "url": "https://github.com/nodejs/string_decoder/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bae546356ce0278ca145a3528ae6cf63b3a3212c38b30e04e54bf4c1b8e9f8ecdc6e6554febb13f2e8e07172619fdca9cec82be6f973a4fa8ff8c04129c1af6e" + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -87546,48 +165424,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/text-hex" + "value": "node_modules/jszip/node_modules/string_decoder" } ] }, { "type": "library", - "name": "enabled", - "version": "2.0.0", - "bom-ref": "enabled@2.0.0", - "author": "Arnout Kazemier", - "description": "Check if a certain debug flag is enabled.", + "name": "entities", + "version": "2.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/enabled@2.0.0", + "purl": "pkg:npm/entities@2.2.0", "externalReferences": [ { - "url": "git://github.com/3rd-Eden/enabled.git", + "url": "git://github.com/fb55/entities.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/3rd-Eden/enabled#readme", + "url": "https://github.com/fb55/entities#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/3rd-Eden/enabled/issues", + "url": "https://github.com/fb55/entities/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", + "url": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "00aacdf7c92ec0eccc21d022cd7188f3a505068a36e822f6d5433beb7cb587f18c489e3f38753d936625b26069c92705a3fc1b2f35902413025b8f883b7ffe39" + "content": "a7dda27f9373eb5f48d30f9a909acb647d0c5f43dbe435f7f573b0413b5749d41039a607d374b5b88429e2684e66d017af1ab85623baed84e22c1a36eb7f28f4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -87596,48 +165474,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/enabled" + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer/node_modules/entities" } ] }, { "type": "library", - "name": "kuler", - "version": "2.0.0", - "bom-ref": "kuler@2.0.0", - "author": "Arnout Kazemier", - "description": "Color your terminal using CSS/hex color codes", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/kuler@2.0.0", + "purl": "pkg:npm/semver@6.3.1", "externalReferences": [ { - "url": "git+https://github.com/3rd-Eden/kuler.git", + "url": "git+https://github.com/npm/node-semver.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/3rd-Eden/kuler", + "url": "https://github.com/npm/node-semver#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/3rd-Eden/kuler/issues", + "url": "https://github.com/npm/node-semver/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5eaf671fb2a559999702da1d5c30d113bbece8353581353ccd80c70e258b4a2a78e44830ab7a652c7ccf9f6ecd82fccbdabd4b30f0b5bddaa1f7cb10c6daa3e0" + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -87646,17 +165524,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/kuler" + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument/node_modules/semver" } ] }, { "type": "library", - "name": "logform", - "version": "2.6.0", - "bom-ref": "logform@2.6.0", - "author": "Charlie Robbins", - "description": "An mutable object-based log format designed for chaining & objectMode streams.", + "name": "path-key", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", "licenses": [ { "license": { @@ -87664,30 +165542,30 @@ } } ], - "purl": "pkg:npm/logform@2.6.0", + "purl": "pkg:npm/path-key@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/winstonjs/logform.git", + "url": "git+https://github.com/sindresorhus/path-key.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/winstonjs/logform#readme", + "url": "https://github.com/sindresorhus/path-key#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/winstonjs/logform/issues", + "url": "https://github.com/sindresorhus/path-key/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", + "url": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d6e94778d3e9ea4fcb0fc1fdd68ed56050678398b504313b1e82b155b66218589d4b5463eb9a9ccb02f15fea557c03e840912345dbca72eb0ac0eba91c254e55" + "content": "85a444ca9abbc6433b12b7e0232034cfe063e0018a94c49d9501368ef268ea1b960f511d90a615f86fd3e27ab4604176be04d3f24a8c14aa35b879fde74af849" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -87696,117 +165574,102 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/logform" + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path/node_modules/path-key" } ] }, { "type": "library", - "name": "fecha", - "version": "4.2.3", - "bom-ref": "fecha@4.2.3", - "author": "Taylor Hakes", - "description": "Date formatting and parsing", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/fecha@4.2.3", + "purl": "pkg:npm/isexe@3.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", "externalReferences": [ { - "url": "git+https://taylorhakes@github.com/taylorhakes/fecha.git", + "url": "git+https://github.com/isaacs/isexe.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/taylorhakes/fecha", + "url": "https://github.com/isaacs/isexe#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/taylorhakes/fecha/issues", + "url": "https://github.com/isaacs/isexe/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "38fd88514e877982898b78b4cf8035f641cc4282d5b381dcf833eaab123687f0cf6474e6fef8ec7c2e8fd1be2308ccb5e178b32c1aaf9dd43e522943efbd3b27" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fecha" + "value": "node_modules/npm/node_modules/which/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "safe-stable-stringify", - "version": "2.4.3", - "bom-ref": "safe-stable-stringify@2.4.3", - "author": "Ruben Bridgewater", - "description": "Deterministic and safely JSON.stringify to quickly serialize JavaScript objects", + "name": "proc-log", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/safe-stable-stringify@2.4.3", + "purl": "pkg:npm/proc-log@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", "externalReferences": [ { - "url": "git+https://github.com/BridgeAR/safe-stable-stringify.git", + "url": "git+https://github.com/npm/proc-log.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/BridgeAR/safe-stable-stringify#readme", + "url": "https://github.com/npm/proc-log#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/BridgeAR/safe-stable-stringify/issues", + "url": "https://github.com/npm/proc-log/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7b66c30365894f4c31b1e55de25b033f8fb738d5fa1e931741ad5984543b494f868ef3910a64a16c2325b6bb480df9188551eb39c3ed8fe2a198305d3dd643d6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/safe-stable-stringify" + "value": "node_modules/npm/node_modules/node-gyp/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "triple-beam", - "version": "1.4.1", - "bom-ref": "triple-beam@1.4.1", - "author": "Charlie Robbins", - "description": "Definitions of levels for logging purposes & shareable Symbol constants.", + "name": "ms", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", "licenses": [ { "license": { @@ -87814,198 +165677,257 @@ } } ], - "purl": "pkg:npm/triple-beam@1.4.1", + "purl": "pkg:npm/ms@2.1.2?vcs_url=git%2Bhttps%3A//github.com/zeit/ms.git", "externalReferences": [ { - "url": "git+https://github.com/winstonjs/triple-beam.git", + "url": "git+https://github.com/zeit/ms.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/winstonjs/triple-beam#readme", + "url": "https://github.com/zeit/ms#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/winstonjs/triple-beam/issues", + "url": "https://github.com/zeit/ms/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6996e056266b83540d706f8b50b6bb9e16692536522e6fe65e71d79db01b8e63796926b4cbb57ec2fbfafb859a06da48489cd384acbe3c83f173536ad4427d9a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/triple-beam" + "value": "node_modules/npm/node_modules/debug/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "one-time", - "version": "1.0.0", - "bom-ref": "one-time@1.0.0", - "author": "Arnout Kazemier", - "description": "Run the supplied function exactly one time (once)", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/one-time@1.0.0", + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", "externalReferences": [ { - "url": "git+https://github.com/3rd-Eden/one-time.git", + "url": "git+https://github.com/isaacs/minipass.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/3rd-Eden/one-time#readme", + "url": "https://github.com/isaacs/minipass#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/3rd-Eden/one-time/issues", + "url": "https://github.com/isaacs/minipass/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e435ce8912b0b9211c43f974906085e90de37000c5bf9b52991689724fceaa454570eceeb41d77e0a4527c5d310eb2f7f4c367ab16c705b51472364885381bda" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/one-time" + "value": "node_modules/npm/node_modules/minipass-flush/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "fn.name", - "version": "1.1.0", - "bom-ref": "fn.name@1.1.0", - "author": "Arnout Kazemier", - "description": "Extract names from functions", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/fn.name@1.1.0", + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", "externalReferences": [ { - "url": "git+https://github.com/3rd-Eden/fn.name.git", + "url": "git+https://github.com/isaacs/minipass.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/3rd-Eden/fn.name", + "url": "https://github.com/isaacs/minipass#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/3rd-Eden/fn.name/issues", + "url": "https://github.com/isaacs/minipass/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass" }, { - "url": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1919e607980fc89a4085341d4994d2a7db9a3d2be5d3d2a861c310b6c07dad0a0e9b3b3d747e9f7de71c1fe67e72fe8febc1eee5b0ba263461e0087f98748d47" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "author": "Isaac Z. Schlueter", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fn.name" + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "string_decoder", - "version": "1.3.0", - "bom-ref": "string_decoder@1.3.0", - "description": "The string_decoder module from Node core", + "name": "minipass", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/string_decoder@1.3.0", + "purl": "pkg:npm/minipass@5.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", "externalReferences": [ { - "url": "git://github.com/nodejs/string_decoder.git", + "url": "git+https://github.com/isaacs/minipass.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodejs/string_decoder", + "url": "https://github.com/isaacs/minipass#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodejs/string_decoder/issues", + "url": "https://github.com/isaacs/minipass/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/minipass" }, { - "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2?vcs_url=git%3A//github.com/isaacs/node-which.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/string_decoder" + "value": "node_modules/npm/node_modules/cross-spawn/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "stack-trace", - "version": "0.0.10", - "bom-ref": "stack-trace@0.0.10", - "author": "Felix Geisendörfer", - "description": "Get v8 stack traces as an array of CallSite objects.", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", "licenses": [ { "license": { @@ -88013,49 +165935,42 @@ } } ], - "purl": "pkg:npm/stack-trace@0.0.10", + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", "externalReferences": [ { - "url": "git://github.com/felixge/node-stack-trace.git", + "url": "git+https://github.com/sindresorhus/string-width.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/felixge/node-stack-trace", + "url": "https://github.com/sindresorhus/string-width#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/felixge/node-stack-trace/issues", + "url": "https://github.com/sindresorhus/string-width/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "286cda85cee9b942a4cf232df88a807a9f9354d6ca3fe9362e6c21b9bdfd9b502c4d291a0eeb71e7a6830a8f872c3cdffc3dba0481d32563624c6d4a0098900a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/stack-trace" + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "winston-transport", - "version": "4.7.0", - "bom-ref": "winston-transport@4.7.0", - "author": "Charlie Robbins", - "description": "Base stream implementations for winston@3 and up.", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", "licenses": [ { "license": { @@ -88063,49 +165978,42 @@ } } ], - "purl": "pkg:npm/winston-transport@4.7.0", + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", "externalReferences": [ { - "url": "git+ssh://git@github.com/winstonjs/winston-transport.git", + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/winstonjs/winston-transport#readme", + "url": "https://mths.be/emoji-regex", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/winstonjs/winston-transport/issues", + "url": "https://github.com/mathiasbynens/emoji-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6a3063eb92b923b75e9f37abd88616ebed9b34856a2c60c7a83c373b0f0e861faf756fabbf8319e9e883bc7a0a85f2456766aec8df1bc9789e0c327de9588e36" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/winston-transport" + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "xlsx-populate", - "version": "1.21.0", - "bom-ref": "xlsx-populate@1.21.0", - "author": "Dave T. Johnson", - "description": "Excel XLSX parser/generator written in JavaScript with Node.js and browser support, jQuery/d3-style method chaining, and a focus on keeping existing workbook features and styles in tact.", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", "licenses": [ { "license": { @@ -88113,448 +166021,214 @@ } } ], - "purl": "pkg:npm/xlsx-populate@1.21.0", + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", "externalReferences": [ { - "url": "git+https://github.com/dtjohnson/xlsx-populate.git", + "url": "git+https://github.com/chalk/strip-ansi.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/dtjohnson/xlsx-populate#readme", + "url": "https://github.com/chalk/strip-ansi#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dtjohnson/xlsx-populate/issues", + "url": "https://github.com/chalk/strip-ansi/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/xlsx-populate/-/xlsx-populate-1.21.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f2fd869bc05e857a3a2d4eca4fcd364285d33e4618d522a4e55f20fd4b98667341dc9cd7aae77f3fdf4fc6bdb25de2b2b7eb0a9426ad9a2773ea340d89ed6147" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/xlsx-populate" - } - ], - "components": [ + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi" + }, { - "type": "library", - "name": "sax", - "version": "1.3.0", - "bom-ref": "xlsx-populate@1.21.0|sax@1.3.0", - "author": "Isaac Z. Schlueter", - "description": "An evented streaming XML parser in JavaScript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/sax@1.3.0", - "externalReferences": [ - { - "url": "git://github.com/isaacs/sax-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/sax-js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/sax-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d2cfa8026c3dccb975575712f41b5937b240774716e5ed101f85b72d610ae9ae0b68b100d8e4e919858363ee976ac04bb73eb0926deed71470f79991b89e7d58" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/xlsx-populate/node_modules/sax" - } - ] + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "cfb", - "version": "1.2.2", - "bom-ref": "cfb@1.2.2", - "author": "sheetjs", - "description": "Compound File Binary File Format extractor", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/cfb@1.2.2", + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", "externalReferences": [ { - "url": "git://github.com/SheetJS/js-cfb.git", + "url": "git+https://github.com/chalk/ansi-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://sheetjs.com/", + "url": "https://github.com/chalk/ansi-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SheetJS/js-cfb/issues", + "url": "https://github.com/chalk/ansi-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cfb/-/cfb-1.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "29f75466c48ec35f7f39b1166acbc13ff01ce2b799bc019ab9986ce92fe0a8d857848edc2b0be51fbba58fe74e1189dc6b86e6e121a8f02d5b4c042f9d38e040" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cfb" + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "adler-32", - "version": "1.3.1", - "bom-ref": "adler-32@1.3.1", - "author": "sheetjs", - "description": "Pure-JS ADLER-32", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/adler-32@1.3.1", + "purl": "pkg:npm/ansi-styles@4.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", "externalReferences": [ { - "url": "git://github.com/SheetJS/js-adler32.git", + "url": "git+https://github.com/chalk/ansi-styles.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://sheetjs.com/opensource", + "url": "https://github.com/chalk/ansi-styles#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SheetJS/js-adler32/issues", + "url": "https://github.com/chalk/ansi-styles/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/adler-32/-/adler-32-1.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ca7678c3f9d452fe6baec47c5141a87b5542f61663e95e6153d430d4794c0c9184270e52ed37d312b5938cccace8ceefaf461670faacdea02be2cb349c37cff8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/adler-32" + "value": "node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "crc-32", - "version": "1.2.2", - "bom-ref": "crc-32@1.2.2", - "author": "sheetjs", - "description": "Pure-JS CRC-32", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/crc-32@1.2.2", + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", "externalReferences": [ { - "url": "git://github.com/SheetJS/js-crc32.git", + "url": "git+https://github.com/sindresorhus/string-width.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://sheetjs.com/", + "url": "https://github.com/sindresorhus/string-width#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SheetJS/js-crc32/issues", + "url": "https://github.com/sindresorhus/string-width/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "44e9b308aad39cec326cf709029000e960568a3db71d57c654d2aaaab669bb264e1ea2b60b01d2be91aecadfd434dbda22311df17e48146a78321f887b520725" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/crc-32" + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "jszip", - "version": "3.10.1", - "bom-ref": "jszip@3.10.1", - "author": "Stuart Knightley", - "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", "licenses": [ { - "expression": "(MIT OR GPL-3.0-or-later)" + "license": { + "id": "MIT" + } } ], - "purl": "pkg:npm/jszip@3.10.1", + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", "externalReferences": [ { - "url": "git+https://github.com/Stuk/jszip.git", + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Stuk/jszip#readme", + "url": "https://mths.be/emoji-regex", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Stuk/jszip/issues", + "url": "https://github.com/mathiasbynens/emoji-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c570ef79cc93a462eba85aef92b512a31c5f248e401fb53ccf1c6d55c969b14b4c0aae09436f742d8f005b973b1a09ebfd8fe82be6d031ba8adaa9ad937a4de2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jszip" - } - ], - "components": [ - { - "type": "library", - "name": "readable-stream", - "version": "2.3.8", - "bom-ref": "jszip@3.10.1|readable-stream@2.3.8", - "description": "Streams3, a user-land copy of the stream library from Node.js", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/readable-stream@2.3.8", - "externalReferences": [ - { - "url": "git://github.com/nodejs/readable-stream.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/nodejs/readable-stream#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/nodejs/readable-stream/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jszip/node_modules/readable-stream" - } - ] - }, - { - "type": "library", - "name": "safe-buffer", - "version": "5.1.2", - "bom-ref": "jszip@3.10.1|safe-buffer@5.1.2", - "author": "Feross Aboukhadijeh", - "description": "Safer Node.js Buffer API", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/safe-buffer@5.1.2", - "externalReferences": [ - { - "url": "git://github.com/feross/safe-buffer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/feross/safe-buffer", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/feross/safe-buffer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jszip/node_modules/safe-buffer" - } - ] + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex" }, { - "type": "library", - "name": "string_decoder", - "version": "1.1.1", - "bom-ref": "jszip@3.10.1|string_decoder@1.1.1", - "description": "The string_decoder module from Node core", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/string_decoder@1.1.1", - "externalReferences": [ - { - "url": "git://github.com/nodejs/string_decoder.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/nodejs/string_decoder", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/nodejs/string_decoder/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jszip/node_modules/string_decoder" - } - ] + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "lie", - "version": "3.3.0", - "bom-ref": "lie@3.3.0", - "description": "A basic but performant promise implementation", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", "licenses": [ { "license": { @@ -88562,48 +166236,42 @@ } } ], - "purl": "pkg:npm/lie@3.3.0", + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", "externalReferences": [ { - "url": "git+https://github.com/calvinmetcalf/lie.git", + "url": "git+https://github.com/chalk/strip-ansi.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/calvinmetcalf/lie#readme", + "url": "https://github.com/chalk/strip-ansi#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/calvinmetcalf/lie/issues", + "url": "https://github.com/chalk/strip-ansi/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lie" + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "immediate", - "version": "3.0.6", - "bom-ref": "immediate@3.0.6", - "description": "A cross browser microtask library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", "licenses": [ { "license": { @@ -88611,96 +166279,85 @@ } } ], - "purl": "pkg:npm/immediate@3.0.6", + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", "externalReferences": [ { - "url": "git://github.com/calvinmetcalf/immediate.git", + "url": "git+https://github.com/chalk/ansi-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/calvinmetcalf/immediate#readme", + "url": "https://github.com/chalk/ansi-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/calvinmetcalf/immediate/issues", + "url": "https://github.com/chalk/ansi-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5d7385b72a838cd0c043155f631b85ee0f4897f21b5a69a5420d8c60a387f04c484f5aa0eb1738cf24b71da10401382cd5bb5fcf1ab5e5c894898ee08d25d119" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/immediate" + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "pako", - "version": "1.0.11", - "bom-ref": "pako@1.0.11", - "description": "zlib port to javascript - fast, modularized, with browser support", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", "licenses": [ { - "expression": "(MIT AND Zlib)" + "license": { + "id": "MIT" + } } ], - "purl": "pkg:npm/pako@1.0.11", + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", "externalReferences": [ { - "url": "git+https://github.com/nodeca/pako.git", + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodeca/pako", + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodeca/pako/issues", + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pako" + "value": "node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "core-util-is", - "version": "1.0.3", - "bom-ref": "core-util-is@1.0.3", - "author": "Isaac Z. Schlueter", - "description": "The `util.is*` functions introduced in Node v0.12.", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", "licenses": [ { "license": { @@ -88708,229 +166365,202 @@ } } ], - "purl": "pkg:npm/core-util-is@1.0.3", + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", "externalReferences": [ { - "url": "git://github.com/isaacs/core-util-is.git", + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/core-util-is#readme", + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/core-util-is/issues", + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/core-util-is" + "value": "node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "isarray", - "version": "1.0.0", - "bom-ref": "isarray@1.0.0", - "author": "Julian Gruber", - "description": "Array#isArray for older browsers", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/isarray@1.0.0", + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", "externalReferences": [ { - "url": "git://github.com/juliangruber/isarray.git", + "url": "git+https://github.com/isaacs/minipass.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/juliangruber/isarray", + "url": "https://github.com/isaacs/minipass#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/isarray/issues", + "url": "https://github.com/isaacs/minipass/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/isarray" + "value": "node_modules/npm/node_modules/minipass-sized/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "process-nextick-args", - "version": "2.0.1", - "bom-ref": "process-nextick-args@2.0.1", - "description": "process.nextTick but always with args", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/process-nextick-args@2.0.1", + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", "externalReferences": [ { - "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git", + "url": "git+https://github.com/isaacs/minipass.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/calvinmetcalf/process-nextick-args", + "url": "https://github.com/isaacs/minipass#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", + "url": "https://github.com/isaacs/minipass/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/process-nextick-args" + "value": "node_modules/npm/node_modules/minizlib/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "setimmediate", - "version": "1.0.5", - "bom-ref": "setimmediate@1.0.5", - "author": "YuzuJS", - "description": "A shim for the setImmediate efficient script yielding API", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/setimmediate@1.0.5", + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", "externalReferences": [ { - "url": "git+https://github.com/YuzuJS/setImmediate.git", + "url": "git+https://github.com/isaacs/minipass.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/YuzuJS/setImmediate#readme", + "url": "https://github.com/isaacs/minipass#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/YuzuJS/setImmediate/issues", + "url": "https://github.com/isaacs/minipass/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3004c9759a7cb0ba8397febc2df4266cff3328f2d0355e81219a0882bb1c14343e46cbcafc1c5e0d03a0cb128aa21d32ffc87706a5459c2a90fe077eade8885c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/setimmediate" + "value": "node_modules/npm/node_modules/minipass-json-stream/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] }, { "type": "library", - "name": "sax", - "version": "1.2.1", - "bom-ref": "sax@1.2.1", - "author": "Isaac Z. Schlueter", - "description": "An evented streaming XML parser in JavaScript", + "name": "parse-json", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/sax@1.2.1", + "purl": "pkg:npm/parse-json@4.0.0", "externalReferences": [ { - "url": "git://github.com/isaacs/sax-js.git", + "url": "git+https://github.com/sindresorhus/parse-json.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/sax-js#readme", + "url": "https://github.com/sindresorhus/parse-json#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/sax-js/issues", + "url": "https://github.com/sindresorhus/parse-json/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "url": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", "type": "distribution", "hashes": [ { - "alg": "SHA-512", - "content": "f08d9adcba2f1d33a99bb355e723b23bc207aa056c7cae3e52ec92ad753c617912457ee4ea1095f5bdc7ae4282af79cca608fed1b9a871a2495a9be9d6873b64" + "alg": "SHA-1", + "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -88939,17 +166569,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sax" + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call/node_modules/parse-json" } ] }, { "type": "library", - "name": "xmlbuilder", - "version": "11.0.1", - "bom-ref": "xmlbuilder@11.0.1", - "author": "Ozgur Ozcitak", - "description": "An XML builder for node.js", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", "licenses": [ { "license": { @@ -88957,30 +166587,30 @@ } } ], - "purl": "pkg:npm/xmlbuilder@11.0.1", + "purl": "pkg:npm/ignore@4.0.6", "externalReferences": [ { - "url": "git://github.com/oozcitak/xmlbuilder-js.git", + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://github.com/oozcitak/xmlbuilder-js", + "url": "https://github.com/kaelzhang/node-ignore#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/oozcitak/xmlbuilder-js/issues", + "url": "https://github.com/kaelzhang/node-ignore/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7c396c23f905131ee02ef6de71cd3fa212c6e747ee810a7caf21f3313b96f6f49ad462745d858a9e1b14c7ba227b71bdf3eaf9e9a4d0214078921b78d91dc9bc" + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -88989,17 +166619,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/xmlbuilder" + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "zip-lib", - "version": "1.0.4", - "bom-ref": "zip-lib@1.0.4", - "author": "fpsqdb", - "description": "zip and unzip library for node", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", "licenses": [ { "license": { @@ -89007,30 +166641,30 @@ } } ], - "purl": "pkg:npm/zip-lib@1.0.4", + "purl": "pkg:npm/ignore@4.0.6", "externalReferences": [ { - "url": "git+https://github.com/fpsqdb/zip-lib.git", + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/fpsqdb/zip-lib#readme", + "url": "https://github.com/kaelzhang/node-ignore#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/fpsqdb/zip-lib/issues", + "url": "https://github.com/kaelzhang/node-ignore/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/zip-lib/-/zip-lib-1.0.4.tgz", + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b5cc0c2d4b13fddc60110330c685add0148fdd054af6f57faf0ece46452f1ba4045bc1a06550d3873844f050de44e0f4beb306f500c52eb789f5e4ce61ce7a4f" + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -89039,48 +166673,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/zip-lib" + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "yauzl", - "version": "3.1.3", - "bom-ref": "yauzl@3.1.3", - "author": "Josh Wolfe", - "description": "yet another unzip library for node", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/yauzl@3.1.3", + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", "externalReferences": [ { - "url": "git+https://github.com/thejoshwolfe/yauzl.git", + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/thejoshwolfe/yauzl", + "url": "https://github.com/eslint/eslint-visitor-keys#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thejoshwolfe/yauzl/issues", + "url": "https://github.com/eslint/eslint-visitor-keys/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yauzl/-/yauzl-3.1.3.tgz", + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "24209d9a52495afecbd2afcaca539e93245a52b744a14c5691655c828ae8b1344e0855a24bda7634d3c4f586fdd5a93b6f53794b1019125896a6ca5b65c722bf" + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -89089,54 +166727,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yauzl" + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "buffer-crc32", - "version": "0.2.13", - "bom-ref": "buffer-crc32@0.2.13", - "author": "Brian J. Brennan", - "description": "A pure javascript CRC32 algorithm that plays nice with binary data", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", "licenses": [ { "license": { - "id": "MIT" - } - }, - { - "license": { - "id": "MIT", - "url": "https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/buffer-crc32@0.2.13", + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", "externalReferences": [ { - "url": "git://github.com/brianloveswords/buffer-crc32.git", + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/brianloveswords/buffer-crc32", + "url": "https://github.com/eslint/eslint-visitor-keys#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/brianloveswords/buffer-crc32/issues", + "url": "https://github.com/eslint/eslint-visitor-keys/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "54ef47b7ffa9dd237b48a5aa72b804ce319b4522584f1f90d694d00b4c2b5aa1f1d2fa49ada43a1ad1f1f2dbdc835ae52b56f2854e6071cc603a08fb0744c391" + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -89145,17 +166781,20 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/buffer-crc32" + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "pend", - "version": "1.2.0", - "bom-ref": "pend@1.2.0", - "author": "Andrew Kelley", - "description": "dead-simple optimistic async helper", + "name": "ms", + "version": "2.0.0", + "bom-ref": "send@0.18.0|debug@2.6.9|ms@2.0.0", + "description": "Tiny milisecond conversion utility", "licenses": [ { "license": { @@ -89163,30 +166802,30 @@ } } ], - "purl": "pkg:npm/pend@1.2.0", + "purl": "pkg:npm/ms@2.0.0", "externalReferences": [ { - "url": "git://github.com/andrewrk/node-pend.git", + "url": "git+https://github.com/zeit/ms.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/andrewrk/node-pend#readme", + "url": "https://github.com/zeit/ms#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/andrewrk/node-pend/issues", + "url": "https://github.com/zeit/ms/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1776acbf8d94b97721773b7ec57a9f5b538695505efa6c5ada6a88d29839c801d93ef16663763a76b49ffc643503ce9681610df4ace1fd6ae029aea219c1d72e" + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -89195,57 +166834,50 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pend" + "value": "node_modules/send/node_modules/debug/node_modules/ms" } ] }, { "type": "library", - "name": "yazl", - "version": "2.5.1", - "bom-ref": "yazl@2.5.1", - "author": "Josh Wolfe", - "description": "yet another zip library for node", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/yazl@2.5.1", + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", "externalReferences": [ { - "url": "git+https://github.com/thejoshwolfe/yazl.git", + "url": "git+https://github.com/isaacs/minipass.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/thejoshwolfe/yazl", + "url": "https://github.com/isaacs/minipass#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thejoshwolfe/yazl/issues", + "url": "https://github.com/isaacs/minipass/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/yazl/-/yazl-2.5.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a6110d8b63cb8879c76fa401568b7e7499da019d31a2c8fba777d697ece7223043967308d8fb19089677d3a04f4c539a1dfe6a743108f31e6a16b48e04de6faf" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yazl" + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" } ] } diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json index 228b291dfc..8970186989 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json @@ -30,11033 +30,88941 @@ "auxiliary_data": [ { "name": "SBOM", + "components": [ + { + "type": "library", + "name": "client-config-service", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Config Service Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-config-service@3.590.0#clients/client-config-service", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-config-service", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-config-service", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-config-service/-/client-config-service-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ad29ae81b639104043527461f1bd58d83f0294a7d812a161b7210ff7855d54705dae36775d2b2269d856e08b21e4ed081c2c93ba6c189b90327e25fcb03aa3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service" + } + ] + }, + { + "type": "library", + "name": "sha256-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f152e65b607e82315b539b8c7aab5033a363d3f1756eba3cd31417096e824015a0a2c1565d3c7beda78e17908020099b38aeb849d30125d36be89e35c8fe66bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser" + } + ] + }, + { + "type": "library", + "name": "ie11-detection", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions and types for detecting if the host environment is IE11", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/ie11-detection@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/ie11-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df8d650419226350df0cd29a8bfc173376ae8cd0645d1eedab55113d00cbf708b70146c8f34351ef8b85d535c7326ee9a3501c9c593c8aed92d88794ffefc0f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection" + } + ] + }, + { + "type": "library", + "name": "sha256-js", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-js@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-js@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e734dee8b34fb27755ef5c0cb6dc214e9936cc683c60c57b53287c9bac9dfd63c906cc10138011626d624a1fa061cad2c8fd9caccecf3bc4238137206283abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js" + } + ] + }, + { + "type": "library", + "name": "supports-web-crypto", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions for detecting if the host environment supports the WebCrypto API", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/supports-web-crypto@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/supports-web-crypto", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d3a84174cc1401bd96153b861bbdcb482d307cfbbddf15b0a39bcbd9eb7d7b29a09aedc8779bc500705b6a355688684f3b7eea72c7426a9fc5a97bc918958f22" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto" + } + ] + }, + { + "type": "library", + "name": "util", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/util@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/util@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/util", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8e265a5e269091e3c082f2bfae2950a1cecf48ba7823f70919ae5f19d38d435845afc881c82d82823cdcc98212ac8af8fe4b798ba3a05573b981373771038eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/types@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.577.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "153d896444b7c0128dfda95f9a1968fb764eabf5c9d02ed039970336ba4a8c1d24a98a0a8e154a67f1f1e80ad1d1cce429f1f304112ceb2e3479b207c769d298" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/types" + } + ] + }, + { + "type": "library", + "name": "util-utf8-browser", + "group": "@aws-sdk", + "version": "3.259.0", + "bom-ref": "@aws-sdk/util-utf8-browser@3.259.0", + "author": "AWS SDK for JavaScript Team", + "description": "A browser UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-utf8-browser@3.259.0#packages/util-utf8-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-utf8-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-utf8-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52f15afef47e7b5f57a2891917c47315906bc361149105b18815b4c9840086f9370be4151a5d07de8b9c6bc2c306505f40a5f0996de1ba8ff9f47f2bc1bd7027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-utf8-browser" + } + ] + }, + { + "type": "library", + "name": "util-locate-window", + "group": "@aws-sdk", + "version": "3.535.0", + "bom-ref": "@aws-sdk/util-locate-window@3.535.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-locate-window@3.535.0#packages/util-locate-window", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-locate-window", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-locate-window", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.535.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c727748be9dda3a5c81ba9d8223f1917a6eec3adcd8f6158b0c5222abef30a843c33481d56de632fb69cf028ce0813bccb168759a3418a8c9f40b285e775784" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-locate-window" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "2.6.3", + "bom-ref": "tslib@2.6.3", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@2.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4dbf12443948963c6854b9475080024f28e3897c69c8c8ac9239cd3d5e42ac81d515ff7136cefc1961d7a38e64603c281cca6d63b8b1f7db6eb203bb0414929" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-host-header@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.577.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c6b9309cf8e7908e0c8557b34fec5a6266eeddd03b81146b5cdff2913c82b2e9cdfd09f786f3fec9035a6dfb3e58b5dd3dd66804011c24e21f681455f0ac5a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-host-header" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-logger@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.577.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68f146a468d365c25893edb86e0ee34f85dd229e369855d2b8fb78f65c392b281e7cbc8933fb01d1b28aa8f6188af5b4adcb99f5bad0e7c79950db61af3600be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-logger" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.577.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a67dd95447768a86ca2654771fe6c38a51e38119cdad0e873262bd673670f3d0a49f70dc6efe3cc4ebf8449beed1a53c4832e5fd2342c69a4a8de2c34cf18134" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-recursion-detection" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.577.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc40331e047a1d6a59387ef11607892dcebf0b331cc789f1790a25671559a01e693da25ddc28f246164dd315de641d1721109699be322418328ae8172cd3242c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-browser" + } + ] + }, + { + "type": "library", + "name": "config-resolver", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/config-resolver@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/config-resolver@3.0.1#packages/config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85b91825cdb44810f3daaa8bcedb6323f12a5de9ad996934a284739cbb225e9df4eba290453bee2876bb5388c264226ae83a33aafcb4475fef344482f629cf26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/config-resolver" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@smithy", + "version": "2.1.1", + "bom-ref": "@smithy/core@2.1.1", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/core@2.1.1#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/core/-/core-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2f6c8c3051c83414c85354980c85bb1148014bd2bc1dbb2fce433ed7ab5a495c93b2686bfe3c68e3d6219ac119730543c0e41909bfb4baabe614d94f2093f58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/core" + } + ] + }, + { + "type": "library", + "name": "fetch-http-handler", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/fetch-http-handler@3.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/fetch-http-handler@3.0.1#packages/fetch-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/fetch-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/fetch-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9a1fbe22e410e3fab070a106978a82a923448704916d395c33ac2a71671a61396d248b98e18fb757bc33183362097a6f13a5d16f4b6882d3cb2339b95f14616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/fetch-http-handler" + } + ] + }, + { + "type": "library", + "name": "hash-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-node@3.0.0#packages/hash-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f38a97b2d35e98fdd74b98dca1fd1e97af9b0df8f3baf8493d04c47eba37960b5b0ad2a0ccf9b7320892e9e85754f8de439f894b41ea993cfc7ff4587f31d5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-node" + } + ] + }, + { + "type": "library", + "name": "invalid-dependency", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/invalid-dependency@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/invalid-dependency@3.0.0#packages/invalid-dependency", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/invalid-dependency", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/invalid-dependency", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17ac0105a105809ce3d2ce0a5259622063e6a977a6c0fe846af82f0ea630087e343b95ebda2307bd2f2da1d986559b6e242a2b0645ec60bc93bb83ee8b356ae6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/invalid-dependency" + } + ] + }, + { + "type": "library", + "name": "middleware-content-length", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-content-length@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-content-length@3.0.0#packages/middleware-content-length", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-content-length", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-content-length", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc2e2ce1dfe21a86e00ad936b67596ebecd24ce060d4f4409b6bed5992ddae2c13ae815b6d6352af795ccb31ddad01e71176020b92b9d846e97e875a21463cb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-content-length" + } + ] + }, + { + "type": "library", + "name": "middleware-endpoint", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/middleware-endpoint@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-endpoint@3.0.1#packages/middleware-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "950fd439d183e0a33990b662025d2af10cb774f6f29ef0172807579d896b0353a9694c2bfa7792b15a240d9a58e9955be58c7c8e7bacdbdbafe975a933d3f849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-endpoint" + } + ] + }, + { + "type": "library", + "name": "middleware-retry", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/middleware-retry@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-retry@3.0.3#packages/middleware-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5af7b5ab325bf3754453feaafbf2347107409039eecc42c2e88bc80700f3504886a4aa97817d6fd74154b9919b452e8ebff3fe1c7b61700a07389650bd934090" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-retry" + } + ] + }, + { + "type": "library", + "name": "middleware-serde", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-serde@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-serde@3.0.0#packages/middleware-serde", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-serde", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-serde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "235bca1b57e823ea0f806f6bec8318d52fb10679809f5212aa9968cafaa4c07a126fc54fb278070d33a0606601a27b8e2a775a591506259aca6182c1f809deeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-serde" + } + ] + }, + { + "type": "library", + "name": "middleware-stack", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-stack@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a means for composing multiple middleware functions into a single handler", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-stack@3.0.0#packages/middleware-stack", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-stack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-stack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87d239b27c0c874455e6eb0ba7b24b8d02ab63ef27e6c0507a169dfb7a7cada76ab4e3bfce77dc5eb446946e5bb22263a51a71a969519a55f8f06b04abfa2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-stack" + } + ] + }, + { + "type": "library", + "name": "node-config-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/node-config-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "Load config default values from ini config files and environmental variable", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-config-provider@3.1.0#packages/node-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e07c1f1022d51f4c54df1ccbcab9cda0d56eb4575bab220647a83d49345642dad4d65da86a7f65ef297a9c052ef266a47b1aa910419cb5d72fe534e516ceaed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-config-provider" + } + ] + }, + { + "type": "library", + "name": "node-http-handler", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/node-http-handler@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-http-handler@3.0.0#packages/node-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dedac3e2becd38cca0c0b6d4268e1ea1dc90bb2a405abeeebcf9de6cd27d6bbd1d421567f944bc8ff9429efa094ba0577d9785ecf924908d037a6549c3e9fe79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-http-handler" + } + ] + }, + { + "type": "library", + "name": "protocol-http", + "group": "@smithy", + "version": "4.0.0", + "bom-ref": "@smithy/protocol-http@4.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/protocol-http@4.0.0#packages/protocol-http", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/protocol-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/protocol-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e4193842365cb5915813bd020218b87baa8d9d9cb32afcfc89601431c336e2202c0311c76065f1c9395390fa561f433dda1a569bb3c1631ad3171d2f83bf01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/protocol-http" + } + ] + }, + { + "type": "library", + "name": "smithy-client", + "group": "@smithy", + "version": "3.1.1", + "bom-ref": "@smithy/smithy-client@3.1.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/smithy-client@3.1.1#packages/smithy-client", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/smithy-client", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/smithy-client", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63e0abbb329cd947c72656e3dc49bacb155c66a6d5a4b6624cc124ffb8812ae2c6ab69b11d17c09b99075807bb89fd7e7542ad846309d1b284bb85d47807bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/smithy-client" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/types@3.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/types@3.0.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/types/-/types-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "56f5ae424d91285b8eafdf201618dc6bb7e4052fb12cb5114fc6d48e4e5742857464b9bb58fc163cf637fc0c334cbb940437a82830ad85f7b502c4d459a48487" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/types" + } + ] + }, + { + "type": "library", + "name": "url-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/url-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/url-parser@3.0.0#packages/url-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/url-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/url-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d972dacc5814bbe60e187b568a10771522c07c251a8d57cd05718662339a54a8cb02e031c77a52058de10602f3220075ee169fe7d80e1b78a62aa4f2f2672b8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/url-parser" + } + ] + }, + { + "type": "library", + "name": "util-base64", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-base64@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A Base64 <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-base64@3.0.0#packages/util-base64", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-base64", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-base64", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b1be887942db74083b1f6a3899382a49c60b4f1d738ac2633e672e30683e3752810c03ea8fc716bdf1a13fed985d9c115915730e881479c5b71a3212edce741" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-base64" + } + ] + }, + { + "type": "library", + "name": "util-body-length-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in browsers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-browser@3.0.0#packages/util-body-length-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71b8c9b3603598b626aa6c9597cd2ea0b4c984071fccc3b23e08f0018bac58a31d2de36dce6333f58c4d977fe344ba31492df092a91fd23c0d76d5d6b7210169" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-browser" + } + ] + }, + { + "type": "library", + "name": "util-body-length-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-node@3.0.0#packages/util-body-length-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3ee96786d49683543fa3f3c2137b2b7f3ab664a61044fd42d420d1381d34e9f1859bc2b2c1e38bea194d422ecf110245f1bcadd9b63ccc3658216ce9e21890" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-node" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-browser", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-browser@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-browser@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc314e3766ef5c902e9097bea8580f57fae8ac6ed90f79b88230971c3d55e73fed80a429e4c09308b9edaddebcead5fab63f14962de579f59726e74d8395a608" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-browser" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-node", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-node@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-node@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f46fc1895de713d346daa124372227aede4de667b198f30d739a0f29768818ac6bd625e2dc21c96a93681b906e0ad03681196aceeafeabdb48b02057c362b98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-node" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@smithy", + "version": "2.0.1", + "bom-ref": "@smithy/util-endpoints@2.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-endpoints@2.0.1#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6514f45423a72a556885fa0004c73c956790a3f24416e3d672d7cd4578131dbc8e56cb0c38b60550d5ae931c621d119502157e9f773490f5becd4a9c92354f10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-middleware", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-middleware@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-middleware@3.0.0#packages/util-middleware", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-middleware", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-middleware", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab921374e9d5da95c74950e7296af08123530c100c1cba6d144d3bb9aff94f2e56275d5bbebd2f9366bb6a0bbba9186b085450967a39bb70a7794e4410b2be0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-middleware" + } + ] + }, + { + "type": "library", + "name": "util-retry", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-retry@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared retry utilities to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-retry@3.0.0#packages/util-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9caf7d6ef262ce21affd438a2650ef145e39174d1680f2ca5481947c02be98387354dda16ff4b7dee5b64e5860e4f541a2a63bb4356a2f4ce6bb83b1007828f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-retry" + } + ] + }, + { + "type": "library", + "name": "util-utf8", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-utf8@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-utf8@3.0.0#packages/util-utf8", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-utf8", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-utf8", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad4793d766f1167a656037bcd791976eafe88b11061df44516d71317761d0e2fc968434833a6926182c9c9d1bcdd43732d77912392bc69b61dffc4a9fd033490" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-utf8" + } + ] + }, + { + "type": "library", + "name": "signature-v4", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/signature-v4@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A standalone implementation of the AWS Signature V4 request signing algorithm", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/signature-v4@3.0.0#packages/signature-v4", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/signature-v4", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/signature-v4", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91714e90d5fe0501dedaa9cbc693046824466a9f49ead5062f373703d8dd9fe9c3e0974cc0229327ecc5c10db41a463e9805c66adc93c371dca14951dfd1f098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/signature-v4" + } + ] + }, + { + "type": "library", + "name": "is-array-buffer", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/is-array-buffer@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a function for detecting if an argument is an ArrayBuffer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/is-array-buffer@3.0.0#packages/is-array-buffer", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/is-array-buffer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/is-array-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f85b2ee90e82e114898b2f3563c780a63101e6056d33ea052937df83e8d2bb0b6fa26249ae150906edb34bcc235d2807fe0d4c2845abcf20a14c17ba7256f915" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/is-array-buffer" + } + ] + }, + { + "type": "library", + "name": "util-hex-encoding", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-hex-encoding@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Converts binary buffers to and from lowercase hexadecimal encoding", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-hex-encoding@3.0.0#packages/util-hex-encoding", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-hex-encoding", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-hex-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7859dd8755842b960c518bf2de53e5566618fdf65c404d43f2849fe3521ddaf09e2242895cf7180c2643fb8fb156223a6f55d277bb44face40997cf3e6295a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-hex-encoding" + } + ] + }, + { + "type": "library", + "name": "util-uri-escape", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-uri-escape@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-uri-escape@3.0.0#packages/util-uri-escape", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-uri-escape", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-uri-escape", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ea47ba982e06530fb9d62c179c522e1aaa8970f0c8736bd02ba4d110f3cd4c249214dac13988708ae93772aaacdc0cbcb438f7b5d086384fc72d55db729ee6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-uri-escape" + } + ] + }, + { + "type": "library", + "name": "strnum", + "version": "1.0.5", + "bom-ref": "strnum@1.0.5", + "author": "Amit Gupta", + "description": "Parse String to Number based on configuration", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strnum@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/strnum.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27c6db37228a5e5e6a61c477e9320ef16de6546547ae69b1b1de4f008b46926cb3c09bf26e2c36215ab99ea7748b82d2352901fecc7d5479656df15dafd93524" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strnum" + } + ] + }, + { + "type": "library", + "name": "property-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/property-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/property-provider@3.1.0#packages/property-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/property-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/property-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3dfea1586a75981e9a30a25a31650037e1bcb1780bfb8a0ee2a8effb6512c450f7edde982ade476c67763f7bd104914ac882114f21656dfff0942efa7e70e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/property-provider" + } + ] + }, + { + "type": "library", + "name": "util-stream", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/util-stream@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-stream@3.0.1#packages/util-stream", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5ed534d840b1f31103c23df3a61d398e5f134fd3d7f663145e8e2ecaa4bd054d3f7bd9feccd80df182ca985bee2a00d3daf7d8aff4a9b4857cd154ebc692cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-stream" + } + ] + }, + { + "type": "library", + "name": "credential-provider-imds", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/credential-provider-imds@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/credential-provider-imds@3.1.0#packages/credential-provider-imds", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/credential-provider-imds", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/credential-provider-imds", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab8038777f2ff296189ac7aefe34d2dd9e48df35e510e7b939b8be109ade54a8125725941ce77bff26950a29c2eb4406e0c4720acf7cb5cc411f520c0b46eeed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/credential-provider-imds" + } + ] + }, + { + "type": "library", + "name": "shared-ini-file-loader", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/shared-ini-file-loader@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/shared-ini-file-loader@3.1.0#packages/shared-ini-file-loader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/shared-ini-file-loader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/shared-ini-file-loader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74033bc125f4351dea4cdc8654dfe7c30a440f37d5f53ff700dd9e0011315a675ae55a99292b2394836aa263b98634161aff88224a177ecdeedaf192373f3e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/shared-ini-file-loader" + } + ] + }, + { + "type": "library", + "name": "util-config-provider", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-config-provider@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities package for configuration providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-config-provider@3.0.0#packages/util-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5b8e4e2cd1fc2adc38bf00d2feac2bc930a3396f3010744e52ffa44be4d5e0304c45022e9481030f3a6e723da2163e9afe10e5ca5d1a27277168c4a7f898225" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-config-provider" + } + ] + }, + { + "type": "library", + "name": "bowser", + "version": "2.11.0", + "bom-ref": "bowser@2.11.0", + "author": "Dustin Diaz", + "description": "Lightweight browser detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bowser@2.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/lancedikson/bowser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lancedikson/bowser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lancedikson/bowser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02571a2418bfa6aa8904843c53d31ca5cf62f00ab19fcf1292fe5dfb1057d34e81639bbc3779862c76b92e0a696bb2ff1dfc20c0b819e8d62cf8083ab9498944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bowser" + } + ] + }, + { + "type": "library", + "name": "querystring-builder", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-builder@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-builder@3.0.0#packages/querystring-builder", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d6f058b4373c9f904d13990a610d7af50260436cad35700e02d59ee0830300539443cf9000bff2a6a11c334004b49315cd7ff0f600b4c48302b45367382ed46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-builder" + } + ] + }, + { + "type": "library", + "name": "util-buffer-from", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-buffer-from@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-buffer-from@3.0.0#packages/util-buffer-from", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-buffer-from", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-buffer-from", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6843870a0ab945615b3fe5033ef3e8b76e842478ce0be6d182c7b903c5771524a1a9de44e54378a9cef3930b2f24f3c056c7fbdd0c18707375fe0b7faed2f040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-buffer-from" + } + ] + }, + { + "type": "library", + "name": "service-error-classification", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/service-error-classification@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/service-error-classification@3.0.0#packages/service-error-classification", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/service-error-classification", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/service-error-classification", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc1b01b4e52dd86b277375f6ddec3eaf633bd56c2da477c40c684760748383aab5b7c16b5a1d798d3db90cb6a3155d47f8fa71009ea0a9ef7261e454b2649d14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/service-error-classification" + } + ] + }, + { + "type": "library", + "name": "uuid", + "version": "9.0.1", + "bom-ref": "uuid@9.0.1", + "description": "RFC4122 (v1, v4, and v5) UUIDs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/uuid@9.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/uuidjs/uuid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/uuidjs/uuid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/uuidjs/uuid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fed5e24e96c47d2bc1c9a68c3d3a4ddf896396488708cd7a1dbefd2b42356839536958ca717f5c19369b78cbd875d2874236baa7629d4e073464b5c9017b7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uuid" + } + ] + }, + { + "type": "library", + "name": "querystring-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-parser@3.0.0#packages/querystring-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5331f0b6193450471c578747ccfc929c1cb7e005b0dd5f6522a513c66a3343ec0f0c03bd72c09631f38b7bb57d0366a0358cbbc44f8f6f44ba2bf276dc94b37d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-parser" + } + ] + }, + { + "type": "library", + "name": "client-securityhub", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-securityhub@3.590.0#clients/client-securityhub", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-securityhub", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-securityhub", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-securityhub/-/client-securityhub-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cc0da783606c03b91489ecb6ea697c41b66088bb51a013b0e30dcec6364162dfcd31500d89bb9108bf63959a057c2f7b3f54f245c9baebdde57ee35adba1f92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub" + } + ] + }, + { + "type": "library", + "name": "xlsx", + "group": "@e965", + "version": "0.20.1", + "bom-ref": "@e965/xlsx@0.20.1", + "author": "sheetjs", + "description": "SheetJS Spreadsheet data parser and writer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40e965/xlsx@0.20.1", + "externalReferences": [ + { + "url": "git+https://github.com/e965/sheetjs-npm-publisher.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://git.sheetjs.com/SheetJS/sheetjs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd1bfc34b0751fa6aa43266ddff80b8ddd31919b07fbf588462e181c0c359281123533cf9b35c96cfa8ed8730dec3641d6f9c5d5448ac50f59bd2d12f4baa66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@e965/xlsx" + } + ] + }, + { + "type": "library", + "name": "emass_client", + "group": "@mitre", + "version": "3.10.0", + "bom-ref": "@mitre/emass_client@3.10.0", + "author": "OpenAPI-Generator Contributors", + "description": "OpenAPI client for @mitre/emass_client", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/emass_client@3.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/emass_client.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/emass_client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/emass_client/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/emass_client/-/emass_client-3.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e10952e45a11106c15df5d35d150ad7a8e7d7a76cf08d11405e99a1331c422a5284f08bf4b64a4f7c4d429d31838c0a53f826d363e984cfaad76ae2fe821e705" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client" + } + ] + }, + { + "type": "library", + "name": "follow-redirects", + "version": "1.15.6", + "bom-ref": "follow-redirects@1.15.6", + "author": "Ruben Verborgh", + "description": "HTTP and HTTPS modules that follow redirects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/follow-redirects@1.15.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/follow-redirects/follow-redirects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1637ad9821311a3a948ae7ce0465725a7c7d401a93bc45580495f92e5db4ceacf5f87c87cec84a56fc2b2235df09758ac0a0ebda7d14ce127bec3befaa0aa14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/follow-redirects" + } + ] + }, + { + "type": "library", + "name": "hdf-converters", + "group": "@mitre", + "version": "2.10.8", + "bom-ref": "@mitre/hdf-converters@2.10.8", + "description": "Converter util library used to transform various scan results into HDF format", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/hdf-converters@2.10.8", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/hdf-converters" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@mdi", + "version": "7.4.47", + "bom-ref": "@mdi/js@7.4.47", + "author": "Austin Andrews", + "description": "Dist for Material Design Icons for JS/TypeScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mdi/js@7.4.47", + "externalReferences": [ + { + "url": "git+https://github.com/Templarian/MaterialDesign-JS.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mdi/js/-/js-7.4.47.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28f9cd3ad9b98b6a4c69ba99c69533ee241ffa67eb619c8a099f10373f39733804b7b72e1dc1a8ad67ddcd4316600d120fe6ba1e7e05989f98873cf38e44d9ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mdi/js" + } + ] + }, + { + "type": "library", + "name": "jsonix", + "group": "@mitre", + "version": "3.0.7", + "bom-ref": "@mitre/jsonix@3.0.7", + "author": "Alexey Valikov", + "description": "Jsonix (JSON interfaces for XML) is a JavaScript library which allows converting between XML and JSON structures.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "http://github.com/highsource/jsonix/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/%40mitre/jsonix@3.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mitre/jsonix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/mitre/jsonix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/mitre/jsonix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/jsonix/-/jsonix-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f1a0cd2f6bf46f606a68e8bedc77fdfc4b8d914315cc53d83aeb0bc7d318fcacbd2cbcf60f90718062fcfa1e669d8a53887c859271a6e16aff3059b3ee81cb63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/jsonix" + } + ] + }, + { + "type": "library", + "name": "xmldom", + "group": "@xmldom", + "version": "0.8.10", + "bom-ref": "@xmldom/xmldom@0.8.10", + "description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40xmldom/xmldom@0.8.10", + "externalReferences": [ + { + "url": "git://github.com/xmldom/xmldom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xmldom/xmldom", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xmldom/xmldom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9600b7d3978c68d9290609846deab0d315f93d475733981bd4432d7680ad8ab91288a5612171b6f3cbc1195edcff8e446a1d7f1b14473a142d478d7e1351663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@xmldom/xmldom" + } + ] + }, + { + "type": "library", + "name": "amdefine", + "version": "0.0.4", + "bom-ref": "amdefine@0.0.4", + "author": "James Burke", + "description": "Provide AMD's define() API for declaring modules in the AMD format", + "licenses": [ + { + "license": { + "name": "BSD", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/amdefine@0.0.4", + "externalReferences": [ + { + "url": "http://github.com/jrburke/amdefine.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://registry.npmjs.org/amdefine/-/amdefine-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbdb8d95aaa6f246746d80ee845b759aa3682ccd88e00b12781fba75d74d8927e6465251ab7f0852e36d503e3ec4eccea0f96d387cd2be795282c70c7e99c30e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/amdefine" + } + ] + }, + { + "type": "library", + "name": "xmlhttprequest", + "version": "1.8.0", + "bom-ref": "xmlhttprequest@1.8.0", + "author": "Dan DeFelippi", + "description": "XMLHttpRequest for Node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlhttprequest@1.8.0", + "externalReferences": [ + { + "url": "git://github.com/driverdan/node-XMLHttpRequest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/driverdan/node-XMLHttpRequest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/driverdan/node-XMLHttpRequest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlhttprequest/-/xmlhttprequest-1.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c226fd4d2695504b337f0d7598c7ca1b8cb42a9aeb5e3af64d983ff01a3dbbc2a15f5a4065296c9063d50466db2b518954010ff7ecc3b2f66c9183550b3004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlhttprequest" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "group": "@types", + "version": "1.4.5", + "bom-ref": "@types/csv2json@1.4.5", + "description": "TypeScript definitions for csv2json", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/csv2json@1.4.5#types/csv2json", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/csv2json", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/csv2json/-/csv2json-1.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d79d88c649cffcca76149023a6968d23036bdae7d65ed55c6cd814fb651371ac12af61569ea85a4e4dac2153a6967b4503226b19d3400acdc0ccacf9808a4d38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/csv2json" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "group": "@types", + "version": "1.4.4", + "bom-ref": "@types/pumpify@1.4.4", + "description": "TypeScript definitions for pumpify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pumpify@1.4.4#types/pumpify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pumpify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pumpify/-/pumpify-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9c59b41479c0f4e0c41892334184f99c5083f7ebc6a5a189aa9be22674c280f2b329c51340859003ea0223fac0154c5d43962aab4ffa94a7a686362ffd537b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "group": "@types", + "version": "3.6.4", + "bom-ref": "@types/duplexify@3.6.4", + "description": "TypeScript definitions for duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/duplexify@3.6.4#types/duplexify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/duplexify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/duplexify/-/duplexify-3.6.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e6a154fb1df9dcb708be85ba003325cc68ada5a15208591844099ecd644ca7c25d6289e621bf564681d39c1156b0ca1df3852aa6f45f491787dd5e13df5166" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/duplexify" + } + ] + }, + { + "type": "library", + "name": "node", + "group": "@types", + "version": "20.14.1", + "bom-ref": "@types/node@20.14.1", + "description": "TypeScript definitions for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/node@20.14.1#types/node", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/node/-/node-20.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f633348612efb2b01fc59167ea9a15773cbc90968c1da6d9a6803db40ba431b12f059afe528e96756b25da102d12db5fe1e5427d880e96ff9bd2354e65d3438" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/node" + } + ] + }, + { + "type": "library", + "name": "ms", + "group": "@types", + "version": "0.7.34", + "bom-ref": "@types/ms@0.7.34", + "description": "TypeScript definitions for ms", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/ms@0.7.34#types/ms", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/ms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/ms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c6f7a1b75a9e9a73202026a19ab233836fe69cac8eca96d3e2471cc73d79cfdcd808dbc6e940346fe77a256ea1976df7201796a288798edf1a701294b92ddf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "group": "@types", + "version": "4.2.5", + "bom-ref": "@types/mustache@4.2.5", + "description": "TypeScript definitions for mustache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mustache@4.2.5#types/mustache", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mustache", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mustache", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mustache/-/mustache-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3cbc2256f4c1839f6d1852fff15a5c1afa8ebb72f83aebde36f3e2d0461b59c85174454ffbec9151724f165f82029284ab5df4d7bff835feda439953b4750db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "group": "@types", + "version": "5.3.14", + "bom-ref": "@types/papaparse@5.3.14", + "description": "TypeScript definitions for papaparse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/papaparse@5.3.14#types/papaparse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/papaparse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/papaparse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/papaparse/-/papaparse-5.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f127888415ca6a73a3044f0a7d7fa055e9555ce379ba31f1f456a168b07beb5207d78857bac30ed1de2b64390f9308ae98f88bfff919e7bed4599e473929cf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "group": "@types", + "version": "0.3.12", + "bom-ref": "@types/revalidator@0.3.12", + "description": "TypeScript definitions for revalidator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/revalidator@0.3.12#types/revalidator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/revalidator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/revalidator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/revalidator/-/revalidator-0.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ec0368c77f3ef725a211395a0c0ddff1ee75565c19847434a85c1e324250f3bff342064158d9f30793213a0c6aefa282c30057b9408ea5f56ab44e0768a4cb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/revalidator" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/triple-beam@1.3.5", + "description": "TypeScript definitions for triple-beam", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/triple-beam@1.3.5#types/triple-beam", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/triple-beam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/triple-beam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e966987ac4e144c0a5d7d8abc8c60feffc76395802b5b2157e50c61695a76fd8ab5c8dd48d8138033998ba250a635009b2d1a28e863e32052cccc811c4861363" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/triple-beam" + } + ] + }, + { + "type": "library", + "name": "validator", + "group": "@types", + "version": "13.12.0", + "bom-ref": "@types/validator@13.12.0", + "description": "TypeScript definitions for validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/validator@13.12.0#types/validator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/validator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/validator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c7e392e4ee83c8275455385e8980523a0f2d10a47133ab841e71986f82ec583c3c13f1cf77a6b08ca80b6222db66dfdbe867e0c347eaa436732926630146a6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/validator" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "group": "@types", + "version": "0.4.14", + "bom-ref": "@types/xml2js@0.4.14", + "description": "TypeScript definitions for xml2js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/xml2js@0.4.14#types/xml2js", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/xml2js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/xml2js/-/xml2js-0.4.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e189eb45e9814a15913b6423bd48a7f04480e35ac7fbd9d018b506655ff5203862dd22fd3a1769342fccaee9535aea6d5cac21c7f683c44eeda15d1fff2a485d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/xml2js" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "1.7.2", + "bom-ref": "axios@1.7.2", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@1.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-1.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80f1084e32b6e89a50ee88b78af5789b201cee1de45caaa34e1e9d02ca9e44a09d4814387e5d91f703a0645edbf42b880518223463804cec1d703848b446683" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "compare-versions", + "version": "6.1.0", + "bom-ref": "compare-versions@6.1.0", + "author": "Ole Michelsen", + "description": "Compare semver version strings to find greater, equal or lesser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/compare-versions@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/omichelsen/compare-versions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd6505e1a94bea513a2da59d34a8b49a89fcb76f85450f9f3c691afc30a170e02314afdf32b73096e700c7e6ac7f0c46399020d771b711b82a8bd2ccc47f6b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/compare-versions" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "version": "2.0.2", + "bom-ref": "csv2json@2.0.2", + "author": "Julien Fontanet", + "description": "Stream and CLI to convert CSV to JSON", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/csv2json@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/julien-f/csv2json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/julien-f/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/julien-f/csv2json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv2json/-/csv2json-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61567bd8e7a14acf7e8f694c135d28b2624d1de23475c1e55fea8dabcc5c4744fe46df1668e09c84a884545dc6b0ae0e7f7cff2c4eb8c746dad5ca542e601c97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv2json" + } + ] + }, + { + "type": "library", + "name": "csv-parser", + "version": "2.3.5", + "bom-ref": "csv-parser@2.3.5", + "author": "mafintosh", + "description": "Streaming CSV parser that aims for maximum speed as well as compatibility with the csv-spectrum test suite", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parser@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/csv-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parser/-/csv-parser-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c21e8942e0094dc0bfb912e0f92c7d9554d2a90fc422c595b6cf32b55e6ad56146ac945638739068a0444738222e6c6f62bff0c0c858ece31d07bd6359bb25a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parser" + } + ] + }, + { + "type": "library", + "name": "minimist", + "version": "1.2.8", + "bom-ref": "minimist@1.2.8", + "author": "James Halliday", + "description": "parse argument options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "externalReferences": [ + { + "url": "git://github.com/minimistjs/minimist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/minimistjs/minimist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/minimistjs/minimist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimist" + } + ] + }, + { + "type": "library", + "name": "through2", + "version": "3.0.2", + "bom-ref": "through2@3.0.2", + "author": "Rod Vagg", + "description": "A tiny wrapper around Node.js streams.Transform (Streams2/3) to avoid explicit subclassing noise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through2@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/rvagg/through2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/rvagg/through2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/rvagg/through2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through2/-/through2-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a7683438314c8fd96e99c93e84b0ccea04f65a33f6af83c8aea3e976777402b3427ee916aa90757fdbf94ec034ee7811de27fd8b1bd96b2d6ddde6b58fb9cb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through2" + } + ] + }, + { + "type": "library", + "name": "exec-promise", + "version": "0.7.0", + "bom-ref": "exec-promise@0.7.0", + "author": "Julien Fontanet", + "description": "Testable CLIs with promises", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/exec-promise@0.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/exec-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exec-promise/-/exec-promise-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6b817e065a23cdb0f42b28227c5f754e6ec89d6afe89ad61853209a95362bd4d202ee90f3d27ec98ea4a7fa2d85845727852199e3bc8c18f8e99411af9e1780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exec-promise" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "1.0.2", + "bom-ref": "log-symbols@1.0.2", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: ✔︎ success", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a63eb5b4161d9fc4ecdd05b16fe20d66ea947bda16852cf2761b94891042dfd72fa2690ac31ba71608f8f2e7844761b640b7b5fe96cebdd0ac3ad807565c1cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols" + } + ] + }, + { + "type": "library", + "name": "has-ansi", + "version": "2.0.0", + "bom-ref": "has-ansi@2.0.0", + "author": "Sindre Sorhus", + "description": "Check if a string has ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-ansi@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0bcbc127c0f0502c75f6f866eeeae14ee52caf8fc8c8fea5e15ccd403bfeaf21d039b5b74d34e9f7207af16a588117b66db686b99fec7bbe08a857959cc9cb66" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi" + } + ] + }, + { + "type": "library", + "name": "promise-toolbox", + "version": "0.14.0", + "bom-ref": "promise-toolbox@0.14.0", + "author": "Julien Fontanet", + "description": "Essential utils for promises", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-toolbox@0.14.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/promise-toolbox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/promise-toolbox/-/promise-toolbox-0.14.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "555e655cae255da3c1f6804ee74a297b5a9dd0028df0dde72b5e2362f57dfea1667d95b63f1fdb2633d90678868d770825fe89e58fdca0d809b4f1c3ca2515fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/promise-toolbox" + } + ] + }, + { + "type": "library", + "name": "make-error", + "version": "1.3.6", + "bom-ref": "make-error@1.3.6", + "author": "Julien Fontanet", + "description": "Make your own error types!", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-error@1.3.6", + "externalReferences": [ + { + "url": "git://github.com/JsCommunity/make-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/make-error", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/make-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b3c52194d7bbbcf2a8990842d6a15e94ca24aff49cdc080d6eca379fbe2654f0392d3670901f4d9577f85cf6a62f1244f21d2087bdeb33de31bf0453d825489f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-error" + } + ] + }, + { + "type": "library", + "name": "pump", + "version": "3.0.0", + "bom-ref": "pump@3.0.0", + "author": "Mathias Buus Madsen", + "description": "pipe streams together and close all of them if one of them closes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pump@3.0.0", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pump.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pump#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pump/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f0672fa9dd216cd4fcad77f8d872de30a6fe3d1e2602a9df5195ce5955d93457ef18cefea34790659374d198f2f57edebd4f13f420c64627e58f154d81161c3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pump" + } + ] + }, + { + "type": "library", + "name": "end-of-stream", + "version": "1.4.4", + "bom-ref": "end-of-stream@1.4.4", + "author": "Mathias Buus", + "description": "Call a callback when a readable/writable/duplex stream has completed or failed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/end-of-stream@1.4.4", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/end-of-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faec358a720754f428695b87cd1c97776d6270cf9c9ede02cc3e6b5be342d708ce5124ceb3e4deec53afec084deef4bdc7fa08ca12cfe4f4751fea614001eee5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/end-of-stream" + } + ] + }, + { + "type": "library", + "name": "once", + "version": "1.4.0", + "bom-ref": "once@1.4.0", + "author": "Isaac Z. Schlueter", + "description": "Run a function exactly one time", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/once@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/once.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/once#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/once/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94d689808fb643951140191c7042874d038f697754c67659125413658d0c15402e684a9ed44f8dcaf81dcff688c8d8ba67d3333b976fd47f27e7cfc610ba77fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/once" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "version": "2.0.1", + "bom-ref": "pumpify@2.0.1", + "author": "Mathias Buus", + "description": "Combine an array of streams into a single duplex stream using pump and duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pumpify@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pumpify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pumpify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pumpify/-/pumpify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9bb28e8deee3671ae6bad6a79644b575a8f5752eb3e8182c97339799c484a48942c4cdd5247ee51b940b79c93fea1805e85e1cac57f4d54b5098db097f079303" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "version": "4.1.3", + "bom-ref": "duplexify@4.1.3", + "author": "Mathias Buus", + "description": "Turn a writable and readable stream into a streams2 duplex stream with support for async initialization and streams1/streams2 input", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/duplexify@4.1.3", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/duplexify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/duplexify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "337066061c09459b12c77f25672844e770ac75d83397947bc4624d93b09575d643e82726c0c087f09fbb029ac8ad0287ed3a272b16828dcbf6ed099ffac43ea0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/duplexify" + } + ] + }, + { + "type": "library", + "name": "inherits", + "version": "2.0.4", + "bom-ref": "inherits@2.0.4", + "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/inherits.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inherits#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inherits/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inherits" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "3.6.2", + "bom-ref": "readable-stream@3.6.2", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@3.6.2", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6efec9e20ab6370f959db04447cc71381b66025eaa06e454c7522082e1221bafa5dc2d9058d39c9af442a361e93d3b9c4e0308c6abed497460404bb43d49ca0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "stream-shift", + "version": "1.0.3", + "bom-ref": "stream-shift@1.0.3", + "author": "Mathias Buus", + "description": "Returns the next buffer/object in a stream's readable queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-shift@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/stream-shift.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efa3914740ced68d6194ac136e2fc33371175867f764960ef1c5d7e512709ee9760c4836a32a19ca32cda1033c5acbd988528245f0b53b427b882be27b745999" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-shift" + } + ] + }, + { + "type": "library", + "name": "strip-bom-stream", + "version": "4.0.0", + "bom-ref": "strip-bom-stream@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-stream@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-stream/-/strip-bom-stream-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d00a4ade20241efe966e02c80b0fc9e278701de0d9b01c4822c383fa01e064808be92789d12f5ffd666a7a691af5c8e44f230de6078877a7bc5395861409f771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-stream" + } + ] + }, + { + "type": "library", + "name": "first-chunk-stream", + "version": "3.0.0", + "bom-ref": "first-chunk-stream@3.0.0", + "author": "Sindre Sorhus", + "description": "Transform the first chunk in a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/first-chunk-stream@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/first-chunk-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd46f47886bfd2f1c5d7908639a538153fb2f7b6ae8b95859c83d9d606e5bba3534cc4a668ea83956bfe8621e90c188d08c3bb82f875a298c7bdbbf54078aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/first-chunk-stream" + } + ] + }, + { + "type": "library", + "name": "strip-bom-buf", + "version": "2.0.0", + "bom-ref": "strip-bom-buf@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-buf@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-buf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-buf/-/strip-bom-buf-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80b14d1ee71dea0cdbf2332c9794266774209d4266a7baa7e2e5121cdc045ee980a7b622ce8198c35f595157eeab868139052dca7da4f17fc2c33581ef75b695" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-buf" + } + ] + }, + { + "type": "library", + "name": "is-utf8", + "version": "0.2.1", + "bom-ref": "is-utf8@0.2.1", + "author": "wayfind", + "description": "Detect if a buffer is utf8 encoded.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-utf8@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/wayfind/is-utf8.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wayfind/is-utf8#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wayfind/is-utf8/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "acc60f62f0b3b17cb022c95d80b692a0f970e4f7e807fb2cafb858e292df72876b03933f780af36b56bd5664e234804d323386af53b0f664f2536a3af54e94f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-utf8" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.4.0", + "bom-ref": "fast-xml-parser@4.4.0", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90b6378c5970218c01343a237252ac3400b5dac7c3e8dc16ef8401d82a0d18fbed5718e58987a156e9c1dc7632362fa7e13b75740720c18be6285fd9d7c7e5aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "html-entities", + "version": "2.5.2", + "bom-ref": "html-entities@2.5.2", + "author": "Marat Dulin", + "description": "Fastest HTML entities encode/decode library.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-entities@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mdevils/html-entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mdevils/html-entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdevils/html-entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-entities/-/html-entities-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bffcf491310938159efc2b26aefa666eac79f7147d15c2bf87dfa784d2b3db798911462f58c5c7983e1b8deb45305a8af1c8a1e1aa800997638529ae0156d68" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-entities" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "9.1.0", + "bom-ref": "htmlparser2@9.1.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@9.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e737e0ea61d4a1a7abffded3c671a9c666d1ef326d3f021814c67f1f9b9c4e53d984abedba6d39ca23cadcc81a8b76b40f2571bfba98aa8c1e6847769eb610cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "inspecjs", + "version": "2.10.8", + "bom-ref": "inspecjs@2.10.8", + "description": "Schema definitions, classes on top, and utilities to deal with HDF files", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/inspecjs@2.10.8", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inspecjs/-/inspecjs-2.10.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7254873aba523f31f309f195a81cf5f5fa6162c37032af4b2383ed3d690a45521ee79e1bb2a255b7f49f665859d4be7919ac4ff7e3e49d8b026984338d276109" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inspecjs" + } + ] + }, + { + "type": "library", + "name": "lodash", + "version": "4.17.21", + "bom-ref": "lodash@4.17.21", + "author": "John-David Dalton", + "description": "Lodash modular utilities.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash@4.17.21", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf690311ee7b95e713ba568322e3533f2dd1cb880b189e99d4edef13592b81764daec43e2c54c61d5c558dc5cfb35ecb85b65519e74026ff17675b6f8f916f4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash" + } + ] + }, + { + "type": "library", + "name": "moment", + "version": "2.30.1", + "bom-ref": "moment@2.30.1", + "author": "Iskren Ivov Chernev", + "description": "Parse, validate, manipulate, and display dates", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/moment@2.30.1", + "externalReferences": [ + { + "url": "git+https://github.com/moment/moment.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://momentjs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moment/moment/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b849ad3616c33ab58f152fa176314205fcbd7f6628cb3469c1c97e0eaa42ead697db5173b132d055b315fd6ecfccd497eb1fdb842d73037736510e4dcc7ea1a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/moment" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "version": "4.2.0", + "bom-ref": "mustache@4.2.0", + "author": "mustache.js Authors", + "description": "Logic-less {{mustache}} templates with JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mustache@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/janl/mustache.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/janl/mustache.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/janl/mustache.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef58a9a52cb0ab961beffb5563219b9018206d4f07deee51cf9e9f1fad2318582bf2e1f0c6cf9a48a7aa9a5b885733349b4901ef1423292eaa3df7746f6668a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "version": "5.4.1", + "bom-ref": "papaparse@5.4.1", + "author": "Matthew Holt", + "description": "Fast and powerful CSV parser for the browser that supports web workers and streaming large files. Converts CSV to JSON and JSON to CSV.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/papaparse@5.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/mholt/PapaParse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://papaparse.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mholt/PapaParse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/papaparse/-/papaparse-5.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e2a4cb2026466ef1baf6de95b5e6ebe8eac89beb09deff8c282d93e515fdeba43c8c7bdcb011752cb83efee8af4f464265553e758ffb023980ca1864b7649af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "version": "0.3.1", + "bom-ref": "revalidator@0.3.1", + "author": "Charlie Robbins", + "description": "A cross-browser / node.js validator powered by JSON Schema", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/revalidator@0.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/flatiron/revalidator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flatiron/revalidator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flatiron/revalidator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/revalidator/-/revalidator-0.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2babe370f95e690e9430184b8dda7d40809fb403c5aa8451cab792a09317c0a3050a80ed42595df6211dd3341e20f7f157de026df6a0493bc0d8970a279c1d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/revalidator" + } + ] + }, + { + "type": "library", + "name": "run-script-os", + "version": "1.1.6", + "bom-ref": "run-script-os@1.1.6", + "author": "Charlie Guse", + "description": "run-script-os is a tool that will let you use generic npm script commands that will pass through to os specific commands.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-script-os@1.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/charlesguse/run-script-os.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-script-os/-/run-script-os-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa5e8fd8bce10534c37f32adb3e428e07f785542a9c4a0c5cfa431c7069464dd26c2f8bb2f7969388ec1a8f0aaee58038775cb974769797c1f715222b65ad8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-script-os" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d0080560b1f6a7118681dc81c27482f53b48dd65614d995ee49f974e1b482e4ea6f0c71722428dd347a263d7c6342508153aed85bae0fcd8eff548107ec5db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.4.3", + "bom-ref": "tailwindcss@3.4.3", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bb31424fe7dfdec19b1e091db271fe248e3afe46f882377f59292e963641e52fe4370f75c4ec60b96eb197ead4db611d2d5cd5c668c859a691ec75af391ed0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "group": "@alloc", + "version": "5.2.0", + "bom-ref": "@alloc/quick-lru@5.2.0", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40alloc/quick-lru@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52b700041fb86d4ac5001c1b96e4c8044ad7c2f6ec53f57b4d959f99b8097db930881bb3892f60c5d383532ba279c7dd190f398e094c5ba8ee4b7fb3e53b0a2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@alloc/quick-lru" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "5.0.2", + "bom-ref": "arg@5.0.2", + "author": "Josh Junon", + "description": "Unopinionated, no-frills CLI argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@5.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d88f214e2ca43dcb9ec9bd0e902e8f1d02036ab3087c33544c25875076e4fac5b59280adfa3ff67fbfea7cf3ca4cebd8cc31f4bc5ddf05e88d6443f23d1d41a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "chokidar", + "version": "3.5.3", + "bom-ref": "chokidar@3.5.3", + "author": "Paul Miller", + "description": "Minimal and efficient cross-platform file watching library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/paulmillr/chokidar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/chokidar", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/chokidar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar" + } + ] + }, + { + "type": "library", + "name": "didyoumean", + "version": "1.2.2", + "bom-ref": "didyoumean@1.2.2", + "author": "Dave Porter", + "description": "Match human-quality input to potential matches by edit distance.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/didyoumean@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/dcporter/didyoumean.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "831b727ea320ec62b285099bd39e8aeccdf1b33cbf9b21fcc3e078453f905c142cbc039d7375f29aa0c33c7c750603e0b1d000e522227e89daf3d62d4404c3cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/didyoumean" + } + ] + }, + { + "type": "library", + "name": "dlv", + "version": "1.1.3", + "bom-ref": "dlv@1.1.3", + "author": "Jason Miller", + "description": "Safely get a dot-notated property within an object.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dlv@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/developit/dlv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/developit/dlv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/developit/dlv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87972b728e53ca9c81bc5ee446f16be604ff31b3c3fbd72f9228a4ba6575a81202ee78fc6d0e8504887ed691d78f5ab439241a44e9aa15a9f65f2544248d7c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dlv" + } + ] + }, + { + "type": "library", + "name": "fast-glob", + "version": "3.3.2", + "bom-ref": "fast-glob@3.3.2", + "author": "Denis Malinochkin", + "description": "It's a very fast and efficient glob library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-glob@3.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/mrmlnc/fast-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a17dabb80150c1ffceae3f26ef7ed8e5a7710d03b42c007bfd2e4c9f109d4cd0dde29e81b32215b2ff4942c0136d34aaf0a1d1a4bc081db56550d6adc5dfb53b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob" + } + ] + }, + { + "type": "library", + "name": "fs.stat", + "group": "@nodelib", + "version": "2.0.5", + "bom-ref": "@nodelib/fs.stat@2.0.5", + "description": "Get the status of a file with some features", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.stat@2.0.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "46484f3e9db3aea0c0400ff68cd867ced70f025bfae17761229edaef8e78039a2f23b06e93182decc5fbb9dc00bb7ce0d437293d4d2bcf7555d5279aaaf638f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.stat" + } + ] + }, + { + "type": "library", + "name": "fs.walk", + "group": "@nodelib", + "version": "1.2.8", + "bom-ref": "@nodelib/fs.walk@1.2.8", + "description": "A library for efficiently walking a directory recursively", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.walk@1.2.8#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0607e53196059c810920c28f067041b07a6a1316ddc520ef5a6da6c199a1b05c8a01299f864f2d293f5f396de1a0ecb96287f3521d25765c0b35967ce7a1c4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.walk" + } + ] + }, + { + "type": "library", + "name": "is-glob", + "version": "4.0.3", + "bom-ref": "is-glob@4.0.3", + "author": "Jon Schlinkert", + "description": "Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/is-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/is-glob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/is-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-glob" + } + ] + }, + { + "type": "library", + "name": "merge2", + "version": "1.4.1", + "bom-ref": "merge2@1.4.1", + "description": "Merge multiple streams into one stream in sequence or parallel.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge2@1.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/teambition/merge2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/teambition/merge2", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/teambition/merge2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2aed51203095b827cb5c7d53f2f20d3d35c43065d6f0144aa17bf5999282338e7ff74c60f0b4e098b571b10373bcb4fce97330820e0bfe3f63f9cb4d1924e3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge2" + } + ] + }, + { + "type": "library", + "name": "micromatch", + "version": "4.0.5", + "bom-ref": "micromatch@4.0.5", + "author": "Jon Schlinkert", + "description": "Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/micromatch@4.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/micromatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/micromatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/micromatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0cccbe1117045b6abc6763e8f96357bb0ddce586944858c03b91ac26a7c497b523bed22e14a3ba66b2af708b5dcbdf1dc05236375b60df334874a6904fe68d74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/micromatch" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "6.0.2", + "bom-ref": "glob-parent@6.0.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@6.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f1c08f043a1550816a7a8832feddbd2bf3a7f877a017eb3494e791df078c9d084b972d773915c61e3aefa79c67ed4b84c48eeff5d6bb782893d33206df9afe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "jiti", + "version": "1.21.0", + "bom-ref": "jiti@1.21.0", + "description": "Runtime typescript and ESM support for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jiti@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/unjs/jiti.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/unjs/jiti#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/unjs/jiti/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "805a8021bb8acb2b28ff71b6aa188ed8e33ab2163a10f3ff474fa69036f2b29c4a6b387c0570c2e45885b148e573381d373fef7eb6b475adb2f9a1ebbac2c6fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jiti" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "2.1.0", + "bom-ref": "lilconfig@2.1.0", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad58eb7f187cee5319cb2b107a764f3546839ea0d78781bad78ae1a4e32c85e6a951cfe888556bb9e84d9fa861c5ad7cf440d5212c1ffc9caaaf447eba24a19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "braces", + "version": "3.0.2", + "bom-ref": "braces@3.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/braces@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/braces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/braces", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/braces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/braces" + } + ] + }, + { + "type": "library", + "name": "picomatch", + "version": "2.3.1", + "bom-ref": "picomatch@2.3.1", + "author": "Jon Schlinkert", + "description": "Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/picomatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/picomatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/picomatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picomatch" + } + ] + }, + { + "type": "library", + "name": "normalize-path", + "version": "3.0.0", + "bom-ref": "normalize-path@3.0.0", + "author": "Jon Schlinkert", + "description": "Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/normalize-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-path" + } + ] + }, + { + "type": "library", + "name": "object-hash", + "version": "3.0.0", + "bom-ref": "object-hash@3.0.0", + "author": "Scott Puleo", + "description": "Generate hashes from javascript objects in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-hash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/puleos/object-hash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/puleos/object-hash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/puleos/object-hash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4529fd17af0f8c7f47aad96db129ea602d575e859ef418eee7edb5dd1f7c70d1adb5a83dabdc80393cdd6ecaaf21aeda366e567df059169598af6696ae495603" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-hash" + } + ] + }, + { + "type": "library", + "name": "picocolors", + "version": "1.0.0", + "bom-ref": "picocolors@1.0.0", + "author": "Alexey Raspopov", + "description": "The tiniest and the fastest library for terminal output formatting with ANSI colors", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/picocolors@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexeyraspopov/picocolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5fca0ae84cb947bbaeb38b6e95a130eff324609b415c71e72cb2da3e321b19d03fc3196dac9bc13c0235bb354e5555346de46c5b799e6a06e26bf87c8b6248d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picocolors" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "15.1.0", + "bom-ref": "postcss-import@15.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@15.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "869afe274e41d855585005c778ad58c88dbaec9fdd0c384c53a07a722be6f21498d636099c15f1cca0ca0ecc33266b4b1ebcab8e19c38eaaa9ff8f6df0500b7b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-value-parser", + "version": "4.2.0", + "bom-ref": "postcss-value-parser@4.2.0", + "author": "Bogdan Chadkin", + "description": "Transforms css values and at-rule params into the tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-value-parser@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/postcss-value-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4d342b3abaeadf9156de5c6e12f09153f6dd7d9b8e480a789ff3358b779a0f499e74427c0c7caf87de3bf8d3c7788f0ffb06db6fe5ac52e48887a0b69534779" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-value-parser" + } + ] + }, + { + "type": "library", + "name": "postcss", + "version": "8.4.38", + "bom-ref": "postcss@8.4.38", + "author": "Andrey Sitnik", + "description": "Tool for transforming styles with JS plugins", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss@8.4.38", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://postcss.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a0969764d370527d7907a106b76ffa2e96ba2d024c2b94b0d148e6fd0f46cdf3a15d47213d969a52a77dda1cd3e005ad09282a01f9dac52d9910a1145869ee4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss" + } + ] + }, + { + "type": "library", + "name": "read-cache", + "version": "1.0.0", + "bom-ref": "read-cache@1.0.0", + "author": "Bogdan Chadkin", + "description": "Reads and caches the entire contents of a file until it is modified", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-cache@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/read-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/read-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/read-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b076ffc5b7b2233a09bf8b4c6f3436752eb4403517dec386f6a6b1773963102f12dfbb76d2f055610acad208c2b8951e7a63dc9af804e1a13a43093c429a944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-cache" + } + ] + }, + { + "type": "library", + "name": "pify", + "version": "2.3.0", + "bom-ref": "pify@2.3.0", + "author": "Sindre Sorhus", + "description": "Promisify a callback-style function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9d82c018f9f4e7befee423b69ac5bab058d6f4007881d2a04ef3d3d928f9284e618e81d6eb1c3283fb40765f8b937c9fc54f5474f6bf604ec8d48cd268b6ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pify" + } + ] + }, + { + "type": "library", + "name": "resolve", + "version": "1.22.8", + "bom-ref": "resolve@1.22.8", + "author": "James Halliday", + "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve@1.22.8", + "externalReferences": [ + { + "url": "git://github.com/browserify/resolve.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserify/resolve#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserify/resolve/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a59e3c2c6aa5de8594bbc6575554d31edb90f9a608da25c738cc7f835cce80e741c216ac017e70fb599f98ba9fe45f0f677d8b4b73a4a9c6e98935ebcc88cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve" + } + ] + }, + { + "type": "library", + "name": "postcss-js", + "version": "4.0.1", + "bom-ref": "postcss-js@4.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS for CSS-in-JS and styles in JS objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-js@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7432c5f2910ed7dd6124cb651c53d16bcc6c8b31da33cd8c2df364507754b55115ded813a79a23fbca9b12a60ce7b48b7dcef82926f0fffe1278999ad8b45523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-js" + } + ] + }, + { + "type": "library", + "name": "camelcase-css", + "version": "2.0.1", + "bom-ref": "camelcase-css@2.0.1", + "author": "Steven Vachon", + "description": "Convert a kebab-cased CSS property into a camelCased DOM property.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase-css@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/stevenvachon/camelcase-css.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40e4af7af86c9628e0630471e91bfbcca74c17c95b466c7eb901b1dbebc373e288fde067b32f648ade5a8f6dc0806bb7a5ae2df408306e75d6a92fa2398fb668" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase-css" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "4.0.2", + "bom-ref": "postcss-load-config@4.0.2", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2561c8918bd34c0c5683d4cc05409db1285b2a91c648efeb8b54978dbb48a9cfac436daba849c14a23ae8333d9507e43579d9a2e087eb00fa5a9a2e5556031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "10.9.2", + "bom-ref": "ts-node@10.9.2", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@10.9.2", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://typestrong.org/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f4145a4875c1e09fccdc3d26dfd5d45ebf0b74e3b60c9da889337bb6c3645ec2b07e7e86ffcde3d972b3b24282cc30eeda04875d2dc40810ae5d62390b9c6ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "2.4.3", + "bom-ref": "yaml@2.4.3", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b27b609b18fca3b0c4ee0fd08bad1caa92c10371c6dd24dc0c0d243be59f074e6310a85931b63bba6366dab06942fb26675ebf94f5c22465b6ebbd9d80e524ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.1", + "bom-ref": "postcss-nested@6.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "984a78c4f322e5b49688c6ec8283df70fef896c58b1e441b65cdec63e8d661deb9094c17ad4693a747e63696b4d597044ca94881474537f3294b6c59b6a2fd75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03445526b5fe21491565b5b70a5ae8456bab7ab70586279ebc7077f2caf6fa5f5e50294caa899edcb9849a7865372fb932bd8460de81d8a6b0f7061d77e5478b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-selector-parser" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd36ff25c8cad75d67352706a1be4c36db27b4d3356823540e2a41fd39306458720ebac4e3b48ec7fd7cc05d9b6e381cdd9cc248a5b54f99ede446c5a00cff56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cssesc" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/util-deprecate" + } + ] + }, + { + "type": "library", + "name": "nanoid", + "version": "3.3.7", + "bom-ref": "nanoid@3.3.7", + "author": "Andrey Sitnik", + "description": "A tiny (116 bytes), secure URL-friendly unique string ID generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nanoid@3.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/ai/nanoid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ai/nanoid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ai/nanoid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "792469a6370f21ab5120c0b553a52780ff1715ccfc31058641db75313050ecd6809af5c37ef3716ef595df1db2e8274451c8824ac0c70d065b858681f10128da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nanoid" + } + ] + }, + { + "type": "library", + "name": "source-map-js", + "version": "1.2.0", + "bom-ref": "source-map-js@1.2.0", + "author": "Valentin 7rulnik Semirulnik", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map-js@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/7rulnik/source-map-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad256f25bd20344d71298624686b0b0292c9e57fc4b2be617322196da801e5b9777cf2990277e7172551d30f0742af4233c29b529b4df9207424b54bb541432" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-js" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "847ac88ef66c7ed3acbca4a7d9345897adf3bf1b201342bed2660ca07ea00f8a264792160762b29e2bc141cce8dfec05d5c0a48f3be9b6723d434b0f53aea297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-core-module" + } + ] + }, + { + "type": "library", + "name": "path-parse", + "version": "1.0.7", + "bom-ref": "path-parse@1.0.7", + "author": "Javier Blanco", + "description": "Node.js path.parse() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-parse@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jbgutierrez/path-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c32733d510410f47ecb8f33f7703411dd325dbf29001c865a8fe4e5861d620a58dbfd84b0eb24b09aeaee5387c6bcab54e9f57a31baa00a7c6a1bce2100fcb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-parse" + } + ] + }, + { + "type": "library", + "name": "supports-preserve-symlinks-flag", + "version": "1.0.0", + "bom-ref": "supports-preserve-symlinks-flag@1.0.0", + "author": "Jordan Harband", + "description": "Determine if the current node version supports the `--preserve-symlinks` flag.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/node-supports-preserve-symlinks-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2dd169d74bd7e076480871e3dee911cd935580f3e9ae3dae9c4a3791dd5f0adbbabd041d6b4c4dd1d69ec7bf4cf567201cf2ce95beff0323259febcd4c02dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-preserve-symlinks-flag" + } + ] + }, + { + "type": "library", + "name": "sucrase", + "version": "3.35.0", + "bom-ref": "sucrase@3.35.0", + "author": "Alan Pierce", + "description": "Super-fast alternative to Babel for when you can target modern JS runtimes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sucrase@3.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/alangpierce/sucrase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alangpierce/sucrase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alangpierce/sucrase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f046d50e2bbd88dfe7112c31792c4329ed1dba7b5ad463a51ee7e64925f1303db3dbfb4c6690cca6f5d01ac73e6a31a8f32dae6149a2c5a49151cfd03e843418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase" + } + ] + }, + { + "type": "library", + "name": "gen-mapping", + "group": "@jridgewell", + "version": "0.3.5", + "bom-ref": "@jridgewell/gen-mapping@0.3.5", + "author": "Justin Ridgewell", + "description": "Generate source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/gen-mapping@0.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/gen-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2332fc66810320145613394271184e682ba963237981d20af90e9f6c574f0e0e87a97ea3a6422d9fb0c52295bd2d0cd71ba0dff6c03bf8e2a7ab4aa5cff19a42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/gen-mapping" + } + ] + }, + { + "type": "library", + "name": "set-array", + "group": "@jridgewell", + "version": "1.2.1", + "bom-ref": "@jridgewell/set-array@1.2.1", + "author": "Justin Ridgewell", + "description": "Like a Set, but provides the index of the `key` in the backing array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/set-array@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/set-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/set-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/set-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47c80b45365eca9d37ca6ccfffa2e297fdbcb46786133871d6ada4ef4dca19644023555dbcf217746ef4549736a40330dcd03a24a2f986116ed6c257d0c9e7fc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/set-array" + } + ] + }, + { + "type": "library", + "name": "sourcemap-codec", + "group": "@jridgewell", + "version": "1.4.15", + "bom-ref": "@jridgewell/sourcemap-codec@1.4.15", + "author": "Rich Harris", + "description": "Encode/decode sourcemap mappings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/sourcemap-codec@1.4.15", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/sourcemap-codec.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "785dabc4246e9442971d34620eb0f2e9eacc616a8dc382cf750f14400e21baec5a42c55e44f165da833ca031b130584951665ff4c7292ed25ab030d96ff0697a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/sourcemap-codec" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.25", + "bom-ref": "@jridgewell/trace-mapping@0.3.25", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.25", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bcd93a684c326c6b5ac169b2fcfcf09c60ce8c290b5920f6c2abe3186020380c02196c926177d8a31b74d082644c5fbc2dbe7b0f039bdc06b4a3d080a5ea6261" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cc28352722d7ba6df6f99d6bfb57f71a235ebd38782fc236fb5785a4794bdb410763af9ad62aa1c588a59bfdf70ec01f82cc14fea9b5a3be3f8357046c92922" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8910cf24a50f544343edd1cf3bcae46ce9cfa720f281c0c5b568e9796342832f163f6ad77315cbf13b2445e425e8eac1d86efe509ada82cd6ad7916e75cec6eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cross-spawn" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "377c824bf35e82c381a2473c18074cf147267ec2a2492f1c8a985e0ff9e2bf3afbd341fe9ec30ec498d09efc0e711615b8591d1f4c0652f5b659b5c69ab6466d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jackspeak" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc8dc8da6d76a578e1bd0d0d3e0115d66414df9cfe16340ab3ba224aee5978e009b118abff2763384cf8f18d8df39c109fbc15c5cee726d6dc1dc85c9b16a10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width-cjs" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3128d8cdc58d380d1ec001e9cf4331a5816fc20eb28f2d4d1b7c6d7a8ab3eb8e150a8fd13e09ebd7f186b7e89cde2253cd0f04bb74dd335e126b09d5526184e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf29a6e7ebbeb02b125b20fda8d69e8d5dc316f84229c94a762cd868952e1c0f3744b8dbee74ae1a775d0871afd2193e298ec130096c59e2b851e83a115e9742" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-fullwidth-code-point" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23cf1361959cf578981d1438ff7739ae38df8248e12f25b696e18885e18445b350e8e63bc93c9b6a74a90d765af32ed550ff589837186be7b2ab871aee22ea58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eastasianwidth" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aae2505e54d25062f62c7f52517a3c570b18e2ca1a9e1828e8b3529bce04d4b05c13cb373b4c29762473c91f73fd9649325316bf7eea38e6fda5d26531410a15" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdb07dac22404f5adb8e25436f686a2851cd60bc60b64f0d511c59dc86700f717a36dc5b5d94029e74a2d4b931f880e885d3e5169db6db05402c885e64941212" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb55648dd0f44012cfa1d1ab2547aa6ab1fc54022f40e0c86f087d5e93f94b28ac7fb628420b0928f345a2aa8b425bbe550fed552b21311ea5a0f327f14f9d3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@pkgjs/parseargs" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2aa5a1f957217f170c3510098e3dad9ec48974d6c7b1582790185336b5bb023568e8ebcbb71c3ccdf4fda0bc35252a21945cc9f230a84e06a85ef27e907b7a7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.10.2", + "bom-ref": "path-scurry@1.10.2", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef14dabcdcb94505e7b2300dbd5bcc9048ef9683a29e4023bff67a225773f6fd918a767848129358539545b685f29d2fa479f28d5fd4c0d0dd2ae52fe8ce6a70" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry" + } + ] + }, + { + "type": "library", + "name": "lines-and-columns", + "version": "1.2.4", + "bom-ref": "lines-and-columns@1.2.4", + "author": "Brian Donovan", + "description": "Maps lines and columns to character offsets and back.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lines-and-columns@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/eventualbuddha/lines-and-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef297295eb1943f3d5dbd8e110397751f8e8e995fb802a89af917b3caaea73ddefedfcd2ca6b75069c0453c9c0517b3cab3cefaa16e384ae50660e8cb7f1e406" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lines-and-columns" + } + ] + }, + { + "type": "library", + "name": "mz", + "version": "2.7.0", + "bom-ref": "mz@2.7.0", + "author": "Jonathan Ong", + "description": "modernize node.js to current ECMAScript standards", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mz@2.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/normalize/mz.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/normalize/mz#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/normalize/mz/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfcd4634eee79d830486b1a1f4b7b29a8138f98af45a7e4c70721930ae5c7d00a5f8d0d7d3cb0266051cf7fe8c1e78bd216b852e6d59dc74c25eedb3f5f37ad9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mz" + } + ] + }, + { + "type": "library", + "name": "any-promise", + "version": "1.3.0", + "bom-ref": "any-promise@1.3.0", + "author": "Kevin Beaty", + "description": "Resolve any installed ES6 compatible promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/any-promise@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevinbeaty/any-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/kevinbeaty/any-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevinbeaty/any-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed4be629a95646dd708232f546b1b1a12256ff44191487a0a5e1af646f648e9f2fad1bb9e574c76f09eaab61a95e6f6e2db72e8719b722a5fd381e0c651d5bd8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/any-promise" + } + ] + }, + { + "type": "library", + "name": "object-assign", + "version": "4.1.1", + "bom-ref": "object-assign@4.1.1", + "author": "Sindre Sorhus", + "description": "ES2015 `Object.assign()` ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/object-assign.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-assign" + } + ] + }, + { + "type": "library", + "name": "thenify-all", + "version": "1.6.0", + "bom-ref": "thenify-all@1.6.0", + "author": "Jonathan Ong", + "description": "Promisifies all the selected functions in an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify-all@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify-all.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify-all#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify-all/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44dc501ffa88f3fb77b615c90f072cb543b8cdeaa8eb8f94cbffac355441c785e7d8e5fe399f683fe8899cd16aa6516b6b665455e28249ada85568b74f8b9598" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify-all" + } + ] + }, + { + "type": "library", + "name": "thenify", + "version": "3.3.1", + "bom-ref": "thenify@3.3.1", + "author": "Jonathan Ong", + "description": "Promisify a callback-based function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "455652215e481b5d079377a7a2dae1bf3d13f5e9ba7321c12e41ff60066e2aa77c85190a8527c218870fd8a518d043f19ddcc034198d965cd63f06a4f9b85e4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify" + } + ] + }, + { + "type": "library", + "name": "pirates", + "version": "4.0.6", + "bom-ref": "pirates@4.0.6", + "author": "Ari Porad", + "description": "Properly hijack require, i.e., properly define require hooks and customizations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pirates@4.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/danez/pirates.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/danez/pirates#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/danez/pirates/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1a2ec1fb59e6183e20f6e4b0ee2d1458fe2fba1da3d8afa1b539494ddfda2dce4493c4a9ee6d1f514f14b7fca939d2cd60d894e01705900d0ca9942e7f48766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pirates" + } + ] + }, + { + "type": "library", + "name": "ts-interface-checker", + "version": "0.1.13", + "bom-ref": "ts-interface-checker@0.1.13", + "author": "Dmitry S, Grist Labs", + "description": "Runtime library to validate data against TypeScript interfaces", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ts-interface-checker@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/gristlabs/ts-interface-checker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63f6abbdb9feaebcf72422a5f42e2454d7d37d29b6fe6129e454b3e44b194803463d2950ae9448e4ce0f285fa6267139da338ef743e73d273752bddb4d0c3480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-interface-checker" + } + ] + }, + { + "type": "library", + "name": "tw-elements", + "version": "1.1.0", + "bom-ref": "tw-elements@1.1.0", + "author": "MDBootstrap", + "licenses": [ + { + "license": { + "name": "AGPL" + } + } + ], + "purl": "pkg:npm/tw-elements@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/Tailwind-Elements.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwind-elements.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/Tailwind-Elements/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tw-elements/-/tw-elements-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "214afd616da5f7da13559c6e563420eaba6e0a9a3a559a9b68a19899950d555b2849553f9633e9909018d8f9ff9a8ae55f028f84ff4c4cf3503255a8b2a1cbe3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@popperjs", + "version": "2.11.8", + "bom-ref": "@popperjs/core@2.11.8", + "author": "Federico Zivolo", + "description": "Tooltip and Popover Positioning Engine", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40popperjs/core@2.11.8", + "externalReferences": [ + { + "url": "git+https://github.com/popperjs/popper-core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/popperjs/popper-core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/popperjs/popper-core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f5b2dd1a92c0ab9fdb06661a7c18c63006742c6ef016b19017e38a1734dbcb1c6a8039ca15c668d98a886cb7043b4aa2a76d1e3b6a474d8beba57960fcfa0e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@popperjs/core" + } + ] + }, + { + "type": "library", + "name": "chart.js", + "version": "3.9.1", + "bom-ref": "chart.js@3.9.1", + "description": "Simple HTML5 charts using the canvas element.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chart.js@3.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/Chart.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.chartjs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/Chart.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chart.js/-/chart.js-3.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "468d896cb9af83cde05c5e45e2c9e2690fa54db4afd7c13e4c87f670e7a21f522a7763c614eb5e9be0d4b9f319b02270144ef2c0f3a97d7141c114c6abb761eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chart.js" + } + ] + }, + { + "type": "library", + "name": "chartjs-plugin-datalabels", + "version": "2.2.0", + "bom-ref": "chartjs-plugin-datalabels@2.2.0", + "description": "Chart.js plugin to display labels on data elements", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chartjs-plugin-datalabels@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/chartjs-plugin-datalabels.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://chartjs-plugin-datalabels.netlify.app", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/chartjs-plugin-datalabels/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chartjs-plugin-datalabels/-/chartjs-plugin-datalabels-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d78654df4947ee7f3da2af80e1b59a24f9c01bc6bb65393b74a7f8f1803332f26342d8eb820e43a64f5ff8b6e3085e9ba71dd10064de2f5dc85e929063246f97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chartjs-plugin-datalabels" + } + ] + }, + { + "type": "library", + "name": "deepmerge", + "version": "4.3.1", + "bom-ref": "deepmerge@4.3.1", + "description": "A library for deep (recursive) merging of Javascript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deepmerge@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/TehShrike/deepmerge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dec52a6cc11cefb5eaa5d34eec547246883e796de987e19809b8feacafae63244cbb0b15cb4acc895b4f9fe40994a16f58fff53d8a5aa6a627d0c7b6927167f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deepmerge" + } + ] + }, + { + "type": "library", + "name": "detect-autofill", + "version": "1.1.4", + "bom-ref": "detect-autofill@1.1.4", + "author": "Matteo Badini", + "description": "Small javascript library to detect and even prevent browsers autofill of form elements. Usefull for implementing floating labels or applying custom logics/styles.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-autofill@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/matteobad/detect-autofill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-autofill/-/detect-autofill-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad081430091fdb7929c00d09810bb0b8b53b9e0419180a5e964a97c652460a3bff8cccfc6a6068fa1b832f1f370a987d600932be56e9d7daf69a82f9115cfbc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-autofill" + } + ] + }, + { + "type": "library", + "name": "custom-event-polyfill", + "version": "1.0.7", + "bom-ref": "custom-event-polyfill@1.0.7", + "author": "Evan Krambuhl", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/custom-event-polyfill@1.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumarharsh/custom-event-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/custom-event-polyfill/-/custom-event-polyfill-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c30e47790e4699c5914cf29fb5237c8096f337ad2af5c1bace9621b8c898b08a731937ccff8862fb05394392b25c6139a05126f8cb054273765a52d3ad0bbeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/custom-event-polyfill" + } + ] + }, + { + "type": "library", + "name": "perfect-scrollbar", + "version": "1.5.5", + "bom-ref": "perfect-scrollbar@1.5.5", + "author": "Hyunje Jun", + "description": "Minimalistic but perfect custom scrollbar plugin", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/perfect-scrollbar@1.5.5", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/perfect-scrollbar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://perfectscrollbar.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/perfect-scrollbar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/perfect-scrollbar/-/perfect-scrollbar-1.5.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7736a57eeb723f77bf14ea5d96156bc8de002795c355ab955b1c9b4a42d999a905136b12df2de97382674a9af0f2d1a61ef91a1b911daf94fb2c14d9f96594da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/perfect-scrollbar" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74ecbedc0b96ddadb035b64722e319a537208c6b8b53fb812ffb9b71917d3976c3a3c7dfe0ef32569e417f479f4bcb84a18a39ab8171edd63d3a04065e002c40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "version": "5.1.1", + "bom-ref": "quick-lru@5.1.1", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/quick-lru@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5aec802d18d63c31adb7fc3326269d3b901763ef2167cd215697ba3328af82b691116ef9d57dd26e146f1b778b28e60dfbc544bea2dc7f7c1d9ede386784b848" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/quick-lru" + } + ] + }, + { + "type": "library", + "name": "validator", + "version": "13.12.0", + "bom-ref": "validator@13.12.0", + "author": "Chris O'Hara", + "description": "String validation and sanitization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/validator@13.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/validatorjs/validator.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/validatorjs/validator.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/validatorjs/validator.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "73543498288f960753555548248ac1bb136271813eb7fee829e23d3162e3ddf87fbaad8fc61ff779e59b559e0e7065b54d47f9dc0b749e31f0e5231d037b6632" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validator" + } + ] + }, + { + "type": "library", + "name": "winston", + "version": "3.13.0", + "bom-ref": "winston@3.13.0", + "author": "Charlie Robbins", + "description": "A logger for just about everything.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston@3.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/winston.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af089d980d70dd21388f413932e22e7c587224f0431bb36eef5464668af5a76faa1ef25267d1980c0f3503295e41c65b87ff95e878de05d7e74d9266f6b49e41" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston" + } + ] + }, + { + "type": "library", + "name": "xml-formatter", + "version": "3.6.2", + "bom-ref": "xml-formatter@3.6.2", + "author": "Chris Bottin", + "description": "Converts a XML string into a human readable format (pretty print) while respecting the xml:space attribute", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-formatter@3.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-formatter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-formatter/-/xml-formatter-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a75a17af64d3b07df645521ce5d5631c85af2514b654809ecdcc5b39520e193850a8361786617cf527d233fdef9c4e7f6b0a4b93d46c1369ccfe6259851ce1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-formatter" + } + ] + }, + { + "type": "library", + "name": "xml-parser-xo", + "version": "4.1.1", + "bom-ref": "xml-parser-xo@4.1.1", + "author": "Chris Bottin", + "description": "Parse a XML string into a proprietary syntax tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-parser-xo@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-parser-xo/-/xml-parser-xo-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a07f6cbdd3e63a7bd20ae61a0fb9e99b547274dcf84349d8657449a0cdb8a1ceef64d17068d2c7dc1716928b85b53e5512488d6893e309d09097527f94e0897" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-parser-xo" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "version": "0.6.2", + "bom-ref": "xml2js@0.6.2", + "author": "Marek Kubica", + "description": "Simple XML to JavaScript object converter.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml2js@0.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/Leonidas-from-XIV/node-xml2js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f8ae2787682d445dc112d0ac718f825681a5101c393eab01dc60e0851df8b02b3eed3953cbabb1e3abd74cd5608c87296a3047cfee131c3880a1be8b6265e80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml2js" + } + ] + }, + { + "type": "library", + "name": "heimdall-lite", + "group": "@mitre", + "version": "2.10.9", + "bom-ref": "@mitre/heimdall-lite@2.10.9", + "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/heimdall-lite@2.10.9", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/heimdall-lite/-/heimdall-lite-2.10.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2461c6dd654cc64d0fe72259a9ce9c523f6cc15b5f4dab68a0b6408109cca569420a5f72a47f4d15c350a49f04c5300a91b4c4aa9d260f00155d13e8d4cec663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/heimdall-lite" + } + ] + }, + { + "type": "library", + "name": "express", + "version": "4.19.2", + "bom-ref": "express@4.19.2", + "author": "TJ Holowaychuk", + "description": "Fast, unopinionated, minimalist web framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/express@4.19.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/express.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://expressjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/express/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e53ea7863b13f8438ccee724f098c11c04531df321b743cece503ad16576a4c0f78325f0d8b66767eb9e19d3711bed1c6a538971629ba4572eccb67dd585aaf5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express" + } + ] + }, + { + "type": "library", + "name": "inspec-objects", + "group": "@mitre", + "version": "1.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1", + "author": "The MITRE Security Automation Framework", + "description": "Typescript objects for normalizing between InSpec profiles and XCCDF benchmarks", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/inspec-objects@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/ts-inspec-objects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/inspec-objects/-/inspec-objects-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a7136eb75cf5d4548971c289f5e7466f82a8cf013f3f797022b0b49b04307009b52f45647794525979c232788ae0db3f437334472066b39cea8733e4fcd8038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects" + } + ] + }, + { + "type": "library", + "name": "flat", + "group": "@types", + "version": "5.0.5", + "bom-ref": "@types/flat@5.0.5", + "description": "TypeScript definitions for flat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/flat@5.0.5#types/flat", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/flat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/flat/-/flat-5.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cf2e58d940a4a769ce77283503ceecdd45f188d130dbe6a3eb6fe4ab43237732d750ace9c6b0a9e21cdd62619b0910121542f7bde18ea0373db6b2021266af9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "group": "@types", + "version": "1.2.3", + "bom-ref": "@types/he@1.2.3", + "description": "TypeScript definitions for he", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/he@1.2.3#types/he", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/he", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abaeffab09716e50f3103bf31e1564c1cd60cd55b168dc5ec87501178c4496bbe32f5d4ef98b737bed5f1a904796bfc7f66ca20546945cd9cd3e6047c717c070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/he" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "group": "@types", + "version": "0.7.0", + "bom-ref": "@types/json-diff@0.7.0", + "description": "TypeScript definitions for json-diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-diff@0.7.0#types/json-diff", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-diff/-/json-diff-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db4209aaea461f2c2d21a13a7d2df48b2821ddd56a55dce6b27ad89ff545b916902b12f1fd1187e4af618427dcb55c6037b2b32659c3ee060500eacdc220a0b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-diff" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/jstoxml@2.0.4", + "description": "TypeScript definitions for jstoxml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jstoxml@2.0.4#types/jstoxml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jstoxml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jstoxml/-/jstoxml-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c750ca76b7c09f254b0ab7caa396ca595a59157af785836785fe4455f022a2350f8577798991f7b12035ed6449c6ff868965109534d9f8eb335d75254850dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jstoxml" + } + ] + }, + { + "type": "library", + "name": "lodash", + "group": "@types", + "version": "4.17.4", + "bom-ref": "@types/lodash@4.17.4", + "description": "TypeScript definitions for lodash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/lodash@4.17.4#types/lodash", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/lodash", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1808fdba64bc5a4f7477f6488ddbe1dc278913777535c1a23f718ee2bd662a14fea95b764da6f8ba59de8f1d9c7b4ffb7ccf4be5917320dd060b6bb0d9fc825" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/lodash" + } + ] + }, + { + "type": "library", + "name": "pretty", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/pretty@2.0.3", + "description": "TypeScript definitions for pretty", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pretty@2.0.3#types/pretty", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pretty", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pretty/-/pretty-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c51f7aa5284d96bc4b777819ab30a76da0266d88624588d6e750831637a4b597a6aa9059040024330c66e2006b6893ffc5280a72c4212d77655cec03356a3855" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pretty" + } + ] + }, + { + "type": "library", + "name": "flat", + "version": "5.0.2", + "bom-ref": "flat@5.0.2", + "author": "Hugh Kennedy", + "description": "Take a nested Javascript object and flatten it, or unflatten an object with delimited keys", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/flat@5.0.2", + "externalReferences": [ + { + "url": "git://github.com/hughsk/flat.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hughsk/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hughsk/flat/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fab2e103fb9ff7ad3a5405d1b582ea4897c30f14200c034417c269632e1bc250a714bdd138816932f73a6e1827171ceb33e09f703c6356aba38aa66233cf785" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "version": "1.2.0", + "bom-ref": "he@1.2.0", + "author": "Mathias Bynens", + "description": "A robust HTML entities encoder/decoder with full Unicode support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/he@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/he.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/he/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17fd439d418fa29391662d278be0afac28074391721001d12d2029b9858c9ab6d2c28376327ffb93e1a5dfc8099d1ef2c83664e962d7c221a877524e58d0ca1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/he" + } + ] + }, + { + "type": "library", + "name": "domelementtype", + "version": "2.3.0", + "bom-ref": "domelementtype@2.3.0", + "author": "Felix Boehm", + "description": "all the types of nodes in htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domelementtype@2.3.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domelementtype.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domelementtype#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domelementtype/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38b113063eb0d0eb1a801c1d5e73dd37472731f17da2937af5ca3eed9adb7cf1ab7693d5341523d36b298ba07537bc0284b4223e7e02487ff326f5f0e7a8261f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domelementtype" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "4.1.2", + "bom-ref": "chalk@4.1.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a9db845c91217a54b9ecfc881326c846b89db8f820e432ba173fc32f6463bfd654f73020ef5503aebc3eef1190eefed06efa48b44e7b2c3d0a9434eb58b898" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "3.0.0", + "bom-ref": "slash@3.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83d43585a79bcb7e8e492b706f89ed08618668ab1a5528d0ebc7c1c6841cbad9797d2d6fb98d7c1f7c12b778c5c85b6b931f8acf45751bce40e0cc80743322d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slash" + } + ] + }, + { + "type": "library", + "name": "v8-coverage", + "group": "@bcoe", + "version": "0.2.3", + "bom-ref": "@bcoe/v8-coverage@0.2.3", + "author": "Charles Samborski", + "description": "Helper functions for V8 coverage files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40bcoe/v8-coverage@0.2.3", + "externalReferences": [ + { + "url": "git://github.com/demurgos/v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://demurgos.github.io/v8-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/demurgos/v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21610f120780dbe73bd90786b174c1c6c046908e467316342237d2d562f2050769d25075bdb58a715ab88fad60c0488c626976b1f3744470bc6e49d9c63d9b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@bcoe/v8-coverage" + } + ] + }, + { + "type": "library", + "name": "collect-v8-coverage", + "version": "1.0.2", + "bom-ref": "collect-v8-coverage@1.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/collect-v8-coverage@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/SimenB/collect-v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "947978779fce3446cb949bda24db6c17f2f3f96bc1d3bbb6c9ca9361b76babb532a435da8a5112e2f6a561bd9e5a2245c599559a919e91faa8c50873c85753e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/collect-v8-coverage" + } + ] + }, + { + "type": "library", + "name": "exit", + "version": "0.1.2", + "bom-ref": "exit@0.1.2", + "author": "\"Cowboy\" Ben Alman", + "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://github.com/cowboy/node-exit/blob/master/LICENSE-MIT" + } + } + ], + "purl": "pkg:npm/exit@0.1.2", + "externalReferences": [ + { + "url": "git://github.com/cowboy/node-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cowboy/node-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cowboy/node-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "664fde34a576cdb8e92b3aec43e9f51baa6855b12b4312742c13895da299d445622f31fe86b2eef5c757238cf0f5d05026c970044a5b4363f5a12ee70f1b3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exit" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "7.2.3", + "bom-ref": "glob@7.2.3", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@7.2.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c5474ccba54d9809a471c28089bcbe94bc21f6245c85548bf04cbb087f6d40b8794cb240358614dd93e2e5609b4e958b7dbfa76fb330f604646a04bfa240af5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45b279fe398570d342703579a3d7939c12c9fc7b33595d0fef76dcf857f89d2feb263f98692e881b288e2f45680585fe9755ab97793ade1fcaac7fa7849d17bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "version": "3.2.2", + "bom-ref": "istanbul-lib-coverage@3.2.2", + "author": "Krishnan Anantheswaran", + "description": "Data library for istanbul coverage objects", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-coverage@3.2.2#packages/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc769b05fabd1657ff0c35129f9e6aed09686e2a3c6bab6c3e8e9cc12f95192938b62de5569d63a6591c4595eb0938d99cfb02c01af29064439a9e4a342c54e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/core@7.24.4", + "author": "The Babel Team", + "description": "Babel compiler core.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/core@7.24.4#packages/babel-core", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20core%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3015653173fe924979dfde1104b4b1c64fe22d37951ae5d35777080d76af3e930caa74a7b7a6a92a06a7fd4f0edd44966425994ff4db81f12929ae2e3203780e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/parser@7.24.4", + "author": "The Babel Team", + "description": "A JavaScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/parser@7.24.4#packages/babel-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A+parser+%28babylon%29%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd3bc405c82199e0666bd4081ae9d67afbc1029e3f42ef4176afb69343ade1f54c0fabf776c0bd58e71148a93bb5147204cff9df228c264a3dc4e6ad1900304a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/parser" + } + ] + }, + { + "type": "library", + "name": "schema", + "group": "@istanbuljs", + "version": "0.1.3", + "bom-ref": "@istanbuljs/schema@0.1.3", + "author": "Corey Farrell", + "description": "Schemas describing various structures used by nyc and istanbuljs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/schema@0.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "657458e2336f56049543c0cbdcb4dc6a4680b57c13554c44f3586c96cc83d80b685d6ff05686f5d0790e2755ffa4095c23b0fed98a192a0e5da3c1bfc3a45880" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/schema" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "version": "3.0.1", + "bom-ref": "istanbul-lib-report@3.0.1", + "author": "Krishnan Anantheswaran", + "description": "Base reporting library for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-report@3.0.1#packages/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1827c4d66b6c1c63842c253c7bf67b616ce99b26ebc7ff9d4937cbaef63ca9199a63acd74ca5a7e964088da005c34ebd89c9ba19530d920bb437323888f65437" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-source-maps", + "version": "4.0.1", + "bom-ref": "istanbul-lib-source-maps@4.0.1", + "author": "Krishnan Anantheswaran", + "description": "Source maps support for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-source-maps@4.0.1#packages/istanbul-lib-source-maps", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-source-maps", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f7b3c13091d1482421b704f28162fb248171a8cbcf00473bde8248ad93ad0dc5177096d2ce4da1fb09488c457bf0628ae5d10ef5da212371607e7cafccad657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-source-maps" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "version": "3.1.7", + "bom-ref": "istanbul-reports@3.1.7", + "author": "Krishnan Anantheswaran", + "description": "istanbul reports", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-reports@3.1.7#packages/istanbul-reports", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05ec265172267ae464d986343d56f180a032b2f8513d4404d21e5044cfbe9d55b2b9b28657497ca90e68a7cf81d833a6c127badc98af8f406390f4157fc7cfe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "merge-stream", + "version": "2.0.0", + "bom-ref": "merge-stream@2.0.0", + "author": "Stephen Sugden", + "description": "Create a stream that emits events from multiple other streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-stream@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/grncdr/merge-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/grncdr/merge-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/grncdr/merge-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-stream" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "8.1.1", + "bom-ref": "supports-color@8.1.1", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@8.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3295043763a876d533c6f29097bd9c505ed14391221ec1af4ac546d226bd73945b5862f6088e02ec4a4f4bc513048a659e5cd988db95e7ac3e16e371cb7b72d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "string-length", + "version": "4.0.2", + "bom-ref": "string-length@4.0.2", + "author": "Sindre Sorhus", + "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-length@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa5eab34de5f607361659cb8d515ec629b428c0d88826ab8106ee4640605408d44d554d76abafa64f5c183a7aaed8e9e2b8144858e80265cae1486ffbff4b455" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-length" + } + ] + }, + { + "type": "library", + "name": "terminal-link", + "version": "2.1.1", + "bom-ref": "terminal-link@2.1.1", + "author": "Sindre Sorhus", + "description": "Create clickable links in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/terminal-link@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/terminal-link.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d059a245440daf93c9ab2f643fb738d05e4139fa469584ebc689c30a111907ba7367144da7f6edfb29a2cbdfe7a705f26bd287f7d9c9fc65c522252460615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/terminal-link" + } + ] + }, + { + "type": "library", + "name": "ansi-escapes", + "version": "4.3.2", + "bom-ref": "ansi-escapes@4.3.2", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for manipulating the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-escapes@4.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ansi-escapes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80a5e3e402eb29640bb181bd8e54d1991ff12a5bb11d5f99f501303488027ccd7fbb03cc0aecd55678799b04ddf8eb8165cc1220c6eab2c356466d65139d5069" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-escapes" + } + ] + }, + { + "type": "library", + "name": "supports-hyperlinks", + "version": "2.3.0", + "bom-ref": "supports-hyperlinks@2.3.0", + "author": "James Talmage", + "description": "Detect if your terminal emulator supports hyperlinks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-hyperlinks@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/supports-hyperlinks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "469b00665a56703c0e3d0036d9a087e09d2decbf09980bec0b17ce484c26edc42cdcbb21377e9069393077bd039c13970d61acb30d9e52873c09a4564f45ee9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks" + } + ] + }, + { + "type": "library", + "name": "v8-to-istanbul", + "version": "9.2.0", + "bom-ref": "v8-to-istanbul@9.2.0", + "author": "Ben Coe", + "description": "convert from v8 coverage format to istanbul's format", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/v8-to-istanbul@9.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/v8-to-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fc41ffb03831536786c5a8ca7702c20e6438156abe9298b7b829811a9c35c49b67031123943f23f0f122196a4220c22cddc88d0201f47774d3262524633c998c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-to-istanbul" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "group": "@types", + "version": "2.0.6", + "bom-ref": "@types/istanbul-lib-coverage@2.0.6", + "description": "TypeScript definitions for istanbul-lib-coverage", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6#types/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9017fb7f6ae5a6d25b32f17b4a54f1b5f6fdec48e42525efd81d981f8dbfca0411ce19257e276abf4baef5adcabdb9306b2c05e6669a8989a41b313fb3354d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-istanbul", + "version": "6.1.1", + "bom-ref": "babel-plugin-istanbul@6.1.1", + "author": "Thai Pangsakulyanont @dtinth", + "description": "A babel plugin that adds istanbul instrumentation to ES6 code", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/babel-plugin-istanbul@6.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635210a24f7cdb5702f689c2c79a2d8057d19bb2e6f88fb0c313b1ef7f0cfd62cf67d438da6e081b95b414d5fc58b2f6818319a37264b97207d833a958cfaac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul" + } + ] + }, + { + "type": "library", + "name": "fast-json-stable-stringify", + "version": "2.1.0", + "bom-ref": "fast-json-stable-stringify@2.1.0", + "author": "James Halliday", + "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", + "externalReferences": [ + { + "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-json-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "4.0.2", + "bom-ref": "write-file-atomic@4.0.2", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecac5ab947419927569e6a5a18583ea69363285f2e34baf2f0bcb38dab900ce54e35f14b34aacabd03b167f56e4c8712fe081efd835a85fe512084164d26ab96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/write-file-atomic" + } + ] + }, + { + "type": "library", + "name": "execa", + "version": "5.1.1", + "bom-ref": "execa@5.1.1", + "author": "Sindre Sorhus", + "description": "Process execution for humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/execa@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/execa.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/execa#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/execa/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e4a9659a1c01944100f20420d263dcba3d1f21a2b6595ccdcdbb121e586288e3305327f321cc0cc6941c4d89a9fab4e43ff0b9cc08e091944725edd6f721ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/execa" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "3.1.0", + "bom-ref": "p-limit@3.1.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d839a9ccdf01b0346b193767154d83c0af0e39e319d78f9aa6585d5b12801ce3e714fe897b19587ba1d7af8e9d4534776e1dcdca64c70576ec54e5773ab8945" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "co", + "version": "4.6.0", + "bom-ref": "co@4.6.0", + "description": "generator async control flow goodness", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/co@4.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/tj/co.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/co#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/co/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4156f474ce47bc6fae6b18ad9bcc0e365ee396dc7c76a85f537dc372ab4e65c2d25482920c32c38bbfb42db00a8b223c843f6ee369b66315d290c1964e169e71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/co" + } + ] + }, + { + "type": "library", + "name": "is-generator-fn", + "version": "2.1.0", + "bom-ref": "is-generator-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if something is a generator function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-generator-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-generator-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-generator-fn" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "version": "2.0.6", + "bom-ref": "stack-utils@2.0.6", + "author": "James Talmage", + "description": "Captures and cleans stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-utils@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/stack-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/stack-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/stack-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5916bdf226e919ac5ad349c7ebaab4a2d2f1ea856f1520d19ccb5ea63471a132f65ee1aee5fc2298839e3b0b6afa0182a08247bd53a963bc31a5d885e27745" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils" + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "5.2.0", + "bom-ref": "parse-json@5.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b208abe6fe98421b13a461148233cda20f072df3f1289d2120092c56c43eef7ba8c7820b059787d955004f44d810a0a8ae57fa1d845ac6cd05d9c1b89f0bc46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "strip-json-comments", + "version": "3.1.1", + "bom-ref": "strip-json-comments@3.1.1", + "author": "Sindre Sorhus", + "description": "Strip comments from JSON. Lets you use comments in your JSON files!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-json-comments@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-json-comments.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9f3dcf91e22870a8fe8dfda22fd9fd60307f25395b56407a2a0b8c8aea8483555a1cba602c7c2aa39179ea89832198cc12fe61072e9ed57a196ddea97a9448a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-json-comments" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "group": "@types", + "version": "4.1.9", + "bom-ref": "@types/graceful-fs@4.1.9", + "description": "TypeScript definitions for graceful-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/graceful-fs@4.1.9#types/graceful-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/graceful-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/graceful-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a253f7b1dd6a3847b97574d2685bd01bed3655d45771dcad58b019b00ab53de714f2ea9002192b9db962ec36a08ed5ca5bf065ed825b52c6bc30f72e73c2c711" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "anymatch", + "version": "3.1.3", + "bom-ref": "anymatch@3.1.3", + "author": "Elan Shanker", + "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/anymatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/anymatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/anymatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/anymatch" + } + ] + }, + { + "type": "library", + "name": "fb-watchman", + "version": "2.0.2", + "bom-ref": "fb-watchman@2.0.2", + "author": "Wez Furlong", + "description": "Bindings for the Watchman file watching service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/fb-watchman@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79d7ad41a9bb826929c1f2321bcd01ce96982c3e62b9ac95437c328ef75031b39342d6ebb71d1426eb0b7d71df7ff86b504083b9dc97465d7a320e94c0b2060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fb-watchman" + } + ] + }, + { + "type": "library", + "name": "fsevents", + "version": "2.3.3", + "bom-ref": "fsevents@2.3.3", + "description": "Native Access to MacOS FSEvents", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/fsevents/fsevents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fsevents/fsevents", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fsevents/fsevents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fsevents" + } + ] + }, + { + "type": "library", + "name": "walker", + "version": "1.0.8", + "bom-ref": "walker@1.0.8", + "author": "Naitik Shah", + "description": "A simple directory tree walker.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/walker@1.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-walker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6cffc13c9796fb918d2f9562dec0e9035cc98f74b7155781a63902f2c6e4acc0826cc1e78566d02c305ee4d4db33cfe4d8050ae56119b33a7af7f7ccb525e99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/walker" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/code-frame@7.24.2", + "author": "The Babel Team", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.24.2#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-code-frame", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb9fad2d0c95f298377ec8a59faec154b0f53f5dc4838961e515bd985d3352ebcbaeff6e210e0c08bf82453f854ec0650637086a7e8f1ac2dc04dd26dc2954c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/code-frame" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/stack-utils@2.0.3", + "description": "TypeScript definitions for stack-utils", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/stack-utils@2.0.3#types/stack-utils", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/stack-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/stack-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5a11b619dd36d83339cf75c76bdd2988acb5f00bf00a65741e09ff4f81aa3908a6fc0b21ee117e63cd63d392fade82f85124772944ee81168196f7271a3a463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/stack-utils" + } + ] + }, + { + "type": "library", + "name": "jest-pnp-resolver", + "version": "1.2.3", + "bom-ref": "jest-pnp-resolver@1.2.3", + "description": "plug'n'play resolver for Webpack", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-pnp-resolver@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/arcanis/jest-pnp-resolver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb7369c10127468201b71e1fca16e54033e0248d07d48108917ed284b5233c603b4ed513bc8d6888a8b7491e28051d21421411f349785807b946b5c1c16300f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-pnp-resolver" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "3.1.0", + "bom-ref": "detect-newline@3.1.0", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cbcfec7fbc45e6fd8ecfef09f510914d2f1629503e1380ca2cc58e9f0152549c931bba91c13a7731c96506f4ea53687f44043eee148e4b7c482630e739e03b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-newline" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "version": "0.5.13", + "bom-ref": "source-map-support@0.5.13", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/source-map-support@0.5.13", + "externalReferences": [ + { + "url": "git+https://github.com/evanw/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "48748a14769d8d5039a11e0f3ea86d01575c056c1161577a83a7005e721b4622307361213eb4ee29405d48bbe510ac883f71827fcf5f96dbdc6623fd30c140d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-support" + } + ] + }, + { + "type": "library", + "name": "type-detect", + "version": "4.0.8", + "bom-ref": "type-detect@4.0.8", + "author": "Jake Luer", + "description": "Improved typeof detection for node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-detect@4.0.8", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/type-detect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/type-detect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/type-detect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1faff9881f57653bec7b4e570ccbe6c80ea28fb30ffbd2d5727875bbf3b828423866a9a65ed74bb02ee8ee6caf6af4b83a162868d4a50a0d8cf467b93b839fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-detect" + } + ] + }, + { + "type": "library", + "name": "callsites", + "version": "3.1.0", + "bom-ref": "callsites@3.1.0", + "author": "Sindre Sorhus", + "description": "Get callsites from the V8 stack trace API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/callsites@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/callsites.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/callsites#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/callsites/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/callsites" + } + ] + }, + { + "type": "library", + "name": "cjs-module-lexer", + "version": "1.2.3", + "bom-ref": "cjs-module-lexer@1.2.3", + "author": "Guy Bedford", + "description": "Lexes CommonJS modules, returning their named exports metadata", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cjs-module-lexer@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/cjs-module-lexer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d133621acb5b426085c2de1a9238c1839a4b4534b28ff3e4590d59a0edb39ed9a0f722ea491c7011ae2209f40b1a3aa18aa05f3896bb5bf13cc1f1ab4c39a565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cjs-module-lexer" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "4.0.0", + "bom-ref": "strip-bom@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df1bab16fe6d1208a2df7662f09b69e79c042082d1f5e877e05016d343d97fe2674ac4e657f8a87b04a0425f7b247be08e8446c0f4a1b169be21daf1077e5dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom" + } + ] + }, + { + "type": "library", + "name": "generator", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/generator@7.24.4", + "author": "The Babel Team", + "description": "Turns an AST into code.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/generator@7.24.4#packages/babel-generator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20generator%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ddebebfa4a78d6571fe7bacfb2d25d6cc4c39338c064c8be3e04875b00bc9ab509c07bf49156300d7833d2098697fa2d62266b8648a7f767e13e57fbdad47bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-typescript", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-typescript@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of TypeScript syntax", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.24.1#packages/babel-plugin-syntax-typescript", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-typescript", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6219e6bf2e476449c752dcba8befa071f1f5fe5ebc0079c8b451e7682bfa867f5d361d2142fbd026cc698b804c0453790cb78706eb9c4ffd038335e27ff3b247" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-typescript" + } + ] + }, + { + "type": "library", + "name": "traverse", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/traverse@7.24.1", + "author": "The Babel Team", + "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/traverse@7.24.1#packages/babel-traverse", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20traverse%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6e53aa3d9baf0a7aa65b42e0edd9370a4b1530fe6aecbdabe512a43595e67f07e0bdb64e84e2c456cbded669782fab913e9d4ddc5ccc6fdd628e09a9d530299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/types@7.24.0", + "author": "The Babel Team", + "description": "Babel Types is a Lodash-esque utility library for AST nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/types@7.24.0#packages/babel-types", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20types%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa3edae5cdb9dd17ca87c880041872c1cf0d49f3f92d445eed4878aa9b21ea373e68b260baf98850176349d10c42fd9b10dac247931f45d8c6a3bbf34bfa1bef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/types" + } + ] + }, + { + "type": "library", + "name": "babel__traverse", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__traverse@7.20.5", + "description": "TypeScript definitions for @babel/traverse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__traverse@7.20.5#types/babel__traverse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5970b239c46d1f7ec70149295e151db9ac5d9bcd9be064a5c93a9a8d7be237811f8ae3e0358475d3dc4c08abe997accf229b9ad031a53040c2abe83c11da2179" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__traverse" + } + ] + }, + { + "type": "library", + "name": "prettier", + "group": "@types", + "version": "2.7.3", + "bom-ref": "@types/prettier@2.7.3", + "description": "TypeScript definitions for prettier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prettier@2.7.3#types/prettier", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prettier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prettier", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbaf243fdcb3b382cca7b54d87c81dccc48f6452f8e0c2c6aa21d6bedb5825efbaaa7b95af8124f70481428bdea98febf8bc2309c536f643559227708a6fa460" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prettier" + } + ] + }, + { + "type": "library", + "name": "babel-preset-current-node-syntax", + "version": "1.0.1", + "bom-ref": "babel-preset-current-node-syntax@1.0.1", + "author": "Nicolò Ribaudo", + "description": "A Babel preset that enables parsing of proposals supported by the current Node.js version.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-current-node-syntax@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "33b2d0d1bc5aae4c50a0dfafcf96893ec2c19fbee7f10813166a3c58ad3fe386ae2b6c65097ad8714c47171814eea5b9633c3f0a398b44adae27368277b2efa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-current-node-syntax" + } + ] + }, + { + "type": "library", + "name": "natural-compare", + "version": "1.4.0", + "bom-ref": "natural-compare@1.4.0", + "author": "Lauri Rooden", + "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-compare@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/litejs/natural-compare-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "396343f1e8b756d342f61ed5eb4a9f7f7495a1b1ebf7de824f0831b9b832418129836f7487d2746eec8408d3497b19059b9b0e6a38791b5d7a45803573c64c4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-compare" + } + ] + }, + { + "type": "library", + "name": "leven", + "version": "3.1.0", + "bom-ref": "leven@3.1.0", + "author": "Sindre Sorhus", + "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/leven@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/leven.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/leven#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/leven/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/leven" + } + ] + }, + { + "type": "library", + "name": "react-is", + "version": "18.2.0", + "bom-ref": "react-is@18.2.0", + "description": "Brand checking of React Elements.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/react-is@18.2.0#packages/react-is", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/react.git#packages/react-is", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://reactjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/react/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c56183216eb1f76d71b733e486250bb6d8491e826f05b177ab6e9fce5a0f08ad21b2fc6d3d57a5bdfb70df38db1d64a4476926f59fb8bb16c30caffa670f41f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/react-is" + } + ] + }, + { + "type": "library", + "name": "rimraf", + "version": "3.0.2", + "bom-ref": "rimraf@3.0.2", + "author": "Isaac Z. Schlueter", + "description": "A deep deletion module for node (like `rm -rf`)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/rimraf@3.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/rimraf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/rimraf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/rimraf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "25990931990018514f3f662a5d95cf6cc94c060b31cc4f082ece253085ffda8d0bf54070f4efd8de8eb0170fe2f582daa5c5095b0a9b8b791dc483dd0bad9320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rimraf" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "group": "@types", + "version": "3.0.4", + "bom-ref": "@types/istanbul-reports@3.0.4", + "description": "TypeScript definitions for istanbul-reports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-reports@3.0.4#types/istanbul-reports", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-reports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a64d81d4d59a945f6da0246eea08c1cd1ebdb321633f839df164405fed2699ff6502309189c2ce59cf99af1647c7fd17463a2d82417db7a89a309f9a5dc39d65" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "yargs", + "group": "@types", + "version": "17.0.32", + "bom-ref": "@types/yargs@17.0.32", + "description": "TypeScript definitions for yargs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs@17.0.32#types/yargs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c50ebb61cfe568e1b9b8c7d7ff4f77311946182201cd931aad56be81f34a271580220ca462954690175ba84cc60c37c2ad5523e8789f7f8993679040e93980a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs" + } + ] + }, + { + "type": "library", + "name": "import-local", + "version": "3.1.0", + "bom-ref": "import-local@3.1.0", + "author": "Sindre Sorhus", + "description": "Let a globally installed package use a locally installed version of itself if available", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-local@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-local.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-local#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-local/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012074eee2ed9c3b35a3a1078caa57df804a6034aa9c57ab7d33892f61ef32a17bd0b9f1a639330c1f09e38a13f69bb800c3e44307fc8e5eacce0bcd776b5122" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-local" + } + ] + }, + { + "type": "library", + "name": "prompts", + "version": "2.4.2", + "bom-ref": "prompts@2.4.2", + "author": "Terkel Gjervig", + "description": "Lightweight, beautiful and user-friendly prompts", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompts@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/prompts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/prompts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/prompts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37136ffe42e0b8203ba778c4f282f668406cac95a001a901a609a02ba9693d657e5ae3a663aaf6ff36c05673fe4fc6d0940d27cc75d2252256d07abbca5683d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompts" + } + ] + }, + { + "type": "library", + "name": "kleur", + "version": "3.0.3", + "bom-ref": "kleur@3.0.3", + "author": "Luke Edwards", + "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kleur@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/kleur.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/kleur#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/kleur/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kleur" + } + ] + }, + { + "type": "library", + "name": "sisteransi", + "version": "1.0.5", + "bom-ref": "sisteransi@1.0.5", + "author": "Terkel Gjervig", + "description": "ANSI escape codes for some terminal swag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sisteransi@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/sisteransi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/sisteransi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/sisteransi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sisteransi" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "17.7.2", + "bom-ref": "yargs@17.7.2", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@17.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd4b3cd143ef822a7348fe4aca9d8455ec928a3d45cc121eb5b286872a0f66ad6121cc55a1167c4fc4697eebd703d4ebbadc2d773543c29e621caefa82b8ceb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "version": "0.9.1", + "bom-ref": "json-diff@0.9.1", + "author": "Andrey Tarantsov", + "description": "JSON diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-diff@0.9.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/andreyvit/json-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/json-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-diff/-/json-diff-0.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67778c83a91b55306bde0fc8a6617acf6f322f6b2a8b89242252560d04add1ab905b6cb4405bb746648a8b3be3f3cd04fc453235a9ef598de88bf4f967b640d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-diff" + } + ] + }, + { + "type": "library", + "name": "cli-color", + "version": "2.0.4", + "bom-ref": "cli-color@2.0.4", + "author": "Mariusz Nowak", + "description": "Colors, formatting and other tools for the console", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-color@2.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/cli-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/cli-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/cli-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-color/-/cli-color-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce59e98348cd7226cdaceec61bd21e1c7ee669615e0b3f896b5c31ffbb59354e4049249267efea65c88cd3f2c7098c5276abf9876b1d6d0fcf5d874eb9eb57bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-color" + } + ] + }, + { + "type": "library", + "name": "d", + "version": "1.0.2", + "bom-ref": "d@1.0.2", + "author": "Mariusz Nowak", + "description": "Property descriptor factory", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/d@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/d.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/d#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/d/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/d/-/d-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30ea87bcc585f7ff4c5fa9f36b42a0bc51f81e9314d04179b940d7a97fc1b71b54f0d7c1d10cd1b49f0e7bfe92b92e246e1cb3549c2377dec40383caaf327c6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/d" + } + ] + }, + { + "type": "library", + "name": "es5-ext", + "version": "0.10.64", + "bom-ref": "es5-ext@0.10.64", + "author": "Mariusz Nowak", + "description": "ECMAScript extensions and shims", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es5-ext@0.10.64", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.64.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a76b270e188b6977ba75a86cb352dd771a849be4a4b83bd5f1d9c8406d0c5a3c87a5c30d7d728f13efc2734cbe3e1c495f7038c4635e1428f9a1cd01521e9d7a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es5-ext" + } + ] + }, + { + "type": "library", + "name": "type", + "version": "2.7.2", + "bom-ref": "type@2.7.2", + "author": "Mariusz Nowak", + "description": "Runtime validation and processing of JavaScript types", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/type@2.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type/-/type-2.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77396f94d96de805d4ec40527e902c732750ee05c1fa93c6b0f9df26766988d2410e3ec8689cd094165819d122e11f4798f741bf65e6589e9852da136bb9660b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type" + } + ] + }, + { + "type": "library", + "name": "es6-iterator", + "version": "2.0.3", + "bom-ref": "es6-iterator@2.0.3", + "author": "Mariusz Nowak", + "description": "Iterator abstraction based on ES6 specification", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-iterator@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-iterator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf0e12473a1491df9c97e668135e40f68d6841df76d016f488e24c4244219778cd734dd8a958c0846eec71ff42e4a59153f475dceadfe7cf2e082eb9db9a34da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-iterator" + } + ] + }, + { + "type": "library", + "name": "es6-symbol", + "version": "3.1.4", + "bom-ref": "es6-symbol@3.1.4", + "author": "Mariusz Nowak", + "description": "ECMAScript 6 Symbol polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-symbol@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es6-symbol.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d6c51635fcb458804e0b64275ce0db9f8abe2217a6046f4474bcb1abb719f855cd385142b39e92c3de4f40565b630d66cd4e1162750cf5ce40c9f428a464be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-symbol" + } + ] + }, + { + "type": "library", + "name": "ext", + "version": "1.7.0", + "bom-ref": "ext@1.7.0", + "author": "Mariusz Nowak", + "description": "JavaScript utilities with respect to emerging standard", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ext@1.7.0#ext", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git#ext", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/tree/ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ea1c5e25868bd75d1af5be531094a3d20a23c87400980d9c8793acfb2482880d5019d4baf7b5d6635a73b2b4a3a80f4b0c4120741fcaca9225479f5170bb8763" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ext" + } + ] + }, + { + "type": "library", + "name": "esniff", + "version": "2.0.1", + "bom-ref": "esniff@2.0.1", + "author": "Mariusz Nowak", + "description": "Low footprint ECMAScript source code parser", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/esniff@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/esniff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/esniff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/esniff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esniff/-/esniff-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91350818a43f9833c5a09d2855f726c899f88810d1a6d8cd548cf020547bb6a59775523dc5f03644cc18fe06d2a491b79647563448cb6a9fcda951d9889b1d7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esniff" + } + ] + }, + { + "type": "library", + "name": "event-emitter", + "version": "0.3.5", + "bom-ref": "event-emitter@0.3.5", + "author": "Mariusz Nowak", + "description": "Environment agnostic event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/event-emitter@0.3.5", + "externalReferences": [ + { + "url": "git://github.com/medikoo/event-emitter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/event-emitter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/event-emitter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fdad19fdcbb90b3e727e84cabb4bf9e1be82b0c2f5496a1062d813e6c776ef6ec11d2b75bd8a2f1c0521a33feef6fcb9cce27e9fa37f9d9025f915e4d0aee5c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/event-emitter" + } + ] + }, + { + "type": "library", + "name": "next-tick", + "version": "1.1.0", + "bom-ref": "next-tick@1.1.0", + "author": "Mariusz Nowak", + "description": "Environment agnostic nextTick polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/next-tick@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/next-tick.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/next-tick#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/next-tick/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977548897a66ec363b93a10bf16b23d917d56a86dee17b0b2fcb6b0e59a7cbbe2d9ac1f963f66382e9b1c8839d28ad7f0826f58a63dc1843fcc1da4a203ec95" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/next-tick" + } + ] + }, + { + "type": "library", + "name": "memoizee", + "version": "0.4.15", + "bom-ref": "memoizee@0.4.15", + "author": "Mariusz Nowak", + "description": "Memoize/cache function results", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/memoizee@0.4.15", + "externalReferences": [ + { + "url": "git://github.com/medikoo/memoizee.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/memoizee#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/memoizee/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5015a62692d97794933e6ecf31494ec3f4d2cbdef633ecfc81cc90e6f78e9d20d1444cffd1b9a9c937cab77ff9d4384406a099427d6e74cff97e57123d886475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/memoizee" + } + ] + }, + { + "type": "library", + "name": "es6-weak-map", + "version": "2.0.3", + "bom-ref": "es6-weak-map@2.0.3", + "author": "Mariusz Nowak", + "description": "ECMAScript6 WeakMap polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-weak-map@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-weak-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79ba6df61ce4ced643fec3b3d19c1fb9950e3767a9aeb8cb8831f7ef0cdf1907819c9e32c157acc64ada5b01220c9380c202f11a6a685edb387209bfd05d7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-weak-map" + } + ] + }, + { + "type": "library", + "name": "is-promise", + "version": "2.2.2", + "bom-ref": "is-promise@2.2.2", + "author": "ForbesLindesay", + "description": "Test whether an object looks like a promises-a+ promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-promise@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/then/is-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/then/is-promise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/then/is-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa53f8ffa94a5017d08d9da97714e166f2d401a7e665bf0e03115bf175ed890992df920d82bf3985d386a04b35db87b3d450a7649b7a8dabbf4fe6a5879f1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-promise" + } + ] + }, + { + "type": "library", + "name": "lru-queue", + "version": "0.1.0", + "bom-ref": "lru-queue@0.1.0", + "author": "Mariusz Nowak", + "description": "LRU Queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lru-queue@0.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/lru-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/lru-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/lru-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06975892df44bc697c39f5870d03c8495a5c979c59b616fe5cfb1b10b8f90105f1202f08ae20d92106230493c49b9ad2e36d2c8d9d132c4cd172ae4a741858ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-queue" + } + ] + }, + { + "type": "library", + "name": "timers-ext", + "version": "0.1.7", + "bom-ref": "timers-ext@0.1.7", + "author": "Mariusz Nowak", + "description": "Timers extensions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/timers-ext@0.1.7", + "externalReferences": [ + { + "url": "git://github.com/medikoo/timers-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/timers-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/timers-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fce4d50dcd349da1d4a14c86e4cba645d367bc493b5555f0fe7eee1a5d74a11042e9a331fe6c2a492d830f65bb0004ddb00c7edf269a88a17c49a736dfd0da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/timers-ext" + } + ] + }, + { + "type": "library", + "name": "difflib", + "version": "0.2.4", + "bom-ref": "difflib@0.2.4", + "author": "Xueqiao Xu", + "description": "text diff library ported from Python's difflib module", + "licenses": [ + { + "license": { + "name": "PSF", + "url": "http://docs.python.org/license.html" + } + } + ], + "purl": "pkg:npm/difflib@0.2.4", + "externalReferences": [ + { + "url": "git://github.com/qiao/difflib.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/difflib.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/difflib.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/difflib/-/difflib-0.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5857098c6f4c101d036be49f66e814a3e9f938a5f1884c640e3acf83f4597e20d38358539fbe1214d6136fe86811d510680bff4d25cc2eefbcd2871574913ef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/difflib" + } + ] + }, + { + "type": "library", + "name": "heap", + "version": "0.2.7", + "bom-ref": "heap@0.2.7", + "author": "Xueqiao Xu", + "description": "binary heap (priority queue) algorithms (ported from Python's heapq module)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/heap@0.2.7", + "externalReferences": [ + { + "url": "git://github.com/qiao/heap.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/heap.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/heap.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9bb1e8189241cefa1ffd3066e7e8a59c138e5c1d980f00da392d717b12f59d4f4c93d8482e4953b59c3814e5cf3e64e3f0a76bcc35aed816c26155c0d1f5276" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/heap" + } + ] + }, + { + "type": "library", + "name": "dreamopt", + "version": "0.8.0", + "bom-ref": "dreamopt@0.8.0", + "author": "Andrey Tarantsov", + "description": "Command-line parser with readable syntax from your sweetest dreams", + "purl": "pkg:npm/dreamopt@0.8.0", + "externalReferences": [ + { + "url": "git://github.com/andreyvit/dreamopt.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dreamopt/-/dreamopt-0.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf2253a7cfa60be1bee5d7e0b18fabddc931973f90317e345633d0b19739831540c4b9a2eb84c1a1590fe7803fa51017317b1bbb618c301ad93f136fdb7c1a32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dreamopt" + } + ] + }, + { + "type": "library", + "name": "wordwrap", + "version": "1.0.0", + "bom-ref": "wordwrap@1.0.0", + "author": "James Halliday", + "description": "Wrap those words. Show them at what columns to start and stop.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wordwrap@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/substack/node-wordwrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-wordwrap#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-wordwrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "82f57324594fc9c29ce5d64de323e43fcc3b0dcdfb06d3f5c9ccc49de39be2eab7e295d972faed45399657c5be5267be5c2c4a81b8ccfa77af93214f3326dde1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wordwrap" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "version": "3.2.10", + "bom-ref": "jstoxml@3.2.10", + "author": "David Calhoun", + "description": "Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jstoxml@3.2.10", + "externalReferences": [ + { + "url": "git://github.com/davidcalhoun/jstoxml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/davidcalhoun/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davidcalhoun/jstoxml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jstoxml/-/jstoxml-3.2.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "735bf6085c4aae120f5abf9c3ab04e2569029646b945f5161b5d98d60ab2143e1dcca4e5c646ab9e2925c0e4ffeb047565f97ec76655223448411f431621b5ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jstoxml" + } + ] + }, + { + "type": "library", + "name": "pretty", + "version": "2.0.0", + "bom-ref": "pretty@2.0.0", + "author": "Jon Schlinkert", + "description": "Some tweaks for beautifying HTML with js-beautify according to my preferences.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/pretty.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bdc54721813122369a2b99d60197e3e16b9d20394a2f4f5f08bc07bb118319d7f7fd5bf59630f467fb123af325cd3149374171c3c28ff5c15ff835e8d535ed7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty" + } + ] + }, + { + "type": "library", + "name": "condense-newlines", + "version": "0.2.1", + "bom-ref": "condense-newlines@0.2.1", + "author": "Jon Schlinkert", + "description": "Replace extraneous newlines with a single newline, or pass a specified number of newlines to use.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/condense-newlines@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/condense-newlines.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fb5fe40bf476fd07f73c1c8e411452a68e006ed97a50b85f7c599f5790ef9d046824e57830890cfba354a6a6094d588777e7cd54712d1214059fa0884c1cf7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/condense-newlines" + } + ] + }, + { + "type": "library", + "name": "extend-shallow", + "version": "2.0.1", + "bom-ref": "extend-shallow@2.0.1", + "author": "Jon Schlinkert", + "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extend-shallow@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/extend-shallow.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc29d3b65c4da0088373782a636698016171ed759689ab2e1762bc31ee566cdf28b4729350a0708cfb4da51b3fadb5199bb2b158068d8fb3f56bfa79d866d5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/extend-shallow" + } + ] + }, + { + "type": "library", + "name": "is-whitespace", + "version": "0.3.0", + "bom-ref": "is-whitespace@0.3.0", + "author": "Jon Schlinkert", + "description": "Returns true if the value passed is all whitespace.", + "purl": "pkg:npm/is-whitespace@0.3.0", + "externalReferences": [ + { + "url": "git://github.com/jonschlinkert/is-whitespace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47274f865e12e89c00ca3d09263b215891051ba84dc9ede964505165a4d47d9170187c73a6935a34e56042e4bf13f4a586b029b8c5eba672b51042177dda370e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-whitespace" + } + ] + }, + { + "type": "library", + "name": "kind-of", + "version": "3.2.2", + "bom-ref": "kind-of@3.2.2", + "author": "Jon Schlinkert", + "description": "Get the native type of a value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@3.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/kind-of.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e5bd4105cca191a0fe8aa754da0d4d320510889dd7adbb5827df50124474cc58029abb98d13b0a9cee7083dcf99420db93e17a3ec8252997de13bea1b94eb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kind-of" + } + ] + }, + { + "type": "library", + "name": "is-buffer", + "version": "1.1.6", + "bom-ref": "is-buffer@1.1.6", + "author": "Feross Aboukhadijeh", + "description": "Determine if an object is a Buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-buffer@1.1.6", + "externalReferences": [ + { + "url": "git://github.com/feross/is-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/is-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/is-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-buffer" + } + ] + }, + { + "type": "library", + "name": "is-extendable", + "version": "0.1.1", + "bom-ref": "is-extendable@0.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extendable@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extendable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e413142cda1bd6f8055fa123430e62cd60f1ade7162bd00cef6aee80daf44c595d30e8b47e3e8993ecde288b74c468f87047d0209b61e30dce296389e1ff8017" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extendable" + } + ] + }, + { + "type": "library", + "name": "js-beautify", + "version": "1.15.1", + "bom-ref": "js-beautify@1.15.1", + "author": "Einar Lielmanis", + "description": "beautifier.io for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-beautify@1.15.1", + "externalReferences": [ + { + "url": "git://github.com/beautifier/js-beautify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://beautifier.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beautifier/js-beautify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1128cdcd296dfec584f2c722647f24045f013e5c173f0851ea958a030f1bc380708fe899727296e8e35652eb49ede39bb81650a6221bf12ece62ca56acab7bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify" + } + ] + }, + { + "type": "library", + "name": "config-chain", + "version": "1.1.13", + "bom-ref": "config-chain@1.1.13", + "author": "Dominic Tarr", + "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", + "purl": "pkg:npm/config-chain@1.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/config-chain.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/dominictarr/config-chain", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/config-chain/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa3f9ff003c04571eb33486b6aa5d86f6fdb395495e0fbc9425359fc3563d10ae634cdaad9eba2ce47ae55c910e7b27e5b49911fa1ef8be939d0ce09ba5d9545" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/config-chain" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "1.3.8", + "bom-ref": "ini@1.3.8", + "author": "Isaac Z. Schlueter", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@1.3.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "255ff2ba0576bb35b988c4528990320ed41dfa7c6d5278de2edd1a70d770f7c90a2ebbee455c81f34b6c444384ef2bc65606a5859e913570a61079142812b17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ini" + } + ] + }, + { + "type": "library", + "name": "proto-list", + "version": "1.2.4", + "bom-ref": "proto-list@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "A utility for managing a prototype chain", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proto-list@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/proto-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/proto-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/proto-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bed2bff786a4c6c4cc85ed3f71b7e947eb323eeb3372ec21a958c9ab6e82b8d0e01468faf36a1105738fe4c269bf6afb26d13c32c89ea4622abef3930709f6bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proto-list" + } + ] + }, + { + "type": "library", + "name": "editorconfig", + "version": "1.0.4", + "bom-ref": "editorconfig@1.0.4", + "author": "EditorConfig Team", + "description": "EditorConfig File Locator and Interpreter for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/editorconfig@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/editorconfig/editorconfig-core-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fd41ed3c2964e5a98315bcc71322f300765d5c0d4b9bcd13582fe59f0386cb0cc1dee277a62a4a666339339c4d45c0b2aed04126cbaa1b8102b3309ae0e31f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig" + } + ] + }, + { + "type": "library", + "name": "wasm", + "group": "@one-ini", + "version": "0.1.1", + "bom-ref": "@one-ini/wasm@0.1.1", + "description": "Parse EditorConfig-INI file contents into AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40one-ini/wasm@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/one-ini/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/one-ini/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/one-ini/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eec921b5137f1849c489a0c96aa2f2ebbb829350d4a38154c88f287ba8c5fa68d3791d8e42b792e14497713bbf49b53cca7f357f6e75a9cfeceab98ac84acbf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@one-ini/wasm" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "10.0.1", + "bom-ref": "commander@10.0.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@10.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb8320dad5ec8699446d21b3c7b6a6ccfc0a28e086ba84913ff0a311dc3093414e1a551baba94aba8c83653359926c47749b69e7885d7d8fc952b74bed77ddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7008bd0f1e33e902e9a50bc7ac2e422c15b27cec8bd7775b1cd5dc5a564c6035f45eb6d64c1d6ec01c14a5e02941d95accbe998ea22f5b074f1584142cad0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "js-cookie", + "version": "3.0.5", + "bom-ref": "js-cookie@3.0.5", + "author": "Klaus Hartl", + "description": "A simple, lightweight JavaScript API for handling cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-cookie@3.0.5", + "externalReferences": [ + { + "url": "git://github.com/js-cookie/js-cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70488910012821b59f09960a5a157016ebcf5f58044d160fc3a2e56932a8c43decd80917ce40a39e9ea1d15efba33caa8f48da92d789e18a83253f37d3e9551b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-cookie" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.0", + "bom-ref": "nopt@7.2.0", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0950edc02761608be703316827a349e9d5f7a206bdfc7c9c8900e71b5bd00e348b31e28b27803ddd9a98283ae0612af5141639fe13180bed950a2db8a60a6418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nopt" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ebf9a1d44daed98804b021dd634631e685beeb581953ed6f5daa221c7ae929eb9134d805bd2fbf8ebc07890841e5aa407f9a01ed407b135f689764762ca1fc85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/abbrev" + } + ] + }, + { + "type": "library", + "name": "babel__core", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__core@7.20.5", + "description": "TypeScript definitions for @babel/core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__core@7.20.5#types/babel__core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa8429ad9bf3e70405270303a9eb1e4575afdeba8cbe18296d715f5725a16f1f57e3b3ce200ea2ffe75779f12664aa0080e69375a22035232a30853ad72472cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__core" + } + ] + }, + { + "type": "library", + "name": "template", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/template@7.24.0", + "author": "The Babel Team", + "description": "Generate an AST from a string template.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/template@7.24.0#packages/babel-template", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20template%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0647f6abc94c074005a57d0d144a926f1d4e9131dfd1ffb48fcda6930f99a73067924edef50974f3dd6f95f822fa41f03a4f2d4238901e9aa1e0b6926b47ca10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/template" + } + ] + }, + { + "type": "library", + "name": "bs-logger", + "version": "0.2.6", + "bom-ref": "bs-logger@0.2.6", + "author": "Huafu Gandon", + "description": "Bare simple logger for NodeJS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bs-logger@0.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/huafu/bs-logger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/huafu/bs-logger#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/huafu/bs-logger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5df030a8c666e073b8723ca3afc6da8d7236283ac0013d075c0948c6a77778d95476097d4e46193603cee8aaabb9475924fbbea7b3166ea649b277e315b42a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bs-logger" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "2.2.3", + "bom-ref": "json5@2.2.3", + "author": "Aseem Kishore", + "description": "JSON for Humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@2.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e63967bb7b21d81f5e1c2dd54fa3283e18e1f7ad85fef8aa73af2949c125bdf2ddcd93e53c5ce97c15628e830b7375bf255c67facd8c035337873167f16acca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json5" + } + ] + }, + { + "type": "library", + "name": "lodash.memoize", + "version": "4.1.2", + "bom-ref": "lodash.memoize@4.1.2", + "author": "John-David Dalton", + "description": "The lodash method `_.memoize` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.memoize@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b8fe3739a09d0cd30185dcb0760b8229a5b4e5753171ed94e59fe868cbf4a8fc18ae45227c39268b71bdb3acf88bd5d7f0f3a34e3f7c219f2d5b3b6976f802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.memoize" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "3.26.9", + "bom-ref": "@oclif/core@3.26.9", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@3.26.9", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-3.26.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81e58c5deb60ec1eaa822bfeb42fc2221a94d1214e09f9fcc2a9f6cf462218139f9a81f37ade4a6968cf936eac8c05db27b7f3d03a7603f0186cd6ab94afa7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "group": "@types", + "version": "3.11.5", + "bom-ref": "@types/cli-progress@3.11.5", + "description": "TypeScript definitions for cli-progress", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/cli-progress@3.11.5#types/cli-progress", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/cli-progress", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f83db3516ef88aca9a52e62bc11b214edbd3ce97248b980d87c94144e29e5019acc030cdc2c2429672f4e5f20bc4952bb1461e853ca2fc5e689d5fcef7a2ee2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/cli-progress" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.21.3", + "bom-ref": "type-fest@0.21.3", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.21.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b74af306af3b9b77d571db870d41612a6cb25fef5ea3a5908d9bdfe7511afccd10efe4f7ef8269d5a522c9497418ac69f0cfce113547483be69323e0bd7f97db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-fest" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "cardinal", + "version": "2.1.1", + "bom-ref": "cardinal@2.1.1", + "author": "Thorsten Lorenz", + "description": "Syntax highlights JavaScript code with ANSI colors to be printed to the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cardinal@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/cardinal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/cardinal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/cardinal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "252af978e8281329ad607063356ca3acca9eb7d026da68898657ca35da8ba7ace878087428de5d44073195e723e66009ae64289a088e063df9c472eb163a81a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cardinal" + } + ] + }, + { + "type": "library", + "name": "ansicolors", + "version": "0.3.2", + "bom-ref": "ansicolors@0.3.2", + "author": "Thorsten Lorenz", + "description": "Functions that surround a string with ansicolor codes so it prints in color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansicolors@0.3.2", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/ansicolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "417bbb04facfdbd565951c47f06c01ef1e625f9a9628000c2ea2901964de2d656534734ea55309f7576cc50008597a63b96e70aafc6edc977f9d18eb27ed29aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansicolors" + } + ] + }, + { + "type": "library", + "name": "redeyed", + "version": "2.1.1", + "bom-ref": "redeyed@2.1.1", + "author": "Thorsten Lorenz", + "description": "Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/redeyed@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/redeyed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/redeyed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/redeyed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14da461a8d43c9c600767aca17108c98a620a3f9882c0aad4586e47500fc129fc79363d0e7e684004c7e214ef5dd14c39ae05a1f473c3f9668ceeacdbb939b45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/redeyed" + } + ] + }, + { + "type": "library", + "name": "esprima", + "version": "4.0.1", + "bom-ref": "esprima@4.0.1", + "author": "Ariya Hidayat", + "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esprima@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jquery/esprima.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://esprima.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jquery/esprima/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esprima" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "4.0.0", + "bom-ref": "has-flag@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "3.0.1", + "bom-ref": "clean-stack@3.0.1", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "951f70362311715423481ddaef15c62eecf872be3026eb9795a0046d1bad1a8c104e6969ed1ef6fc33a0376d5ef237706e531697d50e24c2576ab5fde29cca76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-stack" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "4.0.0", + "bom-ref": "escape-string-regexp@4.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4eda5c349dd7033c771aaf2c591cc96956a346cd2e57103660091d6f58e6d9890fcf81ba7a05050320379f9bed10865e7cf93959ae145db2ae4b97ca90959d80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "version": "3.12.0", + "bom-ref": "cli-progress@3.12.0", + "author": "Andi Dittrich", + "description": "easy to use progress-bar for command-line/terminal applications", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-progress@3.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/npkgz/cli-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npkgz/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npkgz/cli-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b51915dc7275012c26d7d4c78a22c85cb3bb226ef0953b8a9ef918693932a003de7ea8cd83b5bb0c7294946471cbdbf10ef6f2098424428cefa6db8c9060a0f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-progress" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "4.2.3", + "bom-ref": "color@4.2.3", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6b5deb94522186af2921f8278176ee487bb389c229c28106346dcec6091c72e71547cbe9a86aa9292ff8ea42ad0cb5039e61caea133e1a6dce5fd0ab54ed6e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-string", + "version": "1.9.1", + "bom-ref": "color-string@1.9.1", + "author": "Heather Arthur", + "description": "Parser and generator for CSS color strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-string@1.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21ad56b0405a239d9bfac4ce346a7c780a4a033fe7d9b30fd97ab10cb16fe9cb3b116c4969b0bfc30555bbab7131c70bac74d5c8de55e9ba1119933b3ca7912" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-string" + } + ] + }, + { + "type": "library", + "name": "simple-swizzle", + "version": "0.2.2", + "bom-ref": "simple-swizzle@0.2.2", + "author": "Qix", + "description": "Simply swizzle your arguments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/simple-swizzle@0.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-simple-swizzle.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "240fff910819b5bb98f379bec53fad5c9926267706313153f82fa0da1d91f6ec64608ac4db2cbdb2099c2e10a7c39eff5920fe121dc9f7b14f1031676d79c352" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle" + } + ] + }, + { + "type": "library", + "name": "ejs", + "version": "3.1.10", + "bom-ref": "ejs@3.1.10", + "author": "Matthew Eernisse", + "description": "Embedded JavaScript templates", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ejs@3.1.10", + "externalReferences": [ + { + "url": "git://github.com/mde/ejs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/ejs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/ejs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51e26615f3ab0104bc38958f678aad807c961316b4f3cfccb4ae54132a091851faedc0c45e4652be23a2291099e178a3d33c48dc9102818b37a0ac7e022cd004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ejs" + } + ] + }, + { + "type": "library", + "name": "jake", + "version": "10.8.7", + "bom-ref": "jake@10.8.7", + "author": "Matthew Eernisse", + "description": "JavaScript build tool, similar to Make or Rake", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/jake@10.8.7", + "externalReferences": [ + { + "url": "git://github.com/jakejs/jake.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jakejs/jake#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jakejs/jake/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6438b768ff9f1bf2dc87207350cf34e158dd767c1f49fb1d798930b7c35c6ca46fa38ac592386ce39ea22c59f79366545af35ee22e3c5800836f36bc7e1ab6fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake" + } + ] + }, + { + "type": "library", + "name": "async", + "version": "3.2.5", + "bom-ref": "async@3.2.5", + "author": "Caolan McMahon", + "description": "Higher-order functions and common patterns for asynchronous code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async@3.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/caolan/async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://caolan.github.io/async/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caolan/async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da359caa69a2e1c8b54a9bf0e5bdd5b4e7531280ee9bf1e55f21ece5f44e4fa96c458332e6ff0427b445b8ccecad55bbab0c4af426500b12974e170bc4acbb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async" + } + ] + }, + { + "type": "library", + "name": "filelist", + "version": "1.0.4", + "bom-ref": "filelist@1.0.4", + "author": "Matthew Eernisse", + "description": "Lazy-evaluating list of files, based on globs or regex patterns", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/filelist@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/mde/filelist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/filelist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/filelist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c35704b9fdd2f83acb0902fb113ea4cfe82694975babd27bc970928cafce6423c0faa10dd56c85e1901fd186096b8fec84726b6b6b7f77fafc495e098bec7ef1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/balanced-match" + } + ] + }, + { + "type": "library", + "name": "concat-map", + "version": "0.0.1", + "bom-ref": "concat-map@0.0.1", + "author": "James Halliday", + "description": "concatenative mapdashery", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "externalReferences": [ + { + "url": "git://github.com/substack/node-concat-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-concat-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-concat-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/concat-map" + } + ] + }, + { + "type": "library", + "name": "get-package-type", + "version": "0.1.0", + "bom-ref": "get-package-type@0.1.0", + "author": "Corey Farrell", + "description": "Determine the `package.json#type` which applies to a location", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-package-type@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/cfware/get-package-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cfware/get-package-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cfware/get-package-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cee2ad63ae0661f5a2ccd009d1fafd56ab6d6643622b6892e37d0bb481f38c112be9b5fc026db39b8b16e11a39c23596e5c02544bd6a00c4dc5db8cd00ed9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-package-type" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "11.1.0", + "bom-ref": "globby@11.1.0", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e121768ecf2d6c6fc232a1c6abb964a7d538e69c156cf00ca1732f37ae6c4d27cab6b96282023dc29c963e2a91925c2b9e00f7348b4e6456f54ab4fd6df52de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globby" + } + ] + }, + { + "type": "library", + "name": "array-union", + "version": "2.1.0", + "bom-ref": "array-union@2.1.0", + "author": "Sindre Sorhus", + "description": "Create an array of unique values, in order, from the input arrays", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-union@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/array-union.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/array-union#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/array-union/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1c6cb1a0e4d853208ceacb547ba1098277781287b0008ef331d7ea3be9068e79599810f3fdc479a5ff2bfdc4785aaeb4b0bfe9d0891c8d41043f04b7185ac8cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-union" + } + ] + }, + { + "type": "library", + "name": "dir-glob", + "version": "3.0.1", + "bom-ref": "dir-glob@3.0.1", + "author": "Kevin Mårtensson", + "description": "Convert directories to glob compatible strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dir-glob@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/dir-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/dir-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/dir-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a4ad6a7d191e0a5df28663338b993b86562d545857f0b37efb9fd71ce79fed6fa0eeab217aa5c43901b88712c85a0e963dbfaa1a4abd9708389d1a633077320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dir-glob" + } + ] + }, + { + "type": "library", + "name": "path-type", + "version": "4.0.0", + "bom-ref": "path-type@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-type@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-type" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "5.3.1", + "bom-ref": "ignore@5.3.1", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@5.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45cadcff22b68c8eaa707dddf891edbc3d354c8d98c91b630f9f9b7b384e1e50250d7fc0406bb6f95944bdfd0bebea6c0e412ecc93abddb0c9e8e617be4fc5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ignore" + } + ] + }, + { + "type": "library", + "name": "hyperlinker", + "version": "1.0.0", + "bom-ref": "hyperlinker@1.0.0", + "author": "James Talmage", + "description": "Write hyperlinks in the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hyperlinker@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/hyperlinker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f2f146e545614471f4ae21a6a3337e0b74f5c885bb356a3117fc104fbf6e09f9e9d255a11563adf143a9533bd551612e4b028821206d080c9fa9f883f329441" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hyperlinker" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11d0c366ee00d8ec882bb2ebff6cc6fb0e6399bba4d435419c4c11110bc1ceca412640846d16bc1b153596085871a1890a745689b8c35e5abbefd5f5ff2e71c2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/indent-string" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "2.2.0", + "bom-ref": "is-wsl@2.2.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cacc0adad2b18951407018180d90766e4e865c9fe4ed5c7a5e0a09a430930c631d6c40361a092ca32414826b69c7d431a6eecde7d68067a21a154c168decbc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "2.2.1", + "bom-ref": "is-docker@2.2.1", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17e8b604ab05ac7eba89a505734c280fcb0bcbc81eb64c13c2d3818efb39e82c780a024378a41ea9fcfcc0062249bf093a9ad68471f9a7becf6e6602bef52e5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "natural-orderby", + "version": "2.0.3", + "bom-ref": "natural-orderby@2.0.3", + "author": "Olaf Ennen", + "description": "Lightweight and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-orderby@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/yobacca/natural-orderby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yobacca.github.io/natural-orderby", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yobacca/natural-orderby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7b2931f1534094adc3977bad997eb6f9675de72ef3e149647fb28de416e954414d2c814965d99d0bc29b0b377e7578e383fa1446bbf17583eeb10df3de0fef9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-orderby" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "1.1.33", + "bom-ref": "object-treeify@1.1.33", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@1.1.33", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1055630187f35aa5ac04c4473cc0172c20c8267a4c85d580a91ef11ba33a6b672ce8f305a65ffe676d30f730d6e2f9313857dd75e8012aaf517a17746f1584ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "password-prompt", + "version": "1.1.3", + "bom-ref": "password-prompt@1.1.3", + "author": "Jeff Dickey @jdxcode", + "description": "cross-platform masked or hidden prompt", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/password-prompt@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/password-prompt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e4ae31b668996f174b7604c1f47b62c1fc41dfdcb72addf34ccf2e066077106e502f3a5f904238b52f1ed644132aa552bca7e291edb0a0ee8a80317b5d82acb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/password-prompt" + } + ] + }, + { + "type": "library", + "name": "slice-ansi", + "version": "4.0.0", + "bom-ref": "slice-ansi@4.0.0", + "description": "Slice a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slice-ansi@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/slice-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/slice-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/slice-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8c08c7e1634e347151d3e372bd045ca0a986d43c564a1ce83b2bbde6b5358945bf29c8fddfcdfe08c5de52cdd10943a311520fd606738bc60859b4a2aeac435" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slice-ansi" + } + ] + }, + { + "type": "library", + "name": "astral-regex", + "version": "2.0.0", + "bom-ref": "astral-regex@2.0.0", + "author": "Kevin Mårtensson", + "description": "Regular expression for matching astral symbols", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/astral-regex@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/astral-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/astral-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/astral-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67bb4cc35cad4d7b798ea31c38ff8e42d794d55b8d2bd634daeb89b4a4354afebd8d740a2a0e5c89b2f0189a30f32cd93fe780735f0498b18f6a5d1ba77eabbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/astral-regex" + } + ] + }, + { + "type": "library", + "name": "widest-line", + "version": "3.1.0", + "bom-ref": "widest-line@3.1.0", + "author": "Sindre Sorhus", + "description": "Get the visual width of the widest line in a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/widest-line@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/widest-line.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36c9a85da96c5950cc1aea71679474f246bd7e56638e22ef1d501660e2ad88a33cba3b595abf5c45f7da93eb92138f3e39bf0e6da957a70c9e522c830fa40582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/widest-line" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "plugin-help", + "group": "@oclif", + "version": "6.1.0", + "bom-ref": "@oclif/plugin-help@6.1.0", + "author": "Salesforce", + "description": "Standard help for oclif.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-help@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-help.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-help", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-help/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53e2cd28a69906ba07aa848622961b42691397c696d0d25c3bdb6bd3dd4b24e67be22a840e2ba97c14c232e9255bdb9365d585600a6a4e6b210ee07f238d63c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help" + } + ] + }, + { + "type": "library", + "name": "ansis", + "version": "3.2.0", + "bom-ref": "ansis@3.2.0", + "author": "webdiscus", + "description": "Colorize terminal with ANSI colors & styles", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ansis@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/webdiscus/ansis.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/webdiscus/ansis", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/webdiscus/ansis/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansis/-/ansis-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "624dc19071fd53ba0fc8237780be5373b0a96a11bff9416fffa506d370b7d75572f65cd1980e6ea310d3a54f423b7ac61cbe8acc9cffa5d0de5d9099e4cbbf4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansis" + } + ] + }, + { + "type": "library", + "name": "cli-spinners", + "version": "2.9.2", + "bom-ref": "cli-spinners@2.9.2", + "author": "Sindre Sorhus", + "description": "Spinners for use in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-spinners@2.9.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-spinners.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb0a95fb9326c8be04ef26d780acace03ba065b5f4142e8b9f0ae18eeca42239caf64f0e41a710edac462a78c35d63619ecd31a2dddb648e61e791fcca8f5c26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-spinners" + } + ] + }, + { + "type": "library", + "name": "cosmiconfig", + "version": "9.0.0", + "bom-ref": "cosmiconfig@9.0.0", + "author": "Daniel Fischer", + "description": "Find and load configuration from a package.json property, rc file, TypeScript module, and more!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cosmiconfig@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/cosmiconfig/cosmiconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8adbcbe61f1111300298e4c573851f23207645f1078bbd40c7a13f3e2bd5c6af4db1e29b396a5ec8710e21b980c35aecf0093456eaec40dc30ee57fb62d530ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cosmiconfig" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa1d6590b2a164c4d88e8835544a49346ecd64959cb9cd830e4feab2a49345108e5e22e3790d5dd7fb9dad41a1a8cc5480097028d67471fdaea9a9f918bb92d8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/env-paths" + } + ] + }, + { + "type": "library", + "name": "import-fresh", + "version": "3.3.0", + "bom-ref": "import-fresh@3.3.0", + "author": "Sindre Sorhus", + "description": "Import a module while bypassing the cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-fresh@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bde6188506be0f54012b39ef8541f16fc7dac65af0527c6c78301b029e39ec4d302cd8a8d9b3922a78d80e1323f98880abad71acc1a1424f625d593917381033" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-fresh" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "4.1.0", + "bom-ref": "js-yaml@4.1.0", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c29c59b3d368c596891122462194f20c4698a65d0529203e141f5a262c9e98a84cc24c5083ade1e13d4a2605061e94ea3c33517269982ee82b46326506d5af44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "error-ex", + "version": "1.3.2", + "bom-ref": "error-ex@1.3.2", + "description": "Easy error subclassing and stack customization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-error-ex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/error-ex" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "2.3.1", + "bom-ref": "json-parse-even-better-errors@2.3.1", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c72170ca1ae8fc91287fa1a17b68b3d8d717a23dac96836c5abfd7b044432bfa223c27da36197938d7e9fa341d01945043420958dcc7f7321917b962f75921db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-parse-even-better-errors" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "5.1.6", + "bom-ref": "typescript@5.1.6", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@5.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cda582a33459e832c4580585ad50f3d47e85557cd449f4f2e4550c5ac42553c626e493fd78ee31913211385090be141feb5cfa3bf1baba0c374a0027bef9be1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "plugin-plugins", + "group": "@oclif", + "version": "5.2.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2", + "author": "Salesforce", + "description": "plugins plugin for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-plugins@5.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-plugins.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-plugins/-/plugin-plugins-5.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "054027977f9f374f1c7fb2ea9cb851bf991cf8758e2f3dd32eadedf407f6e5af100a9c5804a6339f283152ba08e744ccd34dbe8b49af8e4b518e0d9b1fd791ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6e519014293e66f19cefb3bd975b2dc7b6f55b4d6963444eba70feb46f127302a7f60e0202a3b9584d8d881d498b9cda6362fc396ef9a81ef3dcd103b66badb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3a58cbad0f5241d394a93690c6a2f97447d95ab5c4c72c96b28cd89405856b03d536e0fcde2825eee243d914e434c6e7888620b7c97cd5e08918875017b6af2d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-name" + } + ] + }, + { + "type": "library", + "name": "npm", + "version": "10.8.0", + "bom-ref": "npm@10.8.0", + "author": "GitHub Inc.", + "description": "a package manager for JavaScript", + "licenses": [ + { + "license": { + "id": "Artistic-2.0" + } + } + ], + "purl": "pkg:npm/npm@10.8.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://docs.npmjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm/-/npm-10.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c21f77b91733829ec70e73cc88b5dc0a4bf685a81d252d3327d293ff7d5dd05a173f4dbeaa037600ec29696f397f14569229e5dab10b7cfc3e0a30575b8f3f8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm" + } + ] + }, + { + "type": "library", + "name": "plugin-version", + "group": "@oclif", + "version": "2.2.2", + "bom-ref": "@oclif/plugin-version@2.2.2", + "author": "Salesforce", + "description": "A command that shows the CLI version", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-version@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-version.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-version", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-version/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-version/-/plugin-version-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1f8b742bb15567ea42c0b01cd3679965b18c816f58717f0b58c976317ccac5019f3eb98164b4e113621e6d1f4fbd10248c3af30a66d979625c0b1f7bb4767a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version" + } + ] + }, + { + "type": "library", + "name": "plugin-warn-if-update-available", + "group": "@oclif", + "version": "3.1.4", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "author": "Salesforce", + "description": "warns if there is a newer version of CLI released", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-warn-if-update-available@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-warn-if-update-available.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-warn-if-update-available/-/plugin-warn-if-update-available-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c63eb3830bee105994ac76055c7a2a993a6f394b0482a5e2ca87fd3aa8e0955dd77813cdb109dbb96ff4f391c549606f2885500addb6b954556890b3de8ece0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available" + } + ] + }, + { + "type": "library", + "name": "content-type", + "version": "1.0.5", + "bom-ref": "content-type@1.0.5", + "author": "Douglas Christopher Wilson", + "description": "Create and parse HTTP Content-Type header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-type" + } + ] + }, + { + "type": "library", + "name": "is-stream", + "version": "2.0.1", + "bom-ref": "is-stream@2.0.1", + "author": "Sindre Sorhus", + "description": "Check if something is a Node.js stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-stream@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "845a222624e5eb79e7fa4b2d1c606d7b05922a740ba726f5e7928785e035977f6ebed3bd9d6228a75a77b9da8f71477fc5b17554b30ee27ece23aa7b45b9e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-stream" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf3d3a4bcb74a33a035cc1beb9b7b6eb37824cd5dc2883c96498bc841ac5e227422e6b38086f50b4aeea065d5ba22e4e0f31698ecc1be493e61c26cca63698ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.2.1", + "bom-ref": "safe-buffer@5.2.1", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "test", + "group": "@oclif", + "version": "3.2.15", + "bom-ref": "@oclif/test@3.2.15", + "author": "Salesforce", + "description": "test helpers for oclif components", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/test@3.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/test/-/test-3.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea1b7468b28ccdab24a4c525c89d4d765de736b0f48e92a6072437dd1598961b76bc0b1bb87673e2010be6b3e049b0e94b4267c4425487aa2c9550a38c1e15c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "version": "4.4.1", + "bom-ref": "chai@4.4.1", + "author": "Jake Luer", + "description": "BDD/TDD assertion library for node.js and the browser. Test framework agnostic.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chai@4.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/chai.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://chaijs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/chai/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d77b0e7ccbf6f8359db8453eff16ee9f72d270ba2a375ee705e4cb52c9837ca768882d5faf49fd3d4e20baee0085170e54593fb16f0bc99587ba15ad419885fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chai" + } + ] + }, + { + "type": "library", + "name": "fancy-test", + "version": "3.0.15", + "bom-ref": "fancy-test@3.0.15", + "author": "Salesforce", + "description": "extendable utilities for testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fancy-test@3.0.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/fancy-test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/fancy-test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/fancy-test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fancy-test/-/fancy-test-3.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91964574fcd55ad2b106498b2d47f1862cec78697565946e0a69ae0a4a35a2202cfd7fccbc4e000a6fef973bf17eee0e79bffb309f2154ff2b522566dd1ef6f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fancy-test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "group": "@types", + "version": "4.3.14", + "bom-ref": "@types/chai@4.3.14", + "description": "TypeScript definitions for chai", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/chai@4.3.14#types/chai", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/chai", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chai", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a3ef5b1713843802419d1bd4efab5bbf7eab8dcfd11d1b82c824cc1554823b6ac8630fff1c7fc7f221f2408d1afa61cb179d213c70e1903ead60a9e47ccfedf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/chai" + } + ] + }, + { + "type": "library", + "name": "sinon", + "group": "@types", + "version": "17.0.3", + "bom-ref": "@types/sinon@17.0.3", + "description": "TypeScript definitions for sinon", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinon@17.0.3#types/sinon", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinon", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinon/-/sinon-17.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f7ba8bdd9fc7b0932f644411b5f5b3b06996dec49bbf5e3b641f28ef520b78c5f3c5cf5f1d70e44832a9d887ae85c773e8c2172bf39353e7e7abdfea1589aa7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinonjs__fake-timers", + "group": "@types", + "version": "8.1.5", + "bom-ref": "@types/sinonjs__fake-timers@8.1.5", + "description": "TypeScript definitions for @sinonjs/fake-timers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinonjs__fake-timers@8.1.5#types/sinonjs__fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinonjs__fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinonjs__fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "990914da363c8c9105ed81e31efb103bcfb7ba08532f599c9e7f7a8a07e138d991f9f50f48a22479f418a527bc6ec972d84a7ba106e7ffa546e7ff7fd2a700ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinonjs__fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-stdin", + "version": "1.0.0", + "bom-ref": "mock-stdin@1.0.0", + "author": "Caitlin Potter", + "description": "Mock STDIN file descriptor in Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-stdin@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/caitp/node-mock-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-stdin/-/mock-stdin-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6e91175bf417aedbbb7a74df97ced4911eaf49d01fc2a003b2486cc77e7f144df9aa8a9039c8d4ffb03504c987405771e991ae96c7a90e331b8e6dd39ec7ad1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nock", + "version": "13.5.4", + "bom-ref": "nock@13.5.4", + "author": "Pedro Teixeira", + "description": "HTTP server mocking and expectations library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nock@13.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/nock/nock.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nock/nock#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nock/nock/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c80c937dd78d24618117159dcd2282058c6ce45c4b6c28395f94387adb3def885c4331b5faa0b1bc8c8ea388f6472e8c52585654c5f83a860379f008230ba98f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nock" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-safe", + "version": "5.0.1", + "bom-ref": "json-stringify-safe@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSON.stringify, but doesn't blow up on circular refs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-safe@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/json-stringify-safe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642960e80698bda9af60413cd9ddc8c9ddef49222343ea1d823693cd1b8edeceeda0274529cce86f68b4cc287b244f245a7d7bcaf016854571bea1b051a96c44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stringify-safe" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "propagate", + "version": "2.0.1", + "bom-ref": "propagate@2.0.1", + "author": "Pedro Teixeira", + "description": "Propagate events from one event emitter into another", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/propagate@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nock/propagate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/nock/propagate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/nock/propagate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bc6ae139abcf493cf841536e04d75c35778f35d34c68ed718fdc81787d527103e393fae183db129425cf84c905b9a34d5bfb324ef62ab276c82713017d16db6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/propagate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinon", + "version": "16.1.3", + "bom-ref": "sinon@16.1.3", + "author": "Christian Johansen", + "description": "JavaScript test spies, stubs and mocks.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sinon@16.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/sinon.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sinonjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/sinonjs/sinon/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a39d659ecb17007fd9c2d1b5dc3e6883badfa813c1d8ae275337305b17df006152e65b0191a76212129ca161f946d627c82d3f9e367dc198a5093f18d750f94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "3.0.1", + "bom-ref": "@sinonjs/commons@3.0.1", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b79821ca43db1587ca350bd731930c5a3a65e800c943c42d666321eb8ea39611c06362befab7deb32f6ce58f9754199dc74b0db8d17d6a807dcc8dfd72256a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "10.3.0", + "bom-ref": "@sinonjs/fake-timers@10.3.0", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578046d3b92e6125244c24811c6f06f1336133e175f635c55a742dce3fb07bc0eb92948109e7bd67732cf328867abfdd96685edf9fd7760ca8dffd2b40a83b60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "samsam", + "group": "@sinonjs", + "version": "8.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0", + "author": "Christian Johansen", + "description": "Value identification and comparison functions", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/samsam@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/samsam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sinonjs.github.io/samsam/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/samsam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "069f0a51594ba7c89b259ae7bead9fa1584fd08557d82229acc24f2b4bea1aa82b0dad0e1d529e67207292ab2492b77157ac8a04f9866ac3bc2d58c0291dc67b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.get", + "version": "4.4.2", + "bom-ref": "lodash.get@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.get` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.get@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfe530fef2eecba8107bc71f685583ee9d3056ff1f265de66f35e1df7452fb4a16db0bd4aa2457890ebd80b5922e9801e7feac53eafa065411d0c0482da76a4d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.get" + } + ] + }, + { + "type": "library", + "name": "nise", + "version": "5.1.9", + "bom-ref": "nise@5.1.9", + "description": "Fake XHR and server", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/nise@5.1.9", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/nise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/nise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/nise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e9e8ba35b8495e9ee34758c4939bdeebeea0f1ed98bcc89384c5a3e8f48cf2680bee59f718dae6a1f9259a1b10fb1af3e618a6132b392c27aec844846daac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-encoding", + "group": "@sinonjs", + "version": "0.7.2", + "bom-ref": "@sinonjs/text-encoding@0.7.2", + "author": "Joshua Bell", + "description": "Polyfill for the Encoding Living Standard's API.", + "licenses": [ + { + "expression": "(Unlicense OR Apache-2.0)" + } + ], + "purl": "pkg:npm/%40sinonjs/text-encoding@0.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/text-encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b175ca1beb8bf48acaa95893b5aa365ace9dcb4ce7bbdb0e68fd5d8bf8ca196d4ce95b2c3bcbe5a5709072967e8e2b10d6d4c5002e49a3f10ecc56e08016a015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/text-encoding" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-extend", + "version": "6.2.0", + "bom-ref": "just-extend@6.2.0", + "author": "Angus Croll", + "description": "extend an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-extend@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "718a1f42ed97a689bcd92eaa0fbefc8c10e9c2fbf2dfdb3597f86b6228f6bbd00c750706469681bba918e26561ba7a39909562d43033e1a8a9840d96235fce03" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/just-extend" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "stdout-stderr", + "version": "0.1.13", + "bom-ref": "stdout-stderr@0.1.13", + "author": "Jeff Dickey @jdxcode", + "description": "mock stdout and stderr", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stdout-stderr@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/stdout-stderr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stdout-stderr/-/stdout-stderr-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7b7dfc71c761f8d9ecd7902efb900f22f52e76ec6dd760305282b9a40ac0609d266f0b9ecb59217a29fae398dfa511d545d7a075df31b0b52a555d55dd892c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stdout-stderr" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abort-controller", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/abort-controller@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A simple abort controller library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/abort-controller@3.0.0#packages/abort-controller", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/abort-controller", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/abort-controller", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7a1a514606df4ae0c60bbbbd98b89e76dcd551e00f281e50b933624ee8e990a8df2401cfee87526a2c4f858b34e892b4891a0d024af0be06bb261b32adb1928" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/abort-controller" + } + ] + }, + { + "type": "library", + "name": "express", + "group": "@types", + "version": "4.17.21", + "bom-ref": "@types/express@4.17.21", + "description": "TypeScript definitions for express", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express@4.17.21#types/express", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a394f337d79ab02e96909500d38cf76c50549ce99b0fe0037a0255a7a203e343b0958bb3d8177615cfe098de3136a7061fec4ffb1e50c0374ad5d86c531b41d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "group": "@types", + "version": "1.19.5", + "bom-ref": "@types/body-parser@1.19.5", + "description": "TypeScript definitions for body-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/body-parser@1.19.5#types/body-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/body-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/body-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c1dd9bbddae71abb4890d0930215013b6ff76ff0eb74ecd23729a64890850d5eaf3693878102a51a9de5df95e198f495ac91e4bdcbebb49d7332b2972e42b0a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/body-parser" + } + ] + }, + { + "type": "library", + "name": "connect", + "group": "@types", + "version": "3.4.38", + "bom-ref": "@types/connect@3.4.38", + "description": "TypeScript definitions for connect", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/connect@3.4.38#types/connect", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/connect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/connect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bab9139fd4b0fcf2e0d0a890a4b40e32ccbd586002ba3607ec234bff9938323ca5ac5f50a72745cf48385589e8ebbb519c4642d66fc465cc560946a1946daba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/connect" + } + ] + }, + { + "type": "library", + "name": "express-serve-static-core", + "group": "@types", + "version": "4.19.0", + "bom-ref": "@types/express-serve-static-core@4.19.0", + "description": "TypeScript definitions for express-serve-static-core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express-serve-static-core@4.19.0#types/express-serve-static-core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express-serve-static-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express-serve-static-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c6c9ea7726a3c246bcb5c2af8ee67ee88818065a67882573e35d70a8f042b4bbc76e6464986abedc1aa77730bd8952c2c6781edf99cd3a298a3d7cb196a8fbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express-serve-static-core" + } + ] + }, + { + "type": "library", + "name": "qs", + "group": "@types", + "version": "6.9.15", + "bom-ref": "@types/qs@6.9.15", + "description": "TypeScript definitions for qs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/qs@6.9.15#types/qs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/qs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b971d02844ba0d028a08b878e355effddc313aad53552dc93d432512aa04825be5851e8cc6795ec3f5eafcb4551e92f293b88adf33837b5a981c8325b4eed71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/qs" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "group": "@types", + "version": "1.2.7", + "bom-ref": "@types/range-parser@1.2.7", + "description": "TypeScript definitions for range-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/range-parser@1.2.7#types/range-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/range-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/range-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84aa2b9896e426acd01a1ce26b1e4f22d0d44cc00cf6e1365d7426337eddc9de2154cfb969597ba15c4c554895427da809014dfcb28265dbd2334a4546a6d299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "group": "@types", + "version": "0.17.4", + "bom-ref": "@types/send@0.17.4", + "description": "TypeScript definitions for send", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/send@0.17.4#types/send", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/send", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/send", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c7610ce9324ec9b79cedce76057d19b293e874cb1051de4be8f4703ae9d5c955215e205229fdc07b30cbf0382f82de68d147ca35fb80d1e30baf6c0b4f802204" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/mime@1.3.5", + "description": "TypeScript definitions for mime", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mime@1.3.5#types/mime", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mime", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe9c8165648b0f69f475c1c4de1abcb3c66f7044c7b44b85fb713b5d5b74220da7bec5505dd8211d57049085a3cbd034c0a7d39fdedafcf48362884a2259cfff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "group": "@types", + "version": "1.15.7", + "bom-ref": "@types/serve-static@1.15.7", + "description": "TypeScript definitions for serve-static", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/serve-static@1.15.7#types/serve-static", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/serve-static", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/serve-static", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5bc626fa1f2786e47068a3da0f0df8414930b068ba45ce3262abca168e6b9b61541210856f3556af15d4c6e28af130128d6b32b096349ec98d086842388b2b3b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/serve-static" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/http-errors@2.0.4", + "description": "TypeScript definitions for http-errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-errors@2.0.4#types/http-errors", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-errors", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-errors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f408530cb7275b2407a0ccec878ed88a3cb96f9e6de24d9c994526682eada64610dd98b7c858e0983df409e1cbb67ab2a0854fbe42f8dc523a7fe61ee1112a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-errors" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "group": "@types", + "version": "11.0.4", + "bom-ref": "@types/fs-extra@11.0.4", + "description": "TypeScript definitions for fs-extra", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/fs-extra@11.0.4#types/fs-extra", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/fs-extra", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-11.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c936c8b4236b791a28103df7aa3ba73ed8517128c444fd6be0ca8265cef0bf4bb6b149334c5a78e6d8147d2e7eafb16b64f76608235f94b85548ffe8f927a6b1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "group": "@types", + "version": "6.1.4", + "bom-ref": "@types/jsonfile@6.1.4", + "description": "TypeScript definitions for jsonfile", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jsonfile@6.1.4#types/jsonfile", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jsonfile", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonfile", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jsonfile/-/jsonfile-6.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f9a86518c23be734d7b1b5d539f7ff9f23eb299f0b53166c903f487e3df20e4a435fa54e803880943a49b88b43a74a4f8dca374f26bc420eba34b09b16951a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jsonfile" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "group": "@types", + "version": "4.0.3", + "bom-ref": "@types/get-installed-path@4.0.3", + "description": "TypeScript definitions for get-installed-path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/get-installed-path@4.0.3#types/get-installed-path", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/get-installed-path", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/get-installed-path/-/get-installed-path-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5deea74eebca3b776e98cb29b267f57b092b7bce5f866426335c88bf67e4c99458a9753538d6001fd6f61cc0e2ca43ef76315485eb9de298b3044a48eede8e53" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "jest", + "group": "@types", + "version": "29.5.12", + "bom-ref": "@types/jest@29.5.12", + "description": "TypeScript definitions for jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jest@29.5.12#types/jest", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7830bc6d3bd3fd0858771240ba542292e7a2818e40b1d0511f6c83296df2bde5bbb2f637f83ccdf38ff6354824c35d114e225b5aa66b4eda0655d625bc525d2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jest" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "29.7.0", + "bom-ref": "expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@29.7.0#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9992cd217f554b15823591b8742398cfdca1c7c821e991fc87073b125d116097f060f665987cc5bca03f8f74c3e5130cb91cdb11f49bad632ea931e3a1eb59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect-utils@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@29.7.0#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5b0d0568854050958bd4154b1edfe4080c78bc5ef58082b393ee3f63b62dd8c3000f0987d797ee503526aff1757c3759bde1caf94535f6487dc45eb52cd870" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "29.6.3", + "bom-ref": "jest-get-type@29.6.3", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@29.6.3#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cebb5e5e7a98c5f421ee5e451f22f7f232f7f5d8bc1fcac7a1e70b1f724dc47dc1c0eac1b0d79a6dd6a9e5ed08db7943e071c8f16e5514166a1b811aab92cd73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "29.7.0", + "bom-ref": "jest-matcher-utils@29.7.0", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@29.7.0#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b01903f978bd0ed70286c2372f7bb4f8dd28a603d89c244fb4671062b817991fa19adfdf61f5802f4c515d853c79639d7ee2e005ed18096dc016d9d12da82afe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "29.7.0", + "bom-ref": "jest-diff@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@29.7.0#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cc220888ae18a098faecd37247a71521db22122b7bcb14f900a1d3dea34f81b85ef003616841b904835bbc8016014e19dcbbb7b5a040d47c85d5b93a8b4548f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "29.6.3", + "bom-ref": "diff-sequences@29.6.3", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@29.6.3#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12378f2b5b2b0f73f4f28da3e1fd04c67ca5a91b3907db498dca7db7592b1f6a918bc08276c61fc1ef498122eeac5056c2ae2e3a58a9cdf9397c736fc052abf1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "29.7.0", + "bom-ref": "pretty-format@29.7.0", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@29.7.0#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3dd970fe83f137e69776633d474d09542f56545a022d3289bc354b82627ea807df04cc6c57ce65fcbbbbb0dc78cd2ccfca82f67ae226b84c0784e5dd12034565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "29.7.0", + "bom-ref": "jest-message-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@29.7.0#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "181115e064400de3feaad076fbabbad6cb5e6bc98670e4f8982b6b608499c1fbbdfc8487149ff9cce31761ba4113d46c4b9f866fadc35b81609a7289efd29feb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/types@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@29.6.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb750fb088a558a38cdc5f425edac6f0b10998dc70a02402fd7563e082985efbe9c7b4088bf2a0d4b239b83983a4a95a73ad8d52d5fb78b8d187e8d565c2cecf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "29.7.0", + "bom-ref": "jest-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@29.7.0#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfa11b29a8c8a6a18a539eb2e4a054832d5db758a18502605b352564702b03ff97d9a77b09be6217e00ad445952ff068ed1cfdbaeae9ab0e9288109e7d46c218" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/schemas@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@29.6.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a8e63e57fa321998942f78129e4bf72502e7a2a55eca8225f5bcc802c5a9b544d622a84d70eb69f4fed2499c7b635bc647710728e6063ce630379a2d0bfa748" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.27.8", + "bom-ref": "@sinclair/typebox@0.27.8", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.27.8", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f858f8de948cc09b38291ac7ffddfc51ffae0042c881506643383fab5606d74763c9f0374e7ad4f0df17cea0a1fe891976ccea0504d97fdea274c7c4e659f04c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "group": "@types", + "version": "4.0.9", + "bom-ref": "@types/js-yaml@4.0.9", + "description": "TypeScript definitions for js-yaml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/js-yaml@4.0.9#types/js-yaml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/js-yaml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9383066909794c6a3f8a2a6a6f65031b65308d7ce2496921d2ecac41e953949a57d6a1a5a546589bc3e73b80f11b5a81a26b4951d609eaa47ac5d21a875d092e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mocha", + "group": "@types", + "version": "10.0.6", + "bom-ref": "@types/mocha@10.0.6", + "description": "TypeScript definitions for mocha", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mocha@10.0.6#types/mocha", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mocha", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "749beb616c4ffd47179b7e909f7e9fc6150abbc03fc4c457553d9c962145d59ed403d9621b93ec8f77b3352670fb9a6e1f67330d744b7174317fc25b26dd1e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mocha" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "group": "@types", + "version": "4.13.4", + "bom-ref": "@types/mock-fs@4.13.4", + "description": "TypeScript definitions for mock-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mock-fs@4.13.4#types/mock-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mock-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "99798cd28ea550b3c8f33dd7367402a4bd011b13f0c75525d705d810f04697879f4a1cb15b64659f424e3c4586c9969864c33a3955ccff5e7352e14c639da58e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "undici-types", + "version": "5.26.5", + "bom-ref": "undici-types@5.26.5", + "description": "A stand-alone types package for Undici", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/undici-types@5.26.5", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/undici.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://undici.nodejs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/undici/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26508c3be7a174420aaa517193a21f568014566833edc53bcc3fe1f57674ab37a8b121e650954ecd242fbd84985979055c2f887cb29221f7e1bf4b1566ea7aa4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/undici-types" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "group": "@types", + "version": "1.3.3", + "bom-ref": "@types/objects-to-csv@1.3.3", + "description": "TypeScript definitions for objects-to-csv", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/objects-to-csv@1.3.3#types/objects-to-csv", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/objects-to-csv", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/objects-to-csv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/objects-to-csv/-/objects-to-csv-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0be7cc752da02beacd51ce620231ff778cfea0d6b272d06ba45e46f433b84a9a81efcc06fd3929d917c8f3fe9a29ffd1f8b39a0117106b14371bfe9498083c19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "group": "@types", + "version": "4.2.3", + "bom-ref": "@types/prompt-sync@4.2.3", + "description": "TypeScript definitions for prompt-sync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prompt-sync@4.2.3#types/prompt-sync", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prompt-sync", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prompt-sync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prompt-sync/-/prompt-sync-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b1efb8024b1d18c9e6a41adfea7ce6544853524a2fac877001a063a20b088ed8a383c78f760499d49bda085d2f801c9b6aa75da233845db98eaf89327d6d8c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "tmp", + "group": "@types", + "version": "0.2.6", + "bom-ref": "@types/tmp@0.2.6", + "description": "TypeScript definitions for tmp", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/tmp@0.2.6#types/tmp", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/tmp", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72185a35fda82879519031adfad88a136679689eaa6a59bb67dae52dd07098e88001fd3d610befa0b5e358ae0758f175c54fdfaaf3207cd7e956806c700fed28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/tmp" + } + ] + }, + { + "type": "library", + "name": "uuid", + "group": "@types", + "version": "9.0.8", + "bom-ref": "@types/uuid@9.0.8", + "description": "TypeScript definitions for uuid", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/uuid@9.0.8#types/uuid", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/uuid", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0fbdec4188718f4018724945a68f5607ad283b2b4e06d18d0e4cb208e1fc340a1059740edc91aff5423b20f54f647530d7963cafeeec9a068650d99ca0407c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/uuid" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@7.12.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/eslint-plugin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5f757dc6ee0dffdddd2f28db5fabdd99dc18891effe7969341293b6d4b5e10df2da86b89917d0868f87db01eb448e56817637529bd6ba55e5dba5b4fa678d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "group": "@eslint-community", + "version": "4.10.0", + "bom-ref": "@eslint-community/regexpp@4.10.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/regexpp@4.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aef7a49dd81cbd982353c768b228e9aad74bf6da351542fd25427946372d7aa04f79f3dc84f900033dbacc182900e7570a6528373eefda4c955319f2ffaa350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/parser@7.7.1", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@7.7.1#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be63f304e3adcf8f05e89006552fe46589381245daa3a886ac3f37f2ca75c37350402d16f2bcbfabae35294e0fac6ec028d01fe7a34e711f063a91fc97d14f0b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/scope-manager@7.7.1", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.7.1#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f2b4189fd9217ef52a4450aca7627e60d511c575d254732ca71a9ced5f797f8a4eca99912fd7d5823215019075cf53d7acfd55860f7ff3837c20f74f83876ac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/types@7.7.1", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.7.1#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0263e69c65b564b4e959afbfda898facf7d1ec171b514e2885ae5521b49b4b56b54eff7ae9b925bcb357c69de6adb73e3f68f830d3937c37df36c938a3473aff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/visitor-keys@7.7.1", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.7.1#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8012f712adb9b800f0d4b43d915a5fde144cf835b3b34b999271d82b786ae237133ea5420a51c60e707a514515d9215e05e0382961d66db2ea99b19c6781586f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/typescript-estree@7.7.1", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.7.1#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977b4247097aeef056b7e9db5e5ea987d98c6780a2639102e3c73a23e8b630cd9eea66f82c2d273e7aa22d0aba88a29f1597650aa008b44ad556bbdec541921" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-api-utils", + "version": "1.3.0", + "bom-ref": "ts-api-utils@1.3.0", + "author": "JoshuaKGoldberg", + "description": "Utility functions for working with TypeScript's API. Successor to the wonderful tsutils. 🛠️️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-api-utils@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/JoshuaKGoldberg/ts-api-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "510308a3ba5bf1646898a475ffe30554b4eba08bc356d317dcae8e522afcca72f2cc1f097ab8a89edd9b4c0b6634f6b57a402037b60f0f27fa57eca0add53e79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-api-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "3.4.3", + "bom-ref": "eslint-visitor-keys@3.4.3", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2973e2d77a2ca28acc4f944914cd4eacbf24b57eb20edcc8318f57ddcbb3e6f1883382e6b1d8ddc56bf0ff6a0d56a9b3a9add23eb98eb031497cfdad86fa26a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "8.57.0", + "bom-ref": "eslint@8.57.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@8.57.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "759ebe99ec6769321b481656828bb9d54e8e9b322160cd9570d76d893b48eea3cd666df9024a6bd1feafb70df0d4a9a7e4f628fad6557e1d775ab8694baa0ba9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0", + "description": "Type utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/type-utils@7.12.0#packages/type-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/type-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9626fdeadc91b4c84bc706ae0d6529fee5b714c84b03a0f4ac9f13ec7987ef1db71a4d46c30bbc519f7834c5c1bce10b9fa7e548f881ac22a57a19225f26aac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0", + "description": "Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/utils@7.12.0#packages/utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63a861c31c03c78d473698ee62cc18a7a8036e4899f078a7f417f9689427d5ba53b3769f618e065fe30f63199af23b68215d864704ccfd4266ff6b86095bfe0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "group": "@eslint-community", + "version": "4.4.0", + "bom-ref": "@eslint-community/eslint-utils@4.4.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/eslint-utils@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d7fb00e1dc2bcc1032794a10ea8c5a8472a6ad9bec9cb0a0e117f15b76451869909123503c534b57d09410540fd71f446171d3a39a7ac5d85933535ef69fc07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graphemer", + "version": "1.4.0", + "bom-ref": "graphemer@1.4.0", + "author": "Matt Davies", + "description": "A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/graphemer@1.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/flmnt/graphemer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flmnt/graphemer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flmnt/graphemer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12d2b0a0eea4c422fd58ee718a98874d9952cc19bb58b4fadbb4ea0bfb9545dd072a6abc357c9e6e7358c43a018bbc2df1e4d6ad4aca5c2395685abdc759206a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graphemer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accurate-search", + "version": "1.2.15", + "bom-ref": "accurate-search@1.2.15", + "author": "Florin Mirel Dumitrescu", + "description": "The fastest and most accurate javascript full-text search library. Accurate search uses match distance algorithm to return the accurate order of the matching items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/accurate-search@1.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/florind9/accurate-search.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://accuratesearch.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/florind9/accurate-search/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accurate-search/-/accurate-search-1.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2356977547875158d69468d26c177c35a304fc2414f78d87dad1cc12e6797adff16f9da60e18a421e6c08bdb9f12801ef25c331eb6c29784797ae099f0aff07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accurate-search" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "8.16.0", + "bom-ref": "ajv@8.16.0", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@8.16.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ajv.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "174b7047c535654ebb24812d7a451c2e45e4a0ee6630c9a0183f2c2bfc5417327cd398f11d097dda1226140aaa5ccc8c62348f3b250f0301d8841ef6839b135f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ajv" + } + ] + }, + { + "type": "library", + "name": "fast-deep-equal", + "version": "3.1.3", + "bom-ref": "fast-deep-equal@3.1.3", + "author": "Evgeny Poberezkin", + "description": "Fast deep equal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-deep-equal@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/fast-deep-equal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-deep-equal" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "1.0.0", + "bom-ref": "json-schema-traverse@1.0.0", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34cf3f3fd9f75e35e12199f594b86415a0024ce5114178d6855e0103f4673aff31be0aadaa9017f483b89914314b1d51968e2dab37aa6f4b0e96bb9a3b2dddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-schema-traverse" + } + ] + }, + { + "type": "library", + "name": "require-from-string", + "version": "2.0.2", + "bom-ref": "require-from-string@2.0.2", + "author": "Vsevolod Strukchinsky", + "description": "Require module from string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-from-string@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/require-from-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dfd2759ee91b1ece214cbbe029f5b8a251b9a996ae92f7fa7eef0ed85cffc904786b5030d48706bebc0372b9bbaa7d9593bde53ffc36151ac0c6ed128bfef13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-from-string" + } + ] + }, + { + "type": "library", + "name": "uri-js", + "version": "4.4.1", + "bom-ref": "uri-js@4.4.1", + "author": "Gary Court", + "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/uri-js@4.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/garycourt/uri-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/garycourt/uri-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/garycourt/uri-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eeb294cb2df7435c9cf7ca50d430262edc17d74f45ed321f5a55b561da3c5a5d628b549e1e279e8741c77cf78bd9f3172bacf4b3c79c2acf5fac2b8b26f9dd06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uri-js" + } + ] + }, + { + "type": "library", + "name": "punycode", + "version": "2.3.1", + "bom-ref": "punycode@2.3.1", + "author": "Mathias Bynens", + "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/punycode@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/punycode.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/punycode", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/punycode.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/punycode" + } + ] + }, + { + "type": "library", + "name": "form-data", + "version": "4.0.0", + "bom-ref": "form-data@4.0.0", + "author": "Felix Geisendörfer", + "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data@4.0.0", + "externalReferences": [ + { + "url": "git://github.com/form-data/form-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/form-data/form-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/form-data/form-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1131249521a2e6dd10319ba25e803f43abdc9f170b40fe6f76e812a6e0328ba4951a2d9c94f3e9fb180486e31a1c2fb31a09f7d4a776df95b7e5fec7ca491ac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data" + } + ] + }, + { + "type": "library", + "name": "proxy-from-env", + "version": "1.1.0", + "bom-ref": "proxy-from-env@1.1.0", + "author": "Rob Wu", + "description": "Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-from-env@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/Rob--W/proxy-from-env.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fece439109b03d7f5b5d5912b445a091dc63efe7470cc5caf3e17f24e4b4d2503d43930e3b98a24465036e9c8b514e45b082d6944a8d515454481bd65788562" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-from-env" + } + ] + }, + { + "type": "library", + "name": "assertion-error", + "version": "1.1.0", + "bom-ref": "assertion-error@1.1.0", + "author": "Jake Luer", + "description": "Error constructor for test and validation frameworks that implements standardized AssertionError specification.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/assertion-error@1.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/assertion-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/assertion-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/assertion-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0b1a35dbb3fa776f1b216ddee4ae5aabf2e250a72098a8beda2e40de4964738a092d90ba111d6dc407161564b33d8dd94f615c9a3ca1d1bb113c969447ae0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/assertion-error" + } + ] + }, + { + "type": "library", + "name": "check-error", + "version": "1.0.3", + "bom-ref": "check-error@1.0.3", + "author": "Jake Luer", + "description": "Error comparison and information related utility for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/check-error@1.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/check-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/check-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/check-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88a1280d869199dd66c4cf746b63847d6863b233e960fb90fa5318b28c41d76ebeb7c7f0ef24843b8f2798383908e4e3c4323ae7f636396a5e10793764e7bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/check-error" + } + ] + }, + { + "type": "library", + "name": "get-func-name", + "version": "2.0.2", + "bom-ref": "get-func-name@2.0.2", + "author": "Jake Luer", + "description": "Utility for getting a function's name for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-func-name@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/get-func-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/get-func-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/get-func-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2f5cebee135ebb0ad21cdcec88b5ca3b37f76946d05b60eb0fb170b3ed7fcf3279468d88d21ae64980cd58ee699ec3b04a7fd06abcb5f6b67395cb504152cc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-func-name" + } + ] + }, + { + "type": "library", + "name": "deep-eql", + "version": "4.1.3", + "bom-ref": "deep-eql@4.1.3", + "author": "Jake Luer", + "description": "Improved deep equality testing for Node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-eql@4.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/deep-eql.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/deep-eql#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/deep-eql/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "59a12d00ea51035310d1ea21a998e9183f33748d0ebec9bc9a616168337c76f0d9cf2a1431c6039dfe58ea2bbb1d35f17fc2434b6dea59ae1afa12820f238fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-eql" + } + ] + }, + { + "type": "library", + "name": "loupe", + "version": "2.3.7", + "bom-ref": "loupe@2.3.7", + "author": "Veselin Todorov", + "description": "Inspect utility for Node.js and browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/loupe@2.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/loupe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/loupe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/loupe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd230834655891da5848e0662e2d03d54a3b254f6755d40aac7c42f1e62557ef5828af5678fa8094bee54a5a2b1bf536170d70d214c199a6bf8eb43751b3c7b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/loupe" + } + ] + }, + { + "type": "library", + "name": "pathval", + "version": "1.1.1", + "bom-ref": "pathval@1.1.1", + "author": "Veselin Todorov", + "description": "Object value retrieval given a string path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pathval@1.1.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/pathval.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/pathval", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/pathval/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e9eb31aaa537444dd47ade57a12583de20eaa988d04db5cec1a5648bace8deed4688b04e5a63ddabfc0ba7400eebb17bdeb7796b277267657dbd50f4ca5f229" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pathval" + } + ] + }, + { + "type": "library", + "name": "colors", + "version": "1.4.0", + "bom-ref": "colors@1.4.0", + "author": "Marak Squires", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colors@1.4.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/Marak/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Marak/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Marak/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6be52a4e1e2481983f4a51af7dbcc31e9811bbb00040e9a6a911c99f185164808a1544fdd5bad584d36de7c08c594f4fb016efdcf0c26541db571b83887da6b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colors" + } + ] + }, + { + "type": "library", + "name": "csv-parse", + "version": "4.16.3", + "bom-ref": "csv-parse@4.16.3", + "author": "David Worms", + "description": "CSV parsing implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parse@4.16.3", + "externalReferences": [ + { + "url": "git+https://github.com/wdavidw/node-csv-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/parse/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wdavidw/node-csv-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.16.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70ed48ff39b3e30d9d70a1d5be90abec9551bbcfc5ca61b9384a66bec65895c718a253c12e85462941e03687386469057859561840e633204cf934ea45d5bfc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parse" + } + ] + }, + { + "type": "library", + "name": "dotenv", + "version": "16.4.5", + "bom-ref": "dotenv@16.4.5", + "description": "Loads environment variables from .env file", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/dotenv@16.4.5", + "externalReferences": [ + { + "url": "git://github.com/motdotla/dotenv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/motdotla/dotenv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/motdotla/dotenv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66674bdabba2f9e07663086c5b38c89d1f0b95db591c60e8435ba01fce69a472b0a541cbee3eeb3744e2f4d0a71a241b85a675d45a51fbb6a8d5d36c99db8d52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dotenv" + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif-typescript", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3", + "author": "oclif", + "description": "eslint config for Typscript'd oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif-typescript@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif-typescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif-typescript/-/eslint-config-oclif-typescript-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4de24a5d6050dee28cb73833fbe505356a5ed560b1f267ea46ecd9cb52e2ad112046556feb9e929151b880d65ab79ad13484207c39934be61e6f12b4da47f294" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "experimental-utils", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0", + "description": "(Experimental) Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/experimental-utils@4.33.0#packages/experimental-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/experimental-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cde4233a8112e491634e7021239418ed9be27333330e9b65b35e4616c23a8f250eab490e7fdf96a27921b652218744601d19ea8f981d3715b98f512f032620e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema", + "group": "@types", + "version": "7.0.15", + "bom-ref": "@types/json-schema@7.0.15", + "description": "TypeScript definitions for json-schema", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-schema@7.0.15#types/json-schema", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-schema", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7e7cff0ff0c14d0be0326420f1ac1da991914f1b3a90594ce949ebae54bbe6f1531ca2b3586af06aa057312bc6d0cf842c6e7e2850411e9b8c032df732b061c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tsutils", + "version": "3.21.0", + "bom-ref": "tsutils@3.21.0", + "author": "Klaus Meinhardt", + "description": "utilities for working with typescript's AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsutils@3.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajafff/tsutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajafff/tsutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajafff/tsutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "98728ade25172fedd417ac4be64d0f12129150128f042bfff919043a98d15b1c71dbb28a4419a603ad00f6980e52f322f062a144c3c49a30513f3b365bb3b538" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esrecurse", + "version": "4.3.0", + "bom-ref": "esrecurse@4.3.0", + "description": "ECMAScript AST recursive visitor", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esrecurse@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esrecurse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esrecurse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esrecurse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a67ca2f76fa1be457bcff0dd6faf74ead642ffa021609f63585c4b6a3fcfcbde929aa540381bc70555aa05dd2537db7083e17ca947f7df8a81e692d8bafd36a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esrecurse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "3.0.0", + "bom-ref": "eslint-utils@3.0.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae402e3720672dc3af29240d5181b412f3f34feeb721e82c1de23dd906d828e3ff05963e1e184ed96126513778aae69554bfa18f756e59d511657a8f38b8b0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "highlight", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/highlight@7.24.2", + "author": "The Babel Team", + "description": "Syntax highlight JavaScript strings for output in terminals.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/highlight@7.24.2#packages/babel-highlight", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-highlight", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-highlight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61a7356a8e1f9644f14ed7820d92c4bddc60d9f65fcf5bfc338429686ca9abf58f0ea8378a31d86c37ecf8b1b986fcd2a2a69267dfd9f652923f70a3663bfea4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight" + } + ] + }, + { + "type": "library", + "name": "globals", + "version": "13.24.0", + "bom-ref": "globals@13.24.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@13.24.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0213b9414723f2596b6c6d3d89684f536076d38275c673de2fc910995a2b4accbe4a38f5b24f2023287a714a1c1a61f82f452e840272fa124c440e26800e2615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "doctrine", + "version": "3.0.0", + "bom-ref": "doctrine@3.0.0", + "description": "JSDoc parser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/doctrine@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/doctrine.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/doctrine", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/doctrine/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c92f90e62de105fec6064778286f1aede04d3563462d3684c306165228c860cef3ae56033340455c78e33d6956675460ed469d7597880e68bd8c5dc79aa890db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/doctrine" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "enquirer", + "version": "2.4.1", + "bom-ref": "enquirer@2.4.1", + "author": "Jon Schlinkert", + "description": "Stylish, intuitive and user-friendly prompt system. Fast and lightweight enough for small projects, powerful and extensible enough for the most advanced use cases.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enquirer@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/enquirer/enquirer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/enquirer/enquirer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/enquirer/enquirer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad1a8983fea0779dfc547bd1dcf4ab75105bff5572d987f31eacef6e11884290d12886b816057fe786f9435c584b138ec0abe35f0792dba13443e9c0330a76a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enquirer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-colors", + "version": "4.1.1", + "bom-ref": "ansi-colors@4.1.1", + "author": "Brian Woodward", + "description": "Easily add ANSI colors to your text and symbols in the terminal. A faster drop-in replacement for chalk, kleur and turbocolor (without the dependencies and rendering bugs).", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-colors@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/ansi-colors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/ansi-colors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/ansi-colors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2685f46a919b1da50904d97ac85fa9e89005619ebaebf86108628de6df501636c940a514fe0f0c35b1436ef7eb80a5ef23542966994f3a7c08a3df655ff00098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-colors" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn-jsx", + "version": "5.3.2", + "bom-ref": "acorn-jsx@5.3.2", + "description": "Modern, fast React.js JSX parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-jsx@5.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn-jsx.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aeaf6cf893617f4202863b435f196527b838d68664e52957b69d0b1f0c80e5c7a3c27eef2a62a9e293eb8ba60478fbf63d4eb9b00b1e81b5ed2229e60c50d781" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-jsx" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esquery", + "version": "1.5.0", + "bom-ref": "esquery@1.5.0", + "author": "Joel Feenstra", + "description": "A query library for ECMAScript AST using a CSS selector like query language.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/esquery@1.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esquery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esquery/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esquery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6102d7529940c09802c9d43bf08309cb064271ea2a935a07d3538445d48025cffb5360329708e14822c312dab083cd7589d212ffd7c85391a31bbdc882328c56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esquery" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esutils", + "version": "2.0.3", + "bom-ref": "esutils@2.0.3", + "description": "utility box for ECMAScript language tools", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esutils@2.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/esutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esutils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "file-entry-cache", + "version": "6.0.1", + "bom-ref": "file-entry-cache@6.0.1", + "author": "Roy Riojas", + "description": "Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-entry-cache@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/royriojas/file-entry-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec6a6cfd75b299b2e4d902d82b8373a4c3ab623321748c57b88bf2d9006c2c4ea58eea1d2af7645acfdca72249dc25485691f43a2d47be0d68bdb3332dd14106" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/file-entry-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "functional-red-black-tree", + "version": "1.0.1", + "bom-ref": "functional-red-black-tree@1.0.1", + "author": "Mikola Lysenko", + "description": "A fully persistent balanced binary search tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/functional-red-black-tree@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/mikolalysenko/functional-red-black-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76c28d40d763eb10374fe4250030c0ee6392957d2a88c20d8e7d1c82bf9e1871ac6d21f34da6dc228833dbea7f8aa3f55ece843ffb12d926ea1fe6eb1936ead2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/functional-red-black-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2665cc67ac2ebc398b88712697dca4cea3ba97015ba1fd061b822470668435d0910c398c5679f2eece47b0880709b6aad30d8cc8f843aa48535204b62d4d8f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/imurmurhash" + } + ] + }, + { + "type": "library", + "name": "json-stable-stringify-without-jsonify", + "version": "1.0.1", + "bom-ref": "json-stable-stringify-without-jsonify@1.0.1", + "author": "James Halliday", + "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/samn/json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d6e8cbe97bb40dce196e858f21475a43f92ee0728f54e4df72e3caad1ac72cdd93dfff2528b6bb77cfd504a677528dc2ae9538a606940bbcec28ac562afa3f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stable-stringify-without-jsonify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "levn", + "version": "0.4.1", + "bom-ref": "levn@0.4.1", + "author": "George Zahariev", + "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/levn@0.4.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/levn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/levn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/levn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9b4f6b87e04e4b184ee1fe7ddebdc4bfb109495c2a48a7aca6f0e589e5e57afbaec3b2a97f2da693eea24102ddabcdfa1aff94011818710e2c7574cb7691029" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/levn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.merge", + "version": "4.6.2", + "bom-ref": "lodash.merge@4.6.2", + "author": "John-David Dalton", + "description": "The Lodash method `_.merge` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.merge@4.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.merge" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "optionator", + "version": "0.9.3", + "bom-ref": "optionator@0.9.3", + "author": "George Zahariev", + "description": "option parsing and help generation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/optionator@0.9.3", + "externalReferences": [ + { + "url": "git://github.com/gkz/optionator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/optionator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/optionator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2630a8ca9a7e8ca9f5b6d105131c617ad08a789b7dce102002f7b91571e2c53bc50d6ff968492d5fd6ee7c128b45131d53b6cdb692df706bbde01ddc7442608e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "progress", + "version": "2.0.3", + "bom-ref": "progress@2.0.3", + "author": "TJ Holowaychuk", + "description": "Flexible ascii progress bar", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/progress@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/node-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-progress#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecf887b4b965e4b767288330d74d08fbcc495d1e605b6430598913ea226f6b46d78ad64a6bf5ccad26dd9a0debd979da89dcfd42e99dd153da32b66517d57db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/progress" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "version": "3.2.0", + "bom-ref": "regexpp@3.2.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexpp@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6ad9b5a8f66543e379dbb6cdb01afd7b5cb88d2f26be1a4959f246832d5d99d3c8030ac1a99ca9fd04531ea6f5ae1c26f256f63b279a39f8156fa106e69492e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "table", + "version": "6.8.2", + "bom-ref": "table@6.8.2", + "author": "Gajus Kuizinas", + "description": "Formats data into a string table.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/table@6.8.2", + "externalReferences": [ + { + "url": "git+https://github.com/gajus/table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gajus/table#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gajus/table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/table/-/table-6.8.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c36b1fbfcd27ac08765426ea47900adbbc2cc1786a71c9360217e7356efa6de417b24199d55d761b04bfff26156b77777dcbc08a9d8e5276c30235b6937bfd7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/table" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37ef148ac0170c693c3c55cfe07033551f676df995277cd82c05a24c8a2a0b9bf98ac8a786bfabe6e68ef3eeebdc131fb8d22e7c8b00ed176956069c0b6712a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-table" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache", + "version": "2.4.0", + "bom-ref": "v8-compile-cache@2.4.0", + "author": "Andres Suarez", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache@2.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/zertosh/v8-compile-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1cc967376c01c107f82ecaa250548e68e016643e1ce73d8506d9e6bcd06a2777f060356a5aa7c4ce98b49e7901bb6e787628c212c6c91d0031b9f63ef3aee87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confusing-browser-globals", + "version": "1.0.10", + "bom-ref": "confusing-browser-globals@1.0.10", + "description": "A list of browser globals that are often used by mistake instead of local variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/confusing-browser-globals@1.0.10#packages/confusing-browser-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/create-react-app.git#packages/confusing-browser-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/create-react-app#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/create-react-app/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80d95dff7972487c2e85a565b8950a2de3d88ab33740d08acd5c6a01d849208f7f5972955f93d447331526ca52d634ec952aa37ae1b828c5534a8ba2b7960f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/confusing-browser-globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-mocha", + "version": "9.0.0", + "bom-ref": "eslint-plugin-mocha@9.0.0", + "author": "Mathias Schreck", + "description": "Eslint rules for mocha.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-mocha@9.0.0", + "externalReferences": [ + { + "url": "git://github.com/lo1tuma/eslint-plugin-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77b92701c423d633c2cd97f771a781227dc19d6ea291cbdfcf4912a90a703d871518ba09579b33d25d0e241d8b47c23b76f4c36eaab5a15eb29614a0cc0d74ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ramda", + "version": "0.27.2", + "bom-ref": "ramda@0.27.2", + "author": "Scott Sauyet", + "description": "A practical functional library for JavaScript programmers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ramda@0.27.2", + "externalReferences": [ + { + "url": "git://github.com/ramda/ramda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ramdajs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ramda/ramda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ramda/-/ramda-0.27.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b88b3d4e3426e2678877b141202069ddf685fc1df834547701763e556e2394590f4fef6a151ca3b47cbc3f3a27fb5c10a285f6f66b515c20b66182aa508ac8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ramda" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-node", + "version": "11.1.0", + "bom-ref": "eslint-plugin-node@11.1.0", + "author": "Toru Nagashima", + "description": "Additional ESLint's rules for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-node@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a14c2d3c9d56d12283d13afec2abbdd9ce71b82790a81de14821dab27fd982315d03d88318d90d7f6662f73b58ed7fa136e3226f6dcb346466ebeb8df8a2c4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-es", + "version": "3.0.1", + "bom-ref": "eslint-plugin-es@3.0.1", + "author": "Toru Nagashima", + "description": "ESLint plugin about ECMAScript syntactic features.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-es@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-es.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "194980b0968de0573b19bb65f2e38195aca8d83aa1c16bc4cf290c1d20991d4dd7749f8d4b3cd97158578775715f989ca90fa841d2046b05d7f31911de620599" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif", + "version": "4.0.0", + "bom-ref": "eslint-config-oclif@4.0.0", + "author": "Jeff Dickey @jdxcode", + "description": "eslint config for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif/-/eslint-config-oclif-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6d91441e0b7deb1c0849c5a19e0466087e50cbba6795daa0ffe172c1757841ffa17ff899f075c7bdc181d2be4c74254a9441286942ff09115901a7fcf30fb86" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.27.0", + "bom-ref": "eslint-config-xo-space@0.27.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.27.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.27.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fc5235be9d0c8e921880355a48a6daa528fc84ed7472438d2e435368061cd57eef798317d91aba658aaf191c1a5a385db008b65a7b14d28e0ed1be6f7dbe3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.35.0", + "bom-ref": "eslint-config-xo@0.35.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f96c994cb594265bc4c45ac153f2ddc3c001fd2d1ddf1fb6e8941d0566dcaa283665a5a1d338a761c1e893e113e08a0f68471145fdc513d92322d3558c1c2702" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "helper-validator-identifier", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-validator-identifier@7.22.20", + "author": "The Babel Team", + "description": "Validate identifier/keywords name", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-identifier@7.22.20#packages/babel-helper-validator-identifier", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-identifier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "638399fb2b656ad47c008fbc2997cab8be6eacaa7ba9ecb4f216b7d4bf1bdc1c1ec0902825a993cf2bf13d1ff90fe2a47490863eaffef13ba41c1958d74157f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-identifier" + } + ] + }, + { + "type": "library", + "name": "clean-regexp", + "version": "1.0.0", + "bom-ref": "clean-regexp@1.0.0", + "author": "Sam Verschueren", + "description": "Clean up regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-regexp@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SamVerschueren/clean-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19f8ac119109bf32ab9865a4bdf860cdccff06594dd5449ea83d95ead835e0e00e81a083d99fcf504bb19c067f9cfbe6687446edaf32efba754ff2114380f51f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-template-visitor", + "version": "2.3.2", + "bom-ref": "eslint-template-visitor@2.3.2", + "licenses": [ + { + "expression": "GPL-3.0-or-later OR MIT" + } + ], + "purl": "pkg:npm/eslint-template-visitor@2.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/futpib/eslint-template-visitor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-template-visitor/-/eslint-template-visitor-2.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df2761a85a6e57bc7533d10ae7604f363e95d0ac2ed0a2a470801fa548701db47ca1c4659ffa141e07f142ea58f0ed61e10bff3ce1c3ba66ff070c0d7f16ed9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/eslint-parser@7.24.1", + "author": "The Babel Team", + "description": "ESLint parser that allows for linting of experimental syntax transformed by Babel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/eslint-parser@7.24.1#eslint/babel-eslint-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#eslint/babel-eslint-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77982ebb33253de0df6486e943cfa0d4d68236e00604118d1028741d5ab3d6c8ce7952e1d8211a89fb8ecac087d7c5115ba47ba6a5c836f7f93da47f742ea32d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope-5-internals", + "group": "@nicolo-ribaudo", + "version": "5.1.1-v1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "description": "Proxy package exposing internals of eslint-scope@5 for @babel/eslint-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e78fc946f90b233cc35ac84259fba169d7eb7d954f884958f057209a0d47ae8125cbf1034accf384102c6ab0aec7e0ff90eb254d1aae373bb21929944934c71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "multimap", + "version": "1.1.0", + "bom-ref": "multimap@1.1.0", + "author": "villa.gao", + "description": "multi-map which allow multiple values for the same key", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/multimap@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/villadora/multi-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/villadora/multi-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/villadora/multi-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/multimap/-/multimap-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d19211f4f6ac3f1197991b0417c8ec0f39ddcc70e3eed21abfe2549af20507f587b30962167aaec44093fc37bb191e3283df64cbf36544a253f361b5cb6ef56f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/multimap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-builtin-module", + "version": "3.2.1", + "bom-ref": "is-builtin-module@3.2.1", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-builtin-module@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0522c4dc79d5dacc99d052b488c03fc941a995478c98dcf8016e5f9d3ba76c222a662e2f1b75a3253f451cccb90faf719806011d742125d00b769c15c55e74d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-builtin-module" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pluralize", + "version": "8.0.0", + "bom-ref": "pluralize@8.0.0", + "author": "Blake Embrey", + "description": "Pluralize and singularize any word", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pluralize@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/blakeembrey/pluralize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35cdc84f9c87cdf9537db8e0a967023e9a3b0da2b2e059e907497fcc2016d1373b8f1022baa4b11dab27b41dc3efcf3b2d2ac0f7790327d217a2fc49631c8b08" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pluralize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-pkg-up", + "version": "7.0.1", + "bom-ref": "read-pkg-up@7.0.1", + "author": "Sindre Sorhus", + "description": "Read the closest package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg-up@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccad1307b5dde89a422e694b9ae7eaca4184fbf4e539e3c3eaa28294d5bb8470ca161fc9effee0096191ee3a044045b56caab76b7c9465239b3a858b150e2886" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexp-tree", + "version": "0.1.27", + "bom-ref": "regexp-tree@0.1.27", + "author": "Dmitry Soshnikov", + "description": "Regular Expressions parser in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexp-tree@0.1.27", + "externalReferences": [ + { + "url": "git+https://github.com/DmitrySoshnikov/regexp-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8844f1a632ba628456246e68ea15cbc2f8d80285be144667f68b343c3fdbe803fac50c2c6bf63b942560222c416d43cc7e1bbe8b62ed75e02a5538069506ab7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexp-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safe-regex", + "version": "2.1.1", + "bom-ref": "safe-regex@2.1.1", + "author": "James C.", + "description": "detect possibly catastrophic, exponential-time regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-regex@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/davisjam/safe-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/davisjam/safe-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davisjam/safe-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af1fb1f0033329be50e6543de59a22e996c9ab008b92a8b75ee257a793f7ad3f0e11ceac642246e40139754de5b2046bfc5e01b37d634a554dfa3e4aaec1aef4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-regex" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "52.0.0", + "bom-ref": "eslint-plugin-unicorn@52.0.0", + "author": "Sindre Sorhus", + "description": "More than 100 powerful ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@52.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-52.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58ce6eff9bed11e1d8c7d2d8c38df55e8bf8eedb0dc0cd41a31baabc267b8d20be71230b1f9720a8a16e6c7c1bd0a76a4c61015259608538db2309ac751079e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "2.1.4", + "bom-ref": "@eslint/eslintrc@2.1.4", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbaf59dfd312eb0549b6ca14975d0beb459d92125574f1b6e10e1e6531f79e717a969bd24a110adf04230d7f494560143ef3e1ec23a8b8fa54f48aea69916fb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "9.6.1", + "bom-ref": "espree@9.6.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@9.6.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/espree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2bb99685923a2b4e9177da40d2239ffbe558b019e6608a7186cb636839283743d6e7c259e60e6e072e7925d111379fe9e30d7474dfb698d7ec79f19ff315dc1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parent-module", + "version": "1.0.1", + "bom-ref": "parent-module@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the path of the parent module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parent-module@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parent-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parent-module" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "4.0.0", + "bom-ref": "resolve-from@4.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4dd1ea8067fda1d77c49736ec6d501571f0dbfea9939e8c4eaacaa8b2e4db5b61840e7856bace61e4c653f399a2f15961ec53a9c9981ec01137553e2fb634152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core-js-compat", + "version": "3.37.0", + "bom-ref": "core-js-compat@3.37.0", + "author": "Denis Pushkarev", + "description": "core-js compat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-js-compat@3.37.0#packages/core-js-compat", + "externalReferences": [ + { + "url": "git+https://github.com/zloirock/core-js.git#packages/core-js-compat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/zloirock/core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zloirock/core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8ab82fe4fc692e54b858385300e173b60d45655e559c25b5a77d0bf8d5dd1d8b8153a94bd043afb97f58be8137475b5779355de8cf4c7aaa133260b1ad1fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-js-compat" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "browserslist", + "version": "4.23.0", + "bom-ref": "browserslist@4.23.0", + "author": "Andrey Sitnik", + "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/browserslist@4.23.0", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/browserslist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/browserslist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/browserslist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "416f0788cd6c8614f61aece4be495f8dc2838961571ce78508803f86e24fc07b2c97073276093b5fecf6cd7a448a33fdf14098ec76ee6d9b79276660bdfd0269" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browserslist" + } + ] + }, + { + "type": "library", + "name": "caniuse-lite", + "version": "1.0.30001612", + "bom-ref": "caniuse-lite@1.0.30001612", + "author": "Ben Briggs", + "description": "A smaller version of caniuse-db, with only the essentials!", + "licenses": [ + { + "license": { + "id": "CC-BY-4.0" + } + } + ], + "purl": "pkg:npm/caniuse-lite@1.0.30001612", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/caniuse-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001612.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "945827674ed485a09cb12660596d0ae63e1eebd74ad6efe5b6b2fd95352214ec0d1ecd764b750c204620055d19e82ea14437afee2467333cd898a69b61d5c5f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/caniuse-lite" + } + ] + }, + { + "type": "library", + "name": "electron-to-chromium", + "version": "1.4.747", + "bom-ref": "electron-to-chromium@1.4.747", + "author": "Kilian Valkhof", + "description": "Provides a list of electron-to-chromium version mappings", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/electron-to-chromium@1.4.747", + "externalReferences": [ + { + "url": "git+https://github.com/kilian/electron-to-chromium.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.747.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f859d2599200bc51dbb0d566531844a9689a3a23cc71fba6d464339560a0ff02e2815b6c84eb235c7c8415f9ade9c14aebe1e44b740e241bfaff738fba66c17f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/electron-to-chromium" + } + ] + }, + { + "type": "library", + "name": "node-releases", + "version": "2.0.14", + "bom-ref": "node-releases@2.0.14", + "author": "Sergey Rubanov", + "description": "Node.js releases data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-releases@2.0.14", + "externalReferences": [ + { + "url": "git+https://github.com/chicoxyzzy/node-releases.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb5d30396b7cc99a6a5e63a0468efb59a1c49a1610606340eb2e36d4f2ac2985842bc696f9ca80a616e8ad90e1a9fc8aadb64437dd823755f629b69f636b3b63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-releases" + } + ] + }, + { + "type": "library", + "name": "update-browserslist-db", + "version": "1.0.13", + "bom-ref": "update-browserslist-db@1.0.13", + "author": "Andrey Sitnik", + "description": "CLI tool to update caniuse-lite to refresh target browsers from Browserslist config", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/update-browserslist-db@1.0.13", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/update-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/update-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/update-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e6cff3548d70fb8da4f3f7bb3796d4d617c48debc72273177a43eac1f88c4ee8fc85fe5ad4a9c27554faa22c0cfca4d1dde198543b9a3a9ce80b55eb4e216e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/update-browserslist-db" + } + ] + }, + { + "type": "library", + "name": "escalade", + "version": "3.1.2", + "bom-ref": "escalade@3.1.2", + "author": "Luke Edwards", + "description": "A tiny (183B to 210B) and fast utility to ascend parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escalade@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/escalade.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/escalade#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/escalade/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b08730269ed7dbd1f2f4067b9d3122c5689b2d7dae0ea016edfeaf78e410ee3ab2e2cc58192cbd5ca81a0415fa339f97ce1948e4a59afe86c5af3d3e64c698" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escalade" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "5.3.0", + "bom-ref": "estraverse@5.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@5.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30c74046e54443388d4de243f0380caa6870475d41450fdc04ffa92ed61d4939dfdcc20ef1f15e8883446d7dfa65d3657d4ffb03d7f7814c38f41de842cbf004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "builtin-modules", + "version": "3.3.0", + "bom-ref": "builtin-modules@3.3.0", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/builtin-modules@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/builtin-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce16820e271d2ee58de546cde4832716a34c84d7e8f75f6c1fce72dbf79afb9620f53b1391e671a4bf892dba7a7206054b8b112e9dd85784bac83baa5561d83b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/builtin-modules" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "3.0.2", + "bom-ref": "jsesc@3.0.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4aab3cd65c3b6d26e39c6b006de0a9ca1c721fe6843f0b16b1fb43d6146f83143807340762f935c40800c8f91622154326c7cefddb1b0c6db8178f80b09cfe2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-try", + "version": "2.2.0", + "bom-ref": "p-try@2.2.0", + "author": "Sindre Sorhus", + "description": "`Start a promise chain", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-try@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-try.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-try#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-try/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-try" + } + ] + }, + { + "type": "library", + "name": "path-exists", + "version": "4.0.0", + "bom-ref": "path-exists@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path exists", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-exists.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a4f50cb943b8d86f65b071ecb9169be0d8aa0073f64884b48b392066466ca03ec1b091556dd1f65ad2aaed333fa6ead2530077d943c167981e0c1b82d6cbbff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-exists" + } + ] + }, + { + "type": "library", + "name": "read-pkg", + "version": "5.2.0", + "bom-ref": "read-pkg@5.2.0", + "author": "Sindre Sorhus", + "description": "Read a package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "520ebd98d3a97ef28301cd90f034693238f376dae7bfd1dc48c5fee15b19c43d5a67a673ac813bae5cd706d593ca150b48c2a0d3be805ba591e626690f42623a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "group": "@types", + "version": "2.4.4", + "bom-ref": "@types/normalize-package-data@2.4.4", + "description": "TypeScript definitions for normalize-package-data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/normalize-package-data@2.4.4#types/normalize-package-data", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/normalize-package-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/normalize-package-data", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfb8be39a59387da9e2b82d21cfb32442ecd6a19c6a2d36e66f8cb4a070fcdb9691c1debac227100e808e6009d2a6edca289ec697d4e7f420b8937276636dfc4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regjsparser", + "version": "0.10.0", + "bom-ref": "regjsparser@0.10.0", + "author": "'Julian Viereck'", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/regjsparser@0.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jviereck/regjsparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jviereck/regjsparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jviereck/regjsparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab1fb1406655b32e79087d1ad61895c079aa8cbaf27e1ef04321791ced3b5c9f5fedd40c63f80f407865c83908cc9282fb1d9f502a42714383514505ae6ed21c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-indent", + "version": "3.0.0", + "bom-ref": "strip-indent@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip leading whitespace from each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-indent@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "95a2536b725bf95429682e83b1e1e117b75756a1d37c93c24436846e277f76b3a1822b60624bbf95eb4c52a397168595d3320851b8e9747dadfad623e1b40c45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "min-indent", + "version": "1.0.1", + "bom-ref": "min-indent@1.0.1", + "author": "James Kyle", + "description": "Get the shortest leading whitespace from lines in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/min-indent@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejameskyle/min-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23d8f0327d3b4b2fc8c0e8f7cd59158a4d894ef8296b29036448a02fa471e8df4b6cccb0c1448cb71113fbb955a032cb7773b7217c09c2fbae9ecf1407f1de02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/min-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@eslint", + "version": "8.57.0", + "bom-ref": "@eslint/js@8.57.0", + "description": "ESLint JavaScript language implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/js@8.57.0#packages/js", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git#packages/js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cfb78364da5bb8000ce2733edf37489b420e13239dd703305550fd38fd880d417c9cc5283f660145d3dce7a7a6e3c76c8e8ffe6c840b1449ae87d4b03c7fe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.11.14", + "bom-ref": "@humanwhocodes/config-array@0.11.14", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.11.14", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd3f0b90e9a0e39055e452026f5e5040cb325125ab43c0328157c2ed91b7db339a967aab8a59b4d7c6550b0d1e6a95eec7c16d037deaf0f4914acb6379ede34a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "2.0.3", + "bom-ref": "@humanwhocodes/object-schema@2.0.3", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f77cd874c112fdcd43ebdc9988a0c18f4576e2fa8dcc1fe4a05dba28f69a8007dddcfff8814961dc3cace688002be1318bd432ce50fcc7fd3c66def020a70370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "module-importer", + "group": "@humanwhocodes", + "version": "1.0.1", + "bom-ref": "@humanwhocodes/module-importer@1.0.1", + "author": "Nicholas C. Zaks", + "description": "Universal module importer for Node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/module-importer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f1bde57857cbf961be277054d3deb3d281904ea429237cad32e28555549c08b8354144c0d7acfc9744bf7cf22e5aa7d9bd6e7c8412359f9b95a4066b5f7cb7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/module-importer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs.scandir", + "group": "@nodelib", + "version": "2.1.5", + "bom-ref": "@nodelib/fs.scandir@2.1.5", + "description": "List files and directories inside the specified directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "beadb806adf29b91c4426d8d282af7c970f08dceef4ec1138510e7929d832bda75baa2d1f831eeae6fcd393a34286ec760753b7a9a4a663dcccaa62e3017fada" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.scandir" + } + ] + }, + { + "type": "library", + "name": "run-parallel", + "version": "1.2.0", + "bom-ref": "run-parallel@1.2.0", + "author": "Feross Aboukhadijeh", + "description": "Run an array of functions in parallel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-parallel@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/feross/run-parallel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/run-parallel", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/run-parallel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65e15c9947ce8b67f943c594d1ea3a8bf00144d92d0814b30fdba01b8ec2d5003c4776107f734194b07fb2dfd51f0a2dddcf3f0e950b8f9a768938ca031d004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-parallel" + } + ] + }, + { + "type": "library", + "name": "queue-microtask", + "version": "1.2.3", + "bom-ref": "queue-microtask@1.2.3", + "author": "Feross Aboukhadijeh", + "description": "fast, tiny `queueMicrotask` shim for modern engines", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/queue-microtask@1.2.3", + "externalReferences": [ + { + "url": "git://github.com/feross/queue-microtask.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/queue-microtask", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/queue-microtask/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36e68d49ae9f94a4f925a498433268934e09cd32f5080e9a1a1bf9adf2d6dcf82a03e3360a1a59427002f21f22e19164052f17e51aa40c11c0eebe217a3dcaf4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/queue-microtask" + } + ] + }, + { + "type": "library", + "name": "fastq", + "version": "1.17.1", + "bom-ref": "fastq@1.17.1", + "author": "Matteo Collina", + "description": "Fast, in memory work queue", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fastq@1.17.1", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/fastq.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/fastq#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/fastq/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b11543de55952175a0e81cbaf1937bbe1a3d6b5a5070dfd604568002c0c31739498efa06c743fccfb575b7bda0ac525f261bb760f641baedb97fb29ac368cdd7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastq" + } + ] + }, + { + "type": "library", + "name": "reusify", + "version": "1.0.4", + "bom-ref": "reusify@1.0.4", + "author": "Matteo Collina", + "description": "Reuse objects and functions with style", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/reusify@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/reusify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/reusify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/reusify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d9c7f3c6b77dcfde902175974fd43f5228b22b888f24e1ee106f5d530762055c7c6bedf3ded782e8f650e2c3788e411b69bbfeec3268b553e9f6ed0b04f2cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/reusify" + } + ] + }, + { + "type": "library", + "name": "structured-clone", + "group": "@ungap", + "version": "1.2.0", + "bom-ref": "@ungap/structured-clone@1.2.0", + "author": "Andrea Giammarchi", + "description": "A structuredClone polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40ungap/structured-clone@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/ungap/structured-clone.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ungap/structured-clone#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ungap/structured-clone/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cee55d16b3098ae083414302cd0683e8a2f6f0c8e7aaa37c5e702a884abd3cd9bf8423d34867eb5c239fc23d68c382c56ffb4dca624fc2c35b55e3dcd7116aad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ungap/structured-clone" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-key" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-command" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-regex" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "447c4c2e9f659ca1c61d19e0f5016144231b600715a67ebdb2648672addfdfac638155564e18f8aaa2db4cb96aed2b23f01f9f210d44b8210623694ab3241e23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "7.2.2", + "bom-ref": "eslint-scope@7.2.2", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@7.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74eb76d4eee54cc84333e5fd981e065fe0d9ad9b425093cbff095c4eac72af1e48bced0862d20b76dad0190a7ef27e52d20c1256639ff4d42b8cc3a07d066522" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "8.11.3", + "bom-ref": "acorn@8.11.3", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@8.11.3", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63dad17c91b98dc28e13408b8ac61ba2352322b20413b00633303f4a6e01b2500d85b4be70332980175c3d3f75a09eceb89f61609071e7d4636e1c559eb17c5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn" + } + ] + }, + { + "type": "library", + "name": "flat-cache", + "version": "3.2.0", + "bom-ref": "flat-cache@3.2.0", + "author": "Jared Wray", + "description": "A stupidly simple key/value storage using files to persist some data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/flat-cache@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/flat-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09870435af85b5c50a2e6861ab272da5c96cabb405dfca4a8d91ec18d892405e6be05b6828359a6c50e5de1cda11032f4f52c7132b30e6dc202efa5861be2f6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "flatted", + "version": "3.3.1", + "bom-ref": "flatted@3.3.1", + "author": "Andrea Giammarchi", + "description": "A super light and fast circular JSON parser.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/flatted@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/flatted.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/flatted#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/flatted/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5fc72a30b2e27bb2ac3540d277378df0560af6b12de03b7aeceb06fc33469d84d20c11b8b850091419d47a257ecc2540bf0172e7a22333db07e758d568484dc7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flatted" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "keyv", + "version": "4.5.4", + "bom-ref": "keyv@4.5.4", + "author": "Jared Wray", + "description": "Simple key-value storage with support for multiple backends", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/keyv@4.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/keyv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/keyv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/keyv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3154790747f1097f608d5e75b144b5ba9a0ec9c82094706d03b441a62f672d528d4f3538a7d4f52297eafffb8af93295600bf7e7d648ecc7b9a34ae8caa88a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/keyv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-buffer", + "version": "3.0.1", + "bom-ref": "json-buffer@3.0.1", + "author": "Dominic Tarr", + "description": "JSON parse & stringify that supports binary via bops & base64", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-buffer@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/dominictarr/json-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1b57905f4769aa7d04c99be579b4f3dd7fe669ba1888bd3b8007983c91cad7399a534ff430c15456072c17d68cebea512e3dd6c7c70689966f46ea6236b1f49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-buffer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "5.0.0", + "bom-ref": "find-up@5.0.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efcfcf5d3d7094b2c3813cc3b3bb23abd873cf4bd70fece7fbbc32a447b87d74310a6766a9f1ac10f4319a2092408dda8c557dd5b552b2f36dac94625ba9c69e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "6.0.0", + "bom-ref": "locate-path@6.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88f64ae9e6236f146edee078fd667712c10830914ca80a28a65dd1fb3baad148dc026fcc3ba282c1e0e03df3f77a54f3b6828fdcab67547c539f63470520d553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "5.0.0", + "bom-ref": "p-locate@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2da363b51594058fbecc1e6713f37071aa0cca548f93e4be647341d53cdd6cc24c9f2e9dca7a401aded7fed97f418ab74c8784ea7c47a696e8d8b1b29ab1b93f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-extglob", + "version": "2.1.1", + "bom-ref": "is-extglob@2.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a string has an extglob.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extglob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extglob" + } + ] + }, + { + "type": "library", + "name": "is-path-inside", + "version": "3.0.3", + "bom-ref": "is-path-inside@3.0.3", + "author": "Sindre Sorhus", + "description": "Check if a path is inside another path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-path-inside@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-path-inside.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15de200016fec9c18098aa2ef1e31fb42ba94a2af9951c6a7f8683fef774703daa7381cbd3b3a309eb8732bf11a380a831a782283074fc40813955a34f052f3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-path-inside" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "prelude-ls", + "version": "1.2.1", + "bom-ref": "prelude-ls@1.2.1", + "author": "George Zahariev", + "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prelude-ls@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/prelude-ls.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://preludels.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/prelude-ls/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be47033eb459a354192db9f944b18fa60fd698843ae6aa165a170629ffdbe5ea659246ab5f49bdcfca6909ab789a53aa52c5a9c8db9880edd5472ad81d2cd7e6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prelude-ls" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-check", + "version": "0.4.0", + "bom-ref": "type-check@0.4.0", + "author": "George Zahariev", + "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-check@0.4.0", + "externalReferences": [ + { + "url": "git://github.com/gkz/type-check.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/type-check", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/type-check/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5794a1cf6ec065ea8d6c176944d9026ccc705679f39f10036befc7552be7121c8b15c83fef0b9c50e0469954df4bacead7aa765b2415fbbe69ee0aefd3a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-check" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "word-wrap", + "group": "@aashutoshrathi", + "version": "1.2.6", + "bom-ref": "@aashutoshrathi/word-wrap@1.2.6", + "author": "Jon Schlinkert", + "description": "Wrap words to a specified length.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/aashutoshrathi/word-wrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d588ecd92bccf137e5111fce0f770e8e15963996f9f00dadef0a44d92f577c161388897e5c58501b66e3cb83eed48f8402508d533443603745c056142af5dc20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aashutoshrathi/word-wrap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "deep-is", + "version": "0.1.4", + "bom-ref": "deep-is@0.1.4", + "author": "Thorsten Lorenz", + "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-is@0.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/thlorenz/deep-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/deep-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/deep-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a083f392c993838fccae289a6063bea245c34fbced9ffc37129b6fffe81221d31d2ac268d2ee027d834524fcbee1228cb82a86c36c319c0f9444c837b7c6bf6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accepts", + "version": "1.3.8", + "bom-ref": "accepts@1.3.8", + "description": "Higher-level content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/accepts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/accepts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/accepts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accepts" + } + ] + }, + { + "type": "library", + "name": "mime-types", + "version": "2.1.35", + "bom-ref": "mime-types@2.1.35", + "description": "The ultimate javascript content-type utility.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-types.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-types#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-types/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-types" + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/negotiator" + } + ] + }, + { + "type": "library", + "name": "array-flatten", + "version": "1.1.1", + "bom-ref": "array-flatten@1.1.1", + "author": "Blake Embrey", + "description": "Flatten an array of nested arrays into a single flat array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/array-flatten.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-flatten" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "version": "1.20.2", + "bom-ref": "body-parser@1.20.2", + "description": "Node.js body parsing middleware", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/body-parser@1.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/body-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/body-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/body-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a5f6945e0aedcceb590696aa139b6ba64974e5453b864f1d1b7d88feb8850a298c9c1b936d49b79eb55ddf69253a47b6a338fc3483f2753ef2b8a8dcbbb396c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser" + } + ] + }, + { + "type": "library", + "name": "bytes", + "version": "3.1.2", + "bom-ref": "bytes@3.1.2", + "author": "TJ Holowaychuk", + "description": "Utility to parse a string bytes to bytes and vice-versa", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/bytes.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bytes" + } + ] + }, + { + "type": "library", + "name": "depd", + "version": "2.0.0", + "bom-ref": "depd@2.0.0", + "author": "Douglas Christopher Wilson", + "description": "Deprecate all the things", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/depd@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/dougwilson/nodejs-depd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/depd" + } + ] + }, + { + "type": "library", + "name": "destroy", + "version": "1.2.0", + "bom-ref": "destroy@1.2.0", + "author": "Jonathan Ong", + "description": "destroy a stream if possible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/destroy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/destroy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/destroy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/destroy" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "version": "2.0.0", + "bom-ref": "http-errors@2.0.0", + "author": "Jonathan Ong", + "description": "Create HTTP error objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/http-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/http-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/http-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-errors" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.4.24", + "bom-ref": "iconv-lite@0.4.24", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/iconv-lite" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safer-buffer" + } + ] + }, + { + "type": "library", + "name": "on-finished", + "version": "2.4.1", + "bom-ref": "on-finished@2.4.1", + "description": "Execute a callback when a request closes, finishes, or errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/on-finished.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/on-finished#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/on-finished/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/on-finished" + } + ] + }, + { + "type": "library", + "name": "qs", + "version": "6.11.0", + "bom-ref": "qs@6.11.0", + "description": "A querystring parser that supports nesting and arrays, with a depth limit", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/qs@6.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/qs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/qs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/qs" + } + ] + }, + { + "type": "library", + "name": "raw-body", + "version": "2.5.2", + "bom-ref": "raw-body@2.5.2", + "author": "Jonathan Ong", + "description": "Get and validate the raw body of a readable stream.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/raw-body@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/raw-body.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/raw-body#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/raw-body/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f331aaca97c4363088a868605d3a02f1a076afb62b057f804007c83ecfcc964f81b4f4f3b4ebd34b4d4d456ff7121eb427e6b8f25b7caac0b38ab43a9680957c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/raw-body" + } + ] + }, + { + "type": "library", + "name": "unpipe", + "version": "1.0.0", + "bom-ref": "unpipe@1.0.0", + "author": "Douglas Christopher Wilson", + "description": "Unpipe a stream from all destinations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/unpipe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/unpipe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/unpipe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/unpipe" + } + ] + }, + { + "type": "library", + "name": "type-is", + "version": "1.6.18", + "bom-ref": "type-is@1.6.18", + "description": "Infer the content-type of a request.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/type-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/type-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/type-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-is" + } + ] + }, + { + "type": "library", + "name": "content-disposition", + "version": "0.5.4", + "bom-ref": "content-disposition@0.5.4", + "author": "Douglas Christopher Wilson", + "description": "Create and parse Content-Disposition header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-disposition.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-disposition#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-disposition/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-disposition" + } + ] + }, + { + "type": "library", + "name": "cookie-signature", + "version": "1.0.6", + "bom-ref": "cookie-signature@1.0.6", + "author": "TJ Holowaychuk", + "description": "Sign and unsign cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/node-cookie-signature.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie-signature" + } + ] + }, + { + "type": "library", + "name": "cookie", + "version": "0.6.0", + "bom-ref": "cookie@0.6.0", + "author": "Roman Shtylman", + "description": "HTTP server cookie parsing and serialization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bd5cc936a6ba1d4244d09fa4663ab68dbc971bcdc0f1b81aecff1158e07f7266cefd2f943a756ad4fd792e5d0e33181ee7291db5a7b3a2f07f704acfab2f77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie" + } + ] + }, + { + "type": "library", + "name": "encodeurl", + "version": "1.0.2", + "bom-ref": "encodeurl@1.0.2", + "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/encodeurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/encodeurl" + } + ] + }, + { + "type": "library", + "name": "escape-html", + "version": "1.0.3", + "bom-ref": "escape-html@1.0.3", + "description": "Escape string for use in HTML", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/component/escape-html.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/escape-html#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/escape-html/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-html" + } + ] + }, + { + "type": "library", + "name": "etag", + "version": "1.8.1", + "bom-ref": "etag@1.8.1", + "description": "Create simple HTTP ETags", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/etag@1.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/etag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/etag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/etag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/etag" + } + ] + }, + { + "type": "library", + "name": "finalhandler", + "version": "1.2.0", + "bom-ref": "finalhandler@1.2.0", + "author": "Douglas Christopher Wilson", + "description": "Node.js final http responder", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/finalhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler" + } + ] + }, + { + "type": "library", + "name": "parseurl", + "version": "1.3.3", + "bom-ref": "parseurl@1.3.3", + "description": "parse a url with memoization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/parseurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/parseurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/parseurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parseurl" + } + ] + }, + { + "type": "library", + "name": "statuses", + "version": "2.0.1", + "bom-ref": "statuses@2.0.1", + "description": "HTTP status utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/statuses.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/statuses#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/statuses/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/statuses" + } + ] + }, + { + "type": "library", + "name": "fresh", + "version": "0.5.2", + "bom-ref": "fresh@0.5.2", + "author": "TJ Holowaychuk", + "description": "HTTP response freshness testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fresh" + } + ] + }, + { + "type": "library", + "name": "setprototypeof", + "version": "1.2.0", + "bom-ref": "setprototypeof@1.2.0", + "author": "Wes Todd", + "description": "A small polyfill for Object.setprototypeof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/wesleytodd/setprototypeof.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setprototypeof" + } + ] + }, + { + "type": "library", + "name": "toidentifier", + "version": "1.0.1", + "bom-ref": "toidentifier@1.0.1", + "author": "Douglas Christopher Wilson", + "description": "Convert a string of words to a JavaScript identifier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/toidentifier.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/toidentifier#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/toidentifier/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/toidentifier" + } + ] + }, + { + "type": "library", + "name": "merge-descriptors", + "version": "1.0.1", + "bom-ref": "merge-descriptors@1.0.1", + "author": "Jonathan Ong", + "description": "Merge objects using descriptors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/merge-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/merge-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/merge-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-descriptors" + } + ] + }, + { + "type": "library", + "name": "methods", + "version": "1.1.2", + "bom-ref": "methods@1.1.2", + "description": "HTTP methods that node supports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/methods@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/methods.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/methods#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/methods/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/methods" + } + ] + }, + { + "type": "library", + "name": "ee-first", + "version": "1.1.1", + "bom-ref": "ee-first@1.1.1", + "author": "Jonathan Ong", + "description": "return the first event in a set of ee/event pairs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonathanong/ee-first.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonathanong/ee-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonathanong/ee-first/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ee-first" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "0.1.7", + "bom-ref": "path-to-regexp@0.1.7", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "externalReferences": [ + { + "url": "git+https://github.com/component/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-to-regexp" + } + ] + }, + { + "type": "library", + "name": "proxy-addr", + "version": "2.0.7", + "bom-ref": "proxy-addr@2.0.7", + "author": "Douglas Christopher Wilson", + "description": "Determine address of proxied request", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/proxy-addr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-addr" + } + ] + }, + { + "type": "library", + "name": "forwarded", + "version": "0.2.0", + "bom-ref": "forwarded@0.2.0", + "description": "Parse HTTP X-Forwarded-For header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/forwarded.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/forwarded#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/forwarded/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/forwarded" + } + ] + }, + { + "type": "library", + "name": "ipaddr.js", + "version": "1.9.1", + "bom-ref": "ipaddr.js@1.9.1", + "author": "whitequark", + "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "externalReferences": [ + { + "url": "git://github.com/whitequark/ipaddr.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ipaddr.js" + } + ] + }, + { + "type": "library", + "name": "side-channel", + "version": "1.0.6", + "bom-ref": "side-channel@1.0.6", + "author": "Jordan Harband", + "description": "Store information about any JS value in a side channel. Uses WeakMap if available.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/side-channel@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/side-channel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/side-channel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/side-channel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c35bf119e90f5188ef1e146f078feeeefe85be5eb3d320287008e336fad87603a39b943b58608a6f7bd9be2af23d6780bda9211795a191e9b4c460745eba094" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/side-channel" + } + ] + }, + { + "type": "library", + "name": "call-bind", + "version": "1.0.7", + "bom-ref": "call-bind@1.0.7", + "author": "Jordan Harband", + "description": "Robustly `.call.bind()` a function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/call-bind@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/call-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/call-bind#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/call-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1874d2352608090eec707eec67e336ac5a294682e1f2dd9b2d25ba05b82bb4bb1a84e201e62c805497fd1a358addc6130da323e17741a4cd5c03aa484b42afdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/call-bind" + } + ] + }, + { + "type": "library", + "name": "es-define-property", + "version": "1.0.0", + "bom-ref": "es-define-property@1.0.0", + "author": "Jordan Harband", + "description": "`Object.defineProperty`, but not IE 8's broken one.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-define-property@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-define-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-define-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-define-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f16b22ca4a1ac4aaacc9d1eba641b5614d840cdbb09f4f54f7e7e8028031682fcd892ec5ea4c9efacefe80d182ce8049cb50cbcbcec0ec188ae5f0d1694f681" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-define-property" + } + ] + }, + { + "type": "library", + "name": "get-intrinsic", + "version": "1.2.4", + "bom-ref": "get-intrinsic@1.2.4", + "author": "Jordan Harband", + "description": "Get and robustly cache all JS language-level intrinsics at first require time", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/get-intrinsic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e621b091fc549053bfba2c960e01ce7258843a1123ac1a602c4c9827674eb702ac703f7c214aa13173d8928a1341dd0c5505effa10ba1cee99724aee968145" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-intrinsic" + } + ] + }, + { + "type": "library", + "name": "es-errors", + "version": "1.3.0", + "bom-ref": "es-errors@1.3.0", + "author": "Jordan Harband", + "description": "A simple cache for a few of the JS Error constructors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-errors@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65fe47d8ac6ddb18d3bdb26f3f66562c4202c40ea3fa1026333225ca9cb8c5c060d6f2959f1f3d5b2d066d2fa47f9730095145cdd0858765d20853542d2e9cb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-errors" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/function-bind" + } + ] + }, + { + "type": "library", + "name": "set-function-length", + "version": "1.2.2", + "bom-ref": "set-function-length@1.2.2", + "author": "Jordan Harband", + "description": "Set a function's length property", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/set-function-length@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/set-function-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/set-function-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/set-function-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6045ce21278fec363582492f409a74b8d31ddb34c0d39271e02f951a3014ccc899d4f741205a1d51cfe302f5e16ee01b8dfd4c198ca42e63fd6fdeb33b1cc7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/set-function-length" + } + ] + }, + { + "type": "library", + "name": "define-data-property", + "version": "1.1.4", + "bom-ref": "define-data-property@1.1.4", + "author": "Jordan Harband", + "description": "Define a data property on an object. Will fall back to assignment in an engine without descriptors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-data-property@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/define-data-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/define-data-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/define-data-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac132f23396903cbfa13e489668a3ef87018aac2eb920ecc49f2229cc3c5866928af0ed7f9d39754942cf904faf731a4cccc9f0e720c3765a2775f8d6cbdd3f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-data-property" + } + ] + }, + { + "type": "library", + "name": "gopd", + "version": "1.0.1", + "bom-ref": "gopd@1.0.1", + "author": "Jordan Harband", + "description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/gopd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/gopd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/gopd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gopd" + } + ] + }, + { + "type": "library", + "name": "has-property-descriptors", + "version": "1.0.2", + "bom-ref": "has-property-descriptors@1.0.2", + "author": "Jordan Harband", + "description": "Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-property-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7924d2ae216fafab829ed418ce4e333661cb5022f093ec61731f099f64f1a8e709eb82489dd1842d9c095e152aae9999b86b3de7d814be7ab6f2e62a49760ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-property-descriptors" + } + ] + }, + { + "type": "library", + "name": "has-proto", + "version": "1.0.3", + "bom-ref": "has-proto@1.0.3", + "author": "Jordan Harband", + "description": "Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-proto@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-proto.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-proto#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-proto/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "489d5a999009522652f8f86c54b7f9b46c9d95a541f04745a5a48ee209a250a50ec64f2ace7e40232e19789526876db39c8764fee300513da9977171cd5507f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-proto" + } + ] + }, + { + "type": "library", + "name": "has-symbols", + "version": "1.0.3", + "bom-ref": "has-symbols@1.0.3", + "author": "Jordan Harband", + "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/has-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/has-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/has-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-symbols" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21254f5208fbe633320175916a34f5d66ba76a87b59d1f470823dcbe0b24bcac6de72f8f01725adaf4798a8555541f23d6347e58ef10f0001edb7e04a391431" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hasown" + } + ] + }, + { + "type": "library", + "name": "object-inspect", + "version": "1.13.1", + "bom-ref": "object-inspect@1.13.1", + "author": "James Halliday", + "description": "string representations of objects in node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/object-inspect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-inspect" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "version": "1.2.1", + "bom-ref": "range-parser@1.2.1", + "author": "TJ Holowaychuk", + "description": "Range header field string parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/range-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/range-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/range-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "version": "0.18.0", + "bom-ref": "send@0.18.0", + "author": "TJ Holowaychuk", + "description": "Better streaming static file server with Range and conditional-GET support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/send@0.18.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/send.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/send#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/send/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "version": "1.6.0", + "bom-ref": "mime@1.6.0", + "author": "Robert Kieffer", + "description": "A comprehensive library for mime-type mapping", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-mime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-mime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-mime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "version": "1.15.0", + "bom-ref": "serve-static@1.15.0", + "author": "Douglas Christopher Wilson", + "description": "Serve static files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/serve-static.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/serve-static#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/serve-static/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serve-static" + } + ] + }, + { + "type": "library", + "name": "media-typer", + "version": "0.3.0", + "bom-ref": "media-typer@0.3.0", + "author": "Douglas Christopher Wilson", + "description": "Simple RFC 6838 media type parser and formatter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/media-typer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/media-typer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/media-typer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/media-typer" + } + ] + }, + { + "type": "library", + "name": "utils-merge", + "version": "1.0.1", + "bom-ref": "utils-merge@1.0.1", + "author": "Jared Hanson", + "description": "merge() utility function", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "http://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/jaredhanson/utils-merge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredhanson/utils-merge#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/jaredhanson/utils-merge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/utils-merge" + } + ] + }, + { + "type": "library", + "name": "vary", + "version": "1.1.2", + "bom-ref": "vary@1.1.2", + "author": "Douglas Christopher Wilson", + "description": "Manipulate the HTTP Vary header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/vary@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/vary.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/vary#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/vary/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/vary" + } + ] + }, + { + "type": "library", + "name": "asynckit", + "version": "0.4.0", + "bom-ref": "asynckit@0.4.0", + "author": "Alex Indigo", + "description": "Minimal async jobs utility library, with streams support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/asynckit@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexindigo/asynckit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexindigo/asynckit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexindigo/asynckit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39e8bd387e2d461d18a94dc6c615fbf5d33f9b0560bdb64969235a464f9bb21923d12e5c7c772061a92b7818eb1f06ad5ca6f3f88a087582f1aca8a6d8c8d6d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/asynckit" + } + ] + }, + { + "type": "library", + "name": "combined-stream", + "version": "1.0.8", + "bom-ref": "combined-stream@1.0.8", + "author": "Felix Geisendörfer", + "description": "A stream that emits multiple other streams one after another.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/combined-stream@1.0.8", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-combined-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/combined-stream" + } + ] + }, + { + "type": "library", + "name": "delayed-stream", + "version": "1.0.0", + "bom-ref": "delayed-stream@1.0.0", + "author": "Felix Geisendörfer", + "description": "Buffers events from a stream until you are ready to handle them.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/delayed-stream@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-delayed-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "672483ecd7fdd5a2c1d11c4be0a1ab28705797b11db350c098475ca156b05e72c3ed20e1a4d82db88236680920edaed04b8d63c4f499d7ba7855d1a730793731" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/delayed-stream" + } + ] + }, + { + "type": "library", + "name": "mime-db", + "version": "1.52.0", + "bom-ref": "mime-db@1.52.0", + "description": "Media Type Database", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-db" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "11.2.0", + "bom-ref": "fs-extra@11.2.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@11.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e60e2deec0ae6716e5e1ed70d39559d2d7bc494bbbd6dfa8acdbec37c5cbfc495c620783720137f872d9156396e44a35f46389dbbd90aad7f123b44cabf64b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "6.1.0", + "bom-ref": "jsonfile@6.1.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@6.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5d8277563ab8984a6e5c9d86893616a52cd0ca3aa170c8307faebd44f59b067221af28fb3c476c5818269cb9fdf3e8ad58283cf5f367ddf9f637727de932a5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsonfile" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "2.0.1", + "bom-ref": "universalify@2.0.1", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "829b4735082120d9dcfef4c6224d12385185357c3b255ae5454b42a2725196f6b0e83b97d303b925e928f6c5ab301861f8fb18019ee85c088e9dffd42a88328b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/universalify" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "version": "4.0.8", + "bom-ref": "get-installed-path@4.0.8", + "author": "Charlike Mike Reagent", + "description": "Get installation path where the given package is installed. Works for globally and locally installed packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-installed-path@4.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/tunnckoCore/get-installed-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-installed-path/-/get-installed-path-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e600d2b5c449481e51c7dad5df3a84e74835235f55f71af28ae99c8b6d49d20829f5a400f0bbaede556b6db8fcc95ab5c30d3d8c7ceeae01a2882ce15f8ad98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "global-modules", + "version": "1.0.0", + "bom-ref": "global-modules@1.0.0", + "author": "Jon Schlinkert", + "description": "The directory used by npm for globally installed npm modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-modules@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0ace91247f5d46a4e16ec346738f39ade01e146708ce706ef9ecf3efadf87170b15bab4c29b20a4eab1a71b71162086e03b46f7733a5d155b176a0675ebfb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-modules" + } + ] + }, + { + "type": "library", + "name": "global-prefix", + "version": "1.0.2", + "bom-ref": "global-prefix@1.0.2", + "author": "Jon Schlinkert", + "description": "Get the npm global path prefix.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-prefix@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-prefix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65b31d4d5031ed4a37e0d1e1e5998bd92aff3f9d5a97e1c9056ccf85ac6710fb4e0a59c585a3d3f93313d9612cd4bf2ce67536c8ec48b1f10e086c42c3ab32a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix" + } + ] + }, + { + "type": "library", + "name": "expand-tilde", + "version": "2.0.2", + "bom-ref": "expand-tilde@2.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or `~+` to the cwd.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expand-tilde@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/expand-tilde.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0391267ac1d6eab7e767dcac1d08cf7494678b44916abd2d8ed1b930db66f67e5352fb1853ca28ce9aed443e00a87c5c6565a556e026428da758a7cdf68ca34f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expand-tilde" + } + ] + }, + { + "type": "library", + "name": "homedir-polyfill", + "version": "1.0.3", + "bom-ref": "homedir-polyfill@1.0.3", + "author": "Brian Woodward", + "description": "Node.js os.homedir polyfill for older versions of node.js.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/homedir-polyfill@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/homedir-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7929a6584e5b6532b6368bb8834008df367daecc29ec644aa0a5d2d412d492f3ef88eaace184cdd5d8d022aad7cbd939804b5d2cfcbce898d1c2c34cf6d9c370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/homedir-polyfill" + } + ] + }, + { + "type": "library", + "name": "parse-passwd", + "version": "1.0.0", + "bom-ref": "parse-passwd@1.0.0", + "author": "Brian Woodward", + "description": "Parse a passwd file into a list of users.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-passwd@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/parse-passwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/parse-passwd", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/parse-passwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58d40fff4145c464aed82b3fab0fd5b275c135f84b8fafa64180a79c001f2d9a85ba505bf435111525ed69fa3471b5386471b6ca91fc086d625efc8784ea6d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-passwd" + } + ] + }, + { + "type": "library", + "name": "is-windows", + "version": "1.0.2", + "bom-ref": "is-windows@1.0.2", + "author": "Jon Schlinkert", + "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-windows@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-windows.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-windows" + } + ] + }, + { + "type": "library", + "name": "resolve-dir", + "version": "1.0.1", + "bom-ref": "resolve-dir@1.0.1", + "author": "Jon Schlinkert", + "description": "Resolve a directory that is either local, global or in the user's home directory.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-dir@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/resolve-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bba24e3102cef3ac5927dd33440a14d05515c2b6eda1ce53076f2b9dc1716f33aa719d629d056e3f36732e78fb60383f6b45336d89e6445f7b547e94cff5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-dir" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "5.0.3", + "bom-ref": "domhandler@5.0.3", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@5.0.3", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "720c25bffd621508859d4f7a5d78113a1f314de7adb272620ec4dced36022c577dfbf58d908a8f4f188cffca5277c548ae15c64dfd4dcb5ab586ab95a83241e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "3.1.0", + "bom-ref": "domutils@3.1.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@3.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fbf2e32642d23602180326359e4261f0249d9b2cf0f718c98eed98dafd9661f38c249bee2eb7e2149d47516bcb82197f3c0e2571d63e8545ed577f11208c464" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "2.0.0", + "bom-ref": "dom-serializer@2.0.0", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-serializer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c08900af28aab7f9d5e4440aa90a68dd24e848e57d2740e76c9ab02bb5affd3adcf76cc801867816532ef893c55b50df185b7cd594c21a00c469b7df5de2f226" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "4.5.0", + "bom-ref": "entities@4.5.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease & speed", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@4.5.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5748631f87463e1f40a39a74328458e8156ab700a3873eaf2392d3f00279e47fb883dff8bdb1f1d48e787d2d17b9c94b8431c0acf40288c8c3c6368bf1f3f187" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "https", + "version": "1.0.0", + "bom-ref": "https@1.0.0", + "author": "hardus van der berg", + "description": "https mediation", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/https@1.0.0", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/https/-/https-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e040b9edd757ae4685d31f373a3f2c33a48b4070165f0f744a4aaed8ce0011610d677174d9d14913f180440f2280eefdb5c818a86ac3eda7b87f92f7ba6da582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/https" + } + ] + }, + { + "type": "library", + "name": "inquirer-file-tree-selection-prompt", + "version": "2.0.2", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2", + "author": "anc95", + "description": "inquerer file tree selection prompt", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inquirer-file-tree-selection-prompt@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/anc95/inquirer-file-tree-selection.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer-file-tree-selection-prompt/-/inquirer-file-tree-selection-prompt-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae56d0ec1ca4819fdf9aded259cdac681072b8cb10ad487e8aa9f2e1a32868bab6e426354ed643a7171a3bea0407335e5410fbe7d7789936884877e74a75414b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt" + } + ] + }, + { + "type": "library", + "name": "cli-cursor", + "version": "3.1.0", + "bom-ref": "cli-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Toggle the CLI cursor", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23fcc7030b0a7fd16a1a85cce16591002a1bf7e48dba465377de03585e7b138b68a2e46e95b0b171487a44a5043909584c7267ce43ccc92bcf35a6922cd7cb67" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-cursor" + } + ] + }, + { + "type": "library", + "name": "restore-cursor", + "version": "3.1.0", + "bom-ref": "restore-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Gracefully restore the CLI cursor on exit", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/restore-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/restore-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97eb1279fcc7a63e6a8a6845484e5af27b9f65800cdec05254c00fb589260bee041f66a7486684317483d22cd141bbbd9dfc90f72e49ad59a9ec4f2866b523bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/restore-cursor" + } + ] + }, + { + "type": "library", + "name": "onetime", + "version": "5.1.2", + "bom-ref": "onetime@5.1.2", + "author": "Sindre Sorhus", + "description": "Ensure a function is only called once", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/onetime@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/onetime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/onetime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/onetime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91ba5a4921894d674063928f55e30e2974ab3edafc0bc0bbc287496dcb1de758d19e60fe199bbc63456853a0e6e59e2f5abd0883fd4d2ae59129fee3e5a6984a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/onetime" + } + ] + }, + { + "type": "library", + "name": "mimic-fn", + "version": "2.1.0", + "bom-ref": "mimic-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Make a function mimic another one", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-fn" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "3.0.7", + "bom-ref": "signal-exit@3.0.7", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@3.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c270f6644fa5f923c2feea12d2f5de13d2f5fb4c2e68ca8a95fcfd00c528dfc26cc8b48159215c1d1d51ae2eb62d9735daf2ebd606f78e5ee2c10860c2901b19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "figures", + "version": "3.2.0", + "bom-ref": "figures@3.2.0", + "author": "Sindre Sorhus", + "description": "Unicode symbols with Windows CMD fallbacks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/figures@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/figures.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/figures#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/figures/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c9a76e40544a2d760e1a0127e8065abbdd23de08123b28aa5d4d05f4965f79762135af899385feb38e40db38398e7b3cec60056b7e01066da45f0e17a4d71b76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures" + } + ] + }, + { + "type": "library", + "name": "inquirer", + "version": "8.0.0", + "bom-ref": "inquirer@8.0.0", + "author": "Simon Boudrias", + "description": "A collection of common interactive command line user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/inquirer@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer/-/inquirer-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38df291093cf09dca3c63f9cc6c6117ba5df0897a94f100d74d9d379bb13b90817a51c994514fdb78749c2346e6e09af9f6d022d2127a334546b25f233d5535c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "3.0.0", + "bom-ref": "cli-width@3.0.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "171aa990f3f0bb51e3b8df773a67e6e21f2e21a9d7a1f5b44715445b793944ac7e9892584ad873361a77d8acf1c72dd800467f0dcfc458dd6f651634fa43a16f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-width" + } + ] + }, + { + "type": "library", + "name": "external-editor", + "version": "3.1.0", + "bom-ref": "external-editor@3.1.0", + "author": "Kevin Gravier", + "description": "Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/external-editor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mrkmg/node-external-editor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84c438097d69d62ce6b8b63266a2cc3bfa86370d74c12bfd40308f7f35dfc85ace682492a117ea13529fd6ce5a9fae89e49642eb635ec06fa62b8f63382b507b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor" + } + ] + }, + { + "type": "library", + "name": "chardet", + "version": "0.7.0", + "bom-ref": "chardet@0.7.0", + "author": "Dmitry Shirokov", + "description": "Character detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chardet@0.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/runk/node-chardet.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/runk/node-chardet", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/runk/node-chardet/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "993f220dcae1d37a83191466a00da1981267c69965311fb4ff4aa5ce3a99112e8d762583719902340938acf159f50f39af6eee9e488d360f193a2c195c11f070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chardet" + } + ] + }, + { + "type": "library", + "name": "os-tmpdir", + "version": "1.0.2", + "bom-ref": "os-tmpdir@1.0.2", + "author": "Sindre Sorhus", + "description": "Node.js os.tmpdir() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-tmpdir@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/os-tmpdir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f6151d37562afb148bb8e57058db49936fefd9496074d2c8d4f637505edf37803ac8e19b73e45b3bff2cbbe20d8de52550638c58d6a0ebe2b35d770611557d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/os-tmpdir" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "0.0.8", + "bom-ref": "mute-stream@0.0.8", + "author": "Isaac Z. Schlueter", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@0.0.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e76d658e9285b252c4e32ab8600f475ccf6da67644a7a58a9b123226da787086ec654a4a72c09981a3c87466a25d929ef799bf744acb0790de2bb1168101f00" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mute-stream" + } + ] + }, + { + "type": "library", + "name": "run-async", + "version": "2.4.1", + "bom-ref": "run-async@2.4.1", + "author": "Simon Boudrias", + "description": "Utility method to run function either synchronously or asynchronously using the common `this.async()` style.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-async@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/run-async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/run-async#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/run-async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6f56756fd356fc73546b03a129ec9912b63f391aebff62b31cc2a6109f08ec012d9c4e698f181063023a425bb46b4a874d4a8136fea83d3b86dc78dbd4b8381" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-async" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "6.6.7", + "bom-ref": "rxjs@6.6.7", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@6.6.7", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "853770afeef260d213e67e00318a7ce4a03acb0d956b414b6b7460baf6e96b85b7239c729da059a38d5c3375ccfb843a7d1323dec058211d5502664c5d826f45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs" + } + ] + }, + { + "type": "library", + "name": "through", + "version": "2.3.8", + "bom-ref": "through@2.3.8", + "author": "Dominic Tarr", + "description": "simplified stream construction", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through@2.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/through.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/through", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/through/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3cf6a83b3c8f3001dbd7eb46cc0cff9b1680f90ef866f682e1785a793b86b6405d1c4811ac057e2a66669d3ccbd5aa52c9041722f96a8618e00fbdc0de35256" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "29.7.0", + "bom-ref": "jest-mock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@29.7.0#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21338c667f949184b864587cdf16003b3592b65a0dcc914edacf035ab138961b460fe028ae09db92228445ee3041507274818fc74e7d83aae25b906da7a2e59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "group": "@types", + "version": "3.0.3", + "bom-ref": "@types/istanbul-lib-report@3.0.3", + "description": "TypeScript definitions for istanbul-lib-report", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.3#types/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-report", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3509fb00742793f4522cec6b05b1b224cfda550fa98e3e470a06ac1717342bf2a1a004df43fe3b032525d79236c815298a18e66acf9af952413aa79cac51feb8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "group": "@types", + "version": "21.0.3", + "bom-ref": "@types/yargs-parser@21.0.3", + "description": "TypeScript definitions for yargs-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs-parser@21.0.3#types/yargs-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "238abd414f4c42fe2810ecf8b401c9b4dcf5730b8bc67d85df171cda257959da8b3e95278f7d1a52ec6dd660316131bea1ef0264c57ffbaad4e12e20443ceab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "29.7.0", + "bom-ref": "jest@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@29.7.0#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348cb7a00169f6c85d6b5f61cb81cad0745358ab4f26619d9efcb0bb4d673aa342daf660f99f9fbc90f1a4c400f3c79bd88f4471a7dc763620b03b619d84ef1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/core@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@29.7.0#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fb69e5d628c9c6b43038f32f132d624f2662e6999eb8d827a8efc718584a620fb1730e098d0d5fc6095468acf0017572c967ff70cf38190251e35e3c431c6b2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/console@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@29.7.0#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e4d8b8094ed71d08b7d88277f7c1043f846b07c795d3db173f644ea83e1b92c1eb9d3ade7b9d8fb31bd7f2da4bf0bbd3677a45cd7c8f6cd411792378d420213a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/reporters@29.7.0", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@29.7.0#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c0a6ad0a25b24e1330056231c00cd371004dca6e1c50075cb92a995be566aac3acd56ee59ab529cc8c4e60b3c1548043e636c9d90373425a5f4d1b489ad383e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-result@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@29.7.0#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15dc7eb6feb1d7396424f7165e6303006d87067691f573d277968359056c7eb6662d54f7954d5cc32c4b81199747dcabab8341a049bd04cb1f805cd34006c960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/transform@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@29.7.0#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24fc14cf17314a54cc0ee5e38746bbe70551dd472f48aecad6d46a4c690f4c0a78a534b5d02a6017f2cd585c315a6a2f7126969cdb24b357461e451102af657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "fs.realpath", + "version": "1.0.0", + "bom-ref": "fs.realpath@1.0.0", + "author": "Isaac Z. Schlueter", + "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs.realpath@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/fs.realpath.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38ed291f694ae9ad2166701d6aee48b731cf23aa5496f23b8cc567c54411b70e28c05db093c94e49a6ed1830933f81a0ae0d8c6c69d63bd5fc2b5b78f9f18c0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs.realpath" + } + ] + }, + { + "type": "library", + "name": "inflight", + "version": "1.0.6", + "bom-ref": "inflight@1.0.6", + "author": "Isaac Z. Schlueter", + "description": "Add callbacks to requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inflight@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/npm/inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inflight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93dd88fdbd3cab8c2f16c71708bbea7ec1c2ae3ac5ef2897b10b8856f544ecdf365b7f9aaa9cee51d05b7e159ccbf159477ff82207e532028b3acbcf0eb18224" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inflight" + } + ] + }, + { + "type": "library", + "name": "path-is-absolute", + "version": "1.0.1", + "bom-ref": "path-is-absolute@1.0.1", + "author": "Sindre Sorhus", + "description": "Node.js 0.12 path.isAbsolute() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-is-absolute@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-is-absolute.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0156f0dd42767bd6eaeb8bd2692f409b47e37b53daf296c6a934ec9977da2223299ebe4394385f24eb8b8fd49ff7964f5430147ab0df124f3c30f98f7bb50242" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-is-absolute" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "6.0.2", + "bom-ref": "istanbul-lib-instrument@6.0.2", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@6.0.2#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5652c67d475940d07b414a8853926dfd5933e534a489e62164ed4c2a5e404ba07413fa17ea3ec7ec4c356e65d286681c27edd8a7f5b4bb4ac9e802bf78de1bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "make-dir", + "version": "4.0.0", + "bom-ref": "make-dir@4.0.0", + "author": "Sindre Sorhus", + "description": "Make a directory and its parents if needed - Think `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/make-dir@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/make-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8577544d960854eb75131fff8c0422fb04d9669529c018ffd10b0ecea7a06f7ac630c78989212ee712c79d87c1ad1578447dbe38248e3bde48b3fef1d562786f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-dir" + } + ] + }, + { + "type": "library", + "name": "source-map", + "version": "0.6.1", + "bom-ref": "source-map@0.6.1", + "author": "Nick Fitzgerald", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map@0.6.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mozilla/source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mozilla/source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mozilla/source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map" + } + ] + }, + { + "type": "library", + "name": "html-escaper", + "version": "2.0.2", + "bom-ref": "html-escaper@2.0.2", + "author": "Andrea Giammarchi", + "description": "fast and safe way to escape and unescape &<>'\" chars", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-escaper@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/html-escaper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-escaper" + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "29.7.0", + "bom-ref": "jest-worker@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@29.7.0#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "788cf69ac2ff1332fd5054c5171ee305391e65f92ed32500c99659989f771f64d8122ae8231d8f42311773062d625f335c2c5bf8f02603684b22dffa64490f1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "char-regex", + "version": "1.0.2", + "bom-ref": "char-regex@1.0.2", + "author": "Richie Bendall", + "description": "A regex to match any full character, considering weird character ranges.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/char-regex@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/Richienb/char-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Richienb/char-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Richienb/char-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "916597cedbd9e5205057e79180a15e87cab9b0bb99636fbc5942339715954e0fa81b0635e2aca5c7529b2b31ddf0fe99624020d31c880d4f4930787224c6758f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/char-regex" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "2.0.0", + "bom-ref": "convert-source-map@2.0.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afa78e7d1eb576144275080b22d4abbe318de46ac1f5f53172913cf6c5698c7aae9b936354dd75ef7c9f90eb59b4c64b56c2dfb51d261fdc966c4e6b3769126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "29.7.0", + "bom-ref": "jest-changed-files@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@29.7.0#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c402b162c1fd41a50fb86d74a9adc0dcdffc781d2ccbe1a976b68cf05690c5a6cc402e32d87728882b87b9573eba1902486d727cdbedf93edcaca1fa6d357db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "get-stream", + "version": "6.0.1", + "bom-ref": "get-stream@6.0.1", + "author": "Sindre Sorhus", + "description": "Get a stream as a string, buffer, or array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stream@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6ce968beda3de3423aa2ef4c3902537c0c59e44b00be32a9b113374400b076a976585775ff6f50937e03cb18934c7805b174f7d4f053b59acdcd51f68708f62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stream" + } + ] + }, + { + "type": "library", + "name": "human-signals", + "version": "2.1.0", + "bom-ref": "human-signals@2.1.0", + "author": "ehmicky", + "description": "Human-friendly process signals", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/human-signals@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/ehmicky/human-signals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://git.io/JeluP", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ehmicky/human-signals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07814567aabf4f68e1864b2091b116dc706f5887c35bce6c9e44206b0b74ed2ec9e505d393a064355fb4c80799acce50a4c01d625a1c1a89639f4b09fd642417" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/human-signals" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "4.0.1", + "bom-ref": "npm-run-path@4.0.1", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm-run-path" + } + ] + }, + { + "type": "library", + "name": "strip-final-newline", + "version": "2.0.0", + "bom-ref": "strip-final-newline@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip the final newline character from a string/buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-final-newline@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-final-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-final-newline" + } + ] + }, + { + "type": "library", + "name": "yocto-queue", + "version": "0.1.0", + "bom-ref": "yocto-queue@0.1.0", + "author": "Sindre Sorhus", + "description": "Tiny queue data structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yocto-queue@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yocto-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad592cbec9cd09d27fa2119ceb180fc3237c7a1782c6c88b33c9b1b84fedfe6395a897b03ee3b59a22e94c74224604ca08b7b12f831e00555a82db3b1e6359d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yocto-queue" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "29.7.0", + "bom-ref": "jest-config@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@29.7.0#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b976e97de43b47a4d906a237fd3c42538ab8b6d937bb43c9782f84d336df4a84a3aba6c9edbb813f1cd03cbd227eb918e0336ee0951d9342269415188bce3479" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config" + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-sequencer@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@29.7.0#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190c09e56655aca9ce26e898880179d94354257813671d4d1e3152101d2a10c99264a02474ca08cf0fc28fac7a345e00bd5db7014a83a45cd090dfde602613c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "29.7.0", + "bom-ref": "jest-haste-map@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@29.7.0#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cff2eda9c9fab1d0ad6b1a7d51f69c84d3f2939fe1bb3f192d5a274e053a853cb617d1bf64b1a3059212b9beb4b70d5ba7d3da5c90b765c7dd10b61956ec098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "29.7.0", + "bom-ref": "babel-jest@29.7.0", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@29.7.0#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06bbc6637c594b011c0b32af2ac0a2d86807a83aac62438fe3f6f2e710a023019743120487ef1ec37826ac4d72ed7451e8b1d9223eb22d89d48bf9a6d8a5ca06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "29.7.0", + "bom-ref": "jest-circus@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@29.7.0#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc4d6708c822a5c4e40a8705c0cf745d741a6fd6d2f8632c8dda663eb95e95ac700fddc077c8951235ffbef1cf74b3e715ff8be34bbee7e8aeb51740d4df66cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/environment@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@29.7.0#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69021f1c3ab7dc4c6c3788cfd4d5865e1c6043fc22c6ceb480388a3be5d531df0c9f43563d681cdf86500d36f68ca694590eccbb0a22b5702c3765d55cd32903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@29.7.0#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e31e00cc9cb6da6f6b73f59411c1f157224bd5745c0af71b298fa62a5dc905db05cba190b40e49ef04fe9f7647201d4e84ba643d6d1645fe0a486810213475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "29.7.0", + "bom-ref": "jest-snapshot@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@29.7.0#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "466d01316b7105c8a81ebd7f397e5808ff14a2fe2b887bca3e49ce1acf34e1983d2466609880646ed971242ffb6789ac29855b209b5f53eb4a6fcc6560d7dd93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "1.5.3", + "bom-ref": "dedent@1.5.3", + "author": "Desmond Brand", + "description": "A string tag that strips indentation from multi-line strings. ⬅️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@1.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34742d7ce396ebc583f25832a5b2c0e684fe06dd315c986262fa11e929a635765fa733865f074a5a67301bc37b3f0555595dde17febc9e60fd05a252b13061c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "29.7.0", + "bom-ref": "jest-each@29.7.0", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@29.7.0#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "827b3e12bd78f99ac4a02e5f84e7d8098d4b3871ebd1323ead0507652f13b70da5ee097ef3478773f8057f62ad930d3e4880020d3796be915cbf7074e157a66d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "29.7.0", + "bom-ref": "jest-runtime@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@29.7.0#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8149cb8e0c1d1aa5bb0782ef38891b2acf5619b9fe40ba91410f63b82e879dd78389ecc8c210cffa684cc0758211c7d0e515176ba38f9c517c049879c5e830c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "pure-rand", + "version": "6.1.0", + "bom-ref": "pure-rand@6.1.0", + "author": "Nicolas DUBIEN", + "description": " Pure random number generator written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pure-rand@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/dubzzz/pure-rand.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d559ac2fa19a01629a7ac88a10b505c76639b3df94525479d439379f97c55c8ebf2c9d33d8d709e948f3167a4705c1bc48ea0b664fbad260f16fcfbd6576238" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pure-rand" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "29.7.0", + "bom-ref": "jest-environment-node@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@29.7.0#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ce4b0091a978ab4ceca178cfb87796193ab59c76ed0b359f3b7b0528cb06dc6f65d1e302a0aa21bcbcd798c218c531b1247e3bbbc31d86607d0fda07af1af17" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/fake-timers@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@29.7.0#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab80c7d476b84d314f7712eca835cad5ddfe8a848bef22f9a023096600d89ba8bee82ca05b9139c55aff0f51ddb06c63b7565649f500b3d3b1481fc135e956ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "29.6.3", + "bom-ref": "jest-regex-util@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@29.6.3#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "289241b110b2c8b35608d04ebd9c910e70087d489127cbfe84e0506069fc803c85dd47a0c223f8830451dff4836b8da0d586d5c9c4e2754177aca8f22c50d66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "29.7.0", + "bom-ref": "jest-resolve@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@29.7.0#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20e561652ae0f94bd502c843483b47c8508205497f43700026ff2267a6639d9ef8c73bf0bb32d789df482083e04e763ad922637eeba930a66c65046c0afc4480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "29.7.0", + "bom-ref": "jest-runner@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@29.7.0#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ec73837a70f0806a1c9b1817d345cab9c0547a7e92f39cc838eec639683a6ca1e8ce7156056f4ec01ee4a747496231c3d3801b00dd924bea414e8cf768362a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "29.7.0", + "bom-ref": "jest-validate@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@29.7.0#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "641ef01ea691195c3ff61493fceb85511786eccf2f29eab4fc9d9e80818b76f8c70a662a180461cd79ad822fa055e679b97145db5f5a39cdcbb36c8b836eed93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate" + } + ] + }, + { + "type": "library", + "name": "bser", + "version": "2.1.1", + "bom-ref": "bser@2.1.1", + "author": "Wez Furlong", + "description": "JavaScript implementation of the BSER Binary Serialization", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/bser@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/docs/bser.html", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bser" + } + ] + }, + { + "type": "library", + "name": "node-int64", + "version": "0.4.0", + "bom-ref": "node-int64@0.4.0", + "author": "Robert Kieffer", + "description": "Support for representing 64-bit integers in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-int64@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-int64.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-int64#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-int64/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b9973f75c5239ea173fa0ee9721df965a6af84834d0c5a2b5921bb4f7e8484bea207765e607dc63a858cc35a78f4a83e6dcf9d8f234f2ef6a52f49579405e1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-int64" + } + ] + }, + { + "type": "library", + "name": "makeerror", + "version": "1.0.12", + "bom-ref": "makeerror@1.0.12", + "author": "Naitik Shah", + "description": "A library to make errors.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/makeerror@1.0.12", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-makeerror.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "266a82bd4866b78de669d9691731b8050cc6d99de6eadbd00cd29d0a56673b755b22e749626c6c4f414d24c7a2076f894d295341349b53c41d7ac566c097262e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/makeerror" + } + ] + }, + { + "type": "library", + "name": "tmpl", + "version": "1.0.5", + "bom-ref": "tmpl@1.0.5", + "author": "Naitik Shah", + "description": "JavaScript micro templates.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/tmpl@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-tmpl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddfd2e384010c08a86b965b6315cd883c7d5fd036773f229b89346f37eeb2ee73301a2d51ec9561d9423e081a2125e47b379246e1c0bf406fb1ebb26ba3f929b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmpl" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "29.7.0", + "bom-ref": "jest-resolve-dependencies@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@29.7.0#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d330ffeaac49f92d1eb7b5b1788dc7e5749ef654c1051edb3870875e4291ea5b86e66c030e5233550d15e5c642ba84e011d71dc334e085891359fb9b8be9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "2.0.2", + "bom-ref": "resolve.exports@2.0.2", + "author": "Luke Edwards", + "description": "A tiny (952b), correct, general-purpose, and configurable \"exports\" and \"imports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f6516e8dc379ff68c803572fb4ad2aa01e5bf7f56640959ad709d9dbc8488a9b5ec34aa1d7e0c99031a493dc56de591e454ee45c530600ce265a8e38b463b9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.13.1", + "bom-ref": "emittery@0.13.1", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0de5b06b093aaf9c91f631609c3298b78b0b4b42e61c9262dd93a76f9fc975b6308f79d6f85c509c72238412b3f182c2ee844d3d533d350e3b237095c77e1ea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "29.7.0", + "bom-ref": "jest-docblock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@29.7.0#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abad7b02ec3703ad7682ec9a160b1b15e62934fe6dd9aa1434bc0151b73fd240f5478b7d8b10dbc854c77759e89387a9a15169afb3e67961eb86fb95dd7689e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "29.7.0", + "bom-ref": "jest-leak-detector@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@29.7.0#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91803c20971262d493d8163d23e48c0b7da70e9053dc9d8dbd6271f3e242b82765fc247523810a50944e88ff17b42731aa04d304624d75b07503c5d129b4deb7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "29.7.0", + "bom-ref": "jest-watcher@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@29.7.0#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e3d160ed65e4537565da1e8b6cbb4c43f1f207aad74885fb4aabc12d09acb1104637d2343cdbcf980982592398e923afae3848fc5eff6c602ff51b67b0f034de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/globals@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@29.7.0#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a98b3dddbad2db916d8c345b9b50650454b9131a2a96eb22d54c0f896cfe9f23a27988bf58d0d960f24f79a5c17c72d2b0092ed6571b5e06cdbd8617c0a2dcd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/source-map@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@29.6.3#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3078d3f7942e8a970fae92ccfbc24c4b3171e9e1e9e419bee177850c9970b2f5418e628d88802f6ac18ad9fc73d966c64659efa9e8456e1d3b30c6bb9f76099f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-jsx", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-jsx@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of jsx", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.24.1#packages/babel-plugin-syntax-jsx", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-jsx", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e0adc595dffa46e4308b174b8a684ef4f862ee6b5e245afbdc46553e7aada8218e605328ca4535cf51e080e20787a66a8f5e3b6d8ec7b0b1b891bb060131a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-jsx" + } + ] + }, + { + "type": "library", + "name": "helper-plugin-utils", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/helper-plugin-utils@7.24.0", + "author": "The Babel Team", + "description": "General utilities for plugins to use", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-plugin-utils@7.24.0#packages/babel-helper-plugin-utils", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-plugin-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-plugin-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c5339d7306d3e17146e25fbcbf364254ea2338555bdb0bd0a8cc3c784038ebe94062fc42d7719c12882e306ac651f2962cf4c826b51bdd3765723f16e1f2db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-plugin-utils" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-async-generators", + "group": "@babel", + "version": "7.8.4", + "bom-ref": "@babel/plugin-syntax-async-generators@7.8.4", + "description": "Allow parsing of async generator functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-async-generators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-bigint", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-bigint@7.8.3", + "description": "Allow parsing of BigInt literals", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c274e71651be631426def0f1a46139ecf8f4b2b454e2c1c4fe60e4b75aafd9824949e50079cda66b858b52750f78a8f2adf9ed5707bf37a7425e953eccbdcda6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-bigint" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-class-properties", + "group": "@babel", + "version": "7.12.13", + "bom-ref": "@babel/plugin-syntax-class-properties@7.12.13", + "description": "Allow parsing of class properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13#packages/babel-plugin-syntax-class-properties", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-class-properties", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-class-properties", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e6e227632a56b461a85436014d2c2074ab249db283e264fde2404deb932d26054b4c676df20c9f5225d83a7574d20e7ba5395aa21771e0afd9db5ef5d341960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-class-properties" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-import-meta", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-import-meta@7.10.4", + "description": "Allow parsing of import.meta", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4#packages/babel-plugin-syntax-import-meta", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-import-meta", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62a7e6f970f1d3e3eb8775527844023d4f35c82f89599da90cf1524b865da5f661a7832414c6830b552ab1ea2f10ac125299c82fbfaf2be0a5a7b6df874883ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-import-meta" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-json-strings", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-json-strings@7.8.3", + "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-json-strings" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-logical-assignment-operators", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "description": "Allow parsing of the logical assignment operators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4#packages/babel-plugin-syntax-logical-assignment-operators", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-logical-assignment-operators", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77cc1a4a19691438a743932dbc653dc4300ecca1f8efe145a277b2d9b68522832bf79da128e2e9d4747b56cce866f3ac57fe3e451b33358ec3d7b6dad2d7b48a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-logical-assignment-operators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-nullish-coalescing-operator", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "description": "Allow parsing of the nullish-coalescing operator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-nullish-coalescing-operator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-numeric-separator", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4#packages/babel-plugin-syntax-numeric-separator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-numeric-separator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-numeric-separator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-object-rest-spread", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "description": "Allow parsing of object rest/spread", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-object-rest-spread" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-catch-binding", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "description": "Allow parsing of optional catch bindings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-catch-binding" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-chaining", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "description": "Allow parsing of optional properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-chaining" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-top-level-await", + "group": "@babel", + "version": "7.14.5", + "bom-ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "author": "The Babel Team", + "description": "Allow parsing of top-level await in modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5#packages/babel-plugin-syntax-top-level-await", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-top-level-await", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-top-level-await", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "871fbeba92efe54d6b8187f07b5c41414851994e35344be952fae9f2392b48276f1929cce7fa9d44cb72949e8f1b938590168791b4c02939dddff63211244717" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-top-level-await" + } + ] + }, + { + "type": "library", + "name": "pkg-dir", + "version": "4.2.0", + "bom-ref": "pkg-dir@4.2.0", + "author": "Sindre Sorhus", + "description": "Find the root directory of a Node.js project or npm package", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pkg-dir@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pkg-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1d10f36da2a30be00e5955f1014ff1e7808e19e22ff5e6fee82903490a0d4ede17c96a0826fb8fb178b3c6efc5af6dc489e91bb59c2687521c206fe5fdad7419" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir" + } + ] + }, + { + "type": "library", + "name": "resolve-cwd", + "version": "3.0.0", + "bom-ref": "resolve-cwd@3.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from the current working directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-cwd@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-cwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3ab65a5f631bfab242a47ffa0a94aab7dc4556937efb1d355e737689ef60e8fe7fdf17a52c0917595003a5dcf52070ff2857c45f213a574534d4e43750edab12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd" + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "29.7.0", + "bom-ref": "jest-cli@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@29.7.0#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3955686f0d88b9b37f19262cc444e2fa039eeca6b9f4414c47fb70394dc96f61a728a78c189079486514ac4cf7485566240494759533cbcdec2cd350da066c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "create-jest", + "version": "29.7.0", + "bom-ref": "create-jest@29.7.0", + "description": "Create a new Jest project", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-jest@29.7.0#packages/create-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/create-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "01dcf66dd1f456adc5e772843093a87ed405bad582ba49ba276e306cf5913b893590c63b812eddb3fba826436e57cc030ad5969eec06709c2959c8a1fb3116d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-jest" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "8.0.1", + "bom-ref": "cliui@8.0.1", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05278d9f2bacef90b8fff350f6042dd7f72c4d7ca8ffc49bf9a7cb024cc0a6d16e32ca1df4716890636e759a62fe8415ef786754afac47ee4f55131df83afb61" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cliui" + } + ] + }, + { + "type": "library", + "name": "get-caller-file", + "version": "2.0.5", + "bom-ref": "get-caller-file@2.0.5", + "author": "Stefan Penner", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/get-caller-file@2.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/stefanpenner/get-caller-file.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-caller-file" + } + ] + }, + { + "type": "library", + "name": "require-directory", + "version": "2.1.1", + "bom-ref": "require-directory@2.1.1", + "author": "Troy Goode", + "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-directory@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/troygoode/node-require-directory.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/troygoode/node-require-directory/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/troygoode/node-require-directory/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c6c4423bfb0b06f71aef763b2b9662f6d8e3134e21d1c0032ba2211e320abc833a0b0bf3d0afb46c4434932d483f6d9019b45f9354890773aff84482abba2f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-directory" + } + ] + }, + { + "type": "library", + "name": "y18n", + "version": "5.0.8", + "bom-ref": "y18n@5.0.8", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/y18n@5.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/y18n.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/y18n", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/y18n/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d297c5cde81e0d62472480264cb44fd83c078dd179b3b8e8f6dbb3b5d43102120d09dbd2fb79c620da8f774d00a61a8947fd0b8403544baffeed209bf7c60e7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/y18n" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "2.0.1", + "bom-ref": "argparse@2.0.1", + "description": "CLI arguments parser. Native port of python's argparse.", + "licenses": [ + { + "license": { + "id": "Python-2.0" + } + } + ], + "purl": "pkg:npm/argparse@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f3ef56a9e6db173a57f4e47e59ae8edbd6ac22881e44ccdc1ad00835da4c1c7c80835d1fd3969215505b704a867ff3d7c35123019faadbf6c4060dc3beeacadd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "json-colorizer", + "version": "2.2.2", + "bom-ref": "json-colorizer@2.2.2", + "author": "Joe Attardi", + "description": "A library to format JSON with colors for display in the console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-colorizer@2.2.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/joeattardi/json-colorizer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-colorizer/-/json-colorizer-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7aa19b70575a625eb42744d4ed25ea91bfe07d63f7570182ea04169897f08e71476867180b04b00ef3cf829e46d3e8cc4db3473913d98f0486f6b0570dcf7bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer" + } + ] + }, + { + "type": "library", + "name": "markdown-diff", + "version": "2.0.0", + "bom-ref": "markdown-diff@2.0.0", + "author": "Martijn van Duijneveldt", + "description": "Generate a diff between two markdown files in markdown format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-diff@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/martijnvanduijneveldt/markdown-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-diff/-/markdown-diff-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "625ac74890b6ac0b1e707082ddce556a178aec6a6dd749040552aa2b9012ead91b4e2fa1bfe9393d73e517e8aa010ff7e9720d36aaab2baf13f6811a66a49174" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff" + } + ] + }, + { + "type": "library", + "name": "marked", + "version": "12.0.2", + "bom-ref": "marked@12.0.2", + "author": "Christopher Jeffrey", + "description": "A markdown parser built for speed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/marked@12.0.2", + "externalReferences": [ + { + "url": "git://github.com/markedjs/marked.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://marked.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/markedjs/marked/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a97526edefd8285a2a14f60f6b752483dc6523973202d1a6c8423331f5bffe6ea45f00b2d8fb3d0d87f98a88a314a43cab2bac72b1e8634e2224672dbb62a0d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/marked" + } + ] + }, + { + "type": "library", + "name": "markdown-table-ts", + "version": "1.0.3", + "bom-ref": "markdown-table-ts@1.0.3", + "author": "Jiri Hajek", + "description": "A zero-dependency library for generating Markdown tables written in TypeScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-table-ts@1.0.3", + "externalReferences": [ + { + "url": "git+https://gitlab.com/jiri.hajek/markdown-table-ts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts/-/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-table-ts/-/markdown-table-ts-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ae9ec55e606aa661a6b0417dd969d2ba476062f2e6d7914f20e0d93b1f7ede7a1b9312718c161cb33a997f956a4e306d2123d2342ef38d4f68df3c292fa01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-table-ts" + } + ] + }, + { + "type": "library", + "name": "mocha", + "version": "10.4.0", + "bom-ref": "mocha@10.4.0", + "author": "TJ Holowaychuk", + "description": "simple, flexible, fun test framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mocha@10.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/mochajs/mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mochajs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mochajs/mocha/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mocha/-/mocha-10.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7aa84607c24a6a9118702e32b57ff1af329fa2b8047378f5a469405d5cb7791c2bb40cb9fe721f4f54af806cdf3745d967178bab46905a4394026a88262bfe6c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "browser-stdout", + "version": "1.3.1", + "bom-ref": "browser-stdout@1.3.1", + "author": "kumavis", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/browser-stdout@1.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumavis/browser-stdout.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa1015235f80bf65fba9e94e7c0218c1738da2877a5e5644fdf5da052996fd3e52ccb0260a0ce2f9e89613b7d4bdb1da78d0501f5dd47ed8e95f1b1f2e432983" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browser-stdout" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fill-range", + "version": "7.0.1", + "bom-ref": "fill-range@7.0.1", + "author": "Jon Schlinkert", + "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/fill-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fill-range" + } + ] + }, + { + "type": "library", + "name": "to-regex-range", + "version": "5.0.1", + "bom-ref": "to-regex-range@5.0.1", + "author": "Jon Schlinkert", + "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/to-regex-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-regex-range" + } + ] + }, + { + "type": "library", + "name": "is-number", + "version": "7.0.0", + "bom-ref": "is-number@7.0.0", + "author": "Jon Schlinkert", + "description": "Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-number.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-number" + } + ] + }, + { + "type": "library", + "name": "is-binary-path", + "version": "2.1.0", + "bom-ref": "is-binary-path@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a file path is a binary file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-binary-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-binary-path" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09e87eee8c79a9eecb26e2c7a18d1f7a1de91ee5031c071151ec8bd95620859c1fa64348cbffbc39c8346b752e4a86336af9b2970b8b59039fde19748e330c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/binary-extensions" + } + ] + }, + { + "type": "library", + "name": "readdirp", + "version": "3.6.0", + "bom-ref": "readdirp@3.6.0", + "author": "Thorsten Lorenz", + "description": "Recursive version of fs.readdir with streaming API.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "externalReferences": [ + { + "url": "git://github.com/paulmillr/readdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/readdirp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/readdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readdirp" + } + ] + }, + { + "type": "library", + "name": "wrappy", + "version": "1.0.2", + "bom-ref": "wrappy@1.0.2", + "author": "Isaac Z. Schlueter", + "description": "Callback wrapping utility", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/wrappy@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/wrappy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/wrappy", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/wrappy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9784a9fc346c7a8afdc0be84bd5dbe4ee427eb774c90f8d9feca7d5e48214c46d5f4a94f4b5c54b19deeeff2103b8c31b5c141e1b82940f45c477402bdeccf71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrappy" + } + ] + }, + { + "type": "library", + "name": "is-unicode-supported", + "version": "0.1.0", + "bom-ref": "is-unicode-supported@0.1.0", + "author": "Sindre Sorhus", + "description": "Detect whether the terminal supports Unicode", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-unicode-supported@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-unicode-supported.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "927c46daae140b7bbcb2d446c8054908e771166bf90d989171d94868041701b49f2726be3a1a29368b4b42bb2d061aaeaaee19a6e29b0dcffc4ba9a05e03c53f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-unicode-supported" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "serialize-javascript", + "version": "6.0.0", + "bom-ref": "serialize-javascript@6.0.0", + "author": "Eric Ferraiuolo", + "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/serialize-javascript@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yahoo/serialize-javascript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "42bdd3a2cbe0b85b7c78f5aab2f45facac905c8896fa719b629cbc5cadb83501c4f3771ac56b7e988ca64d3d7d0c615b35634b7c4c2cae44a637ae2555607d6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serialize-javascript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "randombytes", + "version": "2.1.0", + "bom-ref": "randombytes@2.1.0", + "description": "random bytes from browserify stand alone", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/randombytes@2.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/crypto-browserify/randombytes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd897788e5fee022945aec468bd5248627ba7eca97a92f4513665a89ce2d3450f637641069738c15bb8a2b84260c70b424ee81d59a78d49d0ba53d2847af1a99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/randombytes" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "workerpool", + "version": "6.2.1", + "bom-ref": "workerpool@6.2.1", + "author": "Jos de Jong", + "description": "Offload tasks to a pool of workers on node.js and in the browser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/workerpool@6.2.1", + "externalReferences": [ + { + "url": "git://github.com/josdejong/workerpool.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/josdejong/workerpool", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/josdejong/workerpool/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b10813dee40d9bc5f566fd7fa8796972b8b304a528651c3841a22186f638ebbf22b0d4f62c23d1f0fffd2b00e84e626f0271a44be1ba59496384a5e0672903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/workerpool" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "20.2.4", + "bom-ref": "yargs-parser@20.2.4", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@20.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e92980d84f4e513bde1e1514016c3a7a262556a8bcef15a8b0f3cb9b1a0a1441150141a0c622ae8c325be43d1c1e07145e19ed5653886de24b3249036f7244" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-unparser", + "version": "2.0.0", + "bom-ref": "yargs-unparser@2.0.0", + "author": "André Cruz", + "description": "Converts back a yargs argv object to its original array form", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs-unparser@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-unparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ee9453200f5073571a6746d9e9161119b1c9b61256b9a91ff969872b4ad578b90daeb1a17e869b04d76e7ba91d20d23aaf889fee872af5a0ff9fbc7028e77338" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decamelize", + "version": "4.0.0", + "bom-ref": "decamelize@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decamelize@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decamelize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f621353e04a293d1de208c3624ef78222767137781a10ac5277c3bb05bb3497e03a66677bf9b19a54895e52c1c7fa990105f98d2bbbc35ea3ea7e9f287627e85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decamelize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "2.1.0", + "bom-ref": "is-plain-obj@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6169dfc91c312fff92b2b5987cea54b73e5bdd80fe9f27e41ef8db71a9f393cce0c8ee00483ebbb95311b7c9396cce252cc0e75dfae24613a97a6c3e35f4f578" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "version": "5.2.0", + "bom-ref": "mock-fs@5.2.0", + "author": "Tim Schaub", + "description": "A configurable mock file system. You know, for testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-fs@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/tschaub/mock-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tschaub/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tschaub/mock-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-fs/-/mock-fs-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9d17647a60c4996e98a9d55d561ca18b363aff938f2e40296a3156f91f730ebf073daa1622b37fc859b8f4daa220fd8f0c0d7285178739bf4af1c76a3ac5367" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "version": "1.3.6", + "bom-ref": "objects-to-csv@1.3.6", + "author": "Anton Ivanov", + "description": "Converts an array of objects into a CSV file. Saves CSV to disk or returns as string.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/objects-to-csv@1.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/objects-to-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/objects-to-csv/-/objects-to-csv-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfcdde4a94b786680292c5bce4a22a06d71b8125b90c356c0a6ccba0ce82deae32cce5f6ae6b56c45e296cb27be9fcfeb9f03ee3f4b0013e1075a63a2145a602" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "async-csv", + "version": "2.1.3", + "bom-ref": "async-csv@2.1.3", + "author": "Anton Ivanov", + "description": "ES7 async-await wrapper for the csv package.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/async-csv@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/async-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-csv/-/async-csv-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a9b0237e0fb9b365eaab943c3b5133e1bc3403971d62f35f44f5f6ca22df1dae48040f91523a506fdd193ffac5dd7af9cedb0c2546454e43891d4f4032a8fa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-csv" + } + ] + }, + { + "type": "library", + "name": "csv", + "version": "5.5.3", + "bom-ref": "csv@5.5.3", + "author": "David Worms", + "description": "A mature CSV toolset with simple api, full of options and tested against large datasets.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv@5.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv/-/csv-5.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "413698d178e385340e760b80445d2518a9b9fe612af4f0fdfd585965e8070c806adad43080da47737767783e261a8da226cf9f4cabf9069d1f67e051b98dd9d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv" + } + ] + }, + { + "type": "library", + "name": "csv-generate", + "version": "3.4.3", + "bom-ref": "csv-generate@3.4.3", + "author": "David Worms", + "description": "CSV and object generation implementing the Node.js `stream.Readable` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-generate@3.4.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-generate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/generate/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-generate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-generate/-/csv-generate-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3f4feaea474bf0bc7a96b3fd59c8c0d6b471d225a374ea4951a895c11290c968cffe75992ca3438a87555cbae62f2b75cce772b2b1536af0aa3f7a908af303b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-generate" + } + ] + }, + { + "type": "library", + "name": "csv-stringify", + "version": "5.6.5", + "bom-ref": "csv-stringify@5.6.5", + "author": "David Worms", + "description": "CSV stringifier implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-stringify@5.6.5", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/stringify/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e3890eb9f5a43e7d44d0a92addd571039ceaf9da3877d1106eadfce4b1c684dad3da16c0c7e703801c98b0f17007a614649c2c0c504f4a45ac9ce0afcd6cef0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-stringify" + } + ] + }, + { + "type": "library", + "name": "stream-transform", + "version": "2.1.3", + "bom-ref": "stream-transform@2.1.3", + "author": "David Worms", + "description": "Object transformations implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-transform@2.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-stream-transform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/transform/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-stream-transform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-transform/-/stream-transform-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f461d488ce613220a2e98d378c3d80442d5eb6d0579100684007bb9c9b0f9279c8d28c35d1a5e34e77b0f10b584262e3ce7f7be019e658400980263a64fd4379" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-transform" + } + ] + }, + { + "type": "library", + "name": "mixme", + "version": "0.5.10", + "bom-ref": "mixme@0.5.10", + "author": "David Worms", + "description": "A library for recursively merging JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mixme@0.5.10", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-mixme.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/adaltas/node-mixme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-mixme/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mixme/-/mixme-0.5.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e47efa00d5a29c1d47dedc2927a258f2ebc0b69985bc7340ae98a52408d744a5d20c32cf20ca1902bc39487d2af73fa52ecf08accc3b436556a568a614a153d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mixme" + } + ] + }, + { + "type": "library", + "name": "oclif", + "version": "4.13.0", + "bom-ref": "oclif@4.13.0", + "author": "Salesforce", + "description": "oclif: create your own CLI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/oclif@4.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/oclif/-/oclif-4.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c12b4e4be3963c2c513ca2bc87a037648009aeed940377b6f568d791ad2085e0fd64a60375495d8e3b6df2d2930dfac3ac64009d17f06de32f4baea28620726d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-cloudfront", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Cloudfront Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-cloudfront@3.575.0#clients/client-cloudfront", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-cloudfront", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-cloudfront", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a3a39ffdc9954b510287ef7fc531f8267a2b003663279a9c563b7b40ef5cad4106549b9183585e20e327c7a14d6745e453c284854a1c3b32f69d641a6e08693" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "xml-builder", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/xml-builder@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "XML builder for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/xml-builder@3.575.0#packages/xml-builder", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/xml-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/xml-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "716800c266c560d085ccfc312fbd39fa55a9b3417766f39c92e7ddd8a2a8119526b69570f7fb7151736b3f24945d29914d2461a1ab4830004d7d2b56474e376d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/xml-builder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-waiter", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-waiter@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for client waiters for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-waiter@3.0.0#packages/util-waiter", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-waiter", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-waiter", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9f1172711832c2a2a44a5529a8d1ab86c5aa9b882a3ef28a61fb86ae79f62368dc6338b2926363315507d1ce8eb93da66fe1fafee655a0f9abbbbd2b8927fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-waiter" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-s3", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-s3@3.583.0#clients/client-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a52ef09dcba04ae210f1182d44813d0f2b2d76677798c9e37e388ed62035521197932020a09cd0e231f4afee57f9e5a660761071fcbd7d44174f682a577b7d18" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sha1-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha1-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "349b61e5cf7dec62c7b3a9ce613cc52936d874c340ebfd5794a5609d9a1a65c43bcfb50994e823d8975b1c4f2d8982d2ddfcd734282e72defb48f19ab76ada4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/region-config-resolver@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.577.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e0284214008dc33ab1ff18e0df3805716f00962e91f42f797051022964ffec250cd43d0c1af91c9521f670b6ab9870a626053aa272a426ba05b56a74907860ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.577.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eabed1636d232dc9c653595c037bc0d15a8beea0c6c0e789e1528670554eab5bd3920fa359586479d7605418715a5b35b45a0f3ef838f5d05aca4c6d97b6a7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-env@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.577.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "271bb6e798f4813a0c1848aab9f3fc66d288f075bdd2538b8f02772eb7650ff34bb00634b4e41fd5f59ce77bb6f215a698d18cc660ab2f6a7ae883a030384353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-process@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.577.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a29fa056b4e897c488084eb27737073e6363f5b954fa86e611e0471b03f0c950f5b23b49fdcb95052dec0fbd56cb9119f5e49784a84ac12d4ac772592238ab7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.577.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6461c6351682b49266b336fd5139c2ee2ccd0ad454b6d74f94b74c921e3528f4b7daf7ddac10c7b3526ba5b6628c8b518f5c4ab8e5ec8984972c068719c2e1f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/token-providers@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.577.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d02908669702dc3350250d610e39b66dd4b2fd78ececdcb962f4ac69c6ac18e90d7e4f85764890cba37aedb657dd96dcf4a231f8dcf86eede20de3523699679d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso-oidc@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.577.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e398a48f0d6b9e59661516915c6763f77c8ebfa5d4150dad05802c986613a724b8041d921c04183502c9e455669c06e2e8a69f5756dda6fbb84eeae818d7fd6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sts@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.577.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e74f4a9258a6bdad575658466e94e9797de438fe8e4699b8e2dc09c431e96bd4d445b9a86b18fbbde5a59cb09b0e8af10d3adbb03821bd866c86f70bb288d5a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.576.0", + "bom-ref": "@aws-sdk/core@3.576.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.576.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.576.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "283bc395b7a2a524c87fe7df2ad4e0d66e35f532bbb3d9994960bc6efb99f6ac7afec8d014e5c828e56acae962e839dfc466ef45cc2846e63df4e7021f537fd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.577.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a96751ce32cad704d7337341d0a6fd15323a80129734f43500ed183781425f9fcba684c2fb03b6d79d4caa3c0f92e78ab7f7b51883595e40a7529f6dce8b041" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-user-agent@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.577.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f9e470178309a21c7a45c792443ef3a701b7e137bbfab16bfd3c142cfb3dad0bb42205c3d2d1c74947a3df57b2759f854f2b9dbf3a7acade5f55c5d43b32cd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-endpoints@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.577.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "163b94cf529dcb8665cb6abf739f2da5da8777acfb88e754fdc698ce873c8f08001c10c16c824d40b094f615c99cf57633ca56c500f2219b28570b66bc4acfcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-http@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.577.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fefb2842a7aedbf7e651184758d6385a981e44fcef90b080ce3d2b9199d69218c08e77cda850428f8085445356e4ab10ec071822116bafb5f84aeac3620d2d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-ini@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.577.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abb9473edbfa06346f0a1504de6d2d21a1192b13d3699d41de52b1198b0597754b02ee4df3218250ac2e0358b37f8b9c4fe2f22ac7151aa2ba543671d5ebf79f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.577.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8959b9490bd2ec48194c9b116aa50e9834290503cf3dab78d9209b585bc540e2eb97ca9ec2af0e3fde21152e70da63fadb39e0798cea8499c37a5efd1d76f17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.577.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "070ba3757af276593a504c8f99ec26e46a86e27910e8e5724614bf4b264fffa50a485bf6fec7f7f750a6cf484dd22b544c7d6b4785de2e59fc5c23ad6ab92bce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-bucket-endpoint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-bucket-endpoint@3.577.0#packages/middleware-bucket-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-bucket-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-bucket-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b70964357d95a1f33a9075f30c48893a260273db550017b971bcb1300ad15ac708b02586f666a63e10bbedecc6e17b0df5d144c157711180f90aba66ff91148b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-bucket-endpoint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-arn-parser", + "group": "@aws-sdk", + "version": "3.568.0", + "bom-ref": "@aws-sdk/util-arn-parser@3.568.0", + "author": "AWS SDK for JavaScript Team", + "description": "A parser to Amazon Resource Names", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-arn-parser@3.568.0#packages/util-arn-parser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-arn-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-arn-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d4289596a3e28e07b7db9cf3f4fa0fe8e54964bbf5f9dedee2fe1fac3c7af9c71613249f426276d3a28f799b3c5eef15af90baec36d27c2fe327367f4836cdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-arn-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-expect-continue", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-expect-continue@3.577.0#packages/middleware-expect-continue", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-expect-continue", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-expect-continue", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9d3e9f13bf8174a1fe2e9f9200c86eaafbe1ab46b3504383f6340301d56d153b826812ed42f0689ebdb6c32e2f3c4c52059ad2a99c70743830b3c27a1ef09b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-expect-continue" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-flexible-checksums", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-flexible-checksums@3.577.0#packages/middleware-flexible-checksums", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-flexible-checksums", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "207014122a487da823c3dd8b57c48e48188217b667a9f1dcc35e0891c656dbf99fac2cb5161fe4e343284bfb774eba36b50f75ae040fc14a12801fd00a2d8eae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-flexible-checksums" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "crc32", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2334a0b2bc5472cade8d06cf5629482b2d7a9004f9d84c01eb349a23e337c712212a1e7e6a5744caf23ecfa7ab33b4c22c1d8126c16bb478e9ebfe3fb2bfb774" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "crc32c", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32c@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32c@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32c", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10d34f3cc6a79a7549e014d794e8c0803ed446275b0339d446a0f42af7d1132738a36d033d874495d5357f9710ec96e3d0224948f68c224ffd66c85d077db5d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-location-constraint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-location-constraint@3.577.0#packages/middleware-location-constraint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-location-constraint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-location-constraint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ca3d30f60f6b3eb76414a3f21762d55affa527f0667ea61493064c81371da47d9cf82b06af865fc92734aa4d5dc67c25e455d16eec2ae3a17ec167aa9679350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-location-constraint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-sdk-s3", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-sdk-s3@3.582.0#packages/middleware-sdk-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-sdk-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-sdk-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c9a90a4ba0b6993d12382ff5d951e1e477d5152bc540afd477f30bf4a2c19e313bf30fd8b0cf39342364ed06a15d6bfe71101d58815619c32aaf992b579adb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-sdk-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-signing", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-signing@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-signing@3.577.0#packages/middleware-signing", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-signing", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-signing", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "412fdd877f8da996d7b58d23fc367cebba203f8d77a46e5c146a81cbd39e3a10ccb2895cc0bad06e2d12d1ceb6d5d73540dabe7abf5f7da32167f68f9325d722" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-signing" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-ssec", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-ssec@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-ssec@3.577.0#packages/middleware-ssec", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-ssec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-ssec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8b604f251faba7cc6645520673487590344570cd89f469c296aaa973e34b4a399869d95c83898f9258accfd1f3c0555c44f2795dc19fdd4e0162ce46f3e893ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-ssec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signature-v4-multi-region", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/signature-v4-multi-region@3.582.0#packages/signature-v4-multi-region", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/signature-v4-multi-region", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/signature-v4-multi-region", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68508e8e336a117da5f95f108ce5b2e45ec2b47202fd1958741bafdcda3acb19fea4cbd55147bacdd324db21d672e755a475accaf719cc050196200f7852cfb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/signature-v4-multi-region" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-browser@3.0.0#packages/eventstream-serde-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "341ec01623cde0dc4ffd80809ebbd8475f33dbf66c887885ed5b46df482c84ef466c5ac86f5ac2f1ea78346a49496af3e8feb8ba13d77a8e0cd14b022e764aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-universal", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-universal@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-universal@3.0.0#packages/eventstream-serde-universal", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-universal", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-universal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1cd15f4a19a8b5619e0285b8ba33fc99e57d0596af72999eac36cf2239096f129b37c46c51ca5143fd8ec88c563715cd1f6196080c6e481ef29e62062654370f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-universal" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-codec", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-codec@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-codec@3.0.0#packages/eventstream-codec", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-codec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-codec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d4b72100d0e8a4e7449a105099d163d5b45f6dcffb5ecded9f0e9b56e9645797e46b11e9c7f146c48ee74ecfc89a922325de513794256a61fd98fb39cbf1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-codec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-config-resolver", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-config-resolver@3.0.0#packages/eventstream-serde-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "454406def4372d7ee97aaa8701b99aca182b1796938a53e76b38a7692185d4fd3eb60337bef21158f1e694b233daa16a07d2ea148c5d8adc5cf0ed99ea9b2b47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-node@3.0.0#packages/eventstream-serde-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da44f74c0433011316572140283c69bf867b62c63b7f545a54ebe5660b2898258cd11d1c68688d4c37ee5713e8484bc009d860872cc14420e2f3abdc71d4481" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-blob-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-blob-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-blob-browser@3.0.0#packages/hash-blob-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-blob-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-blob-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd66e9760f9bc09bd6ee5c51ff3a5601cd7fc7f62472a82eb85d9b033909aef5eb899bb5be6f2bf8f51d138b32895c1083b3cf476757a62dc22c16fda910da55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-blob-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader-native", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader-native@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader-native@3.0.0#packages/chunked-blob-reader-native", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader-native", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader-native", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5439290985bea5e4ae338cc98a9e560dfaaf836328fdef32c4ebf7545d66d75cbb07c28a30a545b666560dedfa16f93cac6b96acf6471d767bad1eee339c96ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader-native" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader@3.0.0#packages/chunked-blob-reader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1b9d4442c231748124e81a5b0188099dd654429929fbda7bbd6b17c9bb9948c7a4541201eee86c1331ba827614128b43ee99c9b9bc5c6c8bd5d65dbda64daa0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-stream-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-stream-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-stream-node@3.0.0#packages/hash-stream-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-stream-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-stream-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2748bb75ef848170c41884c3e1fc7398c5fc0b208d1134c84579718cc88d52fbeeefa5e7dc6277d70411f39ca794f936c08d65aa892700525a0f57e234395b20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-stream-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "md5-js", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/md5-js@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/md5-js@3.0.0#packages/md5-js", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/md5-js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/md5-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e6d2faeb5738e50fee910904f1ec3dcbb39f12dc5507d590ad53530887fa9099a3a8d47f6530dd9ab3a0a291c13081ab6d9c0f5251149da09276ef131c11f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/md5-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confirm", + "group": "@inquirer", + "version": "3.1.9", + "bom-ref": "@inquirer/confirm@3.1.9", + "author": "Simon Boudrias", + "description": "Inquirer confirm prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/confirm@3.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/confirm/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-3.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "505d3d69e8f10a2e17aa6e8dfe32408855c0ad77e2f5a979d8015a483fb6b881e78591ad77577a94819344c3e8b95489c5b1848be1e43964986a2118ffeb3353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/confirm" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@inquirer", + "version": "8.2.2", + "bom-ref": "@inquirer/core@8.2.2", + "author": "Simon Boudrias", + "description": "Core Inquirer prompt API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/core@8.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/core/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/core/-/core-8.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bc4ae357e398c41655f7101269bbd07e4b64c84b330f197648b89f4c13ddb84aa6dd5ba3ede9f2242af5e0ee638438a2785b1a50b318f45137dc2ff038df85b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "figures", + "group": "@inquirer", + "version": "1.0.3", + "bom-ref": "@inquirer/figures@1.0.3", + "author": "Simon Boudrias", + "description": "Vendored version of figures, for CJS compatibility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/figures@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b5d7cc434c1f9a49b79fecb175740df59466a972f271b37f451c055f714e73fe2b27df1369aacb120c06b67c8a341c9369d4d13426e34110079dd8adec961f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/figures" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type", + "group": "@inquirer", + "version": "1.3.3", + "bom-ref": "@inquirer/type@1.3.3", + "author": "Simon Boudrias", + "description": "Inquirer core TS types", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/type@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/type/-/type-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5352dd0dba5ca55f6effcccc74e1961aaff92bd6b69a8854d5bd0e5f7a58d0b22020766d163e3e12ef7ff27b47dbb2587ed7942b22e0ef7c25d37a4ee9318e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/type" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "group": "@types", + "version": "0.0.4", + "bom-ref": "@types/mute-stream@0.0.4", + "description": "TypeScript definitions for mute-stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mute-stream@0.0.4#types/mute-stream", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mute-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mute-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mute-stream/-/mute-stream-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "08f33d9f3ac23cf24740d03d91e1fd09591523e591e6431afbb5c4b398dc190d15a001a72efdb8db0f252158300047e6138a2e7c945a4dcf4f34b425d22a00a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "group": "@types", + "version": "3.0.0", + "bom-ref": "@types/wrap-ansi@3.0.0", + "description": "TypeScript definitions for wrap-ansi", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/wrap-ansi@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96d229c7e90cee0fcc2d165f91b2fb12c0848dfcc271270ba64837ede5c4b71e649ab00a0644c9c1dd462008c348bf304e933a1f39f960ee2949bf75044c2ed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "input", + "group": "@inquirer", + "version": "2.1.9", + "bom-ref": "@inquirer/input@2.1.9", + "author": "Simon Boudrias", + "description": "Inquirer input text prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/input@2.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/input/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/input/-/input-2.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d714c21e621ee3cc7d086d7ef209401eb555747f907d887380151b832a15a69e4da2f9d78117234a7fd236e95ea717fd3a5f070eade0cf0dd908052bfa1d44ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/input" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "select", + "group": "@inquirer", + "version": "2.3.5", + "bom-ref": "@inquirer/select@2.3.5", + "author": "Simon Boudrias", + "description": "Inquirer select/list prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/select@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/select/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/select/-/select-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "232063f2812d99d1761b1e052533ed1326b7ecc0fab342804cab07aa09a5b3494aec441b8584aaf46425705aba701b187bf720434160d9c0aa6183e2fddfdfc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/select" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "plugin-not-found", + "group": "@oclif", + "version": "3.2.1", + "bom-ref": "@oclif/plugin-not-found@3.2.1", + "author": "Salesforce", + "description": "\"did you mean\" for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-not-found@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-not-found.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-not-found/-/plugin-not-found-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63617258b133893ae0750c1de0bb59718bf754e31e0e15b4a56ea16c4d2eddf25dc6cf1fdc92df38724f77c14fa2b56dda576c6a3e3371751603abcc40a78a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-levenshtein", + "version": "3.0.0", + "bom-ref": "fast-levenshtein@3.0.0", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84a28d6a39b8eae3664e58474b2664993a00739eae649c18abbcab722663a8ec6795f4301110d02661cf529ee6d66f70c7cbe039ef08682299e4abf69350dd09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7919c2b534ed199169402c2126250ebb13d05915d52980e7d1bd8f7877d72fafd98b9dd22c0cc01df5615562b602bc82fd61f4e6419fc611483ef4c5d125d0ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "async-retry", + "version": "1.3.3", + "bom-ref": "async-retry@1.3.3", + "description": "Retrying made simple, easy and async", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async-retry@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/async-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/async-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/async-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1faff8ecb70f71362ff4b5e307ad15bb76ccf72ede4046160d6767b0a5a76785a229e666c02e13803fe10076c0bbb7867ac2ab0356ff7e5ba826d4393d984cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.13.1", + "bom-ref": "retry@0.13.1", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.13.1", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d0050dc8f16d4281ed127a1fba8238f4dcb6e64455aea2cce02bda280a9c1822b861a0ef34a5fab8714914e439249f07ce7c5b5e470959e7a3d838663215676" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "change-case", + "version": "4.1.2", + "bom-ref": "change-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform a string between `camelCase`, `PascalCase`, `Capital Case`, `snake_case`, `param-case`, `CONSTANT_CASE` and others", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/change-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/change-case/-/change-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2c58db0b3d3adbe220b1b51226392bb34dc64aa0fc99d19c5c4bb4a43de896af8a22318bb76332b49dd04093f400be96db429666302b0e77056a4e31b968ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/change-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "camel-case", + "version": "4.1.2", + "bom-ref": "camel-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform into a string with the separator denoted by the next word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camel-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83119606b4d3d49b8cc7a47ea393d35cc9949e19d5ccb43d48dbad0f862a2ad23a6a9f3deedded28409895aea0096124a655e794dc9b124660f46106c4a14283" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camel-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pascal-case", + "version": "3.1.2", + "bom-ref": "pascal-case@3.1.2", + "author": "Blake Embrey", + "description": "Transform into a string of capitalized words without separators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pascal-case@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/pascal-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b969464f76129caf71dc140968e75c670ae757a84fa5df23147d7fb9ca622d13e1ff6cc2549292d7d1381af607bda09c0029f77e85d9d1c2c1f56af1d4a19ee6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pascal-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "capital-case", + "version": "1.0.4", + "bom-ref": "capital-case@1.0.4", + "author": "Blake Embrey", + "description": "Transform into a space separated string with each word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/capital-case@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/capital-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/capital-case/-/capital-case-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76cdfb5bc0b2b478309e11864e2f3ca5c3f2475e6aa0d90ea58c2630c7e75aaa9680449aa4baaf0f1ea1b858d0e6fa964a7d99d3ad7bdd7340ecbb4c39e521d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/capital-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "no-case", + "version": "3.0.4", + "bom-ref": "no-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with spaces between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/no-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/no-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e000dde318087e468c541991d348e2c922a51cdb09a8070191e2d6e93402a69a8bc5a16ab439d4646f456495d45e3b66b68814ff384ba51bd5d251cd74af7ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/no-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case-first", + "version": "2.0.2", + "bom-ref": "upper-case-first@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string with the first character in upper cased", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case-first@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case-first/-/upper-case-first-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e75e29a581c168ac1f2512bfa4d0ba73f3b17c66b4a1b4a7025d74eaef7b11dd08eb6e4d8a7f7a2808edb5917a64bdded572eda61c67aab3a2f625a09bebbe6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case-first" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "constant-case", + "version": "3.0.4", + "bom-ref": "constant-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into upper case string with an underscore between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/constant-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/constant-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/constant-case/-/constant-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "236852062ed5becec112e243af97431dfcdbfd1ba3dc5caf17287b28b8a5023350c3705efb182a5010365bab1c54470bd212f57703d1b48a843d55022a44acc9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/constant-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case", + "version": "2.0.2", + "bom-ref": "upper-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to upper case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case/-/upper-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a07600c626dd93a6ec015088e01ba973c36196151096f5091f922bf40f1a871cb6091e6b6675420a71977cac78054a3a29553970ea08330a6d5bf0c150c2292" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "dot-case", + "version": "3.0.4", + "bom-ref": "dot-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with a period between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dot-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/dot-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afe672a587ac91addac6bf1789d9ee72d9e454a64528b085b8036012dfccf04b3dbbceeeee7c3c103e2e4986cdd702518d7ad9776e69c6850b0cb642899e3df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dot-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "header-case", + "version": "2.0.4", + "bom-ref": "header-case@2.0.4", + "author": "Blake Embrey", + "description": "Transform into a dash separated string of capitalized words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/header-case@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/header-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/header-case/-/header-case-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ffbee9394c4115670ad1d25a76cde77d382a35b8020b325c742443200b6eabcf2249dcdd6fe979301c75c941d4767684a37063cce8e28f6282607f4a65275d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/header-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lower-case", + "version": "2.0.2", + "bom-ref": "lower-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to lower case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lower-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/lower-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edf9b797734017d59f37a5b724e99fe5daf0a55a97efc26da0627703a5b46ba66795d338d70d9f5790f8f74a6c2854e931db3c4c9b1efde1cb145b0d1c78c782" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lower-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "param-case", + "version": "3.0.4", + "bom-ref": "param-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with dashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/param-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/param-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "457963ef3098a2445ea96a4e3c7f68622bd4ccb619e6f00f21f1260933558a8b02efc17c1741fdcbb4fb806d8cdfdca682eb7117981c144b326504a987d069dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/param-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-case", + "version": "3.0.4", + "bom-ref": "path-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with slashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/path-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-case/-/path-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ee2a0858d7a954eb71b3edfe141f85343e56116ca8d28e3edcad80d2a42b14a8129dd73d443c39b16e78fca5388a24e608e7ebdaf2f178942f10b0a2ddd67e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sentence-case", + "version": "3.0.4", + "bom-ref": "sentence-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case with spaces between words, then capitalize the string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sentence-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/sentence-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0b4b42489da40c091a10ed8532b40a3fc54bb95b65e74315761c8ffab8ce94ec22134b546a3c496bdf457ab88ab230a33d949191545cb9ff80aecdc8b13584a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sentence-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "snake-case", + "version": "3.0.4", + "bom-ref": "snake-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with underscores between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/snake-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/snake-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c03a1e33f3d6c642f97da457cd17c575e3a8bba3bfc2a853dbab36203fec98cc3203792f4768d16d5c005a9915be010cc454e0dcbc4efd96327ef1af5849d32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/snake-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-yarn-workspace-root", + "version": "2.0.0", + "bom-ref": "find-yarn-workspace-root@2.0.0", + "author": "Square, Inc.", + "description": "Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/find-yarn-workspace-root@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/square/find-yarn-workspace-root.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d483276e3b782b3b107e7867ccd77cc141205d9e3823365a6669cb631ec3e45665687b76816db40ab8bc43e13fb79b488f8f9ea5306e6fed99c6efef3482f3a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-yarn-workspace-root" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "github-slugger", + "version": "2.0.0", + "bom-ref": "github-slugger@2.0.0", + "author": "Dan Flettre", + "description": "Generate a slug just like GitHub does for markdown headings.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/github-slugger@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/Flet/github-slugger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Flet/github-slugger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Flet/github-slugger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/github-slugger/-/github-slugger-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21a390f69b98b63ae4abb63462097d283667adffda89425852955ff3dcbc9326b16d11bb6354ab5ff8daba6aeff35bdceb5fa488c7a6a6e8ec337630ef0e6a73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/github-slugger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "got", + "version": "13.0.0", + "bom-ref": "got@13.0.0", + "description": "Human-friendly and powerful HTTP request library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/got@13.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/got.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/got#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/got/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5df064d42c4e39270370cafd3b5c8a90d690cb2f3ae4d6d8b3e17b76be07d0b64c5600a3d8b7b9f64e8fa9b347a0be53a1e684414621e9ceb231f55c73a489c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/got" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is", + "group": "@sindresorhus", + "version": "5.6.0", + "bom-ref": "@sindresorhus/is@5.6.0", + "author": "Sindre Sorhus", + "description": "Type check values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sindresorhus/is@5.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d5eedf062986895ac9f4d2d143a81c3cf94aa6afc0347d1535b6f4d08726731afd2c24219140bdc918c237b9cb8aa375c865d50ff8bc7bfe0876b7795ec32ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sindresorhus/is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-timer", + "group": "@szmarczak", + "version": "5.0.1", + "bom-ref": "@szmarczak/http-timer@5.0.1", + "author": "Szymon Marczak", + "description": "Timings for HTTP requests", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40szmarczak/http-timer@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http-timer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http-timer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http-timer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f9905f43e20183cc79561edb7ecb24062f38c616d63dab1f96113b24b76f8093549ba6df81df46f2af033a331c0406d139c735d51f63d9c2794c9102cfff73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@szmarczak/http-timer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "defer-to-connect", + "version": "2.0.1", + "bom-ref": "defer-to-connect@2.0.1", + "author": "Szymon Marczak", + "description": "The safe way to handle the `connect` socket event", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/defer-to-connect@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/defer-to-connect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2dbedb5ea571b555a606ad189b93913025dd6de2e76e9d239531d2d200bea621dd62c78dfca0fc0f64c00b638d450a28ee90ed4bd2dc0d706b1dcd2edd1e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/defer-to-connect" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-lookup", + "version": "7.0.0", + "bom-ref": "cacheable-lookup@7.0.0", + "author": "Szymon Marczak", + "description": "A cacheable dns.lookup(…) that respects TTL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-lookup@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/cacheable-lookup.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faa272c78c622ab6bc999adcc218cc44c5210f9351d51f1eb0f933218c57f7a26279c168c405c5bb3fc6a51dfe7afe0f13559a9878a9efcc15d2f7263d0b69f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-lookup" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-request", + "version": "10.2.14", + "bom-ref": "cacheable-request@10.2.14", + "author": "Jared Wray", + "description": "Wrap native HTTP requests with RFC compliant cache support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-request@10.2.14", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/cacheable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/cacheable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/cacheable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce40d3e56005e21492a148327e0e6d148c73f1740afb6e56fd32d5a2325330a05ac5ebcb041b4bc60aa0b80b95401f0f556efd1558c7714f8627db556c367d99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-request" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "group": "@types", + "version": "4.0.4", + "bom-ref": "@types/http-cache-semantics@4.0.4", + "description": "TypeScript definitions for http-cache-semantics", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-cache-semantics@4.0.4#types/http-cache-semantics", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-cache-semantics", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-cache-semantics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d66d1b20555cede256caf7bd4b4467b9181c42a17f5dde50b1464065e405af5437fe9f495a841012a995cbe0cf4cda465f086021eb40a1817c252737deadbd40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7abdbde4328f56c57cda3e64c351a3b7e00303f5d81ec6a397cd9c18d406d9eca83e4be05215fe9c32327a5ce12166dbb173f7f441dc23a979b58b36158a985d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "4.0.0", + "bom-ref": "mimic-response@4.0.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b92121fdc4c614d03ceb4fe8e5f2adb37bd0fa79606da3e23c08da5ef9523e2b627f17f9373dd91d4ddcf8c2f1951f8353a68f8d4584d522e31010c31cb0baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-url", + "version": "8.0.1", + "bom-ref": "normalize-url@8.0.1", + "author": "Sindre Sorhus", + "description": "Normalize a URL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-url@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/normalize-url.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20ef50be350c5b13d0421b3ad283aed740919160a26734949336d718657da6f8989757d761cbe4cd0e6357dcfc63aba7f0046855197812d0babfa8cda9b689ff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-url" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "responselike", + "version": "3.0.0", + "bom-ref": "responselike@3.0.0", + "author": "Luke Childs", + "description": "A response-like object for mocking a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/responselike@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/responselike.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/responselike#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/responselike/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e34c87c5b35c976fabcd7bd9b9592b62885ab61b122653135caaf21b9cbcb9c887bf5fb10cb1d0a608c6eb82543bd9eb12ada318b1fa219f01719cb0df0af07a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/responselike" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decompress-response", + "version": "6.0.0", + "bom-ref": "decompress-response@6.0.0", + "author": "Sindre Sorhus", + "description": "Decompress a HTTP response if needed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-response@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decompress-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "696df9c9933a05bff8a099599dc307d8b0a866d2574d1c444b5eef137868462a305369161da24a1644810e70d1f9c9bd27ef5085799113221fbf4a638bd7a309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "form-data-encoder", + "version": "2.1.4", + "bom-ref": "form-data-encoder@2.1.4", + "author": "Nick K.", + "description": "Encode FormData content into the multipart/form-data format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data-encoder@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/octet-stream/form-data-encoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c8361280d32b6aabe7c621173b8862f3cf986716870ba40acdbe4df388910930de44eed900ba62aff95599ffee5d4867c14af63b81d4f2cfe7eb1fb23634241f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data-encoder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http2-wrapper", + "version": "2.2.1", + "bom-ref": "http2-wrapper@2.2.1", + "author": "Szymon Marczak", + "description": "HTTP2 client, just with the familiar `https` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http2-wrapper@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http2-wrapper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5799d5c353c03a07c8dcb99e6a3d84c667a0edf7a78e1454833d653d27b3cb50ae84f61b810b5b423e2365f10010c95a2febeea6cbe18ea0b28f3a1bd32c6c99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http2-wrapper" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "resolve-alpn", + "version": "1.2.1", + "bom-ref": "resolve-alpn@1.2.1", + "author": "Szymon Marczak", + "description": "Detects the ALPN protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-alpn@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/resolve-alpn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1ad45e25ef7fd915939a9099d0dc5be4276fa0493416cffaf6284e4e7436344f13e6e61e0692a91659f338ed3ec7b1b9ceb5c255105e1ea42572eaeed0dcafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-alpn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lowercase-keys", + "version": "3.0.0", + "bom-ref": "lowercase-keys@3.0.0", + "author": "Sindre Sorhus", + "description": "Lowercase the keys of an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lowercase-keys@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/lowercase-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a33082ea0750fa0957390b2f78a0f462c0f2f034901630d3cf8cf2cc41cd579f893f90fad8b99f0d9ea8d5cc9c171f68b86f78d0ce5d13c0bc0937b0763d9859" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lowercase-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-cancelable", + "version": "3.0.0", + "bom-ref": "p-cancelable@3.0.0", + "author": "Sindre Sorhus", + "description": "Create a promise that can be canceled", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-cancelable@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-cancelable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a55604773c6bb3968d0c993764e1c5ea5d69704032e738d4c083ab26eb65e430912247137718bdd27df918beac289db90905cac8ed4befe5987dca3be7da253" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-cancelable" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eabbc27de456f8e1196a0001e2530b48db933586562d5b4a71c2bbf554937ffff24d8e5538281ca47f343be6d92bc35ea6cee95277791be425320d7257fda265" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90df5d25bbe7c921d42c896e0c7cb7d961d152edce83b07db1b63bb6c14b72d42422a9cc877844ad881d3234d8baa99c5d7fa52b94f596752ddc6ef336cc2664" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21f0f59cfdfb4ca8001d16206ee85cba2543988ea0c9049bc88697c33321ebaf445ba7996266a7784e3b50fd181f2e328565bf8b331e61a66979a8e5b2d2abe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e2538dabfb13b851b512d5bba8dcb3c992394eef8df45e7e5254085da73cec3c7b236d855f9679c57404e069b9cbb9d7be0aabb6e69e8dfa0da5c3f3c5b1ae3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-package-json", + "version": "2.10.0", + "bom-ref": "sort-package-json@2.10.0", + "author": "Keith Cirkel", + "description": "Sort an Object or package.json based on the well-known package.json keys", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-package-json@2.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-2.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31879c7ef39b3302638c9b2487161fb8e003917a7564c3270850bcca1a7ef470ec93b1e1477dfa85dede881b3dea54d77e2aa650d23e59009e08c441865db9d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "detect-indent", + "version": "7.0.1", + "bom-ref": "detect-indent@7.0.1", + "author": "Sindre Sorhus", + "description": "Detect the indentation of code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-indent@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-indent/-/detect-indent-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31ced0850f2cf9c2eb9d47d4fc98bde2f1bfafc336ea6f1ffbebf2adeb38668a236910e9675792221fc4a732cdc255aebf3499dd46c316ca6316f4c35dee9efe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "get-stdin", + "version": "9.0.0", + "bom-ref": "get-stdin@9.0.0", + "author": "Sindre Sorhus", + "description": "Get stdin as a string or buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stdin@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7552818df5a2b0b02271aac8d927fe26e044fc382157853334055ef7284426ecde44477726139313d7146894de49aefb7ec6d050ade970ea497cce7df9529968" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git-hooks-list", + "version": "3.1.0", + "bom-ref": "git-hooks-list@3.1.0", + "author": "fisker Cheung", + "description": "List of Git hooks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/git-hooks-list@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/fisker/git-hooks-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c5f15787791eeffb001b5ea7e04654d25ffd41251f50d6f10c47c240cf570483a197d3bfb3ca3dec01d0ef6238ffc679487d5b86823e2a05e8b52b784a1fe3c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/git-hooks-list" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-object-keys", + "version": "1.1.3", + "bom-ref": "sort-object-keys@1.1.3", + "author": "Keith Cirkel", + "description": "Sort an object's keys, including an optional key list", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-object-keys@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-object-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39e69bcaf95914ecf68a60f73e2639e6b781337a3407ca1845df7ab7d6a1bcc7b99a0f391e1610004e174261acb5d422123bea803308ce04ff9f3d97b420fca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-object-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-jsonc", + "version": "1.0.1", + "bom-ref": "tiny-jsonc@1.0.1", + "description": "An absurdly small JSONC parser.", + "purl": "pkg:npm/tiny-jsonc@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/fabiospampinato/jsonc-simple-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tiny-jsonc/-/tiny-jsonc-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a4e810b1cef6bd0e88847c35ff962d0bd9c58a3cf10d62f8b1529ac5765dd83e2e1b6595210e7348f5852469caeffae206f74767c51e6636a6a80fa5210fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tiny-jsonc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "open", + "version": "10.1.0", + "bom-ref": "open@10.1.0", + "author": "Sindre Sorhus", + "description": "Open stuff like URLs, files, executables. Cross-platform.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/open@10.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/open.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/open#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/open/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/open/-/open-10.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a791e435a8fe547b6c1df9a8af4c3dcd1ddfe567de8bbb48e07f4a7092d2cfb71e9c4d9887eedc9e191447b34cd7d2b6eb6a15cf9d79549db797c9a041b886b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open" + } + ] + }, + { + "type": "library", + "name": "default-browser", + "version": "5.2.1", + "bom-ref": "default-browser@5.2.1", + "author": "Sindre Sorhus", + "description": "Get the default browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser@5.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "598ff74d4304d31dca3d875147110926f5d11d5e0fc8fa14b31b596bbf25c08b7045044785dd94f713ac71a4ff6137fcb825c8023789385055121ffb16d0fc5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser" + } + ] + }, + { + "type": "library", + "name": "bundle-name", + "version": "4.1.0", + "bom-ref": "bundle-name@4.1.0", + "author": "Sindre Sorhus", + "description": "Get bundle name from a bundle identifier (macOS): `com.apple.Safari` → `Safari`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bundle-name@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/bundle-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63c0ce5ec4c83a046448fa43664e7b4db2f7594b55fc045612ead9c9da1747d2457133afde559db1cbe16a4ad496bd89ad7c53032c8c6eae8ac7c0329f0f3e5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-name" + } + ] + }, + { + "type": "library", + "name": "run-applescript", + "version": "7.0.0", + "bom-ref": "run-applescript@7.0.0", + "author": "Sindre Sorhus", + "description": "Run AppleScript and get the result", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-applescript@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/run-applescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5bcb8223f7d254aff3021415240ca2d62b71bd1d55e669b2b3f54e4c948008bafbb39223a271162cf1724bc57fb16a10fe98b8a20980ea17d74a020b7328fd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-applescript" + } + ] + }, + { + "type": "library", + "name": "default-browser-id", + "version": "5.0.0", + "bom-ref": "default-browser-id@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the bundle identifier of the default browser (macOS). Example: com.apple.Safari", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser-id@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser-id.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03aa7fa6effa7f205c0354d1cff1aa5983d58a996b7ed716da0642f6aefd9e0342280791fd7de070475740797828d5d5fb7c20209d423e4250dc81ccea572cc8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser-id" + } + ] + }, + { + "type": "library", + "name": "define-lazy-prop", + "version": "3.0.0", + "bom-ref": "define-lazy-prop@3.0.0", + "author": "Sindre Sorhus", + "description": "Define a lazily evaluated property on an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-lazy-prop@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/define-lazy-prop.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37e31e5d8a2aaf7a4e827f317f244f44437b8076a42d88e1b07856193ddf58088be08900b74883c35e108a2126d9b137d1ce575f9ab416d000dc22b97fdfc152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-lazy-prop" + } + ] + }, + { + "type": "library", + "name": "is-inside-container", + "version": "1.0.0", + "bom-ref": "is-inside-container@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a container (Docker/Podman)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-inside-container@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-inside-container.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28860b08226085f1d9c6a8d8044eeb132d0e06e4dde710874bbb47560bc22e4c7b4ad2286b1c0d5b784200b80452315f79193e306fd0c66a7fbed113105ded44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "version": "4.2.0", + "bom-ref": "prompt-sync@4.2.0", + "description": "a synchronous prompt for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompt-sync@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/heapwolf/prompt-sync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompt-sync/-/prompt-sync-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06e133cdce73a6d3f92ec815e4c6444e30da29259f72197953d2ee8aef122a9ee26560f9b596a53b1bcd719470bfe776a61345afcc656f198535c44a7c93b327" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "lodash.truncate", + "version": "4.4.2", + "bom-ref": "lodash.truncate@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.truncate` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.truncate@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8edb6645eedb46c7b9d8eb1620c0cb697c56a91026b4851c70043781aaef882a898da7d739f34c3b4c8c7cda5d0facdb19a4d4d0fe4dcfb7bb8004fa70a98947" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.truncate" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.2.3", + "bom-ref": "tmp@0.2.3", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d90fb9bd8823c2e60d2962671ac688182a08127cbb1dc65f287f743fa086ea0aa2cb20ef48005d065a35f5cfd3594473e25eff167b1e320c2699b20130d18f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "29.1.4", + "bom-ref": "ts-jest@29.1.4", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@29.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6221f00e14af0a222da0082c2ada0b142b9a903cc3b09d432c39d2a2e4da4e674e70ec08912cdb2d776e690e8ce4345586e642fcd61a699fe6b476d632ffd2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "remapping", + "group": "@ampproject", + "version": "2.3.0", + "bom-ref": "@ampproject/remapping@2.3.0", + "author": "Justin Ridgewell", + "description": "Remap sequential sourcemaps through transformations to point at the original source code", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40ampproject/remapping@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ampproject/remapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ampproject/remapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ampproject/remapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df4899b403e0cfe2d3218a1e8afa98a3ce777f4da305849de6e1a71a9905574337c4eb7d68def77ab920600999538df1e157ea7272f15bd2a98374792c2e1863" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ampproject/remapping" + } + ] + }, + { + "type": "library", + "name": "js-tokens", + "version": "4.0.0", + "bom-ref": "js-tokens@4.0.0", + "author": "Simon Lydell", + "description": "A regex that tokenizes JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-tokens@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/lydell/js-tokens.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lydell/js-tokens#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lydell/js-tokens/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-tokens" + } + ] + }, + { + "type": "library", + "name": "helper-compilation-targets", + "group": "@babel", + "version": "7.23.6", + "bom-ref": "@babel/helper-compilation-targets@7.23.6", + "author": "The Babel Team", + "description": "Helper functions on Babel compilation targets", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-compilation-targets@7.23.6#packages/babel-helper-compilation-targets", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-compilation-targets", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f49079e3c199a10566ceb160a7ca3b2b17609131a6eb1b3d0d6d28fcf8a6ef65038f3af939b510e99cd83ea03e83d3934b66c142872d2c9ae4cb444308059181" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets" + } + ] + }, + { + "type": "library", + "name": "compat-data", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/compat-data@7.24.4", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/compat-data@7.24.4#packages/babel-compat-data", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-compat-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be0f068a1d8c2cafa43a41c9a788011089326888b4d23816a2dd83f503a699f2c2f2320d48ece608bb5ae81bf3fc94810aa9de815d0bf348e1c64a25e4658d7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/compat-data" + } + ] + }, + { + "type": "library", + "name": "helper-validator-option", + "group": "@babel", + "version": "7.23.5", + "bom-ref": "@babel/helper-validator-option@7.23.5", + "author": "The Babel Team", + "description": "Validate plugin/preset options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-option@7.23.5#packages/babel-helper-validator-option", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-option", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39b6d00e30bb2be775605e44db931f2803a6137d3e2aeff1f35d22c46268dc49324f30f42dbead410fbf41c9ea79c4c5186c64731290ec8d47f7772a79e082b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-option" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "5.1.1", + "bom-ref": "lru-cache@5.1.1", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@5.1.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a9340450037230bfe8d3034bad51555bae1f8996baf516fd1ee7a186cc014e5cdedd93f16f89a0d6f0b1e62b9d8395c1f858fda7ea023cbcdd5a7ac045828f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "3.1.1", + "bom-ref": "yallist@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b850641a58f1f9f663975189c01b67b09dc412e22e05e374efdc9a0033eb365430264bd36c2bc1a90cc2eb0873e4b054fb8772ba4cea14367da96fb4685f1e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yallist" + } + ] + }, + { + "type": "library", + "name": "helper-module-transforms", + "group": "@babel", + "version": "7.23.3", + "bom-ref": "@babel/helper-module-transforms@7.23.3", + "author": "The Babel Team", + "description": "Babel helper functions for implementing ES6 module transformations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-transforms@7.23.3#packages/babel-helper-module-transforms", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-transforms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-transforms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edb06ce040fd3a6b3075f0f3a73e0ca56812ad5ec55e5737cc86a0bcb1634b91fe324ed29ebdb5bd0e90c2bb2808631f342e1ee0b40f76850b12de32933d1245" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-transforms" + } + ] + }, + { + "type": "library", + "name": "helper-environment-visitor", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-environment-visitor@7.22.20", + "author": "The Babel Team", + "description": "Helper visitor to only visit nodes in the current 'this' context", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-environment-visitor@7.22.20#packages/babel-helper-environment-visitor", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-environment-visitor", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-environment-visitor", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdf79d488cc585ab7f8058567c7b605af95e7349ea07d604215ae9bb08ebb8b9577d44a703c7090749a21cac2a0e743b777d9a2a8db1b7cf3fc59a6dc316df84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-environment-visitor" + } + ] + }, + { + "type": "library", + "name": "helper-module-imports", + "group": "@babel", + "version": "7.24.3", + "bom-ref": "@babel/helper-module-imports@7.24.3", + "author": "The Babel Team", + "description": "Babel helper functions for inserting module loads", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-imports@7.24.3#packages/babel-helper-module-imports", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-imports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-imports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be229bd05f5fdacd01092db6412177d3ccfffb5616295ffbea6c2deb5341cd2e62ccccc33f076ad694ebcdff8b8b79e90565fd29d41b91e0add6348033b959aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-imports" + } + ] + }, + { + "type": "library", + "name": "helper-simple-access", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-simple-access@7.22.5", + "author": "The Babel Team", + "description": "Babel helper for ensuring that access to a given value is performed through simple accesses", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-simple-access@7.22.5#packages/babel-helper-simple-access", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-simple-access", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-simple-access", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f41fdf44fcaf818a46b7fbe58d2f5ecf3afa38aca599ee5644a7543e7d2b556d48bc9f13d01013a54e608ec56ff426c4b9e9228a43ea2301eda91ca247377e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-simple-access" + } + ] + }, + { + "type": "library", + "name": "helper-split-export-declaration", + "group": "@babel", + "version": "7.22.6", + "bom-ref": "@babel/helper-split-export-declaration@7.22.6", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.22.6#packages/babel-helper-split-export-declaration", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-split-export-declaration", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-split-export-declaration", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02c527c6e2e1458b22b0589a270be9d5017e2372a30f914ec6eb75e2afc6ce8bd47baa2b1cb7ac5b60bb77be789119b9de1e60aabcfab0597ab31738055b44fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-split-export-declaration" + } + ] + }, + { + "type": "library", + "name": "helpers", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/helpers@7.24.4", + "author": "The Babel Team", + "description": "Collection of helper functions used by Babel transforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helpers@7.24.4#packages/babel-helpers", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helpers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helpers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15ec1d9596d28b06951a5813d433c0343b821da0cc88ea3e0ff2036111588c73aebfaeb131227b7d0c30383c113403e400320eff3d44a05fe5d810969560010f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helpers" + } + ] + }, + { + "type": "library", + "name": "helper-function-name", + "group": "@babel", + "version": "7.23.0", + "bom-ref": "@babel/helper-function-name@7.23.0", + "author": "The Babel Team", + "description": "Helper function to change the property 'name' of every function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-function-name@7.23.0#packages/babel-helper-function-name", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-function-name", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-function-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "384ac4aacaf18d94c97226783a8f9ea19a9e5bd50888e72e60a449038640815f66c80fa93978619a97cd08a8c41ff6ae55f11854527acb54dce2bd1e200a6a8b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-function-name" + } + ] + }, + { + "type": "library", + "name": "helper-hoist-variables", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-hoist-variables@7.22.5", + "author": "The Babel Team", + "description": "Helper function to hoist variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-hoist-variables@7.22.5#packages/babel-helper-hoist-variables", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-hoist-variables", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-hoist-variables", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c068e4f50655cef92703ac8a2145116fccd8de0ad709c399b7effb59ccbc3b6b9cb7186996650f90e76582836199d55e7b673dd895db7f5c6932d54d6dfa3147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-hoist-variables" + } + ] + }, + { + "type": "library", + "name": "helper-string-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/helper-string-parser@7.24.1", + "author": "The Babel Team", + "description": "A utility package to parse strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-string-parser@7.24.1#packages/babel-helper-string-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-string-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-string-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "da87d10a39e703dcbec24f1bf4801112ba1e50fd36287a78df53769a12a78b2db22880caa5bac7bfd797c26f1c05e59061c266cefe6a282bbae4fe3b78217b09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-string-parser" + } + ] + }, + { + "type": "library", + "name": "to-fast-properties", + "version": "2.0.0", + "bom-ref": "to-fast-properties@2.0.0", + "author": "Sindre Sorhus", + "description": "Force V8 to use fast properties for an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-fast-properties@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/to-fast-properties.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fce68a2b4c58aecdc39b1458a8bff20dcf85c455156210e55cc8519afdf3f75e70d87175b67375a26077e788fc55418efe16d1cf20fa637b00eefec64bf71ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-fast-properties" + } + ] + }, + { + "type": "library", + "name": "gensync", + "version": "1.0.0-beta.2", + "bom-ref": "gensync@1.0.0-beta.2", + "author": "Logan Smyth", + "description": "Allows users to use generators in order to write common functions that can be both sync or async.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gensync@1.0.0-beta.2", + "externalReferences": [ + { + "url": "git+https://github.com/loganfsmyth/gensync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de137b35ab2462f3032d0639e609d6dcd43e99eb0401ea53aa583e5446e3ef3cea10c055361cdc19861ea85a3f4e5633e9e42215ca751dcb0264efa71a04bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gensync" + } + ] + }, + { + "type": "library", + "name": "resolve-uri", + "group": "@jridgewell", + "version": "3.1.2", + "bom-ref": "@jridgewell/resolve-uri@3.1.2", + "author": "Justin Ridgewell", + "description": "Resolve a URI relative to an optional base URI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/resolve-uri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d12128022233f6d3fb5b5923d63048b9e1054f45913192e0fd9492fe508c542adc15240f305b54eb6f58ccb354455e8d42053359ff98690bd42f98a59da292b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/resolve-uri" + } + ] + }, + { + "type": "library", + "name": "load-nyc-config", + "group": "@istanbuljs", + "version": "1.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0", + "description": "Utility function to load nyc configuration", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/load-nyc-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5637874a5233a6ffcdc83dcdd18b877d738f0c88b1700d6ad9957df30b0ca9c6253e6bf69f761bda560ff5730496768555783903b60b4de2eee95f38b900e399" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "5.3.1", + "bom-ref": "camelcase@5.3.1", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@5.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "test-exclude", + "version": "6.0.0", + "bom-ref": "test-exclude@6.0.0", + "author": "Ben Coe", + "description": "test for inclusion or exclusion of paths using globs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/test-exclude@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/test-exclude.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/test-exclude/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7001963c8c8e1d4eb396683cf23c26ed54725e730dee257af0e1806d80e4fcc87fc42fe9cd53e542d63a9e0a081ffe7fb5c8ae8467ef11253c1ab1eb7310f9eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude" + } + ] + }, + { + "type": "library", + "name": "babel__generator", + "group": "@types", + "version": "7.6.8", + "bom-ref": "@types/babel__generator@7.6.8", + "description": "TypeScript definitions for @babel/generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__generator@7.6.8#types/babel__generator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012b23fada440ec12216bd5aad6ae537a57799d7e344c66de8bb4afd5a7f92b7852e7af9407e7e0e1bc3e6720d6195f3c09bd7786abed398945dc03356ba96b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__generator" + } + ] + }, + { + "type": "library", + "name": "babel__template", + "group": "@types", + "version": "7.4.4", + "bom-ref": "@types/babel__template@7.4.4", + "description": "TypeScript definitions for @babel/template", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__template@7.4.4#types/babel__template", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "87f354692c86e44cb1048a7c611c68e1131edbfa9082fca8c11c1533385884108e35b5bc3d4b20e2590532b86066151ee73dcbdcc88b0eebf227f09a3dad80f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__template" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "29.6.3", + "bom-ref": "babel-preset-jest@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@29.6.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d01ddb87147ab27597259b51fd19621d30cf4609f5b0d1ce474c95b6afc8890172b8e563152fb0ba2a3f478812364c9898a989078c0666fd8d65a9e62a64e734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "29.6.3", + "bom-ref": "babel-plugin-jest-hoist@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@29.6.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11201cfd126f193144cd1c0e4d3e3e94d0e4fc634732429b373b2f4f4a8a45f0f2c984ec931079ae75369e3203615c570811c7108d5cd18c07a1bdd6698ba33a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "ts-mocha", + "version": "10.0.0", + "bom-ref": "ts-mocha@10.0.0", + "author": "Piotr Witek", + "description": "Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-mocha@10.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/piotrwitek/ts-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-mocha/-/ts-mocha-10.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5517e00cefa28ae24594d075f2dcce7f2a49db5c67db16ee6720ef26faa94db5a0900803d7b38d1abf2df9397cadc06d3817635e9e5efd193e777f5fed704747" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "buffer-from", + "version": "1.1.2", + "bom-ref": "buffer-from@1.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/LinusU/buffer-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/LinusU/buffer-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/LinusU/buffer-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-from" + } + ] + }, + { + "type": "library", + "name": "tsconfig-paths", + "version": "3.15.0", + "bom-ref": "tsconfig-paths@3.15.0", + "author": "Jonas Kello", + "description": "Load node modules according to tsconfig paths, in run-time or via API.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsconfig-paths@3.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/dividab/tsconfig-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80736460cc37bf727e3c1af39edccfa8f36a4415ec03dd43dbca85071dd29ab07c092a376ce1f2d759ffd4c799004c128ddb4a1a146bbe8db125a75a68b349a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json5", + "group": "@types", + "version": "0.0.29", + "bom-ref": "@types/json5@0.0.29", + "author": "Jason Swearingen", + "description": "TypeScript definitions for JSON5", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json5@0.0.29", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7512e30961d8838a1a03bedcc4eeb8a0efbb2700b09c8ce464f76bac2ef58d0990b6584ce79ea9c0aa396d4ceabd99dd9156de14b2088bef530b8d09345e6135" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "group": "@cspotcode", + "version": "0.8.1", + "bom-ref": "@cspotcode/source-map-support@0.8.1", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40cspotcode/source-map-support@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21c84d7fa74de2d1e8305227ffb384f0b599d7d63aabfebb0667fabe719112ff1149b0556fd2cf27111c9f0adcc17ea2c52bda886a2898052fbb8612c57ad583" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support" + } + ] + }, + { + "type": "library", + "name": "node10", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node10@1.0.11", + "description": "A base TSConfig for working with Node 10.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node10@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0dc4630c2ba32bf90293f7147bc5f3f194a99bc992de634da6d6be8c6080e944840df92d94dbe6d7e22e67d7937036cd938d411f0a471de5be37594a0b3e333b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node10" + } + ] + }, + { + "type": "library", + "name": "node12", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node12@1.0.11", + "description": "A base TSConfig for working with Node 12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node12@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72a79fb91b21d76a56c86b08a0128903d96e16ede6471080f8e459bc0e24b4b4b322e094b56571188b978a01303b9ff2c1614c67640418a5af9191b5cc33136a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node12" + } + ] + }, + { + "type": "library", + "name": "node14", + "group": "@tsconfig", + "version": "1.0.3", + "bom-ref": "@tsconfig/node14@1.0.3", + "description": "A base TSConfig for working with Node 14.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node14@1.0.3#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cac4fc9a1762c562ba1f0de2d55d80791a99e567d78351b8de6aa86253369dceb7f3c16ae63717cabe6646ca9588bc7f18961da0bd1b7d70fc9e617e667fc8a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node14" + } + ] + }, + { + "type": "library", + "name": "node16", + "group": "@tsconfig", + "version": "1.0.4", + "bom-ref": "@tsconfig/node16@1.0.4", + "description": "A base TSConfig for working with Node 16.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node16@1.0.4#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf1854cb827c9727b28a71fb033975a5d778dc6261647fed3f6c1e37c4e7b506e5398f80d176d3f03264d7fa023ee38eca0fc96bbe7bac6d028077160bc39f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node16" + } + ] + }, + { + "type": "library", + "name": "acorn-walk", + "version": "8.3.2", + "bom-ref": "acorn-walk@8.3.2", + "description": "ECMAScript (ESTree) AST walker", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-walk@8.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "723932bf83ad34221eaa11eb7d2f354165e80813c4c51fc9eb6a3212a7a9570f16690792aa95b6ba1b8b3e1d66f5e5a10ee3a8fe35175539627ef7ac396a7fe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-walk" + } + ] + }, + { + "type": "library", + "name": "create-require", + "version": "1.1.1", + "bom-ref": "create-require@1.1.1", + "description": "Polyfill for Node.js module.createRequire (<= v12.2.0)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-require@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/nuxt-contrib/create-require.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "75c2855f78e7d0ca486978e2b2846f7b12095442b36aaef3dab64ac5ff8c4abf5391d9879ac5389b695c2e88eb8ff14797c9a4e55c4c99803e7ed4643ffde829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-require" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "4.0.2", + "bom-ref": "diff@4.0.2", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@4.0.2", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c966c4a480e013722f3f871cc53394e129834f4557e7afe9931edef262860771ce073067c5681043e600b0991bd2e6a9f56834c30aa6db48613546eae0d8ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache-lib", + "version": "3.0.1", + "bom-ref": "v8-compile-cache-lib@3.0.1", + "author": "Andrew Bradley", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache-lib@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/v8-compile-cache-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1aed88f25067cd667808fefb4ad141c037e9600c2c413c2ca55571a9d33bb9f45cf96a21ad3576aadc3848a2fd3adcca2b07e55fb9f2e1dc9945d8a7532b7c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache-lib" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "3.1.1", + "bom-ref": "yn@3.1.1", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yn" + } + ] + }, + { + "type": "library", + "name": "tsimportlib", + "version": "0.0.5", + "bom-ref": "tsimportlib@0.0.5", + "author": "Andrew Bradley", + "purl": "pkg:npm/tsimportlib@0.0.5", + "externalReferences": [ + { + "url": "https://github.com/cspotcode/tsimportlib", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/tsimportlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsimportlib/-/tsimportlib-0.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9642ffc2dd80783f08fbed9d8794e45fcb912c58771262deba55094c334c5988a5f0b687b54b17e9ce61d7eb6b1d260cd4e9eb2b046b72448971e8ed8e14fad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsimportlib" + } + ] + }, + { + "type": "library", + "name": "colors", + "group": "@colors", + "version": "1.6.0", + "bom-ref": "@colors/colors@1.6.0", + "author": "DABH", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40colors/colors@1.6.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/DABH/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DABH/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DABH/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "22bf803a26eaceb22c2fa6a3b77473dcbb2407b3a23151ea96d666b296d6fd326e4d5bb238c8ab56a0248df63a2484a22c783236a89c002f00c871c6ccd77f74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@colors/colors" + } + ] + }, + { + "type": "library", + "name": "diagnostics", + "group": "@dabh", + "version": "2.0.3", + "bom-ref": "@dabh/diagnostics@2.0.3", + "author": "Arnout Kazemier", + "description": "Tools for debugging your node.js modules and event loop", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40dabh/diagnostics@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/diagnostics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "86b9503888bb8407f3b0caa519217256e72bc77f0efa3eb088639ffff1f679cbc812a60de000c1492da22cc879505c83ba708d9e25083e4feadeb885bf8e7144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@dabh/diagnostics" + } + ] + }, + { + "type": "library", + "name": "colorspace", + "version": "1.1.4", + "bom-ref": "colorspace@1.1.4", + "author": "Arnout Kazemier", + "description": "Generate HEX colors for a given namespace.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colorspace@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/colorspace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "060bca262b95bb58a00541769048d10995e897ac228866d8e62a4bfe854fc26d012fdb08a4c23333c20aeefc2ec48233397315dc4cb9c3ebf1866d2b47f4cdf3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace" + } + ] + }, + { + "type": "library", + "name": "text-hex", + "version": "1.0.0", + "bom-ref": "text-hex@1.0.0", + "author": "Arnout Kazemier", + "description": "Generate a hex color from the given text", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-hex@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/text-hex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae546356ce0278ca145a3528ae6cf63b3a3212c38b30e04e54bf4c1b8e9f8ecdc6e6554febb13f2e8e07172619fdca9cec82be6f973a4fa8ff8c04129c1af6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-hex" + } + ] + }, + { + "type": "library", + "name": "enabled", + "version": "2.0.0", + "bom-ref": "enabled@2.0.0", + "author": "Arnout Kazemier", + "description": "Check if a certain debug flag is enabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enabled@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/enabled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00aacdf7c92ec0eccc21d022cd7188f3a505068a36e822f6d5433beb7cb587f18c489e3f38753d936625b26069c92705a3fc1b2f35902413025b8f883b7ffe39" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enabled" + } + ] + }, + { + "type": "library", + "name": "kuler", + "version": "2.0.0", + "bom-ref": "kuler@2.0.0", + "author": "Arnout Kazemier", + "description": "Color your terminal using CSS/hex color codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kuler@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/kuler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eaf671fb2a559999702da1d5c30d113bbece8353581353ccd80c70e258b4a2a78e44830ab7a652c7ccf9f6ecd82fccbdabd4b30f0b5bddaa1f7cb10c6daa3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kuler" + } + ] + }, + { + "type": "library", + "name": "logform", + "version": "2.6.0", + "bom-ref": "logform@2.6.0", + "author": "Charlie Robbins", + "description": "An mutable object-based log format designed for chaining & objectMode streams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/logform@2.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/logform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/logform#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/logform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6e94778d3e9ea4fcb0fc1fdd68ed56050678398b504313b1e82b155b66218589d4b5463eb9a9ccb02f15fea557c03e840912345dbca72eb0ac0eba91c254e55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/logform" + } + ] + }, + { + "type": "library", + "name": "fecha", + "version": "4.2.3", + "bom-ref": "fecha@4.2.3", + "author": "Taylor Hakes", + "description": "Date formatting and parsing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fecha@4.2.3", + "externalReferences": [ + { + "url": "git+https://taylorhakes@github.com/taylorhakes/fecha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/taylorhakes/fecha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/taylorhakes/fecha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38fd88514e877982898b78b4cf8035f641cc4282d5b381dcf833eaab123687f0cf6474e6fef8ec7c2e8fd1be2308ccb5e178b32c1aaf9dd43e522943efbd3b27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fecha" + } + ] + }, + { + "type": "library", + "name": "safe-stable-stringify", + "version": "2.4.3", + "bom-ref": "safe-stable-stringify@2.4.3", + "author": "Ruben Bridgewater", + "description": "Deterministic and safely JSON.stringify to quickly serialize JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-stable-stringify@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/BridgeAR/safe-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b66c30365894f4c31b1e55de25b033f8fb738d5fa1e931741ad5984543b494f868ef3910a64a16c2325b6bb480df9188551eb39c3ed8fe2a198305d3dd643d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "version": "1.4.1", + "bom-ref": "triple-beam@1.4.1", + "author": "Charlie Robbins", + "description": "Definitions of levels for logging purposes & shareable Symbol constants.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/triple-beam@1.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/triple-beam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6996e056266b83540d706f8b50b6bb9e16692536522e6fe65e71d79db01b8e63796926b4cbb57ec2fbfafb859a06da48489cd384acbe3c83f173536ad4427d9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/triple-beam" + } + ] + }, + { + "type": "library", + "name": "one-time", + "version": "1.0.0", + "bom-ref": "one-time@1.0.0", + "author": "Arnout Kazemier", + "description": "Run the supplied function exactly one time (once)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/one-time@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/one-time.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e435ce8912b0b9211c43f974906085e90de37000c5bf9b52991689724fceaa454570eceeb41d77e0a4527c5d310eb2f7f4c367ab16c705b51472364885381bda" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/one-time" + } + ] + }, + { + "type": "library", + "name": "fn.name", + "version": "1.1.0", + "bom-ref": "fn.name@1.1.0", + "author": "Arnout Kazemier", + "description": "Extract names from functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fn.name@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/fn.name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1919e607980fc89a4085341d4994d2a7db9a3d2be5d3d2a861c310b6c07dad0a0e9b3b3d747e9f7de71c1fe67e72fe8febc1eee5b0ba263461e0087f98748d47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fn.name" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.3.0", + "bom-ref": "string_decoder@1.3.0", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string_decoder" + } + ] + }, + { + "type": "library", + "name": "stack-trace", + "version": "0.0.10", + "bom-ref": "stack-trace@0.0.10", + "author": "Felix Geisendörfer", + "description": "Get v8 stack traces as an array of CallSite objects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-trace@0.0.10", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-stack-trace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "286cda85cee9b942a4cf232df88a807a9f9354d6ca3fe9362e6c21b9bdfd9b502c4d291a0eeb71e7a6830a8f872c3cdffc3dba0481d32563624c6d4a0098900a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-trace" + } + ] + }, + { + "type": "library", + "name": "winston-transport", + "version": "4.7.0", + "bom-ref": "winston-transport@4.7.0", + "author": "Charlie Robbins", + "description": "Base stream implementations for winston@3 and up.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston-transport@4.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/winstonjs/winston-transport.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a3063eb92b923b75e9f37abd88616ebed9b34856a2c60c7a83c373b0f0e861faf756fabbf8319e9e883bc7a0a85f2456766aec8df1bc9789e0c327de9588e36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston-transport" + } + ] + }, + { + "type": "library", + "name": "xlsx-populate", + "version": "1.21.0", + "bom-ref": "xlsx-populate@1.21.0", + "author": "Dave T. Johnson", + "description": "Excel XLSX parser/generator written in JavaScript with Node.js and browser support, jQuery/d3-style method chaining, and a focus on keeping existing workbook features and styles in tact.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xlsx-populate@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/dtjohnson/xlsx-populate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xlsx-populate/-/xlsx-populate-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2fd869bc05e857a3a2d4eca4fcd364285d33e4618d522a4e55f20fd4b98667341dc9cd7aae77f3fdf4fc6bdb25de2b2b7eb0a9426ad9a2773ea340d89ed6147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate" + } + ] + }, + { + "type": "library", + "name": "cfb", + "version": "1.2.2", + "bom-ref": "cfb@1.2.2", + "author": "sheetjs", + "description": "Compound File Binary File Format extractor", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/cfb@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-cfb.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-cfb/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cfb/-/cfb-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "29f75466c48ec35f7f39b1166acbc13ff01ce2b799bc019ab9986ce92fe0a8d857848edc2b0be51fbba58fe74e1189dc6b86e6e121a8f02d5b4c042f9d38e040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cfb" + } + ] + }, + { + "type": "library", + "name": "adler-32", + "version": "1.3.1", + "bom-ref": "adler-32@1.3.1", + "author": "sheetjs", + "description": "Pure-JS ADLER-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/adler-32@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-adler32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/opensource", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-adler32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/adler-32/-/adler-32-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca7678c3f9d452fe6baec47c5141a87b5542f61663e95e6153d430d4794c0c9184270e52ed37d312b5938cccace8ceefaf461670faacdea02be2cb349c37cff8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/adler-32" + } + ] + }, + { + "type": "library", + "name": "crc-32", + "version": "1.2.2", + "bom-ref": "crc-32@1.2.2", + "author": "sheetjs", + "description": "Pure-JS CRC-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/crc-32@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44e9b308aad39cec326cf709029000e960568a3db71d57c654d2aaaab669bb264e1ea2b60b01d2be91aecadfd434dbda22311df17e48146a78321f887b520725" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/crc-32" + } + ] + }, + { + "type": "library", + "name": "jszip", + "version": "3.10.1", + "bom-ref": "jszip@3.10.1", + "author": "Stuart Knightley", + "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip", + "licenses": [ + { + "expression": "(MIT OR GPL-3.0-or-later)" + } + ], + "purl": "pkg:npm/jszip@3.10.1", + "externalReferences": [ + { + "url": "git+https://github.com/Stuk/jszip.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Stuk/jszip#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Stuk/jszip/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c570ef79cc93a462eba85aef92b512a31c5f248e401fb53ccf1c6d55c969b14b4c0aae09436f742d8f005b973b1a09ebfd8fe82be6d031ba8adaa9ad937a4de2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip" + } + ] + }, + { + "type": "library", + "name": "lie", + "version": "3.3.0", + "bom-ref": "lie@3.3.0", + "description": "A basic but performant promise implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lie@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/lie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lie" + } + ] + }, + { + "type": "library", + "name": "immediate", + "version": "3.0.6", + "bom-ref": "immediate@3.0.6", + "description": "A cross browser microtask library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/immediate@3.0.6", + "externalReferences": [ + { + "url": "git://github.com/calvinmetcalf/immediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d7385b72a838cd0c043155f631b85ee0f4897f21b5a69a5420d8c60a387f04c484f5aa0eb1738cf24b71da10401382cd5bb5fcf1ab5e5c894898ee08d25d119" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/immediate" + } + ] + }, + { + "type": "library", + "name": "pako", + "version": "1.0.11", + "bom-ref": "pako@1.0.11", + "description": "zlib port to javascript - fast, modularized, with browser support", + "licenses": [ + { + "expression": "(MIT AND Zlib)" + } + ], + "purl": "pkg:npm/pako@1.0.11", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/pako.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/pako", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/pako/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pako" + } + ] + }, + { + "type": "library", + "name": "core-util-is", + "version": "1.0.3", + "bom-ref": "core-util-is@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "The `util.is*` functions introduced in Node v0.12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/core-util-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/core-util-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/core-util-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-util-is" + } + ] + }, + { + "type": "library", + "name": "isarray", + "version": "1.0.0", + "bom-ref": "isarray@1.0.0", + "author": "Julian Gruber", + "description": "Array#isArray for older browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/isarray.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/isarray", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/isarray/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isarray" + } + ] + }, + { + "type": "library", + "name": "process-nextick-args", + "version": "2.0.1", + "bom-ref": "process-nextick-args@2.0.1", + "description": "process.nextTick but always with args", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/process-nextick-args" + } + ] + }, + { + "type": "library", + "name": "setimmediate", + "version": "1.0.5", + "bom-ref": "setimmediate@1.0.5", + "author": "YuzuJS", + "description": "A shim for the setImmediate efficient script yielding API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/setimmediate@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/YuzuJS/setImmediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3004c9759a7cb0ba8397febc2df4266cff3328f2d0355e81219a0882bb1c14343e46cbcafc1c5e0d03a0cb128aa21d32ffc87706a5459c2a90fe077eade8885c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setimmediate" + } + ] + }, + { + "type": "library", + "name": "sax", + "version": "1.2.1", + "bom-ref": "sax@1.2.1", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d9adcba2f1d33a99bb355e723b23bc207aa056c7cae3e52ec92ad753c617912457ee4ea1095f5bdc7ae4282af79cca608fed1b9a871a2495a9be9d6873b64" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sax" + } + ] + }, + { + "type": "library", + "name": "xmlbuilder", + "version": "11.0.1", + "bom-ref": "xmlbuilder@11.0.1", + "author": "Ozgur Ozcitak", + "description": "An XML builder for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlbuilder@11.0.1", + "externalReferences": [ + { + "url": "git://github.com/oozcitak/xmlbuilder-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c396c23f905131ee02ef6de71cd3fa212c6e747ee810a7caf21f3313b96f6f49ad462745d858a9e1b14c7ba227b71bdf3eaf9e9a4d0214078921b78d91dc9bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlbuilder" + } + ] + }, + { + "type": "library", + "name": "zip-lib", + "version": "1.0.4", + "bom-ref": "zip-lib@1.0.4", + "author": "fpsqdb", + "description": "zip and unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/zip-lib@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/fpsqdb/zip-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/zip-lib/-/zip-lib-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b5cc0c2d4b13fddc60110330c685add0148fdd054af6f57faf0ece46452f1ba4045bc1a06550d3873844f050de44e0f4beb306f500c52eb789f5e4ce61ce7a4f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/zip-lib" + } + ] + }, + { + "type": "library", + "name": "yauzl", + "version": "3.1.3", + "bom-ref": "yauzl@3.1.3", + "author": "Josh Wolfe", + "description": "yet another unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yauzl@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yauzl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yauzl/-/yauzl-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "24209d9a52495afecbd2afcaca539e93245a52b744a14c5691655c828ae8b1344e0855a24bda7634d3c4f586fdd5a93b6f53794b1019125896a6ca5b65c722bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yauzl" + } + ] + }, + { + "type": "library", + "name": "buffer-crc32", + "version": "0.2.13", + "bom-ref": "buffer-crc32@0.2.13", + "author": "Brian J. Brennan", + "description": "A pure javascript CRC32 algorithm that plays nice with binary data", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/buffer-crc32@0.2.13", + "externalReferences": [ + { + "url": "git://github.com/brianloveswords/buffer-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54ef47b7ffa9dd237b48a5aa72b804ce319b4522584f1f90d694d00b4c2b5aa1f1d2fa49ada43a1ad1f1f2dbdc835ae52b56f2854e6071cc603a08fb0744c391" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-crc32" + } + ] + }, + { + "type": "library", + "name": "pend", + "version": "1.2.0", + "bom-ref": "pend@1.2.0", + "author": "Andrew Kelley", + "description": "dead-simple optimistic async helper", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pend@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/andrewrk/node-pend.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andrewrk/node-pend#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andrewrk/node-pend/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1776acbf8d94b97721773b7ec57a9f5b538695505efa6c5ada6a88d29839c801d93ef16663763a76b49ffc643503ce9681610df4ace1fd6ae029aea219c1d72e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pend" + } + ] + }, + { + "type": "library", + "name": "yazl", + "version": "2.5.1", + "bom-ref": "yazl@2.5.1", + "author": "Josh Wolfe", + "description": "yet another zip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yazl@2.5.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yazl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yazl/-/yazl-2.5.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6110d8b63cb8879c76fa401568b7e7499da019d31a2c8fba777d697ece7223043967308d8fb19089677d3a04f4c539a1dfe6a743108f31e6a16b48e04de6faf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yazl" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/token-providers" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/util@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/token-providers" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "0.21.4", + "bom-ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@0.21.4", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bade6f7b0922bbc8e318176aa4ce385f18ee0a3abd2c029e1d59a855f1d5cf2f1e1e0c71abc49b01540da2f0c0f26562d3990fd046bf9ff5337121dc4c941f36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client/node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "1.1.3", + "bom-ref": "log-symbols@1.0.2|chalk@1.1.3", + "description": "Terminal string styling done right. Much color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53795154b31296c09f8ea60f6cbc95bf5d4cf423d6e08ef6f1de9308a300389b9e11e07dffca3e792b0c9f13c90fe43e2bdd3db1d11283b0beb489281faa27d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "2.2.1", + "bom-ref": "log-symbols@1.0.2|ansi-styles@2.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "92609ebc582146258cec7079cd33d42e5e2bf5b5454968f3eb6321aa2cc3194aead8d5ae34c432bafe2d1c7a0a247b3af4cfcc17ae2511c1dd608a1cadd59060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "561ba64926c1a834cff29d992ca8f8d148c1095e3ebfc6d4484a546f82a34605a4f696ea185e111058fa2846a089d6f67ff33a0330b41261720cd19ac3d382ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "log-symbols@1.0.2|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "2.0.0", + "bom-ref": "log-symbols@1.0.2|supports-color@2.0.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28a355b5dea909880f20a538729dbbdf71d6602a6995085d7592c152bc9a007a2eef6df1f854734390dff36e058fe232cae8904d1a2e6f84a72057c872ba7bd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "has-ansi@2.0.0|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "chokidar@3.5.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar/node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob/node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "3.1.1", + "bom-ref": "postcss-load-config@4.0.2|lilconfig@3.1.1", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5f297fb9f2bc74dc92e9cf5825755d4357535a62bb4d72d9bec04c9d29a6452493ca1ca95581ad88c9042c070e30ff65671fcab0343f880a8735868b910835" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config/node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "4.1.3", + "bom-ref": "ts-node@10.9.2|arg@4.1.3", + "author": "Josh Junon", + "description": "Another simple argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@4.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c4bd403a86d17c76ed8c0f4adf5f2718af8d8978df6602c1f0cc7d9fbbd5102a52b65e7fb2eb2906772c72cec024b814b341a653f9df7671f3de5278e087bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node/node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "4.1.1", + "bom-ref": "sucrase@3.35.0|commander@4.1.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e2a6f31864cc08f3171f01dafe4e0074febb9a5141cd9409ad95abd8d82ffdf5a36c22f66c4103b2c816cdec5795520b8f73ea91217db3142ef4a12a3dba58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "sucrase@3.35.0|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "sucrase@3.35.0|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "foreground-child@3.1.1|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child/node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e72ce091def8dc63c6dea0d2ed723679fe7c67d9a7e6304ea586b0eb79ba24a8c6a9f976de5bc9fd4d7a4f0cea9d18ae6a708de84f418a4d6eb00bb10c895a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f5f03689b17494936fb8da9bfc98bb398c94f686a164144e23db5c0e9a06d4aac67684bef636c514efce60f515e0a37b3464d815978d93887a7766d3affd5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8aae9e55523ae274104d162ad8ab44836776b94ecb125853270b07e18cc81d9b21c658199acff021ce15a03413946fc8bd522b04a1b4e82ad99e9d2abfb86471" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f933ce797ca6f64ac7cc222145a15ac0047242f10b47c15c7e98758fdd0704a811d889e9e3e5d1d28236f1b42d161195d8b78c1c0faceb4049433e116e6607c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b22ed0588eb350cab9e9b11216f6a0b66ccc7463ada317d1f927b3d753286df73bb66f9591472493d6d6d9479f7d319551b3a4b31992c34000da0b3c83bd4d09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cdefdf2015f417faf8b0dd1ef2ac6591aa7acdda84641245238e5e09367e04f06c716e3b46dc56eb108218de5f3f86bc14c0878266f8b842e3933f8304ad5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.0", + "bom-ref": "path-scurry@1.10.2|lru-cache@10.2.0", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9b20cf31f9501fe894f86ca0258d2d6a51680cb2a6513c6252e8549a84830f56f72d70d872569ec026eeeabb1396f63c24af205178a658e6d639258bf69ffed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "path-scurry@1.10.2|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.3.0", + "bom-ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e5e5171f98724949f245e20807e4fc5332af83e6f5c938efb1b49bfbacdb7e3856e8f7e79229a040c1e5498602c4a94c19abfb86618f35b4e09b855e46ff7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "14.1.0", + "bom-ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@14.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e5c08f95826e1212539b1553e94c84fb494ed1dea9362fb3f276e31ca2489a54ab96bfd77f53e1a6fd001df0d0cbbb291359391cae339e0f63e9d6b31e0531b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "3.1.4", + "bom-ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e8388ce04eefe1ca13138bb303c53ffd686d3f0ca18a29b77b28c43050a7529cdbae42bdc091e02834f6991f876ed4ab77f36e6d56984cea52a63525f0d41e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "tw-elements@1.1.0|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.0", + "bom-ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0391a9aaacf7269010ec2e7faf40322bb6449b364bf9003fccdf6db24a8f64a85902218925ca6db11265a4c28f98dffa99a37e2dcc43cd530e32ef230276fe7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "express@4.19.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "express@4.19.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "3.21.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "author": "Amit Gupta", + "description": "Validate XML or Parse XML to JS/JSON very fast without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@3.21.1", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1531558d8a013994c97a4894b1ac06b12615f502f403ecc3602463ef2df820ee8983ed8831812d41af9b6e272da5da55f1d1f15f2c2a53b0b48110c4385b4116" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "7.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@7.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fb308980e0c4ba730ee76f2511b4b3ced539acec2e47eb4d8b4444eff79cf53313bfec23fbac355139e85461e60151810e37de0d5d70c43e666eabe857e2ca2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "4.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1abc28c5837eb969733bcba1517465d0ffa41c4e06b553df63354b714c4f2fb28d7472a3ebabef9618b07881ea6185d6970f93f222cca78d8b9baee0870e1631" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "2.8.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@2.8.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de828e87e9ef63392088698e0a1b06299811fa0f8f1d55c740525fd3f7d1605d656d9620a5344f505dd24cf678d67d8a48ca8076c4c8ac7c041e87d4bde1dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "1.4.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@1.4.1", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-renderer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "547c01dca7eb70e3a47a5106d9939fc6a2d975f92297c3ed262e0ff0dd8c317b9c66adb22e9ef90a5562525395c32a071038d8538df702afb9cd63fad7e4466a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "3.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a2c81aa8a26af031d146d5ed24aaf01261f9e56f4969f0ce68e45c36385ab584d671c5c364f089345e6ecbc73061ba2767641fd4b41a950a0533de404e3f9d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@28.1.3#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "378193e689fc5246601f43b92d46af3115751031213532f42847d198321e647495ee9d9780ba18f6df550d480bea8fb27dd8181d5c6ecfcd46f2807d546e6ec8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@28.1.3#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "088281ae568a3b303b606d7d044a82c3748b22c1308d991e2737f96dda285675b86c7e5c92da9edc95fe1b6615d5a2b9bcff0df676b5206585cd8693a7a93a34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@28.1.3#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40f0243f913029d2bf6f122be82d48e15b34ae6da71e200dce3fd9e57d89424ad9a3a22abc2e25759f4af79b45d0776276103c068e9e8314b35053d829c1172f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@28.1.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4728e2c8c519acacff73ece53053b5a66ef40dc225493f007964e4a147597af7b0e38c1c359407b0454e88256d8159e51450fcd853da5f2732b39f1c7f69ae55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@28.1.3#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c5767f487b06ede7be7328f7f5dbce87b7d10fa099984fb3f4918f9189b7986765ed3abe77a432c41684d65db7758782621a25a94c10bce1f73cc4c5d031bee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@28.1.3#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dda9fa47c29712464a3f0b7e6e2d814cd9e991025b4820a66227d7809a18ec8f40aa64c6b4a7589bd11e5f588a86867d5ad74dc379b4dba6a21a3f5a8243ab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@28.1.3#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26e032ef093141954d53f57a83dc4acc2182e4b557c7d14370004ab125e9e4c88a3c4136d78e1afef5d3103a32ce352964a7d5c29d3c5aa83903859f4cc0338e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@28.1.3#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "919024c67484f85a84f188d6f2036ea159240bd23b4b5aa67a797cb0670338bae8a4048ff8191c18ac215e8caa42e18e19e618d32fe2c63addfe2111a445c736" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@28.1.3#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb9753e5d8bea0523a85f70b38719301f994c4546b8cafaf9da3f4924568c3d31dfcced5fccc6a40c3b3fd5576e5464ef29cde03d3e37d3a4ebba043bb048f40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@28.1.3#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aa440db6d1857fea30a8f155af02dd4a2b1e9e7a4d5520730f78b11ba5c7d27e411e5b204da69ca733fa3aabe5a6c3eb0e868b369a5df8c196d25f71b5dfffe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "1.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@1.9.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012141ba9d0ccf5bb28888c035a9f58f32d06a68bdcf53e86126428a2616d857333db7a75dce3915974164bcce4feafafa2722b8432876d982b62fa18da024d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@28.1.3#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd2f914160d771c5c32925a79076bf74fc2dfb6ab003c089cd1eb5c37168602be8a373e7f2dbc6732b26305d018f4117e5162f008d8422f0b9ece9a8b5f76d28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@28.0.2#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2cd08832348cb4cbd14af9c8e8558a316a64fb65ea3b321cea446c7b6036266909f5c2e718f6ba2d886901cf370c5d3b63ac200ffdfedff84d05efe7f13cd77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@28.1.3#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ac68e7d45895e4da77d9b7d48fc82f2003590d7dd28b9105b2cec325aaaf26b184a534a7e66717d18199f809de0c195505fbbbfa741b347794ce00a6bb88888" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@28.1.3#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "306dc836307227427802c3419bb4f786cbb1290a85222468fc052a6f5abd2d1288e5453a01aafd2476ebf48be7d535707d40fd2a2ad1a0cfd3eaef1795c40f1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-config" + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@28.1.3#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34830f12aa9ae7d3169c38b592f5d7a586eab1f426489b086e777ce667551a48837d0f564104d738bb2f21251fa279a7053fb0f395848277828a01047470c5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@28.1.3#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a951a3ce116324ddc597d0cfec3ef0871c27bd7cc1406bff615c480a3fc9c57cd97f8e51a413db9cabd36a9191972c376e089612d14bd294f5300b44beac7e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@28.1.3#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "719f9e4b9cdcefd301c2df88850862129d0e78175da5cd67f0c068d67301f00ee83cc2843be4ab7bec0768b25ec50523f586bff0d3816344444948188c1e9fa3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@28.1.3#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b7f8d1c3054c490ac847f9f3947d233d566b20e31e81eabedb345c5604ab228cddc1560e978ca2a28a4c017d2d261032874f52587c14aa6da0cd9870c5805c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@28.1.3#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97373c0a951b4a813876a4f453e835a8e0d08c14473e908f5e2b2c5c3e264bdfac5907669a9789f73487d6b4b51c492bb0c3747dbee72ab27d822011d5ddf007" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@28.1.3#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "784874c67f0796cb8e07116022cb3eda65fce55012e10cb739292357bae5056963b40e28587dfb825546c8e65266f12b0d3ff2072c1974f1b0097b93bd21bce6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@28.1.3#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e25ccc82d88d95cdc353ff2565f9aac4ddc0603e8618b6e5fbbdab741a57bdc57ec215fb983ad113390f769d919e67c8896060d586ee15291776e17625c69f26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "0.7.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "author": "Desmond Brand", + "description": "An ES6 string tag that strips indentation from multi-line strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@0.7.0", + "externalReferences": [ + { + "url": "git://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "43a7ca50faa7007032862520154ec15332e2bf491df2c687f5a97bb67bb943fa248fa767ba9c724e01480635732404dd7c8026f4d02cbd73738da29af9bc55c8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@28.1.3#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ab4f5cf8b20db2001539ba880e6d53ef4a548c4250c0e3ca30c74ec10cf0226ac5b4c98a581d83a8e071cbcfdab4055cc3554e2120b163cc9c344a8f5a08bfe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@28.0.2#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a88f6c3dfc3c526077ce9b994928275c0263c9cd05e66ccfd4ae5deb865821acfbd3dedb7eedaffea1773d6b390a98bbe88978ed57cddb116aa2fafb399e53c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@28.1.3#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2015bfd3a343a6c4747df994dbd780dfdaf371746097f20d71586513a94c394e266f7107f9b0728e6dde5470fc8b2f2a303700c03131775d6386d41ea6c65d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@28.1.3#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "910789eea1de98a7dbccaa068c71eb44a1fa6ad831324f049e493688f4375f03baa04fca603f253183b388291e481f46e1a74f3389d1d4313c4dfe497961fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@28.1.3#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "354fbcf3549c05040b7352471b9789194ed48b790b2ab9b008f3ed62c26d072922c6b3363a15509693261562633320df7641a004c3635c2181fde6f3b2034643" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@28.1.3#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba03fa5ce844a6300484662fa795e3f7cf67b39701d4ae99763058b92df4ba64f80901044dac5288f719fc4d64164b57e0692b70ce2abb4ec82250d85f5829f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@28.1.3#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ffc0e90bd8f387bf9da1fa89393a3ff580e1bd1d2cb07683ed16c44252694220b5cd9f97885a67277770c88969499e91af42d99a8ea04ff79122d048a6c5f2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@28.1.3#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a372768ebe9d30c598547e0b87f34a9835dda2caec2608b802f892f285cbba3723a423016f514cb1b9439ce5ca64a7d28872f162e6f5792d081ee457b22a3d78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@28.1.3#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6755b7b538c4e9068d23dd2aa3f049a5f9efa71b5a153170e420e0c29c84fcacfc53fd3a3751e37f889af6ab94842877f6a206585d59bb1162062250c1211829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@28.1.3#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a4330e03ff451277ad8e54ed281208e7db74ccf9825ad94d96bb9cf3f71b1007533158a0ce96b9f290fc6732c374b6726595f2cf8a71d391aeb5bb44216b104" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@28.1.3#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4996ce181584b1a4f104608ea6c45695796f364bd3918d17c517e1ef3626bddf2e2f9433ca0d021c05e25ca44e7e587cd35aae03afbf0ec4f83830ed84e0bf38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-validate" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@28.1.3#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9ad103b64345f342834fa2e31b09cec1bedb1e9bc7908153cd9309fd2e74be4769fc0da5433cbfd4d609e00b42d39754585c9534b896b604c0b60db4df16b1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "1.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "author": "Luke Edwards", + "description": "A tiny (813b), correct, general-purpose, and configurable \"exports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcdb691cd0cdee35a101a43d06f054619e984d7b110607ea58558fec16416a83093bf2371b9385cef4ee58d9590b768f8e29ecd45f9336b2cab066c7e2b7ec45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6884ea3b09cb6a7a472cd5d924435b3a08d405e1e8703fb1b1226636b8e8bca056e476d2a56dddd69125b3b18540f5165e2c06f7ed0fe06b477c4a82ff833423" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@28.1.1#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df06b2055362398c7473001b97daf09b990a14ff321c7dddfdf90468bd3634f4e40e88cfb6178607b1d9485638c335fe0f1cabbe15f3d0a482564b260a49c2b8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@28.1.3#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58554986742c88ab43128e651b698cd2fe344169c133eccc7471f226cf00599ec9d106494b9f4cb3229e2475a1a416411f7d92e3c14e56f1b23854f58740e5a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@28.1.3#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b78a9caa3f61cdefa3be214f50ddd802d0047859ebfdacc84d740430045fe5c330298d923014670904d72e2c53976d0e47a98b87d28b32b8152602484b29bed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "9.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@9.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04f4b8ca7256fe8f763d4478c20ae2cf651de60a524f9bf3e8641f322c440cad19f19094bf633b4a404bca41f9e93fbe5ecfbc967f734c66cebcd1887b4dbf8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "1.8.6", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@1.8.6", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2f9790092a3d94a6dcd2c17949e0efb101425ddc99e2612136861dd607f248d507e6ae9f74b85c146d8b6cedd7b9adb7498850388dc587a8266e9dad5bc125" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@28.1.3#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c55383f8a61cabc825eed696dca8c3b419241c61ed48b1a958083cd137285eb727b2c4c708c5ad75a8f343a5534b7ab7ad22d36a126618427d54633ff9c7534" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "28.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@28.1.2#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-28.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "715f0bc7705e4ad25bf22a4f1e7a95c3f20cd9508c58eddcad6673628752224c579d1717262a42771d4908ad0ae4cb09268b994131fbde6cdfe2f83145a1fdc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@28.1.3#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2f6e2f4b52b1c92e7dcd9435bac05da1bc832d77825497640d56b8eaf880521e2ae07eb477a3d46756dc7374418eda7f49c885b01e72df6f2e4acea04683660" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@28.1.3#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f11a8fd41fce5f38e34d692a317ebb8aa830055251802c8a0f72fd9eafba66a24c76f8c4f1180792da99ea336b91d313f9d26e60d237ae1429c5acfb76b2477f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@28.1.1#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "154d2215a1ff136ddaf9aef5f25f106bfd7d6c5f69d3a9201342a2a4c38c69dc1add28e768494accf6940b4be789bb3afc1ffd9e2f7bb3ad6671e8e4f16d5f43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@28.1.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe5fd55ac76dfda057823b212d6385c85b77215758ca9bb9cb65a7dab38ed6e9fa9e4a889fc48b5f38083185c5c98b11583c85e44b6198a24c21d26f934f20ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.24.51", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.24.51", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4fd4e44e9bfaddb9b3f96850d265020b534beb2c22787ef1ede84a2a1c433ed83fc6e4c2b76c86b299428b8adf09b3d81b9ece54c899e43ff4d944e2f0e2d50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@28.1.3#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae863792faefe7b0339f5c8f81d4de6cf017bdd476c5f7b368a298cd5c59e88b7fe4d0b1cc9ca6ead508e4fd7391d5a17d4624c4423db9959c41d6852e8f2625" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "28.0.8", + "bom-ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@28.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-28.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45686d255e644fcc0a62c7ca051bc44a8c0cf87a1b66f3230a393cb91d7ddf63a5bc926bceae6718d212831255b9d85268bfe7258546eb280aa87e78f89974e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@28.1.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fe7eea49be55801db41f9fbe1ca0d5f7cdfeb42d7309b1eccdbefc7c78887b88e47596e275a68c5881093517c3d8b4dabfe903830c70aab129d3152582e3dd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@28.1.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cded50a0267e79115293dda5af7c798ac04749d5fac4855196441ae43611b15dd72e1238bb43e500cd1c0abe6dbf5af9b6d7bd8402e1bf880ff4c720c714e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "4.9.5", + "bom-ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@4.9.5", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d455e4f44d879be433650ef3f8c7098872f8356d45d84cccbbd36af62df301a1aa89b69fa98c02554e96c9602ec90451cce971a2ef31652c972c437ca0a8f6e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "chalk@4.1.2|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "glob@7.2.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "glob@7.2.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/core@7.24.4|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "2.0.0", + "bom-ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "529cdc2c25e895459c36ee47b5530761d5c98c0ae3b05f42d1a367aae658638b96fd5bb49a2cb96285af6d5df8e476ae56f700527a51ba130c72a4dc18e636fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "2.5.2", + "bom-ref": "@babel/generator@7.24.4|jsesc@2.5.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator/node_modules/jsesc" + } + ] + }, + { + "type": "library", + "name": "globals", + "version": "11.12.0", + "bom-ref": "@babel/traverse@7.24.1|globals@11.12.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@11.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse/node_modules/globals" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "yargs@17.7.2|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "js-beautify@1.15.1|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "js-beautify@1.15.1|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.1", + "bom-ref": "editorconfig@1.0.4|minimatch@9.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d235a12690ff31d84f5f03ee8919026df61f48aa76aa79f678e736efda88edffa8b25fe5fa9aca4abbe1835e7bcd262fc7fd679a09f636a753ea4d99ef3487f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/core@3.26.9|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/core@3.26.9|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@oclif/core@3.26.9|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@oclif/core@3.26.9|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.3.2", + "bom-ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "79546a0af56565bbb0dc6acceb7a2f352340780d4ad7a91a47f2d163ff76c34cf1439ff5633c1b9545fae768b85ecf51c001a35bd77dcba5fcf2df0e68025f59" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle/node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "jake@10.8.7|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "jake@10.8.7|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "5.1.6", + "bom-ref": "filelist@1.0.4|minimatch@5.1.6", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.1.6", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94ac15ff56eba46ea6054147b5becd526b400426f65996669b6c0d88e0398406fc55d092e01dddb4c5b2bdca1589c730016fc23844635cbb74ccfd735d4376ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.13", + "bom-ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.13", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba0f02654089a6181eb5265581de07420c9ec256151861b52c87855c6c63818b2367f7f92379d20a3ef1a403040ea8d50ff970992ba3b55c1aeedbc480b1880b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-9.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54bfa536b128217c30d5ca0b3ce9a21262bfd2c1a2824a3908ec48d3d2b31dcd9525726c437ed4690fbcaaebb18c3780efe2a72c64d647239748b2d1d966f88f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "206374200c26843270cb5dd673c93ee0f11b4cf86926732d7d1e7765b3b28e4be611c2d2e270b0a7a9af3168d2e6c5237a25b79a9c7a7079ae84a12ef5799c43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-package-arg" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83cf8e9d4fcbdaffb0ca254af83e5f037e09ec41fc8d9f030e5bf085108cc66323ed4081bf188ed6619e37edfa25720a178cdebd4e2444177c955806f6f2de94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/proc-log" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a69c13b62259ab43bf6a2d33ef27ee76d069588a3133cc84ea71e2d57e3b785476116391a9f6eee829cf94db2378debcdde4f4a86e87fcfc9ff5f09cbe39e79d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63ab60e6b1dfb1e7d291f2ae8efd92c07ba522744ecbfac22f9178c3440e5b1badf009f16317f46263614e1f7965fcb1a6cb9da3aeaeaa4bb1d000859f231281" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5698c846f4ec33f16022a12b3a65096049b6fc5971932b2fee1492b4d22471cfc99538998613bf7a9a39eefb1fb10e0cb492a2901414073a5bc538caabec72" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2e907fe7807eff627986a43b8a66477dd537d4e96042ac7b6627159649bd93383dff0f0628b11c15f265fedec30840ee78ec81003eb3082c133ba173b3436811" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "yarn", + "version": "1.22.22", + "bom-ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22", + "description": "📦🐈 Fast, reliable, and secure dependency management.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/yarn@1.22.22", + "externalReferences": [ + { + "url": "git+https://github.com/yarnpkg/yarn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yarnpkg/yarn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yarnpkg/yarn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/yarn" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "hosted-git-info@7.0.2|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f61a77569dbf845414888c0aa3c5c2785567ae0f0f9374d834f211eed2400ca8b961f705eef11a2bb6af1474e54b2de438a61a25069a95f128e98b9775c78139" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "string-locale-compare", + "group": "@isaacs", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "author": "Isaac Z. Schlueter", + "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/string-locale-compare@1.1.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/string-locale-compare.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/string-locale-compare.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/string-locale-compare" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arborist", + "group": "@npmcli", + "version": "7.5.2", + "bom-ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "author": "GitHub Inc.", + "description": "Manage node_modules trees", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/arborist@7.5.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/arborist", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/arborist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/arborist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs", + "group": "@npmcli", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "author": "GitHub Inc.", + "description": "filesystem utilities for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/fs@3.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "installed-package-contents", + "group": "@npmcli", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "author": "GitHub Inc.", + "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/installed-package-contents@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/installed-package-contents.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/installed-package-contents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/installed-package-contents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/installed-package-contents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/installed-package-contents" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-bundled", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-bundled@3.0.1", + "author": "GitHub Inc.", + "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-bundled@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-bundled.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-bundled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-bundled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-bundled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-bundled" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-normalize-package-bin", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "author": "GitHub Inc.", + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-normalize-package-bin@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-normalize-package-bin.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-normalize-package-bin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-normalize-package-bin" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "map-workspaces", + "group": "@npmcli", + "version": "3.0.6", + "bom-ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "author": "GitHub Inc.", + "description": "Retrieves a name:pathname Map for a given workspaces config", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/map-workspaces@3.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/map-workspaces.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/map-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/map-workspaces#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/map-workspaces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/map-workspaces" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "metavuln-calculator", + "group": "@npmcli", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "author": "GitHub Inc.", + "description": "Calculate meta-vulnerabilities from package security advisories", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/metavuln-calculator@7.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/metavuln-calculator.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/metavuln-calculator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/metavuln-calculator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacache", + "version": "18.0.3", + "bom-ref": "npm@10.8.0|cacache@18.0.3", + "author": "GitHub Inc.", + "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cacache@18.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cacache.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cacache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cacache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cacache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cacache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "author": "GitHub Inc.", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/json-parse-even-better-errors.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-parse-even-better-errors" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pacote", + "version": "18.0.6", + "bom-ref": "npm@10.8.0|pacote@18.0.6", + "author": "GitHub Inc.", + "description": "JavaScript package downloader", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/pacote@18.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/pacote.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/pacote.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/pacote#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/pacote/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/pacote" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "npm@10.8.0|semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/semver" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "name-from-folder", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "author": "GitHub Inc.", + "description": "Get the package name from a folder path", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/name-from-folder@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/name-from-folder.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/name-from-folder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/name-from-folder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/name-from-folder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/name-from-folder" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "group": "@npmcli", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "author": "GitHub Inc.", + "description": "Tools for dealing with node-gyp packages", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/node-gyp@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-gyp.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "package-json", + "group": "@npmcli", + "version": "5.1.0", + "bom-ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "author": "GitHub Inc.", + "description": "Programmatic API to update package.json", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/package-json@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "query", + "group": "@npmcli", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|@npmcli/query@3.1.0", + "author": "GitHub Inc.", + "description": "npm query parser and tools", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/query@3.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/query.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/query.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/query#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/query/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/query" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16?vcs_url=git%2Bhttps%3A//github.com/postcss/postcss-selector-parser.git", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/postcss-selector-parser" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/cssesc.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cssesc" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2?vcs_url=git%3A//github.com/TooTallNate/util-deprecate.git", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/util-deprecate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "redact", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/redact@2.0.0", + "author": "GitHub Inc.", + "description": "Redact sensitive npm information from output", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/redact@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/redact.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/redact.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/redact#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/redact/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/redact" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "run-script", + "group": "@npmcli", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "author": "GitHub Inc.", + "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/run-script@8.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/run-script.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/run-script.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/run-script#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/run-script/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/run-script" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bin-links", + "version": "4.0.4", + "bom-ref": "npm@10.8.0|bin-links@4.0.4", + "author": "GitHub Inc.", + "description": "JavaScript package binary linker", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/bin-links@4.0.4?vcs_url=git%2Bhttps%3A//github.com/npm/bin-links.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/bin-links.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/bin-links#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/bin-links/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/bin-links" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cmd-shim", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|cmd-shim@6.0.3", + "author": "GitHub Inc.", + "description": "Used in npm for command line application support", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cmd-shim@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-cmd-shim", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|read-cmd-shim@4.0.0", + "author": "GitHub Inc.", + "description": "Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-cmd-shim@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/read-cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|write-file-atomic@5.0.1", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/write-file-atomic.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/write-file-atomic" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "common-ancestor-path", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|common-ancestor-path@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Find the common ancestor of 2 or more paths on Windows or Unix", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/common-ancestor-path@1.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/common-ancestor-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/common-ancestor-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/common-ancestor-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-nice", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|json-stringify-nice@1.1.4", + "author": "Isaac Z. Schlueter", + "description": "Stringify an object sorting scalars before objects, and defaulting to 2-space indent", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-nice@1.1.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/json-stringify-nice.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/json-stringify-nice.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-stringify-nice" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "npm@10.8.0|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2?vcs_url=git%3A//github.com/isaacs/node-lru-cache.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/lru-cache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "npm@10.8.0|minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4?vcs_url=git%3A//github.com/isaacs/minimatch.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.1", + "bom-ref": "npm@10.8.0|nopt@7.2.1", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.1?vcs_url=git%2Bhttps%3A//github.com/npm/nopt.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/nopt" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-install-checks", + "version": "6.3.0", + "bom-ref": "npm@10.8.0|npm-install-checks@6.3.0", + "author": "GitHub Inc.", + "description": "Check the engines and platform fields in package.json", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-install-checks@6.3.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-install-checks.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-install-checks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-install-checks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-install-checks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-install-checks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "npm@10.8.0|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-package-arg.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-package-arg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-pick-manifest", + "version": "9.0.1", + "bom-ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "author": "GitHub Inc.", + "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-pick-manifest@9.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-pick-manifest.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-pick-manifest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-pick-manifest" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-registry-fetch", + "version": "17.0.1", + "bom-ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "author": "GitHub Inc.", + "description": "Fetch-based http client for use with npm registry APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-registry-fetch@17.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-registry-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-registry-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-registry-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parse-conflict-json", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "author": "GitHub Inc.", + "description": "Parse a JSON string that has git merge conflicts, resolving if possible", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/parse-conflict-json@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/parse-conflict-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/parse-conflict-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/parse-conflict-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proggy", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|proggy@2.0.0", + "author": "GitHub Inc.", + "description": "Progress bar updates at a distance", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proggy@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proggy.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proggy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proggy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proggy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proggy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-all-reject-late", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-all-reject-late@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like Promise.all, but save rejections until all promises are resolved", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-all-reject-late@1.0.1", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-all-reject-late" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-call-limit", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|promise-call-limit@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-call-limit@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/promise-call-limit.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/promise-call-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-call-limit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-package-json-fast", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "author": "GitHub Inc.", + "description": "Like read-package-json, but faster", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-package-json-fast@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/read-package-json-fast.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-package-json-fast.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-package-json-fast" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ssri", + "version": "10.0.6", + "bom-ref": "npm@10.8.0|ssri@10.0.6", + "author": "GitHub Inc.", + "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ssri@10.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/ssri.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ssri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ssri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ssri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ssri" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "treeverse", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|treeverse@3.0.0", + "author": "GitHub Inc.", + "description": "Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/treeverse@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/treeverse.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/treeverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/treeverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/treeverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/treeverse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "walk-up-path", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|walk-up-path@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Given a path string, return a generator that walks up the path, emitting each dirname.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/walk-up-path@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/walk-up-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/walk-up-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/walk-up-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config", + "group": "@npmcli", + "version": "8.3.2", + "bom-ref": "npm@10.8.0|@npmcli/config@8.3.2", + "author": "GitHub Inc.", + "description": "Configuration management for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/config@8.3.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/config", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/config" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0?vcs_url=git%2Bhttps%3A//github.com/watson/ci-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "4.1.2", + "bom-ref": "npm@10.8.0|ini@4.1.2", + "author": "GitHub Inc.", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@4.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/ini.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ini" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.15", + "bom-ref": "npm@10.8.0|glob@10.3.15", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.15?vcs_url=git%3A//github.com/isaacs/node-glob.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/glob" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git", + "group": "@npmcli", + "version": "5.0.7", + "bom-ref": "npm@10.8.0|@npmcli/git@5.0.7", + "author": "GitHub Inc.", + "description": "a util for spawning git from npm CLI contexts", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/git@5.0.7?vcs_url=git%2Bhttps%3A//github.com/npm/git.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/git.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/git#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/git/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/git" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-spawn", + "group": "@npmcli", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "author": "GitHub Inc.", + "description": "spawn processes the way the npm cli likes to do", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/promise-spawn@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promise-spawn.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promise-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promise-spawn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promise-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/promise-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-inflight", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-inflight@1.0.1", + "author": "Rebecca Turner", + "description": "One promise for multiple requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-inflight@1.0.1?vcs_url=git%2Bhttps%3A//github.com/iarna/promise-inflight.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/promise-inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/promise-inflight#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/promise-inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-inflight" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-retry", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|promise-retry@2.0.1", + "author": "IndigoUnited", + "description": "Retries a function that returns a promise, leveraging the power of the retry module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/promise-retry@2.0.1?vcs_url=git%3A//github.com/IndigoUnited/node-promise-retry.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/node-promise-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-which.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/normalize-package-data.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "version": "10.1.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0", + "author": "Nathan Rajlich", + "description": "Node.js native addon build tool", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-gyp@10.1.0?vcs_url=git%3A//github.com/nodejs/node-gyp.git", + "externalReferences": [ + { + "url": "git://github.com/nodejs/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tuf", + "group": "@sigstore", + "version": "2.3.3", + "bom-ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "author": "bdehamer@github.com", + "description": "Client for the Sigstore TUF repository", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/tuf@2.3.3?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/tuf" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "protobuf-specs", + "group": "@sigstore", + "version": "0.3.2", + "bom-ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/protobuf-specs@0.3.2?vcs_url=git%2Bhttps%3A//github.com/sigstore/protobuf-specs.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/protobuf-specs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/protobuf-specs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tuf-js", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|tuf-js@2.2.1", + "author": "bdehamer@github.com", + "description": "JavaScript implementation of The Update Framework (TUF)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tuf-js@2.2.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tuf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "models", + "group": "@tufjs", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|@tufjs/models@2.0.1", + "author": "bdehamer@github.com", + "description": "TUF metadata models", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/models@2.0.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/models" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "canonical-json", + "group": "@tufjs", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "author": "bdehamer@github.com", + "description": "OLPC JSON canonicalization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/canonical-json@2.0.0?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/canonical-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/canonical-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "npm@10.8.0|debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4?vcs_url=git%3A//github.com/debug-js/debug.git", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "make-fetch-happen", + "version": "13.0.1", + "bom-ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "author": "GitHub Inc.", + "description": "Opinionated, caching, retrying fetch client", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-fetch-happen@13.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/make-fetch-happen.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/make-fetch-happen.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/make-fetch-happen" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/abbrev-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/abbrev" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "archy", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|archy@1.0.0", + "author": "James Halliday", + "description": "render nested hierarchies `npm ls` style with unicode pipes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/archy@1.0.0?vcs_url=git%2Bssh%3A//git%40github.com/substack/node-archy.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/substack/node-archy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-archy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-archy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/archy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "3.0.3", + "bom-ref": "npm@10.8.0|fs-minipass@3.0.3", + "author": "GitHub Inc.", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@3.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-collect", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|minipass-collect@2.0.1", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that collects all the data into a single chunk", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-collect@2.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-collect.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-collect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-collect" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|minipass@7.1.1", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-flush", + "version": "1.0.5", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that calls a flush function before emitting 'end'", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-flush@1.0.5?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-flush.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-flush.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|yallist@4.0.0", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@4.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/yallist.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/yallist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-pipeline", + "version": "1.2.4", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "create a pipeline of streams using Minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-pipeline@1.2.4", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-map", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|p-map@4.0.0", + "author": "Sindre Sorhus", + "description": "Map over promises concurrently", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-map@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/p-map.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/p-map" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tar", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|tar@6.2.1", + "author": "GitHub Inc.", + "description": "tar for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/tar@6.2.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-tar.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-tar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-tar#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-tar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "unique-filename", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|unique-filename@3.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique filename for use in temporary directories or caches.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-filename@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-filename.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-filename.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/unique-filename", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/unique-filename/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-filename" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "unique-slug", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|unique-slug@4.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique character string suitible for use in files and URLs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-slug@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-slug.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-slug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/unique-slug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/unique-slug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-slug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "npm@10.8.0|imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4?vcs_url=git%2Bhttps%3A//github.com/jensyt/imurmurhash-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/imurmurhash" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "5.3.0", + "bom-ref": "npm@10.8.0|chalk@5.3.0", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@5.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/chalk.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chalk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cli-columns", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|cli-columns@4.0.0", + "author": "Shannon Moeller", + "description": "Columnated lists for the CLI.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-columns@4.0.0?vcs_url=git%2Bhttps%3A//github.com/shannonmoeller/cli-columns.git", + "externalReferences": [ + { + "url": "git+https://github.com/shannonmoeller/cli-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cli-columns" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "npm@10.8.0|string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "npm@10.8.0|emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-fullwidth-code-point" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "npm@10.8.0|fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16?vcs_url=git%2Bhttps%3A//github.com/ka-weihe/fastest-levenshtein.git", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1?vcs_url=git%2Bhttps%3A//github.com/tapjs/foreground-child.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/foreground-child" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3?vcs_url=git%2Bssh%3A//git%40github.com/moxystudio/node-cross-spawn.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-key.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-key" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0?vcs_url=git%2Bhttps%3A//github.com/kevva/shebang-command.git", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-command" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/shebang-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "npm@10.8.0|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0?vcs_url=git%2Bhttps%3A//github.com/tapjs/signal-exit.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "npm@10.8.0|jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/jackspeak.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jackspeak" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2?vcs_url=git%2Bhttps%3A//github.com/yargs/cliui.git", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0?vcs_url=git%3A//github.com/komagata/eastasianwidth.git", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/eastasianwidth" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1?vcs_url=git%2Bhttps%3A//github.com/Qix-/color-convert.git", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-convert" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4?vcs_url=git%2Bssh%3A//git%40github.com/colorjs/color-name.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0?vcs_url=git%2Bssh%3A//git%40github.com/pkgjs/parseargs.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@pkgjs/parseargs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.11.1", + "bom-ref": "npm@10.8.0|path-scurry@1.11.1", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.11.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/path-scurry.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-scurry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "npm@10.8.0|graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/graceful-fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "init-package-json", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|init-package-json@6.0.3", + "author": "GitHub Inc.", + "description": "A node module to get your node module started", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/init-package-json@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/init-package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/init-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/init-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/init-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/init-package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promzard", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|promzard@1.0.2", + "author": "GitHub Inc.", + "description": "prompting wizardly", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promzard@1.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promzard.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promzard.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promzard#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promzard/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promzard" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|read@3.0.1", + "author": "GitHub Inc.", + "description": "read(1) for node programs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/read.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-correct.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "npm@10.8.0|spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "npm@10.8.0|spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-license-ids.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/validate-npm-package-name.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-cidr", + "version": "5.0.5", + "bom-ref": "npm@10.8.0|is-cidr@5.0.5", + "author": "silverwind", + "description": "Check if a string is an IP address in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/is-cidr@5.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/is-cidr.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/is-cidr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/is-cidr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/is-cidr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-cidr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cidr-regex", + "version": "4.0.5", + "bom-ref": "npm@10.8.0|cidr-regex@4.0.5", + "author": "silverwind", + "description": "Regular expression for matching IP addresses in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/cidr-regex@4.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/cidr-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/cidr-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cidr-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-regex", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|ip-regex@5.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching IP addresses (IPv4 & IPv6)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-regex@5.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ip-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ip-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmaccess", + "version": "8.0.6", + "bom-ref": "npm@10.8.0|libnpmaccess@8.0.6", + "author": "GitHub Inc.", + "description": "programmatic library for `npm access` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmaccess@8.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmaccess", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmaccess", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmaccess", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmaccess/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmaccess" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmdiff", + "version": "6.1.2", + "bom-ref": "npm@10.8.0|libnpmdiff@6.1.2", + "author": "GitHub Inc.", + "description": "The registry diff", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmdiff@6.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmdiff", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmdiff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmdiff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/binary-extensions.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/binary-extensions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "npm@10.8.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0?vcs_url=git%3A//github.com/kpdecker/jsdiff.git", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmexec", + "version": "8.1.1", + "bom-ref": "npm@10.8.0|libnpmexec@8.1.1", + "author": "GitHub Inc.", + "description": "npm exec (npx) programmatic API", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmexec@8.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmexec", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmexec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmexec" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmfund", + "version": "5.0.10", + "bom-ref": "npm@10.8.0|libnpmfund@5.0.10", + "author": "GitHub Inc.", + "description": "Programmatic API for npm fund", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmfund@5.0.10?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmfund", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmfund", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmfund" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmhook", + "version": "10.0.5", + "bom-ref": "npm@10.8.0|libnpmhook@10.0.5", + "author": "GitHub Inc.", + "description": "programmatic API for managing npm registry hooks", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmhook@10.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmhook", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmhook", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmhook" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aproba", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|aproba@2.0.0", + "author": "Rebecca Turner", + "description": "A ridiculously light-weight argument validator (now browser friendly)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/aproba@2.0.0?vcs_url=git%2Bhttps%3A//github.com/iarna/aproba.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/aproba.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/aproba", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/aproba/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aproba" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmorg", + "version": "6.0.6", + "bom-ref": "npm@10.8.0|libnpmorg@6.0.6", + "author": "GitHub Inc.", + "description": "Programmatic api for `npm org` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmorg@6.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmorg", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmorg", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmorg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmorg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmorg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpack", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|libnpmpack@7.0.2", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm pack", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpack@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpack", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmpack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpublish", + "version": "9.0.8", + "bom-ref": "npm@10.8.0|libnpmpublish@9.0.8", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm publish and unpublish", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpublish@9.0.8?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpublish", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpublish", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpublish", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpublish" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sigstore", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|sigstore@2.3.0", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/sigstore@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sigstore" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bundle", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore bundle type", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/bundle@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/bundle" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@sigstore", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@sigstore/core@1.1.0", + "author": "bdehamer@github.com", + "description": "Base library for Sigstore", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/core@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/core" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sign", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore signing library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/sign@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/sign" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "verify", + "group": "@sigstore", + "version": "1.2.0", + "bom-ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "author": "bdehamer@github.com", + "description": "Verification of Sigstore signatures", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/verify@1.2.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/verify" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmsearch", + "version": "7.0.5", + "bom-ref": "npm@10.8.0|libnpmsearch@7.0.5", + "author": "GitHub Inc.", + "description": "Programmatic API for searching in npm and compatible registries.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmsearch@7.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmsearch", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmsearch", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmsearch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmsearch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmsearch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmteam", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|libnpmteam@6.0.5", + "author": "GitHub Inc.", + "description": "npm Team management APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmteam@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmteam", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmteam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmteam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmteam" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmversion", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|libnpmversion@6.0.2", + "author": "GitHub Inc.", + "description": "library to do the things that 'npm version' does", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmversion@6.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmversion", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmversion", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmversion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent", + "group": "@npmcli", + "version": "2.2.2", + "bom-ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "author": "GitHub Inc.", + "description": "the http/https agent used by the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/agent@2.2.2?vcs_url=git%2Bhttps%3A//github.com/npm/agent.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent-base", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|agent-base@7.1.1", + "author": "Nathan Rajlich", + "description": "Turn a function into an `http.Agent` instance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/agent-base@7.1.1?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/agent-base" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-proxy-agent", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-proxy-agent@7.0.2?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "https-proxy-agent", + "version": "7.0.4", + "bom-ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/https-proxy-agent@7.0.4?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/https-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks-proxy-agent", + "version": "8.0.3", + "bom-ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "author": "Nathan Rajlich", + "description": "A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks-proxy-agent@8.0.3?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks", + "version": "2.8.3", + "bom-ref": "npm@10.8.0|socks@2.8.3", + "author": "Josh Glazebrook", + "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks@2.8.3?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/socks.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/socks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-address", + "version": "9.0.5", + "bom-ref": "npm@10.8.0|ip-address@9.0.5", + "author": "Beau Gunderson", + "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-address@9.0.5?vcs_url=git%3A//github.com/beaugunderson/ip-address.git", + "externalReferences": [ + { + "url": "git://github.com/beaugunderson/ip-address.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-address" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsbn", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|jsbn@1.1.0", + "author": "Tom Wu", + "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsbn@1.1.0?vcs_url=git%2Bhttps%3A//github.com/andyperlitch/jsbn.git", + "externalReferences": [ + { + "url": "git+https://github.com/andyperlitch/jsbn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsbn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.1.3", + "bom-ref": "npm@10.8.0|sprintf-js@1.1.3", + "author": "Alexandru Mărășteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.1.3?vcs_url=git%2Bhttps%3A//github.com/alexei/sprintf.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "smart-buffer", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|smart-buffer@4.2.0", + "author": "Josh Glazebrook", + "description": "smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/smart-buffer@4.2.0?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/smart-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/smart-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/smart-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "npm@10.8.0|http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1?vcs_url=git%2Bhttps%3A//github.com/kornelski/http-cache-semantics.git", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-lambda", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|is-lambda@1.0.1", + "author": "Thomas Watson Steen", + "description": "Detect if your code is running on an AWS Lambda server", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-lambda@1.0.1?vcs_url=git%2Bhttps%3A//github.com/watson/is-lambda.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/is-lambda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/is-lambda", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/is-lambda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-lambda" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-fetch", + "version": "3.0.5", + "bom-ref": "npm@10.8.0|minipass-fetch@3.0.5", + "author": "GitHub Inc.", + "description": "An implementation of window.fetch in Node.js using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-fetch@3.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "encoding", + "version": "0.1.13", + "bom-ref": "npm@10.8.0|encoding@0.1.13", + "author": "Andris Reinman", + "description": "Convert encodings, uses iconv-lite", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encoding@0.1.13?vcs_url=git%2Bhttps%3A//github.com/andris9/encoding.git", + "externalReferences": [ + { + "url": "git+https://github.com/andris9/encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andris9/encoding#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andris9/encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/encoding" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|iconv-lite@0.6.3", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.6.3?vcs_url=git%3A//github.com/ashtuchkin/iconv-lite.git", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/iconv-lite" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2?vcs_url=git%2Bhttps%3A//github.com/ChALkeR/safer-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/safer-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-sized", + "version": "1.0.3", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that raises an error if you get a different number of bytes than expected", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-sized@1.0.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-sized.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-sized.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minizlib", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|minizlib@2.1.2", + "author": "Isaac Z. Schlueter", + "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minizlib@2.1.2?vcs_url=git%2Bhttps%3A//github.com/isaacs/minizlib.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minizlib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minizlib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minizlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3?vcs_url=git%2Bhttps%3A//github.com/jshttp/negotiator.git", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/negotiator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "err-code", + "version": "2.0.3", + "bom-ref": "npm@10.8.0|err-code@2.0.3", + "author": "IndigoUnited", + "description": "Create an error with a code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/err-code@2.0.3?vcs_url=git%3A//github.com/IndigoUnited/js-err-code.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/js-err-code.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/err-code" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|retry@0.12.0", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.12.0?vcs_url=git%3A//github.com/tim-kos/node-retry.git", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1?vcs_url=git%3A//github.com/juliangruber/brace-expansion.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2?vcs_url=git%3A//github.com/juliangruber/balanced-match.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/balanced-match" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "npm@10.8.0|ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3?vcs_url=git%2Bhttps%3A//github.com/vercel/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/env-paths.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/env-paths" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "exponential-backoff", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|exponential-backoff@3.1.1", + "author": "Sami Sayegh", + "description": "A utility that allows retrying a function with an exponential delay between attempts.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/exponential-backoff@3.1.1?vcs_url=git%2Bhttps%3A//github.com/coveo/exponential-backoff.git", + "externalReferences": [ + { + "url": "git+https://github.com/coveo/exponential-backoff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/exponential-backoff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "npm@10.8.0|is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1?vcs_url=git%2Bhttps%3A//github.com/inspect-js/is-core-module.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-core-module" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2?vcs_url=git%2Bhttps%3A//github.com/inspect-js/hasOwn.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hasown" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "npm@10.8.0|function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2?vcs_url=git%2Bhttps%3A//github.com/Raynos/function-bind.git", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/function-bind" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-audit-report", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|npm-audit-report@5.0.0", + "author": "GitHub Inc.", + "description": "Given a response from the npm security api, render it into a variety of security reports", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-audit-report@5.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-audit-report.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-audit-report.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-audit-report#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-audit-report/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-audit-report" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-profile", + "version": "10.0.0", + "bom-ref": "npm@10.8.0|npm-profile@10.0.0", + "author": "GitHub Inc.", + "description": "Library for updating an npmjs.com profile", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-profile@10.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-profile.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-profile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-profile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-profile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-profile" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-json-stream", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSONStream, but using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-json-stream@1.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-json-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-json-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonparse", + "version": "1.3.1", + "bom-ref": "npm@10.8.0|jsonparse@1.3.1", + "author": "Tim Caswell", + "description": "This is a pure-js JSON streaming parser for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonparse@1.3.1?vcs_url=git%2Bssh%3A//git%40github.com/creationix/jsonparse.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/creationix/jsonparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/creationix/jsonparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/creationix/jsonparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsonparse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-user-validate", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|npm-user-validate@2.0.1", + "author": "GitHub Inc.", + "description": "User validations for npm", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-user-validate@2.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-user-validate.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-user-validate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-user-validate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-user-validate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-user-validate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aggregate-error", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|aggregate-error@3.1.0", + "author": "Sindre Sorhus", + "description": "Create an error from multiple errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/aggregate-error@3.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/aggregate-error.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/aggregate-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aggregate-error" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "2.2.0", + "bom-ref": "npm@10.8.0|clean-stack@2.2.0", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/clean-stack.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/clean-stack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/indent-string.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/indent-string" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-packlist", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|npm-packlist@8.0.2", + "author": "GitHub Inc.", + "description": "Get a list of the files to add from a folder into an npm package", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-packlist@8.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-packlist.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-packlist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-packlist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-packlist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-packlist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore-walk", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|ignore-walk@6.0.5", + "author": "GitHub Inc.", + "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ignore-walk@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/ignore-walk.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ignore-walk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ignore-walk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ignore-walk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ignore-walk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff-apply", + "version": "5.5.0", + "bom-ref": "npm@10.8.0|just-diff-apply@5.5.0", + "author": "Angus Croll", + "description": "Apply a diff to an object. Optionally supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff-apply@5.5.0?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff-apply" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|just-diff@6.0.2", + "author": "Angus Croll", + "description": "Return an object representing the diffs between two objects. Supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff@6.0.2?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "qrcode-terminal", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|qrcode-terminal@0.12.0", + "description": "QRCodes, in the terminal", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/qrcode-terminal@0.12.0?vcs_url=git%2Bhttps%3A//github.com/gtanner/qrcode-terminal.git", + "externalReferences": [ + { + "url": "git+https://github.com/gtanner/qrcode-terminal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/qrcode-terminal" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/mute-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@4.0.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "npm@10.8.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0?vcs_url=git%2Bhttps%3A//github.com/chalk/supports-color.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chownr", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|chownr@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "like `chown -R`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/chownr@2.0.0?vcs_url=git%3A//github.com/isaacs/chownr.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/chownr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/chownr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/chownr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chownr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "1.0.4", + "bom-ref": "npm@10.8.0|mkdirp@1.0.4", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@1.0.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-mkdirp.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0?vcs_url=git%3A//github.com/substack/text-table.git", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/text-table" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-relative-date", + "version": "1.3.0", + "bom-ref": "npm@10.8.0|tiny-relative-date@1.3.0", + "author": "Joseph Wynn", + "description": "Tiny function that provides relative, human-readable dates.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tiny-relative-date@1.3.0?vcs_url=git%2Bhttps%3A//github.com/wildlyinaccurate/relative-date.git", + "externalReferences": [ + { + "url": "git+https://github.com/wildlyinaccurate/relative-date.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tiny-relative-date" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-version@2.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "http-call", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "author": "Jeff Dickey @jdxcode", + "description": "make http requests", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/http-call@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/heroku/http-call.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heroku/http-call", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heroku/http-call/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-call/-/http-call-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a1c229ac0b6dc8084e243e5f714c18ca0788a76d169e2f265e46e9c2ff5272fd9e97f2dbf6d8c1008caf8a04e31254b6aa5cf4d399df3adfcc1a54828b1b1db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call" + } + ] + }, + { + "type": "library", + "name": "is-retry-allowed", + "version": "1.1.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "author": "Vsevolod Strukchinsky", + "description": "My prime module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-retry-allowed@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/is-retry-allowed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "11a060568b67339444033d0125a61a20d564fb34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/is-retry-allowed" + } + ] + }, + { + "type": "library", + "name": "json-parse-better-errors", + "version": "1.0.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-better-errors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/zkat/json-parse-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/json-parse-better-errors" + } + ] + }, + { + "type": "library", + "name": "tunnel-agent", + "version": "0.6.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "author": "Mikeal Rogers", + "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/tunnel-agent@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/mikeal/tunnel-agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/tunnel-agent" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "sinon@16.1.3|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "sinon@16.1.3|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "2.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b8b6b48fce7d98cae0dac97041874efc092b39f987f97e8b4d598d4d2f42a9ec6e13622f54e448912a492ea78f01b127289efb68c982c2bd4d519e7bd76d1772" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam/node_modules/@sinonjs/commons" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "11.2.2", + "bom-ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@11.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b6a62092c50ee858ec701920321477cf22cc9e2465d8b5cea615b9c503e9115e48849d397c73ff23ba5d92df6f621419c323d1c6a1e596019beebce91971c83" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/@sinonjs/fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "6.2.2", + "bom-ref": "nise@5.1.9|path-to-regexp@6.2.2", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@6.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1905f749232892781bdfafb085da515c4fb77fd57c533c80a2b958bce1b1f3bb9f1877a13539f9942c6b2ad2f2678625ff010a9cd9ebf7c6733b0c03655e6883" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/path-to-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "pretty-format@29.7.0|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-util@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint@8.57.0|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint@8.57.0|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint@8.57.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint@8.57.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@4.33.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68836203119574e975789c958da5a7fd871502ae068bf628df9a871829ea6d6573eb5837f43d21db7bde63f300d2b14519fc4aed3c92836bb00de36ff89815a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@4.33.0#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66885db1b5da76318148ad3fafe77ced7d120662b33aae3f4b99f32ba481809b29168f7f0940c9ee18dacaecdef892bb09940b0ccae8ab2b69ee939c14a4f164" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "7.32.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@7.32.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54767c817f840dfcfef7b8c6720c860b24626bf74f39de9787dc8fbfc065d7e4a8688c03f9afef96b3a6191532398bbb33052173b0b1a9e683654d774b8f84a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.12.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "author": "Sebastian McKenzie", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.12.11#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babeljs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66dd72a1d071d5473289e3cc4a45a753884faa1c2aee11a2da714bd4b780dc4525faad8b431d7a3084a0274fb3edd9e682f3fd42d2257ae11318e88e1f545c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@babel/code-frame" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "0.4.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@0.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27a285173e50098509ab7a5fd268c47022551116f3bfbd4f5080dccee87d264c0613371e77a08ee400cb1c1d6b6dfffea0f06da0f7cc60d3a9183cc200d95b5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "7.3.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@7.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/eslint/espree.git", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf724234213ae2e9a41699a4146ab354ab0e4f4b4dd59afeb9ea8b65fa55d4e6fc7be08480f59af8ec42a061f7b6786298c2886819b89bfbda46927f92b473da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.5.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15a82d285cfbe17ad397bcba1c2cd0a700df5cfd328717bd9472c3d546718ef64871bc91cfccd3145ff260d7d27f3538d78783c19d52aced10bedc9ffb014c42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "1.2.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66740c9cb5787bb843954bf0f07f94f0048bd36492d869fafbd01cdf01862c87bbfa37b601e00ec4f63e8b320f2437c50dbede0e37afd14b3c30ed6215137c84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "7.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@7.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d0ca9d28d7f98d75b4ced4f3ba9079304ab9a0674313fe3082a4d8b06d48c6a11378765061a89b6842e0a710e2b3813570834656882a10cba4b131e6d0561f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/acorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/glob-parent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/argparse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.29.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.29.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.29.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a65195478e6ce5dc8d5a3b633fda0129a9afc61d74e5ecb17fbd07805f85be990214fb6932a98f7b16432749cd89f0eb28abebc2497098fc78c552614817f02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.38.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.38.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.38.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b68cbf95c9f91c656f06a139aa2ec131beb5acb0179d4a8690435d6fca17e50de4f772c31d055a743a7f805628eb46ebe09a459e0f0c142f9463d2a0d11caea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "tsutils@3.21.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "@babel/highlight@7.24.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "@babel/highlight@7.24.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.20.2", + "bom-ref": "globals@13.24.0|type-fest@0.20.2", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35ef9e138af4fe25a7a40c43f39db3dc0f8dd01b7944dfff36327045dd95147126af2c317f9bec66587847a962c65e81fb0cfff1dfa669348090dd452242372d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-levenshtein", + "version": "2.0.6", + "bom-ref": "optionator@0.9.3|fast-levenshtein@2.0.6", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c25eee887e1a9c92ced364a6371f1a77cbaaa9858e522599ab58c0eb29c11148e5d641d32153d220fcf62bcf2c3fba5f63388ca1d0de0cd2d6c2e61a1d83c77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator/node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "eslint-plugin-node@11.1.0|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "36.0.0", + "bom-ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "author": "Sindre Sorhus", + "description": "Various awesome ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@36.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-36.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c71376bd272d1969c35ba68b1259bf2ca23072b9a4ea676211c5b9e54bf992b72b55c20549632612073f870a5e9987d969c299e67a4511118dcf869386ca7500" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp/node_modules/escape-string-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/eslint-parser@7.24.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-limit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.8.1", + "bom-ref": "read-pkg-up@7.0.1|type-fest@0.8.1", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1d6f3233aaf8ed822339af0d64e6b107b4100d2a676e7611b20446a3374d5f13285a00886ca0a372eb2efe20df7721fa45b7063d8aa8bb903fb1c0a850b0d24" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "2.5.0", + "bom-ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.5.0", + "externalReferences": [ + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "2.8.9", + "bom-ref": "read-pkg@5.2.0|hosted-git-info@2.8.9", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.8.9", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9b120301bf4bb26e83a0e27bc47fb9f97e32d4b53fe078b9d0bf42e6c22cc0adc9cd42d2e1bc24d45be374182f611e1bcd3e2db944220b5e451367f91db2ef63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "5.7.2", + "bom-ref": "read-pkg@5.2.0|semver@5.7.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "701ce79d0f4a8c9a94ebb079d91302eb908c6ab2b6eb4d161676e471a8b05aadf1cbfe61685265b21827a63a2f31527e1df7f8f5df06127d1bf3b0b9a43435d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.6.0", + "bom-ref": "read-pkg@5.2.0|type-fest@0.6.0", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abe301f27611d4a0cbae0af81b9c9e99fb69302eff40ba959dd06610476ace6363e5d70538ee0ea3caa5c1913750b4f7f998a6d45f0aab87019e290d86508c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "0.5.0", + "bom-ref": "regjsparser@0.10.0|jsesc@0.5.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "http://mths.be/mit" + } + } + ], + "purl": "pkg:npm/jsesc@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b99cf952707bbb84fd2efc2616a5e28bba594a8b9a44fa2b1ace70868d48a7b54ed30c5a9c5bc12fb1a433a7531e5817fa384102945eb5a5a99c369b39e4dc9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser/node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "body-parser@1.20.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "body-parser@1.20.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "finalhandler@1.2.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "finalhandler@1.2.0|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "send@0.18.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "1.3.1", + "bom-ref": "global-prefix@1.0.2|which@1.3.1", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix/node_modules/which" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "7.8.1", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@7.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://rxjs.dev", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "000dd3563fb40368ae2284245842bfb6a16306ada3fba3cee98d3325cbf32c016110520edc72f4be5b3d8562e77196c001b2b499aafba19e15d3bf48fea3ccc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt/node_modules/rxjs" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "figures@3.2.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.0.33", + "bom-ref": "external-editor@3.1.0|tmp@0.0.33", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.0.33", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor/node_modules/tmp" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "rxjs@6.6.7|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@jest/core@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-config@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "jest-validate@29.7.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "resolve-cwd@3.0.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd/node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "json-colorizer@2.2.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "json-colorizer@2.2.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "json-colorizer@2.2.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "markdown-diff@2.0.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff/node_modules/diff" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.0.0", + "bom-ref": "mocha@10.4.0|diff@5.0.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.0.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd54c2aef9b9674246b72fc158796387e0408b0dc82beda3f3b34632ef0dc1cfdfe3c5a80c00b7f79ba898ef590f5d7b64e05a1e6917d68c8bbe454cfda213df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "8.1.0", + "bom-ref": "mocha@10.4.0|glob@8.1.0", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@8.1.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afc869123890118945d9053475fddd4be9f1c5222b797412d6a461309334439343751dfce82ee36fb1f0c2877c1608ae7b1fa4d0616381fb75f32bf19b95e809" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/glob" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "5.0.1", + "bom-ref": "mocha@10.4.0|minimatch@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cb0f12054728436e5cf7a8cbaaf92a116440f8fa6889fc6fad743ae39249119e302c05ec5e1a98232c44346e5272eeb1e14766fddeb8506384afc96bbdbf4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "4.1.0", + "bom-ref": "mocha@10.4.0|log-symbols@4.1.0", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: `✔︎ Success`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f173efa4003cbb285fb5ebbca48bd0c69259ed2618769522bd9a46cbab05b01b8a458ffbad019abde75e07c68af99932ababa930554bffd016eaf398cdf4722e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/log-symbols" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "16.2.0", + "bom-ref": "mocha@10.4.0|yargs@16.2.0", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@16.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f59afbed0c6d0be5fb7f8c65a42e91b5fa6d1e43139f681bd33442eb6968f6db049550c5b1654bd880961c2a1ea3186224245847e0864f4214784caa5cf2607" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/yargs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "7.0.4", + "bom-ref": "mocha@10.4.0|cliui@7.0.4", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39c444ebc70eb15317a7562fa2797f7f39103b28cb4aeffc6e13c37d0b747b4fc46f6f374ca3f6d05b3632aa0fb2bf52c00e7de6b44203e40ccd873d9c13fe25" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/cliui" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "yargs-unparser@2.0.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser/node_modules/camelcase" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "oclif@4.13.0|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "oclif@4.13.0|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/debug" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "oclif@4.13.0|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/ms" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "8.1.0", + "bom-ref": "oclif@4.13.0|fs-extra@8.1.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca1950800ea69ce25428eb11505b2025d402be42a1733f2d9591b91c141f45e619cb8e8ec0b718f9989ad26b5d1ec3a8f72fe13fe0b130dd1353d431a0eb46e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/fs-extra" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "4.0.0", + "bom-ref": "oclif@4.13.0|jsonfile@4.0.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@4.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ba175477cfc8e395fda29901d2d907b3e6c8ca590cdbbae86e27f14a605459bcf1373ee1dc48c559cdfb0b84654e91f776d286cbe5258405ec394a196ab8dc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/jsonfile" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "0.1.2", + "bom-ref": "oclif@4.13.0|universalify@0.1.2", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@0.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac125e2390970259b2d6957eeb5ed607d27add4e9771acc71c5d9fd9d6c98b1e17ce9505d114b765b8f414620e080bdae4ffddfc604e61a002435c3ed1acd492" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/universalify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.575.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "602b2d55a5b9b40bd7b3ebf82d1f603403be55184839b8e4d7f92709d550e504114debed550b5d25678dac3658a38013a343871b2a860a3e59d3d4d632ff9ed5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.575.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0cad3e09d9d462b247f42453062f954d06a3ef73a8a035adb5f0b1812731d798bb26d567c60869dc7bce11ed4d944abf283ce7a7bb45f34822ef310c996c659" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.575.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d75ed4fa44248b65e829c6107dea6695170dc67eab10b1a538538143c6762530571181db956da47b4ebb6b408b9b1170a7fcc25ae73b2068ddde29f7c78437ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.575.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac474da6a5b68c47399306dffecf57432c0c2d094890c8ee08aea6c3db05d8e5511871959e1fba7a1ff5245c7c2a3f9e539d5cb627d0eca6877bc746728f0761" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.575.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5765a82c1897342738ac8599b7a15470fe13374564d3603d3cf0815a44dfc8ea288aa7eaf96666663451069c25d7ee54b2f011b25aca585d15ce178c4573c92d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-host-header" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.575.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec310ac7d675d4c69ac9eec57e162d0bcae36ccfcf70570c3b637840401fca97205828fec3882c784d8e19d7c01fd3850e815ce98bcba79defd7abdb3e3cd04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-logger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.575.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae2f3d95d445a2ce8a64319a92758f4b65cf3bdaabfa067bfa63daa14f189123355b8b8aaad9d448e37273e3b7085189aea45eb861e146ad25d9295dd1b8f03b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-recursion-detection" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.575.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7d696be117eb50d4b64773e03fe5aca0c60e44082fff8ecba742747dbddd5ced58bdd73335675d45b152517d8c43133fcbd5c57d03cba4b83396e8682f70a37a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.575.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0124ac1358a096bbdcbc1735c88a3606c242abded0e43d733b072953a1ee96fad1a4a783a2ad5e225eb580f7345e3704d37a9a311ee7e87ea8c62bd06d708f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.575.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eb9e89501acd305f176036e762ad1d783a034e6ab1fb59489fdfcfb63dde289d91fe2fb5e820b7a6d04800d6d469805a70da914795908d6801c33520446a5ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.575.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c02e71f95eb0de446547a5fa5d520db003c3606f93cecdd6b61970f982ed8ee3ce0d435921002ab000476a1c677a417202fb1efb5f76f47c28f8268bf811d918" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.575.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8800e89d7c9a5e0c2f0b84f4a91b8358274a227cfcd865f67327b3abfa2a5652fc6cf63b1c3f23c1966bbae25dab9b646898b51216cee3e7f592c66a3a264abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.575.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "930cef05f0342e820b0ce152e8157cb8e924b011eb62e94fea43577a00797999c348d89ae436c1b17ab143f1e49cd1796b8dbd496430d9a690244810bd907554" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.575.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "613829ab7aef6015f35ba3930c1d34704efd7af42db2cfe5cf61a525782aa955c3d26ee2efb84603ccdbe3855ebcffd6c6d0da8925bb4928eebbc542046b20e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.575.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c507d599823ef4aa91be1598f1fc84967a5c5540415208bf1e88e2de853a58bad48eb5fdf24f771deee0283412c877fbca430b5002585b0b15e008d0da3ea78c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.575.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d33a6bfe5552e3607b773ac91bb1bcefb8b2b2e849fa877e44067d40df8537532699639697e773d877cf6362d7e6ae78e1cf64c34558892d1c3717e7050606" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.575.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbfe4d255ecc672b0a825a89490fcef0e10b35cc0b707df192769b2fd35a82dcc1ed1341da9d405174745254decbdb120cb2f8a0298d6bffae9d8ba0956fc086" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.575.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36d5c0f4e3c82aca9abecd85ee184b4ffb766438f026cbd07af8f7d68bf536999335831cece585583a6d386eeba69b1632c93928a99f88bdaa5624099decd734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.575.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41cbd51fbc29be91515c600680205f41e885fe9b43d0d27e1eb73c74361f3c6845799d04a1540160da612e2db9c5eec967e5db6aa08aad444766daf87c010e27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.575.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a5156a40b64b43dd7072e3b7ad1bcd062972bd2e1dec3423172e3712b34352d1f751210252db32b10bca8adb651099d14aa57c6d84d0f914a93b7cd12aad1fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.575.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f3433d0a109232aa9f80f6b7bd2a5736df76d95a032f4a05d1b9f2a0f5c8d595c6af1187f957770981f9a1363d26a1b727d58a465d091a19885cf10e1e4850" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.583.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cedf09ab1573e2da4344e3a943d570137d1aef74dc577780e54c5a2ea169abee5beaa1491c6e6b64576aff5c2859036cf41e20daba9842d5ef1bf2568955e4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.583.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4333189e98f0d6afd758d90e00ca2c6446793f86f4ba7ece8e5b1b950b3d563b8ed885a01f3ac10602040c8032cb68e7e3fe82d4e43d78b9334110f1a1e2b04" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.582.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1f983f7a21073d83575bcaa942cb1bb97c21bb90897da75368379faf1815322dd6e63c25773dd83df6744760426ebf63201b1e405051833cc1dca9b2699d923" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.583.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81372a415e7cbbcc91fce52cf10e3f2cd666cb5eff5cfd56ead2a4774773ce8f689d67acb007faa52110b55f006ebf8f56be0f24035c0a5e4dcade3ae971523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.583.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c553575d70d6bc1548fc0795b52740f5256e9aac6265a11293f269527f463249ad4ca7ed7abd02c1e6a9fb5890f63f1b4403b4bcd8662246dcbdd0754b859553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.583.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642f666f68eae811573d8b14b03dad99872796677ef4f18dc2714d9fc8e4e1a6e76b9263936c0392737cd726e4b66051e6db4df56f2e82692db8ab6f00c20309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.582.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9063942b0e6bc8f90321807af4f8cadd289c54b4db581d3aa2e14dd96d44bea509a644063c0506cd872898ab6dde625a0937ffd647e8687c0044097a28a48ff1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.583.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d2858d83fca9b3a72d8e111e2ffa89f4121affec573fb44f0d0a85299db306459b98b2cea0c59746f97cb8a5010faa827be0c699cbbdb247d55de5d27ac11" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.583.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bfd44bcbf6d05ecd2894fb4ead1b82bf90ebc57cf8e785e4f82525ea8cf33bfaf8cace0a768f1a7527d30c77af73b388d55a89fddf6ccc786823ac2a65ccc12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.583.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d276326881b596708248f8f862d5af3ab0983e83f05069b6b15993b3e71a449feefd50f2dc58348ea063ddfc4518582789415b870d6e13ef5a80f1025f741f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|cli-width@4.1.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@4.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2eb99778fdd9b64b0e469aacba6c6c8d34d7b5aadf51a66c6f78b48eeca720b139d4ed15dfb30fbf6ee9161a8d5a6e006230089cd3af2b72566c3b82169a6c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/cli-width" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "@inquirer/core@8.2.2|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6afb09421c9dfbaf3480a5f21bfb107349d7682eab0643ce7f21d87056fdfa1764a90911f5b767909d003198647b4a1eb0fa883be985149f8874173b9acb7820" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "6.2.0", + "bom-ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afa94f7011b1657948732984bbb227c43321756d0a0f1a4b82814b720b9ab3109a27f48e219c0835ab4af4a63fb5ff99ae5cb038a5345038f70135d405fc495c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.15", + "bom-ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a66b5993c211e31a8fae5994a6365c83f7712363ad317a5911177dae63d41ac4bd7ad6bb80504a1545eac5f2f9132ff48cbf2c266b1b987b120039a5d27b4c3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "3.1.0", + "bom-ref": "decompress-response@6.0.0|mimic-response@3.1.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf4c9623ee050ebaf0792f199ade048f91dd266932d79f8bd9ee96827dfe88ae5f5b36fa4f77e1345ab6f8c79345bd3ae1ce96af837fc2fd03cd04e33731cd19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response/node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "4.0.1", + "bom-ref": "sort-package-json@2.10.0|detect-newline@4.0.1", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a84dd57a0d585f3187421940ea3cde6d9376a957fa357f80ee6eea9610861b7d1d262c6b0108583ac263b270632640929ae38fa42937d35e397ebf055746f3a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/detect-newline" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "13.2.2", + "bom-ref": "sort-package-json@2.10.0|globby@13.2.2", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@13.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635ccd195fa9cd0761ec7dfd97dce00783c9aa344dab276f7580831b81c55cce17baf49a41094473dd48535c802cbf205130e89a00407f3dd725d9944bea28d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/globby" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "4.0.0", + "bom-ref": "sort-package-json@2.10.0|slash@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddd3ac0075d7524413a4e61ca00c4b228acc4e9e20210af9216de255bec0ee5148a74547867ca79bd8b3c7a4ecb1dac87152044809558ed9ced8af1b83e0a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/slash" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "4.1.0", + "bom-ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f822faf32e50d909c84c62301b792251683322a7af9ce127852ca73e7c58e841179428219905c8d1c86c102d1f0cd502093946d9dd54db0344deb5fe6983aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "3.1.0", + "bom-ref": "open@10.1.0|is-wsl@3.1.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51c55f55f68ae127389bb5f77544a81e8a3340604415e0c2fb3568d3ab7df317bc0b31d265905e90d5c7fadbb435a947a25709fd0006a92e3a1de7fb41704833" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open/node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "3.0.0", + "bom-ref": "is-inside-container@1.0.0|is-docker@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a58dc8040e5127b3fec05c5a2c0792bfda708ce0fec540f90673f0d62f2e6b985116bd96b21ab8a4d5df7f4086399c9e1ff58b15bc1900ea42691e7f6b21275" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container/node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "5.2.0", + "bom-ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "4.1.1", + "bom-ref": "prompt-sync@4.2.0|ansi-regex@4.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b96fe24ff77fabdf4383a83f6006be2ace92d950f7c6442f593d15a423c5adcbd5a6c181bb930c074f3a9bdb1a7702d014d542b97e38cf316462bab565edee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "ts-jest@29.1.4|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "test-exclude@6.0.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "7.0.1", + "bom-ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@7.0.1", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "055c156cf251b29ccd876c9fb25c93d4f49b979b88934dc46656f8f7744a1cde2a7a3fc3d3a9f570486394e246ebda05b04ece4fc5e3a5351c61fea92932cc87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/ts-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arrify", + "version": "1.0.1", + "bom-ref": "ts-mocha@10.0.0|arrify@1.0.1", + "author": "Sindre Sorhus", + "description": "Convert a value to an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arrify@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/arrify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/arrify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/arrify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc26337b1f4cf451908c218c1b28baff7d5cf0625b81bd2a1b2af1e475b13ddd1a0b0878701d988cc6f65dff54ba8a20accae53bd713aa7079ac8e461d94dc50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/arrify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "3.5.0", + "bom-ref": "ts-mocha@10.0.0|diff@3.5.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@3.5.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "038eaab4581dfa0ee90d98a7a67c22449b716c2d61a607f4bb33f7886f3db1c1e4d00502ec0d531b17f93a288e52ffc931947c18eb7c84bf74d215746cecb9c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "0.5.6", + "bom-ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "author": "James Halliday", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "externalReferences": [ + { + "url": "git+https://github.com/substack/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "2.0.0", + "bom-ref": "ts-mocha@10.0.0|yn@2.0.0", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b93bfc27fc225938144e0fbdbcb4e2fff95e525e6f0d04baba28bf7a67936f6b2c63bbe5e9059fd9f15b2081a39e18ef6dd2a553479ded03e063586d4c2f3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/yn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "1.0.2", + "bom-ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "author": "Aseem Kishore", + "description": "JSON for humans.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83531630b062cfc14a8b57b8c3453254bdf0fa225c7960050406819e718a3a935ae5ff132e4b646eb7b5facea8202c9d5809be1d15064e623efffc6fda1bd760" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "3.0.0", + "bom-ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdabc03115ce80154d17a9f210498bdc304ad7d891a437282305beb3043e09b1a2bbb963bbab7e264940d4c1f07a85ad69d82de0849552c5cbc83ab7e1d75cc0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/strip-bom" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.9", + "bom-ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.9", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc17a5b7ab5d73c6cf800b5b72676d349962ad5a139846f97b6802f783e7930116f6323a0801d47a81bce6d8d63f95aabaa7dabe832d330886e0ff76e9928ab9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "3.2.1", + "bom-ref": "colorspace@1.1.4|color@3.2.1", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68197b75923d10d37a7d4182ee65a93133cd1e659448d6a7f6db9637a6a187964b364f5b68b24e9d2325ad090772b7c5833dbf462823515023771dfa55c7a628" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "colorspace@1.1.4|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "colorspace@1.1.4|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "sax", + "version": "1.3.0", + "bom-ref": "xlsx-populate@1.21.0|sax@1.3.0", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2cfa8026c3dccb975575712f41b5937b240774716e5ed101f85b72d610ae9ae0b68b100d8e4e919858363ee976ac04bb73eb0926deed71470f79991b89e7d58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate/node_modules/sax" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "2.3.8", + "bom-ref": "jszip@3.10.1|readable-stream@2.3.8", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.1.2", + "bom-ref": "jszip@3.10.1|safe-buffer@5.1.2", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.1.1", + "bom-ref": "jszip@3.10.1|string_decoder@1.1.1", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/string_decoder" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "2.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@2.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7dda27f9373eb5f48d30f9a909acb647d0c5f43dbe435f7f573b0413b5749d41039a607d374b5b88429e2684e66d017af1ab85623baed84e22c1a36eb7f28f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85a444ca9abbc6433b12b7e0232034cfe063e0018a94c49d9501368ef268ea1b960f511d90a615f86fd3e27ab4604176be04d3f24a8c14aa35b879fde74af849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path/node_modules/path-key" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2?vcs_url=git%2Bhttps%3A//github.com/zeit/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "author": "Isaac Z. Schlueter", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@5.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2?vcs_url=git%3A//github.com/isaacs/node-which.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call/node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "send@0.18.0|debug@2.6.9|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ], + "dependencies": [ + { + "ref": "@mitre/saf@1.4.7", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@aws-sdk/client-securityhub@3.590.0", + "@e965/xlsx@0.20.1", + "@mitre/emass_client@3.10.0", + "@mitre/hdf-converters@2.10.8", + "@mitre/heimdall-lite@2.10.9", + "@mitre/inspec-objects@1.0.1", + "@oclif/core@3.26.9", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-plugins@5.2.2", + "@oclif/plugin-version@2.2.2", + "@oclif/plugin-warn-if-update-available@3.1.4", + "@oclif/test@3.2.15", + "@smithy/node-http-handler@3.0.0", + "@types/chai@4.3.14", + "@types/express@4.17.21", + "@types/flat@5.0.5", + "@types/fs-extra@11.0.4", + "@types/get-installed-path@4.0.3", + "@types/jest@29.5.12", + "@types/js-yaml@4.0.9", + "@types/lodash@4.17.4", + "@types/mocha@10.0.6", + "@types/mock-fs@4.13.4", + "@types/mustache@4.2.5", + "@types/node@20.14.1", + "@types/objects-to-csv@1.3.3", + "@types/prompt-sync@4.2.3", + "@types/tmp@0.2.6", + "@types/uuid@9.0.8", + "@types/xml2js@0.4.14", + "@typescript-eslint/eslint-plugin@7.12.0", + "accurate-search@1.2.15", + "ajv@8.16.0", + "axios@1.7.2", + "chai@4.4.1", + "colors@1.4.0", + "csv-parse@4.16.3", + "dotenv@16.4.5", + "eslint-config-oclif-typescript@1.0.3", + "eslint-config-oclif@4.0.0", + "eslint-plugin-unicorn@52.0.0", + "eslint@8.57.0", + "express@4.19.2", + "fast-xml-parser@4.4.0", + "flat@5.0.2", + "form-data@4.0.0", + "fs-extra@11.2.0", + "get-installed-path@4.0.8", + "htmlparser2@9.1.0", + "https@1.0.0", + "inquirer-file-tree-selection-prompt@2.0.2", + "inquirer@8.0.0", + "inspecjs@2.10.8", + "jest-mock@29.7.0", + "jest@29.7.0", + "js-yaml@4.1.0", + "json-colorizer@2.2.2", + "lodash@4.17.21", + "markdown-diff@2.0.0", + "markdown-table-ts@1.0.3", + "marked@12.0.2", + "mocha@10.4.0", + "mock-fs@5.2.0", + "moment@2.30.1", + "mustache@4.2.0", + "objects-to-csv@1.3.6", + "oclif@4.13.0", + "open@10.1.0", + "prompt-sync@4.2.0", + "run-script-os@1.1.6", + "table@6.8.2", + "tmp@0.2.3", + "ts-jest@29.1.4", + "ts-mocha@10.0.0", + "ts-node@10.9.2", + "tsimportlib@0.0.5", + "tslib@2.6.3", + "typescript@5.1.6", + "uuid@9.0.1", + "winston@3.13.0", + "xlsx-populate@1.21.0", + "xml2js@0.6.2", + "yaml@2.4.3", + "zip-lib@1.0.4" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0", + "dependsOn": [ + "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/util@3.0.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/util@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/util@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/types@3.577.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-utf8-browser@3.259.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-locate-window@3.535.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "tslib@2.6.3" + }, + { + "ref": "@aws-sdk/middleware-host-header@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-logger@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/config-resolver@3.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/core@2.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/fetch-http-handler@3.0.1", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/invalid-dependency@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-content-length@3.0.0", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-endpoint@3.0.1", + "dependsOn": [ + "@smithy/middleware-serde@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-retry@3.0.3", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/service-error-classification@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "tslib@2.6.3", + "uuid@9.0.1" + ] + }, + { + "ref": "@smithy/middleware-serde@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-stack@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-config-provider@3.1.0", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-http-handler@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/protocol-http@4.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/smithy-client@3.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-stack@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/types@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/url-parser@3.0.0", + "dependsOn": [ + "@smithy/querystring-parser@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-base64@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-browser@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-node@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-browser@3.0.3", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-node@3.0.3", + "dependsOn": [ + "@smithy/config-resolver@3.0.1", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-endpoints@2.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-middleware@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-retry@3.0.0", + "dependsOn": [ + "@smithy/service-error-classification@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-utf8@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/signature-v4@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/is-array-buffer@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-hex-encoding@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-uri-escape@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "strnum@1.0.5" + }, + { + "ref": "@smithy/property-provider@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-stream@3.0.1", + "dependsOn": [ + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/credential-provider-imds@3.1.0", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/shared-ini-file-loader@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-config-provider@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "bowser@2.11.0" + }, + { + "ref": "@smithy/querystring-builder@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-buffer-from@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/service-error-classification@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0" + ] + }, + { + "ref": "uuid@9.0.1" + }, + { + "ref": "@smithy/querystring-parser@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@e965/xlsx@0.20.1" + }, + { + "ref": "@mitre/emass_client@3.10.0", + "dependsOn": [ + "@mitre/emass_client@3.10.0|axios@0.21.4" + ] + }, + { + "ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "dependsOn": [ + "follow-redirects@1.15.6" + ] + }, + { + "ref": "follow-redirects@1.15.6" + }, + { + "ref": "@mitre/hdf-converters@2.10.8", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@e965/xlsx@0.20.1", + "@mdi/js@7.4.47", + "@mitre/jsonix@3.0.7", + "@smithy/node-http-handler@3.0.0", + "@types/csv2json@1.4.5", + "@types/ms@0.7.34", + "@types/mustache@4.2.5", + "@types/papaparse@5.3.14", + "@types/revalidator@0.3.12", + "@types/triple-beam@1.3.5", + "@types/validator@13.12.0", + "@types/xml2js@0.4.14", + "axios@1.7.2", + "compare-versions@6.1.0", + "csv2json@2.0.2", + "fast-xml-parser@4.4.0", + "html-entities@2.5.2", + "htmlparser2@9.1.0", + "inspecjs@2.10.8", + "lodash@4.17.21", + "moment@2.30.1", + "ms@2.1.3", + "mustache@4.2.0", + "papaparse@5.4.1", + "revalidator@0.3.1", + "run-script-os@1.1.6", + "semver@7.6.2", + "tailwindcss@3.4.3", + "tw-elements@1.1.0", + "validator@13.12.0", + "winston@3.13.0", + "xml-formatter@3.6.2", + "xml-parser-xo@4.1.1", + "xml2js@0.6.2", + "yaml@2.4.3" + ] + }, + { + "ref": "@mdi/js@7.4.47" + }, + { + "ref": "@mitre/jsonix@3.0.7", + "dependsOn": [ + "@xmldom/xmldom@0.8.10", + "amdefine@0.0.4", + "xmlhttprequest@1.8.0" + ] + }, + { + "ref": "@xmldom/xmldom@0.8.10" + }, + { + "ref": "amdefine@0.0.4" + }, + { + "ref": "xmlhttprequest@1.8.0" + }, + { + "ref": "@types/csv2json@1.4.5", + "dependsOn": [ + "@types/pumpify@1.4.4" + ] + }, + { + "ref": "@types/pumpify@1.4.4", + "dependsOn": [ + "@types/duplexify@3.6.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/duplexify@3.6.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/node@20.14.1", + "dependsOn": [ + "undici-types@5.26.5" + ] + }, + { + "ref": "@types/ms@0.7.34" + }, + { + "ref": "@types/mustache@4.2.5" + }, + { + "ref": "@types/papaparse@5.3.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/revalidator@0.3.12" + }, + { + "ref": "@types/triple-beam@1.3.5" + }, + { + "ref": "@types/validator@13.12.0" + }, + { + "ref": "@types/xml2js@0.4.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "axios@1.7.2", + "dependsOn": [ + "follow-redirects@1.15.6", + "form-data@4.0.0", + "proxy-from-env@1.1.0" + ] + }, + { + "ref": "compare-versions@6.1.0" + }, + { + "ref": "csv2json@2.0.2", + "dependsOn": [ + "csv-parser@2.3.5", + "exec-promise@0.7.0", + "minimist@1.2.8", + "promise-toolbox@0.14.0", + "pump@3.0.0", + "pumpify@2.0.1", + "strip-bom-stream@4.0.0", + "through2@3.0.2" + ] + }, + { + "ref": "csv-parser@2.3.5", + "dependsOn": [ + "minimist@1.2.8", + "through2@3.0.2" + ] + }, + { + "ref": "minimist@1.2.8" + }, + { + "ref": "through2@3.0.2", + "dependsOn": [ + "inherits@2.0.4", + "readable-stream@3.6.2" + ] + }, + { + "ref": "exec-promise@0.7.0", + "dependsOn": [ + "log-symbols@1.0.2" + ] + }, + { + "ref": "log-symbols@1.0.2", + "dependsOn": [ + "log-symbols@1.0.2|chalk@1.1.3" + ] + }, + { + "ref": "log-symbols@1.0.2|chalk@1.1.3", + "dependsOn": [ + "log-symbols@1.0.2|ansi-styles@2.2.1", + "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "has-ansi@2.0.0", + "log-symbols@1.0.2|strip-ansi@3.0.1", + "log-symbols@1.0.2|supports-color@2.0.0" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-styles@2.2.1" + }, + { + "ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "log-symbols@1.0.2|ansi-regex@2.1.1" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-regex@2.1.1" + }, + { + "ref": "log-symbols@1.0.2|supports-color@2.0.0" + }, + { + "ref": "has-ansi@2.0.0", + "dependsOn": [ + "has-ansi@2.0.0|ansi-regex@2.1.1" + ] + }, + { + "ref": "has-ansi@2.0.0|ansi-regex@2.1.1" + }, + { + "ref": "promise-toolbox@0.14.0", + "dependsOn": [ + "make-error@1.3.6" + ] + }, + { + "ref": "make-error@1.3.6" + }, + { + "ref": "pump@3.0.0", + "dependsOn": [ + "end-of-stream@1.4.4", + "once@1.4.0" + ] + }, + { + "ref": "end-of-stream@1.4.4", + "dependsOn": [ + "once@1.4.0" + ] + }, + { + "ref": "once@1.4.0", + "dependsOn": [ + "wrappy@1.0.2" + ] + }, + { + "ref": "pumpify@2.0.1", + "dependsOn": [ + "duplexify@4.1.3", + "inherits@2.0.4", + "pump@3.0.0" + ] + }, + { + "ref": "duplexify@4.1.3", + "dependsOn": [ + "end-of-stream@1.4.4", + "inherits@2.0.4", + "readable-stream@3.6.2", + "stream-shift@1.0.3" + ] + }, + { + "ref": "inherits@2.0.4" + }, + { + "ref": "readable-stream@3.6.2", + "dependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "stream-shift@1.0.3" + }, + { + "ref": "strip-bom-stream@4.0.0", + "dependsOn": [ + "first-chunk-stream@3.0.0", + "strip-bom-buf@2.0.0" + ] + }, + { + "ref": "first-chunk-stream@3.0.0" + }, + { + "ref": "strip-bom-buf@2.0.0", + "dependsOn": [ + "is-utf8@0.2.1" + ] + }, + { + "ref": "is-utf8@0.2.1" + }, + { + "ref": "fast-xml-parser@4.4.0", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "html-entities@2.5.2" + }, + { + "ref": "htmlparser2@9.1.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "domutils@3.1.0", + "entities@4.5.0" + ] + }, + { + "ref": "inspecjs@2.10.8" + }, + { + "ref": "lodash@4.17.21" + }, + { + "ref": "moment@2.30.1" + }, + { + "ref": "ms@2.1.3" + }, + { + "ref": "mustache@4.2.0" + }, + { + "ref": "papaparse@5.4.1" + }, + { + "ref": "revalidator@0.3.1" + }, + { + "ref": "run-script-os@1.1.6" + }, + { + "ref": "semver@7.6.2" + }, + { + "ref": "tailwindcss@3.4.3", + "dependsOn": [ + "@alloc/quick-lru@5.2.0", + "arg@5.0.2", + "chokidar@3.5.3", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "postcss-import@15.1.0", + "postcss-js@4.0.1", + "postcss-load-config@4.0.2", + "postcss-nested@6.0.1", + "postcss-selector-parser@6.0.16", + "postcss@8.4.38", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "@alloc/quick-lru@5.2.0" + }, + { + "ref": "arg@5.0.2" + }, + { + "ref": "chokidar@3.5.3", + "dependsOn": [ + "anymatch@3.1.3", + "braces@3.0.2", + "fsevents@2.3.3", + "chokidar@3.5.3|glob-parent@5.1.2", + "is-binary-path@2.1.0", + "is-glob@4.0.3", + "normalize-path@3.0.0", + "readdirp@3.6.0" + ] + }, + { + "ref": "chokidar@3.5.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "didyoumean@1.2.2" + }, + { + "ref": "dlv@1.1.3" + }, + { + "ref": "fast-glob@3.3.2", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "fast-glob@3.3.2|glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.5" + ] + }, + { + "ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "@nodelib/fs.stat@2.0.5" + }, + { + "ref": "@nodelib/fs.walk@1.2.8", + "dependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.17.1" + ] + }, + { + "ref": "is-glob@4.0.3", + "dependsOn": [ + "is-extglob@2.1.1" + ] + }, + { + "ref": "merge2@1.4.1" + }, + { + "ref": "micromatch@4.0.5", + "dependsOn": [ + "braces@3.0.2", + "picomatch@2.3.1" + ] + }, + { + "ref": "glob-parent@6.0.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "jiti@1.21.0" + }, + { + "ref": "lilconfig@2.1.0" + }, + { + "ref": "braces@3.0.2", + "dependsOn": [ + "fill-range@7.0.1" + ] + }, + { + "ref": "picomatch@2.3.1" + }, + { + "ref": "normalize-path@3.0.0" + }, + { + "ref": "object-hash@3.0.0" + }, + { + "ref": "picocolors@1.0.0" + }, + { + "ref": "postcss-import@15.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "postcss-value-parser@4.2.0" + }, + { + "ref": "postcss@8.4.38", + "dependsOn": [ + "nanoid@3.3.7", + "picocolors@1.0.0", + "source-map-js@1.2.0" + ] + }, + { + "ref": "read-cache@1.0.0", + "dependsOn": [ + "pify@2.3.0" + ] + }, + { + "ref": "pify@2.3.0" + }, + { + "ref": "resolve@1.22.8", + "dependsOn": [ + "is-core-module@2.13.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ] + }, + { + "ref": "postcss-js@4.0.1", + "dependsOn": [ + "camelcase-css@2.0.1", + "postcss@8.4.38" + ] + }, + { + "ref": "camelcase-css@2.0.1" + }, + { + "ref": "postcss-load-config@4.0.2", + "dependsOn": [ + "postcss-load-config@4.0.2|lilconfig@3.1.1", + "postcss@8.4.38", + "ts-node@10.9.2", + "yaml@2.4.3" + ] + }, + { + "ref": "postcss-load-config@4.0.2|lilconfig@3.1.1" + }, + { + "ref": "ts-node@10.9.2", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1", + "@tsconfig/node10@1.0.11", + "@tsconfig/node12@1.0.11", + "@tsconfig/node14@1.0.3", + "@tsconfig/node16@1.0.4", + "@types/node@20.14.1", + "acorn-walk@8.3.2", + "acorn@8.11.3", + "ts-node@10.9.2|arg@4.1.3", + "create-require@1.1.1", + "diff@4.0.2", + "make-error@1.3.6", + "typescript@5.1.6", + "v8-compile-cache-lib@3.0.1", + "yn@3.1.1" + ] + }, + { + "ref": "ts-node@10.9.2|arg@4.1.3" + }, + { + "ref": "yaml@2.4.3" + }, + { + "ref": "postcss-nested@6.0.1", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "postcss-selector-parser@6.0.16", + "dependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "cssesc@3.0.0" + }, + { + "ref": "util-deprecate@1.0.2" + }, + { + "ref": "nanoid@3.3.7" + }, + { + "ref": "source-map-js@1.2.0" + }, + { + "ref": "is-core-module@2.13.1", + "dependsOn": [ + "hasown@2.0.2" + ] + }, + { + "ref": "path-parse@1.0.7" + }, + { + "ref": "supports-preserve-symlinks-flag@1.0.0" + }, + { + "ref": "sucrase@3.35.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "sucrase@3.35.0|commander@4.1.1", + "sucrase@3.35.0|glob@10.3.12", + "lines-and-columns@1.2.4", + "mz@2.7.0", + "pirates@4.0.6", + "ts-interface-checker@0.1.13" + ] + }, + { + "ref": "sucrase@3.35.0|commander@4.1.1" + }, + { + "ref": "sucrase@3.35.0|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "sucrase@3.35.0|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "sucrase@3.35.0|minipass@7.0.4" + }, + { + "ref": "@jridgewell/gen-mapping@0.3.5", + "dependsOn": [ + "@jridgewell/set-array@1.2.1", + "@jridgewell/sourcemap-codec@1.4.15", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "@jridgewell/set-array@1.2.1" + }, + { + "ref": "@jridgewell/sourcemap-codec@1.4.15" + }, + { + "ref": "@jridgewell/trace-mapping@0.3.25", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "foreground-child@3.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "foreground-child@3.1.1|signal-exit@4.1.0" + ] + }, + { + "ref": "foreground-child@3.1.1|signal-exit@4.1.0" + }, + { + "ref": "cross-spawn@7.0.3", + "dependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ] + }, + { + "ref": "jackspeak@2.3.6", + "dependsOn": [ + "@isaacs/cliui@8.0.2", + "@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2", + "dependsOn": [ + "string-width@4.2.3", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.5h3h9846p8.g5nk6qdc128", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "wrap-ansi@7.0.0", + "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "eastasianwidth@0.2.0", + "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1" + }, + { + "ref": "string-width@4.2.3", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "emoji-regex@8.0.0" + }, + { + "ref": "is-fullwidth-code-point@3.0.0" + }, + { + "ref": "strip-ansi@6.0.1", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "ansi-regex@5.0.1" + }, + { + "ref": "wrap-ansi@7.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-styles@4.3.0", + "dependsOn": [ + "color-convert@2.0.1" + ] + }, + { + "ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@pkgjs/parseargs@0.11.0" + }, + { + "ref": "minimatch@9.0.4", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "path-scurry@1.10.2", + "dependsOn": [ + "path-scurry@1.10.2|lru-cache@10.2.0", + "path-scurry@1.10.2|minipass@7.0.4" + ] + }, + { + "ref": "path-scurry@1.10.2|lru-cache@10.2.0" + }, + { + "ref": "path-scurry@1.10.2|minipass@7.0.4" + }, + { + "ref": "lines-and-columns@1.2.4" + }, + { + "ref": "mz@2.7.0", + "dependsOn": [ + "any-promise@1.3.0", + "object-assign@4.1.1", + "thenify-all@1.6.0" + ] + }, + { + "ref": "any-promise@1.3.0" + }, + { + "ref": "object-assign@4.1.1" + }, + { + "ref": "thenify-all@1.6.0", + "dependsOn": [ + "thenify@3.3.1" + ] + }, + { + "ref": "thenify@3.3.1", + "dependsOn": [ + "any-promise@1.3.0" + ] + }, + { + "ref": "pirates@4.0.6" + }, + { + "ref": "ts-interface-checker@0.1.13" + }, + { + "ref": "tw-elements@1.1.0", + "dependsOn": [ + "@popperjs/core@2.11.8", + "chart.js@3.9.1", + "chartjs-plugin-datalabels@2.2.0", + "deepmerge@4.3.1", + "detect-autofill@1.1.4", + "perfect-scrollbar@1.5.5", + "tw-elements@1.1.0|tailwindcss@3.3.0" + ] + }, + { + "ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "dependsOn": [ + "arg@5.0.2", + "chokidar@3.5.3", + "color-name@1.1.4", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "tw-elements@1.1.0|postcss-import@14.1.0", + "postcss-js@4.0.1", + "tw-elements@1.1.0|postcss-load-config@3.1.4", + "tw-elements@1.1.0|postcss-nested@6.0.0", + "postcss-selector-parser@6.0.16", + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "quick-lru@5.1.1", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "dependsOn": [ + "lilconfig@2.1.0", + "postcss@8.4.38", + "ts-node@10.9.2", + "tw-elements@1.1.0|yaml@1.10.2" + ] + }, + { + "ref": "tw-elements@1.1.0|yaml@1.10.2" + }, + { + "ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "@popperjs/core@2.11.8" + }, + { + "ref": "chart.js@3.9.1" + }, + { + "ref": "chartjs-plugin-datalabels@2.2.0", + "dependsOn": [ + "chart.js@3.9.1" + ] + }, + { + "ref": "deepmerge@4.3.1" + }, + { + "ref": "detect-autofill@1.1.4", + "dependsOn": [ + "custom-event-polyfill@1.0.7" + ] + }, + { + "ref": "custom-event-polyfill@1.0.7" + }, + { + "ref": "perfect-scrollbar@1.5.5" + }, + { + "ref": "color-name@1.1.4" + }, + { + "ref": "quick-lru@5.1.1" + }, + { + "ref": "validator@13.12.0" + }, + { + "ref": "winston@3.13.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@dabh/diagnostics@2.0.3", + "async@3.2.5", + "is-stream@2.0.1", + "logform@2.6.0", + "one-time@1.0.0", + "readable-stream@3.6.2", + "safe-stable-stringify@2.4.3", + "stack-trace@0.0.10", + "triple-beam@1.4.1", + "winston-transport@4.7.0" + ] + }, + { + "ref": "xml-formatter@3.6.2", + "dependsOn": [ + "xml-parser-xo@4.1.1" + ] + }, + { + "ref": "xml-parser-xo@4.1.1" + }, + { + "ref": "xml2js@0.6.2", + "dependsOn": [ + "sax@1.2.1", + "xmlbuilder@11.0.1" + ] + }, + { + "ref": "@mitre/heimdall-lite@2.10.9", + "dependsOn": [ + "express@4.19.2" + ] + }, + { + "ref": "express@4.19.2", + "dependsOn": [ + "accepts@1.3.8", + "array-flatten@1.1.1", + "body-parser@1.20.2", + "content-disposition@0.5.4", + "content-type@1.0.5", + "cookie-signature@1.0.6", + "cookie@0.6.0", + "express@4.19.2|debug@2.6.9", + "depd@2.0.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "finalhandler@1.2.0", + "fresh@0.5.2", + "http-errors@2.0.0", + "merge-descriptors@1.0.1", + "methods@1.1.2", + "on-finished@2.4.1", + "parseurl@1.3.3", + "path-to-regexp@0.1.7", + "proxy-addr@2.0.7", + "qs@6.11.0", + "range-parser@1.2.1", + "safe-buffer@5.2.1", + "send@0.18.0", + "serve-static@1.15.0", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "type-is@1.6.18", + "utils-merge@1.0.1", + "vary@1.1.2" + ] + }, + { + "ref": "express@4.19.2|debug@2.6.9", + "dependsOn": [ + "express@4.19.2|ms@2.0.0" + ] + }, + { + "ref": "express@4.19.2|ms@2.0.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1", + "dependsOn": [ + "@types/flat@5.0.5", + "@types/he@1.2.3", + "@types/json-diff@0.7.0", + "@types/jstoxml@2.0.4", + "@types/lodash@4.17.4", + "@types/mustache@4.2.5", + "@types/pretty@2.0.3", + "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "flat@5.0.2", + "he@1.2.0", + "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "inspecjs@2.10.8", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json-diff@0.9.1", + "jstoxml@3.2.10", + "lodash@4.17.21", + "mustache@4.2.0", + "pretty@2.0.0", + "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "winston@3.13.0", + "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "@mitre/inspec-objects@1.0.1|entities@3.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "rimraf@3.0.2", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "terminal-link@2.1.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "dependsOn": [ + "@types/node@20.14.1", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "dependsOn": [ + "execa@5.1.1", + "p-limit@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "micromatch@4.0.5", + "parse-json@5.2.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "is-generator-fn@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "p-limit@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/babel__traverse@7.20.5", + "@types/prettier@2.7.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "natural-compare@1.4.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "semver@7.6.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "ansi-regex@5.0.1", + "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "execa@5.1.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "jest-pnp-resolver@1.2.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "leven@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "string-length@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "prompts@2.4.2", + "yargs@17.7.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + }, + { + "ref": "@types/flat@5.0.5" + }, + { + "ref": "@types/he@1.2.3" + }, + { + "ref": "@types/json-diff@0.7.0" + }, + { + "ref": "@types/jstoxml@2.0.4" + }, + { + "ref": "@types/lodash@4.17.4" + }, + { + "ref": "@types/pretty@2.0.3" + }, + { + "ref": "flat@5.0.2" + }, + { + "ref": "he@1.2.0" + }, + { + "ref": "domelementtype@2.3.0" + }, + { + "ref": "chalk@4.1.2", + "dependsOn": [ + "ansi-styles@4.3.0", + "chalk@4.1.2|supports-color@7.2.0" + ] + }, + { + "ref": "chalk@4.1.2|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "slash@3.0.0" + }, + { + "ref": "@bcoe/v8-coverage@0.2.3" + }, + { + "ref": "collect-v8-coverage@1.0.2" + }, + { + "ref": "exit@0.1.2" + }, + { + "ref": "glob@7.2.3", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "glob@7.2.3|minimatch@3.1.2", + "once@1.4.0", + "path-is-absolute@1.0.1" + ] + }, + { + "ref": "glob@7.2.3|minimatch@3.1.2", + "dependsOn": [ + "glob@7.2.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "glob@7.2.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "graceful-fs@4.2.11" + }, + { + "ref": "istanbul-lib-coverage@3.2.2" + }, + { + "ref": "@babel/core@7.24.4", + "dependsOn": [ + "@ampproject/remapping@2.3.0", + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-compilation-targets@7.23.6", + "@babel/helper-module-transforms@7.23.3", + "@babel/helpers@7.24.4", + "@babel/parser@7.24.4", + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "convert-source-map@2.0.0", + "debug@4.3.4", + "gensync@1.0.0-beta.2", + "json5@2.2.3", + "@babel/core@7.24.4|semver@6.3.1" + ] + }, + { + "ref": "@babel/core@7.24.4|semver@6.3.1" + }, + { + "ref": "@babel/parser@7.24.4" + }, + { + "ref": "@istanbuljs/schema@0.1.3" + }, + { + "ref": "istanbul-lib-report@3.0.1", + "dependsOn": [ + "istanbul-lib-coverage@3.2.2", + "make-dir@4.0.0", + "istanbul-lib-report@3.0.1|supports-color@7.2.0" + ] + }, + { + "ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "istanbul-lib-source-maps@4.0.1", + "dependsOn": [ + "debug@4.3.4", + "istanbul-lib-coverage@3.2.2", + "source-map@0.6.1" + ] + }, + { + "ref": "istanbul-reports@3.1.7", + "dependsOn": [ + "html-escaper@2.0.2", + "istanbul-lib-report@3.0.1" + ] + }, + { + "ref": "merge-stream@2.0.0" + }, + { + "ref": "supports-color@8.1.1", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "string-length@4.0.2", + "dependsOn": [ + "char-regex@1.0.2", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "terminal-link@2.1.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "supports-hyperlinks@2.3.0" + ] + }, + { + "ref": "ansi-escapes@4.3.2", + "dependsOn": [ + "type-fest@0.21.3" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0", + "dependsOn": [ + "has-flag@4.0.0", + "supports-hyperlinks@2.3.0|supports-color@7.2.0" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "v8-to-istanbul@9.2.0", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "@types/istanbul-lib-coverage@2.0.6", + "convert-source-map@2.0.0" + ] + }, + { + "ref": "@types/istanbul-lib-coverage@2.0.6" + }, + { + "ref": "babel-plugin-istanbul@6.1.1", + "dependsOn": [ + "@babel/helper-plugin-utils@7.24.0", + "@istanbuljs/load-nyc-config@1.1.0", + "@istanbuljs/schema@0.1.3", + "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "test-exclude@6.0.0" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "babel-plugin-istanbul@6.1.1|semver@6.3.1" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1" + }, + { + "ref": "fast-json-stable-stringify@2.1.0" + }, + { + "ref": "write-file-atomic@4.0.2", + "dependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@3.0.7" + ] + }, + { + "ref": "execa@5.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "get-stream@6.0.1", + "human-signals@2.1.0", + "is-stream@2.0.1", + "merge-stream@2.0.0", + "npm-run-path@4.0.1", + "onetime@5.1.2", + "signal-exit@3.0.7", + "strip-final-newline@2.0.0" + ] + }, + { + "ref": "p-limit@3.1.0", + "dependsOn": [ + "yocto-queue@0.1.0" + ] + }, + { + "ref": "co@4.6.0" + }, + { + "ref": "is-generator-fn@2.1.0" + }, + { + "ref": "stack-utils@2.0.6", + "dependsOn": [ + "stack-utils@2.0.6|escape-string-regexp@2.0.0" + ] + }, + { + "ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0" + }, + { + "ref": "parse-json@5.2.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "error-ex@1.3.2", + "json-parse-even-better-errors@2.3.1", + "lines-and-columns@1.2.4" + ] + }, + { + "ref": "strip-json-comments@3.1.1" + }, + { + "ref": "@types/graceful-fs@4.1.9", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "anymatch@3.1.3", + "dependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.1" + ] + }, + { + "ref": "fb-watchman@2.0.2", + "dependsOn": [ + "bser@2.1.1" + ] + }, + { + "ref": "fsevents@2.3.3" + }, + { + "ref": "walker@1.0.8", + "dependsOn": [ + "makeerror@1.0.12" + ] + }, + { + "ref": "@babel/code-frame@7.24.2", + "dependsOn": [ + "@babel/highlight@7.24.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "@types/stack-utils@2.0.3" + }, + { + "ref": "jest-pnp-resolver@1.2.3", + "dependsOn": [ + "jest-resolve@29.7.0" + ] + }, + { + "ref": "detect-newline@3.1.0" + }, + { + "ref": "source-map-support@0.5.13", + "dependsOn": [ + "buffer-from@1.1.2", + "source-map@0.6.1" + ] + }, + { + "ref": "type-detect@4.0.8" + }, + { + "ref": "callsites@3.1.0" + }, + { + "ref": "cjs-module-lexer@1.2.3" + }, + { + "ref": "strip-bom@4.0.0" + }, + { + "ref": "@babel/generator@7.24.4", + "dependsOn": [ + "@babel/types@7.24.0", + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25", + "@babel/generator@7.24.4|jsesc@2.5.2" + ] + }, + { + "ref": "@babel/generator@7.24.4|jsesc@2.5.2" + }, + { + "ref": "@babel/plugin-syntax-typescript@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-function-name@7.23.0", + "@babel/helper-hoist-variables@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "debug@4.3.4", + "@babel/traverse@7.24.1|globals@11.12.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1|globals@11.12.0" + }, + { + "ref": "@babel/types@7.24.0", + "dependsOn": [ + "@babel/helper-string-parser@7.24.1", + "@babel/helper-validator-identifier@7.22.20", + "to-fast-properties@2.0.0" + ] + }, + { + "ref": "@types/babel__traverse@7.20.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/prettier@2.7.3" + }, + { + "ref": "babel-preset-current-node-syntax@1.0.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/plugin-syntax-async-generators@7.8.4", + "@babel/plugin-syntax-bigint@7.8.3", + "@babel/plugin-syntax-class-properties@7.12.13", + "@babel/plugin-syntax-import-meta@7.10.4", + "@babel/plugin-syntax-json-strings@7.8.3", + "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-numeric-separator@7.10.4", + "@babel/plugin-syntax-object-rest-spread@7.8.3", + "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-syntax-top-level-await@7.14.5" + ] + }, + { + "ref": "natural-compare@1.4.0" + }, + { + "ref": "leven@3.1.0" + }, + { + "ref": "react-is@18.2.0" + }, + { + "ref": "rimraf@3.0.2", + "dependsOn": [ + "glob@7.2.3" + ] + }, + { + "ref": "@types/istanbul-reports@3.0.4", + "dependsOn": [ + "@types/istanbul-lib-report@3.0.3" + ] + }, + { + "ref": "@types/yargs@17.0.32", + "dependsOn": [ + "@types/yargs-parser@21.0.3" + ] + }, + { + "ref": "import-local@3.1.0", + "dependsOn": [ + "pkg-dir@4.2.0", + "resolve-cwd@3.0.0" + ] + }, + { + "ref": "prompts@2.4.2", + "dependsOn": [ + "kleur@3.0.3", + "sisteransi@1.0.5" + ] + }, + { + "ref": "kleur@3.0.3" + }, + { + "ref": "sisteransi@1.0.5" + }, + { + "ref": "yargs@17.7.2", + "dependsOn": [ + "cliui@8.0.1", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs@17.7.2|yargs-parser@21.1.1" + ] + }, + { + "ref": "yargs@17.7.2|yargs-parser@21.1.1" + }, + { + "ref": "json-diff@0.9.1", + "dependsOn": [ + "cli-color@2.0.4", + "difflib@0.2.4", + "dreamopt@0.8.0" + ] + }, + { + "ref": "cli-color@2.0.4", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "memoizee@0.4.15", + "timers-ext@0.1.7" + ] + }, + { + "ref": "d@1.0.2", + "dependsOn": [ + "es5-ext@0.10.64", + "type@2.7.2" + ] + }, + { + "ref": "es5-ext@0.10.64", + "dependsOn": [ + "es6-iterator@2.0.3", + "es6-symbol@3.1.4", + "esniff@2.0.1", + "next-tick@1.1.0" + ] + }, + { + "ref": "type@2.7.2" + }, + { + "ref": "es6-iterator@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "es6-symbol@3.1.4", + "dependsOn": [ + "d@1.0.2", + "ext@1.7.0" + ] + }, + { + "ref": "ext@1.7.0", + "dependsOn": [ + "type@2.7.2" + ] + }, + { + "ref": "esniff@2.0.1", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "event-emitter@0.3.5", + "type@2.7.2" + ] + }, + { + "ref": "event-emitter@0.3.5", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64" + ] + }, + { + "ref": "next-tick@1.1.0" + }, + { + "ref": "memoizee@0.4.15", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-weak-map@2.0.3", + "event-emitter@0.3.5", + "is-promise@2.2.2", + "lru-queue@0.1.0", + "next-tick@1.1.0", + "timers-ext@0.1.7" + ] + }, + { + "ref": "es6-weak-map@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "is-promise@2.2.2" + }, + { + "ref": "lru-queue@0.1.0", + "dependsOn": [ + "es5-ext@0.10.64" + ] + }, + { + "ref": "timers-ext@0.1.7", + "dependsOn": [ + "es5-ext@0.10.64", + "next-tick@1.1.0" + ] + }, + { + "ref": "difflib@0.2.4", + "dependsOn": [ + "heap@0.2.7" + ] + }, + { + "ref": "heap@0.2.7" + }, + { + "ref": "dreamopt@0.8.0", + "dependsOn": [ + "wordwrap@1.0.0" + ] + }, + { + "ref": "wordwrap@1.0.0" + }, + { + "ref": "jstoxml@3.2.10" + }, + { + "ref": "pretty@2.0.0", + "dependsOn": [ + "condense-newlines@0.2.1", + "extend-shallow@2.0.1", + "js-beautify@1.15.1" + ] + }, + { + "ref": "condense-newlines@0.2.1", + "dependsOn": [ + "extend-shallow@2.0.1", + "is-whitespace@0.3.0", + "kind-of@3.2.2" + ] + }, + { + "ref": "extend-shallow@2.0.1", + "dependsOn": [ + "is-extendable@0.1.1" + ] + }, + { + "ref": "is-whitespace@0.3.0" + }, + { + "ref": "kind-of@3.2.2", + "dependsOn": [ + "is-buffer@1.1.6" + ] + }, + { + "ref": "is-buffer@1.1.6" + }, + { + "ref": "is-extendable@0.1.1" + }, + { + "ref": "js-beautify@1.15.1", + "dependsOn": [ + "config-chain@1.1.13", + "editorconfig@1.0.4", + "js-beautify@1.15.1|glob@10.3.12", + "js-cookie@3.0.5", + "nopt@7.2.0" + ] + }, + { + "ref": "js-beautify@1.15.1|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "js-beautify@1.15.1|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "js-beautify@1.15.1|minipass@7.0.4" + }, + { + "ref": "config-chain@1.1.13", + "dependsOn": [ + "ini@1.3.8", + "proto-list@1.2.4" + ] + }, + { + "ref": "ini@1.3.8" + }, + { + "ref": "proto-list@1.2.4" + }, + { + "ref": "editorconfig@1.0.4", + "dependsOn": [ + "@one-ini/wasm@0.1.1", + "commander@10.0.1", + "editorconfig@1.0.4|minimatch@9.0.1", + "semver@7.6.2" + ] + }, + { + "ref": "editorconfig@1.0.4|minimatch@9.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "@one-ini/wasm@0.1.1" + }, + { + "ref": "commander@10.0.1" + }, + { + "ref": "brace-expansion@2.0.1", + "dependsOn": [ + "balanced-match@1.0.2" + ] + }, + { + "ref": "js-cookie@3.0.5" + }, + { + "ref": "nopt@7.2.0", + "dependsOn": [ + "abbrev@2.0.0" + ] + }, + { + "ref": "abbrev@2.0.0" + }, + { + "ref": "@types/babel__core@7.20.5", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "@types/babel__generator@7.6.8", + "@types/babel__template@7.4.4", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@babel/template@7.24.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "bs-logger@0.2.6", + "dependsOn": [ + "fast-json-stable-stringify@2.1.0" + ] + }, + { + "ref": "json5@2.2.3" + }, + { + "ref": "lodash.memoize@4.1.2" + }, + { + "ref": "@oclif/core@3.26.9", + "dependsOn": [ + "@types/cli-progress@3.11.5", + "ansi-escapes@4.3.2", + "ansi-styles@4.3.0", + "cardinal@2.1.1", + "chalk@4.1.2", + "clean-stack@3.0.1", + "cli-progress@3.12.0", + "color@4.2.3", + "@oclif/core@3.26.9|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "hyperlinker@1.0.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "@oclif/core@3.26.9|js-yaml@3.14.1", + "minimatch@9.0.4", + "natural-orderby@2.0.3", + "object-treeify@1.1.33", + "password-prompt@1.1.3", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "supports-color@8.1.1", + "supports-hyperlinks@2.3.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/core@3.26.9|debug@4.3.5", + "dependsOn": [ + "@oclif/core@3.26.9|ms@2.1.2" + ] + }, + { + "ref": "@oclif/core@3.26.9|ms@2.1.2" + }, + { + "ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "dependsOn": [ + "@oclif/core@3.26.9|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@oclif/core@3.26.9|argparse@1.0.10", + "dependsOn": [ + "@oclif/core@3.26.9|sprintf-js@1.0.3" + ] + }, + { + "ref": "@oclif/core@3.26.9|sprintf-js@1.0.3" + }, + { + "ref": "@types/cli-progress@3.11.5", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "type-fest@0.21.3" + }, + { + "ref": "color-convert@2.0.1", + "dependsOn": [ + "color-name@1.1.4" + ] + }, + { + "ref": "cardinal@2.1.1", + "dependsOn": [ + "ansicolors@0.3.2", + "redeyed@2.1.1" + ] + }, + { + "ref": "ansicolors@0.3.2" + }, + { + "ref": "redeyed@2.1.1", + "dependsOn": [ + "esprima@4.0.1" + ] + }, + { + "ref": "esprima@4.0.1" + }, + { + "ref": "has-flag@4.0.0" + }, + { + "ref": "clean-stack@3.0.1", + "dependsOn": [ + "escape-string-regexp@4.0.0" + ] + }, + { + "ref": "escape-string-regexp@4.0.0" + }, + { + "ref": "cli-progress@3.12.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "color@4.2.3", + "dependsOn": [ + "color-convert@2.0.1", + "color-string@1.9.1" + ] + }, + { + "ref": "color-string@1.9.1", + "dependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2", + "dependsOn": [ + "simple-swizzle@0.2.2|is-arrayish@0.3.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2" + }, + { + "ref": "ejs@3.1.10", + "dependsOn": [ + "jake@10.8.7" + ] + }, + { + "ref": "jake@10.8.7", + "dependsOn": [ + "async@3.2.5", + "chalk@4.1.2", + "filelist@1.0.4", + "jake@10.8.7|minimatch@3.1.2" + ] + }, + { + "ref": "jake@10.8.7|minimatch@3.1.2", + "dependsOn": [ + "jake@10.8.7|brace-expansion@1.1.11" + ] + }, + { + "ref": "jake@10.8.7|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "async@3.2.5" + }, + { + "ref": "filelist@1.0.4", + "dependsOn": [ + "filelist@1.0.4|minimatch@5.1.6" + ] + }, + { + "ref": "filelist@1.0.4|minimatch@5.1.6", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "balanced-match@1.0.2" + }, + { + "ref": "concat-map@0.0.1" + }, + { + "ref": "get-package-type@0.1.0" + }, + { + "ref": "globby@11.1.0", + "dependsOn": [ + "array-union@2.1.0", + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "slash@3.0.0" + ] + }, + { + "ref": "array-union@2.1.0" + }, + { + "ref": "dir-glob@3.0.1", + "dependsOn": [ + "path-type@4.0.0" + ] + }, + { + "ref": "path-type@4.0.0" + }, + { + "ref": "ignore@5.3.1" + }, + { + "ref": "hyperlinker@1.0.0" + }, + { + "ref": "indent-string@4.0.0" + }, + { + "ref": "is-wsl@2.2.0", + "dependsOn": [ + "is-docker@2.2.1" + ] + }, + { + "ref": "is-docker@2.2.1" + }, + { + "ref": "natural-orderby@2.0.3" + }, + { + "ref": "object-treeify@1.1.33" + }, + { + "ref": "password-prompt@1.1.3", + "dependsOn": [ + "ansi-escapes@4.3.2", + "cross-spawn@7.0.3" + ] + }, + { + "ref": "slice-ansi@4.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "astral-regex@2.0.0", + "is-fullwidth-code-point@3.0.0" + ] + }, + { + "ref": "astral-regex@2.0.0" + }, + { + "ref": "widest-line@3.1.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0", + "dependsOn": [ + "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0" + }, + { + "ref": "ansis@3.2.0" + }, + { + "ref": "cli-spinners@2.9.2" + }, + { + "ref": "cosmiconfig@9.0.0", + "dependsOn": [ + "env-paths@2.2.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "typescript@5.1.6" + ] + }, + { + "ref": "env-paths@2.2.1" + }, + { + "ref": "import-fresh@3.3.0", + "dependsOn": [ + "parent-module@1.0.1", + "resolve-from@4.0.0" + ] + }, + { + "ref": "js-yaml@4.1.0", + "dependsOn": [ + "argparse@2.0.1" + ] + }, + { + "ref": "error-ex@1.3.2", + "dependsOn": [ + "is-arrayish@0.2.1" + ] + }, + { + "ref": "json-parse-even-better-errors@2.3.1" + }, + { + "ref": "typescript@5.1.6" + }, + { + "ref": "debug@4.3.4", + "dependsOn": [ + "debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "debug@4.3.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "npm@10.8.0", + "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "semver@7.6.2", + "validate-npm-package-name@5.0.1", + "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2", + "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "semver@7.6.2", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + }, + { + "ref": "hosted-git-info@7.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2|lru-cache@10.2.2" + ] + }, + { + "ref": "hosted-git-info@7.0.2|lru-cache@10.2.2" + }, + { + "ref": "validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/config@8.3.2", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|abbrev@2.0.0", + "npm@10.8.0|archy@1.0.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|chalk@5.3.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|cli-columns@4.0.0", + "npm@10.8.0|fastest-levenshtein@1.0.16", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|init-package-json@6.0.3", + "npm@10.8.0|is-cidr@5.0.5", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|libnpmaccess@8.0.6", + "npm@10.8.0|libnpmdiff@6.1.2", + "npm@10.8.0|libnpmexec@8.1.1", + "npm@10.8.0|libnpmfund@5.0.10", + "npm@10.8.0|libnpmhook@10.0.5", + "npm@10.8.0|libnpmorg@6.0.6", + "npm@10.8.0|libnpmpack@7.0.2", + "npm@10.8.0|libnpmpublish@9.0.8", + "npm@10.8.0|libnpmsearch@7.0.5", + "npm@10.8.0|libnpmteam@6.0.5", + "npm@10.8.0|libnpmversion@6.0.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|ms@2.1.3", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-audit-report@5.0.0", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-profile@10.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|npm-user-validate@2.0.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|qrcode-terminal@0.12.0", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|spdx-expression-parse@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|supports-color@9.4.0", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|text-table@0.2.0", + "npm@10.8.0|tiny-relative-date@1.3.0", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|validate-npm-package-name@5.0.1", + "npm@10.8.0|which@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0" + }, + { + "ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/query@3.1.0", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|bin-links@4.0.4", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|common-ancestor-path@1.0.1", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|json-stringify-nice@1.1.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|proggy@2.0.0", + "npm@10.8.0|promise-all-reject-late@1.0.1", + "npm@10.8.0|promise-call-limit@3.0.1", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "dependsOn": [ + "npm@10.8.0|npm-bundled@3.0.1", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-bundled@3.0.1", + "dependsOn": [ + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|read-package-json-fast@3.0.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "dependsOn": [ + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|cacache@18.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass-collect@2.0.1", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|unique-filename@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2" + }, + { + "ref": "npm@10.8.0|pacote@18.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-packlist@8.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|proc-log@4.2.0" + }, + { + "ref": "npm@10.8.0|semver@7.6.2" + }, + { + "ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/query@3.1.0", + "dependsOn": [ + "npm@10.8.0|postcss-selector-parser@6.0.16" + ] + }, + { + "ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "dependsOn": [ + "npm@10.8.0|cssesc@3.0.0", + "npm@10.8.0|util-deprecate@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|cssesc@3.0.0" + }, + { + "ref": "npm@10.8.0|util-deprecate@1.0.2" + }, + { + "ref": "npm@10.8.0|@npmcli/redact@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|bin-links@4.0.4", + "dependsOn": [ + "npm@10.8.0|cmd-shim@6.0.3", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|read-cmd-shim@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|cmd-shim@6.0.3" + }, + { + "ref": "npm@10.8.0|read-cmd-shim@4.0.0" + }, + { + "ref": "npm@10.8.0|write-file-atomic@5.0.1", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|common-ancestor-path@1.0.1" + }, + { + "ref": "npm@10.8.0|hosted-git-info@7.0.2", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2" + ] + }, + { + "ref": "npm@10.8.0|json-stringify-nice@1.1.4" + }, + { + "ref": "npm@10.8.0|lru-cache@10.2.2" + }, + { + "ref": "npm@10.8.0|minimatch@9.0.4", + "dependsOn": [ + "npm@10.8.0|brace-expansion@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|nopt@7.2.1", + "dependsOn": [ + "npm@10.8.0|abbrev@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|npm-install-checks@6.3.0", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-package-arg@11.0.2", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "dependsOn": [ + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-json-stream@1.0.1", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|just-diff-apply@5.5.0", + "npm@10.8.0|just-diff@6.0.2" + ] + }, + { + "ref": "npm@10.8.0|proggy@2.0.0" + }, + { + "ref": "npm@10.8.0|promise-all-reject-late@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-call-limit@3.0.1" + }, + { + "ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ssri@10.0.6", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|treeverse@3.0.0" + }, + { + "ref": "npm@10.8.0|walk-up-path@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/config@8.3.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ci-info@4.0.0" + }, + { + "ref": "npm@10.8.0|ini@4.1.2" + }, + { + "ref": "npm@10.8.0|glob@10.3.15", + "dependsOn": [ + "npm@10.8.0|foreground-child@3.1.1", + "npm@10.8.0|jackspeak@2.3.6", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|path-scurry@1.11.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/git@5.0.7", + "dependsOn": [ + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-inflight@1.0.1", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "dependsOn": [ + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|promise-inflight@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-retry@2.0.1", + "dependsOn": [ + "npm@10.8.0|err-code@2.0.3", + "npm@10.8.0|retry@0.12.0" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0", + "dependsOn": [ + "npm@10.8.0|which@4.0.0|isexe@3.1.1" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1" + }, + { + "ref": "npm@10.8.0|normalize-package-data@6.0.1", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|is-core-module@2.13.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0", + "dependsOn": [ + "npm@10.8.0|env-paths@2.2.1", + "npm@10.8.0|exponential-backoff@3.1.1", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0" + }, + { + "ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|tuf-js@2.2.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + }, + { + "ref": "npm@10.8.0|tuf-js@2.2.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/models@2.0.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|make-fetch-happen@13.0.1" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/models@2.0.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0" + }, + { + "ref": "npm@10.8.0|debug@4.3.4", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2" + }, + { + "ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/agent@2.2.2", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|http-cache-semantics@4.1.1", + "npm@10.8.0|is-lambda@1.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|negotiator@0.6.3", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|abbrev@2.0.0" + }, + { + "ref": "npm@10.8.0|archy@1.0.0" + }, + { + "ref": "npm@10.8.0|fs-minipass@3.0.3", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass-collect@2.0.1", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass@7.1.1" + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5", + "dependsOn": [ + "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|yallist@4.0.0" + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "dependsOn": [ + "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|p-map@4.0.0", + "dependsOn": [ + "npm@10.8.0|aggregate-error@3.1.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1", + "dependsOn": [ + "npm@10.8.0|chownr@2.0.0", + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|mkdirp@1.0.4", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "dependsOn": [ + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0" + }, + { + "ref": "npm@10.8.0|unique-filename@3.0.0", + "dependsOn": [ + "npm@10.8.0|unique-slug@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|unique-slug@4.0.0", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4" + ] + }, + { + "ref": "npm@10.8.0|imurmurhash@0.1.4" + }, + { + "ref": "npm@10.8.0|chalk@5.3.0" + }, + { + "ref": "npm@10.8.0|cli-columns@4.0.0", + "dependsOn": [ + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|string-width@4.2.3", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|emoji-regex@8.0.0" + }, + { + "ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0" + }, + { + "ref": "npm@10.8.0|strip-ansi@6.0.1", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|ansi-regex@5.0.1" + }, + { + "ref": "npm@10.8.0|fastest-levenshtein@1.0.16" + }, + { + "ref": "npm@10.8.0|foreground-child@3.1.1", + "dependsOn": [ + "npm@10.8.0|cross-spawn@7.0.3", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3", + "dependsOn": [ + "npm@10.8.0|path-key@3.1.1", + "npm@10.8.0|shebang-command@2.0.0", + "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "dependsOn": [ + "npm@10.8.0|isexe@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|path-key@3.1.1" + }, + { + "ref": "npm@10.8.0|shebang-command@2.0.0", + "dependsOn": [ + "npm@10.8.0|shebang-regex@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|shebang-regex@3.0.0" + }, + { + "ref": "npm@10.8.0|isexe@2.0.0" + }, + { + "ref": "npm@10.8.0|signal-exit@4.1.0" + }, + { + "ref": "npm@10.8.0|jackspeak@2.3.6", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2", + "npm@10.8.0|@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "dependsOn": [ + "BomRef.6h760ft6oi8.7sr4bitkllo", + "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.uih8rvtlbdo.33q7f9m1mj", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "npm@10.8.0|wrap-ansi@7.0.0", + "npm@10.8.0|wrap-ansi@8.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "dependsOn": [ + "npm@10.8.0|color-convert@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|color-convert@2.0.1", + "dependsOn": [ + "npm@10.8.0|color-name@1.1.4" + ] + }, + { + "ref": "npm@10.8.0|color-name@1.1.4" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0", + "dependsOn": [ + "npm@10.8.0|ansi-styles@6.2.1", + "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + }, + { + "ref": "npm@10.8.0|ansi-styles@6.2.1" + }, + { + "ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0" + }, + { + "ref": "npm@10.8.0|path-scurry@1.11.1", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|graceful-fs@4.2.11" + }, + { + "ref": "npm@10.8.0|init-package-json@6.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|promzard@1.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|promzard@1.0.2", + "dependsOn": [ + "npm@10.8.0|read@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|read@3.0.1", + "dependsOn": [ + "npm@10.8.0|mute-stream@1.0.0" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0", + "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-exceptions@2.5.0" + }, + { + "ref": "npm@10.8.0|spdx-license-ids@3.0.17" + }, + { + "ref": "npm@10.8.0|validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0|is-cidr@5.0.5", + "dependsOn": [ + "npm@10.8.0|cidr-regex@4.0.5" + ] + }, + { + "ref": "npm@10.8.0|cidr-regex@4.0.5", + "dependsOn": [ + "npm@10.8.0|ip-regex@5.0.0" + ] + }, + { + "ref": "npm@10.8.0|ip-regex@5.0.0" + }, + { + "ref": "npm@10.8.0|libnpmaccess@8.0.6", + "dependsOn": [ + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmdiff@6.1.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|binary-extensions@2.3.0", + "npm@10.8.0|diff@5.2.0", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|binary-extensions@2.3.0" + }, + { + "ref": "npm@10.8.0|diff@5.2.0" + }, + { + "ref": "npm@10.8.0|libnpmexec@8.1.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmfund@5.0.10", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmhook@10.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|aproba@2.0.0" + }, + { + "ref": "npm@10.8.0|libnpmorg@6.0.6", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmpack@7.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6" + ] + }, + { + "ref": "npm@10.8.0|libnpmpublish@9.0.8", + "dependsOn": [ + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|sigstore@2.3.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|@sigstore/sign@2.3.1", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|@sigstore/verify@1.2.0" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/core@1.1.0" + }, + { + "ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmsearch@7.0.5", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmteam@6.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmversion@6.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|http-proxy-agent@7.0.2", + "npm@10.8.0|https-proxy-agent@7.0.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|socks-proxy-agent@8.0.3" + ] + }, + { + "ref": "npm@10.8.0|agent-base@7.1.1", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|socks@2.8.3" + ] + }, + { + "ref": "npm@10.8.0|socks@2.8.3", + "dependsOn": [ + "npm@10.8.0|ip-address@9.0.5", + "npm@10.8.0|smart-buffer@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|ip-address@9.0.5", + "dependsOn": [ + "npm@10.8.0|jsbn@1.1.0", + "npm@10.8.0|sprintf-js@1.1.3" + ] + }, + { + "ref": "npm@10.8.0|jsbn@1.1.0" + }, + { + "ref": "npm@10.8.0|sprintf-js@1.1.3" + }, + { + "ref": "npm@10.8.0|smart-buffer@4.2.0" + }, + { + "ref": "npm@10.8.0|http-cache-semantics@4.1.1" + }, + { + "ref": "npm@10.8.0|is-lambda@1.0.1" + }, + { + "ref": "npm@10.8.0|minipass-fetch@3.0.5", + "dependsOn": [ + "npm@10.8.0|encoding@0.1.13", + "npm@10.8.0|minipass-sized@1.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|encoding@0.1.13", + "dependsOn": [ + "npm@10.8.0|iconv-lite@0.6.3" + ] + }, + { + "ref": "npm@10.8.0|iconv-lite@0.6.3", + "dependsOn": [ + "npm@10.8.0|safer-buffer@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|safer-buffer@2.1.2" + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3", + "dependsOn": [ + "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2", + "dependsOn": [ + "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|negotiator@0.6.3" + }, + { + "ref": "npm@10.8.0|err-code@2.0.3" + }, + { + "ref": "npm@10.8.0|retry@0.12.0" + }, + { + "ref": "npm@10.8.0|brace-expansion@2.0.1", + "dependsOn": [ + "npm@10.8.0|balanced-match@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|balanced-match@1.0.2" + }, + { + "ref": "npm@10.8.0|ms@2.1.3" + }, + { + "ref": "npm@10.8.0|env-paths@2.2.1" + }, + { + "ref": "npm@10.8.0|exponential-backoff@3.1.1" + }, + { + "ref": "npm@10.8.0|is-core-module@2.13.1", + "dependsOn": [ + "npm@10.8.0|hasown@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|hasown@2.0.2", + "dependsOn": [ + "npm@10.8.0|function-bind@1.1.2" + ] + }, + { + "ref": "npm@10.8.0|function-bind@1.1.2" + }, + { + "ref": "npm@10.8.0|npm-audit-report@5.0.0" + }, + { + "ref": "npm@10.8.0|npm-profile@10.0.0", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "dependsOn": [ + "npm@10.8.0|jsonparse@1.3.1", + "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|jsonparse@1.3.1" + }, + { + "ref": "npm@10.8.0|npm-user-validate@2.0.1" + }, + { + "ref": "npm@10.8.0|aggregate-error@3.1.0", + "dependsOn": [ + "npm@10.8.0|clean-stack@2.2.0", + "npm@10.8.0|indent-string@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|clean-stack@2.2.0" + }, + { + "ref": "npm@10.8.0|indent-string@4.0.0" + }, + { + "ref": "npm@10.8.0|npm-packlist@8.0.2", + "dependsOn": [ + "npm@10.8.0|ignore-walk@6.0.5" + ] + }, + { + "ref": "npm@10.8.0|ignore-walk@6.0.5", + "dependsOn": [ + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|just-diff-apply@5.5.0" + }, + { + "ref": "npm@10.8.0|just-diff@6.0.2" + }, + { + "ref": "npm@10.8.0|qrcode-terminal@0.12.0" + }, + { + "ref": "npm@10.8.0|mute-stream@1.0.0" + }, + { + "ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|supports-color@9.4.0" + }, + { + "ref": "npm@10.8.0|chownr@2.0.0" + }, + { + "ref": "npm@10.8.0|mkdirp@1.0.4" + }, + { + "ref": "npm@10.8.0|text-table@0.2.0" + }, + { + "ref": "npm@10.8.0|tiny-relative-date@1.3.0" + }, + { + "ref": "@oclif/plugin-version@2.2.2", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "ansis@3.2.0" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-version@2.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "lodash@4.17.21" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "dependsOn": [ + "content-type@1.0.5", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "is-stream@2.0.1", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "dependsOn": [ + "error-ex@1.3.2", + "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "content-type@1.0.5" + }, + { + "ref": "is-stream@2.0.1" + }, + { + "ref": "is-arrayish@0.2.1" + }, + { + "ref": "safe-buffer@5.2.1" + }, + { + "ref": "@oclif/test@3.2.15", + "dependsOn": [ + "@oclif/core@3.26.9", + "chai@4.4.1", + "fancy-test@3.0.15" + ] + }, + { + "ref": "chai@4.4.1", + "dependsOn": [ + "assertion-error@1.1.0", + "check-error@1.0.3", + "deep-eql@4.1.3", + "get-func-name@2.0.2", + "loupe@2.3.7", + "pathval@1.1.1", + "type-detect@4.0.8" + ] + }, + { + "ref": "fancy-test@3.0.15", + "dependsOn": [ + "@types/chai@4.3.14", + "@types/lodash@4.17.4", + "@types/node@20.14.1", + "@types/sinon@17.0.3", + "lodash@4.17.21", + "mock-stdin@1.0.0", + "nock@13.5.4", + "sinon@16.1.3", + "stdout-stderr@0.1.13" + ] + }, + { + "ref": "@types/chai@4.3.14" + }, + { + "ref": "@types/sinon@17.0.3", + "dependsOn": [ + "@types/sinonjs__fake-timers@8.1.5" + ] + }, + { + "ref": "@types/sinonjs__fake-timers@8.1.5" + }, + { + "ref": "mock-stdin@1.0.0" + }, + { + "ref": "nock@13.5.4", + "dependsOn": [ + "debug@4.3.4", + "json-stringify-safe@5.0.1", + "propagate@2.0.1" + ] + }, + { + "ref": "json-stringify-safe@5.0.1" + }, + { + "ref": "propagate@2.0.1" + }, + { + "ref": "sinon@16.1.3", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "@sinonjs/fake-timers@10.3.0", + "@sinonjs/samsam@8.0.0", + "sinon@16.1.3|diff@5.2.0", + "nise@5.1.9", + "sinon@16.1.3|supports-color@7.2.0" + ] + }, + { + "ref": "sinon@16.1.3|diff@5.2.0" + }, + { + "ref": "sinon@16.1.3|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "@sinonjs/commons@3.0.1", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/fake-timers@10.3.0", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0", + "dependsOn": [ + "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "lodash.get@4.4.2", + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "lodash.get@4.4.2" + }, + { + "ref": "nise@5.1.9", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "@sinonjs/text-encoding@0.7.2", + "just-extend@6.2.0", + "nise@5.1.9|path-to-regexp@6.2.2" + ] + }, + { + "ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "nise@5.1.9|path-to-regexp@6.2.2" + }, + { + "ref": "@sinonjs/text-encoding@0.7.2" + }, + { + "ref": "just-extend@6.2.0" + }, + { + "ref": "stdout-stderr@0.1.13", + "dependsOn": [ + "debug@4.3.4", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@smithy/abort-controller@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@types/express@4.17.21", + "dependsOn": [ + "@types/body-parser@1.19.5", + "@types/express-serve-static-core@4.19.0", + "@types/qs@6.9.15", + "@types/serve-static@1.15.7" + ] + }, + { + "ref": "@types/body-parser@1.19.5", + "dependsOn": [ + "@types/connect@3.4.38", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/connect@3.4.38", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/express-serve-static-core@4.19.0", + "dependsOn": [ + "@types/node@20.14.1", + "@types/qs@6.9.15", + "@types/range-parser@1.2.7", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/qs@6.9.15" + }, + { + "ref": "@types/range-parser@1.2.7" + }, + { + "ref": "@types/send@0.17.4", + "dependsOn": [ + "@types/mime@1.3.5", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/mime@1.3.5" + }, + { + "ref": "@types/serve-static@1.15.7", + "dependsOn": [ + "@types/http-errors@2.0.4", + "@types/node@20.14.1", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/http-errors@2.0.4" + }, + { + "ref": "@types/fs-extra@11.0.4", + "dependsOn": [ + "@types/jsonfile@6.1.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/jsonfile@6.1.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/get-installed-path@4.0.3" + }, + { + "ref": "@types/jest@29.5.12", + "dependsOn": [ + "expect@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "expect@29.7.0", + "dependsOn": [ + "@jest/expect-utils@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/expect-utils@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3" + ] + }, + { + "ref": "jest-get-type@29.6.3" + }, + { + "ref": "jest-matcher-utils@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-diff@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "diff-sequences@29.6.3", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "diff-sequences@29.6.3" + }, + { + "ref": "pretty-format@29.7.0", + "dependsOn": [ + "@jest/schemas@29.6.3", + "pretty-format@29.7.0|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "pretty-format@29.7.0|ansi-styles@5.2.0" + }, + { + "ref": "jest-message-util@29.7.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@jest/types@29.6.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/types@29.6.3", + "dependsOn": [ + "@jest/schemas@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "jest-util@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-util@29.7.0|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "jest-util@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/schemas@29.6.3", + "dependsOn": [ + "@sinclair/typebox@0.27.8" + ] + }, + { + "ref": "@sinclair/typebox@0.27.8" + }, + { + "ref": "@types/js-yaml@4.0.9" + }, + { + "ref": "@types/mocha@10.0.6" + }, + { + "ref": "@types/mock-fs@4.13.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "undici-types@5.26.5" + }, + { + "ref": "@types/objects-to-csv@1.3.3" + }, + { + "ref": "@types/prompt-sync@4.2.3" + }, + { + "ref": "@types/tmp@0.2.6" + }, + { + "ref": "@types/uuid@9.0.8" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0", + "dependsOn": [ + "@eslint-community/regexpp@4.10.0", + "@typescript-eslint/parser@7.7.1", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/type-utils@7.12.0", + "@typescript-eslint/utils@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "eslint@8.57.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "natural-compare@1.4.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@eslint-community/regexpp@4.10.0" + }, + { + "ref": "@typescript-eslint/parser@7.7.1", + "dependsOn": [ + "@typescript-eslint/scope-manager@7.7.1", + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/typescript-estree@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/scope-manager@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1" + ] + }, + { + "ref": "@typescript-eslint/types@7.7.1" + }, + { + "ref": "@typescript-eslint/visitor-keys@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/typescript-estree@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "ts-api-utils@1.3.0", + "dependsOn": [ + "typescript@5.1.6" + ] + }, + { + "ref": "eslint-visitor-keys@3.4.3" + }, + { + "ref": "eslint@8.57.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@eslint-community/regexpp@4.10.0", + "@eslint/eslintrc@2.1.4", + "@eslint/js@8.57.0", + "@humanwhocodes/config-array@0.11.14", + "@humanwhocodes/module-importer@1.0.1", + "@nodelib/fs.walk@1.2.8", + "@ungap/structured-clone@1.2.0", + "eslint@8.57.0|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "escape-string-regexp@4.0.0", + "eslint-scope@7.2.2", + "eslint-visitor-keys@3.4.3", + "espree@9.6.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "find-up@5.0.0", + "glob-parent@6.0.2", + "globals@13.24.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "is-path-inside@3.0.3", + "js-yaml@4.1.0", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint@8.57.0|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "strip-ansi@6.0.1", + "text-table@0.2.0" + ] + }, + { + "ref": "eslint@8.57.0|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint@8.57.0|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint@8.57.0|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint@8.57.0|minimatch@3.1.2", + "dependsOn": [ + "eslint@8.57.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint@8.57.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "@typescript-eslint/utils@7.12.0", + "debug@4.3.4", + "eslint@8.57.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@eslint-community/eslint-utils@4.4.0", + "dependsOn": [ + "eslint-visitor-keys@3.4.3", + "eslint@8.57.0" + ] + }, + { + "ref": "graphemer@1.4.0" + }, + { + "ref": "accurate-search@1.2.15" + }, + { + "ref": "ajv@8.16.0", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "json-schema-traverse@1.0.0", + "require-from-string@2.0.2", + "uri-js@4.4.1" + ] + }, + { + "ref": "fast-deep-equal@3.1.3" + }, + { + "ref": "json-schema-traverse@1.0.0" + }, + { + "ref": "require-from-string@2.0.2" + }, + { + "ref": "uri-js@4.4.1", + "dependsOn": [ + "punycode@2.3.1" + ] + }, + { + "ref": "punycode@2.3.1" + }, + { + "ref": "form-data@4.0.0", + "dependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "mime-types@2.1.35" + ] + }, + { + "ref": "proxy-from-env@1.1.0" + }, + { + "ref": "assertion-error@1.1.0" + }, + { + "ref": "check-error@1.0.3", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "get-func-name@2.0.2" + }, + { + "ref": "deep-eql@4.1.3", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "loupe@2.3.7", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "pathval@1.1.1" + }, + { + "ref": "colors@1.4.0" + }, + { + "ref": "csv-parse@4.16.3" + }, + { + "ref": "dotenv@16.4.5" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "functional-red-black-tree@1.0.1", + "ignore@5.3.1", + "regexpp@3.2.0", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "enquirer@2.4.1", + "escape-string-regexp@4.0.0", + "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "functional-red-black-tree@1.0.1", + "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "import-fresh@3.3.0", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "progress@2.0.3", + "regexpp@3.2.0", + "semver@7.6.2", + "strip-ansi@6.0.1", + "strip-json-comments@3.1.1", + "table@6.8.2", + "text-table@0.2.0", + "v8-compile-cache@2.4.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "dependsOn": [ + "@babel/highlight@7.24.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "import-fresh@3.3.0", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0", + "dependsOn": [ + "@types/json-schema@7.0.15", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "eslint-utils@3.0.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + }, + { + "ref": "@types/json-schema@7.0.15" + }, + { + "ref": "tsutils@3.21.0", + "dependsOn": [ + "tsutils@3.21.0|tslib@1.14.1", + "typescript@5.1.6" + ] + }, + { + "ref": "tsutils@3.21.0|tslib@1.14.1" + }, + { + "ref": "esrecurse@4.3.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "eslint-utils@3.0.0", + "dependsOn": [ + "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/highlight@7.24.2", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@babel/highlight@7.24.2|chalk@2.4.2", + "js-tokens@4.0.0", + "picocolors@1.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "dependsOn": [ + "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "@babel/highlight@7.24.2|supports-color@5.5.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "dependsOn": [ + "@babel/highlight@7.24.2|color-convert@1.9.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "dependsOn": [ + "@babel/highlight@7.24.2|color-name@1.1.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-name@1.1.3" + }, + { + "ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5" + }, + { + "ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "dependsOn": [ + "@babel/highlight@7.24.2|has-flag@3.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|has-flag@3.0.0" + }, + { + "ref": "globals@13.24.0", + "dependsOn": [ + "globals@13.24.0|type-fest@0.20.2" + ] + }, + { + "ref": "globals@13.24.0|type-fest@0.20.2" + }, + { + "ref": "doctrine@3.0.0", + "dependsOn": [ + "esutils@2.0.3" + ] + }, + { + "ref": "enquirer@2.4.1", + "dependsOn": [ + "ansi-colors@4.1.1", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-colors@4.1.1" + }, + { + "ref": "acorn-jsx@5.3.2", + "dependsOn": [ + "acorn@8.11.3" + ] + }, + { + "ref": "esquery@1.5.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "esutils@2.0.3" + }, + { + "ref": "file-entry-cache@6.0.1", + "dependsOn": [ + "flat-cache@3.2.0" + ] + }, + { + "ref": "functional-red-black-tree@1.0.1" + }, + { + "ref": "imurmurhash@0.1.4" + }, + { + "ref": "json-stable-stringify-without-jsonify@1.0.1" + }, + { + "ref": "levn@0.4.1", + "dependsOn": [ + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "lodash.merge@4.6.2" + }, + { + "ref": "optionator@0.9.3", + "dependsOn": [ + "@aashutoshrathi/word-wrap@1.2.6", + "deep-is@0.1.4", + "optionator@0.9.3|fast-levenshtein@2.0.6", + "levn@0.4.1", + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "optionator@0.9.3|fast-levenshtein@2.0.6" + }, + { + "ref": "progress@2.0.3" + }, + { + "ref": "regexpp@3.2.0" + }, + { + "ref": "table@6.8.2", + "dependsOn": [ + "ajv@8.16.0", + "lodash.truncate@4.4.2", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "text-table@0.2.0" + }, + { + "ref": "v8-compile-cache@2.4.0" + }, + { + "ref": "confusing-browser-globals@1.0.10" + }, + { + "ref": "eslint-plugin-mocha@9.0.0", + "dependsOn": [ + "eslint-utils@3.0.0", + "eslint@8.57.0", + "ramda@0.27.2" + ] + }, + { + "ref": "ramda@0.27.2" + }, + { + "ref": "eslint-plugin-node@11.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1", + "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "eslint@8.57.0", + "ignore@5.3.1", + "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "resolve@1.22.8", + "eslint-plugin-node@11.1.0|semver@6.3.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "dependsOn": [ + "eslint-plugin-node@11.1.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|semver@6.3.1" + }, + { + "ref": "eslint-plugin-es@3.0.1", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "eslint@8.57.0", + "regexpp@3.2.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif@4.0.0", + "dependsOn": [ + "eslint-config-xo-space@0.27.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0", + "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "clean-regexp@1.0.0", + "eslint-template-visitor@2.3.2", + "eslint-utils@3.0.0", + "eslint@8.57.0", + "is-builtin-module@3.2.1", + "lodash@4.17.21", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "safe-regex@2.1.1", + "semver@7.6.2" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0" + }, + { + "ref": "eslint-config-xo-space@0.27.0", + "dependsOn": [ + "eslint-config-xo@0.35.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-config-xo@0.35.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint@8.57.0" + ] + }, + { + "ref": "@babel/helper-validator-identifier@7.22.20" + }, + { + "ref": "clean-regexp@1.0.0", + "dependsOn": [ + "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + }, + { + "ref": "eslint-template-visitor@2.3.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/eslint-parser@7.24.1", + "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "esquery@1.5.0", + "multimap@1.1.0" + ] + }, + { + "ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "@babel/eslint-parser@7.24.1|semver@6.3.1" + ] + }, + { + "ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1|semver@6.3.1" + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "dependsOn": [ + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + }, + { + "ref": "multimap@1.1.0" + }, + { + "ref": "is-builtin-module@3.2.1", + "dependsOn": [ + "builtin-modules@3.3.0" + ] + }, + { + "ref": "pluralize@8.0.0" + }, + { + "ref": "read-pkg-up@7.0.1", + "dependsOn": [ + "read-pkg-up@7.0.1|find-up@4.1.0", + "read-pkg@5.2.0", + "read-pkg-up@7.0.1|type-fest@0.8.1" + ] + }, + { + "ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-locate@4.1.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-limit@2.3.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|type-fest@0.8.1" + }, + { + "ref": "regexp-tree@0.1.27" + }, + { + "ref": "safe-regex@2.1.1", + "dependsOn": [ + "regexp-tree@0.1.27" + ] + }, + { + "ref": "eslint-plugin-unicorn@52.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@eslint-community/eslint-utils@4.4.0", + "@eslint/eslintrc@2.1.4", + "ci-info@4.0.0", + "clean-regexp@1.0.0", + "core-js-compat@3.37.0", + "eslint@8.57.0", + "esquery@1.5.0", + "indent-string@4.0.0", + "is-builtin-module@3.2.1", + "jsesc@3.0.2", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "regjsparser@0.10.0", + "semver@7.6.2", + "strip-indent@3.0.0" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "debug@4.3.4", + "espree@9.6.1", + "globals@13.24.0", + "ignore@5.3.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1" + }, + { + "ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "espree@9.6.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "acorn@8.11.3", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "parent-module@1.0.1", + "dependsOn": [ + "callsites@3.1.0" + ] + }, + { + "ref": "resolve-from@4.0.0" + }, + { + "ref": "ci-info@4.0.0" + }, + { + "ref": "core-js-compat@3.37.0", + "dependsOn": [ + "browserslist@4.23.0" + ] + }, + { + "ref": "browserslist@4.23.0", + "dependsOn": [ + "caniuse-lite@1.0.30001612", + "electron-to-chromium@1.4.747", + "node-releases@2.0.14", + "update-browserslist-db@1.0.13" + ] + }, + { + "ref": "caniuse-lite@1.0.30001612" + }, + { + "ref": "electron-to-chromium@1.4.747" + }, + { + "ref": "node-releases@2.0.14" + }, + { + "ref": "update-browserslist-db@1.0.13", + "dependsOn": [ + "browserslist@4.23.0", + "escalade@3.1.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "escalade@3.1.2" + }, + { + "ref": "estraverse@5.3.0" + }, + { + "ref": "builtin-modules@3.3.0" + }, + { + "ref": "jsesc@3.0.2" + }, + { + "ref": "p-try@2.2.0" + }, + { + "ref": "path-exists@4.0.0" + }, + { + "ref": "read-pkg@5.2.0", + "dependsOn": [ + "@types/normalize-package-data@2.4.4", + "read-pkg@5.2.0|normalize-package-data@2.5.0", + "parse-json@5.2.0", + "read-pkg@5.2.0|type-fest@0.6.0" + ] + }, + { + "ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "dependsOn": [ + "read-pkg@5.2.0|hosted-git-info@2.8.9", + "resolve@1.22.8", + "read-pkg@5.2.0|semver@5.7.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "read-pkg@5.2.0|hosted-git-info@2.8.9" + }, + { + "ref": "read-pkg@5.2.0|semver@5.7.2" + }, + { + "ref": "read-pkg@5.2.0|type-fest@0.6.0" + }, + { + "ref": "@types/normalize-package-data@2.4.4" + }, + { + "ref": "validate-npm-package-license@3.0.4", + "dependsOn": [ + "spdx-correct@3.2.0", + "spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "regjsparser@0.10.0", + "dependsOn": [ + "regjsparser@0.10.0|jsesc@0.5.0" + ] + }, + { + "ref": "regjsparser@0.10.0|jsesc@0.5.0" + }, + { + "ref": "strip-indent@3.0.0", + "dependsOn": [ + "min-indent@1.0.1" + ] + }, + { + "ref": "min-indent@1.0.1" + }, + { + "ref": "@eslint/js@8.57.0" + }, + { + "ref": "@humanwhocodes/config-array@0.11.14", + "dependsOn": [ + "@humanwhocodes/object-schema@2.0.3", + "debug@4.3.4", + "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "dependsOn": [ + "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@humanwhocodes/object-schema@2.0.3" + }, + { + "ref": "@humanwhocodes/module-importer@1.0.1" + }, + { + "ref": "@nodelib/fs.scandir@2.1.5", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ] + }, + { + "ref": "run-parallel@1.2.0", + "dependsOn": [ + "queue-microtask@1.2.3" + ] + }, + { + "ref": "queue-microtask@1.2.3" + }, + { + "ref": "fastq@1.17.1", + "dependsOn": [ + "reusify@1.0.4" + ] + }, + { + "ref": "reusify@1.0.4" + }, + { + "ref": "@ungap/structured-clone@1.2.0" + }, + { + "ref": "path-key@3.1.1" + }, + { + "ref": "shebang-command@2.0.0", + "dependsOn": [ + "shebang-regex@3.0.0" + ] + }, + { + "ref": "shebang-regex@3.0.0" + }, + { + "ref": "which@2.0.2", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "isexe@2.0.0" + }, + { + "ref": "eslint-scope@7.2.2", + "dependsOn": [ + "esrecurse@4.3.0", + "estraverse@5.3.0" + ] + }, + { + "ref": "acorn@8.11.3" + }, + { + "ref": "flat-cache@3.2.0", + "dependsOn": [ + "flatted@3.3.1", + "keyv@4.5.4", + "rimraf@3.0.2" + ] + }, + { + "ref": "flatted@3.3.1" + }, + { + "ref": "keyv@4.5.4", + "dependsOn": [ + "json-buffer@3.0.1" + ] + }, + { + "ref": "json-buffer@3.0.1" + }, + { + "ref": "find-up@5.0.0", + "dependsOn": [ + "locate-path@6.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "locate-path@6.0.0", + "dependsOn": [ + "p-locate@5.0.0" + ] + }, + { + "ref": "p-locate@5.0.0", + "dependsOn": [ + "p-limit@3.1.0" + ] + }, + { + "ref": "is-extglob@2.1.1" + }, + { + "ref": "is-path-inside@3.0.3" + }, + { + "ref": "prelude-ls@1.2.1" + }, + { + "ref": "type-check@0.4.0", + "dependsOn": [ + "prelude-ls@1.2.1" + ] + }, + { + "ref": "@aashutoshrathi/word-wrap@1.2.6" + }, + { + "ref": "deep-is@0.1.4" + }, + { + "ref": "accepts@1.3.8", + "dependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ] + }, + { + "ref": "mime-types@2.1.35", + "dependsOn": [ + "mime-db@1.52.0" + ] + }, + { + "ref": "negotiator@0.6.3" + }, + { + "ref": "array-flatten@1.1.1" + }, + { + "ref": "body-parser@1.20.2", + "dependsOn": [ + "bytes@3.1.2", + "content-type@1.0.5", + "body-parser@1.20.2|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "on-finished@2.4.1", + "qs@6.11.0", + "raw-body@2.5.2", + "type-is@1.6.18", + "unpipe@1.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|debug@2.6.9", + "dependsOn": [ + "body-parser@1.20.2|ms@2.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|ms@2.0.0" + }, + { + "ref": "bytes@3.1.2" + }, + { + "ref": "depd@2.0.0" + }, + { + "ref": "destroy@1.2.0" + }, + { + "ref": "http-errors@2.0.0", + "dependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "toidentifier@1.0.1" + ] + }, + { + "ref": "iconv-lite@0.4.24", + "dependsOn": [ + "safer-buffer@2.1.2" + ] + }, + { + "ref": "safer-buffer@2.1.2" + }, + { + "ref": "on-finished@2.4.1", + "dependsOn": [ + "ee-first@1.1.1" + ] + }, + { + "ref": "qs@6.11.0", + "dependsOn": [ + "side-channel@1.0.6" + ] + }, + { + "ref": "raw-body@2.5.2", + "dependsOn": [ + "bytes@3.1.2", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "unpipe@1.0.0" + ] + }, + { + "ref": "unpipe@1.0.0" + }, + { + "ref": "type-is@1.6.18", + "dependsOn": [ + "media-typer@0.3.0", + "mime-types@2.1.35" + ] + }, + { + "ref": "content-disposition@0.5.4", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "cookie-signature@1.0.6" + }, + { + "ref": "cookie@0.6.0" + }, + { + "ref": "encodeurl@1.0.2" + }, + { + "ref": "escape-html@1.0.3" + }, + { + "ref": "etag@1.8.1" + }, + { + "ref": "finalhandler@1.2.0", + "dependsOn": [ + "finalhandler@1.2.0|debug@2.6.9", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "on-finished@2.4.1", + "parseurl@1.3.3", + "statuses@2.0.1", + "unpipe@1.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|debug@2.6.9", + "dependsOn": [ + "finalhandler@1.2.0|ms@2.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|ms@2.0.0" + }, + { + "ref": "parseurl@1.3.3" + }, + { + "ref": "statuses@2.0.1" + }, + { + "ref": "fresh@0.5.2" + }, + { + "ref": "setprototypeof@1.2.0" + }, + { + "ref": "toidentifier@1.0.1" + }, + { + "ref": "merge-descriptors@1.0.1" + }, + { + "ref": "methods@1.1.2" + }, + { + "ref": "ee-first@1.1.1" + }, + { + "ref": "path-to-regexp@0.1.7" + }, + { + "ref": "proxy-addr@2.0.7", + "dependsOn": [ + "forwarded@0.2.0", + "ipaddr.js@1.9.1" + ] + }, + { + "ref": "forwarded@0.2.0" + }, + { + "ref": "ipaddr.js@1.9.1" + }, + { + "ref": "side-channel@1.0.6", + "dependsOn": [ + "call-bind@1.0.7", + "es-errors@1.3.0", + "get-intrinsic@1.2.4", + "object-inspect@1.13.1" + ] + }, + { + "ref": "call-bind@1.0.7", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "set-function-length@1.2.2" + ] + }, + { + "ref": "es-define-property@1.0.0", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "get-intrinsic@1.2.4", + "dependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2", + "has-proto@1.0.3", + "has-symbols@1.0.3", + "hasown@2.0.2" + ] + }, + { + "ref": "es-errors@1.3.0" + }, + { + "ref": "function-bind@1.1.2" + }, + { + "ref": "set-function-length@1.2.2", + "dependsOn": [ + "define-data-property@1.1.4", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "gopd@1.0.1", + "has-property-descriptors@1.0.2" + ] + }, + { + "ref": "define-data-property@1.1.4", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "gopd@1.0.1" + ] + }, + { + "ref": "gopd@1.0.1", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "has-property-descriptors@1.0.2", + "dependsOn": [ + "es-define-property@1.0.0" + ] + }, + { + "ref": "has-proto@1.0.3" + }, + { + "ref": "has-symbols@1.0.3" + }, + { + "ref": "hasown@2.0.2", + "dependsOn": [ + "function-bind@1.1.2" + ] + }, + { + "ref": "object-inspect@1.13.1" + }, + { + "ref": "range-parser@1.2.1" + }, + { + "ref": "send@0.18.0", + "dependsOn": [ + "send@0.18.0|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.0", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.1" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9", + "dependsOn": [ + "send@0.18.0|debug@2.6.9|ms@2.0.0" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9|ms@2.0.0" + }, + { + "ref": "mime@1.6.0" + }, + { + "ref": "serve-static@1.15.0", + "dependsOn": [ + "encodeurl@1.0.2", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.18.0" + ] + }, + { + "ref": "media-typer@0.3.0" + }, + { + "ref": "utils-merge@1.0.1" + }, + { + "ref": "vary@1.1.2" + }, + { + "ref": "asynckit@0.4.0" + }, + { + "ref": "combined-stream@1.0.8", + "dependsOn": [ + "delayed-stream@1.0.0" + ] + }, + { + "ref": "delayed-stream@1.0.0" + }, + { + "ref": "mime-db@1.52.0" + }, + { + "ref": "fs-extra@11.2.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@6.1.0", + "universalify@2.0.1" + ] + }, + { + "ref": "jsonfile@6.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "universalify@2.0.1" + ] + }, + { + "ref": "universalify@2.0.1" + }, + { + "ref": "get-installed-path@4.0.8", + "dependsOn": [ + "global-modules@1.0.0" + ] + }, + { + "ref": "global-modules@1.0.0", + "dependsOn": [ + "global-prefix@1.0.2", + "is-windows@1.0.2", + "resolve-dir@1.0.1" + ] + }, + { + "ref": "global-prefix@1.0.2", + "dependsOn": [ + "expand-tilde@2.0.2", + "homedir-polyfill@1.0.3", + "ini@1.3.8", + "is-windows@1.0.2", + "global-prefix@1.0.2|which@1.3.1" + ] + }, + { + "ref": "global-prefix@1.0.2|which@1.3.1", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "expand-tilde@2.0.2", + "dependsOn": [ + "homedir-polyfill@1.0.3" + ] + }, + { + "ref": "homedir-polyfill@1.0.3", + "dependsOn": [ + "parse-passwd@1.0.0" + ] + }, + { + "ref": "parse-passwd@1.0.0" + }, + { + "ref": "is-windows@1.0.2" + }, + { + "ref": "resolve-dir@1.0.1", + "dependsOn": [ + "expand-tilde@2.0.2", + "global-modules@1.0.0" + ] + }, + { + "ref": "domhandler@5.0.3", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "domutils@3.1.0", + "dependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ] + }, + { + "ref": "dom-serializer@2.0.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ] + }, + { + "ref": "entities@4.5.0" + }, + { + "ref": "https@1.0.0" + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2", + "dependsOn": [ + "chalk@4.1.2", + "cli-cursor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1" + ] + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "cli-cursor@3.1.0", + "dependsOn": [ + "restore-cursor@3.1.0" + ] + }, + { + "ref": "restore-cursor@3.1.0", + "dependsOn": [ + "onetime@5.1.2", + "signal-exit@3.0.7" + ] + }, + { + "ref": "onetime@5.1.2", + "dependsOn": [ + "mimic-fn@2.1.0" + ] + }, + { + "ref": "mimic-fn@2.1.0" + }, + { + "ref": "signal-exit@3.0.7" + }, + { + "ref": "figures@3.2.0", + "dependsOn": [ + "figures@3.2.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "figures@3.2.0|escape-string-regexp@1.0.5" + }, + { + "ref": "inquirer@8.0.0", + "dependsOn": [ + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-cursor@3.1.0", + "cli-width@3.0.0", + "external-editor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "mute-stream@0.0.8", + "run-async@2.4.1", + "rxjs@6.6.7", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "through@2.3.8" + ] + }, + { + "ref": "cli-width@3.0.0" + }, + { + "ref": "external-editor@3.1.0", + "dependsOn": [ + "chardet@0.7.0", + "iconv-lite@0.4.24", + "external-editor@3.1.0|tmp@0.0.33" + ] + }, + { + "ref": "external-editor@3.1.0|tmp@0.0.33", + "dependsOn": [ + "os-tmpdir@1.0.2" + ] + }, + { + "ref": "chardet@0.7.0" + }, + { + "ref": "os-tmpdir@1.0.2" + }, + { + "ref": "mute-stream@0.0.8" + }, + { + "ref": "run-async@2.4.1" + }, + { + "ref": "rxjs@6.6.7", + "dependsOn": [ + "rxjs@6.6.7|tslib@1.14.1" + ] + }, + { + "ref": "rxjs@6.6.7|tslib@1.14.1" + }, + { + "ref": "through@2.3.8" + }, + { + "ref": "jest-mock@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-util@29.7.0" + ] + }, + { + "ref": "@types/istanbul-lib-report@3.0.3", + "dependsOn": [ + "@types/istanbul-lib-coverage@2.0.6" + ] + }, + { + "ref": "@types/yargs-parser@21.0.3" + }, + { + "ref": "jest@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/types@29.6.3", + "import-local@3.1.0", + "jest-cli@29.7.0" + ] + }, + { + "ref": "@jest/core@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/reporters@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@jest/core@29.7.0|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-changed-files@29.7.0", + "jest-config@29.7.0", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve-dependencies@29.7.0", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "jest-watcher@29.7.0", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@jest/core@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/console@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "@jest/reporters@29.7.0", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@jest/console@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "istanbul-lib-instrument@6.0.2", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@jest/test-result@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/types@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@jest/transform@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "convert-source-map@2.0.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "fs.realpath@1.0.0" + }, + { + "ref": "inflight@1.0.6", + "dependsOn": [ + "once@1.4.0", + "wrappy@1.0.2" + ] + }, + { + "ref": "path-is-absolute@1.0.1" + }, + { + "ref": "istanbul-lib-instrument@6.0.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "semver@7.6.2" + ] + }, + { + "ref": "make-dir@4.0.0", + "dependsOn": [ + "semver@7.6.2" + ] + }, + { + "ref": "source-map@0.6.1" + }, + { + "ref": "html-escaper@2.0.2" + }, + { + "ref": "jest-worker@29.7.0", + "dependsOn": [ + "@types/node@20.14.1", + "jest-util@29.7.0", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "char-regex@1.0.2" + }, + { + "ref": "convert-source-map@2.0.0" + }, + { + "ref": "jest-changed-files@29.7.0", + "dependsOn": [ + "execa@5.1.1", + "jest-util@29.7.0", + "p-limit@3.1.0" + ] + }, + { + "ref": "get-stream@6.0.1" + }, + { + "ref": "human-signals@2.1.0" + }, + { + "ref": "npm-run-path@4.0.1", + "dependsOn": [ + "path-key@3.1.1" + ] + }, + { + "ref": "strip-final-newline@2.0.0" + }, + { + "ref": "yocto-queue@0.1.0" + }, + { + "ref": "jest-config@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/test-sequencer@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "babel-jest@29.7.0", + "chalk@4.1.2", + "jest-config@29.7.0|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-circus@29.7.0", + "jest-environment-node@29.7.0", + "jest-get-type@29.6.3", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "micromatch@4.0.5", + "parse-json@5.2.0", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "jest-config@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/test-sequencer@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "jest-haste-map@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "babel-jest@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "babel-preset-jest@29.6.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "jest-circus@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "dedent@1.5.3", + "is-generator-fn@2.1.0", + "jest-each@29.7.0", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "p-limit@3.1.0", + "pretty-format@29.7.0", + "pure-rand@6.1.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/environment@29.7.0", + "dependsOn": [ + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/expect@29.7.0", + "dependsOn": [ + "expect@29.7.0", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "jest-snapshot@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-jsx@7.24.1", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/types@7.24.0", + "@jest/expect-utils@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "expect@29.7.0", + "graceful-fs@4.2.11", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "natural-compare@1.4.0", + "pretty-format@29.7.0", + "semver@7.6.2" + ] + }, + { + "ref": "dedent@1.5.3" + }, + { + "ref": "jest-each@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "jest-util@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-runtime@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/globals@29.7.0", + "@jest/source-map@29.6.3", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "pure-rand@6.1.0" + }, + { + "ref": "jest-environment-node@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/fake-timers@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@sinonjs/fake-timers@10.3.0", + "@types/node@20.14.1", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "jest-regex-util@29.6.3" + }, + { + "ref": "jest-resolve@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-pnp-resolver@1.2.3", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "resolve.exports@2.0.2", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "jest-runner@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/environment@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "emittery@0.13.1", + "graceful-fs@4.2.11", + "jest-docblock@29.7.0", + "jest-environment-node@29.7.0", + "jest-haste-map@29.7.0", + "jest-leak-detector@29.7.0", + "jest-message-util@29.7.0", + "jest-resolve@29.7.0", + "jest-runtime@29.7.0", + "jest-util@29.7.0", + "jest-watcher@29.7.0", + "jest-worker@29.7.0", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "jest-validate@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "jest-validate@29.7.0|camelcase@6.3.0", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "leven@3.1.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-validate@29.7.0|camelcase@6.3.0" + }, + { + "ref": "bser@2.1.1", + "dependsOn": [ + "node-int64@0.4.0" + ] + }, + { + "ref": "node-int64@0.4.0" + }, + { + "ref": "makeerror@1.0.12", + "dependsOn": [ + "tmpl@1.0.5" + ] + }, + { + "ref": "tmpl@1.0.5" + }, + { + "ref": "jest-resolve-dependencies@29.7.0", + "dependsOn": [ + "jest-regex-util@29.6.3", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "resolve.exports@2.0.2" + }, + { + "ref": "emittery@0.13.1" + }, + { + "ref": "jest-docblock@29.7.0", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "jest-leak-detector@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-watcher@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "emittery@0.13.1", + "jest-util@29.7.0", + "string-length@4.0.2" + ] + }, + { + "ref": "@jest/globals@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/types@29.6.3", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/source-map@29.6.3", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@babel/plugin-syntax-jsx@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/helper-plugin-utils@7.24.0" + }, + { + "ref": "@babel/plugin-syntax-async-generators@7.8.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-bigint@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-class-properties@7.12.13", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-import-meta@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-json-strings@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "pkg-dir@4.2.0", + "dependsOn": [ + "pkg-dir@4.2.0|find-up@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|find-up@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-locate@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-limit@2.3.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0", + "dependsOn": [ + "resolve-cwd@3.0.0|resolve-from@5.0.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0|resolve-from@5.0.0" + }, + { + "ref": "jest-cli@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "chalk@4.1.2", + "create-jest@29.7.0", + "exit@0.1.2", + "import-local@3.1.0", + "jest-config@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "yargs@17.7.2" + ] + }, + { + "ref": "create-jest@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-config@29.7.0", + "jest-util@29.7.0", + "prompts@2.4.2" + ] + }, + { + "ref": "cliui@8.0.1", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "get-caller-file@2.0.5" + }, + { + "ref": "require-directory@2.1.1" + }, + { + "ref": "y18n@5.0.8" + }, + { + "ref": "argparse@2.0.1" + }, + { + "ref": "json-colorizer@2.2.2", + "dependsOn": [ + "json-colorizer@2.2.2|chalk@2.4.2", + "lodash.get@4.4.2" + ] + }, + { + "ref": "json-colorizer@2.2.2|chalk@2.4.2", + "dependsOn": [ + "json-colorizer@2.2.2|ansi-styles@3.2.1", + "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "json-colorizer@2.2.2|supports-color@5.5.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "dependsOn": [ + "json-colorizer@2.2.2|color-convert@1.9.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "dependsOn": [ + "json-colorizer@2.2.2|color-name@1.1.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-name@1.1.3" + }, + { + "ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5" + }, + { + "ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "dependsOn": [ + "json-colorizer@2.2.2|has-flag@3.0.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|has-flag@3.0.0" + }, + { + "ref": "markdown-diff@2.0.0", + "dependsOn": [ + "markdown-diff@2.0.0|diff@5.2.0", + "marked@12.0.2" + ] + }, + { + "ref": "markdown-diff@2.0.0|diff@5.2.0" + }, + { + "ref": "marked@12.0.2" + }, + { + "ref": "markdown-table-ts@1.0.3" + }, + { + "ref": "mocha@10.4.0", + "dependsOn": [ + "ansi-colors@4.1.1", + "browser-stdout@1.3.1", + "chokidar@3.5.3", + "debug@4.3.4", + "mocha@10.4.0|diff@5.0.0", + "escape-string-regexp@4.0.0", + "find-up@5.0.0", + "mocha@10.4.0|glob@8.1.0", + "he@1.2.0", + "js-yaml@4.1.0", + "mocha@10.4.0|log-symbols@4.1.0", + "mocha@10.4.0|minimatch@5.0.1", + "ms@2.1.3", + "serialize-javascript@6.0.0", + "strip-json-comments@3.1.1", + "supports-color@8.1.1", + "workerpool@6.2.1", + "yargs-parser@20.2.4", + "yargs-unparser@2.0.0", + "mocha@10.4.0|yargs@16.2.0" + ] + }, + { + "ref": "mocha@10.4.0|diff@5.0.0" + }, + { + "ref": "mocha@10.4.0|glob@8.1.0", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "mocha@10.4.0|minimatch@5.0.1", + "once@1.4.0" + ] + }, + { + "ref": "mocha@10.4.0|minimatch@5.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "mocha@10.4.0|log-symbols@4.1.0", + "dependsOn": [ + "chalk@4.1.2", + "is-unicode-supported@0.1.0" + ] + }, + { + "ref": "mocha@10.4.0|yargs@16.2.0", + "dependsOn": [ + "mocha@10.4.0|cliui@7.0.4", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs-parser@20.2.4" + ] + }, + { + "ref": "mocha@10.4.0|cliui@7.0.4", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "browser-stdout@1.3.1" + }, + { + "ref": "fill-range@7.0.1", + "dependsOn": [ + "to-regex-range@5.0.1" + ] + }, + { + "ref": "to-regex-range@5.0.1", + "dependsOn": [ + "is-number@7.0.0" + ] + }, + { + "ref": "is-number@7.0.0" + }, + { + "ref": "is-binary-path@2.1.0", + "dependsOn": [ + "binary-extensions@2.3.0" + ] + }, + { + "ref": "binary-extensions@2.3.0" + }, + { + "ref": "readdirp@3.6.0", + "dependsOn": [ + "picomatch@2.3.1" + ] + }, + { + "ref": "wrappy@1.0.2" + }, + { + "ref": "is-unicode-supported@0.1.0" + }, + { + "ref": "serialize-javascript@6.0.0", + "dependsOn": [ + "randombytes@2.1.0" + ] + }, + { + "ref": "randombytes@2.1.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "workerpool@6.2.1" + }, + { + "ref": "yargs-parser@20.2.4" + }, + { + "ref": "yargs-unparser@2.0.0", + "dependsOn": [ + "yargs-unparser@2.0.0|camelcase@6.3.0", + "decamelize@4.0.0", + "flat@5.0.2", + "is-plain-obj@2.1.0" + ] + }, + { + "ref": "yargs-unparser@2.0.0|camelcase@6.3.0" + }, + { + "ref": "decamelize@4.0.0" + }, + { + "ref": "is-plain-obj@2.1.0" + }, + { + "ref": "mock-fs@5.2.0" + }, + { + "ref": "objects-to-csv@1.3.6", + "dependsOn": [ + "async-csv@2.1.3" + ] + }, + { + "ref": "async-csv@2.1.3", + "dependsOn": [ + "csv@5.5.3" + ] + }, + { + "ref": "csv@5.5.3", + "dependsOn": [ + "csv-generate@3.4.3", + "csv-parse@4.16.3", + "csv-stringify@5.6.5", + "stream-transform@2.1.3" + ] + }, + { + "ref": "csv-generate@3.4.3" + }, + { + "ref": "csv-stringify@5.6.5" + }, + { + "ref": "stream-transform@2.1.3", + "dependsOn": [ + "mixme@0.5.10" + ] + }, + { + "ref": "mixme@0.5.10" + }, + { + "ref": "oclif@4.13.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0", + "@aws-sdk/client-s3@3.583.0", + "@inquirer/confirm@3.1.9", + "@inquirer/input@2.1.9", + "@inquirer/select@2.3.5", + "oclif@4.13.0|@oclif/core@4.0.1", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-not-found@3.2.1", + "@oclif/plugin-warn-if-update-available@3.1.4", + "async-retry@1.3.3", + "chalk@4.1.2", + "change-case@4.1.2", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "find-yarn-workspace-root@2.0.0", + "oclif@4.13.0|fs-extra@8.1.0", + "github-slugger@2.0.0", + "got@13.0.0", + "lodash@4.17.21", + "normalize-package-data@6.0.1", + "semver@7.6.2", + "sort-package-json@2.10.0", + "tiny-jsonc@1.0.1", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "oclif@4.13.0|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "oclif@4.13.0|debug@4.3.5", + "dependsOn": [ + "oclif@4.13.0|ms@2.1.2" + ] + }, + { + "ref": "oclif@4.13.0|ms@2.1.2" + }, + { + "ref": "oclif@4.13.0|fs-extra@8.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "oclif@4.13.0|jsonfile@4.0.0", + "oclif@4.13.0|universalify@0.1.2" + ] + }, + { + "ref": "oclif@4.13.0|jsonfile@4.0.0", + "dependsOn": [ + "graceful-fs@4.2.11" + ] + }, + { + "ref": "oclif@4.13.0|universalify@0.1.2" + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/xml-builder@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-waiter@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0", + "dependsOn": [ + "@aws-crypto/sha1-browser@3.0.0", + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "@aws-sdk/middleware-expect-continue@3.577.0", + "@aws-sdk/middleware-flexible-checksums@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-location-constraint@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/middleware-signing@3.577.0", + "@aws-sdk/middleware-ssec@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/signature-v4-multi-region@3.582.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/eventstream-serde-browser@3.0.0", + "@smithy/eventstream-serde-config-resolver@3.0.0", + "@smithy/eventstream-serde-node@3.0.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-blob-browser@3.0.0", + "@smithy/hash-node@3.0.0", + "@smithy/hash-stream-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/md5-js@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/region-config-resolver@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-node@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-env@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-process@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/token-providers@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso-oidc@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sts@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/credential-provider-node@3.577.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-http@3.577.0", + "@aws-sdk/credential-provider-ini@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-user-agent@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-endpoints@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-http@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-ini@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-sso@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso@3.577.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-arn-parser@3.568.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@aws-crypto/crc32c@3.0.0", + "@aws-sdk/types@3.577.0", + "@smithy/is-array-buffer@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/crc32c@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-signing@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-ssec@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "dependsOn": [ + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-browser@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-universal@3.0.0", + "dependsOn": [ + "@smithy/eventstream-codec@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-codec@3.0.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-node@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-blob-browser@3.0.0", + "dependsOn": [ + "@smithy/chunked-blob-reader-native@3.0.0", + "@smithy/chunked-blob-reader@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader-native@3.0.0", + "dependsOn": [ + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-stream-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/md5-js@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@inquirer/confirm@3.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/core@8.2.2", + "dependsOn": [ + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "@types/mute-stream@0.0.4", + "@types/node@20.14.1", + "@types/wrap-ansi@3.0.0", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-spinners@2.9.2", + "@inquirer/core@8.2.2|cli-width@4.1.0", + "@inquirer/core@8.2.2|mute-stream@1.0.0", + "@inquirer/core@8.2.2|signal-exit@4.1.0", + "strip-ansi@6.0.1", + "@inquirer/core@8.2.2|wrap-ansi@6.2.0" + ] + }, + { + "ref": "@inquirer/core@8.2.2|cli-width@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|mute-stream@1.0.0" + }, + { + "ref": "@inquirer/core@8.2.2|signal-exit@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@inquirer/figures@1.0.3" + }, + { + "ref": "@inquirer/type@1.3.3" + }, + { + "ref": "@types/mute-stream@0.0.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/wrap-ansi@3.0.0" + }, + { + "ref": "@inquirer/input@2.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/select@2.3.5", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "ansi-escapes@4.3.2", + "chalk@4.1.2" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1", + "dependsOn": [ + "@inquirer/confirm@3.1.9", + "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "ansis@3.2.0", + "fast-levenshtein@3.0.0" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "fast-levenshtein@3.0.0", + "dependsOn": [ + "fastest-levenshtein@1.0.16" + ] + }, + { + "ref": "fastest-levenshtein@1.0.16" + }, + { + "ref": "async-retry@1.3.3", + "dependsOn": [ + "retry@0.13.1" + ] + }, + { + "ref": "retry@0.13.1" + }, + { + "ref": "change-case@4.1.2", + "dependsOn": [ + "camel-case@4.1.2", + "capital-case@1.0.4", + "constant-case@3.0.4", + "dot-case@3.0.4", + "header-case@2.0.4", + "no-case@3.0.4", + "param-case@3.0.4", + "pascal-case@3.1.2", + "path-case@3.0.4", + "sentence-case@3.0.4", + "snake-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "camel-case@4.1.2", + "dependsOn": [ + "pascal-case@3.1.2", + "tslib@2.6.3" + ] + }, + { + "ref": "pascal-case@3.1.2", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "capital-case@1.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "no-case@3.0.4", + "dependsOn": [ + "lower-case@2.0.2", + "tslib@2.6.3" + ] + }, + { + "ref": "upper-case-first@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "constant-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case@2.0.2" + ] + }, + { + "ref": "upper-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "dot-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "header-case@2.0.4", + "dependsOn": [ + "capital-case@1.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "lower-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "param-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "path-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "sentence-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "snake-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "find-yarn-workspace-root@2.0.0", + "dependsOn": [ + "micromatch@4.0.5" + ] + }, + { + "ref": "github-slugger@2.0.0" + }, + { + "ref": "got@13.0.0", + "dependsOn": [ + "@sindresorhus/is@5.6.0", + "@szmarczak/http-timer@5.0.1", + "cacheable-lookup@7.0.0", + "cacheable-request@10.2.14", + "decompress-response@6.0.0", + "form-data-encoder@2.1.4", + "get-stream@6.0.1", + "http2-wrapper@2.2.1", + "lowercase-keys@3.0.0", + "p-cancelable@3.0.0", + "responselike@3.0.0" + ] + }, + { + "ref": "@sindresorhus/is@5.6.0" + }, + { + "ref": "@szmarczak/http-timer@5.0.1", + "dependsOn": [ + "defer-to-connect@2.0.1" + ] + }, + { + "ref": "defer-to-connect@2.0.1" + }, + { + "ref": "cacheable-lookup@7.0.0" + }, + { + "ref": "cacheable-request@10.2.14", + "dependsOn": [ + "@types/http-cache-semantics@4.0.4", + "get-stream@6.0.1", + "http-cache-semantics@4.1.1", + "keyv@4.5.4", + "mimic-response@4.0.0", + "normalize-url@8.0.1", + "responselike@3.0.0" + ] + }, + { + "ref": "@types/http-cache-semantics@4.0.4" + }, + { + "ref": "http-cache-semantics@4.1.1" + }, + { + "ref": "mimic-response@4.0.0" + }, + { + "ref": "normalize-url@8.0.1" + }, + { + "ref": "responselike@3.0.0", + "dependsOn": [ + "lowercase-keys@3.0.0" + ] + }, + { + "ref": "decompress-response@6.0.0", + "dependsOn": [ + "decompress-response@6.0.0|mimic-response@3.1.0" + ] + }, + { + "ref": "decompress-response@6.0.0|mimic-response@3.1.0" + }, + { + "ref": "form-data-encoder@2.1.4" + }, + { + "ref": "http2-wrapper@2.2.1", + "dependsOn": [ + "quick-lru@5.1.1", + "resolve-alpn@1.2.1" + ] + }, + { + "ref": "resolve-alpn@1.2.1" + }, + { + "ref": "lowercase-keys@3.0.0" + }, + { + "ref": "p-cancelable@3.0.0" + }, + { + "ref": "normalize-package-data@6.0.1", + "dependsOn": [ + "hosted-git-info@7.0.2", + "is-core-module@2.13.1", + "semver@7.6.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "spdx-correct@3.2.0", + "dependsOn": [ + "spdx-expression-parse@3.0.1", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-expression-parse@3.0.1", + "dependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-license-ids@3.0.17" + }, + { + "ref": "spdx-exceptions@2.5.0" + }, + { + "ref": "sort-package-json@2.10.0", + "dependsOn": [ + "detect-indent@7.0.1", + "sort-package-json@2.10.0|detect-newline@4.0.1", + "get-stdin@9.0.0", + "git-hooks-list@3.1.0", + "sort-package-json@2.10.0|globby@13.2.2", + "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "semver@7.6.2", + "sort-object-keys@1.1.3" + ] + }, + { + "ref": "sort-package-json@2.10.0|detect-newline@4.0.1" + }, + { + "ref": "sort-package-json@2.10.0|globby@13.2.2", + "dependsOn": [ + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "sort-package-json@2.10.0|slash@4.0.0" + ] + }, + { + "ref": "sort-package-json@2.10.0|slash@4.0.0" + }, + { + "ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0" + }, + { + "ref": "detect-indent@7.0.1" + }, + { + "ref": "get-stdin@9.0.0" + }, + { + "ref": "git-hooks-list@3.1.0" + }, + { + "ref": "sort-object-keys@1.1.3" + }, + { + "ref": "tiny-jsonc@1.0.1" + }, + { + "ref": "open@10.1.0", + "dependsOn": [ + "default-browser@5.2.1", + "define-lazy-prop@3.0.0", + "is-inside-container@1.0.0", + "open@10.1.0|is-wsl@3.1.0" + ] + }, + { + "ref": "open@10.1.0|is-wsl@3.1.0", + "dependsOn": [ + "is-inside-container@1.0.0" + ] + }, + { + "ref": "default-browser@5.2.1", + "dependsOn": [ + "bundle-name@4.1.0", + "default-browser-id@5.0.0" + ] + }, + { + "ref": "bundle-name@4.1.0", + "dependsOn": [ + "run-applescript@7.0.0" + ] + }, + { + "ref": "run-applescript@7.0.0" + }, + { + "ref": "default-browser-id@5.0.0" + }, + { + "ref": "define-lazy-prop@3.0.0" + }, + { + "ref": "is-inside-container@1.0.0", + "dependsOn": [ + "is-inside-container@1.0.0|is-docker@3.0.0" + ] + }, + { + "ref": "is-inside-container@1.0.0|is-docker@3.0.0" + }, + { + "ref": "prompt-sync@4.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|strip-ansi@5.2.0" + ] + }, + { + "ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|ansi-regex@4.1.1" + ] + }, + { + "ref": "prompt-sync@4.2.0|ansi-regex@4.1.1" + }, + { + "ref": "lodash.truncate@4.4.2" + }, + { + "ref": "tmp@0.2.3" + }, + { + "ref": "ts-jest@29.1.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-jest@29.7.0", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "jest-util@29.7.0", + "jest@29.7.0", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "typescript@5.1.6", + "ts-jest@29.1.4|yargs-parser@21.1.1" + ] + }, + { + "ref": "ts-jest@29.1.4|yargs-parser@21.1.1" + }, + { + "ref": "@ampproject/remapping@2.3.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "js-tokens@4.0.0" + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6", + "dependsOn": [ + "@babel/compat-data@7.24.4", + "@babel/helper-validator-option@7.23.5", + "browserslist@4.23.0", + "lru-cache@5.1.1", + "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + ] + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + }, + { + "ref": "@babel/compat-data@7.24.4" + }, + { + "ref": "@babel/helper-validator-option@7.23.5" + }, + { + "ref": "lru-cache@5.1.1", + "dependsOn": [ + "yallist@3.1.1" + ] + }, + { + "ref": "yallist@3.1.1" + }, + { + "ref": "@babel/helper-module-transforms@7.23.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-module-imports@7.24.3", + "@babel/helper-simple-access@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/helper-validator-identifier@7.22.20" + ] + }, + { + "ref": "@babel/helper-environment-visitor@7.22.20" + }, + { + "ref": "@babel/helper-module-imports@7.24.3", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-simple-access@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-split-export-declaration@7.22.6", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helpers@7.24.4", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-function-name@7.23.0", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-hoist-variables@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-string-parser@7.24.1" + }, + { + "ref": "to-fast-properties@2.0.0" + }, + { + "ref": "gensync@1.0.0-beta.2" + }, + { + "ref": "@jridgewell/resolve-uri@3.1.2" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0", + "dependsOn": [ + "camelcase@5.3.1", + "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "get-package-type@0.1.0", + "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + }, + { + "ref": "camelcase@5.3.1" + }, + { + "ref": "test-exclude@6.0.0", + "dependsOn": [ + "@istanbuljs/schema@0.1.3", + "glob@7.2.3", + "test-exclude@6.0.0|minimatch@3.1.2" + ] + }, + { + "ref": "test-exclude@6.0.0|minimatch@3.1.2", + "dependsOn": [ + "test-exclude@6.0.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@types/babel__generator@7.6.8", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/babel__template@7.4.4", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "babel-preset-jest@29.6.3", + "dependsOn": [ + "@babel/core@7.24.4", + "babel-plugin-jest-hoist@29.6.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "babel-plugin-jest-hoist@29.6.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "ts-mocha@10.0.0", + "dependsOn": [ + "mocha@10.4.0", + "ts-mocha@10.0.0|ts-node@7.0.1", + "tsconfig-paths@3.15.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "dependsOn": [ + "ts-mocha@10.0.0|arrify@1.0.1", + "buffer-from@1.1.2", + "ts-mocha@10.0.0|diff@3.5.0", + "make-error@1.3.6", + "minimist@1.2.8", + "ts-mocha@10.0.0|mkdirp@0.5.6", + "source-map-support@0.5.13", + "ts-mocha@10.0.0|yn@2.0.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|arrify@1.0.1" + }, + { + "ref": "ts-mocha@10.0.0|diff@3.5.0" + }, + { + "ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "ts-mocha@10.0.0|yn@2.0.0" + }, + { + "ref": "buffer-from@1.1.2" + }, + { + "ref": "tsconfig-paths@3.15.0", + "dependsOn": [ + "@types/json5@0.0.29", + "tsconfig-paths@3.15.0|json5@1.0.2", + "minimist@1.2.8", + "tsconfig-paths@3.15.0|strip-bom@3.0.0" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0" + }, + { + "ref": "@types/json5@0.0.29" + }, + { + "ref": "@cspotcode/source-map-support@0.8.1", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9" + ] + }, + { + "ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "@tsconfig/node10@1.0.11" + }, + { + "ref": "@tsconfig/node12@1.0.11" + }, + { + "ref": "@tsconfig/node14@1.0.3" + }, + { + "ref": "@tsconfig/node16@1.0.4" + }, + { + "ref": "acorn-walk@8.3.2" + }, + { + "ref": "create-require@1.1.1" + }, + { + "ref": "diff@4.0.2" + }, + { + "ref": "v8-compile-cache-lib@3.0.1" + }, + { + "ref": "yn@3.1.1" + }, + { + "ref": "tsimportlib@0.0.5" + }, + { + "ref": "@colors/colors@1.6.0" + }, + { + "ref": "@dabh/diagnostics@2.0.3", + "dependsOn": [ + "colorspace@1.1.4", + "enabled@2.0.0", + "kuler@2.0.0" + ] + }, + { + "ref": "colorspace@1.1.4", + "dependsOn": [ + "colorspace@1.1.4|color@3.2.1", + "text-hex@1.0.0" + ] + }, + { + "ref": "colorspace@1.1.4|color@3.2.1", + "dependsOn": [ + "colorspace@1.1.4|color-convert@1.9.3", + "color-string@1.9.1" + ] + }, + { + "ref": "colorspace@1.1.4|color-convert@1.9.3", + "dependsOn": [ + "colorspace@1.1.4|color-name@1.1.3" + ] + }, + { + "ref": "colorspace@1.1.4|color-name@1.1.3" + }, + { + "ref": "text-hex@1.0.0" + }, + { + "ref": "enabled@2.0.0" + }, + { + "ref": "kuler@2.0.0" + }, + { + "ref": "logform@2.6.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@types/triple-beam@1.3.5", + "fecha@4.2.3", + "ms@2.1.3", + "safe-stable-stringify@2.4.3", + "triple-beam@1.4.1" + ] + }, + { + "ref": "fecha@4.2.3" + }, + { + "ref": "safe-stable-stringify@2.4.3" + }, + { + "ref": "triple-beam@1.4.1" + }, + { + "ref": "one-time@1.0.0", + "dependsOn": [ + "fn.name@1.1.0" + ] + }, + { + "ref": "fn.name@1.1.0" + }, + { + "ref": "string_decoder@1.3.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "stack-trace@0.0.10" + }, + { + "ref": "winston-transport@4.7.0", + "dependsOn": [ + "logform@2.6.0", + "readable-stream@3.6.2", + "triple-beam@1.4.1" + ] + }, + { + "ref": "xlsx-populate@1.21.0", + "dependsOn": [ + "cfb@1.2.2", + "jszip@3.10.1", + "lodash@4.17.21", + "xlsx-populate@1.21.0|sax@1.3.0" + ] + }, + { + "ref": "xlsx-populate@1.21.0|sax@1.3.0" + }, + { + "ref": "cfb@1.2.2", + "dependsOn": [ + "adler-32@1.3.1", + "crc-32@1.2.2" + ] + }, + { + "ref": "adler-32@1.3.1" + }, + { + "ref": "crc-32@1.2.2" + }, + { + "ref": "jszip@3.10.1", + "dependsOn": [ + "lie@3.3.0", + "pako@1.0.11", + "jszip@3.10.1|readable-stream@2.3.8", + "setimmediate@1.0.5" + ] + }, + { + "ref": "jszip@3.10.1|readable-stream@2.3.8", + "dependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "jszip@3.10.1|safe-buffer@5.1.2", + "jszip@3.10.1|string_decoder@1.1.1", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "jszip@3.10.1|safe-buffer@5.1.2" + }, + { + "ref": "jszip@3.10.1|string_decoder@1.1.1", + "dependsOn": [ + "jszip@3.10.1|safe-buffer@5.1.2" + ] + }, + { + "ref": "lie@3.3.0", + "dependsOn": [ + "immediate@3.0.6" + ] + }, + { + "ref": "immediate@3.0.6" + }, + { + "ref": "pako@1.0.11" + }, + { + "ref": "core-util-is@1.0.3" + }, + { + "ref": "isarray@1.0.0" + }, + { + "ref": "process-nextick-args@2.0.1" + }, + { + "ref": "setimmediate@1.0.5" + }, + { + "ref": "sax@1.2.1" + }, + { + "ref": "xmlbuilder@11.0.1" + }, + { + "ref": "zip-lib@1.0.4", + "dependsOn": [ + "yauzl@3.1.3", + "yazl@2.5.1" + ] + }, + { + "ref": "yauzl@3.1.3", + "dependsOn": [ + "buffer-crc32@0.2.13", + "pend@1.2.0" + ] + }, + { + "ref": "buffer-crc32@0.2.13" + }, + { + "ref": "pend@1.2.0" + }, + { + "ref": "yazl@2.5.1", + "dependsOn": [ + "buffer-crc32@0.2.13" + ] + } + ], "data": { "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", "version": 1, "serialNumber": "urn:uuid:7103f08b-5c5e-4b5b-b2c7-d4be65fa19fe", - "dependencies": [ - { - "ref": "@mitre/saf@1.4.7", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0", - "@aws-sdk/client-securityhub@3.590.0", - "@e965/xlsx@0.20.1", - "@mitre/emass_client@3.10.0", - "@mitre/hdf-converters@2.10.8", - "@mitre/heimdall-lite@2.10.9", - "@mitre/inspec-objects@1.0.1", - "@oclif/core@3.26.9", - "@oclif/plugin-help@6.1.0", - "@oclif/plugin-plugins@5.2.2", - "@oclif/plugin-version@2.2.2", - "@oclif/plugin-warn-if-update-available@3.1.4", - "@oclif/test@3.2.15", - "@smithy/node-http-handler@3.0.0", - "@types/chai@4.3.14", - "@types/express@4.17.21", - "@types/flat@5.0.5", - "@types/fs-extra@11.0.4", - "@types/get-installed-path@4.0.3", - "@types/jest@29.5.12", - "@types/js-yaml@4.0.9", - "@types/lodash@4.17.4", - "@types/mocha@10.0.6", - "@types/mock-fs@4.13.4", - "@types/mustache@4.2.5", - "@types/node@20.14.1", - "@types/objects-to-csv@1.3.3", - "@types/prompt-sync@4.2.3", - "@types/tmp@0.2.6", - "@types/uuid@9.0.8", - "@types/xml2js@0.4.14", - "@typescript-eslint/eslint-plugin@7.12.0", - "accurate-search@1.2.15", - "ajv@8.16.0", - "axios@1.7.2", - "chai@4.4.1", - "colors@1.4.0", - "csv-parse@4.16.3", - "dotenv@16.4.5", - "eslint-config-oclif-typescript@1.0.3", - "eslint-config-oclif@4.0.0", - "eslint-plugin-unicorn@52.0.0", - "eslint@8.57.0", - "express@4.19.2", - "fast-xml-parser@4.4.0", - "flat@5.0.2", - "form-data@4.0.0", - "fs-extra@11.2.0", - "get-installed-path@4.0.8", - "htmlparser2@9.1.0", - "https@1.0.0", - "inquirer-file-tree-selection-prompt@2.0.2", - "inquirer@8.0.0", - "inspecjs@2.10.8", - "jest-mock@29.7.0", - "jest@29.7.0", - "js-yaml@4.1.0", - "json-colorizer@2.2.2", - "lodash@4.17.21", - "markdown-diff@2.0.0", - "markdown-table-ts@1.0.3", - "marked@12.0.2", - "mocha@10.4.0", - "mock-fs@5.2.0", - "moment@2.30.1", - "mustache@4.2.0", - "objects-to-csv@1.3.6", - "oclif@4.13.0", - "open@10.1.0", - "prompt-sync@4.2.0", - "run-script-os@1.1.6", - "table@6.8.2", - "tmp@0.2.3", - "ts-jest@29.1.4", - "ts-mocha@10.0.0", - "ts-node@10.9.2", - "tsimportlib@0.0.5", - "tslib@2.6.3", - "typescript@5.1.6", - "uuid@9.0.1", - "winston@3.13.0", - "xlsx-populate@1.21.0", - "xml2js@0.6.2", - "yaml@2.4.3", - "zip-lib@1.0.4" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", - "dependsOn": [ - "@smithy/core@2.1.1", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "@smithy/util-endpoints@2.0.1", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", - "dependsOn": [ - "strnum@1.0.5" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/node-http-handler@3.0.0", - "@smithy/property-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-stream@3.0.1", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-crypto/sha256-browser@3.0.0", - "dependsOn": [ - "@aws-crypto/ie11-detection@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-crypto/supports-web-crypto@3.0.0", - "@aws-crypto/util@3.0.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-locate-window@3.535.0", - "@aws-sdk/util-utf8-browser@3.259.0", - "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" - ] - }, - { - "ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" - }, - { - "ref": "@aws-crypto/ie11-detection@3.0.0", - "dependsOn": [ - "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" - ] - }, - { - "ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" - }, - { - "ref": "@aws-crypto/sha256-js@3.0.0", - "dependsOn": [ - "@aws-crypto/util@3.0.0", - "@aws-sdk/types@3.577.0", - "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" - ] - }, - { - "ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" - }, - { - "ref": "@aws-crypto/supports-web-crypto@3.0.0", - "dependsOn": [ - "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" - ] - }, - { - "ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" - }, - { - "ref": "@aws-crypto/util@3.0.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-utf8-browser@3.259.0", - "@aws-crypto/util@3.0.0|tslib@1.14.1" - ] - }, - { - "ref": "@aws-crypto/util@3.0.0|tslib@1.14.1" - }, - { - "ref": "@aws-sdk/types@3.577.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/util-utf8-browser@3.259.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/util-locate-window@3.535.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "tslib@2.6.3" - }, - { - "ref": "@aws-sdk/middleware-host-header@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/middleware-logger@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/middleware-recursion-detection@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/util-user-agent-browser@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "bowser@2.11.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/config-resolver@3.0.1", - "dependsOn": [ - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/core@2.1.1", - "dependsOn": [ - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/fetch-http-handler@3.0.1", - "dependsOn": [ - "@smithy/protocol-http@4.0.0", - "@smithy/querystring-builder@3.0.0", - "@smithy/types@3.0.0", - "@smithy/util-base64@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/hash-node@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "@smithy/util-buffer-from@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/invalid-dependency@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/middleware-content-length@3.0.0", - "dependsOn": [ - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/middleware-endpoint@3.0.1", - "dependsOn": [ - "@smithy/middleware-serde@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/middleware-retry@3.0.3", - "dependsOn": [ - "@smithy/node-config-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/service-error-classification@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "tslib@2.6.3", - "uuid@9.0.1" - ] - }, - { - "ref": "@smithy/middleware-serde@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/middleware-stack@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/node-config-provider@3.1.0", - "dependsOn": [ - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/node-http-handler@3.0.0", - "dependsOn": [ - "@smithy/abort-controller@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/querystring-builder@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/protocol-http@4.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/smithy-client@3.1.1", - "dependsOn": [ - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-stack@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "@smithy/util-stream@3.0.1", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/types@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/url-parser@3.0.0", - "dependsOn": [ - "@smithy/querystring-parser@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-base64@3.0.0", - "dependsOn": [ - "@smithy/util-buffer-from@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-body-length-browser@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-body-length-node@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-defaults-mode-browser@3.0.3", - "dependsOn": [ - "@smithy/property-provider@3.1.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "bowser@2.11.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-defaults-mode-node@3.0.3", - "dependsOn": [ - "@smithy/config-resolver@3.0.1", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-endpoints@2.0.1", - "dependsOn": [ - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-middleware@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-retry@3.0.0", - "dependsOn": [ - "@smithy/service-error-classification@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-utf8@3.0.0", - "dependsOn": [ - "@smithy/util-buffer-from@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/signature-v4@3.0.0", - "dependsOn": [ - "@smithy/is-array-buffer@3.0.0", - "@smithy/types@3.0.0", - "@smithy/util-hex-encoding@3.0.0", - "@smithy/util-middleware@3.0.0", - "@smithy/util-uri-escape@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/is-array-buffer@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-hex-encoding@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-uri-escape@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "strnum@1.0.5" - }, - { - "ref": "@smithy/property-provider@3.1.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-stream@3.0.1", - "dependsOn": [ - "@smithy/fetch-http-handler@3.0.1", - "@smithy/node-http-handler@3.0.0", - "@smithy/types@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-buffer-from@3.0.0", - "@smithy/util-hex-encoding@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/credential-provider-imds@3.1.0", - "dependsOn": [ - "@smithy/node-config-provider@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/shared-ini-file-loader@3.1.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-config-provider@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "bowser@2.11.0" - }, - { - "ref": "@smithy/querystring-builder@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "@smithy/util-uri-escape@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-buffer-from@3.0.0", - "dependsOn": [ - "@smithy/is-array-buffer@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/service-error-classification@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0" - ] - }, - { - "ref": "uuid@9.0.1" - }, - { - "ref": "@smithy/querystring-parser@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", - "dependsOn": [ - "@smithy/core@2.1.1", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "dependsOn": [ - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "@smithy/util-endpoints@2.0.1", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", - "dependsOn": [ - "strnum@1.0.5" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/node-http-handler@3.0.0", - "@smithy/property-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-stream@3.0.1", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", - "dependsOn": [ - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "dependsOn": [ - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "dependsOn": [ - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", - "dependsOn": [ - "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@e965/xlsx@0.20.1" - }, - { - "ref": "@mitre/emass_client@3.10.0", - "dependsOn": [ - "@mitre/emass_client@3.10.0|axios@0.21.4" - ] - }, - { - "ref": "@mitre/emass_client@3.10.0|axios@0.21.4", - "dependsOn": [ - "follow-redirects@1.15.6" - ] - }, - { - "ref": "follow-redirects@1.15.6" - }, - { - "ref": "@mitre/hdf-converters@2.10.8", - "dependsOn": [ - "@aws-sdk/client-config-service@3.590.0", - "@e965/xlsx@0.20.1", - "@mdi/js@7.4.47", - "@mitre/jsonix@3.0.7", - "@smithy/node-http-handler@3.0.0", - "@types/csv2json@1.4.5", - "@types/ms@0.7.34", - "@types/mustache@4.2.5", - "@types/papaparse@5.3.14", - "@types/revalidator@0.3.12", - "@types/triple-beam@1.3.5", - "@types/validator@13.12.0", - "@types/xml2js@0.4.14", - "axios@1.7.2", - "compare-versions@6.1.0", - "csv2json@2.0.2", - "fast-xml-parser@4.4.0", - "html-entities@2.5.2", - "htmlparser2@9.1.0", - "inspecjs@2.10.8", - "lodash@4.17.21", - "moment@2.30.1", - "ms@2.1.3", - "mustache@4.2.0", - "papaparse@5.4.1", - "revalidator@0.3.1", - "run-script-os@1.1.6", - "semver@7.6.2", - "tailwindcss@3.4.3", - "tw-elements@1.1.0", - "validator@13.12.0", - "winston@3.13.0", - "xml-formatter@3.6.2", - "xml-parser-xo@4.1.1", - "xml2js@0.6.2", - "yaml@2.4.3" - ] - }, - { - "ref": "@mdi/js@7.4.47" - }, - { - "ref": "@mitre/jsonix@3.0.7", - "dependsOn": [ - "@xmldom/xmldom@0.8.10", - "amdefine@0.0.4", - "xmlhttprequest@1.8.0" - ] - }, - { - "ref": "@xmldom/xmldom@0.8.10" - }, - { - "ref": "amdefine@0.0.4" - }, - { - "ref": "xmlhttprequest@1.8.0" - }, - { - "ref": "@types/csv2json@1.4.5", - "dependsOn": [ - "@types/pumpify@1.4.4" - ] - }, - { - "ref": "@types/pumpify@1.4.4", - "dependsOn": [ - "@types/duplexify@3.6.4", - "@types/node@20.14.1" - ] - }, - { - "ref": "@types/duplexify@3.6.4", - "dependsOn": [ - "@types/node@20.14.1" - ] - }, - { - "ref": "@types/node@20.14.1", - "dependsOn": [ - "undici-types@5.26.5" - ] - }, - { - "ref": "@types/ms@0.7.34" - }, - { - "ref": "@types/mustache@4.2.5" - }, - { - "ref": "@types/papaparse@5.3.14", - "dependsOn": [ - "@types/node@20.14.1" - ] - }, - { - "ref": "@types/revalidator@0.3.12" - }, - { - "ref": "@types/triple-beam@1.3.5" - }, - { - "ref": "@types/validator@13.12.0" - }, - { - "ref": "@types/xml2js@0.4.14", - "dependsOn": [ - "@types/node@20.14.1" - ] - }, - { - "ref": "axios@1.7.2", - "dependsOn": [ - "follow-redirects@1.15.6", - "form-data@4.0.0", - "proxy-from-env@1.1.0" - ] - }, - { - "ref": "compare-versions@6.1.0" - }, - { - "ref": "csv2json@2.0.2", - "dependsOn": [ - "csv-parser@2.3.5", - "exec-promise@0.7.0", - "minimist@1.2.8", - "promise-toolbox@0.14.0", - "pump@3.0.0", - "pumpify@2.0.1", - "strip-bom-stream@4.0.0", - "through2@3.0.2" - ] - }, - { - "ref": "csv-parser@2.3.5", - "dependsOn": [ - "minimist@1.2.8", - "through2@3.0.2" - ] - }, - { - "ref": "minimist@1.2.8" - }, - { - "ref": "through2@3.0.2", - "dependsOn": [ - "inherits@2.0.4", - "readable-stream@3.6.2" - ] - }, - { - "ref": "exec-promise@0.7.0", - "dependsOn": [ - "log-symbols@1.0.2" - ] - }, - { - "ref": "log-symbols@1.0.2", - "dependsOn": [ - "log-symbols@1.0.2|chalk@1.1.3" - ] - }, - { - "ref": "log-symbols@1.0.2|chalk@1.1.3", - "dependsOn": [ - "log-symbols@1.0.2|ansi-styles@2.2.1", - "log-symbols@1.0.2|escape-string-regexp@1.0.5", - "has-ansi@2.0.0", - "log-symbols@1.0.2|strip-ansi@3.0.1", - "log-symbols@1.0.2|supports-color@2.0.0" - ] - }, - { - "ref": "log-symbols@1.0.2|ansi-styles@2.2.1" - }, - { - "ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5" - }, - { - "ref": "log-symbols@1.0.2|strip-ansi@3.0.1", - "dependsOn": [ - "log-symbols@1.0.2|ansi-regex@2.1.1" - ] - }, - { - "ref": "log-symbols@1.0.2|ansi-regex@2.1.1" - }, - { - "ref": "log-symbols@1.0.2|supports-color@2.0.0" - }, - { - "ref": "has-ansi@2.0.0", - "dependsOn": [ - "has-ansi@2.0.0|ansi-regex@2.1.1" - ] - }, - { - "ref": "has-ansi@2.0.0|ansi-regex@2.1.1" - }, - { - "ref": "promise-toolbox@0.14.0", - "dependsOn": [ - "make-error@1.3.6" - ] - }, - { - "ref": "make-error@1.3.6" - }, - { - "ref": "pump@3.0.0", - "dependsOn": [ - "end-of-stream@1.4.4", - "once@1.4.0" - ] - }, - { - "ref": "end-of-stream@1.4.4", - "dependsOn": [ - "once@1.4.0" - ] - }, - { - "ref": "once@1.4.0", - "dependsOn": [ - "wrappy@1.0.2" - ] - }, - { - "ref": "pumpify@2.0.1", - "dependsOn": [ - "duplexify@4.1.3", - "inherits@2.0.4", - "pump@3.0.0" - ] - }, - { - "ref": "duplexify@4.1.3", - "dependsOn": [ - "end-of-stream@1.4.4", - "inherits@2.0.4", - "readable-stream@3.6.2", - "stream-shift@1.0.3" - ] - }, - { - "ref": "inherits@2.0.4" - }, - { - "ref": "readable-stream@3.6.2", - "dependsOn": [ - "inherits@2.0.4", - "string_decoder@1.3.0", - "util-deprecate@1.0.2" - ] - }, - { - "ref": "stream-shift@1.0.3" - }, - { - "ref": "strip-bom-stream@4.0.0", - "dependsOn": [ - "first-chunk-stream@3.0.0", - "strip-bom-buf@2.0.0" - ] - }, - { - "ref": "first-chunk-stream@3.0.0" - }, - { - "ref": "strip-bom-buf@2.0.0", - "dependsOn": [ - "is-utf8@0.2.1" - ] - }, - { - "ref": "is-utf8@0.2.1" - }, - { - "ref": "fast-xml-parser@4.4.0", - "dependsOn": [ - "strnum@1.0.5" - ] - }, - { - "ref": "html-entities@2.5.2" - }, - { - "ref": "htmlparser2@9.1.0", - "dependsOn": [ - "domelementtype@2.3.0", - "domhandler@5.0.3", - "domutils@3.1.0", - "entities@4.5.0" - ] - }, - { - "ref": "inspecjs@2.10.8" - }, - { - "ref": "lodash@4.17.21" - }, - { - "ref": "moment@2.30.1" - }, - { - "ref": "ms@2.1.3" - }, - { - "ref": "mustache@4.2.0" - }, - { - "ref": "papaparse@5.4.1" - }, - { - "ref": "revalidator@0.3.1" - }, - { - "ref": "run-script-os@1.1.6" - }, - { - "ref": "semver@7.6.2" - }, - { - "ref": "tailwindcss@3.4.3", - "dependsOn": [ - "@alloc/quick-lru@5.2.0", - "arg@5.0.2", - "chokidar@3.5.3", - "didyoumean@1.2.2", - "dlv@1.1.3", - "fast-glob@3.3.2", - "glob-parent@6.0.2", - "is-glob@4.0.3", - "jiti@1.21.0", - "lilconfig@2.1.0", - "micromatch@4.0.5", - "normalize-path@3.0.0", - "object-hash@3.0.0", - "picocolors@1.0.0", - "postcss-import@15.1.0", - "postcss-js@4.0.1", - "postcss-load-config@4.0.2", - "postcss-nested@6.0.1", - "postcss-selector-parser@6.0.16", - "postcss@8.4.38", - "resolve@1.22.8", - "sucrase@3.35.0" - ] - }, - { - "ref": "@alloc/quick-lru@5.2.0" - }, - { - "ref": "arg@5.0.2" - }, - { - "ref": "chokidar@3.5.3", - "dependsOn": [ - "anymatch@3.1.3", - "braces@3.0.2", - "fsevents@2.3.3", - "chokidar@3.5.3|glob-parent@5.1.2", - "is-binary-path@2.1.0", - "is-glob@4.0.3", - "normalize-path@3.0.0", - "readdirp@3.6.0" - ] - }, - { - "ref": "chokidar@3.5.3|glob-parent@5.1.2", - "dependsOn": [ - "is-glob@4.0.3" - ] - }, - { - "ref": "didyoumean@1.2.2" - }, - { - "ref": "dlv@1.1.3" - }, - { - "ref": "fast-glob@3.3.2", - "dependsOn": [ - "@nodelib/fs.stat@2.0.5", - "@nodelib/fs.walk@1.2.8", - "fast-glob@3.3.2|glob-parent@5.1.2", - "merge2@1.4.1", - "micromatch@4.0.5" - ] - }, - { - "ref": "fast-glob@3.3.2|glob-parent@5.1.2", - "dependsOn": [ - "is-glob@4.0.3" - ] - }, - { - "ref": "@nodelib/fs.stat@2.0.5" - }, - { - "ref": "@nodelib/fs.walk@1.2.8", - "dependsOn": [ - "@nodelib/fs.scandir@2.1.5", - "fastq@1.17.1" - ] - }, - { - "ref": "is-glob@4.0.3", - "dependsOn": [ - "is-extglob@2.1.1" - ] - }, - { - "ref": "merge2@1.4.1" - }, - { - "ref": "micromatch@4.0.5", - "dependsOn": [ - "braces@3.0.2", - "picomatch@2.3.1" - ] - }, - { - "ref": "glob-parent@6.0.2", - "dependsOn": [ - "is-glob@4.0.3" - ] - }, - { - "ref": "jiti@1.21.0" - }, - { - "ref": "lilconfig@2.1.0" - }, - { - "ref": "braces@3.0.2", - "dependsOn": [ - "fill-range@7.0.1" - ] - }, - { - "ref": "picomatch@2.3.1" - }, - { - "ref": "normalize-path@3.0.0" - }, - { - "ref": "object-hash@3.0.0" - }, - { - "ref": "picocolors@1.0.0" - }, - { - "ref": "postcss-import@15.1.0", - "dependsOn": [ - "postcss-value-parser@4.2.0", - "postcss@8.4.38", - "read-cache@1.0.0", - "resolve@1.22.8" - ] - }, - { - "ref": "postcss-value-parser@4.2.0" - }, - { - "ref": "postcss@8.4.38", - "dependsOn": [ - "nanoid@3.3.7", - "picocolors@1.0.0", - "source-map-js@1.2.0" - ] - }, - { - "ref": "read-cache@1.0.0", - "dependsOn": [ - "pify@2.3.0" - ] - }, - { - "ref": "pify@2.3.0" - }, - { - "ref": "resolve@1.22.8", - "dependsOn": [ - "is-core-module@2.13.1", - "path-parse@1.0.7", - "supports-preserve-symlinks-flag@1.0.0" - ] - }, - { - "ref": "postcss-js@4.0.1", - "dependsOn": [ - "camelcase-css@2.0.1", - "postcss@8.4.38" - ] - }, - { - "ref": "camelcase-css@2.0.1" - }, - { - "ref": "postcss-load-config@4.0.2", - "dependsOn": [ - "postcss-load-config@4.0.2|lilconfig@3.1.1", - "postcss@8.4.38", - "ts-node@10.9.2", - "yaml@2.4.3" - ] - }, - { - "ref": "postcss-load-config@4.0.2|lilconfig@3.1.1" - }, - { - "ref": "ts-node@10.9.2", - "dependsOn": [ - "@cspotcode/source-map-support@0.8.1", - "@tsconfig/node10@1.0.11", - "@tsconfig/node12@1.0.11", - "@tsconfig/node14@1.0.3", - "@tsconfig/node16@1.0.4", - "@types/node@20.14.1", - "acorn-walk@8.3.2", - "acorn@8.11.3", - "ts-node@10.9.2|arg@4.1.3", - "create-require@1.1.1", - "diff@4.0.2", - "make-error@1.3.6", - "typescript@5.1.6", - "v8-compile-cache-lib@3.0.1", - "yn@3.1.1" - ] - }, - { - "ref": "ts-node@10.9.2|arg@4.1.3" - }, - { - "ref": "yaml@2.4.3" - }, - { - "ref": "postcss-nested@6.0.1", - "dependsOn": [ - "postcss-selector-parser@6.0.16", - "postcss@8.4.38" - ] - }, - { - "ref": "postcss-selector-parser@6.0.16", - "dependsOn": [ - "cssesc@3.0.0", - "util-deprecate@1.0.2" - ] - }, - { - "ref": "cssesc@3.0.0" - }, - { - "ref": "util-deprecate@1.0.2" - }, - { - "ref": "nanoid@3.3.7" - }, - { - "ref": "source-map-js@1.2.0" - }, - { - "ref": "is-core-module@2.13.1", - "dependsOn": [ - "hasown@2.0.2" - ] - }, - { - "ref": "path-parse@1.0.7" - }, - { - "ref": "supports-preserve-symlinks-flag@1.0.0" - }, - { - "ref": "sucrase@3.35.0", - "dependsOn": [ - "@jridgewell/gen-mapping@0.3.5", - "sucrase@3.35.0|commander@4.1.1", - "sucrase@3.35.0|glob@10.3.12", - "lines-and-columns@1.2.4", - "mz@2.7.0", - "pirates@4.0.6", - "ts-interface-checker@0.1.13" - ] - }, - { - "ref": "sucrase@3.35.0|commander@4.1.1" - }, - { - "ref": "sucrase@3.35.0|glob@10.3.12", - "dependsOn": [ - "foreground-child@3.1.1", - "jackspeak@2.3.6", - "minimatch@9.0.4", - "sucrase@3.35.0|minipass@7.0.4", - "path-scurry@1.10.2" - ] - }, - { - "ref": "sucrase@3.35.0|minipass@7.0.4" - }, - { - "ref": "@jridgewell/gen-mapping@0.3.5", - "dependsOn": [ - "@jridgewell/set-array@1.2.1", - "@jridgewell/sourcemap-codec@1.4.15", - "@jridgewell/trace-mapping@0.3.25" - ] - }, - { - "ref": "@jridgewell/set-array@1.2.1" - }, - { - "ref": "@jridgewell/sourcemap-codec@1.4.15" - }, - { - "ref": "@jridgewell/trace-mapping@0.3.25", - "dependsOn": [ - "@jridgewell/resolve-uri@3.1.2", - "@jridgewell/sourcemap-codec@1.4.15" - ] - }, - { - "ref": "foreground-child@3.1.1", - "dependsOn": [ - "cross-spawn@7.0.3", - "foreground-child@3.1.1|signal-exit@4.1.0" - ] - }, - { - "ref": "foreground-child@3.1.1|signal-exit@4.1.0" - }, - { - "ref": "cross-spawn@7.0.3", - "dependsOn": [ - "path-key@3.1.1", - "shebang-command@2.0.0", - "which@2.0.2" - ] - }, - { - "ref": "jackspeak@2.3.6", - "dependsOn": [ - "@isaacs/cliui@8.0.2", - "@pkgjs/parseargs@0.11.0" - ] - }, - { - "ref": "@isaacs/cliui@8.0.2", - "dependsOn": [ - "string-width@4.2.3", - "@isaacs/cliui@8.0.2|string-width@5.1.2", - "BomRef.5h3h9846p8.g5nk6qdc128", - "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", - "wrap-ansi@7.0.0", - "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0" - ] - }, - { - "ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", - "dependsOn": [ - "eastasianwidth@0.2.0", - "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", - "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" - ] - }, - { - "ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2" - }, - { - "ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", - "dependsOn": [ - "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" - ] - }, - { - "ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" - }, - { - "ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", - "dependsOn": [ - "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", - "@isaacs/cliui@8.0.2|string-width@5.1.2", - "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" - ] - }, - { - "ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1" - }, - { - "ref": "string-width@4.2.3", - "dependsOn": [ - "emoji-regex@8.0.0", - "is-fullwidth-code-point@3.0.0", - "strip-ansi@6.0.1" - ] - }, - { - "ref": "emoji-regex@8.0.0" - }, - { - "ref": "is-fullwidth-code-point@3.0.0" - }, - { - "ref": "strip-ansi@6.0.1", - "dependsOn": [ - "ansi-regex@5.0.1" - ] - }, - { - "ref": "eastasianwidth@0.2.0" - }, - { - "ref": "BomRef.5h3h9846p8.g5nk6qdc128", - "dependsOn": [ - "ansi-regex@5.0.1" - ] - }, - { - "ref": "ansi-regex@5.0.1" - }, - { - "ref": "wrap-ansi@7.0.0", - "dependsOn": [ - "ansi-styles@4.3.0", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1" - ] - }, - { - "ref": "ansi-styles@4.3.0", - "dependsOn": [ - "color-convert@2.0.1" - ] - }, - { - "ref": "BomRef.5hrhe0lu5jo.6brcifutiug", - "dependsOn": [ - "emoji-regex@8.0.0", - "is-fullwidth-code-point@3.0.0", - "strip-ansi@6.0.1" - ] - }, - { - "ref": "@pkgjs/parseargs@0.11.0" - }, - { - "ref": "minimatch@9.0.4", - "dependsOn": [ - "brace-expansion@2.0.1" - ] - }, - { - "ref": "path-scurry@1.10.2", - "dependsOn": [ - "path-scurry@1.10.2|lru-cache@10.2.0", - "path-scurry@1.10.2|minipass@7.0.4" - ] - }, - { - "ref": "path-scurry@1.10.2|lru-cache@10.2.0" - }, - { - "ref": "path-scurry@1.10.2|minipass@7.0.4" - }, - { - "ref": "lines-and-columns@1.2.4" - }, - { - "ref": "mz@2.7.0", - "dependsOn": [ - "any-promise@1.3.0", - "object-assign@4.1.1", - "thenify-all@1.6.0" - ] - }, - { - "ref": "any-promise@1.3.0" - }, - { - "ref": "object-assign@4.1.1" - }, - { - "ref": "thenify-all@1.6.0", - "dependsOn": [ - "thenify@3.3.1" - ] - }, - { - "ref": "thenify@3.3.1", - "dependsOn": [ - "any-promise@1.3.0" - ] - }, - { - "ref": "pirates@4.0.6" - }, - { - "ref": "ts-interface-checker@0.1.13" - }, - { - "ref": "tw-elements@1.1.0", - "dependsOn": [ - "@popperjs/core@2.11.8", - "chart.js@3.9.1", - "chartjs-plugin-datalabels@2.2.0", - "deepmerge@4.3.1", - "detect-autofill@1.1.4", - "perfect-scrollbar@1.5.5", - "tw-elements@1.1.0|tailwindcss@3.3.0" - ] - }, - { - "ref": "tw-elements@1.1.0|tailwindcss@3.3.0", - "dependsOn": [ - "arg@5.0.2", - "chokidar@3.5.3", - "color-name@1.1.4", - "didyoumean@1.2.2", - "dlv@1.1.3", - "fast-glob@3.3.2", - "glob-parent@6.0.2", - "is-glob@4.0.3", - "jiti@1.21.0", - "lilconfig@2.1.0", - "micromatch@4.0.5", - "normalize-path@3.0.0", - "object-hash@3.0.0", - "picocolors@1.0.0", - "tw-elements@1.1.0|postcss-import@14.1.0", - "postcss-js@4.0.1", - "tw-elements@1.1.0|postcss-load-config@3.1.4", - "tw-elements@1.1.0|postcss-nested@6.0.0", - "postcss-selector-parser@6.0.16", - "postcss-value-parser@4.2.0", - "postcss@8.4.38", - "quick-lru@5.1.1", - "resolve@1.22.8", - "sucrase@3.35.0" - ] - }, - { - "ref": "tw-elements@1.1.0|postcss-import@14.1.0", - "dependsOn": [ - "postcss-value-parser@4.2.0", - "postcss@8.4.38", - "read-cache@1.0.0", - "resolve@1.22.8" - ] - }, - { - "ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", - "dependsOn": [ - "lilconfig@2.1.0", - "postcss@8.4.38", - "ts-node@10.9.2", - "tw-elements@1.1.0|yaml@1.10.2" - ] - }, - { - "ref": "tw-elements@1.1.0|yaml@1.10.2" - }, - { - "ref": "tw-elements@1.1.0|postcss-nested@6.0.0", - "dependsOn": [ - "postcss-selector-parser@6.0.16", - "postcss@8.4.38" - ] - }, - { - "ref": "@popperjs/core@2.11.8" - }, - { - "ref": "chart.js@3.9.1" - }, - { - "ref": "chartjs-plugin-datalabels@2.2.0", - "dependsOn": [ - "chart.js@3.9.1" - ] - }, - { - "ref": "deepmerge@4.3.1" - }, - { - "ref": "detect-autofill@1.1.4", - "dependsOn": [ - "custom-event-polyfill@1.0.7" - ] - }, - { - "ref": "custom-event-polyfill@1.0.7" - }, - { - "ref": "perfect-scrollbar@1.5.5" - }, - { - "ref": "color-name@1.1.4" - }, - { - "ref": "quick-lru@5.1.1" - }, - { - "ref": "validator@13.12.0" - }, - { - "ref": "winston@3.13.0", - "dependsOn": [ - "@colors/colors@1.6.0", - "@dabh/diagnostics@2.0.3", - "async@3.2.5", - "is-stream@2.0.1", - "logform@2.6.0", - "one-time@1.0.0", - "readable-stream@3.6.2", - "safe-stable-stringify@2.4.3", - "stack-trace@0.0.10", - "triple-beam@1.4.1", - "winston-transport@4.7.0" - ] - }, - { - "ref": "xml-formatter@3.6.2", - "dependsOn": [ - "xml-parser-xo@4.1.1" - ] - }, - { - "ref": "xml-parser-xo@4.1.1" - }, - { - "ref": "xml2js@0.6.2", - "dependsOn": [ - "sax@1.2.1", - "xmlbuilder@11.0.1" - ] - }, - { - "ref": "@mitre/heimdall-lite@2.10.9", - "dependsOn": [ - "express@4.19.2" - ] - }, - { - "ref": "express@4.19.2", - "dependsOn": [ - "accepts@1.3.8", - "array-flatten@1.1.1", - "body-parser@1.20.2", - "content-disposition@0.5.4", - "content-type@1.0.5", - "cookie-signature@1.0.6", - "cookie@0.6.0", - "express@4.19.2|debug@2.6.9", - "depd@2.0.0", - "encodeurl@1.0.2", - "escape-html@1.0.3", - "etag@1.8.1", - "finalhandler@1.2.0", - "fresh@0.5.2", - "http-errors@2.0.0", - "merge-descriptors@1.0.1", - "methods@1.1.2", - "on-finished@2.4.1", - "parseurl@1.3.3", - "path-to-regexp@0.1.7", - "proxy-addr@2.0.7", - "qs@6.11.0", - "range-parser@1.2.1", - "safe-buffer@5.2.1", - "send@0.18.0", - "serve-static@1.15.0", - "setprototypeof@1.2.0", - "statuses@2.0.1", - "type-is@1.6.18", - "utils-merge@1.0.1", - "vary@1.1.2" - ] - }, - { - "ref": "express@4.19.2|debug@2.6.9", - "dependsOn": [ - "express@4.19.2|ms@2.0.0" - ] - }, - { - "ref": "express@4.19.2|ms@2.0.0" - }, - { - "ref": "@mitre/inspec-objects@1.0.1", - "dependsOn": [ - "@types/flat@5.0.5", - "@types/he@1.2.3", - "@types/json-diff@0.7.0", - "@types/jstoxml@2.0.4", - "@types/lodash@4.17.4", - "@types/mustache@4.2.5", - "@types/pretty@2.0.3", - "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", - "flat@5.0.2", - "he@1.2.0", - "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", - "inspecjs@2.10.8", - "@mitre/inspec-objects@1.0.1|jest@28.1.3", - "json-diff@0.9.1", - "jstoxml@3.2.10", - "lodash@4.17.21", - "mustache@4.2.0", - "pretty@2.0.0", - "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", - "@mitre/inspec-objects@1.0.1|typescript@4.9.5", - "winston@3.13.0", - "@mitre/inspec-objects@1.0.1|yaml@1.10.2" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", - "dependsOn": [ - "strnum@1.0.5" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", - "dependsOn": [ - "domelementtype@2.3.0", - "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", - "@mitre/inspec-objects@1.0.1|domutils@2.8.0", - "@mitre/inspec-objects@1.0.1|entities@3.0.1" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", - "dependsOn": [ - "domelementtype@2.3.0" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", - "domelementtype@2.3.0", - "@mitre/inspec-objects@1.0.1|domhandler@4.3.1" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", - "dependsOn": [ - "domelementtype@2.3.0", - "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", - "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "import-local@3.1.0", - "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "ansi-escapes@4.3.2", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", - "exit@0.1.2", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", - "micromatch@4.0.5", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "rimraf@3.0.2", - "slash@3.0.0", - "strip-ansi@6.0.1" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "slash@3.0.0" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", - "@types/istanbul-lib-coverage@2.0.6", - "@types/istanbul-reports@3.0.4", - "@types/node@20.14.1", - "@types/yargs@17.0.32", - "chalk@4.1.2" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "dependsOn": [ - "@babel/code-frame@7.24.2", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/stack-utils@2.0.3", - "chalk@4.1.2", - "graceful-fs@4.2.11", - "micromatch@4.0.5", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "slash@3.0.0", - "stack-utils@2.0.6" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", - "graceful-fs@4.2.11", - "picomatch@2.3.1" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", - "dependsOn": [ - "@bcoe/v8-coverage@0.2.3", - "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@jridgewell/trace-mapping@0.3.25", - "@types/node@20.14.1", - "chalk@4.1.2", - "collect-v8-coverage@1.0.2", - "exit@0.1.2", - "glob@7.2.3", - "graceful-fs@4.2.11", - "istanbul-lib-coverage@3.2.2", - "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", - "istanbul-lib-report@3.0.1", - "istanbul-lib-source-maps@4.0.1", - "istanbul-reports@3.1.7", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", - "slash@3.0.0", - "string-length@4.0.2", - "strip-ansi@6.0.1", - "terminal-link@2.1.1", - "v8-to-istanbul@9.2.0" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/istanbul-lib-coverage@2.0.6", - "collect-v8-coverage@1.0.2" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@jridgewell/trace-mapping@0.3.25", - "babel-plugin-istanbul@6.1.1", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", - "fast-json-stable-stringify@2.1.0", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "micromatch@4.0.5", - "pirates@4.0.6", - "slash@3.0.0", - "write-file-atomic@4.0.2" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/parser@7.24.4", - "@istanbuljs/schema@0.1.3", - "istanbul-lib-coverage@3.2.2", - "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", - "dependsOn": [ - "@types/node@20.14.1", - "merge-stream@2.0.0", - "supports-color@8.1.1" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/graceful-fs@4.1.9", - "@types/node@20.14.1", - "anymatch@3.1.3", - "fb-watchman@2.0.2", - "fsevents@2.3.3", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", - "micromatch@4.0.5", - "walker@1.0.8" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", - "dependsOn": [ - "execa@5.1.1", - "p-limit@3.1.0" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", - "deepmerge@4.3.1", - "glob@7.2.3", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", - "micromatch@4.0.5", - "parse-json@5.2.0", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "slash@3.0.0", - "strip-json-comments@3.1.1", - "ts-node@10.9.2" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "slash@3.0.0" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "@types/babel__core@7.20.5", - "babel-plugin-istanbul@6.1.1", - "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", - "chalk@4.1.2", - "graceful-fs@4.2.11", - "slash@3.0.0" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "co@4.6.0", - "@mitre/inspec-objects@1.0.1|dedent@0.7.0", - "is-generator-fn@2.1.0", - "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "p-limit@3.1.0", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "slash@3.0.0", - "stack-utils@2.0.6" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|expect@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/generator@7.24.4", - "@babel/plugin-syntax-typescript@7.24.1", - "@babel/traverse@7.24.1", - "@babel/types@7.24.0", - "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/babel__traverse@7.20.5", - "@types/prettier@2.7.3", - "babel-preset-current-node-syntax@1.0.1", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|expect@28.1.3", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "natural-compare@1.4.0", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "semver@7.6.2" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", - "ansi-regex@5.0.1", - "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", - "react-is@18.2.0" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", - "dependsOn": [ - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "chalk@4.1.2", - "cjs-module-lexer@1.2.3", - "collect-v8-coverage@1.0.2", - "execa@5.1.1", - "glob@7.2.3", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "slash@3.0.0", - "strip-bom@4.0.0" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", - "@types/node@20.14.1", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", - "dependsOn": [ - "chalk@4.1.2", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "jest-pnp-resolver@1.2.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", - "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", - "resolve@1.22.8", - "slash@3.0.0" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|emittery@0.10.2", - "graceful-fs@4.2.11", - "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", - "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", - "p-limit@3.1.0", - "source-map-support@0.5.13" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "leven@3.1.0", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", - "dependsOn": [ - "detect-newline@3.1.0" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@types/node@20.14.1", - "ansi-escapes@4.3.2", - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|emittery@0.10.2", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "string-length@4.0.2" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", - "dependsOn": [ - "type-detect@4.0.8" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", - "dependsOn": [ - "@jridgewell/trace-mapping@0.3.25", - "callsites@3.1.0", - "graceful-fs@4.2.11" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", - "dependsOn": [ - "chalk@4.1.2", - "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", - "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", - "dependsOn": [ - "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "chalk@4.1.2", - "exit@0.1.2", - "graceful-fs@4.2.11", - "import-local@3.1.0", - "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", - "prompts@2.4.2", - "yargs@17.7.2" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", - "dependsOn": [ - "@babel/core@7.24.4", - "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", - "bs-logger@0.2.6", - "fast-json-stable-stringify@2.1.0", - "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "@mitre/inspec-objects@1.0.1|jest@28.1.3", - "json5@2.2.3", - "lodash.memoize@4.1.2", - "make-error@1.3.6", - "semver@7.6.2", - "@mitre/inspec-objects@1.0.1|typescript@4.9.5", - "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", - "babel-preset-current-node-syntax@1.0.1" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", - "dependsOn": [ - "@babel/template@7.24.0", - "@babel/types@7.24.0", - "@types/babel__core@7.20.5", - "@types/babel__traverse@7.20.5" - ] - }, - { - "ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" - }, - { - "ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2" - }, - { - "ref": "@types/flat@5.0.5" - }, - { - "ref": "@types/he@1.2.3" - }, - { - "ref": "@types/json-diff@0.7.0" - }, - { - "ref": "@types/jstoxml@2.0.4" - }, - { - "ref": "@types/lodash@4.17.4" - }, - { - "ref": "@types/pretty@2.0.3" - }, - { - "ref": "flat@5.0.2" - }, - { - "ref": "he@1.2.0" - }, - { - "ref": "domelementtype@2.3.0" - }, - { - "ref": "chalk@4.1.2", - "dependsOn": [ - "ansi-styles@4.3.0", - "chalk@4.1.2|supports-color@7.2.0" - ] - }, - { - "ref": "chalk@4.1.2|supports-color@7.2.0", - "dependsOn": [ - "has-flag@4.0.0" - ] - }, - { - "ref": "slash@3.0.0" - }, - { - "ref": "@bcoe/v8-coverage@0.2.3" - }, - { - "ref": "collect-v8-coverage@1.0.2" - }, - { - "ref": "exit@0.1.2" - }, - { - "ref": "glob@7.2.3", - "dependsOn": [ - "fs.realpath@1.0.0", - "inflight@1.0.6", - "inherits@2.0.4", - "glob@7.2.3|minimatch@3.1.2", - "once@1.4.0", - "path-is-absolute@1.0.1" - ] - }, - { - "ref": "glob@7.2.3|minimatch@3.1.2", - "dependsOn": [ - "glob@7.2.3|brace-expansion@1.1.11" - ] - }, - { - "ref": "glob@7.2.3|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] - }, - { - "ref": "graceful-fs@4.2.11" - }, - { - "ref": "istanbul-lib-coverage@3.2.2" - }, - { - "ref": "@babel/core@7.24.4", - "dependsOn": [ - "@ampproject/remapping@2.3.0", - "@babel/code-frame@7.24.2", - "@babel/generator@7.24.4", - "@babel/helper-compilation-targets@7.23.6", - "@babel/helper-module-transforms@7.23.3", - "@babel/helpers@7.24.4", - "@babel/parser@7.24.4", - "@babel/template@7.24.0", - "@babel/traverse@7.24.1", - "@babel/types@7.24.0", - "convert-source-map@2.0.0", - "debug@4.3.4", - "gensync@1.0.0-beta.2", - "json5@2.2.3", - "@babel/core@7.24.4|semver@6.3.1" - ] - }, - { - "ref": "@babel/core@7.24.4|semver@6.3.1" - }, - { - "ref": "@babel/parser@7.24.4" - }, - { - "ref": "@istanbuljs/schema@0.1.3" - }, - { - "ref": "istanbul-lib-report@3.0.1", - "dependsOn": [ - "istanbul-lib-coverage@3.2.2", - "make-dir@4.0.0", - "istanbul-lib-report@3.0.1|supports-color@7.2.0" - ] - }, - { - "ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", - "dependsOn": [ - "has-flag@4.0.0" - ] - }, - { - "ref": "istanbul-lib-source-maps@4.0.1", - "dependsOn": [ - "debug@4.3.4", - "istanbul-lib-coverage@3.2.2", - "source-map@0.6.1" - ] - }, - { - "ref": "istanbul-reports@3.1.7", - "dependsOn": [ - "html-escaper@2.0.2", - "istanbul-lib-report@3.0.1" - ] - }, - { - "ref": "merge-stream@2.0.0" - }, - { - "ref": "supports-color@8.1.1", - "dependsOn": [ - "has-flag@4.0.0" - ] - }, - { - "ref": "string-length@4.0.2", - "dependsOn": [ - "char-regex@1.0.2", - "strip-ansi@6.0.1" - ] - }, - { - "ref": "terminal-link@2.1.1", - "dependsOn": [ - "ansi-escapes@4.3.2", - "supports-hyperlinks@2.3.0" - ] - }, - { - "ref": "ansi-escapes@4.3.2", - "dependsOn": [ - "type-fest@0.21.3" - ] - }, - { - "ref": "supports-hyperlinks@2.3.0", - "dependsOn": [ - "has-flag@4.0.0", - "supports-hyperlinks@2.3.0|supports-color@7.2.0" - ] - }, - { - "ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", - "dependsOn": [ - "has-flag@4.0.0" - ] - }, - { - "ref": "v8-to-istanbul@9.2.0", - "dependsOn": [ - "@jridgewell/trace-mapping@0.3.25", - "@types/istanbul-lib-coverage@2.0.6", - "convert-source-map@2.0.0" - ] - }, - { - "ref": "@types/istanbul-lib-coverage@2.0.6" - }, - { - "ref": "babel-plugin-istanbul@6.1.1", - "dependsOn": [ - "@babel/helper-plugin-utils@7.24.0", - "@istanbuljs/load-nyc-config@1.1.0", - "@istanbuljs/schema@0.1.3", - "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", - "test-exclude@6.0.0" - ] - }, - { - "ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/parser@7.24.4", - "@istanbuljs/schema@0.1.3", - "istanbul-lib-coverage@3.2.2", - "babel-plugin-istanbul@6.1.1|semver@6.3.1" - ] - }, - { - "ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1" - }, - { - "ref": "fast-json-stable-stringify@2.1.0" - }, - { - "ref": "write-file-atomic@4.0.2", - "dependsOn": [ - "imurmurhash@0.1.4", - "signal-exit@3.0.7" - ] - }, - { - "ref": "execa@5.1.1", - "dependsOn": [ - "cross-spawn@7.0.3", - "get-stream@6.0.1", - "human-signals@2.1.0", - "is-stream@2.0.1", - "merge-stream@2.0.0", - "npm-run-path@4.0.1", - "onetime@5.1.2", - "signal-exit@3.0.7", - "strip-final-newline@2.0.0" - ] - }, - { - "ref": "p-limit@3.1.0", - "dependsOn": [ - "yocto-queue@0.1.0" - ] - }, - { - "ref": "co@4.6.0" - }, - { - "ref": "is-generator-fn@2.1.0" - }, - { - "ref": "stack-utils@2.0.6", - "dependsOn": [ - "stack-utils@2.0.6|escape-string-regexp@2.0.0" - ] - }, - { - "ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0" - }, - { - "ref": "parse-json@5.2.0", - "dependsOn": [ - "@babel/code-frame@7.24.2", - "error-ex@1.3.2", - "json-parse-even-better-errors@2.3.1", - "lines-and-columns@1.2.4" - ] - }, - { - "ref": "strip-json-comments@3.1.1" - }, - { - "ref": "@types/graceful-fs@4.1.9", - "dependsOn": [ - "@types/node@20.14.1" - ] - }, - { - "ref": "anymatch@3.1.3", - "dependsOn": [ - "normalize-path@3.0.0", - "picomatch@2.3.1" - ] - }, - { - "ref": "fb-watchman@2.0.2", - "dependsOn": [ - "bser@2.1.1" - ] - }, - { - "ref": "fsevents@2.3.3" - }, - { - "ref": "walker@1.0.8", - "dependsOn": [ - "makeerror@1.0.12" - ] - }, - { - "ref": "@babel/code-frame@7.24.2", - "dependsOn": [ - "@babel/highlight@7.24.2", - "picocolors@1.0.0" - ] - }, - { - "ref": "@types/stack-utils@2.0.3" - }, - { - "ref": "jest-pnp-resolver@1.2.3", - "dependsOn": [ - "jest-resolve@29.7.0" - ] - }, - { - "ref": "detect-newline@3.1.0" - }, - { - "ref": "source-map-support@0.5.13", - "dependsOn": [ - "buffer-from@1.1.2", - "source-map@0.6.1" - ] - }, - { - "ref": "type-detect@4.0.8" - }, - { - "ref": "callsites@3.1.0" - }, - { - "ref": "cjs-module-lexer@1.2.3" - }, - { - "ref": "strip-bom@4.0.0" - }, - { - "ref": "@babel/generator@7.24.4", - "dependsOn": [ - "@babel/types@7.24.0", - "@jridgewell/gen-mapping@0.3.5", - "@jridgewell/trace-mapping@0.3.25", - "@babel/generator@7.24.4|jsesc@2.5.2" - ] - }, - { - "ref": "@babel/generator@7.24.4|jsesc@2.5.2" - }, - { - "ref": "@babel/plugin-syntax-typescript@7.24.1", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/traverse@7.24.1", - "dependsOn": [ - "@babel/code-frame@7.24.2", - "@babel/generator@7.24.4", - "@babel/helper-environment-visitor@7.22.20", - "@babel/helper-function-name@7.23.0", - "@babel/helper-hoist-variables@7.22.5", - "@babel/helper-split-export-declaration@7.22.6", - "@babel/parser@7.24.4", - "@babel/types@7.24.0", - "debug@4.3.4", - "@babel/traverse@7.24.1|globals@11.12.0" - ] - }, - { - "ref": "@babel/traverse@7.24.1|globals@11.12.0" - }, - { - "ref": "@babel/types@7.24.0", - "dependsOn": [ - "@babel/helper-string-parser@7.24.1", - "@babel/helper-validator-identifier@7.22.20", - "to-fast-properties@2.0.0" - ] - }, - { - "ref": "@types/babel__traverse@7.20.5", - "dependsOn": [ - "@babel/types@7.24.0" - ] - }, - { - "ref": "@types/prettier@2.7.3" - }, - { - "ref": "babel-preset-current-node-syntax@1.0.1", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/plugin-syntax-async-generators@7.8.4", - "@babel/plugin-syntax-bigint@7.8.3", - "@babel/plugin-syntax-class-properties@7.12.13", - "@babel/plugin-syntax-import-meta@7.10.4", - "@babel/plugin-syntax-json-strings@7.8.3", - "@babel/plugin-syntax-logical-assignment-operators@7.10.4", - "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", - "@babel/plugin-syntax-numeric-separator@7.10.4", - "@babel/plugin-syntax-object-rest-spread@7.8.3", - "@babel/plugin-syntax-optional-catch-binding@7.8.3", - "@babel/plugin-syntax-optional-chaining@7.8.3", - "@babel/plugin-syntax-top-level-await@7.14.5" - ] - }, - { - "ref": "natural-compare@1.4.0" - }, - { - "ref": "leven@3.1.0" - }, - { - "ref": "react-is@18.2.0" - }, - { - "ref": "rimraf@3.0.2", - "dependsOn": [ - "glob@7.2.3" - ] - }, - { - "ref": "@types/istanbul-reports@3.0.4", - "dependsOn": [ - "@types/istanbul-lib-report@3.0.3" - ] - }, - { - "ref": "@types/yargs@17.0.32", - "dependsOn": [ - "@types/yargs-parser@21.0.3" - ] - }, - { - "ref": "import-local@3.1.0", - "dependsOn": [ - "pkg-dir@4.2.0", - "resolve-cwd@3.0.0" - ] - }, - { - "ref": "prompts@2.4.2", - "dependsOn": [ - "kleur@3.0.3", - "sisteransi@1.0.5" - ] - }, - { - "ref": "kleur@3.0.3" - }, - { - "ref": "sisteransi@1.0.5" - }, - { - "ref": "yargs@17.7.2", - "dependsOn": [ - "cliui@8.0.1", - "escalade@3.1.2", - "get-caller-file@2.0.5", - "require-directory@2.1.1", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "y18n@5.0.8", - "yargs@17.7.2|yargs-parser@21.1.1" - ] - }, - { - "ref": "yargs@17.7.2|yargs-parser@21.1.1" - }, - { - "ref": "json-diff@0.9.1", - "dependsOn": [ - "cli-color@2.0.4", - "difflib@0.2.4", - "dreamopt@0.8.0" - ] - }, - { - "ref": "cli-color@2.0.4", - "dependsOn": [ - "d@1.0.2", - "es5-ext@0.10.64", - "es6-iterator@2.0.3", - "memoizee@0.4.15", - "timers-ext@0.1.7" - ] - }, - { - "ref": "d@1.0.2", - "dependsOn": [ - "es5-ext@0.10.64", - "type@2.7.2" - ] - }, - { - "ref": "es5-ext@0.10.64", - "dependsOn": [ - "es6-iterator@2.0.3", - "es6-symbol@3.1.4", - "esniff@2.0.1", - "next-tick@1.1.0" - ] - }, - { - "ref": "type@2.7.2" - }, - { - "ref": "es6-iterator@2.0.3", - "dependsOn": [ - "d@1.0.2", - "es5-ext@0.10.64", - "es6-symbol@3.1.4" - ] - }, - { - "ref": "es6-symbol@3.1.4", - "dependsOn": [ - "d@1.0.2", - "ext@1.7.0" - ] - }, - { - "ref": "ext@1.7.0", - "dependsOn": [ - "type@2.7.2" - ] - }, - { - "ref": "esniff@2.0.1", - "dependsOn": [ - "d@1.0.2", - "es5-ext@0.10.64", - "event-emitter@0.3.5", - "type@2.7.2" - ] - }, - { - "ref": "event-emitter@0.3.5", - "dependsOn": [ - "d@1.0.2", - "es5-ext@0.10.64" - ] - }, - { - "ref": "next-tick@1.1.0" - }, - { - "ref": "memoizee@0.4.15", - "dependsOn": [ - "d@1.0.2", - "es5-ext@0.10.64", - "es6-weak-map@2.0.3", - "event-emitter@0.3.5", - "is-promise@2.2.2", - "lru-queue@0.1.0", - "next-tick@1.1.0", - "timers-ext@0.1.7" - ] - }, - { - "ref": "es6-weak-map@2.0.3", - "dependsOn": [ - "d@1.0.2", - "es5-ext@0.10.64", - "es6-iterator@2.0.3", - "es6-symbol@3.1.4" - ] - }, - { - "ref": "is-promise@2.2.2" - }, - { - "ref": "lru-queue@0.1.0", - "dependsOn": [ - "es5-ext@0.10.64" - ] - }, - { - "ref": "timers-ext@0.1.7", - "dependsOn": [ - "es5-ext@0.10.64", - "next-tick@1.1.0" - ] - }, - { - "ref": "difflib@0.2.4", - "dependsOn": [ - "heap@0.2.7" - ] - }, - { - "ref": "heap@0.2.7" - }, - { - "ref": "dreamopt@0.8.0", - "dependsOn": [ - "wordwrap@1.0.0" - ] - }, - { - "ref": "wordwrap@1.0.0" - }, - { - "ref": "jstoxml@3.2.10" - }, - { - "ref": "pretty@2.0.0", - "dependsOn": [ - "condense-newlines@0.2.1", - "extend-shallow@2.0.1", - "js-beautify@1.15.1" - ] - }, - { - "ref": "condense-newlines@0.2.1", - "dependsOn": [ - "extend-shallow@2.0.1", - "is-whitespace@0.3.0", - "kind-of@3.2.2" - ] - }, - { - "ref": "extend-shallow@2.0.1", - "dependsOn": [ - "is-extendable@0.1.1" - ] - }, - { - "ref": "is-whitespace@0.3.0" - }, - { - "ref": "kind-of@3.2.2", - "dependsOn": [ - "is-buffer@1.1.6" - ] - }, - { - "ref": "is-buffer@1.1.6" - }, - { - "ref": "is-extendable@0.1.1" - }, - { - "ref": "js-beautify@1.15.1", - "dependsOn": [ - "config-chain@1.1.13", - "editorconfig@1.0.4", - "js-beautify@1.15.1|glob@10.3.12", - "js-cookie@3.0.5", - "nopt@7.2.0" - ] - }, - { - "ref": "js-beautify@1.15.1|glob@10.3.12", - "dependsOn": [ - "foreground-child@3.1.1", - "jackspeak@2.3.6", - "minimatch@9.0.4", - "js-beautify@1.15.1|minipass@7.0.4", - "path-scurry@1.10.2" - ] - }, - { - "ref": "js-beautify@1.15.1|minipass@7.0.4" - }, - { - "ref": "config-chain@1.1.13", - "dependsOn": [ - "ini@1.3.8", - "proto-list@1.2.4" - ] - }, - { - "ref": "ini@1.3.8" - }, - { - "ref": "proto-list@1.2.4" - }, - { - "ref": "editorconfig@1.0.4", - "dependsOn": [ - "@one-ini/wasm@0.1.1", - "commander@10.0.1", - "editorconfig@1.0.4|minimatch@9.0.1", - "semver@7.6.2" - ] - }, - { - "ref": "editorconfig@1.0.4|minimatch@9.0.1", - "dependsOn": [ - "brace-expansion@2.0.1" - ] - }, - { - "ref": "@one-ini/wasm@0.1.1" - }, - { - "ref": "commander@10.0.1" - }, - { - "ref": "brace-expansion@2.0.1", - "dependsOn": [ - "balanced-match@1.0.2" - ] - }, - { - "ref": "js-cookie@3.0.5" - }, - { - "ref": "nopt@7.2.0", - "dependsOn": [ - "abbrev@2.0.0" - ] - }, - { - "ref": "abbrev@2.0.0" - }, - { - "ref": "@types/babel__core@7.20.5", - "dependsOn": [ - "@babel/parser@7.24.4", - "@babel/types@7.24.0", - "@types/babel__generator@7.6.8", - "@types/babel__template@7.4.4", - "@types/babel__traverse@7.20.5" - ] - }, - { - "ref": "@babel/template@7.24.0", - "dependsOn": [ - "@babel/code-frame@7.24.2", - "@babel/parser@7.24.4", - "@babel/types@7.24.0" - ] - }, - { - "ref": "bs-logger@0.2.6", - "dependsOn": [ - "fast-json-stable-stringify@2.1.0" - ] - }, - { - "ref": "json5@2.2.3" - }, - { - "ref": "lodash.memoize@4.1.2" - }, - { - "ref": "@oclif/core@3.26.9", - "dependsOn": [ - "@types/cli-progress@3.11.5", - "ansi-escapes@4.3.2", - "ansi-styles@4.3.0", - "cardinal@2.1.1", - "chalk@4.1.2", - "clean-stack@3.0.1", - "cli-progress@3.12.0", - "color@4.2.3", - "@oclif/core@3.26.9|debug@4.3.5", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "hyperlinker@1.0.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "@oclif/core@3.26.9|js-yaml@3.14.1", - "minimatch@9.0.4", - "natural-orderby@2.0.3", - "object-treeify@1.1.33", - "password-prompt@1.1.3", - "slice-ansi@4.0.0", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1", - "supports-color@8.1.1", - "supports-hyperlinks@2.3.0", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, - { - "ref": "@oclif/core@3.26.9|debug@4.3.5", - "dependsOn": [ - "@oclif/core@3.26.9|ms@2.1.2" - ] - }, - { - "ref": "@oclif/core@3.26.9|ms@2.1.2" - }, - { - "ref": "@oclif/core@3.26.9|js-yaml@3.14.1", - "dependsOn": [ - "@oclif/core@3.26.9|argparse@1.0.10", - "esprima@4.0.1" - ] - }, - { - "ref": "@oclif/core@3.26.9|argparse@1.0.10", - "dependsOn": [ - "@oclif/core@3.26.9|sprintf-js@1.0.3" - ] - }, - { - "ref": "@oclif/core@3.26.9|sprintf-js@1.0.3" - }, - { - "ref": "@types/cli-progress@3.11.5", - "dependsOn": [ - "@types/node@20.14.1" - ] - }, - { - "ref": "type-fest@0.21.3" - }, - { - "ref": "color-convert@2.0.1", - "dependsOn": [ - "color-name@1.1.4" - ] - }, - { - "ref": "cardinal@2.1.1", - "dependsOn": [ - "ansicolors@0.3.2", - "redeyed@2.1.1" - ] - }, - { - "ref": "ansicolors@0.3.2" - }, - { - "ref": "redeyed@2.1.1", - "dependsOn": [ - "esprima@4.0.1" - ] - }, - { - "ref": "esprima@4.0.1" - }, - { - "ref": "has-flag@4.0.0" - }, - { - "ref": "clean-stack@3.0.1", - "dependsOn": [ - "escape-string-regexp@4.0.0" - ] - }, - { - "ref": "escape-string-regexp@4.0.0" - }, - { - "ref": "cli-progress@3.12.0", - "dependsOn": [ - "BomRef.5hrhe0lu5jo.6brcifutiug" - ] - }, - { - "ref": "color@4.2.3", - "dependsOn": [ - "color-convert@2.0.1", - "color-string@1.9.1" - ] - }, - { - "ref": "color-string@1.9.1", - "dependsOn": [ - "color-name@1.1.4", - "simple-swizzle@0.2.2" - ] - }, - { - "ref": "simple-swizzle@0.2.2", - "dependsOn": [ - "simple-swizzle@0.2.2|is-arrayish@0.3.2" - ] - }, - { - "ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2" - }, - { - "ref": "ejs@3.1.10", - "dependsOn": [ - "jake@10.8.7" - ] - }, - { - "ref": "jake@10.8.7", - "dependsOn": [ - "async@3.2.5", - "chalk@4.1.2", - "filelist@1.0.4", - "jake@10.8.7|minimatch@3.1.2" - ] - }, - { - "ref": "jake@10.8.7|minimatch@3.1.2", - "dependsOn": [ - "jake@10.8.7|brace-expansion@1.1.11" - ] - }, - { - "ref": "jake@10.8.7|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] - }, - { - "ref": "async@3.2.5" - }, - { - "ref": "filelist@1.0.4", - "dependsOn": [ - "filelist@1.0.4|minimatch@5.1.6" - ] - }, - { - "ref": "filelist@1.0.4|minimatch@5.1.6", - "dependsOn": [ - "brace-expansion@2.0.1" - ] - }, - { - "ref": "balanced-match@1.0.2" - }, - { - "ref": "concat-map@0.0.1" - }, - { - "ref": "get-package-type@0.1.0" - }, - { - "ref": "globby@11.1.0", - "dependsOn": [ - "array-union@2.1.0", - "dir-glob@3.0.1", - "fast-glob@3.3.2", - "ignore@5.3.1", - "merge2@1.4.1", - "slash@3.0.0" - ] - }, - { - "ref": "array-union@2.1.0" - }, - { - "ref": "dir-glob@3.0.1", - "dependsOn": [ - "path-type@4.0.0" - ] - }, - { - "ref": "path-type@4.0.0" - }, - { - "ref": "ignore@5.3.1" - }, - { - "ref": "hyperlinker@1.0.0" - }, - { - "ref": "indent-string@4.0.0" - }, - { - "ref": "is-wsl@2.2.0", - "dependsOn": [ - "is-docker@2.2.1" - ] - }, - { - "ref": "is-docker@2.2.1" - }, - { - "ref": "natural-orderby@2.0.3" - }, - { - "ref": "object-treeify@1.1.33" - }, - { - "ref": "password-prompt@1.1.3", - "dependsOn": [ - "ansi-escapes@4.3.2", - "cross-spawn@7.0.3" - ] - }, - { - "ref": "slice-ansi@4.0.0", - "dependsOn": [ - "ansi-styles@4.3.0", - "astral-regex@2.0.0", - "is-fullwidth-code-point@3.0.0" - ] - }, - { - "ref": "astral-regex@2.0.0" - }, - { - "ref": "widest-line@3.1.0", - "dependsOn": [ - "BomRef.5hrhe0lu5jo.6brcifutiug" - ] - }, - { - "ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", - "dependsOn": [ - "ansi-styles@4.3.0", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1" - ] - }, - { - "ref": "@oclif/plugin-help@6.1.0", - "dependsOn": [ - "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13" - ] - }, - { - "ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", - "dependsOn": [ - "ansi-escapes@4.3.2", - "ansis@3.2.0", - "clean-stack@3.0.1", - "cli-spinners@2.9.2", - "cosmiconfig@9.0.0", - "debug@4.3.4", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "minimatch@9.0.4", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "@oclif/plugin-help@6.1.0|supports-color@9.4.0", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, - { - "ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0" - }, - { - "ref": "ansis@3.2.0" - }, - { - "ref": "cli-spinners@2.9.2" - }, - { - "ref": "cosmiconfig@9.0.0", - "dependsOn": [ - "env-paths@2.2.1", - "import-fresh@3.3.0", - "js-yaml@4.1.0", - "parse-json@5.2.0", - "typescript@5.1.6" - ] - }, - { - "ref": "env-paths@2.2.1" - }, - { - "ref": "import-fresh@3.3.0", - "dependsOn": [ - "parent-module@1.0.1", - "resolve-from@4.0.0" - ] - }, - { - "ref": "js-yaml@4.1.0", - "dependsOn": [ - "argparse@2.0.1" - ] - }, - { - "ref": "error-ex@1.3.2", - "dependsOn": [ - "is-arrayish@0.2.1" - ] - }, - { - "ref": "json-parse-even-better-errors@2.3.1" - }, - { - "ref": "typescript@5.1.6" - }, - { - "ref": "debug@4.3.4", - "dependsOn": [ - "debug@4.3.4|ms@2.1.2" - ] - }, - { - "ref": "debug@4.3.4|ms@2.1.2" - }, - { - "ref": "@oclif/plugin-plugins@5.2.2", - "dependsOn": [ - "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", - "ansis@3.2.0", - "@oclif/plugin-plugins@5.2.2|debug@4.3.5", - "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", - "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", - "npm@10.8.0", - "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", - "semver@7.6.2", - "validate-npm-package-name@5.0.1", - "@oclif/plugin-plugins@5.2.2|which@4.0.0", - "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" - ] - }, - { - "ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", - "dependsOn": [ - "ansi-escapes@4.3.2", - "ansis@3.2.0", - "clean-stack@3.0.1", - "cli-spinners@2.9.2", - "cosmiconfig@9.0.0", - "@oclif/plugin-plugins@5.2.2|debug@4.3.5", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "minimatch@9.0.4", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "supports-color@8.1.1", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, - { - "ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", - "dependsOn": [ - "@oclif/plugin-plugins@5.2.2|ms@2.1.2" - ] - }, - { - "ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2" - }, - { - "ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", - "dependsOn": [ - "hosted-git-info@7.0.2", - "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", - "semver@7.6.2", - "validate-npm-package-name@5.0.1" - ] - }, - { - "ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0" - }, - { - "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", - "dependsOn": [ - "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" - ] - }, - { - "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" - }, - { - "ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1" - }, - { - "ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", - "dependsOn": [ - "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" - ] - }, - { - "ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" - }, - { - "ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" - }, - { - "ref": "hosted-git-info@7.0.2", - "dependsOn": [ - "hosted-git-info@7.0.2|lru-cache@10.2.2" - ] - }, - { - "ref": "hosted-git-info@7.0.2|lru-cache@10.2.2" - }, - { - "ref": "validate-npm-package-name@5.0.1" - }, - { - "ref": "npm@10.8.0", - "dependsOn": [ - "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", - "npm@10.8.0|@npmcli/arborist@7.5.2", - "npm@10.8.0|@npmcli/config@8.3.2", - "npm@10.8.0|@npmcli/fs@3.1.1", - "npm@10.8.0|@npmcli/map-workspaces@3.0.6", - "npm@10.8.0|@npmcli/package-json@5.1.0", - "npm@10.8.0|@npmcli/promise-spawn@7.0.2", - "npm@10.8.0|@npmcli/redact@2.0.0", - "npm@10.8.0|@npmcli/run-script@8.1.0", - "npm@10.8.0|@sigstore/tuf@2.3.3", - "npm@10.8.0|abbrev@2.0.0", - "npm@10.8.0|archy@1.0.0", - "npm@10.8.0|cacache@18.0.3", - "npm@10.8.0|chalk@5.3.0", - "npm@10.8.0|ci-info@4.0.0", - "npm@10.8.0|cli-columns@4.0.0", - "npm@10.8.0|fastest-levenshtein@1.0.16", - "npm@10.8.0|fs-minipass@3.0.3", - "npm@10.8.0|glob@10.3.15", - "npm@10.8.0|graceful-fs@4.2.11", - "npm@10.8.0|hosted-git-info@7.0.2", - "npm@10.8.0|ini@4.1.2", - "npm@10.8.0|init-package-json@6.0.3", - "npm@10.8.0|is-cidr@5.0.5", - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|libnpmaccess@8.0.6", - "npm@10.8.0|libnpmdiff@6.1.2", - "npm@10.8.0|libnpmexec@8.1.1", - "npm@10.8.0|libnpmfund@5.0.10", - "npm@10.8.0|libnpmhook@10.0.5", - "npm@10.8.0|libnpmorg@6.0.6", - "npm@10.8.0|libnpmpack@7.0.2", - "npm@10.8.0|libnpmpublish@9.0.8", - "npm@10.8.0|libnpmsearch@7.0.5", - "npm@10.8.0|libnpmteam@6.0.5", - "npm@10.8.0|libnpmversion@6.0.2", - "npm@10.8.0|make-fetch-happen@13.0.1", - "npm@10.8.0|minimatch@9.0.4", - "npm@10.8.0|minipass-pipeline@1.2.4", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|ms@2.1.3", - "npm@10.8.0|node-gyp@10.1.0", - "npm@10.8.0|nopt@7.2.1", - "npm@10.8.0|normalize-package-data@6.0.1", - "npm@10.8.0|npm-audit-report@5.0.0", - "npm@10.8.0|npm-install-checks@6.3.0", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|npm-pick-manifest@9.0.1", - "npm@10.8.0|npm-profile@10.0.0", - "npm@10.8.0|npm-registry-fetch@17.0.1", - "npm@10.8.0|npm-user-validate@2.0.1", - "npm@10.8.0|p-map@4.0.0", - "npm@10.8.0|pacote@18.0.6", - "npm@10.8.0|parse-conflict-json@3.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|qrcode-terminal@0.12.0", - "npm@10.8.0|read@3.0.1", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|spdx-expression-parse@4.0.0", - "npm@10.8.0|ssri@10.0.6", - "npm@10.8.0|supports-color@9.4.0", - "npm@10.8.0|tar@6.2.1", - "npm@10.8.0|text-table@0.2.0", - "npm@10.8.0|tiny-relative-date@1.3.0", - "npm@10.8.0|treeverse@3.0.0", - "npm@10.8.0|validate-npm-package-name@5.0.1", - "npm@10.8.0|which@4.0.0", - "npm@10.8.0|write-file-atomic@5.0.1" - ] - }, - { - "ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0" - }, - { - "ref": "npm@10.8.0|@npmcli/arborist@7.5.2", - "dependsOn": [ - "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", - "npm@10.8.0|@npmcli/fs@3.1.1", - "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", - "npm@10.8.0|@npmcli/map-workspaces@3.0.6", - "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", - "npm@10.8.0|@npmcli/name-from-folder@2.0.0", - "npm@10.8.0|@npmcli/node-gyp@3.0.0", - "npm@10.8.0|@npmcli/package-json@5.1.0", - "npm@10.8.0|@npmcli/query@3.1.0", - "npm@10.8.0|@npmcli/redact@2.0.0", - "npm@10.8.0|@npmcli/run-script@8.1.0", - "npm@10.8.0|bin-links@4.0.4", - "npm@10.8.0|cacache@18.0.3", - "npm@10.8.0|common-ancestor-path@1.0.1", - "npm@10.8.0|hosted-git-info@7.0.2", - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|json-stringify-nice@1.1.4", - "npm@10.8.0|lru-cache@10.2.2", - "npm@10.8.0|minimatch@9.0.4", - "npm@10.8.0|nopt@7.2.1", - "npm@10.8.0|npm-install-checks@6.3.0", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|npm-pick-manifest@9.0.1", - "npm@10.8.0|npm-registry-fetch@17.0.1", - "npm@10.8.0|pacote@18.0.6", - "npm@10.8.0|parse-conflict-json@3.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|proggy@2.0.0", - "npm@10.8.0|promise-all-reject-late@1.0.1", - "npm@10.8.0|promise-call-limit@3.0.1", - "npm@10.8.0|read-package-json-fast@3.0.2", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|ssri@10.0.6", - "npm@10.8.0|treeverse@3.0.0", - "npm@10.8.0|walk-up-path@3.0.1" - ] - }, - { - "ref": "npm@10.8.0|@npmcli/fs@3.1.1", - "dependsOn": [ - "npm@10.8.0|semver@7.6.2" - ] - }, - { - "ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", - "dependsOn": [ - "npm@10.8.0|npm-bundled@3.0.1", - "npm@10.8.0|npm-normalize-package-bin@3.0.1" - ] - }, - { - "ref": "npm@10.8.0|npm-bundled@3.0.1", - "dependsOn": [ - "npm@10.8.0|npm-normalize-package-bin@3.0.1" - ] - }, - { - "ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1" - }, - { - "ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", - "dependsOn": [ - "npm@10.8.0|@npmcli/name-from-folder@2.0.0", - "npm@10.8.0|glob@10.3.15", - "npm@10.8.0|minimatch@9.0.4", - "npm@10.8.0|read-package-json-fast@3.0.2" - ] - }, - { - "ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", - "dependsOn": [ - "npm@10.8.0|cacache@18.0.3", - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|pacote@18.0.6", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|semver@7.6.2" - ] - }, - { - "ref": "npm@10.8.0|cacache@18.0.3", - "dependsOn": [ - "npm@10.8.0|@npmcli/fs@3.1.1", - "npm@10.8.0|fs-minipass@3.0.3", - "npm@10.8.0|glob@10.3.15", - "npm@10.8.0|lru-cache@10.2.2", - "npm@10.8.0|minipass-collect@2.0.1", - "npm@10.8.0|minipass-flush@1.0.5", - "npm@10.8.0|minipass-pipeline@1.2.4", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|p-map@4.0.0", - "npm@10.8.0|ssri@10.0.6", - "npm@10.8.0|tar@6.2.1", - "npm@10.8.0|unique-filename@3.0.0" - ] - }, - { - "ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2" - }, - { - "ref": "npm@10.8.0|pacote@18.0.6", - "dependsOn": [ - "npm@10.8.0|@npmcli/git@5.0.7", - "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", - "npm@10.8.0|@npmcli/package-json@5.1.0", - "npm@10.8.0|@npmcli/promise-spawn@7.0.2", - "npm@10.8.0|@npmcli/run-script@8.1.0", - "npm@10.8.0|cacache@18.0.3", - "npm@10.8.0|fs-minipass@3.0.3", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|npm-packlist@8.0.2", - "npm@10.8.0|npm-pick-manifest@9.0.1", - "npm@10.8.0|npm-registry-fetch@17.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|promise-retry@2.0.1", - "npm@10.8.0|sigstore@2.3.0", - "npm@10.8.0|ssri@10.0.6", - "npm@10.8.0|tar@6.2.1" - ] - }, - { - "ref": "npm@10.8.0|proc-log@4.2.0" - }, - { - "ref": "npm@10.8.0|semver@7.6.2" - }, - { - "ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0" - }, - { - "ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0" - }, - { - "ref": "npm@10.8.0|@npmcli/package-json@5.1.0", - "dependsOn": [ - "npm@10.8.0|@npmcli/git@5.0.7", - "npm@10.8.0|glob@10.3.15", - "npm@10.8.0|hosted-git-info@7.0.2", - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|normalize-package-data@6.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|semver@7.6.2" - ] - }, - { - "ref": "npm@10.8.0|@npmcli/query@3.1.0", - "dependsOn": [ - "npm@10.8.0|postcss-selector-parser@6.0.16" - ] - }, - { - "ref": "npm@10.8.0|postcss-selector-parser@6.0.16", - "dependsOn": [ - "npm@10.8.0|cssesc@3.0.0", - "npm@10.8.0|util-deprecate@1.0.2" - ] - }, - { - "ref": "npm@10.8.0|cssesc@3.0.0" - }, - { - "ref": "npm@10.8.0|util-deprecate@1.0.2" - }, - { - "ref": "npm@10.8.0|@npmcli/redact@2.0.0" - }, - { - "ref": "npm@10.8.0|@npmcli/run-script@8.1.0", - "dependsOn": [ - "npm@10.8.0|@npmcli/node-gyp@3.0.0", - "npm@10.8.0|@npmcli/package-json@5.1.0", - "npm@10.8.0|@npmcli/promise-spawn@7.0.2", - "npm@10.8.0|node-gyp@10.1.0", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|which@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|bin-links@4.0.4", - "dependsOn": [ - "npm@10.8.0|cmd-shim@6.0.3", - "npm@10.8.0|npm-normalize-package-bin@3.0.1", - "npm@10.8.0|read-cmd-shim@4.0.0", - "npm@10.8.0|write-file-atomic@5.0.1" - ] - }, - { - "ref": "npm@10.8.0|cmd-shim@6.0.3" - }, - { - "ref": "npm@10.8.0|read-cmd-shim@4.0.0" - }, - { - "ref": "npm@10.8.0|write-file-atomic@5.0.1", - "dependsOn": [ - "npm@10.8.0|imurmurhash@0.1.4", - "npm@10.8.0|signal-exit@4.1.0" - ] - }, - { - "ref": "npm@10.8.0|common-ancestor-path@1.0.1" - }, - { - "ref": "npm@10.8.0|hosted-git-info@7.0.2", - "dependsOn": [ - "npm@10.8.0|lru-cache@10.2.2" - ] - }, - { - "ref": "npm@10.8.0|json-stringify-nice@1.1.4" - }, - { - "ref": "npm@10.8.0|lru-cache@10.2.2" - }, - { - "ref": "npm@10.8.0|minimatch@9.0.4", - "dependsOn": [ - "npm@10.8.0|brace-expansion@2.0.1" - ] - }, - { - "ref": "npm@10.8.0|nopt@7.2.1", - "dependsOn": [ - "npm@10.8.0|abbrev@2.0.0" - ] - }, - { - "ref": "npm@10.8.0|npm-install-checks@6.3.0", - "dependsOn": [ - "npm@10.8.0|semver@7.6.2" - ] - }, - { - "ref": "npm@10.8.0|npm-package-arg@11.0.2", - "dependsOn": [ - "npm@10.8.0|hosted-git-info@7.0.2", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|validate-npm-package-name@5.0.1" - ] - }, - { - "ref": "npm@10.8.0|npm-pick-manifest@9.0.1", - "dependsOn": [ - "npm@10.8.0|npm-install-checks@6.3.0", - "npm@10.8.0|npm-normalize-package-bin@3.0.1", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|semver@7.6.2" - ] - }, - { - "ref": "npm@10.8.0|npm-registry-fetch@17.0.1", - "dependsOn": [ - "npm@10.8.0|@npmcli/redact@2.0.0", - "npm@10.8.0|make-fetch-happen@13.0.1", - "npm@10.8.0|minipass-fetch@3.0.5", - "npm@10.8.0|minipass-json-stream@1.0.1", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|minizlib@2.1.2", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|proc-log@4.2.0" - ] - }, - { - "ref": "npm@10.8.0|parse-conflict-json@3.0.1", - "dependsOn": [ - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|just-diff-apply@5.5.0", - "npm@10.8.0|just-diff@6.0.2" - ] - }, - { - "ref": "npm@10.8.0|proggy@2.0.0" - }, - { - "ref": "npm@10.8.0|promise-all-reject-late@1.0.1" - }, - { - "ref": "npm@10.8.0|promise-call-limit@3.0.1" - }, - { - "ref": "npm@10.8.0|read-package-json-fast@3.0.2", - "dependsOn": [ - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|npm-normalize-package-bin@3.0.1" - ] - }, - { - "ref": "npm@10.8.0|ssri@10.0.6", - "dependsOn": [ - "npm@10.8.0|minipass@7.1.1" - ] - }, - { - "ref": "npm@10.8.0|treeverse@3.0.0" - }, - { - "ref": "npm@10.8.0|walk-up-path@3.0.1" - }, - { - "ref": "npm@10.8.0|@npmcli/config@8.3.2", - "dependsOn": [ - "npm@10.8.0|@npmcli/map-workspaces@3.0.6", - "npm@10.8.0|ci-info@4.0.0", - "npm@10.8.0|ini@4.1.2", - "npm@10.8.0|nopt@7.2.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|read-package-json-fast@3.0.2", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|walk-up-path@3.0.1" - ] - }, - { - "ref": "npm@10.8.0|ci-info@4.0.0" - }, - { - "ref": "npm@10.8.0|ini@4.1.2" - }, - { - "ref": "npm@10.8.0|glob@10.3.15", - "dependsOn": [ - "npm@10.8.0|foreground-child@3.1.1", - "npm@10.8.0|jackspeak@2.3.6", - "npm@10.8.0|minimatch@9.0.4", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|path-scurry@1.11.1" - ] - }, - { - "ref": "npm@10.8.0|@npmcli/git@5.0.7", - "dependsOn": [ - "npm@10.8.0|@npmcli/promise-spawn@7.0.2", - "npm@10.8.0|lru-cache@10.2.2", - "npm@10.8.0|npm-pick-manifest@9.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|promise-inflight@1.0.1", - "npm@10.8.0|promise-retry@2.0.1", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|which@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", - "dependsOn": [ - "npm@10.8.0|which@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|promise-inflight@1.0.1" - }, - { - "ref": "npm@10.8.0|promise-retry@2.0.1", - "dependsOn": [ - "npm@10.8.0|err-code@2.0.3", - "npm@10.8.0|retry@0.12.0" - ] - }, - { - "ref": "npm@10.8.0|which@4.0.0", - "dependsOn": [ - "npm@10.8.0|which@4.0.0|isexe@3.1.1" - ] - }, - { - "ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1" - }, - { - "ref": "npm@10.8.0|normalize-package-data@6.0.1", - "dependsOn": [ - "npm@10.8.0|hosted-git-info@7.0.2", - "npm@10.8.0|is-core-module@2.13.1", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|validate-npm-package-license@3.0.4" - ] - }, - { - "ref": "npm@10.8.0|node-gyp@10.1.0", - "dependsOn": [ - "npm@10.8.0|env-paths@2.2.1", - "npm@10.8.0|exponential-backoff@3.1.1", - "npm@10.8.0|glob@10.3.15", - "npm@10.8.0|graceful-fs@4.2.11", - "npm@10.8.0|make-fetch-happen@13.0.1", - "npm@10.8.0|nopt@7.2.1", - "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|tar@6.2.1", - "npm@10.8.0|which@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0" - }, - { - "ref": "npm@10.8.0|@sigstore/tuf@2.3.3", - "dependsOn": [ - "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", - "npm@10.8.0|tuf-js@2.2.1" - ] - }, - { - "ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" - }, - { - "ref": "npm@10.8.0|tuf-js@2.2.1", - "dependsOn": [ - "npm@10.8.0|@tufjs/models@2.0.1", - "npm@10.8.0|debug@4.3.4", - "npm@10.8.0|make-fetch-happen@13.0.1" - ] - }, - { - "ref": "npm@10.8.0|@tufjs/models@2.0.1", - "dependsOn": [ - "npm@10.8.0|@tufjs/canonical-json@2.0.0", - "npm@10.8.0|minimatch@9.0.4" - ] - }, - { - "ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0" - }, - { - "ref": "npm@10.8.0|debug@4.3.4", - "dependsOn": [ - "npm@10.8.0|debug@4.3.4|ms@2.1.2" - ] - }, - { - "ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2" - }, - { - "ref": "npm@10.8.0|make-fetch-happen@13.0.1", - "dependsOn": [ - "npm@10.8.0|@npmcli/agent@2.2.2", - "npm@10.8.0|cacache@18.0.3", - "npm@10.8.0|http-cache-semantics@4.1.1", - "npm@10.8.0|is-lambda@1.0.1", - "npm@10.8.0|minipass-fetch@3.0.5", - "npm@10.8.0|minipass-flush@1.0.5", - "npm@10.8.0|minipass-pipeline@1.2.4", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|negotiator@0.6.3", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|promise-retry@2.0.1", - "npm@10.8.0|ssri@10.0.6" - ] - }, - { - "ref": "npm@10.8.0|abbrev@2.0.0" - }, - { - "ref": "npm@10.8.0|archy@1.0.0" - }, - { - "ref": "npm@10.8.0|fs-minipass@3.0.3", - "dependsOn": [ - "npm@10.8.0|minipass@7.1.1" - ] - }, - { - "ref": "npm@10.8.0|minipass-collect@2.0.1", - "dependsOn": [ - "npm@10.8.0|minipass@7.1.1" - ] - }, - { - "ref": "npm@10.8.0|minipass@7.1.1" - }, - { - "ref": "npm@10.8.0|minipass-flush@1.0.5", - "dependsOn": [ - "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6" - ] - }, - { - "ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", - "dependsOn": [ - "npm@10.8.0|yallist@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|yallist@4.0.0" - }, - { - "ref": "npm@10.8.0|minipass-pipeline@1.2.4", - "dependsOn": [ - "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6" - ] - }, - { - "ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", - "dependsOn": [ - "npm@10.8.0|yallist@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|p-map@4.0.0", - "dependsOn": [ - "npm@10.8.0|aggregate-error@3.1.0" - ] - }, - { - "ref": "npm@10.8.0|tar@6.2.1", - "dependsOn": [ - "npm@10.8.0|chownr@2.0.0", - "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", - "npm@10.8.0|tar@6.2.1|minipass@5.0.0", - "npm@10.8.0|minizlib@2.1.2", - "npm@10.8.0|mkdirp@1.0.4", - "npm@10.8.0|yallist@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", - "dependsOn": [ - "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6" - ] - }, - { - "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", - "dependsOn": [ - "npm@10.8.0|yallist@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0" - }, - { - "ref": "npm@10.8.0|unique-filename@3.0.0", - "dependsOn": [ - "npm@10.8.0|unique-slug@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|unique-slug@4.0.0", - "dependsOn": [ - "npm@10.8.0|imurmurhash@0.1.4" - ] - }, - { - "ref": "npm@10.8.0|imurmurhash@0.1.4" - }, - { - "ref": "npm@10.8.0|chalk@5.3.0" - }, - { - "ref": "npm@10.8.0|cli-columns@4.0.0", - "dependsOn": [ - "npm@10.8.0|string-width@4.2.3", - "npm@10.8.0|strip-ansi@6.0.1" - ] - }, - { - "ref": "npm@10.8.0|string-width@4.2.3", - "dependsOn": [ - "npm@10.8.0|emoji-regex@8.0.0", - "npm@10.8.0|is-fullwidth-code-point@3.0.0", - "npm@10.8.0|strip-ansi@6.0.1" - ] - }, - { - "ref": "npm@10.8.0|emoji-regex@8.0.0" - }, - { - "ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0" - }, - { - "ref": "npm@10.8.0|strip-ansi@6.0.1", - "dependsOn": [ - "npm@10.8.0|ansi-regex@5.0.1" - ] - }, - { - "ref": "npm@10.8.0|ansi-regex@5.0.1" - }, - { - "ref": "npm@10.8.0|fastest-levenshtein@1.0.16" - }, - { - "ref": "npm@10.8.0|foreground-child@3.1.1", - "dependsOn": [ - "npm@10.8.0|cross-spawn@7.0.3", - "npm@10.8.0|signal-exit@4.1.0" - ] - }, - { - "ref": "npm@10.8.0|cross-spawn@7.0.3", - "dependsOn": [ - "npm@10.8.0|path-key@3.1.1", - "npm@10.8.0|shebang-command@2.0.0", - "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2" - ] - }, - { - "ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", - "dependsOn": [ - "npm@10.8.0|isexe@2.0.0" - ] - }, - { - "ref": "npm@10.8.0|path-key@3.1.1" - }, - { - "ref": "npm@10.8.0|shebang-command@2.0.0", - "dependsOn": [ - "npm@10.8.0|shebang-regex@3.0.0" - ] - }, - { - "ref": "npm@10.8.0|shebang-regex@3.0.0" - }, - { - "ref": "npm@10.8.0|isexe@2.0.0" - }, - { - "ref": "npm@10.8.0|signal-exit@4.1.0" - }, - { - "ref": "npm@10.8.0|jackspeak@2.3.6", - "dependsOn": [ - "npm@10.8.0|@isaacs/cliui@8.0.2", - "npm@10.8.0|@pkgjs/parseargs@0.11.0" - ] - }, - { - "ref": "npm@10.8.0|@isaacs/cliui@8.0.2", - "dependsOn": [ - "BomRef.6h760ft6oi8.7sr4bitkllo", - "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", - "BomRef.uih8rvtlbdo.33q7f9m1mj", - "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", - "npm@10.8.0|wrap-ansi@7.0.0", - "npm@10.8.0|wrap-ansi@8.1.0" - ] - }, - { - "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", - "dependsOn": [ - "npm@10.8.0|eastasianwidth@0.2.0", - "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", - "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0" - ] - }, - { - "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2" - }, - { - "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", - "dependsOn": [ - "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" - ] - }, - { - "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" - }, - { - "ref": "BomRef.6h760ft6oi8.7sr4bitkllo", - "dependsOn": [ - "npm@10.8.0|emoji-regex@8.0.0", - "npm@10.8.0|is-fullwidth-code-point@3.0.0", - "npm@10.8.0|strip-ansi@6.0.1" - ] - }, - { - "ref": "npm@10.8.0|eastasianwidth@0.2.0" - }, - { - "ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", - "dependsOn": [ - "npm@10.8.0|ansi-regex@5.0.1" - ] - }, - { - "ref": "npm@10.8.0|wrap-ansi@7.0.0", - "dependsOn": [ - "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", - "npm@10.8.0|string-width@4.2.3", - "npm@10.8.0|strip-ansi@6.0.1" - ] - }, - { - "ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", - "dependsOn": [ - "npm@10.8.0|color-convert@2.0.1" - ] - }, - { - "ref": "npm@10.8.0|color-convert@2.0.1", - "dependsOn": [ - "npm@10.8.0|color-name@1.1.4" - ] - }, - { - "ref": "npm@10.8.0|color-name@1.1.4" - }, - { - "ref": "npm@10.8.0|wrap-ansi@8.1.0", - "dependsOn": [ - "npm@10.8.0|ansi-styles@6.2.1", - "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", - "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" - ] - }, - { - "ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", - "dependsOn": [ - "npm@10.8.0|eastasianwidth@0.2.0", - "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", - "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" - ] - }, - { - "ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2" - }, - { - "ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", - "dependsOn": [ - "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" - ] - }, - { - "ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" - }, - { - "ref": "npm@10.8.0|ansi-styles@6.2.1" - }, - { - "ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0" - }, - { - "ref": "npm@10.8.0|path-scurry@1.11.1", - "dependsOn": [ - "npm@10.8.0|lru-cache@10.2.2", - "npm@10.8.0|minipass@7.1.1" - ] - }, - { - "ref": "npm@10.8.0|graceful-fs@4.2.11" - }, - { - "ref": "npm@10.8.0|init-package-json@6.0.3", - "dependsOn": [ - "npm@10.8.0|@npmcli/package-json@5.1.0", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|promzard@1.0.2", - "npm@10.8.0|read@3.0.1", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|validate-npm-package-license@3.0.4", - "npm@10.8.0|validate-npm-package-name@5.0.1" - ] - }, - { - "ref": "npm@10.8.0|promzard@1.0.2", - "dependsOn": [ - "npm@10.8.0|read@3.0.1" - ] - }, - { - "ref": "npm@10.8.0|read@3.0.1", - "dependsOn": [ - "npm@10.8.0|mute-stream@1.0.0" - ] - }, - { - "ref": "npm@10.8.0|validate-npm-package-license@3.0.4", - "dependsOn": [ - "npm@10.8.0|spdx-correct@3.2.0", - "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1" - ] - }, - { - "ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", - "dependsOn": [ - "npm@10.8.0|spdx-exceptions@2.5.0", - "npm@10.8.0|spdx-license-ids@3.0.17" - ] - }, - { - "ref": "npm@10.8.0|spdx-correct@3.2.0", - "dependsOn": [ - "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", - "npm@10.8.0|spdx-license-ids@3.0.17" - ] - }, - { - "ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", - "dependsOn": [ - "npm@10.8.0|spdx-exceptions@2.5.0", - "npm@10.8.0|spdx-license-ids@3.0.17" - ] - }, - { - "ref": "npm@10.8.0|spdx-exceptions@2.5.0" - }, - { - "ref": "npm@10.8.0|spdx-license-ids@3.0.17" - }, - { - "ref": "npm@10.8.0|validate-npm-package-name@5.0.1" - }, - { - "ref": "npm@10.8.0|is-cidr@5.0.5", - "dependsOn": [ - "npm@10.8.0|cidr-regex@4.0.5" - ] - }, - { - "ref": "npm@10.8.0|cidr-regex@4.0.5", - "dependsOn": [ - "npm@10.8.0|ip-regex@5.0.0" - ] - }, - { - "ref": "npm@10.8.0|ip-regex@5.0.0" - }, - { - "ref": "npm@10.8.0|libnpmaccess@8.0.6", - "dependsOn": [ - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|npm-registry-fetch@17.0.1" - ] - }, - { - "ref": "npm@10.8.0|libnpmdiff@6.1.2", - "dependsOn": [ - "npm@10.8.0|@npmcli/arborist@7.5.2", - "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", - "npm@10.8.0|binary-extensions@2.3.0", - "npm@10.8.0|diff@5.2.0", - "npm@10.8.0|minimatch@9.0.4", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|pacote@18.0.6", - "npm@10.8.0|tar@6.2.1" - ] - }, - { - "ref": "npm@10.8.0|binary-extensions@2.3.0" - }, - { - "ref": "npm@10.8.0|diff@5.2.0" - }, - { - "ref": "npm@10.8.0|libnpmexec@8.1.1", - "dependsOn": [ - "npm@10.8.0|@npmcli/arborist@7.5.2", - "npm@10.8.0|@npmcli/run-script@8.1.0", - "npm@10.8.0|ci-info@4.0.0", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|pacote@18.0.6", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|read-package-json-fast@3.0.2", - "npm@10.8.0|read@3.0.1", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|walk-up-path@3.0.1" - ] - }, - { - "ref": "npm@10.8.0|libnpmfund@5.0.10", - "dependsOn": [ - "npm@10.8.0|@npmcli/arborist@7.5.2" - ] - }, - { - "ref": "npm@10.8.0|libnpmhook@10.0.5", - "dependsOn": [ - "npm@10.8.0|aproba@2.0.0", - "npm@10.8.0|npm-registry-fetch@17.0.1" - ] - }, - { - "ref": "npm@10.8.0|aproba@2.0.0" - }, - { - "ref": "npm@10.8.0|libnpmorg@6.0.6", - "dependsOn": [ - "npm@10.8.0|aproba@2.0.0", - "npm@10.8.0|npm-registry-fetch@17.0.1" - ] - }, - { - "ref": "npm@10.8.0|libnpmpack@7.0.2", - "dependsOn": [ - "npm@10.8.0|@npmcli/arborist@7.5.2", - "npm@10.8.0|@npmcli/run-script@8.1.0", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|pacote@18.0.6" - ] - }, - { - "ref": "npm@10.8.0|libnpmpublish@9.0.8", - "dependsOn": [ - "npm@10.8.0|ci-info@4.0.0", - "npm@10.8.0|normalize-package-data@6.0.1", - "npm@10.8.0|npm-package-arg@11.0.2", - "npm@10.8.0|npm-registry-fetch@17.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|semver@7.6.2", - "npm@10.8.0|sigstore@2.3.0", - "npm@10.8.0|ssri@10.0.6" - ] - }, - { - "ref": "npm@10.8.0|sigstore@2.3.0", - "dependsOn": [ - "npm@10.8.0|@sigstore/bundle@2.3.1", - "npm@10.8.0|@sigstore/core@1.1.0", - "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", - "npm@10.8.0|@sigstore/sign@2.3.1", - "npm@10.8.0|@sigstore/tuf@2.3.3", - "npm@10.8.0|@sigstore/verify@1.2.0" - ] - }, - { - "ref": "npm@10.8.0|@sigstore/bundle@2.3.1", - "dependsOn": [ - "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" - ] - }, - { - "ref": "npm@10.8.0|@sigstore/core@1.1.0" - }, - { - "ref": "npm@10.8.0|@sigstore/sign@2.3.1", - "dependsOn": [ - "npm@10.8.0|@sigstore/bundle@2.3.1", - "npm@10.8.0|@sigstore/core@1.1.0", - "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", - "npm@10.8.0|make-fetch-happen@13.0.1", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|promise-retry@2.0.1" - ] - }, - { - "ref": "npm@10.8.0|@sigstore/verify@1.2.0", - "dependsOn": [ - "npm@10.8.0|@sigstore/bundle@2.3.1", - "npm@10.8.0|@sigstore/core@1.1.0", - "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" - ] - }, - { - "ref": "npm@10.8.0|libnpmsearch@7.0.5", - "dependsOn": [ - "npm@10.8.0|npm-registry-fetch@17.0.1" - ] - }, - { - "ref": "npm@10.8.0|libnpmteam@6.0.5", - "dependsOn": [ - "npm@10.8.0|aproba@2.0.0", - "npm@10.8.0|npm-registry-fetch@17.0.1" - ] - }, - { - "ref": "npm@10.8.0|libnpmversion@6.0.2", - "dependsOn": [ - "npm@10.8.0|@npmcli/git@5.0.7", - "npm@10.8.0|@npmcli/run-script@8.1.0", - "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "npm@10.8.0|proc-log@4.2.0", - "npm@10.8.0|semver@7.6.2" - ] - }, - { - "ref": "npm@10.8.0|@npmcli/agent@2.2.2", - "dependsOn": [ - "npm@10.8.0|agent-base@7.1.1", - "npm@10.8.0|http-proxy-agent@7.0.2", - "npm@10.8.0|https-proxy-agent@7.0.4", - "npm@10.8.0|lru-cache@10.2.2", - "npm@10.8.0|socks-proxy-agent@8.0.3" - ] - }, - { - "ref": "npm@10.8.0|agent-base@7.1.1", - "dependsOn": [ - "npm@10.8.0|debug@4.3.4" - ] - }, - { - "ref": "npm@10.8.0|http-proxy-agent@7.0.2", - "dependsOn": [ - "npm@10.8.0|agent-base@7.1.1", - "npm@10.8.0|debug@4.3.4" - ] - }, - { - "ref": "npm@10.8.0|https-proxy-agent@7.0.4", - "dependsOn": [ - "npm@10.8.0|agent-base@7.1.1", - "npm@10.8.0|debug@4.3.4" - ] - }, - { - "ref": "npm@10.8.0|socks-proxy-agent@8.0.3", - "dependsOn": [ - "npm@10.8.0|agent-base@7.1.1", - "npm@10.8.0|debug@4.3.4", - "npm@10.8.0|socks@2.8.3" - ] - }, - { - "ref": "npm@10.8.0|socks@2.8.3", - "dependsOn": [ - "npm@10.8.0|ip-address@9.0.5", - "npm@10.8.0|smart-buffer@4.2.0" - ] - }, - { - "ref": "npm@10.8.0|ip-address@9.0.5", - "dependsOn": [ - "npm@10.8.0|jsbn@1.1.0", - "npm@10.8.0|sprintf-js@1.1.3" - ] - }, - { - "ref": "npm@10.8.0|jsbn@1.1.0" - }, - { - "ref": "npm@10.8.0|sprintf-js@1.1.3" - }, - { - "ref": "npm@10.8.0|smart-buffer@4.2.0" - }, - { - "ref": "npm@10.8.0|http-cache-semantics@4.1.1" - }, - { - "ref": "npm@10.8.0|is-lambda@1.0.1" - }, - { - "ref": "npm@10.8.0|minipass-fetch@3.0.5", - "dependsOn": [ - "npm@10.8.0|encoding@0.1.13", - "npm@10.8.0|minipass-sized@1.0.3", - "npm@10.8.0|minipass@7.1.1", - "npm@10.8.0|minizlib@2.1.2" - ] - }, - { - "ref": "npm@10.8.0|encoding@0.1.13", - "dependsOn": [ - "npm@10.8.0|iconv-lite@0.6.3" - ] - }, - { - "ref": "npm@10.8.0|iconv-lite@0.6.3", - "dependsOn": [ - "npm@10.8.0|safer-buffer@2.1.2" - ] - }, - { - "ref": "npm@10.8.0|safer-buffer@2.1.2" - }, - { - "ref": "npm@10.8.0|minipass-sized@1.0.3", - "dependsOn": [ - "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6" - ] - }, - { - "ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", - "dependsOn": [ - "npm@10.8.0|yallist@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|minizlib@2.1.2", - "dependsOn": [ - "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", - "npm@10.8.0|yallist@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", - "dependsOn": [ - "npm@10.8.0|yallist@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|negotiator@0.6.3" - }, - { - "ref": "npm@10.8.0|err-code@2.0.3" - }, - { - "ref": "npm@10.8.0|retry@0.12.0" - }, - { - "ref": "npm@10.8.0|brace-expansion@2.0.1", - "dependsOn": [ - "npm@10.8.0|balanced-match@1.0.2" - ] - }, - { - "ref": "npm@10.8.0|balanced-match@1.0.2" - }, - { - "ref": "npm@10.8.0|ms@2.1.3" - }, - { - "ref": "npm@10.8.0|env-paths@2.2.1" - }, - { - "ref": "npm@10.8.0|exponential-backoff@3.1.1" - }, - { - "ref": "npm@10.8.0|is-core-module@2.13.1", - "dependsOn": [ - "npm@10.8.0|hasown@2.0.2" - ] - }, - { - "ref": "npm@10.8.0|hasown@2.0.2", - "dependsOn": [ - "npm@10.8.0|function-bind@1.1.2" - ] - }, - { - "ref": "npm@10.8.0|function-bind@1.1.2" - }, - { - "ref": "npm@10.8.0|npm-audit-report@5.0.0" - }, - { - "ref": "npm@10.8.0|npm-profile@10.0.0", - "dependsOn": [ - "npm@10.8.0|npm-registry-fetch@17.0.1", - "npm@10.8.0|proc-log@4.2.0" - ] - }, - { - "ref": "npm@10.8.0|minipass-json-stream@1.0.1", - "dependsOn": [ - "npm@10.8.0|jsonparse@1.3.1", - "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6" - ] - }, - { - "ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", - "dependsOn": [ - "npm@10.8.0|yallist@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|jsonparse@1.3.1" - }, - { - "ref": "npm@10.8.0|npm-user-validate@2.0.1" - }, - { - "ref": "npm@10.8.0|aggregate-error@3.1.0", - "dependsOn": [ - "npm@10.8.0|clean-stack@2.2.0", - "npm@10.8.0|indent-string@4.0.0" - ] - }, - { - "ref": "npm@10.8.0|clean-stack@2.2.0" - }, - { - "ref": "npm@10.8.0|indent-string@4.0.0" - }, - { - "ref": "npm@10.8.0|npm-packlist@8.0.2", - "dependsOn": [ - "npm@10.8.0|ignore-walk@6.0.5" - ] - }, - { - "ref": "npm@10.8.0|ignore-walk@6.0.5", - "dependsOn": [ - "npm@10.8.0|minimatch@9.0.4" - ] - }, - { - "ref": "npm@10.8.0|just-diff-apply@5.5.0" - }, - { - "ref": "npm@10.8.0|just-diff@6.0.2" - }, - { - "ref": "npm@10.8.0|qrcode-terminal@0.12.0" - }, - { - "ref": "npm@10.8.0|mute-stream@1.0.0" - }, - { - "ref": "npm@10.8.0|spdx-expression-parse@4.0.0", - "dependsOn": [ - "npm@10.8.0|spdx-exceptions@2.5.0", - "npm@10.8.0|spdx-license-ids@3.0.17" - ] - }, - { - "ref": "npm@10.8.0|supports-color@9.4.0" - }, - { - "ref": "npm@10.8.0|chownr@2.0.0" - }, - { - "ref": "npm@10.8.0|mkdirp@1.0.4" - }, - { - "ref": "npm@10.8.0|text-table@0.2.0" - }, - { - "ref": "npm@10.8.0|tiny-relative-date@1.3.0" - }, - { - "ref": "@oclif/plugin-version@2.2.2", - "dependsOn": [ - "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", - "ansis@3.2.0" - ] - }, - { - "ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", - "dependsOn": [ - "ansi-escapes@4.3.2", - "ansis@3.2.0", - "clean-stack@3.0.1", - "cli-spinners@2.9.2", - "cosmiconfig@9.0.0", - "@oclif/plugin-version@2.2.2|debug@4.3.5", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "minimatch@9.0.4", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "supports-color@8.1.1", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, - { - "ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", - "dependsOn": [ - "@oclif/plugin-version@2.2.2|ms@2.1.2" - ] - }, - { - "ref": "@oclif/plugin-version@2.2.2|ms@2.1.2" - }, - { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4", - "dependsOn": [ - "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", - "ansis@3.2.0", - "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", - "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", - "lodash@4.17.21" - ] - }, - { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", - "dependsOn": [ - "ansi-escapes@4.3.2", - "ansis@3.2.0", - "clean-stack@3.0.1", - "cli-spinners@2.9.2", - "cosmiconfig@9.0.0", - "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "minimatch@9.0.4", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "supports-color@8.1.1", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, - { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", - "dependsOn": [ - "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" - ] - }, - { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" - }, - { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", - "dependsOn": [ - "content-type@1.0.5", - "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", - "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", - "is-stream@2.0.1", - "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", - "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0" - ] - }, - { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", - "dependsOn": [ - "error-ex@1.3.2", - "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" - ] - }, - { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0" - }, - { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" - }, - { - "ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", - "dependsOn": [ - "safe-buffer@5.2.1" - ] - }, - { - "ref": "content-type@1.0.5" - }, - { - "ref": "is-stream@2.0.1" - }, - { - "ref": "is-arrayish@0.2.1" - }, - { - "ref": "safe-buffer@5.2.1" - }, - { - "ref": "@oclif/test@3.2.15", - "dependsOn": [ - "@oclif/core@3.26.9", - "chai@4.4.1", - "fancy-test@3.0.15" - ] - }, - { - "ref": "chai@4.4.1", - "dependsOn": [ - "assertion-error@1.1.0", - "check-error@1.0.3", - "deep-eql@4.1.3", - "get-func-name@2.0.2", - "loupe@2.3.7", - "pathval@1.1.1", - "type-detect@4.0.8" - ] - }, - { - "ref": "fancy-test@3.0.15", - "dependsOn": [ - "@types/chai@4.3.14", - "@types/lodash@4.17.4", - "@types/node@20.14.1", - "@types/sinon@17.0.3", - "lodash@4.17.21", - "mock-stdin@1.0.0", - "nock@13.5.4", - "sinon@16.1.3", - "stdout-stderr@0.1.13" - ] - }, - { - "ref": "@types/chai@4.3.14" - }, - { - "ref": "@types/sinon@17.0.3", - "dependsOn": [ - "@types/sinonjs__fake-timers@8.1.5" - ] - }, - { - "ref": "@types/sinonjs__fake-timers@8.1.5" - }, - { - "ref": "mock-stdin@1.0.0" - }, - { - "ref": "nock@13.5.4", - "dependsOn": [ - "debug@4.3.4", - "json-stringify-safe@5.0.1", - "propagate@2.0.1" - ] - }, - { - "ref": "json-stringify-safe@5.0.1" - }, - { - "ref": "propagate@2.0.1" - }, - { - "ref": "sinon@16.1.3", - "dependsOn": [ - "@sinonjs/commons@3.0.1", - "@sinonjs/fake-timers@10.3.0", - "@sinonjs/samsam@8.0.0", - "sinon@16.1.3|diff@5.2.0", - "nise@5.1.9", - "sinon@16.1.3|supports-color@7.2.0" - ] - }, - { - "ref": "sinon@16.1.3|diff@5.2.0" - }, - { - "ref": "sinon@16.1.3|supports-color@7.2.0", - "dependsOn": [ - "has-flag@4.0.0" - ] - }, - { - "ref": "@sinonjs/commons@3.0.1", - "dependsOn": [ - "type-detect@4.0.8" - ] - }, - { - "ref": "@sinonjs/fake-timers@10.3.0", - "dependsOn": [ - "@sinonjs/commons@3.0.1" - ] - }, - { - "ref": "@sinonjs/samsam@8.0.0", - "dependsOn": [ - "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", - "lodash.get@4.4.2", - "type-detect@4.0.8" - ] - }, - { - "ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", - "dependsOn": [ - "type-detect@4.0.8" - ] - }, - { - "ref": "lodash.get@4.4.2" - }, - { - "ref": "nise@5.1.9", - "dependsOn": [ - "@sinonjs/commons@3.0.1", - "nise@5.1.9|@sinonjs/fake-timers@11.2.2", - "@sinonjs/text-encoding@0.7.2", - "just-extend@6.2.0", - "nise@5.1.9|path-to-regexp@6.2.2" - ] - }, - { - "ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", - "dependsOn": [ - "@sinonjs/commons@3.0.1" - ] - }, - { - "ref": "nise@5.1.9|path-to-regexp@6.2.2" - }, - { - "ref": "@sinonjs/text-encoding@0.7.2" - }, - { - "ref": "just-extend@6.2.0" - }, - { - "ref": "stdout-stderr@0.1.13", - "dependsOn": [ - "debug@4.3.4", - "strip-ansi@6.0.1" - ] - }, - { - "ref": "@smithy/abort-controller@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@types/express@4.17.21", - "dependsOn": [ - "@types/body-parser@1.19.5", - "@types/express-serve-static-core@4.19.0", - "@types/qs@6.9.15", - "@types/serve-static@1.15.7" - ] - }, - { - "ref": "@types/body-parser@1.19.5", - "dependsOn": [ - "@types/connect@3.4.38", - "@types/node@20.14.1" - ] - }, - { - "ref": "@types/connect@3.4.38", - "dependsOn": [ - "@types/node@20.14.1" - ] - }, - { - "ref": "@types/express-serve-static-core@4.19.0", - "dependsOn": [ - "@types/node@20.14.1", - "@types/qs@6.9.15", - "@types/range-parser@1.2.7", - "@types/send@0.17.4" - ] - }, - { - "ref": "@types/qs@6.9.15" - }, - { - "ref": "@types/range-parser@1.2.7" - }, - { - "ref": "@types/send@0.17.4", - "dependsOn": [ - "@types/mime@1.3.5", - "@types/node@20.14.1" - ] - }, - { - "ref": "@types/mime@1.3.5" - }, - { - "ref": "@types/serve-static@1.15.7", - "dependsOn": [ - "@types/http-errors@2.0.4", - "@types/node@20.14.1", - "@types/send@0.17.4" - ] - }, - { - "ref": "@types/http-errors@2.0.4" - }, - { - "ref": "@types/fs-extra@11.0.4", - "dependsOn": [ - "@types/jsonfile@6.1.4", - "@types/node@20.14.1" - ] - }, - { - "ref": "@types/jsonfile@6.1.4", - "dependsOn": [ - "@types/node@20.14.1" - ] - }, - { - "ref": "@types/get-installed-path@4.0.3" - }, - { - "ref": "@types/jest@29.5.12", - "dependsOn": [ - "expect@29.7.0", - "pretty-format@29.7.0" - ] - }, - { - "ref": "expect@29.7.0", - "dependsOn": [ - "@jest/expect-utils@29.7.0", - "jest-get-type@29.6.3", - "jest-matcher-utils@29.7.0", - "jest-message-util@29.7.0", - "jest-util@29.7.0" - ] - }, - { - "ref": "@jest/expect-utils@29.7.0", - "dependsOn": [ - "jest-get-type@29.6.3" - ] - }, - { - "ref": "jest-get-type@29.6.3" - }, - { - "ref": "jest-matcher-utils@29.7.0", - "dependsOn": [ - "chalk@4.1.2", - "jest-diff@29.7.0", - "jest-get-type@29.6.3", - "pretty-format@29.7.0" - ] - }, - { - "ref": "jest-diff@29.7.0", - "dependsOn": [ - "chalk@4.1.2", - "diff-sequences@29.6.3", - "jest-get-type@29.6.3", - "pretty-format@29.7.0" - ] - }, - { - "ref": "diff-sequences@29.6.3" - }, - { - "ref": "pretty-format@29.7.0", - "dependsOn": [ - "@jest/schemas@29.6.3", - "pretty-format@29.7.0|ansi-styles@5.2.0", - "react-is@18.2.0" - ] - }, - { - "ref": "pretty-format@29.7.0|ansi-styles@5.2.0" - }, - { - "ref": "jest-message-util@29.7.0", - "dependsOn": [ - "@babel/code-frame@7.24.2", - "@jest/types@29.6.3", - "@types/stack-utils@2.0.3", - "chalk@4.1.2", - "graceful-fs@4.2.11", - "micromatch@4.0.5", - "pretty-format@29.7.0", - "slash@3.0.0", - "stack-utils@2.0.6" - ] - }, - { - "ref": "@jest/types@29.6.3", - "dependsOn": [ - "@jest/schemas@29.6.3", - "@types/istanbul-lib-coverage@2.0.6", - "@types/istanbul-reports@3.0.4", - "@types/node@20.14.1", - "@types/yargs@17.0.32", - "chalk@4.1.2" - ] - }, - { - "ref": "jest-util@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "jest-util@29.7.0|ci-info@3.9.0", - "graceful-fs@4.2.11", - "picomatch@2.3.1" - ] - }, - { - "ref": "jest-util@29.7.0|ci-info@3.9.0" - }, - { - "ref": "@jest/schemas@29.6.3", - "dependsOn": [ - "@sinclair/typebox@0.27.8" - ] - }, - { - "ref": "@sinclair/typebox@0.27.8" - }, - { - "ref": "@types/js-yaml@4.0.9" - }, - { - "ref": "@types/mocha@10.0.6" - }, - { - "ref": "@types/mock-fs@4.13.4", - "dependsOn": [ - "@types/node@20.14.1" - ] - }, - { - "ref": "undici-types@5.26.5" - }, - { - "ref": "@types/objects-to-csv@1.3.3" - }, - { - "ref": "@types/prompt-sync@4.2.3" - }, - { - "ref": "@types/tmp@0.2.6" - }, - { - "ref": "@types/uuid@9.0.8" - }, - { - "ref": "@typescript-eslint/eslint-plugin@7.12.0", - "dependsOn": [ - "@eslint-community/regexpp@4.10.0", - "@typescript-eslint/parser@7.7.1", - "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", - "@typescript-eslint/type-utils@7.12.0", - "@typescript-eslint/utils@7.12.0", - "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "eslint@8.57.0", - "graphemer@1.4.0", - "ignore@5.3.1", - "natural-compare@1.4.0", - "ts-api-utils@1.3.0" - ] - }, - { - "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", - "dependsOn": [ - "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", - "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0" - ] - }, - { - "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0" - }, - { - "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "dependsOn": [ - "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", - "eslint-visitor-keys@3.4.3" - ] - }, - { - "ref": "@eslint-community/regexpp@4.10.0" - }, - { - "ref": "@typescript-eslint/parser@7.7.1", - "dependsOn": [ - "@typescript-eslint/scope-manager@7.7.1", - "@typescript-eslint/types@7.7.1", - "@typescript-eslint/typescript-estree@7.7.1", - "@typescript-eslint/visitor-keys@7.7.1", - "debug@4.3.4", - "eslint@8.57.0" - ] - }, - { - "ref": "@typescript-eslint/scope-manager@7.7.1", - "dependsOn": [ - "@typescript-eslint/types@7.7.1", - "@typescript-eslint/visitor-keys@7.7.1" - ] - }, - { - "ref": "@typescript-eslint/types@7.7.1" - }, - { - "ref": "@typescript-eslint/visitor-keys@7.7.1", - "dependsOn": [ - "@typescript-eslint/types@7.7.1", - "eslint-visitor-keys@3.4.3" - ] - }, - { - "ref": "@typescript-eslint/typescript-estree@7.7.1", - "dependsOn": [ - "@typescript-eslint/types@7.7.1", - "@typescript-eslint/visitor-keys@7.7.1", - "debug@4.3.4", - "globby@11.1.0", - "is-glob@4.0.3", - "minimatch@9.0.4", - "semver@7.6.2", - "ts-api-utils@1.3.0" - ] - }, - { - "ref": "ts-api-utils@1.3.0", - "dependsOn": [ - "typescript@5.1.6" - ] - }, - { - "ref": "eslint-visitor-keys@3.4.3" - }, - { - "ref": "eslint@8.57.0", - "dependsOn": [ - "@eslint-community/eslint-utils@4.4.0", - "@eslint-community/regexpp@4.10.0", - "@eslint/eslintrc@2.1.4", - "@eslint/js@8.57.0", - "@humanwhocodes/config-array@0.11.14", - "@humanwhocodes/module-importer@1.0.1", - "@nodelib/fs.walk@1.2.8", - "@ungap/structured-clone@1.2.0", - "eslint@8.57.0|ajv@6.12.6", - "chalk@4.1.2", - "cross-spawn@7.0.3", - "debug@4.3.4", - "doctrine@3.0.0", - "escape-string-regexp@4.0.0", - "eslint-scope@7.2.2", - "eslint-visitor-keys@3.4.3", - "espree@9.6.1", - "esquery@1.5.0", - "esutils@2.0.3", - "fast-deep-equal@3.1.3", - "file-entry-cache@6.0.1", - "find-up@5.0.0", - "glob-parent@6.0.2", - "globals@13.24.0", - "graphemer@1.4.0", - "ignore@5.3.1", - "imurmurhash@0.1.4", - "is-glob@4.0.3", - "is-path-inside@3.0.3", - "js-yaml@4.1.0", - "json-stable-stringify-without-jsonify@1.0.1", - "levn@0.4.1", - "lodash.merge@4.6.2", - "eslint@8.57.0|minimatch@3.1.2", - "natural-compare@1.4.0", - "optionator@0.9.3", - "strip-ansi@6.0.1", - "text-table@0.2.0" - ] - }, - { - "ref": "eslint@8.57.0|ajv@6.12.6", - "dependsOn": [ - "fast-deep-equal@3.1.3", - "fast-json-stable-stringify@2.1.0", - "eslint@8.57.0|json-schema-traverse@0.4.1", - "uri-js@4.4.1" - ] - }, - { - "ref": "eslint@8.57.0|json-schema-traverse@0.4.1" - }, - { - "ref": "eslint@8.57.0|minimatch@3.1.2", - "dependsOn": [ - "eslint@8.57.0|brace-expansion@1.1.11" - ] - }, - { - "ref": "eslint@8.57.0|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] - }, - { - "ref": "@typescript-eslint/type-utils@7.12.0", - "dependsOn": [ - "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", - "@typescript-eslint/utils@7.12.0", - "debug@4.3.4", - "eslint@8.57.0", - "ts-api-utils@1.3.0" - ] - }, - { - "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", - "dependsOn": [ - "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", - "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "debug@4.3.4", - "globby@11.1.0", - "is-glob@4.0.3", - "minimatch@9.0.4", - "semver@7.6.2", - "ts-api-utils@1.3.0" - ] - }, - { - "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0" - }, - { - "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "dependsOn": [ - "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", - "eslint-visitor-keys@3.4.3" - ] - }, - { - "ref": "@typescript-eslint/utils@7.12.0", - "dependsOn": [ - "@eslint-community/eslint-utils@4.4.0", - "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", - "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", - "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", - "eslint@8.57.0" - ] - }, - { - "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", - "dependsOn": [ - "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", - "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0" - ] - }, - { - "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0" - }, - { - "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "dependsOn": [ - "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", - "eslint-visitor-keys@3.4.3" - ] - }, - { - "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", - "dependsOn": [ - "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", - "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "debug@4.3.4", - "globby@11.1.0", - "is-glob@4.0.3", - "minimatch@9.0.4", - "semver@7.6.2", - "ts-api-utils@1.3.0" - ] - }, - { - "ref": "@eslint-community/eslint-utils@4.4.0", - "dependsOn": [ - "eslint-visitor-keys@3.4.3", - "eslint@8.57.0" - ] - }, - { - "ref": "graphemer@1.4.0" - }, - { - "ref": "accurate-search@1.2.15" - }, - { - "ref": "ajv@8.16.0", - "dependsOn": [ - "fast-deep-equal@3.1.3", - "json-schema-traverse@1.0.0", - "require-from-string@2.0.2", - "uri-js@4.4.1" - ] - }, - { - "ref": "fast-deep-equal@3.1.3" - }, - { - "ref": "json-schema-traverse@1.0.0" - }, - { - "ref": "require-from-string@2.0.2" - }, - { - "ref": "uri-js@4.4.1", - "dependsOn": [ - "punycode@2.3.1" - ] - }, - { - "ref": "punycode@2.3.1" - }, - { - "ref": "form-data@4.0.0", - "dependsOn": [ - "asynckit@0.4.0", - "combined-stream@1.0.8", - "mime-types@2.1.35" - ] - }, - { - "ref": "proxy-from-env@1.1.0" - }, - { - "ref": "assertion-error@1.1.0" - }, - { - "ref": "check-error@1.0.3", - "dependsOn": [ - "get-func-name@2.0.2" - ] - }, - { - "ref": "get-func-name@2.0.2" - }, - { - "ref": "deep-eql@4.1.3", - "dependsOn": [ - "type-detect@4.0.8" - ] - }, - { - "ref": "loupe@2.3.7", - "dependsOn": [ - "get-func-name@2.0.2" - ] - }, - { - "ref": "pathval@1.1.1" - }, - { - "ref": "colors@1.4.0" - }, - { - "ref": "csv-parse@4.16.3" - }, - { - "ref": "dotenv@16.4.5" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", - "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", - "eslint-plugin-mocha@9.0.0", - "eslint-plugin-node@11.1.0" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", - "dependsOn": [ - "@typescript-eslint/experimental-utils@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", - "debug@4.3.4", - "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", - "functional-red-black-tree@1.0.1", - "ignore@5.3.1", - "regexpp@3.2.0", - "semver@7.6.2", - "tsutils@3.21.0" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", - "debug@4.3.4", - "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", - "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", - "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", - "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", - "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", - "chalk@4.1.2", - "cross-spawn@7.0.3", - "debug@4.3.4", - "doctrine@3.0.0", - "enquirer@2.4.1", - "escape-string-regexp@4.0.0", - "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", - "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", - "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", - "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", - "esquery@1.5.0", - "esutils@2.0.3", - "fast-deep-equal@3.1.3", - "file-entry-cache@6.0.1", - "functional-red-black-tree@1.0.1", - "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", - "globals@13.24.0", - "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", - "import-fresh@3.3.0", - "imurmurhash@0.1.4", - "is-glob@4.0.3", - "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", - "json-stable-stringify-without-jsonify@1.0.1", - "levn@0.4.1", - "lodash.merge@4.6.2", - "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", - "natural-compare@1.4.0", - "optionator@0.9.3", - "progress@2.0.3", - "regexpp@3.2.0", - "semver@7.6.2", - "strip-ansi@6.0.1", - "strip-json-comments@3.1.1", - "table@6.8.2", - "text-table@0.2.0", - "v8-compile-cache@2.4.0" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", - "dependsOn": [ - "@babel/highlight@7.24.2" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", - "debug@4.3.4", - "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", - "globals@13.24.0", - "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", - "import-fresh@3.3.0", - "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", - "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", - "strip-json-comments@3.1.1" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", - "dependsOn": [ - "fast-deep-equal@3.1.3", - "fast-json-stable-stringify@2.1.0", - "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", - "uri-js@4.4.1" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", - "dependsOn": [ - "acorn-jsx@5.3.2", - "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", - "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", - "esprima@4.0.1" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", - "debug@4.3.4", - "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", - "dependsOn": [ - "esrecurse@4.3.0", - "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", - "dependsOn": [ - "is-glob@4.0.3" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", - "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", - "debug@4.3.4", - "globby@11.1.0", - "is-glob@4.0.3", - "semver@7.6.2", - "tsutils@3.21.0" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", - "dependsOn": [ - "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", - "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" - ] - }, - { - "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", - "dependsOn": [ - "confusing-browser-globals@1.0.10", - "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" - ] - }, - { - "ref": "@typescript-eslint/experimental-utils@4.33.0", - "dependsOn": [ - "@types/json-schema@7.0.15", - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", - "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", - "eslint-utils@3.0.0", - "eslint@8.57.0" - ] - }, - { - "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", - "dependsOn": [ - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0" - ] - }, - { - "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0" - }, - { - "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", - "dependsOn": [ - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", - "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" - ] - }, - { - "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" - }, - { - "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", - "dependsOn": [ - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", - "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", - "debug@4.3.4", - "globby@11.1.0", - "is-glob@4.0.3", - "semver@7.6.2", - "tsutils@3.21.0" - ] - }, - { - "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", - "dependsOn": [ - "esrecurse@4.3.0", - "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" - ] - }, - { - "ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" - }, - { - "ref": "@types/json-schema@7.0.15" - }, - { - "ref": "tsutils@3.21.0", - "dependsOn": [ - "tsutils@3.21.0|tslib@1.14.1", - "typescript@5.1.6" - ] - }, - { - "ref": "tsutils@3.21.0|tslib@1.14.1" - }, - { - "ref": "esrecurse@4.3.0", - "dependsOn": [ - "estraverse@5.3.0" - ] - }, - { - "ref": "eslint-utils@3.0.0", - "dependsOn": [ - "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", - "eslint@8.57.0" - ] - }, - { - "ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0" - }, - { - "ref": "@babel/highlight@7.24.2", - "dependsOn": [ - "@babel/helper-validator-identifier@7.22.20", - "@babel/highlight@7.24.2|chalk@2.4.2", - "js-tokens@4.0.0", - "picocolors@1.0.0" - ] - }, - { - "ref": "@babel/highlight@7.24.2|chalk@2.4.2", - "dependsOn": [ - "@babel/highlight@7.24.2|ansi-styles@3.2.1", - "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", - "@babel/highlight@7.24.2|supports-color@5.5.0" - ] - }, - { - "ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", - "dependsOn": [ - "@babel/highlight@7.24.2|color-convert@1.9.3" - ] - }, - { - "ref": "@babel/highlight@7.24.2|color-convert@1.9.3", - "dependsOn": [ - "@babel/highlight@7.24.2|color-name@1.1.3" - ] - }, - { - "ref": "@babel/highlight@7.24.2|color-name@1.1.3" - }, - { - "ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5" - }, - { - "ref": "@babel/highlight@7.24.2|supports-color@5.5.0", - "dependsOn": [ - "@babel/highlight@7.24.2|has-flag@3.0.0" - ] - }, - { - "ref": "@babel/highlight@7.24.2|has-flag@3.0.0" - }, - { - "ref": "globals@13.24.0", - "dependsOn": [ - "globals@13.24.0|type-fest@0.20.2" - ] - }, - { - "ref": "globals@13.24.0|type-fest@0.20.2" - }, - { - "ref": "doctrine@3.0.0", - "dependsOn": [ - "esutils@2.0.3" - ] - }, - { - "ref": "enquirer@2.4.1", - "dependsOn": [ - "ansi-colors@4.1.1", - "strip-ansi@6.0.1" - ] - }, - { - "ref": "ansi-colors@4.1.1" - }, - { - "ref": "acorn-jsx@5.3.2", - "dependsOn": [ - "acorn@8.11.3" - ] - }, - { - "ref": "esquery@1.5.0", - "dependsOn": [ - "estraverse@5.3.0" - ] - }, - { - "ref": "esutils@2.0.3" - }, - { - "ref": "file-entry-cache@6.0.1", - "dependsOn": [ - "flat-cache@3.2.0" - ] - }, - { - "ref": "functional-red-black-tree@1.0.1" - }, - { - "ref": "imurmurhash@0.1.4" - }, - { - "ref": "json-stable-stringify-without-jsonify@1.0.1" - }, - { - "ref": "levn@0.4.1", - "dependsOn": [ - "prelude-ls@1.2.1", - "type-check@0.4.0" - ] - }, - { - "ref": "lodash.merge@4.6.2" - }, - { - "ref": "optionator@0.9.3", - "dependsOn": [ - "@aashutoshrathi/word-wrap@1.2.6", - "deep-is@0.1.4", - "optionator@0.9.3|fast-levenshtein@2.0.6", - "levn@0.4.1", - "prelude-ls@1.2.1", - "type-check@0.4.0" - ] - }, - { - "ref": "optionator@0.9.3|fast-levenshtein@2.0.6" - }, - { - "ref": "progress@2.0.3" - }, - { - "ref": "regexpp@3.2.0" - }, - { - "ref": "table@6.8.2", - "dependsOn": [ - "ajv@8.16.0", - "lodash.truncate@4.4.2", - "slice-ansi@4.0.0", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1" - ] - }, - { - "ref": "text-table@0.2.0" - }, - { - "ref": "v8-compile-cache@2.4.0" - }, - { - "ref": "confusing-browser-globals@1.0.10" - }, - { - "ref": "eslint-plugin-mocha@9.0.0", - "dependsOn": [ - "eslint-utils@3.0.0", - "eslint@8.57.0", - "ramda@0.27.2" - ] - }, - { - "ref": "ramda@0.27.2" - }, - { - "ref": "eslint-plugin-node@11.1.0", - "dependsOn": [ - "eslint-plugin-es@3.0.1", - "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", - "eslint@8.57.0", - "ignore@5.3.1", - "eslint-plugin-node@11.1.0|minimatch@3.1.2", - "resolve@1.22.8", - "eslint-plugin-node@11.1.0|semver@6.3.1" - ] - }, - { - "ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", - "dependsOn": [ - "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" - ] - }, - { - "ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" - }, - { - "ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", - "dependsOn": [ - "eslint-plugin-node@11.1.0|brace-expansion@1.1.11" - ] - }, - { - "ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] - }, - { - "ref": "eslint-plugin-node@11.1.0|semver@6.3.1" - }, - { - "ref": "eslint-plugin-es@3.0.1", - "dependsOn": [ - "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", - "eslint@8.57.0", - "regexpp@3.2.0" - ] - }, - { - "ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", - "dependsOn": [ - "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" - ] - }, - { - "ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" - }, - { - "ref": "eslint-config-oclif@4.0.0", - "dependsOn": [ - "eslint-config-xo-space@0.27.0", - "eslint-plugin-mocha@9.0.0", - "eslint-plugin-node@11.1.0", - "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0" - ] - }, - { - "ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", - "dependsOn": [ - "@babel/helper-validator-identifier@7.22.20", - "eslint-config-oclif@4.0.0|ci-info@3.9.0", - "clean-regexp@1.0.0", - "eslint-template-visitor@2.3.2", - "eslint-utils@3.0.0", - "eslint@8.57.0", - "is-builtin-module@3.2.1", - "lodash@4.17.21", - "pluralize@8.0.0", - "read-pkg-up@7.0.1", - "regexp-tree@0.1.27", - "safe-regex@2.1.1", - "semver@7.6.2" - ] - }, - { - "ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0" - }, - { - "ref": "eslint-config-xo-space@0.27.0", - "dependsOn": [ - "eslint-config-xo@0.35.0", - "eslint@8.57.0" - ] - }, - { - "ref": "eslint-config-xo@0.35.0", - "dependsOn": [ - "confusing-browser-globals@1.0.10", - "eslint@8.57.0" - ] - }, - { - "ref": "@babel/helper-validator-identifier@7.22.20" - }, - { - "ref": "clean-regexp@1.0.0", - "dependsOn": [ - "clean-regexp@1.0.0|escape-string-regexp@1.0.5" - ] - }, - { - "ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5" - }, - { - "ref": "eslint-template-visitor@2.3.2", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/eslint-parser@7.24.1", - "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", - "eslint@8.57.0", - "esquery@1.5.0", - "multimap@1.1.0" - ] - }, - { - "ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0" - }, - { - "ref": "@babel/eslint-parser@7.24.1", - "dependsOn": [ - "@babel/core@7.24.4", - "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", - "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", - "eslint@8.57.0", - "@babel/eslint-parser@7.24.1|semver@6.3.1" - ] - }, - { - "ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0" - }, - { - "ref": "@babel/eslint-parser@7.24.1|semver@6.3.1" - }, - { - "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", - "dependsOn": [ - "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1" - ] - }, - { - "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", - "dependsOn": [ - "esrecurse@4.3.0", - "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" - ] - }, - { - "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" - }, - { - "ref": "multimap@1.1.0" - }, - { - "ref": "is-builtin-module@3.2.1", - "dependsOn": [ - "builtin-modules@3.3.0" - ] - }, - { - "ref": "pluralize@8.0.0" - }, - { - "ref": "read-pkg-up@7.0.1", - "dependsOn": [ - "read-pkg-up@7.0.1|find-up@4.1.0", - "read-pkg@5.2.0", - "read-pkg-up@7.0.1|type-fest@0.8.1" - ] - }, - { - "ref": "read-pkg-up@7.0.1|find-up@4.1.0", - "dependsOn": [ - "read-pkg-up@7.0.1|locate-path@5.0.0", - "path-exists@4.0.0" - ] - }, - { - "ref": "read-pkg-up@7.0.1|locate-path@5.0.0", - "dependsOn": [ - "read-pkg-up@7.0.1|p-locate@4.1.0" - ] - }, - { - "ref": "read-pkg-up@7.0.1|p-locate@4.1.0", - "dependsOn": [ - "read-pkg-up@7.0.1|p-limit@2.3.0" - ] - }, - { - "ref": "read-pkg-up@7.0.1|p-limit@2.3.0", - "dependsOn": [ - "p-try@2.2.0" - ] - }, - { - "ref": "read-pkg-up@7.0.1|type-fest@0.8.1" - }, - { - "ref": "regexp-tree@0.1.27" - }, - { - "ref": "safe-regex@2.1.1", - "dependsOn": [ - "regexp-tree@0.1.27" - ] - }, - { - "ref": "eslint-plugin-unicorn@52.0.0", - "dependsOn": [ - "@babel/helper-validator-identifier@7.22.20", - "@eslint-community/eslint-utils@4.4.0", - "@eslint/eslintrc@2.1.4", - "ci-info@4.0.0", - "clean-regexp@1.0.0", - "core-js-compat@3.37.0", - "eslint@8.57.0", - "esquery@1.5.0", - "indent-string@4.0.0", - "is-builtin-module@3.2.1", - "jsesc@3.0.2", - "pluralize@8.0.0", - "read-pkg-up@7.0.1", - "regexp-tree@0.1.27", - "regjsparser@0.10.0", - "semver@7.6.2", - "strip-indent@3.0.0" - ] - }, - { - "ref": "@eslint/eslintrc@2.1.4", - "dependsOn": [ - "@eslint/eslintrc@2.1.4|ajv@6.12.6", - "debug@4.3.4", - "espree@9.6.1", - "globals@13.24.0", - "ignore@5.3.1", - "import-fresh@3.3.0", - "js-yaml@4.1.0", - "@eslint/eslintrc@2.1.4|minimatch@3.1.2", - "strip-json-comments@3.1.1" - ] - }, - { - "ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", - "dependsOn": [ - "fast-deep-equal@3.1.3", - "fast-json-stable-stringify@2.1.0", - "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", - "uri-js@4.4.1" - ] - }, - { - "ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1" - }, - { - "ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", - "dependsOn": [ - "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11" - ] - }, - { - "ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] - }, - { - "ref": "espree@9.6.1", - "dependsOn": [ - "acorn-jsx@5.3.2", - "acorn@8.11.3", - "eslint-visitor-keys@3.4.3" - ] - }, - { - "ref": "parent-module@1.0.1", - "dependsOn": [ - "callsites@3.1.0" - ] - }, - { - "ref": "resolve-from@4.0.0" - }, - { - "ref": "ci-info@4.0.0" - }, - { - "ref": "core-js-compat@3.37.0", - "dependsOn": [ - "browserslist@4.23.0" - ] - }, - { - "ref": "browserslist@4.23.0", - "dependsOn": [ - "caniuse-lite@1.0.30001612", - "electron-to-chromium@1.4.747", - "node-releases@2.0.14", - "update-browserslist-db@1.0.13" - ] - }, - { - "ref": "caniuse-lite@1.0.30001612" - }, - { - "ref": "electron-to-chromium@1.4.747" - }, - { - "ref": "node-releases@2.0.14" - }, - { - "ref": "update-browserslist-db@1.0.13", - "dependsOn": [ - "browserslist@4.23.0", - "escalade@3.1.2", - "picocolors@1.0.0" - ] - }, - { - "ref": "escalade@3.1.2" - }, - { - "ref": "estraverse@5.3.0" - }, - { - "ref": "builtin-modules@3.3.0" - }, - { - "ref": "jsesc@3.0.2" - }, - { - "ref": "p-try@2.2.0" - }, - { - "ref": "path-exists@4.0.0" - }, - { - "ref": "read-pkg@5.2.0", - "dependsOn": [ - "@types/normalize-package-data@2.4.4", - "read-pkg@5.2.0|normalize-package-data@2.5.0", - "parse-json@5.2.0", - "read-pkg@5.2.0|type-fest@0.6.0" - ] - }, - { - "ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", - "dependsOn": [ - "read-pkg@5.2.0|hosted-git-info@2.8.9", - "resolve@1.22.8", - "read-pkg@5.2.0|semver@5.7.2", - "validate-npm-package-license@3.0.4" - ] - }, - { - "ref": "read-pkg@5.2.0|hosted-git-info@2.8.9" - }, - { - "ref": "read-pkg@5.2.0|semver@5.7.2" - }, - { - "ref": "read-pkg@5.2.0|type-fest@0.6.0" - }, - { - "ref": "@types/normalize-package-data@2.4.4" - }, - { - "ref": "validate-npm-package-license@3.0.4", - "dependsOn": [ - "spdx-correct@3.2.0", - "spdx-expression-parse@3.0.1" - ] - }, - { - "ref": "regjsparser@0.10.0", - "dependsOn": [ - "regjsparser@0.10.0|jsesc@0.5.0" - ] - }, - { - "ref": "regjsparser@0.10.0|jsesc@0.5.0" - }, - { - "ref": "strip-indent@3.0.0", - "dependsOn": [ - "min-indent@1.0.1" - ] - }, - { - "ref": "min-indent@1.0.1" - }, - { - "ref": "@eslint/js@8.57.0" - }, - { - "ref": "@humanwhocodes/config-array@0.11.14", - "dependsOn": [ - "@humanwhocodes/object-schema@2.0.3", - "debug@4.3.4", - "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2" - ] - }, - { - "ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", - "dependsOn": [ - "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11" - ] - }, - { - "ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] - }, - { - "ref": "@humanwhocodes/object-schema@2.0.3" - }, - { - "ref": "@humanwhocodes/module-importer@1.0.1" - }, - { - "ref": "@nodelib/fs.scandir@2.1.5", - "dependsOn": [ - "@nodelib/fs.stat@2.0.5", - "run-parallel@1.2.0" - ] - }, - { - "ref": "run-parallel@1.2.0", - "dependsOn": [ - "queue-microtask@1.2.3" - ] - }, - { - "ref": "queue-microtask@1.2.3" - }, - { - "ref": "fastq@1.17.1", - "dependsOn": [ - "reusify@1.0.4" - ] - }, - { - "ref": "reusify@1.0.4" - }, - { - "ref": "@ungap/structured-clone@1.2.0" - }, - { - "ref": "path-key@3.1.1" - }, - { - "ref": "shebang-command@2.0.0", - "dependsOn": [ - "shebang-regex@3.0.0" - ] - }, - { - "ref": "shebang-regex@3.0.0" - }, - { - "ref": "which@2.0.2", - "dependsOn": [ - "isexe@2.0.0" - ] - }, - { - "ref": "isexe@2.0.0" - }, - { - "ref": "eslint-scope@7.2.2", - "dependsOn": [ - "esrecurse@4.3.0", - "estraverse@5.3.0" - ] - }, - { - "ref": "acorn@8.11.3" - }, - { - "ref": "flat-cache@3.2.0", - "dependsOn": [ - "flatted@3.3.1", - "keyv@4.5.4", - "rimraf@3.0.2" - ] - }, - { - "ref": "flatted@3.3.1" - }, - { - "ref": "keyv@4.5.4", - "dependsOn": [ - "json-buffer@3.0.1" - ] - }, - { - "ref": "json-buffer@3.0.1" - }, - { - "ref": "find-up@5.0.0", - "dependsOn": [ - "locate-path@6.0.0", - "path-exists@4.0.0" - ] - }, - { - "ref": "locate-path@6.0.0", - "dependsOn": [ - "p-locate@5.0.0" - ] - }, - { - "ref": "p-locate@5.0.0", - "dependsOn": [ - "p-limit@3.1.0" - ] - }, - { - "ref": "is-extglob@2.1.1" - }, - { - "ref": "is-path-inside@3.0.3" - }, - { - "ref": "prelude-ls@1.2.1" - }, - { - "ref": "type-check@0.4.0", - "dependsOn": [ - "prelude-ls@1.2.1" - ] - }, - { - "ref": "@aashutoshrathi/word-wrap@1.2.6" - }, - { - "ref": "deep-is@0.1.4" - }, - { - "ref": "accepts@1.3.8", - "dependsOn": [ - "mime-types@2.1.35", - "negotiator@0.6.3" - ] - }, - { - "ref": "mime-types@2.1.35", - "dependsOn": [ - "mime-db@1.52.0" - ] - }, - { - "ref": "negotiator@0.6.3" - }, - { - "ref": "array-flatten@1.1.1" - }, - { - "ref": "body-parser@1.20.2", - "dependsOn": [ - "bytes@3.1.2", - "content-type@1.0.5", - "body-parser@1.20.2|debug@2.6.9", - "depd@2.0.0", - "destroy@1.2.0", - "http-errors@2.0.0", - "iconv-lite@0.4.24", - "on-finished@2.4.1", - "qs@6.11.0", - "raw-body@2.5.2", - "type-is@1.6.18", - "unpipe@1.0.0" - ] - }, - { - "ref": "body-parser@1.20.2|debug@2.6.9", - "dependsOn": [ - "body-parser@1.20.2|ms@2.0.0" - ] - }, - { - "ref": "body-parser@1.20.2|ms@2.0.0" - }, - { - "ref": "bytes@3.1.2" - }, - { - "ref": "depd@2.0.0" - }, - { - "ref": "destroy@1.2.0" - }, - { - "ref": "http-errors@2.0.0", - "dependsOn": [ - "depd@2.0.0", - "inherits@2.0.4", - "setprototypeof@1.2.0", - "statuses@2.0.1", - "toidentifier@1.0.1" - ] - }, - { - "ref": "iconv-lite@0.4.24", - "dependsOn": [ - "safer-buffer@2.1.2" - ] - }, - { - "ref": "safer-buffer@2.1.2" - }, - { - "ref": "on-finished@2.4.1", - "dependsOn": [ - "ee-first@1.1.1" - ] - }, - { - "ref": "qs@6.11.0", - "dependsOn": [ - "side-channel@1.0.6" - ] - }, - { - "ref": "raw-body@2.5.2", - "dependsOn": [ - "bytes@3.1.2", - "http-errors@2.0.0", - "iconv-lite@0.4.24", - "unpipe@1.0.0" - ] - }, - { - "ref": "unpipe@1.0.0" - }, - { - "ref": "type-is@1.6.18", - "dependsOn": [ - "media-typer@0.3.0", - "mime-types@2.1.35" - ] - }, - { - "ref": "content-disposition@0.5.4", - "dependsOn": [ - "safe-buffer@5.2.1" - ] - }, - { - "ref": "cookie-signature@1.0.6" - }, - { - "ref": "cookie@0.6.0" - }, - { - "ref": "encodeurl@1.0.2" - }, - { - "ref": "escape-html@1.0.3" - }, - { - "ref": "etag@1.8.1" - }, - { - "ref": "finalhandler@1.2.0", - "dependsOn": [ - "finalhandler@1.2.0|debug@2.6.9", - "encodeurl@1.0.2", - "escape-html@1.0.3", - "on-finished@2.4.1", - "parseurl@1.3.3", - "statuses@2.0.1", - "unpipe@1.0.0" - ] - }, - { - "ref": "finalhandler@1.2.0|debug@2.6.9", - "dependsOn": [ - "finalhandler@1.2.0|ms@2.0.0" - ] - }, - { - "ref": "finalhandler@1.2.0|ms@2.0.0" - }, - { - "ref": "parseurl@1.3.3" - }, - { - "ref": "statuses@2.0.1" - }, - { - "ref": "fresh@0.5.2" - }, - { - "ref": "setprototypeof@1.2.0" - }, - { - "ref": "toidentifier@1.0.1" - }, - { - "ref": "merge-descriptors@1.0.1" - }, - { - "ref": "methods@1.1.2" - }, - { - "ref": "ee-first@1.1.1" - }, - { - "ref": "path-to-regexp@0.1.7" - }, - { - "ref": "proxy-addr@2.0.7", - "dependsOn": [ - "forwarded@0.2.0", - "ipaddr.js@1.9.1" - ] - }, - { - "ref": "forwarded@0.2.0" - }, - { - "ref": "ipaddr.js@1.9.1" - }, - { - "ref": "side-channel@1.0.6", - "dependsOn": [ - "call-bind@1.0.7", - "es-errors@1.3.0", - "get-intrinsic@1.2.4", - "object-inspect@1.13.1" - ] - }, - { - "ref": "call-bind@1.0.7", - "dependsOn": [ - "es-define-property@1.0.0", - "es-errors@1.3.0", - "function-bind@1.1.2", - "get-intrinsic@1.2.4", - "set-function-length@1.2.2" - ] - }, - { - "ref": "es-define-property@1.0.0", - "dependsOn": [ - "get-intrinsic@1.2.4" - ] - }, - { - "ref": "get-intrinsic@1.2.4", - "dependsOn": [ - "es-errors@1.3.0", - "function-bind@1.1.2", - "has-proto@1.0.3", - "has-symbols@1.0.3", - "hasown@2.0.2" - ] - }, - { - "ref": "es-errors@1.3.0" - }, - { - "ref": "function-bind@1.1.2" - }, - { - "ref": "set-function-length@1.2.2", - "dependsOn": [ - "define-data-property@1.1.4", - "es-errors@1.3.0", - "function-bind@1.1.2", - "get-intrinsic@1.2.4", - "gopd@1.0.1", - "has-property-descriptors@1.0.2" - ] - }, - { - "ref": "define-data-property@1.1.4", - "dependsOn": [ - "es-define-property@1.0.0", - "es-errors@1.3.0", - "gopd@1.0.1" - ] - }, - { - "ref": "gopd@1.0.1", - "dependsOn": [ - "get-intrinsic@1.2.4" - ] - }, - { - "ref": "has-property-descriptors@1.0.2", - "dependsOn": [ - "es-define-property@1.0.0" - ] - }, - { - "ref": "has-proto@1.0.3" - }, - { - "ref": "has-symbols@1.0.3" - }, - { - "ref": "hasown@2.0.2", - "dependsOn": [ - "function-bind@1.1.2" - ] - }, - { - "ref": "object-inspect@1.13.1" - }, - { - "ref": "range-parser@1.2.1" - }, - { - "ref": "send@0.18.0", - "dependsOn": [ - "send@0.18.0|debug@2.6.9", - "depd@2.0.0", - "destroy@1.2.0", - "encodeurl@1.0.2", - "escape-html@1.0.3", - "etag@1.8.1", - "fresh@0.5.2", - "http-errors@2.0.0", - "mime@1.6.0", - "ms@2.1.3", - "on-finished@2.4.1", - "range-parser@1.2.1", - "statuses@2.0.1" - ] - }, - { - "ref": "send@0.18.0|debug@2.6.9", - "dependsOn": [ - "send@0.18.0|debug@2.6.9|ms@2.0.0" - ] - }, - { - "ref": "send@0.18.0|debug@2.6.9|ms@2.0.0" - }, - { - "ref": "mime@1.6.0" - }, - { - "ref": "serve-static@1.15.0", - "dependsOn": [ - "encodeurl@1.0.2", - "escape-html@1.0.3", - "parseurl@1.3.3", - "send@0.18.0" - ] - }, - { - "ref": "media-typer@0.3.0" - }, - { - "ref": "utils-merge@1.0.1" - }, - { - "ref": "vary@1.1.2" - }, - { - "ref": "asynckit@0.4.0" - }, - { - "ref": "combined-stream@1.0.8", - "dependsOn": [ - "delayed-stream@1.0.0" - ] - }, - { - "ref": "delayed-stream@1.0.0" - }, - { - "ref": "mime-db@1.52.0" - }, - { - "ref": "fs-extra@11.2.0", - "dependsOn": [ - "graceful-fs@4.2.11", - "jsonfile@6.1.0", - "universalify@2.0.1" - ] - }, - { - "ref": "jsonfile@6.1.0", - "dependsOn": [ - "graceful-fs@4.2.11", - "universalify@2.0.1" - ] - }, - { - "ref": "universalify@2.0.1" - }, - { - "ref": "get-installed-path@4.0.8", - "dependsOn": [ - "global-modules@1.0.0" - ] - }, - { - "ref": "global-modules@1.0.0", - "dependsOn": [ - "global-prefix@1.0.2", - "is-windows@1.0.2", - "resolve-dir@1.0.1" - ] - }, - { - "ref": "global-prefix@1.0.2", - "dependsOn": [ - "expand-tilde@2.0.2", - "homedir-polyfill@1.0.3", - "ini@1.3.8", - "is-windows@1.0.2", - "global-prefix@1.0.2|which@1.3.1" - ] - }, - { - "ref": "global-prefix@1.0.2|which@1.3.1", - "dependsOn": [ - "isexe@2.0.0" - ] - }, - { - "ref": "expand-tilde@2.0.2", - "dependsOn": [ - "homedir-polyfill@1.0.3" - ] - }, - { - "ref": "homedir-polyfill@1.0.3", - "dependsOn": [ - "parse-passwd@1.0.0" - ] - }, - { - "ref": "parse-passwd@1.0.0" - }, - { - "ref": "is-windows@1.0.2" - }, - { - "ref": "resolve-dir@1.0.1", - "dependsOn": [ - "expand-tilde@2.0.2", - "global-modules@1.0.0" - ] - }, - { - "ref": "domhandler@5.0.3", - "dependsOn": [ - "domelementtype@2.3.0" - ] - }, - { - "ref": "domutils@3.1.0", - "dependsOn": [ - "dom-serializer@2.0.0", - "domelementtype@2.3.0", - "domhandler@5.0.3" - ] - }, - { - "ref": "dom-serializer@2.0.0", - "dependsOn": [ - "domelementtype@2.3.0", - "domhandler@5.0.3", - "entities@4.5.0" - ] - }, - { - "ref": "entities@4.5.0" - }, - { - "ref": "https@1.0.0" - }, - { - "ref": "inquirer-file-tree-selection-prompt@2.0.2", - "dependsOn": [ - "chalk@4.1.2", - "cli-cursor@3.1.0", - "figures@3.2.0", - "lodash@4.17.21", - "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1" - ] - }, - { - "ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "cli-cursor@3.1.0", - "dependsOn": [ - "restore-cursor@3.1.0" - ] - }, - { - "ref": "restore-cursor@3.1.0", - "dependsOn": [ - "onetime@5.1.2", - "signal-exit@3.0.7" - ] - }, - { - "ref": "onetime@5.1.2", - "dependsOn": [ - "mimic-fn@2.1.0" - ] - }, - { - "ref": "mimic-fn@2.1.0" - }, - { - "ref": "signal-exit@3.0.7" - }, - { - "ref": "figures@3.2.0", - "dependsOn": [ - "figures@3.2.0|escape-string-regexp@1.0.5" - ] - }, - { - "ref": "figures@3.2.0|escape-string-regexp@1.0.5" - }, - { - "ref": "inquirer@8.0.0", - "dependsOn": [ - "ansi-escapes@4.3.2", - "chalk@4.1.2", - "cli-cursor@3.1.0", - "cli-width@3.0.0", - "external-editor@3.1.0", - "figures@3.2.0", - "lodash@4.17.21", - "mute-stream@0.0.8", - "run-async@2.4.1", - "rxjs@6.6.7", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1", - "through@2.3.8" - ] - }, - { - "ref": "cli-width@3.0.0" - }, - { - "ref": "external-editor@3.1.0", - "dependsOn": [ - "chardet@0.7.0", - "iconv-lite@0.4.24", - "external-editor@3.1.0|tmp@0.0.33" - ] - }, - { - "ref": "external-editor@3.1.0|tmp@0.0.33", - "dependsOn": [ - "os-tmpdir@1.0.2" - ] - }, - { - "ref": "chardet@0.7.0" - }, - { - "ref": "os-tmpdir@1.0.2" - }, - { - "ref": "mute-stream@0.0.8" - }, - { - "ref": "run-async@2.4.1" - }, - { - "ref": "rxjs@6.6.7", - "dependsOn": [ - "rxjs@6.6.7|tslib@1.14.1" - ] - }, - { - "ref": "rxjs@6.6.7|tslib@1.14.1" - }, - { - "ref": "through@2.3.8" - }, - { - "ref": "jest-mock@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "@types/node@20.14.1", - "jest-util@29.7.0" - ] - }, - { - "ref": "@types/istanbul-lib-report@3.0.3", - "dependsOn": [ - "@types/istanbul-lib-coverage@2.0.6" - ] - }, - { - "ref": "@types/yargs-parser@21.0.3" - }, - { - "ref": "jest@29.7.0", - "dependsOn": [ - "@jest/core@29.7.0", - "@jest/types@29.6.3", - "import-local@3.1.0", - "jest-cli@29.7.0" - ] - }, - { - "ref": "@jest/core@29.7.0", - "dependsOn": [ - "@jest/console@29.7.0", - "@jest/reporters@29.7.0", - "@jest/test-result@29.7.0", - "@jest/transform@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "ansi-escapes@4.3.2", - "chalk@4.1.2", - "@jest/core@29.7.0|ci-info@3.9.0", - "exit@0.1.2", - "graceful-fs@4.2.11", - "jest-changed-files@29.7.0", - "jest-config@29.7.0", - "jest-haste-map@29.7.0", - "jest-message-util@29.7.0", - "jest-regex-util@29.6.3", - "jest-resolve-dependencies@29.7.0", - "jest-resolve@29.7.0", - "jest-runner@29.7.0", - "jest-runtime@29.7.0", - "jest-snapshot@29.7.0", - "jest-util@29.7.0", - "jest-validate@29.7.0", - "jest-watcher@29.7.0", - "micromatch@4.0.5", - "pretty-format@29.7.0", - "slash@3.0.0", - "strip-ansi@6.0.1" - ] - }, - { - "ref": "@jest/core@29.7.0|ci-info@3.9.0" - }, - { - "ref": "@jest/console@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "jest-message-util@29.7.0", - "jest-util@29.7.0", - "slash@3.0.0" - ] - }, - { - "ref": "@jest/reporters@29.7.0", - "dependsOn": [ - "@bcoe/v8-coverage@0.2.3", - "@jest/console@29.7.0", - "@jest/test-result@29.7.0", - "@jest/transform@29.7.0", - "@jest/types@29.6.3", - "@jridgewell/trace-mapping@0.3.25", - "@types/node@20.14.1", - "chalk@4.1.2", - "collect-v8-coverage@1.0.2", - "exit@0.1.2", - "glob@7.2.3", - "graceful-fs@4.2.11", - "istanbul-lib-coverage@3.2.2", - "istanbul-lib-instrument@6.0.2", - "istanbul-lib-report@3.0.1", - "istanbul-lib-source-maps@4.0.1", - "istanbul-reports@3.1.7", - "jest-message-util@29.7.0", - "jest-util@29.7.0", - "jest-worker@29.7.0", - "slash@3.0.0", - "string-length@4.0.2", - "strip-ansi@6.0.1", - "v8-to-istanbul@9.2.0" - ] - }, - { - "ref": "@jest/test-result@29.7.0", - "dependsOn": [ - "@jest/console@29.7.0", - "@jest/types@29.6.3", - "@types/istanbul-lib-coverage@2.0.6", - "collect-v8-coverage@1.0.2" - ] - }, - { - "ref": "@jest/transform@29.7.0", - "dependsOn": [ - "@babel/core@7.24.4", - "@jest/types@29.6.3", - "@jridgewell/trace-mapping@0.3.25", - "babel-plugin-istanbul@6.1.1", - "chalk@4.1.2", - "convert-source-map@2.0.0", - "fast-json-stable-stringify@2.1.0", - "graceful-fs@4.2.11", - "jest-haste-map@29.7.0", - "jest-regex-util@29.6.3", - "jest-util@29.7.0", - "micromatch@4.0.5", - "pirates@4.0.6", - "slash@3.0.0", - "write-file-atomic@4.0.2" - ] - }, - { - "ref": "fs.realpath@1.0.0" - }, - { - "ref": "inflight@1.0.6", - "dependsOn": [ - "once@1.4.0", - "wrappy@1.0.2" - ] - }, - { - "ref": "path-is-absolute@1.0.1" - }, - { - "ref": "istanbul-lib-instrument@6.0.2", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/parser@7.24.4", - "@istanbuljs/schema@0.1.3", - "istanbul-lib-coverage@3.2.2", - "semver@7.6.2" - ] - }, - { - "ref": "make-dir@4.0.0", - "dependsOn": [ - "semver@7.6.2" - ] - }, - { - "ref": "source-map@0.6.1" - }, - { - "ref": "html-escaper@2.0.2" - }, - { - "ref": "jest-worker@29.7.0", - "dependsOn": [ - "@types/node@20.14.1", - "jest-util@29.7.0", - "merge-stream@2.0.0", - "supports-color@8.1.1" - ] - }, - { - "ref": "char-regex@1.0.2" - }, - { - "ref": "convert-source-map@2.0.0" - }, - { - "ref": "jest-changed-files@29.7.0", - "dependsOn": [ - "execa@5.1.1", - "jest-util@29.7.0", - "p-limit@3.1.0" - ] - }, - { - "ref": "get-stream@6.0.1" - }, - { - "ref": "human-signals@2.1.0" - }, - { - "ref": "npm-run-path@4.0.1", - "dependsOn": [ - "path-key@3.1.1" - ] - }, - { - "ref": "strip-final-newline@2.0.0" - }, - { - "ref": "yocto-queue@0.1.0" - }, - { - "ref": "jest-config@29.7.0", - "dependsOn": [ - "@babel/core@7.24.4", - "@jest/test-sequencer@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "babel-jest@29.7.0", - "chalk@4.1.2", - "jest-config@29.7.0|ci-info@3.9.0", - "deepmerge@4.3.1", - "glob@7.2.3", - "graceful-fs@4.2.11", - "jest-circus@29.7.0", - "jest-environment-node@29.7.0", - "jest-get-type@29.6.3", - "jest-regex-util@29.6.3", - "jest-resolve@29.7.0", - "jest-runner@29.7.0", - "jest-util@29.7.0", - "jest-validate@29.7.0", - "micromatch@4.0.5", - "parse-json@5.2.0", - "pretty-format@29.7.0", - "slash@3.0.0", - "strip-json-comments@3.1.1", - "ts-node@10.9.2" - ] - }, - { - "ref": "jest-config@29.7.0|ci-info@3.9.0" - }, - { - "ref": "@jest/test-sequencer@29.7.0", - "dependsOn": [ - "@jest/test-result@29.7.0", - "graceful-fs@4.2.11", - "jest-haste-map@29.7.0", - "slash@3.0.0" - ] - }, - { - "ref": "jest-haste-map@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "@types/graceful-fs@4.1.9", - "@types/node@20.14.1", - "anymatch@3.1.3", - "fb-watchman@2.0.2", - "fsevents@2.3.3", - "graceful-fs@4.2.11", - "jest-regex-util@29.6.3", - "jest-util@29.7.0", - "jest-worker@29.7.0", - "micromatch@4.0.5", - "walker@1.0.8" - ] - }, - { - "ref": "babel-jest@29.7.0", - "dependsOn": [ - "@babel/core@7.24.4", - "@jest/transform@29.7.0", - "@types/babel__core@7.20.5", - "babel-plugin-istanbul@6.1.1", - "babel-preset-jest@29.6.3", - "chalk@4.1.2", - "graceful-fs@4.2.11", - "slash@3.0.0" - ] - }, - { - "ref": "jest-circus@29.7.0", - "dependsOn": [ - "@jest/environment@29.7.0", - "@jest/expect@29.7.0", - "@jest/test-result@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "co@4.6.0", - "dedent@1.5.3", - "is-generator-fn@2.1.0", - "jest-each@29.7.0", - "jest-matcher-utils@29.7.0", - "jest-message-util@29.7.0", - "jest-runtime@29.7.0", - "jest-snapshot@29.7.0", - "jest-util@29.7.0", - "p-limit@3.1.0", - "pretty-format@29.7.0", - "pure-rand@6.1.0", - "slash@3.0.0", - "stack-utils@2.0.6" - ] - }, - { - "ref": "@jest/environment@29.7.0", - "dependsOn": [ - "@jest/fake-timers@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "jest-mock@29.7.0" - ] - }, - { - "ref": "@jest/expect@29.7.0", - "dependsOn": [ - "expect@29.7.0", - "jest-snapshot@29.7.0" - ] - }, - { - "ref": "jest-snapshot@29.7.0", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/generator@7.24.4", - "@babel/plugin-syntax-jsx@7.24.1", - "@babel/plugin-syntax-typescript@7.24.1", - "@babel/types@7.24.0", - "@jest/expect-utils@29.7.0", - "@jest/transform@29.7.0", - "@jest/types@29.6.3", - "babel-preset-current-node-syntax@1.0.1", - "chalk@4.1.2", - "expect@29.7.0", - "graceful-fs@4.2.11", - "jest-diff@29.7.0", - "jest-get-type@29.6.3", - "jest-matcher-utils@29.7.0", - "jest-message-util@29.7.0", - "jest-util@29.7.0", - "natural-compare@1.4.0", - "pretty-format@29.7.0", - "semver@7.6.2" - ] - }, - { - "ref": "dedent@1.5.3" - }, - { - "ref": "jest-each@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "chalk@4.1.2", - "jest-get-type@29.6.3", - "jest-util@29.7.0", - "pretty-format@29.7.0" - ] - }, - { - "ref": "jest-runtime@29.7.0", - "dependsOn": [ - "@jest/environment@29.7.0", - "@jest/fake-timers@29.7.0", - "@jest/globals@29.7.0", - "@jest/source-map@29.6.3", - "@jest/test-result@29.7.0", - "@jest/transform@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "cjs-module-lexer@1.2.3", - "collect-v8-coverage@1.0.2", - "glob@7.2.3", - "graceful-fs@4.2.11", - "jest-haste-map@29.7.0", - "jest-message-util@29.7.0", - "jest-mock@29.7.0", - "jest-regex-util@29.6.3", - "jest-resolve@29.7.0", - "jest-snapshot@29.7.0", - "jest-util@29.7.0", - "slash@3.0.0", - "strip-bom@4.0.0" - ] - }, - { - "ref": "pure-rand@6.1.0" - }, - { - "ref": "jest-environment-node@29.7.0", - "dependsOn": [ - "@jest/environment@29.7.0", - "@jest/fake-timers@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "jest-mock@29.7.0", - "jest-util@29.7.0" - ] - }, - { - "ref": "@jest/fake-timers@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "@sinonjs/fake-timers@10.3.0", - "@types/node@20.14.1", - "jest-message-util@29.7.0", - "jest-mock@29.7.0", - "jest-util@29.7.0" - ] - }, - { - "ref": "jest-regex-util@29.6.3" - }, - { - "ref": "jest-resolve@29.7.0", - "dependsOn": [ - "chalk@4.1.2", - "graceful-fs@4.2.11", - "jest-haste-map@29.7.0", - "jest-pnp-resolver@1.2.3", - "jest-util@29.7.0", - "jest-validate@29.7.0", - "resolve.exports@2.0.2", - "resolve@1.22.8", - "slash@3.0.0" - ] - }, - { - "ref": "jest-runner@29.7.0", - "dependsOn": [ - "@jest/console@29.7.0", - "@jest/environment@29.7.0", - "@jest/test-result@29.7.0", - "@jest/transform@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "chalk@4.1.2", - "emittery@0.13.1", - "graceful-fs@4.2.11", - "jest-docblock@29.7.0", - "jest-environment-node@29.7.0", - "jest-haste-map@29.7.0", - "jest-leak-detector@29.7.0", - "jest-message-util@29.7.0", - "jest-resolve@29.7.0", - "jest-runtime@29.7.0", - "jest-util@29.7.0", - "jest-watcher@29.7.0", - "jest-worker@29.7.0", - "p-limit@3.1.0", - "source-map-support@0.5.13" - ] - }, - { - "ref": "jest-validate@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "jest-validate@29.7.0|camelcase@6.3.0", - "chalk@4.1.2", - "jest-get-type@29.6.3", - "leven@3.1.0", - "pretty-format@29.7.0" - ] - }, - { - "ref": "jest-validate@29.7.0|camelcase@6.3.0" - }, - { - "ref": "bser@2.1.1", - "dependsOn": [ - "node-int64@0.4.0" - ] - }, - { - "ref": "node-int64@0.4.0" - }, - { - "ref": "makeerror@1.0.12", - "dependsOn": [ - "tmpl@1.0.5" - ] - }, - { - "ref": "tmpl@1.0.5" - }, - { - "ref": "jest-resolve-dependencies@29.7.0", - "dependsOn": [ - "jest-regex-util@29.6.3", - "jest-snapshot@29.7.0" - ] - }, - { - "ref": "resolve.exports@2.0.2" - }, - { - "ref": "emittery@0.13.1" - }, - { - "ref": "jest-docblock@29.7.0", - "dependsOn": [ - "detect-newline@3.1.0" - ] - }, - { - "ref": "jest-leak-detector@29.7.0", - "dependsOn": [ - "jest-get-type@29.6.3", - "pretty-format@29.7.0" - ] - }, - { - "ref": "jest-watcher@29.7.0", - "dependsOn": [ - "@jest/test-result@29.7.0", - "@jest/types@29.6.3", - "@types/node@20.14.1", - "ansi-escapes@4.3.2", - "chalk@4.1.2", - "emittery@0.13.1", - "jest-util@29.7.0", - "string-length@4.0.2" - ] - }, - { - "ref": "@jest/globals@29.7.0", - "dependsOn": [ - "@jest/environment@29.7.0", - "@jest/expect@29.7.0", - "@jest/types@29.6.3", - "jest-mock@29.7.0" - ] - }, - { - "ref": "@jest/source-map@29.6.3", - "dependsOn": [ - "@jridgewell/trace-mapping@0.3.25", - "callsites@3.1.0", - "graceful-fs@4.2.11" - ] - }, - { - "ref": "@babel/plugin-syntax-jsx@7.24.1", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/helper-plugin-utils@7.24.0" - }, - { - "ref": "@babel/plugin-syntax-async-generators@7.8.4", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/plugin-syntax-bigint@7.8.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/plugin-syntax-class-properties@7.12.13", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/plugin-syntax-import-meta@7.10.4", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/plugin-syntax-json-strings@7.8.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/plugin-syntax-numeric-separator@7.10.4", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/plugin-syntax-optional-chaining@7.8.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "@babel/plugin-syntax-top-level-await@7.14.5", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-plugin-utils@7.24.0" - ] - }, - { - "ref": "pkg-dir@4.2.0", - "dependsOn": [ - "pkg-dir@4.2.0|find-up@4.1.0" - ] - }, - { - "ref": "pkg-dir@4.2.0|find-up@4.1.0", - "dependsOn": [ - "pkg-dir@4.2.0|locate-path@5.0.0", - "path-exists@4.0.0" - ] - }, - { - "ref": "pkg-dir@4.2.0|locate-path@5.0.0", - "dependsOn": [ - "pkg-dir@4.2.0|p-locate@4.1.0" - ] - }, - { - "ref": "pkg-dir@4.2.0|p-locate@4.1.0", - "dependsOn": [ - "pkg-dir@4.2.0|p-limit@2.3.0" - ] - }, - { - "ref": "pkg-dir@4.2.0|p-limit@2.3.0", - "dependsOn": [ - "p-try@2.2.0" - ] - }, - { - "ref": "resolve-cwd@3.0.0", - "dependsOn": [ - "resolve-cwd@3.0.0|resolve-from@5.0.0" - ] - }, - { - "ref": "resolve-cwd@3.0.0|resolve-from@5.0.0" - }, - { - "ref": "jest-cli@29.7.0", - "dependsOn": [ - "@jest/core@29.7.0", - "@jest/test-result@29.7.0", - "@jest/types@29.6.3", - "chalk@4.1.2", - "create-jest@29.7.0", - "exit@0.1.2", - "import-local@3.1.0", - "jest-config@29.7.0", - "jest-util@29.7.0", - "jest-validate@29.7.0", - "yargs@17.7.2" - ] - }, - { - "ref": "create-jest@29.7.0", - "dependsOn": [ - "@jest/types@29.6.3", - "chalk@4.1.2", - "exit@0.1.2", - "graceful-fs@4.2.11", - "jest-config@29.7.0", - "jest-util@29.7.0", - "prompts@2.4.2" - ] - }, - { - "ref": "cliui@8.0.1", - "dependsOn": [ - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, - { - "ref": "get-caller-file@2.0.5" - }, - { - "ref": "require-directory@2.1.1" - }, - { - "ref": "y18n@5.0.8" - }, - { - "ref": "argparse@2.0.1" - }, - { - "ref": "json-colorizer@2.2.2", - "dependsOn": [ - "json-colorizer@2.2.2|chalk@2.4.2", - "lodash.get@4.4.2" - ] - }, - { - "ref": "json-colorizer@2.2.2|chalk@2.4.2", - "dependsOn": [ - "json-colorizer@2.2.2|ansi-styles@3.2.1", - "json-colorizer@2.2.2|escape-string-regexp@1.0.5", - "json-colorizer@2.2.2|supports-color@5.5.0" - ] - }, - { - "ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", - "dependsOn": [ - "json-colorizer@2.2.2|color-convert@1.9.3" - ] - }, - { - "ref": "json-colorizer@2.2.2|color-convert@1.9.3", - "dependsOn": [ - "json-colorizer@2.2.2|color-name@1.1.3" - ] - }, - { - "ref": "json-colorizer@2.2.2|color-name@1.1.3" - }, - { - "ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5" - }, - { - "ref": "json-colorizer@2.2.2|supports-color@5.5.0", - "dependsOn": [ - "json-colorizer@2.2.2|has-flag@3.0.0" - ] - }, - { - "ref": "json-colorizer@2.2.2|has-flag@3.0.0" - }, - { - "ref": "markdown-diff@2.0.0", - "dependsOn": [ - "markdown-diff@2.0.0|diff@5.2.0", - "marked@12.0.2" - ] - }, - { - "ref": "markdown-diff@2.0.0|diff@5.2.0" - }, - { - "ref": "marked@12.0.2" - }, - { - "ref": "markdown-table-ts@1.0.3" - }, - { - "ref": "mocha@10.4.0", - "dependsOn": [ - "ansi-colors@4.1.1", - "browser-stdout@1.3.1", - "chokidar@3.5.3", - "debug@4.3.4", - "mocha@10.4.0|diff@5.0.0", - "escape-string-regexp@4.0.0", - "find-up@5.0.0", - "mocha@10.4.0|glob@8.1.0", - "he@1.2.0", - "js-yaml@4.1.0", - "mocha@10.4.0|log-symbols@4.1.0", - "mocha@10.4.0|minimatch@5.0.1", - "ms@2.1.3", - "serialize-javascript@6.0.0", - "strip-json-comments@3.1.1", - "supports-color@8.1.1", - "workerpool@6.2.1", - "yargs-parser@20.2.4", - "yargs-unparser@2.0.0", - "mocha@10.4.0|yargs@16.2.0" - ] - }, - { - "ref": "mocha@10.4.0|diff@5.0.0" - }, - { - "ref": "mocha@10.4.0|glob@8.1.0", - "dependsOn": [ - "fs.realpath@1.0.0", - "inflight@1.0.6", - "inherits@2.0.4", - "mocha@10.4.0|minimatch@5.0.1", - "once@1.4.0" - ] - }, - { - "ref": "mocha@10.4.0|minimatch@5.0.1", - "dependsOn": [ - "brace-expansion@2.0.1" - ] - }, - { - "ref": "mocha@10.4.0|log-symbols@4.1.0", - "dependsOn": [ - "chalk@4.1.2", - "is-unicode-supported@0.1.0" - ] - }, - { - "ref": "mocha@10.4.0|yargs@16.2.0", - "dependsOn": [ - "mocha@10.4.0|cliui@7.0.4", - "escalade@3.1.2", - "get-caller-file@2.0.5", - "require-directory@2.1.1", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "y18n@5.0.8", - "yargs-parser@20.2.4" - ] - }, - { - "ref": "mocha@10.4.0|cliui@7.0.4", - "dependsOn": [ - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, - { - "ref": "browser-stdout@1.3.1" - }, - { - "ref": "fill-range@7.0.1", - "dependsOn": [ - "to-regex-range@5.0.1" - ] - }, - { - "ref": "to-regex-range@5.0.1", - "dependsOn": [ - "is-number@7.0.0" - ] - }, - { - "ref": "is-number@7.0.0" - }, - { - "ref": "is-binary-path@2.1.0", - "dependsOn": [ - "binary-extensions@2.3.0" - ] - }, - { - "ref": "binary-extensions@2.3.0" - }, - { - "ref": "readdirp@3.6.0", - "dependsOn": [ - "picomatch@2.3.1" - ] - }, - { - "ref": "wrappy@1.0.2" - }, - { - "ref": "is-unicode-supported@0.1.0" - }, - { - "ref": "serialize-javascript@6.0.0", - "dependsOn": [ - "randombytes@2.1.0" - ] - }, - { - "ref": "randombytes@2.1.0", - "dependsOn": [ - "safe-buffer@5.2.1" - ] - }, - { - "ref": "workerpool@6.2.1" - }, - { - "ref": "yargs-parser@20.2.4" - }, - { - "ref": "yargs-unparser@2.0.0", - "dependsOn": [ - "yargs-unparser@2.0.0|camelcase@6.3.0", - "decamelize@4.0.0", - "flat@5.0.2", - "is-plain-obj@2.1.0" - ] - }, - { - "ref": "yargs-unparser@2.0.0|camelcase@6.3.0" - }, - { - "ref": "decamelize@4.0.0" - }, - { - "ref": "is-plain-obj@2.1.0" - }, - { - "ref": "mock-fs@5.2.0" - }, - { - "ref": "objects-to-csv@1.3.6", - "dependsOn": [ - "async-csv@2.1.3" - ] - }, - { - "ref": "async-csv@2.1.3", - "dependsOn": [ - "csv@5.5.3" - ] - }, - { - "ref": "csv@5.5.3", - "dependsOn": [ - "csv-generate@3.4.3", - "csv-parse@4.16.3", - "csv-stringify@5.6.5", - "stream-transform@2.1.3" - ] - }, - { - "ref": "csv-generate@3.4.3" - }, - { - "ref": "csv-stringify@5.6.5" - }, - { - "ref": "stream-transform@2.1.3", - "dependsOn": [ - "mixme@0.5.10" - ] - }, - { - "ref": "mixme@0.5.10" - }, - { - "ref": "oclif@4.13.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0", - "@aws-sdk/client-s3@3.583.0", - "@inquirer/confirm@3.1.9", - "@inquirer/input@2.1.9", - "@inquirer/select@2.3.5", - "oclif@4.13.0|@oclif/core@4.0.1", - "@oclif/plugin-help@6.1.0", - "@oclif/plugin-not-found@3.2.1", - "@oclif/plugin-warn-if-update-available@3.1.4", - "async-retry@1.3.3", - "chalk@4.1.2", - "change-case@4.1.2", - "oclif@4.13.0|debug@4.3.5", - "ejs@3.1.10", - "find-yarn-workspace-root@2.0.0", - "oclif@4.13.0|fs-extra@8.1.0", - "github-slugger@2.0.0", - "got@13.0.0", - "lodash@4.17.21", - "normalize-package-data@6.0.1", - "semver@7.6.2", - "sort-package-json@2.10.0", - "tiny-jsonc@1.0.1", - "validate-npm-package-name@5.0.1" - ] - }, - { - "ref": "oclif@4.13.0|@oclif/core@4.0.1", - "dependsOn": [ - "ansi-escapes@4.3.2", - "ansis@3.2.0", - "clean-stack@3.0.1", - "cli-spinners@2.9.2", - "cosmiconfig@9.0.0", - "oclif@4.13.0|debug@4.3.5", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "minimatch@9.0.4", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "supports-color@8.1.1", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, - { - "ref": "oclif@4.13.0|debug@4.3.5", - "dependsOn": [ - "oclif@4.13.0|ms@2.1.2" - ] - }, - { - "ref": "oclif@4.13.0|ms@2.1.2" - }, - { - "ref": "oclif@4.13.0|fs-extra@8.1.0", - "dependsOn": [ - "graceful-fs@4.2.11", - "oclif@4.13.0|jsonfile@4.0.0", - "oclif@4.13.0|universalify@0.1.2" - ] - }, - { - "ref": "oclif@4.13.0|jsonfile@4.0.0", - "dependsOn": [ - "graceful-fs@4.2.11" - ] - }, - { - "ref": "oclif@4.13.0|universalify@0.1.2" - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", - "@aws-sdk/xml-builder@3.575.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-stream@3.0.1", - "@smithy/util-utf8@3.0.0", - "@smithy/util-waiter@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", - "dependsOn": [ - "@smithy/core@2.1.1", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/types@3.0.0", - "@smithy/util-endpoints@2.0.1", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/types@3.0.0", - "bowser@2.11.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", - "dependsOn": [ - "strnum@1.0.5" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/node-http-handler@3.0.0", - "@smithy/property-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-stream@3.0.1", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", - "dependsOn": [ - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", - "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/xml-builder@3.575.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/util-waiter@3.0.0", - "dependsOn": [ - "@smithy/abort-controller@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-s3@3.583.0", - "dependsOn": [ - "@aws-crypto/sha1-browser@3.0.0", - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", - "@aws-sdk/middleware-bucket-endpoint@3.577.0", - "@aws-sdk/middleware-expect-continue@3.577.0", - "@aws-sdk/middleware-flexible-checksums@3.577.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-location-constraint@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/middleware-sdk-s3@3.582.0", - "@aws-sdk/middleware-signing@3.577.0", - "@aws-sdk/middleware-ssec@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/signature-v4-multi-region@3.582.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@aws-sdk/xml-builder@3.575.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/eventstream-serde-browser@3.0.0", - "@smithy/eventstream-serde-config-resolver@3.0.0", - "@smithy/eventstream-serde-node@3.0.0", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-blob-browser@3.0.0", - "@smithy/hash-node@3.0.0", - "@smithy/hash-stream-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/md5-js@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-retry@3.0.0", - "@smithy/util-stream@3.0.1", - "@smithy/util-utf8@3.0.0", - "@smithy/util-waiter@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", - "dependsOn": [ - "@smithy/core@2.1.1", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", - "dependsOn": [ - "@aws-sdk/credential-provider-env@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", - "@aws-sdk/credential-provider-process@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", - "@aws-sdk/credential-provider-web-identity@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "@smithy/util-endpoints@2.0.1", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", - "dependsOn": [ - "strnum@1.0.5" - ] - }, - { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/node-http-handler@3.0.0", - "@smithy/property-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-stream@3.0.1", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", - "dependsOn": [ - "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", - "@aws-sdk/credential-provider-env@3.577.0", - "@aws-sdk/credential-provider-process@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", - "@aws-sdk/credential-provider-web-identity@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", - "dependsOn": [ - "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", - "@aws-sdk/token-providers@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-crypto/sha1-browser@3.0.0", - "dependsOn": [ - "@aws-crypto/ie11-detection@3.0.0", - "@aws-crypto/supports-web-crypto@3.0.0", - "@aws-crypto/util@3.0.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-locate-window@3.535.0", - "@aws-sdk/util-utf8-browser@3.259.0", - "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" - ] - }, - { - "ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" - }, - { - "ref": "@aws-sdk/region-config-resolver@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/util-user-agent-node@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/credential-provider-env@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/credential-provider-process@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/credential-provider-web-identity@3.577.0", - "dependsOn": [ - "@aws-sdk/client-sts@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/token-providers@3.577.0", - "dependsOn": [ - "@aws-sdk/client-sso-oidc@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-sso-oidc@3.577.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-sts@3.577.0", - "@aws-sdk/core@3.576.0", - "@aws-sdk/credential-provider-node@3.577.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/middleware-user-agent@3.577.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-endpoints@3.577.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-sts@3.577.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/client-sso-oidc@3.577.0", - "@aws-sdk/core@3.576.0", - "@aws-sdk/credential-provider-node@3.577.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/middleware-user-agent@3.577.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-endpoints@3.577.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/core@3.576.0", - "dependsOn": [ - "@smithy/core@2.1.1", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", - "dependsOn": [ - "strnum@1.0.5" - ] - }, - { - "ref": "@aws-sdk/credential-provider-node@3.577.0", - "dependsOn": [ - "@aws-sdk/credential-provider-env@3.577.0", - "@aws-sdk/credential-provider-http@3.577.0", - "@aws-sdk/credential-provider-ini@3.577.0", - "@aws-sdk/credential-provider-process@3.577.0", - "@aws-sdk/credential-provider-sso@3.577.0", - "@aws-sdk/credential-provider-web-identity@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/middleware-user-agent@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-endpoints@3.577.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/util-endpoints@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "@smithy/util-endpoints@2.0.1", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/credential-provider-http@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/node-http-handler@3.0.0", - "@smithy/property-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-stream@3.0.1", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/credential-provider-ini@3.577.0", - "dependsOn": [ - "@aws-sdk/client-sts@3.577.0", - "@aws-sdk/credential-provider-env@3.577.0", - "@aws-sdk/credential-provider-process@3.577.0", - "@aws-sdk/credential-provider-sso@3.577.0", - "@aws-sdk/credential-provider-web-identity@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/credential-provider-imds@3.1.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/credential-provider-sso@3.577.0", - "dependsOn": [ - "@aws-sdk/client-sso@3.577.0", - "@aws-sdk/token-providers@3.577.0", - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/shared-ini-file-loader@3.1.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/client-sso@3.577.0", - "dependsOn": [ - "@aws-crypto/sha256-browser@3.0.0", - "@aws-crypto/sha256-js@3.0.0", - "@aws-sdk/core@3.576.0", - "@aws-sdk/middleware-host-header@3.577.0", - "@aws-sdk/middleware-logger@3.577.0", - "@aws-sdk/middleware-recursion-detection@3.577.0", - "@aws-sdk/middleware-user-agent@3.577.0", - "@aws-sdk/region-config-resolver@3.577.0", - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-endpoints@3.577.0", - "@aws-sdk/util-user-agent-browser@3.577.0", - "@aws-sdk/util-user-agent-node@3.577.0", - "@smithy/config-resolver@3.0.1", - "@smithy/core@2.1.1", - "@smithy/fetch-http-handler@3.0.1", - "@smithy/hash-node@3.0.0", - "@smithy/invalid-dependency@3.0.0", - "@smithy/middleware-content-length@3.0.0", - "@smithy/middleware-endpoint@3.0.1", - "@smithy/middleware-retry@3.0.3", - "@smithy/middleware-serde@3.0.0", - "@smithy/middleware-stack@3.0.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/node-http-handler@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/url-parser@3.0.0", - "@smithy/util-base64@3.0.0", - "@smithy/util-body-length-browser@3.0.0", - "@smithy/util-body-length-node@3.0.0", - "@smithy/util-defaults-mode-browser@3.0.3", - "@smithy/util-defaults-mode-node@3.0.3", - "@smithy/util-endpoints@2.0.1", - "@smithy/util-middleware@3.0.0", - "@smithy/util-retry@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-arn-parser@3.568.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/util-arn-parser@3.568.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/middleware-expect-continue@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", - "dependsOn": [ - "@aws-crypto/crc32@3.0.0", - "@aws-crypto/crc32c@3.0.0", - "@aws-sdk/types@3.577.0", - "@smithy/is-array-buffer@3.0.0", - "@smithy/protocol-http@4.0.0", - "@smithy/types@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-crypto/crc32@3.0.0", - "dependsOn": [ - "@aws-crypto/util@3.0.0", - "@aws-sdk/types@3.577.0", - "@aws-crypto/crc32@3.0.0|tslib@1.14.1" - ] - }, - { - "ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1" - }, - { - "ref": "@aws-crypto/crc32c@3.0.0", - "dependsOn": [ - "@aws-crypto/util@3.0.0", - "@aws-sdk/types@3.577.0", - "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" - ] - }, - { - "ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" - }, - { - "ref": "@aws-sdk/middleware-location-constraint@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/middleware-sdk-s3@3.582.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@aws-sdk/util-arn-parser@3.568.0", - "@smithy/node-config-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/smithy-client@3.1.1", - "@smithy/types@3.0.0", - "@smithy/util-config-provider@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/middleware-signing@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/property-provider@3.1.0", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/types@3.0.0", - "@smithy/util-middleware@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/middleware-ssec@3.577.0", - "dependsOn": [ - "@aws-sdk/types@3.577.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@aws-sdk/signature-v4-multi-region@3.582.0", - "dependsOn": [ - "@aws-sdk/middleware-sdk-s3@3.582.0", - "@aws-sdk/types@3.577.0", - "@smithy/protocol-http@4.0.0", - "@smithy/signature-v4@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/eventstream-serde-browser@3.0.0", - "dependsOn": [ - "@smithy/eventstream-serde-universal@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/eventstream-serde-universal@3.0.0", - "dependsOn": [ - "@smithy/eventstream-codec@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/eventstream-codec@3.0.0", - "dependsOn": [ - "@aws-crypto/crc32@3.0.0", - "@smithy/types@3.0.0", - "@smithy/util-hex-encoding@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/eventstream-serde-config-resolver@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/eventstream-serde-node@3.0.0", - "dependsOn": [ - "@smithy/eventstream-serde-universal@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/hash-blob-browser@3.0.0", - "dependsOn": [ - "@smithy/chunked-blob-reader-native@3.0.0", - "@smithy/chunked-blob-reader@3.0.0", - "@smithy/types@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/chunked-blob-reader-native@3.0.0", - "dependsOn": [ - "@smithy/util-base64@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/chunked-blob-reader@3.0.0", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/hash-stream-node@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@smithy/md5-js@3.0.0", - "dependsOn": [ - "@smithy/types@3.0.0", - "@smithy/util-utf8@3.0.0", - "tslib@2.6.3" - ] - }, - { - "ref": "@inquirer/confirm@3.1.9", - "dependsOn": [ - "@inquirer/core@8.2.2", - "@inquirer/type@1.3.3" - ] - }, - { - "ref": "@inquirer/core@8.2.2", - "dependsOn": [ - "@inquirer/figures@1.0.3", - "@inquirer/type@1.3.3", - "@types/mute-stream@0.0.4", - "@types/node@20.14.1", - "@types/wrap-ansi@3.0.0", - "ansi-escapes@4.3.2", - "chalk@4.1.2", - "cli-spinners@2.9.2", - "@inquirer/core@8.2.2|cli-width@4.1.0", - "@inquirer/core@8.2.2|mute-stream@1.0.0", - "@inquirer/core@8.2.2|signal-exit@4.1.0", - "strip-ansi@6.0.1", - "@inquirer/core@8.2.2|wrap-ansi@6.2.0" - ] - }, - { - "ref": "@inquirer/core@8.2.2|cli-width@4.1.0" - }, - { - "ref": "@inquirer/core@8.2.2|mute-stream@1.0.0" - }, - { - "ref": "@inquirer/core@8.2.2|signal-exit@4.1.0" - }, - { - "ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", - "dependsOn": [ - "ansi-styles@4.3.0", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "strip-ansi@6.0.1" - ] - }, - { - "ref": "@inquirer/figures@1.0.3" - }, - { - "ref": "@inquirer/type@1.3.3" - }, - { - "ref": "@types/mute-stream@0.0.4", - "dependsOn": [ - "@types/node@20.14.1" - ] - }, - { - "ref": "@types/wrap-ansi@3.0.0" - }, - { - "ref": "@inquirer/input@2.1.9", - "dependsOn": [ - "@inquirer/core@8.2.2", - "@inquirer/type@1.3.3" - ] - }, - { - "ref": "@inquirer/select@2.3.5", - "dependsOn": [ - "@inquirer/core@8.2.2", - "@inquirer/figures@1.0.3", - "@inquirer/type@1.3.3", - "ansi-escapes@4.3.2", - "chalk@4.1.2" - ] - }, - { - "ref": "@oclif/plugin-not-found@3.2.1", - "dependsOn": [ - "@inquirer/confirm@3.1.9", - "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", - "ansis@3.2.0", - "fast-levenshtein@3.0.0" - ] - }, - { - "ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", - "dependsOn": [ - "ansi-escapes@4.3.2", - "ansis@3.2.0", - "clean-stack@3.0.1", - "cli-spinners@2.9.2", - "cosmiconfig@9.0.0", - "debug@4.3.4", - "ejs@3.1.10", - "get-package-type@0.1.0", - "globby@11.1.0", - "indent-string@4.0.0", - "is-wsl@2.2.0", - "minimatch@9.0.4", - "BomRef.5hrhe0lu5jo.6brcifutiug", - "supports-color@8.1.1", - "widest-line@3.1.0", - "wordwrap@1.0.0", - "BomRef.okvgjdrtm6.tqh1scmn9b8" - ] - }, - { - "ref": "fast-levenshtein@3.0.0", - "dependsOn": [ - "fastest-levenshtein@1.0.16" - ] - }, - { - "ref": "fastest-levenshtein@1.0.16" - }, - { - "ref": "async-retry@1.3.3", - "dependsOn": [ - "retry@0.13.1" - ] - }, - { - "ref": "retry@0.13.1" - }, - { - "ref": "change-case@4.1.2", - "dependsOn": [ - "camel-case@4.1.2", - "capital-case@1.0.4", - "constant-case@3.0.4", - "dot-case@3.0.4", - "header-case@2.0.4", - "no-case@3.0.4", - "param-case@3.0.4", - "pascal-case@3.1.2", - "path-case@3.0.4", - "sentence-case@3.0.4", - "snake-case@3.0.4", - "tslib@2.6.3" - ] - }, - { - "ref": "camel-case@4.1.2", - "dependsOn": [ - "pascal-case@3.1.2", - "tslib@2.6.3" - ] - }, - { - "ref": "pascal-case@3.1.2", - "dependsOn": [ - "no-case@3.0.4", - "tslib@2.6.3" - ] - }, - { - "ref": "capital-case@1.0.4", - "dependsOn": [ - "no-case@3.0.4", - "tslib@2.6.3", - "upper-case-first@2.0.2" - ] - }, - { - "ref": "no-case@3.0.4", - "dependsOn": [ - "lower-case@2.0.2", - "tslib@2.6.3" - ] - }, - { - "ref": "upper-case-first@2.0.2", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "constant-case@3.0.4", - "dependsOn": [ - "no-case@3.0.4", - "tslib@2.6.3", - "upper-case@2.0.2" - ] - }, - { - "ref": "upper-case@2.0.2", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "dot-case@3.0.4", - "dependsOn": [ - "no-case@3.0.4", - "tslib@2.6.3" - ] - }, - { - "ref": "header-case@2.0.4", - "dependsOn": [ - "capital-case@1.0.4", - "tslib@2.6.3" - ] - }, - { - "ref": "lower-case@2.0.2", - "dependsOn": [ - "tslib@2.6.3" - ] - }, - { - "ref": "param-case@3.0.4", - "dependsOn": [ - "dot-case@3.0.4", - "tslib@2.6.3" - ] - }, - { - "ref": "path-case@3.0.4", - "dependsOn": [ - "dot-case@3.0.4", - "tslib@2.6.3" - ] - }, - { - "ref": "sentence-case@3.0.4", - "dependsOn": [ - "no-case@3.0.4", - "tslib@2.6.3", - "upper-case-first@2.0.2" - ] - }, - { - "ref": "snake-case@3.0.4", - "dependsOn": [ - "dot-case@3.0.4", - "tslib@2.6.3" - ] - }, - { - "ref": "find-yarn-workspace-root@2.0.0", - "dependsOn": [ - "micromatch@4.0.5" - ] - }, - { - "ref": "github-slugger@2.0.0" - }, - { - "ref": "got@13.0.0", - "dependsOn": [ - "@sindresorhus/is@5.6.0", - "@szmarczak/http-timer@5.0.1", - "cacheable-lookup@7.0.0", - "cacheable-request@10.2.14", - "decompress-response@6.0.0", - "form-data-encoder@2.1.4", - "get-stream@6.0.1", - "http2-wrapper@2.2.1", - "lowercase-keys@3.0.0", - "p-cancelable@3.0.0", - "responselike@3.0.0" - ] - }, - { - "ref": "@sindresorhus/is@5.6.0" - }, - { - "ref": "@szmarczak/http-timer@5.0.1", - "dependsOn": [ - "defer-to-connect@2.0.1" - ] - }, - { - "ref": "defer-to-connect@2.0.1" - }, - { - "ref": "cacheable-lookup@7.0.0" - }, - { - "ref": "cacheable-request@10.2.14", - "dependsOn": [ - "@types/http-cache-semantics@4.0.4", - "get-stream@6.0.1", - "http-cache-semantics@4.1.1", - "keyv@4.5.4", - "mimic-response@4.0.0", - "normalize-url@8.0.1", - "responselike@3.0.0" - ] - }, - { - "ref": "@types/http-cache-semantics@4.0.4" - }, - { - "ref": "http-cache-semantics@4.1.1" - }, - { - "ref": "mimic-response@4.0.0" - }, - { - "ref": "normalize-url@8.0.1" - }, - { - "ref": "responselike@3.0.0", - "dependsOn": [ - "lowercase-keys@3.0.0" - ] - }, - { - "ref": "decompress-response@6.0.0", - "dependsOn": [ - "decompress-response@6.0.0|mimic-response@3.1.0" - ] - }, - { - "ref": "decompress-response@6.0.0|mimic-response@3.1.0" - }, - { - "ref": "form-data-encoder@2.1.4" - }, - { - "ref": "http2-wrapper@2.2.1", - "dependsOn": [ - "quick-lru@5.1.1", - "resolve-alpn@1.2.1" - ] - }, - { - "ref": "resolve-alpn@1.2.1" - }, - { - "ref": "lowercase-keys@3.0.0" - }, - { - "ref": "p-cancelable@3.0.0" - }, - { - "ref": "normalize-package-data@6.0.1", - "dependsOn": [ - "hosted-git-info@7.0.2", - "is-core-module@2.13.1", - "semver@7.6.2", - "validate-npm-package-license@3.0.4" - ] - }, - { - "ref": "spdx-correct@3.2.0", - "dependsOn": [ - "spdx-expression-parse@3.0.1", - "spdx-license-ids@3.0.17" - ] - }, - { - "ref": "spdx-expression-parse@3.0.1", - "dependsOn": [ - "spdx-exceptions@2.5.0", - "spdx-license-ids@3.0.17" - ] - }, - { - "ref": "spdx-license-ids@3.0.17" - }, - { - "ref": "spdx-exceptions@2.5.0" - }, - { - "ref": "sort-package-json@2.10.0", - "dependsOn": [ - "detect-indent@7.0.1", - "sort-package-json@2.10.0|detect-newline@4.0.1", - "get-stdin@9.0.0", - "git-hooks-list@3.1.0", - "sort-package-json@2.10.0|globby@13.2.2", - "sort-package-json@2.10.0|is-plain-obj@4.1.0", - "semver@7.6.2", - "sort-object-keys@1.1.3" - ] - }, - { - "ref": "sort-package-json@2.10.0|detect-newline@4.0.1" - }, - { - "ref": "sort-package-json@2.10.0|globby@13.2.2", - "dependsOn": [ - "dir-glob@3.0.1", - "fast-glob@3.3.2", - "ignore@5.3.1", - "merge2@1.4.1", - "sort-package-json@2.10.0|slash@4.0.0" - ] - }, - { - "ref": "sort-package-json@2.10.0|slash@4.0.0" - }, - { - "ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0" - }, - { - "ref": "detect-indent@7.0.1" - }, - { - "ref": "get-stdin@9.0.0" - }, - { - "ref": "git-hooks-list@3.1.0" - }, - { - "ref": "sort-object-keys@1.1.3" - }, - { - "ref": "tiny-jsonc@1.0.1" - }, - { - "ref": "open@10.1.0", - "dependsOn": [ - "default-browser@5.2.1", - "define-lazy-prop@3.0.0", - "is-inside-container@1.0.0", - "open@10.1.0|is-wsl@3.1.0" - ] - }, - { - "ref": "open@10.1.0|is-wsl@3.1.0", - "dependsOn": [ - "is-inside-container@1.0.0" - ] - }, - { - "ref": "default-browser@5.2.1", - "dependsOn": [ - "bundle-name@4.1.0", - "default-browser-id@5.0.0" - ] - }, - { - "ref": "bundle-name@4.1.0", - "dependsOn": [ - "run-applescript@7.0.0" - ] - }, - { - "ref": "run-applescript@7.0.0" - }, - { - "ref": "default-browser-id@5.0.0" - }, - { - "ref": "define-lazy-prop@3.0.0" - }, - { - "ref": "is-inside-container@1.0.0", - "dependsOn": [ - "is-inside-container@1.0.0|is-docker@3.0.0" - ] - }, - { - "ref": "is-inside-container@1.0.0|is-docker@3.0.0" - }, - { - "ref": "prompt-sync@4.2.0", - "dependsOn": [ - "prompt-sync@4.2.0|strip-ansi@5.2.0" - ] - }, - { - "ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", - "dependsOn": [ - "prompt-sync@4.2.0|ansi-regex@4.1.1" - ] - }, - { - "ref": "prompt-sync@4.2.0|ansi-regex@4.1.1" - }, - { - "ref": "lodash.truncate@4.4.2" - }, - { - "ref": "tmp@0.2.3" - }, - { - "ref": "ts-jest@29.1.4", - "dependsOn": [ - "@babel/core@7.24.4", - "@jest/transform@29.7.0", - "@jest/types@29.6.3", - "babel-jest@29.7.0", - "bs-logger@0.2.6", - "fast-json-stable-stringify@2.1.0", - "jest-util@29.7.0", - "jest@29.7.0", - "json5@2.2.3", - "lodash.memoize@4.1.2", - "make-error@1.3.6", - "semver@7.6.2", - "typescript@5.1.6", - "ts-jest@29.1.4|yargs-parser@21.1.1" - ] - }, - { - "ref": "ts-jest@29.1.4|yargs-parser@21.1.1" - }, - { - "ref": "@ampproject/remapping@2.3.0", - "dependsOn": [ - "@jridgewell/gen-mapping@0.3.5", - "@jridgewell/trace-mapping@0.3.25" - ] - }, - { - "ref": "js-tokens@4.0.0" - }, - { - "ref": "@babel/helper-compilation-targets@7.23.6", - "dependsOn": [ - "@babel/compat-data@7.24.4", - "@babel/helper-validator-option@7.23.5", - "browserslist@4.23.0", - "lru-cache@5.1.1", - "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" - ] - }, - { - "ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" - }, - { - "ref": "@babel/compat-data@7.24.4" - }, - { - "ref": "@babel/helper-validator-option@7.23.5" - }, - { - "ref": "lru-cache@5.1.1", - "dependsOn": [ - "yallist@3.1.1" - ] - }, - { - "ref": "yallist@3.1.1" - }, - { - "ref": "@babel/helper-module-transforms@7.23.3", - "dependsOn": [ - "@babel/core@7.24.4", - "@babel/helper-environment-visitor@7.22.20", - "@babel/helper-module-imports@7.24.3", - "@babel/helper-simple-access@7.22.5", - "@babel/helper-split-export-declaration@7.22.6", - "@babel/helper-validator-identifier@7.22.20" - ] - }, - { - "ref": "@babel/helper-environment-visitor@7.22.20" - }, - { - "ref": "@babel/helper-module-imports@7.24.3", - "dependsOn": [ - "@babel/types@7.24.0" - ] - }, - { - "ref": "@babel/helper-simple-access@7.22.5", - "dependsOn": [ - "@babel/types@7.24.0" - ] - }, - { - "ref": "@babel/helper-split-export-declaration@7.22.6", - "dependsOn": [ - "@babel/types@7.24.0" - ] - }, - { - "ref": "@babel/helpers@7.24.4", - "dependsOn": [ - "@babel/template@7.24.0", - "@babel/traverse@7.24.1", - "@babel/types@7.24.0" - ] - }, - { - "ref": "@babel/helper-function-name@7.23.0", - "dependsOn": [ - "@babel/template@7.24.0", - "@babel/types@7.24.0" - ] - }, - { - "ref": "@babel/helper-hoist-variables@7.22.5", - "dependsOn": [ - "@babel/types@7.24.0" - ] - }, - { - "ref": "@babel/helper-string-parser@7.24.1" - }, - { - "ref": "to-fast-properties@2.0.0" - }, - { - "ref": "gensync@1.0.0-beta.2" - }, - { - "ref": "@jridgewell/resolve-uri@3.1.2" - }, - { - "ref": "@istanbuljs/load-nyc-config@1.1.0", - "dependsOn": [ - "camelcase@5.3.1", - "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", - "get-package-type@0.1.0", - "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", - "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" - ] - }, - { - "ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", - "dependsOn": [ - "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", - "path-exists@4.0.0" - ] - }, - { - "ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", - "dependsOn": [ - "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0" - ] - }, - { - "ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", - "dependsOn": [ - "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0" - ] - }, - { - "ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", - "dependsOn": [ - "p-try@2.2.0" - ] - }, - { - "ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", - "dependsOn": [ - "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", - "esprima@4.0.1" - ] - }, - { - "ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", - "dependsOn": [ - "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" - ] - }, - { - "ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" - }, - { - "ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" - }, - { - "ref": "camelcase@5.3.1" - }, - { - "ref": "test-exclude@6.0.0", - "dependsOn": [ - "@istanbuljs/schema@0.1.3", - "glob@7.2.3", - "test-exclude@6.0.0|minimatch@3.1.2" - ] - }, - { - "ref": "test-exclude@6.0.0|minimatch@3.1.2", - "dependsOn": [ - "test-exclude@6.0.0|brace-expansion@1.1.11" - ] - }, - { - "ref": "test-exclude@6.0.0|brace-expansion@1.1.11", - "dependsOn": [ - "balanced-match@1.0.2", - "concat-map@0.0.1" - ] - }, - { - "ref": "@types/babel__generator@7.6.8", - "dependsOn": [ - "@babel/types@7.24.0" - ] - }, - { - "ref": "@types/babel__template@7.4.4", - "dependsOn": [ - "@babel/parser@7.24.4", - "@babel/types@7.24.0" - ] - }, - { - "ref": "babel-preset-jest@29.6.3", - "dependsOn": [ - "@babel/core@7.24.4", - "babel-plugin-jest-hoist@29.6.3", - "babel-preset-current-node-syntax@1.0.1" - ] - }, - { - "ref": "babel-plugin-jest-hoist@29.6.3", - "dependsOn": [ - "@babel/template@7.24.0", - "@babel/types@7.24.0", - "@types/babel__core@7.20.5", - "@types/babel__traverse@7.20.5" - ] - }, - { - "ref": "ts-mocha@10.0.0", - "dependsOn": [ - "mocha@10.4.0", - "ts-mocha@10.0.0|ts-node@7.0.1", - "tsconfig-paths@3.15.0" - ] - }, - { - "ref": "ts-mocha@10.0.0|ts-node@7.0.1", - "dependsOn": [ - "ts-mocha@10.0.0|arrify@1.0.1", - "buffer-from@1.1.2", - "ts-mocha@10.0.0|diff@3.5.0", - "make-error@1.3.6", - "minimist@1.2.8", - "ts-mocha@10.0.0|mkdirp@0.5.6", - "source-map-support@0.5.13", - "ts-mocha@10.0.0|yn@2.0.0" - ] - }, - { - "ref": "ts-mocha@10.0.0|arrify@1.0.1" - }, - { - "ref": "ts-mocha@10.0.0|diff@3.5.0" - }, - { - "ref": "ts-mocha@10.0.0|mkdirp@0.5.6", - "dependsOn": [ - "minimist@1.2.8" - ] - }, - { - "ref": "ts-mocha@10.0.0|yn@2.0.0" - }, - { - "ref": "buffer-from@1.1.2" - }, - { - "ref": "tsconfig-paths@3.15.0", - "dependsOn": [ - "@types/json5@0.0.29", - "tsconfig-paths@3.15.0|json5@1.0.2", - "minimist@1.2.8", - "tsconfig-paths@3.15.0|strip-bom@3.0.0" - ] - }, - { - "ref": "tsconfig-paths@3.15.0|json5@1.0.2", - "dependsOn": [ - "minimist@1.2.8" - ] - }, - { - "ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0" - }, - { - "ref": "@types/json5@0.0.29" - }, - { - "ref": "@cspotcode/source-map-support@0.8.1", - "dependsOn": [ - "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9" - ] - }, - { - "ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", - "dependsOn": [ - "@jridgewell/resolve-uri@3.1.2", - "@jridgewell/sourcemap-codec@1.4.15" - ] - }, - { - "ref": "@tsconfig/node10@1.0.11" - }, - { - "ref": "@tsconfig/node12@1.0.11" - }, - { - "ref": "@tsconfig/node14@1.0.3" - }, - { - "ref": "@tsconfig/node16@1.0.4" - }, - { - "ref": "acorn-walk@8.3.2" - }, - { - "ref": "create-require@1.1.1" - }, - { - "ref": "diff@4.0.2" - }, - { - "ref": "v8-compile-cache-lib@3.0.1" - }, - { - "ref": "yn@3.1.1" - }, - { - "ref": "tsimportlib@0.0.5" - }, - { - "ref": "@colors/colors@1.6.0" - }, - { - "ref": "@dabh/diagnostics@2.0.3", - "dependsOn": [ - "colorspace@1.1.4", - "enabled@2.0.0", - "kuler@2.0.0" - ] - }, - { - "ref": "colorspace@1.1.4", - "dependsOn": [ - "colorspace@1.1.4|color@3.2.1", - "text-hex@1.0.0" - ] - }, - { - "ref": "colorspace@1.1.4|color@3.2.1", - "dependsOn": [ - "colorspace@1.1.4|color-convert@1.9.3", - "color-string@1.9.1" - ] - }, - { - "ref": "colorspace@1.1.4|color-convert@1.9.3", - "dependsOn": [ - "colorspace@1.1.4|color-name@1.1.3" - ] - }, - { - "ref": "colorspace@1.1.4|color-name@1.1.3" - }, - { - "ref": "text-hex@1.0.0" - }, - { - "ref": "enabled@2.0.0" - }, - { - "ref": "kuler@2.0.0" - }, - { - "ref": "logform@2.6.0", - "dependsOn": [ - "@colors/colors@1.6.0", - "@types/triple-beam@1.3.5", - "fecha@4.2.3", - "ms@2.1.3", - "safe-stable-stringify@2.4.3", - "triple-beam@1.4.1" - ] - }, - { - "ref": "fecha@4.2.3" - }, - { - "ref": "safe-stable-stringify@2.4.3" - }, - { - "ref": "triple-beam@1.4.1" - }, - { - "ref": "one-time@1.0.0", - "dependsOn": [ - "fn.name@1.1.0" - ] - }, - { - "ref": "fn.name@1.1.0" - }, - { - "ref": "string_decoder@1.3.0", - "dependsOn": [ - "safe-buffer@5.2.1" - ] - }, - { - "ref": "stack-trace@0.0.10" - }, - { - "ref": "winston-transport@4.7.0", - "dependsOn": [ - "logform@2.6.0", - "readable-stream@3.6.2", - "triple-beam@1.4.1" - ] - }, - { - "ref": "xlsx-populate@1.21.0", - "dependsOn": [ - "cfb@1.2.2", - "jszip@3.10.1", - "lodash@4.17.21", - "xlsx-populate@1.21.0|sax@1.3.0" - ] - }, - { - "ref": "xlsx-populate@1.21.0|sax@1.3.0" - }, - { - "ref": "cfb@1.2.2", - "dependsOn": [ - "adler-32@1.3.1", - "crc-32@1.2.2" - ] - }, - { - "ref": "adler-32@1.3.1" - }, - { - "ref": "crc-32@1.2.2" - }, - { - "ref": "jszip@3.10.1", - "dependsOn": [ - "lie@3.3.0", - "pako@1.0.11", - "jszip@3.10.1|readable-stream@2.3.8", - "setimmediate@1.0.5" - ] - }, - { - "ref": "jszip@3.10.1|readable-stream@2.3.8", - "dependsOn": [ - "core-util-is@1.0.3", - "inherits@2.0.4", - "isarray@1.0.0", - "process-nextick-args@2.0.1", - "jszip@3.10.1|safe-buffer@5.1.2", - "jszip@3.10.1|string_decoder@1.1.1", - "util-deprecate@1.0.2" - ] - }, - { - "ref": "jszip@3.10.1|safe-buffer@5.1.2" - }, - { - "ref": "jszip@3.10.1|string_decoder@1.1.1", - "dependsOn": [ - "jszip@3.10.1|safe-buffer@5.1.2" - ] - }, - { - "ref": "lie@3.3.0", - "dependsOn": [ - "immediate@3.0.6" - ] - }, - { - "ref": "immediate@3.0.6" - }, - { - "ref": "pako@1.0.11" - }, - { - "ref": "core-util-is@1.0.3" - }, - { - "ref": "isarray@1.0.0" - }, - { - "ref": "process-nextick-args@2.0.1" - }, - { - "ref": "setimmediate@1.0.5" - }, - { - "ref": "sax@1.2.1" - }, - { - "ref": "xmlbuilder@11.0.1" - }, - { - "ref": "zip-lib@1.0.4", - "dependsOn": [ - "yauzl@3.1.3", - "yazl@2.5.1" - ] - }, - { - "ref": "yauzl@3.1.3", - "dependsOn": [ - "buffer-crc32@0.2.13", - "pend@1.2.0" - ] - }, - { - "ref": "buffer-crc32@0.2.13" - }, - { - "ref": "pend@1.2.0" - }, - { - "ref": "yazl@2.5.1", - "dependsOn": [ - "buffer-crc32@0.2.13" + "metadata": { + "timestamp": "2024-07-08T18:08:55.978Z", + "tools": [ + { + "name": "npm", + "version": "10.7.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "1.19.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "6.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "saf", + "group": "@mitre", + "version": "1.4.7", + "bom-ref": "@mitre/saf@1.4.7", + "author": "The MITRE Security Automation Framework", + "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/saf@1.4.7?vcs_url=git%2Bhttps%3A//github.com/mitre/saf.git", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/saf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/saf", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/saf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + } ] } - ] + } } } ] diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index fcbc4b0c25..4be4e61d62 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -33,21 +33,35 @@ export class SBOMResults { } generateIntermediary(data: Record) { + // Flatten components list + for (const component of data.components as Record[]) { + if (_.has(component, 'components')) { + for (const subcomponent of component.components as Record< + string, + unknown + >[]) { + (data.components as Record[]).push(subcomponent); + } + delete component.components; + } + } + + // Collect all components that affect a vulnerability and place them under the corresponding vulnerability if (_.has(data, 'vulnerabilities')) { for (let vulnerability of data.vulnerabilities as (Record< string, unknown - > & {affects: (Object & {ref: string})[]})[]) { + > & {affects: Record[]})[]) { for (const id of vulnerability.affects) { const components = []; for (const component of data.components as Record< string, unknown >[]) { - if (_.get(component, 'bom-ref') === id.ref) { + if (component['bom-ref'] === id.ref) { components.push(component); } - vulnerability['affectedComponents'] = components; + vulnerability.affectedComponents = components; } } } @@ -97,9 +111,9 @@ export class SBOMMapper extends BaseConverter { descriptions: [], //Insert data refs: [], //Insert data source_location: {}, //Insert data - title: null, //Insert data + title: {path: 'bom-ref'}, id: {path: 'id'}, - desc: null, //Insert data + desc: {path: 'description'}, impact: 0, //Insert data code: null, //Insert data results: [ @@ -123,7 +137,13 @@ export class SBOMMapper extends BaseConverter { auxiliary_data: [ { name: 'SBOM', - data: _.omit(data, ['metadata', 'components', 'vulnerabilities']) + components: _.get(data, 'components'), + dependencies: _.get(data, 'dependencies'), + data: _.omit(data, [ + 'components', + 'vulnerabilities', + 'dependencies' + ]) } ], ...(this.withRaw && {raw: data}) From f1a74609f6acb5e91b1f4a16ddb6d5911099d365 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 22 Jul 2024 15:48:40 -0400 Subject: [PATCH 12/61] Linting Signed-off-by: Charles Hu --- .../sbom-dropwizard-vulns-hdf-withraw.json | 530 +++++++++++++++--- .../sbom-dropwizard-vulns-hdf.json | 530 +++++++++++++++--- libs/hdf-converters/src/sbom-mapper.ts | 13 +- 3 files changed, 897 insertions(+), 176 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index 35e0a4cf6a..f0e42c2514 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -24,7 +24,14 @@ "status": "loaded", "controls": [ { - "tags": {}, + "tags": { + "cweid": [ + 173, + 200, + 378, + 732 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -44,7 +51,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 379, + 552 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -64,7 +76,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -84,7 +100,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -104,7 +124,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -124,7 +148,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -144,7 +172,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -164,7 +196,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -184,7 +220,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -204,7 +244,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -224,7 +268,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -244,7 +292,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -264,7 +316,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -284,7 +340,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -304,7 +364,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -324,7 +388,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -344,7 +412,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -364,7 +436,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -384,7 +460,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -404,7 +484,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -424,7 +508,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -444,7 +532,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -464,7 +556,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 94, + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -484,7 +581,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -504,7 +605,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -524,7 +629,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -544,7 +653,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -564,7 +677,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -584,7 +701,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -604,7 +725,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -624,7 +749,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -644,7 +773,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -664,7 +797,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -684,7 +821,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -704,7 +845,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -724,7 +869,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -744,7 +893,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -764,7 +917,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502, + 913 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -784,7 +942,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400, + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -804,7 +967,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -824,7 +991,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 787 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -844,7 +1015,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 611 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -864,7 +1039,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -884,7 +1063,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400, + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -904,7 +1088,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -924,7 +1112,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 74 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -944,7 +1136,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 74 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -964,7 +1160,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 776 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -984,7 +1184,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 121, + 787 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1004,7 +1209,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 121, + 787 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1024,7 +1234,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 121, + 787 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1044,7 +1259,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 121, + 787 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1064,7 +1284,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 121, + 787 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1084,7 +1309,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400, + 776 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1104,7 +1334,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 20, + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1124,7 +1359,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1144,7 +1383,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1164,7 +1407,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1184,7 +1431,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 613 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1204,7 +1455,13 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400, + 551, + 755 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1224,7 +1481,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 200 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1244,7 +1505,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400, + 770 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1264,7 +1530,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 226 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1284,7 +1554,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 20 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1304,7 +1578,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 130 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1324,7 +1602,13 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 378, + 379, + 552 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1344,7 +1628,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 611 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1364,7 +1652,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 200 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1384,7 +1676,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 149 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1404,7 +1700,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 200, + 732 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1424,7 +1725,9 @@ ] }, { - "tags": {}, + "tags": { + "cweid": "" + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1444,7 +1747,9 @@ ] }, { - "tags": {}, + "tags": { + "cweid": "" + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1464,7 +1769,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 89 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1484,7 +1793,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 89 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1504,7 +1817,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 611 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1524,7 +1841,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 79 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1544,7 +1865,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 611 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1564,7 +1889,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400, + 410 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1584,7 +1914,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1604,7 +1938,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1624,7 +1962,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 190 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1644,7 +1986,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 295 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1664,7 +2010,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1684,7 +2034,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1704,7 +2058,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 88 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1724,7 +2082,7 @@ ] } ], - "sha256": "fa59f17859d66dbe3b09f493059c5994e08d7cb0f475075b22d6586635274ba2" + "sha256": "5f52cc5463aeddea6d0de8cdd71d77827c6310f1d8f913a6c6c9dd70400d0ec1" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index 09f695248e..95eee4d38d 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -24,7 +24,14 @@ "status": "loaded", "controls": [ { - "tags": {}, + "tags": { + "cweid": [ + 173, + 200, + 378, + 732 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -44,7 +51,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 379, + 552 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -64,7 +76,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -84,7 +100,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -104,7 +124,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -124,7 +148,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -144,7 +172,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -164,7 +196,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -184,7 +220,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -204,7 +244,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -224,7 +268,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -244,7 +292,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -264,7 +316,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -284,7 +340,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -304,7 +364,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -324,7 +388,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -344,7 +412,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -364,7 +436,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -384,7 +460,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -404,7 +484,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -424,7 +508,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -444,7 +532,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -464,7 +556,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 94, + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -484,7 +581,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -504,7 +605,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -524,7 +629,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -544,7 +653,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -564,7 +677,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -584,7 +701,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -604,7 +725,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -624,7 +749,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -644,7 +773,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -664,7 +797,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -684,7 +821,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -704,7 +845,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -724,7 +869,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -744,7 +893,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -764,7 +917,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502, + 913 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -784,7 +942,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400, + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -804,7 +967,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -824,7 +991,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 787 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -844,7 +1015,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 611 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -864,7 +1039,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -884,7 +1063,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400, + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -904,7 +1088,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -924,7 +1112,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 74 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -944,7 +1136,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 74 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -964,7 +1160,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 776 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -984,7 +1184,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 121, + 787 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1004,7 +1209,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 121, + 787 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1024,7 +1234,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 121, + 787 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1044,7 +1259,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 121, + 787 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1064,7 +1284,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 121, + 787 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1084,7 +1309,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400, + 776 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1104,7 +1334,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 20, + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1124,7 +1359,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1144,7 +1383,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1164,7 +1407,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1184,7 +1431,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 613 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1204,7 +1455,13 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400, + 551, + 755 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1224,7 +1481,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 200 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1244,7 +1505,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400, + 770 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1264,7 +1530,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 226 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1284,7 +1554,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 20 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1304,7 +1578,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 130 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1324,7 +1602,13 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 378, + 379, + 552 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1344,7 +1628,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 611 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1364,7 +1652,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 200 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1384,7 +1676,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 149 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1404,7 +1700,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 200, + 732 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1424,7 +1725,9 @@ ] }, { - "tags": {}, + "tags": { + "cweid": "" + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1444,7 +1747,9 @@ ] }, { - "tags": {}, + "tags": { + "cweid": "" + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1464,7 +1769,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 89 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1484,7 +1793,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 89 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1504,7 +1817,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 611 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1524,7 +1841,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 79 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1544,7 +1865,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 611 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1564,7 +1889,12 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400, + 410 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1584,7 +1914,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1604,7 +1938,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1624,7 +1962,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 190 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1644,7 +1986,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 295 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1664,7 +2010,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 400 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1684,7 +2034,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 502 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1704,7 +2058,11 @@ ] }, { - "tags": {}, + "tags": { + "cweid": [ + 88 + ] + }, "descriptions": [], "refs": [], "source_location": {}, @@ -1724,7 +2082,7 @@ ] } ], - "sha256": "fa59f17859d66dbe3b09f493059c5994e08d7cb0f475075b22d6586635274ba2" + "sha256": "5f52cc5463aeddea6d0de8cdd71d77827c6310f1d8f913a6c6c9dd70400d0ec1" } ], "passthrough": { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 4be4e61d62..16be89fdec 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -29,11 +29,12 @@ export class SBOMResults { constructor(SBOMJson: string, withRaw = false) { this.data = JSON.parse(SBOMJson); this.withRaw = withRaw; + this.flattenComponents(this.data); this.generateIntermediary(this.data); } - generateIntermediary(data: Record) { - // Flatten components list + // Flatten components list + flattenComponents(data: Record) { for (const component of data.components as Record[]) { if (_.has(component, 'components')) { for (const subcomponent of component.components as Record< @@ -45,8 +46,10 @@ export class SBOMResults { delete component.components; } } + } - // Collect all components that affect a vulnerability and place them under the corresponding vulnerability + // Collect all components that affect a vulnerability and place them under the corresponding vulnerability + generateIntermediary(data: Record) { if (_.has(data, 'vulnerabilities')) { for (let vulnerability of data.vulnerabilities as (Record< string, @@ -107,7 +110,9 @@ export class SBOMMapper extends BaseConverter { { path: 'vulnerabilities', key: 'id', - tags: {}, //Insert data + tags: { + cweid: {path: 'cwes'} + }, descriptions: [], //Insert data refs: [], //Insert data source_location: {}, //Insert data From 3370eb30bb8cb2499dc35c2fcac25444aaee10b8 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Tue, 23 Jul 2024 16:20:22 -0400 Subject: [PATCH 13/61] Quick typing fix Signed-off-by: Charles Hu --- libs/hdf-converters/src/sbom-mapper.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 16be89fdec..933ccc3882 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -51,7 +51,7 @@ export class SBOMResults { // Collect all components that affect a vulnerability and place them under the corresponding vulnerability generateIntermediary(data: Record) { if (_.has(data, 'vulnerabilities')) { - for (let vulnerability of data.vulnerabilities as (Record< + for (const vulnerability of data.vulnerabilities as (Record< string, unknown > & {affects: Record[]})[]) { From 2d0604be4634703a21801e0166af3a12dc175319 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Wed, 24 Jul 2024 14:22:59 -0400 Subject: [PATCH 14/61] Mapping progress Signed-off-by: Charles Hu --- .../sbom-dropwizard-vulns-hdf-withraw.json | 9177 ++++++++++++++++- .../sbom-dropwizard-vulns-hdf.json | 9177 ++++++++++++++++- libs/hdf-converters/src/sbom-mapper.ts | 82 +- 3 files changed, 17559 insertions(+), 877 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index f0e42c2514..8e8df221d9 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -32,20 +32,28 @@ 732 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-03-25T17:04:19Z", + "label": "Date published" + }, + { + "data": "2023-11-09T18:44:38Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "b7a12947-7a8d-4031-b59d-640d33dbad6a", "id": "GHSA-5mg8-w23w-74h3", "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", + "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava", "start_time": "" } ] @@ -57,20 +65,28 @@ 552 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-06-14T18:30:38Z", + "label": "Date published" + }, + { + "data": "2024-02-13T21:49:15Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "bb03c210-ea12-450d-85df-17d81a75ede2", "id": "GHSA-7g45-4rm6-3mm3", "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", + "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava", "start_time": "" } ] @@ -81,20 +97,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-04-23T21:08:40Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:02:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", "id": "GHSA-5p34-5m6p-p58g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -105,20 +129,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:58:44Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:02:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "f57dc81d-6b2d-4060-8c15-7613c1a37981", "id": "GHSA-27xj-rqx5-2255", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -129,20 +161,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-06-10T21:12:41Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:03:03Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", "id": "GHSA-58pp-9c76-5625", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -153,20 +193,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:58:50Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:03:05Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", "id": "GHSA-v3xw-c963-f5hc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -177,20 +225,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-04-23T20:19:02Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:41:35Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", "id": "GHSA-h4rc-386g-6m85", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -201,20 +257,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:58:47Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:48:55Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", "id": "GHSA-9vvp-fxw6-jcxr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -225,20 +289,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:58:54Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:50:18Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "343cd240-f667-4770-aecf-ddc11f9d0172", "id": "GHSA-rf6r-2c4q-2vwg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -249,20 +321,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-04-23T21:36:03Z", + "label": "Date published" + }, + { + "data": "2024-06-25T13:46:45Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", "id": "GHSA-758m-v56v-grj4", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -273,20 +353,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-04-23T16:32:59Z", + "label": "Date published" + }, + { + "data": "2024-07-03T21:10:50Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", "id": "GHSA-95cm-88f5-f2c7", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -297,20 +385,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-06-18T14:44:50Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:04:14Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", "id": "GHSA-c2q3-4qrh-fm48", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -321,20 +417,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-06-18T14:44:43Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:37:17Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "97981cb2-9228-4b8b-a172-ad12f550a19f", "id": "GHSA-mc6h-4qgp-37qh", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -345,20 +449,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-06-18T14:44:46Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:39:55Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", "id": "GHSA-j823-4qch-3rgm", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -369,20 +481,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-06-18T14:44:48Z", + "label": "Date published" + }, + { + "data": "2024-06-25T13:46:04Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "7e3a7481-266e-4cb7-af3b-94dcaf462942", "id": "GHSA-c265-37vj-cwcc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -393,20 +513,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-03-04T20:52:14Z", + "label": "Date published" + }, + { + "data": "2023-06-08T19:02:12Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "db7cfe67-0b1d-4504-af8b-da26e12af73a", "id": "GHSA-4w82-r329-3q67", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -417,20 +545,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-07-15T19:41:47Z", + "label": "Date published" + }, + { + "data": "2023-08-18T15:45:27Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", "id": "GHSA-rpr3-cw39-3pxh", "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -441,20 +577,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2019-11-13T00:32:27Z", + "label": "Date published" + }, + { + "data": "2023-09-14T14:55:20Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c037af59-a132-4727-8cc3-c6095c490df7", "id": "GHSA-fmmc-742q-jg75", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -465,20 +609,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2019-11-13T00:32:38Z", + "label": "Date published" + }, + { + "data": "2023-09-14T14:55:25Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", "id": "GHSA-gjmw-vf9h-g25v", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -489,20 +641,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2019-10-28T20:51:15Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:57:37Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "e8b21aeb-ce1d-4df2-8102-577b813e712f", "id": "GHSA-mx7p-6679-8g3q", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -513,20 +673,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:59:10Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:09:40Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "e141c668-bc18-4738-b3b6-e7ba1057d124", "id": "GHSA-q93h-jc49-78gg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -537,20 +705,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:59:01Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:20:09Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", "id": "GHSA-p43x-xfjf-5jhr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -562,20 +738,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:14:51Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:44:55Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "6af6635c-bedd-40e5-88b8-324d3a80a33e", "id": "GHSA-h3cw-g4mq-c5x2", "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -586,20 +770,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:15:36Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:47:50Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "3ad04380-a25c-41d8-8fad-259c2561795b", "id": "GHSA-qjw2-hr98-qgfh", "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -610,20 +802,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:02Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:52:49Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "86f78c35-adfb-48e4-9428-88084373e1c0", "id": "GHSA-8w26-6f25-cm9x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -634,20 +834,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:26Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:53:30Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", "id": "GHSA-m6x4-97wx-4q27", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -658,20 +866,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-11-19T20:13:06Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:59:33Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "00033bff-66dc-4a36-ab38-a10b0625409f", "id": "GHSA-v585-23hc-c647", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -682,20 +898,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:51Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:01:31Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "14e2856b-f78d-4a6d-99eb-470c8566df29", "id": "GHSA-r695-7vr9-jgc2", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -706,20 +930,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:59Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:04:22Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c224f923-be9a-4faa-a930-ef4db611bc2b", "id": "GHSA-vfqx-33qm-g869", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -730,20 +962,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:42Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:04:22Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "5201940b-1f04-4668-ae86-8261448d817d", "id": "GHSA-f9xh-2qgp-cq57", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -754,20 +994,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:10Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:07:00Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", "id": "GHSA-cvm9-fjm9-3572", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -778,20 +1026,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:15:54Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:07:40Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", "id": "GHSA-9gph-22xh-8x98", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -802,20 +1058,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:15:46Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:08:37Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "950cff67-088e-4f41-9818-25943c9e17c0", "id": "GHSA-89qr-369f-5m5x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -826,20 +1090,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:18Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:13:01Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "53eda8c2-268a-4866-89ac-234bfe7f74ce", "id": "GHSA-8c4j-34r4-xr8g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -850,20 +1122,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:34Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:15:44Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "9edaa51d-929b-457e-aab5-0fffecdb4938", "id": "GHSA-9m6f-7xcq-8vf8", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -874,20 +1154,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:15:24Z", + "label": "Date published" + }, + { + "data": "2023-11-21T11:40:53Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "6d5189b4-d549-419a-b886-43a62cc43d40", "id": "GHSA-5r5r-6hpj-8gg9", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -898,20 +1186,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:15:00Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:28:08Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "135c6dab-529e-4855-ab72-a0138e2110c8", "id": "GHSA-wh8g-3j2c-rqj5", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -923,20 +1219,28 @@ 913 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:15:11Z", + "label": "Date published" + }, + { + "data": "2024-06-25T13:47:23Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "57f41366-73de-4a9c-ba15-4d09c9f60e33", "id": "GHSA-r3gr-cxrf-hg25", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -948,20 +1252,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-10-03T00:00:31Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:14:44Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", "id": "GHSA-jjjh-jjxp-wpff", "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -972,20 +1284,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-01-20T21:20:15Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:16:04Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "726a055c-f364-4cb7-a75a-d3c541dad0fa", "id": "GHSA-5949-rw7g-wx7w", "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -996,20 +1316,28 @@ 787 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-03-12T00:00:36Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:24:56Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", "id": "GHSA-57j2-w4cx-62h2", "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -1020,20 +1348,28 @@ 611 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-02-18T20:51:54Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:31:24Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", "id": "GHSA-288c-cq4h-88gq", "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -1044,20 +1380,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-03-04T20:52:11Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:52:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", "id": "GHSA-gww7-p5w4-wrfv", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -1069,20 +1413,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-10-03T00:00:31Z", + "label": "Date published" + }, + { + "data": "2024-03-24T05:01:05Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "87742746-bd8b-423d-979d-d9aa81a8ccfd", "id": "GHSA-rgv9-q543-rqg4", "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -1093,20 +1445,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:59:04Z", + "label": "Date published" + }, + { + "data": "2024-07-03T21:10:31Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "5c0b94e1-0577-42c9-8028-f244d68f61da", "id": "GHSA-fqwf-pjwf-7vqv", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -1117,20 +1477,28 @@ 74 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-04-10T18:42:20Z", + "label": "Date published" + }, + { + "data": "2023-01-09T05:02:18Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "f2fa9b19-418a-4901-9840-a8631227701e", "id": "GHSA-8jpx-m2wh-2v34", "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", + "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard", "start_time": "" } ] @@ -1141,20 +1509,28 @@ 74 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-02-24T17:27:27Z", + "label": "Date published" + }, + { + "data": "2024-06-05T16:42:03Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", "id": "GHSA-3mcp-9wr4-cjqf", "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", + "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard", "start_time": "" } ] @@ -1165,20 +1541,28 @@ 776 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-06-04T21:37:45Z", + "label": "Date published" + }, + { + "data": "2023-05-22T20:17:58Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", "id": "GHSA-rvwf-54qp-4r6v", "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1190,20 +1574,28 @@ 787 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "63a53dc7-5769-43dc-a053-50ccd5295d8b", "id": "GHSA-9w3m-gqgf-c4p9", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1215,20 +1607,28 @@ 787 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-11-11T19:00:31Z", + "label": "Date published" + }, + { + "data": "2024-06-21T21:33:52Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "5ab41975-23cc-45e0-9a13-be603ea00595", "id": "GHSA-w37g-rhq8-7m4j", "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1240,20 +1640,28 @@ 787 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "dff65990-715e-4f71-aace-60d4436af108", "id": "GHSA-c4r9-r8fh-9vj2", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1265,20 +1673,28 @@ 787 ] }, - "descriptions": [], - "refs": [], + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], + "refs": [], "source_location": {}, "title": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", "id": "GHSA-hhhw-99gj-p3c3", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1290,20 +1706,28 @@ 787 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "6c215a04-8ea0-421f-961b-d5cceb64fd13", "id": "GHSA-98wm-3w3q-mw94", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1315,20 +1739,28 @@ 776 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-08-31T00:00:24Z", + "label": "Date published" + }, + { + "data": "2024-03-15T19:06:46Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "38c08d91-3487-44c4-b258-d5a274a4ad05", "id": "GHSA-3mc7-4q67-w48m", "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1340,20 +1772,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-12-12T21:19:47Z", + "label": "Date published" + }, + { + "data": "2024-06-24T21:22:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", "id": "GHSA-mjmj-j48q-9wg2", "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1364,20 +1804,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-17T20:00:50Z", + "label": "Date published" + }, + { + "data": "2023-01-30T05:04:55Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", "id": "GHSA-668q-qrv7-99fm", "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", + "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback", "start_time": "" } ] @@ -1388,20 +1836,34 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-11-29T12:30:16Z", + "label": "Date published" + }, + { + "data": "2023-12-05T21:31:13Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", "id": "GHSA-vmq6-5m68-f53m", "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", + "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", + "message": "Component Summary\nType: library\nName: logback-classic\nGroup: ch.qos.logback", "start_time": "" } ] @@ -1412,20 +1874,28 @@ 400 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-03-10T03:46:47Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:09Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", "id": "GHSA-m394-8rww-3jr7", "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1436,20 +1906,28 @@ 613 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-06-23T20:23:04Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "f32ca540-f068-4392-bea0-c0d7b050b7d1", "id": "GHSA-m6cp-vxjx-65j6", "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1462,20 +1940,28 @@ 755 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-04-06T17:31:30Z", + "label": "Date published" + }, + { + "data": "2023-09-26T11:11:47Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", "id": "GHSA-26vr-8j45-3r4w", "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1486,20 +1972,28 @@ 200 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-04-18T22:19:57Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:01:53Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "d5c5815d-1742-46b6-953a-a4ed90fdd920", "id": "GHSA-p26g-97m4-6q7c", "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1511,20 +2005,28 @@ 770 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-04-19T18:15:45Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:02:06Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "f6ff72c7-6603-4627-899d-658f8f7c5f23", "id": "GHSA-qw69-rqj8-6qw8", "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1535,20 +2037,28 @@ 226 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-12-02T18:28:18Z", + "label": "Date published" + }, + { + "data": "2024-02-21T17:23:14Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", "id": "GHSA-86wm-rrjm-8wh8", "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1559,20 +2069,28 @@ 20 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-07-07T20:55:34Z", + "label": "Date published" + }, + { + "data": "2023-01-29T05:06:01Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c19b779d-2699-44de-a189-a0d18d8dc953", "id": "GHSA-cj7v-27pg-wf7q", "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1583,20 +2101,28 @@ 130 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-09-14T16:17:27Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:01:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", "id": "GHSA-hmr7-m48g-48f6", "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1609,20 +2135,28 @@ 552 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-11-04T17:50:24Z", + "label": "Date published" + }, + { + "data": "2023-11-27T23:07:53Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", "id": "GHSA-g3wg-6mcf-8jj6", "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-webapp\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1633,20 +2167,28 @@ 611 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-07-10T21:52:39Z", + "label": "Date published" + }, + { + "data": "2023-09-05T22:39:32Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "76910119-ee18-4144-855b-b2fdab20e33c", "id": "GHSA-58qw-p7qm-5rvh", "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-xml\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1657,20 +2199,28 @@ 200 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-06-10T15:43:22Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:51Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "d8add710-4eed-448d-b198-ecff8ffe86ea", "id": "GHSA-gwcr-j4wh-j3cq", "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1681,20 +2231,28 @@ 149 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-09-14T16:16:00Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:01:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "123b8eaf-5572-4945-975d-21ed3c2f101d", "id": "GHSA-3gh6-v5v9-6v9j", "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1706,20 +2264,28 @@ 732 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-10-12T17:33:00Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:04:50Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "499117ae-d134-4505-8674-ed498531e7a9", "id": "GHSA-269g-pwp5-87pp", "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component junit/junit@4.12 is vulnerable", + "message": "Component Summary\nType: library\nName: junit\nGroup: junit", "start_time": "" } ] @@ -1728,20 +2294,28 @@ "tags": { "cweid": "" }, - "descriptions": [], + "descriptions": [ + { + "data": "", + "label": "Date published" + }, + { + "data": "", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "id": "INT-f70z-tbpp-4o5d", "desc": "", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", + "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy", "start_time": "" } ] @@ -1750,20 +2324,28 @@ "tags": { "cweid": "" }, - "descriptions": [], + "descriptions": [ + { + "data": "", + "label": "Date published" + }, + { + "data": "", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "id": "INT-63e3-49kp-blqt", "desc": "testing", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", + "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy", "start_time": "" } ] @@ -1774,20 +2356,28 @@ 89 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-02-09T22:57:29Z", + "label": "Date published" + }, + { + "data": "2024-06-27T16:39:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "1f182b73-afb8-424c-8e08-533a0f702076", "id": "GHSA-j8jw-g6fq-mp7h", "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", + "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate", "start_time": "" } ] @@ -1798,20 +2388,28 @@ 89 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-02-10T23:05:04Z", + "label": "Date published" + }, + { + "data": "2024-06-27T18:05:49Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", "id": "GHSA-8grg-q944-cch5", "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", + "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate", "start_time": "" } ] @@ -1822,20 +2420,28 @@ 611 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-06-05T16:13:36Z", + "label": "Date published" + }, + { + "data": "2023-01-27T05:02:30Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "55ebe39e-12f6-4360-aeba-9913ef7efb68", "id": "GHSA-hwj3-m3p6-hj38", "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", + "message": "Component Summary\nType: library\nName: dom4j\nGroup: org.dom4j", "start_time": "" } ] @@ -1846,20 +2452,28 @@ 79 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-06-03T23:40:23Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:30Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "8c0002e8-9326-40f7-9209-51020755ff02", "id": "GHSA-7r82-7xv7-xcpj", "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", + "message": "Component Summary\nType: library\nName: httpclient\nGroup: org.apache.httpcomponents", "start_time": "" } ] @@ -1870,20 +2484,28 @@ 611 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-03-05T00:00:45Z", + "label": "Date published" + }, + { + "data": "2023-01-27T05:02:46Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "7b0674fc-e326-47d0-b34b-b5bfb523784b", "id": "GHSA-jvfv-hrrc-6q72", "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", + "message": "Component Summary\nType: library\nName: liquibase-core\nGroup: org.liquibase", "start_time": "" } ] @@ -1895,20 +2517,28 @@ 410 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-07-07T20:55:40Z", + "label": "Date published" + }, + { + "data": "2023-07-24T19:39:20Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c3fdf61d-7886-423b-8a29-b6ab6790c127", "id": "GHSA-wgmr-mf83-7x4j", "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2", "start_time": "" } ] @@ -1919,20 +2549,34 @@ 400 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-10-10T21:28:24Z", + "label": "Date published" + }, + { + "data": "2024-06-21T21:34:00Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "affa7af3-427f-4223-8028-d9ac45e80e08", "id": "GHSA-qppj-fm5r-hxr3", "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2", "start_time": "" } ] @@ -1943,20 +2587,28 @@ 400 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2024-02-26T20:13:46Z", + "label": "Date published" + }, + { + "data": "2024-05-02T18:38:19Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", "id": "GHSA-rggv-cv7r-mw98", "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2", "start_time": "" } ] @@ -1967,20 +2619,28 @@ 190 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-10-10T21:16:23Z", + "label": "Date published" + }, + { + "data": "2024-06-21T21:33:57Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", "id": "GHSA-wgh7-54f2-x98r", "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: http2-hpack\nGroup: org.eclipse.jetty.http2", "start_time": "" } ] @@ -1991,20 +2651,28 @@ 295 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2018-10-18T18:06:08Z", + "label": "Date published" + }, + { + "data": "2023-01-09T05:03:38Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", "id": "GHSA-w4g2-9hj6-5472", "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", + "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq", "start_time": "" } ] @@ -2015,20 +2683,28 @@ 400 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-10-24T01:49:09Z", + "label": "Date published" + }, + { + "data": "2023-11-05T05:04:23Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", "id": "GHSA-mm8h-8587-p46h", "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", + "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq", "start_time": "" } ] @@ -2039,20 +2715,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-01-06T23:55:09Z", + "label": "Date published" + }, + { + "data": "2023-02-25T00:31:20Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "815a1358-2bd4-4028-bd3e-8219747c78f6", "id": "GHSA-h376-j262-vhq6", "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", + "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database", "start_time": "" } ] @@ -2063,26 +2747,34 @@ 88 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-01-21T23:07:39Z", + "label": "Date published" + }, + { + "data": "2023-08-18T15:47:05Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c8a50465-16df-44e0-84e9-7acff5870a51", "id": "GHSA-45hx-wfhj-473x", "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", + "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database", "start_time": "" } ] } ], - "sha256": "5f52cc5463aeddea6d0de8cdd71d77827c6310f1d8f913a6c6c9dd70400d0ec1" + "sha256": "46f7f609b88a23ff494384a61937afacd99d5967012d1de8fbb2bfae6448c32e" } ], "passthrough": { @@ -12130,7 +12822,7636 @@ "version": "SNAPSHOT", "description": "This is the project I want to use to generate data to understand the schema a bit better" } - } + }, + "vulnerabilities": [ + { + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 173, + 200, + 378, + 732 + ], + "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 379, + 552 + ], + "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 94, + 502 + ], + "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502, + 913 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 787 + ], + "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + } + ] + }, + { + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + } + ] + }, + { + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 776 + ], + "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 776 + ], + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 20, + 502 + ], + "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + } + ] + }, + { + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 613 + ], + "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 551, + 755 + ], + "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400, + 770 + ], + "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 226 + ], + "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 20 + ], + "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 130 + ], + "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 378, + 379, + 552 + ], + "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "affects": [ + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "affects": [ + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 149 + ], + "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200, + 732 + ], + "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "affects": [ + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + } + ] + }, + { + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "high", + "method": "other" + } + ], + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + } + ] + }, + { + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "low", + "method": "other" + } + ], + "description": "testing", + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + } + ] + }, + { + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + } + ] + }, + { + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + } + ] + }, + { + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "affects": [ + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + } + ] + }, + { + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 79 + ], + "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "affects": [ + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + } + ] + }, + { + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "affects": [ + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + } + ] + }, + { + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 410 + ], + "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 190 + ], + "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "affects": [ + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 295 + ], + "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + } + ] + }, + { + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + } + ] + }, + { + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + } + ] + }, + { + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 88 + ], + "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + } + ] + } + ] } } ], diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index 95eee4d38d..98849e5e19 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -32,20 +32,28 @@ 732 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-03-25T17:04:19Z", + "label": "Date published" + }, + { + "data": "2023-11-09T18:44:38Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "b7a12947-7a8d-4031-b59d-640d33dbad6a", "id": "GHSA-5mg8-w23w-74h3", "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", + "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava", "start_time": "" } ] @@ -57,20 +65,28 @@ 552 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-06-14T18:30:38Z", + "label": "Date published" + }, + { + "data": "2024-02-13T21:49:15Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "bb03c210-ea12-450d-85df-17d81a75ede2", "id": "GHSA-7g45-4rm6-3mm3", "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", + "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava", "start_time": "" } ] @@ -81,20 +97,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-04-23T21:08:40Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:02:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", "id": "GHSA-5p34-5m6p-p58g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -105,20 +129,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:58:44Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:02:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "f57dc81d-6b2d-4060-8c15-7613c1a37981", "id": "GHSA-27xj-rqx5-2255", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -129,20 +161,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-06-10T21:12:41Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:03:03Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", "id": "GHSA-58pp-9c76-5625", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -153,20 +193,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:58:50Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:03:05Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", "id": "GHSA-v3xw-c963-f5hc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -177,20 +225,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-04-23T20:19:02Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:41:35Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", "id": "GHSA-h4rc-386g-6m85", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -201,20 +257,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:58:47Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:48:55Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", "id": "GHSA-9vvp-fxw6-jcxr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -225,20 +289,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:58:54Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:50:18Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "343cd240-f667-4770-aecf-ddc11f9d0172", "id": "GHSA-rf6r-2c4q-2vwg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -249,20 +321,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-04-23T21:36:03Z", + "label": "Date published" + }, + { + "data": "2024-06-25T13:46:45Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", "id": "GHSA-758m-v56v-grj4", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -273,20 +353,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-04-23T16:32:59Z", + "label": "Date published" + }, + { + "data": "2024-07-03T21:10:50Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", "id": "GHSA-95cm-88f5-f2c7", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -297,20 +385,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-06-18T14:44:50Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:04:14Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", "id": "GHSA-c2q3-4qrh-fm48", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -321,20 +417,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-06-18T14:44:43Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:37:17Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "97981cb2-9228-4b8b-a172-ad12f550a19f", "id": "GHSA-mc6h-4qgp-37qh", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -345,20 +449,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-06-18T14:44:46Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:39:55Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", "id": "GHSA-j823-4qch-3rgm", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -369,20 +481,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-06-18T14:44:48Z", + "label": "Date published" + }, + { + "data": "2024-06-25T13:46:04Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "7e3a7481-266e-4cb7-af3b-94dcaf462942", "id": "GHSA-c265-37vj-cwcc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -393,20 +513,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-03-04T20:52:14Z", + "label": "Date published" + }, + { + "data": "2023-06-08T19:02:12Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "db7cfe67-0b1d-4504-af8b-da26e12af73a", "id": "GHSA-4w82-r329-3q67", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -417,20 +545,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-07-15T19:41:47Z", + "label": "Date published" + }, + { + "data": "2023-08-18T15:45:27Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", "id": "GHSA-rpr3-cw39-3pxh", "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -441,20 +577,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2019-11-13T00:32:27Z", + "label": "Date published" + }, + { + "data": "2023-09-14T14:55:20Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c037af59-a132-4727-8cc3-c6095c490df7", "id": "GHSA-fmmc-742q-jg75", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -465,20 +609,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2019-11-13T00:32:38Z", + "label": "Date published" + }, + { + "data": "2023-09-14T14:55:25Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", "id": "GHSA-gjmw-vf9h-g25v", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -489,20 +641,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2019-10-28T20:51:15Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:57:37Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "e8b21aeb-ce1d-4df2-8102-577b813e712f", "id": "GHSA-mx7p-6679-8g3q", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -513,20 +673,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:59:10Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:09:40Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "e141c668-bc18-4738-b3b6-e7ba1057d124", "id": "GHSA-q93h-jc49-78gg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -537,20 +705,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:59:01Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:20:09Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", "id": "GHSA-p43x-xfjf-5jhr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -562,20 +738,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:14:51Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:44:55Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "6af6635c-bedd-40e5-88b8-324d3a80a33e", "id": "GHSA-h3cw-g4mq-c5x2", "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -586,20 +770,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:15:36Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:47:50Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "3ad04380-a25c-41d8-8fad-259c2561795b", "id": "GHSA-qjw2-hr98-qgfh", "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -610,20 +802,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:02Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:52:49Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "86f78c35-adfb-48e4-9428-88084373e1c0", "id": "GHSA-8w26-6f25-cm9x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -634,20 +834,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:26Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:53:30Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", "id": "GHSA-m6x4-97wx-4q27", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -658,20 +866,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-11-19T20:13:06Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:59:33Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "00033bff-66dc-4a36-ab38-a10b0625409f", "id": "GHSA-v585-23hc-c647", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -682,20 +898,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:51Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:01:31Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "14e2856b-f78d-4a6d-99eb-470c8566df29", "id": "GHSA-r695-7vr9-jgc2", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -706,20 +930,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:59Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:04:22Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c224f923-be9a-4faa-a930-ef4db611bc2b", "id": "GHSA-vfqx-33qm-g869", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -730,20 +962,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:42Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:04:22Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "5201940b-1f04-4668-ae86-8261448d817d", "id": "GHSA-f9xh-2qgp-cq57", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -754,20 +994,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:10Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:07:00Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", "id": "GHSA-cvm9-fjm9-3572", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -778,20 +1026,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:15:54Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:07:40Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", "id": "GHSA-9gph-22xh-8x98", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -802,20 +1058,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:15:46Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:08:37Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "950cff67-088e-4f41-9818-25943c9e17c0", "id": "GHSA-89qr-369f-5m5x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -826,20 +1090,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:18Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:13:01Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "53eda8c2-268a-4866-89ac-234bfe7f74ce", "id": "GHSA-8c4j-34r4-xr8g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -850,20 +1122,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:16:34Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:15:44Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "9edaa51d-929b-457e-aab5-0fffecdb4938", "id": "GHSA-9m6f-7xcq-8vf8", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -874,20 +1154,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:15:24Z", + "label": "Date published" + }, + { + "data": "2023-11-21T11:40:53Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "6d5189b4-d549-419a-b886-43a62cc43d40", "id": "GHSA-5r5r-6hpj-8gg9", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -898,20 +1186,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:15:00Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:28:08Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "135c6dab-529e-4855-ab72-a0138e2110c8", "id": "GHSA-wh8g-3j2c-rqj5", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -923,20 +1219,28 @@ 913 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-09T19:15:11Z", + "label": "Date published" + }, + { + "data": "2024-06-25T13:47:23Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "57f41366-73de-4a9c-ba15-4d09c9f60e33", "id": "GHSA-r3gr-cxrf-hg25", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -948,20 +1252,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-10-03T00:00:31Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:14:44Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", "id": "GHSA-jjjh-jjxp-wpff", "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -972,20 +1284,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-01-20T21:20:15Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:16:04Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "726a055c-f364-4cb7-a75a-d3c541dad0fa", "id": "GHSA-5949-rw7g-wx7w", "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -996,20 +1316,28 @@ 787 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-03-12T00:00:36Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:24:56Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", "id": "GHSA-57j2-w4cx-62h2", "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -1020,20 +1348,28 @@ 611 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-02-18T20:51:54Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:31:24Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", "id": "GHSA-288c-cq4h-88gq", "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -1044,20 +1380,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-03-04T20:52:11Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:52:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", "id": "GHSA-gww7-p5w4-wrfv", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -1069,20 +1413,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-10-03T00:00:31Z", + "label": "Date published" + }, + { + "data": "2024-03-24T05:01:05Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "87742746-bd8b-423d-979d-d9aa81a8ccfd", "id": "GHSA-rgv9-q543-rqg4", "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -1093,20 +1445,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-05-15T18:59:04Z", + "label": "Date published" + }, + { + "data": "2024-07-03T21:10:31Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "5c0b94e1-0577-42c9-8028-f244d68f61da", "id": "GHSA-fqwf-pjwf-7vqv", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", "start_time": "" } ] @@ -1117,20 +1477,28 @@ 74 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-04-10T18:42:20Z", + "label": "Date published" + }, + { + "data": "2023-01-09T05:02:18Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "f2fa9b19-418a-4901-9840-a8631227701e", "id": "GHSA-8jpx-m2wh-2v34", "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", + "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard", "start_time": "" } ] @@ -1141,20 +1509,28 @@ 74 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-02-24T17:27:27Z", + "label": "Date published" + }, + { + "data": "2024-06-05T16:42:03Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", "id": "GHSA-3mcp-9wr4-cjqf", "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", + "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard", "start_time": "" } ] @@ -1165,20 +1541,28 @@ 776 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-06-04T21:37:45Z", + "label": "Date published" + }, + { + "data": "2023-05-22T20:17:58Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", "id": "GHSA-rvwf-54qp-4r6v", "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1190,20 +1574,28 @@ 787 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "63a53dc7-5769-43dc-a053-50ccd5295d8b", "id": "GHSA-9w3m-gqgf-c4p9", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1215,20 +1607,28 @@ 787 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-11-11T19:00:31Z", + "label": "Date published" + }, + { + "data": "2024-06-21T21:33:52Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "5ab41975-23cc-45e0-9a13-be603ea00595", "id": "GHSA-w37g-rhq8-7m4j", "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1240,20 +1640,28 @@ 787 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "dff65990-715e-4f71-aace-60d4436af108", "id": "GHSA-c4r9-r8fh-9vj2", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1265,20 +1673,28 @@ 787 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", "id": "GHSA-hhhw-99gj-p3c3", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1290,20 +1706,28 @@ 787 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "6c215a04-8ea0-421f-961b-d5cceb64fd13", "id": "GHSA-98wm-3w3q-mw94", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1315,20 +1739,28 @@ 776 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-08-31T00:00:24Z", + "label": "Date published" + }, + { + "data": "2024-03-15T19:06:46Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "38c08d91-3487-44c4-b258-d5a274a4ad05", "id": "GHSA-3mc7-4q67-w48m", "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1340,20 +1772,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-12-12T21:19:47Z", + "label": "Date published" + }, + { + "data": "2024-06-24T21:22:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", "id": "GHSA-mjmj-j48q-9wg2", "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", "start_time": "" } ] @@ -1364,20 +1804,28 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-12-17T20:00:50Z", + "label": "Date published" + }, + { + "data": "2023-01-30T05:04:55Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", "id": "GHSA-668q-qrv7-99fm", "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", + "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback", "start_time": "" } ] @@ -1388,20 +1836,34 @@ 502 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-11-29T12:30:16Z", + "label": "Date published" + }, + { + "data": "2023-12-05T21:31:13Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", "id": "GHSA-vmq6-5m68-f53m", "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", + "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", + "message": "Component Summary\nType: library\nName: logback-classic\nGroup: ch.qos.logback", "start_time": "" } ] @@ -1412,20 +1874,28 @@ 400 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-03-10T03:46:47Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:09Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", "id": "GHSA-m394-8rww-3jr7", "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1436,20 +1906,28 @@ 613 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-06-23T20:23:04Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "f32ca540-f068-4392-bea0-c0d7b050b7d1", "id": "GHSA-m6cp-vxjx-65j6", "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1462,20 +1940,28 @@ 755 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-04-06T17:31:30Z", + "label": "Date published" + }, + { + "data": "2023-09-26T11:11:47Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", "id": "GHSA-26vr-8j45-3r4w", "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1486,20 +1972,28 @@ 200 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-04-18T22:19:57Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:01:53Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "d5c5815d-1742-46b6-953a-a4ed90fdd920", "id": "GHSA-p26g-97m4-6q7c", "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1511,20 +2005,28 @@ 770 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-04-19T18:15:45Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:02:06Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "f6ff72c7-6603-4627-899d-658f8f7c5f23", "id": "GHSA-qw69-rqj8-6qw8", "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1535,20 +2037,28 @@ 226 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-12-02T18:28:18Z", + "label": "Date published" + }, + { + "data": "2024-02-21T17:23:14Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", "id": "GHSA-86wm-rrjm-8wh8", "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1559,20 +2069,28 @@ 20 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-07-07T20:55:34Z", + "label": "Date published" + }, + { + "data": "2023-01-29T05:06:01Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c19b779d-2699-44de-a189-a0d18d8dc953", "id": "GHSA-cj7v-27pg-wf7q", "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1583,20 +2101,28 @@ 130 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-09-14T16:17:27Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:01:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", "id": "GHSA-hmr7-m48g-48f6", "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1609,20 +2135,28 @@ 552 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-11-04T17:50:24Z", + "label": "Date published" + }, + { + "data": "2023-11-27T23:07:53Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", "id": "GHSA-g3wg-6mcf-8jj6", "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-webapp\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1633,20 +2167,28 @@ 611 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-07-10T21:52:39Z", + "label": "Date published" + }, + { + "data": "2023-09-05T22:39:32Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "76910119-ee18-4144-855b-b2fdab20e33c", "id": "GHSA-58qw-p7qm-5rvh", "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-xml\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1657,20 +2199,28 @@ 200 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-06-10T15:43:22Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:51Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "d8add710-4eed-448d-b198-ecff8ffe86ea", "id": "GHSA-gwcr-j4wh-j3cq", "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1681,20 +2231,28 @@ 149 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-09-14T16:16:00Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:01:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "123b8eaf-5572-4945-975d-21ed3c2f101d", "id": "GHSA-3gh6-v5v9-6v9j", "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty", "start_time": "" } ] @@ -1706,20 +2264,28 @@ 732 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-10-12T17:33:00Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:04:50Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "499117ae-d134-4505-8674-ed498531e7a9", "id": "GHSA-269g-pwp5-87pp", "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component junit/junit@4.12 is vulnerable", + "message": "Component Summary\nType: library\nName: junit\nGroup: junit", "start_time": "" } ] @@ -1728,20 +2294,28 @@ "tags": { "cweid": "" }, - "descriptions": [], + "descriptions": [ + { + "data": "", + "label": "Date published" + }, + { + "data": "", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "id": "INT-f70z-tbpp-4o5d", "desc": "", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", + "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy", "start_time": "" } ] @@ -1750,20 +2324,28 @@ "tags": { "cweid": "" }, - "descriptions": [], + "descriptions": [ + { + "data": "", + "label": "Date published" + }, + { + "data": "", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "id": "INT-63e3-49kp-blqt", "desc": "testing", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", + "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy", "start_time": "" } ] @@ -1774,20 +2356,28 @@ 89 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-02-09T22:57:29Z", + "label": "Date published" + }, + { + "data": "2024-06-27T16:39:59Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "1f182b73-afb8-424c-8e08-533a0f702076", "id": "GHSA-j8jw-g6fq-mp7h", "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", + "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate", "start_time": "" } ] @@ -1798,20 +2388,28 @@ 89 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-02-10T23:05:04Z", + "label": "Date published" + }, + { + "data": "2024-06-27T18:05:49Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", "id": "GHSA-8grg-q944-cch5", "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", + "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate", "start_time": "" } ] @@ -1822,20 +2420,28 @@ 611 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2020-06-05T16:13:36Z", + "label": "Date published" + }, + { + "data": "2023-01-27T05:02:30Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "55ebe39e-12f6-4360-aeba-9913ef7efb68", "id": "GHSA-hwj3-m3p6-hj38", "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", + "message": "Component Summary\nType: library\nName: dom4j\nGroup: org.dom4j", "start_time": "" } ] @@ -1846,20 +2452,28 @@ 79 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2021-06-03T23:40:23Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:30Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "8c0002e8-9326-40f7-9209-51020755ff02", "id": "GHSA-7r82-7xv7-xcpj", "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", + "message": "Component Summary\nType: library\nName: httpclient\nGroup: org.apache.httpcomponents", "start_time": "" } ] @@ -1870,20 +2484,28 @@ 611 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-03-05T00:00:45Z", + "label": "Date published" + }, + { + "data": "2023-01-27T05:02:46Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "7b0674fc-e326-47d0-b34b-b5bfb523784b", "id": "GHSA-jvfv-hrrc-6q72", "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", + "message": "Component Summary\nType: library\nName: liquibase-core\nGroup: org.liquibase", "start_time": "" } ] @@ -1895,20 +2517,28 @@ 410 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-07-07T20:55:40Z", + "label": "Date published" + }, + { + "data": "2023-07-24T19:39:20Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c3fdf61d-7886-423b-8a29-b6ab6790c127", "id": "GHSA-wgmr-mf83-7x4j", "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2", "start_time": "" } ] @@ -1919,20 +2549,34 @@ 400 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-10-10T21:28:24Z", + "label": "Date published" + }, + { + "data": "2024-06-21T21:34:00Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "affa7af3-427f-4223-8028-d9ac45e80e08", "id": "GHSA-qppj-fm5r-hxr3", "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2", "start_time": "" } ] @@ -1943,20 +2587,28 @@ 400 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2024-02-26T20:13:46Z", + "label": "Date published" + }, + { + "data": "2024-05-02T18:38:19Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", "id": "GHSA-rggv-cv7r-mw98", "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2", "start_time": "" } ] @@ -1967,20 +2619,28 @@ 190 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-10-10T21:16:23Z", + "label": "Date published" + }, + { + "data": "2024-06-21T21:33:57Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", "id": "GHSA-wgh7-54f2-x98r", "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", + "message": "Component Summary\nType: library\nName: http2-hpack\nGroup: org.eclipse.jetty.http2", "start_time": "" } ] @@ -1991,20 +2651,28 @@ 295 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2018-10-18T18:06:08Z", + "label": "Date published" + }, + { + "data": "2023-01-09T05:03:38Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", "id": "GHSA-w4g2-9hj6-5472", "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", + "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq", "start_time": "" } ] @@ -2015,20 +2683,28 @@ 400 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2023-10-24T01:49:09Z", + "label": "Date published" + }, + { + "data": "2023-11-05T05:04:23Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", "id": "GHSA-mm8h-8587-p46h", "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", + "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq", "start_time": "" } ] @@ -2039,20 +2715,28 @@ 502 ] }, - "descriptions": [], - "refs": [], + "descriptions": [ + { + "data": "2022-01-06T23:55:09Z", + "label": "Date published" + }, + { + "data": "2023-02-25T00:31:20Z", + "label": "Date updated" + } + ], + "refs": [], "source_location": {}, "title": "815a1358-2bd4-4028-bd3e-8219747c78f6", "id": "GHSA-h376-j262-vhq6", "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", + "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database", "start_time": "" } ] @@ -2063,26 +2747,34 @@ 88 ] }, - "descriptions": [], + "descriptions": [ + { + "data": "2022-01-21T23:07:39Z", + "label": "Date published" + }, + { + "data": "2023-08-18T15:47:05Z", + "label": "Date updated" + } + ], "refs": [], "source_location": {}, "title": "c8a50465-16df-44e0-84e9-7acff5870a51", "id": "GHSA-45hx-wfhj-473x", "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", - "impact": 0, + "impact": 0.5, "code": null, "results": [ { "status": "failed", - "code_desc": "", - "message": null, - "run_time": null, + "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", + "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database", "start_time": "" } ] } ], - "sha256": "5f52cc5463aeddea6d0de8cdd71d77827c6310f1d8f913a6c6c9dd70400d0ec1" + "sha256": "46f7f609b88a23ff494384a61937afacd99d5967012d1de8fbb2bfae6448c32e" } ], "passthrough": { @@ -12130,7 +12822,7636 @@ "version": "SNAPSHOT", "description": "This is the project I want to use to generate data to understand the schema a bit better" } - } + }, + "vulnerabilities": [ + { + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 173, + 200, + 378, + 732 + ], + "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 379, + 552 + ], + "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 94, + 502 + ], + "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502, + 913 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 787 + ], + "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + } + ] + }, + { + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + } + ] + }, + { + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + } + ] + }, + { + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 776 + ], + "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 776 + ], + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 20, + 502 + ], + "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + } + ] + }, + { + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + } + ] + }, + { + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 613 + ], + "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 551, + 755 + ], + "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400, + 770 + ], + "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 226 + ], + "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 20 + ], + "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 130 + ], + "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 378, + 379, + 552 + ], + "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "affects": [ + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "affects": [ + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 149 + ], + "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200, + 732 + ], + "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "affects": [ + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + } + ] + }, + { + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "high", + "method": "other" + } + ], + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + } + ] + }, + { + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "low", + "method": "other" + } + ], + "description": "testing", + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + } + ] + }, + { + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + } + ] + }, + { + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + } + ] + }, + { + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "affects": [ + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + } + ] + }, + { + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 79 + ], + "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "affects": [ + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + } + ] + }, + { + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "affects": [ + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + } + ] + }, + { + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 410 + ], + "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 190 + ], + "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "affects": [ + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + } + ] + }, + { + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 295 + ], + "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + } + ] + }, + { + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + } + ] + }, + { + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + } + ] + }, + { + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 88 + ], + "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ], + "affectedComponents": [ + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + } + ] + } + ] } } ] diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 933ccc3882..bb9fba9ada 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -4,39 +4,53 @@ import {version as HeimdallToolsVersion} from '../package.json'; import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; function formatName(input: Record): string { - return `${_.get(input, 'type')}/${_.get(input, 'bom-ref')}`; + return `${input.type}/${input['bom-ref']}`; } function formatTitle(input: Record): string { - const group = _.get(input, 'group') ? `${_.get(input, 'group')}/` : ''; - return `${group}${_.get(input, 'name')}`; + const group = input.group ? `${input.group}/` : ''; + return `${group}${input.name}`; } function formatLicense(input: Record): string { let message = ''; - const licenses = _.get(input, 'licenses'); - if (Array.isArray(licenses)) { - licenses.map((license) => { + if (Array.isArray(input.licenses)) { + // Join together all applicable licenses for this component + input.licenses.map((license) => { message = message.concat(`${license.license.id}, `); }); } return message.slice(0, -2); } +function formatCodeDesc(input: Record): string { + const group = input.group ? `${input.group}/` : ''; + const version = input.version ? `@${input.version}` : ''; + return `Component ${group}${input.name}${version} is vulnerable`; +} + +function formatMessage(input: Record): string { + return `Component Summary\nType: ${input.type}\nName: ${input.name}\nGroup: ${input.group}` +} + export class SBOMResults { data: Record; withRaw: boolean; constructor(SBOMJson: string, withRaw = false) { this.data = JSON.parse(SBOMJson); this.withRaw = withRaw; + // In-place manipulations on ingested SBOM data this.flattenComponents(this.data); this.generateIntermediary(this.data); } - // Flatten components list + // Flatten any arbitrarily nested components list flattenComponents(data: Record) { + // Look through every component at the top level of the list for (const component of data.components as Record[]) { + // Identify if subcomponents exist if (_.has(component, 'components')) { + // If so, pull out the subcomponents and push them to end of top level component list for further flattening for (const subcomponent of component.components as Record< string, unknown @@ -48,8 +62,28 @@ export class SBOMResults { } } - // Collect all components that affect a vulnerability and place them under the corresponding vulnerability + /* + Copy all components that are affected by a vulnerability and place them under that corresponding vulnerability + In-place operation on `vulnerabilities` structure but will not affect `components` structure + + Should result in the following general structure: + { + components: [...], + vulnerabilities: [ + vulnerability: { + affectedComponents: [ + component: {...}, + ... + ], + ... + }, + ... + ], + ... + } + */ generateIntermediary(data: Record) { + // Find if vulnerabilities structure exists, else skip vulnerability restructuring if (_.has(data, 'vulnerabilities')) { for (const vulnerability of data.vulnerabilities as (Record< string, @@ -61,11 +95,13 @@ export class SBOMResults { string, unknown >[]) { + // Find every comoponent that is affected via listed bom-refs and copy to an affected components list if (component['bom-ref'] === id.ref) { components.push(component); } - vulnerability.affectedComponents = components; } + // Add that affected components list to the corresponding vulnerability object + vulnerability.affectedComponents = components; } } } @@ -113,22 +149,30 @@ export class SBOMMapper extends BaseConverter { tags: { cweid: {path: 'cwes'} }, - descriptions: [], //Insert data + descriptions: [ + { + data: {path: 'published'}, + label: 'Date published' + }, + { + data: {path: 'updated'}, + label: 'Date updated' + } + ], //Insert data refs: [], //Insert data source_location: {}, //Insert data title: {path: 'bom-ref'}, id: {path: 'id'}, desc: {path: 'description'}, - impact: 0, //Insert data + impact: 0.5, //Insert data code: null, //Insert data results: [ { path: 'affectedComponents', - status: ExecJSON.ControlResultStatus.Failed, //Insert data - code_desc: '', //Insert data - message: null, //Insert data - run_time: null, //Insert data - start_time: '' //Insert data + status: ExecJSON.ControlResultStatus.Failed, + code_desc: {transformer: formatCodeDesc}, + message: {transformer: formatMessage}, + start_time: '' } ] } @@ -144,11 +188,7 @@ export class SBOMMapper extends BaseConverter { name: 'SBOM', components: _.get(data, 'components'), dependencies: _.get(data, 'dependencies'), - data: _.omit(data, [ - 'components', - 'vulnerabilities', - 'dependencies' - ]) + data: _.omit(data, ['components', 'dependencies']) } ], ...(this.withRaw && {raw: data}) From 5f8bb7644277c803f3f70b6b00220591b08e20ae Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Wed, 24 Jul 2024 16:33:14 -0400 Subject: [PATCH 15/61] Formatting overhaul; additional tags; results section Signed-off-by: Charles Hu --- .../sbom-dropwizard-vulns-hdf-withraw.json | 1262 ++++++++++++----- .../sbom-dropwizard-vulns-hdf.json | 1262 ++++++++++++----- libs/hdf-converters/src/sbom-mapper.ts | 99 +- 3 files changed, 1866 insertions(+), 757 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index 8e8df221d9..32ef95518a 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -25,11 +25,19 @@ "controls": [ { "tags": { - "cweid": [ - 173, - 200, - 378, - 732 + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-173", + "CWE-200", + "CWE-378", + "CWE-732" ] }, "descriptions": [ @@ -48,21 +56,29 @@ "id": "GHSA-5mg8-w23w-74h3", "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\",\n \"group\": \"com.google.guava\",\n \"name\": \"guava\",\n \"version\": \"24.1.1-jre\",\n \"description\": \"Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"361459dd415a18e4750b7fa0cdd9e747\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"2e3014320a8005e3f3c1800cb246ed42db8cab81\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"build-system\",\n \"url\": \"https://travis-ci.org/google/guava\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/google/guava/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/google/guava\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava", + "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava\nVersion: 24.1.1-jre\nBOM-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\nAuthor: undefined\nDescription: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\nPURL: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 379, - 552 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-379", + "CWE-552" ] }, "descriptions": [ @@ -81,20 +97,26 @@ "id": "GHSA-7g45-4rm6-3mm3", "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\",\n \"group\": \"com.google.guava\",\n \"name\": \"guava\",\n \"version\": \"24.1.1-jre\",\n \"description\": \"Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"361459dd415a18e4750b7fa0cdd9e747\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"2e3014320a8005e3f3c1800cb246ed42db8cab81\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"build-system\",\n \"url\": \"https://travis-ci.org/google/guava\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/google/guava/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/google/guava\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava", + "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava\nVersion: 24.1.1-jre\nBOM-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\nAuthor: undefined\nDescription: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\nPURL: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -113,20 +135,26 @@ "id": "GHSA-5p34-5m6p-p58g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -145,20 +173,26 @@ "id": "GHSA-27xj-rqx5-2255", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -177,20 +211,26 @@ "id": "GHSA-58pp-9c76-5625", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -209,20 +249,26 @@ "id": "GHSA-v3xw-c963-f5hc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -241,20 +287,26 @@ "id": "GHSA-h4rc-386g-6m85", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -273,20 +325,26 @@ "id": "GHSA-9vvp-fxw6-jcxr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -305,20 +363,26 @@ "id": "GHSA-rf6r-2c4q-2vwg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -337,20 +401,26 @@ "id": "GHSA-758m-v56v-grj4", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -369,20 +439,26 @@ "id": "GHSA-95cm-88f5-f2c7", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -401,20 +477,26 @@ "id": "GHSA-c2q3-4qrh-fm48", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -433,20 +515,26 @@ "id": "GHSA-mc6h-4qgp-37qh", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -465,20 +553,26 @@ "id": "GHSA-j823-4qch-3rgm", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -497,20 +591,26 @@ "id": "GHSA-c265-37vj-cwcc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -529,20 +629,26 @@ "id": "GHSA-4w82-r329-3q67", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -561,20 +667,26 @@ "id": "GHSA-rpr3-cw39-3pxh", "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -593,20 +705,26 @@ "id": "GHSA-fmmc-742q-jg75", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -625,20 +743,26 @@ "id": "GHSA-gjmw-vf9h-g25v", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -657,20 +781,26 @@ "id": "GHSA-mx7p-6679-8g3q", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -689,20 +819,26 @@ "id": "GHSA-q93h-jc49-78gg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -721,21 +857,27 @@ "id": "GHSA-p43x-xfjf-5jhr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 94, - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-94", + "CWE-502" ] }, "descriptions": [ @@ -754,20 +896,26 @@ "id": "GHSA-h3cw-g4mq-c5x2", "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -786,20 +934,26 @@ "id": "GHSA-qjw2-hr98-qgfh", "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -818,20 +972,26 @@ "id": "GHSA-8w26-6f25-cm9x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -850,20 +1010,26 @@ "id": "GHSA-m6x4-97wx-4q27", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -882,20 +1048,26 @@ "id": "GHSA-v585-23hc-c647", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -914,20 +1086,26 @@ "id": "GHSA-r695-7vr9-jgc2", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -946,20 +1124,26 @@ "id": "GHSA-vfqx-33qm-g869", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -978,20 +1162,26 @@ "id": "GHSA-f9xh-2qgp-cq57", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1010,20 +1200,26 @@ "id": "GHSA-cvm9-fjm9-3572", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1042,20 +1238,26 @@ "id": "GHSA-9gph-22xh-8x98", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1074,20 +1276,26 @@ "id": "GHSA-89qr-369f-5m5x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1106,20 +1314,26 @@ "id": "GHSA-8c4j-34r4-xr8g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1138,20 +1352,26 @@ "id": "GHSA-9m6f-7xcq-8vf8", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1170,20 +1390,26 @@ "id": "GHSA-5r5r-6hpj-8gg9", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1202,21 +1428,27 @@ "id": "GHSA-wh8g-3j2c-rqj5", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502, - 913 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502", + "CWE-913" ] }, "descriptions": [ @@ -1235,21 +1467,27 @@ "id": "GHSA-r3gr-cxrf-hg25", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400, - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" ] }, "descriptions": [ @@ -1268,20 +1506,26 @@ "id": "GHSA-jjjh-jjxp-wpff", "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1300,20 +1544,26 @@ "id": "GHSA-5949-rw7g-wx7w", "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 787 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-787" ] }, "descriptions": [ @@ -1332,20 +1582,26 @@ "id": "GHSA-57j2-w4cx-62h2", "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 611 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" ] }, "descriptions": [ @@ -1364,20 +1620,26 @@ "id": "GHSA-288c-cq4h-88gq", "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1396,21 +1658,27 @@ "id": "GHSA-gww7-p5w4-wrfv", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400, - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" ] }, "descriptions": [ @@ -1429,20 +1697,26 @@ "id": "GHSA-rgv9-q543-rqg4", "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1461,20 +1735,28 @@ "id": "GHSA-fqwf-pjwf-7vqv", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 74 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" ] }, "descriptions": [ @@ -1493,20 +1775,28 @@ "id": "GHSA-8jpx-m2wh-2v34", "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\",\n \"group\": \"io.dropwizard\",\n \"name\": \"dropwizard-validation\",\n \"version\": \"1.3.15\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0557207f6f05c684958ff0c524ed97de\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\"\n }\n ],\n \"purl\": \"pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard", + "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard\nVersion: 1.3.15\nBOM-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\nAuthor: undefined\nDescription: undefined\nPURL: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 74 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" ] }, "descriptions": [ @@ -1525,20 +1815,28 @@ "id": "GHSA-3mcp-9wr4-cjqf", "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\",\n \"group\": \"io.dropwizard\",\n \"name\": \"dropwizard-validation\",\n \"version\": \"1.3.15\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0557207f6f05c684958ff0c524ed97de\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\"\n }\n ],\n \"purl\": \"pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard", + "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard\nVersion: 1.3.15\nBOM-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\nAuthor: undefined\nDescription: undefined\nPURL: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 776 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-776" ] }, "descriptions": [ @@ -1557,21 +1855,27 @@ "id": "GHSA-rvwf-54qp-4r6v", "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 121, - 787 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" ] }, "descriptions": [ @@ -1590,21 +1894,27 @@ "id": "GHSA-9w3m-gqgf-c4p9", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 121, - 787 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" ] }, "descriptions": [ @@ -1623,21 +1933,27 @@ "id": "GHSA-w37g-rhq8-7m4j", "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 121, - 787 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" ] }, "descriptions": [ @@ -1656,21 +1972,27 @@ "id": "GHSA-c4r9-r8fh-9vj2", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 121, - 787 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" ] }, "descriptions": [ @@ -1689,21 +2011,27 @@ "id": "GHSA-hhhw-99gj-p3c3", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 121, - 787 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" ] }, "descriptions": [ @@ -1722,21 +2050,27 @@ "id": "GHSA-98wm-3w3q-mw94", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400, - 776 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-776" ] }, "descriptions": [ @@ -1755,21 +2089,27 @@ "id": "GHSA-3mc7-4q67-w48m", "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 20, - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20", + "CWE-502" ] }, "descriptions": [ @@ -1788,20 +2128,26 @@ "id": "GHSA-mjmj-j48q-9wg2", "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1820,20 +2166,26 @@ "id": "GHSA-668q-qrv7-99fm", "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\",\n \"group\": \"ch.qos.logback\",\n \"name\": \"logback-core\",\n \"version\": \"1.2.3\",\n \"description\": \"logback-core module\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"841fc80c6edff60d947a3872a2db4d45\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"864344400c3d4d92dfeb0a305dc87d953677c03c\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.qos.ch\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/ceki/logback\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback", + "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback\nVersion: 1.2.3\nBOM-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\nAuthor: undefined\nDescription: logback-core module\nPURL: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1852,26 +2204,32 @@ "id": "GHSA-vmq6-5m68-f53m", "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\",\n \"group\": \"ch.qos.logback\",\n \"name\": \"logback-core\",\n \"version\": \"1.2.3\",\n \"description\": \"logback-core module\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"841fc80c6edff60d947a3872a2db4d45\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"864344400c3d4d92dfeb0a305dc87d953677c03c\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.qos.ch\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/ceki/logback\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback", + "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback\nVersion: 1.2.3\nBOM-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\nAuthor: undefined\nDescription: logback-core module\nPURL: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", "start_time": "" }, { "status": "failed", "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", - "message": "Component Summary\nType: library\nName: logback-classic\nGroup: ch.qos.logback", + "message": "Component Summary\nType: library\nName: logback-classic\nGroup: ch.qos.logback\nVersion: 1.2.3\nBOM-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\nAuthor: undefined\nDescription: logback-classic module\nPURL: pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" ] }, "descriptions": [ @@ -1890,20 +2248,26 @@ "id": "GHSA-m394-8rww-3jr7", "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 613 + "nist": [ + "AC-12" + ], + "cci": [ + "CCI-002361" + ], + "cwe": [ + "CWE-613" ] }, "descriptions": [ @@ -1922,22 +2286,28 @@ "id": "GHSA-m6cp-vxjx-65j6", "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400, - 551, - 755 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-551", + "CWE-755" ] }, "descriptions": [ @@ -1956,20 +2326,26 @@ "id": "GHSA-26vr-8j45-3r4w", "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 200 + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" ] }, "descriptions": [ @@ -1988,21 +2364,27 @@ "id": "GHSA-p26g-97m4-6q7c", "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400, - 770 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-770" ] }, "descriptions": [ @@ -2021,20 +2403,26 @@ "id": "GHSA-qw69-rqj8-6qw8", "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 226 + "nist": [ + "SC-4" + ], + "cci": [ + "CCI-001090" + ], + "cwe": [ + "CWE-226" ] }, "descriptions": [ @@ -2053,20 +2441,26 @@ "id": "GHSA-86wm-rrjm-8wh8", "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 20 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20" ] }, "descriptions": [ @@ -2085,20 +2479,28 @@ "id": "GHSA-cj7v-27pg-wf7q", "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-http\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0f5299204d64fb561a8062f594185dc6\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c2e73db2db5c369326b717da71b6587b3da11e0e\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: c1abfd09-121f-418c-befa-4d6b9e164769\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 130 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-130" ] }, "descriptions": [ @@ -2117,22 +2519,30 @@ "id": "GHSA-hmr7-m48g-48f6", "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-http\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0f5299204d64fb561a8062f594185dc6\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c2e73db2db5c369326b717da71b6587b3da11e0e\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: c1abfd09-121f-418c-befa-4d6b9e164769\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 378, - 379, - 552 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-378", + "CWE-379", + "CWE-552" ] }, "descriptions": [ @@ -2151,20 +2561,26 @@ "id": "GHSA-g3wg-6mcf-8jj6", "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-webapp\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"Jetty web application support\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"044d3037d9a5b94c8ed938d89045e06b\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-webapp\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-webapp\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\nAuthor: undefined\nDescription: Jetty web application support\nPURL: pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 611 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" ] }, "descriptions": [ @@ -2183,20 +2599,26 @@ "id": "GHSA-58qw-p7qm-5rvh", "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-xml\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The jetty xml utilities.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"637f8a266afa4cb043e1d142c7cacb33\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"dcd2806ee48e646fd4dcff81c7c6867fea2b52e8\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-xml\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-xml\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\nAuthor: undefined\nDescription: The jetty xml utilities.\nPURL: pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 200 + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" ] }, "descriptions": [ @@ -2215,20 +2637,28 @@ "id": "GHSA-gwcr-j4wh-j3cq", "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-servlets\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"Utility Servlets from Jetty\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ed9e6c52ea1c28d92b81bf5c4cff5e22\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e5d174950a44c8f93e27cc2528eff5a6b55da2f3\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\nAuthor: undefined\nDescription: Utility Servlets from Jetty\nPURL: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 149 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-149" ] }, "descriptions": [ @@ -2247,21 +2677,29 @@ "id": "GHSA-3gh6-v5v9-6v9j", "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-servlets\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"Utility Servlets from Jetty\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ed9e6c52ea1c28d92b81bf5c4cff5e22\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e5d174950a44c8f93e27cc2528eff5a6b55da2f3\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\nAuthor: undefined\nDescription: Utility Servlets from Jetty\nPURL: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 200, - 732 + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-200", + "CWE-732" ] }, "descriptions": [ @@ -2280,19 +2718,27 @@ "id": "GHSA-269g-pwp5-87pp", "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\",\n \"group\": \"junit\",\n \"name\": \"junit\",\n \"version\": \"4.12\",\n \"description\": \"JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"5b38c40c97fbd0adee29f91e60405584\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"2973d150c0dc1fefe998f834810d68f278ea58ec\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.eclipse.org/legal/epl-v10.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/junit/junit@4.12?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.junit.org\"\n },\n {\n \"type\": \"build-system\",\n \"url\": \"https://junit.ci.cloudbees.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://github.com/junit-team/junit/wiki/Download-and-Install\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/junit-team/junit/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://groups.yahoo.com/neo/groups/junit/info\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/junit-team/junit/tree/master\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component junit/junit@4.12 is vulnerable", - "message": "Component Summary\nType: library\nName: junit\nGroup: junit", + "message": "Component Summary\nType: library\nName: junit\nGroup: junit\nVersion: 4.12\nBOM-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\nAuthor: undefined\nDescription: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\nPURL: pkg:maven/junit/junit@4.12?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": "" + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [] }, "descriptions": [ { @@ -2310,19 +2756,27 @@ "id": "INT-f70z-tbpp-4o5d", "desc": "", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\",\n \"group\": \"net.bytebuddy\",\n \"name\": \"byte-buddy\",\n \"version\": \"1.9.7\",\n \"description\": \"Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"3038371407163c76c89749c3a7c458b0\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"8fea78fea6449e1738b675cb155ce8422661e237\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"distribution\",\n \"url\": \"https://api.bintray.com/maven/raphw/maven/ByteBuddy\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/raphw/byte-buddy/issues\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy", + "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy\nVersion: 1.9.7\nBOM-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\nAuthor: undefined\nDescription: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\nPURL: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": "" + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [] }, "descriptions": [ { @@ -2340,20 +2794,26 @@ "id": "INT-63e3-49kp-blqt", "desc": "testing", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\",\n \"group\": \"net.bytebuddy\",\n \"name\": \"byte-buddy\",\n \"version\": \"1.9.7\",\n \"description\": \"Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"3038371407163c76c89749c3a7c458b0\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"8fea78fea6449e1738b675cb155ce8422661e237\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"distribution\",\n \"url\": \"https://api.bintray.com/maven/raphw/maven/ByteBuddy\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/raphw/byte-buddy/issues\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy", + "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy\nVersion: 1.9.7\nBOM-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\nAuthor: undefined\nDescription: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\nPURL: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 89 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" ] }, "descriptions": [ @@ -2372,20 +2832,26 @@ "id": "GHSA-j8jw-g6fq-mp7h", "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\",\n \"group\": \"org.hibernate\",\n \"name\": \"hibernate-core\",\n \"version\": \"5.2.18.Final\",\n \"description\": \"The core O/RM functionality as provided by Hibernate\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"a5e6ac320c1b5fd739d213dc050cfc29\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c1861a015d47f55ffc6cb120216d17af177e0b90\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://hibernate.org\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://hibernate.atlassian.net/browse/HHH\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/hibernate/hibernate-orm\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate", + "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate\nVersion: 5.2.18.Final\nBOM-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\nAuthor: undefined\nDescription: The core O/RM functionality as provided by Hibernate\nPURL: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 89 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" ] }, "descriptions": [ @@ -2404,20 +2870,26 @@ "id": "GHSA-8grg-q944-cch5", "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\",\n \"group\": \"org.hibernate\",\n \"name\": \"hibernate-core\",\n \"version\": \"5.2.18.Final\",\n \"description\": \"The core O/RM functionality as provided by Hibernate\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"a5e6ac320c1b5fd739d213dc050cfc29\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c1861a015d47f55ffc6cb120216d17af177e0b90\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://hibernate.org\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://hibernate.atlassian.net/browse/HHH\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/hibernate/hibernate-orm\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate", + "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate\nVersion: 5.2.18.Final\nBOM-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\nAuthor: undefined\nDescription: The core O/RM functionality as provided by Hibernate\nPURL: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 611 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" ] }, "descriptions": [ @@ -2436,20 +2908,26 @@ "id": "GHSA-hwj3-m3p6-hj38", "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\",\n \"group\": \"org.dom4j\",\n \"name\": \"dom4j\",\n \"version\": \"2.1.1\",\n \"description\": \"flexible XML framework for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"f5710c1d5f5627ae5ce850a0b12ea87a\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"3dce5dbb3571aa820c677fadd8349bfa8f00c199\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"BSD 3-clause New License\",\n \"url\": \"https://github.com/dom4j/dom4j/blob/master/LICENSE\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.dom4j/dom4j@2.1.1?type=jar\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", - "message": "Component Summary\nType: library\nName: dom4j\nGroup: org.dom4j", + "message": "Component Summary\nType: library\nName: dom4j\nGroup: org.dom4j\nVersion: 2.1.1\nBOM-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\nAuthor: undefined\nDescription: flexible XML framework for Java\nPURL: pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 79 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-79" ] }, "descriptions": [ @@ -2468,20 +2946,26 @@ "id": "GHSA-7r82-7xv7-xcpj", "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\",\n \"group\": \"org.apache.httpcomponents\",\n \"name\": \"httpclient\",\n \"version\": \"4.5.7\",\n \"description\": \"Apache HttpComponents Client\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"deed71468af21d6f0cf02bf853ac02ec\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"dda059f4908e1b548b7ba68d81a3b05897f27cb0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.apache.org/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"http://issues.apache.org/jira/browse/HTTPCLIENT\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://repository.apache.org/service/local/staging/deploy/maven2\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", - "message": "Component Summary\nType: library\nName: httpclient\nGroup: org.apache.httpcomponents", + "message": "Component Summary\nType: library\nName: httpclient\nGroup: org.apache.httpcomponents\nVersion: 4.5.7\nBOM-ref: 893beba4-580b-4ada-a4cf-067fbe145507\nAuthor: undefined\nDescription: Apache HttpComponents Client\nPURL: pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 611 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" ] }, "descriptions": [ @@ -2500,21 +2984,27 @@ "id": "GHSA-jvfv-hrrc-6q72", "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\",\n \"group\": \"org.liquibase\",\n \"name\": \"liquibase-core\",\n \"version\": \"3.6.3\",\n \"description\": \"Liquibase is a tool for managing and executing database changes.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"455a827f017027c276fdfc1ec0bba595\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"737c5a4fac26ee760d016923c83481ff933e4875\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.liquibase.org\"\n },\n {\n \"type\": \"build-system\",\n \"url\": \"https://circleci.com/gh/liquibase/liquibase/tree/master\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"http://liquibase.jira.com/browse/CORE\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", - "message": "Component Summary\nType: library\nName: liquibase-core\nGroup: org.liquibase", + "message": "Component Summary\nType: library\nName: liquibase-core\nGroup: org.liquibase\nVersion: 3.6.3\nBOM-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\nAuthor: undefined\nDescription: Liquibase is a tool for managing and executing database changes.\nPURL: pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400, - 410 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-410" ] }, "descriptions": [ @@ -2533,20 +3023,26 @@ "id": "GHSA-wgmr-mf83-7x4j", "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"9c82833f49671905299a1a0d0edc031d\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2", + "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" ] }, "descriptions": [ @@ -2565,26 +3061,32 @@ "id": "GHSA-qppj-fm5r-hxr3", "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"9c82833f49671905299a1a0d0edc031d\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2", + "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", "start_time": "" }, { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2", + "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" ] }, "descriptions": [ @@ -2603,20 +3105,26 @@ "id": "GHSA-rggv-cv7r-mw98", "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-common\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"d4f0dede20f81acfb53f97c01fae71cf\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"6e3306d394aaaf41876220a818fb639faf5963b0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2", + "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 190 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-190" ] }, "descriptions": [ @@ -2635,20 +3143,28 @@ "id": "GHSA-wgh7-54f2-x98r", "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-hpack\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0323c6dd472c456a99d068f171cbd661\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-hpack\nGroup: org.eclipse.jetty.http2", + "message": "Component Summary\nType: library\nName: http2-hpack\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 295 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-295" ] }, "descriptions": [ @@ -2667,20 +3183,26 @@ "id": "GHSA-w4g2-9hj6-5472", "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\",\n \"group\": \"com.rabbitmq\",\n \"name\": \"amqp-client\",\n \"version\": \"4.4.1\",\n \"description\": \"The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"1a2a6feac205524a636c06d86af2df2c\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c442f6501595a6fb9c029409eca94888cc9a3106\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.rabbitmq.com\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/rabbitmq/rabbitmq-java-client\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq", + "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq\nVersion: 4.4.1\nBOM-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\nAuthor: undefined\nDescription: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\nPURL: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" ] }, "descriptions": [ @@ -2699,20 +3221,26 @@ "id": "GHSA-mm8h-8587-p46h", "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\",\n \"group\": \"com.rabbitmq\",\n \"name\": \"amqp-client\",\n \"version\": \"4.4.1\",\n \"description\": \"The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"1a2a6feac205524a636c06d86af2df2c\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c442f6501595a6fb9c029409eca94888cc9a3106\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.rabbitmq.com\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/rabbitmq/rabbitmq-java-client\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq", + "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq\nVersion: 4.4.1\nBOM-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\nAuthor: undefined\nDescription: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\nPURL: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -2731,20 +3259,28 @@ "id": "GHSA-h376-j262-vhq6", "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\",\n \"group\": \"com.h2database\",\n \"name\": \"h2\",\n \"version\": \"1.4.197\",\n \"description\": \"H2 Database Engine\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"f9893acfa22b7fe1492dd9c515af2e5b\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"bb391050048ca8ae3e32451b5a3714ecd3596a46\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.h2database/h2@1.4.197?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/h2database/h2database\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database", + "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database\nVersion: 1.4.197\nBOM-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\nAuthor: undefined\nDescription: H2 Database Engine\nPURL: pkg:maven/com.h2database/h2@1.4.197?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 88 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-88" ] }, "descriptions": [ @@ -2763,18 +3299,18 @@ "id": "GHSA-45hx-wfhj-473x", "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\",\n \"group\": \"com.h2database\",\n \"name\": \"h2\",\n \"version\": \"1.4.197\",\n \"description\": \"H2 Database Engine\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"f9893acfa22b7fe1492dd9c515af2e5b\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"bb391050048ca8ae3e32451b5a3714ecd3596a46\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.h2database/h2@1.4.197?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/h2database/h2database\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database", + "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database\nVersion: 1.4.197\nBOM-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\nAuthor: undefined\nDescription: H2 Database Engine\nPURL: pkg:maven/com.h2database/h2@1.4.197?type=jar", "start_time": "" } ] } ], - "sha256": "46f7f609b88a23ff494384a61937afacd99d5967012d1de8fbb2bfae6448c32e" + "sha256": "12ae1f3bcf7df6a697a653098bbcbe6c8655a07f7d705d1739f479b4c9531b26" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index 98849e5e19..89e6596a49 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -25,11 +25,19 @@ "controls": [ { "tags": { - "cweid": [ - 173, - 200, - 378, - 732 + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-173", + "CWE-200", + "CWE-378", + "CWE-732" ] }, "descriptions": [ @@ -48,21 +56,29 @@ "id": "GHSA-5mg8-w23w-74h3", "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\",\n \"group\": \"com.google.guava\",\n \"name\": \"guava\",\n \"version\": \"24.1.1-jre\",\n \"description\": \"Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"361459dd415a18e4750b7fa0cdd9e747\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"2e3014320a8005e3f3c1800cb246ed42db8cab81\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"build-system\",\n \"url\": \"https://travis-ci.org/google/guava\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/google/guava/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/google/guava\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava", + "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava\nVersion: 24.1.1-jre\nBOM-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\nAuthor: undefined\nDescription: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\nPURL: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 379, - 552 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-379", + "CWE-552" ] }, "descriptions": [ @@ -81,20 +97,26 @@ "id": "GHSA-7g45-4rm6-3mm3", "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\",\n \"group\": \"com.google.guava\",\n \"name\": \"guava\",\n \"version\": \"24.1.1-jre\",\n \"description\": \"Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"361459dd415a18e4750b7fa0cdd9e747\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"2e3014320a8005e3f3c1800cb246ed42db8cab81\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"build-system\",\n \"url\": \"https://travis-ci.org/google/guava\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/google/guava/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/google/guava\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava", + "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava\nVersion: 24.1.1-jre\nBOM-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\nAuthor: undefined\nDescription: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\nPURL: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -113,20 +135,26 @@ "id": "GHSA-5p34-5m6p-p58g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -145,20 +173,26 @@ "id": "GHSA-27xj-rqx5-2255", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -177,20 +211,26 @@ "id": "GHSA-58pp-9c76-5625", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -209,20 +249,26 @@ "id": "GHSA-v3xw-c963-f5hc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -241,20 +287,26 @@ "id": "GHSA-h4rc-386g-6m85", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -273,20 +325,26 @@ "id": "GHSA-9vvp-fxw6-jcxr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -305,20 +363,26 @@ "id": "GHSA-rf6r-2c4q-2vwg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -337,20 +401,26 @@ "id": "GHSA-758m-v56v-grj4", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -369,20 +439,26 @@ "id": "GHSA-95cm-88f5-f2c7", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -401,20 +477,26 @@ "id": "GHSA-c2q3-4qrh-fm48", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -433,20 +515,26 @@ "id": "GHSA-mc6h-4qgp-37qh", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -465,20 +553,26 @@ "id": "GHSA-j823-4qch-3rgm", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -497,20 +591,26 @@ "id": "GHSA-c265-37vj-cwcc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -529,20 +629,26 @@ "id": "GHSA-4w82-r329-3q67", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -561,20 +667,26 @@ "id": "GHSA-rpr3-cw39-3pxh", "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -593,20 +705,26 @@ "id": "GHSA-fmmc-742q-jg75", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -625,20 +743,26 @@ "id": "GHSA-gjmw-vf9h-g25v", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -657,20 +781,26 @@ "id": "GHSA-mx7p-6679-8g3q", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -689,20 +819,26 @@ "id": "GHSA-q93h-jc49-78gg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -721,21 +857,27 @@ "id": "GHSA-p43x-xfjf-5jhr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 94, - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-94", + "CWE-502" ] }, "descriptions": [ @@ -754,20 +896,26 @@ "id": "GHSA-h3cw-g4mq-c5x2", "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -786,20 +934,26 @@ "id": "GHSA-qjw2-hr98-qgfh", "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -818,20 +972,26 @@ "id": "GHSA-8w26-6f25-cm9x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -850,20 +1010,26 @@ "id": "GHSA-m6x4-97wx-4q27", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -882,20 +1048,26 @@ "id": "GHSA-v585-23hc-c647", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -914,20 +1086,26 @@ "id": "GHSA-r695-7vr9-jgc2", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -946,20 +1124,26 @@ "id": "GHSA-vfqx-33qm-g869", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -978,20 +1162,26 @@ "id": "GHSA-f9xh-2qgp-cq57", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1010,20 +1200,26 @@ "id": "GHSA-cvm9-fjm9-3572", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1042,20 +1238,26 @@ "id": "GHSA-9gph-22xh-8x98", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1074,20 +1276,26 @@ "id": "GHSA-89qr-369f-5m5x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1106,20 +1314,26 @@ "id": "GHSA-8c4j-34r4-xr8g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1138,20 +1352,26 @@ "id": "GHSA-9m6f-7xcq-8vf8", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1170,20 +1390,26 @@ "id": "GHSA-5r5r-6hpj-8gg9", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1202,21 +1428,27 @@ "id": "GHSA-wh8g-3j2c-rqj5", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502, - 913 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502", + "CWE-913" ] }, "descriptions": [ @@ -1235,21 +1467,27 @@ "id": "GHSA-r3gr-cxrf-hg25", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400, - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" ] }, "descriptions": [ @@ -1268,20 +1506,26 @@ "id": "GHSA-jjjh-jjxp-wpff", "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1300,20 +1544,26 @@ "id": "GHSA-5949-rw7g-wx7w", "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 787 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-787" ] }, "descriptions": [ @@ -1332,20 +1582,26 @@ "id": "GHSA-57j2-w4cx-62h2", "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 611 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" ] }, "descriptions": [ @@ -1364,20 +1620,26 @@ "id": "GHSA-288c-cq4h-88gq", "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1396,21 +1658,27 @@ "id": "GHSA-gww7-p5w4-wrfv", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400, - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" ] }, "descriptions": [ @@ -1429,20 +1697,26 @@ "id": "GHSA-rgv9-q543-rqg4", "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1461,20 +1735,28 @@ "id": "GHSA-fqwf-pjwf-7vqv", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core", + "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 74 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" ] }, "descriptions": [ @@ -1493,20 +1775,28 @@ "id": "GHSA-8jpx-m2wh-2v34", "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\",\n \"group\": \"io.dropwizard\",\n \"name\": \"dropwizard-validation\",\n \"version\": \"1.3.15\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0557207f6f05c684958ff0c524ed97de\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\"\n }\n ],\n \"purl\": \"pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard", + "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard\nVersion: 1.3.15\nBOM-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\nAuthor: undefined\nDescription: undefined\nPURL: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 74 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" ] }, "descriptions": [ @@ -1525,20 +1815,28 @@ "id": "GHSA-3mcp-9wr4-cjqf", "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\",\n \"group\": \"io.dropwizard\",\n \"name\": \"dropwizard-validation\",\n \"version\": \"1.3.15\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0557207f6f05c684958ff0c524ed97de\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\"\n }\n ],\n \"purl\": \"pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard", + "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard\nVersion: 1.3.15\nBOM-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\nAuthor: undefined\nDescription: undefined\nPURL: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 776 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-776" ] }, "descriptions": [ @@ -1557,21 +1855,27 @@ "id": "GHSA-rvwf-54qp-4r6v", "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 121, - 787 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" ] }, "descriptions": [ @@ -1590,21 +1894,27 @@ "id": "GHSA-9w3m-gqgf-c4p9", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 121, - 787 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" ] }, "descriptions": [ @@ -1623,21 +1933,27 @@ "id": "GHSA-w37g-rhq8-7m4j", "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 121, - 787 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" ] }, "descriptions": [ @@ -1656,21 +1972,27 @@ "id": "GHSA-c4r9-r8fh-9vj2", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 121, - 787 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" ] }, "descriptions": [ @@ -1689,21 +2011,27 @@ "id": "GHSA-hhhw-99gj-p3c3", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 121, - 787 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" ] }, "descriptions": [ @@ -1722,21 +2050,27 @@ "id": "GHSA-98wm-3w3q-mw94", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400, - 776 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-776" ] }, "descriptions": [ @@ -1755,21 +2089,27 @@ "id": "GHSA-3mc7-4q67-w48m", "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 20, - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20", + "CWE-502" ] }, "descriptions": [ @@ -1788,20 +2128,26 @@ "id": "GHSA-mjmj-j48q-9wg2", "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml", + "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1820,20 +2166,26 @@ "id": "GHSA-668q-qrv7-99fm", "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\",\n \"group\": \"ch.qos.logback\",\n \"name\": \"logback-core\",\n \"version\": \"1.2.3\",\n \"description\": \"logback-core module\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"841fc80c6edff60d947a3872a2db4d45\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"864344400c3d4d92dfeb0a305dc87d953677c03c\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.qos.ch\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/ceki/logback\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback", + "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback\nVersion: 1.2.3\nBOM-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\nAuthor: undefined\nDescription: logback-core module\nPURL: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -1852,26 +2204,32 @@ "id": "GHSA-vmq6-5m68-f53m", "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\",\n \"group\": \"ch.qos.logback\",\n \"name\": \"logback-core\",\n \"version\": \"1.2.3\",\n \"description\": \"logback-core module\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"841fc80c6edff60d947a3872a2db4d45\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"864344400c3d4d92dfeb0a305dc87d953677c03c\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.qos.ch\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/ceki/logback\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback", + "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback\nVersion: 1.2.3\nBOM-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\nAuthor: undefined\nDescription: logback-core module\nPURL: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", "start_time": "" }, { "status": "failed", "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", - "message": "Component Summary\nType: library\nName: logback-classic\nGroup: ch.qos.logback", + "message": "Component Summary\nType: library\nName: logback-classic\nGroup: ch.qos.logback\nVersion: 1.2.3\nBOM-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\nAuthor: undefined\nDescription: logback-classic module\nPURL: pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" ] }, "descriptions": [ @@ -1890,20 +2248,26 @@ "id": "GHSA-m394-8rww-3jr7", "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 613 + "nist": [ + "AC-12" + ], + "cci": [ + "CCI-002361" + ], + "cwe": [ + "CWE-613" ] }, "descriptions": [ @@ -1922,22 +2286,28 @@ "id": "GHSA-m6cp-vxjx-65j6", "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400, - 551, - 755 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-551", + "CWE-755" ] }, "descriptions": [ @@ -1956,20 +2326,26 @@ "id": "GHSA-26vr-8j45-3r4w", "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 200 + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" ] }, "descriptions": [ @@ -1988,21 +2364,27 @@ "id": "GHSA-p26g-97m4-6q7c", "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400, - 770 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-770" ] }, "descriptions": [ @@ -2021,20 +2403,26 @@ "id": "GHSA-qw69-rqj8-6qw8", "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 226 + "nist": [ + "SC-4" + ], + "cci": [ + "CCI-001090" + ], + "cwe": [ + "CWE-226" ] }, "descriptions": [ @@ -2053,20 +2441,26 @@ "id": "GHSA-86wm-rrjm-8wh8", "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 20 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20" ] }, "descriptions": [ @@ -2085,20 +2479,28 @@ "id": "GHSA-cj7v-27pg-wf7q", "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-http\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0f5299204d64fb561a8062f594185dc6\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c2e73db2db5c369326b717da71b6587b3da11e0e\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: c1abfd09-121f-418c-befa-4d6b9e164769\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 130 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-130" ] }, "descriptions": [ @@ -2117,22 +2519,30 @@ "id": "GHSA-hmr7-m48g-48f6", "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-http\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0f5299204d64fb561a8062f594185dc6\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c2e73db2db5c369326b717da71b6587b3da11e0e\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: c1abfd09-121f-418c-befa-4d6b9e164769\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 378, - 379, - 552 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-378", + "CWE-379", + "CWE-552" ] }, "descriptions": [ @@ -2151,20 +2561,26 @@ "id": "GHSA-g3wg-6mcf-8jj6", "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-webapp\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"Jetty web application support\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"044d3037d9a5b94c8ed938d89045e06b\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-webapp\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-webapp\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\nAuthor: undefined\nDescription: Jetty web application support\nPURL: pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 611 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" ] }, "descriptions": [ @@ -2183,20 +2599,26 @@ "id": "GHSA-58qw-p7qm-5rvh", "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-xml\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The jetty xml utilities.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"637f8a266afa4cb043e1d142c7cacb33\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"dcd2806ee48e646fd4dcff81c7c6867fea2b52e8\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-xml\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-xml\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\nAuthor: undefined\nDescription: The jetty xml utilities.\nPURL: pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 200 + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" ] }, "descriptions": [ @@ -2215,20 +2637,28 @@ "id": "GHSA-gwcr-j4wh-j3cq", "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-servlets\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"Utility Servlets from Jetty\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ed9e6c52ea1c28d92b81bf5c4cff5e22\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e5d174950a44c8f93e27cc2528eff5a6b55da2f3\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\nAuthor: undefined\nDescription: Utility Servlets from Jetty\nPURL: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 149 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-149" ] }, "descriptions": [ @@ -2247,21 +2677,29 @@ "id": "GHSA-3gh6-v5v9-6v9j", "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-servlets\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"Utility Servlets from Jetty\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ed9e6c52ea1c28d92b81bf5c4cff5e22\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e5d174950a44c8f93e27cc2528eff5a6b55da2f3\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty", + "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\nAuthor: undefined\nDescription: Utility Servlets from Jetty\nPURL: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 200, - 732 + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-200", + "CWE-732" ] }, "descriptions": [ @@ -2280,19 +2718,27 @@ "id": "GHSA-269g-pwp5-87pp", "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\",\n \"group\": \"junit\",\n \"name\": \"junit\",\n \"version\": \"4.12\",\n \"description\": \"JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"5b38c40c97fbd0adee29f91e60405584\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"2973d150c0dc1fefe998f834810d68f278ea58ec\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.eclipse.org/legal/epl-v10.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/junit/junit@4.12?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.junit.org\"\n },\n {\n \"type\": \"build-system\",\n \"url\": \"https://junit.ci.cloudbees.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://github.com/junit-team/junit/wiki/Download-and-Install\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/junit-team/junit/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://groups.yahoo.com/neo/groups/junit/info\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/junit-team/junit/tree/master\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component junit/junit@4.12 is vulnerable", - "message": "Component Summary\nType: library\nName: junit\nGroup: junit", + "message": "Component Summary\nType: library\nName: junit\nGroup: junit\nVersion: 4.12\nBOM-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\nAuthor: undefined\nDescription: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\nPURL: pkg:maven/junit/junit@4.12?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": "" + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [] }, "descriptions": [ { @@ -2310,19 +2756,27 @@ "id": "INT-f70z-tbpp-4o5d", "desc": "", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\",\n \"group\": \"net.bytebuddy\",\n \"name\": \"byte-buddy\",\n \"version\": \"1.9.7\",\n \"description\": \"Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"3038371407163c76c89749c3a7c458b0\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"8fea78fea6449e1738b675cb155ce8422661e237\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"distribution\",\n \"url\": \"https://api.bintray.com/maven/raphw/maven/ByteBuddy\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/raphw/byte-buddy/issues\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy", + "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy\nVersion: 1.9.7\nBOM-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\nAuthor: undefined\nDescription: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\nPURL: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": "" + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [] }, "descriptions": [ { @@ -2340,20 +2794,26 @@ "id": "INT-63e3-49kp-blqt", "desc": "testing", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\",\n \"group\": \"net.bytebuddy\",\n \"name\": \"byte-buddy\",\n \"version\": \"1.9.7\",\n \"description\": \"Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"3038371407163c76c89749c3a7c458b0\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"8fea78fea6449e1738b675cb155ce8422661e237\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"distribution\",\n \"url\": \"https://api.bintray.com/maven/raphw/maven/ByteBuddy\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/raphw/byte-buddy/issues\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy", + "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy\nVersion: 1.9.7\nBOM-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\nAuthor: undefined\nDescription: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\nPURL: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 89 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" ] }, "descriptions": [ @@ -2372,20 +2832,26 @@ "id": "GHSA-j8jw-g6fq-mp7h", "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\",\n \"group\": \"org.hibernate\",\n \"name\": \"hibernate-core\",\n \"version\": \"5.2.18.Final\",\n \"description\": \"The core O/RM functionality as provided by Hibernate\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"a5e6ac320c1b5fd739d213dc050cfc29\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c1861a015d47f55ffc6cb120216d17af177e0b90\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://hibernate.org\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://hibernate.atlassian.net/browse/HHH\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/hibernate/hibernate-orm\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate", + "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate\nVersion: 5.2.18.Final\nBOM-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\nAuthor: undefined\nDescription: The core O/RM functionality as provided by Hibernate\nPURL: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 89 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" ] }, "descriptions": [ @@ -2404,20 +2870,26 @@ "id": "GHSA-8grg-q944-cch5", "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\",\n \"group\": \"org.hibernate\",\n \"name\": \"hibernate-core\",\n \"version\": \"5.2.18.Final\",\n \"description\": \"The core O/RM functionality as provided by Hibernate\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"a5e6ac320c1b5fd739d213dc050cfc29\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c1861a015d47f55ffc6cb120216d17af177e0b90\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://hibernate.org\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://hibernate.atlassian.net/browse/HHH\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/hibernate/hibernate-orm\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate", + "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate\nVersion: 5.2.18.Final\nBOM-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\nAuthor: undefined\nDescription: The core O/RM functionality as provided by Hibernate\nPURL: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 611 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" ] }, "descriptions": [ @@ -2436,20 +2908,26 @@ "id": "GHSA-hwj3-m3p6-hj38", "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\",\n \"group\": \"org.dom4j\",\n \"name\": \"dom4j\",\n \"version\": \"2.1.1\",\n \"description\": \"flexible XML framework for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"f5710c1d5f5627ae5ce850a0b12ea87a\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"3dce5dbb3571aa820c677fadd8349bfa8f00c199\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"BSD 3-clause New License\",\n \"url\": \"https://github.com/dom4j/dom4j/blob/master/LICENSE\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.dom4j/dom4j@2.1.1?type=jar\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", - "message": "Component Summary\nType: library\nName: dom4j\nGroup: org.dom4j", + "message": "Component Summary\nType: library\nName: dom4j\nGroup: org.dom4j\nVersion: 2.1.1\nBOM-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\nAuthor: undefined\nDescription: flexible XML framework for Java\nPURL: pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 79 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-79" ] }, "descriptions": [ @@ -2468,20 +2946,26 @@ "id": "GHSA-7r82-7xv7-xcpj", "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\",\n \"group\": \"org.apache.httpcomponents\",\n \"name\": \"httpclient\",\n \"version\": \"4.5.7\",\n \"description\": \"Apache HttpComponents Client\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"deed71468af21d6f0cf02bf853ac02ec\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"dda059f4908e1b548b7ba68d81a3b05897f27cb0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.apache.org/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"http://issues.apache.org/jira/browse/HTTPCLIENT\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://repository.apache.org/service/local/staging/deploy/maven2\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", - "message": "Component Summary\nType: library\nName: httpclient\nGroup: org.apache.httpcomponents", + "message": "Component Summary\nType: library\nName: httpclient\nGroup: org.apache.httpcomponents\nVersion: 4.5.7\nBOM-ref: 893beba4-580b-4ada-a4cf-067fbe145507\nAuthor: undefined\nDescription: Apache HttpComponents Client\nPURL: pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 611 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" ] }, "descriptions": [ @@ -2500,21 +2984,27 @@ "id": "GHSA-jvfv-hrrc-6q72", "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\",\n \"group\": \"org.liquibase\",\n \"name\": \"liquibase-core\",\n \"version\": \"3.6.3\",\n \"description\": \"Liquibase is a tool for managing and executing database changes.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"455a827f017027c276fdfc1ec0bba595\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"737c5a4fac26ee760d016923c83481ff933e4875\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.liquibase.org\"\n },\n {\n \"type\": \"build-system\",\n \"url\": \"https://circleci.com/gh/liquibase/liquibase/tree/master\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"http://liquibase.jira.com/browse/CORE\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", - "message": "Component Summary\nType: library\nName: liquibase-core\nGroup: org.liquibase", + "message": "Component Summary\nType: library\nName: liquibase-core\nGroup: org.liquibase\nVersion: 3.6.3\nBOM-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\nAuthor: undefined\nDescription: Liquibase is a tool for managing and executing database changes.\nPURL: pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400, - 410 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-410" ] }, "descriptions": [ @@ -2533,20 +3023,26 @@ "id": "GHSA-wgmr-mf83-7x4j", "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"9c82833f49671905299a1a0d0edc031d\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2", + "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" ] }, "descriptions": [ @@ -2565,26 +3061,32 @@ "id": "GHSA-qppj-fm5r-hxr3", "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"9c82833f49671905299a1a0d0edc031d\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2", + "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", "start_time": "" }, { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2", + "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" ] }, "descriptions": [ @@ -2603,20 +3105,26 @@ "id": "GHSA-rggv-cv7r-mw98", "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-common\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"d4f0dede20f81acfb53f97c01fae71cf\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"6e3306d394aaaf41876220a818fb639faf5963b0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2", + "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 190 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-190" ] }, "descriptions": [ @@ -2635,20 +3143,28 @@ "id": "GHSA-wgh7-54f2-x98r", "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-hpack\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0323c6dd472c456a99d068f171cbd661\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-hpack\nGroup: org.eclipse.jetty.http2", + "message": "Component Summary\nType: library\nName: http2-hpack\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 295 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-295" ] }, "descriptions": [ @@ -2667,20 +3183,26 @@ "id": "GHSA-w4g2-9hj6-5472", "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\",\n \"group\": \"com.rabbitmq\",\n \"name\": \"amqp-client\",\n \"version\": \"4.4.1\",\n \"description\": \"The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"1a2a6feac205524a636c06d86af2df2c\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c442f6501595a6fb9c029409eca94888cc9a3106\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.rabbitmq.com\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/rabbitmq/rabbitmq-java-client\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq", + "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq\nVersion: 4.4.1\nBOM-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\nAuthor: undefined\nDescription: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\nPURL: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 400 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" ] }, "descriptions": [ @@ -2699,20 +3221,26 @@ "id": "GHSA-mm8h-8587-p46h", "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\",\n \"group\": \"com.rabbitmq\",\n \"name\": \"amqp-client\",\n \"version\": \"4.4.1\",\n \"description\": \"The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"1a2a6feac205524a636c06d86af2df2c\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c442f6501595a6fb9c029409eca94888cc9a3106\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.rabbitmq.com\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/rabbitmq/rabbitmq-java-client\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq", + "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq\nVersion: 4.4.1\nBOM-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\nAuthor: undefined\nDescription: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\nPURL: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 502 + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" ] }, "descriptions": [ @@ -2731,20 +3259,28 @@ "id": "GHSA-h376-j262-vhq6", "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\",\n \"group\": \"com.h2database\",\n \"name\": \"h2\",\n \"version\": \"1.4.197\",\n \"description\": \"H2 Database Engine\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"f9893acfa22b7fe1492dd9c515af2e5b\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"bb391050048ca8ae3e32451b5a3714ecd3596a46\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.h2database/h2@1.4.197?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/h2database/h2database\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database", + "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database\nVersion: 1.4.197\nBOM-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\nAuthor: undefined\nDescription: H2 Database Engine\nPURL: pkg:maven/com.h2database/h2@1.4.197?type=jar", "start_time": "" } ] }, { "tags": { - "cweid": [ - 88 + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-88" ] }, "descriptions": [ @@ -2763,18 +3299,18 @@ "id": "GHSA-45hx-wfhj-473x", "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 0.5, - "code": null, + "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\",\n \"group\": \"com.h2database\",\n \"name\": \"h2\",\n \"version\": \"1.4.197\",\n \"description\": \"H2 Database Engine\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"f9893acfa22b7fe1492dd9c515af2e5b\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"bb391050048ca8ae3e32451b5a3714ecd3596a46\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.h2database/h2@1.4.197?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/h2database/h2database\"\n }\n ]\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database", + "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database\nVersion: 1.4.197\nBOM-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\nAuthor: undefined\nDescription: H2 Database Engine\nPURL: pkg:maven/com.h2database/h2@1.4.197?type=jar", "start_time": "" } ] } ], - "sha256": "46f7f609b88a23ff494384a61937afacd99d5967012d1de8fbb2bfae6448c32e" + "sha256": "12ae1f3bcf7df6a697a653098bbcbe6c8655a07f7d705d1739f479b4c9531b26" } ], "passthrough": { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index bb9fba9ada..b6aecb160f 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -2,35 +2,26 @@ import {ExecJSON} from 'inspecjs'; import _ from 'lodash'; import {version as HeimdallToolsVersion} from '../package.json'; import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; +import {CweNistMapping} from './mappings/CweNistMapping'; +import {getCCIsForNISTTags} from './utils/global'; -function formatName(input: Record): string { - return `${input.type}/${input['bom-ref']}`; -} - -function formatTitle(input: Record): string { - const group = input.group ? `${input.group}/` : ''; - return `${group}${input.name}`; -} +const CWE_NIST_MAPPING = new CweNistMapping(); +const DEFAULT_NIST_TAG = ['SI-2', 'RA-5']; -function formatLicense(input: Record): string { - let message = ''; - if (Array.isArray(input.licenses)) { - // Join together all applicable licenses for this component - input.licenses.map((license) => { - message = message.concat(`${license.license.id}, `); - }); +function formatCWETags(input: number[], addPrefix = true): string[] { + const stringifiedCWE: string[] = []; + for (const cwe of input) { + const cweTag = addPrefix ? `CWE-${cwe}` : `${cwe}`; + stringifiedCWE.push(cweTag); } - return message.slice(0, -2); + return stringifiedCWE; } -function formatCodeDesc(input: Record): string { - const group = input.group ? `${input.group}/` : ''; - const version = input.version ? `@${input.version}` : ''; - return `Component ${group}${input.name}${version} is vulnerable`; -} - -function formatMessage(input: Record): string { - return `Component Summary\nType: ${input.type}\nName: ${input.name}\nGroup: ${input.group}` +function getNISTTags(input: number[]): string[] { + return CWE_NIST_MAPPING.nistFilter( + formatCWETags(input, false), + DEFAULT_NIST_TAG + ); } export class SBOMResults { @@ -128,13 +119,36 @@ export class SBOMMapper extends BaseConverter { statistics: {}, profiles: [ { - name: {path: 'metadata.component', transformer: formatName}, - title: {path: 'metadata.component', transformer: formatTitle}, + name: { + path: 'metadata.component', + transformer: (input: Record): string => { + return `${input.type}/${input['bom-ref']}`; + } + }, + title: { + path: 'metadata.component', + transformer: (input: Record): string => { + const group = input.group ? `${input.group}/` : ''; + return `${group}${input.name}`; + } + }, version: {path: 'metadata.component.version'}, maintainer: {path: 'metadata.component.author'}, summary: null, //Insert data description: {path: 'metadata.component.description'}, - license: {path: 'metadata.component', transformer: formatLicense}, + license: { + path: 'metadata.component', + transformer: (input: Record): string => { + let message = ''; + if (Array.isArray(input.licenses)) { + // Join together all applicable licenses for this component + input.licenses.map((license) => { + message = message.concat(`${license.license.id}, `); + }); + } + return message.slice(0, -2); + } + }, supports: [], //Insert data attributes: [], //Insert data copyright: null, //Insert data @@ -147,7 +161,16 @@ export class SBOMMapper extends BaseConverter { path: 'vulnerabilities', key: 'id', tags: { - cweid: {path: 'cwes'} + nist: { + path: 'cwes', + transformer: getNISTTags + }, + cci: { + path: 'cwes', + transformer: (input: number[]) => + getCCIsForNISTTags(getNISTTags(input)) + }, + cwe: {path: 'cwes', transformer: formatCWETags} }, descriptions: [ { @@ -165,13 +188,27 @@ export class SBOMMapper extends BaseConverter { id: {path: 'id'}, desc: {path: 'description'}, impact: 0.5, //Insert data - code: null, //Insert data + code: { + transformer: (vulnerability: Record): string => { + return JSON.stringify(vulnerability, null, 2); + } + }, results: [ { path: 'affectedComponents', status: ExecJSON.ControlResultStatus.Failed, - code_desc: {transformer: formatCodeDesc}, - message: {transformer: formatMessage}, + code_desc: { + transformer: (input: Record): string => { + const group = input.group ? `${input.group}/` : ''; + const version = input.version ? `@${input.version}` : ''; + return `Component ${group}${input.name}${version} is vulnerable`; + } + }, + message: { + transformer: (input: Record): string => { + return `Component Summary\nType: ${input.type}\nName: ${input.name}\nGroup: ${input.group}\nVersion: ${input.version}\nBOM-ref: ${input['bom-ref']}\nAuthor: ${input.author}\nDescription: ${input.description}\nPURL: ${input.purl}`; + } + }, start_time: '' } ] From 12da117062f64f1dbe884cab164a60c45c6e23ed Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 25 Jul 2024 15:08:39 -0400 Subject: [PATCH 16/61] VEX ingestion; various mapping adjustments Signed-off-by: Charles Hu --- .../sbom-dropwizard-vulns-hdf-withraw.json | 1413 +++++++++++++---- .../sbom-dropwizard-vulns-hdf.json | 1413 +++++++++++++---- libs/hdf-converters/src/sbom-mapper.ts | 79 +- .../src/utils/fingerprinting.ts | 2 +- .../test/mappers/forward/sbom_mapper.spec.ts | 32 +- 5 files changed, 2254 insertions(+), 685 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index 32ef95518a..053d7fb262 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -50,18 +50,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "b7a12947-7a8d-4031-b59d-640d33dbad6a", "id": "GHSA-5mg8-w23w-74h3", "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\",\n \"group\": \"com.google.guava\",\n \"name\": \"guava\",\n \"version\": \"24.1.1-jre\",\n \"description\": \"Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"361459dd415a18e4750b7fa0cdd9e747\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"2e3014320a8005e3f3c1800cb246ed42db8cab81\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"build-system\",\n \"url\": \"https://travis-ci.org/google/guava\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/google/guava/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/google/guava\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava\nVersion: 24.1.1-jre\nBOM-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\nAuthor: undefined\nDescription: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\nPURL: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- hashes: [\n {\n alg: MD5,\n content: 361459dd415a18e4750b7fa0cdd9e747\n },\n {\n alg: SHA-1,\n content: 2e3014320a8005e3f3c1800cb246ed42db8cab81\n },\n {\n alg: SHA-256,\n content: 490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\n },\n {\n alg: SHA-512,\n content: f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\n },\n {\n alg: SHA3-256,\n content: 182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\n },\n {\n alg: SHA3-512,\n content: 245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\n- externalReferences: [\n {\n type: build-system,\n url: https://travis-ci.org/google/guava\n },\n {\n type: issue-tracker,\n url: https://github.com/google/guava/issues\n },\n {\n type: vcs,\n url: https://github.com/google/guava\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -91,18 +100,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "bb03c210-ea12-450d-85df-17d81a75ede2", "id": "GHSA-7g45-4rm6-3mm3", "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\",\n \"group\": \"com.google.guava\",\n \"name\": \"guava\",\n \"version\": \"24.1.1-jre\",\n \"description\": \"Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"361459dd415a18e4750b7fa0cdd9e747\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"2e3014320a8005e3f3c1800cb246ed42db8cab81\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"build-system\",\n \"url\": \"https://travis-ci.org/google/guava\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/google/guava/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/google/guava\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava\nVersion: 24.1.1-jre\nBOM-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\nAuthor: undefined\nDescription: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\nPURL: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- hashes: [\n {\n alg: MD5,\n content: 361459dd415a18e4750b7fa0cdd9e747\n },\n {\n alg: SHA-1,\n content: 2e3014320a8005e3f3c1800cb246ed42db8cab81\n },\n {\n alg: SHA-256,\n content: 490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\n },\n {\n alg: SHA-512,\n content: f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\n },\n {\n alg: SHA3-256,\n content: 182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\n },\n {\n alg: SHA3-512,\n content: 245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\n- externalReferences: [\n {\n type: build-system,\n url: https://travis-ci.org/google/guava\n },\n {\n type: issue-tracker,\n url: https://github.com/google/guava/issues\n },\n {\n type: vcs,\n url: https://github.com/google/guava\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -129,18 +147,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", "id": "GHSA-5p34-5m6p-p58g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -167,18 +194,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "f57dc81d-6b2d-4060-8c15-7613c1a37981", "id": "GHSA-27xj-rqx5-2255", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -205,18 +241,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", "id": "GHSA-58pp-9c76-5625", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -243,18 +288,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", "id": "GHSA-v3xw-c963-f5hc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -281,18 +335,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", "id": "GHSA-h4rc-386g-6m85", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -319,18 +382,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", "id": "GHSA-9vvp-fxw6-jcxr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -357,18 +429,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "343cd240-f667-4770-aecf-ddc11f9d0172", "id": "GHSA-rf6r-2c4q-2vwg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -395,18 +476,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", "id": "GHSA-758m-v56v-grj4", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -433,18 +523,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", "id": "GHSA-95cm-88f5-f2c7", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -471,18 +570,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", "id": "GHSA-c2q3-4qrh-fm48", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -509,18 +617,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "97981cb2-9228-4b8b-a172-ad12f550a19f", "id": "GHSA-mc6h-4qgp-37qh", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -547,18 +664,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", "id": "GHSA-j823-4qch-3rgm", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -585,18 +711,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "7e3a7481-266e-4cb7-af3b-94dcaf462942", "id": "GHSA-c265-37vj-cwcc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -623,18 +758,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "db7cfe67-0b1d-4504-af8b-da26e12af73a", "id": "GHSA-4w82-r329-3q67", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -661,18 +805,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", "id": "GHSA-rpr3-cw39-3pxh", "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -699,18 +852,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c037af59-a132-4727-8cc3-c6095c490df7", "id": "GHSA-fmmc-742q-jg75", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -737,18 +899,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", "id": "GHSA-gjmw-vf9h-g25v", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -775,18 +946,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "e8b21aeb-ce1d-4df2-8102-577b813e712f", "id": "GHSA-mx7p-6679-8g3q", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -813,18 +993,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "e141c668-bc18-4738-b3b6-e7ba1057d124", "id": "GHSA-q93h-jc49-78gg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -851,18 +1040,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", "id": "GHSA-p43x-xfjf-5jhr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -890,18 +1088,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "6af6635c-bedd-40e5-88b8-324d3a80a33e", "id": "GHSA-h3cw-g4mq-c5x2", "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -928,18 +1135,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "3ad04380-a25c-41d8-8fad-259c2561795b", "id": "GHSA-qjw2-hr98-qgfh", "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -966,18 +1182,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "86f78c35-adfb-48e4-9428-88084373e1c0", "id": "GHSA-8w26-6f25-cm9x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1004,18 +1229,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", "id": "GHSA-m6x4-97wx-4q27", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1042,18 +1276,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "00033bff-66dc-4a36-ab38-a10b0625409f", "id": "GHSA-v585-23hc-c647", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1080,18 +1323,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "14e2856b-f78d-4a6d-99eb-470c8566df29", "id": "GHSA-r695-7vr9-jgc2", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1118,18 +1370,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c224f923-be9a-4faa-a930-ef4db611bc2b", "id": "GHSA-vfqx-33qm-g869", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1156,18 +1417,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "5201940b-1f04-4668-ae86-8261448d817d", "id": "GHSA-f9xh-2qgp-cq57", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1194,18 +1464,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", "id": "GHSA-cvm9-fjm9-3572", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1232,18 +1511,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", "id": "GHSA-9gph-22xh-8x98", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1270,18 +1558,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "950cff67-088e-4f41-9818-25943c9e17c0", "id": "GHSA-89qr-369f-5m5x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1308,18 +1605,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "53eda8c2-268a-4866-89ac-234bfe7f74ce", "id": "GHSA-8c4j-34r4-xr8g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1346,18 +1652,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "9edaa51d-929b-457e-aab5-0fffecdb4938", "id": "GHSA-9m6f-7xcq-8vf8", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1384,18 +1699,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "6d5189b4-d549-419a-b886-43a62cc43d40", "id": "GHSA-5r5r-6hpj-8gg9", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1422,18 +1746,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "135c6dab-529e-4855-ab72-a0138e2110c8", "id": "GHSA-wh8g-3j2c-rqj5", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1461,18 +1794,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "57f41366-73de-4a9c-ba15-4d09c9f60e33", "id": "GHSA-r3gr-cxrf-hg25", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1500,18 +1842,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", "id": "GHSA-jjjh-jjxp-wpff", "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1538,18 +1889,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "726a055c-f364-4cb7-a75a-d3c541dad0fa", "id": "GHSA-5949-rw7g-wx7w", "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1576,18 +1936,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", "id": "GHSA-57j2-w4cx-62h2", "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1614,18 +1983,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", "id": "GHSA-288c-cq4h-88gq", "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1652,18 +2030,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", "id": "GHSA-gww7-p5w4-wrfv", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1691,18 +2078,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "87742746-bd8b-423d-979d-d9aa81a8ccfd", "id": "GHSA-rgv9-q543-rqg4", "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1729,18 +2125,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "5c0b94e1-0577-42c9-8028-f244d68f61da", "id": "GHSA-fqwf-pjwf-7vqv", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1769,18 +2174,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "f2fa9b19-418a-4901-9840-a8631227701e", "id": "GHSA-8jpx-m2wh-2v34", "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\",\n \"group\": \"io.dropwizard\",\n \"name\": \"dropwizard-validation\",\n \"version\": \"1.3.15\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0557207f6f05c684958ff0c524ed97de\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\"\n }\n ],\n \"purl\": \"pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar\"\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard\nVersion: 1.3.15\nBOM-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\nAuthor: undefined\nDescription: undefined\nPURL: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15\n- hashes: [\n {\n alg: MD5,\n content: 0557207f6f05c684958ff0c524ed97de\n },\n {\n alg: SHA-1,\n content: d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\n },\n {\n alg: SHA-256,\n content: 6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\n },\n {\n alg: SHA-512,\n content: e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\n },\n {\n alg: SHA3-256,\n content: 95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\n },\n {\n alg: SHA3-512,\n content: 39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\n }\n]\n- purl: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", "start_time": "" } ] @@ -1809,18 +2223,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", "id": "GHSA-3mcp-9wr4-cjqf", "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\",\n \"group\": \"io.dropwizard\",\n \"name\": \"dropwizard-validation\",\n \"version\": \"1.3.15\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0557207f6f05c684958ff0c524ed97de\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\"\n }\n ],\n \"purl\": \"pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar\"\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard\nVersion: 1.3.15\nBOM-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\nAuthor: undefined\nDescription: undefined\nPURL: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15\n- hashes: [\n {\n alg: MD5,\n content: 0557207f6f05c684958ff0c524ed97de\n },\n {\n alg: SHA-1,\n content: d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\n },\n {\n alg: SHA-256,\n content: 6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\n },\n {\n alg: SHA-512,\n content: e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\n },\n {\n alg: SHA3-256,\n content: 95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\n },\n {\n alg: SHA3-512,\n content: 39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\n }\n]\n- purl: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", "start_time": "" } ] @@ -1849,18 +2272,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", "id": "GHSA-rvwf-54qp-4r6v", "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -1888,18 +2320,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "63a53dc7-5769-43dc-a053-50ccd5295d8b", "id": "GHSA-9w3m-gqgf-c4p9", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -1927,18 +2368,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "5ab41975-23cc-45e0-9a13-be603ea00595", "id": "GHSA-w37g-rhq8-7m4j", "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -1966,18 +2416,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "dff65990-715e-4f71-aace-60d4436af108", "id": "GHSA-c4r9-r8fh-9vj2", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -2005,18 +2464,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", "id": "GHSA-hhhw-99gj-p3c3", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -2044,18 +2512,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "6c215a04-8ea0-421f-961b-d5cceb64fd13", "id": "GHSA-98wm-3w3q-mw94", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -2083,18 +2560,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "38c08d91-3487-44c4-b258-d5a274a4ad05", "id": "GHSA-3mc7-4q67-w48m", "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -2122,18 +2608,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", "id": "GHSA-mjmj-j48q-9wg2", "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -2160,18 +2655,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", "id": "GHSA-668q-qrv7-99fm", "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\",\n \"group\": \"ch.qos.logback\",\n \"name\": \"logback-core\",\n \"version\": \"1.2.3\",\n \"description\": \"logback-core module\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"841fc80c6edff60d947a3872a2db4d45\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"864344400c3d4d92dfeb0a305dc87d953677c03c\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.qos.ch\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/ceki/logback\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback\nVersion: 1.2.3\nBOM-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\nAuthor: undefined\nDescription: logback-core module\nPURL: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- hashes: [\n {\n alg: MD5,\n content: 841fc80c6edff60d947a3872a2db4d45\n },\n {\n alg: SHA-1,\n content: 864344400c3d4d92dfeb0a305dc87d953677c03c\n },\n {\n alg: SHA-256,\n content: 5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\n },\n {\n alg: SHA-512,\n content: bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\n },\n {\n alg: SHA3-256,\n content: 7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\n },\n {\n alg: SHA3-512,\n content: 76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.qos.ch\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: vcs,\n url: https://github.com/ceki/logback\n }\n]", "start_time": "" } ] @@ -2198,24 +2702,33 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", "id": "GHSA-vmq6-5m68-f53m", "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\",\n \"group\": \"ch.qos.logback\",\n \"name\": \"logback-core\",\n \"version\": \"1.2.3\",\n \"description\": \"logback-core module\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"841fc80c6edff60d947a3872a2db4d45\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"864344400c3d4d92dfeb0a305dc87d953677c03c\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.qos.ch\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/ceki/logback\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback\nVersion: 1.2.3\nBOM-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\nAuthor: undefined\nDescription: logback-core module\nPURL: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- hashes: [\n {\n alg: MD5,\n content: 841fc80c6edff60d947a3872a2db4d45\n },\n {\n alg: SHA-1,\n content: 864344400c3d4d92dfeb0a305dc87d953677c03c\n },\n {\n alg: SHA-256,\n content: 5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\n },\n {\n alg: SHA-512,\n content: bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\n },\n {\n alg: SHA3-256,\n content: 7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\n },\n {\n alg: SHA3-512,\n content: 76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.qos.ch\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: vcs,\n url: https://github.com/ceki/logback\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", - "message": "Component Summary\nType: library\nName: logback-classic\nGroup: ch.qos.logback\nVersion: 1.2.3\nBOM-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\nAuthor: undefined\nDescription: logback-classic module\nPURL: pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n- group: ch.qos.logback\n- name: logback-classic\n- version: 1.2.3\n- description: logback-classic module\n- hashes: [\n {\n alg: MD5,\n content: 64f7a68f931aed8e5ad8243470440f0b\n },\n {\n alg: SHA-1,\n content: 7c4f3c474fb2c041d8028740440937705ebb473a\n },\n {\n alg: SHA-256,\n content: fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0\n },\n {\n alg: SHA-512,\n content: 9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1\n },\n {\n alg: SHA3-256,\n content: 7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24\n },\n {\n alg: SHA3-512,\n content: 0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.qos.ch\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: vcs,\n url: https://github.com/ceki/logback\n }\n]", "start_time": "" } ] @@ -2242,18 +2755,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", "id": "GHSA-m394-8rww-3jr7", "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, - "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2280,18 +2802,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "f32ca540-f068-4392-bea0-c0d7b050b7d1", "id": "GHSA-m6cp-vxjx-65j6", "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2320,18 +2851,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", "id": "GHSA-26vr-8j45-3r4w", "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2358,18 +2898,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "d5c5815d-1742-46b6-953a-a4ed90fdd920", "id": "GHSA-p26g-97m4-6q7c", "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2397,18 +2946,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "f6ff72c7-6603-4627-899d-658f8f7c5f23", "id": "GHSA-qw69-rqj8-6qw8", "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, - "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2435,18 +2993,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", "id": "GHSA-86wm-rrjm-8wh8", "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2473,18 +3040,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c19b779d-2699-44de-a189-a0d18d8dc953", "id": "GHSA-cj7v-27pg-wf7q", "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-http\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0f5299204d64fb561a8062f594185dc6\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c2e73db2db5c369326b717da71b6587b3da11e0e\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: c1abfd09-121f-418c-befa-4d6b9e164769\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 0f5299204d64fb561a8062f594185dc6\n },\n {\n alg: SHA-1,\n content: c2e73db2db5c369326b717da71b6587b3da11e0e\n },\n {\n alg: SHA-256,\n content: a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\n },\n {\n alg: SHA-512,\n content: 93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\n },\n {\n alg: SHA3-256,\n content: 84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\n },\n {\n alg: SHA3-512,\n content: 08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2513,18 +3089,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", "id": "GHSA-hmr7-m48g-48f6", "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-http\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0f5299204d64fb561a8062f594185dc6\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c2e73db2db5c369326b717da71b6587b3da11e0e\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: c1abfd09-121f-418c-befa-4d6b9e164769\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 0f5299204d64fb561a8062f594185dc6\n },\n {\n alg: SHA-1,\n content: c2e73db2db5c369326b717da71b6587b3da11e0e\n },\n {\n alg: SHA-256,\n content: a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\n },\n {\n alg: SHA-512,\n content: 93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\n },\n {\n alg: SHA3-256,\n content: 84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\n },\n {\n alg: SHA3-512,\n content: 08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2555,18 +3140,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", "id": "GHSA-g3wg-6mcf-8jj6", "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-webapp\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"Jetty web application support\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"044d3037d9a5b94c8ed938d89045e06b\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-webapp\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\nAuthor: undefined\nDescription: Jetty web application support\nPURL: pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n- group: org.eclipse.jetty\n- name: jetty-webapp\n- version: 9.4.18.v20190429\n- description: Jetty web application support\n- hashes: [\n {\n alg: MD5,\n content: 044d3037d9a5b94c8ed938d89045e06b\n },\n {\n alg: SHA-1,\n content: 9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d\n },\n {\n alg: SHA-256,\n content: 3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125\n },\n {\n alg: SHA-512,\n content: 09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea\n },\n {\n alg: SHA3-256,\n content: a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4\n },\n {\n alg: SHA3-512,\n content: c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2593,18 +3187,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "76910119-ee18-4144-855b-b2fdab20e33c", "id": "GHSA-58qw-p7qm-5rvh", "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-xml\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The jetty xml utilities.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"637f8a266afa4cb043e1d142c7cacb33\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"dcd2806ee48e646fd4dcff81c7c6867fea2b52e8\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-xml\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\nAuthor: undefined\nDescription: The jetty xml utilities.\nPURL: pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n- group: org.eclipse.jetty\n- name: jetty-xml\n- version: 9.4.18.v20190429\n- description: The jetty xml utilities.\n- hashes: [\n {\n alg: MD5,\n content: 637f8a266afa4cb043e1d142c7cacb33\n },\n {\n alg: SHA-1,\n content: dcd2806ee48e646fd4dcff81c7c6867fea2b52e8\n },\n {\n alg: SHA-256,\n content: 2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6\n },\n {\n alg: SHA-512,\n content: f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206\n },\n {\n alg: SHA3-256,\n content: acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940\n },\n {\n alg: SHA3-512,\n content: 53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2631,18 +3234,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "d8add710-4eed-448d-b198-ecff8ffe86ea", "id": "GHSA-gwcr-j4wh-j3cq", "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-servlets\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"Utility Servlets from Jetty\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ed9e6c52ea1c28d92b81bf5c4cff5e22\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e5d174950a44c8f93e27cc2528eff5a6b55da2f3\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\nAuthor: undefined\nDescription: Utility Servlets from Jetty\nPURL: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- hashes: [\n {\n alg: MD5,\n content: ed9e6c52ea1c28d92b81bf5c4cff5e22\n },\n {\n alg: SHA-1,\n content: e5d174950a44c8f93e27cc2528eff5a6b55da2f3\n },\n {\n alg: SHA-256,\n content: 134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\n },\n {\n alg: SHA-512,\n content: ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\n },\n {\n alg: SHA3-256,\n content: 843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\n },\n {\n alg: SHA3-512,\n content: 7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2671,18 +3283,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "123b8eaf-5572-4945-975d-21ed3c2f101d", "id": "GHSA-3gh6-v5v9-6v9j", "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-servlets\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"Utility Servlets from Jetty\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ed9e6c52ea1c28d92b81bf5c4cff5e22\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e5d174950a44c8f93e27cc2528eff5a6b55da2f3\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\nAuthor: undefined\nDescription: Utility Servlets from Jetty\nPURL: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- hashes: [\n {\n alg: MD5,\n content: ed9e6c52ea1c28d92b81bf5c4cff5e22\n },\n {\n alg: SHA-1,\n content: e5d174950a44c8f93e27cc2528eff5a6b55da2f3\n },\n {\n alg: SHA-256,\n content: 134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\n },\n {\n alg: SHA-512,\n content: ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\n },\n {\n alg: SHA3-256,\n content: 843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\n },\n {\n alg: SHA3-512,\n content: 7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2712,18 +3333,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "499117ae-d134-4505-8674-ed498531e7a9", "id": "GHSA-269g-pwp5-87pp", "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, - "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\",\n \"group\": \"junit\",\n \"name\": \"junit\",\n \"version\": \"4.12\",\n \"description\": \"JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"5b38c40c97fbd0adee29f91e60405584\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"2973d150c0dc1fefe998f834810d68f278ea58ec\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.eclipse.org/legal/epl-v10.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/junit/junit@4.12?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.junit.org\"\n },\n {\n \"type\": \"build-system\",\n \"url\": \"https://junit.ci.cloudbees.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://github.com/junit-team/junit/wiki/Download-and-Install\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/junit-team/junit/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://groups.yahoo.com/neo/groups/junit/info\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/junit-team/junit/tree/master\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component junit/junit@4.12 is vulnerable", - "message": "Component Summary\nType: library\nName: junit\nGroup: junit\nVersion: 4.12\nBOM-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\nAuthor: undefined\nDescription: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\nPURL: pkg:maven/junit/junit@4.12?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n- group: junit\n- name: junit\n- version: 4.12\n- description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n- hashes: [\n {\n alg: MD5,\n content: 5b38c40c97fbd0adee29f91e60405584\n },\n {\n alg: SHA-1,\n content: 2973d150c0dc1fefe998f834810d68f278ea58ec\n },\n {\n alg: SHA-256,\n content: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a\n },\n {\n alg: SHA-512,\n content: 5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce\n },\n {\n alg: SHA3-256,\n content: 02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a\n },\n {\n alg: SHA3-512,\n content: 9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.eclipse.org/legal/epl-v10.html\n }\n }\n]\n- purl: pkg:maven/junit/junit@4.12?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.junit.org\n },\n {\n type: build-system,\n url: https://junit.ci.cloudbees.com/\n },\n {\n type: distribution,\n url: https://github.com/junit-team/junit/wiki/Download-and-Install\n },\n {\n type: issue-tracker,\n url: https://github.com/junit-team/junit/issues\n },\n {\n type: mailing-list,\n url: https://groups.yahoo.com/neo/groups/junit/info\n },\n {\n type: vcs,\n url: http://github.com/junit-team/junit/tree/master\n }\n]", "start_time": "" } ] @@ -2750,18 +3380,26 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "INTERNAL" + } + ] + } + ], "source_location": {}, "title": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "id": "INT-f70z-tbpp-4o5d", "desc": "", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\",\n \"group\": \"net.bytebuddy\",\n \"name\": \"byte-buddy\",\n \"version\": \"1.9.7\",\n \"description\": \"Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"3038371407163c76c89749c3a7c458b0\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"8fea78fea6449e1738b675cb155ce8422661e237\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"distribution\",\n \"url\": \"https://api.bintray.com/maven/raphw/maven/ByteBuddy\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/raphw/byte-buddy/issues\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy\nVersion: 1.9.7\nBOM-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\nAuthor: undefined\nDescription: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\nPURL: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- hashes: [\n {\n alg: MD5,\n content: 3038371407163c76c89749c3a7c458b0\n },\n {\n alg: SHA-1,\n content: 8fea78fea6449e1738b675cb155ce8422661e237\n },\n {\n alg: SHA-256,\n content: 69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\n },\n {\n alg: SHA-512,\n content: 20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\n },\n {\n alg: SHA3-256,\n content: fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\n },\n {\n alg: SHA3-512,\n content: 50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\n- externalReferences: [\n {\n type: distribution,\n url: https://api.bintray.com/maven/raphw/maven/ByteBuddy\n },\n {\n type: issue-tracker,\n url: https://github.com/raphw/byte-buddy/issues\n }\n]", "start_time": "" } ] @@ -2788,18 +3426,26 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "INTERNAL" + } + ] + } + ], "source_location": {}, "title": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "id": "INT-63e3-49kp-blqt", "desc": "testing", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\",\n \"group\": \"net.bytebuddy\",\n \"name\": \"byte-buddy\",\n \"version\": \"1.9.7\",\n \"description\": \"Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"3038371407163c76c89749c3a7c458b0\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"8fea78fea6449e1738b675cb155ce8422661e237\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"distribution\",\n \"url\": \"https://api.bintray.com/maven/raphw/maven/ByteBuddy\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/raphw/byte-buddy/issues\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy\nVersion: 1.9.7\nBOM-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\nAuthor: undefined\nDescription: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\nPURL: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- hashes: [\n {\n alg: MD5,\n content: 3038371407163c76c89749c3a7c458b0\n },\n {\n alg: SHA-1,\n content: 8fea78fea6449e1738b675cb155ce8422661e237\n },\n {\n alg: SHA-256,\n content: 69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\n },\n {\n alg: SHA-512,\n content: 20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\n },\n {\n alg: SHA3-256,\n content: fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\n },\n {\n alg: SHA3-512,\n content: 50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\n- externalReferences: [\n {\n type: distribution,\n url: https://api.bintray.com/maven/raphw/maven/ByteBuddy\n },\n {\n type: issue-tracker,\n url: https://github.com/raphw/byte-buddy/issues\n }\n]", "start_time": "" } ] @@ -2826,18 +3472,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "1f182b73-afb8-424c-8e08-533a0f702076", "id": "GHSA-j8jw-g6fq-mp7h", "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\",\n \"group\": \"org.hibernate\",\n \"name\": \"hibernate-core\",\n \"version\": \"5.2.18.Final\",\n \"description\": \"The core O/RM functionality as provided by Hibernate\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"a5e6ac320c1b5fd739d213dc050cfc29\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c1861a015d47f55ffc6cb120216d17af177e0b90\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://hibernate.org\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://hibernate.atlassian.net/browse/HHH\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/hibernate/hibernate-orm\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate\nVersion: 5.2.18.Final\nBOM-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\nAuthor: undefined\nDescription: The core O/RM functionality as provided by Hibernate\nPURL: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- hashes: [\n {\n alg: MD5,\n content: a5e6ac320c1b5fd739d213dc050cfc29\n },\n {\n alg: SHA-1,\n content: c1861a015d47f55ffc6cb120216d17af177e0b90\n },\n {\n alg: SHA-256,\n content: 4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\n },\n {\n alg: SHA-512,\n content: 1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\n },\n {\n alg: SHA3-256,\n content: ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\n },\n {\n alg: SHA3-512,\n content: 4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\n }\n]\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://hibernate.org\n },\n {\n type: issue-tracker,\n url: https://hibernate.atlassian.net/browse/HHH\n },\n {\n type: vcs,\n url: http://github.com/hibernate/hibernate-orm\n }\n]", "start_time": "" } ] @@ -2864,18 +3519,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", "id": "GHSA-8grg-q944-cch5", "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\",\n \"group\": \"org.hibernate\",\n \"name\": \"hibernate-core\",\n \"version\": \"5.2.18.Final\",\n \"description\": \"The core O/RM functionality as provided by Hibernate\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"a5e6ac320c1b5fd739d213dc050cfc29\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c1861a015d47f55ffc6cb120216d17af177e0b90\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://hibernate.org\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://hibernate.atlassian.net/browse/HHH\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/hibernate/hibernate-orm\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate\nVersion: 5.2.18.Final\nBOM-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\nAuthor: undefined\nDescription: The core O/RM functionality as provided by Hibernate\nPURL: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- hashes: [\n {\n alg: MD5,\n content: a5e6ac320c1b5fd739d213dc050cfc29\n },\n {\n alg: SHA-1,\n content: c1861a015d47f55ffc6cb120216d17af177e0b90\n },\n {\n alg: SHA-256,\n content: 4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\n },\n {\n alg: SHA-512,\n content: 1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\n },\n {\n alg: SHA3-256,\n content: ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\n },\n {\n alg: SHA3-512,\n content: 4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\n }\n]\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://hibernate.org\n },\n {\n type: issue-tracker,\n url: https://hibernate.atlassian.net/browse/HHH\n },\n {\n type: vcs,\n url: http://github.com/hibernate/hibernate-orm\n }\n]", "start_time": "" } ] @@ -2902,18 +3566,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "55ebe39e-12f6-4360-aeba-9913ef7efb68", "id": "GHSA-hwj3-m3p6-hj38", "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\",\n \"group\": \"org.dom4j\",\n \"name\": \"dom4j\",\n \"version\": \"2.1.1\",\n \"description\": \"flexible XML framework for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"f5710c1d5f5627ae5ce850a0b12ea87a\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"3dce5dbb3571aa820c677fadd8349bfa8f00c199\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"BSD 3-clause New License\",\n \"url\": \"https://github.com/dom4j/dom4j/blob/master/LICENSE\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.dom4j/dom4j@2.1.1?type=jar\"\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", - "message": "Component Summary\nType: library\nName: dom4j\nGroup: org.dom4j\nVersion: 2.1.1\nBOM-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\nAuthor: undefined\nDescription: flexible XML framework for Java\nPURL: pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n- group: org.dom4j\n- name: dom4j\n- version: 2.1.1\n- description: flexible XML framework for Java\n- hashes: [\n {\n alg: MD5,\n content: f5710c1d5f5627ae5ce850a0b12ea87a\n },\n {\n alg: SHA-1,\n content: 3dce5dbb3571aa820c677fadd8349bfa8f00c199\n },\n {\n alg: SHA-256,\n content: a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128\n },\n {\n alg: SHA-512,\n content: 547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1\n },\n {\n alg: SHA3-256,\n content: e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90\n },\n {\n alg: SHA3-512,\n content: 00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959\n }\n]\n- licenses: [\n {\n license: {\n name: BSD 3-clause New License,\n url: https://github.com/dom4j/dom4j/blob/master/LICENSE\n }\n }\n]\n- purl: pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", "start_time": "" } ] @@ -2940,18 +3613,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "8c0002e8-9326-40f7-9209-51020755ff02", "id": "GHSA-7r82-7xv7-xcpj", "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\",\n \"group\": \"org.apache.httpcomponents\",\n \"name\": \"httpclient\",\n \"version\": \"4.5.7\",\n \"description\": \"Apache HttpComponents Client\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"deed71468af21d6f0cf02bf853ac02ec\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"dda059f4908e1b548b7ba68d81a3b05897f27cb0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.apache.org/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"http://issues.apache.org/jira/browse/HTTPCLIENT\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://repository.apache.org/service/local/staging/deploy/maven2\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", - "message": "Component Summary\nType: library\nName: httpclient\nGroup: org.apache.httpcomponents\nVersion: 4.5.7\nBOM-ref: 893beba4-580b-4ada-a4cf-067fbe145507\nAuthor: undefined\nDescription: Apache HttpComponents Client\nPURL: pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n- group: org.apache.httpcomponents\n- name: httpclient\n- version: 4.5.7\n- description: Apache HttpComponents Client\n- hashes: [\n {\n alg: MD5,\n content: deed71468af21d6f0cf02bf853ac02ec\n },\n {\n alg: SHA-1,\n content: dda059f4908e1b548b7ba68d81a3b05897f27cb0\n },\n {\n alg: SHA-256,\n content: 807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330\n },\n {\n alg: SHA-512,\n content: 459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac\n },\n {\n alg: SHA3-256,\n content: 9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8\n },\n {\n alg: SHA3-512,\n content: f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.apache.org/\n },\n {\n type: issue-tracker,\n url: http://issues.apache.org/jira/browse/HTTPCLIENT\n },\n {\n type: mailing-list,\n url: http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/\n },\n {\n type: distribution,\n url: https://repository.apache.org/service/local/staging/deploy/maven2\n }\n]", "start_time": "" } ] @@ -2978,18 +3660,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "7b0674fc-e326-47d0-b34b-b5bfb523784b", "id": "GHSA-jvfv-hrrc-6q72", "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\",\n \"group\": \"org.liquibase\",\n \"name\": \"liquibase-core\",\n \"version\": \"3.6.3\",\n \"description\": \"Liquibase is a tool for managing and executing database changes.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"455a827f017027c276fdfc1ec0bba595\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"737c5a4fac26ee760d016923c83481ff933e4875\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.liquibase.org\"\n },\n {\n \"type\": \"build-system\",\n \"url\": \"https://circleci.com/gh/liquibase/liquibase/tree/master\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"http://liquibase.jira.com/browse/CORE\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", - "message": "Component Summary\nType: library\nName: liquibase-core\nGroup: org.liquibase\nVersion: 3.6.3\nBOM-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\nAuthor: undefined\nDescription: Liquibase is a tool for managing and executing database changes.\nPURL: pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n- group: org.liquibase\n- name: liquibase-core\n- version: 3.6.3\n- description: Liquibase is a tool for managing and executing database changes.\n- hashes: [\n {\n alg: MD5,\n content: 455a827f017027c276fdfc1ec0bba595\n },\n {\n alg: SHA-1,\n content: 737c5a4fac26ee760d016923c83481ff933e4875\n },\n {\n alg: SHA-256,\n content: e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d\n },\n {\n alg: SHA-512,\n content: a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b\n },\n {\n alg: SHA3-256,\n content: 6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8\n },\n {\n alg: SHA3-512,\n content: 1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.liquibase.org\n },\n {\n type: build-system,\n url: https://circleci.com/gh/liquibase/liquibase/tree/master\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2\n },\n {\n type: issue-tracker,\n url: http://liquibase.jira.com/browse/CORE\n }\n]", "start_time": "" } ] @@ -3017,18 +3708,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c3fdf61d-7886-423b-8a29-b6ab6790c127", "id": "GHSA-wgmr-mf83-7x4j", "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"9c82833f49671905299a1a0d0edc031d\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 9c82833f49671905299a1a0d0edc031d\n },\n {\n alg: SHA-1,\n content: 6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\n },\n {\n alg: SHA-256,\n content: 99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\n },\n {\n alg: SHA-512,\n content: 49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\n },\n {\n alg: SHA3-256,\n content: 866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\n },\n {\n alg: SHA3-512,\n content: 447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -3055,24 +3755,33 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "affa7af3-427f-4223-8028-d9ac45e80e08", "id": "GHSA-qppj-fm5r-hxr3", "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"9c82833f49671905299a1a0d0edc031d\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 9c82833f49671905299a1a0d0edc031d\n },\n {\n alg: SHA-1,\n content: 6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\n },\n {\n alg: SHA-256,\n content: 99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\n },\n {\n alg: SHA-512,\n content: 49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\n },\n {\n alg: SHA3-256,\n content: 866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\n },\n {\n alg: SHA3-512,\n content: 447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: d4f0dede20f81acfb53f97c01fae71cf\n },\n {\n alg: SHA-1,\n content: 6e3306d394aaaf41876220a818fb639faf5963b0\n },\n {\n alg: SHA-256,\n content: d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601\n },\n {\n alg: SHA-512,\n content: 79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4\n },\n {\n alg: SHA3-256,\n content: edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451\n },\n {\n alg: SHA3-512,\n content: 4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -3099,18 +3808,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", "id": "GHSA-rggv-cv7r-mw98", "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-common\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"d4f0dede20f81acfb53f97c01fae71cf\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"6e3306d394aaaf41876220a818fb639faf5963b0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: d4f0dede20f81acfb53f97c01fae71cf\n },\n {\n alg: SHA-1,\n content: 6e3306d394aaaf41876220a818fb639faf5963b0\n },\n {\n alg: SHA-256,\n content: d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601\n },\n {\n alg: SHA-512,\n content: 79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4\n },\n {\n alg: SHA3-256,\n content: edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451\n },\n {\n alg: SHA3-512,\n content: 4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -3137,18 +3855,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", "id": "GHSA-wgh7-54f2-x98r", "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-hpack\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0323c6dd472c456a99d068f171cbd661\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-hpack\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n- group: org.eclipse.jetty.http2\n- name: http2-hpack\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 0323c6dd472c456a99d068f171cbd661\n },\n {\n alg: SHA-1,\n content: aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87\n },\n {\n alg: SHA-256,\n content: 7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf\n },\n {\n alg: SHA-512,\n content: 075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd\n },\n {\n alg: SHA3-256,\n content: f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636\n },\n {\n alg: SHA3-512,\n content: efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -3177,18 +3904,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", "id": "GHSA-w4g2-9hj6-5472", "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\",\n \"group\": \"com.rabbitmq\",\n \"name\": \"amqp-client\",\n \"version\": \"4.4.1\",\n \"description\": \"The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"1a2a6feac205524a636c06d86af2df2c\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c442f6501595a6fb9c029409eca94888cc9a3106\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.rabbitmq.com\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/rabbitmq/rabbitmq-java-client\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq\nVersion: 4.4.1\nBOM-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\nAuthor: undefined\nDescription: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\nPURL: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- hashes: [\n {\n alg: MD5,\n content: 1a2a6feac205524a636c06d86af2df2c\n },\n {\n alg: SHA-1,\n content: c442f6501595a6fb9c029409eca94888cc9a3106\n },\n {\n alg: SHA-256,\n content: fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\n },\n {\n alg: SHA-512,\n content: 8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\n },\n {\n alg: SHA3-256,\n content: 4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\n },\n {\n alg: SHA3-512,\n content: a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\n }\n]\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]\n- purl: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.rabbitmq.com\n },\n {\n type: vcs,\n url: https://github.com/rabbitmq/rabbitmq-java-client\n }\n]", "start_time": "" } ] @@ -3215,18 +3951,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", "id": "GHSA-mm8h-8587-p46h", "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\",\n \"group\": \"com.rabbitmq\",\n \"name\": \"amqp-client\",\n \"version\": \"4.4.1\",\n \"description\": \"The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"1a2a6feac205524a636c06d86af2df2c\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c442f6501595a6fb9c029409eca94888cc9a3106\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.rabbitmq.com\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/rabbitmq/rabbitmq-java-client\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq\nVersion: 4.4.1\nBOM-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\nAuthor: undefined\nDescription: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\nPURL: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- hashes: [\n {\n alg: MD5,\n content: 1a2a6feac205524a636c06d86af2df2c\n },\n {\n alg: SHA-1,\n content: c442f6501595a6fb9c029409eca94888cc9a3106\n },\n {\n alg: SHA-256,\n content: fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\n },\n {\n alg: SHA-512,\n content: 8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\n },\n {\n alg: SHA3-256,\n content: 4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\n },\n {\n alg: SHA3-512,\n content: a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\n }\n]\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]\n- purl: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.rabbitmq.com\n },\n {\n type: vcs,\n url: https://github.com/rabbitmq/rabbitmq-java-client\n }\n]", "start_time": "" } ] @@ -3253,18 +3998,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "815a1358-2bd4-4028-bd3e-8219747c78f6", "id": "GHSA-h376-j262-vhq6", "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\",\n \"group\": \"com.h2database\",\n \"name\": \"h2\",\n \"version\": \"1.4.197\",\n \"description\": \"H2 Database Engine\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"f9893acfa22b7fe1492dd9c515af2e5b\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"bb391050048ca8ae3e32451b5a3714ecd3596a46\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.h2database/h2@1.4.197?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/h2database/h2database\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database\nVersion: 1.4.197\nBOM-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\nAuthor: undefined\nDescription: H2 Database Engine\nPURL: pkg:maven/com.h2database/h2@1.4.197?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- hashes: [\n {\n alg: MD5,\n content: f9893acfa22b7fe1492dd9c515af2e5b\n },\n {\n alg: SHA-1,\n content: bb391050048ca8ae3e32451b5a3714ecd3596a46\n },\n {\n alg: SHA-256,\n content: 37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\n },\n {\n alg: SHA-512,\n content: aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\n },\n {\n alg: SHA3-256,\n content: ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\n },\n {\n alg: SHA3-512,\n content: 1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\n }\n]\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]\n- purl: pkg:maven/com.h2database/h2@1.4.197?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: https://github.com/h2database/h2database\n }\n]", "start_time": "" } ] @@ -3293,24 +4047,33 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c8a50465-16df-44e0-84e9-7acff5870a51", "id": "GHSA-45hx-wfhj-473x", "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\",\n \"group\": \"com.h2database\",\n \"name\": \"h2\",\n \"version\": \"1.4.197\",\n \"description\": \"H2 Database Engine\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"f9893acfa22b7fe1492dd9c515af2e5b\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"bb391050048ca8ae3e32451b5a3714ecd3596a46\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.h2database/h2@1.4.197?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/h2database/h2database\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database\nVersion: 1.4.197\nBOM-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\nAuthor: undefined\nDescription: H2 Database Engine\nPURL: pkg:maven/com.h2database/h2@1.4.197?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- hashes: [\n {\n alg: MD5,\n content: f9893acfa22b7fe1492dd9c515af2e5b\n },\n {\n alg: SHA-1,\n content: bb391050048ca8ae3e32451b5a3714ecd3596a46\n },\n {\n alg: SHA-256,\n content: 37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\n },\n {\n alg: SHA-512,\n content: aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\n },\n {\n alg: SHA3-256,\n content: ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\n },\n {\n alg: SHA3-512,\n content: 1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\n }\n]\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]\n- purl: pkg:maven/com.h2database/h2@1.4.197?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: https://github.com/h2database/h2database\n }\n]", "start_time": "" } ] } ], - "sha256": "12ae1f3bcf7df6a697a653098bbcbe6c8655a07f7d705d1739f479b4c9531b26" + "sha256": "5eb1029fd6edc5ff52faf63b6df538d46aad89466889da511e79b440d474ae2a" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index 89e6596a49..f7083d8267 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -50,18 +50,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "b7a12947-7a8d-4031-b59d-640d33dbad6a", "id": "GHSA-5mg8-w23w-74h3", "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\",\n \"group\": \"com.google.guava\",\n \"name\": \"guava\",\n \"version\": \"24.1.1-jre\",\n \"description\": \"Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"361459dd415a18e4750b7fa0cdd9e747\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"2e3014320a8005e3f3c1800cb246ed42db8cab81\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"build-system\",\n \"url\": \"https://travis-ci.org/google/guava\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/google/guava/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/google/guava\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava\nVersion: 24.1.1-jre\nBOM-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\nAuthor: undefined\nDescription: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\nPURL: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- hashes: [\n {\n alg: MD5,\n content: 361459dd415a18e4750b7fa0cdd9e747\n },\n {\n alg: SHA-1,\n content: 2e3014320a8005e3f3c1800cb246ed42db8cab81\n },\n {\n alg: SHA-256,\n content: 490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\n },\n {\n alg: SHA-512,\n content: f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\n },\n {\n alg: SHA3-256,\n content: 182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\n },\n {\n alg: SHA3-512,\n content: 245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\n- externalReferences: [\n {\n type: build-system,\n url: https://travis-ci.org/google/guava\n },\n {\n type: issue-tracker,\n url: https://github.com/google/guava/issues\n },\n {\n type: vcs,\n url: https://github.com/google/guava\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -91,18 +100,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "bb03c210-ea12-450d-85df-17d81a75ede2", "id": "GHSA-7g45-4rm6-3mm3", "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\",\n \"group\": \"com.google.guava\",\n \"name\": \"guava\",\n \"version\": \"24.1.1-jre\",\n \"description\": \"Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"361459dd415a18e4750b7fa0cdd9e747\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"2e3014320a8005e3f3c1800cb246ed42db8cab81\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"build-system\",\n \"url\": \"https://travis-ci.org/google/guava\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/google/guava/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/google/guava\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "Component Summary\nType: library\nName: guava\nGroup: com.google.guava\nVersion: 24.1.1-jre\nBOM-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\nAuthor: undefined\nDescription: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\nPURL: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- hashes: [\n {\n alg: MD5,\n content: 361459dd415a18e4750b7fa0cdd9e747\n },\n {\n alg: SHA-1,\n content: 2e3014320a8005e3f3c1800cb246ed42db8cab81\n },\n {\n alg: SHA-256,\n content: 490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\n },\n {\n alg: SHA-512,\n content: f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\n },\n {\n alg: SHA3-256,\n content: 182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\n },\n {\n alg: SHA3-512,\n content: 245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\n- externalReferences: [\n {\n type: build-system,\n url: https://travis-ci.org/google/guava\n },\n {\n type: issue-tracker,\n url: https://github.com/google/guava/issues\n },\n {\n type: vcs,\n url: https://github.com/google/guava\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -129,18 +147,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", "id": "GHSA-5p34-5m6p-p58g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -167,18 +194,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "f57dc81d-6b2d-4060-8c15-7613c1a37981", "id": "GHSA-27xj-rqx5-2255", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -205,18 +241,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", "id": "GHSA-58pp-9c76-5625", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -243,18 +288,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", "id": "GHSA-v3xw-c963-f5hc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -281,18 +335,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", "id": "GHSA-h4rc-386g-6m85", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -319,18 +382,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", "id": "GHSA-9vvp-fxw6-jcxr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -357,18 +429,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "343cd240-f667-4770-aecf-ddc11f9d0172", "id": "GHSA-rf6r-2c4q-2vwg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -395,18 +476,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", "id": "GHSA-758m-v56v-grj4", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -433,18 +523,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", "id": "GHSA-95cm-88f5-f2c7", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -471,18 +570,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", "id": "GHSA-c2q3-4qrh-fm48", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -509,18 +617,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "97981cb2-9228-4b8b-a172-ad12f550a19f", "id": "GHSA-mc6h-4qgp-37qh", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -547,18 +664,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", "id": "GHSA-j823-4qch-3rgm", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -585,18 +711,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "7e3a7481-266e-4cb7-af3b-94dcaf462942", "id": "GHSA-c265-37vj-cwcc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -623,18 +758,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "db7cfe67-0b1d-4504-af8b-da26e12af73a", "id": "GHSA-4w82-r329-3q67", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -661,18 +805,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", "id": "GHSA-rpr3-cw39-3pxh", "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -699,18 +852,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c037af59-a132-4727-8cc3-c6095c490df7", "id": "GHSA-fmmc-742q-jg75", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -737,18 +899,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", "id": "GHSA-gjmw-vf9h-g25v", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -775,18 +946,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "e8b21aeb-ce1d-4df2-8102-577b813e712f", "id": "GHSA-mx7p-6679-8g3q", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -813,18 +993,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "e141c668-bc18-4738-b3b6-e7ba1057d124", "id": "GHSA-q93h-jc49-78gg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -851,18 +1040,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", "id": "GHSA-p43x-xfjf-5jhr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -890,18 +1088,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "6af6635c-bedd-40e5-88b8-324d3a80a33e", "id": "GHSA-h3cw-g4mq-c5x2", "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -928,18 +1135,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "3ad04380-a25c-41d8-8fad-259c2561795b", "id": "GHSA-qjw2-hr98-qgfh", "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -966,18 +1182,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "86f78c35-adfb-48e4-9428-88084373e1c0", "id": "GHSA-8w26-6f25-cm9x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1004,18 +1229,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", "id": "GHSA-m6x4-97wx-4q27", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1042,18 +1276,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "00033bff-66dc-4a36-ab38-a10b0625409f", "id": "GHSA-v585-23hc-c647", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1080,18 +1323,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "14e2856b-f78d-4a6d-99eb-470c8566df29", "id": "GHSA-r695-7vr9-jgc2", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1118,18 +1370,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c224f923-be9a-4faa-a930-ef4db611bc2b", "id": "GHSA-vfqx-33qm-g869", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1156,18 +1417,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "5201940b-1f04-4668-ae86-8261448d817d", "id": "GHSA-f9xh-2qgp-cq57", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1194,18 +1464,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", "id": "GHSA-cvm9-fjm9-3572", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1232,18 +1511,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", "id": "GHSA-9gph-22xh-8x98", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1270,18 +1558,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "950cff67-088e-4f41-9818-25943c9e17c0", "id": "GHSA-89qr-369f-5m5x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1308,18 +1605,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "53eda8c2-268a-4866-89ac-234bfe7f74ce", "id": "GHSA-8c4j-34r4-xr8g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1346,18 +1652,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "9edaa51d-929b-457e-aab5-0fffecdb4938", "id": "GHSA-9m6f-7xcq-8vf8", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1384,18 +1699,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "6d5189b4-d549-419a-b886-43a62cc43d40", "id": "GHSA-5r5r-6hpj-8gg9", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1422,18 +1746,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "135c6dab-529e-4855-ab72-a0138e2110c8", "id": "GHSA-wh8g-3j2c-rqj5", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1461,18 +1794,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "57f41366-73de-4a9c-ba15-4d09c9f60e33", "id": "GHSA-r3gr-cxrf-hg25", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1500,18 +1842,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", "id": "GHSA-jjjh-jjxp-wpff", "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1538,18 +1889,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "726a055c-f364-4cb7-a75a-d3c541dad0fa", "id": "GHSA-5949-rw7g-wx7w", "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1576,18 +1936,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", "id": "GHSA-57j2-w4cx-62h2", "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1614,18 +1983,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", "id": "GHSA-288c-cq4h-88gq", "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1652,18 +2030,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", "id": "GHSA-gww7-p5w4-wrfv", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1691,18 +2078,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "87742746-bd8b-423d-979d-d9aa81a8ccfd", "id": "GHSA-rgv9-q543-rqg4", "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1729,18 +2125,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "5c0b94e1-0577-42c9-8028-f244d68f61da", "id": "GHSA-fqwf-pjwf-7vqv", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\",\n \"group\": \"com.fasterxml.jackson.core\",\n \"name\": \"jackson-databind\",\n \"version\": \"2.9.10\",\n \"description\": \"General data-binding functionality for Jackson: works on core streaming API\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ff43d79c624b0f7d465542fee6648474\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e201bb70b7469ba18dd58ed8268aa44e702fa2f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/FasterXML/jackson-databind\"\n },\n {\n \"type\": \"website\",\n \"url\": \"http://fasterxml.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\nType: library\nName: jackson-databind\nGroup: com.fasterxml.jackson.core\nVersion: 2.9.10\nBOM-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\nAuthor: undefined\nDescription: General data-binding functionality for Jackson: works on core streaming API\nPURL: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", "start_time": "" } ] @@ -1769,18 +2174,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "f2fa9b19-418a-4901-9840-a8631227701e", "id": "GHSA-8jpx-m2wh-2v34", "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\",\n \"group\": \"io.dropwizard\",\n \"name\": \"dropwizard-validation\",\n \"version\": \"1.3.15\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0557207f6f05c684958ff0c524ed97de\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\"\n }\n ],\n \"purl\": \"pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar\"\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard\nVersion: 1.3.15\nBOM-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\nAuthor: undefined\nDescription: undefined\nPURL: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15\n- hashes: [\n {\n alg: MD5,\n content: 0557207f6f05c684958ff0c524ed97de\n },\n {\n alg: SHA-1,\n content: d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\n },\n {\n alg: SHA-256,\n content: 6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\n },\n {\n alg: SHA-512,\n content: e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\n },\n {\n alg: SHA3-256,\n content: 95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\n },\n {\n alg: SHA3-512,\n content: 39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\n }\n]\n- purl: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", "start_time": "" } ] @@ -1809,18 +2223,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", "id": "GHSA-3mcp-9wr4-cjqf", "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\",\n \"group\": \"io.dropwizard\",\n \"name\": \"dropwizard-validation\",\n \"version\": \"1.3.15\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0557207f6f05c684958ff0c524ed97de\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\"\n }\n ],\n \"purl\": \"pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar\"\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "Component Summary\nType: library\nName: dropwizard-validation\nGroup: io.dropwizard\nVersion: 1.3.15\nBOM-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\nAuthor: undefined\nDescription: undefined\nPURL: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15\n- hashes: [\n {\n alg: MD5,\n content: 0557207f6f05c684958ff0c524ed97de\n },\n {\n alg: SHA-1,\n content: d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\n },\n {\n alg: SHA-256,\n content: 6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\n },\n {\n alg: SHA-512,\n content: e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\n },\n {\n alg: SHA3-256,\n content: 95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\n },\n {\n alg: SHA3-512,\n content: 39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\n }\n]\n- purl: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", "start_time": "" } ] @@ -1849,18 +2272,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", "id": "GHSA-rvwf-54qp-4r6v", "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -1888,18 +2320,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "63a53dc7-5769-43dc-a053-50ccd5295d8b", "id": "GHSA-9w3m-gqgf-c4p9", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -1927,18 +2368,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "5ab41975-23cc-45e0-9a13-be603ea00595", "id": "GHSA-w37g-rhq8-7m4j", "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -1966,18 +2416,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "dff65990-715e-4f71-aace-60d4436af108", "id": "GHSA-c4r9-r8fh-9vj2", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -2005,18 +2464,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", "id": "GHSA-hhhw-99gj-p3c3", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -2044,18 +2512,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "6c215a04-8ea0-421f-961b-d5cceb64fd13", "id": "GHSA-98wm-3w3q-mw94", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -2083,18 +2560,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "38c08d91-3487-44c4-b258-d5a274a4ad05", "id": "GHSA-3mc7-4q67-w48m", "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -2122,18 +2608,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", "id": "GHSA-mjmj-j48q-9wg2", "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\",\n \"group\": \"org.yaml\",\n \"name\": \"snakeyaml\",\n \"version\": \"1.23\",\n \"description\": \"YAML 1.1 parser and emitter for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"64ec8bd26b6d5034a87ecb1c8ce0efdc\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.yaml/snakeyaml@1.23?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/issues\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://bitbucket.org/asomov/snakeyaml/src\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\nType: library\nName: snakeyaml\nGroup: org.yaml\nVersion: 1.23\nBOM-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\nAuthor: undefined\nDescription: YAML 1.1 parser and emitter for Java\nPURL: pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", "start_time": "" } ] @@ -2160,18 +2655,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", "id": "GHSA-668q-qrv7-99fm", "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\",\n \"group\": \"ch.qos.logback\",\n \"name\": \"logback-core\",\n \"version\": \"1.2.3\",\n \"description\": \"logback-core module\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"841fc80c6edff60d947a3872a2db4d45\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"864344400c3d4d92dfeb0a305dc87d953677c03c\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.qos.ch\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/ceki/logback\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback\nVersion: 1.2.3\nBOM-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\nAuthor: undefined\nDescription: logback-core module\nPURL: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- hashes: [\n {\n alg: MD5,\n content: 841fc80c6edff60d947a3872a2db4d45\n },\n {\n alg: SHA-1,\n content: 864344400c3d4d92dfeb0a305dc87d953677c03c\n },\n {\n alg: SHA-256,\n content: 5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\n },\n {\n alg: SHA-512,\n content: bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\n },\n {\n alg: SHA3-256,\n content: 7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\n },\n {\n alg: SHA3-512,\n content: 76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.qos.ch\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: vcs,\n url: https://github.com/ceki/logback\n }\n]", "start_time": "" } ] @@ -2198,24 +2702,33 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", "id": "GHSA-vmq6-5m68-f53m", "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\",\n \"group\": \"ch.qos.logback\",\n \"name\": \"logback-core\",\n \"version\": \"1.2.3\",\n \"description\": \"logback-core module\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"841fc80c6edff60d947a3872a2db4d45\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"864344400c3d4d92dfeb0a305dc87d953677c03c\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.qos.ch\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/ceki/logback\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "Component Summary\nType: library\nName: logback-core\nGroup: ch.qos.logback\nVersion: 1.2.3\nBOM-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\nAuthor: undefined\nDescription: logback-core module\nPURL: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- hashes: [\n {\n alg: MD5,\n content: 841fc80c6edff60d947a3872a2db4d45\n },\n {\n alg: SHA-1,\n content: 864344400c3d4d92dfeb0a305dc87d953677c03c\n },\n {\n alg: SHA-256,\n content: 5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\n },\n {\n alg: SHA-512,\n content: bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\n },\n {\n alg: SHA3-256,\n content: 7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\n },\n {\n alg: SHA3-512,\n content: 76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.qos.ch\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: vcs,\n url: https://github.com/ceki/logback\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", - "message": "Component Summary\nType: library\nName: logback-classic\nGroup: ch.qos.logback\nVersion: 1.2.3\nBOM-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\nAuthor: undefined\nDescription: logback-classic module\nPURL: pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n- group: ch.qos.logback\n- name: logback-classic\n- version: 1.2.3\n- description: logback-classic module\n- hashes: [\n {\n alg: MD5,\n content: 64f7a68f931aed8e5ad8243470440f0b\n },\n {\n alg: SHA-1,\n content: 7c4f3c474fb2c041d8028740440937705ebb473a\n },\n {\n alg: SHA-256,\n content: fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0\n },\n {\n alg: SHA-512,\n content: 9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1\n },\n {\n alg: SHA3-256,\n content: 7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24\n },\n {\n alg: SHA3-512,\n content: 0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.qos.ch\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: vcs,\n url: https://github.com/ceki/logback\n }\n]", "start_time": "" } ] @@ -2242,18 +2755,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", "id": "GHSA-m394-8rww-3jr7", "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, - "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2280,18 +2802,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "f32ca540-f068-4392-bea0-c0d7b050b7d1", "id": "GHSA-m6cp-vxjx-65j6", "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2320,18 +2851,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", "id": "GHSA-26vr-8j45-3r4w", "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2358,18 +2898,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "d5c5815d-1742-46b6-953a-a4ed90fdd920", "id": "GHSA-p26g-97m4-6q7c", "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2397,18 +2946,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "f6ff72c7-6603-4627-899d-658f8f7c5f23", "id": "GHSA-qw69-rqj8-6qw8", "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, - "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2435,18 +2993,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", "id": "GHSA-86wm-rrjm-8wh8", "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The core jetty server artifact.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"b0bc6045c38e309d41f84d3c60fb31cd\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-server\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\nAuthor: undefined\nDescription: The core jetty server artifact.\nPURL: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2473,18 +3040,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c19b779d-2699-44de-a189-a0d18d8dc953", "id": "GHSA-cj7v-27pg-wf7q", "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-http\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0f5299204d64fb561a8062f594185dc6\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c2e73db2db5c369326b717da71b6587b3da11e0e\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: c1abfd09-121f-418c-befa-4d6b9e164769\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 0f5299204d64fb561a8062f594185dc6\n },\n {\n alg: SHA-1,\n content: c2e73db2db5c369326b717da71b6587b3da11e0e\n },\n {\n alg: SHA-256,\n content: a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\n },\n {\n alg: SHA-512,\n content: 93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\n },\n {\n alg: SHA3-256,\n content: 84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\n },\n {\n alg: SHA3-512,\n content: 08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2513,18 +3089,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", "id": "GHSA-hmr7-m48g-48f6", "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-http\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0f5299204d64fb561a8062f594185dc6\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c2e73db2db5c369326b717da71b6587b3da11e0e\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-http\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: c1abfd09-121f-418c-befa-4d6b9e164769\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 0f5299204d64fb561a8062f594185dc6\n },\n {\n alg: SHA-1,\n content: c2e73db2db5c369326b717da71b6587b3da11e0e\n },\n {\n alg: SHA-256,\n content: a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\n },\n {\n alg: SHA-512,\n content: 93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\n },\n {\n alg: SHA3-256,\n content: 84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\n },\n {\n alg: SHA3-512,\n content: 08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2555,18 +3140,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", "id": "GHSA-g3wg-6mcf-8jj6", "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-webapp\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"Jetty web application support\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"044d3037d9a5b94c8ed938d89045e06b\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-webapp\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\nAuthor: undefined\nDescription: Jetty web application support\nPURL: pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n- group: org.eclipse.jetty\n- name: jetty-webapp\n- version: 9.4.18.v20190429\n- description: Jetty web application support\n- hashes: [\n {\n alg: MD5,\n content: 044d3037d9a5b94c8ed938d89045e06b\n },\n {\n alg: SHA-1,\n content: 9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d\n },\n {\n alg: SHA-256,\n content: 3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125\n },\n {\n alg: SHA-512,\n content: 09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea\n },\n {\n alg: SHA3-256,\n content: a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4\n },\n {\n alg: SHA3-512,\n content: c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2593,18 +3187,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "76910119-ee18-4144-855b-b2fdab20e33c", "id": "GHSA-58qw-p7qm-5rvh", "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-xml\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The jetty xml utilities.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"637f8a266afa4cb043e1d142c7cacb33\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"dcd2806ee48e646fd4dcff81c7c6867fea2b52e8\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-xml\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\nAuthor: undefined\nDescription: The jetty xml utilities.\nPURL: pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n- group: org.eclipse.jetty\n- name: jetty-xml\n- version: 9.4.18.v20190429\n- description: The jetty xml utilities.\n- hashes: [\n {\n alg: MD5,\n content: 637f8a266afa4cb043e1d142c7cacb33\n },\n {\n alg: SHA-1,\n content: dcd2806ee48e646fd4dcff81c7c6867fea2b52e8\n },\n {\n alg: SHA-256,\n content: 2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6\n },\n {\n alg: SHA-512,\n content: f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206\n },\n {\n alg: SHA3-256,\n content: acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940\n },\n {\n alg: SHA3-512,\n content: 53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2631,18 +3234,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "d8add710-4eed-448d-b198-ecff8ffe86ea", "id": "GHSA-gwcr-j4wh-j3cq", "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-servlets\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"Utility Servlets from Jetty\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ed9e6c52ea1c28d92b81bf5c4cff5e22\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e5d174950a44c8f93e27cc2528eff5a6b55da2f3\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\nAuthor: undefined\nDescription: Utility Servlets from Jetty\nPURL: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- hashes: [\n {\n alg: MD5,\n content: ed9e6c52ea1c28d92b81bf5c4cff5e22\n },\n {\n alg: SHA-1,\n content: e5d174950a44c8f93e27cc2528eff5a6b55da2f3\n },\n {\n alg: SHA-256,\n content: 134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\n },\n {\n alg: SHA-512,\n content: ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\n },\n {\n alg: SHA3-256,\n content: 843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\n },\n {\n alg: SHA3-512,\n content: 7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2671,18 +3283,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "123b8eaf-5572-4945-975d-21ed3c2f101d", "id": "GHSA-3gh6-v5v9-6v9j", "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\",\n \"group\": \"org.eclipse.jetty\",\n \"name\": \"jetty-servlets\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"Utility Servlets from Jetty\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"ed9e6c52ea1c28d92b81bf5c4cff5e22\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"e5d174950a44c8f93e27cc2528eff5a6b55da2f3\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: jetty-servlets\nGroup: org.eclipse.jetty\nVersion: 9.4.18.v20190429\nBOM-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\nAuthor: undefined\nDescription: Utility Servlets from Jetty\nPURL: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- hashes: [\n {\n alg: MD5,\n content: ed9e6c52ea1c28d92b81bf5c4cff5e22\n },\n {\n alg: SHA-1,\n content: e5d174950a44c8f93e27cc2528eff5a6b55da2f3\n },\n {\n alg: SHA-256,\n content: 134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\n },\n {\n alg: SHA-512,\n content: ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\n },\n {\n alg: SHA3-256,\n content: 843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\n },\n {\n alg: SHA3-512,\n content: 7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -2712,18 +3333,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "499117ae-d134-4505-8674-ed498531e7a9", "id": "GHSA-269g-pwp5-87pp", "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, - "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\",\n \"group\": \"junit\",\n \"name\": \"junit\",\n \"version\": \"4.12\",\n \"description\": \"JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"5b38c40c97fbd0adee29f91e60405584\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"2973d150c0dc1fefe998f834810d68f278ea58ec\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.eclipse.org/legal/epl-v10.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/junit/junit@4.12?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.junit.org\"\n },\n {\n \"type\": \"build-system\",\n \"url\": \"https://junit.ci.cloudbees.com/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://github.com/junit-team/junit/wiki/Download-and-Install\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/junit-team/junit/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://groups.yahoo.com/neo/groups/junit/info\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/junit-team/junit/tree/master\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component junit/junit@4.12 is vulnerable", - "message": "Component Summary\nType: library\nName: junit\nGroup: junit\nVersion: 4.12\nBOM-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\nAuthor: undefined\nDescription: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\nPURL: pkg:maven/junit/junit@4.12?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n- group: junit\n- name: junit\n- version: 4.12\n- description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n- hashes: [\n {\n alg: MD5,\n content: 5b38c40c97fbd0adee29f91e60405584\n },\n {\n alg: SHA-1,\n content: 2973d150c0dc1fefe998f834810d68f278ea58ec\n },\n {\n alg: SHA-256,\n content: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a\n },\n {\n alg: SHA-512,\n content: 5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce\n },\n {\n alg: SHA3-256,\n content: 02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a\n },\n {\n alg: SHA3-512,\n content: 9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.eclipse.org/legal/epl-v10.html\n }\n }\n]\n- purl: pkg:maven/junit/junit@4.12?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.junit.org\n },\n {\n type: build-system,\n url: https://junit.ci.cloudbees.com/\n },\n {\n type: distribution,\n url: https://github.com/junit-team/junit/wiki/Download-and-Install\n },\n {\n type: issue-tracker,\n url: https://github.com/junit-team/junit/issues\n },\n {\n type: mailing-list,\n url: https://groups.yahoo.com/neo/groups/junit/info\n },\n {\n type: vcs,\n url: http://github.com/junit-team/junit/tree/master\n }\n]", "start_time": "" } ] @@ -2750,18 +3380,26 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "INTERNAL" + } + ] + } + ], "source_location": {}, "title": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "id": "INT-f70z-tbpp-4o5d", "desc": "", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\",\n \"group\": \"net.bytebuddy\",\n \"name\": \"byte-buddy\",\n \"version\": \"1.9.7\",\n \"description\": \"Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"3038371407163c76c89749c3a7c458b0\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"8fea78fea6449e1738b675cb155ce8422661e237\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"distribution\",\n \"url\": \"https://api.bintray.com/maven/raphw/maven/ByteBuddy\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/raphw/byte-buddy/issues\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy\nVersion: 1.9.7\nBOM-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\nAuthor: undefined\nDescription: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\nPURL: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- hashes: [\n {\n alg: MD5,\n content: 3038371407163c76c89749c3a7c458b0\n },\n {\n alg: SHA-1,\n content: 8fea78fea6449e1738b675cb155ce8422661e237\n },\n {\n alg: SHA-256,\n content: 69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\n },\n {\n alg: SHA-512,\n content: 20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\n },\n {\n alg: SHA3-256,\n content: fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\n },\n {\n alg: SHA3-512,\n content: 50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\n- externalReferences: [\n {\n type: distribution,\n url: https://api.bintray.com/maven/raphw/maven/ByteBuddy\n },\n {\n type: issue-tracker,\n url: https://github.com/raphw/byte-buddy/issues\n }\n]", "start_time": "" } ] @@ -2788,18 +3426,26 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "INTERNAL" + } + ] + } + ], "source_location": {}, "title": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "id": "INT-63e3-49kp-blqt", "desc": "testing", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\",\n \"group\": \"net.bytebuddy\",\n \"name\": \"byte-buddy\",\n \"version\": \"1.9.7\",\n \"description\": \"Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"3038371407163c76c89749c3a7c458b0\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"8fea78fea6449e1738b675cb155ce8422661e237\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"distribution\",\n \"url\": \"https://api.bintray.com/maven/raphw/maven/ByteBuddy\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/raphw/byte-buddy/issues\"\n }\n ]\n }\n ]\n}", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "Component Summary\nType: library\nName: byte-buddy\nGroup: net.bytebuddy\nVersion: 1.9.7\nBOM-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\nAuthor: undefined\nDescription: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\nPURL: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- hashes: [\n {\n alg: MD5,\n content: 3038371407163c76c89749c3a7c458b0\n },\n {\n alg: SHA-1,\n content: 8fea78fea6449e1738b675cb155ce8422661e237\n },\n {\n alg: SHA-256,\n content: 69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\n },\n {\n alg: SHA-512,\n content: 20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\n },\n {\n alg: SHA3-256,\n content: fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\n },\n {\n alg: SHA3-512,\n content: 50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\n- externalReferences: [\n {\n type: distribution,\n url: https://api.bintray.com/maven/raphw/maven/ByteBuddy\n },\n {\n type: issue-tracker,\n url: https://github.com/raphw/byte-buddy/issues\n }\n]", "start_time": "" } ] @@ -2826,18 +3472,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "1f182b73-afb8-424c-8e08-533a0f702076", "id": "GHSA-j8jw-g6fq-mp7h", "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\",\n \"group\": \"org.hibernate\",\n \"name\": \"hibernate-core\",\n \"version\": \"5.2.18.Final\",\n \"description\": \"The core O/RM functionality as provided by Hibernate\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"a5e6ac320c1b5fd739d213dc050cfc29\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c1861a015d47f55ffc6cb120216d17af177e0b90\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://hibernate.org\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://hibernate.atlassian.net/browse/HHH\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/hibernate/hibernate-orm\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate\nVersion: 5.2.18.Final\nBOM-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\nAuthor: undefined\nDescription: The core O/RM functionality as provided by Hibernate\nPURL: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- hashes: [\n {\n alg: MD5,\n content: a5e6ac320c1b5fd739d213dc050cfc29\n },\n {\n alg: SHA-1,\n content: c1861a015d47f55ffc6cb120216d17af177e0b90\n },\n {\n alg: SHA-256,\n content: 4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\n },\n {\n alg: SHA-512,\n content: 1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\n },\n {\n alg: SHA3-256,\n content: ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\n },\n {\n alg: SHA3-512,\n content: 4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\n }\n]\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://hibernate.org\n },\n {\n type: issue-tracker,\n url: https://hibernate.atlassian.net/browse/HHH\n },\n {\n type: vcs,\n url: http://github.com/hibernate/hibernate-orm\n }\n]", "start_time": "" } ] @@ -2864,18 +3519,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", "id": "GHSA-8grg-q944-cch5", "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\",\n \"group\": \"org.hibernate\",\n \"name\": \"hibernate-core\",\n \"version\": \"5.2.18.Final\",\n \"description\": \"The core O/RM functionality as provided by Hibernate\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"a5e6ac320c1b5fd739d213dc050cfc29\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c1861a015d47f55ffc6cb120216d17af177e0b90\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://hibernate.org\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://hibernate.atlassian.net/browse/HHH\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"http://github.com/hibernate/hibernate-orm\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "Component Summary\nType: library\nName: hibernate-core\nGroup: org.hibernate\nVersion: 5.2.18.Final\nBOM-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\nAuthor: undefined\nDescription: The core O/RM functionality as provided by Hibernate\nPURL: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- hashes: [\n {\n alg: MD5,\n content: a5e6ac320c1b5fd739d213dc050cfc29\n },\n {\n alg: SHA-1,\n content: c1861a015d47f55ffc6cb120216d17af177e0b90\n },\n {\n alg: SHA-256,\n content: 4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\n },\n {\n alg: SHA-512,\n content: 1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\n },\n {\n alg: SHA3-256,\n content: ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\n },\n {\n alg: SHA3-512,\n content: 4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\n }\n]\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://hibernate.org\n },\n {\n type: issue-tracker,\n url: https://hibernate.atlassian.net/browse/HHH\n },\n {\n type: vcs,\n url: http://github.com/hibernate/hibernate-orm\n }\n]", "start_time": "" } ] @@ -2902,18 +3566,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "55ebe39e-12f6-4360-aeba-9913ef7efb68", "id": "GHSA-hwj3-m3p6-hj38", "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\",\n \"group\": \"org.dom4j\",\n \"name\": \"dom4j\",\n \"version\": \"2.1.1\",\n \"description\": \"flexible XML framework for Java\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"f5710c1d5f5627ae5ce850a0b12ea87a\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"3dce5dbb3571aa820c677fadd8349bfa8f00c199\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"BSD 3-clause New License\",\n \"url\": \"https://github.com/dom4j/dom4j/blob/master/LICENSE\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.dom4j/dom4j@2.1.1?type=jar\"\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", - "message": "Component Summary\nType: library\nName: dom4j\nGroup: org.dom4j\nVersion: 2.1.1\nBOM-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\nAuthor: undefined\nDescription: flexible XML framework for Java\nPURL: pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n- group: org.dom4j\n- name: dom4j\n- version: 2.1.1\n- description: flexible XML framework for Java\n- hashes: [\n {\n alg: MD5,\n content: f5710c1d5f5627ae5ce850a0b12ea87a\n },\n {\n alg: SHA-1,\n content: 3dce5dbb3571aa820c677fadd8349bfa8f00c199\n },\n {\n alg: SHA-256,\n content: a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128\n },\n {\n alg: SHA-512,\n content: 547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1\n },\n {\n alg: SHA3-256,\n content: e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90\n },\n {\n alg: SHA3-512,\n content: 00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959\n }\n]\n- licenses: [\n {\n license: {\n name: BSD 3-clause New License,\n url: https://github.com/dom4j/dom4j/blob/master/LICENSE\n }\n }\n]\n- purl: pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", "start_time": "" } ] @@ -2940,18 +3613,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "8c0002e8-9326-40f7-9209-51020755ff02", "id": "GHSA-7r82-7xv7-xcpj", "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\",\n \"group\": \"org.apache.httpcomponents\",\n \"name\": \"httpclient\",\n \"version\": \"4.5.7\",\n \"description\": \"Apache HttpComponents Client\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"deed71468af21d6f0cf02bf853ac02ec\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"dda059f4908e1b548b7ba68d81a3b05897f27cb0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.apache.org/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"http://issues.apache.org/jira/browse/HTTPCLIENT\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://repository.apache.org/service/local/staging/deploy/maven2\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", - "message": "Component Summary\nType: library\nName: httpclient\nGroup: org.apache.httpcomponents\nVersion: 4.5.7\nBOM-ref: 893beba4-580b-4ada-a4cf-067fbe145507\nAuthor: undefined\nDescription: Apache HttpComponents Client\nPURL: pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n- group: org.apache.httpcomponents\n- name: httpclient\n- version: 4.5.7\n- description: Apache HttpComponents Client\n- hashes: [\n {\n alg: MD5,\n content: deed71468af21d6f0cf02bf853ac02ec\n },\n {\n alg: SHA-1,\n content: dda059f4908e1b548b7ba68d81a3b05897f27cb0\n },\n {\n alg: SHA-256,\n content: 807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330\n },\n {\n alg: SHA-512,\n content: 459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac\n },\n {\n alg: SHA3-256,\n content: 9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8\n },\n {\n alg: SHA3-512,\n content: f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.apache.org/\n },\n {\n type: issue-tracker,\n url: http://issues.apache.org/jira/browse/HTTPCLIENT\n },\n {\n type: mailing-list,\n url: http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/\n },\n {\n type: distribution,\n url: https://repository.apache.org/service/local/staging/deploy/maven2\n }\n]", "start_time": "" } ] @@ -2978,18 +3660,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "7b0674fc-e326-47d0-b34b-b5bfb523784b", "id": "GHSA-jvfv-hrrc-6q72", "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\",\n \"group\": \"org.liquibase\",\n \"name\": \"liquibase-core\",\n \"version\": \"3.6.3\",\n \"description\": \"Liquibase is a tool for managing and executing database changes.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"455a827f017027c276fdfc1ec0bba595\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"737c5a4fac26ee760d016923c83481ff933e4875\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.liquibase.org\"\n },\n {\n \"type\": \"build-system\",\n \"url\": \"https://circleci.com/gh/liquibase/liquibase/tree/master\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"http://liquibase.jira.com/browse/CORE\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", - "message": "Component Summary\nType: library\nName: liquibase-core\nGroup: org.liquibase\nVersion: 3.6.3\nBOM-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\nAuthor: undefined\nDescription: Liquibase is a tool for managing and executing database changes.\nPURL: pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n- group: org.liquibase\n- name: liquibase-core\n- version: 3.6.3\n- description: Liquibase is a tool for managing and executing database changes.\n- hashes: [\n {\n alg: MD5,\n content: 455a827f017027c276fdfc1ec0bba595\n },\n {\n alg: SHA-1,\n content: 737c5a4fac26ee760d016923c83481ff933e4875\n },\n {\n alg: SHA-256,\n content: e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d\n },\n {\n alg: SHA-512,\n content: a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b\n },\n {\n alg: SHA3-256,\n content: 6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8\n },\n {\n alg: SHA3-512,\n content: 1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.liquibase.org\n },\n {\n type: build-system,\n url: https://circleci.com/gh/liquibase/liquibase/tree/master\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2\n },\n {\n type: issue-tracker,\n url: http://liquibase.jira.com/browse/CORE\n }\n]", "start_time": "" } ] @@ -3017,18 +3708,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c3fdf61d-7886-423b-8a29-b6ab6790c127", "id": "GHSA-wgmr-mf83-7x4j", "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"9c82833f49671905299a1a0d0edc031d\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 9c82833f49671905299a1a0d0edc031d\n },\n {\n alg: SHA-1,\n content: 6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\n },\n {\n alg: SHA-256,\n content: 99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\n },\n {\n alg: SHA-512,\n content: 49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\n },\n {\n alg: SHA3-256,\n content: 866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\n },\n {\n alg: SHA3-512,\n content: 447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -3055,24 +3755,33 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "affa7af3-427f-4223-8028-d9ac45e80e08", "id": "GHSA-qppj-fm5r-hxr3", "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-server\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"9c82833f49671905299a1a0d0edc031d\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-server\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 9c82833f49671905299a1a0d0edc031d\n },\n {\n alg: SHA-1,\n content: 6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\n },\n {\n alg: SHA-256,\n content: 99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\n },\n {\n alg: SHA-512,\n content: 49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\n },\n {\n alg: SHA3-256,\n content: 866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\n },\n {\n alg: SHA3-512,\n content: 447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: d4f0dede20f81acfb53f97c01fae71cf\n },\n {\n alg: SHA-1,\n content: 6e3306d394aaaf41876220a818fb639faf5963b0\n },\n {\n alg: SHA-256,\n content: d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601\n },\n {\n alg: SHA-512,\n content: 79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4\n },\n {\n alg: SHA3-256,\n content: edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451\n },\n {\n alg: SHA3-512,\n content: 4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -3099,18 +3808,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", "id": "GHSA-rggv-cv7r-mw98", "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-common\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"d4f0dede20f81acfb53f97c01fae71cf\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"6e3306d394aaaf41876220a818fb639faf5963b0\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-common\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: d4f0dede20f81acfb53f97c01fae71cf\n },\n {\n alg: SHA-1,\n content: 6e3306d394aaaf41876220a818fb639faf5963b0\n },\n {\n alg: SHA-256,\n content: d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601\n },\n {\n alg: SHA-512,\n content: 79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4\n },\n {\n alg: SHA3-256,\n content: edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451\n },\n {\n alg: SHA3-512,\n content: 4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -3137,18 +3855,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", "id": "GHSA-wgh7-54f2-x98r", "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\",\n \"group\": \"org.eclipse.jetty.http2\",\n \"name\": \"http2-hpack\",\n \"version\": \"9.4.18.v20190429\",\n \"description\": \"The Eclipse Jetty Project\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"0323c6dd472c456a99d068f171cbd661\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n ],\n \"purl\": \"pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"https://webtide.com\"\n },\n {\n \"type\": \"distribution\",\n \"url\": \"https://oss.sonatype.org/service/local/staging/deploy/maven2/\"\n },\n {\n \"type\": \"issue-tracker\",\n \"url\": \"https://github.com/eclipse/jetty.project/issues\"\n },\n {\n \"type\": \"mailing-list\",\n \"url\": \"https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/eclipse/jetty.project\"\n }\n ]\n }\n ]\n}", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\nType: library\nName: http2-hpack\nGroup: org.eclipse.jetty.http2\nVersion: 9.4.18.v20190429\nBOM-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\nAuthor: undefined\nDescription: The Eclipse Jetty Project\nPURL: pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n- group: org.eclipse.jetty.http2\n- name: http2-hpack\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 0323c6dd472c456a99d068f171cbd661\n },\n {\n alg: SHA-1,\n content: aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87\n },\n {\n alg: SHA-256,\n content: 7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf\n },\n {\n alg: SHA-512,\n content: 075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd\n },\n {\n alg: SHA3-256,\n content: f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636\n },\n {\n alg: SHA3-512,\n content: efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", "start_time": "" } ] @@ -3177,18 +3904,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", "id": "GHSA-w4g2-9hj6-5472", "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\",\n \"group\": \"com.rabbitmq\",\n \"name\": \"amqp-client\",\n \"version\": \"4.4.1\",\n \"description\": \"The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"1a2a6feac205524a636c06d86af2df2c\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c442f6501595a6fb9c029409eca94888cc9a3106\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.rabbitmq.com\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/rabbitmq/rabbitmq-java-client\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq\nVersion: 4.4.1\nBOM-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\nAuthor: undefined\nDescription: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\nPURL: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- hashes: [\n {\n alg: MD5,\n content: 1a2a6feac205524a636c06d86af2df2c\n },\n {\n alg: SHA-1,\n content: c442f6501595a6fb9c029409eca94888cc9a3106\n },\n {\n alg: SHA-256,\n content: fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\n },\n {\n alg: SHA-512,\n content: 8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\n },\n {\n alg: SHA3-256,\n content: 4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\n },\n {\n alg: SHA3-512,\n content: a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\n }\n]\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]\n- purl: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.rabbitmq.com\n },\n {\n type: vcs,\n url: https://github.com/rabbitmq/rabbitmq-java-client\n }\n]", "start_time": "" } ] @@ -3215,18 +3951,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", "id": "GHSA-mm8h-8587-p46h", "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\",\n \"group\": \"com.rabbitmq\",\n \"name\": \"amqp-client\",\n \"version\": \"4.4.1\",\n \"description\": \"The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"1a2a6feac205524a636c06d86af2df2c\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"c442f6501595a6fb9c029409eca94888cc9a3106\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"website\",\n \"url\": \"http://www.rabbitmq.com\"\n },\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/rabbitmq/rabbitmq-java-client\"\n }\n ]\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "Component Summary\nType: library\nName: amqp-client\nGroup: com.rabbitmq\nVersion: 4.4.1\nBOM-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\nAuthor: undefined\nDescription: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\nPURL: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- hashes: [\n {\n alg: MD5,\n content: 1a2a6feac205524a636c06d86af2df2c\n },\n {\n alg: SHA-1,\n content: c442f6501595a6fb9c029409eca94888cc9a3106\n },\n {\n alg: SHA-256,\n content: fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\n },\n {\n alg: SHA-512,\n content: 8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\n },\n {\n alg: SHA3-256,\n content: 4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\n },\n {\n alg: SHA3-512,\n content: a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\n }\n]\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]\n- purl: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.rabbitmq.com\n },\n {\n type: vcs,\n url: https://github.com/rabbitmq/rabbitmq-java-client\n }\n]", "start_time": "" } ] @@ -3253,18 +3998,27 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "815a1358-2bd4-4028-bd3e-8219747c78f6", "id": "GHSA-h376-j262-vhq6", "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\",\n \"group\": \"com.h2database\",\n \"name\": \"h2\",\n \"version\": \"1.4.197\",\n \"description\": \"H2 Database Engine\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"f9893acfa22b7fe1492dd9c515af2e5b\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"bb391050048ca8ae3e32451b5a3714ecd3596a46\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.h2database/h2@1.4.197?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/h2database/h2database\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database\nVersion: 1.4.197\nBOM-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\nAuthor: undefined\nDescription: H2 Database Engine\nPURL: pkg:maven/com.h2database/h2@1.4.197?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- hashes: [\n {\n alg: MD5,\n content: f9893acfa22b7fe1492dd9c515af2e5b\n },\n {\n alg: SHA-1,\n content: bb391050048ca8ae3e32451b5a3714ecd3596a46\n },\n {\n alg: SHA-256,\n content: 37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\n },\n {\n alg: SHA-512,\n content: aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\n },\n {\n alg: SHA3-256,\n content: ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\n },\n {\n alg: SHA3-512,\n content: 1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\n }\n]\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]\n- purl: pkg:maven/com.h2database/h2@1.4.197?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: https://github.com/h2database/h2database\n }\n]", "start_time": "" } ] @@ -3293,24 +4047,33 @@ "label": "Date updated" } ], - "refs": [], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], "source_location": {}, "title": "c8a50465-16df-44e0-84e9-7acff5870a51", "id": "GHSA-45hx-wfhj-473x", "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", - "impact": 0.5, - "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ],\n \"affectedComponents\": [\n {\n \"type\": \"library\",\n \"bom-ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\",\n \"group\": \"com.h2database\",\n \"name\": \"h2\",\n \"version\": \"1.4.197\",\n \"description\": \"H2 Database Engine\",\n \"hashes\": [\n {\n \"alg\": \"MD5\",\n \"content\": \"f9893acfa22b7fe1492dd9c515af2e5b\"\n },\n {\n \"alg\": \"SHA-1\",\n \"content\": \"bb391050048ca8ae3e32451b5a3714ecd3596a46\"\n },\n {\n \"alg\": \"SHA-256\",\n \"content\": \"37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\"\n },\n {\n \"alg\": \"SHA-512\",\n \"content\": \"aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\"\n },\n {\n \"alg\": \"SHA3-256\",\n \"content\": \"ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\"\n },\n {\n \"alg\": \"SHA3-512\",\n \"content\": \"1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\"\n }\n ],\n \"licenses\": [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n ],\n \"purl\": \"pkg:maven/com.h2database/h2@1.4.197?type=jar\",\n \"externalReferences\": [\n {\n \"type\": \"vcs\",\n \"url\": \"https://github.com/h2database/h2database\"\n }\n ]\n }\n ]\n}", + "impact": 1, + "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "Component Summary\nType: library\nName: h2\nGroup: com.h2database\nVersion: 1.4.197\nBOM-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\nAuthor: undefined\nDescription: H2 Database Engine\nPURL: pkg:maven/com.h2database/h2@1.4.197?type=jar", + "message": "Component Summary\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- hashes: [\n {\n alg: MD5,\n content: f9893acfa22b7fe1492dd9c515af2e5b\n },\n {\n alg: SHA-1,\n content: bb391050048ca8ae3e32451b5a3714ecd3596a46\n },\n {\n alg: SHA-256,\n content: 37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\n },\n {\n alg: SHA-512,\n content: aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\n },\n {\n alg: SHA3-256,\n content: ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\n },\n {\n alg: SHA3-512,\n content: 1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\n }\n]\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]\n- purl: pkg:maven/com.h2database/h2@1.4.197?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: https://github.com/h2database/h2database\n }\n]", "start_time": "" } ] } ], - "sha256": "12ae1f3bcf7df6a697a653098bbcbe6c8655a07f7d705d1739f479b4c9531b26" + "sha256": "5eb1029fd6edc5ff52faf63b6df538d46aad89466889da511e79b440d474ae2a" } ], "passthrough": { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index b6aecb160f..eaab536647 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -7,6 +7,12 @@ import {getCCIsForNISTTags} from './utils/global'; const CWE_NIST_MAPPING = new CweNistMapping(); const DEFAULT_NIST_TAG = ['SI-2', 'RA-5']; +const IMPACT_MAPPING: Map = new Map([ + ['critical', 1.0], + ['high', 0.7], + ['medium', 0.5], + ['low', 0.3] +]); function formatCWETags(input: number[], addPrefix = true): string[] { const stringifiedCWE: string[] = []; @@ -24,6 +30,21 @@ function getNISTTags(input: number[]): string[] { ); } +// A single SBOM vulnerability can contain multiple severity reports +// Need to average any existing severities and then pass to `impact` +function aggregateImpact(ratings: Record[]) { + let impact = 0; + for (const rating of ratings) { + const severity = IMPACT_MAPPING.get( + (rating as {severity: string}).severity.toLowerCase() + ); + if (severity) { + impact += severity; + } + } + return Math.ceil((impact / ratings.length) * 100) / 100; +} + export class SBOMResults { data: Record; withRaw: boolean; @@ -37,18 +58,21 @@ export class SBOMResults { // Flatten any arbitrarily nested components list flattenComponents(data: Record) { - // Look through every component at the top level of the list - for (const component of data.components as Record[]) { - // Identify if subcomponents exist - if (_.has(component, 'components')) { - // If so, pull out the subcomponents and push them to end of top level component list for further flattening - for (const subcomponent of component.components as Record< - string, - unknown - >[]) { - (data.components as Record[]).push(subcomponent); + // Ensure that a components structure is available + if (_.has(data, 'components')) { + // Look through every component at the top level of the list + for (const component of data.components as Record[]) { + // Identify if subcomponents exist + if (_.has(component, 'components')) { + // If so, pull out the subcomponents and push them to end of top level component list for further flattening + for (const subcomponent of component.components as Record< + string, + unknown + >[]) { + (data.components as Record[]).push(subcomponent); + } + delete component.components; } - delete component.components; } } } @@ -75,7 +99,7 @@ export class SBOMResults { */ generateIntermediary(data: Record) { // Find if vulnerabilities structure exists, else skip vulnerability restructuring - if (_.has(data, 'vulnerabilities')) { + if (_.has(data, ['vulnerabilities', 'components'])) { for (const vulnerability of data.vulnerabilities as (Record< string, unknown @@ -181,16 +205,27 @@ export class SBOMMapper extends BaseConverter { data: {path: 'updated'}, label: 'Date updated' } - ], //Insert data - refs: [], //Insert data - source_location: {}, //Insert data + ], + refs: [ + { + path: 'source', + transformer: (data: Record) => { + return {ref: [data]}; + } + } + ], + source_location: {}, title: {path: 'bom-ref'}, id: {path: 'id'}, desc: {path: 'description'}, - impact: 0.5, //Insert data + impact: {path: 'ratings', transformer: aggregateImpact}, code: { transformer: (vulnerability: Record): string => { - return JSON.stringify(vulnerability, null, 2); + return JSON.stringify( + _.omit(vulnerability, 'affectedComponents'), + null, + 2 + ); } }, results: [ @@ -206,7 +241,15 @@ export class SBOMMapper extends BaseConverter { }, message: { transformer: (input: Record): string => { - return `Component Summary\nType: ${input.type}\nName: ${input.name}\nGroup: ${input.group}\nVersion: ${input.version}\nBOM-ref: ${input['bom-ref']}\nAuthor: ${input.author}\nDescription: ${input.description}\nPURL: ${input.purl}`; + let msg = 'Component Summary'; + for (const item in input) { + if (input[item] instanceof Array) { + msg += `\n- ${item}: ${JSON.stringify(input[item], null, 2).replace(/\"/g, '')}`; + } else { + msg += `\n- ${item}: ${input[item]}`; + } + } + return msg; } }, start_time: '' diff --git a/libs/hdf-converters/src/utils/fingerprinting.ts b/libs/hdf-converters/src/utils/fingerprinting.ts index b41ab5ed9c..1cb79cd4b7 100644 --- a/libs/hdf-converters/src/utils/fingerprinting.ts +++ b/libs/hdf-converters/src/utils/fingerprinting.ts @@ -68,7 +68,7 @@ const fileTypeFingerprints: Record = { [INPUT_TYPES.NOT_FOUND]: [], [INPUT_TYPES.VERACODE]: [], [INPUT_TYPES.GOSEC]: ['Golang errors', 'Issues'], - [INPUT_TYPES.SBOM]: ['bomFormat', 'metadata', 'components'] + [INPUT_TYPES.SBOM]: ['bomFormat', 'metadata', 'specVersion'] }; export function fingerprint(guessOptions: { diff --git a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts index 36ad553864..e5b7ab4b66 100644 --- a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts @@ -11,10 +11,10 @@ describe('sbom_mapper_saf', () => { ) ); - // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', - // JSON.stringify(mapper.toHdf(), null, 2) - // ); + fs.writeFileSync( + 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', + JSON.stringify(mapper.toHdf(), null, 2) + ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -36,10 +36,10 @@ describe('sbom_mapper_saf', () => { true ); - // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', - // JSON.stringify(mapper.toHdf(), null, 2) - // ); + fs.writeFileSync( + 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', + JSON.stringify(mapper.toHdf(), null, 2) + ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -65,10 +65,10 @@ describe('sbom_mapper_dropwizard_vulns', () => { ) ); - // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', - // JSON.stringify(mapper.toHdf(), null, 2) - // ); + fs.writeFileSync( + 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', + JSON.stringify(mapper.toHdf(), null, 2) + ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -93,10 +93,10 @@ describe('sbom_mapper_dropwizard_vulns', () => { true ); - // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', - // JSON.stringify(mapper.toHdf(), null, 2) - // ); + fs.writeFileSync( + 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', + JSON.stringify(mapper.toHdf(), null, 2) + ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( From 73b1f48b43c3d82a3b465a50fc1e9d57623a6fd7 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 25 Jul 2024 15:09:01 -0400 Subject: [PATCH 17/61] Test fix Signed-off-by: Charles Hu --- .../test/mappers/forward/sbom_mapper.spec.ts | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts index e5b7ab4b66..36ad553864 100644 --- a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts @@ -11,10 +11,10 @@ describe('sbom_mapper_saf', () => { ) ); - fs.writeFileSync( - 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', - JSON.stringify(mapper.toHdf(), null, 2) - ); + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -36,10 +36,10 @@ describe('sbom_mapper_saf', () => { true ); - fs.writeFileSync( - 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', - JSON.stringify(mapper.toHdf(), null, 2) - ); + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -65,10 +65,10 @@ describe('sbom_mapper_dropwizard_vulns', () => { ) ); - fs.writeFileSync( - 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', - JSON.stringify(mapper.toHdf(), null, 2) - ); + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -93,10 +93,10 @@ describe('sbom_mapper_dropwizard_vulns', () => { true ); - fs.writeFileSync( - 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', - JSON.stringify(mapper.toHdf(), null, 2) - ); + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( From f7ea434eea8c50961afad534d918a4ab95cb3fcc Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 25 Jul 2024 15:32:33 -0400 Subject: [PATCH 18/61] VEX ingestion fix Signed-off-by: Charles Hu --- libs/hdf-converters/src/sbom-mapper.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index eaab536647..ea7075cf9f 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -99,7 +99,7 @@ export class SBOMResults { */ generateIntermediary(data: Record) { // Find if vulnerabilities structure exists, else skip vulnerability restructuring - if (_.has(data, ['vulnerabilities', 'components'])) { + if (_.has(data, 'components') && _.has(data, 'vulnerabilities')) { for (const vulnerability of data.vulnerabilities as (Record< string, unknown From 26b5aacddc77f7e710e204975eac10eaa6964958 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 25 Jul 2024 16:00:24 -0400 Subject: [PATCH 19/61] Clean up Signed-off-by: Charles Hu --- .../sbom-dropwizard-vulns-hdf-withraw.json | 7640 +---------------- .../sbom-dropwizard-vulns-hdf.json | 7640 +---------------- .../sbom_mapper/sbom-saf-hdf-withraw.json | 9 +- .../sbom_mapper/sbom-saf-hdf.json | 9 +- libs/hdf-converters/src/sbom-mapper.ts | 21 +- .../test/mappers/forward/sbom_mapper.spec.ts | 32 +- 6 files changed, 36 insertions(+), 15315 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index 053d7fb262..b2f69bde81 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -1,8 +1,7 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.8", - "target_id": null + "release": "2.10.8" }, "version": "2.10.8", "statistics": {}, @@ -12,14 +11,10 @@ "title": "test 9", "version": "SNAPSHOT", "maintainer": "", - "summary": null, "description": "This is the project I want to use to generate data to understand the schema a bit better", "license": "", "supports": [], "attributes": [], - "copyright": null, - "copyright_email": null, - "depends": [], "groups": [], "status": "loaded", "controls": [ @@ -4073,7 +4068,7 @@ ] } ], - "sha256": "5eb1029fd6edc5ff52faf63b6df538d46aad89466889da511e79b440d474ae2a" + "sha256": "47d6baff3f650950cb7e0dec0c43a91f6c0c73c42c1cd0a7db431aa7e43ae781" } ], "passthrough": { @@ -14121,7636 +14116,7 @@ "version": "SNAPSHOT", "description": "This is the project I want to use to generate data to understand the schema a bit better" } - }, - "vulnerabilities": [ - { - "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", - "id": "GHSA-5mg8-w23w-74h3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 173, - 200, - 378, - 732 - ], - "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", - "published": "2021-03-25T17:04:19Z", - "updated": "2023-11-09T18:44:38Z", - "affects": [ - { - "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", - "group": "com.google.guava", - "name": "guava", - "version": "24.1.1-jre", - "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", - "hashes": [ - { - "alg": "MD5", - "content": "361459dd415a18e4750b7fa0cdd9e747" - }, - { - "alg": "SHA-1", - "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" - }, - { - "alg": "SHA-256", - "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" - }, - { - "alg": "SHA-512", - "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" - }, - { - "alg": "SHA3-256", - "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" - }, - { - "alg": "SHA3-512", - "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", - "externalReferences": [ - { - "type": "build-system", - "url": "https://travis-ci.org/google/guava" - }, - { - "type": "issue-tracker", - "url": "https://github.com/google/guava/issues" - }, - { - "type": "vcs", - "url": "https://github.com/google/guava" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", - "id": "GHSA-7g45-4rm6-3mm3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 379, - 552 - ], - "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", - "published": "2023-06-14T18:30:38Z", - "updated": "2024-02-13T21:49:15Z", - "affects": [ - { - "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", - "group": "com.google.guava", - "name": "guava", - "version": "24.1.1-jre", - "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", - "hashes": [ - { - "alg": "MD5", - "content": "361459dd415a18e4750b7fa0cdd9e747" - }, - { - "alg": "SHA-1", - "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" - }, - { - "alg": "SHA-256", - "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" - }, - { - "alg": "SHA-512", - "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" - }, - { - "alg": "SHA3-256", - "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" - }, - { - "alg": "SHA3-512", - "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", - "externalReferences": [ - { - "type": "build-system", - "url": "https://travis-ci.org/google/guava" - }, - { - "type": "issue-tracker", - "url": "https://github.com/google/guava/issues" - }, - { - "type": "vcs", - "url": "https://github.com/google/guava" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", - "id": "GHSA-5p34-5m6p-p58g", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", - "published": "2020-04-23T21:08:40Z", - "updated": "2023-02-01T05:02:59Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", - "id": "GHSA-27xj-rqx5-2255", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", - "published": "2020-05-15T18:58:44Z", - "updated": "2023-02-01T05:02:59Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", - "id": "GHSA-58pp-9c76-5625", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", - "published": "2020-06-10T21:12:41Z", - "updated": "2023-02-01T05:03:03Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", - "id": "GHSA-v3xw-c963-f5hc", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", - "published": "2020-05-15T18:58:50Z", - "updated": "2023-02-01T05:03:05Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", - "id": "GHSA-h4rc-386g-6m85", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", - "published": "2020-04-23T20:19:02Z", - "updated": "2024-03-15T00:41:35Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", - "id": "GHSA-9vvp-fxw6-jcxr", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", - "published": "2020-05-15T18:58:47Z", - "updated": "2024-03-15T00:48:55Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", - "id": "GHSA-rf6r-2c4q-2vwg", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", - "published": "2020-05-15T18:58:54Z", - "updated": "2024-03-15T00:50:18Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", - "id": "GHSA-758m-v56v-grj4", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", - "published": "2020-04-23T21:36:03Z", - "updated": "2024-06-25T13:46:45Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", - "id": "GHSA-95cm-88f5-f2c7", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", - "published": "2020-04-23T16:32:59Z", - "updated": "2024-07-03T21:10:50Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", - "id": "GHSA-c2q3-4qrh-fm48", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", - "published": "2020-06-18T14:44:50Z", - "updated": "2023-02-01T05:04:14Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", - "id": "GHSA-mc6h-4qgp-37qh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", - "published": "2020-06-18T14:44:43Z", - "updated": "2024-03-15T00:37:17Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", - "id": "GHSA-j823-4qch-3rgm", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", - "published": "2020-06-18T14:44:46Z", - "updated": "2024-03-15T00:39:55Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", - "id": "GHSA-c265-37vj-cwcc", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", - "published": "2020-06-18T14:44:48Z", - "updated": "2024-06-25T13:46:04Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", - "id": "GHSA-4w82-r329-3q67", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", - "published": "2020-03-04T20:52:14Z", - "updated": "2023-06-08T19:02:12Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", - "id": "GHSA-rpr3-cw39-3pxh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", - "published": "2022-07-15T19:41:47Z", - "updated": "2023-08-18T15:45:27Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", - "id": "GHSA-fmmc-742q-jg75", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", - "published": "2019-11-13T00:32:27Z", - "updated": "2023-09-14T14:55:20Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", - "id": "GHSA-gjmw-vf9h-g25v", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", - "published": "2019-11-13T00:32:38Z", - "updated": "2023-09-14T14:55:25Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", - "id": "GHSA-mx7p-6679-8g3q", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", - "published": "2019-10-28T20:51:15Z", - "updated": "2024-03-15T00:57:37Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", - "id": "GHSA-q93h-jc49-78gg", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", - "published": "2020-05-15T18:59:10Z", - "updated": "2023-09-14T15:09:40Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", - "id": "GHSA-p43x-xfjf-5jhr", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", - "published": "2020-05-15T18:59:01Z", - "updated": "2024-03-15T00:20:09Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", - "id": "GHSA-h3cw-g4mq-c5x2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 94, - 502 - ], - "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", - "published": "2021-12-09T19:14:51Z", - "updated": "2023-09-14T15:44:55Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", - "id": "GHSA-qjw2-hr98-qgfh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", - "published": "2021-12-09T19:15:36Z", - "updated": "2023-09-14T15:47:50Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", - "id": "GHSA-8w26-6f25-cm9x", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", - "published": "2021-12-09T19:16:02Z", - "updated": "2023-09-14T15:52:49Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", - "id": "GHSA-m6x4-97wx-4q27", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", - "published": "2021-12-09T19:16:26Z", - "updated": "2023-09-14T15:53:30Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", - "id": "GHSA-v585-23hc-c647", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", - "published": "2021-11-19T20:13:06Z", - "updated": "2023-09-14T15:59:33Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", - "id": "GHSA-r695-7vr9-jgc2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", - "published": "2021-12-09T19:16:51Z", - "updated": "2023-09-14T16:01:31Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", - "id": "GHSA-vfqx-33qm-g869", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", - "published": "2021-12-09T19:16:59Z", - "updated": "2023-09-14T16:04:22Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", - "id": "GHSA-f9xh-2qgp-cq57", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", - "published": "2021-12-09T19:16:42Z", - "updated": "2023-09-14T16:04:22Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", - "id": "GHSA-cvm9-fjm9-3572", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "published": "2021-12-09T19:16:10Z", - "updated": "2023-09-14T16:07:00Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", - "id": "GHSA-9gph-22xh-8x98", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "published": "2021-12-09T19:15:54Z", - "updated": "2023-09-14T16:07:40Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", - "id": "GHSA-89qr-369f-5m5x", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "published": "2021-12-09T19:15:46Z", - "updated": "2023-09-14T16:08:37Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", - "id": "GHSA-8c4j-34r4-xr8g", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "published": "2021-12-09T19:16:18Z", - "updated": "2023-09-14T16:13:01Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", - "id": "GHSA-9m6f-7xcq-8vf8", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", - "published": "2021-12-09T19:16:34Z", - "updated": "2023-09-14T16:15:44Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", - "id": "GHSA-5r5r-6hpj-8gg9", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", - "published": "2021-12-09T19:15:24Z", - "updated": "2023-11-21T11:40:53Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", - "id": "GHSA-wh8g-3j2c-rqj5", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", - "published": "2021-12-09T19:15:00Z", - "updated": "2024-03-15T00:28:08Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", - "id": "GHSA-r3gr-cxrf-hg25", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502, - 913 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", - "published": "2021-12-09T19:15:11Z", - "updated": "2024-06-25T13:47:23Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", - "id": "GHSA-jjjh-jjxp-wpff", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 502 - ], - "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", - "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-15T00:14:44Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", - "id": "GHSA-5949-rw7g-wx7w", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", - "published": "2021-01-20T21:20:15Z", - "updated": "2024-03-15T00:16:04Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", - "id": "GHSA-57j2-w4cx-62h2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 787 - ], - "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", - "published": "2022-03-12T00:00:36Z", - "updated": "2024-03-15T00:24:56Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", - "id": "GHSA-288c-cq4h-88gq", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", - "published": "2021-02-18T20:51:54Z", - "updated": "2024-03-15T00:31:24Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", - "id": "GHSA-gww7-p5w4-wrfv", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", - "published": "2020-03-04T20:52:11Z", - "updated": "2024-03-15T00:52:59Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", - "id": "GHSA-rgv9-q543-rqg4", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 502 - ], - "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", - "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-24T05:01:05Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", - "id": "GHSA-fqwf-pjwf-7vqv", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", - "published": "2020-05-15T18:59:04Z", - "updated": "2024-07-03T21:10:31Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", - "id": "GHSA-8jpx-m2wh-2v34", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 74 - ], - "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "published": "2020-04-10T18:42:20Z", - "updated": "2023-01-09T05:02:18Z", - "affects": [ - { - "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "group": "io.dropwizard", - "name": "dropwizard-validation", - "version": "1.3.15", - "hashes": [ - { - "alg": "MD5", - "content": "0557207f6f05c684958ff0c524ed97de" - }, - { - "alg": "SHA-1", - "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" - }, - { - "alg": "SHA-256", - "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" - }, - { - "alg": "SHA-512", - "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" - }, - { - "alg": "SHA3-256", - "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" - }, - { - "alg": "SHA3-512", - "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" - } - ], - "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" - } - ] - }, - { - "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", - "id": "GHSA-3mcp-9wr4-cjqf", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 74 - ], - "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "published": "2020-02-24T17:27:27Z", - "updated": "2024-06-05T16:42:03Z", - "affects": [ - { - "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "group": "io.dropwizard", - "name": "dropwizard-validation", - "version": "1.3.15", - "hashes": [ - { - "alg": "MD5", - "content": "0557207f6f05c684958ff0c524ed97de" - }, - { - "alg": "SHA-1", - "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" - }, - { - "alg": "SHA-256", - "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" - }, - { - "alg": "SHA-512", - "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" - }, - { - "alg": "SHA3-256", - "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" - }, - { - "alg": "SHA3-512", - "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" - } - ], - "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" - } - ] - }, - { - "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", - "id": "GHSA-rvwf-54qp-4r6v", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 776 - ], - "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", - "published": "2021-06-04T21:37:45Z", - "updated": "2023-05-22T20:17:58Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", - "id": "GHSA-9w3m-gqgf-c4p9", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", - "id": "GHSA-w37g-rhq8-7m4j", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", - "published": "2022-11-11T19:00:31Z", - "updated": "2024-06-21T21:33:52Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", - "id": "GHSA-c4r9-r8fh-9vj2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", - "id": "GHSA-hhhw-99gj-p3c3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", - "id": "GHSA-98wm-3w3q-mw94", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", - "id": "GHSA-3mc7-4q67-w48m", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 776 - ], - "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", - "published": "2022-08-31T00:00:24Z", - "updated": "2024-03-15T19:06:46Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", - "id": "GHSA-mjmj-j48q-9wg2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 20, - 502 - ], - "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", - "published": "2022-12-12T21:19:47Z", - "updated": "2024-06-24T21:22:59Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", - "id": "GHSA-668q-qrv7-99fm", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", - "published": "2021-12-17T20:00:50Z", - "updated": "2023-01-30T05:04:55Z", - "affects": [ - { - "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "group": "ch.qos.logback", - "name": "logback-core", - "version": "1.2.3", - "description": "logback-core module", - "hashes": [ - { - "alg": "MD5", - "content": "841fc80c6edff60d947a3872a2db4d45" - }, - { - "alg": "SHA-1", - "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" - }, - { - "alg": "SHA-256", - "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" - }, - { - "alg": "SHA-512", - "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" - }, - { - "alg": "SHA3-256", - "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" - }, - { - "alg": "SHA3-512", - "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0", - "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" - } - } - ], - "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.qos.ch" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "vcs", - "url": "https://github.com/ceki/logback" - } - ] - } - ] - }, - { - "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", - "id": "GHSA-vmq6-5m68-f53m", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "published": "2023-11-29T12:30:16Z", - "updated": "2023-12-05T21:31:13Z", - "affects": [ - { - "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "group": "ch.qos.logback", - "name": "logback-core", - "version": "1.2.3", - "description": "logback-core module", - "hashes": [ - { - "alg": "MD5", - "content": "841fc80c6edff60d947a3872a2db4d45" - }, - { - "alg": "SHA-1", - "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" - }, - { - "alg": "SHA-256", - "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" - }, - { - "alg": "SHA-512", - "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" - }, - { - "alg": "SHA3-256", - "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" - }, - { - "alg": "SHA3-512", - "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0", - "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" - } - } - ], - "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.qos.ch" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "vcs", - "url": "https://github.com/ceki/logback" - } - ] - } - ] - }, - { - "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", - "id": "GHSA-vmq6-5m68-f53m", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "published": "2023-11-29T12:30:16Z", - "updated": "2023-12-05T21:31:13Z", - "affects": [ - { - "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", - "group": "ch.qos.logback", - "name": "logback-classic", - "version": "1.2.3", - "description": "logback-classic module", - "hashes": [ - { - "alg": "MD5", - "content": "64f7a68f931aed8e5ad8243470440f0b" - }, - { - "alg": "SHA-1", - "content": "7c4f3c474fb2c041d8028740440937705ebb473a" - }, - { - "alg": "SHA-256", - "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" - }, - { - "alg": "SHA-512", - "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" - }, - { - "alg": "SHA3-256", - "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" - }, - { - "alg": "SHA3-512", - "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0", - "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" - } - } - ], - "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.qos.ch" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "vcs", - "url": "https://github.com/ceki/logback" - } - ] - } - ] - }, - { - "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", - "id": "GHSA-m394-8rww-3jr7", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", - "published": "2021-03-10T03:46:47Z", - "updated": "2023-02-01T05:05:09Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", - "id": "GHSA-m6cp-vxjx-65j6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 613 - ], - "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", - "published": "2021-06-23T20:23:04Z", - "updated": "2023-02-01T05:05:59Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", - "id": "GHSA-26vr-8j45-3r4w", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 551, - 755 - ], - "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", - "published": "2021-04-06T17:31:30Z", - "updated": "2023-09-26T11:11:47Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", - "id": "GHSA-p26g-97m4-6q7c", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 200 - ], - "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", - "published": "2023-04-18T22:19:57Z", - "updated": "2023-11-06T05:01:53Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", - "id": "GHSA-qw69-rqj8-6qw8", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400, - 770 - ], - "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", - "published": "2023-04-19T18:15:45Z", - "updated": "2023-11-06T05:02:06Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", - "id": "GHSA-86wm-rrjm-8wh8", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 226 - ], - "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", - "published": "2020-12-02T18:28:18Z", - "updated": "2024-02-21T17:23:14Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", - "id": "GHSA-cj7v-27pg-wf7q", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 20 - ], - "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "published": "2022-07-07T20:55:34Z", - "updated": "2023-01-29T05:06:01Z", - "affects": [ - { - "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", - "group": "org.eclipse.jetty", - "name": "jetty-http", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "0f5299204d64fb561a8062f594185dc6" - }, - { - "alg": "SHA-1", - "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" - }, - { - "alg": "SHA-256", - "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" - }, - { - "alg": "SHA-512", - "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" - }, - { - "alg": "SHA3-256", - "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" - }, - { - "alg": "SHA3-512", - "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", - "id": "GHSA-hmr7-m48g-48f6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 130 - ], - "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", - "published": "2023-09-14T16:17:27Z", - "updated": "2023-11-06T05:01:59Z", - "affects": [ - { - "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", - "group": "org.eclipse.jetty", - "name": "jetty-http", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "0f5299204d64fb561a8062f594185dc6" - }, - { - "alg": "SHA-1", - "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" - }, - { - "alg": "SHA-256", - "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" - }, - { - "alg": "SHA-512", - "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" - }, - { - "alg": "SHA3-256", - "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" - }, - { - "alg": "SHA3-512", - "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", - "id": "GHSA-g3wg-6mcf-8jj6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 378, - 379, - 552 - ], - "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", - "published": "2020-11-04T17:50:24Z", - "updated": "2023-11-27T23:07:53Z", - "affects": [ - { - "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", - "group": "org.eclipse.jetty", - "name": "jetty-webapp", - "version": "9.4.18.v20190429", - "description": "Jetty web application support", - "hashes": [ - { - "alg": "MD5", - "content": "044d3037d9a5b94c8ed938d89045e06b" - }, - { - "alg": "SHA-1", - "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" - }, - { - "alg": "SHA-256", - "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" - }, - { - "alg": "SHA-512", - "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" - }, - { - "alg": "SHA3-256", - "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" - }, - { - "alg": "SHA3-512", - "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", - "id": "GHSA-58qw-p7qm-5rvh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", - "published": "2023-07-10T21:52:39Z", - "updated": "2023-09-05T22:39:32Z", - "affects": [ - { - "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", - "group": "org.eclipse.jetty", - "name": "jetty-xml", - "version": "9.4.18.v20190429", - "description": "The jetty xml utilities.", - "hashes": [ - { - "alg": "MD5", - "content": "637f8a266afa4cb043e1d142c7cacb33" - }, - { - "alg": "SHA-1", - "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" - }, - { - "alg": "SHA-256", - "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" - }, - { - "alg": "SHA-512", - "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" - }, - { - "alg": "SHA3-256", - "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" - }, - { - "alg": "SHA3-512", - "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", - "id": "GHSA-gwcr-j4wh-j3cq", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 200 - ], - "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", - "published": "2021-06-10T15:43:22Z", - "updated": "2023-02-01T05:05:51Z", - "affects": [ - { - "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", - "group": "org.eclipse.jetty", - "name": "jetty-servlets", - "version": "9.4.18.v20190429", - "description": "Utility Servlets from Jetty", - "hashes": [ - { - "alg": "MD5", - "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" - }, - { - "alg": "SHA-1", - "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" - }, - { - "alg": "SHA-256", - "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" - }, - { - "alg": "SHA-512", - "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" - }, - { - "alg": "SHA3-256", - "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" - }, - { - "alg": "SHA3-512", - "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", - "id": "GHSA-3gh6-v5v9-6v9j", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 149 - ], - "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", - "published": "2023-09-14T16:16:00Z", - "updated": "2023-11-06T05:01:59Z", - "affects": [ - { - "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", - "group": "org.eclipse.jetty", - "name": "jetty-servlets", - "version": "9.4.18.v20190429", - "description": "Utility Servlets from Jetty", - "hashes": [ - { - "alg": "MD5", - "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" - }, - { - "alg": "SHA-1", - "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" - }, - { - "alg": "SHA-256", - "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" - }, - { - "alg": "SHA-512", - "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" - }, - { - "alg": "SHA3-256", - "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" - }, - { - "alg": "SHA3-512", - "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", - "id": "GHSA-269g-pwp5-87pp", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 200, - 732 - ], - "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", - "published": "2020-10-12T17:33:00Z", - "updated": "2023-02-01T05:04:50Z", - "affects": [ - { - "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", - "group": "junit", - "name": "junit", - "version": "4.12", - "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", - "hashes": [ - { - "alg": "MD5", - "content": "5b38c40c97fbd0adee29f91e60405584" - }, - { - "alg": "SHA-1", - "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" - }, - { - "alg": "SHA-256", - "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" - }, - { - "alg": "SHA-512", - "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" - }, - { - "alg": "SHA3-256", - "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" - }, - { - "alg": "SHA3-512", - "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0", - "url": "http://www.eclipse.org/legal/epl-v10.html" - } - } - ], - "purl": "pkg:maven/junit/junit@4.12?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.junit.org" - }, - { - "type": "build-system", - "url": "https://junit.ci.cloudbees.com/" - }, - { - "type": "distribution", - "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" - }, - { - "type": "issue-tracker", - "url": "https://github.com/junit-team/junit/issues" - }, - { - "type": "mailing-list", - "url": "https://groups.yahoo.com/neo/groups/junit/info" - }, - { - "type": "vcs", - "url": "http://github.com/junit-team/junit/tree/master" - } - ] - } - ] - }, - { - "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", - "id": "INT-f70z-tbpp-4o5d", - "source": { - "name": "INTERNAL" - }, - "ratings": [ - { - "source": { - "name": "INTERNAL" - }, - "severity": "high", - "method": "other" - } - ], - "affects": [ - { - "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "group": "net.bytebuddy", - "name": "byte-buddy", - "version": "1.9.7", - "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", - "hashes": [ - { - "alg": "MD5", - "content": "3038371407163c76c89749c3a7c458b0" - }, - { - "alg": "SHA-1", - "content": "8fea78fea6449e1738b675cb155ce8422661e237" - }, - { - "alg": "SHA-256", - "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" - }, - { - "alg": "SHA-512", - "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" - }, - { - "alg": "SHA3-256", - "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" - }, - { - "alg": "SHA3-512", - "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", - "externalReferences": [ - { - "type": "distribution", - "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" - }, - { - "type": "issue-tracker", - "url": "https://github.com/raphw/byte-buddy/issues" - } - ] - } - ] - }, - { - "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", - "id": "INT-63e3-49kp-blqt", - "source": { - "name": "INTERNAL" - }, - "ratings": [ - { - "source": { - "name": "INTERNAL" - }, - "severity": "low", - "method": "other" - } - ], - "description": "testing", - "affects": [ - { - "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "group": "net.bytebuddy", - "name": "byte-buddy", - "version": "1.9.7", - "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", - "hashes": [ - { - "alg": "MD5", - "content": "3038371407163c76c89749c3a7c458b0" - }, - { - "alg": "SHA-1", - "content": "8fea78fea6449e1738b675cb155ce8422661e237" - }, - { - "alg": "SHA-256", - "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" - }, - { - "alg": "SHA-512", - "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" - }, - { - "alg": "SHA3-256", - "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" - }, - { - "alg": "SHA3-512", - "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", - "externalReferences": [ - { - "type": "distribution", - "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" - }, - { - "type": "issue-tracker", - "url": "https://github.com/raphw/byte-buddy/issues" - } - ] - } - ] - }, - { - "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", - "id": "GHSA-j8jw-g6fq-mp7h", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 89 - ], - "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", - "published": "2022-02-09T22:57:29Z", - "updated": "2024-06-27T16:39:59Z", - "affects": [ - { - "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", - "group": "org.hibernate", - "name": "hibernate-core", - "version": "5.2.18.Final", - "description": "The core O/RM functionality as provided by Hibernate", - "hashes": [ - { - "alg": "MD5", - "content": "a5e6ac320c1b5fd739d213dc050cfc29" - }, - { - "alg": "SHA-1", - "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" - }, - { - "alg": "SHA-256", - "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" - }, - { - "alg": "SHA-512", - "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" - }, - { - "alg": "SHA3-256", - "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" - }, - { - "alg": "SHA3-512", - "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" - } - ], - "licenses": [ - { - "license": { - "name": "GNU Lesser General Public License", - "url": "http://www.gnu.org/licenses/lgpl-2.1.html" - } - } - ], - "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://hibernate.org" - }, - { - "type": "issue-tracker", - "url": "https://hibernate.atlassian.net/browse/HHH" - }, - { - "type": "vcs", - "url": "http://github.com/hibernate/hibernate-orm" - } - ] - } - ] - }, - { - "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", - "id": "GHSA-8grg-q944-cch5", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 89 - ], - "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", - "published": "2022-02-10T23:05:04Z", - "updated": "2024-06-27T18:05:49Z", - "affects": [ - { - "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", - "group": "org.hibernate", - "name": "hibernate-core", - "version": "5.2.18.Final", - "description": "The core O/RM functionality as provided by Hibernate", - "hashes": [ - { - "alg": "MD5", - "content": "a5e6ac320c1b5fd739d213dc050cfc29" - }, - { - "alg": "SHA-1", - "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" - }, - { - "alg": "SHA-256", - "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" - }, - { - "alg": "SHA-512", - "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" - }, - { - "alg": "SHA3-256", - "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" - }, - { - "alg": "SHA3-512", - "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" - } - ], - "licenses": [ - { - "license": { - "name": "GNU Lesser General Public License", - "url": "http://www.gnu.org/licenses/lgpl-2.1.html" - } - } - ], - "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://hibernate.org" - }, - { - "type": "issue-tracker", - "url": "https://hibernate.atlassian.net/browse/HHH" - }, - { - "type": "vcs", - "url": "http://github.com/hibernate/hibernate-orm" - } - ] - } - ] - }, - { - "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", - "id": "GHSA-hwj3-m3p6-hj38", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", - "published": "2020-06-05T16:13:36Z", - "updated": "2023-01-27T05:02:30Z", - "affects": [ - { - "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", - "group": "org.dom4j", - "name": "dom4j", - "version": "2.1.1", - "description": "flexible XML framework for Java", - "hashes": [ - { - "alg": "MD5", - "content": "f5710c1d5f5627ae5ce850a0b12ea87a" - }, - { - "alg": "SHA-1", - "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" - }, - { - "alg": "SHA-256", - "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" - }, - { - "alg": "SHA-512", - "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" - }, - { - "alg": "SHA3-256", - "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" - }, - { - "alg": "SHA3-512", - "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" - } - ], - "licenses": [ - { - "license": { - "name": "BSD 3-clause New License", - "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" - } - } - ], - "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" - } - ] - }, - { - "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", - "id": "GHSA-7r82-7xv7-xcpj", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 79 - ], - "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", - "published": "2021-06-03T23:40:23Z", - "updated": "2023-02-01T05:05:30Z", - "affects": [ - { - "ref": "893beba4-580b-4ada-a4cf-067fbe145507" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", - "group": "org.apache.httpcomponents", - "name": "httpclient", - "version": "4.5.7", - "description": "Apache HttpComponents Client", - "hashes": [ - { - "alg": "MD5", - "content": "deed71468af21d6f0cf02bf853ac02ec" - }, - { - "alg": "SHA-1", - "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" - }, - { - "alg": "SHA-256", - "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" - }, - { - "alg": "SHA-512", - "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" - }, - { - "alg": "SHA3-256", - "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" - }, - { - "alg": "SHA3-512", - "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.apache.org/" - }, - { - "type": "issue-tracker", - "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" - }, - { - "type": "mailing-list", - "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" - }, - { - "type": "distribution", - "url": "https://repository.apache.org/service/local/staging/deploy/maven2" - } - ] - } - ] - }, - { - "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", - "id": "GHSA-jvfv-hrrc-6q72", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", - "published": "2022-03-05T00:00:45Z", - "updated": "2023-01-27T05:02:46Z", - "affects": [ - { - "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", - "group": "org.liquibase", - "name": "liquibase-core", - "version": "3.6.3", - "description": "Liquibase is a tool for managing and executing database changes.", - "hashes": [ - { - "alg": "MD5", - "content": "455a827f017027c276fdfc1ec0bba595" - }, - { - "alg": "SHA-1", - "content": "737c5a4fac26ee760d016923c83481ff933e4875" - }, - { - "alg": "SHA-256", - "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" - }, - { - "alg": "SHA-512", - "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" - }, - { - "alg": "SHA3-256", - "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" - }, - { - "alg": "SHA3-512", - "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.liquibase.org" - }, - { - "type": "build-system", - "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" - }, - { - "type": "issue-tracker", - "url": "http://liquibase.jira.com/browse/CORE" - } - ] - } - ] - }, - { - "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", - "id": "GHSA-wgmr-mf83-7x4j", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 410 - ], - "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "published": "2022-07-07T20:55:40Z", - "updated": "2023-07-24T19:39:20Z", - "affects": [ - { - "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", - "group": "org.eclipse.jetty.http2", - "name": "http2-server", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "9c82833f49671905299a1a0d0edc031d" - }, - { - "alg": "SHA-1", - "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" - }, - { - "alg": "SHA-256", - "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" - }, - { - "alg": "SHA-512", - "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" - }, - { - "alg": "SHA3-256", - "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" - }, - { - "alg": "SHA3-512", - "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", - "id": "GHSA-qppj-fm5r-hxr3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", - "published": "2023-10-10T21:28:24Z", - "updated": "2024-06-21T21:34:00Z", - "affects": [ - { - "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", - "group": "org.eclipse.jetty.http2", - "name": "http2-server", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "9c82833f49671905299a1a0d0edc031d" - }, - { - "alg": "SHA-1", - "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" - }, - { - "alg": "SHA-256", - "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" - }, - { - "alg": "SHA-512", - "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" - }, - { - "alg": "SHA3-256", - "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" - }, - { - "alg": "SHA3-512", - "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", - "id": "GHSA-rggv-cv7r-mw98", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", - "published": "2024-02-26T20:13:46Z", - "updated": "2024-05-02T18:38:19Z", - "affects": [ - { - "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", - "group": "org.eclipse.jetty.http2", - "name": "http2-common", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "d4f0dede20f81acfb53f97c01fae71cf" - }, - { - "alg": "SHA-1", - "content": "6e3306d394aaaf41876220a818fb639faf5963b0" - }, - { - "alg": "SHA-256", - "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" - }, - { - "alg": "SHA-512", - "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" - }, - { - "alg": "SHA3-256", - "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" - }, - { - "alg": "SHA3-512", - "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", - "id": "GHSA-qppj-fm5r-hxr3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", - "published": "2023-10-10T21:28:24Z", - "updated": "2024-06-21T21:34:00Z", - "affects": [ - { - "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", - "group": "org.eclipse.jetty.http2", - "name": "http2-common", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "d4f0dede20f81acfb53f97c01fae71cf" - }, - { - "alg": "SHA-1", - "content": "6e3306d394aaaf41876220a818fb639faf5963b0" - }, - { - "alg": "SHA-256", - "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" - }, - { - "alg": "SHA-512", - "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" - }, - { - "alg": "SHA3-256", - "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" - }, - { - "alg": "SHA3-512", - "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", - "id": "GHSA-wgh7-54f2-x98r", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 190 - ], - "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", - "published": "2023-10-10T21:16:23Z", - "updated": "2024-06-21T21:33:57Z", - "affects": [ - { - "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", - "group": "org.eclipse.jetty.http2", - "name": "http2-hpack", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "0323c6dd472c456a99d068f171cbd661" - }, - { - "alg": "SHA-1", - "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" - }, - { - "alg": "SHA-256", - "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" - }, - { - "alg": "SHA-512", - "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" - }, - { - "alg": "SHA3-256", - "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" - }, - { - "alg": "SHA3-512", - "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", - "id": "GHSA-w4g2-9hj6-5472", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 295 - ], - "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", - "published": "2018-10-18T18:06:08Z", - "updated": "2023-01-09T05:03:38Z", - "affects": [ - { - "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", - "group": "com.rabbitmq", - "name": "amqp-client", - "version": "4.4.1", - "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", - "hashes": [ - { - "alg": "MD5", - "content": "1a2a6feac205524a636c06d86af2df2c" - }, - { - "alg": "SHA-1", - "content": "c442f6501595a6fb9c029409eca94888cc9a3106" - }, - { - "alg": "SHA-256", - "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" - }, - { - "alg": "SHA-512", - "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" - }, - { - "alg": "SHA3-256", - "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" - }, - { - "alg": "SHA3-512", - "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" - } - ], - "licenses": [ - { - "license": { - "id": "MPL-1.1" - } - } - ], - "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.rabbitmq.com" - }, - { - "type": "vcs", - "url": "https://github.com/rabbitmq/rabbitmq-java-client" - } - ] - } - ] - }, - { - "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", - "id": "GHSA-mm8h-8587-p46h", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", - "published": "2023-10-24T01:49:09Z", - "updated": "2023-11-05T05:04:23Z", - "affects": [ - { - "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", - "group": "com.rabbitmq", - "name": "amqp-client", - "version": "4.4.1", - "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", - "hashes": [ - { - "alg": "MD5", - "content": "1a2a6feac205524a636c06d86af2df2c" - }, - { - "alg": "SHA-1", - "content": "c442f6501595a6fb9c029409eca94888cc9a3106" - }, - { - "alg": "SHA-256", - "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" - }, - { - "alg": "SHA-512", - "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" - }, - { - "alg": "SHA3-256", - "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" - }, - { - "alg": "SHA3-512", - "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" - } - ], - "licenses": [ - { - "license": { - "id": "MPL-1.1" - } - } - ], - "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.rabbitmq.com" - }, - { - "type": "vcs", - "url": "https://github.com/rabbitmq/rabbitmq-java-client" - } - ] - } - ] - }, - { - "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", - "id": "GHSA-h376-j262-vhq6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", - "published": "2022-01-06T23:55:09Z", - "updated": "2023-02-25T00:31:20Z", - "affects": [ - { - "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", - "group": "com.h2database", - "name": "h2", - "version": "1.4.197", - "description": "H2 Database Engine", - "hashes": [ - { - "alg": "MD5", - "content": "f9893acfa22b7fe1492dd9c515af2e5b" - }, - { - "alg": "SHA-1", - "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" - }, - { - "alg": "SHA-256", - "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" - }, - { - "alg": "SHA-512", - "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" - }, - { - "alg": "SHA3-256", - "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" - }, - { - "alg": "SHA3-512", - "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" - } - ], - "licenses": [ - { - "license": { - "name": "MPL 2.0 or EPL 1.0", - "url": "http://h2database.com/html/license.html" - } - } - ], - "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "https://github.com/h2database/h2database" - } - ] - } - ] - }, - { - "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", - "id": "GHSA-45hx-wfhj-473x", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 88 - ], - "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", - "published": "2022-01-21T23:07:39Z", - "updated": "2023-08-18T15:47:05Z", - "affects": [ - { - "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", - "group": "com.h2database", - "name": "h2", - "version": "1.4.197", - "description": "H2 Database Engine", - "hashes": [ - { - "alg": "MD5", - "content": "f9893acfa22b7fe1492dd9c515af2e5b" - }, - { - "alg": "SHA-1", - "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" - }, - { - "alg": "SHA-256", - "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" - }, - { - "alg": "SHA-512", - "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" - }, - { - "alg": "SHA3-256", - "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" - }, - { - "alg": "SHA3-512", - "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" - } - ], - "licenses": [ - { - "license": { - "name": "MPL 2.0 or EPL 1.0", - "url": "http://h2database.com/html/license.html" - } - } - ], - "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "https://github.com/h2database/h2database" - } - ] - } - ] - } - ] + } } } ], diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index f7083d8267..9418a022e1 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -1,8 +1,7 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.8", - "target_id": null + "release": "2.10.8" }, "version": "2.10.8", "statistics": {}, @@ -12,14 +11,10 @@ "title": "test 9", "version": "SNAPSHOT", "maintainer": "", - "summary": null, "description": "This is the project I want to use to generate data to understand the schema a bit better", "license": "", "supports": [], "attributes": [], - "copyright": null, - "copyright_email": null, - "depends": [], "groups": [], "status": "loaded", "controls": [ @@ -4073,7 +4068,7 @@ ] } ], - "sha256": "5eb1029fd6edc5ff52faf63b6df538d46aad89466889da511e79b440d474ae2a" + "sha256": "47d6baff3f650950cb7e0dec0c43a91f6c0c73c42c1cd0a7db431aa7e43ae781" } ], "passthrough": { @@ -14121,7636 +14116,7 @@ "version": "SNAPSHOT", "description": "This is the project I want to use to generate data to understand the schema a bit better" } - }, - "vulnerabilities": [ - { - "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", - "id": "GHSA-5mg8-w23w-74h3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 173, - 200, - 378, - 732 - ], - "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", - "published": "2021-03-25T17:04:19Z", - "updated": "2023-11-09T18:44:38Z", - "affects": [ - { - "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", - "group": "com.google.guava", - "name": "guava", - "version": "24.1.1-jre", - "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", - "hashes": [ - { - "alg": "MD5", - "content": "361459dd415a18e4750b7fa0cdd9e747" - }, - { - "alg": "SHA-1", - "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" - }, - { - "alg": "SHA-256", - "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" - }, - { - "alg": "SHA-512", - "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" - }, - { - "alg": "SHA3-256", - "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" - }, - { - "alg": "SHA3-512", - "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", - "externalReferences": [ - { - "type": "build-system", - "url": "https://travis-ci.org/google/guava" - }, - { - "type": "issue-tracker", - "url": "https://github.com/google/guava/issues" - }, - { - "type": "vcs", - "url": "https://github.com/google/guava" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", - "id": "GHSA-7g45-4rm6-3mm3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 379, - 552 - ], - "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", - "published": "2023-06-14T18:30:38Z", - "updated": "2024-02-13T21:49:15Z", - "affects": [ - { - "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", - "group": "com.google.guava", - "name": "guava", - "version": "24.1.1-jre", - "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", - "hashes": [ - { - "alg": "MD5", - "content": "361459dd415a18e4750b7fa0cdd9e747" - }, - { - "alg": "SHA-1", - "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" - }, - { - "alg": "SHA-256", - "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" - }, - { - "alg": "SHA-512", - "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" - }, - { - "alg": "SHA3-256", - "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" - }, - { - "alg": "SHA3-512", - "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", - "externalReferences": [ - { - "type": "build-system", - "url": "https://travis-ci.org/google/guava" - }, - { - "type": "issue-tracker", - "url": "https://github.com/google/guava/issues" - }, - { - "type": "vcs", - "url": "https://github.com/google/guava" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", - "id": "GHSA-5p34-5m6p-p58g", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", - "published": "2020-04-23T21:08:40Z", - "updated": "2023-02-01T05:02:59Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", - "id": "GHSA-27xj-rqx5-2255", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", - "published": "2020-05-15T18:58:44Z", - "updated": "2023-02-01T05:02:59Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", - "id": "GHSA-58pp-9c76-5625", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", - "published": "2020-06-10T21:12:41Z", - "updated": "2023-02-01T05:03:03Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", - "id": "GHSA-v3xw-c963-f5hc", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", - "published": "2020-05-15T18:58:50Z", - "updated": "2023-02-01T05:03:05Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", - "id": "GHSA-h4rc-386g-6m85", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", - "published": "2020-04-23T20:19:02Z", - "updated": "2024-03-15T00:41:35Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", - "id": "GHSA-9vvp-fxw6-jcxr", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", - "published": "2020-05-15T18:58:47Z", - "updated": "2024-03-15T00:48:55Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", - "id": "GHSA-rf6r-2c4q-2vwg", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", - "published": "2020-05-15T18:58:54Z", - "updated": "2024-03-15T00:50:18Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", - "id": "GHSA-758m-v56v-grj4", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", - "published": "2020-04-23T21:36:03Z", - "updated": "2024-06-25T13:46:45Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", - "id": "GHSA-95cm-88f5-f2c7", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", - "published": "2020-04-23T16:32:59Z", - "updated": "2024-07-03T21:10:50Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", - "id": "GHSA-c2q3-4qrh-fm48", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", - "published": "2020-06-18T14:44:50Z", - "updated": "2023-02-01T05:04:14Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", - "id": "GHSA-mc6h-4qgp-37qh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", - "published": "2020-06-18T14:44:43Z", - "updated": "2024-03-15T00:37:17Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", - "id": "GHSA-j823-4qch-3rgm", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", - "published": "2020-06-18T14:44:46Z", - "updated": "2024-03-15T00:39:55Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", - "id": "GHSA-c265-37vj-cwcc", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", - "published": "2020-06-18T14:44:48Z", - "updated": "2024-06-25T13:46:04Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", - "id": "GHSA-4w82-r329-3q67", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", - "published": "2020-03-04T20:52:14Z", - "updated": "2023-06-08T19:02:12Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", - "id": "GHSA-rpr3-cw39-3pxh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", - "published": "2022-07-15T19:41:47Z", - "updated": "2023-08-18T15:45:27Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", - "id": "GHSA-fmmc-742q-jg75", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", - "published": "2019-11-13T00:32:27Z", - "updated": "2023-09-14T14:55:20Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", - "id": "GHSA-gjmw-vf9h-g25v", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", - "published": "2019-11-13T00:32:38Z", - "updated": "2023-09-14T14:55:25Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", - "id": "GHSA-mx7p-6679-8g3q", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", - "published": "2019-10-28T20:51:15Z", - "updated": "2024-03-15T00:57:37Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", - "id": "GHSA-q93h-jc49-78gg", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", - "published": "2020-05-15T18:59:10Z", - "updated": "2023-09-14T15:09:40Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", - "id": "GHSA-p43x-xfjf-5jhr", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", - "published": "2020-05-15T18:59:01Z", - "updated": "2024-03-15T00:20:09Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", - "id": "GHSA-h3cw-g4mq-c5x2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 94, - 502 - ], - "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", - "published": "2021-12-09T19:14:51Z", - "updated": "2023-09-14T15:44:55Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", - "id": "GHSA-qjw2-hr98-qgfh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", - "published": "2021-12-09T19:15:36Z", - "updated": "2023-09-14T15:47:50Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", - "id": "GHSA-8w26-6f25-cm9x", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", - "published": "2021-12-09T19:16:02Z", - "updated": "2023-09-14T15:52:49Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", - "id": "GHSA-m6x4-97wx-4q27", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", - "published": "2021-12-09T19:16:26Z", - "updated": "2023-09-14T15:53:30Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", - "id": "GHSA-v585-23hc-c647", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", - "published": "2021-11-19T20:13:06Z", - "updated": "2023-09-14T15:59:33Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", - "id": "GHSA-r695-7vr9-jgc2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", - "published": "2021-12-09T19:16:51Z", - "updated": "2023-09-14T16:01:31Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", - "id": "GHSA-vfqx-33qm-g869", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", - "published": "2021-12-09T19:16:59Z", - "updated": "2023-09-14T16:04:22Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", - "id": "GHSA-f9xh-2qgp-cq57", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", - "published": "2021-12-09T19:16:42Z", - "updated": "2023-09-14T16:04:22Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", - "id": "GHSA-cvm9-fjm9-3572", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "published": "2021-12-09T19:16:10Z", - "updated": "2023-09-14T16:07:00Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", - "id": "GHSA-9gph-22xh-8x98", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "published": "2021-12-09T19:15:54Z", - "updated": "2023-09-14T16:07:40Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", - "id": "GHSA-89qr-369f-5m5x", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "published": "2021-12-09T19:15:46Z", - "updated": "2023-09-14T16:08:37Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", - "id": "GHSA-8c4j-34r4-xr8g", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "published": "2021-12-09T19:16:18Z", - "updated": "2023-09-14T16:13:01Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", - "id": "GHSA-9m6f-7xcq-8vf8", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", - "published": "2021-12-09T19:16:34Z", - "updated": "2023-09-14T16:15:44Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", - "id": "GHSA-5r5r-6hpj-8gg9", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", - "published": "2021-12-09T19:15:24Z", - "updated": "2023-11-21T11:40:53Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", - "id": "GHSA-wh8g-3j2c-rqj5", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", - "published": "2021-12-09T19:15:00Z", - "updated": "2024-03-15T00:28:08Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", - "id": "GHSA-r3gr-cxrf-hg25", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502, - 913 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", - "published": "2021-12-09T19:15:11Z", - "updated": "2024-06-25T13:47:23Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", - "id": "GHSA-jjjh-jjxp-wpff", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 502 - ], - "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", - "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-15T00:14:44Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", - "id": "GHSA-5949-rw7g-wx7w", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", - "published": "2021-01-20T21:20:15Z", - "updated": "2024-03-15T00:16:04Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", - "id": "GHSA-57j2-w4cx-62h2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 787 - ], - "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", - "published": "2022-03-12T00:00:36Z", - "updated": "2024-03-15T00:24:56Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", - "id": "GHSA-288c-cq4h-88gq", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", - "published": "2021-02-18T20:51:54Z", - "updated": "2024-03-15T00:31:24Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", - "id": "GHSA-gww7-p5w4-wrfv", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", - "published": "2020-03-04T20:52:11Z", - "updated": "2024-03-15T00:52:59Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", - "id": "GHSA-rgv9-q543-rqg4", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 502 - ], - "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", - "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-24T05:01:05Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", - "id": "GHSA-fqwf-pjwf-7vqv", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", - "published": "2020-05-15T18:59:04Z", - "updated": "2024-07-03T21:10:31Z", - "affects": [ - { - "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } - ] - } - ] - }, - { - "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", - "id": "GHSA-8jpx-m2wh-2v34", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 74 - ], - "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "published": "2020-04-10T18:42:20Z", - "updated": "2023-01-09T05:02:18Z", - "affects": [ - { - "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "group": "io.dropwizard", - "name": "dropwizard-validation", - "version": "1.3.15", - "hashes": [ - { - "alg": "MD5", - "content": "0557207f6f05c684958ff0c524ed97de" - }, - { - "alg": "SHA-1", - "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" - }, - { - "alg": "SHA-256", - "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" - }, - { - "alg": "SHA-512", - "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" - }, - { - "alg": "SHA3-256", - "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" - }, - { - "alg": "SHA3-512", - "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" - } - ], - "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" - } - ] - }, - { - "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", - "id": "GHSA-3mcp-9wr4-cjqf", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 74 - ], - "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "published": "2020-02-24T17:27:27Z", - "updated": "2024-06-05T16:42:03Z", - "affects": [ - { - "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "group": "io.dropwizard", - "name": "dropwizard-validation", - "version": "1.3.15", - "hashes": [ - { - "alg": "MD5", - "content": "0557207f6f05c684958ff0c524ed97de" - }, - { - "alg": "SHA-1", - "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" - }, - { - "alg": "SHA-256", - "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" - }, - { - "alg": "SHA-512", - "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" - }, - { - "alg": "SHA3-256", - "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" - }, - { - "alg": "SHA3-512", - "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" - } - ], - "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" - } - ] - }, - { - "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", - "id": "GHSA-rvwf-54qp-4r6v", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 776 - ], - "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", - "published": "2021-06-04T21:37:45Z", - "updated": "2023-05-22T20:17:58Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", - "id": "GHSA-9w3m-gqgf-c4p9", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", - "id": "GHSA-w37g-rhq8-7m4j", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", - "published": "2022-11-11T19:00:31Z", - "updated": "2024-06-21T21:33:52Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", - "id": "GHSA-c4r9-r8fh-9vj2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", - "id": "GHSA-hhhw-99gj-p3c3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", - "id": "GHSA-98wm-3w3q-mw94", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 121, - 787 - ], - "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", - "id": "GHSA-3mc7-4q67-w48m", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 776 - ], - "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", - "published": "2022-08-31T00:00:24Z", - "updated": "2024-03-15T19:06:46Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", - "id": "GHSA-mjmj-j48q-9wg2", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 20, - 502 - ], - "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", - "published": "2022-12-12T21:19:47Z", - "updated": "2024-06-24T21:22:59Z", - "affects": [ - { - "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } - ] - } - ] - }, - { - "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", - "id": "GHSA-668q-qrv7-99fm", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", - "published": "2021-12-17T20:00:50Z", - "updated": "2023-01-30T05:04:55Z", - "affects": [ - { - "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "group": "ch.qos.logback", - "name": "logback-core", - "version": "1.2.3", - "description": "logback-core module", - "hashes": [ - { - "alg": "MD5", - "content": "841fc80c6edff60d947a3872a2db4d45" - }, - { - "alg": "SHA-1", - "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" - }, - { - "alg": "SHA-256", - "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" - }, - { - "alg": "SHA-512", - "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" - }, - { - "alg": "SHA3-256", - "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" - }, - { - "alg": "SHA3-512", - "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0", - "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" - } - } - ], - "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.qos.ch" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "vcs", - "url": "https://github.com/ceki/logback" - } - ] - } - ] - }, - { - "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", - "id": "GHSA-vmq6-5m68-f53m", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "published": "2023-11-29T12:30:16Z", - "updated": "2023-12-05T21:31:13Z", - "affects": [ - { - "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "group": "ch.qos.logback", - "name": "logback-core", - "version": "1.2.3", - "description": "logback-core module", - "hashes": [ - { - "alg": "MD5", - "content": "841fc80c6edff60d947a3872a2db4d45" - }, - { - "alg": "SHA-1", - "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" - }, - { - "alg": "SHA-256", - "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" - }, - { - "alg": "SHA-512", - "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" - }, - { - "alg": "SHA3-256", - "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" - }, - { - "alg": "SHA3-512", - "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0", - "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" - } - } - ], - "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.qos.ch" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "vcs", - "url": "https://github.com/ceki/logback" - } - ] - } - ] - }, - { - "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", - "id": "GHSA-vmq6-5m68-f53m", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "published": "2023-11-29T12:30:16Z", - "updated": "2023-12-05T21:31:13Z", - "affects": [ - { - "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", - "group": "ch.qos.logback", - "name": "logback-classic", - "version": "1.2.3", - "description": "logback-classic module", - "hashes": [ - { - "alg": "MD5", - "content": "64f7a68f931aed8e5ad8243470440f0b" - }, - { - "alg": "SHA-1", - "content": "7c4f3c474fb2c041d8028740440937705ebb473a" - }, - { - "alg": "SHA-256", - "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" - }, - { - "alg": "SHA-512", - "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" - }, - { - "alg": "SHA3-256", - "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" - }, - { - "alg": "SHA3-512", - "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0", - "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" - } - } - ], - "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.qos.ch" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "vcs", - "url": "https://github.com/ceki/logback" - } - ] - } - ] - }, - { - "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", - "id": "GHSA-m394-8rww-3jr7", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", - "published": "2021-03-10T03:46:47Z", - "updated": "2023-02-01T05:05:09Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", - "id": "GHSA-m6cp-vxjx-65j6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 613 - ], - "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", - "published": "2021-06-23T20:23:04Z", - "updated": "2023-02-01T05:05:59Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", - "id": "GHSA-26vr-8j45-3r4w", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 551, - 755 - ], - "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", - "published": "2021-04-06T17:31:30Z", - "updated": "2023-09-26T11:11:47Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", - "id": "GHSA-p26g-97m4-6q7c", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 200 - ], - "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", - "published": "2023-04-18T22:19:57Z", - "updated": "2023-11-06T05:01:53Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", - "id": "GHSA-qw69-rqj8-6qw8", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400, - 770 - ], - "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", - "published": "2023-04-19T18:15:45Z", - "updated": "2023-11-06T05:02:06Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", - "id": "GHSA-86wm-rrjm-8wh8", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 226 - ], - "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", - "published": "2020-12-02T18:28:18Z", - "updated": "2024-02-21T17:23:14Z", - "affects": [ - { - "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", - "id": "GHSA-cj7v-27pg-wf7q", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 20 - ], - "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "published": "2022-07-07T20:55:34Z", - "updated": "2023-01-29T05:06:01Z", - "affects": [ - { - "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", - "group": "org.eclipse.jetty", - "name": "jetty-http", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "0f5299204d64fb561a8062f594185dc6" - }, - { - "alg": "SHA-1", - "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" - }, - { - "alg": "SHA-256", - "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" - }, - { - "alg": "SHA-512", - "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" - }, - { - "alg": "SHA3-256", - "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" - }, - { - "alg": "SHA3-512", - "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", - "id": "GHSA-hmr7-m48g-48f6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 130 - ], - "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", - "published": "2023-09-14T16:17:27Z", - "updated": "2023-11-06T05:01:59Z", - "affects": [ - { - "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", - "group": "org.eclipse.jetty", - "name": "jetty-http", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "0f5299204d64fb561a8062f594185dc6" - }, - { - "alg": "SHA-1", - "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" - }, - { - "alg": "SHA-256", - "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" - }, - { - "alg": "SHA-512", - "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" - }, - { - "alg": "SHA3-256", - "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" - }, - { - "alg": "SHA3-512", - "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", - "id": "GHSA-g3wg-6mcf-8jj6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 378, - 379, - 552 - ], - "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", - "published": "2020-11-04T17:50:24Z", - "updated": "2023-11-27T23:07:53Z", - "affects": [ - { - "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", - "group": "org.eclipse.jetty", - "name": "jetty-webapp", - "version": "9.4.18.v20190429", - "description": "Jetty web application support", - "hashes": [ - { - "alg": "MD5", - "content": "044d3037d9a5b94c8ed938d89045e06b" - }, - { - "alg": "SHA-1", - "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" - }, - { - "alg": "SHA-256", - "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" - }, - { - "alg": "SHA-512", - "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" - }, - { - "alg": "SHA3-256", - "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" - }, - { - "alg": "SHA3-512", - "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", - "id": "GHSA-58qw-p7qm-5rvh", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", - "published": "2023-07-10T21:52:39Z", - "updated": "2023-09-05T22:39:32Z", - "affects": [ - { - "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", - "group": "org.eclipse.jetty", - "name": "jetty-xml", - "version": "9.4.18.v20190429", - "description": "The jetty xml utilities.", - "hashes": [ - { - "alg": "MD5", - "content": "637f8a266afa4cb043e1d142c7cacb33" - }, - { - "alg": "SHA-1", - "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" - }, - { - "alg": "SHA-256", - "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" - }, - { - "alg": "SHA-512", - "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" - }, - { - "alg": "SHA3-256", - "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" - }, - { - "alg": "SHA3-512", - "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", - "id": "GHSA-gwcr-j4wh-j3cq", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 200 - ], - "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", - "published": "2021-06-10T15:43:22Z", - "updated": "2023-02-01T05:05:51Z", - "affects": [ - { - "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", - "group": "org.eclipse.jetty", - "name": "jetty-servlets", - "version": "9.4.18.v20190429", - "description": "Utility Servlets from Jetty", - "hashes": [ - { - "alg": "MD5", - "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" - }, - { - "alg": "SHA-1", - "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" - }, - { - "alg": "SHA-256", - "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" - }, - { - "alg": "SHA-512", - "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" - }, - { - "alg": "SHA3-256", - "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" - }, - { - "alg": "SHA3-512", - "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", - "id": "GHSA-3gh6-v5v9-6v9j", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "low", - "method": "other" - } - ], - "cwes": [ - 149 - ], - "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", - "published": "2023-09-14T16:16:00Z", - "updated": "2023-11-06T05:01:59Z", - "affects": [ - { - "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", - "group": "org.eclipse.jetty", - "name": "jetty-servlets", - "version": "9.4.18.v20190429", - "description": "Utility Servlets from Jetty", - "hashes": [ - { - "alg": "MD5", - "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" - }, - { - "alg": "SHA-1", - "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" - }, - { - "alg": "SHA-256", - "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" - }, - { - "alg": "SHA-512", - "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" - }, - { - "alg": "SHA3-256", - "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" - }, - { - "alg": "SHA3-512", - "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", - "id": "GHSA-269g-pwp5-87pp", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 200, - 732 - ], - "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", - "published": "2020-10-12T17:33:00Z", - "updated": "2023-02-01T05:04:50Z", - "affects": [ - { - "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", - "group": "junit", - "name": "junit", - "version": "4.12", - "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", - "hashes": [ - { - "alg": "MD5", - "content": "5b38c40c97fbd0adee29f91e60405584" - }, - { - "alg": "SHA-1", - "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" - }, - { - "alg": "SHA-256", - "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" - }, - { - "alg": "SHA-512", - "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" - }, - { - "alg": "SHA3-256", - "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" - }, - { - "alg": "SHA3-512", - "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0", - "url": "http://www.eclipse.org/legal/epl-v10.html" - } - } - ], - "purl": "pkg:maven/junit/junit@4.12?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.junit.org" - }, - { - "type": "build-system", - "url": "https://junit.ci.cloudbees.com/" - }, - { - "type": "distribution", - "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" - }, - { - "type": "issue-tracker", - "url": "https://github.com/junit-team/junit/issues" - }, - { - "type": "mailing-list", - "url": "https://groups.yahoo.com/neo/groups/junit/info" - }, - { - "type": "vcs", - "url": "http://github.com/junit-team/junit/tree/master" - } - ] - } - ] - }, - { - "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", - "id": "INT-f70z-tbpp-4o5d", - "source": { - "name": "INTERNAL" - }, - "ratings": [ - { - "source": { - "name": "INTERNAL" - }, - "severity": "high", - "method": "other" - } - ], - "affects": [ - { - "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "group": "net.bytebuddy", - "name": "byte-buddy", - "version": "1.9.7", - "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", - "hashes": [ - { - "alg": "MD5", - "content": "3038371407163c76c89749c3a7c458b0" - }, - { - "alg": "SHA-1", - "content": "8fea78fea6449e1738b675cb155ce8422661e237" - }, - { - "alg": "SHA-256", - "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" - }, - { - "alg": "SHA-512", - "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" - }, - { - "alg": "SHA3-256", - "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" - }, - { - "alg": "SHA3-512", - "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", - "externalReferences": [ - { - "type": "distribution", - "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" - }, - { - "type": "issue-tracker", - "url": "https://github.com/raphw/byte-buddy/issues" - } - ] - } - ] - }, - { - "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", - "id": "INT-63e3-49kp-blqt", - "source": { - "name": "INTERNAL" - }, - "ratings": [ - { - "source": { - "name": "INTERNAL" - }, - "severity": "low", - "method": "other" - } - ], - "description": "testing", - "affects": [ - { - "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "group": "net.bytebuddy", - "name": "byte-buddy", - "version": "1.9.7", - "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", - "hashes": [ - { - "alg": "MD5", - "content": "3038371407163c76c89749c3a7c458b0" - }, - { - "alg": "SHA-1", - "content": "8fea78fea6449e1738b675cb155ce8422661e237" - }, - { - "alg": "SHA-256", - "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" - }, - { - "alg": "SHA-512", - "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" - }, - { - "alg": "SHA3-256", - "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" - }, - { - "alg": "SHA3-512", - "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", - "externalReferences": [ - { - "type": "distribution", - "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" - }, - { - "type": "issue-tracker", - "url": "https://github.com/raphw/byte-buddy/issues" - } - ] - } - ] - }, - { - "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", - "id": "GHSA-j8jw-g6fq-mp7h", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 89 - ], - "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", - "published": "2022-02-09T22:57:29Z", - "updated": "2024-06-27T16:39:59Z", - "affects": [ - { - "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", - "group": "org.hibernate", - "name": "hibernate-core", - "version": "5.2.18.Final", - "description": "The core O/RM functionality as provided by Hibernate", - "hashes": [ - { - "alg": "MD5", - "content": "a5e6ac320c1b5fd739d213dc050cfc29" - }, - { - "alg": "SHA-1", - "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" - }, - { - "alg": "SHA-256", - "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" - }, - { - "alg": "SHA-512", - "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" - }, - { - "alg": "SHA3-256", - "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" - }, - { - "alg": "SHA3-512", - "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" - } - ], - "licenses": [ - { - "license": { - "name": "GNU Lesser General Public License", - "url": "http://www.gnu.org/licenses/lgpl-2.1.html" - } - } - ], - "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://hibernate.org" - }, - { - "type": "issue-tracker", - "url": "https://hibernate.atlassian.net/browse/HHH" - }, - { - "type": "vcs", - "url": "http://github.com/hibernate/hibernate-orm" - } - ] - } - ] - }, - { - "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", - "id": "GHSA-8grg-q944-cch5", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 89 - ], - "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", - "published": "2022-02-10T23:05:04Z", - "updated": "2024-06-27T18:05:49Z", - "affects": [ - { - "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", - "group": "org.hibernate", - "name": "hibernate-core", - "version": "5.2.18.Final", - "description": "The core O/RM functionality as provided by Hibernate", - "hashes": [ - { - "alg": "MD5", - "content": "a5e6ac320c1b5fd739d213dc050cfc29" - }, - { - "alg": "SHA-1", - "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" - }, - { - "alg": "SHA-256", - "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" - }, - { - "alg": "SHA-512", - "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" - }, - { - "alg": "SHA3-256", - "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" - }, - { - "alg": "SHA3-512", - "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" - } - ], - "licenses": [ - { - "license": { - "name": "GNU Lesser General Public License", - "url": "http://www.gnu.org/licenses/lgpl-2.1.html" - } - } - ], - "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://hibernate.org" - }, - { - "type": "issue-tracker", - "url": "https://hibernate.atlassian.net/browse/HHH" - }, - { - "type": "vcs", - "url": "http://github.com/hibernate/hibernate-orm" - } - ] - } - ] - }, - { - "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", - "id": "GHSA-hwj3-m3p6-hj38", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", - "published": "2020-06-05T16:13:36Z", - "updated": "2023-01-27T05:02:30Z", - "affects": [ - { - "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", - "group": "org.dom4j", - "name": "dom4j", - "version": "2.1.1", - "description": "flexible XML framework for Java", - "hashes": [ - { - "alg": "MD5", - "content": "f5710c1d5f5627ae5ce850a0b12ea87a" - }, - { - "alg": "SHA-1", - "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" - }, - { - "alg": "SHA-256", - "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" - }, - { - "alg": "SHA-512", - "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" - }, - { - "alg": "SHA3-256", - "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" - }, - { - "alg": "SHA3-512", - "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" - } - ], - "licenses": [ - { - "license": { - "name": "BSD 3-clause New License", - "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" - } - } - ], - "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" - } - ] - }, - { - "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", - "id": "GHSA-7r82-7xv7-xcpj", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 79 - ], - "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", - "published": "2021-06-03T23:40:23Z", - "updated": "2023-02-01T05:05:30Z", - "affects": [ - { - "ref": "893beba4-580b-4ada-a4cf-067fbe145507" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", - "group": "org.apache.httpcomponents", - "name": "httpclient", - "version": "4.5.7", - "description": "Apache HttpComponents Client", - "hashes": [ - { - "alg": "MD5", - "content": "deed71468af21d6f0cf02bf853ac02ec" - }, - { - "alg": "SHA-1", - "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" - }, - { - "alg": "SHA-256", - "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" - }, - { - "alg": "SHA-512", - "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" - }, - { - "alg": "SHA3-256", - "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" - }, - { - "alg": "SHA3-512", - "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.apache.org/" - }, - { - "type": "issue-tracker", - "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" - }, - { - "type": "mailing-list", - "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" - }, - { - "type": "distribution", - "url": "https://repository.apache.org/service/local/staging/deploy/maven2" - } - ] - } - ] - }, - { - "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", - "id": "GHSA-jvfv-hrrc-6q72", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 611 - ], - "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", - "published": "2022-03-05T00:00:45Z", - "updated": "2023-01-27T05:02:46Z", - "affects": [ - { - "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", - "group": "org.liquibase", - "name": "liquibase-core", - "version": "3.6.3", - "description": "Liquibase is a tool for managing and executing database changes.", - "hashes": [ - { - "alg": "MD5", - "content": "455a827f017027c276fdfc1ec0bba595" - }, - { - "alg": "SHA-1", - "content": "737c5a4fac26ee760d016923c83481ff933e4875" - }, - { - "alg": "SHA-256", - "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" - }, - { - "alg": "SHA-512", - "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" - }, - { - "alg": "SHA3-256", - "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" - }, - { - "alg": "SHA3-512", - "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.liquibase.org" - }, - { - "type": "build-system", - "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" - }, - { - "type": "issue-tracker", - "url": "http://liquibase.jira.com/browse/CORE" - } - ] - } - ] - }, - { - "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", - "id": "GHSA-wgmr-mf83-7x4j", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400, - 410 - ], - "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "published": "2022-07-07T20:55:40Z", - "updated": "2023-07-24T19:39:20Z", - "affects": [ - { - "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", - "group": "org.eclipse.jetty.http2", - "name": "http2-server", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "9c82833f49671905299a1a0d0edc031d" - }, - { - "alg": "SHA-1", - "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" - }, - { - "alg": "SHA-256", - "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" - }, - { - "alg": "SHA-512", - "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" - }, - { - "alg": "SHA3-256", - "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" - }, - { - "alg": "SHA3-512", - "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", - "id": "GHSA-qppj-fm5r-hxr3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", - "published": "2023-10-10T21:28:24Z", - "updated": "2024-06-21T21:34:00Z", - "affects": [ - { - "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", - "group": "org.eclipse.jetty.http2", - "name": "http2-server", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "9c82833f49671905299a1a0d0edc031d" - }, - { - "alg": "SHA-1", - "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" - }, - { - "alg": "SHA-256", - "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" - }, - { - "alg": "SHA-512", - "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" - }, - { - "alg": "SHA3-256", - "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" - }, - { - "alg": "SHA3-512", - "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", - "id": "GHSA-rggv-cv7r-mw98", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", - "published": "2024-02-26T20:13:46Z", - "updated": "2024-05-02T18:38:19Z", - "affects": [ - { - "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", - "group": "org.eclipse.jetty.http2", - "name": "http2-common", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "d4f0dede20f81acfb53f97c01fae71cf" - }, - { - "alg": "SHA-1", - "content": "6e3306d394aaaf41876220a818fb639faf5963b0" - }, - { - "alg": "SHA-256", - "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" - }, - { - "alg": "SHA-512", - "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" - }, - { - "alg": "SHA3-256", - "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" - }, - { - "alg": "SHA3-512", - "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", - "id": "GHSA-qppj-fm5r-hxr3", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", - "published": "2023-10-10T21:28:24Z", - "updated": "2024-06-21T21:34:00Z", - "affects": [ - { - "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", - "group": "org.eclipse.jetty.http2", - "name": "http2-common", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "d4f0dede20f81acfb53f97c01fae71cf" - }, - { - "alg": "SHA-1", - "content": "6e3306d394aaaf41876220a818fb639faf5963b0" - }, - { - "alg": "SHA-256", - "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" - }, - { - "alg": "SHA-512", - "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" - }, - { - "alg": "SHA3-256", - "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" - }, - { - "alg": "SHA3-512", - "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", - "id": "GHSA-wgh7-54f2-x98r", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "high", - "method": "other" - } - ], - "cwes": [ - 190 - ], - "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", - "published": "2023-10-10T21:16:23Z", - "updated": "2024-06-21T21:33:57Z", - "affects": [ - { - "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", - "group": "org.eclipse.jetty.http2", - "name": "http2-hpack", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "0323c6dd472c456a99d068f171cbd661" - }, - { - "alg": "SHA-1", - "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" - }, - { - "alg": "SHA-256", - "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" - }, - { - "alg": "SHA-512", - "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" - }, - { - "alg": "SHA3-256", - "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" - }, - { - "alg": "SHA3-512", - "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" - } - ], - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } - ] - } - ] - }, - { - "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", - "id": "GHSA-w4g2-9hj6-5472", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 295 - ], - "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", - "published": "2018-10-18T18:06:08Z", - "updated": "2023-01-09T05:03:38Z", - "affects": [ - { - "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", - "group": "com.rabbitmq", - "name": "amqp-client", - "version": "4.4.1", - "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", - "hashes": [ - { - "alg": "MD5", - "content": "1a2a6feac205524a636c06d86af2df2c" - }, - { - "alg": "SHA-1", - "content": "c442f6501595a6fb9c029409eca94888cc9a3106" - }, - { - "alg": "SHA-256", - "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" - }, - { - "alg": "SHA-512", - "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" - }, - { - "alg": "SHA3-256", - "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" - }, - { - "alg": "SHA3-512", - "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" - } - ], - "licenses": [ - { - "license": { - "id": "MPL-1.1" - } - } - ], - "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.rabbitmq.com" - }, - { - "type": "vcs", - "url": "https://github.com/rabbitmq/rabbitmq-java-client" - } - ] - } - ] - }, - { - "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", - "id": "GHSA-mm8h-8587-p46h", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "medium", - "method": "other" - } - ], - "cwes": [ - 400 - ], - "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", - "published": "2023-10-24T01:49:09Z", - "updated": "2023-11-05T05:04:23Z", - "affects": [ - { - "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", - "group": "com.rabbitmq", - "name": "amqp-client", - "version": "4.4.1", - "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", - "hashes": [ - { - "alg": "MD5", - "content": "1a2a6feac205524a636c06d86af2df2c" - }, - { - "alg": "SHA-1", - "content": "c442f6501595a6fb9c029409eca94888cc9a3106" - }, - { - "alg": "SHA-256", - "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" - }, - { - "alg": "SHA-512", - "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" - }, - { - "alg": "SHA3-256", - "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" - }, - { - "alg": "SHA3-512", - "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" - } - ], - "licenses": [ - { - "license": { - "id": "MPL-1.1" - } - } - ], - "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.rabbitmq.com" - }, - { - "type": "vcs", - "url": "https://github.com/rabbitmq/rabbitmq-java-client" - } - ] - } - ] - }, - { - "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", - "id": "GHSA-h376-j262-vhq6", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 502 - ], - "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", - "published": "2022-01-06T23:55:09Z", - "updated": "2023-02-25T00:31:20Z", - "affects": [ - { - "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", - "group": "com.h2database", - "name": "h2", - "version": "1.4.197", - "description": "H2 Database Engine", - "hashes": [ - { - "alg": "MD5", - "content": "f9893acfa22b7fe1492dd9c515af2e5b" - }, - { - "alg": "SHA-1", - "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" - }, - { - "alg": "SHA-256", - "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" - }, - { - "alg": "SHA-512", - "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" - }, - { - "alg": "SHA3-256", - "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" - }, - { - "alg": "SHA3-512", - "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" - } - ], - "licenses": [ - { - "license": { - "name": "MPL 2.0 or EPL 1.0", - "url": "http://h2database.com/html/license.html" - } - } - ], - "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "https://github.com/h2database/h2database" - } - ] - } - ] - }, - { - "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", - "id": "GHSA-45hx-wfhj-473x", - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "ratings": [ - { - "source": { - "name": "GITHUB", - "url": "https://github.com/advisories" - }, - "severity": "critical", - "method": "other" - } - ], - "cwes": [ - 88 - ], - "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", - "published": "2022-01-21T23:07:39Z", - "updated": "2023-08-18T15:47:05Z", - "affects": [ - { - "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" - } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", - "group": "com.h2database", - "name": "h2", - "version": "1.4.197", - "description": "H2 Database Engine", - "hashes": [ - { - "alg": "MD5", - "content": "f9893acfa22b7fe1492dd9c515af2e5b" - }, - { - "alg": "SHA-1", - "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" - }, - { - "alg": "SHA-256", - "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" - }, - { - "alg": "SHA-512", - "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" - }, - { - "alg": "SHA3-256", - "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" - }, - { - "alg": "SHA3-512", - "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" - } - ], - "licenses": [ - { - "license": { - "name": "MPL 2.0 or EPL 1.0", - "url": "http://h2database.com/html/license.html" - } - } - ], - "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "https://github.com/h2database/h2database" - } - ] - } - ] - } - ] + } } } ] diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json index 113071648c..8cc741e251 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json @@ -1,8 +1,7 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.8", - "target_id": null + "release": "2.10.8" }, "version": "2.10.8", "statistics": {}, @@ -12,18 +11,14 @@ "title": "@mitre/saf", "version": "1.4.7", "maintainer": "The MITRE Security Automation Framework", - "summary": null, "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", "license": "Apache-2.0", "supports": [], "attributes": [], - "copyright": null, - "copyright_email": null, - "depends": [], "groups": [], "status": "loaded", "controls": [], - "sha256": "569c078b8149960c980abb20c9d5a9005ba9d713965cac778799f1669f428981" + "sha256": "293aa65c39599822577a8957155b2b71f759a252c5e08724637cf1dc44089595" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json index 8970186989..b0c2266b21 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json @@ -1,8 +1,7 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.8", - "target_id": null + "release": "2.10.8" }, "version": "2.10.8", "statistics": {}, @@ -12,18 +11,14 @@ "title": "@mitre/saf", "version": "1.4.7", "maintainer": "The MITRE Security Automation Framework", - "summary": null, "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", "license": "Apache-2.0", "supports": [], "attributes": [], - "copyright": null, - "copyright_email": null, - "depends": [], "groups": [], "status": "loaded", "controls": [], - "sha256": "569c078b8149960c980abb20c9d5a9005ba9d713965cac778799f1669f428981" + "sha256": "293aa65c39599822577a8957155b2b71f759a252c5e08724637cf1dc44089595" } ], "passthrough": { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index ea7075cf9f..41538f6305 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -98,7 +98,7 @@ export class SBOMResults { } */ generateIntermediary(data: Record) { - // Find if vulnerabilities structure exists, else skip vulnerability restructuring + // Determine if this is an SBOM; if so, proceed with restructuring if (_.has(data, 'components') && _.has(data, 'vulnerabilities')) { for (const vulnerability of data.vulnerabilities as (Record< string, @@ -136,8 +136,7 @@ export class SBOMMapper extends BaseConverter { > = { platform: { name: 'Heimdall Tools', - release: HeimdallToolsVersion, - target_id: null //Insert data + release: HeimdallToolsVersion }, version: HeimdallToolsVersion, statistics: {}, @@ -158,7 +157,6 @@ export class SBOMMapper extends BaseConverter { }, version: {path: 'metadata.component.version'}, maintainer: {path: 'metadata.component.author'}, - summary: null, //Insert data description: {path: 'metadata.component.description'}, license: { path: 'metadata.component', @@ -173,12 +171,9 @@ export class SBOMMapper extends BaseConverter { return message.slice(0, -2); } }, - supports: [], //Insert data - attributes: [], //Insert data - copyright: null, //Insert data - copyright_email: null, //Insert data - depends: [], //Insert data - groups: [], //Insert data + supports: [], + attributes: [], + groups: [], status: 'loaded', controls: [ { @@ -268,7 +263,11 @@ export class SBOMMapper extends BaseConverter { name: 'SBOM', components: _.get(data, 'components'), dependencies: _.get(data, 'dependencies'), - data: _.omit(data, ['components', 'dependencies']) + data: _.omit(data, [ + 'components', + 'vulnerabilities', + 'dependencies' + ]) } ], ...(this.withRaw && {raw: data}) diff --git a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts index 36ad553864..e5b7ab4b66 100644 --- a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts @@ -11,10 +11,10 @@ describe('sbom_mapper_saf', () => { ) ); - // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', - // JSON.stringify(mapper.toHdf(), null, 2) - // ); + fs.writeFileSync( + 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', + JSON.stringify(mapper.toHdf(), null, 2) + ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -36,10 +36,10 @@ describe('sbom_mapper_saf', () => { true ); - // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', - // JSON.stringify(mapper.toHdf(), null, 2) - // ); + fs.writeFileSync( + 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', + JSON.stringify(mapper.toHdf(), null, 2) + ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -65,10 +65,10 @@ describe('sbom_mapper_dropwizard_vulns', () => { ) ); - // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', - // JSON.stringify(mapper.toHdf(), null, 2) - // ); + fs.writeFileSync( + 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', + JSON.stringify(mapper.toHdf(), null, 2) + ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -93,10 +93,10 @@ describe('sbom_mapper_dropwizard_vulns', () => { true ); - // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', - // JSON.stringify(mapper.toHdf(), null, 2) - // ); + fs.writeFileSync( + 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', + JSON.stringify(mapper.toHdf(), null, 2) + ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( From 7b9201cfd3ed6ec4514508cd10c2b73505165cc0 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 25 Jul 2024 16:00:56 -0400 Subject: [PATCH 20/61] Test fix Signed-off-by: Charles Hu --- .../test/mappers/forward/sbom_mapper.spec.ts | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts index e5b7ab4b66..36ad553864 100644 --- a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts @@ -11,10 +11,10 @@ describe('sbom_mapper_saf', () => { ) ); - fs.writeFileSync( - 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', - JSON.stringify(mapper.toHdf(), null, 2) - ); + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -36,10 +36,10 @@ describe('sbom_mapper_saf', () => { true ); - fs.writeFileSync( - 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', - JSON.stringify(mapper.toHdf(), null, 2) - ); + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -65,10 +65,10 @@ describe('sbom_mapper_dropwizard_vulns', () => { ) ); - fs.writeFileSync( - 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', - JSON.stringify(mapper.toHdf(), null, 2) - ); + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( @@ -93,10 +93,10 @@ describe('sbom_mapper_dropwizard_vulns', () => { true ); - fs.writeFileSync( - 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', - JSON.stringify(mapper.toHdf(), null, 2) - ); + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( From 7aa83222053eaf6e39d4db2b1d7b0aa521bf33a2 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Fri, 26 Jul 2024 14:03:31 -0400 Subject: [PATCH 21/61] VEX support Signed-off-by: Charles Hu --- .../sample_input_report/dropwizard-vex.json | 2555 ++ .../sbom-dropwizard-no-vulns-hdf-withraw.json | 20117 ++++++++++++++++ .../sbom-dropwizard-no-vulns-hdf.json | 10074 ++++++++ .../sbom-dropwizard-vex-hdf-withraw.json | 7169 ++++++ .../sbom_mapper/sbom-dropwizard-vex-hdf.json | 4092 ++++ libs/hdf-converters/src/sbom-mapper.ts | 24 +- .../test/mappers/forward/sbom_mapper.spec.ts | 114 + 7 files changed, 44144 insertions(+), 1 deletion(-) create mode 100644 libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-vex.json create mode 100644 libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json create mode 100644 libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json create mode 100644 libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json create mode 100644 libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-vex.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-vex.json new file mode 100644 index 0000000000..b866b41fb0 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-vex.json @@ -0,0 +1,2555 @@ +{ + "bomFormat" : "CycloneDX", + "specVersion" : "1.5", + "serialNumber" : "urn:uuid:b9d34fa9-4f62-4b08-ae38-af606a1dc7fd", + "version" : 1, + "metadata" : { + "timestamp" : "2024-07-08T17:31:55Z", + "tools" : [ + { + "vendor" : "OWASP", + "name" : "Dependency-Track", + "version" : "4.11.4" + } + ], + "component" : { + "type" : "application", + "bom-ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name" : "test 9", + "version" : "SNAPSHOT", + "description" : "This is the project I want to use to generate data to understand the schema a bit better" + } + }, + "vulnerabilities" : [ + { + "bom-ref" : "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id" : "GHSA-5mg8-w23w-74h3", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "low", + "method" : "other" + } + ], + "cwes" : [ + 173, + 200, + 378, + 732 + ], + "description" : "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "published" : "2021-03-25T17:04:19Z", + "updated" : "2023-11-09T18:44:38Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "bb03c210-ea12-450d-85df-17d81a75ede2", + "id" : "GHSA-7g45-4rm6-3mm3", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 379, + 552 + ], + "description" : "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "published" : "2023-06-14T18:30:38Z", + "updated" : "2024-02-13T21:49:15Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id" : "GHSA-5p34-5m6p-p58g", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "critical", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "published" : "2020-04-23T21:08:40Z", + "updated" : "2023-02-01T05:02:59Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id" : "GHSA-27xj-rqx5-2255", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "published" : "2020-05-15T18:58:44Z", + "updated" : "2023-02-01T05:02:59Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id" : "GHSA-58pp-9c76-5625", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "published" : "2020-06-10T21:12:41Z", + "updated" : "2023-02-01T05:03:03Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id" : "GHSA-v3xw-c963-f5hc", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "published" : "2020-05-15T18:58:50Z", + "updated" : "2023-02-01T05:03:05Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id" : "GHSA-h4rc-386g-6m85", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "published" : "2020-04-23T20:19:02Z", + "updated" : "2024-03-15T00:41:35Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id" : "GHSA-9vvp-fxw6-jcxr", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "published" : "2020-05-15T18:58:47Z", + "updated" : "2024-03-15T00:48:55Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "343cd240-f667-4770-aecf-ddc11f9d0172", + "id" : "GHSA-rf6r-2c4q-2vwg", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "published" : "2020-05-15T18:58:54Z", + "updated" : "2024-03-15T00:50:18Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id" : "GHSA-758m-v56v-grj4", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "published" : "2020-04-23T21:36:03Z", + "updated" : "2024-06-25T13:46:45Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id" : "GHSA-95cm-88f5-f2c7", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "published" : "2020-04-23T16:32:59Z", + "updated" : "2024-07-03T21:10:50Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id" : "GHSA-c2q3-4qrh-fm48", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "published" : "2020-06-18T14:44:50Z", + "updated" : "2023-02-01T05:04:14Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id" : "GHSA-mc6h-4qgp-37qh", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "published" : "2020-06-18T14:44:43Z", + "updated" : "2024-03-15T00:37:17Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id" : "GHSA-j823-4qch-3rgm", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "published" : "2020-06-18T14:44:46Z", + "updated" : "2024-03-15T00:39:55Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id" : "GHSA-c265-37vj-cwcc", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "published" : "2020-06-18T14:44:48Z", + "updated" : "2024-06-25T13:46:04Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id" : "GHSA-4w82-r329-3q67", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "critical", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "published" : "2020-03-04T20:52:14Z", + "updated" : "2023-06-08T19:02:12Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id" : "GHSA-rpr3-cw39-3pxh", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "published" : "2022-07-15T19:41:47Z", + "updated" : "2023-08-18T15:45:27Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "c037af59-a132-4727-8cc3-c6095c490df7", + "id" : "GHSA-fmmc-742q-jg75", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "critical", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "published" : "2019-11-13T00:32:27Z", + "updated" : "2023-09-14T14:55:20Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id" : "GHSA-gjmw-vf9h-g25v", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "critical", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "published" : "2019-11-13T00:32:38Z", + "updated" : "2023-09-14T14:55:25Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id" : "GHSA-mx7p-6679-8g3q", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "critical", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "published" : "2019-10-28T20:51:15Z", + "updated" : "2024-03-15T00:57:37Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id" : "GHSA-q93h-jc49-78gg", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "critical", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "published" : "2020-05-15T18:59:10Z", + "updated" : "2023-09-14T15:09:40Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id" : "GHSA-p43x-xfjf-5jhr", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "critical", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "published" : "2020-05-15T18:59:01Z", + "updated" : "2024-03-15T00:20:09Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id" : "GHSA-h3cw-g4mq-c5x2", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 94, + 502 + ], + "description" : "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "published" : "2021-12-09T19:14:51Z", + "updated" : "2023-09-14T15:44:55Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "3ad04380-a25c-41d8-8fad-259c2561795b", + "id" : "GHSA-qjw2-hr98-qgfh", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "published" : "2021-12-09T19:15:36Z", + "updated" : "2023-09-14T15:47:50Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "86f78c35-adfb-48e4-9428-88084373e1c0", + "id" : "GHSA-8w26-6f25-cm9x", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "published" : "2021-12-09T19:16:02Z", + "updated" : "2023-09-14T15:52:49Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id" : "GHSA-m6x4-97wx-4q27", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "published" : "2021-12-09T19:16:26Z", + "updated" : "2023-09-14T15:53:30Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "00033bff-66dc-4a36-ab38-a10b0625409f", + "id" : "GHSA-v585-23hc-c647", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "published" : "2021-11-19T20:13:06Z", + "updated" : "2023-09-14T15:59:33Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id" : "GHSA-r695-7vr9-jgc2", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "published" : "2021-12-09T19:16:51Z", + "updated" : "2023-09-14T16:01:31Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id" : "GHSA-vfqx-33qm-g869", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "published" : "2021-12-09T19:16:59Z", + "updated" : "2023-09-14T16:04:22Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "5201940b-1f04-4668-ae86-8261448d817d", + "id" : "GHSA-f9xh-2qgp-cq57", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "published" : "2021-12-09T19:16:42Z", + "updated" : "2023-09-14T16:04:22Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id" : "GHSA-cvm9-fjm9-3572", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published" : "2021-12-09T19:16:10Z", + "updated" : "2023-09-14T16:07:00Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id" : "GHSA-9gph-22xh-8x98", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published" : "2021-12-09T19:15:54Z", + "updated" : "2023-09-14T16:07:40Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "950cff67-088e-4f41-9818-25943c9e17c0", + "id" : "GHSA-89qr-369f-5m5x", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published" : "2021-12-09T19:15:46Z", + "updated" : "2023-09-14T16:08:37Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id" : "GHSA-8c4j-34r4-xr8g", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published" : "2021-12-09T19:16:18Z", + "updated" : "2023-09-14T16:13:01Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id" : "GHSA-9m6f-7xcq-8vf8", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "published" : "2021-12-09T19:16:34Z", + "updated" : "2023-09-14T16:15:44Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "6d5189b4-d549-419a-b886-43a62cc43d40", + "id" : "GHSA-5r5r-6hpj-8gg9", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "published" : "2021-12-09T19:15:24Z", + "updated" : "2023-11-21T11:40:53Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "135c6dab-529e-4855-ab72-a0138e2110c8", + "id" : "GHSA-wh8g-3j2c-rqj5", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "published" : "2021-12-09T19:15:00Z", + "updated" : "2024-03-15T00:28:08Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id" : "GHSA-r3gr-cxrf-hg25", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502, + 913 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "published" : "2021-12-09T19:15:11Z", + "updated" : "2024-06-25T13:47:23Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id" : "GHSA-jjjh-jjxp-wpff", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 400, + 502 + ], + "description" : "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "published" : "2022-10-03T00:00:31Z", + "updated" : "2024-03-15T00:14:44Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id" : "GHSA-5949-rw7g-wx7w", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "published" : "2021-01-20T21:20:15Z", + "updated" : "2024-03-15T00:16:04Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id" : "GHSA-57j2-w4cx-62h2", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 787 + ], + "description" : "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "published" : "2022-03-12T00:00:36Z", + "updated" : "2024-03-15T00:24:56Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id" : "GHSA-288c-cq4h-88gq", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 611 + ], + "description" : "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "published" : "2021-02-18T20:51:54Z", + "updated" : "2024-03-15T00:31:24Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id" : "GHSA-gww7-p5w4-wrfv", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "critical", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "published" : "2020-03-04T20:52:11Z", + "updated" : "2024-03-15T00:52:59Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id" : "GHSA-rgv9-q543-rqg4", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 400, + 502 + ], + "description" : "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "published" : "2022-10-03T00:00:31Z", + "updated" : "2024-03-24T05:01:05Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id" : "GHSA-fqwf-pjwf-7vqv", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "published" : "2020-05-15T18:59:04Z", + "updated" : "2024-07-03T21:10:31Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "f2fa9b19-418a-4901-9840-a8631227701e", + "id" : "GHSA-8jpx-m2wh-2v34", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 74 + ], + "description" : "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published" : "2020-04-10T18:42:20Z", + "updated" : "2023-01-09T05:02:18Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id" : "GHSA-3mcp-9wr4-cjqf", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 74 + ], + "description" : "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published" : "2020-02-24T17:27:27Z", + "updated" : "2024-06-05T16:42:03Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id" : "GHSA-rvwf-54qp-4r6v", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 776 + ], + "description" : "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published" : "2021-06-04T21:37:45Z", + "updated" : "2023-05-22T20:17:58Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id" : "GHSA-9w3m-gqgf-c4p9", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 121, + 787 + ], + "description" : "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published" : "2022-09-06T00:00:27Z", + "updated" : "2024-03-15T12:30:36Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "5ab41975-23cc-45e0-9a13-be603ea00595", + "id" : "GHSA-w37g-rhq8-7m4j", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 121, + 787 + ], + "description" : "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published" : "2022-11-11T19:00:31Z", + "updated" : "2024-06-21T21:33:52Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "dff65990-715e-4f71-aace-60d4436af108", + "id" : "GHSA-c4r9-r8fh-9vj2", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 121, + 787 + ], + "description" : "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published" : "2022-09-06T00:00:27Z", + "updated" : "2024-03-15T12:30:36Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id" : "GHSA-hhhw-99gj-p3c3", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 121, + 787 + ], + "description" : "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published" : "2022-09-06T00:00:27Z", + "updated" : "2024-03-15T12:30:36Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id" : "GHSA-98wm-3w3q-mw94", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 121, + 787 + ], + "description" : "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published" : "2022-09-06T00:00:27Z", + "updated" : "2024-03-15T12:30:36Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id" : "GHSA-3mc7-4q67-w48m", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 400, + 776 + ], + "description" : "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published" : "2022-08-31T00:00:24Z", + "updated" : "2024-03-15T19:06:46Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id" : "GHSA-mjmj-j48q-9wg2", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 20, + 502 + ], + "description" : "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published" : "2022-12-12T21:19:47Z", + "updated" : "2024-06-24T21:22:59Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id" : "GHSA-668q-qrv7-99fm", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published" : "2021-12-17T20:00:50Z", + "updated" : "2023-01-30T05:04:55Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id" : "GHSA-vmq6-5m68-f53m", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published" : "2023-11-29T12:30:16Z", + "updated" : "2023-12-05T21:31:13Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id" : "GHSA-vmq6-5m68-f53m", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published" : "2023-11-29T12:30:16Z", + "updated" : "2023-12-05T21:31:13Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id" : "GHSA-m394-8rww-3jr7", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 400 + ], + "description" : "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published" : "2021-03-10T03:46:47Z", + "updated" : "2023-02-01T05:05:09Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id" : "GHSA-m6cp-vxjx-65j6", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "low", + "method" : "other" + } + ], + "cwes" : [ + 613 + ], + "description" : "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published" : "2021-06-23T20:23:04Z", + "updated" : "2023-02-01T05:05:59Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id" : "GHSA-26vr-8j45-3r4w", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 400, + 551, + 755 + ], + "description" : "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published" : "2021-04-06T17:31:30Z", + "updated" : "2023-09-26T11:11:47Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id" : "GHSA-p26g-97m4-6q7c", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "low", + "method" : "other" + } + ], + "cwes" : [ + 200 + ], + "description" : "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published" : "2023-04-18T22:19:57Z", + "updated" : "2023-11-06T05:01:53Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id" : "GHSA-qw69-rqj8-6qw8", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 400, + 770 + ], + "description" : "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published" : "2023-04-19T18:15:45Z", + "updated" : "2023-11-06T05:02:06Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id" : "GHSA-86wm-rrjm-8wh8", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 226 + ], + "description" : "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published" : "2020-12-02T18:28:18Z", + "updated" : "2024-02-21T17:23:14Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "c19b779d-2699-44de-a189-a0d18d8dc953", + "id" : "GHSA-cj7v-27pg-wf7q", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "low", + "method" : "other" + } + ], + "cwes" : [ + 20 + ], + "description" : "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published" : "2022-07-07T20:55:34Z", + "updated" : "2023-01-29T05:06:01Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id" : "GHSA-hmr7-m48g-48f6", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 130 + ], + "description" : "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published" : "2023-09-14T16:17:27Z", + "updated" : "2023-11-06T05:01:59Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id" : "GHSA-g3wg-6mcf-8jj6", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 378, + 379, + 552 + ], + "description" : "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published" : "2020-11-04T17:50:24Z", + "updated" : "2023-11-27T23:07:53Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "76910119-ee18-4144-855b-b2fdab20e33c", + "id" : "GHSA-58qw-p7qm-5rvh", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "low", + "method" : "other" + } + ], + "cwes" : [ + 611 + ], + "description" : "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published" : "2023-07-10T21:52:39Z", + "updated" : "2023-09-05T22:39:32Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id" : "GHSA-gwcr-j4wh-j3cq", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 200 + ], + "description" : "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published" : "2021-06-10T15:43:22Z", + "updated" : "2023-02-01T05:05:51Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id" : "GHSA-3gh6-v5v9-6v9j", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "low", + "method" : "other" + } + ], + "cwes" : [ + 149 + ], + "description" : "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published" : "2023-09-14T16:16:00Z", + "updated" : "2023-11-06T05:01:59Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "499117ae-d134-4505-8674-ed498531e7a9", + "id" : "GHSA-269g-pwp5-87pp", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 200, + 732 + ], + "description" : "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published" : "2020-10-12T17:33:00Z", + "updated" : "2023-02-01T05:04:50Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id" : "INT-f70z-tbpp-4o5d", + "source" : { + "name" : "INTERNAL" + }, + "ratings" : [ + { + "source" : { + "name" : "INTERNAL" + }, + "severity" : "high", + "method" : "other" + } + ], + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id" : "INT-63e3-49kp-blqt", + "source" : { + "name" : "INTERNAL" + }, + "ratings" : [ + { + "source" : { + "name" : "INTERNAL" + }, + "severity" : "low", + "method" : "other" + } + ], + "description" : "testing", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "1f182b73-afb8-424c-8e08-533a0f702076", + "id" : "GHSA-j8jw-g6fq-mp7h", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 89 + ], + "description" : "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published" : "2022-02-09T22:57:29Z", + "updated" : "2024-06-27T16:39:59Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id" : "GHSA-8grg-q944-cch5", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 89 + ], + "description" : "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published" : "2022-02-10T23:05:04Z", + "updated" : "2024-06-27T18:05:49Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id" : "GHSA-hwj3-m3p6-hj38", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "critical", + "method" : "other" + } + ], + "cwes" : [ + 611 + ], + "description" : "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published" : "2020-06-05T16:13:36Z", + "updated" : "2023-01-27T05:02:30Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "8c0002e8-9326-40f7-9209-51020755ff02", + "id" : "GHSA-7r82-7xv7-xcpj", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 79 + ], + "description" : "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published" : "2021-06-03T23:40:23Z", + "updated" : "2023-02-01T05:05:30Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id" : "GHSA-jvfv-hrrc-6q72", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "critical", + "method" : "other" + } + ], + "cwes" : [ + 611 + ], + "description" : "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published" : "2022-03-05T00:00:45Z", + "updated" : "2023-01-27T05:02:46Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id" : "GHSA-wgmr-mf83-7x4j", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 400, + 410 + ], + "description" : "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published" : "2022-07-07T20:55:40Z", + "updated" : "2023-07-24T19:39:20Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "affa7af3-427f-4223-8028-d9ac45e80e08", + "id" : "GHSA-qppj-fm5r-hxr3", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 400 + ], + "description" : "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published" : "2023-10-10T21:28:24Z", + "updated" : "2024-06-21T21:34:00Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id" : "GHSA-rggv-cv7r-mw98", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 400 + ], + "description" : "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published" : "2024-02-26T20:13:46Z", + "updated" : "2024-05-02T18:38:19Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "affa7af3-427f-4223-8028-d9ac45e80e08", + "id" : "GHSA-qppj-fm5r-hxr3", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 400 + ], + "description" : "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published" : "2023-10-10T21:28:24Z", + "updated" : "2024-06-21T21:34:00Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id" : "GHSA-wgh7-54f2-x98r", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "high", + "method" : "other" + } + ], + "cwes" : [ + 190 + ], + "description" : "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published" : "2023-10-10T21:16:23Z", + "updated" : "2024-06-21T21:33:57Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id" : "GHSA-w4g2-9hj6-5472", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 295 + ], + "description" : "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published" : "2018-10-18T18:06:08Z", + "updated" : "2023-01-09T05:03:38Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id" : "GHSA-mm8h-8587-p46h", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "medium", + "method" : "other" + } + ], + "cwes" : [ + 400 + ], + "description" : "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published" : "2023-10-24T01:49:09Z", + "updated" : "2023-11-05T05:04:23Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id" : "GHSA-h376-j262-vhq6", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "critical", + "method" : "other" + } + ], + "cwes" : [ + 502 + ], + "description" : "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published" : "2022-01-06T23:55:09Z", + "updated" : "2023-02-25T00:31:20Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref" : "c8a50465-16df-44e0-84e9-7acff5870a51", + "id" : "GHSA-45hx-wfhj-473x", + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "ratings" : [ + { + "source" : { + "name" : "GITHUB", + "url" : "https://github.com/advisories" + }, + "severity" : "critical", + "method" : "other" + } + ], + "cwes" : [ + 88 + ], + "description" : "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published" : "2022-01-21T23:07:39Z", + "updated" : "2023-08-18T15:47:05Z", + "affects" : [ + { + "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + } + ] +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json new file mode 100644 index 0000000000..dfa7ca3cc0 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json @@ -0,0 +1,20117 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9", + "version": "SNAPSHOT", + "maintainer": "", + "description": "This is the project I want to use to generate data to understand the schema a bit better", + "license": "", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "45a072f28e84cfb00c8cab2139b026114a1f548fff8551d51d84c8c13b05f772" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:21541b57-cd8f-482c-a80f-9c79c75ca7cf", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:25Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + } + } + } + ], + "raw": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:21541b57-cd8f-482c-a80f-9c79c75ca7cf", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:25Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + }, + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json new file mode 100644 index 0000000000..6bc2e65c05 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json @@ -0,0 +1,10074 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9", + "version": "SNAPSHOT", + "maintainer": "", + "description": "This is the project I want to use to generate data to understand the schema a bit better", + "license": "", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "45a072f28e84cfb00c8cab2139b026114a1f548fff8551d51d84c8c13b05f772" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:21541b57-cd8f-482c-a80f-9c79c75ca7cf", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:25Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json new file mode 100644 index 0000000000..4fe92c23c5 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -0,0 +1,7169 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9", + "version": "SNAPSHOT", + "maintainer": "", + "description": "This is the project I want to use to generate data to understand the schema a bit better", + "license": "", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-173", + "CWE-200", + "CWE-378", + "CWE-732" + ] + }, + "descriptions": [ + { + "data": "2021-03-25T17:04:19Z", + "label": "Date published" + }, + { + "data": "2023-11-09T18:44:38Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-379", + "CWE-552" + ] + }, + "descriptions": [ + { + "data": "2023-06-14T18:30:38Z", + "label": "Date published" + }, + { + "data": "2024-02-13T21:49:15Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-04-23T21:08:40Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:02:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "impact": 1, + "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:58:44Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:02:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-06-10T21:12:41Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:03:03Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:58:50Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:03:05Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-04-23T20:19:02Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:41:35Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:58:47Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:48:55Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:58:54Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:50:18Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-04-23T21:36:03Z", + "label": "Date published" + }, + { + "data": "2024-06-25T13:46:45Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-04-23T16:32:59Z", + "label": "Date published" + }, + { + "data": "2024-07-03T21:10:50Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-06-18T14:44:50Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:04:14Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-06-18T14:44:43Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:37:17Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-06-18T14:44:46Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:39:55Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-06-18T14:44:48Z", + "label": "Date published" + }, + { + "data": "2024-06-25T13:46:04Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-03-04T20:52:14Z", + "label": "Date published" + }, + { + "data": "2023-06-08T19:02:12Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "impact": 1, + "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2022-07-15T19:41:47Z", + "label": "Date published" + }, + { + "data": "2023-08-18T15:45:27Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2019-11-13T00:32:27Z", + "label": "Date published" + }, + { + "data": "2023-09-14T14:55:20Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "impact": 1, + "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2019-11-13T00:32:38Z", + "label": "Date published" + }, + { + "data": "2023-09-14T14:55:25Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "impact": 1, + "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2019-10-28T20:51:15Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:57:37Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "impact": 1, + "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:59:10Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:09:40Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "impact": 1, + "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:59:01Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:20:09Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "impact": 1, + "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-94", + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:14:51Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:44:55Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:15:36Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:47:50Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:02Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:52:49Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:26Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:53:30Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-11-19T20:13:06Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:59:33Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:51Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:01:31Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:59Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:04:22Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:42Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:04:22Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:10Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:07:00Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:15:54Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:07:40Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:15:46Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:08:37Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:18Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:13:01Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:34Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:15:44Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:15:24Z", + "label": "Date published" + }, + { + "data": "2023-11-21T11:40:53Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:15:00Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:28:08Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502", + "CWE-913" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:15:11Z", + "label": "Date published" + }, + { + "data": "2024-06-25T13:47:23Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2022-10-03T00:00:31Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:14:44Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-01-20T21:20:15Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:16:04Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-787" + ] + }, + "descriptions": [ + { + "data": "2022-03-12T00:00:36Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:24:56Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ] + }, + "descriptions": [ + { + "data": "2021-02-18T20:51:54Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:31:24Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-03-04T20:52:11Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:52:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "impact": 1, + "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2022-10-03T00:00:31Z", + "label": "Date published" + }, + { + "data": "2024-03-24T05:01:05Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:59:04Z", + "label": "Date published" + }, + { + "data": "2024-07-03T21:10:31Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" + ] + }, + "descriptions": [ + { + "data": "2020-04-10T18:42:20Z", + "label": "Date published" + }, + { + "data": "2023-01-09T05:02:18Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" + ] + }, + "descriptions": [ + { + "data": "2020-02-24T17:27:27Z", + "label": "Date published" + }, + { + "data": "2024-06-05T16:42:03Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-776" + ] + }, + "descriptions": [ + { + "data": "2021-06-04T21:37:45Z", + "label": "Date published" + }, + { + "data": "2023-05-22T20:17:58Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ] + }, + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ] + }, + "descriptions": [ + { + "data": "2022-11-11T19:00:31Z", + "label": "Date published" + }, + { + "data": "2024-06-21T21:33:52Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ] + }, + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ] + }, + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ] + }, + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-776" + ] + }, + "descriptions": [ + { + "data": "2022-08-31T00:00:24Z", + "label": "Date published" + }, + { + "data": "2024-03-15T19:06:46Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20", + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2022-12-12T21:19:47Z", + "label": "Date published" + }, + { + "data": "2024-06-24T21:22:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-17T20:00:50Z", + "label": "Date published" + }, + { + "data": "2023-01-30T05:04:55Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2023-11-29T12:30:16Z", + "label": "Date published" + }, + { + "data": "2023-12-05T21:31:13Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ] + }, + "descriptions": [ + { + "data": "2021-03-10T03:46:47Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:09Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "AC-12" + ], + "cci": [ + "CCI-002361" + ], + "cwe": [ + "CWE-613" + ] + }, + "descriptions": [ + { + "data": "2021-06-23T20:23:04Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-551", + "CWE-755" + ] + }, + "descriptions": [ + { + "data": "2021-04-06T17:31:30Z", + "label": "Date published" + }, + { + "data": "2023-09-26T11:11:47Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" + ] + }, + "descriptions": [ + { + "data": "2023-04-18T22:19:57Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:01:53Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-770" + ] + }, + "descriptions": [ + { + "data": "2023-04-19T18:15:45Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:02:06Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-4" + ], + "cci": [ + "CCI-001090" + ], + "cwe": [ + "CWE-226" + ] + }, + "descriptions": [ + { + "data": "2020-12-02T18:28:18Z", + "label": "Date published" + }, + { + "data": "2024-02-21T17:23:14Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20" + ] + }, + "descriptions": [ + { + "data": "2022-07-07T20:55:34Z", + "label": "Date published" + }, + { + "data": "2023-01-29T05:06:01Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-130" + ] + }, + "descriptions": [ + { + "data": "2023-09-14T16:17:27Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:01:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-378", + "CWE-379", + "CWE-552" + ] + }, + "descriptions": [ + { + "data": "2020-11-04T17:50:24Z", + "label": "Date published" + }, + { + "data": "2023-11-27T23:07:53Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ] + }, + "descriptions": [ + { + "data": "2023-07-10T21:52:39Z", + "label": "Date published" + }, + { + "data": "2023-09-05T22:39:32Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" + ] + }, + "descriptions": [ + { + "data": "2021-06-10T15:43:22Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:51Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-149" + ] + }, + "descriptions": [ + { + "data": "2023-09-14T16:16:00Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:01:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-200", + "CWE-732" + ] + }, + "descriptions": [ + { + "data": "2020-10-12T17:33:00Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:04:50Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [] + }, + "descriptions": [ + { + "data": "", + "label": "Date published" + }, + { + "data": "", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "INTERNAL" + } + ] + } + ], + "source_location": {}, + "title": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "desc": "", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [] + }, + "descriptions": [ + { + "data": "", + "label": "Date published" + }, + { + "data": "", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "INTERNAL" + } + ] + } + ], + "source_location": {}, + "title": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "desc": "testing", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" + ] + }, + "descriptions": [ + { + "data": "2022-02-09T22:57:29Z", + "label": "Date published" + }, + { + "data": "2024-06-27T16:39:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" + ] + }, + "descriptions": [ + { + "data": "2022-02-10T23:05:04Z", + "label": "Date published" + }, + { + "data": "2024-06-27T18:05:49Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ] + }, + "descriptions": [ + { + "data": "2020-06-05T16:13:36Z", + "label": "Date published" + }, + { + "data": "2023-01-27T05:02:30Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "impact": 1, + "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-79" + ] + }, + "descriptions": [ + { + "data": "2021-06-03T23:40:23Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:30Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ] + }, + "descriptions": [ + { + "data": "2022-03-05T00:00:45Z", + "label": "Date published" + }, + { + "data": "2023-01-27T05:02:46Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "impact": 1, + "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-410" + ] + }, + "descriptions": [ + { + "data": "2022-07-07T20:55:40Z", + "label": "Date published" + }, + { + "data": "2023-07-24T19:39:20Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ] + }, + "descriptions": [ + { + "data": "2023-10-10T21:28:24Z", + "label": "Date published" + }, + { + "data": "2024-06-21T21:34:00Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ] + }, + "descriptions": [ + { + "data": "2024-02-26T20:13:46Z", + "label": "Date published" + }, + { + "data": "2024-05-02T18:38:19Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-190" + ] + }, + "descriptions": [ + { + "data": "2023-10-10T21:16:23Z", + "label": "Date published" + }, + { + "data": "2024-06-21T21:33:57Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-295" + ] + }, + "descriptions": [ + { + "data": "2018-10-18T18:06:08Z", + "label": "Date published" + }, + { + "data": "2023-01-09T05:03:38Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ] + }, + "descriptions": [ + { + "data": "2023-10-24T01:49:09Z", + "label": "Date published" + }, + { + "data": "2023-11-05T05:04:23Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2022-01-06T23:55:09Z", + "label": "Date published" + }, + { + "data": "2023-02-25T00:31:20Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "impact": 1, + "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-88" + ] + }, + "descriptions": [ + { + "data": "2022-01-21T23:07:39Z", + "label": "Date published" + }, + { + "data": "2023-08-18T15:47:05Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "impact": 1, + "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + } + ], + "sha256": "d547c818aee4fc72cd640de501c635493af622d5a75e15e3fca9f213727c9f88" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:b9d34fa9-4f62-4b08-ae38-af606a1dc7fd", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:31:55Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + } + } + } + ], + "raw": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:b9d34fa9-4f62-4b08-ae38-af606a1dc7fd", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:31:55Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + }, + "vulnerabilities": [ + { + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 173, + 200, + 378, + 732 + ], + "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 379, + 552 + ], + "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 94, + 502 + ], + "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502, + 913 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 787 + ], + "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 776 + ], + "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 776 + ], + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 20, + 502 + ], + "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 613 + ], + "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 551, + 755 + ], + "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400, + 770 + ], + "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 226 + ], + "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 20 + ], + "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 130 + ], + "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 378, + 379, + 552 + ], + "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 149 + ], + "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200, + 732 + ], + "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "high", + "method": "other" + } + ], + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "low", + "method": "other" + } + ], + "description": "testing", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 79 + ], + "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 410 + ], + "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 190 + ], + "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 295 + ], + "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 88 + ], + "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ], + "affectedComponents": [ + { + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json new file mode 100644 index 0000000000..5f79675546 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -0,0 +1,4092 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9", + "version": "SNAPSHOT", + "maintainer": "", + "description": "This is the project I want to use to generate data to understand the schema a bit better", + "license": "", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-173", + "CWE-200", + "CWE-378", + "CWE-732" + ] + }, + "descriptions": [ + { + "data": "2021-03-25T17:04:19Z", + "label": "Date published" + }, + { + "data": "2023-11-09T18:44:38Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-379", + "CWE-552" + ] + }, + "descriptions": [ + { + "data": "2023-06-14T18:30:38Z", + "label": "Date published" + }, + { + "data": "2024-02-13T21:49:15Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-04-23T21:08:40Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:02:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "impact": 1, + "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:58:44Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:02:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-06-10T21:12:41Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:03:03Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:58:50Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:03:05Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-04-23T20:19:02Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:41:35Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:58:47Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:48:55Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:58:54Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:50:18Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-04-23T21:36:03Z", + "label": "Date published" + }, + { + "data": "2024-06-25T13:46:45Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-04-23T16:32:59Z", + "label": "Date published" + }, + { + "data": "2024-07-03T21:10:50Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-06-18T14:44:50Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:04:14Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-06-18T14:44:43Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:37:17Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-06-18T14:44:46Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:39:55Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-06-18T14:44:48Z", + "label": "Date published" + }, + { + "data": "2024-06-25T13:46:04Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-03-04T20:52:14Z", + "label": "Date published" + }, + { + "data": "2023-06-08T19:02:12Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "impact": 1, + "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2022-07-15T19:41:47Z", + "label": "Date published" + }, + { + "data": "2023-08-18T15:45:27Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2019-11-13T00:32:27Z", + "label": "Date published" + }, + { + "data": "2023-09-14T14:55:20Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "impact": 1, + "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2019-11-13T00:32:38Z", + "label": "Date published" + }, + { + "data": "2023-09-14T14:55:25Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "impact": 1, + "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2019-10-28T20:51:15Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:57:37Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "impact": 1, + "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:59:10Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:09:40Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "impact": 1, + "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:59:01Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:20:09Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "impact": 1, + "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-94", + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:14:51Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:44:55Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:15:36Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:47:50Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:02Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:52:49Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:26Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:53:30Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-11-19T20:13:06Z", + "label": "Date published" + }, + { + "data": "2023-09-14T15:59:33Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:51Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:01:31Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:59Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:04:22Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:42Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:04:22Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:10Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:07:00Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:15:54Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:07:40Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:15:46Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:08:37Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:18Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:13:01Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:16:34Z", + "label": "Date published" + }, + { + "data": "2023-09-14T16:15:44Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:15:24Z", + "label": "Date published" + }, + { + "data": "2023-11-21T11:40:53Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:15:00Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:28:08Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502", + "CWE-913" + ] + }, + "descriptions": [ + { + "data": "2021-12-09T19:15:11Z", + "label": "Date published" + }, + { + "data": "2024-06-25T13:47:23Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2022-10-03T00:00:31Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:14:44Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-01-20T21:20:15Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:16:04Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-787" + ] + }, + "descriptions": [ + { + "data": "2022-03-12T00:00:36Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:24:56Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ] + }, + "descriptions": [ + { + "data": "2021-02-18T20:51:54Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:31:24Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-03-04T20:52:11Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:52:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "impact": 1, + "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2022-10-03T00:00:31Z", + "label": "Date published" + }, + { + "data": "2024-03-24T05:01:05Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2020-05-15T18:59:04Z", + "label": "Date published" + }, + { + "data": "2024-07-03T21:10:31Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" + ] + }, + "descriptions": [ + { + "data": "2020-04-10T18:42:20Z", + "label": "Date published" + }, + { + "data": "2023-01-09T05:02:18Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" + ] + }, + "descriptions": [ + { + "data": "2020-02-24T17:27:27Z", + "label": "Date published" + }, + { + "data": "2024-06-05T16:42:03Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-776" + ] + }, + "descriptions": [ + { + "data": "2021-06-04T21:37:45Z", + "label": "Date published" + }, + { + "data": "2023-05-22T20:17:58Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ] + }, + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ] + }, + "descriptions": [ + { + "data": "2022-11-11T19:00:31Z", + "label": "Date published" + }, + { + "data": "2024-06-21T21:33:52Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ] + }, + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ] + }, + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ] + }, + "descriptions": [ + { + "data": "2022-09-06T00:00:27Z", + "label": "Date published" + }, + { + "data": "2024-03-15T12:30:36Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-776" + ] + }, + "descriptions": [ + { + "data": "2022-08-31T00:00:24Z", + "label": "Date published" + }, + { + "data": "2024-03-15T19:06:46Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20", + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2022-12-12T21:19:47Z", + "label": "Date published" + }, + { + "data": "2024-06-24T21:22:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2021-12-17T20:00:50Z", + "label": "Date published" + }, + { + "data": "2023-01-30T05:04:55Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2023-11-29T12:30:16Z", + "label": "Date published" + }, + { + "data": "2023-12-05T21:31:13Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ] + }, + "descriptions": [ + { + "data": "2021-03-10T03:46:47Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:09Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "AC-12" + ], + "cci": [ + "CCI-002361" + ], + "cwe": [ + "CWE-613" + ] + }, + "descriptions": [ + { + "data": "2021-06-23T20:23:04Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-551", + "CWE-755" + ] + }, + "descriptions": [ + { + "data": "2021-04-06T17:31:30Z", + "label": "Date published" + }, + { + "data": "2023-09-26T11:11:47Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" + ] + }, + "descriptions": [ + { + "data": "2023-04-18T22:19:57Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:01:53Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-770" + ] + }, + "descriptions": [ + { + "data": "2023-04-19T18:15:45Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:02:06Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-4" + ], + "cci": [ + "CCI-001090" + ], + "cwe": [ + "CWE-226" + ] + }, + "descriptions": [ + { + "data": "2020-12-02T18:28:18Z", + "label": "Date published" + }, + { + "data": "2024-02-21T17:23:14Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20" + ] + }, + "descriptions": [ + { + "data": "2022-07-07T20:55:34Z", + "label": "Date published" + }, + { + "data": "2023-01-29T05:06:01Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-130" + ] + }, + "descriptions": [ + { + "data": "2023-09-14T16:17:27Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:01:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-378", + "CWE-379", + "CWE-552" + ] + }, + "descriptions": [ + { + "data": "2020-11-04T17:50:24Z", + "label": "Date published" + }, + { + "data": "2023-11-27T23:07:53Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ] + }, + "descriptions": [ + { + "data": "2023-07-10T21:52:39Z", + "label": "Date published" + }, + { + "data": "2023-09-05T22:39:32Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" + ] + }, + "descriptions": [ + { + "data": "2021-06-10T15:43:22Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:51Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-149" + ] + }, + "descriptions": [ + { + "data": "2023-09-14T16:16:00Z", + "label": "Date published" + }, + { + "data": "2023-11-06T05:01:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-200", + "CWE-732" + ] + }, + "descriptions": [ + { + "data": "2020-10-12T17:33:00Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:04:50Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [] + }, + "descriptions": [ + { + "data": "", + "label": "Date published" + }, + { + "data": "", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "INTERNAL" + } + ] + } + ], + "source_location": {}, + "title": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "desc": "", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [] + }, + "descriptions": [ + { + "data": "", + "label": "Date published" + }, + { + "data": "", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "INTERNAL" + } + ] + } + ], + "source_location": {}, + "title": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "desc": "testing", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" + ] + }, + "descriptions": [ + { + "data": "2022-02-09T22:57:29Z", + "label": "Date published" + }, + { + "data": "2024-06-27T16:39:59Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" + ] + }, + "descriptions": [ + { + "data": "2022-02-10T23:05:04Z", + "label": "Date published" + }, + { + "data": "2024-06-27T18:05:49Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ] + }, + "descriptions": [ + { + "data": "2020-06-05T16:13:36Z", + "label": "Date published" + }, + { + "data": "2023-01-27T05:02:30Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "impact": 1, + "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-79" + ] + }, + "descriptions": [ + { + "data": "2021-06-03T23:40:23Z", + "label": "Date published" + }, + { + "data": "2023-02-01T05:05:30Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ] + }, + "descriptions": [ + { + "data": "2022-03-05T00:00:45Z", + "label": "Date published" + }, + { + "data": "2023-01-27T05:02:46Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "impact": 1, + "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-410" + ] + }, + "descriptions": [ + { + "data": "2022-07-07T20:55:40Z", + "label": "Date published" + }, + { + "data": "2023-07-24T19:39:20Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ] + }, + "descriptions": [ + { + "data": "2023-10-10T21:28:24Z", + "label": "Date published" + }, + { + "data": "2024-06-21T21:34:00Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ] + }, + "descriptions": [ + { + "data": "2024-02-26T20:13:46Z", + "label": "Date published" + }, + { + "data": "2024-05-02T18:38:19Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-190" + ] + }, + "descriptions": [ + { + "data": "2023-10-10T21:16:23Z", + "label": "Date published" + }, + { + "data": "2024-06-21T21:33:57Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-295" + ] + }, + "descriptions": [ + { + "data": "2018-10-18T18:06:08Z", + "label": "Date published" + }, + { + "data": "2023-01-09T05:03:38Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ] + }, + "descriptions": [ + { + "data": "2023-10-24T01:49:09Z", + "label": "Date published" + }, + { + "data": "2023-11-05T05:04:23Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ] + }, + "descriptions": [ + { + "data": "2022-01-06T23:55:09Z", + "label": "Date published" + }, + { + "data": "2023-02-25T00:31:20Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "impact": 1, + "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-88" + ] + }, + "descriptions": [ + { + "data": "2022-01-21T23:07:39Z", + "label": "Date published" + }, + { + "data": "2023-08-18T15:47:05Z", + "label": "Date updated" + } + ], + "refs": [ + { + "ref": [ + { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + ] + } + ], + "source_location": {}, + "title": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "impact": 1, + "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + } + ], + "sha256": "d547c818aee4fc72cd640de501c635493af622d5a75e15e3fca9f213727c9f88" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:b9d34fa9-4f62-4b08-ae38-af606a1dc7fd", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:31:55Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 41538f6305..383bbf7892 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -54,6 +54,8 @@ export class SBOMResults { // In-place manipulations on ingested SBOM data this.flattenComponents(this.data); this.generateIntermediary(this.data); + // Back up operations in case we ingest VEX data instead + this.formatVEX(this.data); } // Flatten any arbitrarily nested components list @@ -98,7 +100,7 @@ export class SBOMResults { } */ generateIntermediary(data: Record) { - // Determine if this is an SBOM; if so, proceed with restructuring + // Determine if this is an SBOM and has a vulnerabilities structure; if so, proceed with restructuring if (_.has(data, 'components') && _.has(data, 'vulnerabilities')) { for (const vulnerability of data.vulnerabilities as (Record< string, @@ -122,6 +124,26 @@ export class SBOMResults { } } + // VEX by default has no component info, resulting in profile errors when parsing the vulnerabilities for OHDF + // Fix that by adding a temporary result that refers the vulnerability back to its associated BOM + formatVEX(data: Record) { + // Filter for VEX files only + if (_.has(data, 'vulnerabilities') && !_.has(data, 'components')) { + for (const vulnerability of data.vulnerabilities as (Record< + string, + unknown + > & {affects: Record[]})[]) { + const components = []; + for (const id of vulnerability.affects) { + // Build a dummy component for each bom-ref identified as being affected by the vulnerability + components.push({'bom-ref': `${id.ref}`, name: `${id.ref}`}); + } + // Add that affected components list to the corresponding vulnerability object + vulnerability.affectedComponents = components; + } + } + } + toHdf(): ExecJSON.Execution { return new SBOMMapper(this.data, this.withRaw).toHdf(); } diff --git a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts index 36ad553864..a69e2a53b2 100644 --- a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts @@ -112,3 +112,117 @@ describe('sbom_mapper_dropwizard_vulns', () => { ); }); }); + +describe('sbom_mapper_dropwizard_no_vulns', () => { + it('Successfully converts SBOM data', () => { + const mapper = new SBOMResults( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-no-vulns.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new SBOMResults( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-no-vulns.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('sbom_mapper_dropwizard_vex', () => { + it('Successfully converts SBOM data', () => { + const mapper = new SBOMResults( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vex.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new SBOMResults( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vex.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); From 57a6c8a4bba3df5a2f6e101ae67289350fbf1ad6 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 29 Jul 2024 07:48:30 -0400 Subject: [PATCH 22/61] Refactoring Signed-off-by: Charles Hu --- libs/hdf-converters/src/sbom-mapper.ts | 98 +++++++++++++------------- 1 file changed, 48 insertions(+), 50 deletions(-) diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 383bbf7892..5d0e2997bf 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -42,6 +42,7 @@ function aggregateImpact(ratings: Record[]) { impact += severity; } } + // Round up aggregate impact to the 2nd decimal place return Math.ceil((impact / ratings.length) * 100) / 100; } @@ -51,30 +52,33 @@ export class SBOMResults { constructor(SBOMJson: string, withRaw = false) { this.data = JSON.parse(SBOMJson); this.withRaw = withRaw; - // In-place manipulations on ingested SBOM data - this.flattenComponents(this.data); - this.generateIntermediary(this.data); - // Back up operations in case we ingest VEX data instead - this.formatVEX(this.data); + + if (_.has(this.data, 'components')) { + // In-place manipulations on ingested SBOM data + this.flattenComponents(this.data); + if (_.has(this.data, 'vulnerabilities')) { + this.generateIntermediary(this.data); + } + } else if (_.has(this.data, 'vulnerabilities')) { + // Back up operations in case we ingest VEX data instead + this.formatVEX(this.data); + } } // Flatten any arbitrarily nested components list flattenComponents(data: Record) { - // Ensure that a components structure is available - if (_.has(data, 'components')) { - // Look through every component at the top level of the list - for (const component of data.components as Record[]) { - // Identify if subcomponents exist - if (_.has(component, 'components')) { - // If so, pull out the subcomponents and push them to end of top level component list for further flattening - for (const subcomponent of component.components as Record< - string, - unknown - >[]) { - (data.components as Record[]).push(subcomponent); - } - delete component.components; + // Look through every component at the top level of the list + for (const component of data.components as Record[]) { + // Identify if subcomponents exist + if (_.has(component, 'components')) { + // If so, pull out the subcomponents and push them to end of top level component list for further flattening + for (const subcomponent of component.components as Record< + string, + unknown + >[]) { + (data.components as Record[]).push(subcomponent); } + delete component.components; } } } @@ -100,25 +104,20 @@ export class SBOMResults { } */ generateIntermediary(data: Record) { - // Determine if this is an SBOM and has a vulnerabilities structure; if so, proceed with restructuring - if (_.has(data, 'components') && _.has(data, 'vulnerabilities')) { - for (const vulnerability of data.vulnerabilities as (Record< - string, - unknown - > & {affects: Record[]})[]) { - for (const id of vulnerability.affects) { - const components = []; - for (const component of data.components as Record< - string, - unknown - >[]) { - // Find every comoponent that is affected via listed bom-refs and copy to an affected components list - if (component['bom-ref'] === id.ref) { - components.push(component); - } + for (const vulnerability of data.vulnerabilities as (Record< + string, + unknown + > & {affects: Record[]})[]) { + vulnerability.affectedComponents = []; + for (const id of vulnerability.affects) { + for (const component of data.components as Record[]) { + // Find every component that is affected via listed bom-refs and copy to an affected components list + if (component['bom-ref'] === id.ref) { + // Add that affected components list to the corresponding vulnerability object + ( + vulnerability.affectedComponents as Record[] + ).push(component); } - // Add that affected components list to the corresponding vulnerability object - vulnerability.affectedComponents = components; } } } @@ -127,19 +126,18 @@ export class SBOMResults { // VEX by default has no component info, resulting in profile errors when parsing the vulnerabilities for OHDF // Fix that by adding a temporary result that refers the vulnerability back to its associated BOM formatVEX(data: Record) { - // Filter for VEX files only - if (_.has(data, 'vulnerabilities') && !_.has(data, 'components')) { - for (const vulnerability of data.vulnerabilities as (Record< - string, - unknown - > & {affects: Record[]})[]) { - const components = []; - for (const id of vulnerability.affects) { - // Build a dummy component for each bom-ref identified as being affected by the vulnerability - components.push({'bom-ref': `${id.ref}`, name: `${id.ref}`}); - } - // Add that affected components list to the corresponding vulnerability object - vulnerability.affectedComponents = components; + for (const vulnerability of data.vulnerabilities as (Record< + string, + unknown + > & {affects: Record[]})[]) { + vulnerability.affectedComponents = []; + for (const id of vulnerability.affects) { + // Build a dummy component for each bom-ref identified as being affected by the vulnerability + // Add that component to the corresponding vulnerability object + (vulnerability.affectedComponents as Record[]).push({ + 'bom-ref': `${id.ref}`, + name: `${id.ref}` + }); } } } From ec42b2f1e8cb8f82ced2a789dca90824db5fd4ae Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Tue, 30 Jul 2024 09:47:51 -0400 Subject: [PATCH 23/61] Component field filtering and vulnerability ID appending Signed-off-by: Charles Hu --- .../sbom-dropwizard-vex-hdf-withraw.json | 512 +- .../sbom_mapper/sbom-dropwizard-vex-hdf.json | 512 +- .../sbom-dropwizard-vulns-hdf-withraw.json | 4421 +++-------------- .../sbom-dropwizard-vulns-hdf.json | 651 ++- libs/hdf-converters/src/sbom-mapper.ts | 38 +- 5 files changed, 2146 insertions(+), 3988 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index 4fe92c23c5..5f2bcdba66 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -36,6 +36,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-03-25T17:04:19Z", "label": "Date published" @@ -65,7 +69,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -86,6 +90,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-06-14T18:30:38Z", "label": "Date published" @@ -115,7 +123,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -133,6 +141,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T21:08:40Z", "label": "Date published" @@ -162,7 +174,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -180,6 +192,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:44Z", "label": "Date published" @@ -209,7 +225,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -227,6 +243,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-10T21:12:41Z", "label": "Date published" @@ -256,7 +276,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -274,6 +294,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:50Z", "label": "Date published" @@ -303,7 +327,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -321,6 +345,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T20:19:02Z", "label": "Date published" @@ -350,7 +378,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -368,6 +396,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:47Z", "label": "Date published" @@ -397,7 +429,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -415,6 +447,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:54Z", "label": "Date published" @@ -444,7 +480,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -462,6 +498,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T21:36:03Z", "label": "Date published" @@ -491,7 +531,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -509,6 +549,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T16:32:59Z", "label": "Date published" @@ -538,7 +582,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -556,6 +600,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:50Z", "label": "Date published" @@ -585,7 +633,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -603,6 +651,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:43Z", "label": "Date published" @@ -632,7 +684,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -650,6 +702,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:46Z", "label": "Date published" @@ -679,7 +735,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -697,6 +753,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:48Z", "label": "Date published" @@ -726,7 +786,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -744,6 +804,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-03-04T20:52:14Z", "label": "Date published" @@ -773,7 +837,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -791,6 +855,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-07-15T19:41:47Z", "label": "Date published" @@ -820,7 +888,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -838,6 +906,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2019-11-13T00:32:27Z", "label": "Date published" @@ -867,7 +939,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -885,6 +957,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2019-11-13T00:32:38Z", "label": "Date published" @@ -914,7 +990,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -932,6 +1008,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2019-10-28T20:51:15Z", "label": "Date published" @@ -961,7 +1041,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -979,6 +1059,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:59:10Z", "label": "Date published" @@ -1008,7 +1092,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1026,6 +1110,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:59:01Z", "label": "Date published" @@ -1055,7 +1143,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1074,6 +1162,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:14:51Z", "label": "Date published" @@ -1103,7 +1195,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1121,6 +1213,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:36Z", "label": "Date published" @@ -1150,7 +1246,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1168,6 +1264,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:02Z", "label": "Date published" @@ -1197,7 +1297,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1215,6 +1315,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:26Z", "label": "Date published" @@ -1244,7 +1348,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1262,6 +1366,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-11-19T20:13:06Z", "label": "Date published" @@ -1291,7 +1399,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1309,6 +1417,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:51Z", "label": "Date published" @@ -1338,7 +1450,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1356,6 +1468,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:59Z", "label": "Date published" @@ -1385,7 +1501,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1403,6 +1519,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:42Z", "label": "Date published" @@ -1432,7 +1552,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1450,6 +1570,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:10Z", "label": "Date published" @@ -1479,7 +1603,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1497,6 +1621,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:54Z", "label": "Date published" @@ -1526,7 +1654,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1544,6 +1672,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:46Z", "label": "Date published" @@ -1573,7 +1705,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1591,6 +1723,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:18Z", "label": "Date published" @@ -1620,7 +1756,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1638,6 +1774,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:34Z", "label": "Date published" @@ -1667,7 +1807,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1685,6 +1825,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:24Z", "label": "Date published" @@ -1714,7 +1858,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1732,6 +1876,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:00Z", "label": "Date published" @@ -1761,7 +1909,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1780,6 +1928,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:11Z", "label": "Date published" @@ -1809,7 +1961,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1828,6 +1980,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -1857,7 +2013,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1875,6 +2031,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-01-20T21:20:15Z", "label": "Date published" @@ -1904,7 +2064,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1922,6 +2082,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-03-12T00:00:36Z", "label": "Date published" @@ -1951,7 +2115,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1969,6 +2133,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-02-18T20:51:54Z", "label": "Date published" @@ -1998,7 +2166,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2016,6 +2184,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-03-04T20:52:11Z", "label": "Date published" @@ -2045,7 +2217,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2064,6 +2236,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -2093,7 +2269,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2111,6 +2287,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:59:04Z", "label": "Date published" @@ -2140,7 +2320,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2160,6 +2340,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-10T18:42:20Z", "label": "Date published" @@ -2189,7 +2373,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2209,6 +2393,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-02-24T17:27:27Z", "label": "Date published" @@ -2238,7 +2426,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2258,6 +2446,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-04T21:37:45Z", "label": "Date published" @@ -2287,7 +2479,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2306,6 +2498,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2335,7 +2531,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2354,6 +2550,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-11-11T19:00:31Z", "label": "Date published" @@ -2383,7 +2583,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2402,6 +2602,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2431,7 +2635,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2450,6 +2654,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2479,7 +2687,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2498,6 +2706,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2527,7 +2739,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2546,6 +2758,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-08-31T00:00:24Z", "label": "Date published" @@ -2575,7 +2791,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2594,6 +2810,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-12-12T21:19:47Z", "label": "Date published" @@ -2623,7 +2843,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2641,6 +2861,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-17T20:00:50Z", "label": "Date published" @@ -2670,7 +2894,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2688,6 +2912,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-11-29T12:30:16Z", "label": "Date published" @@ -2717,7 +2945,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2735,6 +2963,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-03-10T03:46:47Z", "label": "Date published" @@ -2764,7 +2996,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2782,6 +3014,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-23T20:23:04Z", "label": "Date published" @@ -2811,7 +3047,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2831,6 +3067,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-04-06T17:31:30Z", "label": "Date published" @@ -2860,7 +3100,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2878,6 +3118,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-04-18T22:19:57Z", "label": "Date published" @@ -2907,7 +3151,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2926,6 +3170,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-04-19T18:15:45Z", "label": "Date published" @@ -2955,7 +3203,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2973,6 +3221,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-12-02T18:28:18Z", "label": "Date published" @@ -3002,7 +3254,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3020,6 +3272,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-07-07T20:55:34Z", "label": "Date published" @@ -3049,7 +3305,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3069,6 +3325,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-09-14T16:17:27Z", "label": "Date published" @@ -3098,7 +3358,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3120,6 +3380,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-11-04T17:50:24Z", "label": "Date published" @@ -3149,7 +3413,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3167,6 +3431,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-07-10T21:52:39Z", "label": "Date published" @@ -3196,7 +3464,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3214,6 +3482,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-10T15:43:22Z", "label": "Date published" @@ -3243,7 +3515,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3263,6 +3535,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-09-14T16:16:00Z", "label": "Date published" @@ -3292,7 +3568,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3313,6 +3589,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-10-12T17:33:00Z", "label": "Date published" @@ -3342,7 +3622,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3360,6 +3640,10 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "", "label": "Date published" @@ -3388,7 +3672,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3406,6 +3690,10 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "", "label": "Date published" @@ -3434,7 +3722,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3452,6 +3740,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-02-09T22:57:29Z", "label": "Date published" @@ -3481,7 +3773,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3499,6 +3791,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-02-10T23:05:04Z", "label": "Date published" @@ -3528,7 +3824,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3546,6 +3842,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-05T16:13:36Z", "label": "Date published" @@ -3575,7 +3875,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3593,6 +3893,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-03T23:40:23Z", "label": "Date published" @@ -3622,7 +3926,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3640,6 +3944,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-03-05T00:00:45Z", "label": "Date published" @@ -3669,7 +3977,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3688,6 +3996,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-07-07T20:55:40Z", "label": "Date published" @@ -3717,7 +4029,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3735,6 +4047,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-10-10T21:28:24Z", "label": "Date published" @@ -3764,7 +4080,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3782,6 +4098,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2024-02-26T20:13:46Z", "label": "Date published" @@ -3811,7 +4131,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3829,6 +4149,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-10-10T21:16:23Z", "label": "Date published" @@ -3858,7 +4182,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3878,6 +4202,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2018-10-18T18:06:08Z", "label": "Date published" @@ -3907,7 +4235,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3925,6 +4253,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-10-24T01:49:09Z", "label": "Date published" @@ -3954,7 +4286,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3972,6 +4304,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-01-06T23:55:09Z", "label": "Date published" @@ -4001,7 +4337,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -4021,6 +4357,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-01-21T23:07:39Z", "label": "Date published" @@ -4050,13 +4390,13 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] } ], - "sha256": "d547c818aee4fc72cd640de501c635493af622d5a75e15e3fca9f213727c9f88" + "sha256": "b90c78f4c0936df3350a3460489cbc98ebb18a6edc000f68bf7f9f951ba54404" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json index 5f79675546..6144055773 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -36,6 +36,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-03-25T17:04:19Z", "label": "Date published" @@ -65,7 +69,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -86,6 +90,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-06-14T18:30:38Z", "label": "Date published" @@ -115,7 +123,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -133,6 +141,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T21:08:40Z", "label": "Date published" @@ -162,7 +174,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -180,6 +192,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:44Z", "label": "Date published" @@ -209,7 +225,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -227,6 +243,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-10T21:12:41Z", "label": "Date published" @@ -256,7 +276,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -274,6 +294,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:50Z", "label": "Date published" @@ -303,7 +327,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -321,6 +345,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T20:19:02Z", "label": "Date published" @@ -350,7 +378,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -368,6 +396,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:47Z", "label": "Date published" @@ -397,7 +429,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -415,6 +447,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:54Z", "label": "Date published" @@ -444,7 +480,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -462,6 +498,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T21:36:03Z", "label": "Date published" @@ -491,7 +531,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -509,6 +549,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T16:32:59Z", "label": "Date published" @@ -538,7 +582,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -556,6 +600,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:50Z", "label": "Date published" @@ -585,7 +633,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -603,6 +651,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:43Z", "label": "Date published" @@ -632,7 +684,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -650,6 +702,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:46Z", "label": "Date published" @@ -679,7 +735,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -697,6 +753,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:48Z", "label": "Date published" @@ -726,7 +786,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -744,6 +804,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-03-04T20:52:14Z", "label": "Date published" @@ -773,7 +837,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -791,6 +855,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-07-15T19:41:47Z", "label": "Date published" @@ -820,7 +888,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -838,6 +906,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2019-11-13T00:32:27Z", "label": "Date published" @@ -867,7 +939,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -885,6 +957,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2019-11-13T00:32:38Z", "label": "Date published" @@ -914,7 +990,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -932,6 +1008,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2019-10-28T20:51:15Z", "label": "Date published" @@ -961,7 +1041,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -979,6 +1059,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:59:10Z", "label": "Date published" @@ -1008,7 +1092,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1026,6 +1110,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:59:01Z", "label": "Date published" @@ -1055,7 +1143,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1074,6 +1162,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:14:51Z", "label": "Date published" @@ -1103,7 +1195,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1121,6 +1213,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:36Z", "label": "Date published" @@ -1150,7 +1246,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1168,6 +1264,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:02Z", "label": "Date published" @@ -1197,7 +1297,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1215,6 +1315,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:26Z", "label": "Date published" @@ -1244,7 +1348,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1262,6 +1366,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-11-19T20:13:06Z", "label": "Date published" @@ -1291,7 +1399,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1309,6 +1417,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:51Z", "label": "Date published" @@ -1338,7 +1450,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1356,6 +1468,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:59Z", "label": "Date published" @@ -1385,7 +1501,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1403,6 +1519,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:42Z", "label": "Date published" @@ -1432,7 +1552,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1450,6 +1570,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:10Z", "label": "Date published" @@ -1479,7 +1603,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1497,6 +1621,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:54Z", "label": "Date published" @@ -1526,7 +1654,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1544,6 +1672,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:46Z", "label": "Date published" @@ -1573,7 +1705,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1591,6 +1723,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:18Z", "label": "Date published" @@ -1620,7 +1756,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1638,6 +1774,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:34Z", "label": "Date published" @@ -1667,7 +1807,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1685,6 +1825,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:24Z", "label": "Date published" @@ -1714,7 +1858,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1732,6 +1876,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:00Z", "label": "Date published" @@ -1761,7 +1909,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1780,6 +1928,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:11Z", "label": "Date published" @@ -1809,7 +1961,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1828,6 +1980,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -1857,7 +2013,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1875,6 +2031,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-01-20T21:20:15Z", "label": "Date published" @@ -1904,7 +2064,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1922,6 +2082,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-03-12T00:00:36Z", "label": "Date published" @@ -1951,7 +2115,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1969,6 +2133,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-02-18T20:51:54Z", "label": "Date published" @@ -1998,7 +2166,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2016,6 +2184,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-03-04T20:52:11Z", "label": "Date published" @@ -2045,7 +2217,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2064,6 +2236,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -2093,7 +2269,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2111,6 +2287,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:59:04Z", "label": "Date published" @@ -2140,7 +2320,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2160,6 +2340,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-10T18:42:20Z", "label": "Date published" @@ -2189,7 +2373,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2209,6 +2393,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-02-24T17:27:27Z", "label": "Date published" @@ -2238,7 +2426,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2258,6 +2446,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-04T21:37:45Z", "label": "Date published" @@ -2287,7 +2479,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2306,6 +2498,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2335,7 +2531,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2354,6 +2550,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-11-11T19:00:31Z", "label": "Date published" @@ -2383,7 +2583,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2402,6 +2602,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2431,7 +2635,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2450,6 +2654,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2479,7 +2687,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2498,6 +2706,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2527,7 +2739,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2546,6 +2758,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-08-31T00:00:24Z", "label": "Date published" @@ -2575,7 +2791,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2594,6 +2810,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-12-12T21:19:47Z", "label": "Date published" @@ -2623,7 +2843,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2641,6 +2861,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-17T20:00:50Z", "label": "Date published" @@ -2670,7 +2894,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2688,6 +2912,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-11-29T12:30:16Z", "label": "Date published" @@ -2717,7 +2945,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2735,6 +2963,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-03-10T03:46:47Z", "label": "Date published" @@ -2764,7 +2996,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2782,6 +3014,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-23T20:23:04Z", "label": "Date published" @@ -2811,7 +3047,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2831,6 +3067,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-04-06T17:31:30Z", "label": "Date published" @@ -2860,7 +3100,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2878,6 +3118,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-04-18T22:19:57Z", "label": "Date published" @@ -2907,7 +3151,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2926,6 +3170,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-04-19T18:15:45Z", "label": "Date published" @@ -2955,7 +3203,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2973,6 +3221,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-12-02T18:28:18Z", "label": "Date published" @@ -3002,7 +3254,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3020,6 +3272,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-07-07T20:55:34Z", "label": "Date published" @@ -3049,7 +3305,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3069,6 +3325,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-09-14T16:17:27Z", "label": "Date published" @@ -3098,7 +3358,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3120,6 +3380,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-11-04T17:50:24Z", "label": "Date published" @@ -3149,7 +3413,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3167,6 +3431,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-07-10T21:52:39Z", "label": "Date published" @@ -3196,7 +3464,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3214,6 +3482,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-10T15:43:22Z", "label": "Date published" @@ -3243,7 +3515,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3263,6 +3535,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-09-14T16:16:00Z", "label": "Date published" @@ -3292,7 +3568,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3313,6 +3589,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-10-12T17:33:00Z", "label": "Date published" @@ -3342,7 +3622,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3360,6 +3640,10 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "", "label": "Date published" @@ -3388,7 +3672,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3406,6 +3690,10 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "", "label": "Date published" @@ -3434,7 +3722,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3452,6 +3740,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-02-09T22:57:29Z", "label": "Date published" @@ -3481,7 +3773,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3499,6 +3791,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-02-10T23:05:04Z", "label": "Date published" @@ -3528,7 +3824,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3546,6 +3842,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-05T16:13:36Z", "label": "Date published" @@ -3575,7 +3875,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3593,6 +3893,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-03T23:40:23Z", "label": "Date published" @@ -3622,7 +3926,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3640,6 +3944,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-03-05T00:00:45Z", "label": "Date published" @@ -3669,7 +3977,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3688,6 +3996,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-07-07T20:55:40Z", "label": "Date published" @@ -3717,7 +4029,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3735,6 +4047,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-10-10T21:28:24Z", "label": "Date published" @@ -3764,7 +4080,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3782,6 +4098,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2024-02-26T20:13:46Z", "label": "Date published" @@ -3811,7 +4131,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3829,6 +4149,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-10-10T21:16:23Z", "label": "Date published" @@ -3858,7 +4182,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3878,6 +4202,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2018-10-18T18:06:08Z", "label": "Date published" @@ -3907,7 +4235,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3925,6 +4253,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-10-24T01:49:09Z", "label": "Date published" @@ -3954,7 +4286,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3972,6 +4304,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-01-06T23:55:09Z", "label": "Date published" @@ -4001,7 +4337,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -4021,6 +4357,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-01-21T23:07:39Z", "label": "Date published" @@ -4050,13 +4390,13 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "Component Summary\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] } ], - "sha256": "d547c818aee4fc72cd640de501c635493af622d5a75e15e3fca9f213727c9f88" + "sha256": "b90c78f4c0936df3350a3460489cbc98ebb18a6edc000f68bf7f9f951ba54404" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index b2f69bde81..af00fb91ff 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -36,6 +36,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-03-25T17:04:19Z", "label": "Date published" @@ -65,7 +69,7 @@ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- hashes: [\n {\n alg: MD5,\n content: 361459dd415a18e4750b7fa0cdd9e747\n },\n {\n alg: SHA-1,\n content: 2e3014320a8005e3f3c1800cb246ed42db8cab81\n },\n {\n alg: SHA-256,\n content: 490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\n },\n {\n alg: SHA-512,\n content: f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\n },\n {\n alg: SHA3-256,\n content: 182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\n },\n {\n alg: SHA3-512,\n content: 245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\n- externalReferences: [\n {\n type: build-system,\n url: https://travis-ci.org/google/guava\n },\n {\n type: issue-tracker,\n url: https://github.com/google/guava/issues\n },\n {\n type: vcs,\n url: https://github.com/google/guava\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -86,6 +90,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-06-14T18:30:38Z", "label": "Date published" @@ -115,7 +123,7 @@ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- hashes: [\n {\n alg: MD5,\n content: 361459dd415a18e4750b7fa0cdd9e747\n },\n {\n alg: SHA-1,\n content: 2e3014320a8005e3f3c1800cb246ed42db8cab81\n },\n {\n alg: SHA-256,\n content: 490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\n },\n {\n alg: SHA-512,\n content: f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\n },\n {\n alg: SHA3-256,\n content: 182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\n },\n {\n alg: SHA3-512,\n content: 245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\n- externalReferences: [\n {\n type: build-system,\n url: https://travis-ci.org/google/guava\n },\n {\n type: issue-tracker,\n url: https://github.com/google/guava/issues\n },\n {\n type: vcs,\n url: https://github.com/google/guava\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -133,6 +141,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T21:08:40Z", "label": "Date published" @@ -162,7 +174,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -180,6 +192,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:44Z", "label": "Date published" @@ -209,7 +225,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -227,6 +243,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-10T21:12:41Z", "label": "Date published" @@ -256,7 +276,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -274,6 +294,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:50Z", "label": "Date published" @@ -303,7 +327,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -321,6 +345,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T20:19:02Z", "label": "Date published" @@ -350,7 +378,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -368,6 +396,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:47Z", "label": "Date published" @@ -397,7 +429,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -415,6 +447,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:54Z", "label": "Date published" @@ -444,7 +480,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -462,6 +498,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T21:36:03Z", "label": "Date published" @@ -491,7 +531,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -509,6 +549,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T16:32:59Z", "label": "Date published" @@ -538,7 +582,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -556,6 +600,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:50Z", "label": "Date published" @@ -585,7 +633,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -603,6 +651,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:43Z", "label": "Date published" @@ -632,7 +684,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -650,6 +702,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:46Z", "label": "Date published" @@ -679,7 +735,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -697,6 +753,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:48Z", "label": "Date published" @@ -726,7 +786,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -744,6 +804,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-03-04T20:52:14Z", "label": "Date published" @@ -773,7 +837,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -791,6 +855,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-07-15T19:41:47Z", "label": "Date published" @@ -820,7 +888,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -838,6 +906,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2019-11-13T00:32:27Z", "label": "Date published" @@ -867,7 +939,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -885,6 +957,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2019-11-13T00:32:38Z", "label": "Date published" @@ -914,7 +990,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -932,6 +1008,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2019-10-28T20:51:15Z", "label": "Date published" @@ -961,7 +1041,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -979,6 +1059,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:59:10Z", "label": "Date published" @@ -1008,7 +1092,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1026,6 +1110,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:59:01Z", "label": "Date published" @@ -1055,7 +1143,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1074,6 +1162,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:14:51Z", "label": "Date published" @@ -1103,7 +1195,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1121,6 +1213,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:36Z", "label": "Date published" @@ -1150,7 +1246,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1168,6 +1264,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:02Z", "label": "Date published" @@ -1197,7 +1297,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1215,6 +1315,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:26Z", "label": "Date published" @@ -1244,7 +1348,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1262,6 +1366,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-11-19T20:13:06Z", "label": "Date published" @@ -1291,7 +1399,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1309,6 +1417,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:51Z", "label": "Date published" @@ -1338,7 +1450,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1356,6 +1468,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:59Z", "label": "Date published" @@ -1385,7 +1501,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1403,6 +1519,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:42Z", "label": "Date published" @@ -1432,7 +1552,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1450,6 +1570,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:10Z", "label": "Date published" @@ -1479,7 +1603,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1497,6 +1621,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:54Z", "label": "Date published" @@ -1526,7 +1654,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1544,6 +1672,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:46Z", "label": "Date published" @@ -1573,7 +1705,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1591,6 +1723,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:18Z", "label": "Date published" @@ -1620,7 +1756,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1638,6 +1774,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:34Z", "label": "Date published" @@ -1667,7 +1807,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1685,6 +1825,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:24Z", "label": "Date published" @@ -1714,7 +1858,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1732,6 +1876,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:00Z", "label": "Date published" @@ -1761,7 +1909,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1780,6 +1928,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:11Z", "label": "Date published" @@ -1809,7 +1961,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1828,6 +1980,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -1857,7 +2013,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1875,6 +2031,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-01-20T21:20:15Z", "label": "Date published" @@ -1904,7 +2064,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1922,6 +2082,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-03-12T00:00:36Z", "label": "Date published" @@ -1951,7 +2115,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1969,6 +2133,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-02-18T20:51:54Z", "label": "Date published" @@ -1998,7 +2166,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2016,6 +2184,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-03-04T20:52:11Z", "label": "Date published" @@ -2045,7 +2217,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2064,6 +2236,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -2093,7 +2269,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2111,6 +2287,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:59:04Z", "label": "Date published" @@ -2140,7 +2320,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2160,6 +2340,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-10T18:42:20Z", "label": "Date published" @@ -2189,7 +2373,7 @@ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15\n- hashes: [\n {\n alg: MD5,\n content: 0557207f6f05c684958ff0c524ed97de\n },\n {\n alg: SHA-1,\n content: d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\n },\n {\n alg: SHA-256,\n content: 6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\n },\n {\n alg: SHA-512,\n content: e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\n },\n {\n alg: SHA3-256,\n content: 95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\n },\n {\n alg: SHA3-512,\n content: 39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\n }\n]\n- purl: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "message": "-Component Summary-\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15", "start_time": "" } ] @@ -2209,6 +2393,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-02-24T17:27:27Z", "label": "Date published" @@ -2238,7 +2426,7 @@ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15\n- hashes: [\n {\n alg: MD5,\n content: 0557207f6f05c684958ff0c524ed97de\n },\n {\n alg: SHA-1,\n content: d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\n },\n {\n alg: SHA-256,\n content: 6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\n },\n {\n alg: SHA-512,\n content: e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\n },\n {\n alg: SHA3-256,\n content: 95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\n },\n {\n alg: SHA3-512,\n content: 39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\n }\n]\n- purl: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "message": "-Component Summary-\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15", "start_time": "" } ] @@ -2258,6 +2446,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-04T21:37:45Z", "label": "Date published" @@ -2287,7 +2479,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2306,6 +2498,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2335,7 +2531,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2354,6 +2550,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-11-11T19:00:31Z", "label": "Date published" @@ -2383,7 +2583,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2402,6 +2602,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2431,7 +2635,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2450,6 +2654,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2479,7 +2687,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2498,6 +2706,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2527,7 +2739,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2546,6 +2758,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-08-31T00:00:24Z", "label": "Date published" @@ -2575,7 +2791,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2594,6 +2810,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-12-12T21:19:47Z", "label": "Date published" @@ -2623,7 +2843,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2641,6 +2861,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-17T20:00:50Z", "label": "Date published" @@ -2670,7 +2894,7 @@ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- hashes: [\n {\n alg: MD5,\n content: 841fc80c6edff60d947a3872a2db4d45\n },\n {\n alg: SHA-1,\n content: 864344400c3d4d92dfeb0a305dc87d953677c03c\n },\n {\n alg: SHA-256,\n content: 5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\n },\n {\n alg: SHA-512,\n content: bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\n },\n {\n alg: SHA3-256,\n content: 7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\n },\n {\n alg: SHA3-512,\n content: 76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.qos.ch\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: vcs,\n url: https://github.com/ceki/logback\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -2688,6 +2912,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-11-29T12:30:16Z", "label": "Date published" @@ -2717,13 +2945,13 @@ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- hashes: [\n {\n alg: MD5,\n content: 841fc80c6edff60d947a3872a2db4d45\n },\n {\n alg: SHA-1,\n content: 864344400c3d4d92dfeb0a305dc87d953677c03c\n },\n {\n alg: SHA-256,\n content: 5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\n },\n {\n alg: SHA-512,\n content: bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\n },\n {\n alg: SHA3-256,\n content: 7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\n },\n {\n alg: SHA3-512,\n content: 76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.qos.ch\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: vcs,\n url: https://github.com/ceki/logback\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n- group: ch.qos.logback\n- name: logback-classic\n- version: 1.2.3\n- description: logback-classic module\n- hashes: [\n {\n alg: MD5,\n content: 64f7a68f931aed8e5ad8243470440f0b\n },\n {\n alg: SHA-1,\n content: 7c4f3c474fb2c041d8028740440937705ebb473a\n },\n {\n alg: SHA-256,\n content: fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0\n },\n {\n alg: SHA-512,\n content: 9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1\n },\n {\n alg: SHA3-256,\n content: 7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24\n },\n {\n alg: SHA3-512,\n content: 0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.qos.ch\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: vcs,\n url: https://github.com/ceki/logback\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n- group: ch.qos.logback\n- name: logback-classic\n- version: 1.2.3\n- description: logback-classic module\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -2741,6 +2969,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-03-10T03:46:47Z", "label": "Date published" @@ -2770,7 +3002,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2788,6 +3020,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-23T20:23:04Z", "label": "Date published" @@ -2817,7 +3053,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2837,6 +3073,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-04-06T17:31:30Z", "label": "Date published" @@ -2866,7 +3106,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2884,6 +3124,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-04-18T22:19:57Z", "label": "Date published" @@ -2913,7 +3157,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2932,6 +3176,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-04-19T18:15:45Z", "label": "Date published" @@ -2961,7 +3209,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2979,6 +3227,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-12-02T18:28:18Z", "label": "Date published" @@ -3008,7 +3260,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3026,6 +3278,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-07-07T20:55:34Z", "label": "Date published" @@ -3055,7 +3311,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 0f5299204d64fb561a8062f594185dc6\n },\n {\n alg: SHA-1,\n content: c2e73db2db5c369326b717da71b6587b3da11e0e\n },\n {\n alg: SHA-256,\n content: a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\n },\n {\n alg: SHA-512,\n content: 93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\n },\n {\n alg: SHA3-256,\n content: 84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\n },\n {\n alg: SHA3-512,\n content: 08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3075,6 +3331,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-09-14T16:17:27Z", "label": "Date published" @@ -3104,7 +3364,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 0f5299204d64fb561a8062f594185dc6\n },\n {\n alg: SHA-1,\n content: c2e73db2db5c369326b717da71b6587b3da11e0e\n },\n {\n alg: SHA-256,\n content: a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\n },\n {\n alg: SHA-512,\n content: 93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\n },\n {\n alg: SHA3-256,\n content: 84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\n },\n {\n alg: SHA3-512,\n content: 08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3126,6 +3386,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-11-04T17:50:24Z", "label": "Date published" @@ -3155,7 +3419,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n- group: org.eclipse.jetty\n- name: jetty-webapp\n- version: 9.4.18.v20190429\n- description: Jetty web application support\n- hashes: [\n {\n alg: MD5,\n content: 044d3037d9a5b94c8ed938d89045e06b\n },\n {\n alg: SHA-1,\n content: 9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d\n },\n {\n alg: SHA-256,\n content: 3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125\n },\n {\n alg: SHA-512,\n content: 09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea\n },\n {\n alg: SHA3-256,\n content: a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4\n },\n {\n alg: SHA3-512,\n content: c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n- group: org.eclipse.jetty\n- name: jetty-webapp\n- version: 9.4.18.v20190429\n- description: Jetty web application support\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3173,6 +3437,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-07-10T21:52:39Z", "label": "Date published" @@ -3202,7 +3470,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n- group: org.eclipse.jetty\n- name: jetty-xml\n- version: 9.4.18.v20190429\n- description: The jetty xml utilities.\n- hashes: [\n {\n alg: MD5,\n content: 637f8a266afa4cb043e1d142c7cacb33\n },\n {\n alg: SHA-1,\n content: dcd2806ee48e646fd4dcff81c7c6867fea2b52e8\n },\n {\n alg: SHA-256,\n content: 2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6\n },\n {\n alg: SHA-512,\n content: f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206\n },\n {\n alg: SHA3-256,\n content: acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940\n },\n {\n alg: SHA3-512,\n content: 53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n- group: org.eclipse.jetty\n- name: jetty-xml\n- version: 9.4.18.v20190429\n- description: The jetty xml utilities.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3220,6 +3488,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-10T15:43:22Z", "label": "Date published" @@ -3249,7 +3521,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- hashes: [\n {\n alg: MD5,\n content: ed9e6c52ea1c28d92b81bf5c4cff5e22\n },\n {\n alg: SHA-1,\n content: e5d174950a44c8f93e27cc2528eff5a6b55da2f3\n },\n {\n alg: SHA-256,\n content: 134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\n },\n {\n alg: SHA-512,\n content: ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\n },\n {\n alg: SHA3-256,\n content: 843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\n },\n {\n alg: SHA3-512,\n content: 7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3269,6 +3541,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-09-14T16:16:00Z", "label": "Date published" @@ -3298,7 +3574,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- hashes: [\n {\n alg: MD5,\n content: ed9e6c52ea1c28d92b81bf5c4cff5e22\n },\n {\n alg: SHA-1,\n content: e5d174950a44c8f93e27cc2528eff5a6b55da2f3\n },\n {\n alg: SHA-256,\n content: 134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\n },\n {\n alg: SHA-512,\n content: ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\n },\n {\n alg: SHA3-256,\n content: 843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\n },\n {\n alg: SHA3-512,\n content: 7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3319,6 +3595,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-10-12T17:33:00Z", "label": "Date published" @@ -3348,7 +3628,7 @@ { "status": "failed", "code_desc": "Component junit/junit@4.12 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n- group: junit\n- name: junit\n- version: 4.12\n- description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n- hashes: [\n {\n alg: MD5,\n content: 5b38c40c97fbd0adee29f91e60405584\n },\n {\n alg: SHA-1,\n content: 2973d150c0dc1fefe998f834810d68f278ea58ec\n },\n {\n alg: SHA-256,\n content: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a\n },\n {\n alg: SHA-512,\n content: 5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce\n },\n {\n alg: SHA3-256,\n content: 02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a\n },\n {\n alg: SHA3-512,\n content: 9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.eclipse.org/legal/epl-v10.html\n }\n }\n]\n- purl: pkg:maven/junit/junit@4.12?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.junit.org\n },\n {\n type: build-system,\n url: https://junit.ci.cloudbees.com/\n },\n {\n type: distribution,\n url: https://github.com/junit-team/junit/wiki/Download-and-Install\n },\n {\n type: issue-tracker,\n url: https://github.com/junit-team/junit/issues\n },\n {\n type: mailing-list,\n url: https://groups.yahoo.com/neo/groups/junit/info\n },\n {\n type: vcs,\n url: http://github.com/junit-team/junit/tree/master\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n- group: junit\n- name: junit\n- version: 4.12\n- description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.eclipse.org/legal/epl-v10.html\n }\n }\n]", "start_time": "" } ] @@ -3366,6 +3646,10 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "", "label": "Date published" @@ -3394,7 +3678,7 @@ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- hashes: [\n {\n alg: MD5,\n content: 3038371407163c76c89749c3a7c458b0\n },\n {\n alg: SHA-1,\n content: 8fea78fea6449e1738b675cb155ce8422661e237\n },\n {\n alg: SHA-256,\n content: 69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\n },\n {\n alg: SHA-512,\n content: 20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\n },\n {\n alg: SHA3-256,\n content: fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\n },\n {\n alg: SHA3-512,\n content: 50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\n- externalReferences: [\n {\n type: distribution,\n url: https://api.bintray.com/maven/raphw/maven/ByteBuddy\n },\n {\n type: issue-tracker,\n url: https://github.com/raphw/byte-buddy/issues\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3412,6 +3696,10 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "", "label": "Date published" @@ -3440,7 +3728,7 @@ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- hashes: [\n {\n alg: MD5,\n content: 3038371407163c76c89749c3a7c458b0\n },\n {\n alg: SHA-1,\n content: 8fea78fea6449e1738b675cb155ce8422661e237\n },\n {\n alg: SHA-256,\n content: 69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\n },\n {\n alg: SHA-512,\n content: 20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\n },\n {\n alg: SHA3-256,\n content: fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\n },\n {\n alg: SHA3-512,\n content: 50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\n- externalReferences: [\n {\n type: distribution,\n url: https://api.bintray.com/maven/raphw/maven/ByteBuddy\n },\n {\n type: issue-tracker,\n url: https://github.com/raphw/byte-buddy/issues\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3458,6 +3746,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-02-09T22:57:29Z", "label": "Date published" @@ -3487,7 +3779,7 @@ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- hashes: [\n {\n alg: MD5,\n content: a5e6ac320c1b5fd739d213dc050cfc29\n },\n {\n alg: SHA-1,\n content: c1861a015d47f55ffc6cb120216d17af177e0b90\n },\n {\n alg: SHA-256,\n content: 4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\n },\n {\n alg: SHA-512,\n content: 1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\n },\n {\n alg: SHA3-256,\n content: ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\n },\n {\n alg: SHA3-512,\n content: 4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\n }\n]\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://hibernate.org\n },\n {\n type: issue-tracker,\n url: https://hibernate.atlassian.net/browse/HHH\n },\n {\n type: vcs,\n url: http://github.com/hibernate/hibernate-orm\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -3505,6 +3797,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-02-10T23:05:04Z", "label": "Date published" @@ -3534,7 +3830,7 @@ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- hashes: [\n {\n alg: MD5,\n content: a5e6ac320c1b5fd739d213dc050cfc29\n },\n {\n alg: SHA-1,\n content: c1861a015d47f55ffc6cb120216d17af177e0b90\n },\n {\n alg: SHA-256,\n content: 4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\n },\n {\n alg: SHA-512,\n content: 1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\n },\n {\n alg: SHA3-256,\n content: ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\n },\n {\n alg: SHA3-512,\n content: 4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\n }\n]\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://hibernate.org\n },\n {\n type: issue-tracker,\n url: https://hibernate.atlassian.net/browse/HHH\n },\n {\n type: vcs,\n url: http://github.com/hibernate/hibernate-orm\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -3552,6 +3848,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-05T16:13:36Z", "label": "Date published" @@ -3581,7 +3881,7 @@ { "status": "failed", "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n- group: org.dom4j\n- name: dom4j\n- version: 2.1.1\n- description: flexible XML framework for Java\n- hashes: [\n {\n alg: MD5,\n content: f5710c1d5f5627ae5ce850a0b12ea87a\n },\n {\n alg: SHA-1,\n content: 3dce5dbb3571aa820c677fadd8349bfa8f00c199\n },\n {\n alg: SHA-256,\n content: a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128\n },\n {\n alg: SHA-512,\n content: 547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1\n },\n {\n alg: SHA3-256,\n content: e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90\n },\n {\n alg: SHA3-512,\n content: 00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959\n }\n]\n- licenses: [\n {\n license: {\n name: BSD 3-clause New License,\n url: https://github.com/dom4j/dom4j/blob/master/LICENSE\n }\n }\n]\n- purl: pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", + "message": "-Component Summary-\n- type: library\n- bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n- group: org.dom4j\n- name: dom4j\n- version: 2.1.1\n- description: flexible XML framework for Java\n- licenses: [\n {\n license: {\n name: BSD 3-clause New License,\n url: https://github.com/dom4j/dom4j/blob/master/LICENSE\n }\n }\n]", "start_time": "" } ] @@ -3599,6 +3899,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-03T23:40:23Z", "label": "Date published" @@ -3628,7 +3932,7 @@ { "status": "failed", "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n- group: org.apache.httpcomponents\n- name: httpclient\n- version: 4.5.7\n- description: Apache HttpComponents Client\n- hashes: [\n {\n alg: MD5,\n content: deed71468af21d6f0cf02bf853ac02ec\n },\n {\n alg: SHA-1,\n content: dda059f4908e1b548b7ba68d81a3b05897f27cb0\n },\n {\n alg: SHA-256,\n content: 807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330\n },\n {\n alg: SHA-512,\n content: 459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac\n },\n {\n alg: SHA3-256,\n content: 9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8\n },\n {\n alg: SHA3-512,\n content: f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.apache.org/\n },\n {\n type: issue-tracker,\n url: http://issues.apache.org/jira/browse/HTTPCLIENT\n },\n {\n type: mailing-list,\n url: http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/\n },\n {\n type: distribution,\n url: https://repository.apache.org/service/local/staging/deploy/maven2\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n- group: org.apache.httpcomponents\n- name: httpclient\n- version: 4.5.7\n- description: Apache HttpComponents Client\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3646,6 +3950,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-03-05T00:00:45Z", "label": "Date published" @@ -3675,7 +3983,7 @@ { "status": "failed", "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n- group: org.liquibase\n- name: liquibase-core\n- version: 3.6.3\n- description: Liquibase is a tool for managing and executing database changes.\n- hashes: [\n {\n alg: MD5,\n content: 455a827f017027c276fdfc1ec0bba595\n },\n {\n alg: SHA-1,\n content: 737c5a4fac26ee760d016923c83481ff933e4875\n },\n {\n alg: SHA-256,\n content: e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d\n },\n {\n alg: SHA-512,\n content: a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b\n },\n {\n alg: SHA3-256,\n content: 6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8\n },\n {\n alg: SHA3-512,\n content: 1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.liquibase.org\n },\n {\n type: build-system,\n url: https://circleci.com/gh/liquibase/liquibase/tree/master\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2\n },\n {\n type: issue-tracker,\n url: http://liquibase.jira.com/browse/CORE\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n- group: org.liquibase\n- name: liquibase-core\n- version: 3.6.3\n- description: Liquibase is a tool for managing and executing database changes.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3694,6 +4002,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-07-07T20:55:40Z", "label": "Date published" @@ -3723,7 +4035,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 9c82833f49671905299a1a0d0edc031d\n },\n {\n alg: SHA-1,\n content: 6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\n },\n {\n alg: SHA-256,\n content: 99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\n },\n {\n alg: SHA-512,\n content: 49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\n },\n {\n alg: SHA3-256,\n content: 866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\n },\n {\n alg: SHA3-512,\n content: 447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3741,6 +4053,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-10-10T21:28:24Z", "label": "Date published" @@ -3770,13 +4086,13 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 9c82833f49671905299a1a0d0edc031d\n },\n {\n alg: SHA-1,\n content: 6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\n },\n {\n alg: SHA-256,\n content: 99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\n },\n {\n alg: SHA-512,\n content: 49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\n },\n {\n alg: SHA3-256,\n content: 866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\n },\n {\n alg: SHA3-512,\n content: 447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: d4f0dede20f81acfb53f97c01fae71cf\n },\n {\n alg: SHA-1,\n content: 6e3306d394aaaf41876220a818fb639faf5963b0\n },\n {\n alg: SHA-256,\n content: d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601\n },\n {\n alg: SHA-512,\n content: 79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4\n },\n {\n alg: SHA3-256,\n content: edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451\n },\n {\n alg: SHA3-512,\n content: 4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3794,6 +4110,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2024-02-26T20:13:46Z", "label": "Date published" @@ -3823,7 +4143,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: d4f0dede20f81acfb53f97c01fae71cf\n },\n {\n alg: SHA-1,\n content: 6e3306d394aaaf41876220a818fb639faf5963b0\n },\n {\n alg: SHA-256,\n content: d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601\n },\n {\n alg: SHA-512,\n content: 79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4\n },\n {\n alg: SHA3-256,\n content: edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451\n },\n {\n alg: SHA3-512,\n content: 4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3841,6 +4161,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-10-10T21:16:23Z", "label": "Date published" @@ -3870,7 +4194,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n- group: org.eclipse.jetty.http2\n- name: http2-hpack\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 0323c6dd472c456a99d068f171cbd661\n },\n {\n alg: SHA-1,\n content: aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87\n },\n {\n alg: SHA-256,\n content: 7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf\n },\n {\n alg: SHA-512,\n content: 075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd\n },\n {\n alg: SHA3-256,\n content: f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636\n },\n {\n alg: SHA3-512,\n content: efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n- group: org.eclipse.jetty.http2\n- name: http2-hpack\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3890,6 +4214,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2018-10-18T18:06:08Z", "label": "Date published" @@ -3919,7 +4247,7 @@ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- hashes: [\n {\n alg: MD5,\n content: 1a2a6feac205524a636c06d86af2df2c\n },\n {\n alg: SHA-1,\n content: c442f6501595a6fb9c029409eca94888cc9a3106\n },\n {\n alg: SHA-256,\n content: fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\n },\n {\n alg: SHA-512,\n content: 8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\n },\n {\n alg: SHA3-256,\n content: 4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\n },\n {\n alg: SHA3-512,\n content: a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\n }\n]\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]\n- purl: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.rabbitmq.com\n },\n {\n type: vcs,\n url: https://github.com/rabbitmq/rabbitmq-java-client\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", "start_time": "" } ] @@ -3937,6 +4265,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-10-24T01:49:09Z", "label": "Date published" @@ -3966,7 +4298,7 @@ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- hashes: [\n {\n alg: MD5,\n content: 1a2a6feac205524a636c06d86af2df2c\n },\n {\n alg: SHA-1,\n content: c442f6501595a6fb9c029409eca94888cc9a3106\n },\n {\n alg: SHA-256,\n content: fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\n },\n {\n alg: SHA-512,\n content: 8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\n },\n {\n alg: SHA3-256,\n content: 4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\n },\n {\n alg: SHA3-512,\n content: a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\n }\n]\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]\n- purl: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.rabbitmq.com\n },\n {\n type: vcs,\n url: https://github.com/rabbitmq/rabbitmq-java-client\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", "start_time": "" } ] @@ -3984,6 +4316,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-01-06T23:55:09Z", "label": "Date published" @@ -4013,7 +4349,7 @@ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- hashes: [\n {\n alg: MD5,\n content: f9893acfa22b7fe1492dd9c515af2e5b\n },\n {\n alg: SHA-1,\n content: bb391050048ca8ae3e32451b5a3714ecd3596a46\n },\n {\n alg: SHA-256,\n content: 37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\n },\n {\n alg: SHA-512,\n content: aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\n },\n {\n alg: SHA3-256,\n content: ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\n },\n {\n alg: SHA3-512,\n content: 1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\n }\n]\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]\n- purl: pkg:maven/com.h2database/h2@1.4.197?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: https://github.com/h2database/h2database\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", "start_time": "" } ] @@ -4033,6 +4369,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-01-21T23:07:39Z", "label": "Date published" @@ -4062,13 +4402,13 @@ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- hashes: [\n {\n alg: MD5,\n content: f9893acfa22b7fe1492dd9c515af2e5b\n },\n {\n alg: SHA-1,\n content: bb391050048ca8ae3e32451b5a3714ecd3596a46\n },\n {\n alg: SHA-256,\n content: 37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\n },\n {\n alg: SHA-512,\n content: aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\n },\n {\n alg: SHA3-256,\n content: ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\n },\n {\n alg: SHA3-512,\n content: 1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\n }\n]\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]\n- purl: pkg:maven/com.h2database/h2@1.4.197?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: https://github.com/h2database/h2database\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", "start_time": "" } ] } ], - "sha256": "47d6baff3f650950cb7e0dec0c43a91f6c0c73c42c1cd0a7db431aa7e43ae781" + "sha256": "fd192eaedaa13c9ad50248bfc57c44535dd8fe55aad9fa822e260b46976959a5" } ], "passthrough": { @@ -4190,6 +4530,10 @@ "type": "vcs", "url": "https://github.com/rabbitmq/rabbitmq-java-client" } + ], + "affectingVulnerabilities": [ + "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a" ] }, { @@ -4625,6 +4969,10 @@ "type": "issue-tracker", "url": "https://github.com/raphw/byte-buddy/issues" } + ], + "affectingVulnerabilities": [ + "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" ] }, { @@ -5149,7 +5497,10 @@ } } ], - "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", + "affectingVulnerabilities": [ + "55ebe39e-12f6-4360-aeba-9913ef7efb68" + ] }, { "type": "library", @@ -5897,7 +6248,11 @@ "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" } ], - "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "affectingVulnerabilities": [ + "f2fa9b19-418a-4901-9840-a8631227701e", + "00bc944f-fead-400b-8bbd-0c5b56ba2b14" + ] }, { "type": "library", @@ -6227,6 +6582,10 @@ "type": "distribution", "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" } + ], + "affectingVulnerabilities": [ + "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "bb03c210-ea12-450d-85df-17d81a75ede2" ] }, { @@ -6276,6 +6635,10 @@ "type": "vcs", "url": "https://github.com/h2database/h2database" } + ], + "affectingVulnerabilities": [ + "815a1358-2bd4-4028-bd3e-8219747c78f6", + "c8a50465-16df-44e0-84e9-7acff5870a51" ] }, { @@ -6438,6 +6801,10 @@ "type": "vcs", "url": "http://github.com/hibernate/hibernate-orm" } + ], + "affectingVulnerabilities": [ + "1f182b73-afb8-424c-8e08-533a0f702076", + "8ba20df5-3877-4825-a8f2-b52e2d2f86d8" ] }, { @@ -6786,6 +7153,10 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "affa7af3-427f-4223-8028-d9ac45e80e08" ] }, { @@ -6850,6 +7221,9 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9" ] }, { @@ -6914,6 +7288,10 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "affa7af3-427f-4223-8028-d9ac45e80e08" ] }, { @@ -6974,6 +7352,9 @@ "type": "distribution", "url": "https://repository.apache.org/service/local/staging/deploy/maven2" } + ], + "affectingVulnerabilities": [ + "8c0002e8-9326-40f7-9209-51020755ff02" ] }, { @@ -7254,6 +7635,51 @@ "type": "distribution", "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" } + ], + "affectingVulnerabilities": [ + "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "343cd240-f667-4770-aecf-ddc11f9d0172", + "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "97981cb2-9228-4b8b-a172-ad12f550a19f", + "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "c037af59-a132-4727-8cc3-c6095c490df7", + "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "e141c668-bc18-4738-b3b6-e7ba1057d124", + "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "3ad04380-a25c-41d8-8fad-259c2561795b", + "86f78c35-adfb-48e4-9428-88084373e1c0", + "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "00033bff-66dc-4a36-ab38-a10b0625409f", + "14e2856b-f78d-4a6d-99eb-470c8566df29", + "c224f923-be9a-4faa-a930-ef4db611bc2b", + "5201940b-1f04-4668-ae86-8261448d817d", + "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "950cff67-088e-4f41-9818-25943c9e17c0", + "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "9edaa51d-929b-457e-aab5-0fffecdb4938", + "6d5189b4-d549-419a-b886-43a62cc43d40", + "135c6dab-529e-4855-ab72-a0138e2110c8", + "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "5c0b94e1-0577-42c9-8028-f244d68f61da" ] }, { @@ -10140,6 +10566,10 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "c19b779d-2699-44de-a189-a0d18d8dc953", + "a2897b13-bdeb-4a6c-802e-abf09fef10a9" ] }, { @@ -10332,6 +10762,14 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6" ] }, { @@ -10460,6 +10898,10 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "d8add710-4eed-448d-b198-ecff8ffe86ea", + "123b8eaf-5572-4945-975d-21ed3c2f101d" ] }, { @@ -10652,6 +11094,9 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442" ] }, { @@ -10716,6 +11161,9 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "76910119-ee18-4144-855b-b2fdab20e33c" ] }, { @@ -11112,6 +11560,9 @@ "type": "vcs", "url": "http://github.com/junit-team/junit/tree/master" } + ], + "affectingVulnerabilities": [ + "499117ae-d134-4505-8674-ed498531e7a9" ] }, { @@ -11368,6 +11819,9 @@ "type": "issue-tracker", "url": "http://liquibase.jira.com/browse/CORE" } + ], + "affectingVulnerabilities": [ + "7b0674fc-e326-47d0-b34b-b5bfb523784b" ] }, { @@ -11588,6 +12042,9 @@ "type": "vcs", "url": "https://github.com/ceki/logback" } + ], + "affectingVulnerabilities": [ + "0d58391c-d0fe-4b46-8f8d-6a49db7fb354" ] }, { @@ -11645,6 +12102,10 @@ "type": "vcs", "url": "https://github.com/ceki/logback" } + ], + "affectingVulnerabilities": [ + "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "0d58391c-d0fe-4b46-8f8d-6a49db7fb354" ] }, { @@ -12870,6 +13331,16 @@ "type": "vcs", "url": "https://bitbucket.org/asomov/snakeyaml/src" } + ], + "affectingVulnerabilities": [ + "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "5ab41975-23cc-45e0-9a13-be603ea00595", + "dff65990-715e-4f71-aace-60d4436af108", + "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "38c08d91-3487-44c4-b258-d5a274a4ad05", + "da9ea5d3-a3c2-4d1b-8425-a799e47a804f" ] }, { @@ -14257,6 +14728,10 @@ "type": "vcs", "url": "https://github.com/rabbitmq/rabbitmq-java-client" } + ], + "affectingVulnerabilities": [ + "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a" ] }, { @@ -14692,6 +15167,10 @@ "type": "issue-tracker", "url": "https://github.com/raphw/byte-buddy/issues" } + ], + "affectingVulnerabilities": [ + "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" ] }, { @@ -15216,7 +15695,10 @@ } } ], - "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", + "affectingVulnerabilities": [ + "55ebe39e-12f6-4360-aeba-9913ef7efb68" + ] }, { "type": "library", @@ -15964,7 +16446,11 @@ "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" } ], - "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "affectingVulnerabilities": [ + "f2fa9b19-418a-4901-9840-a8631227701e", + "00bc944f-fead-400b-8bbd-0c5b56ba2b14" + ] }, { "type": "library", @@ -16294,6 +16780,10 @@ "type": "distribution", "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" } + ], + "affectingVulnerabilities": [ + "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "bb03c210-ea12-450d-85df-17d81a75ede2" ] }, { @@ -16343,6 +16833,10 @@ "type": "vcs", "url": "https://github.com/h2database/h2database" } + ], + "affectingVulnerabilities": [ + "815a1358-2bd4-4028-bd3e-8219747c78f6", + "c8a50465-16df-44e0-84e9-7acff5870a51" ] }, { @@ -16505,6 +16999,10 @@ "type": "vcs", "url": "http://github.com/hibernate/hibernate-orm" } + ], + "affectingVulnerabilities": [ + "1f182b73-afb8-424c-8e08-533a0f702076", + "8ba20df5-3877-4825-a8f2-b52e2d2f86d8" ] }, { @@ -16853,6 +17351,10 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "affa7af3-427f-4223-8028-d9ac45e80e08" ] }, { @@ -16917,6 +17419,9 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9" ] }, { @@ -16981,6 +17486,10 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "affa7af3-427f-4223-8028-d9ac45e80e08" ] }, { @@ -17041,6 +17550,9 @@ "type": "distribution", "url": "https://repository.apache.org/service/local/staging/deploy/maven2" } + ], + "affectingVulnerabilities": [ + "8c0002e8-9326-40f7-9209-51020755ff02" ] }, { @@ -17321,6 +17833,51 @@ "type": "distribution", "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" } + ], + "affectingVulnerabilities": [ + "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "343cd240-f667-4770-aecf-ddc11f9d0172", + "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "97981cb2-9228-4b8b-a172-ad12f550a19f", + "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "c037af59-a132-4727-8cc3-c6095c490df7", + "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "e141c668-bc18-4738-b3b6-e7ba1057d124", + "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "3ad04380-a25c-41d8-8fad-259c2561795b", + "86f78c35-adfb-48e4-9428-88084373e1c0", + "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "00033bff-66dc-4a36-ab38-a10b0625409f", + "14e2856b-f78d-4a6d-99eb-470c8566df29", + "c224f923-be9a-4faa-a930-ef4db611bc2b", + "5201940b-1f04-4668-ae86-8261448d817d", + "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "950cff67-088e-4f41-9818-25943c9e17c0", + "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "9edaa51d-929b-457e-aab5-0fffecdb4938", + "6d5189b4-d549-419a-b886-43a62cc43d40", + "135c6dab-529e-4855-ab72-a0138e2110c8", + "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "5c0b94e1-0577-42c9-8028-f244d68f61da" ] }, { @@ -20207,6 +20764,10 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "c19b779d-2699-44de-a189-a0d18d8dc953", + "a2897b13-bdeb-4a6c-802e-abf09fef10a9" ] }, { @@ -20399,6 +20960,14 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6" ] }, { @@ -20527,6 +21096,10 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "d8add710-4eed-448d-b198-ecff8ffe86ea", + "123b8eaf-5572-4945-975d-21ed3c2f101d" ] }, { @@ -20719,6 +21292,9 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442" ] }, { @@ -20783,6 +21359,9 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "76910119-ee18-4144-855b-b2fdab20e33c" ] }, { @@ -21179,6 +21758,9 @@ "type": "vcs", "url": "http://github.com/junit-team/junit/tree/master" } + ], + "affectingVulnerabilities": [ + "499117ae-d134-4505-8674-ed498531e7a9" ] }, { @@ -21435,6 +22017,9 @@ "type": "issue-tracker", "url": "http://liquibase.jira.com/browse/CORE" } + ], + "affectingVulnerabilities": [ + "7b0674fc-e326-47d0-b34b-b5bfb523784b" ] }, { @@ -21655,6 +22240,9 @@ "type": "vcs", "url": "https://github.com/ceki/logback" } + ], + "affectingVulnerabilities": [ + "0d58391c-d0fe-4b46-8f8d-6a49db7fb354" ] }, { @@ -21712,6 +22300,10 @@ "type": "vcs", "url": "https://github.com/ceki/logback" } + ], + "affectingVulnerabilities": [ + "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "0d58391c-d0fe-4b46-8f8d-6a49db7fb354" ] }, { @@ -22937,6 +23529,16 @@ "type": "vcs", "url": "https://bitbucket.org/asomov/snakeyaml/src" } + ], + "affectingVulnerabilities": [ + "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "5ab41975-23cc-45e0-9a13-be603ea00595", + "dff65990-715e-4f71-aace-60d4436af108", + "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "38c08d91-3487-44c4-b258-d5a274a4ad05", + "da9ea5d3-a3c2-4d1b-8425-a799e47a804f" ] }, { @@ -24202,57 +24804,12 @@ "name": "guava", "version": "24.1.1-jre", "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", - "hashes": [ - { - "alg": "MD5", - "content": "361459dd415a18e4750b7fa0cdd9e747" - }, - { - "alg": "SHA-1", - "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" - }, - { - "alg": "SHA-256", - "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" - }, - { - "alg": "SHA-512", - "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" - }, - { - "alg": "SHA3-256", - "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" - }, - { - "alg": "SHA3-512", - "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", - "externalReferences": [ - { - "type": "build-system", - "url": "https://travis-ci.org/google/guava" - }, - { - "type": "issue-tracker", - "url": "https://github.com/google/guava/issues" - }, - { - "type": "vcs", - "url": "https://github.com/google/guava" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -24294,57 +24851,12 @@ "name": "guava", "version": "24.1.1-jre", "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", - "hashes": [ - { - "alg": "MD5", - "content": "361459dd415a18e4750b7fa0cdd9e747" - }, - { - "alg": "SHA-1", - "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" - }, - { - "alg": "SHA-256", - "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" - }, - { - "alg": "SHA-512", - "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" - }, - { - "alg": "SHA3-256", - "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" - }, - { - "alg": "SHA3-512", - "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", - "externalReferences": [ - { - "type": "build-system", - "url": "https://travis-ci.org/google/guava" - }, - { - "type": "issue-tracker", - "url": "https://github.com/google/guava/issues" - }, - { - "type": "vcs", - "url": "https://github.com/google/guava" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -24385,53 +24897,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -24472,53 +24943,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -24559,53 +24989,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -24646,53 +25035,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -24733,53 +25081,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -24820,53 +25127,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -24907,53 +25173,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -24994,53 +25219,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -25081,53 +25265,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -25168,53 +25311,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -25255,53 +25357,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -25342,53 +25403,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -25429,53 +25449,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -25516,53 +25495,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -25603,53 +25541,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -25690,53 +25587,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -25777,53 +25633,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -25864,53 +25679,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ + "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -25951,53 +25725,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -26038,53 +25771,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -26126,53 +25818,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -26213,53 +25864,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -26300,53 +25910,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -26387,53 +25956,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -26474,53 +26002,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -26561,53 +26048,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -26648,53 +26094,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -26735,53 +26140,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -26822,53 +26186,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -26909,53 +26232,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -26996,53 +26278,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -27083,53 +26324,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -27170,53 +26370,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -27257,53 +26416,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -27344,53 +26462,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -27432,53 +26509,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -27520,53 +26556,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -27607,53 +26602,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -27694,53 +26648,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -27781,53 +26694,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -27868,53 +26740,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], - "licenses": [ + "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -27956,53 +26787,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -28043,53 +26833,12 @@ "name": "jackson-databind", "version": "2.9.10", "description": "General data-binding functionality for Jackson: works on core streaming API", - "hashes": [ - { - "alg": "MD5", - "content": "ff43d79c624b0f7d465542fee6648474" - }, - { - "alg": "SHA-1", - "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" - }, - { - "alg": "SHA-256", - "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" - }, - { - "alg": "SHA-512", - "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" - }, - { - "alg": "SHA3-256", - "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" - }, - { - "alg": "SHA3-512", - "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "http://github.com/FasterXML/jackson-databind" - }, - { - "type": "website", - "url": "http://fasterxml.com/" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - } ] } ] @@ -28128,34 +26877,7 @@ "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", "group": "io.dropwizard", "name": "dropwizard-validation", - "version": "1.3.15", - "hashes": [ - { - "alg": "MD5", - "content": "0557207f6f05c684958ff0c524ed97de" - }, - { - "alg": "SHA-1", - "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" - }, - { - "alg": "SHA-256", - "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" - }, - { - "alg": "SHA-512", - "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" - }, - { - "alg": "SHA3-256", - "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" - }, - { - "alg": "SHA3-512", - "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" - } - ], - "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + "version": "1.3.15" } ] }, @@ -28193,34 +26915,7 @@ "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", "group": "io.dropwizard", "name": "dropwizard-validation", - "version": "1.3.15", - "hashes": [ - { - "alg": "MD5", - "content": "0557207f6f05c684958ff0c524ed97de" - }, - { - "alg": "SHA-1", - "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" - }, - { - "alg": "SHA-256", - "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" - }, - { - "alg": "SHA-512", - "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" - }, - { - "alg": "SHA3-256", - "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" - }, - { - "alg": "SHA3-512", - "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" - } - ], - "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + "version": "1.3.15" } ] }, @@ -28260,49 +26955,12 @@ "name": "snakeyaml", "version": "1.23", "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } ] } ] @@ -28344,49 +27002,12 @@ "name": "snakeyaml", "version": "1.23", "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } ] } ] @@ -28428,49 +27049,12 @@ "name": "snakeyaml", "version": "1.23", "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } ] } ] @@ -28512,49 +27096,12 @@ "name": "snakeyaml", "version": "1.23", "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } ] } ] @@ -28596,49 +27143,12 @@ "name": "snakeyaml", "version": "1.23", "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } ] } ] @@ -28680,49 +27190,12 @@ "name": "snakeyaml", "version": "1.23", "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } ] } ] @@ -28764,49 +27237,12 @@ "name": "snakeyaml", "version": "1.23", "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } ] } ] @@ -28848,49 +27284,12 @@ "name": "snakeyaml", "version": "1.23", "description": "YAML 1.1 parser and emitter for Java", - "hashes": [ - { - "alg": "MD5", - "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" - }, - { - "alg": "SHA-1", - "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" - }, - { - "alg": "SHA-256", - "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" - }, - { - "alg": "SHA-512", - "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" - }, - { - "alg": "SHA3-256", - "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" - }, - { - "alg": "SHA3-512", - "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", - "externalReferences": [ - { - "type": "issue-tracker", - "url": "https://bitbucket.org/asomov/snakeyaml/issues" - }, - { - "type": "vcs", - "url": "https://bitbucket.org/asomov/snakeyaml/src" - } ] } ] @@ -28931,32 +27330,6 @@ "name": "logback-core", "version": "1.2.3", "description": "logback-core module", - "hashes": [ - { - "alg": "MD5", - "content": "841fc80c6edff60d947a3872a2db4d45" - }, - { - "alg": "SHA-1", - "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" - }, - { - "alg": "SHA-256", - "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" - }, - { - "alg": "SHA-512", - "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" - }, - { - "alg": "SHA3-256", - "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" - }, - { - "alg": "SHA3-512", - "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" - } - ], "licenses": [ { "license": { @@ -28964,21 +27337,6 @@ "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" } } - ], - "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.qos.ch" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "vcs", - "url": "https://github.com/ceki/logback" - } ] } ] @@ -29019,32 +27377,6 @@ "name": "logback-core", "version": "1.2.3", "description": "logback-core module", - "hashes": [ - { - "alg": "MD5", - "content": "841fc80c6edff60d947a3872a2db4d45" - }, - { - "alg": "SHA-1", - "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" - }, - { - "alg": "SHA-256", - "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" - }, - { - "alg": "SHA-512", - "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" - }, - { - "alg": "SHA3-256", - "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" - }, - { - "alg": "SHA3-512", - "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" - } - ], "licenses": [ { "license": { @@ -29052,21 +27384,6 @@ "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" } } - ], - "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.qos.ch" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "vcs", - "url": "https://github.com/ceki/logback" - } ] } ] @@ -29107,32 +27424,6 @@ "name": "logback-classic", "version": "1.2.3", "description": "logback-classic module", - "hashes": [ - { - "alg": "MD5", - "content": "64f7a68f931aed8e5ad8243470440f0b" - }, - { - "alg": "SHA-1", - "content": "7c4f3c474fb2c041d8028740440937705ebb473a" - }, - { - "alg": "SHA-256", - "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" - }, - { - "alg": "SHA-512", - "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" - }, - { - "alg": "SHA3-256", - "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" - }, - { - "alg": "SHA3-512", - "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" - } - ], "licenses": [ { "license": { @@ -29140,21 +27431,6 @@ "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" } } - ], - "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.qos.ch" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "vcs", - "url": "https://github.com/ceki/logback" - } ] } ] @@ -29195,61 +27471,12 @@ "name": "jetty-server", "version": "9.4.18.v20190429", "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -29290,61 +27517,12 @@ "name": "jetty-server", "version": "9.4.18.v20190429", "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -29387,61 +27565,12 @@ "name": "jetty-server", "version": "9.4.18.v20190429", "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -29482,61 +27611,12 @@ "name": "jetty-server", "version": "9.4.18.v20190429", "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -29578,61 +27658,12 @@ "name": "jetty-server", "version": "9.4.18.v20190429", "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -29673,61 +27704,12 @@ "name": "jetty-server", "version": "9.4.18.v20190429", "description": "The core jetty server artifact.", - "hashes": [ - { - "alg": "MD5", - "content": "b0bc6045c38e309d41f84d3c60fb31cd" - }, - { - "alg": "SHA-1", - "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" - }, - { - "alg": "SHA-256", - "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" - }, - { - "alg": "SHA-512", - "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" - }, - { - "alg": "SHA3-256", - "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" - }, - { - "alg": "SHA3-512", - "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -29768,61 +27750,12 @@ "name": "jetty-http", "version": "9.4.18.v20190429", "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "0f5299204d64fb561a8062f594185dc6" - }, - { - "alg": "SHA-1", - "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" - }, - { - "alg": "SHA-256", - "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" - }, - { - "alg": "SHA-512", - "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" - }, - { - "alg": "SHA3-256", - "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" - }, - { - "alg": "SHA3-512", - "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -29863,61 +27796,12 @@ "name": "jetty-http", "version": "9.4.18.v20190429", "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "0f5299204d64fb561a8062f594185dc6" - }, - { - "alg": "SHA-1", - "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" - }, - { - "alg": "SHA-256", - "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" - }, - { - "alg": "SHA-512", - "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" - }, - { - "alg": "SHA3-256", - "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" - }, - { - "alg": "SHA3-512", - "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -29960,61 +27844,12 @@ "name": "jetty-webapp", "version": "9.4.18.v20190429", "description": "Jetty web application support", - "hashes": [ - { - "alg": "MD5", - "content": "044d3037d9a5b94c8ed938d89045e06b" - }, - { - "alg": "SHA-1", - "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" - }, - { - "alg": "SHA-256", - "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" - }, - { - "alg": "SHA-512", - "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" - }, - { - "alg": "SHA3-256", - "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" - }, - { - "alg": "SHA3-512", - "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -30055,61 +27890,12 @@ "name": "jetty-xml", "version": "9.4.18.v20190429", "description": "The jetty xml utilities.", - "hashes": [ - { - "alg": "MD5", - "content": "637f8a266afa4cb043e1d142c7cacb33" - }, - { - "alg": "SHA-1", - "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" - }, - { - "alg": "SHA-256", - "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" - }, - { - "alg": "SHA-512", - "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" - }, - { - "alg": "SHA3-256", - "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" - }, - { - "alg": "SHA3-512", - "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -30150,61 +27936,12 @@ "name": "jetty-servlets", "version": "9.4.18.v20190429", "description": "Utility Servlets from Jetty", - "hashes": [ - { - "alg": "MD5", - "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" - }, - { - "alg": "SHA-1", - "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" - }, - { - "alg": "SHA-256", - "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" - }, - { - "alg": "SHA-512", - "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" - }, - { - "alg": "SHA3-256", - "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" - }, - { - "alg": "SHA3-512", - "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -30245,61 +27982,12 @@ "name": "jetty-servlets", "version": "9.4.18.v20190429", "description": "Utility Servlets from Jetty", - "hashes": [ - { - "alg": "MD5", - "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" - }, - { - "alg": "SHA-1", - "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" - }, - { - "alg": "SHA-256", - "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" - }, - { - "alg": "SHA-512", - "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" - }, - { - "alg": "SHA3-256", - "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" - }, - { - "alg": "SHA3-512", - "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -30341,32 +28029,6 @@ "name": "junit", "version": "4.12", "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", - "hashes": [ - { - "alg": "MD5", - "content": "5b38c40c97fbd0adee29f91e60405584" - }, - { - "alg": "SHA-1", - "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" - }, - { - "alg": "SHA-256", - "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" - }, - { - "alg": "SHA-512", - "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" - }, - { - "alg": "SHA3-256", - "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" - }, - { - "alg": "SHA3-512", - "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" - } - ], "licenses": [ { "license": { @@ -30374,33 +28036,6 @@ "url": "http://www.eclipse.org/legal/epl-v10.html" } } - ], - "purl": "pkg:maven/junit/junit@4.12?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.junit.org" - }, - { - "type": "build-system", - "url": "https://junit.ci.cloudbees.com/" - }, - { - "type": "distribution", - "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" - }, - { - "type": "issue-tracker", - "url": "https://github.com/junit-team/junit/issues" - }, - { - "type": "mailing-list", - "url": "https://groups.yahoo.com/neo/groups/junit/info" - }, - { - "type": "vcs", - "url": "http://github.com/junit-team/junit/tree/master" - } ] } ] @@ -30433,49 +28068,12 @@ "name": "byte-buddy", "version": "1.9.7", "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", - "hashes": [ - { - "alg": "MD5", - "content": "3038371407163c76c89749c3a7c458b0" - }, - { - "alg": "SHA-1", - "content": "8fea78fea6449e1738b675cb155ce8422661e237" - }, - { - "alg": "SHA-256", - "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" - }, - { - "alg": "SHA-512", - "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" - }, - { - "alg": "SHA3-256", - "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" - }, - { - "alg": "SHA3-512", - "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", - "externalReferences": [ - { - "type": "distribution", - "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" - }, - { - "type": "issue-tracker", - "url": "https://github.com/raphw/byte-buddy/issues" - } ] } ] @@ -30509,49 +28107,12 @@ "name": "byte-buddy", "version": "1.9.7", "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", - "hashes": [ - { - "alg": "MD5", - "content": "3038371407163c76c89749c3a7c458b0" - }, - { - "alg": "SHA-1", - "content": "8fea78fea6449e1738b675cb155ce8422661e237" - }, - { - "alg": "SHA-256", - "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" - }, - { - "alg": "SHA-512", - "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" - }, - { - "alg": "SHA3-256", - "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" - }, - { - "alg": "SHA3-512", - "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", - "externalReferences": [ - { - "type": "distribution", - "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" - }, - { - "type": "issue-tracker", - "url": "https://github.com/raphw/byte-buddy/issues" - } ] } ] @@ -30592,32 +28153,6 @@ "name": "hibernate-core", "version": "5.2.18.Final", "description": "The core O/RM functionality as provided by Hibernate", - "hashes": [ - { - "alg": "MD5", - "content": "a5e6ac320c1b5fd739d213dc050cfc29" - }, - { - "alg": "SHA-1", - "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" - }, - { - "alg": "SHA-256", - "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" - }, - { - "alg": "SHA-512", - "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" - }, - { - "alg": "SHA3-256", - "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" - }, - { - "alg": "SHA3-512", - "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" - } - ], "licenses": [ { "license": { @@ -30625,21 +28160,6 @@ "url": "http://www.gnu.org/licenses/lgpl-2.1.html" } } - ], - "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://hibernate.org" - }, - { - "type": "issue-tracker", - "url": "https://hibernate.atlassian.net/browse/HHH" - }, - { - "type": "vcs", - "url": "http://github.com/hibernate/hibernate-orm" - } ] } ] @@ -30680,32 +28200,6 @@ "name": "hibernate-core", "version": "5.2.18.Final", "description": "The core O/RM functionality as provided by Hibernate", - "hashes": [ - { - "alg": "MD5", - "content": "a5e6ac320c1b5fd739d213dc050cfc29" - }, - { - "alg": "SHA-1", - "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" - }, - { - "alg": "SHA-256", - "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" - }, - { - "alg": "SHA-512", - "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" - }, - { - "alg": "SHA3-256", - "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" - }, - { - "alg": "SHA3-512", - "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" - } - ], "licenses": [ { "license": { @@ -30713,21 +28207,6 @@ "url": "http://www.gnu.org/licenses/lgpl-2.1.html" } } - ], - "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://hibernate.org" - }, - { - "type": "issue-tracker", - "url": "https://hibernate.atlassian.net/browse/HHH" - }, - { - "type": "vcs", - "url": "http://github.com/hibernate/hibernate-orm" - } ] } ] @@ -30768,32 +28247,6 @@ "name": "dom4j", "version": "2.1.1", "description": "flexible XML framework for Java", - "hashes": [ - { - "alg": "MD5", - "content": "f5710c1d5f5627ae5ce850a0b12ea87a" - }, - { - "alg": "SHA-1", - "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" - }, - { - "alg": "SHA-256", - "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" - }, - { - "alg": "SHA-512", - "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" - }, - { - "alg": "SHA3-256", - "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" - }, - { - "alg": "SHA3-512", - "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" - } - ], "licenses": [ { "license": { @@ -30801,8 +28254,7 @@ "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" } } - ], - "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + ] } ] }, @@ -30842,57 +28294,12 @@ "name": "httpclient", "version": "4.5.7", "description": "Apache HttpComponents Client", - "hashes": [ - { - "alg": "MD5", - "content": "deed71468af21d6f0cf02bf853ac02ec" - }, - { - "alg": "SHA-1", - "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" - }, - { - "alg": "SHA-256", - "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" - }, - { - "alg": "SHA-512", - "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" - }, - { - "alg": "SHA3-256", - "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" - }, - { - "alg": "SHA3-512", - "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.apache.org/" - }, - { - "type": "issue-tracker", - "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" - }, - { - "type": "mailing-list", - "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" - }, - { - "type": "distribution", - "url": "https://repository.apache.org/service/local/staging/deploy/maven2" - } ] } ] @@ -30933,57 +28340,12 @@ "name": "liquibase-core", "version": "3.6.3", "description": "Liquibase is a tool for managing and executing database changes.", - "hashes": [ - { - "alg": "MD5", - "content": "455a827f017027c276fdfc1ec0bba595" - }, - { - "alg": "SHA-1", - "content": "737c5a4fac26ee760d016923c83481ff933e4875" - }, - { - "alg": "SHA-256", - "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" - }, - { - "alg": "SHA-512", - "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" - }, - { - "alg": "SHA3-256", - "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" - }, - { - "alg": "SHA3-512", - "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" - } - ], "licenses": [ { "license": { "id": "Apache-2.0" } } - ], - "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.liquibase.org" - }, - { - "type": "build-system", - "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" - }, - { - "type": "issue-tracker", - "url": "http://liquibase.jira.com/browse/CORE" - } ] } ] @@ -31025,61 +28387,12 @@ "name": "http2-server", "version": "9.4.18.v20190429", "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "9c82833f49671905299a1a0d0edc031d" - }, - { - "alg": "SHA-1", - "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" - }, - { - "alg": "SHA-256", - "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" - }, - { - "alg": "SHA-512", - "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" - }, - { - "alg": "SHA3-256", - "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" - }, - { - "alg": "SHA3-512", - "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -31120,61 +28433,12 @@ "name": "http2-server", "version": "9.4.18.v20190429", "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "9c82833f49671905299a1a0d0edc031d" - }, - { - "alg": "SHA-1", - "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" - }, - { - "alg": "SHA-256", - "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" - }, - { - "alg": "SHA-512", - "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" - }, - { - "alg": "SHA3-256", - "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" - }, - { - "alg": "SHA3-512", - "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -31215,61 +28479,12 @@ "name": "http2-common", "version": "9.4.18.v20190429", "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "d4f0dede20f81acfb53f97c01fae71cf" - }, - { - "alg": "SHA-1", - "content": "6e3306d394aaaf41876220a818fb639faf5963b0" - }, - { - "alg": "SHA-256", - "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" - }, - { - "alg": "SHA-512", - "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" - }, - { - "alg": "SHA3-256", - "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" - }, - { - "alg": "SHA3-512", - "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -31310,61 +28525,12 @@ "name": "http2-common", "version": "9.4.18.v20190429", "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "d4f0dede20f81acfb53f97c01fae71cf" - }, - { - "alg": "SHA-1", - "content": "6e3306d394aaaf41876220a818fb639faf5963b0" - }, - { - "alg": "SHA-256", - "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" - }, - { - "alg": "SHA-512", - "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" - }, - { - "alg": "SHA3-256", - "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" - }, - { - "alg": "SHA3-512", - "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -31405,61 +28571,12 @@ "name": "http2-hpack", "version": "9.4.18.v20190429", "description": "The Eclipse Jetty Project", - "hashes": [ - { - "alg": "MD5", - "content": "0323c6dd472c456a99d068f171cbd661" - }, - { - "alg": "SHA-1", - "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" - }, - { - "alg": "SHA-256", - "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" - }, - { - "alg": "SHA-512", - "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" - }, - { - "alg": "SHA3-256", - "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" - }, - { - "alg": "SHA3-512", - "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" - } - ], "licenses": [ { "license": { "id": "EPL-1.0" } } - ], - "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "https://webtide.com" - }, - { - "type": "distribution", - "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/eclipse/jetty.project/issues" - }, - { - "type": "mailing-list", - "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" - }, - { - "type": "vcs", - "url": "https://github.com/eclipse/jetty.project" - } ] } ] @@ -31500,49 +28617,12 @@ "name": "amqp-client", "version": "4.4.1", "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", - "hashes": [ - { - "alg": "MD5", - "content": "1a2a6feac205524a636c06d86af2df2c" - }, - { - "alg": "SHA-1", - "content": "c442f6501595a6fb9c029409eca94888cc9a3106" - }, - { - "alg": "SHA-256", - "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" - }, - { - "alg": "SHA-512", - "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" - }, - { - "alg": "SHA3-256", - "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" - }, - { - "alg": "SHA3-512", - "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" - } - ], "licenses": [ { "license": { "id": "MPL-1.1" } } - ], - "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.rabbitmq.com" - }, - { - "type": "vcs", - "url": "https://github.com/rabbitmq/rabbitmq-java-client" - } ] } ] @@ -31583,49 +28663,12 @@ "name": "amqp-client", "version": "4.4.1", "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", - "hashes": [ - { - "alg": "MD5", - "content": "1a2a6feac205524a636c06d86af2df2c" - }, - { - "alg": "SHA-1", - "content": "c442f6501595a6fb9c029409eca94888cc9a3106" - }, - { - "alg": "SHA-256", - "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" - }, - { - "alg": "SHA-512", - "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" - }, - { - "alg": "SHA3-256", - "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" - }, - { - "alg": "SHA3-512", - "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" - } - ], "licenses": [ { "license": { "id": "MPL-1.1" } } - ], - "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", - "externalReferences": [ - { - "type": "website", - "url": "http://www.rabbitmq.com" - }, - { - "type": "vcs", - "url": "https://github.com/rabbitmq/rabbitmq-java-client" - } ] } ] @@ -31666,32 +28709,6 @@ "name": "h2", "version": "1.4.197", "description": "H2 Database Engine", - "hashes": [ - { - "alg": "MD5", - "content": "f9893acfa22b7fe1492dd9c515af2e5b" - }, - { - "alg": "SHA-1", - "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" - }, - { - "alg": "SHA-256", - "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" - }, - { - "alg": "SHA-512", - "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" - }, - { - "alg": "SHA3-256", - "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" - }, - { - "alg": "SHA3-512", - "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" - } - ], "licenses": [ { "license": { @@ -31699,13 +28716,6 @@ "url": "http://h2database.com/html/license.html" } } - ], - "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "https://github.com/h2database/h2database" - } ] } ] @@ -31746,32 +28756,6 @@ "name": "h2", "version": "1.4.197", "description": "H2 Database Engine", - "hashes": [ - { - "alg": "MD5", - "content": "f9893acfa22b7fe1492dd9c515af2e5b" - }, - { - "alg": "SHA-1", - "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" - }, - { - "alg": "SHA-256", - "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" - }, - { - "alg": "SHA-512", - "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" - }, - { - "alg": "SHA3-256", - "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" - }, - { - "alg": "SHA3-512", - "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" - } - ], "licenses": [ { "license": { @@ -31779,13 +28763,6 @@ "url": "http://h2database.com/html/license.html" } } - ], - "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", - "externalReferences": [ - { - "type": "vcs", - "url": "https://github.com/h2database/h2database" - } ] } ] diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index 9418a022e1..a95982532e 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -36,6 +36,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-03-25T17:04:19Z", "label": "Date published" @@ -65,7 +69,7 @@ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- hashes: [\n {\n alg: MD5,\n content: 361459dd415a18e4750b7fa0cdd9e747\n },\n {\n alg: SHA-1,\n content: 2e3014320a8005e3f3c1800cb246ed42db8cab81\n },\n {\n alg: SHA-256,\n content: 490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\n },\n {\n alg: SHA-512,\n content: f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\n },\n {\n alg: SHA3-256,\n content: 182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\n },\n {\n alg: SHA3-512,\n content: 245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\n- externalReferences: [\n {\n type: build-system,\n url: https://travis-ci.org/google/guava\n },\n {\n type: issue-tracker,\n url: https://github.com/google/guava/issues\n },\n {\n type: vcs,\n url: https://github.com/google/guava\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -86,6 +90,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-06-14T18:30:38Z", "label": "Date published" @@ -115,7 +123,7 @@ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- hashes: [\n {\n alg: MD5,\n content: 361459dd415a18e4750b7fa0cdd9e747\n },\n {\n alg: SHA-1,\n content: 2e3014320a8005e3f3c1800cb246ed42db8cab81\n },\n {\n alg: SHA-256,\n content: 490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf\n },\n {\n alg: SHA-512,\n content: f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c\n },\n {\n alg: SHA3-256,\n content: 182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083\n },\n {\n alg: SHA3-512,\n content: 245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar\n- externalReferences: [\n {\n type: build-system,\n url: https://travis-ci.org/google/guava\n },\n {\n type: issue-tracker,\n url: https://github.com/google/guava/issues\n },\n {\n type: vcs,\n url: https://github.com/google/guava\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -133,6 +141,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T21:08:40Z", "label": "Date published" @@ -162,7 +174,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -180,6 +192,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:44Z", "label": "Date published" @@ -209,7 +225,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -227,6 +243,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-10T21:12:41Z", "label": "Date published" @@ -256,7 +276,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -274,6 +294,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:50Z", "label": "Date published" @@ -303,7 +327,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -321,6 +345,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T20:19:02Z", "label": "Date published" @@ -350,7 +378,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -368,6 +396,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:47Z", "label": "Date published" @@ -397,7 +429,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -415,6 +447,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:58:54Z", "label": "Date published" @@ -444,7 +480,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -462,6 +498,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T21:36:03Z", "label": "Date published" @@ -491,7 +531,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -509,6 +549,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-23T16:32:59Z", "label": "Date published" @@ -538,7 +582,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -556,6 +600,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:50Z", "label": "Date published" @@ -585,7 +633,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -603,6 +651,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:43Z", "label": "Date published" @@ -632,7 +684,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -650,6 +702,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:46Z", "label": "Date published" @@ -679,7 +735,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -697,6 +753,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-18T14:44:48Z", "label": "Date published" @@ -726,7 +786,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -744,6 +804,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-03-04T20:52:14Z", "label": "Date published" @@ -773,7 +837,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -791,6 +855,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-07-15T19:41:47Z", "label": "Date published" @@ -820,7 +888,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -838,6 +906,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2019-11-13T00:32:27Z", "label": "Date published" @@ -867,7 +939,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -885,6 +957,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2019-11-13T00:32:38Z", "label": "Date published" @@ -914,7 +990,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -932,6 +1008,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2019-10-28T20:51:15Z", "label": "Date published" @@ -961,7 +1041,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -979,6 +1059,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:59:10Z", "label": "Date published" @@ -1008,7 +1092,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1026,6 +1110,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:59:01Z", "label": "Date published" @@ -1055,7 +1143,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1074,6 +1162,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:14:51Z", "label": "Date published" @@ -1103,7 +1195,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1121,6 +1213,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:36Z", "label": "Date published" @@ -1150,7 +1246,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1168,6 +1264,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:02Z", "label": "Date published" @@ -1197,7 +1297,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1215,6 +1315,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:26Z", "label": "Date published" @@ -1244,7 +1348,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1262,6 +1366,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-11-19T20:13:06Z", "label": "Date published" @@ -1291,7 +1399,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1309,6 +1417,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:51Z", "label": "Date published" @@ -1338,7 +1450,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1356,6 +1468,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:59Z", "label": "Date published" @@ -1385,7 +1501,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1403,6 +1519,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:42Z", "label": "Date published" @@ -1432,7 +1552,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1450,6 +1570,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:10Z", "label": "Date published" @@ -1479,7 +1603,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1497,6 +1621,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:54Z", "label": "Date published" @@ -1526,7 +1654,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1544,6 +1672,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:46Z", "label": "Date published" @@ -1573,7 +1705,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1591,6 +1723,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:18Z", "label": "Date published" @@ -1620,7 +1756,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1638,6 +1774,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:16:34Z", "label": "Date published" @@ -1667,7 +1807,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1685,6 +1825,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:24Z", "label": "Date published" @@ -1714,7 +1858,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1732,6 +1876,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:00Z", "label": "Date published" @@ -1761,7 +1909,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1780,6 +1928,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-09T19:15:11Z", "label": "Date published" @@ -1809,7 +1961,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1828,6 +1980,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -1857,7 +2013,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1875,6 +2031,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-01-20T21:20:15Z", "label": "Date published" @@ -1904,7 +2064,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1922,6 +2082,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-03-12T00:00:36Z", "label": "Date published" @@ -1951,7 +2115,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1969,6 +2133,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-02-18T20:51:54Z", "label": "Date published" @@ -1998,7 +2166,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2016,6 +2184,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-03-04T20:52:11Z", "label": "Date published" @@ -2045,7 +2217,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2064,6 +2236,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -2093,7 +2269,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2111,6 +2287,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-05-15T18:59:04Z", "label": "Date published" @@ -2140,7 +2320,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- hashes: [\n {\n alg: MD5,\n content: ff43d79c624b0f7d465542fee6648474\n },\n {\n alg: SHA-1,\n content: e201bb70b7469ba18dd58ed8268aa44e702fa2f0\n },\n {\n alg: SHA-256,\n content: 49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757\n },\n {\n alg: SHA-512,\n content: 18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2\n },\n {\n alg: SHA3-256,\n content: 470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f\n },\n {\n alg: SHA3-512,\n content: 35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: http://github.com/FasterXML/jackson-databind\n },\n {\n type: website,\n url: http://fasterxml.com/\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2160,6 +2340,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-04-10T18:42:20Z", "label": "Date published" @@ -2189,7 +2373,7 @@ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15\n- hashes: [\n {\n alg: MD5,\n content: 0557207f6f05c684958ff0c524ed97de\n },\n {\n alg: SHA-1,\n content: d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\n },\n {\n alg: SHA-256,\n content: 6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\n },\n {\n alg: SHA-512,\n content: e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\n },\n {\n alg: SHA3-256,\n content: 95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\n },\n {\n alg: SHA3-512,\n content: 39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\n }\n]\n- purl: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "message": "-Component Summary-\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15", "start_time": "" } ] @@ -2209,6 +2393,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-02-24T17:27:27Z", "label": "Date published" @@ -2238,7 +2426,7 @@ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15\n- hashes: [\n {\n alg: MD5,\n content: 0557207f6f05c684958ff0c524ed97de\n },\n {\n alg: SHA-1,\n content: d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2\n },\n {\n alg: SHA-256,\n content: 6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360\n },\n {\n alg: SHA-512,\n content: e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67\n },\n {\n alg: SHA3-256,\n content: 95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc\n },\n {\n alg: SHA3-512,\n content: 39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61\n }\n]\n- purl: pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "message": "-Component Summary-\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15", "start_time": "" } ] @@ -2258,6 +2446,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-04T21:37:45Z", "label": "Date published" @@ -2287,7 +2479,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2306,6 +2498,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2335,7 +2531,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2354,6 +2550,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-11-11T19:00:31Z", "label": "Date published" @@ -2383,7 +2583,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2402,6 +2602,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2431,7 +2635,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2450,6 +2654,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2479,7 +2687,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2498,6 +2706,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -2527,7 +2739,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2546,6 +2758,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-08-31T00:00:24Z", "label": "Date published" @@ -2575,7 +2791,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2594,6 +2810,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-12-12T21:19:47Z", "label": "Date published" @@ -2623,7 +2843,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- hashes: [\n {\n alg: MD5,\n content: 64ec8bd26b6d5034a87ecb1c8ce0efdc\n },\n {\n alg: SHA-1,\n content: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68\n },\n {\n alg: SHA-256,\n content: 13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1\n },\n {\n alg: SHA-512,\n content: 8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7\n },\n {\n alg: SHA3-256,\n content: 18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2\n },\n {\n alg: SHA3-512,\n content: 59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.yaml/snakeyaml@1.23?type=jar\n- externalReferences: [\n {\n type: issue-tracker,\n url: https://bitbucket.org/asomov/snakeyaml/issues\n },\n {\n type: vcs,\n url: https://bitbucket.org/asomov/snakeyaml/src\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2641,6 +2861,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-12-17T20:00:50Z", "label": "Date published" @@ -2670,7 +2894,7 @@ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- hashes: [\n {\n alg: MD5,\n content: 841fc80c6edff60d947a3872a2db4d45\n },\n {\n alg: SHA-1,\n content: 864344400c3d4d92dfeb0a305dc87d953677c03c\n },\n {\n alg: SHA-256,\n content: 5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\n },\n {\n alg: SHA-512,\n content: bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\n },\n {\n alg: SHA3-256,\n content: 7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\n },\n {\n alg: SHA3-512,\n content: 76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.qos.ch\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: vcs,\n url: https://github.com/ceki/logback\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -2688,6 +2912,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-11-29T12:30:16Z", "label": "Date published" @@ -2717,13 +2945,13 @@ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- hashes: [\n {\n alg: MD5,\n content: 841fc80c6edff60d947a3872a2db4d45\n },\n {\n alg: SHA-1,\n content: 864344400c3d4d92dfeb0a305dc87d953677c03c\n },\n {\n alg: SHA-256,\n content: 5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22\n },\n {\n alg: SHA-512,\n content: bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5\n },\n {\n alg: SHA3-256,\n content: 7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e\n },\n {\n alg: SHA3-512,\n content: 76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.qos.ch\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: vcs,\n url: https://github.com/ceki/logback\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n- group: ch.qos.logback\n- name: logback-classic\n- version: 1.2.3\n- description: logback-classic module\n- hashes: [\n {\n alg: MD5,\n content: 64f7a68f931aed8e5ad8243470440f0b\n },\n {\n alg: SHA-1,\n content: 7c4f3c474fb2c041d8028740440937705ebb473a\n },\n {\n alg: SHA-256,\n content: fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0\n },\n {\n alg: SHA-512,\n content: 9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1\n },\n {\n alg: SHA3-256,\n content: 7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24\n },\n {\n alg: SHA3-512,\n content: 0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.qos.ch\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: vcs,\n url: https://github.com/ceki/logback\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n- group: ch.qos.logback\n- name: logback-classic\n- version: 1.2.3\n- description: logback-classic module\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -2741,6 +2969,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-03-10T03:46:47Z", "label": "Date published" @@ -2770,7 +3002,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2788,6 +3020,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-23T20:23:04Z", "label": "Date published" @@ -2817,7 +3053,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2837,6 +3073,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-04-06T17:31:30Z", "label": "Date published" @@ -2866,7 +3106,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2884,6 +3124,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-04-18T22:19:57Z", "label": "Date published" @@ -2913,7 +3157,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2932,6 +3176,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-04-19T18:15:45Z", "label": "Date published" @@ -2961,7 +3209,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2979,6 +3227,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-12-02T18:28:18Z", "label": "Date published" @@ -3008,7 +3260,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- hashes: [\n {\n alg: MD5,\n content: b0bc6045c38e309d41f84d3c60fb31cd\n },\n {\n alg: SHA-1,\n content: b76ef50e04635f11d4d43bc6ccb7c4482a8384f0\n },\n {\n alg: SHA-256,\n content: 2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce\n },\n {\n alg: SHA-512,\n content: b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e\n },\n {\n alg: SHA3-256,\n content: 755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c\n },\n {\n alg: SHA3-512,\n content: bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3026,6 +3278,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-07-07T20:55:34Z", "label": "Date published" @@ -3055,7 +3311,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 0f5299204d64fb561a8062f594185dc6\n },\n {\n alg: SHA-1,\n content: c2e73db2db5c369326b717da71b6587b3da11e0e\n },\n {\n alg: SHA-256,\n content: a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\n },\n {\n alg: SHA-512,\n content: 93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\n },\n {\n alg: SHA3-256,\n content: 84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\n },\n {\n alg: SHA3-512,\n content: 08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3075,6 +3331,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-09-14T16:17:27Z", "label": "Date published" @@ -3104,7 +3364,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 0f5299204d64fb561a8062f594185dc6\n },\n {\n alg: SHA-1,\n content: c2e73db2db5c369326b717da71b6587b3da11e0e\n },\n {\n alg: SHA-256,\n content: a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73\n },\n {\n alg: SHA-512,\n content: 93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9\n },\n {\n alg: SHA3-256,\n content: 84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86\n },\n {\n alg: SHA3-512,\n content: 08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3126,6 +3386,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-11-04T17:50:24Z", "label": "Date published" @@ -3155,7 +3419,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n- group: org.eclipse.jetty\n- name: jetty-webapp\n- version: 9.4.18.v20190429\n- description: Jetty web application support\n- hashes: [\n {\n alg: MD5,\n content: 044d3037d9a5b94c8ed938d89045e06b\n },\n {\n alg: SHA-1,\n content: 9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d\n },\n {\n alg: SHA-256,\n content: 3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125\n },\n {\n alg: SHA-512,\n content: 09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea\n },\n {\n alg: SHA3-256,\n content: a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4\n },\n {\n alg: SHA3-512,\n content: c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n- group: org.eclipse.jetty\n- name: jetty-webapp\n- version: 9.4.18.v20190429\n- description: Jetty web application support\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3173,6 +3437,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-07-10T21:52:39Z", "label": "Date published" @@ -3202,7 +3470,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n- group: org.eclipse.jetty\n- name: jetty-xml\n- version: 9.4.18.v20190429\n- description: The jetty xml utilities.\n- hashes: [\n {\n alg: MD5,\n content: 637f8a266afa4cb043e1d142c7cacb33\n },\n {\n alg: SHA-1,\n content: dcd2806ee48e646fd4dcff81c7c6867fea2b52e8\n },\n {\n alg: SHA-256,\n content: 2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6\n },\n {\n alg: SHA-512,\n content: f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206\n },\n {\n alg: SHA3-256,\n content: acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940\n },\n {\n alg: SHA3-512,\n content: 53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n- group: org.eclipse.jetty\n- name: jetty-xml\n- version: 9.4.18.v20190429\n- description: The jetty xml utilities.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3220,6 +3488,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-10T15:43:22Z", "label": "Date published" @@ -3249,7 +3521,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- hashes: [\n {\n alg: MD5,\n content: ed9e6c52ea1c28d92b81bf5c4cff5e22\n },\n {\n alg: SHA-1,\n content: e5d174950a44c8f93e27cc2528eff5a6b55da2f3\n },\n {\n alg: SHA-256,\n content: 134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\n },\n {\n alg: SHA-512,\n content: ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\n },\n {\n alg: SHA3-256,\n content: 843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\n },\n {\n alg: SHA3-512,\n content: 7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3269,6 +3541,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-09-14T16:16:00Z", "label": "Date published" @@ -3298,7 +3574,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- hashes: [\n {\n alg: MD5,\n content: ed9e6c52ea1c28d92b81bf5c4cff5e22\n },\n {\n alg: SHA-1,\n content: e5d174950a44c8f93e27cc2528eff5a6b55da2f3\n },\n {\n alg: SHA-256,\n content: 134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc\n },\n {\n alg: SHA-512,\n content: ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a\n },\n {\n alg: SHA3-256,\n content: 843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3\n },\n {\n alg: SHA3-512,\n content: 7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3319,6 +3595,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-10-12T17:33:00Z", "label": "Date published" @@ -3348,7 +3628,7 @@ { "status": "failed", "code_desc": "Component junit/junit@4.12 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n- group: junit\n- name: junit\n- version: 4.12\n- description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n- hashes: [\n {\n alg: MD5,\n content: 5b38c40c97fbd0adee29f91e60405584\n },\n {\n alg: SHA-1,\n content: 2973d150c0dc1fefe998f834810d68f278ea58ec\n },\n {\n alg: SHA-256,\n content: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a\n },\n {\n alg: SHA-512,\n content: 5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce\n },\n {\n alg: SHA3-256,\n content: 02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a\n },\n {\n alg: SHA3-512,\n content: 9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.eclipse.org/legal/epl-v10.html\n }\n }\n]\n- purl: pkg:maven/junit/junit@4.12?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.junit.org\n },\n {\n type: build-system,\n url: https://junit.ci.cloudbees.com/\n },\n {\n type: distribution,\n url: https://github.com/junit-team/junit/wiki/Download-and-Install\n },\n {\n type: issue-tracker,\n url: https://github.com/junit-team/junit/issues\n },\n {\n type: mailing-list,\n url: https://groups.yahoo.com/neo/groups/junit/info\n },\n {\n type: vcs,\n url: http://github.com/junit-team/junit/tree/master\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n- group: junit\n- name: junit\n- version: 4.12\n- description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.eclipse.org/legal/epl-v10.html\n }\n }\n]", "start_time": "" } ] @@ -3366,6 +3646,10 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "", "label": "Date published" @@ -3394,7 +3678,7 @@ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- hashes: [\n {\n alg: MD5,\n content: 3038371407163c76c89749c3a7c458b0\n },\n {\n alg: SHA-1,\n content: 8fea78fea6449e1738b675cb155ce8422661e237\n },\n {\n alg: SHA-256,\n content: 69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\n },\n {\n alg: SHA-512,\n content: 20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\n },\n {\n alg: SHA3-256,\n content: fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\n },\n {\n alg: SHA3-512,\n content: 50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\n- externalReferences: [\n {\n type: distribution,\n url: https://api.bintray.com/maven/raphw/maven/ByteBuddy\n },\n {\n type: issue-tracker,\n url: https://github.com/raphw/byte-buddy/issues\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3412,6 +3696,10 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "", "label": "Date published" @@ -3440,7 +3728,7 @@ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- hashes: [\n {\n alg: MD5,\n content: 3038371407163c76c89749c3a7c458b0\n },\n {\n alg: SHA-1,\n content: 8fea78fea6449e1738b675cb155ce8422661e237\n },\n {\n alg: SHA-256,\n content: 69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39\n },\n {\n alg: SHA-512,\n content: 20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7\n },\n {\n alg: SHA3-256,\n content: fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e\n },\n {\n alg: SHA3-512,\n content: 50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar\n- externalReferences: [\n {\n type: distribution,\n url: https://api.bintray.com/maven/raphw/maven/ByteBuddy\n },\n {\n type: issue-tracker,\n url: https://github.com/raphw/byte-buddy/issues\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3458,6 +3746,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-02-09T22:57:29Z", "label": "Date published" @@ -3487,7 +3779,7 @@ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- hashes: [\n {\n alg: MD5,\n content: a5e6ac320c1b5fd739d213dc050cfc29\n },\n {\n alg: SHA-1,\n content: c1861a015d47f55ffc6cb120216d17af177e0b90\n },\n {\n alg: SHA-256,\n content: 4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\n },\n {\n alg: SHA-512,\n content: 1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\n },\n {\n alg: SHA3-256,\n content: ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\n },\n {\n alg: SHA3-512,\n content: 4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\n }\n]\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://hibernate.org\n },\n {\n type: issue-tracker,\n url: https://hibernate.atlassian.net/browse/HHH\n },\n {\n type: vcs,\n url: http://github.com/hibernate/hibernate-orm\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -3505,6 +3797,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-02-10T23:05:04Z", "label": "Date published" @@ -3534,7 +3830,7 @@ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- hashes: [\n {\n alg: MD5,\n content: a5e6ac320c1b5fd739d213dc050cfc29\n },\n {\n alg: SHA-1,\n content: c1861a015d47f55ffc6cb120216d17af177e0b90\n },\n {\n alg: SHA-256,\n content: 4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff\n },\n {\n alg: SHA-512,\n content: 1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37\n },\n {\n alg: SHA3-256,\n content: ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782\n },\n {\n alg: SHA3-512,\n content: 4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a\n }\n]\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]\n- purl: pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://hibernate.org\n },\n {\n type: issue-tracker,\n url: https://hibernate.atlassian.net/browse/HHH\n },\n {\n type: vcs,\n url: http://github.com/hibernate/hibernate-orm\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -3552,6 +3848,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2020-06-05T16:13:36Z", "label": "Date published" @@ -3581,7 +3881,7 @@ { "status": "failed", "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n- group: org.dom4j\n- name: dom4j\n- version: 2.1.1\n- description: flexible XML framework for Java\n- hashes: [\n {\n alg: MD5,\n content: f5710c1d5f5627ae5ce850a0b12ea87a\n },\n {\n alg: SHA-1,\n content: 3dce5dbb3571aa820c677fadd8349bfa8f00c199\n },\n {\n alg: SHA-256,\n content: a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128\n },\n {\n alg: SHA-512,\n content: 547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1\n },\n {\n alg: SHA3-256,\n content: e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90\n },\n {\n alg: SHA3-512,\n content: 00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959\n }\n]\n- licenses: [\n {\n license: {\n name: BSD 3-clause New License,\n url: https://github.com/dom4j/dom4j/blob/master/LICENSE\n }\n }\n]\n- purl: pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", + "message": "-Component Summary-\n- type: library\n- bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n- group: org.dom4j\n- name: dom4j\n- version: 2.1.1\n- description: flexible XML framework for Java\n- licenses: [\n {\n license: {\n name: BSD 3-clause New License,\n url: https://github.com/dom4j/dom4j/blob/master/LICENSE\n }\n }\n]", "start_time": "" } ] @@ -3599,6 +3899,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2021-06-03T23:40:23Z", "label": "Date published" @@ -3628,7 +3932,7 @@ { "status": "failed", "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n- group: org.apache.httpcomponents\n- name: httpclient\n- version: 4.5.7\n- description: Apache HttpComponents Client\n- hashes: [\n {\n alg: MD5,\n content: deed71468af21d6f0cf02bf853ac02ec\n },\n {\n alg: SHA-1,\n content: dda059f4908e1b548b7ba68d81a3b05897f27cb0\n },\n {\n alg: SHA-256,\n content: 807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330\n },\n {\n alg: SHA-512,\n content: 459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac\n },\n {\n alg: SHA3-256,\n content: 9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8\n },\n {\n alg: SHA3-512,\n content: f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.apache.org/\n },\n {\n type: issue-tracker,\n url: http://issues.apache.org/jira/browse/HTTPCLIENT\n },\n {\n type: mailing-list,\n url: http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/\n },\n {\n type: distribution,\n url: https://repository.apache.org/service/local/staging/deploy/maven2\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n- group: org.apache.httpcomponents\n- name: httpclient\n- version: 4.5.7\n- description: Apache HttpComponents Client\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3646,6 +3950,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-03-05T00:00:45Z", "label": "Date published" @@ -3675,7 +3983,7 @@ { "status": "failed", "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n- group: org.liquibase\n- name: liquibase-core\n- version: 3.6.3\n- description: Liquibase is a tool for managing and executing database changes.\n- hashes: [\n {\n alg: MD5,\n content: 455a827f017027c276fdfc1ec0bba595\n },\n {\n alg: SHA-1,\n content: 737c5a4fac26ee760d016923c83481ff933e4875\n },\n {\n alg: SHA-256,\n content: e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d\n },\n {\n alg: SHA-512,\n content: a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b\n },\n {\n alg: SHA3-256,\n content: 6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8\n },\n {\n alg: SHA3-512,\n content: 1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b\n }\n]\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]\n- purl: pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.liquibase.org\n },\n {\n type: build-system,\n url: https://circleci.com/gh/liquibase/liquibase/tree/master\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2\n },\n {\n type: issue-tracker,\n url: http://liquibase.jira.com/browse/CORE\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n- group: org.liquibase\n- name: liquibase-core\n- version: 3.6.3\n- description: Liquibase is a tool for managing and executing database changes.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3694,6 +4002,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-07-07T20:55:40Z", "label": "Date published" @@ -3723,7 +4035,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 9c82833f49671905299a1a0d0edc031d\n },\n {\n alg: SHA-1,\n content: 6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\n },\n {\n alg: SHA-256,\n content: 99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\n },\n {\n alg: SHA-512,\n content: 49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\n },\n {\n alg: SHA3-256,\n content: 866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\n },\n {\n alg: SHA3-512,\n content: 447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3741,6 +4053,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-10-10T21:28:24Z", "label": "Date published" @@ -3770,13 +4086,13 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 9c82833f49671905299a1a0d0edc031d\n },\n {\n alg: SHA-1,\n content: 6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d\n },\n {\n alg: SHA-256,\n content: 99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e\n },\n {\n alg: SHA-512,\n content: 49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6\n },\n {\n alg: SHA3-256,\n content: 866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132\n },\n {\n alg: SHA3-512,\n content: 447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: d4f0dede20f81acfb53f97c01fae71cf\n },\n {\n alg: SHA-1,\n content: 6e3306d394aaaf41876220a818fb639faf5963b0\n },\n {\n alg: SHA-256,\n content: d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601\n },\n {\n alg: SHA-512,\n content: 79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4\n },\n {\n alg: SHA3-256,\n content: edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451\n },\n {\n alg: SHA3-512,\n content: 4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3794,6 +4110,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2024-02-26T20:13:46Z", "label": "Date published" @@ -3823,7 +4143,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: d4f0dede20f81acfb53f97c01fae71cf\n },\n {\n alg: SHA-1,\n content: 6e3306d394aaaf41876220a818fb639faf5963b0\n },\n {\n alg: SHA-256,\n content: d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601\n },\n {\n alg: SHA-512,\n content: 79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4\n },\n {\n alg: SHA3-256,\n content: edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451\n },\n {\n alg: SHA3-512,\n content: 4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3841,6 +4161,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-10-10T21:16:23Z", "label": "Date published" @@ -3870,7 +4194,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n- group: org.eclipse.jetty.http2\n- name: http2-hpack\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- hashes: [\n {\n alg: MD5,\n content: 0323c6dd472c456a99d068f171cbd661\n },\n {\n alg: SHA-1,\n content: aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87\n },\n {\n alg: SHA-256,\n content: 7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf\n },\n {\n alg: SHA-512,\n content: 075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd\n },\n {\n alg: SHA3-256,\n content: f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636\n },\n {\n alg: SHA3-512,\n content: efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac\n }\n]\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]\n- purl: pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar\n- externalReferences: [\n {\n type: website,\n url: https://webtide.com\n },\n {\n type: distribution,\n url: https://oss.sonatype.org/service/local/staging/deploy/maven2/\n },\n {\n type: issue-tracker,\n url: https://github.com/eclipse/jetty.project/issues\n },\n {\n type: mailing-list,\n url: https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html\n },\n {\n type: vcs,\n url: https://github.com/eclipse/jetty.project\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n- group: org.eclipse.jetty.http2\n- name: http2-hpack\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3890,6 +4214,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2018-10-18T18:06:08Z", "label": "Date published" @@ -3919,7 +4247,7 @@ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- hashes: [\n {\n alg: MD5,\n content: 1a2a6feac205524a636c06d86af2df2c\n },\n {\n alg: SHA-1,\n content: c442f6501595a6fb9c029409eca94888cc9a3106\n },\n {\n alg: SHA-256,\n content: fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\n },\n {\n alg: SHA-512,\n content: 8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\n },\n {\n alg: SHA3-256,\n content: 4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\n },\n {\n alg: SHA3-512,\n content: a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\n }\n]\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]\n- purl: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.rabbitmq.com\n },\n {\n type: vcs,\n url: https://github.com/rabbitmq/rabbitmq-java-client\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", "start_time": "" } ] @@ -3937,6 +4265,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2023-10-24T01:49:09Z", "label": "Date published" @@ -3966,7 +4298,7 @@ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- hashes: [\n {\n alg: MD5,\n content: 1a2a6feac205524a636c06d86af2df2c\n },\n {\n alg: SHA-1,\n content: c442f6501595a6fb9c029409eca94888cc9a3106\n },\n {\n alg: SHA-256,\n content: fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc\n },\n {\n alg: SHA-512,\n content: 8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57\n },\n {\n alg: SHA3-256,\n content: 4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24\n },\n {\n alg: SHA3-512,\n content: a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9\n }\n]\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]\n- purl: pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar\n- externalReferences: [\n {\n type: website,\n url: http://www.rabbitmq.com\n },\n {\n type: vcs,\n url: https://github.com/rabbitmq/rabbitmq-java-client\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", "start_time": "" } ] @@ -3984,6 +4316,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-01-06T23:55:09Z", "label": "Date published" @@ -4013,7 +4349,7 @@ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- hashes: [\n {\n alg: MD5,\n content: f9893acfa22b7fe1492dd9c515af2e5b\n },\n {\n alg: SHA-1,\n content: bb391050048ca8ae3e32451b5a3714ecd3596a46\n },\n {\n alg: SHA-256,\n content: 37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\n },\n {\n alg: SHA-512,\n content: aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\n },\n {\n alg: SHA3-256,\n content: ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\n },\n {\n alg: SHA3-512,\n content: 1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\n }\n]\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]\n- purl: pkg:maven/com.h2database/h2@1.4.197?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: https://github.com/h2database/h2database\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", "start_time": "" } ] @@ -4033,6 +4369,10 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Date created" + }, { "data": "2022-01-21T23:07:39Z", "label": "Date published" @@ -4062,13 +4402,13 @@ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "Component Summary\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- hashes: [\n {\n alg: MD5,\n content: f9893acfa22b7fe1492dd9c515af2e5b\n },\n {\n alg: SHA-1,\n content: bb391050048ca8ae3e32451b5a3714ecd3596a46\n },\n {\n alg: SHA-256,\n content: 37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842\n },\n {\n alg: SHA-512,\n content: aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688\n },\n {\n alg: SHA3-256,\n content: ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203\n },\n {\n alg: SHA3-512,\n content: 1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354\n }\n]\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]\n- purl: pkg:maven/com.h2database/h2@1.4.197?type=jar\n- externalReferences: [\n {\n type: vcs,\n url: https://github.com/h2database/h2database\n }\n]", + "message": "-Component Summary-\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", "start_time": "" } ] } ], - "sha256": "47d6baff3f650950cb7e0dec0c43a91f6c0c73c42c1cd0a7db431aa7e43ae781" + "sha256": "fd192eaedaa13c9ad50248bfc57c44535dd8fe55aad9fa822e260b46976959a5" } ], "passthrough": { @@ -4190,6 +4530,10 @@ "type": "vcs", "url": "https://github.com/rabbitmq/rabbitmq-java-client" } + ], + "affectingVulnerabilities": [ + "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a" ] }, { @@ -4625,6 +4969,10 @@ "type": "issue-tracker", "url": "https://github.com/raphw/byte-buddy/issues" } + ], + "affectingVulnerabilities": [ + "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" ] }, { @@ -5149,7 +5497,10 @@ } } ], - "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", + "affectingVulnerabilities": [ + "55ebe39e-12f6-4360-aeba-9913ef7efb68" + ] }, { "type": "library", @@ -5897,7 +6248,11 @@ "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" } ], - "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "affectingVulnerabilities": [ + "f2fa9b19-418a-4901-9840-a8631227701e", + "00bc944f-fead-400b-8bbd-0c5b56ba2b14" + ] }, { "type": "library", @@ -6227,6 +6582,10 @@ "type": "distribution", "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" } + ], + "affectingVulnerabilities": [ + "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "bb03c210-ea12-450d-85df-17d81a75ede2" ] }, { @@ -6276,6 +6635,10 @@ "type": "vcs", "url": "https://github.com/h2database/h2database" } + ], + "affectingVulnerabilities": [ + "815a1358-2bd4-4028-bd3e-8219747c78f6", + "c8a50465-16df-44e0-84e9-7acff5870a51" ] }, { @@ -6438,6 +6801,10 @@ "type": "vcs", "url": "http://github.com/hibernate/hibernate-orm" } + ], + "affectingVulnerabilities": [ + "1f182b73-afb8-424c-8e08-533a0f702076", + "8ba20df5-3877-4825-a8f2-b52e2d2f86d8" ] }, { @@ -6786,6 +7153,10 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "affa7af3-427f-4223-8028-d9ac45e80e08" ] }, { @@ -6850,6 +7221,9 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9" ] }, { @@ -6914,6 +7288,10 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "affa7af3-427f-4223-8028-d9ac45e80e08" ] }, { @@ -6974,6 +7352,9 @@ "type": "distribution", "url": "https://repository.apache.org/service/local/staging/deploy/maven2" } + ], + "affectingVulnerabilities": [ + "8c0002e8-9326-40f7-9209-51020755ff02" ] }, { @@ -7254,6 +7635,51 @@ "type": "distribution", "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" } + ], + "affectingVulnerabilities": [ + "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "343cd240-f667-4770-aecf-ddc11f9d0172", + "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "97981cb2-9228-4b8b-a172-ad12f550a19f", + "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "c037af59-a132-4727-8cc3-c6095c490df7", + "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "e141c668-bc18-4738-b3b6-e7ba1057d124", + "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "3ad04380-a25c-41d8-8fad-259c2561795b", + "86f78c35-adfb-48e4-9428-88084373e1c0", + "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "00033bff-66dc-4a36-ab38-a10b0625409f", + "14e2856b-f78d-4a6d-99eb-470c8566df29", + "c224f923-be9a-4faa-a930-ef4db611bc2b", + "5201940b-1f04-4668-ae86-8261448d817d", + "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "950cff67-088e-4f41-9818-25943c9e17c0", + "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "9edaa51d-929b-457e-aab5-0fffecdb4938", + "6d5189b4-d549-419a-b886-43a62cc43d40", + "135c6dab-529e-4855-ab72-a0138e2110c8", + "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "5c0b94e1-0577-42c9-8028-f244d68f61da" ] }, { @@ -10140,6 +10566,10 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "c19b779d-2699-44de-a189-a0d18d8dc953", + "a2897b13-bdeb-4a6c-802e-abf09fef10a9" ] }, { @@ -10332,6 +10762,14 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6" ] }, { @@ -10460,6 +10898,10 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "d8add710-4eed-448d-b198-ecff8ffe86ea", + "123b8eaf-5572-4945-975d-21ed3c2f101d" ] }, { @@ -10652,6 +11094,9 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442" ] }, { @@ -10716,6 +11161,9 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } + ], + "affectingVulnerabilities": [ + "76910119-ee18-4144-855b-b2fdab20e33c" ] }, { @@ -11112,6 +11560,9 @@ "type": "vcs", "url": "http://github.com/junit-team/junit/tree/master" } + ], + "affectingVulnerabilities": [ + "499117ae-d134-4505-8674-ed498531e7a9" ] }, { @@ -11368,6 +11819,9 @@ "type": "issue-tracker", "url": "http://liquibase.jira.com/browse/CORE" } + ], + "affectingVulnerabilities": [ + "7b0674fc-e326-47d0-b34b-b5bfb523784b" ] }, { @@ -11588,6 +12042,9 @@ "type": "vcs", "url": "https://github.com/ceki/logback" } + ], + "affectingVulnerabilities": [ + "0d58391c-d0fe-4b46-8f8d-6a49db7fb354" ] }, { @@ -11645,6 +12102,10 @@ "type": "vcs", "url": "https://github.com/ceki/logback" } + ], + "affectingVulnerabilities": [ + "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "0d58391c-d0fe-4b46-8f8d-6a49db7fb354" ] }, { @@ -12870,6 +13331,16 @@ "type": "vcs", "url": "https://bitbucket.org/asomov/snakeyaml/src" } + ], + "affectingVulnerabilities": [ + "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "5ab41975-23cc-45e0-9a13-be603ea00595", + "dff65990-715e-4f71-aace-60d4436af108", + "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "38c08d91-3487-44c4-b258-d5a274a4ad05", + "da9ea5d3-a3c2-4d1b-8425-a799e47a804f" ] }, { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 5d0e2997bf..478bf7577d 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -111,12 +111,38 @@ export class SBOMResults { vulnerability.affectedComponents = []; for (const id of vulnerability.affects) { for (const component of data.components as Record[]) { - // Find every component that is affected via listed bom-refs and copy to an affected components list + // Find every component that is affected via listed bom-refs if (component['bom-ref'] === id.ref) { - // Add that affected components list to the corresponding vulnerability object + // Add that affected component to the corresponding vulnerability object + // Selectively pick out fields to display; full components are listed in full component structure ( vulnerability.affectedComponents as Record[] - ).push(component); + ).push( + _.pick(component, [ + 'type', + 'mime-type', + 'bom-ref', + 'supplier', + 'manufacturer', + 'authors', // Replaces `author` in v1.6 + 'author', // Deprecated in v1.6 + 'publisher', + 'group', + 'name', + 'version', + 'description', + 'licenses', + 'copyright' + ]) + ); + + if (!component.affectingVulnerabilities) { + component.affectingVulnerabilities = []; + } + // Also record the ID of the vulnerability in the component for use in bidirectional traversal + (component.affectingVulnerabilities as string[]).push( + vulnerability['bom-ref'] as string + ); } } } @@ -212,6 +238,10 @@ export class SBOMMapper extends BaseConverter { cwe: {path: 'cwes', transformer: formatCWETags} }, descriptions: [ + { + data: {path: 'created'}, + label: 'Date created' + }, { data: {path: 'published'}, label: 'Date published' @@ -256,7 +286,7 @@ export class SBOMMapper extends BaseConverter { }, message: { transformer: (input: Record): string => { - let msg = 'Component Summary'; + let msg = '-Component Summary-'; for (const item in input) { if (input[item] instanceof Array) { msg += `\n- ${item}: ${JSON.stringify(input[item], null, 2).replace(/\"/g, '')}`; From 043ca2bce5ba63f4f280a1a92590999d1d3bce1e Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Tue, 30 Jul 2024 15:30:51 -0400 Subject: [PATCH 24/61] VEX alignment changes Signed-off-by: Charles Hu --- .../sbom-dropwizard-no-vulns-hdf-withraw.json | 8 +- .../sbom-dropwizard-no-vulns-hdf.json | 8 +- .../sbom-dropwizard-vex-hdf-withraw.json | 3015 +++++++++++++++-- .../sbom_mapper/sbom-dropwizard-vex-hdf.json | 3015 +++++++++++++++-- .../sbom-dropwizard-vulns-hdf-withraw.json | 3015 +++++++++++++++-- .../sbom-dropwizard-vulns-hdf.json | 3015 +++++++++++++++-- .../sbom_mapper/sbom-saf-hdf-withraw.json | 6 +- .../sbom_mapper/sbom-saf-hdf.json | 6 +- libs/hdf-converters/src/sbom-mapper.ts | 134 +- 9 files changed, 11416 insertions(+), 806 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json index dfa7ca3cc0..ed05d94b38 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json @@ -7,18 +7,16 @@ "statistics": {}, "profiles": [ { - "name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7", - "title": "test 9", + "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9 CycloneDX BOM Report", "version": "SNAPSHOT", - "maintainer": "", "description": "This is the project I want to use to generate data to understand the schema a bit better", - "license": "", "supports": [], "attributes": [], "groups": [], "status": "loaded", "controls": [], - "sha256": "45a072f28e84cfb00c8cab2139b026114a1f548fff8551d51d84c8c13b05f772" + "sha256": "457073f76a4355932e902365ca9adf836dac722c1faa4ea1a78e3db202f28c68" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json index 6bc2e65c05..61fb2d29e3 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json @@ -7,18 +7,16 @@ "statistics": {}, "profiles": [ { - "name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7", - "title": "test 9", + "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9 CycloneDX BOM Report", "version": "SNAPSHOT", - "maintainer": "", "description": "This is the project I want to use to generate data to understand the schema a bit better", - "license": "", "supports": [], "attributes": [], "groups": [], "status": "loaded", "controls": [], - "sha256": "45a072f28e84cfb00c8cab2139b026114a1f548fff8551d51d84c8c13b05f772" + "sha256": "457073f76a4355932e902365ca9adf836dac722c1faa4ea1a78e3db202f28c68" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index 5f2bcdba66..cdb9290748 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -7,12 +7,10 @@ "statistics": {}, "profiles": [ { - "name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7", - "title": "test 9", + "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9 CycloneDX BOM Report", "version": "SNAPSHOT", - "maintainer": "", "description": "This is the project I want to use to generate data to understand the schema a bit better", - "license": "", "supports": [], "attributes": [], "groups": [], @@ -36,6 +34,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -47,6 +61,22 @@ { "data": "2023-11-09T18:44:38Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -60,9 +90,8 @@ } ], "source_location": {}, - "title": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "id": "GHSA-5mg8-w23w-74h3", - "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -90,6 +119,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -101,6 +146,22 @@ { "data": "2024-02-13T21:49:15Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -114,9 +175,8 @@ } ], "source_location": {}, - "title": "bb03c210-ea12-450d-85df-17d81a75ede2", + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "id": "GHSA-7g45-4rm6-3mm3", - "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -141,6 +201,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -152,6 +228,22 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -165,9 +257,8 @@ } ], "source_location": {}, - "title": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "id": "GHSA-5p34-5m6p-p58g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -192,6 +283,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -203,6 +310,22 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -216,9 +339,8 @@ } ], "source_location": {}, - "title": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "id": "GHSA-27xj-rqx5-2255", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -243,6 +365,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -254,6 +392,22 @@ { "data": "2023-02-01T05:03:03Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -267,9 +421,8 @@ } ], "source_location": {}, - "title": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "id": "GHSA-58pp-9c76-5625", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -294,6 +447,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -305,6 +474,22 @@ { "data": "2023-02-01T05:03:05Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -318,9 +503,8 @@ } ], "source_location": {}, - "title": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "id": "GHSA-v3xw-c963-f5hc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -345,6 +529,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -356,6 +556,22 @@ { "data": "2024-03-15T00:41:35Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -369,9 +585,8 @@ } ], "source_location": {}, - "title": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "id": "GHSA-h4rc-386g-6m85", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -396,6 +611,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -407,6 +638,22 @@ { "data": "2024-03-15T00:48:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -420,9 +667,8 @@ } ], "source_location": {}, - "title": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "id": "GHSA-9vvp-fxw6-jcxr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -447,6 +693,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -458,6 +720,22 @@ { "data": "2024-03-15T00:50:18Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -471,9 +749,8 @@ } ], "source_location": {}, - "title": "343cd240-f667-4770-aecf-ddc11f9d0172", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "id": "GHSA-rf6r-2c4q-2vwg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -498,6 +775,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -509,6 +802,22 @@ { "data": "2024-06-25T13:46:45Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -522,9 +831,8 @@ } ], "source_location": {}, - "title": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "id": "GHSA-758m-v56v-grj4", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -549,6 +857,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -560,9 +884,25 @@ { "data": "2024-07-03T21:10:50Z", "label": "Date updated" - } - ], - "refs": [ + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" + } + ], + "refs": [ { "ref": [ { @@ -573,9 +913,8 @@ } ], "source_location": {}, - "title": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "id": "GHSA-95cm-88f5-f2c7", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -600,6 +939,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -611,6 +966,22 @@ { "data": "2023-02-01T05:04:14Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -624,9 +995,8 @@ } ], "source_location": {}, - "title": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "id": "GHSA-c2q3-4qrh-fm48", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -651,6 +1021,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -662,6 +1048,22 @@ { "data": "2024-03-15T00:37:17Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -675,9 +1077,8 @@ } ], "source_location": {}, - "title": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "id": "GHSA-mc6h-4qgp-37qh", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -702,6 +1103,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -713,6 +1130,22 @@ { "data": "2024-03-15T00:39:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -726,9 +1159,8 @@ } ], "source_location": {}, - "title": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "id": "GHSA-j823-4qch-3rgm", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -753,6 +1185,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -764,6 +1212,22 @@ { "data": "2024-06-25T13:46:04Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -777,9 +1241,8 @@ } ], "source_location": {}, - "title": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "id": "GHSA-c265-37vj-cwcc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -804,6 +1267,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -815,6 +1294,22 @@ { "data": "2023-06-08T19:02:12Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -828,9 +1323,8 @@ } ], "source_location": {}, - "title": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "id": "GHSA-4w82-r329-3q67", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -855,6 +1349,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -866,6 +1376,22 @@ { "data": "2023-08-18T15:45:27Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -879,9 +1405,8 @@ } ], "source_location": {}, - "title": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "id": "GHSA-rpr3-cw39-3pxh", - "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -906,6 +1431,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -917,6 +1458,22 @@ { "data": "2023-09-14T14:55:20Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -930,9 +1487,8 @@ } ], "source_location": {}, - "title": "c037af59-a132-4727-8cc3-c6095c490df7", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "id": "GHSA-fmmc-742q-jg75", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -957,6 +1513,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -968,6 +1540,22 @@ { "data": "2023-09-14T14:55:25Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -981,9 +1569,8 @@ } ], "source_location": {}, - "title": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "id": "GHSA-gjmw-vf9h-g25v", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1008,6 +1595,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1019,6 +1622,22 @@ { "data": "2024-03-15T00:57:37Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1032,9 +1651,8 @@ } ], "source_location": {}, - "title": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "id": "GHSA-mx7p-6679-8g3q", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1059,6 +1677,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1070,6 +1704,22 @@ { "data": "2023-09-14T15:09:40Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1083,9 +1733,8 @@ } ], "source_location": {}, - "title": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "id": "GHSA-q93h-jc49-78gg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1112,15 +1761,47 @@ "descriptions": [ { "data": "", - "label": "Date created" + "label": "Detail" }, { - "data": "2020-05-15T18:59:01Z", + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, + { + "data": "", + "label": "Date created" + }, + { + "data": "2020-05-15T18:59:01Z", "label": "Date published" }, { "data": "2024-03-15T00:20:09Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1134,9 +1815,8 @@ } ], "source_location": {}, - "title": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "id": "GHSA-p43x-xfjf-5jhr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1162,6 +1842,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1173,6 +1869,22 @@ { "data": "2023-09-14T15:44:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1186,9 +1898,8 @@ } ], "source_location": {}, - "title": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "id": "GHSA-h3cw-g4mq-c5x2", - "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1213,6 +1924,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1224,6 +1951,22 @@ { "data": "2023-09-14T15:47:50Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1237,9 +1980,8 @@ } ], "source_location": {}, - "title": "3ad04380-a25c-41d8-8fad-259c2561795b", + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "id": "GHSA-qjw2-hr98-qgfh", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1264,6 +2006,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1275,6 +2033,22 @@ { "data": "2023-09-14T15:52:49Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1288,9 +2062,8 @@ } ], "source_location": {}, - "title": "86f78c35-adfb-48e4-9428-88084373e1c0", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "id": "GHSA-8w26-6f25-cm9x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1315,6 +2088,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1326,6 +2115,22 @@ { "data": "2023-09-14T15:53:30Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1339,9 +2144,8 @@ } ], "source_location": {}, - "title": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-m6x4-97wx-4q27", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1366,6 +2170,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1377,6 +2197,22 @@ { "data": "2023-09-14T15:59:33Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1390,9 +2226,8 @@ } ], "source_location": {}, - "title": "00033bff-66dc-4a36-ab38-a10b0625409f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "id": "GHSA-v585-23hc-c647", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1417,6 +2252,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1428,6 +2279,22 @@ { "data": "2023-09-14T16:01:31Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1441,9 +2308,8 @@ } ], "source_location": {}, - "title": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "id": "GHSA-r695-7vr9-jgc2", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1468,6 +2334,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1479,6 +2361,22 @@ { "data": "2023-09-14T16:04:22Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1492,9 +2390,8 @@ } ], "source_location": {}, - "title": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "id": "GHSA-vfqx-33qm-g869", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1519,6 +2416,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1530,6 +2443,22 @@ { "data": "2023-09-14T16:04:22Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1543,9 +2472,8 @@ } ], "source_location": {}, - "title": "5201940b-1f04-4668-ae86-8261448d817d", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "id": "GHSA-f9xh-2qgp-cq57", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1570,6 +2498,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1581,6 +2525,22 @@ { "data": "2023-09-14T16:07:00Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1594,9 +2554,8 @@ } ], "source_location": {}, - "title": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-cvm9-fjm9-3572", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1621,6 +2580,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1632,8 +2607,24 @@ { "data": "2023-09-14T16:07:40Z", "label": "Date updated" - } - ], + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" + } + ], "refs": [ { "ref": [ @@ -1645,9 +2636,8 @@ } ], "source_location": {}, - "title": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-9gph-22xh-8x98", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1672,6 +2662,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1683,6 +2689,22 @@ { "data": "2023-09-14T16:08:37Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1696,9 +2718,8 @@ } ], "source_location": {}, - "title": "950cff67-088e-4f41-9818-25943c9e17c0", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-89qr-369f-5m5x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1723,6 +2744,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1734,6 +2771,22 @@ { "data": "2023-09-14T16:13:01Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1747,9 +2800,8 @@ } ], "source_location": {}, - "title": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1774,6 +2826,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1785,6 +2853,22 @@ { "data": "2023-09-14T16:15:44Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1798,9 +2882,8 @@ } ], "source_location": {}, - "title": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "id": "GHSA-9m6f-7xcq-8vf8", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1825,6 +2908,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1836,6 +2935,22 @@ { "data": "2023-11-21T11:40:53Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1849,9 +2964,8 @@ } ], "source_location": {}, - "title": "6d5189b4-d549-419a-b886-43a62cc43d40", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "id": "GHSA-5r5r-6hpj-8gg9", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1876,6 +2990,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1887,6 +3017,22 @@ { "data": "2024-03-15T00:28:08Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1900,9 +3046,8 @@ } ], "source_location": {}, - "title": "135c6dab-529e-4855-ab72-a0138e2110c8", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-wh8g-3j2c-rqj5", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1928,6 +3073,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1939,6 +3100,22 @@ { "data": "2024-06-25T13:47:23Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1952,9 +3129,8 @@ } ], "source_location": {}, - "title": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "id": "GHSA-r3gr-cxrf-hg25", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1980,6 +3156,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1991,6 +3183,22 @@ { "data": "2024-03-15T00:14:44Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2004,9 +3212,8 @@ } ], "source_location": {}, - "title": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "id": "GHSA-jjjh-jjxp-wpff", - "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2031,6 +3238,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2042,6 +3265,22 @@ { "data": "2024-03-15T00:16:04Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2055,9 +3294,8 @@ } ], "source_location": {}, - "title": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-5949-rw7g-wx7w", - "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2082,6 +3320,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2093,6 +3347,22 @@ { "data": "2024-03-15T00:24:56Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2106,9 +3376,8 @@ } ], "source_location": {}, - "title": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", - "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2133,6 +3402,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2144,6 +3429,22 @@ { "data": "2024-03-15T00:31:24Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2157,9 +3458,8 @@ } ], "source_location": {}, - "title": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", - "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2186,15 +3486,47 @@ "descriptions": [ { "data": "", - "label": "Date created" + "label": "Detail" }, { - "data": "2020-03-04T20:52:11Z", + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, + { + "data": "", + "label": "Date created" + }, + { + "data": "2020-03-04T20:52:11Z", "label": "Date published" }, { "data": "2024-03-15T00:52:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2208,9 +3540,8 @@ } ], "source_location": {}, - "title": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "id": "GHSA-gww7-p5w4-wrfv", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2236,6 +3567,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2247,6 +3594,22 @@ { "data": "2024-03-24T05:01:05Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2260,9 +3623,8 @@ } ], "source_location": {}, - "title": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "id": "GHSA-rgv9-q543-rqg4", - "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2287,6 +3649,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2298,6 +3676,22 @@ { "data": "2024-07-03T21:10:31Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2311,9 +3705,8 @@ } ], "source_location": {}, - "title": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "id": "GHSA-fqwf-pjwf-7vqv", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2340,6 +3733,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2351,6 +3760,22 @@ { "data": "2023-01-09T05:02:18Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2364,9 +3789,8 @@ } ], "source_location": {}, - "title": "f2fa9b19-418a-4901-9840-a8631227701e", + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-8jpx-m2wh-2v34", - "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2393,6 +3817,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2404,6 +3844,22 @@ { "data": "2024-06-05T16:42:03Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2417,9 +3873,8 @@ } ], "source_location": {}, - "title": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-3mcp-9wr4-cjqf", - "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2446,6 +3901,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2457,6 +3928,22 @@ { "data": "2023-05-22T20:17:58Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2470,9 +3957,8 @@ } ], "source_location": {}, - "title": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "id": "GHSA-rvwf-54qp-4r6v", - "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2498,6 +3984,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2509,6 +4011,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2522,9 +4040,8 @@ } ], "source_location": {}, - "title": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "id": "GHSA-9w3m-gqgf-c4p9", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2550,6 +4067,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2561,6 +4094,22 @@ { "data": "2024-06-21T21:33:52Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2574,9 +4123,8 @@ } ], "source_location": {}, - "title": "5ab41975-23cc-45e0-9a13-be603ea00595", + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "id": "GHSA-w37g-rhq8-7m4j", - "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2602,6 +4150,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2613,6 +4177,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2626,9 +4206,8 @@ } ], "source_location": {}, - "title": "dff65990-715e-4f71-aace-60d4436af108", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-c4r9-r8fh-9vj2", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2654,6 +4233,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2665,6 +4260,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2678,9 +4289,8 @@ } ], "source_location": {}, - "title": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-hhhw-99gj-p3c3", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2706,6 +4316,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2717,8 +4343,24 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - } - ], + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" + } + ], "refs": [ { "ref": [ @@ -2730,9 +4372,8 @@ } ], "source_location": {}, - "title": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-98wm-3w3q-mw94", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2758,6 +4399,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2769,6 +4426,22 @@ { "data": "2024-03-15T19:06:46Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2782,9 +4455,8 @@ } ], "source_location": {}, - "title": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "id": "GHSA-3mc7-4q67-w48m", - "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2810,6 +4482,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2821,6 +4509,22 @@ { "data": "2024-06-24T21:22:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2834,9 +4538,8 @@ } ], "source_location": {}, - "title": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "id": "GHSA-mjmj-j48q-9wg2", - "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2861,6 +4564,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2872,6 +4591,22 @@ { "data": "2023-01-30T05:04:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2885,9 +4620,8 @@ } ], "source_location": {}, - "title": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "id": "GHSA-668q-qrv7-99fm", - "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2912,6 +4646,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2923,6 +4673,22 @@ { "data": "2023-12-05T21:31:13Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2936,9 +4702,8 @@ } ], "source_location": {}, - "title": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "id": "GHSA-vmq6-5m68-f53m", - "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2963,6 +4728,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2974,6 +4755,22 @@ { "data": "2023-02-01T05:05:09Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2987,9 +4784,8 @@ } ], "source_location": {}, - "title": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "id": "GHSA-m394-8rww-3jr7", - "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3014,6 +4810,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3025,6 +4837,22 @@ { "data": "2023-02-01T05:05:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3038,9 +4866,8 @@ } ], "source_location": {}, - "title": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "id": "GHSA-m6cp-vxjx-65j6", - "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3067,6 +4894,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3078,6 +4921,22 @@ { "data": "2023-09-26T11:11:47Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3091,9 +4950,8 @@ } ], "source_location": {}, - "title": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "id": "GHSA-26vr-8j45-3r4w", - "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3118,6 +4976,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3129,6 +5003,22 @@ { "data": "2023-11-06T05:01:53Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3142,9 +5032,8 @@ } ], "source_location": {}, - "title": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "id": "GHSA-p26g-97m4-6q7c", - "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3170,6 +5059,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3181,6 +5086,22 @@ { "data": "2023-11-06T05:02:06Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3194,9 +5115,8 @@ } ], "source_location": {}, - "title": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "id": "GHSA-qw69-rqj8-6qw8", - "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3221,6 +5141,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3232,6 +5168,22 @@ { "data": "2024-02-21T17:23:14Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3245,9 +5197,8 @@ } ], "source_location": {}, - "title": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "id": "GHSA-86wm-rrjm-8wh8", - "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3274,15 +5225,47 @@ "descriptions": [ { "data": "", - "label": "Date created" + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, + { + "data": "", + "label": "Date created" + }, + { + "data": "2022-07-07T20:55:34Z", + "label": "Date published" + }, + { + "data": "2023-01-29T05:06:01Z", + "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" }, { - "data": "2022-07-07T20:55:34Z", - "label": "Date published" + "data": "", + "label": "Tools" }, { - "data": "2023-01-29T05:06:01Z", - "label": "Date updated" + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3296,9 +5279,8 @@ } ], "source_location": {}, - "title": "c19b779d-2699-44de-a189-a0d18d8dc953", + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-cj7v-27pg-wf7q", - "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3325,6 +5307,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3336,6 +5334,22 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3349,9 +5363,8 @@ } ], "source_location": {}, - "title": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "id": "GHSA-hmr7-m48g-48f6", - "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3380,6 +5393,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3391,6 +5420,22 @@ { "data": "2023-11-27T23:07:53Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3404,9 +5449,8 @@ } ], "source_location": {}, - "title": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "id": "GHSA-g3wg-6mcf-8jj6", - "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3431,6 +5475,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3442,6 +5502,22 @@ { "data": "2023-09-05T22:39:32Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3455,9 +5531,8 @@ } ], "source_location": {}, - "title": "76910119-ee18-4144-855b-b2fdab20e33c", + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "id": "GHSA-58qw-p7qm-5rvh", - "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3482,6 +5557,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3493,6 +5584,22 @@ { "data": "2023-02-01T05:05:51Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3506,9 +5613,8 @@ } ], "source_location": {}, - "title": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "id": "GHSA-gwcr-j4wh-j3cq", - "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3535,6 +5641,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3546,6 +5668,22 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3559,9 +5697,8 @@ } ], "source_location": {}, - "title": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "id": "GHSA-3gh6-v5v9-6v9j", - "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3589,6 +5726,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3600,6 +5753,22 @@ { "data": "2023-02-01T05:04:50Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3613,9 +5782,8 @@ } ], "source_location": {}, - "title": "499117ae-d134-4505-8674-ed498531e7a9", + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "id": "GHSA-269g-pwp5-87pp", - "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3640,6 +5808,22 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3651,6 +5835,22 @@ { "data": "", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3663,9 +5863,8 @@ } ], "source_location": {}, - "title": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "title": "INT-f70z-tbpp-4o5d", "id": "INT-f70z-tbpp-4o5d", - "desc": "", "impact": 0.7, "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3690,6 +5889,22 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3701,6 +5916,22 @@ { "data": "", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3713,9 +5944,8 @@ } ], "source_location": {}, - "title": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "title": "testing", "id": "INT-63e3-49kp-blqt", - "desc": "testing", "impact": 0.3, "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3740,6 +5970,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3751,6 +5997,22 @@ { "data": "2024-06-27T16:39:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3764,9 +6026,8 @@ } ], "source_location": {}, - "title": "1f182b73-afb8-424c-8e08-533a0f702076", + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-j8jw-g6fq-mp7h", - "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3791,6 +6052,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3802,6 +6079,22 @@ { "data": "2024-06-27T18:05:49Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3815,9 +6108,8 @@ } ], "source_location": {}, - "title": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "id": "GHSA-8grg-q944-cch5", - "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3842,6 +6134,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3853,6 +6161,22 @@ { "data": "2023-01-27T05:02:30Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3866,9 +6190,8 @@ } ], "source_location": {}, - "title": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "id": "GHSA-hwj3-m3p6-hj38", - "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3893,6 +6216,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3904,6 +6243,22 @@ { "data": "2023-02-01T05:05:30Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3917,9 +6272,8 @@ } ], "source_location": {}, - "title": "8c0002e8-9326-40f7-9209-51020755ff02", + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "id": "GHSA-7r82-7xv7-xcpj", - "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3944,6 +6298,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3955,6 +6325,22 @@ { "data": "2023-01-27T05:02:46Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3968,9 +6354,8 @@ } ], "source_location": {}, - "title": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "id": "GHSA-jvfv-hrrc-6q72", - "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3996,6 +6381,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4007,6 +6408,22 @@ { "data": "2023-07-24T19:39:20Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4020,9 +6437,8 @@ } ], "source_location": {}, - "title": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-wgmr-mf83-7x4j", - "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4047,6 +6463,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4058,6 +6490,22 @@ { "data": "2024-06-21T21:34:00Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4071,9 +6519,8 @@ } ], "source_location": {}, - "title": "affa7af3-427f-4223-8028-d9ac45e80e08", + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "id": "GHSA-qppj-fm5r-hxr3", - "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4098,6 +6545,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4109,6 +6572,22 @@ { "data": "2024-05-02T18:38:19Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4122,9 +6601,8 @@ } ], "source_location": {}, - "title": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "id": "GHSA-rggv-cv7r-mw98", - "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4149,6 +6627,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4160,6 +6654,22 @@ { "data": "2024-06-21T21:33:57Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4173,9 +6683,8 @@ } ], "source_location": {}, - "title": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "id": "GHSA-wgh7-54f2-x98r", - "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4202,6 +6711,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4213,6 +6738,22 @@ { "data": "2023-01-09T05:03:38Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4226,9 +6767,8 @@ } ], "source_location": {}, - "title": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "id": "GHSA-w4g2-9hj6-5472", - "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4253,6 +6793,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4264,6 +6820,22 @@ { "data": "2023-11-05T05:04:23Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4277,9 +6849,8 @@ } ], "source_location": {}, - "title": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "id": "GHSA-mm8h-8587-p46h", - "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4304,6 +6875,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4315,6 +6902,22 @@ { "data": "2023-02-25T00:31:20Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4328,9 +6931,8 @@ } ], "source_location": {}, - "title": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", - "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4357,6 +6959,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4368,6 +6986,22 @@ { "data": "2023-08-18T15:47:05Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4381,9 +7015,8 @@ } ], "source_location": {}, - "title": "c8a50465-16df-44e0-84e9-7acff5870a51", + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", - "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4396,7 +7029,7 @@ ] } ], - "sha256": "b90c78f4c0936df3350a3460489cbc98ebb18a6edc000f68bf7f9f951ba54404" + "sha256": "634176f45fdaa430d9bf26811cbb8ecff144bf927eef299c238008755c86fd62" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json index 6144055773..e15e158b45 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -7,12 +7,10 @@ "statistics": {}, "profiles": [ { - "name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7", - "title": "test 9", + "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9 CycloneDX BOM Report", "version": "SNAPSHOT", - "maintainer": "", "description": "This is the project I want to use to generate data to understand the schema a bit better", - "license": "", "supports": [], "attributes": [], "groups": [], @@ -36,6 +34,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -47,6 +61,22 @@ { "data": "2023-11-09T18:44:38Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -60,9 +90,8 @@ } ], "source_location": {}, - "title": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "id": "GHSA-5mg8-w23w-74h3", - "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -90,6 +119,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -101,6 +146,22 @@ { "data": "2024-02-13T21:49:15Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -114,9 +175,8 @@ } ], "source_location": {}, - "title": "bb03c210-ea12-450d-85df-17d81a75ede2", + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "id": "GHSA-7g45-4rm6-3mm3", - "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -141,6 +201,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -152,6 +228,22 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -165,9 +257,8 @@ } ], "source_location": {}, - "title": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "id": "GHSA-5p34-5m6p-p58g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -192,6 +283,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -203,6 +310,22 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -216,9 +339,8 @@ } ], "source_location": {}, - "title": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "id": "GHSA-27xj-rqx5-2255", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -243,6 +365,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -254,6 +392,22 @@ { "data": "2023-02-01T05:03:03Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -267,9 +421,8 @@ } ], "source_location": {}, - "title": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "id": "GHSA-58pp-9c76-5625", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -294,6 +447,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -305,6 +474,22 @@ { "data": "2023-02-01T05:03:05Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -318,9 +503,8 @@ } ], "source_location": {}, - "title": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "id": "GHSA-v3xw-c963-f5hc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -345,6 +529,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -356,6 +556,22 @@ { "data": "2024-03-15T00:41:35Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -369,9 +585,8 @@ } ], "source_location": {}, - "title": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "id": "GHSA-h4rc-386g-6m85", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -396,6 +611,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -407,6 +638,22 @@ { "data": "2024-03-15T00:48:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -420,9 +667,8 @@ } ], "source_location": {}, - "title": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "id": "GHSA-9vvp-fxw6-jcxr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -447,6 +693,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -458,6 +720,22 @@ { "data": "2024-03-15T00:50:18Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -471,9 +749,8 @@ } ], "source_location": {}, - "title": "343cd240-f667-4770-aecf-ddc11f9d0172", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "id": "GHSA-rf6r-2c4q-2vwg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -498,6 +775,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -509,6 +802,22 @@ { "data": "2024-06-25T13:46:45Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -522,9 +831,8 @@ } ], "source_location": {}, - "title": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "id": "GHSA-758m-v56v-grj4", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -549,6 +857,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -560,9 +884,25 @@ { "data": "2024-07-03T21:10:50Z", "label": "Date updated" - } - ], - "refs": [ + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" + } + ], + "refs": [ { "ref": [ { @@ -573,9 +913,8 @@ } ], "source_location": {}, - "title": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "id": "GHSA-95cm-88f5-f2c7", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -600,6 +939,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -611,6 +966,22 @@ { "data": "2023-02-01T05:04:14Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -624,9 +995,8 @@ } ], "source_location": {}, - "title": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "id": "GHSA-c2q3-4qrh-fm48", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -651,6 +1021,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -662,6 +1048,22 @@ { "data": "2024-03-15T00:37:17Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -675,9 +1077,8 @@ } ], "source_location": {}, - "title": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "id": "GHSA-mc6h-4qgp-37qh", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -702,6 +1103,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -713,6 +1130,22 @@ { "data": "2024-03-15T00:39:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -726,9 +1159,8 @@ } ], "source_location": {}, - "title": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "id": "GHSA-j823-4qch-3rgm", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -753,6 +1185,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -764,6 +1212,22 @@ { "data": "2024-06-25T13:46:04Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -777,9 +1241,8 @@ } ], "source_location": {}, - "title": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "id": "GHSA-c265-37vj-cwcc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -804,6 +1267,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -815,6 +1294,22 @@ { "data": "2023-06-08T19:02:12Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -828,9 +1323,8 @@ } ], "source_location": {}, - "title": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "id": "GHSA-4w82-r329-3q67", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -855,6 +1349,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -866,6 +1376,22 @@ { "data": "2023-08-18T15:45:27Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -879,9 +1405,8 @@ } ], "source_location": {}, - "title": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "id": "GHSA-rpr3-cw39-3pxh", - "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -906,6 +1431,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -917,6 +1458,22 @@ { "data": "2023-09-14T14:55:20Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -930,9 +1487,8 @@ } ], "source_location": {}, - "title": "c037af59-a132-4727-8cc3-c6095c490df7", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "id": "GHSA-fmmc-742q-jg75", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -957,6 +1513,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -968,6 +1540,22 @@ { "data": "2023-09-14T14:55:25Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -981,9 +1569,8 @@ } ], "source_location": {}, - "title": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "id": "GHSA-gjmw-vf9h-g25v", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1008,6 +1595,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1019,6 +1622,22 @@ { "data": "2024-03-15T00:57:37Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1032,9 +1651,8 @@ } ], "source_location": {}, - "title": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "id": "GHSA-mx7p-6679-8g3q", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1059,6 +1677,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1070,6 +1704,22 @@ { "data": "2023-09-14T15:09:40Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1083,9 +1733,8 @@ } ], "source_location": {}, - "title": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "id": "GHSA-q93h-jc49-78gg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1112,15 +1761,47 @@ "descriptions": [ { "data": "", - "label": "Date created" + "label": "Detail" }, { - "data": "2020-05-15T18:59:01Z", + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, + { + "data": "", + "label": "Date created" + }, + { + "data": "2020-05-15T18:59:01Z", "label": "Date published" }, { "data": "2024-03-15T00:20:09Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1134,9 +1815,8 @@ } ], "source_location": {}, - "title": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "id": "GHSA-p43x-xfjf-5jhr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1162,6 +1842,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1173,6 +1869,22 @@ { "data": "2023-09-14T15:44:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1186,9 +1898,8 @@ } ], "source_location": {}, - "title": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "id": "GHSA-h3cw-g4mq-c5x2", - "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1213,6 +1924,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1224,6 +1951,22 @@ { "data": "2023-09-14T15:47:50Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1237,9 +1980,8 @@ } ], "source_location": {}, - "title": "3ad04380-a25c-41d8-8fad-259c2561795b", + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "id": "GHSA-qjw2-hr98-qgfh", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1264,6 +2006,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1275,6 +2033,22 @@ { "data": "2023-09-14T15:52:49Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1288,9 +2062,8 @@ } ], "source_location": {}, - "title": "86f78c35-adfb-48e4-9428-88084373e1c0", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "id": "GHSA-8w26-6f25-cm9x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1315,6 +2088,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1326,6 +2115,22 @@ { "data": "2023-09-14T15:53:30Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1339,9 +2144,8 @@ } ], "source_location": {}, - "title": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-m6x4-97wx-4q27", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1366,6 +2170,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1377,6 +2197,22 @@ { "data": "2023-09-14T15:59:33Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1390,9 +2226,8 @@ } ], "source_location": {}, - "title": "00033bff-66dc-4a36-ab38-a10b0625409f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "id": "GHSA-v585-23hc-c647", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1417,6 +2252,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1428,6 +2279,22 @@ { "data": "2023-09-14T16:01:31Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1441,9 +2308,8 @@ } ], "source_location": {}, - "title": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "id": "GHSA-r695-7vr9-jgc2", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1468,6 +2334,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1479,6 +2361,22 @@ { "data": "2023-09-14T16:04:22Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1492,9 +2390,8 @@ } ], "source_location": {}, - "title": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "id": "GHSA-vfqx-33qm-g869", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1519,6 +2416,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1530,6 +2443,22 @@ { "data": "2023-09-14T16:04:22Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1543,9 +2472,8 @@ } ], "source_location": {}, - "title": "5201940b-1f04-4668-ae86-8261448d817d", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "id": "GHSA-f9xh-2qgp-cq57", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1570,6 +2498,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1581,6 +2525,22 @@ { "data": "2023-09-14T16:07:00Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1594,9 +2554,8 @@ } ], "source_location": {}, - "title": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-cvm9-fjm9-3572", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1621,6 +2580,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1632,8 +2607,24 @@ { "data": "2023-09-14T16:07:40Z", "label": "Date updated" - } - ], + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" + } + ], "refs": [ { "ref": [ @@ -1645,9 +2636,8 @@ } ], "source_location": {}, - "title": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-9gph-22xh-8x98", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1672,6 +2662,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1683,6 +2689,22 @@ { "data": "2023-09-14T16:08:37Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1696,9 +2718,8 @@ } ], "source_location": {}, - "title": "950cff67-088e-4f41-9818-25943c9e17c0", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-89qr-369f-5m5x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1723,6 +2744,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1734,6 +2771,22 @@ { "data": "2023-09-14T16:13:01Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1747,9 +2800,8 @@ } ], "source_location": {}, - "title": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1774,6 +2826,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1785,6 +2853,22 @@ { "data": "2023-09-14T16:15:44Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1798,9 +2882,8 @@ } ], "source_location": {}, - "title": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "id": "GHSA-9m6f-7xcq-8vf8", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1825,6 +2908,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1836,6 +2935,22 @@ { "data": "2023-11-21T11:40:53Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1849,9 +2964,8 @@ } ], "source_location": {}, - "title": "6d5189b4-d549-419a-b886-43a62cc43d40", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "id": "GHSA-5r5r-6hpj-8gg9", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1876,6 +2990,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1887,6 +3017,22 @@ { "data": "2024-03-15T00:28:08Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1900,9 +3046,8 @@ } ], "source_location": {}, - "title": "135c6dab-529e-4855-ab72-a0138e2110c8", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-wh8g-3j2c-rqj5", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1928,6 +3073,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1939,6 +3100,22 @@ { "data": "2024-06-25T13:47:23Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1952,9 +3129,8 @@ } ], "source_location": {}, - "title": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "id": "GHSA-r3gr-cxrf-hg25", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1980,6 +3156,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1991,6 +3183,22 @@ { "data": "2024-03-15T00:14:44Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2004,9 +3212,8 @@ } ], "source_location": {}, - "title": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "id": "GHSA-jjjh-jjxp-wpff", - "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2031,6 +3238,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2042,6 +3265,22 @@ { "data": "2024-03-15T00:16:04Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2055,9 +3294,8 @@ } ], "source_location": {}, - "title": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-5949-rw7g-wx7w", - "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2082,6 +3320,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2093,6 +3347,22 @@ { "data": "2024-03-15T00:24:56Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2106,9 +3376,8 @@ } ], "source_location": {}, - "title": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", - "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2133,6 +3402,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2144,6 +3429,22 @@ { "data": "2024-03-15T00:31:24Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2157,9 +3458,8 @@ } ], "source_location": {}, - "title": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", - "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2186,15 +3486,47 @@ "descriptions": [ { "data": "", - "label": "Date created" + "label": "Detail" }, { - "data": "2020-03-04T20:52:11Z", + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, + { + "data": "", + "label": "Date created" + }, + { + "data": "2020-03-04T20:52:11Z", "label": "Date published" }, { "data": "2024-03-15T00:52:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2208,9 +3540,8 @@ } ], "source_location": {}, - "title": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "id": "GHSA-gww7-p5w4-wrfv", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2236,6 +3567,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2247,6 +3594,22 @@ { "data": "2024-03-24T05:01:05Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2260,9 +3623,8 @@ } ], "source_location": {}, - "title": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "id": "GHSA-rgv9-q543-rqg4", - "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2287,6 +3649,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2298,6 +3676,22 @@ { "data": "2024-07-03T21:10:31Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2311,9 +3705,8 @@ } ], "source_location": {}, - "title": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "id": "GHSA-fqwf-pjwf-7vqv", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2340,6 +3733,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2351,6 +3760,22 @@ { "data": "2023-01-09T05:02:18Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2364,9 +3789,8 @@ } ], "source_location": {}, - "title": "f2fa9b19-418a-4901-9840-a8631227701e", + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-8jpx-m2wh-2v34", - "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2393,6 +3817,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2404,6 +3844,22 @@ { "data": "2024-06-05T16:42:03Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2417,9 +3873,8 @@ } ], "source_location": {}, - "title": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-3mcp-9wr4-cjqf", - "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2446,6 +3901,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2457,6 +3928,22 @@ { "data": "2023-05-22T20:17:58Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2470,9 +3957,8 @@ } ], "source_location": {}, - "title": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "id": "GHSA-rvwf-54qp-4r6v", - "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2498,6 +3984,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2509,6 +4011,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2522,9 +4040,8 @@ } ], "source_location": {}, - "title": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "id": "GHSA-9w3m-gqgf-c4p9", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2550,6 +4067,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2561,6 +4094,22 @@ { "data": "2024-06-21T21:33:52Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2574,9 +4123,8 @@ } ], "source_location": {}, - "title": "5ab41975-23cc-45e0-9a13-be603ea00595", + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "id": "GHSA-w37g-rhq8-7m4j", - "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2602,6 +4150,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2613,6 +4177,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2626,9 +4206,8 @@ } ], "source_location": {}, - "title": "dff65990-715e-4f71-aace-60d4436af108", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-c4r9-r8fh-9vj2", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2654,6 +4233,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2665,6 +4260,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2678,9 +4289,8 @@ } ], "source_location": {}, - "title": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-hhhw-99gj-p3c3", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2706,6 +4316,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2717,8 +4343,24 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - } - ], + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" + } + ], "refs": [ { "ref": [ @@ -2730,9 +4372,8 @@ } ], "source_location": {}, - "title": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-98wm-3w3q-mw94", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2758,6 +4399,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2769,6 +4426,22 @@ { "data": "2024-03-15T19:06:46Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2782,9 +4455,8 @@ } ], "source_location": {}, - "title": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "id": "GHSA-3mc7-4q67-w48m", - "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2810,6 +4482,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2821,6 +4509,22 @@ { "data": "2024-06-24T21:22:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2834,9 +4538,8 @@ } ], "source_location": {}, - "title": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "id": "GHSA-mjmj-j48q-9wg2", - "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2861,6 +4564,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2872,6 +4591,22 @@ { "data": "2023-01-30T05:04:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2885,9 +4620,8 @@ } ], "source_location": {}, - "title": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "id": "GHSA-668q-qrv7-99fm", - "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2912,6 +4646,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2923,6 +4673,22 @@ { "data": "2023-12-05T21:31:13Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2936,9 +4702,8 @@ } ], "source_location": {}, - "title": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "id": "GHSA-vmq6-5m68-f53m", - "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2963,6 +4728,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2974,6 +4755,22 @@ { "data": "2023-02-01T05:05:09Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2987,9 +4784,8 @@ } ], "source_location": {}, - "title": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "id": "GHSA-m394-8rww-3jr7", - "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3014,6 +4810,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3025,6 +4837,22 @@ { "data": "2023-02-01T05:05:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3038,9 +4866,8 @@ } ], "source_location": {}, - "title": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "id": "GHSA-m6cp-vxjx-65j6", - "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3067,6 +4894,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3078,6 +4921,22 @@ { "data": "2023-09-26T11:11:47Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3091,9 +4950,8 @@ } ], "source_location": {}, - "title": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "id": "GHSA-26vr-8j45-3r4w", - "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3118,6 +4976,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3129,6 +5003,22 @@ { "data": "2023-11-06T05:01:53Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3142,9 +5032,8 @@ } ], "source_location": {}, - "title": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "id": "GHSA-p26g-97m4-6q7c", - "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3170,6 +5059,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3181,6 +5086,22 @@ { "data": "2023-11-06T05:02:06Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3194,9 +5115,8 @@ } ], "source_location": {}, - "title": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "id": "GHSA-qw69-rqj8-6qw8", - "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3221,6 +5141,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3232,6 +5168,22 @@ { "data": "2024-02-21T17:23:14Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3245,9 +5197,8 @@ } ], "source_location": {}, - "title": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "id": "GHSA-86wm-rrjm-8wh8", - "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3274,15 +5225,47 @@ "descriptions": [ { "data": "", - "label": "Date created" + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, + { + "data": "", + "label": "Date created" + }, + { + "data": "2022-07-07T20:55:34Z", + "label": "Date published" + }, + { + "data": "2023-01-29T05:06:01Z", + "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" }, { - "data": "2022-07-07T20:55:34Z", - "label": "Date published" + "data": "", + "label": "Tools" }, { - "data": "2023-01-29T05:06:01Z", - "label": "Date updated" + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3296,9 +5279,8 @@ } ], "source_location": {}, - "title": "c19b779d-2699-44de-a189-a0d18d8dc953", + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-cj7v-27pg-wf7q", - "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3325,6 +5307,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3336,6 +5334,22 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3349,9 +5363,8 @@ } ], "source_location": {}, - "title": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "id": "GHSA-hmr7-m48g-48f6", - "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3380,6 +5393,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3391,6 +5420,22 @@ { "data": "2023-11-27T23:07:53Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3404,9 +5449,8 @@ } ], "source_location": {}, - "title": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "id": "GHSA-g3wg-6mcf-8jj6", - "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3431,6 +5475,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3442,6 +5502,22 @@ { "data": "2023-09-05T22:39:32Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3455,9 +5531,8 @@ } ], "source_location": {}, - "title": "76910119-ee18-4144-855b-b2fdab20e33c", + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "id": "GHSA-58qw-p7qm-5rvh", - "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3482,6 +5557,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3493,6 +5584,22 @@ { "data": "2023-02-01T05:05:51Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3506,9 +5613,8 @@ } ], "source_location": {}, - "title": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "id": "GHSA-gwcr-j4wh-j3cq", - "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3535,6 +5641,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3546,6 +5668,22 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3559,9 +5697,8 @@ } ], "source_location": {}, - "title": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "id": "GHSA-3gh6-v5v9-6v9j", - "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3589,6 +5726,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3600,6 +5753,22 @@ { "data": "2023-02-01T05:04:50Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3613,9 +5782,8 @@ } ], "source_location": {}, - "title": "499117ae-d134-4505-8674-ed498531e7a9", + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "id": "GHSA-269g-pwp5-87pp", - "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3640,6 +5808,22 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3651,6 +5835,22 @@ { "data": "", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3663,9 +5863,8 @@ } ], "source_location": {}, - "title": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "title": "INT-f70z-tbpp-4o5d", "id": "INT-f70z-tbpp-4o5d", - "desc": "", "impact": 0.7, "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3690,6 +5889,22 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3701,6 +5916,22 @@ { "data": "", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3713,9 +5944,8 @@ } ], "source_location": {}, - "title": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "title": "testing", "id": "INT-63e3-49kp-blqt", - "desc": "testing", "impact": 0.3, "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3740,6 +5970,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3751,6 +5997,22 @@ { "data": "2024-06-27T16:39:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3764,9 +6026,8 @@ } ], "source_location": {}, - "title": "1f182b73-afb8-424c-8e08-533a0f702076", + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-j8jw-g6fq-mp7h", - "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3791,6 +6052,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3802,6 +6079,22 @@ { "data": "2024-06-27T18:05:49Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3815,9 +6108,8 @@ } ], "source_location": {}, - "title": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "id": "GHSA-8grg-q944-cch5", - "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3842,6 +6134,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3853,6 +6161,22 @@ { "data": "2023-01-27T05:02:30Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3866,9 +6190,8 @@ } ], "source_location": {}, - "title": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "id": "GHSA-hwj3-m3p6-hj38", - "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3893,6 +6216,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3904,6 +6243,22 @@ { "data": "2023-02-01T05:05:30Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3917,9 +6272,8 @@ } ], "source_location": {}, - "title": "8c0002e8-9326-40f7-9209-51020755ff02", + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "id": "GHSA-7r82-7xv7-xcpj", - "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3944,6 +6298,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3955,6 +6325,22 @@ { "data": "2023-01-27T05:02:46Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3968,9 +6354,8 @@ } ], "source_location": {}, - "title": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "id": "GHSA-jvfv-hrrc-6q72", - "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3996,6 +6381,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4007,6 +6408,22 @@ { "data": "2023-07-24T19:39:20Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4020,9 +6437,8 @@ } ], "source_location": {}, - "title": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-wgmr-mf83-7x4j", - "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4047,6 +6463,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4058,6 +6490,22 @@ { "data": "2024-06-21T21:34:00Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4071,9 +6519,8 @@ } ], "source_location": {}, - "title": "affa7af3-427f-4223-8028-d9ac45e80e08", + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "id": "GHSA-qppj-fm5r-hxr3", - "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4098,6 +6545,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4109,6 +6572,22 @@ { "data": "2024-05-02T18:38:19Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4122,9 +6601,8 @@ } ], "source_location": {}, - "title": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "id": "GHSA-rggv-cv7r-mw98", - "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4149,6 +6627,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4160,6 +6654,22 @@ { "data": "2024-06-21T21:33:57Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4173,9 +6683,8 @@ } ], "source_location": {}, - "title": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "id": "GHSA-wgh7-54f2-x98r", - "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4202,6 +6711,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4213,6 +6738,22 @@ { "data": "2023-01-09T05:03:38Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4226,9 +6767,8 @@ } ], "source_location": {}, - "title": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "id": "GHSA-w4g2-9hj6-5472", - "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4253,6 +6793,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4264,6 +6820,22 @@ { "data": "2023-11-05T05:04:23Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4277,9 +6849,8 @@ } ], "source_location": {}, - "title": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "id": "GHSA-mm8h-8587-p46h", - "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4304,6 +6875,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4315,6 +6902,22 @@ { "data": "2023-02-25T00:31:20Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4328,9 +6931,8 @@ } ], "source_location": {}, - "title": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", - "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4357,6 +6959,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4368,6 +6986,22 @@ { "data": "2023-08-18T15:47:05Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4381,9 +7015,8 @@ } ], "source_location": {}, - "title": "c8a50465-16df-44e0-84e9-7acff5870a51", + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", - "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -4396,7 +7029,7 @@ ] } ], - "sha256": "b90c78f4c0936df3350a3460489cbc98ebb18a6edc000f68bf7f9f951ba54404" + "sha256": "634176f45fdaa430d9bf26811cbb8ecff144bf927eef299c238008755c86fd62" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index af00fb91ff..dbde8ae29b 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -7,12 +7,10 @@ "statistics": {}, "profiles": [ { - "name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7", - "title": "test 9", + "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9 CycloneDX BOM Report", "version": "SNAPSHOT", - "maintainer": "", "description": "This is the project I want to use to generate data to understand the schema a bit better", - "license": "", "supports": [], "attributes": [], "groups": [], @@ -36,6 +34,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -47,6 +61,22 @@ { "data": "2023-11-09T18:44:38Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -60,9 +90,8 @@ } ], "source_location": {}, - "title": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "id": "GHSA-5mg8-w23w-74h3", - "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ @@ -90,6 +119,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -101,6 +146,22 @@ { "data": "2024-02-13T21:49:15Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -114,9 +175,8 @@ } ], "source_location": {}, - "title": "bb03c210-ea12-450d-85df-17d81a75ede2", + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "id": "GHSA-7g45-4rm6-3mm3", - "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ @@ -141,6 +201,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -152,6 +228,22 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -165,9 +257,8 @@ } ], "source_location": {}, - "title": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "id": "GHSA-5p34-5m6p-p58g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -192,6 +283,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -203,6 +310,22 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -216,9 +339,8 @@ } ], "source_location": {}, - "title": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "id": "GHSA-27xj-rqx5-2255", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -243,6 +365,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -254,6 +392,22 @@ { "data": "2023-02-01T05:03:03Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -267,9 +421,8 @@ } ], "source_location": {}, - "title": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "id": "GHSA-58pp-9c76-5625", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -294,6 +447,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -305,6 +474,22 @@ { "data": "2023-02-01T05:03:05Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -318,9 +503,8 @@ } ], "source_location": {}, - "title": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "id": "GHSA-v3xw-c963-f5hc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -345,6 +529,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -356,6 +556,22 @@ { "data": "2024-03-15T00:41:35Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -369,9 +585,8 @@ } ], "source_location": {}, - "title": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "id": "GHSA-h4rc-386g-6m85", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -396,6 +611,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -407,6 +638,22 @@ { "data": "2024-03-15T00:48:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -420,9 +667,8 @@ } ], "source_location": {}, - "title": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "id": "GHSA-9vvp-fxw6-jcxr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -447,6 +693,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -458,6 +720,22 @@ { "data": "2024-03-15T00:50:18Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -471,9 +749,8 @@ } ], "source_location": {}, - "title": "343cd240-f667-4770-aecf-ddc11f9d0172", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "id": "GHSA-rf6r-2c4q-2vwg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -498,6 +775,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -509,6 +802,22 @@ { "data": "2024-06-25T13:46:45Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -522,9 +831,8 @@ } ], "source_location": {}, - "title": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "id": "GHSA-758m-v56v-grj4", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -549,6 +857,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -560,9 +884,25 @@ { "data": "2024-07-03T21:10:50Z", "label": "Date updated" - } - ], - "refs": [ + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" + } + ], + "refs": [ { "ref": [ { @@ -573,9 +913,8 @@ } ], "source_location": {}, - "title": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "id": "GHSA-95cm-88f5-f2c7", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -600,6 +939,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -611,6 +966,22 @@ { "data": "2023-02-01T05:04:14Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -624,9 +995,8 @@ } ], "source_location": {}, - "title": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "id": "GHSA-c2q3-4qrh-fm48", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -651,6 +1021,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -662,6 +1048,22 @@ { "data": "2024-03-15T00:37:17Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -675,9 +1077,8 @@ } ], "source_location": {}, - "title": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "id": "GHSA-mc6h-4qgp-37qh", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -702,6 +1103,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -713,6 +1130,22 @@ { "data": "2024-03-15T00:39:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -726,9 +1159,8 @@ } ], "source_location": {}, - "title": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "id": "GHSA-j823-4qch-3rgm", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -753,6 +1185,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -764,6 +1212,22 @@ { "data": "2024-06-25T13:46:04Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -777,9 +1241,8 @@ } ], "source_location": {}, - "title": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "id": "GHSA-c265-37vj-cwcc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -804,6 +1267,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -815,6 +1294,22 @@ { "data": "2023-06-08T19:02:12Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -828,9 +1323,8 @@ } ], "source_location": {}, - "title": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "id": "GHSA-4w82-r329-3q67", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -855,6 +1349,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -866,6 +1376,22 @@ { "data": "2023-08-18T15:45:27Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -879,9 +1405,8 @@ } ], "source_location": {}, - "title": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "id": "GHSA-rpr3-cw39-3pxh", - "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -906,6 +1431,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -917,6 +1458,22 @@ { "data": "2023-09-14T14:55:20Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -930,9 +1487,8 @@ } ], "source_location": {}, - "title": "c037af59-a132-4727-8cc3-c6095c490df7", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "id": "GHSA-fmmc-742q-jg75", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -957,6 +1513,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -968,6 +1540,22 @@ { "data": "2023-09-14T14:55:25Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -981,9 +1569,8 @@ } ], "source_location": {}, - "title": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "id": "GHSA-gjmw-vf9h-g25v", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1008,6 +1595,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1019,6 +1622,22 @@ { "data": "2024-03-15T00:57:37Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1032,9 +1651,8 @@ } ], "source_location": {}, - "title": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "id": "GHSA-mx7p-6679-8g3q", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1059,6 +1677,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1070,6 +1704,22 @@ { "data": "2023-09-14T15:09:40Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1083,9 +1733,8 @@ } ], "source_location": {}, - "title": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "id": "GHSA-q93h-jc49-78gg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1112,15 +1761,47 @@ "descriptions": [ { "data": "", - "label": "Date created" + "label": "Detail" }, { - "data": "2020-05-15T18:59:01Z", + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, + { + "data": "", + "label": "Date created" + }, + { + "data": "2020-05-15T18:59:01Z", "label": "Date published" }, { "data": "2024-03-15T00:20:09Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1134,9 +1815,8 @@ } ], "source_location": {}, - "title": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "id": "GHSA-p43x-xfjf-5jhr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1162,6 +1842,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1173,6 +1869,22 @@ { "data": "2023-09-14T15:44:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1186,9 +1898,8 @@ } ], "source_location": {}, - "title": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "id": "GHSA-h3cw-g4mq-c5x2", - "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1213,6 +1924,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1224,6 +1951,22 @@ { "data": "2023-09-14T15:47:50Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1237,9 +1980,8 @@ } ], "source_location": {}, - "title": "3ad04380-a25c-41d8-8fad-259c2561795b", + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "id": "GHSA-qjw2-hr98-qgfh", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1264,6 +2006,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1275,6 +2033,22 @@ { "data": "2023-09-14T15:52:49Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1288,9 +2062,8 @@ } ], "source_location": {}, - "title": "86f78c35-adfb-48e4-9428-88084373e1c0", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "id": "GHSA-8w26-6f25-cm9x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1315,6 +2088,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1326,6 +2115,22 @@ { "data": "2023-09-14T15:53:30Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1339,9 +2144,8 @@ } ], "source_location": {}, - "title": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-m6x4-97wx-4q27", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1366,6 +2170,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1377,6 +2197,22 @@ { "data": "2023-09-14T15:59:33Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1390,9 +2226,8 @@ } ], "source_location": {}, - "title": "00033bff-66dc-4a36-ab38-a10b0625409f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "id": "GHSA-v585-23hc-c647", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1417,6 +2252,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1428,6 +2279,22 @@ { "data": "2023-09-14T16:01:31Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1441,9 +2308,8 @@ } ], "source_location": {}, - "title": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "id": "GHSA-r695-7vr9-jgc2", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1468,6 +2334,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1479,6 +2361,22 @@ { "data": "2023-09-14T16:04:22Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1492,9 +2390,8 @@ } ], "source_location": {}, - "title": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "id": "GHSA-vfqx-33qm-g869", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1519,6 +2416,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1530,6 +2443,22 @@ { "data": "2023-09-14T16:04:22Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1543,9 +2472,8 @@ } ], "source_location": {}, - "title": "5201940b-1f04-4668-ae86-8261448d817d", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "id": "GHSA-f9xh-2qgp-cq57", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1570,6 +2498,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1581,6 +2525,22 @@ { "data": "2023-09-14T16:07:00Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1594,9 +2554,8 @@ } ], "source_location": {}, - "title": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-cvm9-fjm9-3572", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1621,6 +2580,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1632,8 +2607,24 @@ { "data": "2023-09-14T16:07:40Z", "label": "Date updated" - } - ], + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" + } + ], "refs": [ { "ref": [ @@ -1645,9 +2636,8 @@ } ], "source_location": {}, - "title": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-9gph-22xh-8x98", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1672,6 +2662,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1683,6 +2689,22 @@ { "data": "2023-09-14T16:08:37Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1696,9 +2718,8 @@ } ], "source_location": {}, - "title": "950cff67-088e-4f41-9818-25943c9e17c0", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-89qr-369f-5m5x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1723,6 +2744,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1734,6 +2771,22 @@ { "data": "2023-09-14T16:13:01Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1747,9 +2800,8 @@ } ], "source_location": {}, - "title": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1774,6 +2826,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1785,6 +2853,22 @@ { "data": "2023-09-14T16:15:44Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1798,9 +2882,8 @@ } ], "source_location": {}, - "title": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "id": "GHSA-9m6f-7xcq-8vf8", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1825,6 +2908,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1836,6 +2935,22 @@ { "data": "2023-11-21T11:40:53Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1849,9 +2964,8 @@ } ], "source_location": {}, - "title": "6d5189b4-d549-419a-b886-43a62cc43d40", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "id": "GHSA-5r5r-6hpj-8gg9", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1876,6 +2990,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1887,6 +3017,22 @@ { "data": "2024-03-15T00:28:08Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1900,9 +3046,8 @@ } ], "source_location": {}, - "title": "135c6dab-529e-4855-ab72-a0138e2110c8", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-wh8g-3j2c-rqj5", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1928,6 +3073,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1939,6 +3100,22 @@ { "data": "2024-06-25T13:47:23Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1952,9 +3129,8 @@ } ], "source_location": {}, - "title": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "id": "GHSA-r3gr-cxrf-hg25", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1980,6 +3156,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1991,6 +3183,22 @@ { "data": "2024-03-15T00:14:44Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2004,9 +3212,8 @@ } ], "source_location": {}, - "title": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "id": "GHSA-jjjh-jjxp-wpff", - "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2031,6 +3238,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2042,6 +3265,22 @@ { "data": "2024-03-15T00:16:04Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2055,9 +3294,8 @@ } ], "source_location": {}, - "title": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-5949-rw7g-wx7w", - "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2082,6 +3320,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2093,6 +3347,22 @@ { "data": "2024-03-15T00:24:56Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2106,9 +3376,8 @@ } ], "source_location": {}, - "title": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", - "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2133,6 +3402,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2144,6 +3429,22 @@ { "data": "2024-03-15T00:31:24Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2157,9 +3458,8 @@ } ], "source_location": {}, - "title": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", - "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2184,17 +3484,49 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" }, { - "data": "2020-03-04T20:52:11Z", - "label": "Date published" + "data": "2020-03-04T20:52:11Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:52:59Z", + "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" }, { - "data": "2024-03-15T00:52:59Z", - "label": "Date updated" + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2208,9 +3540,8 @@ } ], "source_location": {}, - "title": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "id": "GHSA-gww7-p5w4-wrfv", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2236,6 +3567,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2247,6 +3594,22 @@ { "data": "2024-03-24T05:01:05Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2260,9 +3623,8 @@ } ], "source_location": {}, - "title": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "id": "GHSA-rgv9-q543-rqg4", - "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2287,6 +3649,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2298,6 +3676,22 @@ { "data": "2024-07-03T21:10:31Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2311,9 +3705,8 @@ } ], "source_location": {}, - "title": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "id": "GHSA-fqwf-pjwf-7vqv", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2340,6 +3733,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2351,6 +3760,22 @@ { "data": "2023-01-09T05:02:18Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2364,9 +3789,8 @@ } ], "source_location": {}, - "title": "f2fa9b19-418a-4901-9840-a8631227701e", + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-8jpx-m2wh-2v34", - "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ @@ -2393,6 +3817,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2404,6 +3844,22 @@ { "data": "2024-06-05T16:42:03Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2417,9 +3873,8 @@ } ], "source_location": {}, - "title": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-3mcp-9wr4-cjqf", - "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ @@ -2446,6 +3901,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2457,6 +3928,22 @@ { "data": "2023-05-22T20:17:58Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2470,9 +3957,8 @@ } ], "source_location": {}, - "title": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "id": "GHSA-rvwf-54qp-4r6v", - "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2498,6 +3984,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2509,6 +4011,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2522,9 +4040,8 @@ } ], "source_location": {}, - "title": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "id": "GHSA-9w3m-gqgf-c4p9", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2550,6 +4067,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2561,6 +4094,22 @@ { "data": "2024-06-21T21:33:52Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2574,9 +4123,8 @@ } ], "source_location": {}, - "title": "5ab41975-23cc-45e0-9a13-be603ea00595", + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "id": "GHSA-w37g-rhq8-7m4j", - "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2602,6 +4150,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2613,6 +4177,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2626,9 +4206,8 @@ } ], "source_location": {}, - "title": "dff65990-715e-4f71-aace-60d4436af108", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-c4r9-r8fh-9vj2", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2654,6 +4233,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2665,6 +4260,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2678,9 +4289,8 @@ } ], "source_location": {}, - "title": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-hhhw-99gj-p3c3", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2706,6 +4316,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2717,6 +4343,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2730,9 +4372,8 @@ } ], "source_location": {}, - "title": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-98wm-3w3q-mw94", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2758,6 +4399,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2769,6 +4426,22 @@ { "data": "2024-03-15T19:06:46Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2782,9 +4455,8 @@ } ], "source_location": {}, - "title": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "id": "GHSA-3mc7-4q67-w48m", - "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2810,6 +4482,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2821,6 +4509,22 @@ { "data": "2024-06-24T21:22:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2834,9 +4538,8 @@ } ], "source_location": {}, - "title": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "id": "GHSA-mjmj-j48q-9wg2", - "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2861,6 +4564,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2872,6 +4591,22 @@ { "data": "2023-01-30T05:04:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2885,9 +4620,8 @@ } ], "source_location": {}, - "title": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "id": "GHSA-668q-qrv7-99fm", - "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ @@ -2912,6 +4646,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2923,6 +4673,22 @@ { "data": "2023-12-05T21:31:13Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2936,9 +4702,8 @@ } ], "source_location": {}, - "title": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "id": "GHSA-vmq6-5m68-f53m", - "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ @@ -2969,6 +4734,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2980,6 +4761,22 @@ { "data": "2023-02-01T05:05:09Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2993,9 +4790,8 @@ } ], "source_location": {}, - "title": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "id": "GHSA-m394-8rww-3jr7", - "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -3020,6 +4816,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3031,6 +4843,22 @@ { "data": "2023-02-01T05:05:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3044,9 +4872,8 @@ } ], "source_location": {}, - "title": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "id": "GHSA-m6cp-vxjx-65j6", - "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -3073,6 +4900,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3084,6 +4927,22 @@ { "data": "2023-09-26T11:11:47Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3097,9 +4956,8 @@ } ], "source_location": {}, - "title": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "id": "GHSA-26vr-8j45-3r4w", - "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -3124,6 +4982,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3135,6 +5009,22 @@ { "data": "2023-11-06T05:01:53Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3148,9 +5038,8 @@ } ], "source_location": {}, - "title": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "id": "GHSA-p26g-97m4-6q7c", - "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -3176,6 +5065,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3187,6 +5092,22 @@ { "data": "2023-11-06T05:02:06Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3200,9 +5121,8 @@ } ], "source_location": {}, - "title": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "id": "GHSA-qw69-rqj8-6qw8", - "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -3227,6 +5147,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3238,6 +5174,22 @@ { "data": "2024-02-21T17:23:14Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3251,9 +5203,8 @@ } ], "source_location": {}, - "title": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "id": "GHSA-86wm-rrjm-8wh8", - "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -3280,15 +5231,47 @@ "descriptions": [ { "data": "", - "label": "Date created" + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, + { + "data": "", + "label": "Date created" + }, + { + "data": "2022-07-07T20:55:34Z", + "label": "Date published" + }, + { + "data": "2023-01-29T05:06:01Z", + "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" }, { - "data": "2022-07-07T20:55:34Z", - "label": "Date published" + "data": "", + "label": "Tools" }, { - "data": "2023-01-29T05:06:01Z", - "label": "Date updated" + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3302,9 +5285,8 @@ } ], "source_location": {}, - "title": "c19b779d-2699-44de-a189-a0d18d8dc953", + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-cj7v-27pg-wf7q", - "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ @@ -3331,6 +5313,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3342,6 +5340,22 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3355,9 +5369,8 @@ } ], "source_location": {}, - "title": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "id": "GHSA-hmr7-m48g-48f6", - "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ @@ -3386,6 +5399,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3397,6 +5426,22 @@ { "data": "2023-11-27T23:07:53Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3410,9 +5455,8 @@ } ], "source_location": {}, - "title": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "id": "GHSA-g3wg-6mcf-8jj6", - "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ]\n}", "results": [ @@ -3437,6 +5481,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3448,6 +5508,22 @@ { "data": "2023-09-05T22:39:32Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3461,9 +5537,8 @@ } ], "source_location": {}, - "title": "76910119-ee18-4144-855b-b2fdab20e33c", + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "id": "GHSA-58qw-p7qm-5rvh", - "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ]\n}", "results": [ @@ -3488,6 +5563,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3499,6 +5590,22 @@ { "data": "2023-02-01T05:05:51Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3512,9 +5619,8 @@ } ], "source_location": {}, - "title": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "id": "GHSA-gwcr-j4wh-j3cq", - "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ @@ -3541,6 +5647,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3552,6 +5674,22 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3565,9 +5703,8 @@ } ], "source_location": {}, - "title": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "id": "GHSA-3gh6-v5v9-6v9j", - "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ @@ -3595,6 +5732,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3606,6 +5759,22 @@ { "data": "2023-02-01T05:04:50Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3619,9 +5788,8 @@ } ], "source_location": {}, - "title": "499117ae-d134-4505-8674-ed498531e7a9", + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "id": "GHSA-269g-pwp5-87pp", - "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ]\n}", "results": [ @@ -3646,6 +5814,22 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3657,6 +5841,22 @@ { "data": "", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3669,9 +5869,8 @@ } ], "source_location": {}, - "title": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "title": "INT-f70z-tbpp-4o5d", "id": "INT-f70z-tbpp-4o5d", - "desc": "", "impact": 0.7, "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", "results": [ @@ -3696,6 +5895,22 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3707,6 +5922,22 @@ { "data": "", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3719,9 +5950,8 @@ } ], "source_location": {}, - "title": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "title": "testing", "id": "INT-63e3-49kp-blqt", - "desc": "testing", "impact": 0.3, "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", "results": [ @@ -3746,6 +5976,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3757,6 +6003,22 @@ { "data": "2024-06-27T16:39:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3770,9 +6032,8 @@ } ], "source_location": {}, - "title": "1f182b73-afb8-424c-8e08-533a0f702076", + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-j8jw-g6fq-mp7h", - "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ @@ -3797,6 +6058,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3808,6 +6085,22 @@ { "data": "2024-06-27T18:05:49Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3821,9 +6114,8 @@ } ], "source_location": {}, - "title": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "id": "GHSA-8grg-q944-cch5", - "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ @@ -3848,6 +6140,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3859,6 +6167,22 @@ { "data": "2023-01-27T05:02:30Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3872,9 +6196,8 @@ } ], "source_location": {}, - "title": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "id": "GHSA-hwj3-m3p6-hj38", - "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ]\n}", "results": [ @@ -3899,6 +6222,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3910,6 +6249,22 @@ { "data": "2023-02-01T05:05:30Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3923,9 +6278,8 @@ } ], "source_location": {}, - "title": "8c0002e8-9326-40f7-9209-51020755ff02", + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "id": "GHSA-7r82-7xv7-xcpj", - "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ]\n}", "results": [ @@ -3950,6 +6304,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3961,6 +6331,22 @@ { "data": "2023-01-27T05:02:46Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3974,9 +6360,8 @@ } ], "source_location": {}, - "title": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "id": "GHSA-jvfv-hrrc-6q72", - "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ]\n}", "results": [ @@ -4002,6 +6387,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4013,6 +6414,22 @@ { "data": "2023-07-24T19:39:20Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4026,9 +6443,8 @@ } ], "source_location": {}, - "title": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-wgmr-mf83-7x4j", - "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ @@ -4053,6 +6469,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4064,6 +6496,22 @@ { "data": "2024-06-21T21:34:00Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4077,9 +6525,8 @@ } ], "source_location": {}, - "title": "affa7af3-427f-4223-8028-d9ac45e80e08", + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "id": "GHSA-qppj-fm5r-hxr3", - "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ @@ -4110,6 +6557,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4121,6 +6584,22 @@ { "data": "2024-05-02T18:38:19Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4134,9 +6613,8 @@ } ], "source_location": {}, - "title": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "id": "GHSA-rggv-cv7r-mw98", - "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ]\n}", "results": [ @@ -4161,6 +6639,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4172,6 +6666,22 @@ { "data": "2024-06-21T21:33:57Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4185,9 +6695,8 @@ } ], "source_location": {}, - "title": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "id": "GHSA-wgh7-54f2-x98r", - "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ]\n}", "results": [ @@ -4214,6 +6723,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4225,6 +6750,22 @@ { "data": "2023-01-09T05:03:38Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4238,9 +6779,8 @@ } ], "source_location": {}, - "title": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "id": "GHSA-w4g2-9hj6-5472", - "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ @@ -4265,6 +6805,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4276,6 +6832,22 @@ { "data": "2023-11-05T05:04:23Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4289,9 +6861,8 @@ } ], "source_location": {}, - "title": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "id": "GHSA-mm8h-8587-p46h", - "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ @@ -4316,6 +6887,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4327,6 +6914,22 @@ { "data": "2023-02-25T00:31:20Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4340,9 +6943,8 @@ } ], "source_location": {}, - "title": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", - "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ @@ -4369,6 +6971,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4380,6 +6998,22 @@ { "data": "2023-08-18T15:47:05Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4393,9 +7027,8 @@ } ], "source_location": {}, - "title": "c8a50465-16df-44e0-84e9-7acff5870a51", + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", - "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ @@ -4408,7 +7041,7 @@ ] } ], - "sha256": "fd192eaedaa13c9ad50248bfc57c44535dd8fe55aad9fa822e260b46976959a5" + "sha256": "25bf90c037c3f0f51691592616b392c99d564773fcb3c5416e41fbf6af2fd389" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index a95982532e..2870e99dda 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -7,12 +7,10 @@ "statistics": {}, "profiles": [ { - "name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7", - "title": "test 9", + "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9 CycloneDX BOM Report", "version": "SNAPSHOT", - "maintainer": "", "description": "This is the project I want to use to generate data to understand the schema a bit better", - "license": "", "supports": [], "attributes": [], "groups": [], @@ -36,6 +34,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -47,6 +61,22 @@ { "data": "2023-11-09T18:44:38Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -60,9 +90,8 @@ } ], "source_location": {}, - "title": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "id": "GHSA-5mg8-w23w-74h3", - "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ @@ -90,6 +119,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -101,6 +146,22 @@ { "data": "2024-02-13T21:49:15Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -114,9 +175,8 @@ } ], "source_location": {}, - "title": "bb03c210-ea12-450d-85df-17d81a75ede2", + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "id": "GHSA-7g45-4rm6-3mm3", - "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ @@ -141,6 +201,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -152,6 +228,22 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -165,9 +257,8 @@ } ], "source_location": {}, - "title": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "id": "GHSA-5p34-5m6p-p58g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -192,6 +283,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -203,6 +310,22 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -216,9 +339,8 @@ } ], "source_location": {}, - "title": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "id": "GHSA-27xj-rqx5-2255", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -243,6 +365,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -254,6 +392,22 @@ { "data": "2023-02-01T05:03:03Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -267,9 +421,8 @@ } ], "source_location": {}, - "title": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "id": "GHSA-58pp-9c76-5625", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -294,6 +447,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -305,6 +474,22 @@ { "data": "2023-02-01T05:03:05Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -318,9 +503,8 @@ } ], "source_location": {}, - "title": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "id": "GHSA-v3xw-c963-f5hc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -345,6 +529,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -356,6 +556,22 @@ { "data": "2024-03-15T00:41:35Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -369,9 +585,8 @@ } ], "source_location": {}, - "title": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "id": "GHSA-h4rc-386g-6m85", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -396,6 +611,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -407,6 +638,22 @@ { "data": "2024-03-15T00:48:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -420,9 +667,8 @@ } ], "source_location": {}, - "title": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "id": "GHSA-9vvp-fxw6-jcxr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -447,6 +693,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -458,6 +720,22 @@ { "data": "2024-03-15T00:50:18Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -471,9 +749,8 @@ } ], "source_location": {}, - "title": "343cd240-f667-4770-aecf-ddc11f9d0172", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "id": "GHSA-rf6r-2c4q-2vwg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -498,6 +775,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -509,6 +802,22 @@ { "data": "2024-06-25T13:46:45Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -522,9 +831,8 @@ } ], "source_location": {}, - "title": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "id": "GHSA-758m-v56v-grj4", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -549,6 +857,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -560,9 +884,25 @@ { "data": "2024-07-03T21:10:50Z", "label": "Date updated" - } - ], - "refs": [ + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" + } + ], + "refs": [ { "ref": [ { @@ -573,9 +913,8 @@ } ], "source_location": {}, - "title": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "id": "GHSA-95cm-88f5-f2c7", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -600,6 +939,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -611,6 +966,22 @@ { "data": "2023-02-01T05:04:14Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -624,9 +995,8 @@ } ], "source_location": {}, - "title": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "id": "GHSA-c2q3-4qrh-fm48", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -651,6 +1021,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -662,6 +1048,22 @@ { "data": "2024-03-15T00:37:17Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -675,9 +1077,8 @@ } ], "source_location": {}, - "title": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "id": "GHSA-mc6h-4qgp-37qh", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -702,6 +1103,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -713,6 +1130,22 @@ { "data": "2024-03-15T00:39:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -726,9 +1159,8 @@ } ], "source_location": {}, - "title": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "id": "GHSA-j823-4qch-3rgm", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -753,6 +1185,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -764,6 +1212,22 @@ { "data": "2024-06-25T13:46:04Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -777,9 +1241,8 @@ } ], "source_location": {}, - "title": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "id": "GHSA-c265-37vj-cwcc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -804,6 +1267,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -815,6 +1294,22 @@ { "data": "2023-06-08T19:02:12Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -828,9 +1323,8 @@ } ], "source_location": {}, - "title": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "id": "GHSA-4w82-r329-3q67", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -855,6 +1349,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -866,6 +1376,22 @@ { "data": "2023-08-18T15:45:27Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -879,9 +1405,8 @@ } ], "source_location": {}, - "title": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "id": "GHSA-rpr3-cw39-3pxh", - "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -906,6 +1431,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -917,6 +1458,22 @@ { "data": "2023-09-14T14:55:20Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -930,9 +1487,8 @@ } ], "source_location": {}, - "title": "c037af59-a132-4727-8cc3-c6095c490df7", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "id": "GHSA-fmmc-742q-jg75", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -957,6 +1513,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -968,6 +1540,22 @@ { "data": "2023-09-14T14:55:25Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -981,9 +1569,8 @@ } ], "source_location": {}, - "title": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "id": "GHSA-gjmw-vf9h-g25v", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1008,6 +1595,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1019,6 +1622,22 @@ { "data": "2024-03-15T00:57:37Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1032,9 +1651,8 @@ } ], "source_location": {}, - "title": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "id": "GHSA-mx7p-6679-8g3q", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1059,6 +1677,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1070,6 +1704,22 @@ { "data": "2023-09-14T15:09:40Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1083,9 +1733,8 @@ } ], "source_location": {}, - "title": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "id": "GHSA-q93h-jc49-78gg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1112,15 +1761,47 @@ "descriptions": [ { "data": "", - "label": "Date created" + "label": "Detail" }, { - "data": "2020-05-15T18:59:01Z", + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, + { + "data": "", + "label": "Date created" + }, + { + "data": "2020-05-15T18:59:01Z", "label": "Date published" }, { "data": "2024-03-15T00:20:09Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1134,9 +1815,8 @@ } ], "source_location": {}, - "title": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "id": "GHSA-p43x-xfjf-5jhr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1162,6 +1842,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1173,6 +1869,22 @@ { "data": "2023-09-14T15:44:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1186,9 +1898,8 @@ } ], "source_location": {}, - "title": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "id": "GHSA-h3cw-g4mq-c5x2", - "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1213,6 +1924,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1224,6 +1951,22 @@ { "data": "2023-09-14T15:47:50Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1237,9 +1980,8 @@ } ], "source_location": {}, - "title": "3ad04380-a25c-41d8-8fad-259c2561795b", + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "id": "GHSA-qjw2-hr98-qgfh", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1264,6 +2006,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1275,6 +2033,22 @@ { "data": "2023-09-14T15:52:49Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1288,9 +2062,8 @@ } ], "source_location": {}, - "title": "86f78c35-adfb-48e4-9428-88084373e1c0", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "id": "GHSA-8w26-6f25-cm9x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1315,6 +2088,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1326,6 +2115,22 @@ { "data": "2023-09-14T15:53:30Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1339,9 +2144,8 @@ } ], "source_location": {}, - "title": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-m6x4-97wx-4q27", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1366,6 +2170,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1377,6 +2197,22 @@ { "data": "2023-09-14T15:59:33Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1390,9 +2226,8 @@ } ], "source_location": {}, - "title": "00033bff-66dc-4a36-ab38-a10b0625409f", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "id": "GHSA-v585-23hc-c647", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1417,6 +2252,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1428,6 +2279,22 @@ { "data": "2023-09-14T16:01:31Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1441,9 +2308,8 @@ } ], "source_location": {}, - "title": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "id": "GHSA-r695-7vr9-jgc2", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1468,6 +2334,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1479,6 +2361,22 @@ { "data": "2023-09-14T16:04:22Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1492,9 +2390,8 @@ } ], "source_location": {}, - "title": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "id": "GHSA-vfqx-33qm-g869", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1519,6 +2416,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1530,6 +2443,22 @@ { "data": "2023-09-14T16:04:22Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1543,9 +2472,8 @@ } ], "source_location": {}, - "title": "5201940b-1f04-4668-ae86-8261448d817d", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "id": "GHSA-f9xh-2qgp-cq57", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1570,6 +2498,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1581,6 +2525,22 @@ { "data": "2023-09-14T16:07:00Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1594,9 +2554,8 @@ } ], "source_location": {}, - "title": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-cvm9-fjm9-3572", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1621,6 +2580,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1632,8 +2607,24 @@ { "data": "2023-09-14T16:07:40Z", "label": "Date updated" - } - ], + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" + } + ], "refs": [ { "ref": [ @@ -1645,9 +2636,8 @@ } ], "source_location": {}, - "title": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-9gph-22xh-8x98", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1672,6 +2662,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1683,6 +2689,22 @@ { "data": "2023-09-14T16:08:37Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1696,9 +2718,8 @@ } ], "source_location": {}, - "title": "950cff67-088e-4f41-9818-25943c9e17c0", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-89qr-369f-5m5x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1723,6 +2744,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1734,6 +2771,22 @@ { "data": "2023-09-14T16:13:01Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1747,9 +2800,8 @@ } ], "source_location": {}, - "title": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1774,6 +2826,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1785,6 +2853,22 @@ { "data": "2023-09-14T16:15:44Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1798,9 +2882,8 @@ } ], "source_location": {}, - "title": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "id": "GHSA-9m6f-7xcq-8vf8", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1825,6 +2908,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1836,6 +2935,22 @@ { "data": "2023-11-21T11:40:53Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1849,9 +2964,8 @@ } ], "source_location": {}, - "title": "6d5189b4-d549-419a-b886-43a62cc43d40", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "id": "GHSA-5r5r-6hpj-8gg9", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1876,6 +2990,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1887,6 +3017,22 @@ { "data": "2024-03-15T00:28:08Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1900,9 +3046,8 @@ } ], "source_location": {}, - "title": "135c6dab-529e-4855-ab72-a0138e2110c8", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-wh8g-3j2c-rqj5", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1928,6 +3073,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1939,6 +3100,22 @@ { "data": "2024-06-25T13:47:23Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -1952,9 +3129,8 @@ } ], "source_location": {}, - "title": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "id": "GHSA-r3gr-cxrf-hg25", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1980,6 +3156,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -1991,6 +3183,22 @@ { "data": "2024-03-15T00:14:44Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2004,9 +3212,8 @@ } ], "source_location": {}, - "title": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "id": "GHSA-jjjh-jjxp-wpff", - "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2031,6 +3238,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2042,6 +3265,22 @@ { "data": "2024-03-15T00:16:04Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2055,9 +3294,8 @@ } ], "source_location": {}, - "title": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-5949-rw7g-wx7w", - "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2082,6 +3320,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2093,6 +3347,22 @@ { "data": "2024-03-15T00:24:56Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2106,9 +3376,8 @@ } ], "source_location": {}, - "title": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", - "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2133,6 +3402,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2144,6 +3429,22 @@ { "data": "2024-03-15T00:31:24Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2157,9 +3458,8 @@ } ], "source_location": {}, - "title": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", - "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2184,17 +3484,49 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" }, { - "data": "2020-03-04T20:52:11Z", - "label": "Date published" + "data": "2020-03-04T20:52:11Z", + "label": "Date published" + }, + { + "data": "2024-03-15T00:52:59Z", + "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" }, { - "data": "2024-03-15T00:52:59Z", - "label": "Date updated" + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2208,9 +3540,8 @@ } ], "source_location": {}, - "title": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "id": "GHSA-gww7-p5w4-wrfv", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2236,6 +3567,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2247,6 +3594,22 @@ { "data": "2024-03-24T05:01:05Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2260,9 +3623,8 @@ } ], "source_location": {}, - "title": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "id": "GHSA-rgv9-q543-rqg4", - "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2287,6 +3649,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2298,6 +3676,22 @@ { "data": "2024-07-03T21:10:31Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2311,9 +3705,8 @@ } ], "source_location": {}, - "title": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "id": "GHSA-fqwf-pjwf-7vqv", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2340,6 +3733,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2351,6 +3760,22 @@ { "data": "2023-01-09T05:02:18Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2364,9 +3789,8 @@ } ], "source_location": {}, - "title": "f2fa9b19-418a-4901-9840-a8631227701e", + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-8jpx-m2wh-2v34", - "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ @@ -2393,6 +3817,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2404,6 +3844,22 @@ { "data": "2024-06-05T16:42:03Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2417,9 +3873,8 @@ } ], "source_location": {}, - "title": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-3mcp-9wr4-cjqf", - "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ @@ -2446,6 +3901,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2457,6 +3928,22 @@ { "data": "2023-05-22T20:17:58Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2470,9 +3957,8 @@ } ], "source_location": {}, - "title": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "id": "GHSA-rvwf-54qp-4r6v", - "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2498,6 +3984,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2509,6 +4011,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2522,9 +4040,8 @@ } ], "source_location": {}, - "title": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "id": "GHSA-9w3m-gqgf-c4p9", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2550,6 +4067,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2561,6 +4094,22 @@ { "data": "2024-06-21T21:33:52Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2574,9 +4123,8 @@ } ], "source_location": {}, - "title": "5ab41975-23cc-45e0-9a13-be603ea00595", + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "id": "GHSA-w37g-rhq8-7m4j", - "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2602,6 +4150,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2613,6 +4177,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2626,9 +4206,8 @@ } ], "source_location": {}, - "title": "dff65990-715e-4f71-aace-60d4436af108", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-c4r9-r8fh-9vj2", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2654,6 +4233,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2665,6 +4260,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2678,9 +4289,8 @@ } ], "source_location": {}, - "title": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-hhhw-99gj-p3c3", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2706,6 +4316,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2717,6 +4343,22 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2730,9 +4372,8 @@ } ], "source_location": {}, - "title": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-98wm-3w3q-mw94", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2758,6 +4399,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2769,6 +4426,22 @@ { "data": "2024-03-15T19:06:46Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2782,9 +4455,8 @@ } ], "source_location": {}, - "title": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "id": "GHSA-3mc7-4q67-w48m", - "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2810,6 +4482,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2821,6 +4509,22 @@ { "data": "2024-06-24T21:22:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2834,9 +4538,8 @@ } ], "source_location": {}, - "title": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "id": "GHSA-mjmj-j48q-9wg2", - "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2861,6 +4564,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2872,6 +4591,22 @@ { "data": "2023-01-30T05:04:55Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2885,9 +4620,8 @@ } ], "source_location": {}, - "title": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "id": "GHSA-668q-qrv7-99fm", - "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ @@ -2912,6 +4646,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2923,6 +4673,22 @@ { "data": "2023-12-05T21:31:13Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2936,9 +4702,8 @@ } ], "source_location": {}, - "title": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "id": "GHSA-vmq6-5m68-f53m", - "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ @@ -2969,6 +4734,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -2980,6 +4761,22 @@ { "data": "2023-02-01T05:05:09Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -2993,9 +4790,8 @@ } ], "source_location": {}, - "title": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "id": "GHSA-m394-8rww-3jr7", - "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -3020,6 +4816,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3031,6 +4843,22 @@ { "data": "2023-02-01T05:05:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3044,9 +4872,8 @@ } ], "source_location": {}, - "title": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "id": "GHSA-m6cp-vxjx-65j6", - "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -3073,6 +4900,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3084,6 +4927,22 @@ { "data": "2023-09-26T11:11:47Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3097,9 +4956,8 @@ } ], "source_location": {}, - "title": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "id": "GHSA-26vr-8j45-3r4w", - "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -3124,6 +4982,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3135,6 +5009,22 @@ { "data": "2023-11-06T05:01:53Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3148,9 +5038,8 @@ } ], "source_location": {}, - "title": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "id": "GHSA-p26g-97m4-6q7c", - "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -3176,6 +5065,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3187,6 +5092,22 @@ { "data": "2023-11-06T05:02:06Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3200,9 +5121,8 @@ } ], "source_location": {}, - "title": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "id": "GHSA-qw69-rqj8-6qw8", - "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -3227,6 +5147,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3238,6 +5174,22 @@ { "data": "2024-02-21T17:23:14Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3251,9 +5203,8 @@ } ], "source_location": {}, - "title": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "id": "GHSA-86wm-rrjm-8wh8", - "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -3280,15 +5231,47 @@ "descriptions": [ { "data": "", - "label": "Date created" + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, + { + "data": "", + "label": "Date created" + }, + { + "data": "2022-07-07T20:55:34Z", + "label": "Date published" + }, + { + "data": "2023-01-29T05:06:01Z", + "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" }, { - "data": "2022-07-07T20:55:34Z", - "label": "Date published" + "data": "", + "label": "Tools" }, { - "data": "2023-01-29T05:06:01Z", - "label": "Date updated" + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3302,9 +5285,8 @@ } ], "source_location": {}, - "title": "c19b779d-2699-44de-a189-a0d18d8dc953", + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-cj7v-27pg-wf7q", - "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ @@ -3331,6 +5313,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3342,6 +5340,22 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3355,9 +5369,8 @@ } ], "source_location": {}, - "title": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "id": "GHSA-hmr7-m48g-48f6", - "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ @@ -3386,6 +5399,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3397,6 +5426,22 @@ { "data": "2023-11-27T23:07:53Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3410,9 +5455,8 @@ } ], "source_location": {}, - "title": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "id": "GHSA-g3wg-6mcf-8jj6", - "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ]\n}", "results": [ @@ -3437,6 +5481,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3448,6 +5508,22 @@ { "data": "2023-09-05T22:39:32Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3461,9 +5537,8 @@ } ], "source_location": {}, - "title": "76910119-ee18-4144-855b-b2fdab20e33c", + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "id": "GHSA-58qw-p7qm-5rvh", - "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ]\n}", "results": [ @@ -3488,6 +5563,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3499,6 +5590,22 @@ { "data": "2023-02-01T05:05:51Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3512,9 +5619,8 @@ } ], "source_location": {}, - "title": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "id": "GHSA-gwcr-j4wh-j3cq", - "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ @@ -3541,6 +5647,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3552,6 +5674,22 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3565,9 +5703,8 @@ } ], "source_location": {}, - "title": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "id": "GHSA-3gh6-v5v9-6v9j", - "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ @@ -3595,6 +5732,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3606,6 +5759,22 @@ { "data": "2023-02-01T05:04:50Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3619,9 +5788,8 @@ } ], "source_location": {}, - "title": "499117ae-d134-4505-8674-ed498531e7a9", + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "id": "GHSA-269g-pwp5-87pp", - "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ]\n}", "results": [ @@ -3646,6 +5814,22 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3657,6 +5841,22 @@ { "data": "", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3669,9 +5869,8 @@ } ], "source_location": {}, - "title": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "title": "INT-f70z-tbpp-4o5d", "id": "INT-f70z-tbpp-4o5d", - "desc": "", "impact": 0.7, "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", "results": [ @@ -3696,6 +5895,22 @@ "cwe": [] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3707,6 +5922,22 @@ { "data": "", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3719,9 +5950,8 @@ } ], "source_location": {}, - "title": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "title": "testing", "id": "INT-63e3-49kp-blqt", - "desc": "testing", "impact": 0.3, "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", "results": [ @@ -3746,6 +5976,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3757,6 +6003,22 @@ { "data": "2024-06-27T16:39:59Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3770,9 +6032,8 @@ } ], "source_location": {}, - "title": "1f182b73-afb8-424c-8e08-533a0f702076", + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-j8jw-g6fq-mp7h", - "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ @@ -3797,6 +6058,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3808,6 +6085,22 @@ { "data": "2024-06-27T18:05:49Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3821,9 +6114,8 @@ } ], "source_location": {}, - "title": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "id": "GHSA-8grg-q944-cch5", - "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ @@ -3848,6 +6140,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3859,6 +6167,22 @@ { "data": "2023-01-27T05:02:30Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3872,9 +6196,8 @@ } ], "source_location": {}, - "title": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "id": "GHSA-hwj3-m3p6-hj38", - "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ]\n}", "results": [ @@ -3899,6 +6222,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3910,6 +6249,22 @@ { "data": "2023-02-01T05:05:30Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3923,9 +6278,8 @@ } ], "source_location": {}, - "title": "8c0002e8-9326-40f7-9209-51020755ff02", + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "id": "GHSA-7r82-7xv7-xcpj", - "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ]\n}", "results": [ @@ -3950,6 +6304,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -3961,6 +6331,22 @@ { "data": "2023-01-27T05:02:46Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -3974,9 +6360,8 @@ } ], "source_location": {}, - "title": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "id": "GHSA-jvfv-hrrc-6q72", - "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ]\n}", "results": [ @@ -4002,6 +6387,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4013,6 +6414,22 @@ { "data": "2023-07-24T19:39:20Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4026,9 +6443,8 @@ } ], "source_location": {}, - "title": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-wgmr-mf83-7x4j", - "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ @@ -4053,6 +6469,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4064,6 +6496,22 @@ { "data": "2024-06-21T21:34:00Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4077,9 +6525,8 @@ } ], "source_location": {}, - "title": "affa7af3-427f-4223-8028-d9ac45e80e08", + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "id": "GHSA-qppj-fm5r-hxr3", - "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ @@ -4110,6 +6557,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4121,6 +6584,22 @@ { "data": "2024-05-02T18:38:19Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4134,9 +6613,8 @@ } ], "source_location": {}, - "title": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "id": "GHSA-rggv-cv7r-mw98", - "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ]\n}", "results": [ @@ -4161,6 +6639,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4172,6 +6666,22 @@ { "data": "2024-06-21T21:33:57Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4185,9 +6695,8 @@ } ], "source_location": {}, - "title": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "id": "GHSA-wgh7-54f2-x98r", - "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ]\n}", "results": [ @@ -4214,6 +6723,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4225,6 +6750,22 @@ { "data": "2023-01-09T05:03:38Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4238,9 +6779,8 @@ } ], "source_location": {}, - "title": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "id": "GHSA-w4g2-9hj6-5472", - "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ @@ -4265,6 +6805,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4276,6 +6832,22 @@ { "data": "2023-11-05T05:04:23Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4289,9 +6861,8 @@ } ], "source_location": {}, - "title": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "id": "GHSA-mm8h-8587-p46h", - "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ @@ -4316,6 +6887,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4327,6 +6914,22 @@ { "data": "2023-02-25T00:31:20Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4340,9 +6943,8 @@ } ], "source_location": {}, - "title": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", - "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ @@ -4369,6 +6971,22 @@ ] }, "descriptions": [ + { + "data": "", + "label": "Detail" + }, + { + "data": "", + "label": "Recommendation" + }, + { + "data": "", + "label": "Workaround" + }, + { + "data": "", + "label": "Proof of concept" + }, { "data": "", "label": "Date created" @@ -4380,6 +6998,22 @@ { "data": "2023-08-18T15:47:05Z", "label": "Date updated" + }, + { + "data": "", + "label": "Date rejected" + }, + { + "data": "", + "label": "Credits" + }, + { + "data": "", + "label": "Tools" + }, + { + "data": "", + "label": "Analysis" } ], "refs": [ @@ -4393,9 +7027,8 @@ } ], "source_location": {}, - "title": "c8a50465-16df-44e0-84e9-7acff5870a51", + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", - "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ @@ -4408,7 +7041,7 @@ ] } ], - "sha256": "fd192eaedaa13c9ad50248bfc57c44535dd8fe55aad9fa822e260b46976959a5" + "sha256": "25bf90c037c3f0f51691592616b392c99d564773fcb3c5416e41fbf6af2fd389" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json index 8cc741e251..94d878abb4 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json @@ -7,8 +7,8 @@ "statistics": {}, "profiles": [ { - "name": "application/@mitre/saf@1.4.7", - "title": "@mitre/saf", + "name": "CycloneDX BOM Report: application/@mitre/saf@1.4.7", + "title": "@mitre/saf CycloneDX BOM Report", "version": "1.4.7", "maintainer": "The MITRE Security Automation Framework", "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", @@ -18,7 +18,7 @@ "groups": [], "status": "loaded", "controls": [], - "sha256": "293aa65c39599822577a8957155b2b71f759a252c5e08724637cf1dc44089595" + "sha256": "d0eb06874c873528a609afe066d8ce3728bc38e9f6d57dd693ed21455edfe0f8" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json index b0c2266b21..12cd74e293 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json @@ -7,8 +7,8 @@ "statistics": {}, "profiles": [ { - "name": "application/@mitre/saf@1.4.7", - "title": "@mitre/saf", + "name": "CycloneDX BOM Report: application/@mitre/saf@1.4.7", + "title": "@mitre/saf CycloneDX BOM Report", "version": "1.4.7", "maintainer": "The MITRE Security Automation Framework", "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", @@ -18,7 +18,7 @@ "groups": [], "status": "loaded", "controls": [], - "sha256": "293aa65c39599822577a8957155b2b71f759a252c5e08724637cf1dc44089595" + "sha256": "d0eb06874c873528a609afe066d8ce3728bc38e9f6d57dd693ed21455edfe0f8" } ], "passthrough": { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 478bf7577d..da7fb945c9 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -190,31 +190,72 @@ export class SBOMMapper extends BaseConverter { { name: { path: 'metadata.component', - transformer: (input: Record): string => { - return `${input.type}/${input['bom-ref']}`; - } + transformer: (input: Record): string => + input['bom-ref'] + ? `CycloneDX BOM Report: ${input.type}/${input['bom-ref']}` + : 'CycloneDX BOM Report' }, title: { path: 'metadata.component', transformer: (input: Record): string => { - const group = input.group ? `${input.group}/` : ''; - return `${group}${input.name}`; + if (input.name) { + const group = input.group ? `${input.group}/` : ''; + return `${group}${input.name} CycloneDX BOM Report`; + } else { + return 'CycloneDX BOM Report'; + } + } + }, + version: { + path: 'metadata.component.version', + transformer: (input: Record): string | undefined => + input ? `${input}` : undefined + }, + maintainer: { + path: 'metadata.component', + transformer: (input: Record): string | undefined => { + // Check through every single possible field which may hold ownership over this component + if (input.author) { + // `author` is deprecated in v1.6 but may still appear + return `${input.author}`; + } else if (input.authors) { + // Join list of component authors + let msg = ''; + for (const author of input.authors as Record[]) { + msg += `${author.name}, `; + } + return msg.slice(0, -2); + } else if (input.manufacturer) { + // If we can't pinpoint the exact authors, resort to the organization + return `${(input.manufacturer as Record).name}`; + } else { + return undefined; + } } }, - version: {path: 'metadata.component.version'}, - maintainer: {path: 'metadata.component.author'}, - description: {path: 'metadata.component.description'}, + description: { + path: 'metadata.component', + transformer: (input: Record): string | undefined => + input.description ? `${input.description}` : undefined + }, + copyright: { + path: 'metadata.component', + transformer: (input: Record): string | undefined => + input.copyright ? `${input.copyright}` : undefined + }, license: { path: 'metadata.component', - transformer: (input: Record): string => { + transformer: (input: Record): string | undefined => { let message = ''; if (Array.isArray(input.licenses)) { // Join together all applicable licenses for this component input.licenses.map((license) => { message = message.concat(`${license.license.id}, `); }); + return message.slice(0, -2); } - return message.slice(0, -2); + // If there are no found licenses, remove field + return undefined; } }, supports: [], @@ -232,12 +273,28 @@ export class SBOMMapper extends BaseConverter { }, cci: { path: 'cwes', - transformer: (input: number[]) => + transformer: (input: number[]): string[] => getCCIsForNISTTags(getNISTTags(input)) }, cwe: {path: 'cwes', transformer: formatCWETags} }, descriptions: [ + { + data: {path: 'detail'}, + label: 'Detail' + }, + { + data: {path: 'recommendation'}, + label: 'Recommendation' + }, + { + data: {path: 'workaround'}, + label: 'Workaround' + }, + { + data: {path: 'proofOfConcept'}, + label: 'Proof of concept' + }, { data: {path: 'created'}, label: 'Date created' @@ -249,29 +306,54 @@ export class SBOMMapper extends BaseConverter { { data: {path: 'updated'}, label: 'Date updated' + }, + { + data: {path: 'rejected'}, + label: 'Date rejected' + }, + { + data: {path: 'credits'}, + label: 'Credits' + }, + { + data: {path: 'tools'}, + label: 'Tools' + }, + { + data: {path: 'analysis'}, + label: 'Analysis' } ], refs: [ { - path: 'source', - transformer: (data: Record) => { - return {ref: [data]}; + transformer: ( + input: Record + ): Record => { + const searchFor = ['source', 'references', 'advisories']; + const ref = []; + for (const key of searchFor) { + if (input[key]) { + ref.push(input[key] as Record); + } + } + return {ref: ref}; } } ], source_location: {}, - title: {path: 'bom-ref'}, + title: { + transformer: (input: Record): string => + input.description ? `${input.description}` : `${input.id}` + }, id: {path: 'id'}, - desc: {path: 'description'}, - impact: {path: 'ratings', transformer: aggregateImpact}, + impact: {path: 'ratings', transformer: aggregateImpact}, // temp code: { - transformer: (vulnerability: Record): string => { - return JSON.stringify( + transformer: (vulnerability: Record): string => + JSON.stringify( _.omit(vulnerability, 'affectedComponents'), null, 2 - ); - } + ) }, results: [ { @@ -306,21 +388,21 @@ export class SBOMMapper extends BaseConverter { } ], passthrough: { - transformer: (data: Record): Record => { + transformer: (input: Record): Record => { return { auxiliary_data: [ { name: 'SBOM', - components: _.get(data, 'components'), - dependencies: _.get(data, 'dependencies'), - data: _.omit(data, [ + components: _.get(input, 'components'), + dependencies: _.get(input, 'dependencies'), + data: _.omit(input, [ 'components', 'vulnerabilities', 'dependencies' ]) } ], - ...(this.withRaw && {raw: data}) + ...(this.withRaw && {raw: input}) }; } } From f1b873b8baa400b271f41d6517ce3882732bce5c Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Wed, 31 Jul 2024 10:05:35 -0400 Subject: [PATCH 25/61] SBOM support visibility; auto cleaning control Description Signed-off-by: Charles Hu --- .../global/upload_tabs/FileReader.vue | 1 + libs/hdf-converters/README.md | 2 +- .../sbom-dropwizard-vex-hdf-withraw.json | 3102 +---------------- .../sbom_mapper/sbom-dropwizard-vex-hdf.json | 3102 +---------------- .../sbom-dropwizard-vulns-hdf-withraw.json | 3102 +---------------- .../sbom-dropwizard-vulns-hdf.json | 3102 +---------------- .../sbom_mapper/sbom-vex-hdf-withraw.json | 18 +- .../sbom_mapper/sbom-vex-hdf.json | 18 +- libs/hdf-converters/src/sbom-mapper.ts | 106 +- 9 files changed, 121 insertions(+), 12432 deletions(-) diff --git a/apps/frontend/src/components/global/upload_tabs/FileReader.vue b/apps/frontend/src/components/global/upload_tabs/FileReader.vue index ee8f2d1757..219dade33c 100644 --- a/apps/frontend/src/components/global/upload_tabs/FileReader.vue +++ b/apps/frontend/src/components/global/upload_tabs/FileReader.vue @@ -33,6 +33,7 @@
  • AWS Security Finding Format (ASFF)
  • Burp Suite
  • Checklist
    • +
  • CycloneDX Software Bill of Materials (SBOM)
  • DBProtect
  • Fortify
  • Golang Security Checker (gosec)
    • diff --git a/libs/hdf-converters/README.md b/libs/hdf-converters/README.md index 7338bfb048..4fe23c5298 100644 --- a/libs/hdf-converters/README.md +++ b/libs/hdf-converters/README.md @@ -21,7 +21,7 @@ OHDF Converters supplies several methods to convert various types of security to 14. [**nikto-mapper**] - Nikto results JSON file 15. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file 16. [**sarif-mapper**] - SARIF JSON file -17. [**sbom-mapper**] - SBOM JSON file +17. [**sbom-mapper**] - CycloneDX SBOM JSON file 18. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object 19. [**snyk-mapper**] - Snyk results JSON file 20. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index c21c102835..9d66a404ff 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -34,26 +34,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-03-25T17:04:19Z", "label": "Date published" @@ -61,22 +41,6 @@ { "data": "2023-11-09T18:44:38Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -119,26 +83,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-06-14T18:30:38Z", "label": "Date published" @@ -146,22 +90,6 @@ { "data": "2024-02-13T21:49:15Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -201,26 +129,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T21:08:40Z", "label": "Date published" @@ -228,22 +136,6 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -283,26 +175,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:44Z", "label": "Date published" @@ -310,22 +182,6 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -365,26 +221,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-10T21:12:41Z", "label": "Date published" @@ -392,22 +228,6 @@ { "data": "2023-02-01T05:03:03Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -447,26 +267,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:50Z", "label": "Date published" @@ -474,22 +274,6 @@ { "data": "2023-02-01T05:03:05Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -529,26 +313,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T20:19:02Z", "label": "Date published" @@ -556,22 +320,6 @@ { "data": "2024-03-15T00:41:35Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -611,26 +359,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:47Z", "label": "Date published" @@ -638,22 +366,6 @@ { "data": "2024-03-15T00:48:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -693,26 +405,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:54Z", "label": "Date published" @@ -720,22 +412,6 @@ { "data": "2024-03-15T00:50:18Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -775,26 +451,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T21:36:03Z", "label": "Date published" @@ -802,22 +458,6 @@ { "data": "2024-06-25T13:46:45Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -857,26 +497,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T16:32:59Z", "label": "Date published" @@ -884,22 +504,6 @@ { "data": "2024-07-03T21:10:50Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -939,26 +543,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-18T14:44:50Z", "label": "Date published" @@ -966,22 +550,6 @@ { "data": "2023-02-01T05:04:14Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1021,26 +589,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-18T14:44:43Z", "label": "Date published" @@ -1048,22 +596,6 @@ { "data": "2024-03-15T00:37:17Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1103,26 +635,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-18T14:44:46Z", "label": "Date published" @@ -1130,22 +642,6 @@ { "data": "2024-03-15T00:39:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1186,48 +682,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2020-06-18T14:44:48Z", - "label": "Date published" + "data": "2020-06-18T14:44:48Z", + "label": "Date published" }, { "data": "2024-06-25T13:46:04Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1267,26 +727,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-03-04T20:52:14Z", "label": "Date published" @@ -1294,22 +734,6 @@ { "data": "2023-06-08T19:02:12Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1349,26 +773,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-07-15T19:41:47Z", "label": "Date published" @@ -1376,22 +780,6 @@ { "data": "2023-08-18T15:45:27Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1431,26 +819,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2019-11-13T00:32:27Z", "label": "Date published" @@ -1458,22 +826,6 @@ { "data": "2023-09-14T14:55:20Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1513,26 +865,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2019-11-13T00:32:38Z", "label": "Date published" @@ -1540,22 +872,6 @@ { "data": "2023-09-14T14:55:25Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1595,26 +911,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2019-10-28T20:51:15Z", "label": "Date published" @@ -1622,22 +918,6 @@ { "data": "2024-03-15T00:57:37Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1677,26 +957,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:59:10Z", "label": "Date published" @@ -1704,22 +964,6 @@ { "data": "2023-09-14T15:09:40Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1759,26 +1003,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:59:01Z", "label": "Date published" @@ -1786,22 +1010,6 @@ { "data": "2024-03-15T00:20:09Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1842,26 +1050,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:14:51Z", "label": "Date published" @@ -1869,22 +1057,6 @@ { "data": "2023-09-14T15:44:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1924,26 +1096,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:36Z", "label": "Date published" @@ -1951,22 +1103,6 @@ { "data": "2023-09-14T15:47:50Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2006,26 +1142,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:02Z", "label": "Date published" @@ -2033,22 +1149,6 @@ { "data": "2023-09-14T15:52:49Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2088,26 +1188,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:26Z", "label": "Date published" @@ -2115,22 +1195,6 @@ { "data": "2023-09-14T15:53:30Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2170,26 +1234,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-11-19T20:13:06Z", "label": "Date published" @@ -2197,22 +1241,6 @@ { "data": "2023-09-14T15:59:33Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2252,26 +1280,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:51Z", "label": "Date published" @@ -2279,22 +1287,6 @@ { "data": "2023-09-14T16:01:31Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2335,48 +1327,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2021-12-09T19:16:59Z", - "label": "Date published" + "data": "2021-12-09T19:16:59Z", + "label": "Date published" }, { "data": "2023-09-14T16:04:22Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2416,26 +1372,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:42Z", "label": "Date published" @@ -2443,22 +1379,6 @@ { "data": "2023-09-14T16:04:22Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2498,26 +1418,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:10Z", "label": "Date published" @@ -2525,22 +1425,6 @@ { "data": "2023-09-14T16:07:00Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2580,26 +1464,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:54Z", "label": "Date published" @@ -2607,22 +1471,6 @@ { "data": "2023-09-14T16:07:40Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2662,26 +1510,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:46Z", "label": "Date published" @@ -2689,22 +1517,6 @@ { "data": "2023-09-14T16:08:37Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2744,26 +1556,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:18Z", "label": "Date published" @@ -2771,22 +1563,6 @@ { "data": "2023-09-14T16:13:01Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2826,26 +1602,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:34Z", "label": "Date published" @@ -2853,22 +1609,6 @@ { "data": "2023-09-14T16:15:44Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2908,26 +1648,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:24Z", "label": "Date published" @@ -2935,22 +1655,6 @@ { "data": "2023-11-21T11:40:53Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2990,26 +1694,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:00Z", "label": "Date published" @@ -3017,22 +1701,6 @@ { "data": "2024-03-15T00:28:08Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3073,26 +1741,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:11Z", "label": "Date published" @@ -3100,22 +1748,6 @@ { "data": "2024-06-25T13:47:23Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3156,26 +1788,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -3183,22 +1795,6 @@ { "data": "2024-03-15T00:14:44Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3238,26 +1834,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-01-20T21:20:15Z", "label": "Date published" @@ -3265,22 +1841,6 @@ { "data": "2024-03-15T00:16:04Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3320,26 +1880,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-03-12T00:00:36Z", "label": "Date published" @@ -3347,22 +1887,6 @@ { "data": "2024-03-15T00:24:56Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3402,26 +1926,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-02-18T20:51:54Z", "label": "Date published" @@ -3429,22 +1933,6 @@ { "data": "2024-03-15T00:31:24Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3485,48 +1973,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2020-03-04T20:52:11Z", - "label": "Date published" + "data": "2020-03-04T20:52:11Z", + "label": "Date published" }, { "data": "2024-03-15T00:52:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3567,26 +2019,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -3594,22 +2026,6 @@ { "data": "2024-03-24T05:01:05Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3649,26 +2065,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:59:04Z", "label": "Date published" @@ -3676,22 +2072,6 @@ { "data": "2024-07-03T21:10:31Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3733,26 +2113,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-10T18:42:20Z", "label": "Date published" @@ -3760,22 +2120,6 @@ { "data": "2023-01-09T05:02:18Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3817,26 +2161,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-02-24T17:27:27Z", "label": "Date published" @@ -3844,22 +2168,6 @@ { "data": "2024-06-05T16:42:03Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3901,26 +2209,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-04T21:37:45Z", "label": "Date published" @@ -3928,22 +2216,6 @@ { "data": "2023-05-22T20:17:58Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3984,26 +2256,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4011,22 +2263,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4067,26 +2303,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-11-11T19:00:31Z", "label": "Date published" @@ -4094,22 +2310,6 @@ { "data": "2024-06-21T21:33:52Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4150,26 +2350,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4177,22 +2357,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4233,26 +2397,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4260,22 +2404,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4316,26 +2444,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4343,22 +2451,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4399,26 +2491,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-08-31T00:00:24Z", "label": "Date published" @@ -4426,22 +2498,6 @@ { "data": "2024-03-15T19:06:46Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4482,26 +2538,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-12-12T21:19:47Z", "label": "Date published" @@ -4509,22 +2545,6 @@ { "data": "2024-06-24T21:22:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4564,26 +2584,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-17T20:00:50Z", "label": "Date published" @@ -4591,22 +2591,6 @@ { "data": "2023-01-30T05:04:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4647,48 +2631,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2023-11-29T12:30:16Z", - "label": "Date published" + "data": "2023-11-29T12:30:16Z", + "label": "Date published" }, { "data": "2023-12-05T21:31:13Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4728,26 +2676,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-03-10T03:46:47Z", "label": "Date published" @@ -4755,22 +2683,6 @@ { "data": "2023-02-01T05:05:09Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4810,26 +2722,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-23T20:23:04Z", "label": "Date published" @@ -4837,22 +2729,6 @@ { "data": "2023-02-01T05:05:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4894,26 +2770,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-04-06T17:31:30Z", "label": "Date published" @@ -4921,22 +2777,6 @@ { "data": "2023-09-26T11:11:47Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4976,26 +2816,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-04-18T22:19:57Z", "label": "Date published" @@ -5003,22 +2823,6 @@ { "data": "2023-11-06T05:01:53Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5059,26 +2863,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-04-19T18:15:45Z", "label": "Date published" @@ -5086,22 +2870,6 @@ { "data": "2023-11-06T05:02:06Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5141,26 +2909,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-12-02T18:28:18Z", "label": "Date published" @@ -5168,22 +2916,6 @@ { "data": "2024-02-21T17:23:14Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5223,26 +2955,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-07-07T20:55:34Z", "label": "Date published" @@ -5250,22 +2962,6 @@ { "data": "2023-01-29T05:06:01Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5307,26 +3003,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-09-14T16:17:27Z", "label": "Date published" @@ -5334,22 +3010,6 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5393,26 +3053,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-11-04T17:50:24Z", "label": "Date published" @@ -5420,22 +3060,6 @@ { "data": "2023-11-27T23:07:53Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5475,26 +3099,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-07-10T21:52:39Z", "label": "Date published" @@ -5502,22 +3106,6 @@ { "data": "2023-09-05T22:39:32Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5557,26 +3145,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-10T15:43:22Z", "label": "Date published" @@ -5584,22 +3152,6 @@ { "data": "2023-02-01T05:05:51Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5641,26 +3193,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-09-14T16:16:00Z", "label": "Date published" @@ -5668,22 +3200,6 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5726,26 +3242,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-10-12T17:33:00Z", "label": "Date published" @@ -5753,22 +3249,6 @@ { "data": "2023-02-01T05:04:50Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5807,53 +3287,8 @@ ], "cwe": [] }, - "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "", - "label": "Date published" - }, - { - "data": "", - "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" - } - ], - "refs": [ + "descriptions": [], + "refs": [ { "ref": [ { @@ -5888,52 +3323,7 @@ ], "cwe": [] }, - "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "", - "label": "Date published" - }, - { - "data": "", - "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -5970,26 +3360,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-02-09T22:57:29Z", "label": "Date published" @@ -5997,22 +3367,6 @@ { "data": "2024-06-27T16:39:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6052,26 +3406,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-02-10T23:05:04Z", "label": "Date published" @@ -6079,22 +3413,6 @@ { "data": "2024-06-27T18:05:49Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6134,26 +3452,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-05T16:13:36Z", "label": "Date published" @@ -6161,22 +3459,6 @@ { "data": "2023-01-27T05:02:30Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6216,26 +3498,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-03T23:40:23Z", "label": "Date published" @@ -6243,22 +3505,6 @@ { "data": "2023-02-01T05:05:30Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6298,26 +3544,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-03-05T00:00:45Z", "label": "Date published" @@ -6325,22 +3551,6 @@ { "data": "2023-01-27T05:02:46Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6381,26 +3591,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-07-07T20:55:40Z", "label": "Date published" @@ -6408,22 +3598,6 @@ { "data": "2023-07-24T19:39:20Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6463,26 +3637,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-10-10T21:28:24Z", "label": "Date published" @@ -6490,22 +3644,6 @@ { "data": "2024-06-21T21:34:00Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6545,26 +3683,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2024-02-26T20:13:46Z", "label": "Date published" @@ -6572,22 +3690,6 @@ { "data": "2024-05-02T18:38:19Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6627,26 +3729,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-10-10T21:16:23Z", "label": "Date published" @@ -6654,22 +3736,6 @@ { "data": "2024-06-21T21:33:57Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6711,26 +3777,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2018-10-18T18:06:08Z", "label": "Date published" @@ -6738,22 +3784,6 @@ { "data": "2023-01-09T05:03:38Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6793,26 +3823,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-10-24T01:49:09Z", "label": "Date published" @@ -6820,22 +3830,6 @@ { "data": "2023-11-05T05:04:23Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6875,26 +3869,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-01-06T23:55:09Z", "label": "Date published" @@ -6902,22 +3876,6 @@ { "data": "2023-02-25T00:31:20Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6959,26 +3917,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-01-21T23:07:39Z", "label": "Date published" @@ -6986,22 +3924,6 @@ { "data": "2023-08-18T15:47:05Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -7029,7 +3951,7 @@ ] } ], - "sha256": "634176f45fdaa430d9bf26811cbb8ecff144bf927eef299c238008755c86fd62" + "sha256": "9cb9c7b18399f04b0e0eace60440893a66e95336da56eca1a628d82e2584ac2c" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json index f7917924da..eceeca3f78 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -34,26 +34,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-03-25T17:04:19Z", "label": "Date published" @@ -61,22 +41,6 @@ { "data": "2023-11-09T18:44:38Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -119,26 +83,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-06-14T18:30:38Z", "label": "Date published" @@ -146,22 +90,6 @@ { "data": "2024-02-13T21:49:15Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -201,26 +129,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T21:08:40Z", "label": "Date published" @@ -228,22 +136,6 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -283,26 +175,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:44Z", "label": "Date published" @@ -310,22 +182,6 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -365,26 +221,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-10T21:12:41Z", "label": "Date published" @@ -392,22 +228,6 @@ { "data": "2023-02-01T05:03:03Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -447,26 +267,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:50Z", "label": "Date published" @@ -474,22 +274,6 @@ { "data": "2023-02-01T05:03:05Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -529,26 +313,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T20:19:02Z", "label": "Date published" @@ -556,22 +320,6 @@ { "data": "2024-03-15T00:41:35Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -611,26 +359,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:47Z", "label": "Date published" @@ -638,22 +366,6 @@ { "data": "2024-03-15T00:48:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -693,26 +405,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:54Z", "label": "Date published" @@ -720,22 +412,6 @@ { "data": "2024-03-15T00:50:18Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -775,26 +451,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T21:36:03Z", "label": "Date published" @@ -802,22 +458,6 @@ { "data": "2024-06-25T13:46:45Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -857,26 +497,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T16:32:59Z", "label": "Date published" @@ -884,22 +504,6 @@ { "data": "2024-07-03T21:10:50Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -939,26 +543,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-18T14:44:50Z", "label": "Date published" @@ -966,22 +550,6 @@ { "data": "2023-02-01T05:04:14Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1021,26 +589,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-18T14:44:43Z", "label": "Date published" @@ -1048,22 +596,6 @@ { "data": "2024-03-15T00:37:17Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1103,26 +635,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-18T14:44:46Z", "label": "Date published" @@ -1130,22 +642,6 @@ { "data": "2024-03-15T00:39:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1186,48 +682,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2020-06-18T14:44:48Z", - "label": "Date published" + "data": "2020-06-18T14:44:48Z", + "label": "Date published" }, { "data": "2024-06-25T13:46:04Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1267,26 +727,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-03-04T20:52:14Z", "label": "Date published" @@ -1294,22 +734,6 @@ { "data": "2023-06-08T19:02:12Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1349,26 +773,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-07-15T19:41:47Z", "label": "Date published" @@ -1376,22 +780,6 @@ { "data": "2023-08-18T15:45:27Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1431,26 +819,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2019-11-13T00:32:27Z", "label": "Date published" @@ -1458,22 +826,6 @@ { "data": "2023-09-14T14:55:20Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1513,26 +865,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2019-11-13T00:32:38Z", "label": "Date published" @@ -1540,22 +872,6 @@ { "data": "2023-09-14T14:55:25Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1595,26 +911,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2019-10-28T20:51:15Z", "label": "Date published" @@ -1622,22 +918,6 @@ { "data": "2024-03-15T00:57:37Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1677,26 +957,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:59:10Z", "label": "Date published" @@ -1704,22 +964,6 @@ { "data": "2023-09-14T15:09:40Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1759,26 +1003,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:59:01Z", "label": "Date published" @@ -1786,22 +1010,6 @@ { "data": "2024-03-15T00:20:09Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1842,26 +1050,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:14:51Z", "label": "Date published" @@ -1869,22 +1057,6 @@ { "data": "2023-09-14T15:44:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1924,26 +1096,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:36Z", "label": "Date published" @@ -1951,22 +1103,6 @@ { "data": "2023-09-14T15:47:50Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2006,26 +1142,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:02Z", "label": "Date published" @@ -2033,22 +1149,6 @@ { "data": "2023-09-14T15:52:49Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2088,26 +1188,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:26Z", "label": "Date published" @@ -2115,22 +1195,6 @@ { "data": "2023-09-14T15:53:30Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2170,26 +1234,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-11-19T20:13:06Z", "label": "Date published" @@ -2197,22 +1241,6 @@ { "data": "2023-09-14T15:59:33Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2252,26 +1280,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:51Z", "label": "Date published" @@ -2279,22 +1287,6 @@ { "data": "2023-09-14T16:01:31Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2335,48 +1327,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2021-12-09T19:16:59Z", - "label": "Date published" + "data": "2021-12-09T19:16:59Z", + "label": "Date published" }, { "data": "2023-09-14T16:04:22Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2416,26 +1372,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:42Z", "label": "Date published" @@ -2443,22 +1379,6 @@ { "data": "2023-09-14T16:04:22Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2498,26 +1418,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:10Z", "label": "Date published" @@ -2525,22 +1425,6 @@ { "data": "2023-09-14T16:07:00Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2580,26 +1464,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:54Z", "label": "Date published" @@ -2607,22 +1471,6 @@ { "data": "2023-09-14T16:07:40Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2662,26 +1510,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:46Z", "label": "Date published" @@ -2689,22 +1517,6 @@ { "data": "2023-09-14T16:08:37Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2744,26 +1556,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:18Z", "label": "Date published" @@ -2771,22 +1563,6 @@ { "data": "2023-09-14T16:13:01Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2826,26 +1602,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:34Z", "label": "Date published" @@ -2853,22 +1609,6 @@ { "data": "2023-09-14T16:15:44Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2908,26 +1648,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:24Z", "label": "Date published" @@ -2935,22 +1655,6 @@ { "data": "2023-11-21T11:40:53Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2990,26 +1694,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:00Z", "label": "Date published" @@ -3017,22 +1701,6 @@ { "data": "2024-03-15T00:28:08Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3073,26 +1741,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:11Z", "label": "Date published" @@ -3100,22 +1748,6 @@ { "data": "2024-06-25T13:47:23Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3156,26 +1788,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -3183,22 +1795,6 @@ { "data": "2024-03-15T00:14:44Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3238,26 +1834,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-01-20T21:20:15Z", "label": "Date published" @@ -3265,22 +1841,6 @@ { "data": "2024-03-15T00:16:04Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3320,26 +1880,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-03-12T00:00:36Z", "label": "Date published" @@ -3347,22 +1887,6 @@ { "data": "2024-03-15T00:24:56Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3402,26 +1926,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-02-18T20:51:54Z", "label": "Date published" @@ -3429,22 +1933,6 @@ { "data": "2024-03-15T00:31:24Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3485,48 +1973,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2020-03-04T20:52:11Z", - "label": "Date published" + "data": "2020-03-04T20:52:11Z", + "label": "Date published" }, { "data": "2024-03-15T00:52:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3567,26 +2019,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -3594,22 +2026,6 @@ { "data": "2024-03-24T05:01:05Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3649,26 +2065,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:59:04Z", "label": "Date published" @@ -3676,22 +2072,6 @@ { "data": "2024-07-03T21:10:31Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3733,26 +2113,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-10T18:42:20Z", "label": "Date published" @@ -3760,22 +2120,6 @@ { "data": "2023-01-09T05:02:18Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3817,26 +2161,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-02-24T17:27:27Z", "label": "Date published" @@ -3844,22 +2168,6 @@ { "data": "2024-06-05T16:42:03Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3901,26 +2209,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-04T21:37:45Z", "label": "Date published" @@ -3928,22 +2216,6 @@ { "data": "2023-05-22T20:17:58Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3984,26 +2256,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4011,22 +2263,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4067,26 +2303,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-11-11T19:00:31Z", "label": "Date published" @@ -4094,22 +2310,6 @@ { "data": "2024-06-21T21:33:52Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4150,26 +2350,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4177,22 +2357,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4233,26 +2397,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4260,22 +2404,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4316,26 +2444,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4343,22 +2451,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4399,26 +2491,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-08-31T00:00:24Z", "label": "Date published" @@ -4426,22 +2498,6 @@ { "data": "2024-03-15T19:06:46Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4482,26 +2538,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-12-12T21:19:47Z", "label": "Date published" @@ -4509,22 +2545,6 @@ { "data": "2024-06-24T21:22:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4564,26 +2584,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-17T20:00:50Z", "label": "Date published" @@ -4591,22 +2591,6 @@ { "data": "2023-01-30T05:04:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4647,48 +2631,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2023-11-29T12:30:16Z", - "label": "Date published" + "data": "2023-11-29T12:30:16Z", + "label": "Date published" }, { "data": "2023-12-05T21:31:13Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4728,26 +2676,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-03-10T03:46:47Z", "label": "Date published" @@ -4755,22 +2683,6 @@ { "data": "2023-02-01T05:05:09Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4810,26 +2722,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-23T20:23:04Z", "label": "Date published" @@ -4837,22 +2729,6 @@ { "data": "2023-02-01T05:05:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4894,26 +2770,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-04-06T17:31:30Z", "label": "Date published" @@ -4921,22 +2777,6 @@ { "data": "2023-09-26T11:11:47Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4976,26 +2816,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-04-18T22:19:57Z", "label": "Date published" @@ -5003,22 +2823,6 @@ { "data": "2023-11-06T05:01:53Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5059,26 +2863,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-04-19T18:15:45Z", "label": "Date published" @@ -5086,22 +2870,6 @@ { "data": "2023-11-06T05:02:06Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5141,26 +2909,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-12-02T18:28:18Z", "label": "Date published" @@ -5168,22 +2916,6 @@ { "data": "2024-02-21T17:23:14Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5223,26 +2955,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-07-07T20:55:34Z", "label": "Date published" @@ -5250,22 +2962,6 @@ { "data": "2023-01-29T05:06:01Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5307,26 +3003,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-09-14T16:17:27Z", "label": "Date published" @@ -5334,22 +3010,6 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5393,26 +3053,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-11-04T17:50:24Z", "label": "Date published" @@ -5420,22 +3060,6 @@ { "data": "2023-11-27T23:07:53Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5475,26 +3099,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-07-10T21:52:39Z", "label": "Date published" @@ -5502,22 +3106,6 @@ { "data": "2023-09-05T22:39:32Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5557,26 +3145,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-10T15:43:22Z", "label": "Date published" @@ -5584,22 +3152,6 @@ { "data": "2023-02-01T05:05:51Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5641,26 +3193,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-09-14T16:16:00Z", "label": "Date published" @@ -5668,22 +3200,6 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5726,26 +3242,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-10-12T17:33:00Z", "label": "Date published" @@ -5753,22 +3249,6 @@ { "data": "2023-02-01T05:04:50Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5807,53 +3287,8 @@ ], "cwe": [] }, - "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "", - "label": "Date published" - }, - { - "data": "", - "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" - } - ], - "refs": [ + "descriptions": [], + "refs": [ { "ref": [ { @@ -5888,52 +3323,7 @@ ], "cwe": [] }, - "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "", - "label": "Date published" - }, - { - "data": "", - "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -5970,26 +3360,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-02-09T22:57:29Z", "label": "Date published" @@ -5997,22 +3367,6 @@ { "data": "2024-06-27T16:39:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6052,26 +3406,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-02-10T23:05:04Z", "label": "Date published" @@ -6079,22 +3413,6 @@ { "data": "2024-06-27T18:05:49Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6134,26 +3452,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-05T16:13:36Z", "label": "Date published" @@ -6161,22 +3459,6 @@ { "data": "2023-01-27T05:02:30Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6216,26 +3498,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-03T23:40:23Z", "label": "Date published" @@ -6243,22 +3505,6 @@ { "data": "2023-02-01T05:05:30Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6298,26 +3544,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-03-05T00:00:45Z", "label": "Date published" @@ -6325,22 +3551,6 @@ { "data": "2023-01-27T05:02:46Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6381,26 +3591,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-07-07T20:55:40Z", "label": "Date published" @@ -6408,22 +3598,6 @@ { "data": "2023-07-24T19:39:20Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6463,26 +3637,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-10-10T21:28:24Z", "label": "Date published" @@ -6490,22 +3644,6 @@ { "data": "2024-06-21T21:34:00Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6545,26 +3683,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2024-02-26T20:13:46Z", "label": "Date published" @@ -6572,22 +3690,6 @@ { "data": "2024-05-02T18:38:19Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6627,26 +3729,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-10-10T21:16:23Z", "label": "Date published" @@ -6654,22 +3736,6 @@ { "data": "2024-06-21T21:33:57Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6711,26 +3777,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2018-10-18T18:06:08Z", "label": "Date published" @@ -6738,22 +3784,6 @@ { "data": "2023-01-09T05:03:38Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6793,26 +3823,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-10-24T01:49:09Z", "label": "Date published" @@ -6820,22 +3830,6 @@ { "data": "2023-11-05T05:04:23Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6875,26 +3869,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-01-06T23:55:09Z", "label": "Date published" @@ -6902,22 +3876,6 @@ { "data": "2023-02-25T00:31:20Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6959,26 +3917,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-01-21T23:07:39Z", "label": "Date published" @@ -6986,22 +3924,6 @@ { "data": "2023-08-18T15:47:05Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -7029,7 +3951,7 @@ ] } ], - "sha256": "634176f45fdaa430d9bf26811cbb8ecff144bf927eef299c238008755c86fd62" + "sha256": "9cb9c7b18399f04b0e0eace60440893a66e95336da56eca1a628d82e2584ac2c" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index b60308876c..cbe3c7f47b 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -34,26 +34,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-03-25T17:04:19Z", "label": "Date published" @@ -61,22 +41,6 @@ { "data": "2023-11-09T18:44:38Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -119,26 +83,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-06-14T18:30:38Z", "label": "Date published" @@ -146,22 +90,6 @@ { "data": "2024-02-13T21:49:15Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -201,26 +129,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T21:08:40Z", "label": "Date published" @@ -228,22 +136,6 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -283,26 +175,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:44Z", "label": "Date published" @@ -310,22 +182,6 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -365,26 +221,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-10T21:12:41Z", "label": "Date published" @@ -392,22 +228,6 @@ { "data": "2023-02-01T05:03:03Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -447,26 +267,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:50Z", "label": "Date published" @@ -474,22 +274,6 @@ { "data": "2023-02-01T05:03:05Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -529,26 +313,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T20:19:02Z", "label": "Date published" @@ -556,22 +320,6 @@ { "data": "2024-03-15T00:41:35Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -611,26 +359,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:47Z", "label": "Date published" @@ -638,22 +366,6 @@ { "data": "2024-03-15T00:48:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -693,26 +405,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:54Z", "label": "Date published" @@ -720,22 +412,6 @@ { "data": "2024-03-15T00:50:18Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -775,26 +451,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T21:36:03Z", "label": "Date published" @@ -802,22 +458,6 @@ { "data": "2024-06-25T13:46:45Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -857,26 +497,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T16:32:59Z", "label": "Date published" @@ -884,22 +504,6 @@ { "data": "2024-07-03T21:10:50Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -939,26 +543,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-18T14:44:50Z", "label": "Date published" @@ -966,22 +550,6 @@ { "data": "2023-02-01T05:04:14Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1021,26 +589,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-18T14:44:43Z", "label": "Date published" @@ -1048,22 +596,6 @@ { "data": "2024-03-15T00:37:17Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1103,26 +635,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-18T14:44:46Z", "label": "Date published" @@ -1130,22 +642,6 @@ { "data": "2024-03-15T00:39:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1186,48 +682,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2020-06-18T14:44:48Z", - "label": "Date published" + "data": "2020-06-18T14:44:48Z", + "label": "Date published" }, { "data": "2024-06-25T13:46:04Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1267,26 +727,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-03-04T20:52:14Z", "label": "Date published" @@ -1294,22 +734,6 @@ { "data": "2023-06-08T19:02:12Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1349,26 +773,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-07-15T19:41:47Z", "label": "Date published" @@ -1376,22 +780,6 @@ { "data": "2023-08-18T15:45:27Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1431,26 +819,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2019-11-13T00:32:27Z", "label": "Date published" @@ -1458,22 +826,6 @@ { "data": "2023-09-14T14:55:20Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1513,26 +865,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2019-11-13T00:32:38Z", "label": "Date published" @@ -1540,22 +872,6 @@ { "data": "2023-09-14T14:55:25Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1595,26 +911,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2019-10-28T20:51:15Z", "label": "Date published" @@ -1622,22 +918,6 @@ { "data": "2024-03-15T00:57:37Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1677,26 +957,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:59:10Z", "label": "Date published" @@ -1704,22 +964,6 @@ { "data": "2023-09-14T15:09:40Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1759,26 +1003,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:59:01Z", "label": "Date published" @@ -1786,22 +1010,6 @@ { "data": "2024-03-15T00:20:09Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1842,26 +1050,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:14:51Z", "label": "Date published" @@ -1869,22 +1057,6 @@ { "data": "2023-09-14T15:44:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1924,26 +1096,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:36Z", "label": "Date published" @@ -1951,22 +1103,6 @@ { "data": "2023-09-14T15:47:50Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2006,26 +1142,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:02Z", "label": "Date published" @@ -2033,22 +1149,6 @@ { "data": "2023-09-14T15:52:49Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2088,26 +1188,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:26Z", "label": "Date published" @@ -2115,22 +1195,6 @@ { "data": "2023-09-14T15:53:30Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2170,26 +1234,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-11-19T20:13:06Z", "label": "Date published" @@ -2197,22 +1241,6 @@ { "data": "2023-09-14T15:59:33Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2252,26 +1280,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:51Z", "label": "Date published" @@ -2279,22 +1287,6 @@ { "data": "2023-09-14T16:01:31Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2335,48 +1327,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2021-12-09T19:16:59Z", - "label": "Date published" + "data": "2021-12-09T19:16:59Z", + "label": "Date published" }, { "data": "2023-09-14T16:04:22Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2416,26 +1372,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:42Z", "label": "Date published" @@ -2443,22 +1379,6 @@ { "data": "2023-09-14T16:04:22Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2498,26 +1418,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:10Z", "label": "Date published" @@ -2525,22 +1425,6 @@ { "data": "2023-09-14T16:07:00Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2580,26 +1464,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:54Z", "label": "Date published" @@ -2607,22 +1471,6 @@ { "data": "2023-09-14T16:07:40Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2662,26 +1510,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:46Z", "label": "Date published" @@ -2689,22 +1517,6 @@ { "data": "2023-09-14T16:08:37Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2744,26 +1556,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:18Z", "label": "Date published" @@ -2771,22 +1563,6 @@ { "data": "2023-09-14T16:13:01Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2826,26 +1602,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:34Z", "label": "Date published" @@ -2853,22 +1609,6 @@ { "data": "2023-09-14T16:15:44Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2908,26 +1648,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:24Z", "label": "Date published" @@ -2935,22 +1655,6 @@ { "data": "2023-11-21T11:40:53Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2990,26 +1694,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:00Z", "label": "Date published" @@ -3017,22 +1701,6 @@ { "data": "2024-03-15T00:28:08Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3073,26 +1741,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:11Z", "label": "Date published" @@ -3100,22 +1748,6 @@ { "data": "2024-06-25T13:47:23Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3156,26 +1788,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -3183,22 +1795,6 @@ { "data": "2024-03-15T00:14:44Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3238,26 +1834,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-01-20T21:20:15Z", "label": "Date published" @@ -3265,22 +1841,6 @@ { "data": "2024-03-15T00:16:04Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3320,26 +1880,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-03-12T00:00:36Z", "label": "Date published" @@ -3347,22 +1887,6 @@ { "data": "2024-03-15T00:24:56Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3402,26 +1926,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-02-18T20:51:54Z", "label": "Date published" @@ -3429,22 +1933,6 @@ { "data": "2024-03-15T00:31:24Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3485,48 +1973,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2020-03-04T20:52:11Z", - "label": "Date published" + "data": "2020-03-04T20:52:11Z", + "label": "Date published" }, { "data": "2024-03-15T00:52:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3567,26 +2019,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -3594,22 +2026,6 @@ { "data": "2024-03-24T05:01:05Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3649,26 +2065,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:59:04Z", "label": "Date published" @@ -3676,22 +2072,6 @@ { "data": "2024-07-03T21:10:31Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3733,26 +2113,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-10T18:42:20Z", "label": "Date published" @@ -3760,22 +2120,6 @@ { "data": "2023-01-09T05:02:18Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3817,26 +2161,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-02-24T17:27:27Z", "label": "Date published" @@ -3844,22 +2168,6 @@ { "data": "2024-06-05T16:42:03Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3901,26 +2209,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-04T21:37:45Z", "label": "Date published" @@ -3928,22 +2216,6 @@ { "data": "2023-05-22T20:17:58Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3984,26 +2256,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4011,22 +2263,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4067,26 +2303,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-11-11T19:00:31Z", "label": "Date published" @@ -4094,22 +2310,6 @@ { "data": "2024-06-21T21:33:52Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4150,26 +2350,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4177,22 +2357,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4233,26 +2397,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4260,22 +2404,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4316,26 +2444,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4343,22 +2451,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4399,26 +2491,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-08-31T00:00:24Z", "label": "Date published" @@ -4426,22 +2498,6 @@ { "data": "2024-03-15T19:06:46Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4482,26 +2538,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-12-12T21:19:47Z", "label": "Date published" @@ -4509,22 +2545,6 @@ { "data": "2024-06-24T21:22:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4564,26 +2584,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-17T20:00:50Z", "label": "Date published" @@ -4591,22 +2591,6 @@ { "data": "2023-01-30T05:04:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4647,48 +2631,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2023-11-29T12:30:16Z", - "label": "Date published" + "data": "2023-11-29T12:30:16Z", + "label": "Date published" }, { "data": "2023-12-05T21:31:13Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4734,26 +2682,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-03-10T03:46:47Z", "label": "Date published" @@ -4761,22 +2689,6 @@ { "data": "2023-02-01T05:05:09Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4816,26 +2728,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-23T20:23:04Z", "label": "Date published" @@ -4843,22 +2735,6 @@ { "data": "2023-02-01T05:05:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4900,26 +2776,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-04-06T17:31:30Z", "label": "Date published" @@ -4927,22 +2783,6 @@ { "data": "2023-09-26T11:11:47Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4982,26 +2822,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-04-18T22:19:57Z", "label": "Date published" @@ -5009,22 +2829,6 @@ { "data": "2023-11-06T05:01:53Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5065,26 +2869,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-04-19T18:15:45Z", "label": "Date published" @@ -5092,22 +2876,6 @@ { "data": "2023-11-06T05:02:06Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5147,26 +2915,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-12-02T18:28:18Z", "label": "Date published" @@ -5174,22 +2922,6 @@ { "data": "2024-02-21T17:23:14Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5229,26 +2961,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-07-07T20:55:34Z", "label": "Date published" @@ -5256,22 +2968,6 @@ { "data": "2023-01-29T05:06:01Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5313,26 +3009,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-09-14T16:17:27Z", "label": "Date published" @@ -5340,22 +3016,6 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5399,26 +3059,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-11-04T17:50:24Z", "label": "Date published" @@ -5426,22 +3066,6 @@ { "data": "2023-11-27T23:07:53Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5481,26 +3105,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-07-10T21:52:39Z", "label": "Date published" @@ -5508,22 +3112,6 @@ { "data": "2023-09-05T22:39:32Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5563,26 +3151,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-10T15:43:22Z", "label": "Date published" @@ -5590,22 +3158,6 @@ { "data": "2023-02-01T05:05:51Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5647,26 +3199,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-09-14T16:16:00Z", "label": "Date published" @@ -5674,22 +3206,6 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5732,26 +3248,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-10-12T17:33:00Z", "label": "Date published" @@ -5759,22 +3255,6 @@ { "data": "2023-02-01T05:04:50Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5813,53 +3293,8 @@ ], "cwe": [] }, - "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "", - "label": "Date published" - }, - { - "data": "", - "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" - } - ], - "refs": [ + "descriptions": [], + "refs": [ { "ref": [ { @@ -5894,52 +3329,7 @@ ], "cwe": [] }, - "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "", - "label": "Date published" - }, - { - "data": "", - "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -5976,26 +3366,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-02-09T22:57:29Z", "label": "Date published" @@ -6003,22 +3373,6 @@ { "data": "2024-06-27T16:39:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6058,26 +3412,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-02-10T23:05:04Z", "label": "Date published" @@ -6085,22 +3419,6 @@ { "data": "2024-06-27T18:05:49Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6140,26 +3458,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-05T16:13:36Z", "label": "Date published" @@ -6167,22 +3465,6 @@ { "data": "2023-01-27T05:02:30Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6222,26 +3504,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-03T23:40:23Z", "label": "Date published" @@ -6249,22 +3511,6 @@ { "data": "2023-02-01T05:05:30Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6304,26 +3550,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-03-05T00:00:45Z", "label": "Date published" @@ -6331,22 +3557,6 @@ { "data": "2023-01-27T05:02:46Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6387,26 +3597,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-07-07T20:55:40Z", "label": "Date published" @@ -6414,22 +3604,6 @@ { "data": "2023-07-24T19:39:20Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6469,26 +3643,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-10-10T21:28:24Z", "label": "Date published" @@ -6496,22 +3650,6 @@ { "data": "2024-06-21T21:34:00Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6557,26 +3695,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2024-02-26T20:13:46Z", "label": "Date published" @@ -6584,22 +3702,6 @@ { "data": "2024-05-02T18:38:19Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6639,26 +3741,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-10-10T21:16:23Z", "label": "Date published" @@ -6666,22 +3748,6 @@ { "data": "2024-06-21T21:33:57Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6723,26 +3789,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2018-10-18T18:06:08Z", "label": "Date published" @@ -6750,22 +3796,6 @@ { "data": "2023-01-09T05:03:38Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6805,26 +3835,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-10-24T01:49:09Z", "label": "Date published" @@ -6832,22 +3842,6 @@ { "data": "2023-11-05T05:04:23Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6887,26 +3881,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-01-06T23:55:09Z", "label": "Date published" @@ -6914,22 +3888,6 @@ { "data": "2023-02-25T00:31:20Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6971,26 +3929,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-01-21T23:07:39Z", "label": "Date published" @@ -6998,22 +3936,6 @@ { "data": "2023-08-18T15:47:05Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -7041,7 +3963,7 @@ ] } ], - "sha256": "25bf90c037c3f0f51691592616b392c99d564773fcb3c5416e41fbf6af2fd389" + "sha256": "82ad756c2d967b02ca0faafcad9397c1abd3ca0b2a3906c509afbbb49f1b5718" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index db6a8da72d..a76fcb2b67 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -34,26 +34,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-03-25T17:04:19Z", "label": "Date published" @@ -61,22 +41,6 @@ { "data": "2023-11-09T18:44:38Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -119,26 +83,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-06-14T18:30:38Z", "label": "Date published" @@ -146,22 +90,6 @@ { "data": "2024-02-13T21:49:15Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -201,26 +129,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T21:08:40Z", "label": "Date published" @@ -228,22 +136,6 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -283,26 +175,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:44Z", "label": "Date published" @@ -310,22 +182,6 @@ { "data": "2023-02-01T05:02:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -365,26 +221,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-10T21:12:41Z", "label": "Date published" @@ -392,22 +228,6 @@ { "data": "2023-02-01T05:03:03Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -447,26 +267,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:50Z", "label": "Date published" @@ -474,22 +274,6 @@ { "data": "2023-02-01T05:03:05Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -529,26 +313,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T20:19:02Z", "label": "Date published" @@ -556,22 +320,6 @@ { "data": "2024-03-15T00:41:35Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -611,26 +359,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:47Z", "label": "Date published" @@ -638,22 +366,6 @@ { "data": "2024-03-15T00:48:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -693,26 +405,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:58:54Z", "label": "Date published" @@ -720,22 +412,6 @@ { "data": "2024-03-15T00:50:18Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -775,26 +451,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T21:36:03Z", "label": "Date published" @@ -802,22 +458,6 @@ { "data": "2024-06-25T13:46:45Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -857,26 +497,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-23T16:32:59Z", "label": "Date published" @@ -884,22 +504,6 @@ { "data": "2024-07-03T21:10:50Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -939,26 +543,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-18T14:44:50Z", "label": "Date published" @@ -966,22 +550,6 @@ { "data": "2023-02-01T05:04:14Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1021,26 +589,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-18T14:44:43Z", "label": "Date published" @@ -1048,22 +596,6 @@ { "data": "2024-03-15T00:37:17Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1103,26 +635,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-18T14:44:46Z", "label": "Date published" @@ -1130,22 +642,6 @@ { "data": "2024-03-15T00:39:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1186,48 +682,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2020-06-18T14:44:48Z", - "label": "Date published" + "data": "2020-06-18T14:44:48Z", + "label": "Date published" }, { "data": "2024-06-25T13:46:04Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1267,26 +727,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-03-04T20:52:14Z", "label": "Date published" @@ -1294,22 +734,6 @@ { "data": "2023-06-08T19:02:12Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1349,26 +773,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-07-15T19:41:47Z", "label": "Date published" @@ -1376,22 +780,6 @@ { "data": "2023-08-18T15:45:27Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1431,26 +819,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2019-11-13T00:32:27Z", "label": "Date published" @@ -1458,22 +826,6 @@ { "data": "2023-09-14T14:55:20Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1513,26 +865,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2019-11-13T00:32:38Z", "label": "Date published" @@ -1540,22 +872,6 @@ { "data": "2023-09-14T14:55:25Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1595,26 +911,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2019-10-28T20:51:15Z", "label": "Date published" @@ -1622,22 +918,6 @@ { "data": "2024-03-15T00:57:37Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1677,26 +957,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:59:10Z", "label": "Date published" @@ -1704,22 +964,6 @@ { "data": "2023-09-14T15:09:40Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1759,26 +1003,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:59:01Z", "label": "Date published" @@ -1786,22 +1010,6 @@ { "data": "2024-03-15T00:20:09Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1842,26 +1050,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:14:51Z", "label": "Date published" @@ -1869,22 +1057,6 @@ { "data": "2023-09-14T15:44:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -1924,26 +1096,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:36Z", "label": "Date published" @@ -1951,22 +1103,6 @@ { "data": "2023-09-14T15:47:50Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2006,26 +1142,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:02Z", "label": "Date published" @@ -2033,22 +1149,6 @@ { "data": "2023-09-14T15:52:49Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2088,26 +1188,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:26Z", "label": "Date published" @@ -2115,22 +1195,6 @@ { "data": "2023-09-14T15:53:30Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2170,26 +1234,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-11-19T20:13:06Z", "label": "Date published" @@ -2197,22 +1241,6 @@ { "data": "2023-09-14T15:59:33Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2252,26 +1280,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:51Z", "label": "Date published" @@ -2279,22 +1287,6 @@ { "data": "2023-09-14T16:01:31Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2335,48 +1327,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2021-12-09T19:16:59Z", - "label": "Date published" + "data": "2021-12-09T19:16:59Z", + "label": "Date published" }, { "data": "2023-09-14T16:04:22Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2416,26 +1372,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:42Z", "label": "Date published" @@ -2443,22 +1379,6 @@ { "data": "2023-09-14T16:04:22Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2498,26 +1418,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:10Z", "label": "Date published" @@ -2525,22 +1425,6 @@ { "data": "2023-09-14T16:07:00Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2580,26 +1464,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:54Z", "label": "Date published" @@ -2607,22 +1471,6 @@ { "data": "2023-09-14T16:07:40Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2662,26 +1510,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:46Z", "label": "Date published" @@ -2689,22 +1517,6 @@ { "data": "2023-09-14T16:08:37Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2744,26 +1556,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:18Z", "label": "Date published" @@ -2771,22 +1563,6 @@ { "data": "2023-09-14T16:13:01Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2826,26 +1602,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:16:34Z", "label": "Date published" @@ -2853,22 +1609,6 @@ { "data": "2023-09-14T16:15:44Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2908,26 +1648,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:24Z", "label": "Date published" @@ -2935,22 +1655,6 @@ { "data": "2023-11-21T11:40:53Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -2990,26 +1694,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:00Z", "label": "Date published" @@ -3017,22 +1701,6 @@ { "data": "2024-03-15T00:28:08Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3073,26 +1741,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-09T19:15:11Z", "label": "Date published" @@ -3100,22 +1748,6 @@ { "data": "2024-06-25T13:47:23Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3156,26 +1788,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -3183,22 +1795,6 @@ { "data": "2024-03-15T00:14:44Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3238,26 +1834,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-01-20T21:20:15Z", "label": "Date published" @@ -3265,22 +1841,6 @@ { "data": "2024-03-15T00:16:04Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3320,26 +1880,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-03-12T00:00:36Z", "label": "Date published" @@ -3347,22 +1887,6 @@ { "data": "2024-03-15T00:24:56Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3402,26 +1926,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-02-18T20:51:54Z", "label": "Date published" @@ -3429,22 +1933,6 @@ { "data": "2024-03-15T00:31:24Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3485,48 +1973,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2020-03-04T20:52:11Z", - "label": "Date published" + "data": "2020-03-04T20:52:11Z", + "label": "Date published" }, { "data": "2024-03-15T00:52:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3567,26 +2019,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-10-03T00:00:31Z", "label": "Date published" @@ -3594,22 +2026,6 @@ { "data": "2024-03-24T05:01:05Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3649,26 +2065,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-05-15T18:59:04Z", "label": "Date published" @@ -3676,22 +2072,6 @@ { "data": "2024-07-03T21:10:31Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3733,26 +2113,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-04-10T18:42:20Z", "label": "Date published" @@ -3760,22 +2120,6 @@ { "data": "2023-01-09T05:02:18Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3817,26 +2161,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-02-24T17:27:27Z", "label": "Date published" @@ -3844,22 +2168,6 @@ { "data": "2024-06-05T16:42:03Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3901,26 +2209,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-04T21:37:45Z", "label": "Date published" @@ -3928,22 +2216,6 @@ { "data": "2023-05-22T20:17:58Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -3984,26 +2256,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4011,22 +2263,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4067,26 +2303,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-11-11T19:00:31Z", "label": "Date published" @@ -4094,22 +2310,6 @@ { "data": "2024-06-21T21:33:52Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4150,26 +2350,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4177,22 +2357,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4233,26 +2397,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4260,22 +2404,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4316,26 +2444,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-09-06T00:00:27Z", "label": "Date published" @@ -4343,22 +2451,6 @@ { "data": "2024-03-15T12:30:36Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4399,26 +2491,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-08-31T00:00:24Z", "label": "Date published" @@ -4426,22 +2498,6 @@ { "data": "2024-03-15T19:06:46Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4482,26 +2538,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-12-12T21:19:47Z", "label": "Date published" @@ -4509,22 +2545,6 @@ { "data": "2024-06-24T21:22:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4564,26 +2584,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-12-17T20:00:50Z", "label": "Date published" @@ -4591,22 +2591,6 @@ { "data": "2023-01-30T05:04:55Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4647,48 +2631,12 @@ }, "descriptions": [ { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "2023-11-29T12:30:16Z", - "label": "Date published" + "data": "2023-11-29T12:30:16Z", + "label": "Date published" }, { "data": "2023-12-05T21:31:13Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4734,26 +2682,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-03-10T03:46:47Z", "label": "Date published" @@ -4761,22 +2689,6 @@ { "data": "2023-02-01T05:05:09Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4816,26 +2728,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-23T20:23:04Z", "label": "Date published" @@ -4843,22 +2735,6 @@ { "data": "2023-02-01T05:05:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4900,26 +2776,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-04-06T17:31:30Z", "label": "Date published" @@ -4927,22 +2783,6 @@ { "data": "2023-09-26T11:11:47Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -4982,26 +2822,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-04-18T22:19:57Z", "label": "Date published" @@ -5009,22 +2829,6 @@ { "data": "2023-11-06T05:01:53Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5065,26 +2869,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-04-19T18:15:45Z", "label": "Date published" @@ -5092,22 +2876,6 @@ { "data": "2023-11-06T05:02:06Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5147,26 +2915,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-12-02T18:28:18Z", "label": "Date published" @@ -5174,22 +2922,6 @@ { "data": "2024-02-21T17:23:14Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5229,26 +2961,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-07-07T20:55:34Z", "label": "Date published" @@ -5256,22 +2968,6 @@ { "data": "2023-01-29T05:06:01Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5313,26 +3009,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-09-14T16:17:27Z", "label": "Date published" @@ -5340,22 +3016,6 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5399,26 +3059,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-11-04T17:50:24Z", "label": "Date published" @@ -5426,22 +3066,6 @@ { "data": "2023-11-27T23:07:53Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5481,26 +3105,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-07-10T21:52:39Z", "label": "Date published" @@ -5508,22 +3112,6 @@ { "data": "2023-09-05T22:39:32Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5563,26 +3151,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-10T15:43:22Z", "label": "Date published" @@ -5590,22 +3158,6 @@ { "data": "2023-02-01T05:05:51Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5647,26 +3199,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-09-14T16:16:00Z", "label": "Date published" @@ -5674,22 +3206,6 @@ { "data": "2023-11-06T05:01:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5732,26 +3248,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-10-12T17:33:00Z", "label": "Date published" @@ -5759,22 +3255,6 @@ { "data": "2023-02-01T05:04:50Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -5813,53 +3293,8 @@ ], "cwe": [] }, - "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "", - "label": "Date published" - }, - { - "data": "", - "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" - } - ], - "refs": [ + "descriptions": [], + "refs": [ { "ref": [ { @@ -5894,52 +3329,7 @@ ], "cwe": [] }, - "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, - { - "data": "", - "label": "Date published" - }, - { - "data": "", - "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -5976,26 +3366,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-02-09T22:57:29Z", "label": "Date published" @@ -6003,22 +3373,6 @@ { "data": "2024-06-27T16:39:59Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6058,26 +3412,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-02-10T23:05:04Z", "label": "Date published" @@ -6085,22 +3419,6 @@ { "data": "2024-06-27T18:05:49Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6140,26 +3458,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2020-06-05T16:13:36Z", "label": "Date published" @@ -6167,22 +3465,6 @@ { "data": "2023-01-27T05:02:30Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6222,26 +3504,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2021-06-03T23:40:23Z", "label": "Date published" @@ -6249,22 +3511,6 @@ { "data": "2023-02-01T05:05:30Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6304,26 +3550,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-03-05T00:00:45Z", "label": "Date published" @@ -6331,22 +3557,6 @@ { "data": "2023-01-27T05:02:46Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6387,26 +3597,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-07-07T20:55:40Z", "label": "Date published" @@ -6414,22 +3604,6 @@ { "data": "2023-07-24T19:39:20Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6469,26 +3643,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-10-10T21:28:24Z", "label": "Date published" @@ -6496,22 +3650,6 @@ { "data": "2024-06-21T21:34:00Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6557,26 +3695,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2024-02-26T20:13:46Z", "label": "Date published" @@ -6584,22 +3702,6 @@ { "data": "2024-05-02T18:38:19Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6639,26 +3741,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-10-10T21:16:23Z", "label": "Date published" @@ -6666,22 +3748,6 @@ { "data": "2024-06-21T21:33:57Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6723,26 +3789,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2018-10-18T18:06:08Z", "label": "Date published" @@ -6750,22 +3796,6 @@ { "data": "2023-01-09T05:03:38Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6805,26 +3835,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2023-10-24T01:49:09Z", "label": "Date published" @@ -6832,22 +3842,6 @@ { "data": "2023-11-05T05:04:23Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6887,26 +3881,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-01-06T23:55:09Z", "label": "Date published" @@ -6914,22 +3888,6 @@ { "data": "2023-02-25T00:31:20Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -6971,26 +3929,6 @@ ] }, "descriptions": [ - { - "data": "", - "label": "Detail" - }, - { - "data": "", - "label": "Recommendation" - }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, - { - "data": "", - "label": "Date created" - }, { "data": "2022-01-21T23:07:39Z", "label": "Date published" @@ -6998,22 +3936,6 @@ { "data": "2023-08-18T15:47:05Z", "label": "Date updated" - }, - { - "data": "", - "label": "Date rejected" - }, - { - "data": "", - "label": "Credits" - }, - { - "data": "", - "label": "Tools" - }, - { - "data": "", - "label": "Analysis" } ], "refs": [ @@ -7041,7 +3963,7 @@ ] } ], - "sha256": "25bf90c037c3f0f51691592616b392c99d564773fcb3c5416e41fbf6af2fd389" + "sha256": "82ad756c2d967b02ca0faafcad9397c1abd3ca0b2a3906c509afbbb49f1b5718" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json index 7594a3ef8f..8b897c8ac6 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json @@ -35,14 +35,6 @@ "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", "label": "Recommendation" }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, { "data": "2020-12-03T00:00:00.000Z", "label": "Date created" @@ -55,10 +47,6 @@ "data": "2021-10-26T00:00:00.000Z", "label": "Date updated" }, - { - "data": "", - "label": "Date rejected" - }, { "data": { "individuals": [ @@ -69,10 +57,6 @@ }, "label": "Credits" }, - { - "data": "", - "label": "Tools" - }, { "data": { "state": "not_affected", @@ -134,7 +118,7 @@ ] } ], - "sha256": "34f7fa34392e163ba11e5899db408e3c390e0c4c38c5085f69e8d6405c26141c" + "sha256": "ea955961c50e68aa955994bdfdc4e8d2e4d5de134971a3d1d7aaf9bd418b254f" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json index 66843bfbbb..730a5f3db4 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json @@ -35,14 +35,6 @@ "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", "label": "Recommendation" }, - { - "data": "", - "label": "Workaround" - }, - { - "data": "", - "label": "Proof of concept" - }, { "data": "2020-12-03T00:00:00.000Z", "label": "Date created" @@ -55,10 +47,6 @@ "data": "2021-10-26T00:00:00.000Z", "label": "Date updated" }, - { - "data": "", - "label": "Date rejected" - }, { "data": { "individuals": [ @@ -69,10 +57,6 @@ }, "label": "Credits" }, - { - "data": "", - "label": "Tools" - }, { "data": { "state": "not_affected", @@ -134,7 +118,7 @@ ] } ], - "sha256": "34f7fa34392e163ba11e5899db408e3c390e0c4c38c5085f69e8d6405c26141c" + "sha256": "ea955961c50e68aa955994bdfdc4e8d2e4d5de134971a3d1d7aaf9bd418b254f" } ], "passthrough": { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index b0660343cf..fb39283d27 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -3,10 +3,7 @@ import _ from 'lodash'; import {version as HeimdallToolsVersion} from '../package.json'; import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; -import { - conditionallyProvideAttribute, - getCCIsForNISTTags -} from './utils/global'; +import {getCCIsForNISTTags} from './utils/global'; const CWE_NIST_MAPPING = new CweNistMapping(); const DEFAULT_NIST_TAG = ['SI-2', 'RA-5']; @@ -41,9 +38,11 @@ function getNISTTags(input: number[]): string[] { function aggregateImpact(ratings: Record[]): number { let impact = 0; for (const rating of ratings) { + // Prefer to use CVSS-based `score` field when possible if (_.has(rating, 'score') && _.get(rating, 'method') == 'CVSSv31') { impact += (rating as {score: number}).score; } else { + // Else interpret it from `severity` field const severity = IMPACT_MAPPING.get( (rating as {severity: string}).severity.toLowerCase() ); @@ -290,49 +289,82 @@ export class SBOMMapper extends BaseConverter { }, descriptions: [ { - data: {path: 'detail'}, - label: 'Detail' - }, + path: 'detail', + transformer: ( + input: Record + ): Record | undefined => + input ? {data: input, label: 'Detail'} : undefined + } as unknown as ExecJSON.ControlDescription, { - data: {path: 'recommendation'}, - label: 'Recommendation' - }, + path: 'recommendation', + transformer: ( + input: Record + ): Record | undefined => + input ? {data: input, label: 'Recommendation'} : undefined + } as unknown as ExecJSON.ControlDescription, { - data: {path: 'workaround'}, - label: 'Workaround' - }, + path: 'workaround', + transformer: ( + input: Record + ): Record | undefined => + input ? {data: input, label: 'Workaround'} : undefined + } as unknown as ExecJSON.ControlDescription, { - data: {path: 'proofOfConcept'}, - label: 'Proof of concept' - }, + path: 'proofOfConcept', + transformer: ( + input: Record + ): Record | undefined => + input ? {data: input, label: 'Proof of concept'} : undefined + } as unknown as ExecJSON.ControlDescription, { - data: {path: 'created'}, - label: 'Date created' - }, + path: 'created', + transformer: ( + input: Record + ): Record | undefined => + input ? {data: input, label: 'Date created'} : undefined + } as unknown as ExecJSON.ControlDescription, { - data: {path: 'published'}, - label: 'Date published' - }, + path: 'published', + transformer: ( + input: Record + ): Record | undefined => + input ? {data: input, label: 'Date published'} : undefined + } as unknown as ExecJSON.ControlDescription, { - data: {path: 'updated'}, - label: 'Date updated' - }, + path: 'updated', + transformer: ( + input: Record + ): Record | undefined => + input ? {data: input, label: 'Date updated'} : undefined + } as unknown as ExecJSON.ControlDescription, { - data: {path: 'rejected'}, - label: 'Date rejected' - }, + path: 'rejected', + transformer: ( + input: Record + ): Record | undefined => + input ? {data: input, label: 'Date rejected'} : undefined + } as unknown as ExecJSON.ControlDescription, { - data: {path: 'credits'}, - label: 'Credits' - }, + path: 'credits', + transformer: ( + input: Record + ): Record | undefined => + input ? {data: input, label: 'Credits'} : undefined + } as unknown as ExecJSON.ControlDescription, { - data: {path: 'tools'}, - label: 'Tools' - }, + path: 'tools', + transformer: ( + input: Record + ): Record | undefined => + input ? {data: input, label: 'Tools'} : undefined + } as unknown as ExecJSON.ControlDescription, { - data: {path: 'analysis'}, - label: 'Analysis' - } + path: 'analysis', + transformer: ( + input: Record + ): Record | undefined => + input ? {data: input, label: 'Analysis'} : undefined + } as unknown as ExecJSON.ControlDescription ], refs: [ { From e605a885938ba069593b7db04e1078b8c74057ec Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Wed, 31 Jul 2024 11:17:31 -0400 Subject: [PATCH 26/61] Various styling changes Signed-off-by: Charles Hu --- .../sbom-dropwizard-vex-hdf-withraw.json | 254 ++++++++++++------ .../sbom_mapper/sbom-dropwizard-vex-hdf.json | 254 ++++++++++++------ .../sbom-dropwizard-vulns-hdf-withraw.json | 254 ++++++++++++------ .../sbom-dropwizard-vulns-hdf.json | 254 ++++++++++++------ .../sbom_mapper/sbom-vex-hdf-withraw.json | 23 +- .../sbom_mapper/sbom-vex-hdf.json | 23 +- libs/hdf-converters/src/sbom-mapper.ts | 34 ++- 7 files changed, 713 insertions(+), 383 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index 9d66a404ff..15c84ae0b9 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -54,8 +54,9 @@ } ], "source_location": {}, - "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine...", "id": "GHSA-5mg8-w23w-74h3", + "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -103,8 +104,9 @@ } ], "source_location": {}, - "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix...", "id": "GHSA-7g45-4rm6-3mm3", + "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -149,8 +151,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)....", "id": "GHSA-5p34-5m6p-p58g", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -195,8 +198,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)....", "id": "GHSA-27xj-rqx5-2255", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -241,8 +245,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)....", "id": "GHSA-58pp-9c76-5625", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -287,8 +292,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool,...", "id": "GHSA-v3xw-c963-f5hc", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -333,8 +339,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly)....", "id": "GHSA-h4rc-386g-6m85", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -379,8 +386,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)....", "id": "GHSA-9vvp-fxw6-jcxr", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -425,8 +433,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)....", "id": "GHSA-rf6r-2c4q-2vwg", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -471,8 +480,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane....", "id": "GHSA-758m-v56v-grj4", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -517,8 +527,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)....", "id": "GHSA-95cm-88f5-f2c7", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -563,8 +574,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...", "id": "GHSA-c2q3-4qrh-fm48", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -609,8 +621,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)....", "id": "GHSA-mc6h-4qgp-37qh", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -655,8 +668,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)....", "id": "GHSA-j823-4qch-3rgm", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -701,8 +715,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)....", "id": "GHSA-c265-37vj-cwcc", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -747,8 +762,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as...", "id": "GHSA-4w82-r329-3q67", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -793,8 +809,9 @@ } ], "source_location": {}, - "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class...", "id": "GHSA-rpr3-cw39-3pxh", + "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -839,8 +856,9 @@ } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", "id": "GHSA-fmmc-742q-jg75", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -885,8 +903,9 @@ } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", "id": "GHSA-gjmw-vf9h-g25v", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -931,8 +950,9 @@ } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or...", "id": "GHSA-mx7p-6679-8g3q", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -977,8 +997,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka...", "id": "GHSA-q93h-jc49-78gg", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1023,8 +1044,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka...", "id": "GHSA-p43x-xfjf-5jhr", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1070,8 +1092,9 @@ } ], "source_location": {}, - "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the...", "id": "GHSA-h3cw-g4mq-c5x2", + "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1116,8 +1139,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to...", "id": "GHSA-qjw2-hr98-qgfh", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1162,8 +1186,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`....", "id": "GHSA-8w26-6f25-cm9x", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1208,8 +1233,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource....", "id": "GHSA-m6x4-97wx-4q27", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1254,8 +1280,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`....", "id": "GHSA-v585-23hc-c647", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1300,8 +1327,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource....", "id": "GHSA-r695-7vr9-jgc2", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1346,8 +1374,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource....", "id": "GHSA-vfqx-33qm-g869", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1392,8 +1421,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`....", "id": "GHSA-f9xh-2qgp-cq57", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1438,8 +1468,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`....", "id": "GHSA-cvm9-fjm9-3572", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1484,8 +1515,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`....", "id": "GHSA-9gph-22xh-8x98", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1530,8 +1562,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS....", "id": "GHSA-89qr-369f-5m5x", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1576,8 +1609,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS....", "id": "GHSA-8c4j-34r4-xr8g", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1622,8 +1656,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool....", "id": "GHSA-9m6f-7xcq-8vf8", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1668,8 +1703,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in...", "id": "GHSA-5r5r-6hpj-8gg9", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1714,8 +1750,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource....", "id": "GHSA-wh8g-3j2c-rqj5", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1761,8 +1798,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource....", "id": "GHSA-r3gr-cxrf-hg25", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1808,8 +1846,9 @@ } ], "source_location": {}, - "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of...", "id": "GHSA-jjjh-jjxp-wpff", + "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1854,8 +1893,9 @@ } ], "source_location": {}, - "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The...", "id": "GHSA-5949-rw7g-wx7w", + "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1900,8 +1940,9 @@ } ], "source_location": {}, - "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of...", "id": "GHSA-57j2-w4cx-62h2", + "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1946,8 +1987,9 @@ } ], "source_location": {}, - "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows...", "id": "GHSA-288c-cq4h-88gq", + "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1992,8 +2034,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking....", "id": "GHSA-gww7-p5w4-wrfv", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2039,8 +2082,9 @@ } ], "source_location": {}, - "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a...", "id": "GHSA-rgv9-q543-rqg4", + "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2085,8 +2129,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)....", "id": "GHSA-fqwf-pjwf-7vqv", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2133,8 +2178,9 @@ } ], "source_location": {}, - "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary...", "id": "GHSA-8jpx-m2wh-2v34", + "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2181,8 +2227,9 @@ } ], "source_location": {}, - "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard...", "id": "GHSA-3mcp-9wr4-cjqf", + "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2229,8 +2276,9 @@ } ], "source_location": {}, - "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564....", "id": "GHSA-rvwf-54qp-4r6v", + "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2276,8 +2324,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is...", "id": "GHSA-9w3m-gqgf-c4p9", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2323,8 +2372,9 @@ } ], "source_location": {}, - "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser...", "id": "GHSA-w37g-rhq8-7m4j", + "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2370,8 +2420,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", "id": "GHSA-c4r9-r8fh-9vj2", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2417,8 +2468,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", "id": "GHSA-hhhw-99gj-p3c3", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2464,8 +2516,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", "id": "GHSA-98wm-3w3q-mw94", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2511,8 +2564,9 @@ } ], "source_location": {}, - "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth...", "id": "GHSA-3mc7-4q67-w48m", + "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2558,8 +2612,9 @@ } ], "source_location": {}, - "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new...", "id": "GHSA-mjmj-j48q-9wg2", + "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2604,8 +2659,9 @@ } ], "source_location": {}, - "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a...", "id": "GHSA-668q-qrv7-99fm", + "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2650,8 +2706,9 @@ } ], "source_location": {}, - "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending...", "id": "GHSA-vmq6-5m68-f53m", + "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2696,8 +2753,9 @@ } ], "source_location": {}, - "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such...", "id": "GHSA-m394-8rww-3jr7", + "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2742,8 +2800,9 @@ } ], "source_location": {}, - "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the...", "id": "GHSA-m6cp-vxjx-65j6", + "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2790,8 +2849,9 @@ } ], "source_location": {}, - "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large...", "id": "GHSA-26vr-8j45-3r4w", + "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2836,8 +2896,9 @@ } ], "source_location": {}, - "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior...", "id": "GHSA-p26g-97m4-6q7c", + "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2883,8 +2944,9 @@ } ], "source_location": {}, - "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the...", "id": "GHSA-qw69-rqj8-6qw8", + "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2929,8 +2991,9 @@ } ], "source_location": {}, - "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection...", "id": "GHSA-86wm-rrjm-8wh8", + "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2975,8 +3038,9 @@ } ], "source_location": {}, - "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with...", "id": "GHSA-cj7v-27pg-wf7q", + "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3023,8 +3087,9 @@ } ], "source_location": {}, - "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive...", "id": "GHSA-hmr7-m48g-48f6", + "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3073,8 +3138,9 @@ } ], "source_location": {}, - "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated...", "id": "GHSA-g3wg-6mcf-8jj6", + "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3119,8 +3185,9 @@ } ], "source_location": {}, - "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when...", "id": "GHSA-58qw-p7qm-5rvh", + "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3165,8 +3232,9 @@ } ], "source_location": {}, - "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request...", "id": "GHSA-gwcr-j4wh-j3cq", + "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3213,8 +3281,9 @@ } ], "source_location": {}, - "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the...", "id": "GHSA-3gh6-v5v9-6v9j", + "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3262,8 +3331,9 @@ } ], "source_location": {}, - "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static...", "id": "GHSA-269g-pwp5-87pp", + "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3334,8 +3404,9 @@ } ], "source_location": {}, - "title": "testing", + "title": "testing...", "id": "INT-63e3-49kp-blqt", + "desc": "testing", "impact": 0.3, "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3380,8 +3451,9 @@ } ], "source_location": {}, - "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A...", "id": "GHSA-j8jw-g6fq-mp7h", + "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3426,8 +3498,9 @@ } ], "source_location": {}, - "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation...", "id": "GHSA-8grg-q944-cch5", + "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3472,8 +3545,9 @@ } ], "source_location": {}, - "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular...", "id": "GHSA-hwj3-m3p6-hj38", + "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3518,8 +3592,9 @@ } ], "source_location": {}, - "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the...", "id": "GHSA-7r82-7xv7-xcpj", + "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3564,8 +3639,9 @@ } ], "source_location": {}, - "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of...", "id": "GHSA-jvfv-hrrc-6q72", + "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3611,8 +3687,9 @@ } ], "source_location": {}, - "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from...", "id": "GHSA-wgmr-mf83-7x4j", + "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3657,8 +3734,9 @@ } ], "source_location": {}, - "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should...", "id": "GHSA-qppj-fm5r-hxr3", + "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3703,8 +3781,9 @@ } ], "source_location": {}, - "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as...", "id": "GHSA-rggv-cv7r-mw98", + "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3749,8 +3828,9 @@ } ], "source_location": {}, - "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following...", "id": "GHSA-wgh7-54f2-x98r", + "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3797,8 +3877,9 @@ } ], "source_location": {}, - "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to...", "id": "GHSA-w4g2-9hj6-5472", + "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3843,8 +3924,9 @@ } ], "source_location": {}, - "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a...", "id": "GHSA-mm8h-8587-p46h", + "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3889,8 +3971,9 @@ } ], "source_location": {}, - "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote...", "id": "GHSA-h376-j262-vhq6", + "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3937,8 +4020,9 @@ } ], "source_location": {}, - "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring,...", "id": "GHSA-45hx-wfhj-473x", + "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3951,7 +4035,7 @@ ] } ], - "sha256": "9cb9c7b18399f04b0e0eace60440893a66e95336da56eca1a628d82e2584ac2c" + "sha256": "11b3bd3a723f0a6401c2b51a41adb4a7a1a44a5053a5bb25468fe80087fc0021" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json index eceeca3f78..ef70c621d4 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -54,8 +54,9 @@ } ], "source_location": {}, - "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine...", "id": "GHSA-5mg8-w23w-74h3", + "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -103,8 +104,9 @@ } ], "source_location": {}, - "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix...", "id": "GHSA-7g45-4rm6-3mm3", + "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -149,8 +151,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)....", "id": "GHSA-5p34-5m6p-p58g", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -195,8 +198,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)....", "id": "GHSA-27xj-rqx5-2255", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -241,8 +245,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)....", "id": "GHSA-58pp-9c76-5625", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -287,8 +292,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool,...", "id": "GHSA-v3xw-c963-f5hc", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -333,8 +339,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly)....", "id": "GHSA-h4rc-386g-6m85", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -379,8 +386,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)....", "id": "GHSA-9vvp-fxw6-jcxr", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -425,8 +433,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)....", "id": "GHSA-rf6r-2c4q-2vwg", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -471,8 +480,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane....", "id": "GHSA-758m-v56v-grj4", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -517,8 +527,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)....", "id": "GHSA-95cm-88f5-f2c7", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -563,8 +574,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...", "id": "GHSA-c2q3-4qrh-fm48", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -609,8 +621,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)....", "id": "GHSA-mc6h-4qgp-37qh", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -655,8 +668,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)....", "id": "GHSA-j823-4qch-3rgm", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -701,8 +715,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)....", "id": "GHSA-c265-37vj-cwcc", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -747,8 +762,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as...", "id": "GHSA-4w82-r329-3q67", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -793,8 +809,9 @@ } ], "source_location": {}, - "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class...", "id": "GHSA-rpr3-cw39-3pxh", + "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -839,8 +856,9 @@ } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", "id": "GHSA-fmmc-742q-jg75", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -885,8 +903,9 @@ } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", "id": "GHSA-gjmw-vf9h-g25v", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -931,8 +950,9 @@ } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or...", "id": "GHSA-mx7p-6679-8g3q", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -977,8 +997,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka...", "id": "GHSA-q93h-jc49-78gg", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1023,8 +1044,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka...", "id": "GHSA-p43x-xfjf-5jhr", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1070,8 +1092,9 @@ } ], "source_location": {}, - "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the...", "id": "GHSA-h3cw-g4mq-c5x2", + "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1116,8 +1139,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to...", "id": "GHSA-qjw2-hr98-qgfh", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1162,8 +1186,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`....", "id": "GHSA-8w26-6f25-cm9x", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1208,8 +1233,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource....", "id": "GHSA-m6x4-97wx-4q27", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1254,8 +1280,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`....", "id": "GHSA-v585-23hc-c647", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1300,8 +1327,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource....", "id": "GHSA-r695-7vr9-jgc2", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1346,8 +1374,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource....", "id": "GHSA-vfqx-33qm-g869", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1392,8 +1421,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`....", "id": "GHSA-f9xh-2qgp-cq57", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1438,8 +1468,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`....", "id": "GHSA-cvm9-fjm9-3572", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1484,8 +1515,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`....", "id": "GHSA-9gph-22xh-8x98", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1530,8 +1562,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS....", "id": "GHSA-89qr-369f-5m5x", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1576,8 +1609,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS....", "id": "GHSA-8c4j-34r4-xr8g", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1622,8 +1656,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool....", "id": "GHSA-9m6f-7xcq-8vf8", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1668,8 +1703,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in...", "id": "GHSA-5r5r-6hpj-8gg9", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1714,8 +1750,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource....", "id": "GHSA-wh8g-3j2c-rqj5", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1761,8 +1798,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource....", "id": "GHSA-r3gr-cxrf-hg25", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1808,8 +1846,9 @@ } ], "source_location": {}, - "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of...", "id": "GHSA-jjjh-jjxp-wpff", + "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1854,8 +1893,9 @@ } ], "source_location": {}, - "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The...", "id": "GHSA-5949-rw7g-wx7w", + "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1900,8 +1940,9 @@ } ], "source_location": {}, - "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of...", "id": "GHSA-57j2-w4cx-62h2", + "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1946,8 +1987,9 @@ } ], "source_location": {}, - "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows...", "id": "GHSA-288c-cq4h-88gq", + "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1992,8 +2034,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking....", "id": "GHSA-gww7-p5w4-wrfv", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2039,8 +2082,9 @@ } ], "source_location": {}, - "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a...", "id": "GHSA-rgv9-q543-rqg4", + "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2085,8 +2129,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)....", "id": "GHSA-fqwf-pjwf-7vqv", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2133,8 +2178,9 @@ } ], "source_location": {}, - "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary...", "id": "GHSA-8jpx-m2wh-2v34", + "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2181,8 +2227,9 @@ } ], "source_location": {}, - "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard...", "id": "GHSA-3mcp-9wr4-cjqf", + "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2229,8 +2276,9 @@ } ], "source_location": {}, - "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564....", "id": "GHSA-rvwf-54qp-4r6v", + "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2276,8 +2324,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is...", "id": "GHSA-9w3m-gqgf-c4p9", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2323,8 +2372,9 @@ } ], "source_location": {}, - "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser...", "id": "GHSA-w37g-rhq8-7m4j", + "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2370,8 +2420,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", "id": "GHSA-c4r9-r8fh-9vj2", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2417,8 +2468,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", "id": "GHSA-hhhw-99gj-p3c3", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2464,8 +2516,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", "id": "GHSA-98wm-3w3q-mw94", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2511,8 +2564,9 @@ } ], "source_location": {}, - "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth...", "id": "GHSA-3mc7-4q67-w48m", + "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2558,8 +2612,9 @@ } ], "source_location": {}, - "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new...", "id": "GHSA-mjmj-j48q-9wg2", + "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2604,8 +2659,9 @@ } ], "source_location": {}, - "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a...", "id": "GHSA-668q-qrv7-99fm", + "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2650,8 +2706,9 @@ } ], "source_location": {}, - "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending...", "id": "GHSA-vmq6-5m68-f53m", + "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2696,8 +2753,9 @@ } ], "source_location": {}, - "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such...", "id": "GHSA-m394-8rww-3jr7", + "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2742,8 +2800,9 @@ } ], "source_location": {}, - "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the...", "id": "GHSA-m6cp-vxjx-65j6", + "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2790,8 +2849,9 @@ } ], "source_location": {}, - "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large...", "id": "GHSA-26vr-8j45-3r4w", + "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2836,8 +2896,9 @@ } ], "source_location": {}, - "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior...", "id": "GHSA-p26g-97m4-6q7c", + "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2883,8 +2944,9 @@ } ], "source_location": {}, - "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the...", "id": "GHSA-qw69-rqj8-6qw8", + "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2929,8 +2991,9 @@ } ], "source_location": {}, - "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection...", "id": "GHSA-86wm-rrjm-8wh8", + "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2975,8 +3038,9 @@ } ], "source_location": {}, - "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with...", "id": "GHSA-cj7v-27pg-wf7q", + "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3023,8 +3087,9 @@ } ], "source_location": {}, - "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive...", "id": "GHSA-hmr7-m48g-48f6", + "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3073,8 +3138,9 @@ } ], "source_location": {}, - "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated...", "id": "GHSA-g3wg-6mcf-8jj6", + "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3119,8 +3185,9 @@ } ], "source_location": {}, - "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when...", "id": "GHSA-58qw-p7qm-5rvh", + "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3165,8 +3232,9 @@ } ], "source_location": {}, - "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request...", "id": "GHSA-gwcr-j4wh-j3cq", + "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3213,8 +3281,9 @@ } ], "source_location": {}, - "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the...", "id": "GHSA-3gh6-v5v9-6v9j", + "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3262,8 +3331,9 @@ } ], "source_location": {}, - "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static...", "id": "GHSA-269g-pwp5-87pp", + "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3334,8 +3404,9 @@ } ], "source_location": {}, - "title": "testing", + "title": "testing...", "id": "INT-63e3-49kp-blqt", + "desc": "testing", "impact": 0.3, "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3380,8 +3451,9 @@ } ], "source_location": {}, - "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A...", "id": "GHSA-j8jw-g6fq-mp7h", + "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3426,8 +3498,9 @@ } ], "source_location": {}, - "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation...", "id": "GHSA-8grg-q944-cch5", + "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3472,8 +3545,9 @@ } ], "source_location": {}, - "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular...", "id": "GHSA-hwj3-m3p6-hj38", + "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3518,8 +3592,9 @@ } ], "source_location": {}, - "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the...", "id": "GHSA-7r82-7xv7-xcpj", + "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3564,8 +3639,9 @@ } ], "source_location": {}, - "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of...", "id": "GHSA-jvfv-hrrc-6q72", + "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3611,8 +3687,9 @@ } ], "source_location": {}, - "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from...", "id": "GHSA-wgmr-mf83-7x4j", + "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3657,8 +3734,9 @@ } ], "source_location": {}, - "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should...", "id": "GHSA-qppj-fm5r-hxr3", + "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3703,8 +3781,9 @@ } ], "source_location": {}, - "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as...", "id": "GHSA-rggv-cv7r-mw98", + "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3749,8 +3828,9 @@ } ], "source_location": {}, - "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following...", "id": "GHSA-wgh7-54f2-x98r", + "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3797,8 +3877,9 @@ } ], "source_location": {}, - "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to...", "id": "GHSA-w4g2-9hj6-5472", + "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3843,8 +3924,9 @@ } ], "source_location": {}, - "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a...", "id": "GHSA-mm8h-8587-p46h", + "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3889,8 +3971,9 @@ } ], "source_location": {}, - "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote...", "id": "GHSA-h376-j262-vhq6", + "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3937,8 +4020,9 @@ } ], "source_location": {}, - "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring,...", "id": "GHSA-45hx-wfhj-473x", + "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3951,7 +4035,7 @@ ] } ], - "sha256": "9cb9c7b18399f04b0e0eace60440893a66e95336da56eca1a628d82e2584ac2c" + "sha256": "11b3bd3a723f0a6401c2b51a41adb4a7a1a44a5053a5bb25468fe80087fc0021" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index cbe3c7f47b..c860c0de01 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -54,8 +54,9 @@ } ], "source_location": {}, - "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine...", "id": "GHSA-5mg8-w23w-74h3", + "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ @@ -103,8 +104,9 @@ } ], "source_location": {}, - "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix...", "id": "GHSA-7g45-4rm6-3mm3", + "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ @@ -149,8 +151,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)....", "id": "GHSA-5p34-5m6p-p58g", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -195,8 +198,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)....", "id": "GHSA-27xj-rqx5-2255", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -241,8 +245,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)....", "id": "GHSA-58pp-9c76-5625", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -287,8 +292,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool,...", "id": "GHSA-v3xw-c963-f5hc", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -333,8 +339,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly)....", "id": "GHSA-h4rc-386g-6m85", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -379,8 +386,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)....", "id": "GHSA-9vvp-fxw6-jcxr", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -425,8 +433,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)....", "id": "GHSA-rf6r-2c4q-2vwg", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -471,8 +480,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane....", "id": "GHSA-758m-v56v-grj4", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -517,8 +527,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)....", "id": "GHSA-95cm-88f5-f2c7", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -563,8 +574,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...", "id": "GHSA-c2q3-4qrh-fm48", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -609,8 +621,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)....", "id": "GHSA-mc6h-4qgp-37qh", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -655,8 +668,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)....", "id": "GHSA-j823-4qch-3rgm", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -701,8 +715,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)....", "id": "GHSA-c265-37vj-cwcc", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -747,8 +762,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as...", "id": "GHSA-4w82-r329-3q67", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -793,8 +809,9 @@ } ], "source_location": {}, - "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class...", "id": "GHSA-rpr3-cw39-3pxh", + "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -839,8 +856,9 @@ } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", "id": "GHSA-fmmc-742q-jg75", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -885,8 +903,9 @@ } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", "id": "GHSA-gjmw-vf9h-g25v", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -931,8 +950,9 @@ } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or...", "id": "GHSA-mx7p-6679-8g3q", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -977,8 +997,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka...", "id": "GHSA-q93h-jc49-78gg", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1023,8 +1044,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka...", "id": "GHSA-p43x-xfjf-5jhr", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1070,8 +1092,9 @@ } ], "source_location": {}, - "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the...", "id": "GHSA-h3cw-g4mq-c5x2", + "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1116,8 +1139,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to...", "id": "GHSA-qjw2-hr98-qgfh", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1162,8 +1186,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`....", "id": "GHSA-8w26-6f25-cm9x", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1208,8 +1233,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource....", "id": "GHSA-m6x4-97wx-4q27", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1254,8 +1280,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`....", "id": "GHSA-v585-23hc-c647", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1300,8 +1327,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource....", "id": "GHSA-r695-7vr9-jgc2", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1346,8 +1374,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource....", "id": "GHSA-vfqx-33qm-g869", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1392,8 +1421,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`....", "id": "GHSA-f9xh-2qgp-cq57", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1438,8 +1468,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`....", "id": "GHSA-cvm9-fjm9-3572", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1484,8 +1515,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`....", "id": "GHSA-9gph-22xh-8x98", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1530,8 +1562,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS....", "id": "GHSA-89qr-369f-5m5x", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1576,8 +1609,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS....", "id": "GHSA-8c4j-34r4-xr8g", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1622,8 +1656,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool....", "id": "GHSA-9m6f-7xcq-8vf8", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1668,8 +1703,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in...", "id": "GHSA-5r5r-6hpj-8gg9", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1714,8 +1750,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource....", "id": "GHSA-wh8g-3j2c-rqj5", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1761,8 +1798,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource....", "id": "GHSA-r3gr-cxrf-hg25", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1808,8 +1846,9 @@ } ], "source_location": {}, - "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of...", "id": "GHSA-jjjh-jjxp-wpff", + "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1854,8 +1893,9 @@ } ], "source_location": {}, - "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The...", "id": "GHSA-5949-rw7g-wx7w", + "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1900,8 +1940,9 @@ } ], "source_location": {}, - "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of...", "id": "GHSA-57j2-w4cx-62h2", + "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1946,8 +1987,9 @@ } ], "source_location": {}, - "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows...", "id": "GHSA-288c-cq4h-88gq", + "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1992,8 +2034,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking....", "id": "GHSA-gww7-p5w4-wrfv", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2039,8 +2082,9 @@ } ], "source_location": {}, - "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a...", "id": "GHSA-rgv9-q543-rqg4", + "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2085,8 +2129,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)....", "id": "GHSA-fqwf-pjwf-7vqv", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2133,8 +2178,9 @@ } ], "source_location": {}, - "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary...", "id": "GHSA-8jpx-m2wh-2v34", + "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ @@ -2181,8 +2227,9 @@ } ], "source_location": {}, - "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard...", "id": "GHSA-3mcp-9wr4-cjqf", + "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ @@ -2229,8 +2276,9 @@ } ], "source_location": {}, - "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564....", "id": "GHSA-rvwf-54qp-4r6v", + "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2276,8 +2324,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is...", "id": "GHSA-9w3m-gqgf-c4p9", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2323,8 +2372,9 @@ } ], "source_location": {}, - "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser...", "id": "GHSA-w37g-rhq8-7m4j", + "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2370,8 +2420,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", "id": "GHSA-c4r9-r8fh-9vj2", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2417,8 +2468,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", "id": "GHSA-hhhw-99gj-p3c3", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2464,8 +2516,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", "id": "GHSA-98wm-3w3q-mw94", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2511,8 +2564,9 @@ } ], "source_location": {}, - "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth...", "id": "GHSA-3mc7-4q67-w48m", + "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2558,8 +2612,9 @@ } ], "source_location": {}, - "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new...", "id": "GHSA-mjmj-j48q-9wg2", + "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2604,8 +2659,9 @@ } ], "source_location": {}, - "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a...", "id": "GHSA-668q-qrv7-99fm", + "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ @@ -2650,8 +2706,9 @@ } ], "source_location": {}, - "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending...", "id": "GHSA-vmq6-5m68-f53m", + "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ @@ -2702,8 +2759,9 @@ } ], "source_location": {}, - "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such...", "id": "GHSA-m394-8rww-3jr7", + "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2748,8 +2806,9 @@ } ], "source_location": {}, - "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the...", "id": "GHSA-m6cp-vxjx-65j6", + "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2796,8 +2855,9 @@ } ], "source_location": {}, - "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large...", "id": "GHSA-26vr-8j45-3r4w", + "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2842,8 +2902,9 @@ } ], "source_location": {}, - "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior...", "id": "GHSA-p26g-97m4-6q7c", + "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2889,8 +2950,9 @@ } ], "source_location": {}, - "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the...", "id": "GHSA-qw69-rqj8-6qw8", + "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2935,8 +2997,9 @@ } ], "source_location": {}, - "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection...", "id": "GHSA-86wm-rrjm-8wh8", + "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2981,8 +3044,9 @@ } ], "source_location": {}, - "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with...", "id": "GHSA-cj7v-27pg-wf7q", + "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ @@ -3029,8 +3093,9 @@ } ], "source_location": {}, - "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive...", "id": "GHSA-hmr7-m48g-48f6", + "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ @@ -3079,8 +3144,9 @@ } ], "source_location": {}, - "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated...", "id": "GHSA-g3wg-6mcf-8jj6", + "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ]\n}", "results": [ @@ -3125,8 +3191,9 @@ } ], "source_location": {}, - "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when...", "id": "GHSA-58qw-p7qm-5rvh", + "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ]\n}", "results": [ @@ -3171,8 +3238,9 @@ } ], "source_location": {}, - "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request...", "id": "GHSA-gwcr-j4wh-j3cq", + "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ @@ -3219,8 +3287,9 @@ } ], "source_location": {}, - "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the...", "id": "GHSA-3gh6-v5v9-6v9j", + "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ @@ -3268,8 +3337,9 @@ } ], "source_location": {}, - "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static...", "id": "GHSA-269g-pwp5-87pp", + "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ]\n}", "results": [ @@ -3340,8 +3410,9 @@ } ], "source_location": {}, - "title": "testing", + "title": "testing...", "id": "INT-63e3-49kp-blqt", + "desc": "testing", "impact": 0.3, "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", "results": [ @@ -3386,8 +3457,9 @@ } ], "source_location": {}, - "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A...", "id": "GHSA-j8jw-g6fq-mp7h", + "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ @@ -3432,8 +3504,9 @@ } ], "source_location": {}, - "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation...", "id": "GHSA-8grg-q944-cch5", + "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ @@ -3478,8 +3551,9 @@ } ], "source_location": {}, - "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular...", "id": "GHSA-hwj3-m3p6-hj38", + "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ]\n}", "results": [ @@ -3524,8 +3598,9 @@ } ], "source_location": {}, - "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the...", "id": "GHSA-7r82-7xv7-xcpj", + "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ]\n}", "results": [ @@ -3570,8 +3645,9 @@ } ], "source_location": {}, - "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of...", "id": "GHSA-jvfv-hrrc-6q72", + "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ]\n}", "results": [ @@ -3617,8 +3693,9 @@ } ], "source_location": {}, - "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from...", "id": "GHSA-wgmr-mf83-7x4j", + "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ @@ -3663,8 +3740,9 @@ } ], "source_location": {}, - "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should...", "id": "GHSA-qppj-fm5r-hxr3", + "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ @@ -3715,8 +3793,9 @@ } ], "source_location": {}, - "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as...", "id": "GHSA-rggv-cv7r-mw98", + "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ]\n}", "results": [ @@ -3761,8 +3840,9 @@ } ], "source_location": {}, - "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following...", "id": "GHSA-wgh7-54f2-x98r", + "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ]\n}", "results": [ @@ -3809,8 +3889,9 @@ } ], "source_location": {}, - "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to...", "id": "GHSA-w4g2-9hj6-5472", + "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ @@ -3855,8 +3936,9 @@ } ], "source_location": {}, - "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a...", "id": "GHSA-mm8h-8587-p46h", + "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ @@ -3901,8 +3983,9 @@ } ], "source_location": {}, - "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote...", "id": "GHSA-h376-j262-vhq6", + "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ @@ -3949,8 +4032,9 @@ } ], "source_location": {}, - "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring,...", "id": "GHSA-45hx-wfhj-473x", + "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ @@ -3963,7 +4047,7 @@ ] } ], - "sha256": "82ad756c2d967b02ca0faafcad9397c1abd3ca0b2a3906c509afbbb49f1b5718" + "sha256": "cf26e50df72fb70faa489846f6f3a8508840a44ba3ed7297d58bd58c877f0d03" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index a76fcb2b67..bd507c6610 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -54,8 +54,9 @@ } ], "source_location": {}, - "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine...", "id": "GHSA-5mg8-w23w-74h3", + "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ @@ -103,8 +104,9 @@ } ], "source_location": {}, - "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix...", "id": "GHSA-7g45-4rm6-3mm3", + "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ @@ -149,8 +151,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)....", "id": "GHSA-5p34-5m6p-p58g", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -195,8 +198,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)....", "id": "GHSA-27xj-rqx5-2255", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -241,8 +245,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)....", "id": "GHSA-58pp-9c76-5625", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -287,8 +292,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool,...", "id": "GHSA-v3xw-c963-f5hc", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -333,8 +339,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly)....", "id": "GHSA-h4rc-386g-6m85", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -379,8 +386,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)....", "id": "GHSA-9vvp-fxw6-jcxr", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -425,8 +433,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)....", "id": "GHSA-rf6r-2c4q-2vwg", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -471,8 +480,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane....", "id": "GHSA-758m-v56v-grj4", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -517,8 +527,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)....", "id": "GHSA-95cm-88f5-f2c7", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -563,8 +574,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...", "id": "GHSA-c2q3-4qrh-fm48", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -609,8 +621,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)....", "id": "GHSA-mc6h-4qgp-37qh", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -655,8 +668,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)....", "id": "GHSA-j823-4qch-3rgm", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -701,8 +715,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)....", "id": "GHSA-c265-37vj-cwcc", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -747,8 +762,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as...", "id": "GHSA-4w82-r329-3q67", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -793,8 +809,9 @@ } ], "source_location": {}, - "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class...", "id": "GHSA-rpr3-cw39-3pxh", + "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -839,8 +856,9 @@ } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", "id": "GHSA-fmmc-742q-jg75", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -885,8 +903,9 @@ } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", "id": "GHSA-gjmw-vf9h-g25v", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -931,8 +950,9 @@ } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or...", "id": "GHSA-mx7p-6679-8g3q", + "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -977,8 +997,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka...", "id": "GHSA-q93h-jc49-78gg", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1023,8 +1044,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka...", "id": "GHSA-p43x-xfjf-5jhr", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1070,8 +1092,9 @@ } ], "source_location": {}, - "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the...", "id": "GHSA-h3cw-g4mq-c5x2", + "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1116,8 +1139,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to...", "id": "GHSA-qjw2-hr98-qgfh", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1162,8 +1186,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`....", "id": "GHSA-8w26-6f25-cm9x", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1208,8 +1233,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource....", "id": "GHSA-m6x4-97wx-4q27", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1254,8 +1280,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`....", "id": "GHSA-v585-23hc-c647", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1300,8 +1327,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource....", "id": "GHSA-r695-7vr9-jgc2", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1346,8 +1374,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource....", "id": "GHSA-vfqx-33qm-g869", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1392,8 +1421,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`....", "id": "GHSA-f9xh-2qgp-cq57", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1438,8 +1468,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`....", "id": "GHSA-cvm9-fjm9-3572", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1484,8 +1515,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`....", "id": "GHSA-9gph-22xh-8x98", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1530,8 +1562,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS....", "id": "GHSA-89qr-369f-5m5x", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1576,8 +1609,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS....", "id": "GHSA-8c4j-34r4-xr8g", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1622,8 +1656,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool....", "id": "GHSA-9m6f-7xcq-8vf8", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1668,8 +1703,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in...", "id": "GHSA-5r5r-6hpj-8gg9", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1714,8 +1750,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource....", "id": "GHSA-wh8g-3j2c-rqj5", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1761,8 +1798,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource....", "id": "GHSA-r3gr-cxrf-hg25", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1808,8 +1846,9 @@ } ], "source_location": {}, - "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of...", "id": "GHSA-jjjh-jjxp-wpff", + "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1854,8 +1893,9 @@ } ], "source_location": {}, - "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The...", "id": "GHSA-5949-rw7g-wx7w", + "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1900,8 +1940,9 @@ } ], "source_location": {}, - "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of...", "id": "GHSA-57j2-w4cx-62h2", + "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1946,8 +1987,9 @@ } ], "source_location": {}, - "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows...", "id": "GHSA-288c-cq4h-88gq", + "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1992,8 +2034,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking....", "id": "GHSA-gww7-p5w4-wrfv", + "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2039,8 +2082,9 @@ } ], "source_location": {}, - "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a...", "id": "GHSA-rgv9-q543-rqg4", + "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2085,8 +2129,9 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)....", "id": "GHSA-fqwf-pjwf-7vqv", + "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2133,8 +2178,9 @@ } ], "source_location": {}, - "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary...", "id": "GHSA-8jpx-m2wh-2v34", + "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ @@ -2181,8 +2227,9 @@ } ], "source_location": {}, - "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard...", "id": "GHSA-3mcp-9wr4-cjqf", + "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ @@ -2229,8 +2276,9 @@ } ], "source_location": {}, - "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564....", "id": "GHSA-rvwf-54qp-4r6v", + "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2276,8 +2324,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is...", "id": "GHSA-9w3m-gqgf-c4p9", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2323,8 +2372,9 @@ } ], "source_location": {}, - "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser...", "id": "GHSA-w37g-rhq8-7m4j", + "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2370,8 +2420,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", "id": "GHSA-c4r9-r8fh-9vj2", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2417,8 +2468,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", "id": "GHSA-hhhw-99gj-p3c3", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2464,8 +2516,9 @@ } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", "id": "GHSA-98wm-3w3q-mw94", + "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2511,8 +2564,9 @@ } ], "source_location": {}, - "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth...", "id": "GHSA-3mc7-4q67-w48m", + "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2558,8 +2612,9 @@ } ], "source_location": {}, - "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new...", "id": "GHSA-mjmj-j48q-9wg2", + "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2604,8 +2659,9 @@ } ], "source_location": {}, - "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a...", "id": "GHSA-668q-qrv7-99fm", + "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ @@ -2650,8 +2706,9 @@ } ], "source_location": {}, - "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending...", "id": "GHSA-vmq6-5m68-f53m", + "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ @@ -2702,8 +2759,9 @@ } ], "source_location": {}, - "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such...", "id": "GHSA-m394-8rww-3jr7", + "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2748,8 +2806,9 @@ } ], "source_location": {}, - "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the...", "id": "GHSA-m6cp-vxjx-65j6", + "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2796,8 +2855,9 @@ } ], "source_location": {}, - "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large...", "id": "GHSA-26vr-8j45-3r4w", + "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2842,8 +2902,9 @@ } ], "source_location": {}, - "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior...", "id": "GHSA-p26g-97m4-6q7c", + "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2889,8 +2950,9 @@ } ], "source_location": {}, - "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the...", "id": "GHSA-qw69-rqj8-6qw8", + "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2935,8 +2997,9 @@ } ], "source_location": {}, - "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection...", "id": "GHSA-86wm-rrjm-8wh8", + "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2981,8 +3044,9 @@ } ], "source_location": {}, - "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with...", "id": "GHSA-cj7v-27pg-wf7q", + "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ @@ -3029,8 +3093,9 @@ } ], "source_location": {}, - "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive...", "id": "GHSA-hmr7-m48g-48f6", + "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ @@ -3079,8 +3144,9 @@ } ], "source_location": {}, - "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated...", "id": "GHSA-g3wg-6mcf-8jj6", + "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ]\n}", "results": [ @@ -3125,8 +3191,9 @@ } ], "source_location": {}, - "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when...", "id": "GHSA-58qw-p7qm-5rvh", + "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ]\n}", "results": [ @@ -3171,8 +3238,9 @@ } ], "source_location": {}, - "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request...", "id": "GHSA-gwcr-j4wh-j3cq", + "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ @@ -3219,8 +3287,9 @@ } ], "source_location": {}, - "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the...", "id": "GHSA-3gh6-v5v9-6v9j", + "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ @@ -3268,8 +3337,9 @@ } ], "source_location": {}, - "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static...", "id": "GHSA-269g-pwp5-87pp", + "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ]\n}", "results": [ @@ -3340,8 +3410,9 @@ } ], "source_location": {}, - "title": "testing", + "title": "testing...", "id": "INT-63e3-49kp-blqt", + "desc": "testing", "impact": 0.3, "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", "results": [ @@ -3386,8 +3457,9 @@ } ], "source_location": {}, - "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A...", "id": "GHSA-j8jw-g6fq-mp7h", + "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ @@ -3432,8 +3504,9 @@ } ], "source_location": {}, - "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation...", "id": "GHSA-8grg-q944-cch5", + "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ @@ -3478,8 +3551,9 @@ } ], "source_location": {}, - "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular...", "id": "GHSA-hwj3-m3p6-hj38", + "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ]\n}", "results": [ @@ -3524,8 +3598,9 @@ } ], "source_location": {}, - "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the...", "id": "GHSA-7r82-7xv7-xcpj", + "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ]\n}", "results": [ @@ -3570,8 +3645,9 @@ } ], "source_location": {}, - "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of...", "id": "GHSA-jvfv-hrrc-6q72", + "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ]\n}", "results": [ @@ -3617,8 +3693,9 @@ } ], "source_location": {}, - "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from...", "id": "GHSA-wgmr-mf83-7x4j", + "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ @@ -3663,8 +3740,9 @@ } ], "source_location": {}, - "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should...", "id": "GHSA-qppj-fm5r-hxr3", + "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ @@ -3715,8 +3793,9 @@ } ], "source_location": {}, - "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as...", "id": "GHSA-rggv-cv7r-mw98", + "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ]\n}", "results": [ @@ -3761,8 +3840,9 @@ } ], "source_location": {}, - "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following...", "id": "GHSA-wgh7-54f2-x98r", + "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ]\n}", "results": [ @@ -3809,8 +3889,9 @@ } ], "source_location": {}, - "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to...", "id": "GHSA-w4g2-9hj6-5472", + "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ @@ -3855,8 +3936,9 @@ } ], "source_location": {}, - "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a...", "id": "GHSA-mm8h-8587-p46h", + "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ @@ -3901,8 +3983,9 @@ } ], "source_location": {}, - "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote...", "id": "GHSA-h376-j262-vhq6", + "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ @@ -3949,8 +4032,9 @@ } ], "source_location": {}, - "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring,...", "id": "GHSA-45hx-wfhj-473x", + "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ @@ -3963,7 +4047,7 @@ ] } ], - "sha256": "82ad756c2d967b02ca0faafcad9397c1abd3ca0b2a3906c509afbbb49f1b5718" + "sha256": "cf26e50df72fb70faa489846f6f3a8508840a44ba3ed7297d58bd58c877f0d03" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json index 8b897c8ac6..d9db886b3f 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json @@ -48,25 +48,11 @@ "label": "Date updated" }, { - "data": { - "individuals": [ - { - "name": "Bartosz Baranowski" - } - ] - }, + "data": "{\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n}", "label": "Credits" }, { - "data": { - "state": "not_affected", - "justification": "code_not_reachable", - "response": [ - "will_not_fix", - "update" - ], - "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." - }, + "data": "{\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n}", "label": "Analysis" } ], @@ -104,8 +90,9 @@ } ], "source_location": {}, - "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", + "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package...", "id": "CVE-2020-25649", + "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", "impact": 0.53, "code": "{\n \"id\": \"CVE-2020-25649\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-25649\"\n },\n \"references\": [\n {\n \"id\": \"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\",\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n }\n }\n ],\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1\"\n },\n \"score\": 7.5,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n },\n \"score\": 8.2,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"Acme Inc\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1\"\n },\n \"score\": 0,\n \"severity\": \"none\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\",\n \"detail\": \"XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\\n\\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\",\n \"recommendation\": \"Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.\",\n \"advisories\": [\n {\n \"title\": \"GitHub Commit\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59\"\n },\n {\n \"title\": \"GitHub Issue\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/issues/2589\"\n },\n {\n \"title\": \"RedHat Bugzilla Bug\",\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\"\n }\n ],\n \"created\": \"2020-12-03T00:00:00.000Z\",\n \"published\": \"2020-12-03T00:00:00.000Z\",\n \"updated\": \"2021-10-26T00:00:00.000Z\",\n \"credits\": {\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n },\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\"\n }\n ]\n}", "results": [ @@ -118,7 +105,7 @@ ] } ], - "sha256": "ea955961c50e68aa955994bdfdc4e8d2e4d5de134971a3d1d7aaf9bd418b254f" + "sha256": "8899bb4bec605e6134bf32de098bd51adae09883f3a69276bb397c7f75967be1" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json index 730a5f3db4..11169e2bfa 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json @@ -48,25 +48,11 @@ "label": "Date updated" }, { - "data": { - "individuals": [ - { - "name": "Bartosz Baranowski" - } - ] - }, + "data": "{\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n}", "label": "Credits" }, { - "data": { - "state": "not_affected", - "justification": "code_not_reachable", - "response": [ - "will_not_fix", - "update" - ], - "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." - }, + "data": "{\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n}", "label": "Analysis" } ], @@ -104,8 +90,9 @@ } ], "source_location": {}, - "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", + "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package...", "id": "CVE-2020-25649", + "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", "impact": 0.53, "code": "{\n \"id\": \"CVE-2020-25649\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-25649\"\n },\n \"references\": [\n {\n \"id\": \"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\",\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n }\n }\n ],\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1\"\n },\n \"score\": 7.5,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n },\n \"score\": 8.2,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"Acme Inc\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1\"\n },\n \"score\": 0,\n \"severity\": \"none\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\",\n \"detail\": \"XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\\n\\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\",\n \"recommendation\": \"Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.\",\n \"advisories\": [\n {\n \"title\": \"GitHub Commit\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59\"\n },\n {\n \"title\": \"GitHub Issue\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/issues/2589\"\n },\n {\n \"title\": \"RedHat Bugzilla Bug\",\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\"\n }\n ],\n \"created\": \"2020-12-03T00:00:00.000Z\",\n \"published\": \"2020-12-03T00:00:00.000Z\",\n \"updated\": \"2021-10-26T00:00:00.000Z\",\n \"credits\": {\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n },\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\"\n }\n ]\n}", "results": [ @@ -118,7 +105,7 @@ ] } ], - "sha256": "ea955961c50e68aa955994bdfdc4e8d2e4d5de134971a3d1d7aaf9bd418b254f" + "sha256": "8899bb4bec605e6134bf32de098bd51adae09883f3a69276bb397c7f75967be1" } ], "passthrough": { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index fb39283d27..f289cf7e3a 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -314,7 +314,12 @@ export class SBOMMapper extends BaseConverter { transformer: ( input: Record ): Record | undefined => - input ? {data: input, label: 'Proof of concept'} : undefined + input + ? { + data: JSON.stringify(input, null, 2), + label: 'Proof of concept' + } + : undefined } as unknown as ExecJSON.ControlDescription, { path: 'created', @@ -349,21 +354,27 @@ export class SBOMMapper extends BaseConverter { transformer: ( input: Record ): Record | undefined => - input ? {data: input, label: 'Credits'} : undefined + input + ? {data: JSON.stringify(input, null, 2), label: 'Credits'} + : undefined } as unknown as ExecJSON.ControlDescription, { path: 'tools', transformer: ( input: Record ): Record | undefined => - input ? {data: input, label: 'Tools'} : undefined + input + ? {data: JSON.stringify(input, null, 2), label: 'Tools'} + : undefined } as unknown as ExecJSON.ControlDescription, { path: 'analysis', transformer: ( input: Record ): Record | undefined => - input ? {data: input, label: 'Analysis'} : undefined + input + ? {data: JSON.stringify(input, null, 2), label: 'Analysis'} + : undefined } as unknown as ExecJSON.ControlDescription ], refs: [ @@ -384,10 +395,19 @@ export class SBOMMapper extends BaseConverter { ], source_location: {}, title: { + // Give description as title if possible + // Cut off description after certain word count for frontend display on smaller screens transformer: (input: Record): string => - input.description ? `${input.description}` : `${input.id}` + input.description + ? `${(input.description as string).split(' ').splice(0, 20).join(' ')}...` + : `${input.id}` }, id: {path: 'id'}, + desc: { + path: 'description', + transformer: (input: string): string | undefined => + input ? input : undefined + }, impact: {path: 'ratings', transformer: aggregateImpact}, code: { transformer: (vulnerability: Record): string => @@ -413,9 +433,9 @@ export class SBOMMapper extends BaseConverter { let msg = '-Component Summary-'; for (const item in input) { if (input[item] instanceof Array) { - msg += `\n- ${item}: ${JSON.stringify(input[item], null, 2).replace(/\"/g, '')}`; + msg += `\n\n- ${_.capitalize(item)}: ${JSON.stringify(input[item], null, 2).replace(/"/g, '')}`; } else { - msg += `\n- ${item}: ${input[item]}`; + msg += `\n\n- ${_.capitalize(item)}: ${input[item]}`; } } return msg; From 62b3b353a47267dc22e6d4b06491f6b3d8c6528a Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Wed, 31 Jul 2024 11:38:58 -0400 Subject: [PATCH 27/61] Testing update Signed-off-by: Charles Hu --- .../sbom-dropwizard-vex-hdf-withraw.json | 172 ++++++++--------- .../sbom_mapper/sbom-dropwizard-vex-hdf.json | 172 ++++++++--------- .../sbom-dropwizard-vulns-hdf-withraw.json | 176 +++++++++--------- .../sbom-dropwizard-vulns-hdf.json | 176 +++++++++--------- .../sbom_mapper/sbom-vex-hdf-withraw.json | 4 +- .../sbom_mapper/sbom-vex-hdf.json | 4 +- 6 files changed, 352 insertions(+), 352 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index 15c84ae0b9..62ffc4878c 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -63,7 +63,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -113,7 +113,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -160,7 +160,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -207,7 +207,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -254,7 +254,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -301,7 +301,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -348,7 +348,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -395,7 +395,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -442,7 +442,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -489,7 +489,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -536,7 +536,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -583,7 +583,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -630,7 +630,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -677,7 +677,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -724,7 +724,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -771,7 +771,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -818,7 +818,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -865,7 +865,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -912,7 +912,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -959,7 +959,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1006,7 +1006,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1053,7 +1053,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1101,7 +1101,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1148,7 +1148,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1195,7 +1195,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1242,7 +1242,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1289,7 +1289,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1336,7 +1336,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1383,7 +1383,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1430,7 +1430,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1477,7 +1477,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1524,7 +1524,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1571,7 +1571,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1618,7 +1618,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1665,7 +1665,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1712,7 +1712,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1759,7 +1759,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1807,7 +1807,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1855,7 +1855,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1902,7 +1902,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1949,7 +1949,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1996,7 +1996,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2043,7 +2043,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2091,7 +2091,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2138,7 +2138,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2187,7 +2187,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2236,7 +2236,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2285,7 +2285,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2333,7 +2333,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2381,7 +2381,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2429,7 +2429,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2477,7 +2477,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2525,7 +2525,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2573,7 +2573,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2621,7 +2621,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2668,7 +2668,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2715,7 +2715,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2762,7 +2762,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2809,7 +2809,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2858,7 +2858,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2905,7 +2905,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2953,7 +2953,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3000,7 +3000,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3047,7 +3047,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3096,7 +3096,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3147,7 +3147,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3194,7 +3194,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3241,7 +3241,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3290,7 +3290,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3340,7 +3340,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3376,7 +3376,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3413,7 +3413,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3460,7 +3460,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3507,7 +3507,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3554,7 +3554,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3601,7 +3601,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3648,7 +3648,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3696,7 +3696,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3743,7 +3743,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3790,7 +3790,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3837,7 +3837,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3886,7 +3886,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3933,7 +3933,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3980,7 +3980,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -4029,13 +4029,13 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] } ], - "sha256": "11b3bd3a723f0a6401c2b51a41adb4a7a1a44a5053a5bb25468fe80087fc0021" + "sha256": "f7826c9044111b03e9e5af8bf9e868c3fffc231c660df8310d20c9841a20bac1" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json index ef70c621d4..bd9d796caa 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -63,7 +63,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -113,7 +113,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -160,7 +160,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -207,7 +207,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -254,7 +254,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -301,7 +301,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -348,7 +348,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -395,7 +395,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -442,7 +442,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -489,7 +489,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -536,7 +536,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -583,7 +583,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -630,7 +630,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -677,7 +677,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -724,7 +724,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -771,7 +771,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -818,7 +818,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -865,7 +865,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -912,7 +912,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -959,7 +959,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1006,7 +1006,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1053,7 +1053,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1101,7 +1101,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1148,7 +1148,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1195,7 +1195,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1242,7 +1242,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1289,7 +1289,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1336,7 +1336,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1383,7 +1383,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1430,7 +1430,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1477,7 +1477,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1524,7 +1524,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1571,7 +1571,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1618,7 +1618,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1665,7 +1665,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1712,7 +1712,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1759,7 +1759,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1807,7 +1807,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1855,7 +1855,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1902,7 +1902,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1949,7 +1949,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -1996,7 +1996,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2043,7 +2043,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2091,7 +2091,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2138,7 +2138,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2187,7 +2187,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2236,7 +2236,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2285,7 +2285,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2333,7 +2333,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2381,7 +2381,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2429,7 +2429,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2477,7 +2477,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2525,7 +2525,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2573,7 +2573,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2621,7 +2621,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2668,7 +2668,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2715,7 +2715,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2762,7 +2762,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2809,7 +2809,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2858,7 +2858,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2905,7 +2905,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -2953,7 +2953,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3000,7 +3000,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3047,7 +3047,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3096,7 +3096,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3147,7 +3147,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3194,7 +3194,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3241,7 +3241,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3290,7 +3290,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3340,7 +3340,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3376,7 +3376,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3413,7 +3413,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3460,7 +3460,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3507,7 +3507,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3554,7 +3554,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3601,7 +3601,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3648,7 +3648,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3696,7 +3696,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3743,7 +3743,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3790,7 +3790,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3837,7 +3837,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3886,7 +3886,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3933,7 +3933,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -3980,7 +3980,7 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] @@ -4029,13 +4029,13 @@ { "status": "failed", "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", - "message": "-Component Summary-\n- bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n- name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "message": "-Component Summary-\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", "start_time": "" } ] } ], - "sha256": "11b3bd3a723f0a6401c2b51a41adb4a7a1a44a5053a5bb25468fe80087fc0021" + "sha256": "f7826c9044111b03e9e5af8bf9e868c3fffc231c660df8310d20c9841a20bac1" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index c860c0de01..09370ff3f8 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -63,7 +63,7 @@ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -113,7 +113,7 @@ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -160,7 +160,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -207,7 +207,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -254,7 +254,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -301,7 +301,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -348,7 +348,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -395,7 +395,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -442,7 +442,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -489,7 +489,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -536,7 +536,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -583,7 +583,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -630,7 +630,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -677,7 +677,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -724,7 +724,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -771,7 +771,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -818,7 +818,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -865,7 +865,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -912,7 +912,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -959,7 +959,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1006,7 +1006,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1053,7 +1053,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1101,7 +1101,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1148,7 +1148,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1195,7 +1195,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1242,7 +1242,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1289,7 +1289,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1336,7 +1336,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1383,7 +1383,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1430,7 +1430,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1477,7 +1477,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1524,7 +1524,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1571,7 +1571,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1618,7 +1618,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1665,7 +1665,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1712,7 +1712,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1759,7 +1759,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1807,7 +1807,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1855,7 +1855,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1902,7 +1902,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1949,7 +1949,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1996,7 +1996,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2043,7 +2043,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2091,7 +2091,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2138,7 +2138,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2187,7 +2187,7 @@ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n\n- Group: io.dropwizard\n\n- Name: dropwizard-validation\n\n- Version: 1.3.15", "start_time": "" } ] @@ -2236,7 +2236,7 @@ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n\n- Group: io.dropwizard\n\n- Name: dropwizard-validation\n\n- Version: 1.3.15", "start_time": "" } ] @@ -2285,7 +2285,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2333,7 +2333,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2381,7 +2381,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2429,7 +2429,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2477,7 +2477,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2525,7 +2525,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2573,7 +2573,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2621,7 +2621,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2668,7 +2668,7 @@ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -2715,13 +2715,13 @@ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n- group: ch.qos.logback\n- name: logback-classic\n- version: 1.2.3\n- description: logback-classic module\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n\n- Group: ch.qos.logback\n\n- Name: logback-classic\n\n- Version: 1.2.3\n\n- Description: logback-classic module\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -2768,7 +2768,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2815,7 +2815,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2864,7 +2864,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2911,7 +2911,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2959,7 +2959,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3006,7 +3006,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3053,7 +3053,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3102,7 +3102,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3153,7 +3153,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n- group: org.eclipse.jetty\n- name: jetty-webapp\n- version: 9.4.18.v20190429\n- description: Jetty web application support\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-webapp\n\n- Version: 9.4.18.v20190429\n\n- Description: Jetty web application support\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3200,7 +3200,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n- group: org.eclipse.jetty\n- name: jetty-xml\n- version: 9.4.18.v20190429\n- description: The jetty xml utilities.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-xml\n\n- Version: 9.4.18.v20190429\n\n- Description: The jetty xml utilities.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3247,7 +3247,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3296,7 +3296,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3346,7 +3346,7 @@ { "status": "failed", "code_desc": "Component junit/junit@4.12 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n- group: junit\n- name: junit\n- version: 4.12\n- description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.eclipse.org/legal/epl-v10.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n\n- Group: junit\n\n- Name: junit\n\n- Version: 4.12\n\n- Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.eclipse.org/legal/epl-v10.html\n }\n }\n]", "start_time": "" } ] @@ -3382,7 +3382,7 @@ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3419,7 +3419,7 @@ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3466,7 +3466,7 @@ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -3513,7 +3513,7 @@ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -3560,7 +3560,7 @@ { "status": "failed", "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n- group: org.dom4j\n- name: dom4j\n- version: 2.1.1\n- description: flexible XML framework for Java\n- licenses: [\n {\n license: {\n name: BSD 3-clause New License,\n url: https://github.com/dom4j/dom4j/blob/master/LICENSE\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n\n- Group: org.dom4j\n\n- Name: dom4j\n\n- Version: 2.1.1\n\n- Description: flexible XML framework for Java\n\n- Licenses: [\n {\n license: {\n name: BSD 3-clause New License,\n url: https://github.com/dom4j/dom4j/blob/master/LICENSE\n }\n }\n]", "start_time": "" } ] @@ -3607,7 +3607,7 @@ { "status": "failed", "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n- group: org.apache.httpcomponents\n- name: httpclient\n- version: 4.5.7\n- description: Apache HttpComponents Client\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n\n- Group: org.apache.httpcomponents\n\n- Name: httpclient\n\n- Version: 4.5.7\n\n- Description: Apache HttpComponents Client\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3654,7 +3654,7 @@ { "status": "failed", "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n- group: org.liquibase\n- name: liquibase-core\n- version: 3.6.3\n- description: Liquibase is a tool for managing and executing database changes.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n\n- Group: org.liquibase\n\n- Name: liquibase-core\n\n- Version: 3.6.3\n\n- Description: Liquibase is a tool for managing and executing database changes.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3702,7 +3702,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3749,13 +3749,13 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3802,7 +3802,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3849,7 +3849,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n- group: org.eclipse.jetty.http2\n- name: http2-hpack\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-hpack\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3898,7 +3898,7 @@ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", "start_time": "" } ] @@ -3945,7 +3945,7 @@ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", "start_time": "" } ] @@ -3992,7 +3992,7 @@ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", "start_time": "" } ] @@ -4041,13 +4041,13 @@ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", "start_time": "" } ] } ], - "sha256": "cf26e50df72fb70faa489846f6f3a8508840a44ba3ed7297d58bd58c877f0d03" + "sha256": "9d65827cc2bf25a92db7f8ebe51718810b1a04a6ba4ebd9f6a6d5e56b8180c50" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index bd507c6610..0293d53fde 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -63,7 +63,7 @@ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -113,7 +113,7 @@ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n- group: com.google.guava\n- name: guava\n- version: 24.1.1-jre\n- description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -160,7 +160,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -207,7 +207,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -254,7 +254,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -301,7 +301,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -348,7 +348,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -395,7 +395,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -442,7 +442,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -489,7 +489,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -536,7 +536,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -583,7 +583,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -630,7 +630,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -677,7 +677,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -724,7 +724,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -771,7 +771,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -818,7 +818,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -865,7 +865,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -912,7 +912,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -959,7 +959,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1006,7 +1006,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1053,7 +1053,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1101,7 +1101,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1148,7 +1148,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1195,7 +1195,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1242,7 +1242,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1289,7 +1289,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1336,7 +1336,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1383,7 +1383,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1430,7 +1430,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1477,7 +1477,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1524,7 +1524,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1571,7 +1571,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1618,7 +1618,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1665,7 +1665,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1712,7 +1712,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1759,7 +1759,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1807,7 +1807,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1855,7 +1855,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1902,7 +1902,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1949,7 +1949,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -1996,7 +1996,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2043,7 +2043,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2091,7 +2091,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2138,7 +2138,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n- group: com.fasterxml.jackson.core\n- name: jackson-databind\n- version: 2.9.10\n- description: General data-binding functionality for Jackson: works on core streaming API\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2187,7 +2187,7 @@ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n\n- Group: io.dropwizard\n\n- Name: dropwizard-validation\n\n- Version: 1.3.15", "start_time": "" } ] @@ -2236,7 +2236,7 @@ { "status": "failed", "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n- group: io.dropwizard\n- name: dropwizard-validation\n- version: 1.3.15", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n\n- Group: io.dropwizard\n\n- Name: dropwizard-validation\n\n- Version: 1.3.15", "start_time": "" } ] @@ -2285,7 +2285,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2333,7 +2333,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2381,7 +2381,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2429,7 +2429,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2477,7 +2477,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2525,7 +2525,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2573,7 +2573,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2621,7 +2621,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n- group: org.yaml\n- name: snakeyaml\n- version: 1.23\n- description: YAML 1.1 parser and emitter for Java\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -2668,7 +2668,7 @@ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -2715,13 +2715,13 @@ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n- group: ch.qos.logback\n- name: logback-core\n- version: 1.2.3\n- description: logback-core module\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n- group: ch.qos.logback\n- name: logback-classic\n- version: 1.2.3\n- description: logback-classic module\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n\n- Group: ch.qos.logback\n\n- Name: logback-classic\n\n- Version: 1.2.3\n\n- Description: logback-classic module\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -2768,7 +2768,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2815,7 +2815,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2864,7 +2864,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2911,7 +2911,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -2959,7 +2959,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3006,7 +3006,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n- group: org.eclipse.jetty\n- name: jetty-server\n- version: 9.4.18.v20190429\n- description: The core jetty server artifact.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3053,7 +3053,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3102,7 +3102,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n- group: org.eclipse.jetty\n- name: jetty-http\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3153,7 +3153,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n- group: org.eclipse.jetty\n- name: jetty-webapp\n- version: 9.4.18.v20190429\n- description: Jetty web application support\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-webapp\n\n- Version: 9.4.18.v20190429\n\n- Description: Jetty web application support\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3200,7 +3200,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n- group: org.eclipse.jetty\n- name: jetty-xml\n- version: 9.4.18.v20190429\n- description: The jetty xml utilities.\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-xml\n\n- Version: 9.4.18.v20190429\n\n- Description: The jetty xml utilities.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3247,7 +3247,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3296,7 +3296,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n- group: org.eclipse.jetty\n- name: jetty-servlets\n- version: 9.4.18.v20190429\n- description: Utility Servlets from Jetty\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3346,7 +3346,7 @@ { "status": "failed", "code_desc": "Component junit/junit@4.12 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n- group: junit\n- name: junit\n- version: 4.12\n- description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n- licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.eclipse.org/legal/epl-v10.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n\n- Group: junit\n\n- Name: junit\n\n- Version: 4.12\n\n- Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.eclipse.org/legal/epl-v10.html\n }\n }\n]", "start_time": "" } ] @@ -3382,7 +3382,7 @@ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3419,7 +3419,7 @@ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n- group: net.bytebuddy\n- name: byte-buddy\n- version: 1.9.7\n- description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3466,7 +3466,7 @@ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -3513,7 +3513,7 @@ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n- group: org.hibernate\n- name: hibernate-core\n- version: 5.2.18.Final\n- description: The core O/RM functionality as provided by Hibernate\n- licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", "start_time": "" } ] @@ -3560,7 +3560,7 @@ { "status": "failed", "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n- group: org.dom4j\n- name: dom4j\n- version: 2.1.1\n- description: flexible XML framework for Java\n- licenses: [\n {\n license: {\n name: BSD 3-clause New License,\n url: https://github.com/dom4j/dom4j/blob/master/LICENSE\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n\n- Group: org.dom4j\n\n- Name: dom4j\n\n- Version: 2.1.1\n\n- Description: flexible XML framework for Java\n\n- Licenses: [\n {\n license: {\n name: BSD 3-clause New License,\n url: https://github.com/dom4j/dom4j/blob/master/LICENSE\n }\n }\n]", "start_time": "" } ] @@ -3607,7 +3607,7 @@ { "status": "failed", "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n- group: org.apache.httpcomponents\n- name: httpclient\n- version: 4.5.7\n- description: Apache HttpComponents Client\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n\n- Group: org.apache.httpcomponents\n\n- Name: httpclient\n\n- Version: 4.5.7\n\n- Description: Apache HttpComponents Client\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3654,7 +3654,7 @@ { "status": "failed", "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n- group: org.liquibase\n- name: liquibase-core\n- version: 3.6.3\n- description: Liquibase is a tool for managing and executing database changes.\n- licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n\n- Group: org.liquibase\n\n- Name: liquibase-core\n\n- Version: 3.6.3\n\n- Description: Liquibase is a tool for managing and executing database changes.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", "start_time": "" } ] @@ -3702,7 +3702,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3749,13 +3749,13 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n- group: org.eclipse.jetty.http2\n- name: http2-server\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3802,7 +3802,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n- group: org.eclipse.jetty.http2\n- name: http2-common\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3849,7 +3849,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n- group: org.eclipse.jetty.http2\n- name: http2-hpack\n- version: 9.4.18.v20190429\n- description: The Eclipse Jetty Project\n- licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-hpack\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", "start_time": "" } ] @@ -3898,7 +3898,7 @@ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", "start_time": "" } ] @@ -3945,7 +3945,7 @@ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n- group: com.rabbitmq\n- name: amqp-client\n- version: 4.4.1\n- description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n- licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", "start_time": "" } ] @@ -3992,7 +3992,7 @@ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", "start_time": "" } ] @@ -4041,13 +4041,13 @@ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "-Component Summary-\n- type: library\n- bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n- group: com.h2database\n- name: h2\n- version: 1.4.197\n- description: H2 Database Engine\n- licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", "start_time": "" } ] } ], - "sha256": "cf26e50df72fb70faa489846f6f3a8508840a44ba3ed7297d58bd58c877f0d03" + "sha256": "9d65827cc2bf25a92db7f8ebe51718810b1a04a6ba4ebd9f6a6d5e56b8180c50" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json index d9db886b3f..726d874d8a 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json @@ -99,13 +99,13 @@ { "status": "failed", "code_desc": "Component urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar is vulnerable", - "message": "-Component Summary-\n- bom-ref: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\n- name: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar", + "message": "-Component Summary-\n\n- Bom-ref: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\n\n- Name: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar", "start_time": "" } ] } ], - "sha256": "8899bb4bec605e6134bf32de098bd51adae09883f3a69276bb397c7f75967be1" + "sha256": "3e789be8a4729dbaccea30160afaba783d47da8f788b1e226809c5a8c6162579" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json index 11169e2bfa..24230117cc 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json @@ -99,13 +99,13 @@ { "status": "failed", "code_desc": "Component urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar is vulnerable", - "message": "-Component Summary-\n- bom-ref: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\n- name: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar", + "message": "-Component Summary-\n\n- Bom-ref: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\n\n- Name: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar", "start_time": "" } ] } ], - "sha256": "8899bb4bec605e6134bf32de098bd51adae09883f3a69276bb397c7f75967be1" + "sha256": "3e789be8a4729dbaccea30160afaba783d47da8f788b1e226809c5a8c6162579" } ], "passthrough": { From 23b7ba8cace10430ed51c655b2e73bb2928f0afc Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Wed, 31 Jul 2024 11:46:36 -0400 Subject: [PATCH 28/61] Linting Signed-off-by: Charles Hu --- libs/hdf-converters/src/sbom-mapper.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index f289cf7e3a..916a7f81e0 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -405,8 +405,9 @@ export class SBOMMapper extends BaseConverter { id: {path: 'id'}, desc: { path: 'description', - transformer: (input: string): string | undefined => - input ? input : undefined + transformer: ( + input: Record + ): string | undefined => (input ? `${input}` : undefined) }, impact: {path: 'ratings', transformer: aggregateImpact}, code: { From 609872bcd7b95fe269a6665af2685649400eaebd Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Fri, 2 Aug 2024 10:00:57 -0400 Subject: [PATCH 29/61] Move porfile desc to summary Signed-off-by: Charles Hu --- .../sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json | 4 ++-- .../sbom_mapper/sbom-dropwizard-no-vulns-hdf.json | 4 ++-- .../sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json | 4 ++-- .../sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json | 4 ++-- .../sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json | 4 ++-- .../sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json | 4 ++-- .../sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json | 4 ++-- .../hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json | 4 ++-- libs/hdf-converters/src/sbom-mapper.ts | 2 +- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json index 99ffe6491c..4e8e0c1d7b 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json @@ -10,13 +10,13 @@ "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", "title": "test 9 CycloneDX BOM Report", "version": "SNAPSHOT", - "description": "This is the project I want to use to generate data to understand the schema a bit better", + "summary": "This is the project I want to use to generate data to understand the schema a bit better", "supports": [], "attributes": [], "groups": [], "status": "loaded", "controls": [], - "sha256": "457073f76a4355932e902365ca9adf836dac722c1faa4ea1a78e3db202f28c68" + "sha256": "3a0997c870f6ad34bd899d221d0df922c9377fd6d3c0c98f268432b4760b4671" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json index 59727c4f5e..cc93d123d2 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json @@ -10,13 +10,13 @@ "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", "title": "test 9 CycloneDX BOM Report", "version": "SNAPSHOT", - "description": "This is the project I want to use to generate data to understand the schema a bit better", + "summary": "This is the project I want to use to generate data to understand the schema a bit better", "supports": [], "attributes": [], "groups": [], "status": "loaded", "controls": [], - "sha256": "457073f76a4355932e902365ca9adf836dac722c1faa4ea1a78e3db202f28c68" + "sha256": "3a0997c870f6ad34bd899d221d0df922c9377fd6d3c0c98f268432b4760b4671" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index 62ffc4878c..ccf44ee08a 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -10,7 +10,7 @@ "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", "title": "test 9 CycloneDX BOM Report", "version": "SNAPSHOT", - "description": "This is the project I want to use to generate data to understand the schema a bit better", + "summary": "This is the project I want to use to generate data to understand the schema a bit better", "supports": [], "attributes": [], "groups": [], @@ -4035,7 +4035,7 @@ ] } ], - "sha256": "f7826c9044111b03e9e5af8bf9e868c3fffc231c660df8310d20c9841a20bac1" + "sha256": "ba250adbb95d9127c9a403a7c1d29ba2772648b273c87104abc9cffd130bda87" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json index bd9d796caa..d68952da1b 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -10,7 +10,7 @@ "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", "title": "test 9 CycloneDX BOM Report", "version": "SNAPSHOT", - "description": "This is the project I want to use to generate data to understand the schema a bit better", + "summary": "This is the project I want to use to generate data to understand the schema a bit better", "supports": [], "attributes": [], "groups": [], @@ -4035,7 +4035,7 @@ ] } ], - "sha256": "f7826c9044111b03e9e5af8bf9e868c3fffc231c660df8310d20c9841a20bac1" + "sha256": "ba250adbb95d9127c9a403a7c1d29ba2772648b273c87104abc9cffd130bda87" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index 09370ff3f8..c72a6d58d6 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -10,7 +10,7 @@ "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", "title": "test 9 CycloneDX BOM Report", "version": "SNAPSHOT", - "description": "This is the project I want to use to generate data to understand the schema a bit better", + "summary": "This is the project I want to use to generate data to understand the schema a bit better", "supports": [], "attributes": [], "groups": [], @@ -4047,7 +4047,7 @@ ] } ], - "sha256": "9d65827cc2bf25a92db7f8ebe51718810b1a04a6ba4ebd9f6a6d5e56b8180c50" + "sha256": "c5b3d361578315660c5384bff0b00d8ee600e087d5f1b4e33a41dff34178dd04" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index 0293d53fde..45e8d216a1 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -10,7 +10,7 @@ "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", "title": "test 9 CycloneDX BOM Report", "version": "SNAPSHOT", - "description": "This is the project I want to use to generate data to understand the schema a bit better", + "summary": "This is the project I want to use to generate data to understand the schema a bit better", "supports": [], "attributes": [], "groups": [], @@ -4047,7 +4047,7 @@ ] } ], - "sha256": "9d65827cc2bf25a92db7f8ebe51718810b1a04a6ba4ebd9f6a6d5e56b8180c50" + "sha256": "c5b3d361578315660c5384bff0b00d8ee600e087d5f1b4e33a41dff34178dd04" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json index b52341505a..9ea0b18526 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json @@ -11,14 +11,14 @@ "title": "@mitre/saf CycloneDX BOM Report", "version": "1.4.7", "maintainer": "The MITRE Security Automation Framework", - "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "summary": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", "license": "Apache-2.0", "supports": [], "attributes": [], "groups": [], "status": "loaded", "controls": [], - "sha256": "d0eb06874c873528a609afe066d8ce3728bc38e9f6d57dd693ed21455edfe0f8" + "sha256": "bb7e08a6555c552f8096497e3ea8043e91f3425eebe8ddc4e0966c262f7e7635" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json index 3790bfd830..e6668fd47c 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json @@ -11,14 +11,14 @@ "title": "@mitre/saf CycloneDX BOM Report", "version": "1.4.7", "maintainer": "The MITRE Security Automation Framework", - "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "summary": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", "license": "Apache-2.0", "supports": [], "attributes": [], "groups": [], "status": "loaded", "controls": [], - "sha256": "d0eb06874c873528a609afe066d8ce3728bc38e9f6d57dd693ed21455edfe0f8" + "sha256": "bb7e08a6555c552f8096497e3ea8043e91f3425eebe8ddc4e0966c262f7e7635" } ], "passthrough": { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index 916a7f81e0..e06354821e 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -242,7 +242,7 @@ export class SBOMMapper extends BaseConverter { } } }, - description: { + summary: { path: 'metadata.component', transformer: (input: Record): string | undefined => input.description ? `${input.description}` : undefined From 08d7c7421f6a20c4386dd5b58c3505f6a08c1ddf Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Fri, 2 Aug 2024 10:51:03 -0400 Subject: [PATCH 30/61] Added conditional to control title genreation Signed-off-by: Charles Hu --- .../sbom-dropwizard-vex-hdf-withraw.json | 58 +++++++++---------- .../sbom_mapper/sbom-dropwizard-vex-hdf.json | 58 +++++++++---------- .../sbom-dropwizard-vulns-hdf-withraw.json | 58 +++++++++---------- .../sbom-dropwizard-vulns-hdf.json | 58 +++++++++---------- libs/hdf-converters/src/sbom-mapper.ts | 13 +++-- 5 files changed, 125 insertions(+), 120 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index ccf44ee08a..98997322bf 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -151,7 +151,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "id": "GHSA-5p34-5m6p-p58g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, @@ -198,7 +198,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "id": "GHSA-27xj-rqx5-2255", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, @@ -245,7 +245,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "id": "GHSA-58pp-9c76-5625", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, @@ -339,7 +339,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "id": "GHSA-h4rc-386g-6m85", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, @@ -386,7 +386,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "id": "GHSA-9vvp-fxw6-jcxr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, @@ -433,7 +433,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "id": "GHSA-rf6r-2c4q-2vwg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, @@ -480,7 +480,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "id": "GHSA-758m-v56v-grj4", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, @@ -527,7 +527,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "id": "GHSA-95cm-88f5-f2c7", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, @@ -621,7 +621,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "id": "GHSA-mc6h-4qgp-37qh", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, @@ -668,7 +668,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "id": "GHSA-j823-4qch-3rgm", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, @@ -715,7 +715,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "id": "GHSA-c265-37vj-cwcc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, @@ -1186,7 +1186,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "id": "GHSA-8w26-6f25-cm9x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, @@ -1233,7 +1233,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-m6x4-97wx-4q27", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, @@ -1280,7 +1280,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "id": "GHSA-v585-23hc-c647", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, @@ -1327,7 +1327,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "id": "GHSA-r695-7vr9-jgc2", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, @@ -1374,7 +1374,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "id": "GHSA-vfqx-33qm-g869", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, @@ -1421,7 +1421,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "id": "GHSA-f9xh-2qgp-cq57", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, @@ -1468,7 +1468,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-cvm9-fjm9-3572", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, @@ -1515,7 +1515,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-9gph-22xh-8x98", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, @@ -1562,7 +1562,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-89qr-369f-5m5x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, @@ -1609,7 +1609,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, @@ -1656,7 +1656,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "id": "GHSA-9m6f-7xcq-8vf8", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, @@ -1750,7 +1750,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-wh8g-3j2c-rqj5", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, @@ -1798,7 +1798,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "id": "GHSA-r3gr-cxrf-hg25", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, @@ -2034,7 +2034,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking....", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "id": "GHSA-gww7-p5w4-wrfv", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, @@ -2129,7 +2129,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "id": "GHSA-fqwf-pjwf-7vqv", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, @@ -2276,7 +2276,7 @@ } ], "source_location": {}, - "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564....", + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "id": "GHSA-rvwf-54qp-4r6v", "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, @@ -3404,7 +3404,7 @@ } ], "source_location": {}, - "title": "testing...", + "title": "testing", "id": "INT-63e3-49kp-blqt", "desc": "testing", "impact": 0.3, @@ -4035,7 +4035,7 @@ ] } ], - "sha256": "ba250adbb95d9127c9a403a7c1d29ba2772648b273c87104abc9cffd130bda87" + "sha256": "9902bf99c7a943ca3bf57d11dec58a10fb723eb05d3e3094fdb723af75718cee" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json index d68952da1b..82f4ac8fe3 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -151,7 +151,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "id": "GHSA-5p34-5m6p-p58g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, @@ -198,7 +198,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "id": "GHSA-27xj-rqx5-2255", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, @@ -245,7 +245,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "id": "GHSA-58pp-9c76-5625", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, @@ -339,7 +339,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "id": "GHSA-h4rc-386g-6m85", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, @@ -386,7 +386,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "id": "GHSA-9vvp-fxw6-jcxr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, @@ -433,7 +433,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "id": "GHSA-rf6r-2c4q-2vwg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, @@ -480,7 +480,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "id": "GHSA-758m-v56v-grj4", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, @@ -527,7 +527,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "id": "GHSA-95cm-88f5-f2c7", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, @@ -621,7 +621,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "id": "GHSA-mc6h-4qgp-37qh", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, @@ -668,7 +668,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "id": "GHSA-j823-4qch-3rgm", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, @@ -715,7 +715,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "id": "GHSA-c265-37vj-cwcc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, @@ -1186,7 +1186,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "id": "GHSA-8w26-6f25-cm9x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, @@ -1233,7 +1233,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-m6x4-97wx-4q27", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, @@ -1280,7 +1280,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "id": "GHSA-v585-23hc-c647", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, @@ -1327,7 +1327,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "id": "GHSA-r695-7vr9-jgc2", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, @@ -1374,7 +1374,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "id": "GHSA-vfqx-33qm-g869", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, @@ -1421,7 +1421,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "id": "GHSA-f9xh-2qgp-cq57", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, @@ -1468,7 +1468,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-cvm9-fjm9-3572", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, @@ -1515,7 +1515,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-9gph-22xh-8x98", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, @@ -1562,7 +1562,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-89qr-369f-5m5x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, @@ -1609,7 +1609,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, @@ -1656,7 +1656,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "id": "GHSA-9m6f-7xcq-8vf8", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, @@ -1750,7 +1750,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-wh8g-3j2c-rqj5", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, @@ -1798,7 +1798,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "id": "GHSA-r3gr-cxrf-hg25", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, @@ -2034,7 +2034,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking....", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "id": "GHSA-gww7-p5w4-wrfv", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, @@ -2129,7 +2129,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "id": "GHSA-fqwf-pjwf-7vqv", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, @@ -2276,7 +2276,7 @@ } ], "source_location": {}, - "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564....", + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "id": "GHSA-rvwf-54qp-4r6v", "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, @@ -3404,7 +3404,7 @@ } ], "source_location": {}, - "title": "testing...", + "title": "testing", "id": "INT-63e3-49kp-blqt", "desc": "testing", "impact": 0.3, @@ -4035,7 +4035,7 @@ ] } ], - "sha256": "ba250adbb95d9127c9a403a7c1d29ba2772648b273c87104abc9cffd130bda87" + "sha256": "9902bf99c7a943ca3bf57d11dec58a10fb723eb05d3e3094fdb723af75718cee" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index c72a6d58d6..d4887cf580 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -151,7 +151,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "id": "GHSA-5p34-5m6p-p58g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, @@ -198,7 +198,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "id": "GHSA-27xj-rqx5-2255", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, @@ -245,7 +245,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "id": "GHSA-58pp-9c76-5625", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, @@ -339,7 +339,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "id": "GHSA-h4rc-386g-6m85", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, @@ -386,7 +386,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "id": "GHSA-9vvp-fxw6-jcxr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, @@ -433,7 +433,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "id": "GHSA-rf6r-2c4q-2vwg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, @@ -480,7 +480,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "id": "GHSA-758m-v56v-grj4", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, @@ -527,7 +527,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "id": "GHSA-95cm-88f5-f2c7", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, @@ -621,7 +621,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "id": "GHSA-mc6h-4qgp-37qh", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, @@ -668,7 +668,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "id": "GHSA-j823-4qch-3rgm", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, @@ -715,7 +715,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "id": "GHSA-c265-37vj-cwcc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, @@ -1186,7 +1186,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "id": "GHSA-8w26-6f25-cm9x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, @@ -1233,7 +1233,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-m6x4-97wx-4q27", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, @@ -1280,7 +1280,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "id": "GHSA-v585-23hc-c647", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, @@ -1327,7 +1327,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "id": "GHSA-r695-7vr9-jgc2", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, @@ -1374,7 +1374,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "id": "GHSA-vfqx-33qm-g869", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, @@ -1421,7 +1421,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "id": "GHSA-f9xh-2qgp-cq57", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, @@ -1468,7 +1468,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-cvm9-fjm9-3572", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, @@ -1515,7 +1515,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-9gph-22xh-8x98", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, @@ -1562,7 +1562,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-89qr-369f-5m5x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, @@ -1609,7 +1609,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, @@ -1656,7 +1656,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "id": "GHSA-9m6f-7xcq-8vf8", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, @@ -1750,7 +1750,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-wh8g-3j2c-rqj5", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, @@ -1798,7 +1798,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "id": "GHSA-r3gr-cxrf-hg25", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, @@ -2034,7 +2034,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking....", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "id": "GHSA-gww7-p5w4-wrfv", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, @@ -2129,7 +2129,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "id": "GHSA-fqwf-pjwf-7vqv", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, @@ -2276,7 +2276,7 @@ } ], "source_location": {}, - "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564....", + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "id": "GHSA-rvwf-54qp-4r6v", "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, @@ -3410,7 +3410,7 @@ } ], "source_location": {}, - "title": "testing...", + "title": "testing", "id": "INT-63e3-49kp-blqt", "desc": "testing", "impact": 0.3, @@ -4047,7 +4047,7 @@ ] } ], - "sha256": "c5b3d361578315660c5384bff0b00d8ee600e087d5f1b4e33a41dff34178dd04" + "sha256": "423500d681549aa5606b24248ba94a5e2801d4a5394a672d8b1292d679fe0cfc" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json index 45e8d216a1..8d3064b181 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -151,7 +151,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "id": "GHSA-5p34-5m6p-p58g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, @@ -198,7 +198,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "id": "GHSA-27xj-rqx5-2255", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, @@ -245,7 +245,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "id": "GHSA-58pp-9c76-5625", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, @@ -339,7 +339,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "id": "GHSA-h4rc-386g-6m85", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, @@ -386,7 +386,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "id": "GHSA-9vvp-fxw6-jcxr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, @@ -433,7 +433,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "id": "GHSA-rf6r-2c4q-2vwg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, @@ -480,7 +480,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "id": "GHSA-758m-v56v-grj4", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, @@ -527,7 +527,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "id": "GHSA-95cm-88f5-f2c7", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, @@ -621,7 +621,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "id": "GHSA-mc6h-4qgp-37qh", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, @@ -668,7 +668,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "id": "GHSA-j823-4qch-3rgm", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, @@ -715,7 +715,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "id": "GHSA-c265-37vj-cwcc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, @@ -1186,7 +1186,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "id": "GHSA-8w26-6f25-cm9x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, @@ -1233,7 +1233,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-m6x4-97wx-4q27", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, @@ -1280,7 +1280,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "id": "GHSA-v585-23hc-c647", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, @@ -1327,7 +1327,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "id": "GHSA-r695-7vr9-jgc2", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, @@ -1374,7 +1374,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "id": "GHSA-vfqx-33qm-g869", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, @@ -1421,7 +1421,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "id": "GHSA-f9xh-2qgp-cq57", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, @@ -1468,7 +1468,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-cvm9-fjm9-3572", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, @@ -1515,7 +1515,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-9gph-22xh-8x98", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, @@ -1562,7 +1562,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-89qr-369f-5m5x", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, @@ -1609,7 +1609,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, @@ -1656,7 +1656,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "id": "GHSA-9m6f-7xcq-8vf8", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, @@ -1750,7 +1750,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-wh8g-3j2c-rqj5", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, @@ -1798,7 +1798,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "id": "GHSA-r3gr-cxrf-hg25", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, @@ -2034,7 +2034,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking....", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "id": "GHSA-gww7-p5w4-wrfv", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, @@ -2129,7 +2129,7 @@ } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)....", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "id": "GHSA-fqwf-pjwf-7vqv", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, @@ -2276,7 +2276,7 @@ } ], "source_location": {}, - "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564....", + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "id": "GHSA-rvwf-54qp-4r6v", "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, @@ -3410,7 +3410,7 @@ } ], "source_location": {}, - "title": "testing...", + "title": "testing", "id": "INT-63e3-49kp-blqt", "desc": "testing", "impact": 0.3, @@ -4047,7 +4047,7 @@ ] } ], - "sha256": "c5b3d361578315660c5384bff0b00d8ee600e087d5f1b4e33a41dff34178dd04" + "sha256": "423500d681549aa5606b24248ba94a5e2801d4a5394a672d8b1292d679fe0cfc" } ], "passthrough": { diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/sbom-mapper.ts index e06354821e..7b4f5b71e1 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/sbom-mapper.ts @@ -397,10 +397,15 @@ export class SBOMMapper extends BaseConverter { title: { // Give description as title if possible // Cut off description after certain word count for frontend display on smaller screens - transformer: (input: Record): string => - input.description - ? `${(input.description as string).split(' ').splice(0, 20).join(' ')}...` - : `${input.id}` + transformer: (input: Record): string => { + if (input.description) { + return (input.description as string).split(' ').length > 20 + ? `${(input.description as string).split(' ').splice(0, 20).join(' ')}...` + : `${input.description}`; + } else { + return `${input.id}`; + } + } }, id: {path: 'id'}, desc: { From 0e14fe742d188b4cffa84f4aa3d5fa8e6e791a8c Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Wed, 7 Aug 2024 13:09:07 -0400 Subject: [PATCH 31/61] Review changes Signed-off-by: Charles Hu --- apps/frontend/src/store/report_intake.ts | 6 ++--- libs/hdf-converters/README.md | 2 +- libs/hdf-converters/index.ts | 2 +- ...bom-mapper.ts => cyclonedx-sbom-mapper.ts} | 27 +++++++++---------- .../src/utils/fingerprinting.ts | 4 +-- .../test/mappers/forward/sbom_mapper.spec.ts | 22 +++++++-------- 6 files changed, 31 insertions(+), 32 deletions(-) rename libs/hdf-converters/src/{sbom-mapper.ts => cyclonedx-sbom-mapper.ts} (96%) diff --git a/apps/frontend/src/store/report_intake.ts b/apps/frontend/src/store/report_intake.ts index b97fb20bed..d3e11b43cd 100644 --- a/apps/frontend/src/store/report_intake.ts +++ b/apps/frontend/src/store/report_intake.ts @@ -11,6 +11,7 @@ import { BurpSuiteMapper, ChecklistResults, ConveyorResults as ConveyorResultsMapper, + CycloneDXSBOMResults, DBProtectMapper, fingerprint, FortifyMapper, @@ -24,7 +25,6 @@ import { NiktoMapper, PrismaMapper, SarifMapper, - SBOMResults, ScoutsuiteMapper, SnykResults, TrufflehogResults, @@ -276,8 +276,8 @@ export class InspecIntake extends VuexModule { return new ChecklistResults(convertOptions.data).toHdf(); case INPUT_TYPES.GOSEC: return new GosecMapper(convertOptions.data).toHdf(); - case INPUT_TYPES.SBOM: - return new SBOMResults(convertOptions.data).toHdf(); + case INPUT_TYPES.CYCLONEDX_SBOM: + return new CycloneDXSBOMResults(convertOptions.data).toHdf(); case INPUT_TYPES.TRUFFLEHOG: return new TrufflehogResults(convertOptions.data).toHdf(); default: diff --git a/libs/hdf-converters/README.md b/libs/hdf-converters/README.md index 65261e2469..0afc6df5f1 100644 --- a/libs/hdf-converters/README.md +++ b/libs/hdf-converters/README.md @@ -22,7 +22,7 @@ OHDF Converters supplies several methods to convert various types of security to 15. [**nikto-mapper**] - Nikto results JSON file 16. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file 17. [**sarif-mapper**] - SARIF JSON file -18. [**sbom-mapper**] - CycloneDX SBOM JSON file +18. [**cyclonedx-sbom-mapper**] - CycloneDX SBOM JSON file 19. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object 20. [**snyk-mapper**] - Snyk results JSON file 21. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API diff --git a/libs/hdf-converters/index.ts b/libs/hdf-converters/index.ts index be24ff61d8..80a4ec5545 100644 --- a/libs/hdf-converters/index.ts +++ b/libs/hdf-converters/index.ts @@ -30,7 +30,7 @@ export * from './src/netsparker-mapper'; export * from './src/nikto-mapper'; export * from './src/prisma-mapper'; export * from './src/sarif-mapper'; -export * from './src/sbom-mapper'; +export * from './src/cyclonedx-sbom-mapper'; export * from './src/scoutsuite-mapper'; export * from './src/snyk-mapper'; export * from './src/sonarqube-mapper'; diff --git a/libs/hdf-converters/src/sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts similarity index 96% rename from libs/hdf-converters/src/sbom-mapper.ts rename to libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 7b4f5b71e1..44780070a6 100644 --- a/libs/hdf-converters/src/sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -18,12 +18,7 @@ const IMPACT_MAPPING: Map = new Map([ ]); function formatCWETags(input: number[], addPrefix = true): string[] { - const stringifiedCWE: string[] = []; - for (const cwe of input) { - const cweTag = addPrefix ? `CWE-${cwe}` : `${cwe}`; - stringifiedCWE.push(cweTag); - } - return stringifiedCWE; + return input.map((cwe) => (addPrefix ? `CWE-${cwe}` : `${cwe}`)); } function getNISTTags(input: number[]): string[] { @@ -55,11 +50,11 @@ function aggregateImpact(ratings: Record[]): number { return Math.ceil((impact / ratings.length) * 10) / 100; } -export class SBOMResults { +export class CycloneDXSBOMResults { data: Record; withRaw: boolean; - constructor(SBOMJson: string, withRaw = false) { - this.data = JSON.parse(SBOMJson); + constructor(sbomJson: string, withRaw = false) { + this.data = JSON.parse(sbomJson); this.withRaw = withRaw; if (_.has(this.data, 'components')) { @@ -71,11 +66,15 @@ export class SBOMResults { } else if (_.has(this.data, 'vulnerabilities')) { // Back up operations in case we ingest VEX data instead this.formatVEX(this.data); + } else { + throw new Error( + 'Unrecognized CycloneDX format detected. We currently only support SBOM and VEX formats.' + ); } } // Flatten any arbitrarily nested components list - flattenComponents(data: Record): void { + flattenComponents(data: Record) { // Look through every component at the top level of the list for (const component of data.components as Record[]) { // Identify if subcomponents exist @@ -112,7 +111,7 @@ export class SBOMResults { ... } */ - generateIntermediary(data: Record): void { + generateIntermediary(data: Record) { for (const vulnerability of data.vulnerabilities as (Record< string, unknown @@ -160,7 +159,7 @@ export class SBOMResults { // VEX by default has no component info, resulting in profile errors when parsing the vulnerabilities for OHDF // Fix that by adding a temporary result that refers the vulnerability back to its associated BOM - formatVEX(data: Record): void { + formatVEX(data: Record) { for (const vulnerability of data.vulnerabilities as (Record< string, unknown @@ -178,11 +177,11 @@ export class SBOMResults { } toHdf(): ExecJSON.Execution { - return new SBOMMapper(this.data, this.withRaw).toHdf(); + return new CycloneDXSBOMMapper(this.data, this.withRaw).toHdf(); } } -export class SBOMMapper extends BaseConverter { +export class CycloneDXSBOMMapper extends BaseConverter { withRaw: boolean; mappings: MappedTransform< diff --git a/libs/hdf-converters/src/utils/fingerprinting.ts b/libs/hdf-converters/src/utils/fingerprinting.ts index f8d1e8e7f4..3baedf507f 100644 --- a/libs/hdf-converters/src/utils/fingerprinting.ts +++ b/libs/hdf-converters/src/utils/fingerprinting.ts @@ -12,7 +12,7 @@ export enum INPUT_TYPES { MSFT_SEC_SCORE = 'msft_secure_score', NIKTO = 'nikto', SARIF = 'sarif', - SBOM = 'sbom', + CYCLONEDX_SBOM = 'cyclonedx_sbom', SNYK = 'snyk', TRUFFLEHOG = 'trufflehog', TWISTLOCK = 'twistlock', @@ -77,7 +77,7 @@ const fileTypeFingerprints: Record = { [INPUT_TYPES.NOT_FOUND]: [], [INPUT_TYPES.VERACODE]: [], [INPUT_TYPES.GOSEC]: ['Golang errors', 'Issues'], - [INPUT_TYPES.SBOM]: ['bomFormat', 'metadata', 'specVersion'] + [INPUT_TYPES.CYCLONEDX_SBOM]: ['bomFormat', 'metadata', 'specVersion'] }; export function fingerprint(guessOptions: { diff --git a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts index 6d65088ccc..c7901dde38 100644 --- a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts @@ -1,10 +1,10 @@ import fs from 'fs'; -import {SBOMResults} from '../../../src/sbom-mapper'; +import {CycloneDXSBOMResults} from '../../../src/cyclonedx-sbom-mapper'; import {omitVersions} from '../../utils'; describe('sbom_mapper_saf', () => { it('Successfully converts SBOM data', () => { - const mapper = new SBOMResults( + const mapper = new CycloneDXSBOMResults( fs.readFileSync( 'sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json', {encoding: 'utf-8'} @@ -28,7 +28,7 @@ describe('sbom_mapper_saf', () => { }); it('Successfully converts withraw flagged SBOM data', () => { - const mapper = new SBOMResults( + const mapper = new CycloneDXSBOMResults( fs.readFileSync( 'sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json', {encoding: 'utf-8'} @@ -58,7 +58,7 @@ describe('sbom_mapper_saf', () => { describe('sbom_mapper_dropwizard_vulns', () => { it('Successfully converts SBOM data', () => { - const mapper = new SBOMResults( + const mapper = new CycloneDXSBOMResults( fs.readFileSync( 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json', {encoding: 'utf-8'} @@ -85,7 +85,7 @@ describe('sbom_mapper_dropwizard_vulns', () => { }); it('Successfully converts withraw flagged SBOM data', () => { - const mapper = new SBOMResults( + const mapper = new CycloneDXSBOMResults( fs.readFileSync( 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json', {encoding: 'utf-8'} @@ -115,7 +115,7 @@ describe('sbom_mapper_dropwizard_vulns', () => { describe('sbom_mapper_dropwizard_no_vulns', () => { it('Successfully converts SBOM data', () => { - const mapper = new SBOMResults( + const mapper = new CycloneDXSBOMResults( fs.readFileSync( 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-no-vulns.json', {encoding: 'utf-8'} @@ -142,7 +142,7 @@ describe('sbom_mapper_dropwizard_no_vulns', () => { }); it('Successfully converts withraw flagged SBOM data', () => { - const mapper = new SBOMResults( + const mapper = new CycloneDXSBOMResults( fs.readFileSync( 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-no-vulns.json', {encoding: 'utf-8'} @@ -172,7 +172,7 @@ describe('sbom_mapper_dropwizard_no_vulns', () => { describe('sbom_mapper_dropwizard_vex', () => { it('Successfully converts SBOM data', () => { - const mapper = new SBOMResults( + const mapper = new CycloneDXSBOMResults( fs.readFileSync( 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vex.json', {encoding: 'utf-8'} @@ -199,7 +199,7 @@ describe('sbom_mapper_dropwizard_vex', () => { }); it('Successfully converts withraw flagged SBOM data', () => { - const mapper = new SBOMResults( + const mapper = new CycloneDXSBOMResults( fs.readFileSync( 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vex.json', {encoding: 'utf-8'} @@ -229,7 +229,7 @@ describe('sbom_mapper_dropwizard_vex', () => { describe('sbom_mapper_vex', () => { it('Successfully converts SBOM data', () => { - const mapper = new SBOMResults( + const mapper = new CycloneDXSBOMResults( fs.readFileSync('sample_jsons/sbom_mapper/sample_input_report/vex.json', { encoding: 'utf-8' }) @@ -252,7 +252,7 @@ describe('sbom_mapper_vex', () => { }); it('Successfully converts withraw flagged SBOM data', () => { - const mapper = new SBOMResults( + const mapper = new CycloneDXSBOMResults( fs.readFileSync('sample_jsons/sbom_mapper/sample_input_report/vex.json', { encoding: 'utf-8' }), From a219581c6a93bdece50a5b857c2dc937006bd95e Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Wed, 7 Aug 2024 13:50:02 -0400 Subject: [PATCH 32/61] Adding CycloneDX types Signed-off-by: Charles Hu --- libs/hdf-converters/package.json | 1 + .../dropwizard-no-vulns.json | 0 .../sample_input_report/dropwizard-vex.json | 0 .../sample_input_report/dropwizard-vulns.json | 0 .../generated-saf-sbom.json | 0 .../sample_input_report/vex.json | 0 .../sbom-dropwizard-no-vulns-hdf-withraw.json | 4 +- .../sbom-dropwizard-no-vulns-hdf.json | 4 +- .../sbom-dropwizard-vex-hdf-withraw.json | 4 +- .../sbom-dropwizard-vex-hdf.json | 4 +- .../sbom-dropwizard-vulns-hdf-withraw.json | 4 +- .../sbom-dropwizard-vulns-hdf.json | 4 +- .../sbom-saf-hdf-withraw.json | 4 +- .../sbom-saf-hdf.json | 4 +- .../sbom-vex-hdf-withraw.json | 8 +- .../sbom-vex-hdf.json | 8 +- .../src/cyclonedx-sbom-mapper.ts | 29 +- ....spec.ts => cyclonedx_sbom_mapper.spec.ts} | 60 ++-- yarn.lock | 260 ++++++++++++++++-- 19 files changed, 314 insertions(+), 84 deletions(-) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sample_input_report/dropwizard-no-vulns.json (100%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sample_input_report/dropwizard-vex.json (100%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sample_input_report/dropwizard-vulns.json (100%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sample_input_report/generated-saf-sbom.json (100%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sample_input_report/vex.json (100%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sbom-dropwizard-no-vulns-hdf-withraw.json (99%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sbom-dropwizard-no-vulns-hdf.json (99%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sbom-dropwizard-vex-hdf-withraw.json (99%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sbom-dropwizard-vex-hdf.json (99%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sbom-dropwizard-vulns-hdf-withraw.json (99%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sbom-dropwizard-vulns-hdf.json (99%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sbom-saf-hdf-withraw.json (99%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sbom-saf-hdf.json (99%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sbom-vex-hdf-withraw.json (98%) rename libs/hdf-converters/sample_jsons/{sbom_mapper => cyclonedx_sbom_mapper}/sbom-vex-hdf.json (98%) rename libs/hdf-converters/test/mappers/forward/{sbom_mapper.spec.ts => cyclonedx_sbom_mapper.spec.ts} (66%) diff --git a/libs/hdf-converters/package.json b/libs/hdf-converters/package.json index 9848650f16..bc0f02e1e1 100644 --- a/libs/hdf-converters/package.json +++ b/libs/hdf-converters/package.json @@ -26,6 +26,7 @@ }, "dependencies": { "@aws-sdk/client-config-service": "^3.95.0", + "@cyclonedx/cyclonedx-library": "^6.11.0", "@e965/xlsx": "^0.20.0", "@mdi/js": "^7.0.96", "@microsoft/microsoft-graph-types": "^2.40.0", diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-no-vulns.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-no-vulns.json similarity index 100% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-no-vulns.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-no-vulns.json diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-vex.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vex.json similarity index 100% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-vex.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vex.json diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json similarity index 100% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/generated-saf-sbom.json similarity index 100% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/generated-saf-sbom.json diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/vex.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json similarity index 100% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sample_input_report/vex.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json similarity index 99% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json index 4e8e0c1d7b..b7ff368445 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.12" + "release": "2.10.13" }, - "version": "2.10.12", + "version": "2.10.13", "statistics": {}, "profiles": [ { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json similarity index 99% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json index cc93d123d2..38e81c0124 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.12" + "release": "2.10.13" }, - "version": "2.10.12", + "version": "2.10.13", "statistics": {}, "profiles": [ { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json similarity index 99% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index 98997322bf..05e3b5a838 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.12" + "release": "2.10.13" }, - "version": "2.10.12", + "version": "2.10.13", "statistics": {}, "profiles": [ { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json similarity index 99% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json index 82f4ac8fe3..cd69ef8849 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.12" + "release": "2.10.13" }, - "version": "2.10.12", + "version": "2.10.13", "statistics": {}, "profiles": [ { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json similarity index 99% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index d4887cf580..1b44af33c8 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.12" + "release": "2.10.13" }, - "version": "2.10.12", + "version": "2.10.13", "statistics": {}, "profiles": [ { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json similarity index 99% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json index 8d3064b181..cbb436af50 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.12" + "release": "2.10.13" }, - "version": "2.10.12", + "version": "2.10.13", "statistics": {}, "profiles": [ { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json similarity index 99% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json index 9ea0b18526..c7da01b309 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.12" + "release": "2.10.13" }, - "version": "2.10.12", + "version": "2.10.13", "statistics": {}, "profiles": [ { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json similarity index 99% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json index e6668fd47c..ab68025c9f 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.12" + "release": "2.10.13" }, - "version": "2.10.12", + "version": "2.10.13", "statistics": {}, "profiles": [ { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json similarity index 98% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json index 726d874d8a..fbf6bd8b6a 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.12" + "release": "2.10.13" }, - "version": "2.10.12", + "version": "2.10.13", "statistics": {}, "profiles": [ { @@ -93,7 +93,7 @@ "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package...", "id": "CVE-2020-25649", "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", - "impact": 0.53, + "impact": 0.82, "code": "{\n \"id\": \"CVE-2020-25649\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-25649\"\n },\n \"references\": [\n {\n \"id\": \"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\",\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n }\n }\n ],\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1\"\n },\n \"score\": 7.5,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n },\n \"score\": 8.2,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"Acme Inc\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1\"\n },\n \"score\": 0,\n \"severity\": \"none\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\",\n \"detail\": \"XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\\n\\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\",\n \"recommendation\": \"Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.\",\n \"advisories\": [\n {\n \"title\": \"GitHub Commit\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59\"\n },\n {\n \"title\": \"GitHub Issue\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/issues/2589\"\n },\n {\n \"title\": \"RedHat Bugzilla Bug\",\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\"\n }\n ],\n \"created\": \"2020-12-03T00:00:00.000Z\",\n \"published\": \"2020-12-03T00:00:00.000Z\",\n \"updated\": \"2021-10-26T00:00:00.000Z\",\n \"credits\": {\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n },\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\"\n }\n ]\n}", "results": [ { @@ -105,7 +105,7 @@ ] } ], - "sha256": "3e789be8a4729dbaccea30160afaba783d47da8f788b1e226809c5a8c6162579" + "sha256": "ff54a575f2b6ba5b71509d4333cf7d81e8222be0d6f020b401421db15fdb371a" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json similarity index 98% rename from libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json rename to libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json index 24230117cc..eb977a21be 100644 --- a/libs/hdf-converters/sample_jsons/sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.12" + "release": "2.10.13" }, - "version": "2.10.12", + "version": "2.10.13", "statistics": {}, "profiles": [ { @@ -93,7 +93,7 @@ "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package...", "id": "CVE-2020-25649", "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", - "impact": 0.53, + "impact": 0.82, "code": "{\n \"id\": \"CVE-2020-25649\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-25649\"\n },\n \"references\": [\n {\n \"id\": \"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\",\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n }\n }\n ],\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1\"\n },\n \"score\": 7.5,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n },\n \"score\": 8.2,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"Acme Inc\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1\"\n },\n \"score\": 0,\n \"severity\": \"none\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\",\n \"detail\": \"XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\\n\\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\",\n \"recommendation\": \"Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.\",\n \"advisories\": [\n {\n \"title\": \"GitHub Commit\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59\"\n },\n {\n \"title\": \"GitHub Issue\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/issues/2589\"\n },\n {\n \"title\": \"RedHat Bugzilla Bug\",\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\"\n }\n ],\n \"created\": \"2020-12-03T00:00:00.000Z\",\n \"published\": \"2020-12-03T00:00:00.000Z\",\n \"updated\": \"2021-10-26T00:00:00.000Z\",\n \"credits\": {\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n },\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\"\n }\n ]\n}", "results": [ { @@ -105,7 +105,7 @@ ] } ], - "sha256": "3e789be8a4729dbaccea30160afaba783d47da8f788b1e226809c5a8c6162579" + "sha256": "ff54a575f2b6ba5b71509d4333cf7d81e8222be0d6f020b401421db15fdb371a" } ], "passthrough": { diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 44780070a6..f5f0a8fcca 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -4,6 +4,7 @@ import {version as HeimdallToolsVersion} from '../package.json'; import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; import {getCCIsForNISTTags} from './utils/global'; +import {RatingRepository} from '@cyclonedx/cyclonedx-library/dist.d/models/vulnerability'; const CWE_NIST_MAPPING = new CweNistMapping(); const DEFAULT_NIST_TAG = ['SI-2', 'RA-5']; @@ -18,7 +19,12 @@ const IMPACT_MAPPING: Map = new Map([ ]); function formatCWETags(input: number[], addPrefix = true): string[] { - return input.map((cwe) => (addPrefix ? `CWE-${cwe}` : `${cwe}`)); + const stringifiedCWE: string[] = []; + for (const cwe of input) { + const cweTag = addPrefix ? `CWE-${cwe}` : `${cwe}`; + stringifiedCWE.push(cweTag); + } + return stringifiedCWE; } function getNISTTags(input: number[]): string[] { @@ -29,25 +35,24 @@ function getNISTTags(input: number[]): string[] { } // A single SBOM vulnerability can contain multiple security ratings -// Average any existing ratings and then pass to `impact` -function aggregateImpact(ratings: Record[]): number { +// Find the max of any existing ratings and then pass to `impact` +function aggregateImpact(ratings: RatingRepository): number { let impact = 0; for (const rating of ratings) { // Prefer to use CVSS-based `score` field when possible - if (_.has(rating, 'score') && _.get(rating, 'method') == 'CVSSv31') { - impact += (rating as {score: number}).score; + if (rating.score && _.get(rating, 'method') == 'CVSSv31') { + impact = rating.score / 10 > impact ? rating.score / 10 : impact; } else { // Else interpret it from `severity` field - const severity = IMPACT_MAPPING.get( - (rating as {severity: string}).severity.toLowerCase() - ); - if (severity) { - impact += severity * 10; + if (rating.severity) { + const severity = IMPACT_MAPPING.get( + rating.severity.toLowerCase() + ) as number; + impact = severity > impact ? severity : impact; } } } - // Round up aggregate impact to the 2nd decimal place - return Math.ceil((impact / ratings.length) * 10) / 100; + return impact; } export class CycloneDXSBOMResults { diff --git a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts similarity index 66% rename from libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts rename to libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts index c7901dde38..7bdde39248 100644 --- a/libs/hdf-converters/test/mappers/forward/sbom_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts @@ -6,20 +6,20 @@ describe('sbom_mapper_saf', () => { it('Successfully converts SBOM data', () => { const mapper = new CycloneDXSBOMResults( fs.readFileSync( - 'sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json', + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/generated-saf-sbom.json', {encoding: 'utf-8'} ) ); // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-saf-hdf.json', + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json', // JSON.stringify(mapper.toHdf(), null, 2) // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( JSON.parse( - fs.readFileSync('sample_jsons/sbom_mapper/sbom-saf-hdf.json', { + fs.readFileSync('sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json', { encoding: 'utf-8' }) ) @@ -30,14 +30,14 @@ describe('sbom_mapper_saf', () => { it('Successfully converts withraw flagged SBOM data', () => { const mapper = new CycloneDXSBOMResults( fs.readFileSync( - 'sample_jsons/sbom_mapper/sample_input_report/generated-saf-sbom.json', + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/generated-saf-sbom.json', {encoding: 'utf-8'} ), true ); // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json', // JSON.stringify(mapper.toHdf(), null, 2) // ); @@ -45,7 +45,7 @@ describe('sbom_mapper_saf', () => { omitVersions( JSON.parse( fs.readFileSync( - 'sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json', + 'sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json', { encoding: 'utf-8' } @@ -60,13 +60,13 @@ describe('sbom_mapper_dropwizard_vulns', () => { it('Successfully converts SBOM data', () => { const mapper = new CycloneDXSBOMResults( fs.readFileSync( - 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json', + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json', {encoding: 'utf-8'} ) ); // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json', // JSON.stringify(mapper.toHdf(), null, 2) // ); @@ -74,7 +74,7 @@ describe('sbom_mapper_dropwizard_vulns', () => { omitVersions( JSON.parse( fs.readFileSync( - 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json', + 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json', { encoding: 'utf-8' } @@ -87,14 +87,14 @@ describe('sbom_mapper_dropwizard_vulns', () => { it('Successfully converts withraw flagged SBOM data', () => { const mapper = new CycloneDXSBOMResults( fs.readFileSync( - 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vulns.json', + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json', {encoding: 'utf-8'} ), true ); // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', // JSON.stringify(mapper.toHdf(), null, 2) // ); @@ -102,7 +102,7 @@ describe('sbom_mapper_dropwizard_vulns', () => { omitVersions( JSON.parse( fs.readFileSync( - 'sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', + 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', { encoding: 'utf-8' } @@ -117,13 +117,13 @@ describe('sbom_mapper_dropwizard_no_vulns', () => { it('Successfully converts SBOM data', () => { const mapper = new CycloneDXSBOMResults( fs.readFileSync( - 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-no-vulns.json', + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-no-vulns.json', {encoding: 'utf-8'} ) ); // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json', + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json', // JSON.stringify(mapper.toHdf(), null, 2) // ); @@ -131,7 +131,7 @@ describe('sbom_mapper_dropwizard_no_vulns', () => { omitVersions( JSON.parse( fs.readFileSync( - 'sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json', + 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json', { encoding: 'utf-8' } @@ -144,14 +144,14 @@ describe('sbom_mapper_dropwizard_no_vulns', () => { it('Successfully converts withraw flagged SBOM data', () => { const mapper = new CycloneDXSBOMResults( fs.readFileSync( - 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-no-vulns.json', + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-no-vulns.json', {encoding: 'utf-8'} ), true ); // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json', + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json', // JSON.stringify(mapper.toHdf(), null, 2) // ); @@ -159,7 +159,7 @@ describe('sbom_mapper_dropwizard_no_vulns', () => { omitVersions( JSON.parse( fs.readFileSync( - 'sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json', + 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json', { encoding: 'utf-8' } @@ -174,13 +174,13 @@ describe('sbom_mapper_dropwizard_vex', () => { it('Successfully converts SBOM data', () => { const mapper = new CycloneDXSBOMResults( fs.readFileSync( - 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vex.json', + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vex.json', {encoding: 'utf-8'} ) ); // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json', + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json', // JSON.stringify(mapper.toHdf(), null, 2) // ); @@ -188,7 +188,7 @@ describe('sbom_mapper_dropwizard_vex', () => { omitVersions( JSON.parse( fs.readFileSync( - 'sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json', + 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json', { encoding: 'utf-8' } @@ -201,14 +201,14 @@ describe('sbom_mapper_dropwizard_vex', () => { it('Successfully converts withraw flagged SBOM data', () => { const mapper = new CycloneDXSBOMResults( fs.readFileSync( - 'sample_jsons/sbom_mapper/sample_input_report/dropwizard-vex.json', + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vex.json', {encoding: 'utf-8'} ), true ); // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json', + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json', // JSON.stringify(mapper.toHdf(), null, 2) // ); @@ -216,7 +216,7 @@ describe('sbom_mapper_dropwizard_vex', () => { omitVersions( JSON.parse( fs.readFileSync( - 'sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json', + 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json', { encoding: 'utf-8' } @@ -230,20 +230,20 @@ describe('sbom_mapper_dropwizard_vex', () => { describe('sbom_mapper_vex', () => { it('Successfully converts SBOM data', () => { const mapper = new CycloneDXSBOMResults( - fs.readFileSync('sample_jsons/sbom_mapper/sample_input_report/vex.json', { + fs.readFileSync('sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json', { encoding: 'utf-8' }) ); // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-vex-hdf.json', + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json', // JSON.stringify(mapper.toHdf(), null, 2) // ); expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( JSON.parse( - fs.readFileSync('sample_jsons/sbom_mapper/sbom-vex-hdf.json', { + fs.readFileSync('sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json', { encoding: 'utf-8' }) ) @@ -253,14 +253,14 @@ describe('sbom_mapper_vex', () => { it('Successfully converts withraw flagged SBOM data', () => { const mapper = new CycloneDXSBOMResults( - fs.readFileSync('sample_jsons/sbom_mapper/sample_input_report/vex.json', { + fs.readFileSync('sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json', { encoding: 'utf-8' }), true ); // fs.writeFileSync( - // 'sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json', + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json', // JSON.stringify(mapper.toHdf(), null, 2) // ); @@ -268,7 +268,7 @@ describe('sbom_mapper_vex', () => { omitVersions( JSON.parse( fs.readFileSync( - 'sample_jsons/sbom_mapper/sbom-vex-hdf-withraw.json', + 'sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json', { encoding: 'utf-8' } diff --git a/yarn.lock b/yarn.lock index f6de71e0f8..44c27b9859 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1868,6 +1868,20 @@ resolved "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz#ec6cd237440700bc23ca23087f513c75508958b0" integrity sha512-Ir+AOibqzrIsL6ajt3Rz3LskB7OiMVHqltZmspbW/TJuTVuyOMirVqAkjfY6JISiLHgyNqicAC8AyHHGzNd/dA== +"@cyclonedx/cyclonedx-library@^6.11.0": + version "6.11.0" + resolved "https://registry.yarnpkg.com/@cyclonedx/cyclonedx-library/-/cyclonedx-library-6.11.0.tgz#1d8f4caede27918b1f793333e7c3b3ae97b171f2" + integrity sha512-T2R49+ia3NmluV+56Ev1NSIjG7DKUFM3EzzhHwJqWRUMuFK3Z8AIKIbNezAxoyl+4kJ6MzT8lke7t8mkZom+/A== + dependencies: + packageurl-js ">=0.0.6 <0.0.8 || ^1" + spdx-expression-parse "^3.0.1 || ^4" + optionalDependencies: + ajv "^8.12.0" + ajv-formats "^3.0.1" + ajv-formats-draft2019 "^1.6.1" + libxmljs2 "^0.31 || ^0.32 || ^0.33" + xmlbuilder2 "^3.0.2" + "@cypress/request@^3.0.1": version "3.0.1" resolved "https://registry.yarnpkg.com/@cypress/request/-/request-3.0.1.tgz#72d7d5425236a2413bd3d8bb66d02d9dc3168960" @@ -2742,6 +2756,21 @@ resolved "https://registry.npmjs.org/@lukeed/csprng/-/csprng-1.1.0.tgz#1e3e4bd05c1cc7a0b2ddbd8a03f39f6e4b5e6cfe" integrity sha512-Z7C/xXCiGWsg0KuKsHTKJxbWhpI3Vs5GwLfOean7MGyVFGqdRgBbAjOCh6u4bbjPc/8MJ2pZmK/0DLdCbivLDA== +"@mapbox/node-pre-gyp@^1.0.11": + version "1.0.11" + resolved "https://registry.yarnpkg.com/@mapbox/node-pre-gyp/-/node-pre-gyp-1.0.11.tgz#417db42b7f5323d79e93b34a6d7a2a12c0df43fa" + integrity sha512-Yhlar6v9WQgUp/He7BdgzOz8lqMQ8sU+jkCq7Wx8Myc5YFJLbEe7lgui/V7G1qB1DJykHSGwreceSaD60Y0PUQ== + dependencies: + detect-libc "^2.0.0" + https-proxy-agent "^5.0.0" + make-dir "^3.1.0" + node-fetch "^2.6.7" + nopt "^5.0.0" + npmlog "^5.0.1" + rimraf "^3.0.2" + semver "^7.3.5" + tar "^6.1.11" + "@mark.probst/typescript-json-schema@~0.32.0": version "0.32.0" resolved "https://registry.npmjs.org/@mark.probst/typescript-json-schema/-/typescript-json-schema-0.32.0.tgz#724d2de8baa2e46e5af4cfdeb9fe3758ced9b2a4" @@ -3295,6 +3324,35 @@ resolved "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz#6013659736c9dbfccc96e8a9c2b3de317df39323" integrity sha512-XuySG1E38YScSJoMlqovLru4KTUNSjgVTIjyh7qMX6aNN5HY5Ct5LhRJdxO79JtTzKfzV/bnWpz+zquYrISsvw== +"@oozcitak/dom@1.15.10": + version "1.15.10" + resolved "https://registry.yarnpkg.com/@oozcitak/dom/-/dom-1.15.10.tgz#dca7289f2b292cff2a901ea4fbbcc0a1ab0b05c2" + integrity sha512-0JT29/LaxVgRcGKvHmSrUTEvZ8BXvZhGl2LASRUgHqDTC1M5g1pLmVv56IYNyt3bG2CUjDkc67wnyZC14pbQrQ== + dependencies: + "@oozcitak/infra" "1.0.8" + "@oozcitak/url" "1.0.4" + "@oozcitak/util" "8.3.8" + +"@oozcitak/infra@1.0.8": + version "1.0.8" + resolved "https://registry.yarnpkg.com/@oozcitak/infra/-/infra-1.0.8.tgz#b0b089421f7d0f6878687608301fbaba837a7d17" + integrity sha512-JRAUc9VR6IGHOL7OGF+yrvs0LO8SlqGnPAMqyzOuFZPSZSXI7Xf2O9+awQPSMXgIWGtgUf/dA6Hs6X6ySEaWTg== + dependencies: + "@oozcitak/util" "8.3.8" + +"@oozcitak/url@1.0.4": + version "1.0.4" + resolved "https://registry.yarnpkg.com/@oozcitak/url/-/url-1.0.4.tgz#ca8b1c876319cf5a648dfa1123600a6aa5cda6ba" + integrity sha512-kDcD8y+y3FCSOvnBI6HJgl00viO/nGbQoCINmQ0h98OhnGITrWR3bOGfwYCthgcrV8AnTJz8MzslTQbC3SOAmw== + dependencies: + "@oozcitak/infra" "1.0.8" + "@oozcitak/util" "8.3.8" + +"@oozcitak/util@8.3.8": + version "8.3.8" + resolved "https://registry.yarnpkg.com/@oozcitak/util/-/util-8.3.8.tgz#10f65fe1891fd8cde4957360835e78fd1936bfdd" + integrity sha512-T8TbSnGsxo6TDBJx/Sgv/BlVJL3tshxZP7Aq5R1mSnM5OcHY2dQaxLMu2+E8u3gN0MLOzdjurqN4ZRVuzQycOQ== + "@pkgjs/parseargs@^0.11.0": version "0.11.0" resolved "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz#a77ea742fab25775145434eb1d2328cf5013ac33" @@ -5807,6 +5865,16 @@ aggregate-error@^3.0.0, aggregate-error@^3.1.0: clean-stack "^2.0.0" indent-string "^4.0.0" +ajv-formats-draft2019@^1.6.1: + version "1.6.1" + resolved "https://registry.yarnpkg.com/ajv-formats-draft2019/-/ajv-formats-draft2019-1.6.1.tgz#6affe2220e7828360793776f1976de0420acccfb" + integrity sha512-JQPvavpkWDvIsBp2Z33UkYCtXCSpW4HD3tAZ+oL4iEFOk9obQZffx0yANwECt6vzr6ET+7HN5czRyqXbnq/u0Q== + dependencies: + punycode "^2.1.1" + schemes "^1.4.0" + smtp-address-parser "^1.0.3" + uri-js "^4.4.1" + ajv-formats@2.1.1, ajv-formats@^2.1.1: version "2.1.1" resolved "https://registry.npmjs.org/ajv-formats/-/ajv-formats-2.1.1.tgz#6e669400659eb74973bbf2e33327180a0996b520" @@ -5814,6 +5882,13 @@ ajv-formats@2.1.1, ajv-formats@^2.1.1: dependencies: ajv "^8.0.0" +ajv-formats@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/ajv-formats/-/ajv-formats-3.0.1.tgz#3d5dc762bca17679c3c2ea7e90ad6b7532309578" + integrity sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ== + dependencies: + ajv "^8.0.0" + ajv-keywords@^3.4.1, ajv-keywords@^3.5.2: version "3.5.2" resolved "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz#31f29da5ab6e00d1c2d329acf7b5929614d5014d" @@ -5846,6 +5921,16 @@ ajv@^6.12.2, ajv@^6.12.3, ajv@^6.12.4, ajv@^6.12.5: json-schema-traverse "^0.4.1" uri-js "^4.2.2" +ajv@^8.12.0: + version "8.17.1" + resolved "https://registry.yarnpkg.com/ajv/-/ajv-8.17.1.tgz#37d9a5c776af6bc92d7f4f9510eba4c0a60d11a6" + integrity sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g== + dependencies: + fast-deep-equal "^3.1.3" + fast-uri "^3.0.1" + json-schema-traverse "^1.0.0" + require-from-string "^2.0.2" + amdefine@^0.0.4: version "0.0.4" resolved "https://registry.npmjs.org/amdefine/-/amdefine-0.0.4.tgz#510e24a0f231314e1105b9c747e79aaed694a0e9" @@ -6050,7 +6135,7 @@ append-field@^1.0.0: resolved "https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz#1e3440e915f0b1203d23748e78edd7b9b5b43e56" integrity sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw== -aproba@2.0.0: +aproba@2.0.0, "aproba@^1.0.3 || ^2.0.0": version "2.0.0" resolved "https://registry.yarnpkg.com/aproba/-/aproba-2.0.0.tgz#52520b8ae5b569215b354efc0caa3fe1e45a8adc" integrity sha512-lYe4Gx7QT+MKGbDsA+Z+he/Wtef0BiwDOlK/XkBrdfsh9J/jPPXbX0tE9x9cl27Tmu5gg3QUbUrQYa/y+KOHPQ== @@ -6067,6 +6152,14 @@ archive-type@^4.0.0: dependencies: file-type "^4.2.0" +are-we-there-yet@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/are-we-there-yet/-/are-we-there-yet-2.0.0.tgz#372e0e7bd279d8e94c653aaa1f67200884bf3e1c" + integrity sha512-Ci/qENmwHnsYo9xKIcUJN5LeDKdJ6R1Z1j9V/J5wyq8nh/mYPEpIKJbBZXtZjG04HiK7zV/p6Vs9952MrMeUIw== + dependencies: + delegates "^1.0.0" + readable-stream "^3.6.0" + arg@^5.0.2: version "5.0.2" resolved "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz#c81433cc427c92c4dcf4865142dbca6f15acd59c" @@ -6671,7 +6764,7 @@ binary-extensions@^2.0.0: resolved "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz#f6e14a97858d327252200242d4ccfe522c445522" integrity sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw== -bindings@^1.5.0: +bindings@^1.5.0, bindings@~1.5.0: version "1.5.0" resolved "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz#10353c9e945334bc0511a6d90b38fbc7c9c504df" integrity sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ== @@ -7577,7 +7670,7 @@ color-string@^1.6.0: color-name "^1.0.0" simple-swizzle "^0.2.2" -color-support@1.1.3: +color-support@1.1.3, color-support@^1.1.2: version "1.1.3" resolved "https://registry.yarnpkg.com/color-support/-/color-support-1.1.3.tgz#93834379a1cc9a0c61f82f52f0d04322251bd5a2" integrity sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg== @@ -7662,7 +7755,7 @@ commander@^10.0.0: resolved "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz#881ee46b4f77d1c1dccc5823433aa39b022cbe06" integrity sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug== -commander@^2.20.0, commander@^2.20.3, commander@^2.8.1: +commander@^2.19.0, commander@^2.20.0, commander@^2.20.3, commander@^2.8.1: version "2.20.3" resolved "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz#fd485e84c03eb4881c20722ba48035e8531aeb33" integrity sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ== @@ -7820,7 +7913,7 @@ console-browserify@^1.2.0: resolved "https://registry.npmjs.org/console-browserify/-/console-browserify-1.2.0.tgz#67063cef57ceb6cf4993a2ab3a55840ae8c49336" integrity sha512-ZMkYO/LkF17QvCPqM0gxw8yUzigAOZOSWSHg91FH6orS7vcEj5dVZTidN2fQ14yBSdg97RqhSNwLUXInd52OTA== -console-control-strings@^1.1.0: +console-control-strings@^1.0.0, console-control-strings@^1.1.0: version "1.1.0" resolved "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz#3d7cf4464db6446ea644bf4b39507f9851008e8e" integrity sha512-ty/fTekppD2fIwRvnZAVdeOiGd1c7YXEixbgJTNzqcxJWKQnjJ/V1bNEEE6hygpM3WjwHFUVK6HTjWSzV4a8sQ== @@ -8951,6 +9044,11 @@ delayed-stream@~1.0.0: resolved "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619" integrity sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ== +delegates@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/delegates/-/delegates-1.0.0.tgz#84c6e159b81904fdca59a0ef44cd870d31250f9a" + integrity sha512-bd2L678uiWATM6m5Z1VzNCErI3jiGzt6HGY8OVICs40JQq/HALfbyNJmp0UDakEY4pMMaN0Ly5om/B1VI/+xfQ== + depd@2.0.0, depd@~2.0.0: version "2.0.0" resolved "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz#b696163cc757560d09cf22cc8fad1571b79e76df" @@ -8991,6 +9089,11 @@ detect-indent@^5.0.0: resolved "https://registry.npmjs.org/detect-indent/-/detect-indent-5.0.0.tgz#3871cc0a6a002e8c3e5b3cf7f336264675f06b9d" integrity sha512-rlpvsxUtM0PQvy9iZe640/IWwWYyBsTApREbA1pHOpmOUIl9MkP/U4z7vTtg4Oaojvqhxt7sdufnT0EzGaR31g== +detect-libc@^2.0.0: + version "2.0.3" + resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-2.0.3.tgz#f0cd503b40f9939b894697d19ad50895e30cf700" + integrity sha512-bwy0MGW55bG41VqxxypOsdSdGqLwXPI/focwgTYCFMbdUiBAxLg9CFzG08sz2aqzknwiX7Hkl0bQENjg8iLByw== + detect-newline@^3.0.0: version "3.1.0" resolved "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz#576f5dfc63ae1a192ff192d8ad3af6308991b651" @@ -9060,6 +9163,11 @@ dir-glob@^3.0.1: dependencies: path-type "^4.0.0" +discontinuous-range@1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/discontinuous-range/-/discontinuous-range-1.0.0.tgz#e38331f0844bba49b9a9cb71c771585aab1bc65a" + integrity sha512-c68LpLbO+7kP/b1Hr1qs8/BJ09F5khZGTxqxZuhzxpmwJKOgRFHJWIb9/KmqnqHhLdO55aOxFH/EGBvUQbL/RQ== + dlv@^1.1.3: version "1.1.3" resolved "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz#5c198a8a11453596e751494d49874bc7732f2e79" @@ -10238,7 +10346,7 @@ extend-shallow@^3.0.0, extend-shallow@^3.0.2: assign-symbols "^1.0.0" is-extendable "^1.0.1" -extend@~3.0.2: +extend@^3.0.0, extend@~3.0.2: version "3.0.2" resolved "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa" integrity sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g== @@ -10338,6 +10446,11 @@ fast-safe-stringify@2.1.1, fast-safe-stringify@^2.1.1: resolved "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz#c406a83b6e70d9e35ce3b30a81141df30aeba884" integrity sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA== +fast-uri@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/fast-uri/-/fast-uri-3.0.1.tgz#cddd2eecfc83a71c1be2cc2ef2061331be8a7134" + integrity sha512-MWipKbbYiYI0UC7cl8m/i/IWTqfC8YXsqjzybjddLsFjStroQzsHXkc73JutMvBiXmOvapk+axIl79ig5t55Bw== + fast-xml-parser@4.4.1, fast-xml-parser@^4.2.0: version "4.4.1" resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-4.4.1.tgz#86dbf3f18edf8739326447bcaac31b4ae7f6514f" @@ -10842,6 +10955,21 @@ functions-have-names@^1.2.3: resolved "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.3.tgz#0404fe4ee2ba2f607f0e0ec3c80bae994133b834" integrity sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ== +gauge@^3.0.0: + version "3.0.2" + resolved "https://registry.yarnpkg.com/gauge/-/gauge-3.0.2.tgz#03bf4441c044383908bcfa0656ad91803259b395" + integrity sha512-+5J6MS/5XksCuXq++uFRsnUd7Ovu1XenbeuIuNRJxYWjgQbPuFhT14lAvsWfqfAmnwluf1OwMjz39HjfLPci0Q== + dependencies: + aproba "^1.0.3 || ^2.0.0" + color-support "^1.1.2" + console-control-strings "^1.0.0" + has-unicode "^2.0.1" + object-assign "^4.1.1" + signal-exit "^3.0.0" + string-width "^4.2.3" + strip-ansi "^6.0.1" + wide-align "^1.1.2" + gensync@^1.0.0-beta.2: version "1.0.0-beta.2" resolved "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz#32a6ee76c3d7f52d46b2b1ae5d93fea8580a25e0" @@ -11337,7 +11465,7 @@ has-tostringtag@^1.0.0, has-tostringtag@^1.0.2: dependencies: has-symbols "^1.0.3" -has-unicode@2.0.1: +has-unicode@2.0.1, has-unicode@^2.0.1: version "2.0.1" resolved "https://registry.npmjs.org/has-unicode/-/has-unicode-2.0.1.tgz#e0e6fe6a28cf51138855e086d1691e771de2a8b9" integrity sha512-8Rf9Y83NBReMnx0gFzA8JImQACstCYWUplepDa9xprwwtmgEZUF0h/i5xSA625zB/I37EtrswSST6OXxwaaIJQ== @@ -13424,14 +13552,7 @@ js-tokens@^3.0.2: resolved "https://registry.npmjs.org/js-tokens/-/js-tokens-3.0.2.tgz#9866df395102130e38f7f996bceb65443209c25b" integrity sha512-RjTcuD4xjtthQkaWH7dFlH85L+QaVtSoOyGdZ3g6HFhS9dFNDfLyqgm2NFe2X6cQpeFmt0452FJjFG5UameExg== -js-yaml@4.1.0, js-yaml@^4.0.0, js-yaml@^4.1.0: - version "4.1.0" - resolved "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602" - integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA== - dependencies: - argparse "^2.0.1" - -js-yaml@^3.10.0, js-yaml@^3.13.1, js-yaml@^3.14.1: +js-yaml@3.14.1, js-yaml@^3.10.0, js-yaml@^3.13.1, js-yaml@^3.14.1: version "3.14.1" resolved "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz#dae812fdb3825fa306609a8717383c50c36a0537" integrity sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g== @@ -13439,6 +13560,13 @@ js-yaml@^3.10.0, js-yaml@^3.13.1, js-yaml@^3.14.1: argparse "^1.0.7" esprima "^4.0.0" +js-yaml@4.1.0, js-yaml@^4.0.0, js-yaml@^4.1.0: + version "4.1.0" + resolved "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602" + integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA== + dependencies: + argparse "^2.0.1" + jsbn@1.1.0: version "1.1.0" resolved "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz#b01307cb29b618a1ed26ec79e911f803c4da0040" @@ -13979,6 +14107,15 @@ libphonenumber-js@^1.10.53: resolved "https://registry.npmjs.org/libphonenumber-js/-/libphonenumber-js-1.10.59.tgz#ece26801dcf11fe3f8265bbc01981d9d808f9e6c" integrity sha512-HeTsOrDF/hWhEiKqZVwg9Cqlep5x2T+IYDENvT2VRj3iX8JQ7Y+omENv+AIn0vC8m6GYhivfCed5Cgfw27r5SA== +"libxmljs2@^0.31 || ^0.32 || ^0.33": + version "0.33.0" + resolved "https://registry.yarnpkg.com/libxmljs2/-/libxmljs2-0.33.0.tgz#62f50e5d98af7e6f20d2b845c3d618f059d2a0c9" + integrity sha512-Hw74f2/3rbpxc6tkTqe3yrs4v2Tx0rEukrYxaNkXSVKK540i2eqlQxzf1jjG+RlwMuv66WxkkuZHM/OQq6km4w== + dependencies: + "@mapbox/node-pre-gyp" "^1.0.11" + bindings "~1.5.0" + nan "~2.18.0" + lilconfig@^2.0.3, lilconfig@^2.0.5, lilconfig@^2.0.6, lilconfig@^2.1.0: version "2.1.0" resolved "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz#78e23ac89ebb7e1bfbf25b18043de756548e7f52" @@ -14862,6 +14999,11 @@ moment@^2.22.1, moment@^2.29.1, moment@^2.29.4: resolved "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz#f8c91c07b7a786e30c59926df530b4eac96974ae" integrity sha512-uEmtNhbDOrWPFS+hdjFCBfy9f2YoyzRpwcl+DqpC6taX21FzsTLQVbMV/W7PzNSX6x/bhC1zA3c2UQ5NzH6how== +moo@^0.5.0: + version "0.5.2" + resolved "https://registry.yarnpkg.com/moo/-/moo-0.5.2.tgz#f9fe82473bc7c184b0d32e2215d3f6e67278733c" + integrity sha512-iSAJLHYKnX41mKcJKjqvnAN9sf0LMDTXDEvFv+ffuRR9a1MIuXLjMNL6EsnDHSkKLTWNqQQ5uo61P4EbU4NU+Q== + morgan@^1.10.0: version "1.10.0" resolved "https://registry.npmjs.org/morgan/-/morgan-1.10.0.tgz#091778abc1fc47cd3509824653dae1faab6b17d7" @@ -14949,6 +15091,11 @@ mz@^2.4.0, mz@^2.7.0: object-assign "^4.0.1" thenify-all "^1.0.0" +nan@~2.18.0: + version "2.18.0" + resolved "https://registry.yarnpkg.com/nan/-/nan-2.18.0.tgz#26a6faae7ffbeb293a39660e88a76b82e30b7554" + integrity sha512-W7tfG7vMOGtD30sHoZSSc/JVYiyDPEyQVso/Zz+/uQd0B0L46gtC+pHha5FFMRpil6fm/AoEcRWyOVi4+E/f8w== + nanoid@^2.1.0: version "2.1.11" resolved "https://registry.npmjs.org/nanoid/-/nanoid-2.1.11.tgz#ec24b8a758d591561531b4176a01e3ab4f0f0280" @@ -14986,6 +15133,16 @@ natural-compare@^1.4.0: resolved "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7" integrity sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw== +nearley@^2.20.1: + version "2.20.1" + resolved "https://registry.yarnpkg.com/nearley/-/nearley-2.20.1.tgz#246cd33eff0d012faf197ff6774d7ac78acdd474" + integrity sha512-+Mc8UaAebFzgV+KpI5n7DasuuQCHA89dmwm7JXw3TV43ukfNQ9DnBH3Mdb2g/I4Fdxc26pwimBWvjIw0UAILSQ== + dependencies: + commander "^2.19.0" + moo "^0.5.0" + railroad-diagrams "^1.0.0" + randexp "0.4.6" + negotiator@0.6.3, negotiator@^0.6.3: version "0.6.3" resolved "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz#58e323a72fedc0d6f9cd4d31fe49f51479590ccd" @@ -15165,6 +15322,13 @@ nopt@1.0.10: dependencies: abbrev "1" +nopt@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/nopt/-/nopt-5.0.0.tgz#530942bb58a512fccafe53fe210f13a25355dc88" + integrity sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ== + dependencies: + abbrev "1" + nopt@^7.0.0, nopt@^7.2.0: version "7.2.0" resolved "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz#067378c68116f602f552876194fd11f1292503d7" @@ -15340,6 +15504,16 @@ npm-run-path@^4.0.0, npm-run-path@^4.0.1: dependencies: path-key "^3.0.0" +npmlog@^5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/npmlog/-/npmlog-5.0.1.tgz#f06678e80e29419ad67ab964e0fa69959c1eb8b0" + integrity sha512-AqZtDUWOMKs1G/8lwylVjrdYgqA4d9nu8hc+0gzRxlDb1I10+FHBGMXs6aiQHFdCUUlqH99MUMuLfzWDNDtfxw== + dependencies: + are-we-there-yet "^2.0.0" + console-control-strings "^1.1.0" + gauge "^3.0.0" + set-blocking "^2.0.0" + nth-check@^1.0.2: version "1.0.2" resolved "https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz#b2bd295c37e3dd58a3bf0700376663ba4d9cf05c" @@ -15866,6 +16040,11 @@ package-json-from-dist@^1.0.0: resolved "https://registry.yarnpkg.com/package-json-from-dist/-/package-json-from-dist-1.0.0.tgz#e501cd3094b278495eb4258d4c9f6d5ac3019f00" integrity sha512-dATvCeZN/8wQsGywez1mzHtTlP22H8OEfPrVMLNr4/eGa+ijtLn/6M5f0dY8UKNrC2O9UCU6SSoG3qRKnt7STw== +"packageurl-js@>=0.0.6 <0.0.8 || ^1": + version "1.2.1" + resolved "https://registry.yarnpkg.com/packageurl-js/-/packageurl-js-1.2.1.tgz#53538f19eb27e0039280b6001baad305670da16f" + integrity sha512-cZ6/MzuXaoFd16/k0WnwtI298UCaDHe/XlSh85SeOKbGZ1hq0xvNbx3ILyCMyk7uFQxl6scF3Aucj6/EO9NwcA== + pacote@^18.0.0, pacote@^18.0.6: version "18.0.6" resolved "https://registry.yarnpkg.com/pacote/-/pacote-18.0.6.tgz#ac28495e24f4cf802ef911d792335e378e86fac7" @@ -16925,7 +17104,7 @@ pretty@2.0.0, pretty@^2.0.0: extend-shallow "^2.0.1" js-beautify "^1.6.12" -prismjs@1.29.0, prismjs@^1.23.0, prismjs@^1.29.0: +prismjs@^1.23.0, prismjs@^1.29.0: version "1.29.0" resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.29.0.tgz#f113555a8fa9b57c35e637bba27509dcf802dd12" integrity sha512-Kx/1w86q/epKcmte75LNrEoT+lX8pBpavuAbvJWRXar7Hz8jrtF+e3vY751p0R8H9HdArwaCTNDDzHg/ScJK1Q== @@ -17227,6 +17406,19 @@ quote-stream@^1.0.1, quote-stream@~1.0.2: minimist "^1.1.3" through2 "^2.0.0" +railroad-diagrams@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/railroad-diagrams/-/railroad-diagrams-1.0.0.tgz#eb7e6267548ddedfb899c1b90e57374559cddb7e" + integrity sha512-cz93DjNeLY0idrCNOH6PviZGRN9GJhsdm9hpn1YCS879fj4W+x5IFJhhkRZcwVgMmFF7R82UA/7Oh+R8lLZg6A== + +randexp@0.4.6: + version "0.4.6" + resolved "https://registry.yarnpkg.com/randexp/-/randexp-0.4.6.tgz#e986ad5e5e31dae13ddd6f7b3019aa7c87f60ca3" + integrity sha512-80WNmd9DA0tmZrw9qQa62GPPWfuXJknrmVmLcxvq4uZBdYqb1wYoKTmnlGUchvVWe0XiLupYkBoXVOxz3C8DYQ== + dependencies: + discontinuous-range "1.0.0" + ret "~0.1.10" + random-bytes@~1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz#4f68a1dc0ae58bd3fb95848c30324db75d64360b" @@ -17910,6 +18102,13 @@ schema-utils@^4.0.0: ajv-formats "^2.1.1" ajv-keywords "^5.1.0" +schemes@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/schemes/-/schemes-1.4.0.tgz#9d03302275e562488dd3afa7b654ed42e00569ec" + integrity sha512-ImFy9FbCsQlVgnE3TCWmLPCFnVzx0lHL/l+umHplDqAKd0dzFpnS6lFZIpagBlYhKwzVmlV36ec0Y1XTu8JBAQ== + dependencies: + extend "^3.0.0" + search-query-parser@^1.5.5: version "1.6.0" resolved "https://registry.npmjs.org/search-query-parser/-/search-query-parser-1.6.0.tgz#d69ade33f3685cae25613a70189b7b18970b46f1" @@ -18283,6 +18482,13 @@ smart-buffer@^4.2.0: resolved "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz#6e1d71fa4f18c05f7d0ff216dd16a481d0e8d9ae" integrity sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg== +smtp-address-parser@^1.0.3: + version "1.1.0" + resolved "https://registry.yarnpkg.com/smtp-address-parser/-/smtp-address-parser-1.1.0.tgz#681a4cd27a2df5feb3c7425b235ac8f05ea34d49" + integrity sha512-Gz11jbNU0plrReU9Sj7fmshSBxxJ9ShdD2q4ktHIHo/rpTH6lFyQoYHYKINPJtPe8aHFnsbtW46Ls0tCCBsIZg== + dependencies: + nearley "^2.20.1" + snapdragon-node@^2.0.1: version "2.1.1" resolved "https://registry.npmjs.org/snapdragon-node/-/snapdragon-node-2.1.1.tgz#6c175f86ff14bdb0724563e8f3c1b021a286853b" @@ -18433,6 +18639,14 @@ spdx-expression-parse@^3.0.0: spdx-exceptions "^2.1.0" spdx-license-ids "^3.0.0" +"spdx-expression-parse@^3.0.1 || ^4": + version "4.0.0" + resolved "https://registry.yarnpkg.com/spdx-expression-parse/-/spdx-expression-parse-4.0.0.tgz#a23af9f3132115465dac215c099303e4ceac5794" + integrity sha512-Clya5JIij/7C6bRR22+tnGXbc4VKlibKSVj2iHvVeX5iMW7s1SIQlqu699JkODJJIhh/pUu8L0/VLh8xflD+LQ== + dependencies: + spdx-exceptions "^2.1.0" + spdx-license-ids "^3.0.0" + spdx-license-ids@^3.0.0: version "3.0.17" resolved "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz#887da8aa73218e51a1d917502d79863161a93f9c" @@ -19986,7 +20200,7 @@ update-browserslist-db@^1.0.13: escalade "^3.1.1" picocolors "^1.0.0" -uri-js@^4.2.2: +uri-js@^4.2.2, uri-js@^4.4.1: version "4.4.1" resolved "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz#9b1a52595225859e55f669d928f88c6c57f2a77e" integrity sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg== @@ -20670,7 +20884,7 @@ which@^4.0.0: dependencies: isexe "^3.1.1" -wide-align@1.1.5: +wide-align@1.1.5, wide-align@^1.1.2: version "1.1.5" resolved "https://registry.yarnpkg.com/wide-align/-/wide-align-1.1.5.tgz#df1d4c206854369ecf3c9a4898f1b23fbd9d15d3" integrity sha512-eDMORYaPNZ4sQIuuYPDHdQvf4gyCF9rEEV/yPxGfwPkRodwEgiMUUXTx/dex+Me0wxx53S+NgUHaP7y3MGlDmg== @@ -20908,6 +21122,16 @@ xml2js@^0.6.0: sax ">=0.6.0" xmlbuilder "~11.0.0" +xmlbuilder2@^3.0.2: + version "3.1.1" + resolved "https://registry.yarnpkg.com/xmlbuilder2/-/xmlbuilder2-3.1.1.tgz#b977ef8a6fb27a1ea7ffa7d850d2c007ff343bc0" + integrity sha512-WCSfbfZnQDdLQLiMdGUQpMxxckeQ4oZNMNhLVkcekTu7xhD4tuUDyAPoY8CwXvBYE6LwBHd6QW2WZXlOWr1vCw== + dependencies: + "@oozcitak/dom" "1.15.10" + "@oozcitak/infra" "1.0.8" + "@oozcitak/util" "8.3.8" + js-yaml "3.14.1" + xmlbuilder@~11.0.0: version "11.0.1" resolved "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz#be9bae1c8a046e76b31127726347d0ad7002beb3" From a3bbaeba9140c8dd412e2b19d16eff8ee681a9b6 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 8 Aug 2024 09:16:01 -0400 Subject: [PATCH 33/61] CWE tag fix Signed-off-by: Charles Hu --- libs/hdf-converters/src/cyclonedx-sbom-mapper.ts | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index f5f0a8fcca..8eb2012c09 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -5,6 +5,7 @@ import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; import {getCCIsForNISTTags} from './utils/global'; import {RatingRepository} from '@cyclonedx/cyclonedx-library/dist.d/models/vulnerability'; +import {CweRepository} from '@cyclonedx/cyclonedx-library/dist.d/types'; const CWE_NIST_MAPPING = new CweNistMapping(); const DEFAULT_NIST_TAG = ['SI-2', 'RA-5']; @@ -18,16 +19,11 @@ const IMPACT_MAPPING: Map = new Map([ ['unknown', 0.0] ]); -function formatCWETags(input: number[], addPrefix = true): string[] { - const stringifiedCWE: string[] = []; - for (const cwe of input) { - const cweTag = addPrefix ? `CWE-${cwe}` : `${cwe}`; - stringifiedCWE.push(cweTag); - } - return stringifiedCWE; +function formatCWETags(input: CweRepository, addPrefix = true): string[] { + return [...input].map((cwe) => (addPrefix ? `CWE-${cwe}` : `${cwe}`)); } -function getNISTTags(input: number[]): string[] { +function getNISTTags(input: CweRepository): string[] { return CWE_NIST_MAPPING.nistFilter( formatCWETags(input, false), DEFAULT_NIST_TAG @@ -286,7 +282,7 @@ export class CycloneDXSBOMMapper extends BaseConverter { }, cci: { path: 'cwes', - transformer: (input: number[]): string[] => + transformer: (input: CweRepository): string[] => getCCIsForNISTTags(getNISTTags(input)) }, cwe: {path: 'cwes', transformer: formatCWETags} From 9c4677e6f3ae091f3c1b66ac4d606598ad454105 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 8 Aug 2024 09:20:25 -0400 Subject: [PATCH 34/61] Linting Signed-off-by: Charles Hu --- libs/hdf-converters/src/cyclonedx-sbom-mapper.ts | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 8eb2012c09..4779260f0b 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -6,6 +6,7 @@ import {CweNistMapping} from './mappings/CweNistMapping'; import {getCCIsForNISTTags} from './utils/global'; import {RatingRepository} from '@cyclonedx/cyclonedx-library/dist.d/models/vulnerability'; import {CweRepository} from '@cyclonedx/cyclonedx-library/dist.d/types'; +import {Severity} from '@cyclonedx/cyclonedx-library/dist.d/enums/vulnerability'; const CWE_NIST_MAPPING = new CweNistMapping(); const DEFAULT_NIST_TAG = ['SI-2', 'RA-5']; @@ -40,12 +41,10 @@ function aggregateImpact(ratings: RatingRepository): number { impact = rating.score / 10 > impact ? rating.score / 10 : impact; } else { // Else interpret it from `severity` field - if (rating.severity) { - const severity = IMPACT_MAPPING.get( - rating.severity.toLowerCase() - ) as number; - impact = severity > impact ? severity : impact; - } + const severity = IMPACT_MAPPING.get( + (rating.severity as Severity).toLowerCase() + ) as number; + impact = severity > impact ? severity : impact; } } return impact; From 2c581f612d15f88761cfb16527180ef95562a64e Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 8 Aug 2024 12:02:31 -0400 Subject: [PATCH 35/61] Typing Signed-off-by: Charles Hu --- libs/hdf-converters/README.md | 24 +- .../sbom-dropwizard-vex-hdf-withraw.json | 522 - .../sbom-dropwizard-vulns-hdf-withraw.json | 1607 +- .../sbom-saf-hdf-withraw.json | 81166 ++++++++-------- .../sbom-vex-hdf-withraw.json | 6 - .../src/cyclonedx-sbom-mapper.ts | 216 +- 6 files changed, 40866 insertions(+), 42675 deletions(-) diff --git a/libs/hdf-converters/README.md b/libs/hdf-converters/README.md index 0afc6df5f1..52fc2eb933 100644 --- a/libs/hdf-converters/README.md +++ b/libs/hdf-converters/README.md @@ -11,18 +11,18 @@ OHDF Converters supplies several methods to convert various types of security to 4. [**caat-mapper**] - Compliance Assessment and Audit Tracking (CAAT) file 5. [**checklist-mapper**] - Checlist Mapper format 6. [**conveyor-mapper**] - Conveyor JSON file -7. [**dbprotect-mapper**] - DBProtect report in "Check Results Details" XML format -8. [**fortify-mapper**] - Fortify results FVDL file -9. [**gosec-mapper**] - gosec results JSON file -10. [**ionchannel-mapper**] - SBOM data from Ion Channel -11. [**jfrog-xray-mapper**] - JFrog Xray results JSON file -12. [**msft-secure-mapper**] - Microsoft Secure Score results file -13. [**nessus-mapper**] - Nessus XML results file -14. [**netsparker-mapper**] - Netsparker XML results file -15. [**nikto-mapper**] - Nikto results JSON file -16. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file -17. [**sarif-mapper**] - SARIF JSON file -18. [**cyclonedx-sbom-mapper**] - CycloneDX SBOM JSON file +7. [**cyclonedx-sbom-mapper**] - CycloneDX SBOM JSON file +8. [**dbprotect-mapper**] - DBProtect report in "Check Results Details" XML format +9. [**fortify-mapper**] - Fortify results FVDL file +10. [**gosec-mapper**] - gosec results JSON file +11. [**ionchannel-mapper**] - SBOM data from Ion Channel +12. [**jfrog-xray-mapper**] - JFrog Xray results JSON file +13. [**msft-secure-mapper**] - Microsoft Secure Score results file +14. [**nessus-mapper**] - Nessus XML results file +15. [**netsparker-mapper**] - Netsparker XML results file +16. [**nikto-mapper**] - Nikto results JSON file +17. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file +18. [**sarif-mapper**] - SARIF JSON file 19. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object 20. [**snyk-mapper**] - Snyk results JSON file 21. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index 05e3b5a838..f62531dd92 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -4120,12 +4120,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4156,12 +4150,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4191,12 +4179,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4226,12 +4208,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4261,12 +4237,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4296,12 +4266,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4331,12 +4295,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4366,12 +4324,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4401,12 +4353,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4436,12 +4382,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4471,12 +4411,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4506,12 +4440,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4541,12 +4469,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4576,12 +4498,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4611,12 +4527,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4646,12 +4556,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4681,12 +4585,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4716,12 +4614,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4751,12 +4643,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4786,12 +4672,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4821,12 +4701,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4856,12 +4730,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4892,12 +4760,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4927,12 +4789,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4962,12 +4818,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -4997,12 +4847,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5032,12 +4876,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5067,12 +4905,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5102,12 +4934,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5137,12 +4963,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5172,12 +4992,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5207,12 +5021,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5242,12 +5050,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5277,12 +5079,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5312,12 +5108,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5347,12 +5137,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5382,12 +5166,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5418,12 +5196,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5454,12 +5226,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5489,12 +5255,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5524,12 +5284,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5559,12 +5313,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5594,12 +5342,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5630,12 +5372,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5665,12 +5401,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5700,12 +5430,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5735,12 +5459,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5770,12 +5488,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5806,12 +5518,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5842,12 +5548,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5878,12 +5578,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5914,12 +5608,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5950,12 +5638,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -5986,12 +5668,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6022,12 +5698,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6057,12 +5727,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6092,12 +5756,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6127,12 +5785,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6162,12 +5814,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6197,12 +5843,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6234,12 +5874,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6269,12 +5903,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6305,12 +5933,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6340,12 +5962,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6375,12 +5991,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6410,12 +6020,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6447,12 +6051,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6482,12 +6080,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6517,12 +6109,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6552,12 +6138,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6588,12 +6168,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6615,12 +6189,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6643,12 +6211,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6678,12 +6240,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6713,12 +6269,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6748,12 +6298,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6783,12 +6327,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6818,12 +6356,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6854,12 +6386,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6889,12 +6415,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6924,12 +6444,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6959,12 +6473,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -6994,12 +6502,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -7029,12 +6531,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -7064,12 +6560,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -7099,12 +6589,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] }, { @@ -7134,12 +6618,6 @@ { "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } - ], - "affectedComponents": [ - { - "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name": "602de70a-7107-4ac8-9ad2-3c1c816892a7" - } ] } ] diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index 1b44af33c8..e87eea6038 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -14367,10 +14367,6 @@ "type": "vcs", "url": "https://github.com/rabbitmq/rabbitmq-java-client" } - ], - "affectingVulnerabilities": [ - "f987bc98-65f5-402b-8b39-7e8e3e730ebe", - "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a" ] }, { @@ -14806,10 +14802,6 @@ "type": "issue-tracker", "url": "https://github.com/raphw/byte-buddy/issues" } - ], - "affectingVulnerabilities": [ - "4ad3464b-09c7-40fa-ab51-754f3f196cd4", - "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" ] }, { @@ -15334,10 +15326,7 @@ } } ], - "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", - "affectingVulnerabilities": [ - "55ebe39e-12f6-4360-aeba-9913ef7efb68" - ] + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" }, { "type": "library", @@ -16085,11 +16074,7 @@ "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" } ], - "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", - "affectingVulnerabilities": [ - "f2fa9b19-418a-4901-9840-a8631227701e", - "00bc944f-fead-400b-8bbd-0c5b56ba2b14" - ] + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" }, { "type": "library", @@ -16419,10 +16404,6 @@ "type": "distribution", "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" } - ], - "affectingVulnerabilities": [ - "b7a12947-7a8d-4031-b59d-640d33dbad6a", - "bb03c210-ea12-450d-85df-17d81a75ede2" ] }, { @@ -16472,10 +16453,6 @@ "type": "vcs", "url": "https://github.com/h2database/h2database" } - ], - "affectingVulnerabilities": [ - "815a1358-2bd4-4028-bd3e-8219747c78f6", - "c8a50465-16df-44e0-84e9-7acff5870a51" ] }, { @@ -16638,10 +16615,6 @@ "type": "vcs", "url": "http://github.com/hibernate/hibernate-orm" } - ], - "affectingVulnerabilities": [ - "1f182b73-afb8-424c-8e08-533a0f702076", - "8ba20df5-3877-4825-a8f2-b52e2d2f86d8" ] }, { @@ -16990,10 +16963,6 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } - ], - "affectingVulnerabilities": [ - "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", - "affa7af3-427f-4223-8028-d9ac45e80e08" ] }, { @@ -17058,9 +17027,6 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } - ], - "affectingVulnerabilities": [ - "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9" ] }, { @@ -17125,10 +17091,6 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } - ], - "affectingVulnerabilities": [ - "c3fdf61d-7886-423b-8a29-b6ab6790c127", - "affa7af3-427f-4223-8028-d9ac45e80e08" ] }, { @@ -17189,9 +17151,6 @@ "type": "distribution", "url": "https://repository.apache.org/service/local/staging/deploy/maven2" } - ], - "affectingVulnerabilities": [ - "8c0002e8-9326-40f7-9209-51020755ff02" ] }, { @@ -17472,51 +17431,6 @@ "type": "distribution", "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" } - ], - "affectingVulnerabilities": [ - "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", - "f57dc81d-6b2d-4060-8c15-7613c1a37981", - "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", - "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", - "e5cba611-d1ce-48a5-8fc2-ac68ba133947", - "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", - "343cd240-f667-4770-aecf-ddc11f9d0172", - "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", - "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", - "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", - "97981cb2-9228-4b8b-a172-ad12f550a19f", - "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", - "7e3a7481-266e-4cb7-af3b-94dcaf462942", - "db7cfe67-0b1d-4504-af8b-da26e12af73a", - "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", - "c037af59-a132-4727-8cc3-c6095c490df7", - "0b8d112a-b683-414d-93b6-48fa2cabb7c9", - "e8b21aeb-ce1d-4df2-8102-577b813e712f", - "e141c668-bc18-4738-b3b6-e7ba1057d124", - "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", - "6af6635c-bedd-40e5-88b8-324d3a80a33e", - "3ad04380-a25c-41d8-8fad-259c2561795b", - "86f78c35-adfb-48e4-9428-88084373e1c0", - "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", - "00033bff-66dc-4a36-ab38-a10b0625409f", - "14e2856b-f78d-4a6d-99eb-470c8566df29", - "c224f923-be9a-4faa-a930-ef4db611bc2b", - "5201940b-1f04-4668-ae86-8261448d817d", - "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", - "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", - "950cff67-088e-4f41-9818-25943c9e17c0", - "53eda8c2-268a-4866-89ac-234bfe7f74ce", - "9edaa51d-929b-457e-aab5-0fffecdb4938", - "6d5189b4-d549-419a-b886-43a62cc43d40", - "135c6dab-529e-4855-ab72-a0138e2110c8", - "57f41366-73de-4a9c-ba15-4d09c9f60e33", - "ccd0ef88-c0fe-4a10-a648-c779ce82b888", - "726a055c-f364-4cb7-a75a-d3c541dad0fa", - "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", - "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", - "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", - "87742746-bd8b-423d-979d-d9aa81a8ccfd", - "5c0b94e1-0577-42c9-8028-f244d68f61da" ] }, { @@ -20403,10 +20317,6 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } - ], - "affectingVulnerabilities": [ - "c19b779d-2699-44de-a189-a0d18d8dc953", - "a2897b13-bdeb-4a6c-802e-abf09fef10a9" ] }, { @@ -20599,14 +20509,6 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } - ], - "affectingVulnerabilities": [ - "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", - "f32ca540-f068-4392-bea0-c0d7b050b7d1", - "6d35c4e5-f5ee-4572-af28-1ca71cf48158", - "d5c5815d-1742-46b6-953a-a4ed90fdd920", - "f6ff72c7-6603-4627-899d-658f8f7c5f23", - "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6" ] }, { @@ -20735,10 +20637,6 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } - ], - "affectingVulnerabilities": [ - "d8add710-4eed-448d-b198-ecff8ffe86ea", - "123b8eaf-5572-4945-975d-21ed3c2f101d" ] }, { @@ -20931,9 +20829,6 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } - ], - "affectingVulnerabilities": [ - "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442" ] }, { @@ -20998,9 +20893,6 @@ "type": "vcs", "url": "https://github.com/eclipse/jetty.project" } - ], - "affectingVulnerabilities": [ - "76910119-ee18-4144-855b-b2fdab20e33c" ] }, { @@ -21397,9 +21289,6 @@ "type": "vcs", "url": "http://github.com/junit-team/junit/tree/master" } - ], - "affectingVulnerabilities": [ - "499117ae-d134-4505-8674-ed498531e7a9" ] }, { @@ -21656,9 +21545,6 @@ "type": "issue-tracker", "url": "http://liquibase.jira.com/browse/CORE" } - ], - "affectingVulnerabilities": [ - "7b0674fc-e326-47d0-b34b-b5bfb523784b" ] }, { @@ -21879,9 +21765,6 @@ "type": "vcs", "url": "https://github.com/ceki/logback" } - ], - "affectingVulnerabilities": [ - "0d58391c-d0fe-4b46-8f8d-6a49db7fb354" ] }, { @@ -21939,10 +21822,6 @@ "type": "vcs", "url": "https://github.com/ceki/logback" } - ], - "affectingVulnerabilities": [ - "bdd3f85b-5284-4163-be5b-0dd84b9300ac", - "0d58391c-d0fe-4b46-8f8d-6a49db7fb354" ] }, { @@ -23168,16 +23047,6 @@ "type": "vcs", "url": "https://bitbucket.org/asomov/snakeyaml/src" } - ], - "affectingVulnerabilities": [ - "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", - "63a53dc7-5769-43dc-a053-50ccd5295d8b", - "5ab41975-23cc-45e0-9a13-be603ea00595", - "dff65990-715e-4f71-aace-60d4436af108", - "d55a9a55-cf82-483f-9a7c-8bf5395ce510", - "6c215a04-8ea0-421f-961b-d5cceb64fd13", - "38c08d91-3487-44c4-b258-d5a274a4ad05", - "da9ea5d3-a3c2-4d1b-8425-a799e47a804f" ] }, { @@ -24434,23 +24303,6 @@ { "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", - "group": "com.google.guava", - "name": "guava", - "version": "24.1.1-jre", - "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -24481,23 +24333,6 @@ { "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", - "group": "com.google.guava", - "name": "guava", - "version": "24.1.1-jre", - "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -24527,23 +24362,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -24573,23 +24391,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -24619,23 +24420,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -24665,23 +24449,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -24711,23 +24478,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -24757,23 +24507,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -24803,23 +24536,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -24849,23 +24565,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -24895,23 +24594,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -24941,23 +24623,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -24987,23 +24652,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25033,23 +24681,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25079,23 +24710,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25125,23 +24739,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25171,23 +24768,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25217,23 +24797,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25263,23 +24826,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25309,23 +24855,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25355,23 +24884,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25401,23 +24913,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25448,23 +24943,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25494,23 +24972,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25540,23 +25001,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25586,23 +25030,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25632,23 +25059,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25678,23 +25088,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25724,23 +25117,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25770,23 +25146,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25816,23 +25175,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25862,23 +25204,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25908,23 +25233,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -25954,23 +25262,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26000,23 +25291,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26046,23 +25320,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26092,23 +25349,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26139,23 +25379,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26186,23 +25409,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26232,23 +25438,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26278,23 +25467,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26324,23 +25496,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26370,23 +25525,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26417,23 +25555,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26463,23 +25584,6 @@ { "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", - "group": "com.fasterxml.jackson.core", - "name": "jackson-databind", - "version": "2.9.10", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26509,15 +25613,6 @@ { "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "group": "io.dropwizard", - "name": "dropwizard-validation", - "version": "1.3.15" - } ] }, { @@ -26547,15 +25642,6 @@ { "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", - "group": "io.dropwizard", - "name": "dropwizard-validation", - "version": "1.3.15" - } ] }, { @@ -26585,23 +25671,6 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26632,23 +25701,6 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26679,23 +25731,6 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26726,23 +25761,6 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26773,23 +25791,6 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26820,23 +25821,6 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26867,23 +25851,6 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26914,23 +25881,6 @@ { "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", - "group": "org.yaml", - "name": "snakeyaml", - "version": "1.23", - "description": "YAML 1.1 parser and emitter for Java", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -26960,24 +25910,6 @@ { "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "group": "ch.qos.logback", - "name": "logback-core", - "version": "1.2.3", - "description": "logback-core module", - "licenses": [ - { - "license": { - "id": "EPL-1.0", - "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" - } - } - ] - } ] }, { @@ -27007,24 +25939,6 @@ { "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", - "group": "ch.qos.logback", - "name": "logback-core", - "version": "1.2.3", - "description": "logback-core module", - "licenses": [ - { - "license": { - "id": "EPL-1.0", - "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" - } - } - ] - } ] }, { @@ -27054,24 +25968,6 @@ { "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", - "group": "ch.qos.logback", - "name": "logback-classic", - "version": "1.2.3", - "description": "logback-classic module", - "licenses": [ - { - "license": { - "id": "EPL-1.0", - "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" - } - } - ] - } ] }, { @@ -27101,23 +25997,6 @@ { "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -27147,23 +26026,6 @@ { "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -27195,23 +26057,6 @@ { "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -27241,23 +26086,6 @@ { "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -27288,23 +26116,6 @@ { "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -27334,23 +26145,6 @@ { "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", - "group": "org.eclipse.jetty", - "name": "jetty-server", - "version": "9.4.18.v20190429", - "description": "The core jetty server artifact.", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -27380,23 +26174,6 @@ { "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", - "group": "org.eclipse.jetty", - "name": "jetty-http", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -27426,23 +26203,6 @@ { "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", - "group": "org.eclipse.jetty", - "name": "jetty-http", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -27474,23 +26234,6 @@ { "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", - "group": "org.eclipse.jetty", - "name": "jetty-webapp", - "version": "9.4.18.v20190429", - "description": "Jetty web application support", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -27520,23 +26263,6 @@ { "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", - "group": "org.eclipse.jetty", - "name": "jetty-xml", - "version": "9.4.18.v20190429", - "description": "The jetty xml utilities.", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -27566,23 +26292,6 @@ { "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", - "group": "org.eclipse.jetty", - "name": "jetty-servlets", - "version": "9.4.18.v20190429", - "description": "Utility Servlets from Jetty", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -27612,23 +26321,6 @@ { "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", - "group": "org.eclipse.jetty", - "name": "jetty-servlets", - "version": "9.4.18.v20190429", - "description": "Utility Servlets from Jetty", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -27659,24 +26351,6 @@ { "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", - "group": "junit", - "name": "junit", - "version": "4.12", - "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", - "licenses": [ - { - "license": { - "id": "EPL-1.0", - "url": "http://www.eclipse.org/legal/epl-v10.html" - } - } - ] - } ] }, { @@ -27698,23 +26372,6 @@ { "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "group": "net.bytebuddy", - "name": "byte-buddy", - "version": "1.9.7", - "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -27737,23 +26394,6 @@ { "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", - "group": "net.bytebuddy", - "name": "byte-buddy", - "version": "1.9.7", - "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -27783,24 +26423,6 @@ { "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", - "group": "org.hibernate", - "name": "hibernate-core", - "version": "5.2.18.Final", - "description": "The core O/RM functionality as provided by Hibernate", - "licenses": [ - { - "license": { - "name": "GNU Lesser General Public License", - "url": "http://www.gnu.org/licenses/lgpl-2.1.html" - } - } - ] - } ] }, { @@ -27830,24 +26452,6 @@ { "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", - "group": "org.hibernate", - "name": "hibernate-core", - "version": "5.2.18.Final", - "description": "The core O/RM functionality as provided by Hibernate", - "licenses": [ - { - "license": { - "name": "GNU Lesser General Public License", - "url": "http://www.gnu.org/licenses/lgpl-2.1.html" - } - } - ] - } ] }, { @@ -27877,24 +26481,6 @@ { "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", - "group": "org.dom4j", - "name": "dom4j", - "version": "2.1.1", - "description": "flexible XML framework for Java", - "licenses": [ - { - "license": { - "name": "BSD 3-clause New License", - "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" - } - } - ] - } ] }, { @@ -27924,23 +26510,6 @@ { "ref": "893beba4-580b-4ada-a4cf-067fbe145507" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", - "group": "org.apache.httpcomponents", - "name": "httpclient", - "version": "4.5.7", - "description": "Apache HttpComponents Client", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -27970,23 +26539,6 @@ { "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", - "group": "org.liquibase", - "name": "liquibase-core", - "version": "3.6.3", - "description": "Liquibase is a tool for managing and executing database changes.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ] - } ] }, { @@ -28017,23 +26569,6 @@ { "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", - "group": "org.eclipse.jetty.http2", - "name": "http2-server", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -28063,23 +26598,6 @@ { "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", - "group": "org.eclipse.jetty.http2", - "name": "http2-server", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -28109,23 +26627,6 @@ { "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", - "group": "org.eclipse.jetty.http2", - "name": "http2-common", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -28155,23 +26656,6 @@ { "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", - "group": "org.eclipse.jetty.http2", - "name": "http2-common", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -28201,23 +26685,6 @@ { "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", - "group": "org.eclipse.jetty.http2", - "name": "http2-hpack", - "version": "9.4.18.v20190429", - "description": "The Eclipse Jetty Project", - "licenses": [ - { - "license": { - "id": "EPL-1.0" - } - } - ] - } ] }, { @@ -28247,23 +26714,6 @@ { "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", - "group": "com.rabbitmq", - "name": "amqp-client", - "version": "4.4.1", - "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", - "licenses": [ - { - "license": { - "id": "MPL-1.1" - } - } - ] - } ] }, { @@ -28293,23 +26743,6 @@ { "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", - "group": "com.rabbitmq", - "name": "amqp-client", - "version": "4.4.1", - "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", - "licenses": [ - { - "license": { - "id": "MPL-1.1" - } - } - ] - } ] }, { @@ -28339,24 +26772,6 @@ { "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", - "group": "com.h2database", - "name": "h2", - "version": "1.4.197", - "description": "H2 Database Engine", - "licenses": [ - { - "license": { - "name": "MPL 2.0 or EPL 1.0", - "url": "http://h2database.com/html/license.html" - } - } - ] - } ] }, { @@ -28386,24 +26801,6 @@ { "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" } - ], - "affectedComponents": [ - { - "type": "library", - "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", - "group": "com.h2database", - "name": "h2", - "version": "1.4.197", - "description": "H2 Database Engine", - "licenses": [ - { - "license": { - "name": "MPL 2.0 or EPL 1.0", - "url": "http://h2database.com/html/license.html" - } - } - ] - } ] } ] diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json index c7da01b309..994a103868 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json @@ -89112,6 +89112,871 @@ "name": "cdx:npm:package:path", "value": "node_modules/@aws-sdk/client-config-service" } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/token-providers" + } + ] + } ] }, { @@ -89162,25 +90027,77 @@ "name": "cdx:npm:package:path", "value": "node_modules/@aws-crypto/sha256-browser" } - ] - }, - { - "type": "library", - "name": "ie11-detection", - "group": "@aws-crypto", - "version": "3.0.0", - "bom-ref": "@aws-crypto/ie11-detection@3.0.0", - "author": "AWS Crypto Tools Team", - "description": "Provides functions and types for detecting if the host environment is IE11", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } ], - "purl": "pkg:npm/%40aws-crypto/ie11-detection@3.0.0", - "externalReferences": [ + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "ie11-detection", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions and types for detecting if the host environment is IE11", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/ie11-detection@3.0.0", + "externalReferences": [ { "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", "type": "vcs", @@ -89213,6 +90130,58 @@ "name": "cdx:npm:package:path", "value": "node_modules/@aws-crypto/ie11-detection" } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection/node_modules/tslib" + } + ] + } ] }, { @@ -89263,6 +90232,58 @@ "name": "cdx:npm:package:path", "value": "node_modules/@aws-crypto/sha256-js" } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js/node_modules/tslib" + } + ] + } ] }, { @@ -89314,6 +90335,58 @@ "name": "cdx:npm:package:path", "value": "node_modules/@aws-crypto/supports-web-crypto" } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib" + } + ] + } ] }, { @@ -89364,6 +90437,58 @@ "name": "cdx:npm:package:path", "value": "node_modules/@aws-crypto/util" } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/util@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util/node_modules/tslib" + } + ] + } ] }, { @@ -91882,164 +93007,1081 @@ "name": "cdx:npm:package:path", "value": "node_modules/@aws-sdk/client-securityhub" } - ] - }, - { - "type": "library", - "name": "xlsx", - "group": "@e965", - "version": "0.20.1", - "bom-ref": "@e965/xlsx@0.20.1", - "author": "sheetjs", - "description": "SheetJS Spreadsheet data parser and writer", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } ], - "purl": "pkg:npm/%40e965/xlsx@0.20.1", - "externalReferences": [ - { - "url": "git+https://github.com/e965/sheetjs-npm-publisher.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, + "components": [ { - "url": "https://sheetjs.com/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso-oidc" + } + ] }, { - "url": "https://git.sheetjs.com/SheetJS/sheetjs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sts" + } + ] }, { - "url": "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ { - "alg": "SHA-512", - "content": "cd1bfc34b0751fa6aa43266ddff80b8ddd31919b07fbf588462e181c0c359281123533cf9b35c96cfa8ed8730dec3641d6f9c5d5448ac50f59bd2d12f4baa66e" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@e965/xlsx" - } - ] - }, - { - "type": "library", - "name": "emass_client", - "group": "@mitre", - "version": "3.10.0", - "bom-ref": "@mitre/emass_client@3.10.0", - "author": "OpenAPI-Generator Contributors", - "description": "OpenAPI client for @mitre/emass_client", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40mitre/emass_client@3.10.0", - "externalReferences": [ - { - "url": "git+https://github.com/mitre/emass_client.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/core" + } + ] }, { - "url": "https://github.com/mitre/emass_client#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-node" + } + ] }, { - "url": "https://github.com/mitre/emass_client/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/middleware-user-agent" + } + ] }, { - "url": "https://registry.npmjs.org/@mitre/emass_client/-/emass_client-3.10.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ { - "alg": "SHA-512", - "content": "e10952e45a11106c15df5d35d150ad7a8e7d7a76cf08d11405e99a1331c422a5284f08bf4b64a4f7c4d429d31838c0a53f826d363e984cfaad76ae2fe821e705" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/emass_client" - } - ] - }, - { - "type": "library", - "name": "follow-redirects", - "version": "1.15.6", - "bom-ref": "follow-redirects@1.15.6", - "author": "Ruben Verborgh", - "description": "HTTP and HTTPS modules that follow redirects.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/follow-redirects@1.15.6", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/follow-redirects/follow-redirects.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/region-config-resolver" + } + ] }, { - "url": "https://github.com/follow-redirects/follow-redirects", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-endpoints" + } + ] }, { - "url": "https://github.com/follow-redirects/follow-redirects/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-user-agent-node" + } + ] }, { - "url": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ { - "alg": "SHA-512", - "content": "c1637ad9821311a3a948ae7ce0465725a7c7d401a93bc45580495f92e5db4ceacf5f87c87cec84a56fc2b2235df09758ac0a0ebda7d14ce127bec3befaa0aa14" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/follow-redirects" - } - ] - }, - { - "type": "library", - "name": "hdf-converters", - "group": "@mitre", + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/token-providers" + } + ] + } + ] + }, + { + "type": "library", + "name": "xlsx", + "group": "@e965", + "version": "0.20.1", + "bom-ref": "@e965/xlsx@0.20.1", + "author": "sheetjs", + "description": "SheetJS Spreadsheet data parser and writer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40e965/xlsx@0.20.1", + "externalReferences": [ + { + "url": "git+https://github.com/e965/sheetjs-npm-publisher.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://git.sheetjs.com/SheetJS/sheetjs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd1bfc34b0751fa6aa43266ddff80b8ddd31919b07fbf588462e181c0c359281123533cf9b35c96cfa8ed8730dec3641d6f9c5d5448ac50f59bd2d12f4baa66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@e965/xlsx" + } + ] + }, + { + "type": "library", + "name": "emass_client", + "group": "@mitre", + "version": "3.10.0", + "bom-ref": "@mitre/emass_client@3.10.0", + "author": "OpenAPI-Generator Contributors", + "description": "OpenAPI client for @mitre/emass_client", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/emass_client@3.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/emass_client.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/emass_client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/emass_client/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/emass_client/-/emass_client-3.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e10952e45a11106c15df5d35d150ad7a8e7d7a76cf08d11405e99a1331c422a5284f08bf4b64a4f7c4d429d31838c0a53f826d363e984cfaad76ae2fe821e705" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client" + } + ], + "components": [ + { + "type": "library", + "name": "axios", + "version": "0.21.4", + "bom-ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@0.21.4", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bade6f7b0922bbc8e318176aa4ce385f18ee0a3abd2c029e1d59a855f1d5cf2f1e1e0c71abc49b01540da2f0c0f26562d3990fd046bf9ff5337121dc4c941f36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client/node_modules/axios" + } + ] + } + ] + }, + { + "type": "library", + "name": "follow-redirects", + "version": "1.15.6", + "bom-ref": "follow-redirects@1.15.6", + "author": "Ruben Verborgh", + "description": "HTTP and HTTPS modules that follow redirects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/follow-redirects@1.15.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/follow-redirects/follow-redirects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1637ad9821311a3a948ae7ce0465725a7c7d401a93bc45580495f92e5db4ceacf5f87c87cec84a56fc2b2235df09758ac0a0ebda7d14ce127bec3befaa0aa14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/follow-redirects" + } + ] + }, + { + "type": "library", + "name": "hdf-converters", + "group": "@mitre", "version": "2.10.8", "bom-ref": "@mitre/hdf-converters@2.10.8", "description": "Converter util library used to transform various scan results into HDF format", @@ -93256,6 +95298,307 @@ "name": "cdx:npm:package:path", "value": "node_modules/log-symbols" } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "1.1.3", + "bom-ref": "log-symbols@1.0.2|chalk@1.1.3", + "description": "Terminal string styling done right. Much color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53795154b31296c09f8ea60f6cbc95bf5d4cf423d6e08ef6f1de9308a300389b9e11e07dffca3e792b0c9f13c90fe43e2bdd3db1d11283b0beb489281faa27d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "2.2.1", + "bom-ref": "log-symbols@1.0.2|ansi-styles@2.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "92609ebc582146258cec7079cd33d42e5e2bf5b5454968f3eb6321aa2cc3194aead8d5ae34c432bafe2d1c7a0a247b3af4cfcc17ae2511c1dd608a1cadd59060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "561ba64926c1a834cff29d992ca8f8d148c1095e3ebfc6d4484a546f82a34605a4f696ea185e111058fa2846a089d6f67ff33a0330b41261720cd19ac3d382ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "log-symbols@1.0.2|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "2.0.0", + "bom-ref": "log-symbols@1.0.2|supports-color@2.0.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28a355b5dea909880f20a538729dbbdf71d6602a6995085d7592c152bc9a007a2eef6df1f854734390dff36e058fe232cae8904d1a2e6f84a72057c872ba7bd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/supports-color" + } + ] + } ] }, { @@ -93306,6 +95649,58 @@ "name": "cdx:npm:package:path", "value": "node_modules/has-ansi" } + ], + "components": [ + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "has-ansi@2.0.0|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi/node_modules/ansi-regex" + } + ] + } ] }, { @@ -94802,6 +97197,58 @@ "name": "cdx:npm:package:path", "value": "node_modules/chokidar" } + ], + "components": [ + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "chokidar@3.5.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar/node_modules/glob-parent" + } + ] + } ] }, { @@ -94952,6 +97399,58 @@ "name": "cdx:npm:package:path", "value": "node_modules/fast-glob" } + ], + "components": [ + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob/node_modules/glob-parent" + } + ] + } ] }, { @@ -96050,6 +98549,58 @@ "name": "cdx:npm:package:path", "value": "node_modules/postcss-load-config" } + ], + "components": [ + { + "type": "library", + "name": "lilconfig", + "version": "3.1.1", + "bom-ref": "postcss-load-config@4.0.2|lilconfig@3.1.1", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5f297fb9f2bc74dc92e9cf5825755d4357535a62bb4d72d9bec04c9d29a6452493ca1ca95581ad88c9042c070e30ff65671fcab0343f880a8735868b910835" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config/node_modules/lilconfig" + } + ] + } ] }, { @@ -96100,6 +98651,58 @@ "name": "cdx:npm:package:path", "value": "node_modules/ts-node" } + ], + "components": [ + { + "type": "library", + "name": "arg", + "version": "4.1.3", + "bom-ref": "ts-node@10.9.2|arg@4.1.3", + "author": "Josh Junon", + "description": "Another simple argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@4.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c4bd403a86d17c76ed8c0f4adf5f2718af8d8978df6602c1f0cc7d9fbbd5102a52b65e7fb2eb2906772c72cec024b814b341a653f9df7671f3de5278e087bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node/node_modules/arg" + } + ] + } ] }, { @@ -96648,6 +99251,158 @@ "name": "cdx:npm:package:path", "value": "node_modules/sucrase" } + ], + "components": [ + { + "type": "library", + "name": "commander", + "version": "4.1.1", + "bom-ref": "sucrase@3.35.0|commander@4.1.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e2a6f31864cc08f3171f01dafe4e0074febb9a5141cd9409ad95abd8d82ffdf5a36c22f66c4103b2c816cdec5795520b8f73ea91217db3142ef4a12a3dba58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "sucrase@3.35.0|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "sucrase@3.35.0|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/minipass" + } + ] + } ] }, { @@ -96902,6 +99657,58 @@ "name": "cdx:npm:package:path", "value": "node_modules/foreground-child" } + ], + "components": [ + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "foreground-child@3.1.1|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child/node_modules/signal-exit" + } + ] + } ] }, { @@ -97053,6 +99860,308 @@ "name": "cdx:npm:package:path", "value": "node_modules/@isaacs/cliui" } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e72ce091def8dc63c6dea0d2ed723679fe7c67d9a7e6304ea586b0eb79ba24a8c6a9f976de5bc9fd4d7a4f0cea9d18ae6a708de84f418a4d6eb00bb10c895a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f5f03689b17494936fb8da9bfc98bb398c94f686a164144e23db5c0e9a06d4aac67684bef636c514efce60f515e0a37b3464d815978d93887a7766d3affd5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8aae9e55523ae274104d162ad8ab44836776b94ecb125853270b07e18cc81d9b21c658199acff021ce15a03413946fc8bd522b04a1b4e82ad99e9d2abfb86471" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f933ce797ca6f64ac7cc222145a15ac0047242f10b47c15c7e98758fdd0704a811d889e9e3e5d1d28236f1b42d161195d8b78c1c0faceb4049433e116e6607c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b22ed0588eb350cab9e9b11216f6a0b66ccc7463ada317d1f927b3d753286df73bb66f9591472493d6d6d9479f7d319551b3a4b31992c34000da0b3c83bd4d09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cdefdf2015f417faf8b0dd1ef2ac6591aa7acdda84641245238e5e09367e04f06c716e3b46dc56eb108218de5f3f86bc14c0878266f8b842e3933f8304ad5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-styles" + } + ] + } ] }, { @@ -97704,6 +100813,108 @@ "name": "cdx:npm:package:path", "value": "node_modules/path-scurry" } + ], + "components": [ + { + "type": "library", + "name": "lru-cache", + "version": "10.2.0", + "bom-ref": "path-scurry@1.10.2|lru-cache@10.2.0", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9b20cf31f9501fe894f86ca0258d2d6a51680cb2a6513c6252e8549a84830f56f72d70d872569ec026eeeabb1396f63c24af205178a658e6d639258bf69ffed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "path-scurry@1.10.2|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/minipass" + } + ] + } ] }, { @@ -98153,6 +101364,257 @@ "name": "cdx:npm:package:path", "value": "node_modules/tw-elements" } + ], + "components": [ + { + "type": "library", + "name": "tailwindcss", + "version": "3.3.0", + "bom-ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e5e5171f98724949f245e20807e4fc5332af83e6f5c938efb1b49bfbacdb7e3856e8f7e79229a040c1e5498602c4a94c19abfb86618f35b4e09b855e46ff7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "14.1.0", + "bom-ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@14.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e5c08f95826e1212539b1553e94c84fb494ed1dea9362fb3f276e31ca2489a54ab96bfd77f53e1a6fd001df0d0cbbb291359391cae339e0f63e9d6b31e0531b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "3.1.4", + "bom-ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e8388ce04eefe1ca13138bb303c53ffd686d3f0ca18a29b77b28c43050a7529cdbae42bdc091e02834f6991f876ed4ab77f36e6d56984cea52a63525f0d41e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "tw-elements@1.1.0|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.0", + "bom-ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0391a9aaacf7269010ec2e7faf40322bb6449b364bf9003fccdf6db24a8f64a85902218925ca6db11265a4c28f98dffa99a37e2dcc43cd530e32ef230276fe7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-nested" + } + ] + } ] }, { @@ -98950,6 +102412,107 @@ "name": "cdx:npm:package:path", "value": "node_modules/express" } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "express@4.19.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "express@4.19.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/ms" + } + ] + } ] }, { @@ -99001,1266 +102564,3360 @@ "name": "cdx:npm:package:path", "value": "node_modules/@mitre/inspec-objects" } - ] - }, - { - "type": "library", - "name": "flat", - "group": "@types", - "version": "5.0.5", - "bom-ref": "@types/flat@5.0.5", - "description": "TypeScript definitions for flat", - "licenses": [ - { - "license": { - "id": "MIT" - } - } ], - "purl": "pkg:npm/%40types/flat@5.0.5#types/flat", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/flat", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/flat", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "components": [ { - "url": "https://registry.npmjs.org/@types/flat/-/flat-5.0.5.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "fast-xml-parser", + "version": "3.21.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "author": "Amit Gupta", + "description": "Validate XML or Parse XML to JS/JSON very fast without C/C++ based libraries", + "licenses": [ { - "alg": "SHA-512", - "content": "9cf2e58d940a4a769ce77283503ceecdd45f188d130dbe6a3eb6fe4ab43237732d750ace9c6b0a9e21cdd62619b0910121542f7bde18ea0373db6b2021266af9" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/flat" - } - ] - }, - { - "type": "library", - "name": "he", - "group": "@types", - "version": "1.2.3", - "bom-ref": "@types/he@1.2.3", - "description": "TypeScript definitions for he", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/he@1.2.3#types/he", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/he", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/fast-xml-parser@3.21.1", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1531558d8a013994c97a4894b1ac06b12615f502f403ecc3602463ef2df820ee8983ed8831812d41af9b6e272da5da55f1d1f15f2c2a53b0b48110c4385b4116" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/fast-xml-parser" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/he", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "htmlparser2", + "version": "7.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@7.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fb308980e0c4ba730ee76f2511b4b3ced539acec2e47eb4d8b4444eff79cf53313bfec23fbac355139e85461e60151810e37de0d5d70c43e666eabe857e2ca2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/htmlparser2" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "domhandler", + "version": "4.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1abc28c5837eb969733bcba1517465d0ffa41c4e06b553df63354b714c4f2fb28d7472a3ebabef9618b07881ea6185d6970f93f222cca78d8b9baee0870e1631" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domhandler" + } + ] }, { - "url": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "domutils", + "version": "2.8.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ { - "alg": "SHA-512", - "content": "abaeffab09716e50f3103bf31e1564c1cd60cd55b168dc5ec87501178c4496bbe32f5d4ef98b737bed5f1a904796bfc7f66ca20546945cd9cd3e6047c717c070" + "license": { + "id": "BSD-2-Clause" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/he" - } - ] - }, - { - "type": "library", - "name": "json-diff", - "group": "@types", - "version": "0.7.0", - "bom-ref": "@types/json-diff@0.7.0", - "description": "TypeScript definitions for json-diff", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/json-diff@0.7.0#types/json-diff", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-diff", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/domutils@2.8.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de828e87e9ef63392088698e0a1b06299811fa0f8f1d55c740525fd3f7d1605d656d9620a5344f505dd24cf678d67d8a48ca8076c4c8ac7c041e87d4bde1dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domutils" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-diff", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "dom-serializer", + "version": "1.4.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@1.4.1", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-renderer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "547c01dca7eb70e3a47a5106d9939fc6a2d975f92297c3ed262e0ff0dd8c317b9c66adb22e9ef90a5562525395c32a071038d8538df702afb9cd63fad7e4466a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer" + } + ], + "components": [ + { + "type": "library", + "name": "entities", + "version": "2.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@2.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7dda27f9373eb5f48d30f9a909acb647d0c5f43dbe435f7f573b0413b5749d41039a607d374b5b88429e2684e66d017af1ab85623baed84e22c1a36eb7f28f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer/node_modules/entities" + } + ] + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "entities", + "version": "3.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a2c81aa8a26af031d146d5ed24aaf01261f9e56f4969f0ce68e45c36385ab584d671c5c364f089345e6ecbc73061ba2767641fd4b41a950a0533de404e3f9d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/entities" + } + ] }, { - "url": "https://registry.npmjs.org/@types/json-diff/-/json-diff-0.7.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ { - "alg": "SHA-512", - "content": "db4209aaea461f2c2d21a13a7d2df48b2821ddd56a55dce6b27ad89ff545b916902b12f1fd1187e4af618427dcb55c6037b2b32659c3ee060500eacdc220a0b4" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/json-diff" - } - ] - }, - { - "type": "library", - "name": "jstoxml", - "group": "@types", - "version": "2.0.4", - "bom-ref": "@types/jstoxml@2.0.4", - "description": "TypeScript definitions for jstoxml", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/jstoxml@2.0.4#types/jstoxml", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jstoxml", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/jest@28.1.3#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "378193e689fc5246601f43b92d46af3115751031213532f42847d198321e647495ee9d9780ba18f6df550d480bea8fb27dd8181d5c6ecfcd46f2807d546e6ec8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jstoxml", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "core", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@28.1.3#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "088281ae568a3b303b606d7d044a82c3748b22c1308d991e2737f96dda285675b86c7e5c92da9edc95fe1b6615d5a2b9bcff0df676b5206585cd8693a7a93a34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/core" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "console", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@28.1.3#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40f0243f913029d2bf6f122be82d48e15b34ae6da71e200dce3fd9e57d89424ad9a3a22abc2e25759f4af79b45d0776276103c068e9e8314b35053d829c1172f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/console" + } + ] }, { - "url": "https://registry.npmjs.org/@types/jstoxml/-/jstoxml-2.0.4.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "types", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "licenses": [ { - "alg": "SHA-512", - "content": "5c750ca76b7c09f254b0ab7caa396ca595a59157af785836785fe4455f022a2350f8577798991f7b12035ed6449c6ff868965109534d9f8eb335d75254850dd3" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/jstoxml" - } - ] - }, - { - "type": "library", - "name": "lodash", - "group": "@types", - "version": "4.17.4", - "bom-ref": "@types/lodash@4.17.4", - "description": "TypeScript definitions for lodash", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/lodash@4.17.4#types/lodash", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/lodash", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/%40jest/types@28.1.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4728e2c8c519acacff73ece53053b5a66ef40dc225493f007964e4a147597af7b0e38c1c359407b0454e88256d8159e51450fcd853da5f2732b39f1c7f69ae55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/types" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "jest-message-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@28.1.3#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c5767f487b06ede7be7328f7f5dbce87b7d10fa099984fb3f4918f9189b7986765ed3abe77a432c41684d65db7758782621a25a94c10bce1f73cc4c5d031bee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-message-util" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "jest-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@28.1.3#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dda9fa47c29712464a3f0b7e6e2d814cd9e991025b4820a66227d7809a18ec8f40aa64c6b4a7589bd11e5f588a86867d5ad74dc379b4dba6a21a3f5a8243ab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-util" + } + ] }, { - "url": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "description": "Jest's reporters", + "licenses": [ { - "alg": "SHA-512", - "content": "c1808fdba64bc5a4f7477f6488ddbe1dc278913777535c1a23f718ee2bd662a14fea95b764da6f8ba59de8f1d9c7b4ffb7ccf4be5917320dd060b6bb0d9fc825" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/lodash" - } - ] - }, - { - "type": "library", - "name": "pretty", - "group": "@types", - "version": "2.0.3", - "bom-ref": "@types/pretty@2.0.3", - "description": "TypeScript definitions for pretty", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/pretty@2.0.3#types/pretty", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pretty", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pretty", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/pretty/-/pretty-2.0.3.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/%40jest/reporters@28.1.3#packages/jest-reporters", + "externalReferences": [ { - "alg": "SHA-512", - "content": "c51f7aa5284d96bc4b777819ab30a76da0266d88624588d6e750831637a4b597a6aa9059040024330c66e2006b6893ffc5280a72c4212d77655cec03356a3855" + "url": "git+https://github.com/facebook/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26e032ef093141954d53f57a83dc4acc2182e4b557c7d14370004ab125e9e4c88a3c4136d78e1afef5d3103a32ce352964a7d5c29d3c5aa83903859f4cc0338e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/pretty" - } - ] - }, - { - "type": "library", - "name": "flat", - "version": "5.0.2", - "bom-ref": "flat@5.0.2", - "author": "Hugh Kennedy", - "description": "Take a nested Javascript object and flatten it, or unflatten an object with delimited keys", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/flat@5.0.2", - "externalReferences": [ - { - "url": "git://github.com/hughsk/flat.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/reporters" + } + ] }, { - "url": "https://github.com/hughsk/flat", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@28.1.3#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "919024c67484f85a84f188d6f2036ea159240bd23b4b5aa67a797cb0670338bae8a4048ff8191c18ac215e8caa42e18e19e618d32fe2c63addfe2111a445c736" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-result" + } + ] }, { - "url": "https://github.com/hughsk/flat/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "transform", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@28.1.3#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb9753e5d8bea0523a85f70b38719301f994c4546b8cafaf9da3f4924568c3d31dfcced5fccc6a40c3b3fd5576e5464ef29cde03d3e37d3a4ebba043bb048f40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/transform" + } + ] }, { - "url": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ { - "alg": "SHA-512", - "content": "6fab2e103fb9ff7ad3a5405d1b582ea4897c30f14200c034417c269632e1bc250a714bdd138816932f73a6e1827171ceb33e09f703c6356aba38aa66233cf785" + "license": { + "id": "BSD-3-Clause" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/flat" - } - ] - }, - { - "type": "library", - "name": "he", - "version": "1.2.0", - "bom-ref": "he@1.2.0", - "author": "Mathias Bynens", - "description": "A robust HTML entities encoder/decoder with full Unicode support.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/he@1.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/mathiasbynens/he.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument/node_modules/semver" + } + ] + } + ] }, { - "url": "https://mths.be/he", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "jest-worker", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@28.1.3#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aa440db6d1857fea30a8f155af02dd4a2b1e9e7a4d5520730f78b11ba5c7d27e411e5b204da69ca733fa3aabe5a6c3eb0e868b369a5df8c196d25f71b5dfffe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-worker" + } + ] }, { - "url": "https://github.com/mathiasbynens/he/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "convert-source-map", + "version": "1.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@1.9.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012141ba9d0ccf5bb28888c035a9f58f32d06a68bdcf53e86126428a2616d857333db7a75dce3915974164bcce4feafafa2722b8432876d982b62fa18da024d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/convert-source-map" + } + ] }, { - "url": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "jest-haste-map", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "licenses": [ { - "alg": "SHA-512", - "content": "17fd439d418fa29391662d278be0afac28074391721001d12d2029b9858c9ab6d2c28376327ffb93e1a5dfc8099d1ef2c83664e962d7c221a877524e58d0ca1b" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/he" - } - ] - }, - { - "type": "library", - "name": "domelementtype", - "version": "2.3.0", - "bom-ref": "domelementtype@2.3.0", - "author": "Felix Boehm", - "description": "all the types of nodes in htmlparser2's dom", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/domelementtype@2.3.0", - "externalReferences": [ - { - "url": "git://github.com/fb55/domelementtype.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/jest-haste-map@28.1.3#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd2f914160d771c5c32925a79076bf74fc2dfb6ab003c089cd1eb5c37168602be8a373e7f2dbc6732b26305d018f4117e5162f008d8422f0b9ece9a8b5f76d28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-haste-map" + } + ] }, { - "url": "https://github.com/fb55/domelementtype#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "jest-regex-util", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@28.0.2#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2cd08832348cb4cbd14af9c8e8558a316a64fb65ea3b321cea446c7b6036266909f5c2e718f6ba2d886901cf370c5d3b63ac200ffdfedff84d05efe7f13cd77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-regex-util" + } + ] }, { - "url": "https://github.com/fb55/domelementtype/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ci-info" + } + ] }, { - "url": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "jest-changed-files", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "licenses": [ { - "alg": "SHA-512", - "content": "38b113063eb0d0eb1a801c1d5e73dd37472731f17da2937af5ca3eed9adb7cf1ab7693d5341523d36b298ba07537bc0284b4223e7e02487ff326f5f0e7a8261f" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/domelementtype" - } - ] - }, - { - "type": "library", - "name": "chalk", - "version": "4.1.2", - "bom-ref": "chalk@4.1.2", - "description": "Terminal string styling done right", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/chalk@4.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/chalk.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/jest-changed-files@28.1.3#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ac68e7d45895e4da77d9b7d48fc82f2003590d7dd28b9105b2cec325aaaf26b184a534a7e66717d18199f809de0c195505fbbbfa741b347794ce00a6bb88888" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-changed-files" + } + ] }, { - "url": "https://github.com/chalk/chalk#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "jest-config", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@28.1.3#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "306dc836307227427802c3419bb4f786cbb1290a85222468fc052a6f5abd2d1288e5453a01aafd2476ebf48be7d535707d40fd2a2ad1a0cfd3eaef1795c40f1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-config" + } + ] }, { - "url": "https://github.com/chalk/chalk/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@28.1.3#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34830f12aa9ae7d3169c38b592f5d7a586eab1f426489b086e777ce667551a48837d0f564104d738bb2f21251fa279a7053fb0f395848277828a01047470c5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-sequencer" + } + ] }, { - "url": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "babel-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ { - "alg": "SHA-512", - "content": "a0a9db845c91217a54b9ecfc881326c846b89db8f820e432ba173fc32f6463bfd654f73020ef5503aebc3eef1190eefed06efa48b44e7b2c3d0a9434eb58b898" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/chalk" - } - ] - }, - { - "type": "library", - "name": "slash", - "version": "3.0.0", - "bom-ref": "slash@3.0.0", - "author": "Sindre Sorhus", - "description": "Convert Windows backslash paths to slash paths", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/slash@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/slash.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/slash#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/slash/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/babel-jest@28.1.3#packages/babel-jest", + "externalReferences": [ { - "alg": "SHA-512", - "content": "83d43585a79bcb7e8e492b706f89ed08618668ab1a5528d0ebc7c1c6841cbad9797d2d6fb98d7c1f7c12b778c5c85b6b931f8acf45751bce40e0cc80743322d9" + "url": "git+https://github.com/facebook/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a951a3ce116324ddc597d0cfec3ef0871c27bd7cc1406bff615c480a3fc9c57cd97f8e51a413db9cabd36a9191972c376e089612d14bd294f5300b44beac7e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/slash" - } - ] - }, - { - "type": "library", - "name": "v8-coverage", - "group": "@bcoe", - "version": "0.2.3", - "bom-ref": "@bcoe/v8-coverage@0.2.3", - "author": "Charles Samborski", - "description": "Helper functions for V8 coverage files.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40bcoe/v8-coverage@0.2.3", - "externalReferences": [ - { - "url": "git://github.com/demurgos/v8-coverage.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-jest" + } + ] }, { - "url": "https://demurgos.github.io/v8-coverage", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "jest-circus", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@28.1.3#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "719f9e4b9cdcefd301c2df88850862129d0e78175da5cd67f0c068d67301f00ee83cc2843be4ab7bec0768b25ec50523f586bff0d3816344444948188c1e9fa3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-circus" + } + ] }, { - "url": "https://github.com/demurgos/v8-coverage/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "environment", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@28.1.3#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b7f8d1c3054c490ac847f9f3947d233d566b20e31e81eabedb345c5604ab228cddc1560e978ca2a28a4c017d2d261032874f52587c14aa6da0cd9870c5805c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/environment" + } + ] }, { - "url": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "expect", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "licenses": [ { - "alg": "SHA-512", - "content": "d21610f120780dbe73bd90786b174c1c6c046908e467316342237d2d562f2050769d25075bdb58a715ab88fad60c0488c626976b1f3744470bc6e49d9c63d9b7" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@bcoe/v8-coverage" - } - ] - }, - { - "type": "library", - "name": "collect-v8-coverage", - "version": "1.0.2", - "bom-ref": "collect-v8-coverage@1.0.2", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/collect-v8-coverage@1.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/SimenB/collect-v8-coverage.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/%40jest/expect@28.1.3#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97373c0a951b4a813876a4f453e835a8e0d08c14473e908f5e2b2c5c3e264bdfac5907669a9789f73487d6b4b51c492bb0c3747dbee72ab27d822011d5ddf007" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect" + } + ] }, { - "url": "https://github.com/SimenB/collect-v8-coverage#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "expect", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@28.1.3#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "784874c67f0796cb8e07116022cb3eda65fce55012e10cb739292357bae5056963b40e28587dfb825546c8e65266f12b0d3ff2072c1974f1b0097b93bd21bce6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/expect" + } + ] }, { - "url": "https://github.com/SimenB/collect-v8-coverage/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "jest-snapshot", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@28.1.3#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e25ccc82d88d95cdc353ff2565f9aac4ddc0603e8618b6e5fbbdab741a57bdc57ec215fb983ad113390f769d919e67c8896060d586ee15291776e17625c69f26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-snapshot" + } + ] }, { - "url": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "dedent", + "version": "0.7.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "author": "Desmond Brand", + "description": "An ES6 string tag that strips indentation from multi-line strings", + "licenses": [ { - "alg": "SHA-512", - "content": "947978779fce3446cb949bda24db6c17f2f3f96bc1d3bbb6c9ca9361b76babb532a435da8a5112e2f6a561bd9e5a2245c599559a919e91faa8c50873c85753e1" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/collect-v8-coverage" - } - ] - }, - { - "type": "library", - "name": "exit", - "version": "0.1.2", - "bom-ref": "exit@0.1.2", - "author": "\"Cowboy\" Ben Alman", - "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://github.com/cowboy/node-exit/blob/master/LICENSE-MIT" - } - } - ], - "purl": "pkg:npm/exit@0.1.2", - "externalReferences": [ - { - "url": "git://github.com/cowboy/node-exit.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/dedent@0.7.0", + "externalReferences": [ + { + "url": "git://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "43a7ca50faa7007032862520154ec15332e2bf491df2c687f5a97bb67bb943fa248fa767ba9c724e01480635732404dd7c8026f4d02cbd73738da29af9bc55c8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dedent" + } + ] }, { - "url": "https://github.com/cowboy/node-exit", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "jest-each", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@28.1.3#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ab4f5cf8b20db2001539ba880e6d53ef4a548c4250c0e3ca30c74ec10cf0226ac5b4c98a581d83a8e071cbcfdab4055cc3554e2120b163cc9c344a8f5a08bfe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-each" + } + ] }, { - "url": "https://github.com/cowboy/node-exit/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "jest-get-type", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@28.0.2#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a88f6c3dfc3c526077ce9b994928275c0263c9cd05e66ccfd4ae5deb865821acfbd3dedb7eedaffea1773d6b390a98bbe88978ed57cddb116aa2fafb399e53c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-get-type" + } + ] }, { - "url": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "pretty-format", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ { - "alg": "SHA-512", - "content": "664fde34a576cdb8e92b3aec43e9f51baa6855b12b4312742c13895da299d445622f31fe86b2eef5c757238cf0f5d05026c970044a5b4363f5a12ee70f1b3a8d" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/exit" - } - ] - }, - { - "type": "library", - "name": "glob", - "version": "7.2.3", - "bom-ref": "glob@7.2.3", - "author": "Isaac Z. Schlueter", - "description": "a little globber", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/glob@7.2.3", - "externalReferences": [ - { - "url": "git://github.com/isaacs/node-glob.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/pretty-format@28.1.3#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2015bfd3a343a6c4747df994dbd780dfdaf371746097f20d71586513a94c394e266f7107f9b0728e6dde5470fc8b2f2a303700c03131775d6386d41ea6c65d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/pretty-format" + } + ] }, { - "url": "https://github.com/isaacs/node-glob#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "jest-matcher-utils", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@28.1.3#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "910789eea1de98a7dbccaa068c71eb44a1fa6ad831324f049e493688f4375f03baa04fca603f253183b388291e481f46e1a74f3389d1d4313c4dfe497961fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-matcher-utils" + } + ] }, { - "url": "https://github.com/isaacs/node-glob/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "jest-runtime", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@28.1.3#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "354fbcf3549c05040b7352471b9789194ed48b790b2ab9b008f3ed62c26d072922c6b3363a15509693261562633320df7641a004c3635c2181fde6f3b2034643" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runtime" + } + ] }, { - "url": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "jest-environment-node", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "licenses": [ { - "alg": "SHA-512", - "content": "9c5474ccba54d9809a471c28089bcbe94bc21f6245c85548bf04cbb087f6d40b8794cb240358614dd93e2e5609b4e958b7dbfa76fb330f604646a04bfa240af5" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/glob" - } - ] - }, - { - "type": "library", - "name": "graceful-fs", - "version": "4.2.11", - "bom-ref": "graceful-fs@4.2.11", - "description": "A drop-in replacement for fs, making various improvements.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/graceful-fs@4.2.11", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/node-graceful-fs.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-graceful-fs#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-graceful-fs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/jest-environment-node@28.1.3#packages/jest-environment-node", + "externalReferences": [ { - "alg": "SHA-512", - "content": "45b279fe398570d342703579a3d7939c12c9fc7b33595d0fef76dcf857f89d2feb263f98692e881b288e2f45680585fe9755ab97793ade1fcaac7fa7849d17bd" + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba03fa5ce844a6300484662fa795e3f7cf67b39701d4ae99763058b92df4ba64f80901044dac5288f719fc4d64164b57e0692b70ce2abb4ec82250d85f5829f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/graceful-fs" - } - ] - }, - { - "type": "library", - "name": "istanbul-lib-coverage", - "version": "3.2.2", - "bom-ref": "istanbul-lib-coverage@3.2.2", - "author": "Krishnan Anantheswaran", - "description": "Data library for istanbul coverage objects", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/istanbul-lib-coverage@3.2.2#packages/istanbul-lib-coverage", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-coverage", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-environment-node" + } + ] }, { - "url": "https://istanbul.js.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@28.1.3#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ffc0e90bd8f387bf9da1fa89393a3ff580e1bd1d2cb07683ed16c44252694220b5cd9f97885a67277770c88969499e91af42d99a8ea04ff79122d048a6c5f2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/fake-timers" + } + ] }, { - "url": "https://github.com/istanbuljs/istanbuljs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "jest-mock", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@28.1.3#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a372768ebe9d30c598547e0b87f34a9835dda2caec2608b802f892f285cbba3723a423016f514cb1b9439ce5ca64a7d28872f162e6f5792d081ee457b22a3d78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-mock" + } + ] }, { - "url": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "jest-resolve", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "licenses": [ { - "alg": "SHA-512", - "content": "3bc769b05fabd1657ff0c35129f9e6aed09686e2a3c6bab6c3e8e9cc12f95192938b62de5569d63a6591c4595eb0938d99cfb02c01af29064439a9e4a342c54e" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/istanbul-lib-coverage" - } - ] - }, - { - "type": "library", - "name": "core", - "group": "@babel", - "version": "7.24.4", - "bom-ref": "@babel/core@7.24.4", - "author": "The Babel Team", - "description": "Babel compiler core.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/core@7.24.4#packages/babel-core", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-core", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/jest-resolve@28.1.3#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6755b7b538c4e9068d23dd2aa3f049a5f9efa71b5a153170e420e0c29c84fcacfc53fd3a3751e37f889af6ab94842877f6a206585d59bb1162062250c1211829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve" + } + ] }, { - "url": "https://babel.dev/docs/en/next/babel-core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "jest-runner", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@28.1.3#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a4330e03ff451277ad8e54ed281208e7db74ccf9825ad94d96bb9cf3f71b1007533158a0ce96b9f290fc6732c374b6726595f2cf8a71d391aeb5bb44216b104" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runner" + } + ] }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20core%22+is%3Aopen", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "jest-validate", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@28.1.3#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4996ce181584b1a4f104608ea6c45695796f364bd3918d17c517e1ef3626bddf2e2f9433ca0d021c05e25ca44e7e587cd35aae03afbf0ec4f83830ed84e0bf38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-validate" + } + ] }, { - "url": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "jest-resolve-dependencies", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "licenses": [ { - "alg": "SHA-512", - "content": "3015653173fe924979dfde1104b4b1c64fe22d37951ae5d35777080d76af3e930caa74a7b7a6a92a06a7fd4f0edd44966425994ff4db81f12929ae2e3203780e" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/core" - } - ] - }, - { - "type": "library", - "name": "parser", - "group": "@babel", - "version": "7.24.4", - "bom-ref": "@babel/parser@7.24.4", - "author": "The Babel Team", - "description": "A JavaScript parser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/parser@7.24.4#packages/babel-parser", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-parser", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/jest-resolve-dependencies@28.1.3#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9ad103b64345f342834fa2e31b09cec1bedb1e9bc7908153cd9309fd2e74be4769fc0da5433cbfd4d609e00b42d39754585c9534b896b604c0b60db4df16b1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve-dependencies" + } + ] }, { - "url": "https://babel.dev/docs/en/next/babel-parser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "resolve.exports", + "version": "1.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "author": "Luke Edwards", + "description": "A tiny (813b), correct, general-purpose, and configurable \"exports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcdb691cd0cdee35a101a43d06f054619e984d7b110607ea58558fec16416a83093bf2371b9385cef4ee58d9590b768f8e29ecd45f9336b2cab066c7e2b7ec45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/resolve.exports" + } + ] }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A+parser+%28babylon%29%22+is%3Aopen", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "emittery", + "version": "0.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6884ea3b09cb6a7a472cd5d924435b3a08d405e1e8703fb1b1226636b8e8bca056e476d2a56dddd69125b3b18540f5165e2c06f7ed0fe06b477c4a82ff833423" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/emittery" + } + ] }, { - "url": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "jest-docblock", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "licenses": [ { - "alg": "SHA-512", - "content": "cd3bc405c82199e0666bd4081ae9d67afbc1029e3f42ef4176afb69343ade1f54c0fabf776c0bd58e71148a93bb5147204cff9df228c264a3dc4e6ad1900304a" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/parser" - } - ] - }, - { - "type": "library", - "name": "schema", - "group": "@istanbuljs", - "version": "0.1.3", - "bom-ref": "@istanbuljs/schema@0.1.3", - "author": "Corey Farrell", - "description": "Schemas describing various structures used by nyc and istanbuljs", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40istanbuljs/schema@0.1.3", - "externalReferences": [ - { - "url": "git+https://github.com/istanbuljs/schema.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/jest-docblock@28.1.1#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df06b2055362398c7473001b97daf09b990a14ff321c7dddfdf90468bd3634f4e40e88cfb6178607b1d9485638c335fe0f1cabbe15f3d0a482564b260a49c2b8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-docblock" + } + ] }, { - "url": "https://github.com/istanbuljs/schema#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "jest-leak-detector", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@28.1.3#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58554986742c88ab43128e651b698cd2fe344169c133eccc7471f226cf00599ec9d106494b9f4cb3229e2475a1a416411f7d92e3c14e56f1b23854f58740e5a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-leak-detector" + } + ] }, { - "url": "https://github.com/istanbuljs/schema/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "jest-watcher", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@28.1.3#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b78a9caa3f61cdefa3be214f50ddd802d0047859ebfdacc84d740430045fe5c330298d923014670904d72e2c53976d0e47a98b87d28b32b8152602484b29bed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-watcher" + } + ] }, { - "url": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "9.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ { - "alg": "SHA-512", - "content": "657458e2336f56049543c0cbdcb4dc6a4680b57c13554c44f3586c96cc83d80b685d6ff05686f5d0790e2755ffa4095c23b0fed98a192a0e5da3c1bfc3a45880" + "license": { + "id": "BSD-3-Clause" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/schema" - } - ] - }, - { - "type": "library", - "name": "istanbul-lib-report", - "version": "3.0.1", - "bom-ref": "istanbul-lib-report@3.0.1", - "author": "Krishnan Anantheswaran", - "description": "Base reporting library for istanbul", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/istanbul-lib-report@3.0.1#packages/istanbul-lib-report", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-report", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://istanbul.js.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/istanbuljs/istanbuljs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/%40sinonjs/fake-timers@9.1.2", + "externalReferences": [ { - "alg": "SHA-512", - "content": "1827c4d66b6c1c63842c253c7bf67b616ce99b26ebc7ff9d4937cbaef63ca9199a63acd74ca5a7e964088da005c34ebd89c9ba19530d920bb437323888f65437" + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04f4b8ca7256fe8f763d4478c20ae2cf651de60a524f9bf3e8641f322c440cad19f19094bf633b4a404bca41f9e93fbe5ecfbc967f734c66cebcd1887b4dbf8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/istanbul-lib-report" - } - ] - }, - { - "type": "library", - "name": "istanbul-lib-source-maps", - "version": "4.0.1", - "bom-ref": "istanbul-lib-source-maps@4.0.1", - "author": "Krishnan Anantheswaran", - "description": "Source maps support for istanbul", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/istanbul-lib-source-maps@4.0.1#packages/istanbul-lib-source-maps", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-source-maps", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/fake-timers" + } + ] }, { - "url": "https://istanbul.js.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "1.8.6", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@1.8.6", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2f9790092a3d94a6dcd2c17949e0efb101425ddc99e2612136861dd607f248d507e6ae9f74b85c146d8b6cedd7b9adb7498850388dc587a8266e9dad5bc125" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/commons" + } + ] }, { - "url": "https://github.com/istanbuljs/istanbuljs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "globals", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@28.1.3#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c55383f8a61cabc825eed696dca8c3b419241c61ed48b1a958083cd137285eb727b2c4c708c5ad75a8f343a5534b7ab7ad22d36a126618427d54633ff9c7534" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/globals" + } + ] }, { - "url": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "28.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "licenses": [ { - "alg": "SHA-512", - "content": "9f7b3c13091d1482421b704f28162fb248171a8cbcf00473bde8248ad93ad0dc5177096d2ce4da1fb09488c457bf0628ae5d10ef5da212371607e7cafccad657" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/istanbul-lib-source-maps" - } - ] - }, - { - "type": "library", - "name": "istanbul-reports", - "version": "3.1.7", - "bom-ref": "istanbul-reports@3.1.7", - "author": "Krishnan Anantheswaran", - "description": "istanbul reports", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/istanbul-reports@3.1.7#packages/istanbul-reports", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-reports", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/%40jest/source-map@28.1.2#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-28.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "715f0bc7705e4ad25bf22a4f1e7a95c3f20cd9508c58eddcad6673628752224c579d1717262a42771d4908ad0ae4cb09268b994131fbde6cdfe2f83145a1fdc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/source-map" + } + ] }, { - "url": "https://istanbul.js.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@28.1.3#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2f6e2f4b52b1c92e7dcd9435bac05da1bc832d77825497640d56b8eaf880521e2ae07eb477a3d46756dc7374418eda7f49c885b01e72df6f2e4acea04683660" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect-utils" + } + ] }, { - "url": "https://github.com/istanbuljs/istanbuljs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "jest-diff", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@28.1.3#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f11a8fd41fce5f38e34d692a317ebb8aa830055251802c8a0f72fd9eafba66a24c76f8c4f1180792da99ea336b91d313f9d26e60d237ae1429c5acfb76b2477f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-diff" + } + ] }, { - "url": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "diff-sequences", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ { - "alg": "SHA-512", - "content": "05ec265172267ae464d986343d56f180a032b2f8513d4404d21e5044cfbe9d55b2b9b28657497ca90e68a7cf81d833a6c127badc98af8f406390f4157fc7cfe6" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/istanbul-reports" - } - ] - }, - { - "type": "library", - "name": "merge-stream", - "version": "2.0.0", - "bom-ref": "merge-stream@2.0.0", - "author": "Stephen Sugden", - "description": "Create a stream that emits events from multiple other streams", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/merge-stream@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/grncdr/merge-stream.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/diff-sequences@28.1.1#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "154d2215a1ff136ddaf9aef5f25f106bfd7d6c5f69d3a9201342a2a4c38c69dc1add28e768494accf6940b4be789bb3afc1ffd9e2f7bb3ad6671e8e4f16d5f43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/diff-sequences" + } + ] }, { - "url": "https://github.com/grncdr/merge-stream#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/camelcase" + } + ] }, { - "url": "https://github.com/grncdr/merge-stream/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@28.1.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe5fd55ac76dfda057823b212d6385c85b77215758ca9bb9cb65a7dab38ed6e9fa9e4a889fc48b5f38083185c5c98b11583c85e44b6198a24c21d26f934f20ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/schemas" + } + ] }, { - "url": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ { - "alg": "SHA-512", - "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/merge-stream" - } - ] - }, - { - "type": "library", - "name": "supports-color", - "version": "8.1.1", - "bom-ref": "supports-color@8.1.1", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/supports-color@8.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ansi-styles" + } + ] }, { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.24.51", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.24.51", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4fd4e44e9bfaddb9b3f96850d265020b534beb2c22787ef1ede84a2a1c433ed83fc6e4c2b76c86b299428b8adf09b3d81b9ece54c899e43ff4d944e2f0e2d50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinclair/typebox" + } + ] }, { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "jest-cli", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@28.1.3#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae863792faefe7b0339f5c8f81d4de6cf017bdd476c5f7b368a298cd5c59e88b7fe4d0b1cc9ca6ead508e4fd7391d5a17d4624c4423db9959c41d6852e8f2625" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-cli" + } + ] }, { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "ts-jest", + "version": "28.0.8", + "bom-ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ { - "alg": "SHA-512", - "content": "3295043763a876d533c6f29097bd9c505ed14391221ec1af4ac546d226bd73945b5862f6088e02ec4a4f4bc513048a659e5cd988db95e7ac3e16e371cb7b72d9" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/supports-color" + "purl": "pkg:npm/ts-jest@28.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-28.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45686d255e644fcc0a62c7ca051bc44a8c0cf87a1b66f3230a393cb91d7ddf63a5bc926bceae6718d212831255b9d85268bfe7258546eb280aa87e78f89974e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@28.1.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fe7eea49be55801db41f9fbe1ca0d5f7cdfeb42d7309b1eccdbefc7c78887b88e47596e275a68c5881093517c3d8b4dabfe903830c70aab129d3152582e3dd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@28.1.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cded50a0267e79115293dda5af7c798ac04749d5fac4855196441ae43611b15dd72e1238bb43e500cd1c0abe6dbf5af9b6d7bd8402e1bf880ff4c720c714e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "4.9.5", + "bom-ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@4.9.5", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d455e4f44d879be433650ef3f8c7098872f8356d45d84cccbbd36af62df301a1aa89b69fa98c02554e96c9602ec90451cce971a2ef31652c972c437ca0a8f6e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yaml" + } + ] } ] }, { "type": "library", - "name": "string-length", - "version": "4.0.2", - "bom-ref": "string-length@4.0.2", - "author": "Sindre Sorhus", - "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes", + "name": "flat", + "group": "@types", + "version": "5.0.5", + "bom-ref": "@types/flat@5.0.5", + "description": "TypeScript definitions for flat", "licenses": [ { "license": { @@ -100268,30 +105925,30 @@ } } ], - "purl": "pkg:npm/string-length@4.0.2", + "purl": "pkg:npm/%40types/flat@5.0.5#types/flat", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/string-length.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/flat", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/string-length#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/flat", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/string-length/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "url": "https://registry.npmjs.org/@types/flat/-/flat-5.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fa5eab34de5f607361659cb8d515ec629b428c0d88826ab8106ee4640605408d44d554d76abafa64f5c183a7aaed8e9e2b8144858e80265cae1486ffbff4b455" + "content": "9cf2e58d940a4a769ce77283503ceecdd45f188d130dbe6a3eb6fe4ab43237732d750ace9c6b0a9e21cdd62619b0910121542f7bde18ea0373db6b2021266af9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100300,17 +105957,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/string-length" + "value": "node_modules/@types/flat" } ] }, { "type": "library", - "name": "terminal-link", - "version": "2.1.1", - "bom-ref": "terminal-link@2.1.1", - "author": "Sindre Sorhus", - "description": "Create clickable links in the terminal", + "name": "he", + "group": "@types", + "version": "1.2.3", + "bom-ref": "@types/he@1.2.3", + "description": "TypeScript definitions for he", "licenses": [ { "license": { @@ -100318,30 +105975,30 @@ } } ], - "purl": "pkg:npm/terminal-link@2.1.1", + "purl": "pkg:npm/%40types/he@1.2.3#types/he", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/terminal-link.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/he", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/terminal-link#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/he", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/terminal-link/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "url": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ba7d059a245440daf93c9ab2f643fb738d05e4139fa469584ebc689c30a111907ba7367144da7f6edfb29a2cbdfe7a705f26bd287f7d9c9fc65c522252460615" + "content": "abaeffab09716e50f3103bf31e1564c1cd60cd55b168dc5ec87501178c4496bbe32f5d4ef98b737bed5f1a904796bfc7f66ca20546945cd9cd3e6047c717c070" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100350,17 +106007,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/terminal-link" + "value": "node_modules/@types/he" } ] }, { "type": "library", - "name": "ansi-escapes", - "version": "4.3.2", - "bom-ref": "ansi-escapes@4.3.2", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for manipulating the terminal", + "name": "json-diff", + "group": "@types", + "version": "0.7.0", + "bom-ref": "@types/json-diff@0.7.0", + "description": "TypeScript definitions for json-diff", "licenses": [ { "license": { @@ -100368,30 +106025,30 @@ } } ], - "purl": "pkg:npm/ansi-escapes@4.3.2", + "purl": "pkg:npm/%40types/json-diff@0.7.0#types/json-diff", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/ansi-escapes.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-diff", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/ansi-escapes#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-diff", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/ansi-escapes/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "url": "https://registry.npmjs.org/@types/json-diff/-/json-diff-0.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "80a5e3e402eb29640bb181bd8e54d1991ff12a5bb11d5f99f501303488027ccd7fbb03cc0aecd55678799b04ddf8eb8165cc1220c6eab2c356466d65139d5069" + "content": "db4209aaea461f2c2d21a13a7d2df48b2821ddd56a55dce6b27ad89ff545b916902b12f1fd1187e4af618427dcb55c6037b2b32659c3ee060500eacdc220a0b4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100400,17 +106057,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ansi-escapes" + "value": "node_modules/@types/json-diff" } ] }, { "type": "library", - "name": "supports-hyperlinks", - "version": "2.3.0", - "bom-ref": "supports-hyperlinks@2.3.0", - "author": "James Talmage", - "description": "Detect if your terminal emulator supports hyperlinks", + "name": "jstoxml", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/jstoxml@2.0.4", + "description": "TypeScript definitions for jstoxml", "licenses": [ { "license": { @@ -100418,30 +106075,30 @@ } } ], - "purl": "pkg:npm/supports-hyperlinks@2.3.0", + "purl": "pkg:npm/%40types/jstoxml@2.0.4#types/jstoxml", "externalReferences": [ { - "url": "git+https://github.com/jamestalmage/supports-hyperlinks.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jstoxml", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/jamestalmage/supports-hyperlinks#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jstoxml", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jamestalmage/supports-hyperlinks/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "url": "https://registry.npmjs.org/@types/jstoxml/-/jstoxml-2.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "469b00665a56703c0e3d0036d9a087e09d2decbf09980bec0b17ce484c26edc42cdcbb21377e9069393077bd039c13970d61acb30d9e52873c09a4564f45ee9c" + "content": "5c750ca76b7c09f254b0ab7caa396ca595a59157af785836785fe4455f022a2350f8577798991f7b12035ed6449c6ff868965109534d9f8eb335d75254850dd3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100450,48 +106107,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/supports-hyperlinks" + "value": "node_modules/@types/jstoxml" } ] }, { "type": "library", - "name": "v8-to-istanbul", - "version": "9.2.0", - "bom-ref": "v8-to-istanbul@9.2.0", - "author": "Ben Coe", - "description": "convert from v8 coverage format to istanbul's format", + "name": "lodash", + "group": "@types", + "version": "4.17.4", + "bom-ref": "@types/lodash@4.17.4", + "description": "TypeScript definitions for lodash", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/v8-to-istanbul@9.2.0", + "purl": "pkg:npm/%40types/lodash@4.17.4#types/lodash", "externalReferences": [ { - "url": "git+https://github.com/istanbuljs/v8-to-istanbul.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/lodash", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/istanbuljs/v8-to-istanbul#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/v8-to-istanbul/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.2.0.tgz", + "url": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fc41ffb03831536786c5a8ca7702c20e6438156abe9298b7b829811a9c35c49b67031123943f23f0f122196a4220c22cddc88d0201f47774d3262524633c998c" + "content": "c1808fdba64bc5a4f7477f6488ddbe1dc278913777535c1a23f718ee2bd662a14fea95b764da6f8ba59de8f1d9c7b4ffb7ccf4be5917320dd060b6bb0d9fc825" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100500,17 +106157,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/v8-to-istanbul" + "value": "node_modules/@types/lodash" } ] }, { "type": "library", - "name": "istanbul-lib-coverage", + "name": "pretty", "group": "@types", - "version": "2.0.6", - "bom-ref": "@types/istanbul-lib-coverage@2.0.6", - "description": "TypeScript definitions for istanbul-lib-coverage", + "version": "2.0.3", + "bom-ref": "@types/pretty@2.0.3", + "description": "TypeScript definitions for pretty", "licenses": [ { "license": { @@ -100518,15 +106175,15 @@ } } ], - "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6#types/istanbul-lib-coverage", + "purl": "pkg:npm/%40types/pretty@2.0.3#types/pretty", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-coverage", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pretty", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-coverage", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pretty", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, @@ -100536,12 +106193,12 @@ "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "url": "https://registry.npmjs.org/@types/pretty/-/pretty-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d9017fb7f6ae5a6d25b32f17b4a54f1b5f6fdec48e42525efd81d981f8dbfca0411ce19257e276abf4baef5adcabdb9306b2c05e6669a8989a41b313fb3354d7" + "content": "c51f7aa5284d96bc4b777819ab30a76da0266d88624588d6e750831637a4b597a6aa9059040024330c66e2006b6893ffc5280a72c4212d77655cec03356a3855" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100550,17 +106207,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/istanbul-lib-coverage" + "value": "node_modules/@types/pretty" } ] }, { "type": "library", - "name": "babel-plugin-istanbul", - "version": "6.1.1", - "bom-ref": "babel-plugin-istanbul@6.1.1", - "author": "Thai Pangsakulyanont @dtinth", - "description": "A babel plugin that adds istanbul instrumentation to ES6 code", + "name": "flat", + "version": "5.0.2", + "bom-ref": "flat@5.0.2", + "author": "Hugh Kennedy", + "description": "Take a nested Javascript object and flatten it, or unflatten an object with delimited keys", "licenses": [ { "license": { @@ -100568,30 +106225,30 @@ } } ], - "purl": "pkg:npm/babel-plugin-istanbul@6.1.1", + "purl": "pkg:npm/flat@5.0.2", "externalReferences": [ { - "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git", + "url": "git://github.com/hughsk/flat.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme", + "url": "https://github.com/hughsk/flat", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues", + "url": "https://github.com/hughsk/flat/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "url": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "635210a24f7cdb5702f689c2c79a2d8057d19bb2e6f88fb0c313b1ef7f0cfd62cf67d438da6e081b95b414d5fc58b2f6818319a37264b97207d833a958cfaac0" + "content": "6fab2e103fb9ff7ad3a5405d1b582ea4897c30f14200c034417c269632e1bc250a714bdd138816932f73a6e1827171ceb33e09f703c6356aba38aa66233cf785" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100600,17 +106257,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/babel-plugin-istanbul" + "value": "node_modules/flat" } ] }, { "type": "library", - "name": "fast-json-stable-stringify", - "version": "2.1.0", - "bom-ref": "fast-json-stable-stringify@2.1.0", - "author": "James Halliday", - "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify", + "name": "he", + "version": "1.2.0", + "bom-ref": "he@1.2.0", + "author": "Mathias Bynens", + "description": "A robust HTML entities encoder/decoder with full Unicode support.", "licenses": [ { "license": { @@ -100618,30 +106275,30 @@ } } ], - "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", + "purl": "pkg:npm/he@1.2.0", "externalReferences": [ { - "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", + "url": "git+https://github.com/mathiasbynens/he.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/epoberezkin/fast-json-stable-stringify", + "url": "https://mths.be/he", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", + "url": "https://github.com/mathiasbynens/he/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "url": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f" + "content": "17fd439d418fa29391662d278be0afac28074391721001d12d2029b9858c9ab6d2c28376327ffb93e1a5dfc8099d1ef2c83664e962d7c221a877524e58d0ca1b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100650,48 +106307,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fast-json-stable-stringify" + "value": "node_modules/he" } ] }, { "type": "library", - "name": "write-file-atomic", - "version": "4.0.2", - "bom-ref": "write-file-atomic@4.0.2", - "author": "GitHub Inc.", - "description": "Write files in an atomic fashion w/configurable ownership", + "name": "domelementtype", + "version": "2.3.0", + "bom-ref": "domelementtype@2.3.0", + "author": "Felix Boehm", + "description": "all the types of nodes in htmlparser2's dom", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/write-file-atomic@4.0.2", + "purl": "pkg:npm/domelementtype@2.3.0", "externalReferences": [ { - "url": "git+https://github.com/npm/write-file-atomic.git", + "url": "git://github.com/fb55/domelementtype.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/write-file-atomic", + "url": "https://github.com/fb55/domelementtype#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/write-file-atomic/issues", + "url": "https://github.com/fb55/domelementtype/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", + "url": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ecac5ab947419927569e6a5a18583ea69363285f2e34baf2f0bcb38dab900ce54e35f14b34aacabd03b167f56e4c8712fe081efd835a85fe512084164d26ab96" + "content": "38b113063eb0d0eb1a801c1d5e73dd37472731f17da2937af5ca3eed9adb7cf1ab7693d5341523d36b298ba07537bc0284b4223e7e02487ff326f5f0e7a8261f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100700,17 +106357,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/write-file-atomic" + "value": "node_modules/domelementtype" } ] }, { "type": "library", - "name": "execa", - "version": "5.1.1", - "bom-ref": "execa@5.1.1", - "author": "Sindre Sorhus", - "description": "Process execution for humans", + "name": "chalk", + "version": "4.1.2", + "bom-ref": "chalk@4.1.2", + "description": "Terminal string styling done right", "licenses": [ { "license": { @@ -100718,30 +106374,30 @@ } } ], - "purl": "pkg:npm/execa@5.1.1", + "purl": "pkg:npm/chalk@4.1.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/execa.git", + "url": "git+https://github.com/chalk/chalk.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/execa#readme", + "url": "https://github.com/chalk/chalk#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/execa/issues", + "url": "https://github.com/chalk/chalk/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "url": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f2e4a9659a1c01944100f20420d263dcba3d1f21a2b6595ccdcdbb121e586288e3305327f321cc0cc6941c4d89a9fab4e43ff0b9cc08e091944725edd6f721ca" + "content": "a0a9db845c91217a54b9ecfc881326c846b89db8f820e432ba173fc32f6463bfd654f73020ef5503aebc3eef1190eefed06efa48b44e7b2c3d0a9434eb58b898" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100750,17 +106406,69 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/execa" + "value": "node_modules/chalk" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "chalk@4.1.2|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk/node_modules/supports-color" + } + ] } ] }, { "type": "library", - "name": "p-limit", - "version": "3.1.0", - "bom-ref": "p-limit@3.1.0", + "name": "slash", + "version": "3.0.0", + "bom-ref": "slash@3.0.0", "author": "Sindre Sorhus", - "description": "Run multiple promise-returning & async functions with limited concurrency", + "description": "Convert Windows backslash paths to slash paths", "licenses": [ { "license": { @@ -100768,30 +106476,30 @@ } } ], - "purl": "pkg:npm/p-limit@3.1.0", + "purl": "pkg:npm/slash@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/p-limit.git", + "url": "git+https://github.com/sindresorhus/slash.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/p-limit#readme", + "url": "https://github.com/sindresorhus/slash#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/p-limit/issues", + "url": "https://github.com/sindresorhus/slash/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "url": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4d839a9ccdf01b0346b193767154d83c0af0e39e319d78f9aa6585d5b12801ce3e714fe897b19587ba1d7af8e9d4534776e1dcdca64c70576ec54e5773ab8945" + "content": "83d43585a79bcb7e8e492b706f89ed08618668ab1a5528d0ebc7c1c6841cbad9797d2d6fb98d7c1f7c12b778c5c85b6b931f8acf45751bce40e0cc80743322d9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100800,16 +106508,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/p-limit" + "value": "node_modules/slash" } ] }, { "type": "library", - "name": "co", - "version": "4.6.0", - "bom-ref": "co@4.6.0", - "description": "generator async control flow goodness", + "name": "v8-coverage", + "group": "@bcoe", + "version": "0.2.3", + "bom-ref": "@bcoe/v8-coverage@0.2.3", + "author": "Charles Samborski", + "description": "Helper functions for V8 coverage files.", "licenses": [ { "license": { @@ -100817,30 +106527,30 @@ } } ], - "purl": "pkg:npm/co@4.6.0", + "purl": "pkg:npm/%40bcoe/v8-coverage@0.2.3", "externalReferences": [ { - "url": "git+https://github.com/tj/co.git", + "url": "git://github.com/demurgos/v8-coverage.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tj/co#readme", + "url": "https://demurgos.github.io/v8-coverage", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tj/co/issues", + "url": "https://github.com/demurgos/v8-coverage/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "url": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4156f474ce47bc6fae6b18ad9bcc0e365ee396dc7c76a85f537dc372ab4e65c2d25482920c32c38bbfb42db00a8b223c843f6ee369b66315d290c1964e169e71" + "content": "d21610f120780dbe73bd90786b174c1c6c046908e467316342237d2d562f2050769d25075bdb58a715ab88fad60c0488c626976b1f3744470bc6e49d9c63d9b7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100849,17 +106559,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/co" + "value": "node_modules/@bcoe/v8-coverage" } ] }, { "type": "library", - "name": "is-generator-fn", - "version": "2.1.0", - "bom-ref": "is-generator-fn@2.1.0", - "author": "Sindre Sorhus", - "description": "Check if something is a generator function", + "name": "collect-v8-coverage", + "version": "1.0.2", + "bom-ref": "collect-v8-coverage@1.0.2", "licenses": [ { "license": { @@ -100867,30 +106575,30 @@ } } ], - "purl": "pkg:npm/is-generator-fn@2.1.0", + "purl": "pkg:npm/collect-v8-coverage@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-generator-fn.git", + "url": "git+https://github.com/SimenB/collect-v8-coverage.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-generator-fn#readme", + "url": "https://github.com/SimenB/collect-v8-coverage#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-generator-fn/issues", + "url": "https://github.com/SimenB/collect-v8-coverage/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "url": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49" + "content": "947978779fce3446cb949bda24db6c17f2f3f96bc1d3bbb6c9ca9361b76babb532a435da8a5112e2f6a561bd9e5a2245c599559a919e91faa8c50873c85753e1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100899,48 +106607,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-generator-fn" + "value": "node_modules/collect-v8-coverage" } ] }, { "type": "library", - "name": "stack-utils", - "version": "2.0.6", - "bom-ref": "stack-utils@2.0.6", - "author": "James Talmage", - "description": "Captures and cleans stack traces", + "name": "exit", + "version": "0.1.2", + "bom-ref": "exit@0.1.2", + "author": "\"Cowboy\" Ben Alman", + "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", "licenses": [ { "license": { - "id": "MIT" + "id": "MIT", + "url": "https://github.com/cowboy/node-exit/blob/master/LICENSE-MIT" } } ], - "purl": "pkg:npm/stack-utils@2.0.6", + "purl": "pkg:npm/exit@0.1.2", "externalReferences": [ { - "url": "git+https://github.com/tapjs/stack-utils.git", + "url": "git://github.com/cowboy/node-exit.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tapjs/stack-utils#readme", + "url": "https://github.com/cowboy/node-exit", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tapjs/stack-utils/issues", + "url": "https://github.com/cowboy/node-exit/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "url": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e5916bdf226e919ac5ad349c7ebaab4a2d2f1ea856f1520d19ccb5ea63471a132f65ee1aee5fc2298839e3b0b6afa0182a08247bd53a963bc31a5d885e27745" + "content": "664fde34a576cdb8e92b3aec43e9f51baa6855b12b4312742c13895da299d445622f31fe86b2eef5c757238cf0f5d05026c970044a5b4363f5a12ee70f1b3a8d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100949,48 +106658,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/stack-utils" + "value": "node_modules/exit" } ] }, { "type": "library", - "name": "parse-json", - "version": "5.2.0", - "bom-ref": "parse-json@5.2.0", - "author": "Sindre Sorhus", - "description": "Parse JSON with more helpful errors", + "name": "glob", + "version": "7.2.3", + "bom-ref": "glob@7.2.3", + "author": "Isaac Z. Schlueter", + "description": "a little globber", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/parse-json@5.2.0", + "purl": "pkg:npm/glob@7.2.3", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/parse-json.git", + "url": "git://github.com/isaacs/node-glob.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/parse-json#readme", + "url": "https://github.com/isaacs/node-glob#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/parse-json/issues", + "url": "https://github.com/isaacs/node-glob/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "url": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6b208abe6fe98421b13a461148233cda20f072df3f1289d2120092c56c43eef7ba8c7820b059787d955004f44d810a0a8ae57fa1d845ac6cd05d9c1b89f0bc46" + "content": "9c5474ccba54d9809a471c28089bcbe94bc21f6245c85548bf04cbb087f6d40b8794cb240358614dd93e2e5609b4e958b7dbfa76fb330f604646a04bfa240af5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -100999,48 +106708,149 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/parse-json" + "value": "node_modules/glob" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "glob@7.2.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "glob@7.2.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/brace-expansion" + } + ] } ] }, { "type": "library", - "name": "strip-json-comments", - "version": "3.1.1", - "bom-ref": "strip-json-comments@3.1.1", - "author": "Sindre Sorhus", - "description": "Strip comments from JSON. Lets you use comments in your JSON files!", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/strip-json-comments@3.1.1", + "purl": "pkg:npm/graceful-fs@4.2.11", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/strip-json-comments.git", + "url": "git+https://github.com/isaacs/node-graceful-fs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/strip-json-comments#readme", + "url": "https://github.com/isaacs/node-graceful-fs#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/strip-json-comments/issues", + "url": "https://github.com/isaacs/node-graceful-fs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "url": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e9f3dcf91e22870a8fe8dfda22fd9fd60307f25395b56407a2a0b8c8aea8483555a1cba602c7c2aa39179ea89832198cc12fe61072e9ed57a196ddea97a9448a" + "content": "45b279fe398570d342703579a3d7939c12c9fc7b33595d0fef76dcf857f89d2feb263f98692e881b288e2f45680585fe9755ab97793ade1fcaac7fa7849d17bd" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101049,48 +106859,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/strip-json-comments" + "value": "node_modules/graceful-fs" } ] }, { "type": "library", - "name": "graceful-fs", - "group": "@types", - "version": "4.1.9", - "bom-ref": "@types/graceful-fs@4.1.9", - "description": "TypeScript definitions for graceful-fs", + "name": "istanbul-lib-coverage", + "version": "3.2.2", + "bom-ref": "istanbul-lib-coverage@3.2.2", + "author": "Krishnan Anantheswaran", + "description": "Data library for istanbul coverage objects", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/%40types/graceful-fs@4.1.9#types/graceful-fs", + "purl": "pkg:npm/istanbul-lib-coverage@3.2.2#packages/istanbul-lib-coverage", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/graceful-fs", + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-coverage", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/graceful-fs", + "url": "https://istanbul.js.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/istanbuljs/istanbuljs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", + "url": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a253f7b1dd6a3847b97574d2685bd01bed3655d45771dcad58b019b00ab53de714f2ea9002192b9db962ec36a08ed5ca5bf065ed825b52c6bc30f72e73c2c711" + "content": "3bc769b05fabd1657ff0c35129f9e6aed09686e2a3c6bab6c3e8e9cc12f95192938b62de5569d63a6591c4595eb0938d99cfb02c01af29064439a9e4a342c54e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101099,48 +106909,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/graceful-fs" + "value": "node_modules/istanbul-lib-coverage" } ] }, { "type": "library", - "name": "anymatch", - "version": "3.1.3", - "bom-ref": "anymatch@3.1.3", - "author": "Elan Shanker", - "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions", + "name": "core", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/core@7.24.4", + "author": "The Babel Team", + "description": "Babel compiler core.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/anymatch@3.1.3", + "purl": "pkg:npm/%40babel/core@7.24.4#packages/babel-core", "externalReferences": [ { - "url": "git+https://github.com/micromatch/anymatch.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-core", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/micromatch/anymatch", + "url": "https://babel.dev/docs/en/next/babel-core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/micromatch/anymatch/issues", + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20core%22+is%3Aopen", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "url": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + "content": "3015653173fe924979dfde1104b4b1c64fe22d37951ae5d35777080d76af3e930caa74a7b7a6a92a06a7fd4f0edd44966425994ff4db81f12929ae2e3203780e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101149,48 +106960,101 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/anymatch" + "value": "node_modules/@babel/core" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/core@7.24.4|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core/node_modules/semver" + } + ] } ] }, { "type": "library", - "name": "fb-watchman", - "version": "2.0.2", - "bom-ref": "fb-watchman@2.0.2", - "author": "Wez Furlong", - "description": "Bindings for the Watchman file watching service", + "name": "parser", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/parser@7.24.4", + "author": "The Babel Team", + "description": "A JavaScript parser", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/fb-watchman@2.0.2", + "purl": "pkg:npm/%40babel/parser@7.24.4#packages/babel-parser", "externalReferences": [ { - "url": "git+ssh://git@github.com/facebook/watchman.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-parser", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://facebook.github.io/watchman/", + "url": "https://babel.dev/docs/en/next/babel-parser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/watchman/issues", + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A+parser+%28babylon%29%22+is%3Aopen", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", + "url": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a79d7ad41a9bb826929c1f2321bcd01ce96982c3e62b9ac95437c328ef75031b39342d6ebb71d1426eb0b7d71df7ff86b504083b9dc97465d7a320e94c0b2060" + "content": "cd3bc405c82199e0666bd4081ae9d67afbc1029e3f42ef4176afb69343ade1f54c0fabf776c0bd58e71148a93bb5147204cff9df228c264a3dc4e6ad1900304a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101199,17 +107063,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fb-watchman" + "value": "node_modules/@babel/parser" } ] }, { "type": "library", - "name": "fsevents", - "version": "2.3.3", - "bom-ref": "fsevents@2.3.3", - "description": "Native Access to MacOS FSEvents", - "scope": "optional", + "name": "schema", + "group": "@istanbuljs", + "version": "0.1.3", + "bom-ref": "@istanbuljs/schema@0.1.3", + "author": "Corey Farrell", + "description": "Schemas describing various structures used by nyc and istanbuljs", "licenses": [ { "license": { @@ -101217,30 +107082,30 @@ } } ], - "purl": "pkg:npm/fsevents@2.3.3", + "purl": "pkg:npm/%40istanbuljs/schema@0.1.3", "externalReferences": [ { - "url": "git+https://github.com/fsevents/fsevents.git", + "url": "git+https://github.com/istanbuljs/schema.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/fsevents/fsevents", + "url": "https://github.com/istanbuljs/schema#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/fsevents/fsevents/issues", + "url": "https://github.com/istanbuljs/schema/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "url": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + "content": "657458e2336f56049543c0cbdcb4dc6a4680b57c13554c44f3586c96cc83d80b685d6ff05686f5d0790e2755ffa4095c23b0fed98a192a0e5da3c1bfc3a45880" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101249,48 +107114,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fsevents" + "value": "node_modules/@istanbuljs/schema" } ] }, { "type": "library", - "name": "walker", - "version": "1.0.8", - "bom-ref": "walker@1.0.8", - "author": "Naitik Shah", - "description": "A simple directory tree walker.", + "name": "istanbul-lib-report", + "version": "3.0.1", + "bom-ref": "istanbul-lib-report@3.0.1", + "author": "Krishnan Anantheswaran", + "description": "Base reporting library for istanbul", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/walker@1.0.8", + "purl": "pkg:npm/istanbul-lib-report@3.0.1#packages/istanbul-lib-report", "externalReferences": [ { - "url": "git+https://github.com/daaku/nodejs-walker.git", + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-report", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/daaku/nodejs-walker", + "url": "https://istanbul.js.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/daaku/nodejs-walker/issues", + "url": "https://github.com/istanbuljs/istanbuljs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "url": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b6cffc13c9796fb918d2f9562dec0e9035cc98f74b7155781a63902f2c6e4acc0826cc1e78566d02c305ee4d4db33cfe4d8050ae56119b33a7af7f7ccb525e99" + "content": "1827c4d66b6c1c63842c253c7bf67b616ce99b26ebc7ff9d4937cbaef63ca9199a63acd74ca5a7e964088da005c34ebd89c9ba19530d920bb437323888f65437" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101299,49 +107164,100 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/walker" + "value": "node_modules/istanbul-lib-report" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report/node_modules/supports-color" + } + ] } ] }, { "type": "library", - "name": "code-frame", - "group": "@babel", - "version": "7.24.2", - "bom-ref": "@babel/code-frame@7.24.2", - "author": "The Babel Team", - "description": "Generate errors that contain a code frame that point to source locations.", + "name": "istanbul-lib-source-maps", + "version": "4.0.1", + "bom-ref": "istanbul-lib-source-maps@4.0.1", + "author": "Krishnan Anantheswaran", + "description": "Source maps support for istanbul", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/%40babel/code-frame@7.24.2#packages/babel-code-frame", + "purl": "pkg:npm/istanbul-lib-source-maps@4.0.1#packages/istanbul-lib-source-maps", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-source-maps", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://babel.dev/docs/en/next/babel-code-frame", + "url": "https://istanbul.js.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen", + "url": "https://github.com/istanbuljs/istanbuljs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", + "url": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cb9fad2d0c95f298377ec8a59faec154b0f53f5dc4838961e515bd985d3352ebcbaeff6e210e0c08bf82453f854ec0650637086a7e8f1ac2dc04dd26dc2954c9" + "content": "9f7b3c13091d1482421b704f28162fb248171a8cbcf00473bde8248ad93ad0dc5177096d2ce4da1fb09488c457bf0628ae5d10ef5da212371607e7cafccad657" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101350,48 +107266,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/code-frame" + "value": "node_modules/istanbul-lib-source-maps" } ] }, { "type": "library", - "name": "stack-utils", - "group": "@types", - "version": "2.0.3", - "bom-ref": "@types/stack-utils@2.0.3", - "description": "TypeScript definitions for stack-utils", + "name": "istanbul-reports", + "version": "3.1.7", + "bom-ref": "istanbul-reports@3.1.7", + "author": "Krishnan Anantheswaran", + "description": "istanbul reports", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/%40types/stack-utils@2.0.3#types/stack-utils", + "purl": "pkg:npm/istanbul-reports@3.1.7#packages/istanbul-reports", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/stack-utils", + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-reports", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/stack-utils", + "url": "https://istanbul.js.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/istanbuljs/istanbuljs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", + "url": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f5a11b619dd36d83339cf75c76bdd2988acb5f00bf00a65741e09ff4f81aa3908a6fc0b21ee117e63cd63d392fade82f85124772944ee81168196f7271a3a463" + "content": "05ec265172267ae464d986343d56f180a032b2f8513d4404d21e5044cfbe9d55b2b9b28657497ca90e68a7cf81d833a6c127badc98af8f406390f4157fc7cfe6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101400,16 +107316,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/stack-utils" + "value": "node_modules/istanbul-reports" } ] }, { "type": "library", - "name": "jest-pnp-resolver", - "version": "1.2.3", - "bom-ref": "jest-pnp-resolver@1.2.3", - "description": "plug'n'play resolver for Webpack", + "name": "merge-stream", + "version": "2.0.0", + "bom-ref": "merge-stream@2.0.0", + "author": "Stephen Sugden", + "description": "Create a stream that emits events from multiple other streams", "licenses": [ { "license": { @@ -101417,30 +107334,30 @@ } } ], - "purl": "pkg:npm/jest-pnp-resolver@1.2.3", + "purl": "pkg:npm/merge-stream@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/arcanis/jest-pnp-resolver.git", + "url": "git+https://github.com/grncdr/merge-stream.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/arcanis/jest-pnp-resolver", + "url": "https://github.com/grncdr/merge-stream#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/arcanis/jest-pnp-resolver/issues", + "url": "https://github.com/grncdr/merge-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", + "url": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fb7369c10127468201b71e1fca16e54033e0248d07d48108917ed284b5233c603b4ed513bc8d6888a8b7491e28051d21421411f349785807b946b5c1c16300f3" + "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101449,17 +107366,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-pnp-resolver" + "value": "node_modules/merge-stream" } ] }, { "type": "library", - "name": "detect-newline", - "version": "3.1.0", - "bom-ref": "detect-newline@3.1.0", + "name": "supports-color", + "version": "8.1.1", + "bom-ref": "supports-color@8.1.1", "author": "Sindre Sorhus", - "description": "Detect the dominant newline character of a string", + "description": "Detect whether a terminal supports color", "licenses": [ { "license": { @@ -101467,30 +107384,30 @@ } } ], - "purl": "pkg:npm/detect-newline@3.1.0", + "purl": "pkg:npm/supports-color@8.1.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/detect-newline.git", + "url": "git+https://github.com/chalk/supports-color.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/detect-newline#readme", + "url": "https://github.com/chalk/supports-color#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/detect-newline/issues", + "url": "https://github.com/chalk/supports-color/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "url": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4cbcfec7fbc45e6fd8ecfef09f510914d2f1629503e1380ca2cc58e9f0152549c931bba91c13a7731c96506f4ea53687f44043eee148e4b7c482630e739e03b0" + "content": "3295043763a876d533c6f29097bd9c505ed14391221ec1af4ac546d226bd73945b5862f6088e02ec4a4f4bc513048a659e5cd988db95e7ac3e16e371cb7b72d9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101499,16 +107416,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/detect-newline" + "value": "node_modules/supports-color" } ] }, { "type": "library", - "name": "source-map-support", - "version": "0.5.13", - "bom-ref": "source-map-support@0.5.13", - "description": "Fixes stack traces for files with source maps", + "name": "string-length", + "version": "4.0.2", + "bom-ref": "string-length@4.0.2", + "author": "Sindre Sorhus", + "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes", "licenses": [ { "license": { @@ -101516,30 +107434,30 @@ } } ], - "purl": "pkg:npm/source-map-support@0.5.13", + "purl": "pkg:npm/string-length@4.0.2", "externalReferences": [ { - "url": "git+https://github.com/evanw/node-source-map-support.git", + "url": "git+https://github.com/sindresorhus/string-length.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/evanw/node-source-map-support#readme", + "url": "https://github.com/sindresorhus/string-length#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/evanw/node-source-map-support/issues", + "url": "https://github.com/sindresorhus/string-length/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", + "url": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "48748a14769d8d5039a11e0f3ea86d01575c056c1161577a83a7005e721b4622307361213eb4ee29405d48bbe510ac883f71827fcf5f96dbdc6623fd30c140d7" + "content": "fa5eab34de5f607361659cb8d515ec629b428c0d88826ab8106ee4640605408d44d554d76abafa64f5c183a7aaed8e9e2b8144858e80265cae1486ffbff4b455" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101548,17 +107466,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/source-map-support" + "value": "node_modules/string-length" } ] }, { "type": "library", - "name": "type-detect", - "version": "4.0.8", - "bom-ref": "type-detect@4.0.8", - "author": "Jake Luer", - "description": "Improved typeof detection for node.js and the browser.", + "name": "terminal-link", + "version": "2.1.1", + "bom-ref": "terminal-link@2.1.1", + "author": "Sindre Sorhus", + "description": "Create clickable links in the terminal", "licenses": [ { "license": { @@ -101566,30 +107484,30 @@ } } ], - "purl": "pkg:npm/type-detect@4.0.8", + "purl": "pkg:npm/terminal-link@2.1.1", "externalReferences": [ { - "url": "git+ssh://git@github.com/chaijs/type-detect.git", + "url": "git+https://github.com/sindresorhus/terminal-link.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chaijs/type-detect#readme", + "url": "https://github.com/sindresorhus/terminal-link#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chaijs/type-detect/issues", + "url": "https://github.com/sindresorhus/terminal-link/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "url": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d1faff9881f57653bec7b4e570ccbe6c80ea28fb30ffbd2d5727875bbf3b828423866a9a65ed74bb02ee8ee6caf6af4b83a162868d4a50a0d8cf467b93b839fe" + "content": "ba7d059a245440daf93c9ab2f643fb738d05e4139fa469584ebc689c30a111907ba7367144da7f6edfb29a2cbdfe7a705f26bd287f7d9c9fc65c522252460615" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101598,17 +107516,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/type-detect" + "value": "node_modules/terminal-link" } ] }, { "type": "library", - "name": "callsites", - "version": "3.1.0", - "bom-ref": "callsites@3.1.0", + "name": "ansi-escapes", + "version": "4.3.2", + "bom-ref": "ansi-escapes@4.3.2", "author": "Sindre Sorhus", - "description": "Get callsites from the V8 stack trace API", + "description": "ANSI escape codes for manipulating the terminal", "licenses": [ { "license": { @@ -101616,30 +107534,30 @@ } } ], - "purl": "pkg:npm/callsites@3.1.0", + "purl": "pkg:npm/ansi-escapes@4.3.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/callsites.git", + "url": "git+https://github.com/sindresorhus/ansi-escapes.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/callsites#readme", + "url": "https://github.com/sindresorhus/ansi-escapes#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/callsites/issues", + "url": "https://github.com/sindresorhus/ansi-escapes/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "url": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69" + "content": "80a5e3e402eb29640bb181bd8e54d1991ff12a5bb11d5f99f501303488027ccd7fbb03cc0aecd55678799b04ddf8eb8165cc1220c6eab2c356466d65139d5069" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101648,17 +107566,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/callsites" + "value": "node_modules/ansi-escapes" } ] }, { "type": "library", - "name": "cjs-module-lexer", - "version": "1.2.3", - "bom-ref": "cjs-module-lexer@1.2.3", - "author": "Guy Bedford", - "description": "Lexes CommonJS modules, returning their named exports metadata", + "name": "supports-hyperlinks", + "version": "2.3.0", + "bom-ref": "supports-hyperlinks@2.3.0", + "author": "James Talmage", + "description": "Detect if your terminal emulator supports hyperlinks", "licenses": [ { "license": { @@ -101666,30 +107584,30 @@ } } ], - "purl": "pkg:npm/cjs-module-lexer@1.2.3", + "purl": "pkg:npm/supports-hyperlinks@2.3.0", "externalReferences": [ { - "url": "git+https://github.com/nodejs/cjs-module-lexer.git", + "url": "git+https://github.com/jamestalmage/supports-hyperlinks.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodejs/cjs-module-lexer#readme", + "url": "https://github.com/jamestalmage/supports-hyperlinks#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodejs/cjs-module-lexer/issues", + "url": "https://github.com/jamestalmage/supports-hyperlinks/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", + "url": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d133621acb5b426085c2de1a9238c1839a4b4534b28ff3e4590d59a0edb39ed9a0f722ea491c7011ae2209f40b1a3aa18aa05f3896bb5bf13cc1f1ab4c39a565" + "content": "469b00665a56703c0e3d0036d9a087e09d2decbf09980bec0b17ce484c26edc42cdcbb21377e9069393077bd039c13970d61acb30d9e52873c09a4564f45ee9c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101698,48 +107616,100 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cjs-module-lexer" + "value": "node_modules/supports-hyperlinks" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks/node_modules/supports-color" + } + ] } ] }, { "type": "library", - "name": "strip-bom", - "version": "4.0.0", - "bom-ref": "strip-bom@4.0.0", - "author": "Sindre Sorhus", - "description": "Strip UTF-8 byte order mark (BOM) from a string", + "name": "v8-to-istanbul", + "version": "9.2.0", + "bom-ref": "v8-to-istanbul@9.2.0", + "author": "Ben Coe", + "description": "convert from v8 coverage format to istanbul's format", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/strip-bom@4.0.0", + "purl": "pkg:npm/v8-to-istanbul@9.2.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/strip-bom.git", + "url": "git+https://github.com/istanbuljs/v8-to-istanbul.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/strip-bom#readme", + "url": "https://github.com/istanbuljs/v8-to-istanbul#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/strip-bom/issues", + "url": "https://github.com/istanbuljs/v8-to-istanbul/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "url": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "df1bab16fe6d1208a2df7662f09b69e79c042082d1f5e877e05016d343d97fe2674ac4e657f8a87b04a0425f7b247be08e8446c0f4a1b169be21daf1077e5dd3" + "content": "fc41ffb03831536786c5a8ca7702c20e6438156abe9298b7b829811a9c35c49b67031123943f23f0f122196a4220c22cddc88d0201f47774d3262524633c998c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101748,18 +107718,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/strip-bom" + "value": "node_modules/v8-to-istanbul" } ] }, { "type": "library", - "name": "generator", - "group": "@babel", - "version": "7.24.4", - "bom-ref": "@babel/generator@7.24.4", - "author": "The Babel Team", - "description": "Turns an AST into code.", + "name": "istanbul-lib-coverage", + "group": "@types", + "version": "2.0.6", + "bom-ref": "@types/istanbul-lib-coverage@2.0.6", + "description": "TypeScript definitions for istanbul-lib-coverage", "licenses": [ { "license": { @@ -101767,30 +107736,30 @@ } } ], - "purl": "pkg:npm/%40babel/generator@7.24.4#packages/babel-generator", + "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6#types/istanbul-lib-coverage", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-generator", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-coverage", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://babel.dev/docs/en/next/babel-generator", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-coverage", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20generator%22+is%3Aopen", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", + "url": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5ddebebfa4a78d6571fe7bacfb2d25d6cc4c39338c064c8be3e04875b00bc9ab509c07bf49156300d7833d2098697fa2d62266b8648a7f767e13e57fbdad47bf" + "content": "d9017fb7f6ae5a6d25b32f17b4a54f1b5f6fdec48e42525efd81d981f8dbfca0411ce19257e276abf4baef5adcabdb9306b2c05e6669a8989a41b313fb3354d7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101799,49 +107768,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/generator" + "value": "node_modules/@types/istanbul-lib-coverage" } ] }, { "type": "library", - "name": "plugin-syntax-typescript", - "group": "@babel", - "version": "7.24.1", - "bom-ref": "@babel/plugin-syntax-typescript@7.24.1", - "author": "The Babel Team", - "description": "Allow parsing of TypeScript syntax", + "name": "babel-plugin-istanbul", + "version": "6.1.1", + "bom-ref": "babel-plugin-istanbul@6.1.1", + "author": "Thai Pangsakulyanont @dtinth", + "description": "A babel plugin that adds istanbul instrumentation to ES6 code", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.24.1#packages/babel-plugin-syntax-typescript", + "purl": "pkg:npm/babel-plugin-istanbul@6.1.1", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-typescript", + "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-typescript", + "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz", + "url": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6219e6bf2e476449c752dcba8befa071f1f5fe5ebc0079c8b451e7682bfa867f5d361d2142fbd026cc698b804c0453790cb78706eb9c4ffd038335e27ff3b247" + "content": "635210a24f7cdb5702f689c2c79a2d8057d19bb2e6f88fb0c313b1ef7f0cfd62cf67d438da6e081b95b414d5fc58b2f6818319a37264b97207d833a958cfaac0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101850,18 +107818,119 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-typescript" + "value": "node_modules/babel-plugin-istanbul" + } + ], + "components": [ + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/semver" + } + ] } ] }, { "type": "library", - "name": "traverse", - "group": "@babel", - "version": "7.24.1", - "bom-ref": "@babel/traverse@7.24.1", - "author": "The Babel Team", - "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes", + "name": "fast-json-stable-stringify", + "version": "2.1.0", + "bom-ref": "fast-json-stable-stringify@2.1.0", + "author": "James Halliday", + "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify", "licenses": [ { "license": { @@ -101869,30 +107938,30 @@ } } ], - "purl": "pkg:npm/%40babel/traverse@7.24.1#packages/babel-traverse", + "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-traverse", + "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-traverse", + "url": "https://github.com/epoberezkin/fast-json-stable-stringify", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20traverse%22+is%3Aopen", + "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", + "url": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c6e53aa3d9baf0a7aa65b42e0edd9370a4b1530fe6aecbdabe512a43595e67f07e0bdb64e84e2c456cbded669782fab913e9d4ddc5ccc6fdd628e09a9d530299" + "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101901,49 +107970,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/traverse" + "value": "node_modules/fast-json-stable-stringify" } ] }, { "type": "library", - "name": "types", - "group": "@babel", - "version": "7.24.0", - "bom-ref": "@babel/types@7.24.0", - "author": "The Babel Team", - "description": "Babel Types is a Lodash-esque utility library for AST nodes", + "name": "write-file-atomic", + "version": "4.0.2", + "bom-ref": "write-file-atomic@4.0.2", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40babel/types@7.24.0#packages/babel-types", + "purl": "pkg:npm/write-file-atomic@4.0.2", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-types", + "url": "git+https://github.com/npm/write-file-atomic.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-types", + "url": "https://github.com/npm/write-file-atomic", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20types%22+is%3Aopen", + "url": "https://github.com/npm/write-file-atomic/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", + "url": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fa3edae5cdb9dd17ca87c880041872c1cf0d49f3f92d445eed4878aa9b21ea373e68b260baf98850176349d10c42fd9b10dac247931f45d8c6a3bbf34bfa1bef" + "content": "ecac5ab947419927569e6a5a18583ea69363285f2e34baf2f0bcb38dab900ce54e35f14b34aacabd03b167f56e4c8712fe081efd835a85fe512084164d26ab96" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -101952,17 +108020,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/types" + "value": "node_modules/write-file-atomic" } ] }, { "type": "library", - "name": "babel__traverse", - "group": "@types", - "version": "7.20.5", - "bom-ref": "@types/babel__traverse@7.20.5", - "description": "TypeScript definitions for @babel/traverse", + "name": "execa", + "version": "5.1.1", + "bom-ref": "execa@5.1.1", + "author": "Sindre Sorhus", + "description": "Process execution for humans", "licenses": [ { "license": { @@ -101970,30 +108038,30 @@ } } ], - "purl": "pkg:npm/%40types/babel__traverse@7.20.5#types/babel__traverse", + "purl": "pkg:npm/execa@5.1.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__traverse", + "url": "git+https://github.com/sindresorhus/execa.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse", + "url": "https://github.com/sindresorhus/execa#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/sindresorhus/execa/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.5.tgz", + "url": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5970b239c46d1f7ec70149295e151db9ac5d9bcd9be064a5c93a9a8d7be237811f8ae3e0358475d3dc4c08abe997accf229b9ad031a53040c2abe83c11da2179" + "content": "f2e4a9659a1c01944100f20420d263dcba3d1f21a2b6595ccdcdbb121e586288e3305327f321cc0cc6941c4d89a9fab4e43ff0b9cc08e091944725edd6f721ca" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102002,17 +108070,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/babel__traverse" + "value": "node_modules/execa" } ] }, { "type": "library", - "name": "prettier", - "group": "@types", - "version": "2.7.3", - "bom-ref": "@types/prettier@2.7.3", - "description": "TypeScript definitions for prettier", + "name": "p-limit", + "version": "3.1.0", + "bom-ref": "p-limit@3.1.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", "licenses": [ { "license": { @@ -102020,30 +108088,30 @@ } } ], - "purl": "pkg:npm/%40types/prettier@2.7.3#types/prettier", + "purl": "pkg:npm/p-limit@3.1.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prettier", + "url": "git+https://github.com/sindresorhus/p-limit.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prettier", + "url": "https://github.com/sindresorhus/p-limit#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/sindresorhus/p-limit/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", + "url": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fbaf243fdcb3b382cca7b54d87c81dccc48f6452f8e0c2c6aa21d6bedb5825efbaaa7b95af8124f70481428bdea98febf8bc2309c536f643559227708a6fa460" + "content": "4d839a9ccdf01b0346b193767154d83c0af0e39e319d78f9aa6585d5b12801ce3e714fe897b19587ba1d7af8e9d4534776e1dcdca64c70576ec54e5773ab8945" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102052,17 +108120,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/prettier" + "value": "node_modules/p-limit" } ] }, { "type": "library", - "name": "babel-preset-current-node-syntax", - "version": "1.0.1", - "bom-ref": "babel-preset-current-node-syntax@1.0.1", - "author": "Nicolò Ribaudo", - "description": "A Babel preset that enables parsing of proposals supported by the current Node.js version.", + "name": "co", + "version": "4.6.0", + "bom-ref": "co@4.6.0", + "description": "generator async control flow goodness", "licenses": [ { "license": { @@ -102070,30 +108137,30 @@ } } ], - "purl": "pkg:npm/babel-preset-current-node-syntax@1.0.1", + "purl": "pkg:npm/co@4.6.0", "externalReferences": [ { - "url": "git+https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax.git", + "url": "git+https://github.com/tj/co.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax#readme", + "url": "https://github.com/tj/co#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax/issues", + "url": "https://github.com/tj/co/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "url": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "33b2d0d1bc5aae4c50a0dfafcf96893ec2c19fbee7f10813166a3c58ad3fe386ae2b6c65097ad8714c47171814eea5b9633c3f0a398b44adae27368277b2efa9" + "content": "4156f474ce47bc6fae6b18ad9bcc0e365ee396dc7c76a85f537dc372ab4e65c2d25482920c32c38bbfb42db00a8b223c843f6ee369b66315d290c1964e169e71" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102102,17 +108169,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/babel-preset-current-node-syntax" + "value": "node_modules/co" } ] }, { "type": "library", - "name": "natural-compare", - "version": "1.4.0", - "bom-ref": "natural-compare@1.4.0", - "author": "Lauri Rooden", - "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.", + "name": "is-generator-fn", + "version": "2.1.0", + "bom-ref": "is-generator-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if something is a generator function", "licenses": [ { "license": { @@ -102120,30 +108187,30 @@ } } ], - "purl": "pkg:npm/natural-compare@1.4.0", + "purl": "pkg:npm/is-generator-fn@2.1.0", "externalReferences": [ { - "url": "git://github.com/litejs/natural-compare-lite.git", + "url": "git+https://github.com/sindresorhus/is-generator-fn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/litejs/natural-compare-lite#readme", + "url": "https://github.com/sindresorhus/is-generator-fn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/litejs/natural-compare-lite/issues", + "url": "https://github.com/sindresorhus/is-generator-fn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "url": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "396343f1e8b756d342f61ed5eb4a9f7f7495a1b1ebf7de824f0831b9b832418129836f7487d2746eec8408d3497b19059b9b0e6a38791b5d7a45803573c64c4b" + "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102152,17 +108219,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/natural-compare" + "value": "node_modules/is-generator-fn" } ] }, { "type": "library", - "name": "leven", - "version": "3.1.0", - "bom-ref": "leven@3.1.0", - "author": "Sindre Sorhus", - "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm", + "name": "stack-utils", + "version": "2.0.6", + "bom-ref": "stack-utils@2.0.6", + "author": "James Talmage", + "description": "Captures and cleans stack traces", "licenses": [ { "license": { @@ -102170,30 +108237,30 @@ } } ], - "purl": "pkg:npm/leven@3.1.0", + "purl": "pkg:npm/stack-utils@2.0.6", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/leven.git", + "url": "git+https://github.com/tapjs/stack-utils.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/leven#readme", + "url": "https://github.com/tapjs/stack-utils#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/leven/issues", + "url": "https://github.com/tapjs/stack-utils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "url": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4" + "content": "5e5916bdf226e919ac5ad349c7ebaab4a2d2f1ea856f1520d19ccb5ea63471a132f65ee1aee5fc2298839e3b0b6afa0182a08247bd53a963bc31a5d885e27745" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102202,16 +108269,69 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/leven" + "value": "node_modules/stack-utils" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "2.0.0", + "bom-ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "529cdc2c25e895459c36ee47b5530761d5c98c0ae3b05f42d1a367aae658638b96fd5bb49a2cb96285af6d5df8e476ae56f700527a51ba130c72a4dc18e636fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils/node_modules/escape-string-regexp" + } + ] } ] }, { "type": "library", - "name": "react-is", - "version": "18.2.0", - "bom-ref": "react-is@18.2.0", - "description": "Brand checking of React Elements.", + "name": "parse-json", + "version": "5.2.0", + "bom-ref": "parse-json@5.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", "licenses": [ { "license": { @@ -102219,30 +108339,30 @@ } } ], - "purl": "pkg:npm/react-is@18.2.0#packages/react-is", + "purl": "pkg:npm/parse-json@5.2.0", "externalReferences": [ { - "url": "git+https://github.com/facebook/react.git#packages/react-is", + "url": "git+https://github.com/sindresorhus/parse-json.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://reactjs.org/", + "url": "https://github.com/sindresorhus/parse-json#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/react/issues", + "url": "https://github.com/sindresorhus/parse-json/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", + "url": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c56183216eb1f76d71b733e486250bb6d8491e826f05b177ab6e9fce5a0f08ad21b2fc6d3d57a5bdfb70df38db1d64a4476926f59fb8bb16c30caffa670f41f3" + "content": "6b208abe6fe98421b13a461148233cda20f072df3f1289d2120092c56c43eef7ba8c7820b059787d955004f44d810a0a8ae57fa1d845ac6cd05d9c1b89f0bc46" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102251,48 +108371,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/react-is" + "value": "node_modules/parse-json" } ] }, { "type": "library", - "name": "rimraf", - "version": "3.0.2", - "bom-ref": "rimraf@3.0.2", - "author": "Isaac Z. Schlueter", - "description": "A deep deletion module for node (like `rm -rf`)", + "name": "strip-json-comments", + "version": "3.1.1", + "bom-ref": "strip-json-comments@3.1.1", + "author": "Sindre Sorhus", + "description": "Strip comments from JSON. Lets you use comments in your JSON files!", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/rimraf@3.0.2", + "purl": "pkg:npm/strip-json-comments@3.1.1", "externalReferences": [ { - "url": "git://github.com/isaacs/rimraf.git", + "url": "git+https://github.com/sindresorhus/strip-json-comments.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/rimraf#readme", + "url": "https://github.com/sindresorhus/strip-json-comments#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/rimraf/issues", + "url": "https://github.com/sindresorhus/strip-json-comments/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "url": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "25990931990018514f3f662a5d95cf6cc94c060b31cc4f082ece253085ffda8d0bf54070f4efd8de8eb0170fe2f582daa5c5095b0a9b8b791dc483dd0bad9320" + "content": "e9f3dcf91e22870a8fe8dfda22fd9fd60307f25395b56407a2a0b8c8aea8483555a1cba602c7c2aa39179ea89832198cc12fe61072e9ed57a196ddea97a9448a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102301,17 +108421,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/rimraf" + "value": "node_modules/strip-json-comments" } ] }, { "type": "library", - "name": "istanbul-reports", + "name": "graceful-fs", "group": "@types", - "version": "3.0.4", - "bom-ref": "@types/istanbul-reports@3.0.4", - "description": "TypeScript definitions for istanbul-reports", + "version": "4.1.9", + "bom-ref": "@types/graceful-fs@4.1.9", + "description": "TypeScript definitions for graceful-fs", "licenses": [ { "license": { @@ -102319,15 +108439,15 @@ } } ], - "purl": "pkg:npm/%40types/istanbul-reports@3.0.4#types/istanbul-reports", + "purl": "pkg:npm/%40types/graceful-fs@4.1.9#types/graceful-fs", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-reports", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/graceful-fs", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-reports", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/graceful-fs", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, @@ -102337,12 +108457,12 @@ "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "url": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a64d81d4d59a945f6da0246eea08c1cd1ebdb321633f839df164405fed2699ff6502309189c2ce59cf99af1647c7fd17463a2d82417db7a89a309f9a5dc39d65" + "content": "a253f7b1dd6a3847b97574d2685bd01bed3655d45771dcad58b019b00ab53de714f2ea9002192b9db962ec36a08ed5ca5bf065ed825b52c6bc30f72e73c2c711" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102351,48 +108471,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/istanbul-reports" + "value": "node_modules/@types/graceful-fs" } ] }, { "type": "library", - "name": "yargs", - "group": "@types", - "version": "17.0.32", - "bom-ref": "@types/yargs@17.0.32", - "description": "TypeScript definitions for yargs", + "name": "anymatch", + "version": "3.1.3", + "bom-ref": "anymatch@3.1.3", + "author": "Elan Shanker", + "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40types/yargs@17.0.32#types/yargs", + "purl": "pkg:npm/anymatch@3.1.3", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs", + "url": "git+https://github.com/micromatch/anymatch.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs", + "url": "https://github.com/micromatch/anymatch", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/micromatch/anymatch/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", + "url": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c50ebb61cfe568e1b9b8c7d7ff4f77311946182201cd931aad56be81f34a271580220ca462954690175ba84cc60c37c2ad5523e8789f7f8993679040e93980a2" + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102401,48 +108521,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/yargs" + "value": "node_modules/anymatch" } ] }, { "type": "library", - "name": "import-local", - "version": "3.1.0", - "bom-ref": "import-local@3.1.0", - "author": "Sindre Sorhus", - "description": "Let a globally installed package use a locally installed version of itself if available", + "name": "fb-watchman", + "version": "2.0.2", + "bom-ref": "fb-watchman@2.0.2", + "author": "Wez Furlong", + "description": "Bindings for the Watchman file watching service", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/import-local@3.1.0", + "purl": "pkg:npm/fb-watchman@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/import-local.git", + "url": "git+ssh://git@github.com/facebook/watchman.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/import-local#readme", + "url": "https://facebook.github.io/watchman/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/import-local/issues", + "url": "https://github.com/facebook/watchman/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "url": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "012074eee2ed9c3b35a3a1078caa57df804a6034aa9c57ab7d33892f61ef32a17bd0b9f1a639330c1f09e38a13f69bb800c3e44307fc8e5eacce0bcd776b5122" + "content": "a79d7ad41a9bb826929c1f2321bcd01ce96982c3e62b9ac95437c328ef75031b39342d6ebb71d1426eb0b7d71df7ff86b504083b9dc97465d7a320e94c0b2060" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102451,17 +108571,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/import-local" + "value": "node_modules/fb-watchman" } ] }, { "type": "library", - "name": "prompts", - "version": "2.4.2", - "bom-ref": "prompts@2.4.2", - "author": "Terkel Gjervig", - "description": "Lightweight, beautiful and user-friendly prompts", + "name": "fsevents", + "version": "2.3.3", + "bom-ref": "fsevents@2.3.3", + "description": "Native Access to MacOS FSEvents", + "scope": "optional", "licenses": [ { "license": { @@ -102469,30 +108589,30 @@ } } ], - "purl": "pkg:npm/prompts@2.4.2", + "purl": "pkg:npm/fsevents@2.3.3", "externalReferences": [ { - "url": "git+https://github.com/terkelg/prompts.git", + "url": "git+https://github.com/fsevents/fsevents.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/terkelg/prompts#readme", + "url": "https://github.com/fsevents/fsevents", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/terkelg/prompts/issues", + "url": "https://github.com/fsevents/fsevents/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "url": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "37136ffe42e0b8203ba778c4f282f668406cac95a001a901a609a02ba9693d657e5ae3a663aaf6ff36c05673fe4fc6d0940d27cc75d2252256d07abbca5683d9" + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102501,48 +108621,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/prompts" + "value": "node_modules/fsevents" } ] }, { "type": "library", - "name": "kleur", - "version": "3.0.3", - "bom-ref": "kleur@3.0.3", - "author": "Luke Edwards", - "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!", + "name": "walker", + "version": "1.0.8", + "bom-ref": "walker@1.0.8", + "author": "Naitik Shah", + "description": "A simple directory tree walker.", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/kleur@3.0.3", + "purl": "pkg:npm/walker@1.0.8", "externalReferences": [ { - "url": "git+https://github.com/lukeed/kleur.git", + "url": "git+https://github.com/daaku/nodejs-walker.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/lukeed/kleur#readme", + "url": "https://github.com/daaku/nodejs-walker", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lukeed/kleur/issues", + "url": "https://github.com/daaku/nodejs-walker/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "url": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3" + "content": "b6cffc13c9796fb918d2f9562dec0e9035cc98f74b7155781a63902f2c6e4acc0826cc1e78566d02c305ee4d4db33cfe4d8050ae56119b33a7af7f7ccb525e99" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102551,17 +108671,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/kleur" + "value": "node_modules/walker" } ] }, { "type": "library", - "name": "sisteransi", - "version": "1.0.5", - "bom-ref": "sisteransi@1.0.5", - "author": "Terkel Gjervig", - "description": "ANSI escape codes for some terminal swag", + "name": "code-frame", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/code-frame@7.24.2", + "author": "The Babel Team", + "description": "Generate errors that contain a code frame that point to source locations.", "licenses": [ { "license": { @@ -102569,30 +108690,30 @@ } } ], - "purl": "pkg:npm/sisteransi@1.0.5", + "purl": "pkg:npm/%40babel/code-frame@7.24.2#packages/babel-code-frame", "externalReferences": [ { - "url": "git+https://github.com/terkelg/sisteransi.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/terkelg/sisteransi#readme", + "url": "https://babel.dev/docs/en/next/babel-code-frame", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/terkelg/sisteransi/issues", + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56" + "content": "cb9fad2d0c95f298377ec8a59faec154b0f53f5dc4838961e515bd985d3352ebcbaeff6e210e0c08bf82453f854ec0650637086a7e8f1ac2dc04dd26dc2954c9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102601,16 +108722,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sisteransi" + "value": "node_modules/@babel/code-frame" } ] }, { "type": "library", - "name": "yargs", - "version": "17.7.2", - "bom-ref": "yargs@17.7.2", - "description": "yargs the modern, pirate-themed, successor to optimist.", + "name": "stack-utils", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/stack-utils@2.0.3", + "description": "TypeScript definitions for stack-utils", "licenses": [ { "license": { @@ -102618,30 +108740,30 @@ } } ], - "purl": "pkg:npm/yargs@17.7.2", + "purl": "pkg:npm/%40types/stack-utils@2.0.3#types/stack-utils", "externalReferences": [ { - "url": "git+https://github.com/yargs/yargs.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/stack-utils", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://yargs.js.org/", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/stack-utils", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/yargs/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "url": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "edd4b3cd143ef822a7348fe4aca9d8455ec928a3d45cc121eb5b286872a0f66ad6121cc55a1167c4fc4697eebd703d4ebbadc2d773543c29e621caefa82b8ceb" + "content": "f5a11b619dd36d83339cf75c76bdd2988acb5f00bf00a65741e09ff4f81aa3908a6fc0b21ee117e63cd63d392fade82f85124772944ee81168196f7271a3a463" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102650,17 +108772,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yargs" + "value": "node_modules/@types/stack-utils" } ] }, { "type": "library", - "name": "json-diff", - "version": "0.9.1", - "bom-ref": "json-diff@0.9.1", - "author": "Andrey Tarantsov", - "description": "JSON diff", + "name": "jest-pnp-resolver", + "version": "1.2.3", + "bom-ref": "jest-pnp-resolver@1.2.3", + "description": "plug'n'play resolver for Webpack", "licenses": [ { "license": { @@ -102668,30 +108789,30 @@ } } ], - "purl": "pkg:npm/json-diff@0.9.1", + "purl": "pkg:npm/jest-pnp-resolver@1.2.3", "externalReferences": [ { - "url": "git+ssh://git@github.com/andreyvit/json-diff.git", + "url": "git+https://github.com/arcanis/jest-pnp-resolver.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/andreyvit/json-diff", + "url": "https://github.com/arcanis/jest-pnp-resolver", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/andreyvit/json-diff/issues", + "url": "https://github.com/arcanis/jest-pnp-resolver/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-diff/-/json-diff-0.9.1.tgz", + "url": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "67778c83a91b55306bde0fc8a6617acf6f322f6b2a8b89242252560d04add1ab905b6cb4405bb746648a8b3be3f3cd04fc453235a9ef598de88bf4f967b640d6" + "content": "fb7369c10127468201b71e1fca16e54033e0248d07d48108917ed284b5233c603b4ed513bc8d6888a8b7491e28051d21421411f349785807b946b5c1c16300f3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102700,48 +108821,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-diff" + "value": "node_modules/jest-pnp-resolver" } ] }, { "type": "library", - "name": "cli-color", - "version": "2.0.4", - "bom-ref": "cli-color@2.0.4", - "author": "Mariusz Nowak", - "description": "Colors, formatting and other tools for the console", + "name": "detect-newline", + "version": "3.1.0", + "bom-ref": "detect-newline@3.1.0", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/cli-color@2.0.4", + "purl": "pkg:npm/detect-newline@3.1.0", "externalReferences": [ { - "url": "git+https://github.com/medikoo/cli-color.git", + "url": "git+https://github.com/sindresorhus/detect-newline.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/cli-color#readme", + "url": "https://github.com/sindresorhus/detect-newline#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/cli-color/issues", + "url": "https://github.com/sindresorhus/detect-newline/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cli-color/-/cli-color-2.0.4.tgz", + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ce59e98348cd7226cdaceec61bd21e1c7ee669615e0b3f896b5c31ffbb59354e4049249267efea65c88cd3f2c7098c5276abf9876b1d6d0fcf5d874eb9eb57bc" + "content": "4cbcfec7fbc45e6fd8ecfef09f510914d2f1629503e1380ca2cc58e9f0152549c931bba91c13a7731c96506f4ea53687f44043eee148e4b7c482630e739e03b0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102750,48 +108871,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cli-color" + "value": "node_modules/detect-newline" } ] }, { "type": "library", - "name": "d", - "version": "1.0.2", - "bom-ref": "d@1.0.2", - "author": "Mariusz Nowak", - "description": "Property descriptor factory", + "name": "source-map-support", + "version": "0.5.13", + "bom-ref": "source-map-support@0.5.13", + "description": "Fixes stack traces for files with source maps", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/d@1.0.2", + "purl": "pkg:npm/source-map-support@0.5.13", "externalReferences": [ { - "url": "git+https://github.com/medikoo/d.git", + "url": "git+https://github.com/evanw/node-source-map-support.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/d#readme", + "url": "https://github.com/evanw/node-source-map-support#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/d/issues", + "url": "https://github.com/evanw/node-source-map-support/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/d/-/d-1.0.2.tgz", + "url": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "30ea87bcc585f7ff4c5fa9f36b42a0bc51f81e9314d04179b940d7a97fc1b71b54f0d7c1d10cd1b49f0e7bfe92b92e246e1cb3549c2377dec40383caaf327c6f" + "content": "48748a14769d8d5039a11e0f3ea86d01575c056c1161577a83a7005e721b4622307361213eb4ee29405d48bbe510ac883f71827fcf5f96dbdc6623fd30c140d7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102800,48 +108920,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/d" + "value": "node_modules/source-map-support" } ] }, { "type": "library", - "name": "es5-ext", - "version": "0.10.64", - "bom-ref": "es5-ext@0.10.64", - "author": "Mariusz Nowak", - "description": "ECMAScript extensions and shims", + "name": "type-detect", + "version": "4.0.8", + "bom-ref": "type-detect@4.0.8", + "author": "Jake Luer", + "description": "Improved typeof detection for node.js and the browser.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/es5-ext@0.10.64", + "purl": "pkg:npm/type-detect@4.0.8", "externalReferences": [ { - "url": "git+https://github.com/medikoo/es5-ext.git", + "url": "git+ssh://git@github.com/chaijs/type-detect.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/es5-ext#readme", + "url": "https://github.com/chaijs/type-detect#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/es5-ext/issues", + "url": "https://github.com/chaijs/type-detect/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.64.tgz", + "url": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a76b270e188b6977ba75a86cb352dd771a849be4a4b83bd5f1d9c8406d0c5a3c87a5c30d7d728f13efc2734cbe3e1c495f7038c4635e1428f9a1cd01521e9d7a" + "content": "d1faff9881f57653bec7b4e570ccbe6c80ea28fb30ffbd2d5727875bbf3b828423866a9a65ed74bb02ee8ee6caf6af4b83a162868d4a50a0d8cf467b93b839fe" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102850,48 +108970,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/es5-ext" + "value": "node_modules/type-detect" } ] }, { "type": "library", - "name": "type", - "version": "2.7.2", - "bom-ref": "type@2.7.2", - "author": "Mariusz Nowak", - "description": "Runtime validation and processing of JavaScript types", + "name": "callsites", + "version": "3.1.0", + "bom-ref": "callsites@3.1.0", + "author": "Sindre Sorhus", + "description": "Get callsites from the V8 stack trace API", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/type@2.7.2", + "purl": "pkg:npm/callsites@3.1.0", "externalReferences": [ { - "url": "git+https://github.com/medikoo/type.git", + "url": "git+https://github.com/sindresorhus/callsites.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/type#readme", + "url": "https://github.com/sindresorhus/callsites#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/type/issues", + "url": "https://github.com/sindresorhus/callsites/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/type/-/type-2.7.2.tgz", + "url": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "77396f94d96de805d4ec40527e902c732750ee05c1fa93c6b0f9df26766988d2410e3ec8689cd094165819d122e11f4798f741bf65e6589e9852da136bb9660b" + "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102900,17 +109020,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/type" + "value": "node_modules/callsites" } ] }, { "type": "library", - "name": "es6-iterator", - "version": "2.0.3", - "bom-ref": "es6-iterator@2.0.3", - "author": "Mariusz Nowak", - "description": "Iterator abstraction based on ES6 specification", + "name": "cjs-module-lexer", + "version": "1.2.3", + "bom-ref": "cjs-module-lexer@1.2.3", + "author": "Guy Bedford", + "description": "Lexes CommonJS modules, returning their named exports metadata", "licenses": [ { "license": { @@ -102918,30 +109038,30 @@ } } ], - "purl": "pkg:npm/es6-iterator@2.0.3", + "purl": "pkg:npm/cjs-module-lexer@1.2.3", "externalReferences": [ { - "url": "git://github.com/medikoo/es6-iterator.git", + "url": "git+https://github.com/nodejs/cjs-module-lexer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/es6-iterator#readme", + "url": "https://github.com/nodejs/cjs-module-lexer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/es6-iterator/issues", + "url": "https://github.com/nodejs/cjs-module-lexer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", + "url": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cf0e12473a1491df9c97e668135e40f68d6841df76d016f488e24c4244219778cd734dd8a958c0846eec71ff42e4a59153f475dceadfe7cf2e082eb9db9a34da" + "content": "d133621acb5b426085c2de1a9238c1839a4b4534b28ff3e4590d59a0edb39ed9a0f722ea491c7011ae2209f40b1a3aa18aa05f3896bb5bf13cc1f1ab4c39a565" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -102950,48 +109070,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/es6-iterator" + "value": "node_modules/cjs-module-lexer" } ] }, { "type": "library", - "name": "es6-symbol", - "version": "3.1.4", - "bom-ref": "es6-symbol@3.1.4", - "author": "Mariusz Nowak", - "description": "ECMAScript 6 Symbol polyfill", + "name": "strip-bom", + "version": "4.0.0", + "bom-ref": "strip-bom@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/es6-symbol@3.1.4", + "purl": "pkg:npm/strip-bom@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/medikoo/es6-symbol.git", + "url": "git+https://github.com/sindresorhus/strip-bom.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/es6-symbol#readme", + "url": "https://github.com/sindresorhus/strip-bom#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/es6-symbol/issues", + "url": "https://github.com/sindresorhus/strip-bom/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.4.tgz", + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "53d6c51635fcb458804e0b64275ce0db9f8abe2217a6046f4474bcb1abb719f855cd385142b39e92c3de4f40565b630d66cd4e1162750cf5ce40c9f428a464be" + "content": "df1bab16fe6d1208a2df7662f09b69e79c042082d1f5e877e05016d343d97fe2674ac4e657f8a87b04a0425f7b247be08e8446c0f4a1b169be21daf1077e5dd3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103000,48 +109120,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/es6-symbol" + "value": "node_modules/strip-bom" } ] }, { "type": "library", - "name": "ext", - "version": "1.7.0", - "bom-ref": "ext@1.7.0", - "author": "Mariusz Nowak", - "description": "JavaScript utilities with respect to emerging standard", + "name": "generator", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/generator@7.24.4", + "author": "The Babel Team", + "description": "Turns an AST into code.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/ext@1.7.0#ext", + "purl": "pkg:npm/%40babel/generator@7.24.4#packages/babel-generator", "externalReferences": [ { - "url": "git+https://github.com/medikoo/es5-ext.git#ext", + "url": "git+https://github.com/babel/babel.git#packages/babel-generator", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/medikoo/es5-ext/tree/ext#readme", + "url": "https://babel.dev/docs/en/next/babel-generator", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/es5-ext/issues", + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20generator%22+is%3Aopen", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", + "url": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ea1c5e25868bd75d1af5be531094a3d20a23c87400980d9c8793acfb2482880d5019d4baf7b5d6635a73b2b4a3a80f4b0c4120741fcaca9225479f5170bb8763" + "content": "5ddebebfa4a78d6571fe7bacfb2d25d6cc4c39338c064c8be3e04875b00bc9ab509c07bf49156300d7833d2098697fa2d62266b8648a7f767e13e57fbdad47bf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103050,48 +109171,101 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ext" + "value": "node_modules/@babel/generator" + } + ], + "components": [ + { + "type": "library", + "name": "jsesc", + "version": "2.5.2", + "bom-ref": "@babel/generator@7.24.4|jsesc@2.5.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator/node_modules/jsesc" + } + ] } ] }, { "type": "library", - "name": "esniff", - "version": "2.0.1", - "bom-ref": "esniff@2.0.1", - "author": "Mariusz Nowak", - "description": "Low footprint ECMAScript source code parser", + "name": "plugin-syntax-typescript", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-typescript@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of TypeScript syntax", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/esniff@2.0.1", + "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.24.1#packages/babel-plugin-syntax-typescript", "externalReferences": [ { - "url": "git+https://github.com/medikoo/esniff.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-typescript", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/medikoo/esniff#readme", + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-typescript", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/esniff/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/esniff/-/esniff-2.0.1.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "91350818a43f9833c5a09d2855f726c899f88810d1a6d8cd548cf020547bb6a59775523dc5f03644cc18fe06d2a491b79647563448cb6a9fcda951d9889b1d7e" + "content": "6219e6bf2e476449c752dcba8befa071f1f5fe5ebc0079c8b451e7682bfa867f5d361d2142fbd026cc698b804c0453790cb78706eb9c4ffd038335e27ff3b247" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103100,17 +109274,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/esniff" + "value": "node_modules/@babel/plugin-syntax-typescript" } ] }, { "type": "library", - "name": "event-emitter", - "version": "0.3.5", - "bom-ref": "event-emitter@0.3.5", - "author": "Mariusz Nowak", - "description": "Environment agnostic event emitter", + "name": "traverse", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/traverse@7.24.1", + "author": "The Babel Team", + "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes", "licenses": [ { "license": { @@ -103118,30 +109293,30 @@ } } ], - "purl": "pkg:npm/event-emitter@0.3.5", + "purl": "pkg:npm/%40babel/traverse@7.24.1#packages/babel-traverse", "externalReferences": [ { - "url": "git://github.com/medikoo/event-emitter.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-traverse", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/medikoo/event-emitter#readme", + "url": "https://babel.dev/docs/en/next/babel-traverse", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/event-emitter/issues", + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20traverse%22+is%3Aopen", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz", + "url": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0fdad19fdcbb90b3e727e84cabb4bf9e1be82b0c2f5496a1062d813e6c776ef6ec11d2b75bd8a2f1c0521a33feef6fcb9cce27e9fa37f9d9025f915e4d0aee5c" + "content": "c6e53aa3d9baf0a7aa65b42e0edd9370a4b1530fe6aecbdabe512a43595e67f07e0bdb64e84e2c456cbded669782fab913e9d4ddc5ccc6fdd628e09a9d530299" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103150,48 +109325,101 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/event-emitter" + "value": "node_modules/@babel/traverse" + } + ], + "components": [ + { + "type": "library", + "name": "globals", + "version": "11.12.0", + "bom-ref": "@babel/traverse@7.24.1|globals@11.12.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@11.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse/node_modules/globals" + } + ] } ] }, { "type": "library", - "name": "next-tick", - "version": "1.1.0", - "bom-ref": "next-tick@1.1.0", - "author": "Mariusz Nowak", - "description": "Environment agnostic nextTick polyfill", + "name": "types", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/types@7.24.0", + "author": "The Babel Team", + "description": "Babel Types is a Lodash-esque utility library for AST nodes", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/next-tick@1.1.0", + "purl": "pkg:npm/%40babel/types@7.24.0#packages/babel-types", "externalReferences": [ { - "url": "git://github.com/medikoo/next-tick.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-types", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/medikoo/next-tick#readme", + "url": "https://babel.dev/docs/en/next/babel-types", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/next-tick/issues", + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20types%22+is%3Aopen", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", + "url": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0977548897a66ec363b93a10bf16b23d917d56a86dee17b0b2fcb6b0e59a7cbbe2d9ac1f963f66382e9b1c8839d28ad7f0826f58a63dc1843fcc1da4a203ec95" + "content": "fa3edae5cdb9dd17ca87c880041872c1cf0d49f3f92d445eed4878aa9b21ea373e68b260baf98850176349d10c42fd9b10dac247931f45d8c6a3bbf34bfa1bef" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103200,48 +109428,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/next-tick" + "value": "node_modules/@babel/types" } ] }, { "type": "library", - "name": "memoizee", - "version": "0.4.15", - "bom-ref": "memoizee@0.4.15", - "author": "Mariusz Nowak", - "description": "Memoize/cache function results", + "name": "babel__traverse", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__traverse@7.20.5", + "description": "TypeScript definitions for @babel/traverse", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/memoizee@0.4.15", + "purl": "pkg:npm/%40types/babel__traverse@7.20.5#types/babel__traverse", "externalReferences": [ { - "url": "git://github.com/medikoo/memoizee.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__traverse", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/medikoo/memoizee#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/memoizee/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz", + "url": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5015a62692d97794933e6ecf31494ec3f4d2cbdef633ecfc81cc90e6f78e9d20d1444cffd1b9a9c937cab77ff9d4384406a099427d6e74cff97e57123d886475" + "content": "5970b239c46d1f7ec70149295e151db9ac5d9bcd9be064a5c93a9a8d7be237811f8ae3e0358475d3dc4c08abe997accf229b9ad031a53040c2abe83c11da2179" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103250,48 +109478,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/memoizee" + "value": "node_modules/@types/babel__traverse" } ] }, { "type": "library", - "name": "es6-weak-map", - "version": "2.0.3", - "bom-ref": "es6-weak-map@2.0.3", - "author": "Mariusz Nowak", - "description": "ECMAScript6 WeakMap polyfill", + "name": "prettier", + "group": "@types", + "version": "2.7.3", + "bom-ref": "@types/prettier@2.7.3", + "description": "TypeScript definitions for prettier", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/es6-weak-map@2.0.3", + "purl": "pkg:npm/%40types/prettier@2.7.3#types/prettier", "externalReferences": [ { - "url": "git://github.com/medikoo/es6-weak-map.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prettier", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/medikoo/es6-weak-map#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prettier", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/es6-weak-map/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz", + "url": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a79ba6df61ce4ced643fec3b3d19c1fb9950e3767a9aeb8cb8831f7ef0cdf1907819c9e32c157acc64ada5b01220c9380c202f11a6a685edb387209bfd05d7b0" + "content": "fbaf243fdcb3b382cca7b54d87c81dccc48f6452f8e0c2c6aa21d6bedb5825efbaaa7b95af8124f70481428bdea98febf8bc2309c536f643559227708a6fa460" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103300,17 +109528,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/es6-weak-map" + "value": "node_modules/@types/prettier" } ] }, { "type": "library", - "name": "is-promise", - "version": "2.2.2", - "bom-ref": "is-promise@2.2.2", - "author": "ForbesLindesay", - "description": "Test whether an object looks like a promises-a+ promise", + "name": "babel-preset-current-node-syntax", + "version": "1.0.1", + "bom-ref": "babel-preset-current-node-syntax@1.0.1", + "author": "Nicolò Ribaudo", + "description": "A Babel preset that enables parsing of proposals supported by the current Node.js version.", "licenses": [ { "license": { @@ -103318,30 +109546,30 @@ } } ], - "purl": "pkg:npm/is-promise@2.2.2", + "purl": "pkg:npm/babel-preset-current-node-syntax@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/then/is-promise.git", + "url": "git+https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/then/is-promise#readme", + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/then/is-promise/issues", + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", + "url": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fa53f8ffa94a5017d08d9da97714e166f2d401a7e665bf0e03115bf175ed890992df920d82bf3985d386a04b35db87b3d450a7649b7a8dabbf4fe6a5879f1015" + "content": "33b2d0d1bc5aae4c50a0dfafcf96893ec2c19fbee7f10813166a3c58ad3fe386ae2b6c65097ad8714c47171814eea5b9633c3f0a398b44adae27368277b2efa9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103350,17 +109578,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-promise" + "value": "node_modules/babel-preset-current-node-syntax" } ] }, { "type": "library", - "name": "lru-queue", - "version": "0.1.0", - "bom-ref": "lru-queue@0.1.0", - "author": "Mariusz Nowak", - "description": "LRU Queue", + "name": "natural-compare", + "version": "1.4.0", + "bom-ref": "natural-compare@1.4.0", + "author": "Lauri Rooden", + "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.", "licenses": [ { "license": { @@ -103368,30 +109596,30 @@ } } ], - "purl": "pkg:npm/lru-queue@0.1.0", + "purl": "pkg:npm/natural-compare@1.4.0", "externalReferences": [ { - "url": "git://github.com/medikoo/lru-queue.git", + "url": "git://github.com/litejs/natural-compare-lite.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/lru-queue#readme", + "url": "https://github.com/litejs/natural-compare-lite#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/lru-queue/issues", + "url": "https://github.com/litejs/natural-compare-lite/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz", + "url": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "06975892df44bc697c39f5870d03c8495a5c979c59b616fe5cfb1b10b8f90105f1202f08ae20d92106230493c49b9ad2e36d2c8d9d132c4cd172ae4a741858ad" + "content": "396343f1e8b756d342f61ed5eb4a9f7f7495a1b1ebf7de824f0831b9b832418129836f7487d2746eec8408d3497b19059b9b0e6a38791b5d7a45803573c64c4b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103400,48 +109628,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lru-queue" + "value": "node_modules/natural-compare" } ] }, { "type": "library", - "name": "timers-ext", - "version": "0.1.7", - "bom-ref": "timers-ext@0.1.7", - "author": "Mariusz Nowak", - "description": "Timers extensions", + "name": "leven", + "version": "3.1.0", + "bom-ref": "leven@3.1.0", + "author": "Sindre Sorhus", + "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/timers-ext@0.1.7", + "purl": "pkg:npm/leven@3.1.0", "externalReferences": [ { - "url": "git://github.com/medikoo/timers-ext.git", + "url": "git+https://github.com/sindresorhus/leven.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/medikoo/timers-ext#readme", + "url": "https://github.com/sindresorhus/leven#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/medikoo/timers-ext/issues", + "url": "https://github.com/sindresorhus/leven/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz", + "url": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6fce4d50dcd349da1d4a14c86e4cba645d367bc493b5555f0fe7eee1a5d74a11042e9a331fe6c2a492d830f65bb0004ddb00c7edf269a88a17c49a736dfd0da9" + "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103450,49 +109678,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/timers-ext" + "value": "node_modules/leven" } ] }, { "type": "library", - "name": "difflib", - "version": "0.2.4", - "bom-ref": "difflib@0.2.4", - "author": "Xueqiao Xu", - "description": "text diff library ported from Python's difflib module", + "name": "react-is", + "version": "18.2.0", + "bom-ref": "react-is@18.2.0", + "description": "Brand checking of React Elements.", "licenses": [ { "license": { - "name": "PSF", - "url": "http://docs.python.org/license.html" + "id": "MIT" } } ], - "purl": "pkg:npm/difflib@0.2.4", + "purl": "pkg:npm/react-is@18.2.0#packages/react-is", "externalReferences": [ { - "url": "git://github.com/qiao/difflib.js.git", + "url": "git+https://github.com/facebook/react.git#packages/react-is", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/qiao/difflib.js", + "url": "https://reactjs.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/qiao/difflib.js/issues", + "url": "https://github.com/facebook/react/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/difflib/-/difflib-0.2.4.tgz", + "url": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f5857098c6f4c101d036be49f66e814a3e9f938a5f1884c640e3acf83f4597e20d38358539fbe1214d6136fe86811d510680bff4d25cc2eefbcd2871574913ef" + "content": "c56183216eb1f76d71b733e486250bb6d8491e826f05b177ab6e9fce5a0f08ad21b2fc6d3d57a5bdfb70df38db1d64a4476926f59fb8bb16c30caffa670f41f3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103501,48 +109727,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/difflib" + "value": "node_modules/react-is" } ] }, { "type": "library", - "name": "heap", - "version": "0.2.7", - "bom-ref": "heap@0.2.7", - "author": "Xueqiao Xu", - "description": "binary heap (priority queue) algorithms (ported from Python's heapq module)", + "name": "rimraf", + "version": "3.0.2", + "bom-ref": "rimraf@3.0.2", + "author": "Isaac Z. Schlueter", + "description": "A deep deletion module for node (like `rm -rf`)", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/heap@0.2.7", + "purl": "pkg:npm/rimraf@3.0.2", "externalReferences": [ { - "url": "git://github.com/qiao/heap.js.git", + "url": "git://github.com/isaacs/rimraf.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/qiao/heap.js", + "url": "https://github.com/isaacs/rimraf#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/qiao/heap.js/issues", + "url": "https://github.com/isaacs/rimraf/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", + "url": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d9bb1e8189241cefa1ffd3066e7e8a59c138e5c1d980f00da392d717b12f59d4f4c93d8482e4953b59c3814e5cf3e64e3f0a76bcc35aed816c26155c0d1f5276" + "content": "25990931990018514f3f662a5d95cf6cc94c060b31cc4f082ece253085ffda8d0bf54070f4efd8de8eb0170fe2f582daa5c5095b0a9b8b791dc483dd0bad9320" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103551,41 +109777,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/heap" + "value": "node_modules/rimraf" } ] }, { "type": "library", - "name": "dreamopt", - "version": "0.8.0", - "bom-ref": "dreamopt@0.8.0", - "author": "Andrey Tarantsov", - "description": "Command-line parser with readable syntax from your sweetest dreams", - "purl": "pkg:npm/dreamopt@0.8.0", + "name": "istanbul-reports", + "group": "@types", + "version": "3.0.4", + "bom-ref": "@types/istanbul-reports@3.0.4", + "description": "TypeScript definitions for istanbul-reports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-reports@3.0.4#types/istanbul-reports", "externalReferences": [ { - "url": "git://github.com/andreyvit/dreamopt.js.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-reports", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/andreyvit/dreamopt.js", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-reports", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/andreyvit/dreamopt.js/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/dreamopt/-/dreamopt-0.8.0.tgz", + "url": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bf2253a7cfa60be1bee5d7e0b18fabddc931973f90317e345633d0b19739831540c4b9a2eb84c1a1590fe7803fa51017317b1bbb618c301ad93f136fdb7c1a32" + "content": "a64d81d4d59a945f6da0246eea08c1cd1ebdb321633f839df164405fed2699ff6502309189c2ce59cf99af1647c7fd17463a2d82417db7a89a309f9a5dc39d65" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103594,17 +109827,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/dreamopt" + "value": "node_modules/@types/istanbul-reports" } ] }, { "type": "library", - "name": "wordwrap", - "version": "1.0.0", - "bom-ref": "wordwrap@1.0.0", - "author": "James Halliday", - "description": "Wrap those words. Show them at what columns to start and stop.", + "name": "yargs", + "group": "@types", + "version": "17.0.32", + "bom-ref": "@types/yargs@17.0.32", + "description": "TypeScript definitions for yargs", "licenses": [ { "license": { @@ -103612,30 +109845,30 @@ } } ], - "purl": "pkg:npm/wordwrap@1.0.0", + "purl": "pkg:npm/%40types/yargs@17.0.32#types/yargs", "externalReferences": [ { - "url": "git://github.com/substack/node-wordwrap.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/substack/node-wordwrap#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/substack/node-wordwrap/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "url": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "82f57324594fc9c29ce5d64de323e43fcc3b0dcdfb06d3f5c9ccc49de39be2eab7e295d972faed45399657c5be5267be5c2c4a81b8ccfa77af93214f3326dde1" + "content": "c50ebb61cfe568e1b9b8c7d7ff4f77311946182201cd931aad56be81f34a271580220ca462954690175ba84cc60c37c2ad5523e8789f7f8993679040e93980a2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103644,17 +109877,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/wordwrap" + "value": "node_modules/@types/yargs" } ] }, { "type": "library", - "name": "jstoxml", - "version": "3.2.10", - "bom-ref": "jstoxml@3.2.10", - "author": "David Calhoun", - "description": "Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)", + "name": "import-local", + "version": "3.1.0", + "bom-ref": "import-local@3.1.0", + "author": "Sindre Sorhus", + "description": "Let a globally installed package use a locally installed version of itself if available", "licenses": [ { "license": { @@ -103662,30 +109895,30 @@ } } ], - "purl": "pkg:npm/jstoxml@3.2.10", + "purl": "pkg:npm/import-local@3.1.0", "externalReferences": [ { - "url": "git://github.com/davidcalhoun/jstoxml.git", + "url": "git+https://github.com/sindresorhus/import-local.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://github.com/davidcalhoun/jstoxml", + "url": "https://github.com/sindresorhus/import-local#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/davidcalhoun/jstoxml/issues", + "url": "https://github.com/sindresorhus/import-local/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jstoxml/-/jstoxml-3.2.10.tgz", + "url": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "735bf6085c4aae120f5abf9c3ab04e2569029646b945f5161b5d98d60ab2143e1dcca4e5c646ab9e2925c0e4ffeb047565f97ec76655223448411f431621b5ad" + "content": "012074eee2ed9c3b35a3a1078caa57df804a6034aa9c57ab7d33892f61ef32a17bd0b9f1a639330c1f09e38a13f69bb800c3e44307fc8e5eacce0bcd776b5122" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103694,17 +109927,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jstoxml" + "value": "node_modules/import-local" } ] }, { "type": "library", - "name": "pretty", - "version": "2.0.0", - "bom-ref": "pretty@2.0.0", - "author": "Jon Schlinkert", - "description": "Some tweaks for beautifying HTML with js-beautify according to my preferences.", + "name": "prompts", + "version": "2.4.2", + "bom-ref": "prompts@2.4.2", + "author": "Terkel Gjervig", + "description": "Lightweight, beautiful and user-friendly prompts", "licenses": [ { "license": { @@ -103712,30 +109945,30 @@ } } ], - "purl": "pkg:npm/pretty@2.0.0", + "purl": "pkg:npm/prompts@2.4.2", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/pretty.git", + "url": "git+https://github.com/terkelg/prompts.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/pretty", + "url": "https://github.com/terkelg/prompts#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/pretty/issues", + "url": "https://github.com/terkelg/prompts/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", + "url": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1bdc54721813122369a2b99d60197e3e16b9d20394a2f4f5f08bc07bb118319d7f7fd5bf59630f467fb123af325cd3149374171c3c28ff5c15ff835e8d535ed7" + "content": "37136ffe42e0b8203ba778c4f282f668406cac95a001a901a609a02ba9693d657e5ae3a663aaf6ff36c05673fe4fc6d0940d27cc75d2252256d07abbca5683d9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103744,17 +109977,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pretty" + "value": "node_modules/prompts" } ] }, { "type": "library", - "name": "condense-newlines", - "version": "0.2.1", - "bom-ref": "condense-newlines@0.2.1", - "author": "Jon Schlinkert", - "description": "Replace extraneous newlines with a single newline, or pass a specified number of newlines to use.", + "name": "kleur", + "version": "3.0.3", + "bom-ref": "kleur@3.0.3", + "author": "Luke Edwards", + "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!", "licenses": [ { "license": { @@ -103762,30 +109995,30 @@ } } ], - "purl": "pkg:npm/condense-newlines@0.2.1", + "purl": "pkg:npm/kleur@3.0.3", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/condense-newlines.git", + "url": "git+https://github.com/lukeed/kleur.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/condense-newlines", + "url": "https://github.com/lukeed/kleur#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/condense-newlines/issues", + "url": "https://github.com/lukeed/kleur/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", + "url": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3fb5fe40bf476fd07f73c1c8e411452a68e006ed97a50b85f7c599f5790ef9d046824e57830890cfba354a6a6094d588777e7cd54712d1214059fa0884c1cf7e" + "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103794,17 +110027,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/condense-newlines" + "value": "node_modules/kleur" } ] }, { "type": "library", - "name": "extend-shallow", - "version": "2.0.1", - "bom-ref": "extend-shallow@2.0.1", - "author": "Jon Schlinkert", - "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "name": "sisteransi", + "version": "1.0.5", + "bom-ref": "sisteransi@1.0.5", + "author": "Terkel Gjervig", + "description": "ANSI escape codes for some terminal swag", "licenses": [ { "license": { @@ -103812,30 +110045,30 @@ } } ], - "purl": "pkg:npm/extend-shallow@2.0.1", + "purl": "pkg:npm/sisteransi@1.0.5", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/extend-shallow.git", + "url": "git+https://github.com/terkelg/sisteransi.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/extend-shallow", + "url": "https://github.com/terkelg/sisteransi#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "url": "https://github.com/terkelg/sisteransi/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "url": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cc29d3b65c4da0088373782a636698016171ed759689ab2e1762bc31ee566cdf28b4729350a0708cfb4da51b3fadb5199bb2b158068d8fb3f56bfa79d866d5ba" + "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103844,41 +110077,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/extend-shallow" + "value": "node_modules/sisteransi" } ] }, { "type": "library", - "name": "is-whitespace", - "version": "0.3.0", - "bom-ref": "is-whitespace@0.3.0", - "author": "Jon Schlinkert", - "description": "Returns true if the value passed is all whitespace.", - "purl": "pkg:npm/is-whitespace@0.3.0", + "name": "yargs", + "version": "17.7.2", + "bom-ref": "yargs@17.7.2", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@17.7.2", "externalReferences": [ { - "url": "git://github.com/jonschlinkert/is-whitespace.git", + "url": "git+https://github.com/yargs/yargs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/is-whitespace", + "url": "https://yargs.js.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/is-whitespace/issues", + "url": "https://github.com/yargs/yargs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", + "url": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "47274f865e12e89c00ca3d09263b215891051ba84dc9ede964505165a4d47d9170187c73a6935a34e56042e4bf13f4a586b029b8c5eba672b51042177dda370e" + "content": "edd4b3cd143ef822a7348fe4aca9d8455ec928a3d45cc121eb5b286872a0f66ad6121cc55a1167c4fc4697eebd703d4ebbadc2d773543c29e621caefa82b8ceb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103887,17 +110126,69 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-whitespace" + "value": "node_modules/yargs" + } + ], + "components": [ + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "yargs@17.7.2|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs/node_modules/yargs-parser" + } + ] } ] }, { "type": "library", - "name": "kind-of", - "version": "3.2.2", - "bom-ref": "kind-of@3.2.2", - "author": "Jon Schlinkert", - "description": "Get the native type of a value.", + "name": "json-diff", + "version": "0.9.1", + "bom-ref": "json-diff@0.9.1", + "author": "Andrey Tarantsov", + "description": "JSON diff", "licenses": [ { "license": { @@ -103905,30 +110196,30 @@ } } ], - "purl": "pkg:npm/kind-of@3.2.2", + "purl": "pkg:npm/json-diff@0.9.1", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/kind-of.git", + "url": "git+ssh://git@github.com/andreyvit/json-diff.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/kind-of", + "url": "https://github.com/andreyvit/json-diff", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/kind-of/issues", + "url": "https://github.com/andreyvit/json-diff/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "url": "https://registry.npmjs.org/json-diff/-/json-diff-0.9.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "34e5bd4105cca191a0fe8aa754da0d4d320510889dd7adbb5827df50124474cc58029abb98d13b0a9cee7083dcf99420db93e17a3ec8252997de13bea1b94eb5" + "content": "67778c83a91b55306bde0fc8a6617acf6f322f6b2a8b89242252560d04add1ab905b6cb4405bb746648a8b3be3f3cd04fc453235a9ef598de88bf4f967b640d6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103937,48 +110228,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/kind-of" + "value": "node_modules/json-diff" } ] }, { "type": "library", - "name": "is-buffer", - "version": "1.1.6", - "bom-ref": "is-buffer@1.1.6", - "author": "Feross Aboukhadijeh", - "description": "Determine if an object is a Buffer", + "name": "cli-color", + "version": "2.0.4", + "bom-ref": "cli-color@2.0.4", + "author": "Mariusz Nowak", + "description": "Colors, formatting and other tools for the console", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/is-buffer@1.1.6", + "purl": "pkg:npm/cli-color@2.0.4", "externalReferences": [ { - "url": "git://github.com/feross/is-buffer.git", + "url": "git+https://github.com/medikoo/cli-color.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/feross/is-buffer#readme", + "url": "https://github.com/medikoo/cli-color#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/feross/is-buffer/issues", + "url": "https://github.com/medikoo/cli-color/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "url": "https://registry.npmjs.org/cli-color/-/cli-color-2.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7" + "content": "ce59e98348cd7226cdaceec61bd21e1c7ee669615e0b3f896b5c31ffbb59354e4049249267efea65c88cd3f2c7098c5276abf9876b1d6d0fcf5d874eb9eb57bc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -103987,48 +110278,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-buffer" + "value": "node_modules/cli-color" } ] }, { "type": "library", - "name": "is-extendable", - "version": "0.1.1", - "bom-ref": "is-extendable@0.1.1", - "author": "Jon Schlinkert", - "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"", + "name": "d", + "version": "1.0.2", + "bom-ref": "d@1.0.2", + "author": "Mariusz Nowak", + "description": "Property descriptor factory", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/is-extendable@0.1.1", + "purl": "pkg:npm/d@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/jonschlinkert/is-extendable.git", + "url": "git+https://github.com/medikoo/d.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jonschlinkert/is-extendable", + "url": "https://github.com/medikoo/d#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jonschlinkert/is-extendable/issues", + "url": "https://github.com/medikoo/d/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "url": "https://registry.npmjs.org/d/-/d-1.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e413142cda1bd6f8055fa123430e62cd60f1ade7162bd00cef6aee80daf44c595d30e8b47e3e8993ecde288b74c468f87047d0209b61e30dce296389e1ff8017" + "content": "30ea87bcc585f7ff4c5fa9f36b42a0bc51f81e9314d04179b940d7a97fc1b71b54f0d7c1d10cd1b49f0e7bfe92b92e246e1cb3549c2377dec40383caaf327c6f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104037,48 +110328,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-extendable" + "value": "node_modules/d" } ] }, { "type": "library", - "name": "js-beautify", - "version": "1.15.1", - "bom-ref": "js-beautify@1.15.1", - "author": "Einar Lielmanis", - "description": "beautifier.io for node", + "name": "es5-ext", + "version": "0.10.64", + "bom-ref": "es5-ext@0.10.64", + "author": "Mariusz Nowak", + "description": "ECMAScript extensions and shims", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/js-beautify@1.15.1", + "purl": "pkg:npm/es5-ext@0.10.64", "externalReferences": [ { - "url": "git://github.com/beautifier/js-beautify.git", + "url": "git+https://github.com/medikoo/es5-ext.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://beautifier.io/", + "url": "https://github.com/medikoo/es5-ext#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/beautifier/js-beautify/issues", + "url": "https://github.com/medikoo/es5-ext/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.1.tgz", + "url": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.64.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1128cdcd296dfec584f2c722647f24045f013e5c173f0851ea958a030f1bc380708fe899727296e8e35652eb49ede39bb81650a6221bf12ece62ca56acab7bac" + "content": "a76b270e188b6977ba75a86cb352dd771a849be4a4b83bd5f1d9c8406d0c5a3c87a5c30d7d728f13efc2734cbe3e1c495f7038c4635e1428f9a1cd01521e9d7a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104087,41 +110378,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/js-beautify" + "value": "node_modules/es5-ext" } ] }, { "type": "library", - "name": "config-chain", - "version": "1.1.13", - "bom-ref": "config-chain@1.1.13", - "author": "Dominic Tarr", - "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", - "purl": "pkg:npm/config-chain@1.1.13", + "name": "type", + "version": "2.7.2", + "bom-ref": "type@2.7.2", + "author": "Mariusz Nowak", + "description": "Runtime validation and processing of JavaScript types", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/type@2.7.2", "externalReferences": [ { - "url": "git+https://github.com/dominictarr/config-chain.git", + "url": "git+https://github.com/medikoo/type.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://github.com/dominictarr/config-chain", + "url": "https://github.com/medikoo/type#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dominictarr/config-chain/issues", + "url": "https://github.com/medikoo/type/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "url": "https://registry.npmjs.org/type/-/type-2.7.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aa3f9ff003c04571eb33486b6aa5d86f6fdb395495e0fbc9425359fc3563d10ae634cdaad9eba2ce47ae55c910e7b27e5b49911fa1ef8be939d0ce09ba5d9545" + "content": "77396f94d96de805d4ec40527e902c732750ee05c1fa93c6b0f9df26766988d2410e3ec8689cd094165819d122e11f4798f741bf65e6589e9852da136bb9660b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104130,48 +110428,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/config-chain" + "value": "node_modules/type" } ] }, { "type": "library", - "name": "ini", - "version": "1.3.8", - "bom-ref": "ini@1.3.8", - "author": "Isaac Z. Schlueter", - "description": "An ini encoder/decoder for node", + "name": "es6-iterator", + "version": "2.0.3", + "bom-ref": "es6-iterator@2.0.3", + "author": "Mariusz Nowak", + "description": "Iterator abstraction based on ES6 specification", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/ini@1.3.8", + "purl": "pkg:npm/es6-iterator@2.0.3", "externalReferences": [ { - "url": "git://github.com/isaacs/ini.git", + "url": "git://github.com/medikoo/es6-iterator.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/ini#readme", + "url": "https://github.com/medikoo/es6-iterator#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/ini/issues", + "url": "https://github.com/medikoo/es6-iterator/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "url": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "255ff2ba0576bb35b988c4528990320ed41dfa7c6d5278de2edd1a70d770f7c90a2ebbee455c81f34b6c444384ef2bc65606a5859e913570a61079142812b17b" + "content": "cf0e12473a1491df9c97e668135e40f68d6841df76d016f488e24c4244219778cd734dd8a958c0846eec71ff42e4a59153f475dceadfe7cf2e082eb9db9a34da" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104180,17 +110478,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ini" + "value": "node_modules/es6-iterator" } ] }, { "type": "library", - "name": "proto-list", - "version": "1.2.4", - "bom-ref": "proto-list@1.2.4", - "author": "Isaac Z. Schlueter", - "description": "A utility for managing a prototype chain", + "name": "es6-symbol", + "version": "3.1.4", + "bom-ref": "es6-symbol@3.1.4", + "author": "Mariusz Nowak", + "description": "ECMAScript 6 Symbol polyfill", "licenses": [ { "license": { @@ -104198,30 +110496,30 @@ } } ], - "purl": "pkg:npm/proto-list@1.2.4", + "purl": "pkg:npm/es6-symbol@3.1.4", "externalReferences": [ { - "url": "git+https://github.com/isaacs/proto-list.git", + "url": "git+https://github.com/medikoo/es6-symbol.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/proto-list#readme", + "url": "https://github.com/medikoo/es6-symbol#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/proto-list/issues", + "url": "https://github.com/medikoo/es6-symbol/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "url": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bed2bff786a4c6c4cc85ed3f71b7e947eb323eeb3372ec21a958c9ab6e82b8d0e01468faf36a1105738fe4c269bf6afb26d13c32c89ea4622abef3930709f6bc" + "content": "53d6c51635fcb458804e0b64275ce0db9f8abe2217a6046f4474bcb1abb719f855cd385142b39e92c3de4f40565b630d66cd4e1162750cf5ce40c9f428a464be" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104230,48 +110528,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/proto-list" + "value": "node_modules/es6-symbol" } ] }, { "type": "library", - "name": "editorconfig", - "version": "1.0.4", - "bom-ref": "editorconfig@1.0.4", - "author": "EditorConfig Team", - "description": "EditorConfig File Locator and Interpreter for Node.js", + "name": "ext", + "version": "1.7.0", + "bom-ref": "ext@1.7.0", + "author": "Mariusz Nowak", + "description": "JavaScript utilities with respect to emerging standard", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/editorconfig@1.0.4", + "purl": "pkg:npm/ext@1.7.0#ext", "externalReferences": [ { - "url": "git://github.com/editorconfig/editorconfig-core-js.git", + "url": "git+https://github.com/medikoo/es5-ext.git#ext", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/editorconfig/editorconfig-core-js#readme", + "url": "https://github.com/medikoo/es5-ext/tree/ext#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/editorconfig/editorconfig-core-js/issues", + "url": "https://github.com/medikoo/es5-ext/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz", + "url": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2fd41ed3c2964e5a98315bcc71322f300765d5c0d4b9bcd13582fe59f0386cb0cc1dee277a62a4a666339339c4d45c0b2aed04126cbaa1b8102b3309ae0e31f5" + "content": "ea1c5e25868bd75d1af5be531094a3d20a23c87400980d9c8793acfb2482880d5019d4baf7b5d6635a73b2b4a3a80f4b0c4120741fcaca9225479f5170bb8763" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104280,48 +110578,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/editorconfig" + "value": "node_modules/ext" } ] }, { "type": "library", - "name": "wasm", - "group": "@one-ini", - "version": "0.1.1", - "bom-ref": "@one-ini/wasm@0.1.1", - "description": "Parse EditorConfig-INI file contents into AST", + "name": "esniff", + "version": "2.0.1", + "bom-ref": "esniff@2.0.1", + "author": "Mariusz Nowak", + "description": "Low footprint ECMAScript source code parser", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40one-ini/wasm@0.1.1", + "purl": "pkg:npm/esniff@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/one-ini/core.git", + "url": "git+https://github.com/medikoo/esniff.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/one-ini/core#readme", + "url": "https://github.com/medikoo/esniff#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/one-ini/core/issues", + "url": "https://github.com/medikoo/esniff/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", + "url": "https://registry.npmjs.org/esniff/-/esniff-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5eec921b5137f1849c489a0c96aa2f2ebbb829350d4a38154c88f287ba8c5fa68d3791d8e42b792e14497713bbf49b53cca7f357f6e75a9cfeceab98ac84acbf" + "content": "91350818a43f9833c5a09d2855f726c899f88810d1a6d8cd548cf020547bb6a59775523dc5f03644cc18fe06d2a491b79647563448cb6a9fcda951d9889b1d7e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104330,17 +110628,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@one-ini/wasm" + "value": "node_modules/esniff" } ] }, { "type": "library", - "name": "commander", - "version": "10.0.1", - "bom-ref": "commander@10.0.1", - "author": "TJ Holowaychuk", - "description": "the complete solution for node.js command-line programs", + "name": "event-emitter", + "version": "0.3.5", + "bom-ref": "event-emitter@0.3.5", + "author": "Mariusz Nowak", + "description": "Environment agnostic event emitter", "licenses": [ { "license": { @@ -104348,30 +110646,30 @@ } } ], - "purl": "pkg:npm/commander@10.0.1", + "purl": "pkg:npm/event-emitter@0.3.5", "externalReferences": [ { - "url": "git+https://github.com/tj/commander.js.git", + "url": "git://github.com/medikoo/event-emitter.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tj/commander.js#readme", + "url": "https://github.com/medikoo/event-emitter#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tj/commander.js/issues", + "url": "https://github.com/medikoo/event-emitter/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "url": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cb8320dad5ec8699446d21b3c7b6a6ccfc0a28e086ba84913ff0a311dc3093414e1a551baba94aba8c83653359926c47749b69e7885d7d8fc952b74bed77ddba" + "content": "0fdad19fdcbb90b3e727e84cabb4bf9e1be82b0c2f5496a1062d813e6c776ef6ec11d2b75bd8a2f1c0521a33feef6fcb9cce27e9fa37f9d9025f915e4d0aee5c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104380,48 +110678,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/commander" + "value": "node_modules/event-emitter" } ] }, { "type": "library", - "name": "brace-expansion", - "version": "2.0.1", - "bom-ref": "brace-expansion@2.0.1", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", + "name": "next-tick", + "version": "1.1.0", + "bom-ref": "next-tick@1.1.0", + "author": "Mariusz Nowak", + "description": "Environment agnostic nextTick polyfill", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/brace-expansion@2.0.1", + "purl": "pkg:npm/next-tick@1.1.0", "externalReferences": [ { - "url": "git://github.com/juliangruber/brace-expansion.git", + "url": "git://github.com/medikoo/next-tick.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/juliangruber/brace-expansion", + "url": "https://github.com/medikoo/next-tick#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/brace-expansion/issues", + "url": "https://github.com/medikoo/next-tick/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "url": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e7008bd0f1e33e902e9a50bc7ac2e422c15b27cec8bd7775b1cd5dc5a564c6035f45eb6d64c1d6ec01c14a5e02941d95accbe998ea22f5b074f1584142cad0c" + "content": "0977548897a66ec363b93a10bf16b23d917d56a86dee17b0b2fcb6b0e59a7cbbe2d9ac1f963f66382e9b1c8839d28ad7f0826f58a63dc1843fcc1da4a203ec95" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104430,48 +110728,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/brace-expansion" + "value": "node_modules/next-tick" } ] }, { "type": "library", - "name": "js-cookie", - "version": "3.0.5", - "bom-ref": "js-cookie@3.0.5", - "author": "Klaus Hartl", - "description": "A simple, lightweight JavaScript API for handling cookies", + "name": "memoizee", + "version": "0.4.15", + "bom-ref": "memoizee@0.4.15", + "author": "Mariusz Nowak", + "description": "Memoize/cache function results", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/js-cookie@3.0.5", + "purl": "pkg:npm/memoizee@0.4.15", "externalReferences": [ { - "url": "git://github.com/js-cookie/js-cookie.git", + "url": "git://github.com/medikoo/memoizee.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/js-cookie/js-cookie#readme", + "url": "https://github.com/medikoo/memoizee#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/js-cookie/js-cookie/issues", + "url": "https://github.com/medikoo/memoizee/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "url": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "70488910012821b59f09960a5a157016ebcf5f58044d160fc3a2e56932a8c43decd80917ce40a39e9ea1d15efba33caa8f48da92d789e18a83253f37d3e9551b" + "content": "5015a62692d97794933e6ecf31494ec3f4d2cbdef633ecfc81cc90e6f78e9d20d1444cffd1b9a9c937cab77ff9d4384406a099427d6e74cff97e57123d886475" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104480,17 +110778,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/js-cookie" + "value": "node_modules/memoizee" } ] }, { "type": "library", - "name": "nopt", - "version": "7.2.0", - "bom-ref": "nopt@7.2.0", - "author": "GitHub Inc.", - "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "name": "es6-weak-map", + "version": "2.0.3", + "bom-ref": "es6-weak-map@2.0.3", + "author": "Mariusz Nowak", + "description": "ECMAScript6 WeakMap polyfill", "licenses": [ { "license": { @@ -104498,30 +110796,30 @@ } } ], - "purl": "pkg:npm/nopt@7.2.0", + "purl": "pkg:npm/es6-weak-map@2.0.3", "externalReferences": [ { - "url": "git+https://github.com/npm/nopt.git", + "url": "git://github.com/medikoo/es6-weak-map.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/nopt#readme", + "url": "https://github.com/medikoo/es6-weak-map#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/nopt/issues", + "url": "https://github.com/medikoo/es6-weak-map/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", + "url": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0950edc02761608be703316827a349e9d5f7a206bdfc7c9c8900e71b5bd00e348b31e28b27803ddd9a98283ae0612af5141639fe13180bed950a2db8a60a6418" + "content": "a79ba6df61ce4ced643fec3b3d19c1fb9950e3767a9aeb8cb8831f7ef0cdf1907819c9e32c157acc64ada5b01220c9380c202f11a6a685edb387209bfd05d7b0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104530,48 +110828,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/nopt" + "value": "node_modules/es6-weak-map" } ] }, { "type": "library", - "name": "abbrev", - "version": "2.0.0", - "bom-ref": "abbrev@2.0.0", - "author": "GitHub Inc.", - "description": "Like ruby's abbrev module, but in js", + "name": "is-promise", + "version": "2.2.2", + "bom-ref": "is-promise@2.2.2", + "author": "ForbesLindesay", + "description": "Test whether an object looks like a promises-a+ promise", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/abbrev@2.0.0", + "purl": "pkg:npm/is-promise@2.2.2", "externalReferences": [ { - "url": "git+https://github.com/npm/abbrev-js.git", + "url": "git+https://github.com/then/is-promise.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/abbrev-js#readme", + "url": "https://github.com/then/is-promise#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/abbrev-js/issues", + "url": "https://github.com/then/is-promise/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "url": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ebf9a1d44daed98804b021dd634631e685beeb581953ed6f5daa221c7ae929eb9134d805bd2fbf8ebc07890841e5aa407f9a01ed407b135f689764762ca1fc85" + "content": "fa53f8ffa94a5017d08d9da97714e166f2d401a7e665bf0e03115bf175ed890992df920d82bf3985d386a04b35db87b3d450a7649b7a8dabbf4fe6a5879f1015" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104580,17 +110878,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/abbrev" + "value": "node_modules/is-promise" } ] }, { "type": "library", - "name": "babel__core", - "group": "@types", - "version": "7.20.5", - "bom-ref": "@types/babel__core@7.20.5", - "description": "TypeScript definitions for @babel/core", + "name": "lru-queue", + "version": "0.1.0", + "bom-ref": "lru-queue@0.1.0", + "author": "Mariusz Nowak", + "description": "LRU Queue", "licenses": [ { "license": { @@ -104598,30 +110896,30 @@ } } ], - "purl": "pkg:npm/%40types/babel__core@7.20.5#types/babel__core", + "purl": "pkg:npm/lru-queue@0.1.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__core", + "url": "git://github.com/medikoo/lru-queue.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__core", + "url": "https://github.com/medikoo/lru-queue#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/medikoo/lru-queue/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "url": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aa8429ad9bf3e70405270303a9eb1e4575afdeba8cbe18296d715f5725a16f1f57e3b3ce200ea2ffe75779f12664aa0080e69375a22035232a30853ad72472cc" + "content": "06975892df44bc697c39f5870d03c8495a5c979c59b616fe5cfb1b10b8f90105f1202f08ae20d92106230493c49b9ad2e36d2c8d9d132c4cd172ae4a741858ad" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104630,49 +110928,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/babel__core" + "value": "node_modules/lru-queue" } ] }, { "type": "library", - "name": "template", - "group": "@babel", - "version": "7.24.0", - "bom-ref": "@babel/template@7.24.0", - "author": "The Babel Team", - "description": "Generate an AST from a string template.", + "name": "timers-ext", + "version": "0.1.7", + "bom-ref": "timers-ext@0.1.7", + "author": "Mariusz Nowak", + "description": "Timers extensions", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40babel/template@7.24.0#packages/babel-template", + "purl": "pkg:npm/timers-ext@0.1.7", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-template", + "url": "git://github.com/medikoo/timers-ext.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babel.dev/docs/en/next/babel-template", + "url": "https://github.com/medikoo/timers-ext#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20template%22+is%3Aopen", + "url": "https://github.com/medikoo/timers-ext/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz", + "url": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0647f6abc94c074005a57d0d144a926f1d4e9131dfd1ffb48fcda6930f99a73067924edef50974f3dd6f95f822fa41f03a4f2d4238901e9aa1e0b6926b47ca10" + "content": "6fce4d50dcd349da1d4a14c86e4cba645d367bc493b5555f0fe7eee1a5d74a11042e9a331fe6c2a492d830f65bb0004ddb00c7edf269a88a17c49a736dfd0da9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104681,48 +110978,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/template" + "value": "node_modules/timers-ext" } ] }, { "type": "library", - "name": "bs-logger", - "version": "0.2.6", - "bom-ref": "bs-logger@0.2.6", - "author": "Huafu Gandon", - "description": "Bare simple logger for NodeJS", + "name": "difflib", + "version": "0.2.4", + "bom-ref": "difflib@0.2.4", + "author": "Xueqiao Xu", + "description": "text diff library ported from Python's difflib module", "licenses": [ { "license": { - "id": "MIT" + "name": "PSF", + "url": "http://docs.python.org/license.html" } } ], - "purl": "pkg:npm/bs-logger@0.2.6", + "purl": "pkg:npm/difflib@0.2.4", "externalReferences": [ { - "url": "git+https://github.com/huafu/bs-logger.git", + "url": "git://github.com/qiao/difflib.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/huafu/bs-logger#readme", + "url": "https://github.com/qiao/difflib.js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/huafu/bs-logger/issues", + "url": "https://github.com/qiao/difflib.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", + "url": "https://registry.npmjs.org/difflib/-/difflib-0.2.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a5df030a8c666e073b8723ca3afc6da8d7236283ac0013d075c0948c6a77778d95476097d4e46193603cee8aaabb9475924fbbea7b3166ea649b277e315b42a2" + "content": "f5857098c6f4c101d036be49f66e814a3e9f938a5f1884c640e3acf83f4597e20d38358539fbe1214d6136fe86811d510680bff4d25cc2eefbcd2871574913ef" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104731,17 +111029,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/bs-logger" + "value": "node_modules/difflib" } ] }, { "type": "library", - "name": "json5", - "version": "2.2.3", - "bom-ref": "json5@2.2.3", - "author": "Aseem Kishore", - "description": "JSON for Humans", + "name": "heap", + "version": "0.2.7", + "bom-ref": "heap@0.2.7", + "author": "Xueqiao Xu", + "description": "binary heap (priority queue) algorithms (ported from Python's heapq module)", "licenses": [ { "license": { @@ -104749,30 +111047,30 @@ } } ], - "purl": "pkg:npm/json5@2.2.3", + "purl": "pkg:npm/heap@0.2.7", "externalReferences": [ { - "url": "git+https://github.com/json5/json5.git", + "url": "git://github.com/qiao/heap.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://json5.org/", + "url": "https://github.com/qiao/heap.js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/json5/json5/issues", + "url": "https://github.com/qiao/heap.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "url": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e63967bb7b21d81f5e1c2dd54fa3283e18e1f7ad85fef8aa73af2949c125bdf2ddcd93e53c5ce97c15628e830b7375bf255c67facd8c035337873167f16acca" + "content": "d9bb1e8189241cefa1ffd3066e7e8a59c138e5c1d980f00da392d717b12f59d4f4c93d8482e4953b59c3814e5cf3e64e3f0a76bcc35aed816c26155c0d1f5276" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104781,48 +111079,41 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json5" + "value": "node_modules/heap" } ] }, { "type": "library", - "name": "lodash.memoize", - "version": "4.1.2", - "bom-ref": "lodash.memoize@4.1.2", - "author": "John-David Dalton", - "description": "The lodash method `_.memoize` exported as a module.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/lodash.memoize@4.1.2", + "name": "dreamopt", + "version": "0.8.0", + "bom-ref": "dreamopt@0.8.0", + "author": "Andrey Tarantsov", + "description": "Command-line parser with readable syntax from your sweetest dreams", + "purl": "pkg:npm/dreamopt@0.8.0", "externalReferences": [ { - "url": "git+https://github.com/lodash/lodash.git", + "url": "git://github.com/andreyvit/dreamopt.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://lodash.com/", + "url": "https://github.com/andreyvit/dreamopt.js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lodash/lodash/issues", + "url": "https://github.com/andreyvit/dreamopt.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "url": "https://registry.npmjs.org/dreamopt/-/dreamopt-0.8.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b7b8fe3739a09d0cd30185dcb0760b8229a5b4e5753171ed94e59fe868cbf4a8fc18ae45227c39268b71bdb3acf88bd5d7f0f3a34e3f7c219f2d5b3b6976f802" + "content": "bf2253a7cfa60be1bee5d7e0b18fabddc931973f90317e345633d0b19739831540c4b9a2eb84c1a1590fe7803fa51017317b1bbb618c301ad93f136fdb7c1a32" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104831,18 +111122,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lodash.memoize" + "value": "node_modules/dreamopt" } ] }, { "type": "library", - "name": "core", - "group": "@oclif", - "version": "3.26.9", - "bom-ref": "@oclif/core@3.26.9", - "author": "Salesforce", - "description": "base library for oclif CLIs", + "name": "wordwrap", + "version": "1.0.0", + "bom-ref": "wordwrap@1.0.0", + "author": "James Halliday", + "description": "Wrap those words. Show them at what columns to start and stop.", "licenses": [ { "license": { @@ -104850,30 +111140,30 @@ } } ], - "purl": "pkg:npm/%40oclif/core@3.26.9", + "purl": "pkg:npm/wordwrap@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/oclif/core.git", + "url": "git://github.com/substack/node-wordwrap.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/core", + "url": "https://github.com/substack/node-wordwrap#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/core/issues", + "url": "https://github.com/substack/node-wordwrap/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/core/-/core-3.26.9.tgz", + "url": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c81e58c5deb60ec1eaa822bfeb42fc2221a94d1214e09f9fcc2a9f6cf462218139f9a81f37ade4a6968cf936eac8c05db27b7f3d03a7603f0186cd6ab94afa7e" + "content": "82f57324594fc9c29ce5d64de323e43fcc3b0dcdfb06d3f5c9ccc49de39be2eab7e295d972faed45399657c5be5267be5c2c4a81b8ccfa77af93214f3326dde1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104882,17 +111172,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/core" + "value": "node_modules/wordwrap" } ] }, { "type": "library", - "name": "cli-progress", - "group": "@types", - "version": "3.11.5", - "bom-ref": "@types/cli-progress@3.11.5", - "description": "TypeScript definitions for cli-progress", + "name": "jstoxml", + "version": "3.2.10", + "bom-ref": "jstoxml@3.2.10", + "author": "David Calhoun", + "description": "Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)", "licenses": [ { "license": { @@ -104900,30 +111190,30 @@ } } ], - "purl": "pkg:npm/%40types/cli-progress@3.11.5#types/cli-progress", + "purl": "pkg:npm/jstoxml@3.2.10", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/cli-progress", + "url": "git://github.com/davidcalhoun/jstoxml.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cli-progress", + "url": "http://github.com/davidcalhoun/jstoxml", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/davidcalhoun/jstoxml/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.5.tgz", + "url": "https://registry.npmjs.org/jstoxml/-/jstoxml-3.2.10.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0f83db3516ef88aca9a52e62bc11b214edbd3ce97248b980d87c94144e29e5019acc030cdc2c2429672f4e5f20bc4952bb1461e853ca2fc5e689d5fcef7a2ee2" + "content": "735bf6085c4aae120f5abf9c3ab04e2569029646b945f5161b5d98d60ab2143e1dcca4e5c646ab9e2925c0e4ffeb047565f97ec76655223448411f431621b5ad" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104932,46 +111222,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/cli-progress" + "value": "node_modules/jstoxml" } ] }, { "type": "library", - "name": "type-fest", - "version": "0.21.3", - "bom-ref": "type-fest@0.21.3", - "author": "Sindre Sorhus", - "description": "A collection of essential TypeScript types", + "name": "pretty", + "version": "2.0.0", + "bom-ref": "pretty@2.0.0", + "author": "Jon Schlinkert", + "description": "Some tweaks for beautifying HTML with js-beautify according to my preferences.", "licenses": [ { - "expression": "(MIT OR CC0-1.0)" + "license": { + "id": "MIT" + } } ], - "purl": "pkg:npm/type-fest@0.21.3", + "purl": "pkg:npm/pretty@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/type-fest.git", + "url": "git+https://github.com/jonschlinkert/pretty.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/type-fest#readme", + "url": "https://github.com/jonschlinkert/pretty", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/type-fest/issues", + "url": "https://github.com/jonschlinkert/pretty/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "url": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b74af306af3b9b77d571db870d41612a6cb25fef5ea3a5908d9bdfe7511afccd10efe4f7ef8269d5a522c9497418ac69f0cfce113547483be69323e0bd7f97db" + "content": "1bdc54721813122369a2b99d60197e3e16b9d20394a2f4f5f08bc07bb118319d7f7fd5bf59630f467fb123af325cd3149374171c3c28ff5c15ff835e8d535ed7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -104980,17 +111272,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/type-fest" + "value": "node_modules/pretty" } ] }, { "type": "library", - "name": "color-convert", - "version": "2.0.1", - "bom-ref": "color-convert@2.0.1", - "author": "Heather Arthur", - "description": "Plain color conversion functions", + "name": "condense-newlines", + "version": "0.2.1", + "bom-ref": "condense-newlines@0.2.1", + "author": "Jon Schlinkert", + "description": "Replace extraneous newlines with a single newline, or pass a specified number of newlines to use.", "licenses": [ { "license": { @@ -104998,30 +111290,30 @@ } } ], - "purl": "pkg:npm/color-convert@2.0.1", + "purl": "pkg:npm/condense-newlines@0.2.1", "externalReferences": [ { - "url": "git+https://github.com/Qix-/color-convert.git", + "url": "git+https://github.com/jonschlinkert/condense-newlines.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Qix-/color-convert#readme", + "url": "https://github.com/jonschlinkert/condense-newlines", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Qix-/color-convert/issues", + "url": "https://github.com/jonschlinkert/condense-newlines/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "url": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529" + "content": "3fb5fe40bf476fd07f73c1c8e411452a68e006ed97a50b85f7c599f5790ef9d046824e57830890cfba354a6a6094d588777e7cd54712d1214059fa0884c1cf7e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105030,17 +111322,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/color-convert" + "value": "node_modules/condense-newlines" } ] }, { "type": "library", - "name": "cardinal", - "version": "2.1.1", - "bom-ref": "cardinal@2.1.1", - "author": "Thorsten Lorenz", - "description": "Syntax highlights JavaScript code with ANSI colors to be printed to the terminal.", + "name": "extend-shallow", + "version": "2.0.1", + "bom-ref": "extend-shallow@2.0.1", + "author": "Jon Schlinkert", + "description": "Extend an object with the properties of additional objects. node.js/javascript util.", "licenses": [ { "license": { @@ -105048,30 +111340,30 @@ } } ], - "purl": "pkg:npm/cardinal@2.1.1", + "purl": "pkg:npm/extend-shallow@2.0.1", "externalReferences": [ { - "url": "git://github.com/thlorenz/cardinal.git", + "url": "git+https://github.com/jonschlinkert/extend-shallow.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/thlorenz/cardinal#readme", + "url": "https://github.com/jonschlinkert/extend-shallow", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thlorenz/cardinal/issues", + "url": "https://github.com/jonschlinkert/extend-shallow/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "url": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "252af978e8281329ad607063356ca3acca9eb7d026da68898657ca35da8ba7ace878087428de5d44073195e723e66009ae64289a088e063df9c472eb163a81a7" + "content": "cc29d3b65c4da0088373782a636698016171ed759689ab2e1762bc31ee566cdf28b4729350a0708cfb4da51b3fadb5199bb2b158068d8fb3f56bfa79d866d5ba" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105080,48 +111372,41 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cardinal" + "value": "node_modules/extend-shallow" } ] }, { "type": "library", - "name": "ansicolors", - "version": "0.3.2", - "bom-ref": "ansicolors@0.3.2", - "author": "Thorsten Lorenz", - "description": "Functions that surround a string with ansicolor codes so it prints in color.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansicolors@0.3.2", + "name": "is-whitespace", + "version": "0.3.0", + "bom-ref": "is-whitespace@0.3.0", + "author": "Jon Schlinkert", + "description": "Returns true if the value passed is all whitespace.", + "purl": "pkg:npm/is-whitespace@0.3.0", "externalReferences": [ { - "url": "git://github.com/thlorenz/ansicolors.git", + "url": "git://github.com/jonschlinkert/is-whitespace.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/thlorenz/ansicolors#readme", + "url": "https://github.com/jonschlinkert/is-whitespace", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thlorenz/ansicolors/issues", + "url": "https://github.com/jonschlinkert/is-whitespace/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "url": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "417bbb04facfdbd565951c47f06c01ef1e625f9a9628000c2ea2901964de2d656534734ea55309f7576cc50008597a63b96e70aafc6edc977f9d18eb27ed29aa" + "content": "47274f865e12e89c00ca3d09263b215891051ba84dc9ede964505165a4d47d9170187c73a6935a34e56042e4bf13f4a586b029b8c5eba672b51042177dda370e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105130,17 +111415,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ansicolors" + "value": "node_modules/is-whitespace" } ] }, { "type": "library", - "name": "redeyed", - "version": "2.1.1", - "bom-ref": "redeyed@2.1.1", - "author": "Thorsten Lorenz", - "description": "Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.", + "name": "kind-of", + "version": "3.2.2", + "bom-ref": "kind-of@3.2.2", + "author": "Jon Schlinkert", + "description": "Get the native type of a value.", "licenses": [ { "license": { @@ -105148,30 +111433,30 @@ } } ], - "purl": "pkg:npm/redeyed@2.1.1", + "purl": "pkg:npm/kind-of@3.2.2", "externalReferences": [ { - "url": "git://github.com/thlorenz/redeyed.git", + "url": "git+https://github.com/jonschlinkert/kind-of.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/thlorenz/redeyed#readme", + "url": "https://github.com/jonschlinkert/kind-of", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thlorenz/redeyed/issues", + "url": "https://github.com/jonschlinkert/kind-of/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "url": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "14da461a8d43c9c600767aca17108c98a620a3f9882c0aad4586e47500fc129fc79363d0e7e684004c7e214ef5dd14c39ae05a1f473c3f9668ceeacdbb939b45" + "content": "34e5bd4105cca191a0fe8aa754da0d4d320510889dd7adbb5827df50124474cc58029abb98d13b0a9cee7083dcf99420db93e17a3ec8252997de13bea1b94eb5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105180,48 +111465,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/redeyed" + "value": "node_modules/kind-of" } ] }, { "type": "library", - "name": "esprima", - "version": "4.0.1", - "bom-ref": "esprima@4.0.1", - "author": "Ariya Hidayat", - "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "name": "is-buffer", + "version": "1.1.6", + "bom-ref": "is-buffer@1.1.6", + "author": "Feross Aboukhadijeh", + "description": "Determine if an object is a Buffer", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/esprima@4.0.1", + "purl": "pkg:npm/is-buffer@1.1.6", "externalReferences": [ { - "url": "git+https://github.com/jquery/esprima.git", + "url": "git://github.com/feross/is-buffer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://esprima.org", + "url": "https://github.com/feross/is-buffer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jquery/esprima/issues", + "url": "https://github.com/feross/is-buffer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "url": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0" + "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105230,17 +111515,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/esprima" + "value": "node_modules/is-buffer" } ] }, { "type": "library", - "name": "has-flag", - "version": "4.0.0", - "bom-ref": "has-flag@4.0.0", - "author": "Sindre Sorhus", - "description": "Check if argv has a specific flag", + "name": "is-extendable", + "version": "0.1.1", + "bom-ref": "is-extendable@0.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"", "licenses": [ { "license": { @@ -105248,30 +111533,30 @@ } } ], - "purl": "pkg:npm/has-flag@4.0.0", + "purl": "pkg:npm/is-extendable@0.1.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/has-flag.git", + "url": "git+https://github.com/jonschlinkert/is-extendable.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/has-flag#readme", + "url": "https://github.com/jonschlinkert/is-extendable", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/has-flag/issues", + "url": "https://github.com/jonschlinkert/is-extendable/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "url": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d" + "content": "e413142cda1bd6f8055fa123430e62cd60f1ade7162bd00cef6aee80daf44c595d30e8b47e3e8993ecde288b74c468f87047d0209b61e30dce296389e1ff8017" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105280,17 +111565,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/has-flag" + "value": "node_modules/is-extendable" } ] }, { "type": "library", - "name": "clean-stack", - "version": "3.0.1", - "bom-ref": "clean-stack@3.0.1", - "author": "Sindre Sorhus", - "description": "Clean up error stack traces", + "name": "js-beautify", + "version": "1.15.1", + "bom-ref": "js-beautify@1.15.1", + "author": "Einar Lielmanis", + "description": "beautifier.io for node", "licenses": [ { "license": { @@ -105298,30 +111583,30 @@ } } ], - "purl": "pkg:npm/clean-stack@3.0.1", + "purl": "pkg:npm/js-beautify@1.15.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/clean-stack.git", + "url": "git://github.com/beautifier/js-beautify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/clean-stack#readme", + "url": "https://beautifier.io/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/clean-stack/issues", + "url": "https://github.com/beautifier/js-beautify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "url": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "951f70362311715423481ddaef15c62eecf872be3026eb9795a0046d1bad1a8c104e6969ed1ef6fc33a0376d5ef237706e531697d50e24c2576ab5fde29cca76" + "content": "1128cdcd296dfec584f2c722647f24045f013e5c173f0851ea958a030f1bc380708fe899727296e8e35652eb49ede39bb81650a6221bf12ece62ca56acab7bac" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105330,48 +111615,143 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/clean-stack" + "value": "node_modules/js-beautify" + } + ], + "components": [ + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "js-beautify@1.15.1|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "js-beautify@1.15.1|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/minipass" + } + ] } ] }, { "type": "library", - "name": "escape-string-regexp", - "version": "4.0.0", - "bom-ref": "escape-string-regexp@4.0.0", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/escape-string-regexp@4.0.0", + "name": "config-chain", + "version": "1.1.13", + "bom-ref": "config-chain@1.1.13", + "author": "Dominic Tarr", + "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", + "purl": "pkg:npm/config-chain@1.1.13", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "url": "git+https://github.com/dominictarr/config-chain.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "url": "http://github.com/dominictarr/config-chain", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "url": "https://github.com/dominictarr/config-chain/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "url": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4eda5c349dd7033c771aaf2c591cc96956a346cd2e57103660091d6f58e6d9890fcf81ba7a05050320379f9bed10865e7cf93959ae145db2ae4b97ca90959d80" + "content": "aa3f9ff003c04571eb33486b6aa5d86f6fdb395495e0fbc9425359fc3563d10ae634cdaad9eba2ce47ae55c910e7b27e5b49911fa1ef8be939d0ce09ba5d9545" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105380,48 +111760,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/escape-string-regexp" + "value": "node_modules/config-chain" } ] }, { "type": "library", - "name": "cli-progress", - "version": "3.12.0", - "bom-ref": "cli-progress@3.12.0", - "author": "Andi Dittrich", - "description": "easy to use progress-bar for command-line/terminal applications", + "name": "ini", + "version": "1.3.8", + "bom-ref": "ini@1.3.8", + "author": "Isaac Z. Schlueter", + "description": "An ini encoder/decoder for node", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/cli-progress@3.12.0", + "purl": "pkg:npm/ini@1.3.8", "externalReferences": [ { - "url": "git+https://github.com/npkgz/cli-progress.git", + "url": "git://github.com/isaacs/ini.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npkgz/cli-progress", + "url": "https://github.com/isaacs/ini#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npkgz/cli-progress/issues", + "url": "https://github.com/isaacs/ini/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "url": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b51915dc7275012c26d7d4c78a22c85cb3bb226ef0953b8a9ef918693932a003de7ea8cd83b5bb0c7294946471cbdbf10ef6f2098424428cefa6db8c9060a0f0" + "content": "255ff2ba0576bb35b988c4528990320ed41dfa7c6d5278de2edd1a70d770f7c90a2ebbee455c81f34b6c444384ef2bc65606a5859e913570a61079142812b17b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105430,47 +111810,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cli-progress" + "value": "node_modules/ini" } ] }, { "type": "library", - "name": "color", - "version": "4.2.3", - "bom-ref": "color@4.2.3", - "description": "Color conversion and manipulation with CSS string support", + "name": "proto-list", + "version": "1.2.4", + "bom-ref": "proto-list@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "A utility for managing a prototype chain", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/color@4.2.3", + "purl": "pkg:npm/proto-list@1.2.4", "externalReferences": [ { - "url": "git+https://github.com/Qix-/color.git", + "url": "git+https://github.com/isaacs/proto-list.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Qix-/color#readme", + "url": "https://github.com/isaacs/proto-list#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Qix-/color/issues", + "url": "https://github.com/isaacs/proto-list/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", + "url": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d6b5deb94522186af2921f8278176ee487bb389c229c28106346dcec6091c72e71547cbe9a86aa9292ff8ea42ad0cb5039e61caea133e1a6dce5fd0ab54ed6e0" + "content": "bed2bff786a4c6c4cc85ed3f71b7e947eb323eeb3372ec21a958c9ab6e82b8d0e01468faf36a1105738fe4c269bf6afb26d13c32c89ea4622abef3930709f6bc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105479,17 +111860,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/color" + "value": "node_modules/proto-list" } ] }, { "type": "library", - "name": "color-string", - "version": "1.9.1", - "bom-ref": "color-string@1.9.1", - "author": "Heather Arthur", - "description": "Parser and generator for CSS color strings", + "name": "editorconfig", + "version": "1.0.4", + "bom-ref": "editorconfig@1.0.4", + "author": "EditorConfig Team", + "description": "EditorConfig File Locator and Interpreter for Node.js", "licenses": [ { "license": { @@ -105497,30 +111878,30 @@ } } ], - "purl": "pkg:npm/color-string@1.9.1", + "purl": "pkg:npm/editorconfig@1.0.4", "externalReferences": [ { - "url": "git+https://github.com/Qix-/color-string.git", + "url": "git://github.com/editorconfig/editorconfig-core-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Qix-/color-string#readme", + "url": "https://github.com/editorconfig/editorconfig-core-js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Qix-/color-string/issues", + "url": "https://github.com/editorconfig/editorconfig-core-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", + "url": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b21ad56b0405a239d9bfac4ce346a7c780a4a033fe7d9b30fd97ab10cb16fe9cb3b116c4969b0bfc30555bbab7131c70bac74d5c8de55e9ba1119933b3ca7912" + "content": "2fd41ed3c2964e5a98315bcc71322f300765d5c0d4b9bcd13582fe59f0386cb0cc1dee277a62a4a666339339c4d45c0b2aed04126cbaa1b8102b3309ae0e31f5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105529,17 +111910,69 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/color-string" + "value": "node_modules/editorconfig" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "9.0.1", + "bom-ref": "editorconfig@1.0.4|minimatch@9.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d235a12690ff31d84f5f03ee8919026df61f48aa76aa79f678e736efda88edffa8b25fe5fa9aca4abbe1835e7bcd262fc7fd679a09f636a753ea4d99ef3487f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig/node_modules/minimatch" + } + ] } ] }, { "type": "library", - "name": "simple-swizzle", - "version": "0.2.2", - "bom-ref": "simple-swizzle@0.2.2", - "author": "Qix", - "description": "Simply swizzle your arguments", + "name": "wasm", + "group": "@one-ini", + "version": "0.1.1", + "bom-ref": "@one-ini/wasm@0.1.1", + "description": "Parse EditorConfig-INI file contents into AST", "licenses": [ { "license": { @@ -105547,30 +111980,30 @@ } } ], - "purl": "pkg:npm/simple-swizzle@0.2.2", + "purl": "pkg:npm/%40one-ini/wasm@0.1.1", "externalReferences": [ { - "url": "git+https://github.com/qix-/node-simple-swizzle.git", + "url": "git+https://github.com/one-ini/core.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/qix-/node-simple-swizzle#readme", + "url": "https://github.com/one-ini/core#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/qix-/node-simple-swizzle/issues", + "url": "https://github.com/one-ini/core/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", + "url": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "240fff910819b5bb98f379bec53fad5c9926267706313153f82fa0da1d91f6ec64608ac4db2cbdb2099c2e10a7c39eff5920fe121dc9f7b14f1031676d79c352" + "content": "5eec921b5137f1849c489a0c96aa2f2ebbb829350d4a38154c88f287ba8c5fa68d3791d8e42b792e14497713bbf49b53cca7f357f6e75a9cfeceab98ac84acbf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105579,48 +112012,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/simple-swizzle" + "value": "node_modules/@one-ini/wasm" } ] }, { "type": "library", - "name": "ejs", - "version": "3.1.10", - "bom-ref": "ejs@3.1.10", - "author": "Matthew Eernisse", - "description": "Embedded JavaScript templates", + "name": "commander", + "version": "10.0.1", + "bom-ref": "commander@10.0.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/ejs@3.1.10", + "purl": "pkg:npm/commander@10.0.1", "externalReferences": [ { - "url": "git://github.com/mde/ejs.git", + "url": "git+https://github.com/tj/commander.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mde/ejs", + "url": "https://github.com/tj/commander.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mde/ejs/issues", + "url": "https://github.com/tj/commander.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "url": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "51e26615f3ab0104bc38958f678aad807c961316b4f3cfccb4ae54132a091851faedc0c45e4652be23a2291099e178a3d33c48dc9102818b37a0ac7e022cd004" + "content": "cb8320dad5ec8699446d21b3c7b6a6ccfc0a28e086ba84913ff0a311dc3093414e1a551baba94aba8c83653359926c47749b69e7885d7d8fc952b74bed77ddba" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105629,48 +112062,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ejs" + "value": "node_modules/commander" } ] }, { "type": "library", - "name": "jake", - "version": "10.8.7", - "bom-ref": "jake@10.8.7", - "author": "Matthew Eernisse", - "description": "JavaScript build tool, similar to Make or Rake", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/jake@10.8.7", + "purl": "pkg:npm/brace-expansion@2.0.1", "externalReferences": [ { - "url": "git://github.com/jakejs/jake.git", + "url": "git://github.com/juliangruber/brace-expansion.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jakejs/jake#readme", + "url": "https://github.com/juliangruber/brace-expansion", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jakejs/jake/issues", + "url": "https://github.com/juliangruber/brace-expansion/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6438b768ff9f1bf2dc87207350cf34e158dd767c1f49fb1d798930b7c35c6ca46fa38ac592386ce39ea22c59f79366545af35ee22e3c5800836f36bc7e1ab6fb" + "content": "5e7008bd0f1e33e902e9a50bc7ac2e422c15b27cec8bd7775b1cd5dc5a564c6035f45eb6d64c1d6ec01c14a5e02941d95accbe998ea22f5b074f1584142cad0c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105679,17 +112112,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jake" + "value": "node_modules/brace-expansion" } ] }, { "type": "library", - "name": "async", - "version": "3.2.5", - "bom-ref": "async@3.2.5", - "author": "Caolan McMahon", - "description": "Higher-order functions and common patterns for asynchronous code", + "name": "js-cookie", + "version": "3.0.5", + "bom-ref": "js-cookie@3.0.5", + "author": "Klaus Hartl", + "description": "A simple, lightweight JavaScript API for handling cookies", "licenses": [ { "license": { @@ -105697,30 +112130,30 @@ } } ], - "purl": "pkg:npm/async@3.2.5", + "purl": "pkg:npm/js-cookie@3.0.5", "externalReferences": [ { - "url": "git+https://github.com/caolan/async.git", + "url": "git://github.com/js-cookie/js-cookie.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://caolan.github.io/async/", + "url": "https://github.com/js-cookie/js-cookie#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/caolan/async/issues", + "url": "https://github.com/js-cookie/js-cookie/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", + "url": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6da359caa69a2e1c8b54a9bf0e5bdd5b4e7531280ee9bf1e55f21ece5f44e4fa96c458332e6ff0427b445b8ccecad55bbab0c4af426500b12974e170bc4acbb2" + "content": "70488910012821b59f09960a5a157016ebcf5f58044d160fc3a2e56932a8c43decd80917ce40a39e9ea1d15efba33caa8f48da92d789e18a83253f37d3e9551b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105729,48 +112162,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/async" + "value": "node_modules/js-cookie" } ] }, { "type": "library", - "name": "filelist", - "version": "1.0.4", - "bom-ref": "filelist@1.0.4", - "author": "Matthew Eernisse", - "description": "Lazy-evaluating list of files, based on globs or regex patterns", + "name": "nopt", + "version": "7.2.0", + "bom-ref": "nopt@7.2.0", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/filelist@1.0.4", + "purl": "pkg:npm/nopt@7.2.0", "externalReferences": [ { - "url": "git://github.com/mde/filelist.git", + "url": "git+https://github.com/npm/nopt.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mde/filelist", + "url": "https://github.com/npm/nopt#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mde/filelist/issues", + "url": "https://github.com/npm/nopt/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "url": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c35704b9fdd2f83acb0902fb113ea4cfe82694975babd27bc970928cafce6423c0faa10dd56c85e1901fd186096b8fec84726b6b6b7f77fafc495e098bec7ef1" + "content": "0950edc02761608be703316827a349e9d5f7a206bdfc7c9c8900e71b5bd00e348b31e28b27803ddd9a98283ae0612af5141639fe13180bed950a2db8a60a6418" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105779,48 +112212,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/filelist" + "value": "node_modules/nopt" } ] }, { "type": "library", - "name": "balanced-match", - "version": "1.0.2", - "bom-ref": "balanced-match@1.0.2", - "author": "Julian Gruber", - "description": "Match balanced character pairs, like \"{\" and \"}\"", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/balanced-match@1.0.2", + "purl": "pkg:npm/abbrev@2.0.0", "externalReferences": [ { - "url": "git://github.com/juliangruber/balanced-match.git", + "url": "git+https://github.com/npm/abbrev-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/juliangruber/balanced-match", + "url": "https://github.com/npm/abbrev-js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/balanced-match/issues", + "url": "https://github.com/npm/abbrev-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "url": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + "content": "ebf9a1d44daed98804b021dd634631e685beeb581953ed6f5daa221c7ae929eb9134d805bd2fbf8ebc07890841e5aa407f9a01ed407b135f689764762ca1fc85" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105829,17 +112262,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/balanced-match" + "value": "node_modules/abbrev" } ] }, { "type": "library", - "name": "concat-map", - "version": "0.0.1", - "bom-ref": "concat-map@0.0.1", - "author": "James Halliday", - "description": "concatenative mapdashery", + "name": "babel__core", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__core@7.20.5", + "description": "TypeScript definitions for @babel/core", "licenses": [ { "license": { @@ -105847,30 +112280,30 @@ } } ], - "purl": "pkg:npm/concat-map@0.0.1", + "purl": "pkg:npm/%40types/babel__core@7.20.5#types/babel__core", "externalReferences": [ { - "url": "git://github.com/substack/node-concat-map.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__core", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/substack/node-concat-map#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/substack/node-concat-map/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "url": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + "content": "aa8429ad9bf3e70405270303a9eb1e4575afdeba8cbe18296d715f5725a16f1f57e3b3ce200ea2ffe75779f12664aa0080e69375a22035232a30853ad72472cc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105879,17 +112312,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/concat-map" + "value": "node_modules/@types/babel__core" } ] }, { "type": "library", - "name": "get-package-type", - "version": "0.1.0", - "bom-ref": "get-package-type@0.1.0", - "author": "Corey Farrell", - "description": "Determine the `package.json#type` which applies to a location", + "name": "template", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/template@7.24.0", + "author": "The Babel Team", + "description": "Generate an AST from a string template.", "licenses": [ { "license": { @@ -105897,30 +112331,30 @@ } } ], - "purl": "pkg:npm/get-package-type@0.1.0", + "purl": "pkg:npm/%40babel/template@7.24.0#packages/babel-template", "externalReferences": [ { - "url": "git+https://github.com/cfware/get-package-type.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-template", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/cfware/get-package-type#readme", + "url": "https://babel.dev/docs/en/next/babel-template", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/cfware/get-package-type/issues", + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20template%22+is%3Aopen", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "url": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a63cee2ad63ae0661f5a2ccd009d1fafd56ab6d6643622b6892e37d0bb481f38c112be9b5fc026db39b8b16e11a39c23596e5c02544bd6a00c4dc5db8cd00ed9" + "content": "0647f6abc94c074005a57d0d144a926f1d4e9131dfd1ffb48fcda6930f99a73067924edef50974f3dd6f95f822fa41f03a4f2d4238901e9aa1e0b6926b47ca10" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105929,17 +112363,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/get-package-type" + "value": "node_modules/@babel/template" } ] }, { "type": "library", - "name": "globby", - "version": "11.1.0", - "bom-ref": "globby@11.1.0", - "author": "Sindre Sorhus", - "description": "User-friendly glob matching", + "name": "bs-logger", + "version": "0.2.6", + "bom-ref": "bs-logger@0.2.6", + "author": "Huafu Gandon", + "description": "Bare simple logger for NodeJS", "licenses": [ { "license": { @@ -105947,30 +112381,30 @@ } } ], - "purl": "pkg:npm/globby@11.1.0", + "purl": "pkg:npm/bs-logger@0.2.6", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/globby.git", + "url": "git+https://github.com/huafu/bs-logger.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/globby#readme", + "url": "https://github.com/huafu/bs-logger#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/globby/issues", + "url": "https://github.com/huafu/bs-logger/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "url": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8e121768ecf2d6c6fc232a1c6abb964a7d538e69c156cf00ca1732f37ae6c4d27cab6b96282023dc29c963e2a91925c2b9e00f7348b4e6456f54ab4fd6df52de" + "content": "a5df030a8c666e073b8723ca3afc6da8d7236283ac0013d075c0948c6a77778d95476097d4e46193603cee8aaabb9475924fbbea7b3166ea649b277e315b42a2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -105979,17 +112413,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/globby" + "value": "node_modules/bs-logger" } ] }, { "type": "library", - "name": "array-union", - "version": "2.1.0", - "bom-ref": "array-union@2.1.0", - "author": "Sindre Sorhus", - "description": "Create an array of unique values, in order, from the input arrays", + "name": "json5", + "version": "2.2.3", + "bom-ref": "json5@2.2.3", + "author": "Aseem Kishore", + "description": "JSON for Humans", "licenses": [ { "license": { @@ -105997,30 +112431,30 @@ } } ], - "purl": "pkg:npm/array-union@2.1.0", + "purl": "pkg:npm/json5@2.2.3", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/array-union.git", + "url": "git+https://github.com/json5/json5.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/array-union#readme", + "url": "http://json5.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/array-union/issues", + "url": "https://github.com/json5/json5/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "url": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1c6cb1a0e4d853208ceacb547ba1098277781287b0008ef331d7ea3be9068e79599810f3fdc479a5ff2bfdc4785aaeb4b0bfe9d0891c8d41043f04b7185ac8cb" + "content": "5e63967bb7b21d81f5e1c2dd54fa3283e18e1f7ad85fef8aa73af2949c125bdf2ddcd93e53c5ce97c15628e830b7375bf255c67facd8c035337873167f16acca" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106029,17 +112463,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/array-union" + "value": "node_modules/json5" } ] }, { "type": "library", - "name": "dir-glob", - "version": "3.0.1", - "bom-ref": "dir-glob@3.0.1", - "author": "Kevin Mårtensson", - "description": "Convert directories to glob compatible strings", + "name": "lodash.memoize", + "version": "4.1.2", + "bom-ref": "lodash.memoize@4.1.2", + "author": "John-David Dalton", + "description": "The lodash method `_.memoize` exported as a module.", "licenses": [ { "license": { @@ -106047,30 +112481,30 @@ } } ], - "purl": "pkg:npm/dir-glob@3.0.1", + "purl": "pkg:npm/lodash.memoize@4.1.2", "externalReferences": [ { - "url": "git+https://github.com/kevva/dir-glob.git", + "url": "git+https://github.com/lodash/lodash.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kevva/dir-glob#readme", + "url": "https://lodash.com/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kevva/dir-glob/issues", + "url": "https://github.com/lodash/lodash/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "url": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5a4ad6a7d191e0a5df28663338b993b86562d545857f0b37efb9fd71ce79fed6fa0eeab217aa5c43901b88712c85a0e963dbfaa1a4abd9708389d1a633077320" + "content": "b7b8fe3739a09d0cd30185dcb0760b8229a5b4e5753171ed94e59fe868cbf4a8fc18ae45227c39268b71bdb3acf88bd5d7f0f3a34e3f7c219f2d5b3b6976f802" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106079,17 +112513,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/dir-glob" + "value": "node_modules/lodash.memoize" } ] }, { "type": "library", - "name": "path-type", - "version": "4.0.0", - "bom-ref": "path-type@4.0.0", - "author": "Sindre Sorhus", - "description": "Check if a path is a file, directory, or symlink", + "name": "core", + "group": "@oclif", + "version": "3.26.9", + "bom-ref": "@oclif/core@3.26.9", + "author": "Salesforce", + "description": "base library for oclif CLIs", "licenses": [ { "license": { @@ -106097,30 +112532,30 @@ } } ], - "purl": "pkg:npm/path-type@4.0.0", + "purl": "pkg:npm/%40oclif/core@3.26.9", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/path-type.git", + "url": "git+https://github.com/oclif/core.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/path-type#readme", + "url": "https://github.com/oclif/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/path-type/issues", + "url": "https://github.com/oclif/core/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "url": "https://registry.npmjs.org/@oclif/core/-/core-3.26.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf" + "content": "c81e58c5deb60ec1eaa822bfeb42fc2221a94d1214e09f9fcc2a9f6cf462218139f9a81f37ade4a6968cf936eac8c05db27b7f3d03a7603f0186cd6ab94afa7e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106129,17 +112564,267 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/path-type" + "value": "node_modules/@oclif/core" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/core@3.26.9|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/core@3.26.9|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@oclif/core@3.26.9|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@oclif/core@3.26.9|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/sprintf-js" + } + ] } ] }, { "type": "library", - "name": "ignore", - "version": "5.3.1", - "bom-ref": "ignore@5.3.1", - "author": "kael", - "description": "Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.", + "name": "cli-progress", + "group": "@types", + "version": "3.11.5", + "bom-ref": "@types/cli-progress@3.11.5", + "description": "TypeScript definitions for cli-progress", "licenses": [ { "license": { @@ -106147,30 +112832,30 @@ } } ], - "purl": "pkg:npm/ignore@5.3.1", + "purl": "pkg:npm/%40types/cli-progress@3.11.5#types/cli-progress", "externalReferences": [ { - "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/cli-progress", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/kaelzhang/node-ignore#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cli-progress", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kaelzhang/node-ignore/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "url": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e45cadcff22b68c8eaa707dddf891edbc3d354c8d98c91b630f9f9b7b384e1e50250d7fc0406bb6f95944bdfd0bebea6c0e412ecc93abddb0c9e8e617be4fc5f" + "content": "0f83db3516ef88aca9a52e62bc11b214edbd3ce97248b980d87c94144e29e5019acc030cdc2c2429672f4e5f20bc4952bb1461e853ca2fc5e689d5fcef7a2ee2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106179,48 +112864,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ignore" + "value": "node_modules/@types/cli-progress" } ] }, { "type": "library", - "name": "hyperlinker", - "version": "1.0.0", - "bom-ref": "hyperlinker@1.0.0", - "author": "James Talmage", - "description": "Write hyperlinks in the terminal.", + "name": "type-fest", + "version": "0.21.3", + "bom-ref": "type-fest@0.21.3", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", "licenses": [ { - "license": { - "id": "MIT" - } + "expression": "(MIT OR CC0-1.0)" } ], - "purl": "pkg:npm/hyperlinker@1.0.0", + "purl": "pkg:npm/type-fest@0.21.3", "externalReferences": [ { - "url": "git+https://github.com/jamestalmage/hyperlinker.git", + "url": "git+https://github.com/sindresorhus/type-fest.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jamestalmage/hyperlinker#readme", + "url": "https://github.com/sindresorhus/type-fest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jamestalmage/hyperlinker/issues", + "url": "https://github.com/sindresorhus/type-fest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4f2f146e545614471f4ae21a6a3337e0b74f5c885bb356a3117fc104fbf6e09f9e9d255a11563adf143a9533bd551612e4b028821206d080c9fa9f883f329441" + "content": "b74af306af3b9b77d571db870d41612a6cb25fef5ea3a5908d9bdfe7511afccd10efe4f7ef8269d5a522c9497418ac69f0cfce113547483be69323e0bd7f97db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106229,17 +112912,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/hyperlinker" + "value": "node_modules/type-fest" } ] }, { "type": "library", - "name": "indent-string", - "version": "4.0.0", - "bom-ref": "indent-string@4.0.0", - "author": "Sindre Sorhus", - "description": "Indent each line in a string", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", "licenses": [ { "license": { @@ -106247,30 +112930,30 @@ } } ], - "purl": "pkg:npm/indent-string@4.0.0", + "purl": "pkg:npm/color-convert@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/indent-string.git", + "url": "git+https://github.com/Qix-/color-convert.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/indent-string#readme", + "url": "https://github.com/Qix-/color-convert#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/indent-string/issues", + "url": "https://github.com/Qix-/color-convert/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "url": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "11d0c366ee00d8ec882bb2ebff6cc6fb0e6399bba4d435419c4c11110bc1ceca412640846d16bc1b153596085871a1890a745689b8c35e5abbefd5f5ff2e71c2" + "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106279,17 +112962,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/indent-string" + "value": "node_modules/color-convert" } ] }, { "type": "library", - "name": "is-wsl", - "version": "2.2.0", - "bom-ref": "is-wsl@2.2.0", - "author": "Sindre Sorhus", - "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "name": "cardinal", + "version": "2.1.1", + "bom-ref": "cardinal@2.1.1", + "author": "Thorsten Lorenz", + "description": "Syntax highlights JavaScript code with ANSI colors to be printed to the terminal.", "licenses": [ { "license": { @@ -106297,30 +112980,30 @@ } } ], - "purl": "pkg:npm/is-wsl@2.2.0", + "purl": "pkg:npm/cardinal@2.1.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-wsl.git", + "url": "git://github.com/thlorenz/cardinal.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-wsl#readme", + "url": "https://github.com/thlorenz/cardinal#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-wsl/issues", + "url": "https://github.com/thlorenz/cardinal/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "url": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7cacc0adad2b18951407018180d90766e4e865c9fe4ed5c7a5e0a09a430930c631d6c40361a092ca32414826b69c7d431a6eecde7d68067a21a154c168decbc3" + "content": "252af978e8281329ad607063356ca3acca9eb7d026da68898657ca35da8ba7ace878087428de5d44073195e723e66009ae64289a088e063df9c472eb163a81a7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106329,17 +113012,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-wsl" + "value": "node_modules/cardinal" } ] }, { "type": "library", - "name": "is-docker", - "version": "2.2.1", - "bom-ref": "is-docker@2.2.1", - "author": "Sindre Sorhus", - "description": "Check if the process is running inside a Docker container", + "name": "ansicolors", + "version": "0.3.2", + "bom-ref": "ansicolors@0.3.2", + "author": "Thorsten Lorenz", + "description": "Functions that surround a string with ansicolor codes so it prints in color.", "licenses": [ { "license": { @@ -106347,30 +113030,30 @@ } } ], - "purl": "pkg:npm/is-docker@2.2.1", + "purl": "pkg:npm/ansicolors@0.3.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-docker.git", + "url": "git://github.com/thlorenz/ansicolors.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-docker#readme", + "url": "https://github.com/thlorenz/ansicolors#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-docker/issues", + "url": "https://github.com/thlorenz/ansicolors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "url": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "17e8b604ab05ac7eba89a505734c280fcb0bcbc81eb64c13c2d3818efb39e82c780a024378a41ea9fcfcc0062249bf093a9ad68471f9a7becf6e6602bef52e5d" + "content": "417bbb04facfdbd565951c47f06c01ef1e625f9a9628000c2ea2901964de2d656534734ea55309f7576cc50008597a63b96e70aafc6edc977f9d18eb27ed29aa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106379,17 +113062,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-docker" + "value": "node_modules/ansicolors" } ] }, { "type": "library", - "name": "natural-orderby", - "version": "2.0.3", - "bom-ref": "natural-orderby@2.0.3", - "author": "Olaf Ennen", - "description": "Lightweight and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.", + "name": "redeyed", + "version": "2.1.1", + "bom-ref": "redeyed@2.1.1", + "author": "Thorsten Lorenz", + "description": "Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.", "licenses": [ { "license": { @@ -106397,30 +113080,30 @@ } } ], - "purl": "pkg:npm/natural-orderby@2.0.3", + "purl": "pkg:npm/redeyed@2.1.1", "externalReferences": [ { - "url": "git+https://github.com/yobacca/natural-orderby.git", + "url": "git://github.com/thlorenz/redeyed.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://yobacca.github.io/natural-orderby", + "url": "https://github.com/thlorenz/redeyed#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yobacca/natural-orderby/issues", + "url": "https://github.com/thlorenz/redeyed/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "url": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a7b2931f1534094adc3977bad997eb6f9675de72ef3e149647fb28de416e954414d2c814965d99d0bc29b0b377e7578e383fa1446bbf17583eeb10df3de0fef9" + "content": "14da461a8d43c9c600767aca17108c98a620a3f9882c0aad4586e47500fc129fc79363d0e7e684004c7e214ef5dd14c39ae05a1f473c3f9668ceeacdbb939b45" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106429,54 +113112,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/natural-orderby" + "value": "node_modules/redeyed" } ] }, { "type": "library", - "name": "object-treeify", - "version": "1.1.33", - "bom-ref": "object-treeify@1.1.33", - "author": "Lukas Siemon", - "description": "Stringify Object as tree structure", + "name": "esprima", + "version": "4.0.1", + "bom-ref": "esprima@4.0.1", + "author": "Ariya Hidayat", + "description": "ECMAScript parsing infrastructure for multipurpose analysis", "licenses": [ { "license": { - "id": "MIT" - } - }, - { - "license": { - "id": "MIT", - "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/object-treeify@1.1.33", + "purl": "pkg:npm/esprima@4.0.1", "externalReferences": [ { - "url": "git+https://github.com/blackflux/object-treeify.git", + "url": "git+https://github.com/jquery/esprima.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blackflux/object-treeify#readme", + "url": "http://esprima.org", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blackflux/object-treeify/issues", + "url": "https://github.com/jquery/esprima/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "url": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1055630187f35aa5ac04c4473cc0172c20c8267a4c85d580a91ef11ba33a6b672ce8f305a65ffe676d30f730d6e2f9313857dd75e8012aaf517a17746f1584ec" + "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106485,48 +113162,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/object-treeify" + "value": "node_modules/esprima" } ] }, { "type": "library", - "name": "password-prompt", - "version": "1.1.3", - "bom-ref": "password-prompt@1.1.3", - "author": "Jeff Dickey @jdxcode", - "description": "cross-platform masked or hidden prompt", + "name": "has-flag", + "version": "4.0.0", + "bom-ref": "has-flag@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", "licenses": [ { "license": { - "id": "0BSD" + "id": "MIT" } } ], - "purl": "pkg:npm/password-prompt@1.1.3", + "purl": "pkg:npm/has-flag@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/jdxcode/password-prompt.git", + "url": "git+https://github.com/sindresorhus/has-flag.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jdxcode/password-prompt", + "url": "https://github.com/sindresorhus/has-flag#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jdxcode/password-prompt/issues", + "url": "https://github.com/sindresorhus/has-flag/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "url": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1e4ae31b668996f174b7604c1f47b62c1fc41dfdcb72addf34ccf2e066077106e502f3a5f904238b52f1ed644132aa552bca7e291edb0a0ee8a80317b5d82acb" + "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106535,16 +113212,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/password-prompt" + "value": "node_modules/has-flag" } ] }, { "type": "library", - "name": "slice-ansi", - "version": "4.0.0", - "bom-ref": "slice-ansi@4.0.0", - "description": "Slice a string with ANSI escape codes", + "name": "clean-stack", + "version": "3.0.1", + "bom-ref": "clean-stack@3.0.1", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", "licenses": [ { "license": { @@ -106552,30 +113230,30 @@ } } ], - "purl": "pkg:npm/slice-ansi@4.0.0", + "purl": "pkg:npm/clean-stack@3.0.1", "externalReferences": [ { - "url": "git+https://github.com/chalk/slice-ansi.git", + "url": "git+https://github.com/sindresorhus/clean-stack.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/slice-ansi#readme", + "url": "https://github.com/sindresorhus/clean-stack#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/slice-ansi/issues", + "url": "https://github.com/sindresorhus/clean-stack/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "url": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a8c08c7e1634e347151d3e372bd045ca0a986d43c564a1ce83b2bbde6b5358945bf29c8fddfcdfe08c5de52cdd10943a311520fd606738bc60859b4a2aeac435" + "content": "951f70362311715423481ddaef15c62eecf872be3026eb9795a0046d1bad1a8c104e6969ed1ef6fc33a0376d5ef237706e531697d50e24c2576ab5fde29cca76" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106584,17 +113262,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/slice-ansi" + "value": "node_modules/clean-stack" } ] }, { "type": "library", - "name": "astral-regex", - "version": "2.0.0", - "bom-ref": "astral-regex@2.0.0", - "author": "Kevin Mårtensson", - "description": "Regular expression for matching astral symbols", + "name": "escape-string-regexp", + "version": "4.0.0", + "bom-ref": "escape-string-regexp@4.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", "licenses": [ { "license": { @@ -106602,30 +113280,30 @@ } } ], - "purl": "pkg:npm/astral-regex@2.0.0", + "purl": "pkg:npm/escape-string-regexp@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/kevva/astral-regex.git", + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kevva/astral-regex#readme", + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kevva/astral-regex/issues", + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "67bb4cc35cad4d7b798ea31c38ff8e42d794d55b8d2bd634daeb89b4a4354afebd8d740a2a0e5c89b2f0189a30f32cd93fe780735f0498b18f6a5d1ba77eabbd" + "content": "4eda5c349dd7033c771aaf2c591cc96956a346cd2e57103660091d6f58e6d9890fcf81ba7a05050320379f9bed10865e7cf93959ae145db2ae4b97ca90959d80" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106634,17 +113312,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/astral-regex" + "value": "node_modules/escape-string-regexp" } ] }, { "type": "library", - "name": "widest-line", - "version": "3.1.0", - "bom-ref": "widest-line@3.1.0", - "author": "Sindre Sorhus", - "description": "Get the visual width of the widest line in a string - the number of columns required to display it", + "name": "cli-progress", + "version": "3.12.0", + "bom-ref": "cli-progress@3.12.0", + "author": "Andi Dittrich", + "description": "easy to use progress-bar for command-line/terminal applications", "licenses": [ { "license": { @@ -106652,30 +113330,30 @@ } } ], - "purl": "pkg:npm/widest-line@3.1.0", + "purl": "pkg:npm/cli-progress@3.12.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/widest-line.git", + "url": "git+https://github.com/npkgz/cli-progress.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/widest-line#readme", + "url": "https://github.com/npkgz/cli-progress", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/widest-line/issues", + "url": "https://github.com/npkgz/cli-progress/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "url": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "36c9a85da96c5950cc1aea71679474f246bd7e56638e22ef1d501660e2ad88a33cba3b595abf5c45f7da93eb92138f3e39bf0e6da957a70c9e522c830fa40582" + "content": "b51915dc7275012c26d7d4c78a22c85cb3bb226ef0953b8a9ef918693932a003de7ea8cd83b5bb0c7294946471cbdbf10ef6f2098424428cefa6db8c9060a0f0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106684,17 +113362,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/widest-line" + "value": "node_modules/cli-progress" } ] }, { "type": "library", - "name": "wrap-ansi", - "version": "7.0.0", - "bom-ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", - "author": "Sindre Sorhus", - "description": "Wordwrap a string with ANSI escape codes", + "name": "color", + "version": "4.2.3", + "bom-ref": "color@4.2.3", + "description": "Color conversion and manipulation with CSS string support", "licenses": [ { "license": { @@ -106702,30 +113379,30 @@ } } ], - "purl": "pkg:npm/wrap-ansi@7.0.0", + "purl": "pkg:npm/color@4.2.3", "externalReferences": [ { - "url": "git+https://github.com/chalk/wrap-ansi.git", + "url": "git+https://github.com/Qix-/color.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/wrap-ansi#readme", + "url": "https://github.com/Qix-/color#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/wrap-ansi/issues", + "url": "https://github.com/Qix-/color/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "url": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + "content": "d6b5deb94522186af2921f8278176ee487bb389c229c28106346dcec6091c72e71547cbe9a86aa9292ff8ea42ad0cb5039e61caea133e1a6dce5fd0ab54ed6e0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106734,49 +113411,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/wrap-ansi" + "value": "node_modules/color" } ] }, { "type": "library", - "name": "plugin-help", - "group": "@oclif", - "version": "6.1.0", - "bom-ref": "@oclif/plugin-help@6.1.0", - "author": "Salesforce", - "description": "Standard help for oclif.", - "licenses": [ + "name": "color-string", + "version": "1.9.1", + "bom-ref": "color-string@1.9.1", + "author": "Heather Arthur", + "description": "Parser and generator for CSS color strings", + "licenses": [ { "license": { "id": "MIT" } } ], - "purl": "pkg:npm/%40oclif/plugin-help@6.1.0", + "purl": "pkg:npm/color-string@1.9.1", "externalReferences": [ { - "url": "git+https://github.com/oclif/plugin-help.git", + "url": "git+https://github.com/Qix-/color-string.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/plugin-help", + "url": "https://github.com/Qix-/color-string#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/plugin-help/issues", + "url": "https://github.com/Qix-/color-string/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.1.0.tgz", + "url": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "53e2cd28a69906ba07aa848622961b42691397c696d0d25c3bdb6bd3dd4b24e67be22a840e2ba97c14c232e9255bdb9365d585600a6a4e6b210ee07f238d63c5" + "content": "b21ad56b0405a239d9bfac4ce346a7c780a4a033fe7d9b30fd97ab10cb16fe9cb3b116c4969b0bfc30555bbab7131c70bac74d5c8de55e9ba1119933b3ca7912" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106785,48 +113461,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-help" + "value": "node_modules/color-string" } ] }, { "type": "library", - "name": "ansis", - "version": "3.2.0", - "bom-ref": "ansis@3.2.0", - "author": "webdiscus", - "description": "Colorize terminal with ANSI colors & styles", + "name": "simple-swizzle", + "version": "0.2.2", + "bom-ref": "simple-swizzle@0.2.2", + "author": "Qix", + "description": "Simply swizzle your arguments", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/ansis@3.2.0", + "purl": "pkg:npm/simple-swizzle@0.2.2", "externalReferences": [ { - "url": "git+https://github.com/webdiscus/ansis.git", + "url": "git+https://github.com/qix-/node-simple-swizzle.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/webdiscus/ansis", + "url": "https://github.com/qix-/node-simple-swizzle#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/webdiscus/ansis/issues", + "url": "https://github.com/qix-/node-simple-swizzle/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansis/-/ansis-3.2.0.tgz", + "url": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "624dc19071fd53ba0fc8237780be5373b0a96a11bff9416fffa506d370b7d75572f65cd1980e6ea310d3a54f423b7ac61cbe8acc9cffa5d0de5d9099e4cbbf4a" + "content": "240fff910819b5bb98f379bec53fad5c9926267706313153f82fa0da1d91f6ec64608ac4db2cbdb2099c2e10a7c39eff5920fe121dc9f7b14f1031676d79c352" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106835,48 +113511,100 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ansis" + "value": "node_modules/simple-swizzle" + } + ], + "components": [ + { + "type": "library", + "name": "is-arrayish", + "version": "0.3.2", + "bom-ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "79546a0af56565bbb0dc6acceb7a2f352340780d4ad7a91a47f2d163ff76c34cf1439ff5633c1b9545fae768b85ecf51c001a35bd77dcba5fcf2df0e68025f59" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle/node_modules/is-arrayish" + } + ] } ] }, { "type": "library", - "name": "cli-spinners", - "version": "2.9.2", - "bom-ref": "cli-spinners@2.9.2", - "author": "Sindre Sorhus", - "description": "Spinners for use in the terminal", + "name": "ejs", + "version": "3.1.10", + "bom-ref": "ejs@3.1.10", + "author": "Matthew Eernisse", + "description": "Embedded JavaScript templates", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/cli-spinners@2.9.2", + "purl": "pkg:npm/ejs@3.1.10", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/cli-spinners.git", + "url": "git://github.com/mde/ejs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/cli-spinners#readme", + "url": "https://github.com/mde/ejs", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/cli-spinners/issues", + "url": "https://github.com/mde/ejs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "url": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cb0a95fb9326c8be04ef26d780acace03ba065b5f4142e8b9f0ae18eeca42239caf64f0e41a710edac462a78c35d63619ecd31a2dddb648e61e791fcca8f5c26" + "content": "51e26615f3ab0104bc38958f678aad807c961316b4f3cfccb4ae54132a091851faedc0c45e4652be23a2291099e178a3d33c48dc9102818b37a0ac7e022cd004" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106885,48 +113613,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cli-spinners" + "value": "node_modules/ejs" } ] }, { "type": "library", - "name": "cosmiconfig", - "version": "9.0.0", - "bom-ref": "cosmiconfig@9.0.0", - "author": "Daniel Fischer", - "description": "Find and load configuration from a package.json property, rc file, TypeScript module, and more!", + "name": "jake", + "version": "10.8.7", + "bom-ref": "jake@10.8.7", + "author": "Matthew Eernisse", + "description": "JavaScript build tool, similar to Make or Rake", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/cosmiconfig@9.0.0", + "purl": "pkg:npm/jake@10.8.7", "externalReferences": [ { - "url": "git+https://github.com/cosmiconfig/cosmiconfig.git", + "url": "git://github.com/jakejs/jake.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/cosmiconfig/cosmiconfig#readme", + "url": "https://github.com/jakejs/jake#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/cosmiconfig/cosmiconfig/issues", + "url": "https://github.com/jakejs/jake/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", + "url": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8adbcbe61f1111300298e4c573851f23207645f1078bbd40c7a13f3e2bd5c6af4db1e29b396a5ec8710e21b980c35aecf0093456eaec40dc30ee57fb62d530ce" + "content": "6438b768ff9f1bf2dc87207350cf34e158dd767c1f49fb1d798930b7c35c6ca46fa38ac592386ce39ea22c59f79366545af35ee22e3c5800836f36bc7e1ab6fb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106935,17 +113663,119 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cosmiconfig" + "value": "node_modules/jake" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "jake@10.8.7|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "jake@10.8.7|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/brace-expansion" + } + ] } ] }, { "type": "library", - "name": "env-paths", - "version": "2.2.1", - "bom-ref": "env-paths@2.2.1", - "author": "Sindre Sorhus", - "description": "Get paths for storing things like data, config, cache, etc", + "name": "async", + "version": "3.2.5", + "bom-ref": "async@3.2.5", + "author": "Caolan McMahon", + "description": "Higher-order functions and common patterns for asynchronous code", "licenses": [ { "license": { @@ -106953,30 +113783,30 @@ } } ], - "purl": "pkg:npm/env-paths@2.2.1", + "purl": "pkg:npm/async@3.2.5", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/env-paths.git", + "url": "git+https://github.com/caolan/async.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/env-paths#readme", + "url": "https://caolan.github.io/async/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/env-paths/issues", + "url": "https://github.com/caolan/async/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "url": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fa1d6590b2a164c4d88e8835544a49346ecd64959cb9cd830e4feab2a49345108e5e22e3790d5dd7fb9dad41a1a8cc5480097028d67471fdaea9a9f918bb92d8" + "content": "6da359caa69a2e1c8b54a9bf0e5bdd5b4e7531280ee9bf1e55f21ece5f44e4fa96c458332e6ff0427b445b8ccecad55bbab0c4af426500b12974e170bc4acbb2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -106985,48 +113815,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/env-paths" + "value": "node_modules/async" } ] }, { "type": "library", - "name": "import-fresh", - "version": "3.3.0", - "bom-ref": "import-fresh@3.3.0", - "author": "Sindre Sorhus", - "description": "Import a module while bypassing the cache", + "name": "filelist", + "version": "1.0.4", + "bom-ref": "filelist@1.0.4", + "author": "Matthew Eernisse", + "description": "Lazy-evaluating list of files, based on globs or regex patterns", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/import-fresh@3.3.0", + "purl": "pkg:npm/filelist@1.0.4", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/import-fresh.git", + "url": "git://github.com/mde/filelist.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/import-fresh#readme", + "url": "https://github.com/mde/filelist", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/import-fresh/issues", + "url": "https://github.com/mde/filelist/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "url": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bde6188506be0f54012b39ef8541f16fc7dac65af0527c6c78301b029e39ec4d302cd8a8d9b3922a78d80e1323f98880abad71acc1a1424f625d593917381033" + "content": "c35704b9fdd2f83acb0902fb113ea4cfe82694975babd27bc970928cafce6423c0faa10dd56c85e1901fd186096b8fec84726b6b6b7f77fafc495e098bec7ef1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107035,17 +113865,69 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/import-fresh" + "value": "node_modules/filelist" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "5.1.6", + "bom-ref": "filelist@1.0.4|minimatch@5.1.6", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.1.6", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94ac15ff56eba46ea6054147b5becd526b400426f65996669b6c0d88e0398406fc55d092e01dddb4c5b2bdca1589c730016fc23844635cbb74ccfd735d4376ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist/node_modules/minimatch" + } + ] } ] }, { "type": "library", - "name": "js-yaml", - "version": "4.1.0", - "bom-ref": "js-yaml@4.1.0", - "author": "Vladimir Zapparov", - "description": "YAML 1.2 parser and serializer", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", "licenses": [ { "license": { @@ -107053,30 +113935,30 @@ } } ], - "purl": "pkg:npm/js-yaml@4.1.0", + "purl": "pkg:npm/balanced-match@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/nodeca/js-yaml.git", + "url": "git://github.com/juliangruber/balanced-match.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodeca/js-yaml#readme", + "url": "https://github.com/juliangruber/balanced-match", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodeca/js-yaml/issues", + "url": "https://github.com/juliangruber/balanced-match/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "url": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c29c59b3d368c596891122462194f20c4698a65d0529203e141f5a262c9e98a84cc24c5083ade1e13d4a2605061e94ea3c33517269982ee82b46326506d5af44" + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107085,16 +113967,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/js-yaml" + "value": "node_modules/balanced-match" } ] }, { "type": "library", - "name": "error-ex", - "version": "1.3.2", - "bom-ref": "error-ex@1.3.2", - "description": "Easy error subclassing and stack customization", + "name": "concat-map", + "version": "0.0.1", + "bom-ref": "concat-map@0.0.1", + "author": "James Halliday", + "description": "concatenative mapdashery", "licenses": [ { "license": { @@ -107102,30 +113985,30 @@ } } ], - "purl": "pkg:npm/error-ex@1.3.2", + "purl": "pkg:npm/concat-map@0.0.1", "externalReferences": [ { - "url": "git+https://github.com/qix-/node-error-ex.git", + "url": "git://github.com/substack/node-concat-map.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/qix-/node-error-ex#readme", + "url": "https://github.com/substack/node-concat-map#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/qix-/node-error-ex/issues", + "url": "https://github.com/substack/node-concat-map/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "url": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2" + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107134,17 +114017,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/error-ex" + "value": "node_modules/concat-map" } ] }, { "type": "library", - "name": "json-parse-even-better-errors", - "version": "2.3.1", - "bom-ref": "json-parse-even-better-errors@2.3.1", - "author": "Kat Marchán", - "description": "JSON.parse with context information on error", + "name": "get-package-type", + "version": "0.1.0", + "bom-ref": "get-package-type@0.1.0", + "author": "Corey Farrell", + "description": "Determine the `package.json#type` which applies to a location", "licenses": [ { "license": { @@ -107152,30 +114035,30 @@ } } ], - "purl": "pkg:npm/json-parse-even-better-errors@2.3.1", + "purl": "pkg:npm/get-package-type@0.1.0", "externalReferences": [ { - "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "url": "git+https://github.com/cfware/get-package-type.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "url": "https://github.com/cfware/get-package-type#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "url": "https://github.com/cfware/get-package-type/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "url": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c72170ca1ae8fc91287fa1a17b68b3d8d717a23dac96836c5abfd7b044432bfa223c27da36197938d7e9fa341d01945043420958dcc7f7321917b962f75921db" + "content": "a63cee2ad63ae0661f5a2ccd009d1fafd56ab6d6643622b6892e37d0bb481f38c112be9b5fc026db39b8b16e11a39c23596e5c02544bd6a00c4dc5db8cd00ed9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107184,48 +114067,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-parse-even-better-errors" + "value": "node_modules/get-package-type" } ] }, { "type": "library", - "name": "typescript", - "version": "5.1.6", - "bom-ref": "typescript@5.1.6", - "author": "Microsoft Corp.", - "description": "TypeScript is a language for application scale JavaScript development", + "name": "globby", + "version": "11.1.0", + "bom-ref": "globby@11.1.0", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/typescript@5.1.6", + "purl": "pkg:npm/globby@11.1.0", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/TypeScript.git", + "url": "git+https://github.com/sindresorhus/globby.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://github.com/sindresorhus/globby#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/sindresorhus/globby/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/typescript/-/typescript-5.1.6.tgz", + "url": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cda582a33459e832c4580585ad50f3d47e85557cd449f4f2e4550c5ac42553c626e493fd78ee31913211385090be141feb5cfa3bf1baba0c374a0027bef9be1c" + "content": "8e121768ecf2d6c6fc232a1c6abb964a7d538e69c156cf00ca1732f37ae6c4d27cab6b96282023dc29c963e2a91925c2b9e00f7348b4e6456f54ab4fd6df52de" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107234,17 +114117,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/typescript" + "value": "node_modules/globby" } ] }, { "type": "library", - "name": "debug", - "version": "4.3.4", - "bom-ref": "debug@4.3.4", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", + "name": "array-union", + "version": "2.1.0", + "bom-ref": "array-union@2.1.0", + "author": "Sindre Sorhus", + "description": "Create an array of unique values, in order, from the input arrays", "licenses": [ { "license": { @@ -107252,30 +114135,30 @@ } } ], - "purl": "pkg:npm/debug@4.3.4", + "purl": "pkg:npm/array-union@2.1.0", "externalReferences": [ { - "url": "git://github.com/debug-js/debug.git", + "url": "git+https://github.com/sindresorhus/array-union.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/debug-js/debug#readme", + "url": "https://github.com/sindresorhus/array-union#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/debug-js/debug/issues", + "url": "https://github.com/sindresorhus/array-union/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "url": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + "content": "1c6cb1a0e4d853208ceacb547ba1098277781287b0008ef331d7ea3be9068e79599810f3fdc479a5ff2bfdc4785aaeb4b0bfe9d0891c8d41043f04b7185ac8cb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107284,18 +114167,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/debug" + "value": "node_modules/array-union" } ] }, { "type": "library", - "name": "plugin-plugins", - "group": "@oclif", - "version": "5.2.2", - "bom-ref": "@oclif/plugin-plugins@5.2.2", - "author": "Salesforce", - "description": "plugins plugin for oclif", + "name": "dir-glob", + "version": "3.0.1", + "bom-ref": "dir-glob@3.0.1", + "author": "Kevin Mårtensson", + "description": "Convert directories to glob compatible strings", "licenses": [ { "license": { @@ -107303,30 +114185,30 @@ } } ], - "purl": "pkg:npm/%40oclif/plugin-plugins@5.2.2", + "purl": "pkg:npm/dir-glob@3.0.1", "externalReferences": [ { - "url": "git+https://github.com/oclif/plugin-plugins.git", + "url": "git+https://github.com/kevva/dir-glob.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/plugin-plugins", + "url": "https://github.com/kevva/dir-glob#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/plugin-plugins/issues", + "url": "https://github.com/kevva/dir-glob/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/plugin-plugins/-/plugin-plugins-5.2.2.tgz", + "url": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "054027977f9f374f1c7fb2ea9cb851bf991cf8758e2f3dd32eadedf407f6e5af100a9c5804a6339f283152ba08e744ccd34dbe8b49af8e4b518e0d9b1fd791ce" + "content": "5a4ad6a7d191e0a5df28663338b993b86562d545857f0b37efb9fd71ce79fed6fa0eeab217aa5c43901b88712c85a0e963dbfaa1a4abd9708389d1a633077320" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107335,48 +114217,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins" + "value": "node_modules/dir-glob" } ] }, { "type": "library", - "name": "hosted-git-info", - "version": "7.0.2", - "bom-ref": "hosted-git-info@7.0.2", - "author": "GitHub Inc.", - "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "name": "path-type", + "version": "4.0.0", + "bom-ref": "path-type@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/hosted-git-info@7.0.2", + "purl": "pkg:npm/path-type@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/hosted-git-info.git", + "url": "git+https://github.com/sindresorhus/path-type.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/hosted-git-info", + "url": "https://github.com/sindresorhus/path-type#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/hosted-git-info/issues", + "url": "https://github.com/sindresorhus/path-type/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "url": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a6e519014293e66f19cefb3bd975b2dc7b6f55b4d6963444eba70feb46f127302a7f60e0202a3b9584d8d881d498b9cda6362fc396ef9a81ef3dcd103b66badb" + "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107385,48 +114267,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/hosted-git-info" + "value": "node_modules/path-type" } ] }, { "type": "library", - "name": "validate-npm-package-name", - "version": "5.0.1", - "bom-ref": "validate-npm-package-name@5.0.1", - "author": "GitHub Inc.", - "description": "Give me a string and I'll tell you if it's a valid npm package name", + "name": "ignore", + "version": "5.3.1", + "bom-ref": "ignore@5.3.1", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/validate-npm-package-name@5.0.1", + "purl": "pkg:npm/ignore@5.3.1", "externalReferences": [ { - "url": "git+https://github.com/npm/validate-npm-package-name.git", + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/validate-npm-package-name", + "url": "https://github.com/kaelzhang/node-ignore#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/validate-npm-package-name/issues", + "url": "https://github.com/kaelzhang/node-ignore/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz", + "url": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3a58cbad0f5241d394a93690c6a2f97447d95ab5c4c72c96b28cd89405856b03d536e0fcde2825eee243d914e434c6e7888620b7c97cd5e08918875017b6af2d" + "content": "e45cadcff22b68c8eaa707dddf891edbc3d354c8d98c91b630f9f9b7b384e1e50250d7fc0406bb6f95944bdfd0bebea6c0e412ecc93abddb0c9e8e617be4fc5f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107435,48 +114317,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/validate-npm-package-name" + "value": "node_modules/ignore" } ] }, { "type": "library", - "name": "npm", - "version": "10.8.0", - "bom-ref": "npm@10.8.0", - "author": "GitHub Inc.", - "description": "a package manager for JavaScript", + "name": "hyperlinker", + "version": "1.0.0", + "bom-ref": "hyperlinker@1.0.0", + "author": "James Talmage", + "description": "Write hyperlinks in the terminal.", "licenses": [ { "license": { - "id": "Artistic-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/npm@10.8.0", + "purl": "pkg:npm/hyperlinker@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git", + "url": "git+https://github.com/jamestalmage/hyperlinker.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://docs.npmjs.com/", + "url": "https://github.com/jamestalmage/hyperlinker#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cli/issues", + "url": "https://github.com/jamestalmage/hyperlinker/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/npm/-/npm-10.8.0.tgz", + "url": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c21f77b91733829ec70e73cc88b5dc0a4bf685a81d252d3327d293ff7d5dd05a173f4dbeaa037600ec29696f397f14569229e5dab10b7cfc3e0a30575b8f3f8d" + "content": "4f2f146e545614471f4ae21a6a3337e0b74f5c885bb356a3117fc104fbf6e09f9e9d255a11563adf143a9533bd551612e4b028821206d080c9fa9f883f329441" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107485,18 +114367,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm" + "value": "node_modules/hyperlinker" } ] }, { "type": "library", - "name": "plugin-version", - "group": "@oclif", - "version": "2.2.2", - "bom-ref": "@oclif/plugin-version@2.2.2", - "author": "Salesforce", - "description": "A command that shows the CLI version", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", "licenses": [ { "license": { @@ -107504,30 +114385,30 @@ } } ], - "purl": "pkg:npm/%40oclif/plugin-version@2.2.2", + "purl": "pkg:npm/indent-string@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/oclif/plugin-version.git", + "url": "git+https://github.com/sindresorhus/indent-string.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/plugin-version", + "url": "https://github.com/sindresorhus/indent-string#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/plugin-version/issues", + "url": "https://github.com/sindresorhus/indent-string/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/plugin-version/-/plugin-version-2.2.2.tgz", + "url": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e1f8b742bb15567ea42c0b01cd3679965b18c816f58717f0b58c976317ccac5019f3eb98164b4e113621e6d1f4fbd10248c3af30a66d979625c0b1f7bb4767a2" + "content": "11d0c366ee00d8ec882bb2ebff6cc6fb0e6399bba4d435419c4c11110bc1ceca412640846d16bc1b153596085871a1890a745689b8c35e5abbefd5f5ff2e71c2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107536,18 +114417,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-version" + "value": "node_modules/indent-string" } ] }, { "type": "library", - "name": "plugin-warn-if-update-available", - "group": "@oclif", - "version": "3.1.4", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4", - "author": "Salesforce", - "description": "warns if there is a newer version of CLI released", + "name": "is-wsl", + "version": "2.2.0", + "bom-ref": "is-wsl@2.2.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", "licenses": [ { "license": { @@ -107555,30 +114435,30 @@ } } ], - "purl": "pkg:npm/%40oclif/plugin-warn-if-update-available@3.1.4", + "purl": "pkg:npm/is-wsl@2.2.0", "externalReferences": [ { - "url": "git+https://github.com/oclif/plugin-warn-if-update-available.git", + "url": "git+https://github.com/sindresorhus/is-wsl.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/plugin-warn-if-update-available", + "url": "https://github.com/sindresorhus/is-wsl#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/plugin-warn-if-update-available/issues", + "url": "https://github.com/sindresorhus/is-wsl/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/plugin-warn-if-update-available/-/plugin-warn-if-update-available-3.1.4.tgz", + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c63eb3830bee105994ac76055c7a2a993a6f394b0482a5e2ca87fd3aa8e0955dd77813cdb109dbb96ff4f391c549606f2885500addb6b954556890b3de8ece0f" + "content": "7cacc0adad2b18951407018180d90766e4e865c9fe4ed5c7a5e0a09a430930c631d6c40361a092ca32414826b69c7d431a6eecde7d68067a21a154c168decbc3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107587,17 +114467,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available" + "value": "node_modules/is-wsl" } ] }, { "type": "library", - "name": "content-type", - "version": "1.0.5", - "bom-ref": "content-type@1.0.5", - "author": "Douglas Christopher Wilson", - "description": "Create and parse HTTP Content-Type header", + "name": "is-docker", + "version": "2.2.1", + "bom-ref": "is-docker@2.2.1", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", "licenses": [ { "license": { @@ -107605,30 +114485,30 @@ } } ], - "purl": "pkg:npm/content-type@1.0.5", + "purl": "pkg:npm/is-docker@2.2.1", "externalReferences": [ { - "url": "git+https://github.com/jshttp/content-type.git", + "url": "git+https://github.com/sindresorhus/is-docker.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/content-type#readme", + "url": "https://github.com/sindresorhus/is-docker#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/content-type/issues", + "url": "https://github.com/sindresorhus/is-docker/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "url": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + "content": "17e8b604ab05ac7eba89a505734c280fcb0bcbc81eb64c13c2d3818efb39e82c780a024378a41ea9fcfcc0062249bf093a9ad68471f9a7becf6e6602bef52e5d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107637,17 +114517,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/content-type" + "value": "node_modules/is-docker" } ] }, { "type": "library", - "name": "is-stream", - "version": "2.0.1", - "bom-ref": "is-stream@2.0.1", - "author": "Sindre Sorhus", - "description": "Check if something is a Node.js stream", + "name": "natural-orderby", + "version": "2.0.3", + "bom-ref": "natural-orderby@2.0.3", + "author": "Olaf Ennen", + "description": "Lightweight and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.", "licenses": [ { "license": { @@ -107655,30 +114535,30 @@ } } ], - "purl": "pkg:npm/is-stream@2.0.1", + "purl": "pkg:npm/natural-orderby@2.0.3", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-stream.git", + "url": "git+https://github.com/yobacca/natural-orderby.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-stream#readme", + "url": "https://yobacca.github.io/natural-orderby", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-stream/issues", + "url": "https://github.com/yobacca/natural-orderby/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "url": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "845a222624e5eb79e7fa4b2d1c606d7b05922a740ba726f5e7928785e035977f6ebed3bd9d6228a75a77b9da8f71477fc5b17554b30ee27ece23aa7b45b9e00e" + "content": "a7b2931f1534094adc3977bad997eb6f9675de72ef3e149647fb28de416e954414d2c814965d99d0bc29b0b377e7578e383fa1446bbf17583eeb10df3de0fef9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107687,48 +114567,54 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-stream" + "value": "node_modules/natural-orderby" } ] }, { "type": "library", - "name": "is-arrayish", - "version": "0.2.1", - "bom-ref": "is-arrayish@0.2.1", - "author": "Qix", - "description": "Determines if an object can be used as an array", + "name": "object-treeify", + "version": "1.1.33", + "bom-ref": "object-treeify@1.1.33", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", "licenses": [ { "license": { "id": "MIT" } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } } ], - "purl": "pkg:npm/is-arrayish@0.2.1", + "purl": "pkg:npm/object-treeify@1.1.33", "externalReferences": [ { - "url": "git+https://github.com/qix-/node-is-arrayish.git", + "url": "git+https://github.com/blackflux/object-treeify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/qix-/node-is-arrayish#readme", + "url": "https://github.com/blackflux/object-treeify#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/qix-/node-is-arrayish/issues", + "url": "https://github.com/blackflux/object-treeify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cf3d3a4bcb74a33a035cc1beb9b7b6eb37824cd5dc2883c96498bc841ac5e227422e6b38086f50b4aeea065d5ba22e4e0f31698ecc1be493e61c26cca63698ce" + "content": "1055630187f35aa5ac04c4473cc0172c20c8267a4c85d580a91ef11ba33a6b672ce8f305a65ffe676d30f730d6e2f9313857dd75e8012aaf517a17746f1584ec" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107737,48 +114623,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-arrayish" + "value": "node_modules/object-treeify" } ] }, { "type": "library", - "name": "safe-buffer", - "version": "5.2.1", - "bom-ref": "safe-buffer@5.2.1", - "author": "Feross Aboukhadijeh", - "description": "Safer Node.js Buffer API", + "name": "password-prompt", + "version": "1.1.3", + "bom-ref": "password-prompt@1.1.3", + "author": "Jeff Dickey @jdxcode", + "description": "cross-platform masked or hidden prompt", "licenses": [ { "license": { - "id": "MIT" + "id": "0BSD" } } ], - "purl": "pkg:npm/safe-buffer@5.2.1", + "purl": "pkg:npm/password-prompt@1.1.3", "externalReferences": [ { - "url": "git://github.com/feross/safe-buffer.git", + "url": "git+https://github.com/jdxcode/password-prompt.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/feross/safe-buffer", + "url": "https://github.com/jdxcode/password-prompt", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/feross/safe-buffer/issues", + "url": "https://github.com/jdxcode/password-prompt/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "url": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + "content": "1e4ae31b668996f174b7604c1f47b62c1fc41dfdcb72addf34ccf2e066077106e502f3a5f904238b52f1ed644132aa552bca7e291edb0a0ee8a80317b5d82acb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107787,18 +114673,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/safe-buffer" + "value": "node_modules/password-prompt" } ] }, { "type": "library", - "name": "test", - "group": "@oclif", - "version": "3.2.15", - "bom-ref": "@oclif/test@3.2.15", - "author": "Salesforce", - "description": "test helpers for oclif components", + "name": "slice-ansi", + "version": "4.0.0", + "bom-ref": "slice-ansi@4.0.0", + "description": "Slice a string with ANSI escape codes", "licenses": [ { "license": { @@ -107806,30 +114690,30 @@ } } ], - "purl": "pkg:npm/%40oclif/test@3.2.15", + "purl": "pkg:npm/slice-ansi@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/oclif/test.git", + "url": "git+https://github.com/chalk/slice-ansi.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/test", + "url": "https://github.com/chalk/slice-ansi#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/test/issues", + "url": "https://github.com/chalk/slice-ansi/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/test/-/test-3.2.15.tgz", + "url": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5ea1b7468b28ccdab24a4c525c89d4d765de736b0f48e92a6072437dd1598961b76bc0b1bb87673e2010be6b3e049b0e94b4267c4425487aa2c9550a38c1e15c" + "content": "a8c08c7e1634e347151d3e372bd045ca0a986d43c564a1ce83b2bbde6b5358945bf29c8fddfcdfe08c5de52cdd10943a311520fd606738bc60859b4a2aeac435" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107838,21 +114722,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/test" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/slice-ansi" } ] }, { "type": "library", - "name": "chai", - "version": "4.4.1", - "bom-ref": "chai@4.4.1", - "author": "Jake Luer", - "description": "BDD/TDD assertion library for node.js and the browser. Test framework agnostic.", + "name": "astral-regex", + "version": "2.0.0", + "bom-ref": "astral-regex@2.0.0", + "author": "Kevin Mårtensson", + "description": "Regular expression for matching astral symbols", "licenses": [ { "license": { @@ -107860,30 +114740,30 @@ } } ], - "purl": "pkg:npm/chai@4.4.1", + "purl": "pkg:npm/astral-regex@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/chaijs/chai.git", + "url": "git+https://github.com/kevva/astral-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://chaijs.com", + "url": "https://github.com/kevva/astral-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chaijs/chai/issues", + "url": "https://github.com/kevva/astral-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", + "url": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d77b0e7ccbf6f8359db8453eff16ee9f72d270ba2a375ee705e4cb52c9837ca768882d5faf49fd3d4e20baee0085170e54593fb16f0bc99587ba15ad419885fa" + "content": "67bb4cc35cad4d7b798ea31c38ff8e42d794d55b8d2bd634daeb89b4a4354afebd8d740a2a0e5c89b2f0189a30f32cd93fe780735f0498b18f6a5d1ba77eabbd" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107892,17 +114772,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/chai" + "value": "node_modules/astral-regex" } ] }, { "type": "library", - "name": "fancy-test", - "version": "3.0.15", - "bom-ref": "fancy-test@3.0.15", - "author": "Salesforce", - "description": "extendable utilities for testing", + "name": "widest-line", + "version": "3.1.0", + "bom-ref": "widest-line@3.1.0", + "author": "Sindre Sorhus", + "description": "Get the visual width of the widest line in a string - the number of columns required to display it", "licenses": [ { "license": { @@ -107910,30 +114790,30 @@ } } ], - "purl": "pkg:npm/fancy-test@3.0.15", + "purl": "pkg:npm/widest-line@3.1.0", "externalReferences": [ { - "url": "git+https://github.com/oclif/fancy-test.git", + "url": "git+https://github.com/sindresorhus/widest-line.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/fancy-test", + "url": "https://github.com/sindresorhus/widest-line#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/fancy-test/issues", + "url": "https://github.com/sindresorhus/widest-line/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fancy-test/-/fancy-test-3.0.15.tgz", + "url": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "91964574fcd55ad2b106498b2d47f1862cec78697565946e0a69ae0a4a35a2202cfd7fccbc4e000a6fef973bf17eee0e79bffb309f2154ff2b522566dd1ef6f5" + "content": "36c9a85da96c5950cc1aea71679474f246bd7e56638e22ef1d501660e2ad88a33cba3b595abf5c45f7da93eb92138f3e39bf0e6da957a70c9e522c830fa40582" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107942,21 +114822,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fancy-test" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/widest-line" } ] }, { "type": "library", - "name": "chai", - "group": "@types", - "version": "4.3.14", - "bom-ref": "@types/chai@4.3.14", - "description": "TypeScript definitions for chai", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", "licenses": [ { "license": { @@ -107964,30 +114840,30 @@ } } ], - "purl": "pkg:npm/%40types/chai@4.3.14#types/chai", + "purl": "pkg:npm/wrap-ansi@7.0.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/chai", + "url": "git+https://github.com/chalk/wrap-ansi.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chai", + "url": "https://github.com/chalk/wrap-ansi#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/chalk/wrap-ansi/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz", + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5a3ef5b1713843802419d1bd4efab5bbf7eab8dcfd11d1b82c824cc1554823b6ac8630fff1c7fc7f221f2408d1afa61cb179d213c70e1903ead60a9e47ccfedf" + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -107996,17 +114872,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/chai" + "value": "node_modules/wrap-ansi" } ] }, { "type": "library", - "name": "sinon", - "group": "@types", - "version": "17.0.3", - "bom-ref": "@types/sinon@17.0.3", - "description": "TypeScript definitions for sinon", + "name": "plugin-help", + "group": "@oclif", + "version": "6.1.0", + "bom-ref": "@oclif/plugin-help@6.1.0", + "author": "Salesforce", + "description": "Standard help for oclif.", "licenses": [ { "license": { @@ -108014,30 +114891,30 @@ } } ], - "purl": "pkg:npm/%40types/sinon@17.0.3#types/sinon", + "purl": "pkg:npm/%40oclif/plugin-help@6.1.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinon", + "url": "git+https://github.com/oclif/plugin-help.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon", + "url": "https://github.com/oclif/plugin-help", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/oclif/plugin-help/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/sinon/-/sinon-17.0.3.tgz", + "url": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8f7ba8bdd9fc7b0932f644411b5f5b3b06996dec49bbf5e3b641f28ef520b78c5f3c5cf5f1d70e44832a9d887ae85c773e8c2172bf39353e7e7abdfea1589aa7" + "content": "53e2cd28a69906ba07aa848622961b42691397c696d0d25c3bdb6bd3dd4b24e67be22a840e2ba97c14c232e9255bdb9365d585600a6a4e6b210ee07f238d63c5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108046,52 +114923,151 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/sinon" + "value": "node_modules/@oclif/plugin-help" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.13", + "bom-ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.13", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba0f02654089a6181eb5265581de07420c9ec256151861b52c87855c6c63818b2367f7f92379d20a3ef1a403040ea8d50ff970992ba3b55c1aeedbc480b1880b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/@oclif/core" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-9.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54bfa536b128217c30d5ca0b3ce9a21262bfd2c1a2824a3908ec48d3d2b31dcd9525726c437ed4690fbcaaebb18c3780efe2a72c64d647239748b2d1d966f88f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/supports-color" + } + ] } ] }, { "type": "library", - "name": "sinonjs__fake-timers", - "group": "@types", - "version": "8.1.5", - "bom-ref": "@types/sinonjs__fake-timers@8.1.5", - "description": "TypeScript definitions for @sinonjs/fake-timers", + "name": "ansis", + "version": "3.2.0", + "bom-ref": "ansis@3.2.0", + "author": "webdiscus", + "description": "Colorize terminal with ANSI colors & styles", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40types/sinonjs__fake-timers@8.1.5#types/sinonjs__fake-timers", + "purl": "pkg:npm/ansis@3.2.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinonjs__fake-timers", + "url": "git+https://github.com/webdiscus/ansis.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinonjs__fake-timers", + "url": "https://github.com/webdiscus/ansis", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/webdiscus/ansis/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.5.tgz", + "url": "https://registry.npmjs.org/ansis/-/ansis-3.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "990914da363c8c9105ed81e31efb103bcfb7ba08532f599c9e7f7a8a07e138d991f9f50f48a22479f418a527bc6ec972d84a7ba106e7ffa546e7ff7fd2a700ad" + "content": "624dc19071fd53ba0fc8237780be5373b0a96a11bff9416fffa506d370b7d75572f65cd1980e6ea310d3a54f423b7ac61cbe8acc9cffa5d0de5d9099e4cbbf4a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108100,21 +115076,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/sinonjs__fake-timers" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/ansis" } ] }, { "type": "library", - "name": "mock-stdin", - "version": "1.0.0", - "bom-ref": "mock-stdin@1.0.0", - "author": "Caitlin Potter", - "description": "Mock STDIN file descriptor in Node.js", + "name": "cli-spinners", + "version": "2.9.2", + "bom-ref": "cli-spinners@2.9.2", + "author": "Sindre Sorhus", + "description": "Spinners for use in the terminal", "licenses": [ { "license": { @@ -108122,30 +115094,30 @@ } } ], - "purl": "pkg:npm/mock-stdin@1.0.0", + "purl": "pkg:npm/cli-spinners@2.9.2", "externalReferences": [ { - "url": "git+https://github.com/caitp/node-mock-stdin.git", + "url": "git+https://github.com/sindresorhus/cli-spinners.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/caitp/node-mock-stdin", + "url": "https://github.com/sindresorhus/cli-spinners#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/caitp/node-mock-stdin/issues", + "url": "https://github.com/sindresorhus/cli-spinners/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/mock-stdin/-/mock-stdin-1.0.0.tgz", + "url": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b6e91175bf417aedbbb7a74df97ced4911eaf49d01fc2a003b2486cc77e7f144df9aa8a9039c8d4ffb03504c987405771e991ae96c7a90e331b8e6dd39ec7ad1" + "content": "cb0a95fb9326c8be04ef26d780acace03ba065b5f4142e8b9f0ae18eeca42239caf64f0e41a710edac462a78c35d63619ecd31a2dddb648e61e791fcca8f5c26" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108154,21 +115126,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mock-stdin" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/cli-spinners" } ] }, { "type": "library", - "name": "nock", - "version": "13.5.4", - "bom-ref": "nock@13.5.4", - "author": "Pedro Teixeira", - "description": "HTTP server mocking and expectations library for Node.js", + "name": "cosmiconfig", + "version": "9.0.0", + "bom-ref": "cosmiconfig@9.0.0", + "author": "Daniel Fischer", + "description": "Find and load configuration from a package.json property, rc file, TypeScript module, and more!", "licenses": [ { "license": { @@ -108176,30 +115144,30 @@ } } ], - "purl": "pkg:npm/nock@13.5.4", + "purl": "pkg:npm/cosmiconfig@9.0.0", "externalReferences": [ { - "url": "git+https://github.com/nock/nock.git", + "url": "git+https://github.com/cosmiconfig/cosmiconfig.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nock/nock#readme", + "url": "https://github.com/cosmiconfig/cosmiconfig#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nock/nock/issues", + "url": "https://github.com/cosmiconfig/cosmiconfig/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "url": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c80c937dd78d24618117159dcd2282058c6ce45c4b6c28395f94387adb3def885c4331b5faa0b1bc8c8ea388f6472e8c52585654c5f83a860379f008230ba98f" + "content": "8adbcbe61f1111300298e4c573851f23207645f1078bbd40c7a13f3e2bd5c6af4db1e29b396a5ec8710e21b980c35aecf0093456eaec40dc30ee57fb62d530ce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108208,52 +115176,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/nock" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/cosmiconfig" } ] }, { "type": "library", - "name": "json-stringify-safe", - "version": "5.0.1", - "bom-ref": "json-stringify-safe@5.0.1", - "author": "Isaac Z. Schlueter", - "description": "Like JSON.stringify, but doesn't blow up on circular refs.", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/json-stringify-safe@5.0.1", + "purl": "pkg:npm/env-paths@2.2.1", "externalReferences": [ { - "url": "git://github.com/isaacs/json-stringify-safe.git", + "url": "git+https://github.com/sindresorhus/env-paths.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/json-stringify-safe", + "url": "https://github.com/sindresorhus/env-paths#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/json-stringify-safe/issues", + "url": "https://github.com/sindresorhus/env-paths/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "url": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "642960e80698bda9af60413cd9ddc8c9ddef49222343ea1d823693cd1b8edeceeda0274529cce86f68b4cc287b244f245a7d7bcaf016854571bea1b051a96c44" + "content": "fa1d6590b2a164c4d88e8835544a49346ecd64959cb9cd830e4feab2a49345108e5e22e3790d5dd7fb9dad41a1a8cc5480097028d67471fdaea9a9f918bb92d8" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108262,21 +115226,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-stringify-safe" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/env-paths" } ] }, { "type": "library", - "name": "propagate", - "version": "2.0.1", - "bom-ref": "propagate@2.0.1", - "author": "Pedro Teixeira", - "description": "Propagate events from one event emitter into another", + "name": "import-fresh", + "version": "3.3.0", + "bom-ref": "import-fresh@3.3.0", + "author": "Sindre Sorhus", + "description": "Import a module while bypassing the cache", "licenses": [ { "license": { @@ -108284,30 +115244,30 @@ } } ], - "purl": "pkg:npm/propagate@2.0.1", + "purl": "pkg:npm/import-fresh@3.3.0", "externalReferences": [ { - "url": "git+https://github.com/nock/propagate.git", + "url": "git+https://github.com/sindresorhus/import-fresh.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://github.com/nock/propagate#readme", + "url": "https://github.com/sindresorhus/import-fresh#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/nock/propagate/issues", + "url": "https://github.com/sindresorhus/import-fresh/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "url": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bc6ae139abcf493cf841536e04d75c35778f35d34c68ed718fdc81787d527103e393fae183db129425cf84c905b9a34d5bfb324ef62ab276c82713017d16db6a" + "content": "bde6188506be0f54012b39ef8541f16fc7dac65af0527c6c78301b029e39ec4d302cd8a8d9b3922a78d80e1323f98880abad71acc1a1424f625d593917381033" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108316,52 +115276,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/propagate" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/import-fresh" } ] }, { "type": "library", - "name": "sinon", - "version": "16.1.3", - "bom-ref": "sinon@16.1.3", - "author": "Christian Johansen", - "description": "JavaScript test spies, stubs and mocks.", + "name": "js-yaml", + "version": "4.1.0", + "bom-ref": "js-yaml@4.1.0", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/sinon@16.1.3", + "purl": "pkg:npm/js-yaml@4.1.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/sinonjs/sinon.git", + "url": "git+https://github.com/nodeca/js-yaml.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://sinonjs.org/", + "url": "https://github.com/nodeca/js-yaml#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/sinonjs/sinon/issues", + "url": "https://github.com/nodeca/js-yaml/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9a39d659ecb17007fd9c2d1b5dc3e6883badfa813c1d8ae275337305b17df006152e65b0191a76212129ca161f946d627c82d3f9e367dc198a5093f18d750f94" + "content": "c29c59b3d368c596891122462194f20c4698a65d0529203e141f5a262c9e98a84cc24c5083ade1e13d4a2605061e94ea3c33517269982ee82b46326506d5af44" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108370,52 +115326,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sinon" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/js-yaml" } ] }, { "type": "library", - "name": "commons", - "group": "@sinonjs", - "version": "3.0.1", - "bom-ref": "@sinonjs/commons@3.0.1", - "description": "Simple functions shared among the sinon end user libraries", + "name": "error-ex", + "version": "1.3.2", + "bom-ref": "error-ex@1.3.2", + "description": "Easy error subclassing and stack customization", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/%40sinonjs/commons@3.0.1", + "purl": "pkg:npm/error-ex@1.3.2", "externalReferences": [ { - "url": "git+https://github.com/sinonjs/commons.git", + "url": "git+https://github.com/qix-/node-error-ex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sinonjs/commons#readme", + "url": "https://github.com/qix-/node-error-ex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinonjs/commons/issues", + "url": "https://github.com/qix-/node-error-ex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", + "url": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2b79821ca43db1587ca350bd731930c5a3a65e800c943c42d666321eb8ea39611c06362befab7deb32f6ce58f9754199dc74b0db8d17d6a807dcc8dfd72256a5" + "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108424,49 +115375,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@sinonjs/commons" + "value": "node_modules/error-ex" } ] }, { "type": "library", - "name": "fake-timers", - "group": "@sinonjs", - "version": "10.3.0", - "bom-ref": "@sinonjs/fake-timers@10.3.0", - "author": "Christian Johansen", - "description": "Fake JavaScript timers", + "name": "json-parse-even-better-errors", + "version": "2.3.1", + "bom-ref": "json-parse-even-better-errors@2.3.1", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "purl": "pkg:npm/json-parse-even-better-errors@2.3.1", "externalReferences": [ { - "url": "git+https://github.com/sinonjs/fake-timers.git", + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sinonjs/fake-timers", + "url": "https://github.com/npm/json-parse-even-better-errors#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinonjs/fake-timers/issues", + "url": "https://github.com/npm/json-parse-even-better-errors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", + "url": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "578046d3b92e6125244c24811c6f06f1336133e175f635c55a742dce3fb07bc0eb92948109e7bd67732cf328867abfdd96685edf9fd7760ca8dffd2b40a83b60" + "content": "c72170ca1ae8fc91287fa1a17b68b3d8d717a23dac96836c5abfd7b044432bfa223c27da36197938d7e9fa341d01945043420958dcc7f7321917b962f75921db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108475,49 +115425,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@sinonjs/fake-timers" + "value": "node_modules/json-parse-even-better-errors" } ] }, { "type": "library", - "name": "samsam", - "group": "@sinonjs", - "version": "8.0.0", - "bom-ref": "@sinonjs/samsam@8.0.0", - "author": "Christian Johansen", - "description": "Value identification and comparison functions", + "name": "typescript", + "version": "5.1.6", + "bom-ref": "typescript@5.1.6", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40sinonjs/samsam@8.0.0", + "purl": "pkg:npm/typescript@5.1.6", "externalReferences": [ { - "url": "git+https://github.com/sinonjs/samsam.git", + "url": "git+https://github.com/Microsoft/TypeScript.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://sinonjs.github.io/samsam/", + "url": "https://www.typescriptlang.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinonjs/samsam/issues", + "url": "https://github.com/Microsoft/TypeScript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", + "url": "https://registry.npmjs.org/typescript/-/typescript-5.1.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "069f0a51594ba7c89b259ae7bead9fa1584fd08557d82229acc24f2b4bea1aa82b0dad0e1d529e67207292ab2492b77157ac8a04f9866ac3bc2d58c0291dc67b" + "content": "cda582a33459e832c4580585ad50f3d47e85557cd449f4f2e4550c5ac42553c626e493fd78ee31913211385090be141feb5cfa3bf1baba0c374a0027bef9be1c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108526,21 +115475,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@sinonjs/samsam" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/typescript" } ] }, { "type": "library", - "name": "lodash.get", - "version": "4.4.2", - "bom-ref": "lodash.get@4.4.2", - "author": "John-David Dalton", - "description": "The lodash method `_.get` exported as a module.", + "name": "debug", + "version": "4.3.4", + "bom-ref": "debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", "licenses": [ { "license": { @@ -108548,30 +115493,30 @@ } } ], - "purl": "pkg:npm/lodash.get@4.4.2", + "purl": "pkg:npm/debug@4.3.4", "externalReferences": [ { - "url": "git+https://github.com/lodash/lodash.git", + "url": "git://github.com/debug-js/debug.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://lodash.com/", + "url": "https://github.com/debug-js/debug#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lodash/lodash/issues", + "url": "https://github.com/debug-js/debug/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "url": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cfe530fef2eecba8107bc71f685583ee9d3056ff1f265de66f35e1df7452fb4a16db0bd4aa2457890ebd80b5922e9801e7feac53eafa065411d0c0482da76a4d" + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108580,47 +115525,100 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lodash.get" + "value": "node_modules/debug" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug/node_modules/ms" + } + ] } ] }, { "type": "library", - "name": "nise", - "version": "5.1.9", - "bom-ref": "nise@5.1.9", - "description": "Fake XHR and server", + "name": "plugin-plugins", + "group": "@oclif", + "version": "5.2.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2", + "author": "Salesforce", + "description": "plugins plugin for oclif", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/nise@5.1.9", + "purl": "pkg:npm/%40oclif/plugin-plugins@5.2.2", "externalReferences": [ { - "url": "git+ssh://git@github.com/sinonjs/nise.git", + "url": "git+https://github.com/oclif/plugin-plugins.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sinonjs/nise#readme", + "url": "https://github.com/oclif/plugin-plugins", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinonjs/nise/issues", + "url": "https://github.com/oclif/plugin-plugins/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", + "url": "https://registry.npmjs.org/@oclif/plugin-plugins/-/plugin-plugins-5.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a8e9e8ba35b8495e9ee34758c4939bdeebeea0f1ed98bcc89384c5a3e8f48cf2680bee59f718dae6a1f9259a1b10fb1af3e618a6132b392c27aec844846daac3" + "content": "054027977f9f374f1c7fb2ea9cb851bf991cf8758e2f3dd32eadedf407f6e5af100a9c5804a6339f283152ba08e744ccd34dbe8b49af8e4b518e0d9b1fd791ce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108629,105 +115627,607 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/nise" + "value": "node_modules/@oclif/plugin-plugins" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/@oclif/core" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "text-encoding", - "group": "@sinonjs", - "version": "0.7.2", - "bom-ref": "@sinonjs/text-encoding@0.7.2", - "author": "Joshua Bell", - "description": "Polyfill for the Encoding Living Standard's API.", - "licenses": [ + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/debug" + } + ] + }, { - "expression": "(Unlicense OR Apache-2.0)" - } - ], - "purl": "pkg:npm/%40sinonjs/text-encoding@0.7.2", - "externalReferences": [ + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/ms" + } + ] + }, { - "url": "git+https://github.com/sinonjs/text-encoding.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "206374200c26843270cb5dd673c93ee0f11b4cf86926732d7d1e7765b3b28e4be611c2d2e270b0a7a9af3168d2e6c5237a25b79a9c7a7079ae84a12ef5799c43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-package-arg" + } + ] }, { - "url": "https://github.com/sinonjs/text-encoding", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83cf8e9d4fcbdaffb0ca254af83e5f037e09ec41fc8d9f030e5bf085108cc66323ed4081bf188ed6619e37edfa25720a178cdebd4e2444177c955806f6f2de94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/proc-log" + } + ] }, { - "url": "https://github.com/sinonjs/text-encoding/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "npm-run-path", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a69c13b62259ab43bf6a2d33ef27ee76d069588a3133cc84ea71e2d57e3b785476116391a9f6eee829cf94db2378debcdde4f4a86e87fcfc9ff5f09cbe39e79d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path" + } + ], + "components": [ + { + "type": "library", + "name": "path-key", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85a444ca9abbc6433b12b7e0232034cfe063e0018a94c49d9501368ef268ea1b960f511d90a615f86fd3e27ab4604176be04d3f24a8c14aa35b879fde74af849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path/node_modules/path-key" + } + ] + } + ] }, { - "url": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "object-treeify", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ { - "alg": "SHA-512", - "content": "b175ca1beb8bf48acaa95893b5aa365ace9dcb4ce7bbdb0e68fd5d8bf8ca196d4ce95b2c3bcbe5a5709072967e8e2b10d6d4c5002e49a3f10ecc56e08016a015" + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ + "purl": "pkg:npm/object-treeify@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63ab60e6b1dfb1e7d291f2ae8efd92c07ba522744ecbfac22f9178c3440e5b1badf009f16317f46263614e1f7965fcb1a6cb9da3aeaeaa4bb1d000859f231281" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/object-treeify" + } + ] + }, { - "name": "cdx:npm:package:path", - "value": "node_modules/@sinonjs/text-encoding" + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5698c846f4ec33f16022a12b3a65096049b6fc5971932b2fee1492b4d22471cfc99538998613bf7a9a39eefb1fb10e0cb492a2901414073a5bc538caabec72" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/which" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2e907fe7807eff627986a43b8a66477dd537d4e96042ac7b6627159649bd93383dff0f0628b11c15f265fedec30840ee78ec81003eb3082c133ba173b3436811" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "yarn", + "version": "1.22.22", + "bom-ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22", + "description": "📦🐈 Fast, reliable, and secure dependency management.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/yarn@1.22.22", + "externalReferences": [ + { + "url": "git+https://github.com/yarnpkg/yarn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yarnpkg/yarn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yarnpkg/yarn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/yarn" + } + ] } ] }, { "type": "library", - "name": "just-extend", - "version": "6.2.0", - "bom-ref": "just-extend@6.2.0", - "author": "Angus Croll", - "description": "extend an object", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/just-extend@6.2.0", + "purl": "pkg:npm/hosted-git-info@7.0.2", "externalReferences": [ { - "url": "git+https://github.com/angus-c/just.git", + "url": "git+https://github.com/npm/hosted-git-info.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/angus-c/just#readme", + "url": "https://github.com/npm/hosted-git-info", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/angus-c/just/issues", + "url": "https://github.com/npm/hosted-git-info/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "718a1f42ed97a689bcd92eaa0fbefc8c10e9c2fbf2dfdb3597f86b6228f6bbd00c750706469681bba918e26561ba7a39909562d43033e1a8a9840d96235fce03" + "content": "a6e519014293e66f19cefb3bd975b2dc7b6f55b4d6963444eba70feb46f127302a7f60e0202a3b9584d8d881d498b9cda6362fc396ef9a81ef3dcd103b66badb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108736,157 +116236,100 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/just-extend" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "stdout-stderr", - "version": "0.1.13", - "bom-ref": "stdout-stderr@0.1.13", - "author": "Jeff Dickey @jdxcode", - "description": "mock stdout and stderr", - "licenses": [ - { - "license": { - "id": "MIT" - } + "value": "node_modules/hosted-git-info" } ], - "purl": "pkg:npm/stdout-stderr@0.1.13", - "externalReferences": [ - { - "url": "git+https://github.com/jdxcode/stdout-stderr.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jdxcode/stdout-stderr", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jdxcode/stdout-stderr/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "components": [ { - "url": "https://registry.npmjs.org/stdout-stderr/-/stdout-stderr-0.1.13.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "hosted-git-info@7.0.2|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ { - "alg": "SHA-512", - "content": "5e7b7dfc71c761f8d9ecd7902efb900f22f52e76ec6dd760305282b9a40ac0609d266f0b9ecb59217a29fae398dfa511d545d7a075df31b0b52a555d55dd892c" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/stdout-stderr" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "abort-controller", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/abort-controller@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "A simple abort controller library", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40smithy/abort-controller@3.0.0#packages/abort-controller", - "externalReferences": [ - { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/abort-controller", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/abort-controller", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.0.0.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/lru-cache@10.2.2", + "externalReferences": [ { - "alg": "SHA-512", - "content": "a7a1a514606df4ae0c60bbbbd98b89e76dcd551e00f281e50b933624ee8e990a8df2401cfee87526a2c4f858b34e892b4891a0d024af0be06bb261b32adb1928" + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f61a77569dbf845414888c0aa3c5c2785567ae0f0f9374d834f211eed2400ca8b961f705eef11a2bb6af1474e54b2de438a61a25069a95f128e98b9775c78139" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/abort-controller" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info/node_modules/lru-cache" + } + ] } ] }, { "type": "library", - "name": "express", - "group": "@types", - "version": "4.17.21", - "bom-ref": "@types/express@4.17.21", - "description": "TypeScript definitions for express", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40types/express@4.17.21#types/express", + "purl": "pkg:npm/validate-npm-package-name@5.0.1", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express", + "url": "git+https://github.com/npm/validate-npm-package-name.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express", + "url": "https://github.com/npm/validate-npm-package-name", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/npm/validate-npm-package-name/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "url": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7a394f337d79ab02e96909500d38cf76c50549ce99b0fe0037a0255a7a203e343b0958bb3d8177615cfe098de3136a7061fec4ffb1e50c0374ad5d86c531b41d" + "content": "3a58cbad0f5241d394a93690c6a2f97447d95ab5c4c72c96b28cd89405856b03d536e0fcde2825eee243d914e434c6e7888620b7c97cd5e08918875017b6af2d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108895,48 +116338,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/express" + "value": "node_modules/validate-npm-package-name" } ] }, { "type": "library", - "name": "body-parser", - "group": "@types", - "version": "1.19.5", - "bom-ref": "@types/body-parser@1.19.5", - "description": "TypeScript definitions for body-parser", + "name": "npm", + "version": "10.8.0", + "bom-ref": "npm@10.8.0", + "author": "GitHub Inc.", + "description": "a package manager for JavaScript", "licenses": [ { "license": { - "id": "MIT" + "id": "Artistic-2.0" } } ], - "purl": "pkg:npm/%40types/body-parser@1.19.5#types/body-parser", + "purl": "pkg:npm/npm@10.8.0", "externalReferences": [ { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/body-parser", + "url": "git+https://github.com/npm/cli.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/body-parser", + "url": "https://docs.npmjs.com/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "url": "https://github.com/npm/cli/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "url": "https://registry.npmjs.org/npm/-/npm-10.8.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7c1dd9bbddae71abb4890d0930215013b6ff76ff0eb74ecd23729a64890850d5eaf3693878102a51a9de5df95e198f495ac91e4bdcbebb49d7332b2972e42b0a" + "content": "c21f77b91733829ec70e73cc88b5dc0a4bf685a81d252d3327d293ff7d5dd05a173f4dbeaa037600ec29696f397f14569229e5dab10b7cfc3e0a30575b8f3f8d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -108945,26492 +116388,8851 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@types/body-parser" - } - ] - }, - { - "type": "library", - "name": "connect", - "group": "@types", - "version": "3.4.38", - "bom-ref": "@types/connect@3.4.38", - "description": "TypeScript definitions for connect", - "licenses": [ - { - "license": { - "id": "MIT" - } + "value": "node_modules/npm" } ], - "purl": "pkg:npm/%40types/connect@3.4.38#types/connect", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/connect", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/connect", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "components": [ { - "url": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "string-locale-compare", + "group": "@isaacs", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "author": "Isaac Z. Schlueter", + "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", + "licenses": [ { - "alg": "SHA-512", - "content": "2bab9139fd4b0fcf2e0d0a890a4b40e32ccbd586002ba3607ec234bff9938323ca5ac5f50a72745cf48385589e8ebbb519c4642d66fc465cc560946a1946daba" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/connect" - } - ] - }, - { - "type": "library", - "name": "express-serve-static-core", - "group": "@types", - "version": "4.19.0", - "bom-ref": "@types/express-serve-static-core@4.19.0", - "description": "TypeScript definitions for express-serve-static-core", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/express-serve-static-core@4.19.0#types/express-serve-static-core", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express-serve-static-core", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express-serve-static-core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "purl": "pkg:npm/%40isaacs/string-locale-compare@1.1.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/string-locale-compare.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/string-locale-compare.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/string-locale-compare" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "arborist", + "group": "@npmcli", + "version": "7.5.2", + "bom-ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "author": "GitHub Inc.", + "description": "Manage node_modules trees", + "licenses": [ { - "alg": "SHA-512", - "content": "6c6c9ea7726a3c246bcb5c2af8ee67ee88818065a67882573e35d70a8f042b4bbc76e6464986abedc1aa77730bd8952c2c6781edf99cd3a298a3d7cb196a8fbd" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/express-serve-static-core" - } - ] - }, - { - "type": "library", - "name": "qs", - "group": "@types", - "version": "6.9.15", - "bom-ref": "@types/qs@6.9.15", - "description": "TypeScript definitions for qs", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/qs@6.9.15#types/qs", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/qs", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/%40npmcli/arborist@7.5.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/arborist", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/arborist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/arborist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/qs", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "fs", + "group": "@npmcli", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "author": "GitHub Inc.", + "description": "filesystem utilities for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/fs@3.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "installed-package-contents", + "group": "@npmcli", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "author": "GitHub Inc.", + "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/installed-package-contents@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/installed-package-contents.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/installed-package-contents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/installed-package-contents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/installed-package-contents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/installed-package-contents" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "npm-bundled", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-bundled@3.0.1", + "author": "GitHub Inc.", + "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", + "licenses": [ { - "alg": "SHA-512", - "content": "b971d02844ba0d028a08b878e355effddc313aad53552dc93d432512aa04825be5851e8cc6795ec3f5eafcb4551e92f293b88adf33837b5a981c8325b4eed71a" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/qs" - } - ] - }, - { - "type": "library", - "name": "range-parser", - "group": "@types", - "version": "1.2.7", - "bom-ref": "@types/range-parser@1.2.7", - "description": "TypeScript definitions for range-parser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/range-parser@1.2.7#types/range-parser", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/range-parser", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/npm-bundled@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-bundled.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-bundled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-bundled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-bundled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-bundled" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/range-parser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "npm-normalize-package-bin", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "author": "GitHub Inc.", + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-normalize-package-bin@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-normalize-package-bin.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-normalize-package-bin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-normalize-package-bin" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "map-workspaces", + "group": "@npmcli", + "version": "3.0.6", + "bom-ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "author": "GitHub Inc.", + "description": "Retrieves a name:pathname Map for a given workspaces config", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/map-workspaces@3.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/map-workspaces.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/map-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/map-workspaces#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/map-workspaces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/map-workspaces" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "metavuln-calculator", + "group": "@npmcli", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "author": "GitHub Inc.", + "description": "Calculate meta-vulnerabilities from package security advisories", + "licenses": [ { - "alg": "SHA-512", - "content": "84aa2b9896e426acd01a1ce26b1e4f22d0d44cc00cf6e1365d7426337eddc9de2154cfb969597ba15c4c554895427da809014dfcb28265dbd2334a4546a6d299" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/range-parser" - } - ] - }, - { - "type": "library", - "name": "send", - "group": "@types", - "version": "0.17.4", - "bom-ref": "@types/send@0.17.4", - "description": "TypeScript definitions for send", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/send@0.17.4#types/send", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/send", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/send", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/%40npmcli/metavuln-calculator@7.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/metavuln-calculator.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "c7610ce9324ec9b79cedce76057d19b293e874cb1051de4be8f4703ae9d5c955215e205229fdc07b30cbf0382f82de68d147ca35fb80d1e30baf6c0b4f802204" + "url": "git+https://github.com/npm/metavuln-calculator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/send" - } - ] - }, - { - "type": "library", - "name": "mime", - "group": "@types", - "version": "1.3.5", - "bom-ref": "@types/mime@1.3.5", - "description": "TypeScript definitions for mime", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/mime@1.3.5#types/mime", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mime", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mime", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/metavuln-calculator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "cacache", + "version": "18.0.3", + "bom-ref": "npm@10.8.0|cacache@18.0.3", + "author": "GitHub Inc.", + "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", + "licenses": [ { - "alg": "SHA-512", - "content": "fe9c8165648b0f69f475c1c4de1abcb3c66f7044c7b44b85fb713b5d5b74220da7bec5505dd8211d57049085a3cbd034c0a7d39fdedafcf48362884a2259cfff" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/mime" - } - ] - }, - { - "type": "library", - "name": "serve-static", - "group": "@types", - "version": "1.15.7", - "bom-ref": "@types/serve-static@1.15.7", - "description": "TypeScript definitions for serve-static", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/serve-static@1.15.7#types/serve-static", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/serve-static", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/serve-static", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/cacache@18.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cacache.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "5bc626fa1f2786e47068a3da0f0df8414930b068ba45ce3262abca168e6b9b61541210856f3556af15d4c6e28af130128d6b32b096349ec98d086842388b2b3b" + "url": "git+https://github.com/npm/cacache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cacache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cacache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/serve-static" - } - ] - }, - { - "type": "library", - "name": "http-errors", - "group": "@types", - "version": "2.0.4", - "bom-ref": "@types/http-errors@2.0.4", - "description": "TypeScript definitions for http-errors", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/http-errors@2.0.4#types/http-errors", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-errors", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cacache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-errors", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "json-parse-even-better-errors", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "author": "GitHub Inc.", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/json-parse-even-better-errors.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-parse-even-better-errors" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "pacote", + "version": "18.0.6", + "bom-ref": "npm@10.8.0|pacote@18.0.6", + "author": "GitHub Inc.", + "description": "JavaScript package downloader", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/pacote@18.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/pacote.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/pacote.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/pacote#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/pacote/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/pacote" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ { - "alg": "SHA-512", - "content": "0f408530cb7275b2407a0ccec878ed88a3cb96f9e6de24d9c994526682eada64610dd98b7c858e0983df409e1cbb67ab2a0854fbe42f8dc523a7fe61ee1112a4" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/http-errors" - } - ] - }, - { - "type": "library", - "name": "fs-extra", - "group": "@types", - "version": "11.0.4", - "bom-ref": "@types/fs-extra@11.0.4", - "description": "TypeScript definitions for fs-extra", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/fs-extra@11.0.4#types/fs-extra", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/fs-extra", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/proc-log@4.2.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/fs-extra", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "npm@10.8.0|semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/semver" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "name-from-folder", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "author": "GitHub Inc.", + "description": "Get the package name from a folder path", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/name-from-folder@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/name-from-folder.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/name-from-folder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/name-from-folder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/name-from-folder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/name-from-folder" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-11.0.4.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "node-gyp", + "group": "@npmcli", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "author": "GitHub Inc.", + "description": "Tools for dealing with node-gyp packages", + "licenses": [ { - "alg": "SHA-512", - "content": "c936c8b4236b791a28103df7aa3ba73ed8517128c444fd6be0ca8265cef0bf4bb6b149334c5a78e6d8147d2e7eafb16b64f76608235f94b85548ffe8f927a6b1" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/fs-extra" - } - ] - }, - { - "type": "library", - "name": "jsonfile", - "group": "@types", - "version": "6.1.4", - "bom-ref": "@types/jsonfile@6.1.4", - "description": "TypeScript definitions for jsonfile", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/jsonfile@6.1.4#types/jsonfile", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jsonfile", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/%40npmcli/node-gyp@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-gyp.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonfile", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "package-json", + "group": "@npmcli", + "version": "5.1.0", + "bom-ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "author": "GitHub Inc.", + "description": "Programmatic API to update package.json", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/package-json@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "query", + "group": "@npmcli", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|@npmcli/query@3.1.0", + "author": "GitHub Inc.", + "description": "npm query parser and tools", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/query@3.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/query.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/query.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/query#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/query/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/query" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/jsonfile/-/jsonfile-6.1.4.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "licenses": [ { - "alg": "SHA-512", - "content": "0f9a86518c23be734d7b1b5d539f7ff9f23eb299f0b53166c903f487e3df20e4a435fa54e803880943a49b88b43a74a4f8dca374f26bc420eba34b09b16951a5" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/jsonfile" - } - ] - }, - { - "type": "library", - "name": "get-installed-path", - "group": "@types", - "version": "4.0.3", - "bom-ref": "@types/get-installed-path@4.0.3", - "description": "TypeScript definitions for get-installed-path", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/get-installed-path@4.0.3#types/get-installed-path", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/get-installed-path", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/get-installed-path", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/get-installed-path/-/get-installed-path-4.0.3.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/postcss-selector-parser@6.0.16?vcs_url=git%2Bhttps%3A//github.com/postcss/postcss-selector-parser.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "5deea74eebca3b776e98cb29b267f57b092b7bce5f866426335c88bf67e4c99458a9753538d6001fd6f61cc0e2ca43ef76315485eb9de298b3044a48eede8e53" + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/get-installed-path" - } - ] - }, - { - "type": "library", - "name": "jest", - "group": "@types", - "version": "29.5.12", - "bom-ref": "@types/jest@29.5.12", - "description": "TypeScript definitions for jest", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/jest@29.5.12#types/jest", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jest", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/postcss-selector-parser" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ { - "alg": "SHA-512", - "content": "7830bc6d3bd3fd0858771240ba542292e7a2818e40b1d0511f6c83296df2bde5bbb2f637f83ccdf38ff6354824c35d114e225b5aa66b4eda0655d625bc525d2f" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/jest" - } - ] - }, - { - "type": "library", - "name": "expect", - "version": "29.7.0", - "bom-ref": "expect@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/expect@29.7.0#packages/expect", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/expect", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/cssesc@3.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/cssesc.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "d9992cd217f554b15823591b8742398cfdca1c7c821e991fc87073b125d116097f060f665987cc5bca03f8f74c3e5130cb91cdb11f49bad632ea931e3a1eb59f" + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/expect" - } - ] - }, - { - "type": "library", - "name": "expect-utils", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/expect-utils@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/expect-utils@29.7.0#packages/expect-utils", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/expect-utils", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cssesc" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2?vcs_url=git%3A//github.com/TooTallNate/util-deprecate.git", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/util-deprecate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "redact", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/redact@2.0.0", + "author": "GitHub Inc.", + "description": "Redact sensitive npm information from output", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/redact@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/redact.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/redact.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/redact#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/redact/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/redact" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "run-script", + "group": "@npmcli", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "author": "GitHub Inc.", + "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", + "licenses": [ { - "alg": "SHA-512", - "content": "1a5b0d0568854050958bd4154b1edfe4080c78bc5ef58082b393ee3f63b62dd8c3000f0987d797ee503526aff1757c3759bde1caf94535f6487dc45eb52cd870" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/expect-utils" - } - ] - }, - { - "type": "library", - "name": "jest-get-type", - "version": "29.6.3", - "bom-ref": "jest-get-type@29.6.3", - "description": "A utility function to get the type of a value", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-get-type@29.6.3#packages/jest-get-type", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-get-type", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/%40npmcli/run-script@8.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/run-script.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/run-script.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/run-script#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/run-script/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/run-script" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "bin-links", + "version": "4.0.4", + "bom-ref": "npm@10.8.0|bin-links@4.0.4", + "author": "GitHub Inc.", + "description": "JavaScript package binary linker", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/bin-links@4.0.4?vcs_url=git%2Bhttps%3A//github.com/npm/bin-links.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/bin-links.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/bin-links#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/bin-links/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/bin-links" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "cmd-shim", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|cmd-shim@6.0.3", + "author": "GitHub Inc.", + "description": "Used in npm for command line application support", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cmd-shim@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "read-cmd-shim", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|read-cmd-shim@4.0.0", + "author": "GitHub Inc.", + "description": "Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.", + "licenses": [ { - "alg": "SHA-512", - "content": "cebb5e5e7a98c5f421ee5e451f22f7f232f7f5d8bc1fcac7a1e70b1f724dc47dc1c0eac1b0d79a6dd6a9e5ed08db7943e071c8f16e5514166a1b811aab92cd73" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-get-type" - } - ] - }, - { - "type": "library", - "name": "jest-matcher-utils", - "version": "29.7.0", - "bom-ref": "jest-matcher-utils@29.7.0", - "description": "A set of utility functions for expect and related packages", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-matcher-utils@29.7.0#packages/jest-matcher-utils", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-matcher-utils", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/read-cmd-shim@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/read-cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "write-file-atomic", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|write-file-atomic@5.0.1", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/write-file-atomic.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/write-file-atomic" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "common-ancestor-path", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|common-ancestor-path@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Find the common ancestor of 2 or more paths on Windows or Unix", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/common-ancestor-path@1.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/common-ancestor-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/common-ancestor-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/common-ancestor-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ { - "alg": "SHA-512", - "content": "b01903f978bd0ed70286c2372f7bb4f8dd28a603d89c244fb4671062b817991fa19adfdf61f5802f4c515d853c79639d7ee2e005ed18096dc016d9d12da82afe" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-matcher-utils" - } - ] - }, - { - "type": "library", - "name": "jest-diff", - "version": "29.7.0", - "bom-ref": "jest-diff@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-diff@29.7.0#packages/jest-diff", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-diff", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/hosted-git-info@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "2cc220888ae18a098faecd37247a71521db22122b7bcb14f900a1d3dea34f81b85ef003616841b904835bbc8016014e19dcbbb7b5a040d47c85d5b93a8b4548f" + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-diff" - } - ] - }, - { - "type": "library", - "name": "diff-sequences", - "version": "29.6.3", - "bom-ref": "diff-sequences@29.6.3", - "description": "Compare items in two sequences to find a longest common subsequence", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/diff-sequences@29.6.3#packages/diff-sequences", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/diff-sequences", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "json-stringify-nice", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|json-stringify-nice@1.1.4", + "author": "Isaac Z. Schlueter", + "description": "Stringify an object sorting scalars before objects, and defaulting to 2-space indent", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-nice@1.1.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/json-stringify-nice.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/json-stringify-nice.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-stringify-nice" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "npm@10.8.0|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2?vcs_url=git%3A//github.com/isaacs/node-lru-cache.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/lru-cache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "npm@10.8.0|minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ { - "alg": "SHA-512", - "content": "12378f2b5b2b0f73f4f28da3e1fd04c67ca5a91b3907db498dca7db7592b1f6a918bc08276c61fc1ef498122eeac5056c2ae2e3a58a9cdf9397c736fc052abf1" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/diff-sequences" - } - ] - }, - { - "type": "library", - "name": "pretty-format", - "version": "29.7.0", - "bom-ref": "pretty-format@29.7.0", - "author": "James Kyle", - "description": "Stringify any JavaScript value.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/pretty-format@29.7.0#packages/pretty-format", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/pretty-format", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/minimatch@9.0.4?vcs_url=git%3A//github.com/isaacs/minimatch.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "nopt", + "version": "7.2.1", + "bom-ref": "npm@10.8.0|nopt@7.2.1", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.1?vcs_url=git%2Bhttps%3A//github.com/npm/nopt.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/nopt" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "npm-install-checks", + "version": "6.3.0", + "bom-ref": "npm@10.8.0|npm-install-checks@6.3.0", + "author": "GitHub Inc.", + "description": "Check the engines and platform fields in package.json", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-install-checks@6.3.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-install-checks.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-install-checks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-install-checks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-install-checks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-install-checks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "npm@10.8.0|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ { - "alg": "SHA-512", - "content": "3dd970fe83f137e69776633d474d09542f56545a022d3289bc354b82627ea807df04cc6c57ce65fcbbbbb0dc78cd2ccfca82f67ae226b84c0784e5dd12034565" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/pretty-format" - } - ] - }, - { - "type": "library", - "name": "jest-message-util", - "version": "29.7.0", - "bom-ref": "jest-message-util@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-message-util@29.7.0#packages/jest-message-util", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-message-util", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/npm-package-arg@11.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-package-arg.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-package-arg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "npm-pick-manifest", + "version": "9.0.1", + "bom-ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "author": "GitHub Inc.", + "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-pick-manifest@9.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-pick-manifest.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-pick-manifest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-pick-manifest" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "npm-registry-fetch", + "version": "17.0.1", + "bom-ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "author": "GitHub Inc.", + "description": "Fetch-based http client for use with npm registry APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-registry-fetch@17.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-registry-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-registry-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-registry-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "parse-conflict-json", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "author": "GitHub Inc.", + "description": "Parse a JSON string that has git merge conflicts, resolving if possible", + "licenses": [ { - "alg": "SHA-512", - "content": "181115e064400de3feaad076fbabbad6cb5e6bc98670e4f8982b6b608499c1fbbdfc8487149ff9cce31761ba4113d46c4b9f866fadc35b81609a7289efd29feb" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-message-util" - } - ] - }, - { - "type": "library", - "name": "types", - "group": "@jest", - "version": "29.6.3", - "bom-ref": "@jest/types@29.6.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/types@29.6.3#packages/jest-types", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-types", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/parse-conflict-json@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/parse-conflict-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/parse-conflict-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/parse-conflict-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "proggy", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|proggy@2.0.0", + "author": "GitHub Inc.", + "description": "Progress bar updates at a distance", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proggy@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proggy.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proggy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proggy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proggy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proggy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "promise-all-reject-late", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-all-reject-late@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like Promise.all, but save rejections until all promises are resolved", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-all-reject-late@1.0.1", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-all-reject-late" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "promise-call-limit", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|promise-call-limit@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.", + "licenses": [ { - "alg": "SHA-512", - "content": "bb750fb088a558a38cdc5f425edac6f0b10998dc70a02402fd7563e082985efbe9c7b4088bf2a0d4b239b83983a4a95a73ad8d52d5fb78b8d187e8d565c2cecf" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/types" - } - ] - }, - { - "type": "library", - "name": "jest-util", - "version": "29.7.0", - "bom-ref": "jest-util@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-util@29.7.0#packages/jest-util", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-util", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/promise-call-limit@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/promise-call-limit.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "cfa11b29a8c8a6a18a539eb2e4a054832d5db758a18502605b352564702b03ff97d9a77b09be6217e00ad445952ff068ed1cfdbaeae9ab0e9288109e7d46c218" + "url": "git+https://github.com/isaacs/promise-call-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-util" - } - ] - }, - { - "type": "library", - "name": "schemas", - "group": "@jest", - "version": "29.6.3", - "bom-ref": "@jest/schemas@29.6.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/schemas@29.6.3#packages/jest-schemas", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-schemas", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-call-limit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "read-package-json-fast", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "author": "GitHub Inc.", + "description": "Like read-package-json, but faster", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-package-json-fast@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/read-package-json-fast.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-package-json-fast.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-package-json-fast" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "ssri", + "version": "10.0.6", + "bom-ref": "npm@10.8.0|ssri@10.0.6", + "author": "GitHub Inc.", + "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", + "licenses": [ { - "alg": "SHA-512", - "content": "9a8e63e57fa321998942f78129e4bf72502e7a2a55eca8225f5bcc802c5a9b544d622a84d70eb69f4fed2499c7b635bc647710728e6063ce630379a2d0bfa748" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/schemas" - } - ] - }, - { - "type": "library", - "name": "typebox", - "group": "@sinclair", - "version": "0.27.8", - "bom-ref": "@sinclair/typebox@0.27.8", - "author": "sinclairzx81", - "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40sinclair/typebox@0.27.8", - "externalReferences": [ - { - "url": "git+https://github.com/sinclairzx81/typebox.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/ssri@10.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/ssri.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ssri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ssri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ssri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ssri" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/sinclairzx81/typebox#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "treeverse", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|treeverse@3.0.0", + "author": "GitHub Inc.", + "description": "Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/treeverse@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/treeverse.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/treeverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/treeverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/treeverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/treeverse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/sinclairzx81/typebox/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "walk-up-path", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|walk-up-path@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Given a path string, return a generator that walks up the path, emitting each dirname.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/walk-up-path@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/walk-up-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/walk-up-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/walk-up-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "config", + "group": "@npmcli", + "version": "8.3.2", + "bom-ref": "npm@10.8.0|@npmcli/config@8.3.2", + "author": "GitHub Inc.", + "description": "Configuration management for the npm cli", + "licenses": [ { - "alg": "SHA-512", - "content": "f858f8de948cc09b38291ac7ffddfc51ffae0042c881506643383fab5606d74763c9f0374e7ad4f0df17cea0a1fe891976ccea0504d97fdea274c7c4e659f04c" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@sinclair/typebox" - } - ] - }, - { - "type": "library", - "name": "js-yaml", - "group": "@types", - "version": "4.0.9", - "bom-ref": "@types/js-yaml@4.0.9", - "description": "TypeScript definitions for js-yaml", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/js-yaml@4.0.9#types/js-yaml", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/js-yaml", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/%40npmcli/config@8.3.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/config", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/config" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0?vcs_url=git%2Bhttps%3A//github.com/watson/ci-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "ini", + "version": "4.1.2", + "bom-ref": "npm@10.8.0|ini@4.1.2", + "author": "GitHub Inc.", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@4.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/ini.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ini" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "glob", + "version": "10.3.15", + "bom-ref": "npm@10.8.0|glob@10.3.15", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ { - "alg": "SHA-512", - "content": "9383066909794c6a3f8a2a6a6f65031b65308d7ce2496921d2ecac41e953949a57d6a1a5a546589bc3e73b80f11b5a81a26b4951d609eaa47ac5d21a875d092e" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/js-yaml" + "purl": "pkg:npm/glob@10.3.15?vcs_url=git%3A//github.com/isaacs/node-glob.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/glob" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "mocha", - "group": "@types", - "version": "10.0.6", - "bom-ref": "@types/mocha@10.0.6", - "description": "TypeScript definitions for mocha", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/mocha@10.0.6#types/mocha", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mocha", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "type": "library", + "name": "git", + "group": "@npmcli", + "version": "5.0.7", + "bom-ref": "npm@10.8.0|@npmcli/git@5.0.7", + "author": "GitHub Inc.", + "description": "a util for spawning git from npm CLI contexts", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/git@5.0.7?vcs_url=git%2Bhttps%3A//github.com/npm/git.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/git.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/git#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/git/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/git" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mocha", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "promise-spawn", + "group": "@npmcli", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "author": "GitHub Inc.", + "description": "spawn processes the way the npm cli likes to do", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/promise-spawn@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promise-spawn.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promise-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promise-spawn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promise-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/promise-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "promise-inflight", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-inflight@1.0.1", + "author": "Rebecca Turner", + "description": "One promise for multiple requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-inflight@1.0.1?vcs_url=git%2Bhttps%3A//github.com/iarna/promise-inflight.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/promise-inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/promise-inflight#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/promise-inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-inflight" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.6.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "promise-retry", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|promise-retry@2.0.1", + "author": "IndigoUnited", + "description": "Retries a function that returns a promise, leveraging the power of the retry module.", + "licenses": [ { - "alg": "SHA-512", - "content": "749beb616c4ffd47179b7e909f7e9fc6150abbc03fc4c457553d9c962145d59ed403d9621b93ec8f77b3352670fb9a6e1f67330d744b7174317fc25b26dd1e8e" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/mocha" - } - ] - }, - { - "type": "library", - "name": "mock-fs", - "group": "@types", - "version": "4.13.4", - "bom-ref": "@types/mock-fs@4.13.4", - "description": "TypeScript definitions for mock-fs", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/mock-fs@4.13.4#types/mock-fs", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mock-fs", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mock-fs", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/promise-retry@2.0.1?vcs_url=git%3A//github.com/IndigoUnited/node-promise-retry.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "99798cd28ea550b3c8f33dd7367402a4bd011b13f0c75525d705d810f04697879f4a1cb15b64659f424e3c4586c9969864c33a3955ccff5e7352e14c639da58e" + "url": "git://github.com/IndigoUnited/node-promise-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/mock-fs" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "undici-types", - "version": "5.26.5", - "bom-ref": "undici-types@5.26.5", - "description": "A stand-alone types package for Undici", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/undici-types@5.26.5", - "externalReferences": [ - { - "url": "git+https://github.com/nodejs/undici.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://undici.nodejs.org", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/nodejs/undici/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ { - "alg": "SHA-512", - "content": "26508c3be7a174420aaa517193a21f568014566833edc53bcc3fe1f57674ab37a8b121e650954ecd242fbd84985979055c2f887cb29221f7e1bf4b1566ea7aa4" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/undici-types" - } - ] - }, - { - "type": "library", - "name": "objects-to-csv", - "group": "@types", - "version": "1.3.3", - "bom-ref": "@types/objects-to-csv@1.3.3", - "description": "TypeScript definitions for objects-to-csv", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/objects-to-csv@1.3.3#types/objects-to-csv", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/objects-to-csv", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/objects-to-csv", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/objects-to-csv/-/objects-to-csv-1.3.3.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/which@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-which.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "0be7cc752da02beacd51ce620231ff778cfea0d6b272d06ba45e46f433b84a9a81efcc06fd3929d917c8f3fe9a29ffd1f8b39a0117106b14371bfe9498083c19" + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/objects-to-csv" - } - ] - }, - { - "type": "library", - "name": "prompt-sync", - "group": "@types", - "version": "4.2.3", - "bom-ref": "@types/prompt-sync@4.2.3", - "description": "TypeScript definitions for prompt-sync", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/prompt-sync@4.2.3#types/prompt-sync", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prompt-sync", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prompt-sync", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/normalize-package-data.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "node-gyp", + "version": "10.1.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0", + "author": "Nathan Rajlich", + "description": "Node.js native addon build tool", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-gyp@10.1.0?vcs_url=git%3A//github.com/nodejs/node-gyp.git", + "externalReferences": [ + { + "url": "git://github.com/nodejs/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "proc-log", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://registry.npmjs.org/@types/prompt-sync/-/prompt-sync-4.2.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "tuf", + "group": "@sigstore", + "version": "2.3.3", + "bom-ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "author": "bdehamer@github.com", + "description": "Client for the Sigstore TUF repository", + "licenses": [ { - "alg": "SHA-512", - "content": "3b1efb8024b1d18c9e6a41adfea7ce6544853524a2fac877001a063a20b088ed8a383c78f760499d49bda085d2f801c9b6aa75da233845db98eaf89327d6d8c0" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/prompt-sync" - } - ] - }, - { - "type": "library", - "name": "tmp", - "group": "@types", - "version": "0.2.6", - "bom-ref": "@types/tmp@0.2.6", - "description": "TypeScript definitions for tmp", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/tmp@0.2.6#types/tmp", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/tmp", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/%40sigstore/tuf@2.3.3?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/tuf" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "protobuf-specs", + "group": "@sigstore", + "version": "0.3.2", + "bom-ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/protobuf-specs@0.3.2?vcs_url=git%2Bhttps%3A//github.com/sigstore/protobuf-specs.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/protobuf-specs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/protobuf-specs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "tuf-js", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|tuf-js@2.2.1", + "author": "bdehamer@github.com", + "description": "JavaScript implementation of The Update Framework (TUF)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tuf-js@2.2.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tuf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "models", + "group": "@tufjs", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|@tufjs/models@2.0.1", + "author": "bdehamer@github.com", + "description": "TUF metadata models", + "licenses": [ { - "alg": "SHA-512", - "content": "72185a35fda82879519031adfad88a136679689eaa6a59bb67dae52dd07098e88001fd3d610befa0b5e358ae0758f175c54fdfaaf3207cd7e956806c700fed28" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/tmp" - } - ] - }, - { - "type": "library", - "name": "uuid", - "group": "@types", - "version": "9.0.8", - "bom-ref": "@types/uuid@9.0.8", - "description": "TypeScript definitions for uuid", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/uuid@9.0.8#types/uuid", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/uuid", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/%40tufjs/models@2.0.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/models" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "canonical-json", + "group": "@tufjs", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "author": "bdehamer@github.com", + "description": "OLPC JSON canonicalization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/canonical-json@2.0.0?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/canonical-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/canonical-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "npm@10.8.0|debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4?vcs_url=git%3A//github.com/debug-js/debug.git", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2?vcs_url=git%2Bhttps%3A//github.com/zeit/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "make-fetch-happen", + "version": "13.0.1", + "bom-ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "author": "GitHub Inc.", + "description": "Opinionated, caching, retrying fetch client", + "licenses": [ { - "alg": "SHA-512", - "content": "8e0fbdec4188718f4018724945a68f5607ad283b2b4e06d18d0e4cb208e1fc340a1059740edc91aff5423b20f54f647530d7963cafeeec9a068650d99ca0407c" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/uuid" - } - ] - }, - { - "type": "library", - "name": "eslint-plugin", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0", - "description": "TypeScript plugin for ESLint", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@7.12.0#packages/eslint-plugin", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io/packages/eslint-plugin", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/make-fetch-happen@13.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/make-fetch-happen.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "ec5f757dc6ee0dffdddd2f28db5fabdd99dc18891effe7969341293b6d4b5e10df2da86b89917d0868f87db01eb448e56817637529bd6ba55e5dba5b4fa678d1" + "url": "git+https://github.com/npm/make-fetch-happen.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/eslint-plugin" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/make-fetch-happen" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "regexpp", - "group": "@eslint-community", - "version": "4.10.0", - "bom-ref": "@eslint-community/regexpp@4.10.0", - "author": "Toru Nagashima", - "description": "Regular expression parser for ECMAScript.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40eslint-community/regexpp@4.10.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint-community/regexpp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/abbrev-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/abbrev" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/eslint-community/regexpp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "archy", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|archy@1.0.0", + "author": "James Halliday", + "description": "render nested hierarchies `npm ls` style with unicode pipes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/archy@1.0.0?vcs_url=git%2Bssh%3A//git%40github.com/substack/node-archy.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/substack/node-archy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-archy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-archy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/archy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/eslint-community/regexpp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "fs-minipass", + "version": "3.0.3", + "bom-ref": "npm@10.8.0|fs-minipass@3.0.3", + "author": "GitHub Inc.", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@3.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "minipass-collect", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|minipass-collect@2.0.1", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that collects all the data into a single chunk", + "licenses": [ { - "alg": "SHA-512", - "content": "0aef7a49dd81cbd982353c768b228e9aad74bf6da351542fd25427946372d7aa04f79f3dc84f900033dbacc182900e7570a6528373eefda4c955319f2ffaa350" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@eslint-community/regexpp" + "purl": "pkg:npm/minipass-collect@2.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-collect.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-collect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-collect" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "parser", - "group": "@typescript-eslint", - "version": "7.7.1", - "bom-ref": "@typescript-eslint/parser@7.7.1", - "description": "An ESLint custom parser which leverages TypeScript ESTree", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/parser@7.7.1#packages/parser", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "type": "library", + "name": "minipass", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|minipass@7.1.1", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://typescript-eslint.io/packages/parser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "minipass-flush", + "version": "1.0.5", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that calls a flush function before emitting 'end'", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-flush@1.0.5?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-flush.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-flush.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "yallist", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|yallist@4.0.0", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@4.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/yallist.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/yallist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "minipass-pipeline", + "version": "1.2.4", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "create a pipeline of streams using Minipass", + "licenses": [ { - "alg": "SHA-512", - "content": "be63f304e3adcf8f05e89006552fe46589381245daa3a886ac3f37f2ca75c37350402d16f2bcbfabae35294e0fac6ec028d01fe7a34e711f063a91fc97d14f0b" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/parser" + "purl": "pkg:npm/minipass-pipeline@1.2.4", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "scope-manager", - "group": "@typescript-eslint", - "version": "7.7.1", - "bom-ref": "@typescript-eslint/scope-manager@7.7.1", - "description": "TypeScript scope analyser for ESLint", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.7.1#packages/scope-manager", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "type": "library", + "name": "p-map", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|p-map@4.0.0", + "author": "Sindre Sorhus", + "description": "Map over promises concurrently", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-map@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/p-map.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/p-map" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://typescript-eslint.io/packages/scope-manager", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "tar", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|tar@6.2.1", + "author": "GitHub Inc.", + "description": "tar for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/tar@6.2.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-tar.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-tar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-tar#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-tar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fs-minipass", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "author": "Isaac Z. Schlueter", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@5.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "unique-filename", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|unique-filename@3.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique filename for use in temporary directories or caches.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-filename@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-filename.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-filename.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/unique-filename", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/unique-filename/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-filename" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "unique-slug", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|unique-slug@4.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique character string suitible for use in files and URLs.", + "licenses": [ { - "alg": "SHA-512", - "content": "3f2b4189fd9217ef52a4450aca7627e60d511c575d254732ca71a9ced5f797f8a4eca99912fd7d5823215019075cf53d7acfd55860f7ff3837c20f74f83876ac" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/scope-manager" + "purl": "pkg:npm/unique-slug@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-slug.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-slug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/unique-slug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/unique-slug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-slug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "types", - "group": "@typescript-eslint", - "version": "7.7.1", - "bom-ref": "@typescript-eslint/types@7.7.1", - "description": "Types for the TypeScript-ESTree AST spec", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/types@7.7.1#packages/types", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "npm@10.8.0|imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ { - "alg": "SHA-512", - "content": "0263e69c65b564b4e959afbfda898facf7d1ec171b514e2885ae5521b49b4b56b54eff7ae9b925bcb357c69de6adb73e3f68f830d3937c37df36c938a3473aff" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/types" + "purl": "pkg:npm/imurmurhash@0.1.4?vcs_url=git%2Bhttps%3A//github.com/jensyt/imurmurhash-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/imurmurhash" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "visitor-keys", - "group": "@typescript-eslint", - "version": "7.7.1", - "bom-ref": "@typescript-eslint/visitor-keys@7.7.1", - "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.7.1#packages/visitor-keys", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "type": "library", + "name": "chalk", + "version": "5.3.0", + "bom-ref": "npm@10.8.0|chalk@5.3.0", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@5.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/chalk.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chalk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://typescript-eslint.io", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "cli-columns", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|cli-columns@4.0.0", + "author": "Shannon Moeller", + "description": "Columnated lists for the CLI.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-columns@4.0.0?vcs_url=git%2Bhttps%3A//github.com/shannonmoeller/cli-columns.git", + "externalReferences": [ + { + "url": "git+https://github.com/shannonmoeller/cli-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cli-columns" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "npm@10.8.0|string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "npm@10.8.0|emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ { - "alg": "SHA-512", - "content": "8012f712adb9b800f0d4b43d915a5fde144cf835b3b34b999271d82b786ae237133ea5420a51c60e707a514515d9215e05e0382961d66db2ea99b19c6781586f" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/visitor-keys" + "purl": "pkg:npm/emoji-regex@8.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "typescript-estree", - "group": "@typescript-eslint", - "version": "7.7.1", - "bom-ref": "@typescript-eslint/typescript-estree@7.7.1", - "description": "A parser that converts TypeScript source code into an ESTree compatible form", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.7.1#packages/typescript-estree", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-fullwidth-code-point" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://typescript-eslint.io/packages/typescript-estree", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "npm@10.8.0|fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ { - "alg": "SHA-512", - "content": "0977b4247097aeef056b7e9db5e5ea987d98c6780a2639102e3c73a23e8b630cd9eea66f82c2d273e7aa22d0aba88a29f1597650aa008b44ad556bbdec541921" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/typescript-estree" + "purl": "pkg:npm/fastest-levenshtein@1.0.16?vcs_url=git%2Bhttps%3A//github.com/ka-weihe/fastest-levenshtein.git", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "ts-api-utils", - "version": "1.3.0", - "bom-ref": "ts-api-utils@1.3.0", - "author": "JoshuaKGoldberg", - "description": "Utility functions for working with TypeScript's API. Successor to the wonderful tsutils. 🛠️️", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ts-api-utils@1.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/JoshuaKGoldberg/ts-api-utils.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1?vcs_url=git%2Bhttps%3A//github.com/tapjs/foreground-child.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/foreground-child" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/JoshuaKGoldberg/ts-api-utils#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3?vcs_url=git%2Bssh%3A//git%40github.com/moxystudio/node-cross-spawn.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2?vcs_url=git%3A//github.com/isaacs/node-which.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://github.com/JoshuaKGoldberg/ts-api-utils/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-key.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-key" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ { - "alg": "SHA-512", - "content": "510308a3ba5bf1646898a475ffe30554b4eba08bc356d317dcae8e522afcca72f2cc1f097ab8a89edd9b4c0b6634f6b57a402037b60f0f27fa57eca0add53e79" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ts-api-utils" + "purl": "pkg:npm/shebang-command@2.0.0?vcs_url=git%2Bhttps%3A//github.com/kevva/shebang-command.git", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-command" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-visitor-keys", - "version": "3.4.3", - "bom-ref": "eslint-visitor-keys@3.4.3", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/eslint-visitor-keys@3.4.3", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c2973e2d77a2ca28acc4f944914cd4eacbf24b57eb20edcc8318f57ddcbb3e6f1883382e6b1d8ddc56bf0ff6a0d56a9b3a9add23eb98eb031497cfdad86fa26a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint", - "version": "8.57.0", - "bom-ref": "eslint@8.57.0", - "author": "Nicholas C. Zakas", - "description": "An AST-based pattern checker for JavaScript.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint@8.57.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://eslint.org", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint/issues/", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "759ebe99ec6769321b481656828bb9d54e8e9b322160cd9570d76d893b48eea3cd666df9024a6bd1feafb70df0d4a9a7e4f628fad6557e1d775ab8694baa0ba9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "type-utils", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/type-utils@7.12.0", - "description": "Type utilities for working with TypeScript + ESLint together", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/type-utils@7.12.0#packages/type-utils", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/type-utils", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9626fdeadc91b4c84bc706ae0d6529fee5b714c84b03a0f4ac9f13ec7987ef1db71a4d46c30bbc519f7834c5c1bce10b9fa7e548f881ac22a57a19225f26aac0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/type-utils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "utils", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/utils@7.12.0", - "description": "Utilities for working with TypeScript + ESLint together", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/utils@7.12.0#packages/utils", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/utils", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io/packages/utils", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "63a861c31c03c78d473698ee62cc18a7a8036e4899f078a7f417f9689427d5ba53b3769f618e065fe30f63199af23b68215d864704ccfd4266ff6b86095bfe0d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/utils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-utils", - "group": "@eslint-community", - "version": "4.4.0", - "bom-ref": "@eslint-community/eslint-utils@4.4.0", - "author": "Toru Nagashima", - "description": "Utilities for ESLint plugins.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40eslint-community/eslint-utils@4.4.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint-community/eslint-utils.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint-community/eslint-utils#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint-community/eslint-utils/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d7fb00e1dc2bcc1032794a10ea8c5a8472a6ad9bec9cb0a0e117f15b76451869909123503c534b57d09410540fd71f446171d3a39a7ac5d85933535ef69fc07c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@eslint-community/eslint-utils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "graphemer", - "version": "1.4.0", - "bom-ref": "graphemer@1.4.0", - "author": "Matt Davies", - "description": "A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/graphemer@1.4.0", - "externalReferences": [ - { - "url": "git+https://github.com/flmnt/graphemer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/flmnt/graphemer", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/flmnt/graphemer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "12d2b0a0eea4c422fd58ee718a98874d9952cc19bb58b4fadbb4ea0bfb9545dd072a6abc357c9e6e7358c43a018bbc2df1e4d6ad4aca5c2395685abdc759206a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/graphemer" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "accurate-search", - "version": "1.2.15", - "bom-ref": "accurate-search@1.2.15", - "author": "Florin Mirel Dumitrescu", - "description": "The fastest and most accurate javascript full-text search library. Accurate search uses match distance algorithm to return the accurate order of the matching items.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/accurate-search@1.2.15", - "externalReferences": [ - { - "url": "git+https://github.com/florind9/accurate-search.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://accuratesearch.org", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/florind9/accurate-search/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/accurate-search/-/accurate-search-1.2.15.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2356977547875158d69468d26c177c35a304fc2414f78d87dad1cc12e6797adff16f9da60e18a421e6c08bdb9f12801ef25c331eb6c29784797ae099f0aff07c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/accurate-search" - } - ] - }, - { - "type": "library", - "name": "ajv", - "version": "8.16.0", - "bom-ref": "ajv@8.16.0", - "author": "Evgeny Poberezkin", - "description": "Another JSON Schema Validator", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ajv@8.16.0", - "externalReferences": [ - { - "url": "git+https://github.com/ajv-validator/ajv.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://ajv.js.org", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ajv-validator/ajv/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "174b7047c535654ebb24812d7a451c2e45e4a0ee6630c9a0183f2c2bfc5417327cd398f11d097dda1226140aaa5ccc8c62348f3b250f0301d8841ef6839b135f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ajv" - } - ] - }, - { - "type": "library", - "name": "fast-deep-equal", - "version": "3.1.3", - "bom-ref": "fast-deep-equal@3.1.3", - "author": "Evgeny Poberezkin", - "description": "Fast deep equal", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fast-deep-equal@3.1.3", - "externalReferences": [ - { - "url": "git+https://github.com/epoberezkin/fast-deep-equal.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/epoberezkin/fast-deep-equal#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/epoberezkin/fast-deep-equal/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/fast-deep-equal" - } - ] - }, - { - "type": "library", - "name": "json-schema-traverse", - "version": "1.0.0", - "bom-ref": "json-schema-traverse@1.0.0", - "author": "Evgeny Poberezkin", - "description": "Traverse JSON Schema passing each schema object to callback", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/json-schema-traverse@1.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/epoberezkin/json-schema-traverse#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/epoberezkin/json-schema-traverse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "34cf3f3fd9f75e35e12199f594b86415a0024ce5114178d6855e0103f4673aff31be0aadaa9017f483b89914314b1d51968e2dab37aa6f4b0e96bb9a3b2dddba" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/json-schema-traverse" - } - ] - }, - { - "type": "library", - "name": "require-from-string", - "version": "2.0.2", - "bom-ref": "require-from-string@2.0.2", - "author": "Vsevolod Strukchinsky", - "description": "Require module from string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/require-from-string@2.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/floatdrop/require-from-string.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/floatdrop/require-from-string#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/floatdrop/require-from-string/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5dfd2759ee91b1ece214cbbe029f5b8a251b9a996ae92f7fa7eef0ed85cffc904786b5030d48706bebc0372b9bbaa7d9593bde53ffc36151ac0c6ed128bfef13" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/require-from-string" - } - ] - }, - { - "type": "library", - "name": "uri-js", - "version": "4.4.1", - "bom-ref": "uri-js@4.4.1", - "author": "Gary Court", - "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/uri-js@4.4.1", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/garycourt/uri-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/garycourt/uri-js", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/garycourt/uri-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "eeb294cb2df7435c9cf7ca50d430262edc17d74f45ed321f5a55b561da3c5a5d628b549e1e279e8741c77cf78bd9f3172bacf4b3c79c2acf5fac2b8b26f9dd06" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/uri-js" - } - ] - }, - { - "type": "library", - "name": "punycode", - "version": "2.3.1", - "bom-ref": "punycode@2.3.1", - "author": "Mathias Bynens", - "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/punycode@2.3.1", - "externalReferences": [ - { - "url": "git+https://github.com/mathiasbynens/punycode.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://mths.be/punycode", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mathiasbynens/punycode.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/punycode" - } - ] - }, - { - "type": "library", - "name": "form-data", - "version": "4.0.0", - "bom-ref": "form-data@4.0.0", - "author": "Felix Geisendörfer", - "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/form-data@4.0.0", - "externalReferences": [ - { - "url": "git://github.com/form-data/form-data.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/form-data/form-data#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/form-data/form-data/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1131249521a2e6dd10319ba25e803f43abdc9f170b40fe6f76e812a6e0328ba4951a2d9c94f3e9fb180486e31a1c2fb31a09f7d4a776df95b7e5fec7ca491ac3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/form-data" - } - ] - }, - { - "type": "library", - "name": "proxy-from-env", - "version": "1.1.0", - "bom-ref": "proxy-from-env@1.1.0", - "author": "Rob Wu", - "description": "Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/proxy-from-env@1.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/Rob--W/proxy-from-env.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Rob--W/proxy-from-env#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Rob--W/proxy-from-env/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0fece439109b03d7f5b5d5912b445a091dc63efe7470cc5caf3e17f24e4b4d2503d43930e3b98a24465036e9c8b514e45b082d6944a8d515454481bd65788562" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/proxy-from-env" - } - ] - }, - { - "type": "library", - "name": "assertion-error", - "version": "1.1.0", - "bom-ref": "assertion-error@1.1.0", - "author": "Jake Luer", - "description": "Error constructor for test and validation frameworks that implements standardized AssertionError specification.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/assertion-error@1.1.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/chaijs/assertion-error.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chaijs/assertion-error#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chaijs/assertion-error/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8e0b1a35dbb3fa776f1b216ddee4ae5aabf2e250a72098a8beda2e40de4964738a092d90ba111d6dc407161564b33d8dd94f615c9a3ca1d1bb113c969447ae0f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/assertion-error" - } - ] - }, - { - "type": "library", - "name": "check-error", - "version": "1.0.3", - "bom-ref": "check-error@1.0.3", - "author": "Jake Luer", - "description": "Error comparison and information related utility for node and the browser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/check-error@1.0.3", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/chaijs/check-error.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chaijs/check-error#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chaijs/check-error/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "88a1280d869199dd66c4cf746b63847d6863b233e960fb90fa5318b28c41d76ebeb7c7f0ef24843b8f2798383908e4e3c4323ae7f636396a5e10793764e7bcce" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/check-error" - } - ] - }, - { - "type": "library", - "name": "get-func-name", - "version": "2.0.2", - "bom-ref": "get-func-name@2.0.2", - "author": "Jake Luer", - "description": "Utility for getting a function's name for node and the browser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/get-func-name@2.0.2", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/chaijs/get-func-name.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chaijs/get-func-name#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chaijs/get-func-name/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f2f5cebee135ebb0ad21cdcec88b5ca3b37f76946d05b60eb0fb170b3ed7fcf3279468d88d21ae64980cd58ee699ec3b04a7fd06abcb5f6b67395cb504152cc5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/get-func-name" - } - ] - }, - { - "type": "library", - "name": "deep-eql", - "version": "4.1.3", - "bom-ref": "deep-eql@4.1.3", - "author": "Jake Luer", - "description": "Improved deep equality testing for Node.js and the browser.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/deep-eql@4.1.3", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/chaijs/deep-eql.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chaijs/deep-eql#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chaijs/deep-eql/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "59a12d00ea51035310d1ea21a998e9183f33748d0ebec9bc9a616168337c76f0d9cf2a1431c6039dfe58ea2bbb1d35f17fc2434b6dea59ae1afa12820f238fcf" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/deep-eql" - } - ] - }, - { - "type": "library", - "name": "loupe", - "version": "2.3.7", - "bom-ref": "loupe@2.3.7", - "author": "Veselin Todorov", - "description": "Inspect utility for Node.js and browsers", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/loupe@2.3.7", - "externalReferences": [ - { - "url": "git+https://github.com/chaijs/loupe.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chaijs/loupe", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chaijs/loupe/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "cd230834655891da5848e0662e2d03d54a3b254f6755d40aac7c42f1e62557ef5828af5678fa8094bee54a5a2b1bf536170d70d214c199a6bf8eb43751b3c7b4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/loupe" - } - ] - }, - { - "type": "library", - "name": "pathval", - "version": "1.1.1", - "bom-ref": "pathval@1.1.1", - "author": "Veselin Todorov", - "description": "Object value retrieval given a string path", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/pathval@1.1.1", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/chaijs/pathval.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chaijs/pathval", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chaijs/pathval/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0e9eb31aaa537444dd47ade57a12583de20eaa988d04db5cec1a5648bace8deed4688b04e5a63ddabfc0ba7400eebb17bdeb7796b277267657dbd50f4ca5f229" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/pathval" - } - ] - }, - { - "type": "library", - "name": "colors", - "version": "1.4.0", - "bom-ref": "colors@1.4.0", - "author": "Marak Squires", - "description": "get colors in your node.js console", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/colors@1.4.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/Marak/colors.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Marak/colors.js", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Marak/colors.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6be52a4e1e2481983f4a51af7dbcc31e9811bbb00040e9a6a911c99f185164808a1544fdd5bad584d36de7c08c594f4fb016efdcf0c26541db571b83887da6b4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/colors" - } - ] - }, - { - "type": "library", - "name": "csv-parse", - "version": "4.16.3", - "bom-ref": "csv-parse@4.16.3", - "author": "David Worms", - "description": "CSV parsing implementing the Node.js `stream.Transform` API", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/csv-parse@4.16.3", - "externalReferences": [ - { - "url": "git+https://github.com/wdavidw/node-csv-parse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://csv.js.org/parse/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/wdavidw/node-csv-parse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.16.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "70ed48ff39b3e30d9d70a1d5be90abec9551bbcfc5ca61b9384a66bec65895c718a253c12e85462941e03687386469057859561840e633204cf934ea45d5bfc2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/csv-parse" - } - ] - }, - { - "type": "library", - "name": "dotenv", - "version": "16.4.5", - "bom-ref": "dotenv@16.4.5", - "description": "Loads environment variables from .env file", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/dotenv@16.4.5", - "externalReferences": [ - { - "url": "git://github.com/motdotla/dotenv.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/motdotla/dotenv#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/motdotla/dotenv/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "66674bdabba2f9e07663086c5b38c89d1f0b95db591c60e8435ba01fce69a472b0a541cbee3eeb3744e2f4d0a71a241b85a675d45a51fbb6a8d5d36c99db8d52" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/dotenv" - } - ] - }, - { - "type": "library", - "name": "eslint-config-oclif-typescript", - "version": "1.0.3", - "bom-ref": "eslint-config-oclif-typescript@1.0.3", - "author": "oclif", - "description": "eslint config for Typscript'd oclif", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint-config-oclif-typescript@1.0.3", - "externalReferences": [ - { - "url": "git+https://github.com/oclif/eslint-config-oclif-typescript.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/oclif/eslint-config-oclif-typescript", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/oclif/eslint-config-oclif-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-config-oclif-typescript/-/eslint-config-oclif-typescript-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4de24a5d6050dee28cb73833fbe505356a5ed560b1f267ea46ecd9cb52e2ad112046556feb9e929151b880d65ab79ad13484207c39934be61e6f12b4da47f294" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "experimental-utils", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0", - "description": "(Experimental) Utilities for working with TypeScript + ESLint together", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/experimental-utils@4.33.0#packages/experimental-utils", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/experimental-utils", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.33.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "cde4233a8112e491634e7021239418ed9be27333330e9b65b35e4616c23a8f250eab490e7fdf96a27921b652218744601d19ea8f981d3715b98f512f032620e9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "json-schema", - "group": "@types", - "version": "7.0.15", - "bom-ref": "@types/json-schema@7.0.15", - "description": "TypeScript definitions for json-schema", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/json-schema@7.0.15#types/json-schema", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-schema", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e7e7cff0ff0c14d0be0326420f1ac1da991914f1b3a90594ce949ebae54bbe6f1531ca2b3586af06aa057312bc6d0cf842c6e7e2850411e9b8c032df732b061c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/json-schema" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "tsutils", - "version": "3.21.0", - "bom-ref": "tsutils@3.21.0", - "author": "Klaus Meinhardt", - "description": "utilities for working with typescript's AST", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/tsutils@3.21.0", - "externalReferences": [ - { - "url": "git+https://github.com/ajafff/tsutils.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ajafff/tsutils#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ajafff/tsutils/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "98728ade25172fedd417ac4be64d0f12129150128f042bfff919043a98d15b1c71dbb28a4419a603ad00f6980e52f322f062a144c3c49a30513f3b365bb3b538" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tsutils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "esrecurse", - "version": "4.3.0", - "bom-ref": "esrecurse@4.3.0", - "description": "ECMAScript AST recursive visitor", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/esrecurse@4.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/estools/esrecurse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/estools/esrecurse", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/estools/esrecurse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2a67ca2f76fa1be457bcff0dd6faf74ead642ffa021609f63585c4b6a3fcfcbde929aa540381bc70555aa05dd2537db7083e17ca947f7df8a81e692d8bafd36a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/esrecurse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-utils", - "version": "3.0.0", - "bom-ref": "eslint-utils@3.0.0", - "author": "Toru Nagashima", - "description": "Utilities for ESLint plugins.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint-utils@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/mysticatea/eslint-utils.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mysticatea/eslint-utils#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mysticatea/eslint-utils/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bae402e3720672dc3af29240d5181b412f3f34feeb721e82c1de23dd906d828e3ff05963e1e184ed96126513778aae69554bfa18f756e59d511657a8f38b8b0c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-utils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "highlight", - "group": "@babel", - "version": "7.24.2", - "bom-ref": "@babel/highlight@7.24.2", - "author": "The Babel Team", - "description": "Syntax highlight JavaScript strings for output in terminals.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/highlight@7.24.2#packages/babel-highlight", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-highlight", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://babel.dev/docs/en/next/babel-highlight", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "61a7356a8e1f9644f14ed7820d92c4bddc60d9f65fcf5bfc338429686ca9abf58f0ea8378a31d86c37ecf8b1b986fcd2a2a69267dfd9f652923f70a3663bfea4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight" - } - ] - }, - { - "type": "library", - "name": "globals", - "version": "13.24.0", - "bom-ref": "globals@13.24.0", - "author": "Sindre Sorhus", - "description": "Global identifiers from different JavaScript environments", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/globals@13.24.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/globals.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/globals#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/globals/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0213b9414723f2596b6c6d3d89684f536076d38275c673de2fc910995a2b4accbe4a38f5b24f2023287a714a1c1a61f82f452e840272fa124c440e26800e2615" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/globals" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "doctrine", - "version": "3.0.0", - "bom-ref": "doctrine@3.0.0", - "description": "JSDoc parser", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/doctrine@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/doctrine.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/doctrine", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/doctrine/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c92f90e62de105fec6064778286f1aede04d3563462d3684c306165228c860cef3ae56033340455c78e33d6956675460ed469d7597880e68bd8c5dc79aa890db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/doctrine" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "enquirer", - "version": "2.4.1", - "bom-ref": "enquirer@2.4.1", - "author": "Jon Schlinkert", - "description": "Stylish, intuitive and user-friendly prompt system. Fast and lightweight enough for small projects, powerful and extensible enough for the most advanced use cases.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/enquirer@2.4.1", - "externalReferences": [ - { - "url": "git+https://github.com/enquirer/enquirer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/enquirer/enquirer", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/enquirer/enquirer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ad1a8983fea0779dfc547bd1dcf4ab75105bff5572d987f31eacef6e11884290d12886b816057fe786f9435c584b138ec0abe35f0792dba13443e9c0330a76a5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/enquirer" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "ansi-colors", - "version": "4.1.1", - "bom-ref": "ansi-colors@4.1.1", - "author": "Brian Woodward", - "description": "Easily add ANSI colors to your text and symbols in the terminal. A faster drop-in replacement for chalk, kleur and turbocolor (without the dependencies and rendering bugs).", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-colors@4.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/doowb/ansi-colors.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/doowb/ansi-colors", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/doowb/ansi-colors/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2685f46a919b1da50904d97ac85fa9e89005619ebaebf86108628de6df501636c940a514fe0f0c35b1436ef7eb80a5ef23542966994f3a7c08a3df655ff00098" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ansi-colors" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "acorn-jsx", - "version": "5.3.2", - "bom-ref": "acorn-jsx@5.3.2", - "description": "Modern, fast React.js JSX parser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/acorn-jsx@5.3.2", - "externalReferences": [ - { - "url": "git+https://github.com/acornjs/acorn-jsx.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/acornjs/acorn-jsx", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/acornjs/acorn-jsx/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "aeaf6cf893617f4202863b435f196527b838d68664e52957b69d0b1f0c80e5c7a3c27eef2a62a9e293eb8ba60478fbf63d4eb9b00b1e81b5ed2229e60c50d781" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/acorn-jsx" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "esquery", - "version": "1.5.0", - "bom-ref": "esquery@1.5.0", - "author": "Joel Feenstra", - "description": "A query library for ECMAScript AST using a CSS selector like query language.", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/esquery@1.5.0", - "externalReferences": [ - { - "url": "git+https://github.com/estools/esquery.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/estools/esquery/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/estools/esquery/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6102d7529940c09802c9d43bf08309cb064271ea2a935a07d3538445d48025cffb5360329708e14822c312dab083cd7589d212ffd7c85391a31bbdc882328c56" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/esquery" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "esutils", - "version": "2.0.3", - "bom-ref": "esutils@2.0.3", - "description": "utility box for ECMAScript language tools", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/esutils@2.0.3", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/estools/esutils.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/estools/esutils", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/estools/esutils/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/esutils" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "file-entry-cache", - "version": "6.0.1", - "bom-ref": "file-entry-cache@6.0.1", - "author": "Roy Riojas", - "description": "Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/file-entry-cache@6.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/royriojas/file-entry-cache.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/royriojas/file-entry-cache#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/royriojas/file-entry-cache/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ec6a6cfd75b299b2e4d902d82b8373a4c3ab623321748c57b88bf2d9006c2c4ea58eea1d2af7645acfdca72249dc25485691f43a2d47be0d68bdb3332dd14106" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/file-entry-cache" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "functional-red-black-tree", - "version": "1.0.1", - "bom-ref": "functional-red-black-tree@1.0.1", - "author": "Mikola Lysenko", - "description": "A fully persistent balanced binary search tree", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/functional-red-black-tree@1.0.1", - "externalReferences": [ - { - "url": "git://github.com/mikolalysenko/functional-red-black-tree.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mikolalysenko/functional-red-black-tree#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mikolalysenko/functional-red-black-tree/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "76c28d40d763eb10374fe4250030c0ee6392957d2a88c20d8e7d1c82bf9e1871ac6d21f34da6dc228833dbea7f8aa3f55ece843ffb12d926ea1fe6eb1936ead2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/functional-red-black-tree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "imurmurhash", - "version": "0.1.4", - "bom-ref": "imurmurhash@0.1.4", - "author": "Jens Taylor", - "description": "An incremental implementation of MurmurHash3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/imurmurhash@0.1.4", - "externalReferences": [ - { - "url": "git+https://github.com/jensyt/imurmurhash-js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jensyt/imurmurhash-js", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jensyt/imurmurhash-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2665cc67ac2ebc398b88712697dca4cea3ba97015ba1fd061b822470668435d0910c398c5679f2eece47b0880709b6aad30d8cc8f843aa48535204b62d4d8f1c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/imurmurhash" - } - ] - }, - { - "type": "library", - "name": "json-stable-stringify-without-jsonify", - "version": "1.0.1", - "bom-ref": "json-stable-stringify-without-jsonify@1.0.1", - "author": "James Halliday", - "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", - "externalReferences": [ - { - "url": "git://github.com/samn/json-stable-stringify.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/samn/json-stable-stringify", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/samn/json-stable-stringify/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "05d6e8cbe97bb40dce196e858f21475a43f92ee0728f54e4df72e3caad1ac72cdd93dfff2528b6bb77cfd504a677528dc2ae9538a606940bbcec28ac562afa3f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/json-stable-stringify-without-jsonify" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "levn", - "version": "0.4.1", - "bom-ref": "levn@0.4.1", - "author": "George Zahariev", - "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/levn@0.4.1", - "externalReferences": [ - { - "url": "git://github.com/gkz/levn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/gkz/levn", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/gkz/levn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f9b4f6b87e04e4b184ee1fe7ddebdc4bfb109495c2a48a7aca6f0e589e5e57afbaec3b2a97f2da693eea24102ddabcdfa1aff94011818710e2c7574cb7691029" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/levn" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "lodash.merge", - "version": "4.6.2", - "bom-ref": "lodash.merge@4.6.2", - "author": "John-David Dalton", - "description": "The Lodash method `_.merge` exported as a module.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/lodash.merge@4.6.2", - "externalReferences": [ - { - "url": "git+https://github.com/lodash/lodash.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://lodash.com/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/lodash/lodash/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/lodash.merge" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "optionator", - "version": "0.9.3", - "bom-ref": "optionator@0.9.3", - "author": "George Zahariev", - "description": "option parsing and help generation", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/optionator@0.9.3", - "externalReferences": [ - { - "url": "git://github.com/gkz/optionator.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/gkz/optionator", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/gkz/optionator/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2630a8ca9a7e8ca9f5b6d105131c617ad08a789b7dce102002f7b91571e2c53bc50d6ff968492d5fd6ee7c128b45131d53b6cdb692df706bbde01ddc7442608e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/optionator" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "progress", - "version": "2.0.3", - "bom-ref": "progress@2.0.3", - "author": "TJ Holowaychuk", - "description": "Flexible ascii progress bar", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/progress@2.0.3", - "externalReferences": [ - { - "url": "git://github.com/visionmedia/node-progress.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/visionmedia/node-progress#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/visionmedia/node-progress/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ecf887b4b965e4b767288330d74d08fbcc495d1e605b6430598913ea226f6b46d78ad64a6bf5ccad26dd9a0debd979da89dcfd42e99dd153da32b66517d57db0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/progress" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "regexpp", - "version": "3.2.0", - "bom-ref": "regexpp@3.2.0", - "author": "Toru Nagashima", - "description": "Regular expression parser for ECMAScript.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/regexpp@3.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/mysticatea/regexpp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mysticatea/regexpp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mysticatea/regexpp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a6ad9b5a8f66543e379dbb6cdb01afd7b5cb88d2f26be1a4959f246832d5d99d3c8030ac1a99ca9fd04531ea6f5ae1c26f256f63b279a39f8156fa106e69492e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/regexpp" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "table", - "version": "6.8.2", - "bom-ref": "table@6.8.2", - "author": "Gajus Kuizinas", - "description": "Formats data into a string table.", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/table@6.8.2", - "externalReferences": [ - { - "url": "git+https://github.com/gajus/table.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/gajus/table#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/gajus/table/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/table/-/table-6.8.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c36b1fbfcd27ac08765426ea47900adbbc2cc1786a71c9360217e7356efa6de417b24199d55d761b04bfff26156b77777dcbc08a9d8e5276c30235b6937bfd7c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/table" - } - ] - }, - { - "type": "library", - "name": "text-table", - "version": "0.2.0", - "bom-ref": "text-table@0.2.0", - "author": "James Halliday", - "description": "borderless text tables with alignment", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/text-table@0.2.0", - "externalReferences": [ - { - "url": "git://github.com/substack/text-table.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/substack/text-table", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/substack/text-table/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "37ef148ac0170c693c3c55cfe07033551f676df995277cd82c05a24c8a2a0b9bf98ac8a786bfabe6e68ef3eeebdc131fb8d22e7c8b00ed176956069c0b6712a7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/text-table" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "v8-compile-cache", - "version": "2.4.0", - "bom-ref": "v8-compile-cache@2.4.0", - "author": "Andres Suarez", - "description": "Require hook for automatic V8 compile cache persistence", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/v8-compile-cache@2.4.0", - "externalReferences": [ - { - "url": "git+https://github.com/zertosh/v8-compile-cache.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zertosh/v8-compile-cache#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zertosh/v8-compile-cache/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a1cc967376c01c107f82ecaa250548e68e016643e1ce73d8506d9e6bcd06a2777f060356a5aa7c4ce98b49e7901bb6e787628c212c6c91d0031b9f63ef3aee87" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/v8-compile-cache" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "confusing-browser-globals", - "version": "1.0.10", - "bom-ref": "confusing-browser-globals@1.0.10", - "description": "A list of browser globals that are often used by mistake instead of local variables", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/confusing-browser-globals@1.0.10#packages/confusing-browser-globals", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/create-react-app.git#packages/confusing-browser-globals", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/create-react-app#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/create-react-app/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "80d95dff7972487c2e85a565b8950a2de3d88ab33740d08acd5c6a01d849208f7f5972955f93d447331526ca52d634ec952aa37ae1b828c5534a8ba2b7960f1c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/confusing-browser-globals" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-plugin-mocha", - "version": "9.0.0", - "bom-ref": "eslint-plugin-mocha@9.0.0", - "author": "Mathias Schreck", - "description": "Eslint rules for mocha.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint-plugin-mocha@9.0.0", - "externalReferences": [ - { - "url": "git://github.com/lo1tuma/eslint-plugin-mocha.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/lo1tuma/eslint-plugin-mocha", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/lo1tuma/eslint-plugin-mocha/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-9.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "77b92701c423d633c2cd97f771a781227dc19d6ea291cbdfcf4912a90a703d871518ba09579b33d25d0e241d8b47c23b76f4c36eaab5a15eb29614a0cc0d74ce" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-mocha" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "ramda", - "version": "0.27.2", - "bom-ref": "ramda@0.27.2", - "author": "Scott Sauyet", - "description": "A practical functional library for JavaScript programmers.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ramda@0.27.2", - "externalReferences": [ - { - "url": "git://github.com/ramda/ramda.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://ramdajs.com/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ramda/ramda/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ramda/-/ramda-0.27.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "49b88b3d4e3426e2678877b141202069ddf685fc1df834547701763e556e2394590f4fef6a151ca3b47cbc3f3a27fb5c10a285f6f66b515c20b66182aa508ac8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ramda" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-plugin-node", - "version": "11.1.0", - "bom-ref": "eslint-plugin-node@11.1.0", - "author": "Toru Nagashima", - "description": "Additional ESLint's rules for Node.js", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint-plugin-node@11.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/mysticatea/eslint-plugin-node.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mysticatea/eslint-plugin-node#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mysticatea/eslint-plugin-node/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a14c2d3c9d56d12283d13afec2abbdd9ce71b82790a81de14821dab27fd982315d03d88318d90d7f6662f73b58ed7fa136e3226f6dcb346466ebeb8df8a2c4de" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-node" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-plugin-es", - "version": "3.0.1", - "bom-ref": "eslint-plugin-es@3.0.1", - "author": "Toru Nagashima", - "description": "ESLint plugin about ECMAScript syntactic features.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint-plugin-es@3.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/mysticatea/eslint-plugin-es.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mysticatea/eslint-plugin-es#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mysticatea/eslint-plugin-es/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-3.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "194980b0968de0573b19bb65f2e38195aca8d83aa1c16bc4cf290c1d20991d4dd7749f8d4b3cd97158578775715f989ca90fa841d2046b05d7f31911de620599" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-es" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-config-oclif", - "version": "4.0.0", - "bom-ref": "eslint-config-oclif@4.0.0", - "author": "Jeff Dickey @jdxcode", - "description": "eslint config for oclif", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint-config-oclif@4.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/oclif/eslint-config-oclif.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/oclif/eslint-config-oclif", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/oclif/eslint-config-oclif/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-config-oclif/-/eslint-config-oclif-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e6d91441e0b7deb1c0849c5a19e0466087e50cbba6795daa0ffe172c1757841ffa17ff899f075c7bdc181d2be4c74254a9441286942ff09115901a7fcf30fb86" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-config-xo-space", - "version": "0.27.0", - "bom-ref": "eslint-config-xo-space@0.27.0", - "author": "Sindre Sorhus", - "description": "ESLint shareable config for XO with 2-space indent", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint-config-xo-space@0.27.0", - "externalReferences": [ - { - "url": "git+https://github.com/xojs/eslint-config-xo-space.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/xojs/eslint-config-xo-space#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/xojs/eslint-config-xo-space/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.27.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6fc5235be9d0c8e921880355a48a6daa528fc84ed7472438d2e435368061cd57eef798317d91aba658aaf191c1a5a385db008b65a7b14d28e0ed1be6f7dbe3e0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-xo-space" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-config-xo", - "version": "0.35.0", - "bom-ref": "eslint-config-xo@0.35.0", - "author": "Sindre Sorhus", - "description": "ESLint shareable config for XO", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint-config-xo@0.35.0", - "externalReferences": [ - { - "url": "git+https://github.com/xojs/eslint-config-xo.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/xojs/eslint-config-xo#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/xojs/eslint-config-xo/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.35.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f96c994cb594265bc4c45ac153f2ddc3c001fd2d1ddf1fb6e8941d0566dcaa283665a5a1d338a761c1e893e113e08a0f68471145fdc513d92322d3558c1c2702" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-xo" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "helper-validator-identifier", - "group": "@babel", - "version": "7.22.20", - "bom-ref": "@babel/helper-validator-identifier@7.22.20", - "author": "The Babel Team", - "description": "Validate identifier/keywords name", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helper-validator-identifier@7.22.20#packages/babel-helper-validator-identifier", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-identifier", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/babel/babel#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "638399fb2b656ad47c008fbc2997cab8be6eacaa7ba9ecb4f216b7d4bf1bdc1c1ec0902825a993cf2bf13d1ff90fe2a47490863eaffef13ba41c1958d74157f4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-validator-identifier" - } - ] - }, - { - "type": "library", - "name": "clean-regexp", - "version": "1.0.0", - "bom-ref": "clean-regexp@1.0.0", - "author": "Sam Verschueren", - "description": "Clean up regular expressions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/clean-regexp@1.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/SamVerschueren/clean-regexp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/SamVerschueren/clean-regexp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/SamVerschueren/clean-regexp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "19f8ac119109bf32ab9865a4bdf860cdccff06594dd5449ea83d95ead835e0e00e81a083d99fcf504bb19c067f9cfbe6687446edaf32efba754ff2114380f51f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/clean-regexp" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-template-visitor", - "version": "2.3.2", - "bom-ref": "eslint-template-visitor@2.3.2", - "licenses": [ - { - "expression": "GPL-3.0-or-later OR MIT" - } - ], - "purl": "pkg:npm/eslint-template-visitor@2.3.2", - "externalReferences": [ - { - "url": "git+https://github.com/futpib/eslint-template-visitor.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/futpib/eslint-template-visitor#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/futpib/eslint-template-visitor/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-template-visitor/-/eslint-template-visitor-2.3.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "df2761a85a6e57bc7533d10ae7604f363e95d0ac2ed0a2a470801fa548701db47ca1c4659ffa141e07f142ea58f0ed61e10bff3ce1c3ba66ff070c0d7f16ed9c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-template-visitor" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-parser", - "group": "@babel", - "version": "7.24.1", - "bom-ref": "@babel/eslint-parser@7.24.1", - "author": "The Babel Team", - "description": "ESLint parser that allows for linting of experimental syntax transformed by Babel", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/eslint-parser@7.24.1#eslint/babel-eslint-parser", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#eslint/babel-eslint-parser", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://babel.dev/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "77982ebb33253de0df6486e943cfa0d4d68236e00604118d1028741d5ab3d6c8ce7952e1d8211a89fb8ecac087d7c5115ba47ba6a5c836f7f93da47f742ea32d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/eslint-parser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-scope-5-internals", - "group": "@nicolo-ribaudo", - "version": "5.1.1-v1", - "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", - "description": "Proxy package exposing internals of eslint-scope@5 for @babel/eslint-parser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", - "externalReferences": [ - { - "url": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e78fc946f90b233cc35ac84259fba169d7eb7d954f884958f057209a0d47ae8125cbf1034accf384102c6ab0aec7e0ff90eb254d1aae373bb21929944934c71a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "multimap", - "version": "1.1.0", - "bom-ref": "multimap@1.1.0", - "author": "villa.gao", - "description": "multi-map which allow multiple values for the same key", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/multimap@1.1.0", - "externalReferences": [ - { - "url": "git://github.com/villadora/multi-map.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/villadora/multi-map#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/villadora/multi-map/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/multimap/-/multimap-1.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d19211f4f6ac3f1197991b0417c8ec0f39ddcc70e3eed21abfe2549af20507f587b30962167aaec44093fc37bb191e3283df64cbf36544a253f361b5cb6ef56f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/multimap" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "is-builtin-module", - "version": "3.2.1", - "bom-ref": "is-builtin-module@3.2.1", - "author": "Sindre Sorhus", - "description": "Check if a string matches the name of a Node.js builtin module", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-builtin-module@3.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/is-builtin-module.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/is-builtin-module#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/is-builtin-module/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0522c4dc79d5dacc99d052b488c03fc941a995478c98dcf8016e5f9d3ba76c222a662e2f1b75a3253f451cccb90faf719806011d742125d00b769c15c55e74d4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/is-builtin-module" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "pluralize", - "version": "8.0.0", - "bom-ref": "pluralize@8.0.0", - "author": "Blake Embrey", - "description": "Pluralize and singularize any word", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/pluralize@8.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/blakeembrey/pluralize.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/pluralize#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/pluralize/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "35cdc84f9c87cdf9537db8e0a967023e9a3b0da2b2e059e907497fcc2016d1373b8f1022baa4b11dab27b41dc3efcf3b2d2ac0f7790327d217a2fc49631c8b08" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/pluralize" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "read-pkg-up", - "version": "7.0.1", - "bom-ref": "read-pkg-up@7.0.1", - "author": "Sindre Sorhus", - "description": "Read the closest package.json file", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/read-pkg-up@7.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/read-pkg-up.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/read-pkg-up#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/read-pkg-up/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ccad1307b5dde89a422e694b9ae7eaca4184fbf4e539e3c3eaa28294d5bb8470ca161fc9effee0096191ee3a044045b56caab76b7c9465239b3a858b150e2886" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg-up" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "regexp-tree", - "version": "0.1.27", - "bom-ref": "regexp-tree@0.1.27", - "author": "Dmitry Soshnikov", - "description": "Regular Expressions parser in JavaScript", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/regexp-tree@0.1.27", - "externalReferences": [ - { - "url": "git+https://github.com/DmitrySoshnikov/regexp-tree.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/DmitrySoshnikov/regexp-tree", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DmitrySoshnikov/regexp-tree/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8844f1a632ba628456246e68ea15cbc2f8d80285be144667f68b343c3fdbe803fac50c2c6bf63b942560222c416d43cc7e1bbe8b62ed75e02a5538069506ab7c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/regexp-tree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "safe-regex", - "version": "2.1.1", - "bom-ref": "safe-regex@2.1.1", - "author": "James C.", - "description": "detect possibly catastrophic, exponential-time regular expressions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/safe-regex@2.1.1", - "externalReferences": [ - { - "url": "git://github.com/davisjam/safe-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/davisjam/safe-regex", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/davisjam/safe-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "af1fb1f0033329be50e6543de59a22e996c9ab008b92a8b75ee257a793f7ad3f0e11ceac642246e40139754de5b2046bfc5e01b37d634a554dfa3e4aaec1aef4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/safe-regex" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-plugin-unicorn", - "version": "52.0.0", - "bom-ref": "eslint-plugin-unicorn@52.0.0", - "author": "Sindre Sorhus", - "description": "More than 100 powerful ESLint rules", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/eslint-plugin-unicorn@52.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-52.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d58ce6eff9bed11e1d8c7d2d8c38df55e8bf8eedb0dc0cd41a31baabc267b8d20be71230b1f9720a8a16e6c7c1bd0a76a4c61015259608538db2309ac751079e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-unicorn" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslintrc", - "group": "@eslint", - "version": "2.1.4", - "bom-ref": "@eslint/eslintrc@2.1.4", - "author": "Nicholas C. Zakas", - "description": "The legacy ESLintRC config file format for ESLint", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40eslint/eslintrc@2.1.4", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslintrc.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/eslintrc#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslintrc/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dbaf59dfd312eb0549b6ca14975d0beb459d92125574f1b6e10e1e6531f79e717a969bd24a110adf04230d7f494560143ef3e1ec23a8b8fa54f48aea69916fb5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@eslint/eslintrc" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "espree", - "version": "9.6.1", - "bom-ref": "espree@9.6.1", - "author": "Nicholas C. Zakas", - "description": "An Esprima-compatible JavaScript parser built on Acorn", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/espree@9.6.1", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/espree.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/eslint/espree", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/espree/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a2bb99685923a2b4e9177da40d2239ffbe558b019e6608a7186cb636839283743d6e7c259e60e6e072e7925d111379fe9e30d7474dfb698d7ec79f19ff315dc1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/espree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "parent-module", - "version": "1.0.1", - "bom-ref": "parent-module@1.0.1", - "author": "Sindre Sorhus", - "description": "Get the path of the parent module", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/parent-module@1.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/parent-module.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/parent-module#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/parent-module/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/parent-module" - } - ] - }, - { - "type": "library", - "name": "resolve-from", - "version": "4.0.0", - "bom-ref": "resolve-from@4.0.0", - "author": "Sindre Sorhus", - "description": "Resolve the path of a module like `require.resolve()` but from a given path", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/resolve-from@4.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/resolve-from.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/resolve-from#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/resolve-from/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/resolve-from" - } - ] - }, - { - "type": "library", - "name": "ci-info", - "version": "4.0.0", - "bom-ref": "ci-info@4.0.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ci-info@4.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/watson/ci-info.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/watson/ci-info", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/watson/ci-info/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4dd1ea8067fda1d77c49736ec6d501571f0dbfea9939e8c4eaacaa8b2e4db5b61840e7856bace61e4c653f399a2f15961ec53a9c9981ec01137553e2fb634152" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ci-info" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "core-js-compat", - "version": "3.37.0", - "bom-ref": "core-js-compat@3.37.0", - "author": "Denis Pushkarev", - "description": "core-js compat", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/core-js-compat@3.37.0#packages/core-js-compat", - "externalReferences": [ - { - "url": "git+https://github.com/zloirock/core-js.git#packages/core-js-compat", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/zloirock/core-js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zloirock/core-js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bd8ab82fe4fc692e54b858385300e173b60d45655e559c25b5a77d0bf8d5dd1d8b8153a94bd043afb97f58be8137475b5779355de8cf4c7aaa133260b1ad1fac" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/core-js-compat" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "browserslist", - "version": "4.23.0", - "bom-ref": "browserslist@4.23.0", - "author": "Andrey Sitnik", - "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/browserslist@4.23.0", - "externalReferences": [ - { - "url": "git+https://github.com/browserslist/browserslist.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/browserslist/browserslist#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/browserslist/browserslist/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "416f0788cd6c8614f61aece4be495f8dc2838961571ce78508803f86e24fc07b2c97073276093b5fecf6cd7a448a33fdf14098ec76ee6d9b79276660bdfd0269" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/browserslist" - } - ] - }, - { - "type": "library", - "name": "caniuse-lite", - "version": "1.0.30001612", - "bom-ref": "caniuse-lite@1.0.30001612", - "author": "Ben Briggs", - "description": "A smaller version of caniuse-db, with only the essentials!", - "licenses": [ - { - "license": { - "id": "CC-BY-4.0" - } - } - ], - "purl": "pkg:npm/caniuse-lite@1.0.30001612", - "externalReferences": [ - { - "url": "git+https://github.com/browserslist/caniuse-lite.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/browserslist/caniuse-lite#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/browserslist/caniuse-lite/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001612.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "945827674ed485a09cb12660596d0ae63e1eebd74ad6efe5b6b2fd95352214ec0d1ecd764b750c204620055d19e82ea14437afee2467333cd898a69b61d5c5f6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/caniuse-lite" - } - ] - }, - { - "type": "library", - "name": "electron-to-chromium", - "version": "1.4.747", - "bom-ref": "electron-to-chromium@1.4.747", - "author": "Kilian Valkhof", - "description": "Provides a list of electron-to-chromium version mappings", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/electron-to-chromium@1.4.747", - "externalReferences": [ - { - "url": "git+https://github.com/kilian/electron-to-chromium.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kilian/electron-to-chromium#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kilian/electron-to-chromium/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.747.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f859d2599200bc51dbb0d566531844a9689a3a23cc71fba6d464339560a0ff02e2815b6c84eb235c7c8415f9ade9c14aebe1e44b740e241bfaff738fba66c17f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/electron-to-chromium" - } - ] - }, - { - "type": "library", - "name": "node-releases", - "version": "2.0.14", - "bom-ref": "node-releases@2.0.14", - "author": "Sergey Rubanov", - "description": "Node.js releases data", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/node-releases@2.0.14", - "externalReferences": [ - { - "url": "git+https://github.com/chicoxyzzy/node-releases.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chicoxyzzy/node-releases#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chicoxyzzy/node-releases/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "cb5d30396b7cc99a6a5e63a0468efb59a1c49a1610606340eb2e36d4f2ac2985842bc696f9ca80a616e8ad90e1a9fc8aadb64437dd823755f629b69f636b3b63" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/node-releases" - } - ] - }, - { - "type": "library", - "name": "update-browserslist-db", - "version": "1.0.13", - "bom-ref": "update-browserslist-db@1.0.13", - "author": "Andrey Sitnik", - "description": "CLI tool to update caniuse-lite to refresh target browsers from Browserslist config", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/update-browserslist-db@1.0.13", - "externalReferences": [ - { - "url": "git+https://github.com/browserslist/update-db.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/browserslist/update-db#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/browserslist/update-db/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c5e6cff3548d70fb8da4f3f7bb3796d4d617c48debc72273177a43eac1f88c4ee8fc85fe5ad4a9c27554faa22c0cfca4d1dde198543b9a3a9ce80b55eb4e216e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/update-browserslist-db" - } - ] - }, - { - "type": "library", - "name": "escalade", - "version": "3.1.2", - "bom-ref": "escalade@3.1.2", - "author": "Luke Edwards", - "description": "A tiny (183B to 210B) and fast utility to ascend parent directories", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/escalade@3.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/lukeed/escalade.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/lukeed/escalade#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/lukeed/escalade/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "12b08730269ed7dbd1f2f4067b9d3122c5689b2d7dae0ea016edfeaf78e410ee3ab2e2cc58192cbd5ca81a0415fa339f97ce1948e4a59afe86c5af3d3e64c698" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/escalade" - } - ] - }, - { - "type": "library", - "name": "estraverse", - "version": "5.3.0", - "bom-ref": "estraverse@5.3.0", - "description": "ECMAScript JS AST traversal functions", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/estraverse@5.3.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/estools/estraverse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/estools/estraverse", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/estools/estraverse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "30c74046e54443388d4de243f0380caa6870475d41450fdc04ffa92ed61d4939dfdcc20ef1f15e8883446d7dfa65d3657d4ffb03d7f7814c38f41de842cbf004" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/estraverse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "builtin-modules", - "version": "3.3.0", - "bom-ref": "builtin-modules@3.3.0", - "author": "Sindre Sorhus", - "description": "List of the Node.js builtin modules", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/builtin-modules@3.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/builtin-modules.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/builtin-modules#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/builtin-modules/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ce16820e271d2ee58de546cde4832716a34c84d7e8f75f6c1fce72dbf79afb9620f53b1391e671a4bf892dba7a7206054b8b112e9dd85784bac83baa5561d83b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/builtin-modules" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "jsesc", - "version": "3.0.2", - "bom-ref": "jsesc@3.0.2", - "author": "Mathias Bynens", - "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jsesc@3.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/mathiasbynens/jsesc.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://mths.be/jsesc", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mathiasbynens/jsesc/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c4aab3cd65c3b6d26e39c6b006de0a9ca1c721fe6843f0b16b1fb43d6146f83143807340762f935c40800c8f91622154326c7cefddb1b0c6db8178f80b09cfe2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jsesc" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "p-try", - "version": "2.2.0", - "bom-ref": "p-try@2.2.0", - "author": "Sindre Sorhus", - "description": "`Start a promise chain", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/p-try@2.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/p-try.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/p-try#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/p-try/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/p-try" - } - ] - }, - { - "type": "library", - "name": "path-exists", - "version": "4.0.0", - "bom-ref": "path-exists@4.0.0", - "author": "Sindre Sorhus", - "description": "Check if a path exists", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/path-exists@4.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/path-exists.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/path-exists#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/path-exists/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6a4f50cb943b8d86f65b071ecb9169be0d8aa0073f64884b48b392066466ca03ec1b091556dd1f65ad2aaed333fa6ead2530077d943c167981e0c1b82d6cbbff" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/path-exists" - } - ] - }, - { - "type": "library", - "name": "read-pkg", - "version": "5.2.0", - "bom-ref": "read-pkg@5.2.0", - "author": "Sindre Sorhus", - "description": "Read a package.json file", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/read-pkg@5.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/read-pkg.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/read-pkg#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/read-pkg/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "520ebd98d3a97ef28301cd90f034693238f376dae7bfd1dc48c5fee15b19c43d5a67a673ac813bae5cd706d593ca150b48c2a0d3be805ba591e626690f42623a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "normalize-package-data", - "group": "@types", - "version": "2.4.4", - "bom-ref": "@types/normalize-package-data@2.4.4", - "description": "TypeScript definitions for normalize-package-data", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/normalize-package-data@2.4.4#types/normalize-package-data", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/normalize-package-data", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/normalize-package-data", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dfb8be39a59387da9e2b82d21cfb32442ecd6a19c6a2d36e66f8cb4a070fcdb9691c1debac227100e808e6009d2a6edca289ec697d4e7f420b8937276636dfc4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/normalize-package-data" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "validate-npm-package-license", - "version": "3.0.4", - "bom-ref": "validate-npm-package-license@3.0.4", - "author": "Kyle E. Mitchell", - "description": "Give me a string and I'll tell you if it's a valid npm package license string", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/validate-npm-package-license@3.0.4", - "externalReferences": [ - { - "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/validate-npm-package-license" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "regjsparser", - "version": "0.10.0", - "bom-ref": "regjsparser@0.10.0", - "author": "'Julian Viereck'", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/regjsparser@0.10.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/jviereck/regjsparser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jviereck/regjsparser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jviereck/regjsparser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ab1fb1406655b32e79087d1ad61895c079aa8cbaf27e1ef04321791ced3b5c9f5fedd40c63f80f407865c83908cc9282fb1d9f502a42714383514505ae6ed21c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/regjsparser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "strip-indent", - "version": "3.0.0", - "bom-ref": "strip-indent@3.0.0", - "author": "Sindre Sorhus", - "description": "Strip leading whitespace from each line in a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/strip-indent@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/strip-indent.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/strip-indent#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/strip-indent/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "95a2536b725bf95429682e83b1e1e117b75756a1d37c93c24436846e277f76b3a1822b60624bbf95eb4c52a397168595d3320851b8e9747dadfad623e1b40c45" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/strip-indent" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "min-indent", - "version": "1.0.1", - "bom-ref": "min-indent@1.0.1", - "author": "James Kyle", - "description": "Get the shortest leading whitespace from lines in a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/min-indent@1.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/thejameskyle/min-indent.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/thejameskyle/min-indent#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/thejameskyle/min-indent/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "23d8f0327d3b4b2fc8c0e8f7cd59158a4d894ef8296b29036448a02fa471e8df4b6cccb0c1448cb71113fbb955a032cb7773b7217c09c2fbae9ecf1407f1de02" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/min-indent" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "js", - "group": "@eslint", - "version": "8.57.0", - "bom-ref": "@eslint/js@8.57.0", - "description": "ESLint JavaScript language implementation", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40eslint/js@8.57.0#packages/js", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint.git#packages/js", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://eslint.org", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint/issues/", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "62cfb78364da5bb8000ce2733edf37489b420e13239dd703305550fd38fd880d417c9cc5283f660145d3dce7a7a6e3c76c8e8ffe6c840b1449ae87d4b03c7fe6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@eslint/js" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "config-array", - "group": "@humanwhocodes", - "version": "0.11.14", - "bom-ref": "@humanwhocodes/config-array@0.11.14", - "author": "Nicholas C. Zakas", - "description": "Glob-based configuration matching.", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40humanwhocodes/config-array@0.11.14", - "externalReferences": [ - { - "url": "git+https://github.com/humanwhocodes/config-array.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/humanwhocodes/config-array#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/humanwhocodes/config-array/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dd3f0b90e9a0e39055e452026f5e5040cb325125ab43c0328157c2ed91b7db339a967aab8a59b4d7c6550b0d1e6a95eec7c16d037deaf0f4914acb6379ede34a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@humanwhocodes/config-array" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "object-schema", - "group": "@humanwhocodes", - "version": "2.0.3", - "bom-ref": "@humanwhocodes/object-schema@2.0.3", - "author": "Nicholas C. Zakas", - "description": "An object schema merger/validator", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", - "externalReferences": [ - { - "url": "git+https://github.com/humanwhocodes/object-schema.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/humanwhocodes/object-schema#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/humanwhocodes/object-schema/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f77cd874c112fdcd43ebdc9988a0c18f4576e2fa8dcc1fe4a05dba28f69a8007dddcfff8814961dc3cace688002be1318bd432ce50fcc7fd3c66def020a70370" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@humanwhocodes/object-schema" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "module-importer", - "group": "@humanwhocodes", - "version": "1.0.1", - "bom-ref": "@humanwhocodes/module-importer@1.0.1", - "author": "Nicholas C. Zaks", - "description": "Universal module importer for Node.js", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/humanwhocodes/module-importer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/humanwhocodes/module-importer#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/humanwhocodes/module-importer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6f1bde57857cbf961be277054d3deb3d281904ea429237cad32e28555549c08b8354144c0d7acfc9744bf7cf22e5aa7d9bd6e7c8412359f9b95a4066b5f7cb7c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@humanwhocodes/module-importer" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "fs.scandir", - "group": "@nodelib", - "version": "2.1.5", - "bom-ref": "@nodelib/fs.scandir@2.1.5", - "description": "List files and directories inside the specified directory", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5#master", - "externalReferences": [ - { - "url": "git+https://github.com/nodelib/nodelib.git#master", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/nodelib/nodelib/tree/master#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/nodelib/nodelib/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "beadb806adf29b91c4426d8d282af7c970f08dceef4ec1138510e7929d832bda75baa2d1f831eeae6fcd393a34286ec760753b7a9a4a663dcccaa62e3017fada" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@nodelib/fs.scandir" - } - ] - }, - { - "type": "library", - "name": "run-parallel", - "version": "1.2.0", - "bom-ref": "run-parallel@1.2.0", - "author": "Feross Aboukhadijeh", - "description": "Run an array of functions in parallel", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/run-parallel@1.2.0", - "externalReferences": [ - { - "url": "git://github.com/feross/run-parallel.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/feross/run-parallel", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/feross/run-parallel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e65e15c9947ce8b67f943c594d1ea3a8bf00144d92d0814b30fdba01b8ec2d5003c4776107f734194b07fb2dfd51f0a2dddcf3f0e950b8f9a768938ca031d004" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/run-parallel" - } - ] - }, - { - "type": "library", - "name": "queue-microtask", - "version": "1.2.3", - "bom-ref": "queue-microtask@1.2.3", - "author": "Feross Aboukhadijeh", - "description": "fast, tiny `queueMicrotask` shim for modern engines", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/queue-microtask@1.2.3", - "externalReferences": [ - { - "url": "git://github.com/feross/queue-microtask.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/feross/queue-microtask", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/feross/queue-microtask/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "36e68d49ae9f94a4f925a498433268934e09cd32f5080e9a1a1bf9adf2d6dcf82a03e3360a1a59427002f21f22e19164052f17e51aa40c11c0eebe217a3dcaf4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/queue-microtask" - } - ] - }, - { - "type": "library", - "name": "fastq", - "version": "1.17.1", - "bom-ref": "fastq@1.17.1", - "author": "Matteo Collina", - "description": "Fast, in memory work queue", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/fastq@1.17.1", - "externalReferences": [ - { - "url": "git+https://github.com/mcollina/fastq.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mcollina/fastq#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mcollina/fastq/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b11543de55952175a0e81cbaf1937bbe1a3d6b5a5070dfd604568002c0c31739498efa06c743fccfb575b7bda0ac525f261bb760f641baedb97fb29ac368cdd7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/fastq" - } - ] - }, - { - "type": "library", - "name": "reusify", - "version": "1.0.4", - "bom-ref": "reusify@1.0.4", - "author": "Matteo Collina", - "description": "Reuse objects and functions with style", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/reusify@1.0.4", - "externalReferences": [ - { - "url": "git+https://github.com/mcollina/reusify.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mcollina/reusify#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mcollina/reusify/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "53d9c7f3c6b77dcfde902175974fd43f5228b22b888f24e1ee106f5d530762055c7c6bedf3ded782e8f650e2c3788e411b69bbfeec3268b553e9f6ed0b04f2cf" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/reusify" - } - ] - }, - { - "type": "library", - "name": "structured-clone", - "group": "@ungap", - "version": "1.2.0", - "bom-ref": "@ungap/structured-clone@1.2.0", - "author": "Andrea Giammarchi", - "description": "A structuredClone polyfill", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40ungap/structured-clone@1.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/ungap/structured-clone.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ungap/structured-clone#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ungap/structured-clone/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "cee55d16b3098ae083414302cd0683e8a2f6f0c8e7aaa37c5e702a884abd3cd9bf8423d34867eb5c239fc23d68c382c56ffb4dca624fc2c35b55e3dcd7116aad" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@ungap/structured-clone" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "path-key", - "version": "3.1.1", - "bom-ref": "path-key@3.1.1", - "author": "Sindre Sorhus", - "description": "Get the PATH environment variable key cross-platform", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/path-key@3.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/path-key.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/path-key#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/path-key/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/path-key" - } - ] - }, - { - "type": "library", - "name": "shebang-command", - "version": "2.0.0", - "bom-ref": "shebang-command@2.0.0", - "author": "Kevin Mårtensson", - "description": "Get the command from a shebang", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/shebang-command@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/kevva/shebang-command.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kevva/shebang-command#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kevva/shebang-command/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/shebang-command" - } - ] - }, - { - "type": "library", - "name": "shebang-regex", - "version": "3.0.0", - "bom-ref": "shebang-regex@3.0.0", - "author": "Sindre Sorhus", - "description": "Regular expression for matching a shebang line", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/shebang-regex@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/shebang-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/shebang-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/shebang-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/shebang-regex" - } - ] - }, - { - "type": "library", - "name": "which", - "version": "2.0.2", - "bom-ref": "which@2.0.2", - "author": "Isaac Z. Schlueter", - "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/which@2.0.2", - "externalReferences": [ - { - "url": "git://github.com/isaacs/node-which.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-which#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-which/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/which" - } - ] - }, - { - "type": "library", - "name": "isexe", - "version": "2.0.0", - "bom-ref": "isexe@2.0.0", - "author": "Isaac Z. Schlueter", - "description": "Minimal module to check if a file is executable.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/isexe@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/isexe.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/isexe#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/isexe/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "447c4c2e9f659ca1c61d19e0f5016144231b600715a67ebdb2648672addfdfac638155564e18f8aaa2db4cb96aed2b23f01f9f210d44b8210623694ab3241e23" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/isexe" - } - ] - }, - { - "type": "library", - "name": "eslint-scope", - "version": "7.2.2", - "bom-ref": "eslint-scope@7.2.2", - "description": "ECMAScript scope analyzer for ESLint", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/eslint-scope@7.2.2", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-scope.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "http://github.com/eslint/eslint-scope", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-scope/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "74eb76d4eee54cc84333e5fd981e065fe0d9ad9b425093cbff095c4eac72af1e48bced0862d20b76dad0190a7ef27e52d20c1256639ff4d42b8cc3a07d066522" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-scope" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "acorn", - "version": "8.11.3", - "bom-ref": "acorn@8.11.3", - "description": "ECMAScript parser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/acorn@8.11.3", - "externalReferences": [ - { - "url": "git+https://github.com/acornjs/acorn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/acornjs/acorn", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/acornjs/acorn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "63dad17c91b98dc28e13408b8ac61ba2352322b20413b00633303f4a6e01b2500d85b4be70332980175c3d3f75a09eceb89f61609071e7d4636e1c559eb17c5e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/acorn" - } - ] - }, - { - "type": "library", - "name": "flat-cache", - "version": "3.2.0", - "bom-ref": "flat-cache@3.2.0", - "author": "Jared Wray", - "description": "A stupidly simple key/value storage using files to persist some data", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/flat-cache@3.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/jaredwray/flat-cache.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jaredwray/flat-cache#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jaredwray/flat-cache/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "09870435af85b5c50a2e6861ab272da5c96cabb405dfca4a8d91ec18d892405e6be05b6828359a6c50e5de1cda11032f4f52c7132b30e6dc202efa5861be2f6f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/flat-cache" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "flatted", - "version": "3.3.1", - "bom-ref": "flatted@3.3.1", - "author": "Andrea Giammarchi", - "description": "A super light and fast circular JSON parser.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/flatted@3.3.1", - "externalReferences": [ - { - "url": "git+https://github.com/WebReflection/flatted.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/WebReflection/flatted#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/WebReflection/flatted/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5fc72a30b2e27bb2ac3540d277378df0560af6b12de03b7aeceb06fc33469d84d20c11b8b850091419d47a257ecc2540bf0172e7a22333db07e758d568484dc7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/flatted" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "keyv", - "version": "4.5.4", - "bom-ref": "keyv@4.5.4", - "author": "Jared Wray", - "description": "Simple key-value storage with support for multiple backends", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/keyv@4.5.4", - "externalReferences": [ - { - "url": "git+https://github.com/jaredwray/keyv.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jaredwray/keyv", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jaredwray/keyv/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a3154790747f1097f608d5e75b144b5ba9a0ec9c82094706d03b441a62f672d528d4f3538a7d4f52297eafffb8af93295600bf7e7d648ecc7b9a34ae8caa88a7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/keyv" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "json-buffer", - "version": "3.0.1", - "bom-ref": "json-buffer@3.0.1", - "author": "Dominic Tarr", - "description": "JSON parse & stringify that supports binary via bops & base64", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/json-buffer@3.0.1", - "externalReferences": [ - { - "url": "git://github.com/dominictarr/json-buffer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/dominictarr/json-buffer", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/dominictarr/json-buffer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e1b57905f4769aa7d04c99be579b4f3dd7fe669ba1888bd3b8007983c91cad7399a534ff430c15456072c17d68cebea512e3dd6c7c70689966f46ea6236b1f49" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/json-buffer" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "find-up", - "version": "5.0.0", - "bom-ref": "find-up@5.0.0", - "author": "Sindre Sorhus", - "description": "Find a file or directory by walking up parent directories", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/find-up@5.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/find-up.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/find-up#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/find-up/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "efcfcf5d3d7094b2c3813cc3b3bb23abd873cf4bd70fece7fbbc32a447b87d74310a6766a9f1ac10f4319a2092408dda8c557dd5b552b2f36dac94625ba9c69e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/find-up" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "locate-path", - "version": "6.0.0", - "bom-ref": "locate-path@6.0.0", - "author": "Sindre Sorhus", - "description": "Get the first path that exists on disk of multiple paths", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/locate-path@6.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/locate-path.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/locate-path#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/locate-path/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "88f64ae9e6236f146edee078fd667712c10830914ca80a28a65dd1fb3baad148dc026fcc3ba282c1e0e03df3f77a54f3b6828fdcab67547c539f63470520d553" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/locate-path" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "p-locate", - "version": "5.0.0", - "bom-ref": "p-locate@5.0.0", - "author": "Sindre Sorhus", - "description": "Get the first fulfilled promise that satisfies the provided testing function", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/p-locate@5.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/p-locate.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/p-locate#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/p-locate/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2da363b51594058fbecc1e6713f37071aa0cca548f93e4be647341d53cdd6cc24c9f2e9dca7a401aded7fed97f418ab74c8784ea7c47a696e8d8b1b29ab1b93f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/p-locate" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "is-extglob", - "version": "2.1.1", - "bom-ref": "is-extglob@2.1.1", - "author": "Jon Schlinkert", - "description": "Returns true if a string has an extglob.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-extglob@2.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/jonschlinkert/is-extglob.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jonschlinkert/is-extglob", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jonschlinkert/is-extglob/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/is-extglob" - } - ] - }, - { - "type": "library", - "name": "is-path-inside", - "version": "3.0.3", - "bom-ref": "is-path-inside@3.0.3", - "author": "Sindre Sorhus", - "description": "Check if a path is inside another path", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-path-inside@3.0.3", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/is-path-inside.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/is-path-inside#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/is-path-inside/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "15de200016fec9c18098aa2ef1e31fb42ba94a2af9951c6a7f8683fef774703daa7381cbd3b3a309eb8732bf11a380a831a782283074fc40813955a34f052f3d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/is-path-inside" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "prelude-ls", - "version": "1.2.1", - "bom-ref": "prelude-ls@1.2.1", - "author": "George Zahariev", - "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/prelude-ls@1.2.1", - "externalReferences": [ - { - "url": "git://github.com/gkz/prelude-ls.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "http://preludels.com", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/gkz/prelude-ls/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "be47033eb459a354192db9f944b18fa60fd698843ae6aa165a170629ffdbe5ea659246ab5f49bdcfca6909ab789a53aa52c5a9c8db9880edd5472ad81d2cd7e6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/prelude-ls" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "type-check", - "version": "0.4.0", - "bom-ref": "type-check@0.4.0", - "author": "George Zahariev", - "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/type-check@0.4.0", - "externalReferences": [ - { - "url": "git://github.com/gkz/type-check.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/gkz/type-check", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/gkz/type-check/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e5794a1cf6ec065ea8d6c176944d9026ccc705679f39f10036befc7552be7121c8b15c83fef0b9c50e0469954df4bacead7aa765b2415fbbe69ee0aefd3a87b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/type-check" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "word-wrap", - "group": "@aashutoshrathi", - "version": "1.2.6", - "bom-ref": "@aashutoshrathi/word-wrap@1.2.6", - "author": "Jon Schlinkert", - "description": "Wrap words to a specified length.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6", - "externalReferences": [ - { - "url": "git+https://github.com/aashutoshrathi/word-wrap.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/aashutoshrathi/word-wrap", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aashutoshrathi/word-wrap/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d588ecd92bccf137e5111fce0f770e8e15963996f9f00dadef0a44d92f577c161388897e5c58501b66e3cb83eed48f8402508d533443603745c056142af5dc20" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aashutoshrathi/word-wrap" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "deep-is", - "version": "0.1.4", - "bom-ref": "deep-is@0.1.4", - "author": "Thorsten Lorenz", - "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/deep-is@0.1.4", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/thlorenz/deep-is.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/thlorenz/deep-is#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/thlorenz/deep-is/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a083f392c993838fccae289a6063bea245c34fbced9ffc37129b6fffe81221d31d2ac268d2ee027d834524fcbee1228cb82a86c36c319c0f9444c837b7c6bf6d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/deep-is" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "accepts", - "version": "1.3.8", - "bom-ref": "accepts@1.3.8", - "description": "Higher-level content negotiation", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/accepts@1.3.8", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/accepts.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/accepts#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/accepts/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/accepts" - } - ] - }, - { - "type": "library", - "name": "mime-types", - "version": "2.1.35", - "bom-ref": "mime-types@2.1.35", - "description": "The ultimate javascript content-type utility.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/mime-types@2.1.35", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/mime-types.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/mime-types#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/mime-types/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mime-types" - } - ] - }, - { - "type": "library", - "name": "negotiator", - "version": "0.6.3", - "bom-ref": "negotiator@0.6.3", - "description": "HTTP content negotiation", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/negotiator@0.6.3", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/negotiator.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/negotiator#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/negotiator/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/negotiator" - } - ] - }, - { - "type": "library", - "name": "array-flatten", - "version": "1.1.1", - "bom-ref": "array-flatten@1.1.1", - "author": "Blake Embrey", - "description": "Flatten an array of nested arrays into a single flat array", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/array-flatten@1.1.1", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/array-flatten.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/array-flatten", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/array-flatten/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/array-flatten" - } - ] - }, - { - "type": "library", - "name": "body-parser", - "version": "1.20.2", - "bom-ref": "body-parser@1.20.2", - "description": "Node.js body parsing middleware", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/body-parser@1.20.2", - "externalReferences": [ - { - "url": "git+https://github.com/expressjs/body-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/expressjs/body-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/expressjs/body-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9a5f6945e0aedcceb590696aa139b6ba64974e5453b864f1d1b7d88feb8850a298c9c1b936d49b79eb55ddf69253a47b6a338fc3483f2753ef2b8a8dcbbb396c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/body-parser" - } - ] - }, - { - "type": "library", - "name": "bytes", - "version": "3.1.2", - "bom-ref": "bytes@3.1.2", - "author": "TJ Holowaychuk", - "description": "Utility to parse a string bytes to bytes and vice-versa", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/bytes@3.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/visionmedia/bytes.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/visionmedia/bytes.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/visionmedia/bytes.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/bytes" - } - ] - }, - { - "type": "library", - "name": "depd", - "version": "2.0.0", - "bom-ref": "depd@2.0.0", - "author": "Douglas Christopher Wilson", - "description": "Deprecate all the things", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/depd@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/dougwilson/nodejs-depd.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/dougwilson/nodejs-depd#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/dougwilson/nodejs-depd/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/depd" - } - ] - }, - { - "type": "library", - "name": "destroy", - "version": "1.2.0", - "bom-ref": "destroy@1.2.0", - "author": "Jonathan Ong", - "description": "destroy a stream if possible", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/destroy@1.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/stream-utils/destroy.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/stream-utils/destroy#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/stream-utils/destroy/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/destroy" - } - ] - }, - { - "type": "library", - "name": "http-errors", - "version": "2.0.0", - "bom-ref": "http-errors@2.0.0", - "author": "Jonathan Ong", - "description": "Create HTTP error objects", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/http-errors@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/http-errors.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/http-errors#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/http-errors/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/http-errors" - } - ] - }, - { - "type": "library", - "name": "iconv-lite", - "version": "0.4.24", - "bom-ref": "iconv-lite@0.4.24", - "author": "Alexander Shtuchkin", - "description": "Convert character encodings in pure javascript.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/iconv-lite@0.4.24", - "externalReferences": [ - { - "url": "git://github.com/ashtuchkin/iconv-lite.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ashtuchkin/iconv-lite", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ashtuchkin/iconv-lite/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/iconv-lite" - } - ] - }, - { - "type": "library", - "name": "safer-buffer", - "version": "2.1.2", - "bom-ref": "safer-buffer@2.1.2", - "author": "Nikita Skovoroda", - "description": "Modern Buffer API polyfill without footguns", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/safer-buffer@2.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/ChALkeR/safer-buffer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ChALkeR/safer-buffer#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ChALkeR/safer-buffer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/safer-buffer" - } - ] - }, - { - "type": "library", - "name": "on-finished", - "version": "2.4.1", - "bom-ref": "on-finished@2.4.1", - "description": "Execute a callback when a request closes, finishes, or errors", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/on-finished@2.4.1", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/on-finished.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/on-finished#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/on-finished/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/on-finished" - } - ] - }, - { - "type": "library", - "name": "qs", - "version": "6.11.0", - "bom-ref": "qs@6.11.0", - "description": "A querystring parser that supports nesting and arrays, with a depth limit", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/qs@6.11.0", - "externalReferences": [ - { - "url": "git+https://github.com/ljharb/qs.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ljharb/qs", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ljharb/qs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/qs" - } - ] - }, - { - "type": "library", - "name": "raw-body", - "version": "2.5.2", - "bom-ref": "raw-body@2.5.2", - "author": "Jonathan Ong", - "description": "Get and validate the raw body of a readable stream.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/raw-body@2.5.2", - "externalReferences": [ - { - "url": "git+https://github.com/stream-utils/raw-body.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/stream-utils/raw-body#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/stream-utils/raw-body/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f331aaca97c4363088a868605d3a02f1a076afb62b057f804007c83ecfcc964f81b4f4f3b4ebd34b4d4d456ff7121eb427e6b8f25b7caac0b38ab43a9680957c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/raw-body" - } - ] - }, - { - "type": "library", - "name": "unpipe", - "version": "1.0.0", - "bom-ref": "unpipe@1.0.0", - "author": "Douglas Christopher Wilson", - "description": "Unpipe a stream from all destinations", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/unpipe@1.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/stream-utils/unpipe.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/stream-utils/unpipe#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/stream-utils/unpipe/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/unpipe" - } - ] - }, - { - "type": "library", - "name": "type-is", - "version": "1.6.18", - "bom-ref": "type-is@1.6.18", - "description": "Infer the content-type of a request.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/type-is@1.6.18", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/type-is.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/type-is#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/type-is/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/type-is" - } - ] - }, - { - "type": "library", - "name": "content-disposition", - "version": "0.5.4", - "bom-ref": "content-disposition@0.5.4", - "author": "Douglas Christopher Wilson", - "description": "Create and parse Content-Disposition header", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/content-disposition@0.5.4", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/content-disposition.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/content-disposition#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/content-disposition/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/content-disposition" - } - ] - }, - { - "type": "library", - "name": "cookie-signature", - "version": "1.0.6", - "bom-ref": "cookie-signature@1.0.6", - "author": "TJ Holowaychuk", - "description": "Sign and unsign cookies", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/cookie-signature@1.0.6", - "externalReferences": [ - { - "url": "git+https://github.com/visionmedia/node-cookie-signature.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/visionmedia/node-cookie-signature#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/visionmedia/node-cookie-signature/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/cookie-signature" - } - ] - }, - { - "type": "library", - "name": "cookie", - "version": "0.6.0", - "bom-ref": "cookie@0.6.0", - "author": "Roman Shtylman", - "description": "HTTP server cookie parsing and serialization", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/cookie@0.6.0", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/cookie.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/cookie#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/cookie/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "53bd5cc936a6ba1d4244d09fa4663ab68dbc971bcdc0f1b81aecff1158e07f7266cefd2f943a756ad4fd792e5d0e33181ee7291db5a7b3a2f07f704acfab2f77" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/cookie" - } - ] - }, - { - "type": "library", - "name": "encodeurl", - "version": "1.0.2", - "bom-ref": "encodeurl@1.0.2", - "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/encodeurl@1.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/pillarjs/encodeurl.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/pillarjs/encodeurl#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/pillarjs/encodeurl/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/encodeurl" - } - ] - }, - { - "type": "library", - "name": "escape-html", - "version": "1.0.3", - "bom-ref": "escape-html@1.0.3", - "description": "Escape string for use in HTML", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/escape-html@1.0.3", - "externalReferences": [ - { - "url": "git+https://github.com/component/escape-html.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/component/escape-html#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/component/escape-html/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/escape-html" - } - ] - }, - { - "type": "library", - "name": "etag", - "version": "1.8.1", - "bom-ref": "etag@1.8.1", - "description": "Create simple HTTP ETags", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/etag@1.8.1", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/etag.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/etag#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/etag/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/etag" - } - ] - }, - { - "type": "library", - "name": "finalhandler", - "version": "1.2.0", - "bom-ref": "finalhandler@1.2.0", - "author": "Douglas Christopher Wilson", - "description": "Node.js final http responder", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/finalhandler@1.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/pillarjs/finalhandler.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/pillarjs/finalhandler#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/pillarjs/finalhandler/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/finalhandler" - } - ] - }, - { - "type": "library", - "name": "parseurl", - "version": "1.3.3", - "bom-ref": "parseurl@1.3.3", - "description": "parse a url with memoization", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/parseurl@1.3.3", - "externalReferences": [ - { - "url": "git+https://github.com/pillarjs/parseurl.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/pillarjs/parseurl#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/pillarjs/parseurl/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/parseurl" - } - ] - }, - { - "type": "library", - "name": "statuses", - "version": "2.0.1", - "bom-ref": "statuses@2.0.1", - "description": "HTTP status utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/statuses@2.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/statuses.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/statuses#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/statuses/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/statuses" - } - ] - }, - { - "type": "library", - "name": "fresh", - "version": "0.5.2", - "bom-ref": "fresh@0.5.2", - "author": "TJ Holowaychuk", - "description": "HTTP response freshness testing", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fresh@0.5.2", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/fresh.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/fresh#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/fresh/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/fresh" - } - ] - }, - { - "type": "library", - "name": "setprototypeof", - "version": "1.2.0", - "bom-ref": "setprototypeof@1.2.0", - "author": "Wes Todd", - "description": "A small polyfill for Object.setprototypeof", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/setprototypeof@1.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/wesleytodd/setprototypeof.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/wesleytodd/setprototypeof", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/wesleytodd/setprototypeof/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/setprototypeof" - } - ] - }, - { - "type": "library", - "name": "toidentifier", - "version": "1.0.1", - "bom-ref": "toidentifier@1.0.1", - "author": "Douglas Christopher Wilson", - "description": "Convert a string of words to a JavaScript identifier", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/toidentifier@1.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/component/toidentifier.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/component/toidentifier#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/component/toidentifier/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/toidentifier" - } - ] - }, - { - "type": "library", - "name": "merge-descriptors", - "version": "1.0.1", - "bom-ref": "merge-descriptors@1.0.1", - "author": "Jonathan Ong", - "description": "Merge objects using descriptors", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/merge-descriptors@1.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/component/merge-descriptors.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/component/merge-descriptors#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/component/merge-descriptors/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/merge-descriptors" - } - ] - }, - { - "type": "library", - "name": "methods", - "version": "1.1.2", - "bom-ref": "methods@1.1.2", - "description": "HTTP methods that node supports", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/methods@1.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/methods.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/methods#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/methods/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/methods" - } - ] - }, - { - "type": "library", - "name": "ee-first", - "version": "1.1.1", - "bom-ref": "ee-first@1.1.1", - "author": "Jonathan Ong", - "description": "return the first event in a set of ee/event pairs", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ee-first@1.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/jonathanong/ee-first.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jonathanong/ee-first#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jonathanong/ee-first/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ee-first" - } - ] - }, - { - "type": "library", - "name": "path-to-regexp", - "version": "0.1.7", - "bom-ref": "path-to-regexp@0.1.7", - "description": "Express style path to RegExp utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/path-to-regexp@0.1.7", - "externalReferences": [ - { - "url": "git+https://github.com/component/path-to-regexp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/component/path-to-regexp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/component/path-to-regexp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/path-to-regexp" - } - ] - }, - { - "type": "library", - "name": "proxy-addr", - "version": "2.0.7", - "bom-ref": "proxy-addr@2.0.7", - "author": "Douglas Christopher Wilson", - "description": "Determine address of proxied request", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/proxy-addr@2.0.7", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/proxy-addr.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/proxy-addr#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/proxy-addr/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/proxy-addr" - } - ] - }, - { - "type": "library", - "name": "forwarded", - "version": "0.2.0", - "bom-ref": "forwarded@0.2.0", - "description": "Parse HTTP X-Forwarded-For header", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/forwarded@0.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/forwarded.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/forwarded#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/forwarded/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/forwarded" - } - ] - }, - { - "type": "library", - "name": "ipaddr.js", - "version": "1.9.1", - "bom-ref": "ipaddr.js@1.9.1", - "author": "whitequark", - "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ipaddr.js@1.9.1", - "externalReferences": [ - { - "url": "git://github.com/whitequark/ipaddr.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/whitequark/ipaddr.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/whitequark/ipaddr.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ipaddr.js" - } - ] - }, - { - "type": "library", - "name": "side-channel", - "version": "1.0.6", - "bom-ref": "side-channel@1.0.6", - "author": "Jordan Harband", - "description": "Store information about any JS value in a side channel. Uses WeakMap if available.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/side-channel@1.0.6", - "externalReferences": [ - { - "url": "git+https://github.com/ljharb/side-channel.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ljharb/side-channel#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ljharb/side-channel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7c35bf119e90f5188ef1e146f078feeeefe85be5eb3d320287008e336fad87603a39b943b58608a6f7bd9be2af23d6780bda9211795a191e9b4c460745eba094" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/side-channel" - } - ] - }, - { - "type": "library", - "name": "call-bind", - "version": "1.0.7", - "bom-ref": "call-bind@1.0.7", - "author": "Jordan Harband", - "description": "Robustly `.call.bind()` a function", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/call-bind@1.0.7", - "externalReferences": [ - { - "url": "git+https://github.com/ljharb/call-bind.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ljharb/call-bind#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ljharb/call-bind/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1874d2352608090eec707eec67e336ac5a294682e1f2dd9b2d25ba05b82bb4bb1a84e201e62c805497fd1a358addc6130da323e17741a4cd5c03aa484b42afdb" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/call-bind" - } - ] - }, - { - "type": "library", - "name": "es-define-property", - "version": "1.0.0", - "bom-ref": "es-define-property@1.0.0", - "author": "Jordan Harband", - "description": "`Object.defineProperty`, but not IE 8's broken one.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/es-define-property@1.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/ljharb/es-define-property.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ljharb/es-define-property#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ljharb/es-define-property/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8f16b22ca4a1ac4aaacc9d1eba641b5614d840cdbb09f4f54f7e7e8028031682fcd892ec5ea4c9efacefe80d182ce8049cb50cbcbcec0ec188ae5f0d1694f681" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/es-define-property" - } - ] - }, - { - "type": "library", - "name": "get-intrinsic", - "version": "1.2.4", - "bom-ref": "get-intrinsic@1.2.4", - "author": "Jordan Harband", - "description": "Get and robustly cache all JS language-level intrinsics at first require time", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/get-intrinsic@1.2.4", - "externalReferences": [ - { - "url": "git+https://github.com/ljharb/get-intrinsic.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ljharb/get-intrinsic#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ljharb/get-intrinsic/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e6e621b091fc549053bfba2c960e01ce7258843a1123ac1a602c4c9827674eb702ac703f7c214aa13173d8928a1341dd0c5505effa10ba1cee99724aee968145" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/get-intrinsic" - } - ] - }, - { - "type": "library", - "name": "es-errors", - "version": "1.3.0", - "bom-ref": "es-errors@1.3.0", - "author": "Jordan Harband", - "description": "A simple cache for a few of the JS Error constructors.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/es-errors@1.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/ljharb/es-errors.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ljharb/es-errors#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ljharb/es-errors/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "65fe47d8ac6ddb18d3bdb26f3f66562c4202c40ea3fa1026333225ca9cb8c5c060d6f2959f1f3d5b2d066d2fa47f9730095145cdd0858765d20853542d2e9cb3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/es-errors" - } - ] - }, - { - "type": "library", - "name": "function-bind", - "version": "1.1.2", - "bom-ref": "function-bind@1.1.2", - "author": "Raynos", - "description": "Implementation of Function.prototype.bind", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/function-bind@1.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/Raynos/function-bind.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Raynos/function-bind", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Raynos/function-bind/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/function-bind" - } - ] - }, - { - "type": "library", - "name": "set-function-length", - "version": "1.2.2", - "bom-ref": "set-function-length@1.2.2", - "author": "Jordan Harband", - "description": "Set a function's length property", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/set-function-length@1.2.2", - "externalReferences": [ - { - "url": "git+https://github.com/ljharb/set-function-length.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ljharb/set-function-length#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ljharb/set-function-length/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a6045ce21278fec363582492f409a74b8d31ddb34c0d39271e02f951a3014ccc899d4f741205a1d51cfe302f5e16ee01b8dfd4c198ca42e63fd6fdeb33b1cc7e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/set-function-length" - } - ] - }, - { - "type": "library", - "name": "define-data-property", - "version": "1.1.4", - "bom-ref": "define-data-property@1.1.4", - "author": "Jordan Harband", - "description": "Define a data property on an object. Will fall back to assignment in an engine without descriptors.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/define-data-property@1.1.4", - "externalReferences": [ - { - "url": "git+https://github.com/ljharb/define-data-property.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ljharb/define-data-property#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ljharb/define-data-property/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ac132f23396903cbfa13e489668a3ef87018aac2eb920ecc49f2229cc3c5866928af0ed7f9d39754942cf904faf731a4cccc9f0e720c3765a2775f8d6cbdd3f8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/define-data-property" - } - ] - }, - { - "type": "library", - "name": "gopd", - "version": "1.0.1", - "bom-ref": "gopd@1.0.1", - "author": "Jordan Harband", - "description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/gopd@1.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/ljharb/gopd.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ljharb/gopd#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ljharb/gopd/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/gopd" - } - ] - }, - { - "type": "library", - "name": "has-property-descriptors", - "version": "1.0.2", - "bom-ref": "has-property-descriptors@1.0.2", - "author": "Jordan Harband", - "description": "Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/has-property-descriptors@1.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/inspect-js/has-property-descriptors.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/inspect-js/has-property-descriptors#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/inspect-js/has-property-descriptors/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e7924d2ae216fafab829ed418ce4e333661cb5022f093ec61731f099f64f1a8e709eb82489dd1842d9c095e152aae9999b86b3de7d814be7ab6f2e62a49760ae" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/has-property-descriptors" - } - ] - }, - { - "type": "library", - "name": "has-proto", - "version": "1.0.3", - "bom-ref": "has-proto@1.0.3", - "author": "Jordan Harband", - "description": "Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/has-proto@1.0.3", - "externalReferences": [ - { - "url": "git+https://github.com/inspect-js/has-proto.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/inspect-js/has-proto#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/inspect-js/has-proto/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "489d5a999009522652f8f86c54b7f9b46c9d95a541f04745a5a48ee209a250a50ec64f2ace7e40232e19789526876db39c8764fee300513da9977171cd5507f9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/has-proto" - } - ] - }, - { - "type": "library", - "name": "has-symbols", - "version": "1.0.3", - "bom-ref": "has-symbols@1.0.3", - "author": "Jordan Harband", - "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/has-symbols@1.0.3", - "externalReferences": [ - { - "url": "git://github.com/inspect-js/has-symbols.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ljharb/has-symbols#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ljharb/has-symbols/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/has-symbols" - } - ] - }, - { - "type": "library", - "name": "hasown", - "version": "2.0.2", - "bom-ref": "hasown@2.0.2", - "author": "Jordan Harband", - "description": "A robust, ES3 compatible, \"has own property\" predicate.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/hasown@2.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/inspect-js/hasOwn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/inspect-js/hasOwn#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/inspect-js/hasOwn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d21254f5208fbe633320175916a34f5d66ba76a87b59d1f470823dcbe0b24bcac6de72f8f01725adaf4798a8555541f23d6347e58ef10f0001edb7e04a391431" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/hasown" - } - ] - }, - { - "type": "library", - "name": "object-inspect", - "version": "1.13.1", - "bom-ref": "object-inspect@1.13.1", - "author": "James Halliday", - "description": "string representations of objects in node and the browser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/object-inspect@1.13.1", - "externalReferences": [ - { - "url": "git://github.com/inspect-js/object-inspect.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/inspect-js/object-inspect", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/inspect-js/object-inspect/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/object-inspect" - } - ] - }, - { - "type": "library", - "name": "range-parser", - "version": "1.2.1", - "bom-ref": "range-parser@1.2.1", - "author": "TJ Holowaychuk", - "description": "Range header field string parser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/range-parser@1.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/range-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/range-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/range-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/range-parser" - } - ] - }, - { - "type": "library", - "name": "send", - "version": "0.18.0", - "bom-ref": "send@0.18.0", - "author": "TJ Holowaychuk", - "description": "Better streaming static file server with Range and conditional-GET support", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/send@0.18.0", - "externalReferences": [ - { - "url": "git+https://github.com/pillarjs/send.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/pillarjs/send#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/pillarjs/send/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/send" - } - ] - }, - { - "type": "library", - "name": "mime", - "version": "1.6.0", - "bom-ref": "mime@1.6.0", - "author": "Robert Kieffer", - "description": "A comprehensive library for mime-type mapping", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/mime@1.6.0", - "externalReferences": [ - { - "url": "git+https://github.com/broofa/node-mime.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/broofa/node-mime#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/broofa/node-mime/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mime" - } - ] - }, - { - "type": "library", - "name": "serve-static", - "version": "1.15.0", - "bom-ref": "serve-static@1.15.0", - "author": "Douglas Christopher Wilson", - "description": "Serve static files", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/serve-static@1.15.0", - "externalReferences": [ - { - "url": "git+https://github.com/expressjs/serve-static.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/expressjs/serve-static#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/expressjs/serve-static/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/serve-static" - } - ] - }, - { - "type": "library", - "name": "media-typer", - "version": "0.3.0", - "bom-ref": "media-typer@0.3.0", - "author": "Douglas Christopher Wilson", - "description": "Simple RFC 6838 media type parser and formatter", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/media-typer@0.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/media-typer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/media-typer#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/media-typer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/media-typer" - } - ] - }, - { - "type": "library", - "name": "utils-merge", - "version": "1.0.1", - "bom-ref": "utils-merge@1.0.1", - "author": "Jared Hanson", - "description": "merge() utility function", - "licenses": [ - { - "license": { - "id": "MIT" - } - }, - { - "license": { - "id": "MIT", - "url": "http://opensource.org/licenses/MIT" - } - } - ], - "purl": "pkg:npm/utils-merge@1.0.1", - "externalReferences": [ - { - "url": "git://github.com/jaredhanson/utils-merge.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jaredhanson/utils-merge#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/jaredhanson/utils-merge/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/utils-merge" - } - ] - }, - { - "type": "library", - "name": "vary", - "version": "1.1.2", - "bom-ref": "vary@1.1.2", - "author": "Douglas Christopher Wilson", - "description": "Manipulate the HTTP Vary header", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/vary@1.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/vary.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/vary#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/vary/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/vary" - } - ] - }, - { - "type": "library", - "name": "asynckit", - "version": "0.4.0", - "bom-ref": "asynckit@0.4.0", - "author": "Alex Indigo", - "description": "Minimal async jobs utility library, with streams support", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/asynckit@0.4.0", - "externalReferences": [ - { - "url": "git+https://github.com/alexindigo/asynckit.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/alexindigo/asynckit#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/alexindigo/asynckit/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "39e8bd387e2d461d18a94dc6c615fbf5d33f9b0560bdb64969235a464f9bb21923d12e5c7c772061a92b7818eb1f06ad5ca6f3f88a087582f1aca8a6d8c8d6d1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/asynckit" - } - ] - }, - { - "type": "library", - "name": "combined-stream", - "version": "1.0.8", - "bom-ref": "combined-stream@1.0.8", - "author": "Felix Geisendörfer", - "description": "A stream that emits multiple other streams one after another.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/combined-stream@1.0.8", - "externalReferences": [ - { - "url": "git://github.com/felixge/node-combined-stream.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/felixge/node-combined-stream", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/felixge/node-combined-stream/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/combined-stream" - } - ] - }, - { - "type": "library", - "name": "delayed-stream", - "version": "1.0.0", - "bom-ref": "delayed-stream@1.0.0", - "author": "Felix Geisendörfer", - "description": "Buffers events from a stream until you are ready to handle them.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/delayed-stream@1.0.0", - "externalReferences": [ - { - "url": "git://github.com/felixge/node-delayed-stream.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/felixge/node-delayed-stream", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/felixge/node-delayed-stream/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "672483ecd7fdd5a2c1d11c4be0a1ab28705797b11db350c098475ca156b05e72c3ed20e1a4d82db88236680920edaed04b8d63c4f499d7ba7855d1a730793731" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/delayed-stream" - } - ] - }, - { - "type": "library", - "name": "mime-db", - "version": "1.52.0", - "bom-ref": "mime-db@1.52.0", - "description": "Media Type Database", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/mime-db@1.52.0", - "externalReferences": [ - { - "url": "git+https://github.com/jshttp/mime-db.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jshttp/mime-db#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jshttp/mime-db/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mime-db" - } - ] - }, - { - "type": "library", - "name": "fs-extra", - "version": "11.2.0", - "bom-ref": "fs-extra@11.2.0", - "author": "JP Richardson", - "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fs-extra@11.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/jprichardson/node-fs-extra.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jprichardson/node-fs-extra", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jprichardson/node-fs-extra/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3e60e2deec0ae6716e5e1ed70d39559d2d7bc494bbbd6dfa8acdbec37c5cbfc495c620783720137f872d9156396e44a35f46389dbbd90aad7f123b44cabf64b7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/fs-extra" - } - ] - }, - { - "type": "library", - "name": "jsonfile", - "version": "6.1.0", - "bom-ref": "jsonfile@6.1.0", - "author": "JP Richardson", - "description": "Easily read/write JSON files.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jsonfile@6.1.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jprichardson/node-jsonfile#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jprichardson/node-jsonfile/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e5d8277563ab8984a6e5c9d86893616a52cd0ca3aa170c8307faebd44f59b067221af28fb3c476c5818269cb9fdf3e8ad58283cf5f367ddf9f637727de932a5d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jsonfile" - } - ] - }, - { - "type": "library", - "name": "universalify", - "version": "2.0.1", - "bom-ref": "universalify@2.0.1", - "author": "Ryan Zimmerman", - "description": "Make a callback- or promise-based function support both promises and callbacks.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/universalify@2.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/RyanZim/universalify.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/RyanZim/universalify#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/RyanZim/universalify/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "829b4735082120d9dcfef4c6224d12385185357c3b255ae5454b42a2725196f6b0e83b97d303b925e928f6c5ab301861f8fb18019ee85c088e9dffd42a88328b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/universalify" - } - ] - }, - { - "type": "library", - "name": "get-installed-path", - "version": "4.0.8", - "bom-ref": "get-installed-path@4.0.8", - "author": "Charlike Mike Reagent", - "description": "Get installation path where the given package is installed. Works for globally and locally installed packages", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/get-installed-path@4.0.8", - "externalReferences": [ - { - "url": "git+https://github.com/tunnckoCore/get-installed-path.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/tunnckoCore/get-installed-path", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/tunnckoCore/get-installed-path/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/get-installed-path/-/get-installed-path-4.0.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3e600d2b5c449481e51c7dad5df3a84e74835235f55f71af28ae99c8b6d49d20829f5a400f0bbaede556b6db8fcc95ab5c30d3d8c7ceeae01a2882ce15f8ad98" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/get-installed-path" - } - ] - }, - { - "type": "library", - "name": "global-modules", - "version": "1.0.0", - "bom-ref": "global-modules@1.0.0", - "author": "Jon Schlinkert", - "description": "The directory used by npm for globally installed npm modules.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/global-modules@1.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/jonschlinkert/global-modules.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jonschlinkert/global-modules", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jonschlinkert/global-modules/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b0ace91247f5d46a4e16ec346738f39ade01e146708ce706ef9ecf3efadf87170b15bab4c29b20a4eab1a71b71162086e03b46f7733a5d155b176a0675ebfb6e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/global-modules" - } - ] - }, - { - "type": "library", - "name": "global-prefix", - "version": "1.0.2", - "bom-ref": "global-prefix@1.0.2", - "author": "Jon Schlinkert", - "description": "Get the npm global path prefix.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/global-prefix@1.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/jonschlinkert/global-prefix.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jonschlinkert/global-prefix", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jonschlinkert/global-prefix/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e65b31d4d5031ed4a37e0d1e1e5998bd92aff3f9d5a97e1c9056ccf85ac6710fb4e0a59c585a3d3f93313d9612cd4bf2ce67536c8ec48b1f10e086c42c3ab32a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/global-prefix" - } - ] - }, - { - "type": "library", - "name": "expand-tilde", - "version": "2.0.2", - "bom-ref": "expand-tilde@2.0.2", - "author": "Jon Schlinkert", - "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or `~+` to the cwd.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/expand-tilde@2.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/jonschlinkert/expand-tilde.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jonschlinkert/expand-tilde", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jonschlinkert/expand-tilde/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0391267ac1d6eab7e767dcac1d08cf7494678b44916abd2d8ed1b930db66f67e5352fb1853ca28ce9aed443e00a87c5c6565a556e026428da758a7cdf68ca34f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/expand-tilde" - } - ] - }, - { - "type": "library", - "name": "homedir-polyfill", - "version": "1.0.3", - "bom-ref": "homedir-polyfill@1.0.3", - "author": "Brian Woodward", - "description": "Node.js os.homedir polyfill for older versions of node.js.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/homedir-polyfill@1.0.3", - "externalReferences": [ - { - "url": "git+https://github.com/doowb/homedir-polyfill.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/doowb/homedir-polyfill", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/doowb/homedir-polyfill/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7929a6584e5b6532b6368bb8834008df367daecc29ec644aa0a5d2d412d492f3ef88eaace184cdd5d8d022aad7cbd939804b5d2cfcbce898d1c2c34cf6d9c370" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/homedir-polyfill" - } - ] - }, - { - "type": "library", - "name": "parse-passwd", - "version": "1.0.0", - "bom-ref": "parse-passwd@1.0.0", - "author": "Brian Woodward", - "description": "Parse a passwd file into a list of users.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/parse-passwd@1.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/doowb/parse-passwd.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/doowb/parse-passwd", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/doowb/parse-passwd/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d58d40fff4145c464aed82b3fab0fd5b275c135f84b8fafa64180a79c001f2d9a85ba505bf435111525ed69fa3471b5386471b6ca91fc086d625efc8784ea6d9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/parse-passwd" - } - ] - }, - { - "type": "library", - "name": "is-windows", - "version": "1.0.2", - "bom-ref": "is-windows@1.0.2", - "author": "Jon Schlinkert", - "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-windows@1.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/jonschlinkert/is-windows.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jonschlinkert/is-windows", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jonschlinkert/is-windows/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/is-windows" - } - ] - }, - { - "type": "library", - "name": "resolve-dir", - "version": "1.0.1", - "bom-ref": "resolve-dir@1.0.1", - "author": "Jon Schlinkert", - "description": "Resolve a directory that is either local, global or in the user's home directory.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/resolve-dir@1.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/jonschlinkert/resolve-dir.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jonschlinkert/resolve-dir", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jonschlinkert/resolve-dir/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "47bba24e3102cef3ac5927dd33440a14d05515c2b6eda1ce53076f2b9dc1716f33aa719d629d056e3f36732e78fb60383f6b45336d89e6445f7b547e94cff5ca" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/resolve-dir" - } - ] - }, - { - "type": "library", - "name": "domhandler", - "version": "5.0.3", - "bom-ref": "domhandler@5.0.3", - "author": "Felix Boehm", - "description": "Handler for htmlparser2 that turns pages into a dom", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/domhandler@5.0.3", - "externalReferences": [ - { - "url": "git://github.com/fb55/domhandler.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fb55/domhandler#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fb55/domhandler/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "720c25bffd621508859d4f7a5d78113a1f314de7adb272620ec4dced36022c577dfbf58d908a8f4f188cffca5277c548ae15c64dfd4dcb5ab586ab95a83241e7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/domhandler" - } - ] - }, - { - "type": "library", - "name": "domutils", - "version": "3.1.0", - "bom-ref": "domutils@3.1.0", - "author": "Felix Boehm", - "description": "Utilities for working with htmlparser2's dom", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/domutils@3.1.0", - "externalReferences": [ - { - "url": "git://github.com/fb55/domutils.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fb55/domutils#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fb55/domutils/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1fbf2e32642d23602180326359e4261f0249d9b2cf0f718c98eed98dafd9661f38c249bee2eb7e2149d47516bcb82197f3c0e2571d63e8545ed577f11208c464" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/domutils" - } - ] - }, - { - "type": "library", - "name": "dom-serializer", - "version": "2.0.0", - "bom-ref": "dom-serializer@2.0.0", - "author": "Felix Boehm", - "description": "render domhandler DOM nodes to a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/dom-serializer@2.0.0", - "externalReferences": [ - { - "url": "git://github.com/cheeriojs/dom-serializer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/cheeriojs/dom-serializer#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/cheeriojs/dom-serializer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c08900af28aab7f9d5e4440aa90a68dd24e848e57d2740e76c9ab02bb5affd3adcf76cc801867816532ef893c55b50df185b7cd594c21a00c469b7df5de2f226" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/dom-serializer" - } - ] - }, - { - "type": "library", - "name": "entities", - "version": "4.5.0", - "bom-ref": "entities@4.5.0", - "author": "Felix Boehm", - "description": "Encode & decode XML and HTML entities with ease & speed", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/entities@4.5.0", - "externalReferences": [ - { - "url": "git://github.com/fb55/entities.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fb55/entities#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fb55/entities/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5748631f87463e1f40a39a74328458e8156ab700a3873eaf2392d3f00279e47fb883dff8bdb1f1d48e787d2d17b9c94b8431c0acf40288c8c3c6368bf1f3f187" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/entities" - } - ] - }, - { - "type": "library", - "name": "https", - "version": "1.0.0", - "bom-ref": "https@1.0.0", - "author": "hardus van der berg", - "description": "https mediation", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/https@1.0.0", - "externalReferences": [ - { - "url": "https://registry.npmjs.org/https/-/https-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e040b9edd757ae4685d31f373a3f2c33a48b4070165f0f744a4aaed8ce0011610d677174d9d14913f180440f2280eefdb5c818a86ac3eda7b87f92f7ba6da582" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/https" - } - ] - }, - { - "type": "library", - "name": "inquirer-file-tree-selection-prompt", - "version": "2.0.2", - "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2", - "author": "anc95", - "description": "inquerer file tree selection prompt", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/inquirer-file-tree-selection-prompt@2.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/anc95/inquirer-file-tree-selection.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/anc95/inquirer-file-tree-selection#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/anc95/inquirer-file-tree-selection/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/inquirer-file-tree-selection-prompt/-/inquirer-file-tree-selection-prompt-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ae56d0ec1ca4819fdf9aded259cdac681072b8cb10ad487e8aa9f2e1a32868bab6e426354ed643a7171a3bea0407335e5410fbe7d7789936884877e74a75414b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/inquirer-file-tree-selection-prompt" - } - ] - }, - { - "type": "library", - "name": "cli-cursor", - "version": "3.1.0", - "bom-ref": "cli-cursor@3.1.0", - "author": "Sindre Sorhus", - "description": "Toggle the CLI cursor", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/cli-cursor@3.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/cli-cursor.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/cli-cursor#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/cli-cursor/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "23fcc7030b0a7fd16a1a85cce16591002a1bf7e48dba465377de03585e7b138b68a2e46e95b0b171487a44a5043909584c7267ce43ccc92bcf35a6922cd7cb67" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/cli-cursor" - } - ] - }, - { - "type": "library", - "name": "restore-cursor", - "version": "3.1.0", - "bom-ref": "restore-cursor@3.1.0", - "author": "Sindre Sorhus", - "description": "Gracefully restore the CLI cursor on exit", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/restore-cursor@3.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/restore-cursor.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/restore-cursor#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/restore-cursor/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "97eb1279fcc7a63e6a8a6845484e5af27b9f65800cdec05254c00fb589260bee041f66a7486684317483d22cd141bbbd9dfc90f72e49ad59a9ec4f2866b523bc" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/restore-cursor" - } - ] - }, - { - "type": "library", - "name": "onetime", - "version": "5.1.2", - "bom-ref": "onetime@5.1.2", - "author": "Sindre Sorhus", - "description": "Ensure a function is only called once", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/onetime@5.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/onetime.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/onetime#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/onetime/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "91ba5a4921894d674063928f55e30e2974ab3edafc0bc0bbc287496dcb1de758d19e60fe199bbc63456853a0e6e59e2f5abd0883fd4d2ae59129fee3e5a6984a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/onetime" - } - ] - }, - { - "type": "library", - "name": "mimic-fn", - "version": "2.1.0", - "bom-ref": "mimic-fn@2.1.0", - "author": "Sindre Sorhus", - "description": "Make a function mimic another one", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/mimic-fn@2.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/mimic-fn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/mimic-fn#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/mimic-fn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mimic-fn" - } - ] - }, - { - "type": "library", - "name": "signal-exit", - "version": "3.0.7", - "bom-ref": "signal-exit@3.0.7", - "author": "Ben Coe", - "description": "when you want to fire an event no matter how a process exits.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/signal-exit@3.0.7", - "externalReferences": [ - { - "url": "git+https://github.com/tapjs/signal-exit.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/tapjs/signal-exit", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/tapjs/signal-exit/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c270f6644fa5f923c2feea12d2f5de13d2f5fb4c2e68ca8a95fcfd00c528dfc26cc8b48159215c1d1d51ae2eb62d9735daf2ebd606f78e5ee2c10860c2901b19" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/signal-exit" - } - ] - }, - { - "type": "library", - "name": "figures", - "version": "3.2.0", - "bom-ref": "figures@3.2.0", - "author": "Sindre Sorhus", - "description": "Unicode symbols with Windows CMD fallbacks", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/figures@3.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/figures.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/figures#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/figures/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c9a76e40544a2d760e1a0127e8065abbdd23de08123b28aa5d4d05f4965f79762135af899385feb38e40db38398e7b3cec60056b7e01066da45f0e17a4d71b76" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/figures" - } - ] - }, - { - "type": "library", - "name": "inquirer", - "version": "8.0.0", - "bom-ref": "inquirer@8.0.0", - "author": "Simon Boudrias", - "description": "A collection of common interactive command line user interfaces.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/inquirer@8.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/inquirer/-/inquirer-8.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "38df291093cf09dca3c63f9cc6c6117ba5df0897a94f100d74d9d379bb13b90817a51c994514fdb78749c2346e6e09af9f6d022d2127a334546b25f233d5535c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/inquirer" - } - ] - }, - { - "type": "library", - "name": "cli-width", - "version": "3.0.0", - "bom-ref": "cli-width@3.0.0", - "author": "Ilya Radchenko", - "description": "Get stdout window width, with two fallbacks, tty and then a default.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/cli-width@3.0.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/knownasilya/cli-width.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/knownasilya/cli-width", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/knownasilya/cli-width/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "171aa990f3f0bb51e3b8df773a67e6e21f2e21a9d7a1f5b44715445b793944ac7e9892584ad873361a77d8acf1c72dd800467f0dcfc458dd6f651634fa43a16f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/cli-width" - } - ] - }, - { - "type": "library", - "name": "external-editor", - "version": "3.1.0", - "bom-ref": "external-editor@3.1.0", - "author": "Kevin Gravier", - "description": "Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/external-editor@3.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/mrkmg/node-external-editor.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mrkmg/node-external-editor#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mrkmg/node-external-editor/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "84c438097d69d62ce6b8b63266a2cc3bfa86370d74c12bfd40308f7f35dfc85ace682492a117ea13529fd6ce5a9fae89e49642eb635ec06fa62b8f63382b507b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/external-editor" - } - ] - }, - { - "type": "library", - "name": "chardet", - "version": "0.7.0", - "bom-ref": "chardet@0.7.0", - "author": "Dmitry Shirokov", - "description": "Character detector", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/chardet@0.7.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/runk/node-chardet.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/runk/node-chardet", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/runk/node-chardet/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "993f220dcae1d37a83191466a00da1981267c69965311fb4ff4aa5ce3a99112e8d762583719902340938acf159f50f39af6eee9e488d360f193a2c195c11f070" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/chardet" - } - ] - }, - { - "type": "library", - "name": "os-tmpdir", - "version": "1.0.2", - "bom-ref": "os-tmpdir@1.0.2", - "author": "Sindre Sorhus", - "description": "Node.js os.tmpdir() ponyfill", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/os-tmpdir@1.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/os-tmpdir.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/os-tmpdir#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/os-tmpdir/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0f6151d37562afb148bb8e57058db49936fefd9496074d2c8d4f637505edf37803ac8e19b73e45b3bff2cbbe20d8de52550638c58d6a0ebe2b35d770611557d2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/os-tmpdir" - } - ] - }, - { - "type": "library", - "name": "mute-stream", - "version": "0.0.8", - "bom-ref": "mute-stream@0.0.8", - "author": "Isaac Z. Schlueter", - "description": "Bytes go in, but they don't come out (when muted).", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/mute-stream@0.0.8", - "externalReferences": [ - { - "url": "git://github.com/isaacs/mute-stream.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/mute-stream#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/mute-stream/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9e76d658e9285b252c4e32ab8600f475ccf6da67644a7a58a9b123226da787086ec654a4a72c09981a3c87466a25d929ef799bf744acb0790de2bb1168101f00" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mute-stream" - } - ] - }, - { - "type": "library", - "name": "run-async", - "version": "2.4.1", - "bom-ref": "run-async@2.4.1", - "author": "Simon Boudrias", - "description": "Utility method to run function either synchronously or asynchronously using the common `this.async()` style.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/run-async@2.4.1", - "externalReferences": [ - { - "url": "git+https://github.com/SBoudrias/run-async.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/SBoudrias/run-async#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/SBoudrias/run-async/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b6f56756fd356fc73546b03a129ec9912b63f391aebff62b31cc2a6109f08ec012d9c4e698f181063023a425bb46b4a874d4a8136fea83d3b86dc78dbd4b8381" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/run-async" - } - ] - }, - { - "type": "library", - "name": "rxjs", - "version": "6.6.7", - "bom-ref": "rxjs@6.6.7", - "author": "Ben Lesh", - "description": "Reactive Extensions for modern JavaScript", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/rxjs@6.6.7", - "externalReferences": [ - { - "url": "git+https://github.com/reactivex/rxjs.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ReactiveX/RxJS", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ReactiveX/RxJS/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "853770afeef260d213e67e00318a7ce4a03acb0d956b414b6b7460baf6e96b85b7239c729da059a38d5c3375ccfb843a7d1323dec058211d5502664c5d826f45" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/rxjs" - } - ] - }, - { - "type": "library", - "name": "through", - "version": "2.3.8", - "bom-ref": "through@2.3.8", - "author": "Dominic Tarr", - "description": "simplified stream construction", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/through@2.3.8", - "externalReferences": [ - { - "url": "git+https://github.com/dominictarr/through.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/dominictarr/through", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/dominictarr/through/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c3cf6a83b3c8f3001dbd7eb46cc0cff9b1680f90ef866f682e1785a793b86b6405d1c4811ac057e2a66669d3ccbd5aa52c9041722f96a8618e00fbdc0de35256" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/through" - } - ] - }, - { - "type": "library", - "name": "jest-mock", - "version": "29.7.0", - "bom-ref": "jest-mock@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-mock@29.7.0#packages/jest-mock", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-mock", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "21338c667f949184b864587cdf16003b3592b65a0dcc914edacf035ab138961b460fe028ae09db92228445ee3041507274818fc74e7d83aae25b906da7a2e59f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-mock" - } - ] - }, - { - "type": "library", - "name": "istanbul-lib-report", - "group": "@types", - "version": "3.0.3", - "bom-ref": "@types/istanbul-lib-report@3.0.3", - "description": "TypeScript definitions for istanbul-lib-report", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.3#types/istanbul-lib-report", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-report", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-report", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3509fb00742793f4522cec6b05b1b224cfda550fa98e3e470a06ac1717342bf2a1a004df43fe3b032525d79236c815298a18e66acf9af952413aa79cac51feb8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/istanbul-lib-report" - } - ] - }, - { - "type": "library", - "name": "yargs-parser", - "group": "@types", - "version": "21.0.3", - "bom-ref": "@types/yargs-parser@21.0.3", - "description": "TypeScript definitions for yargs-parser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/yargs-parser@21.0.3#types/yargs-parser", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs-parser", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs-parser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "238abd414f4c42fe2810ecf8b401c9b4dcf5730b8bc67d85df171cda257959da8b3e95278f7d1a52ec6dd660316131bea1ef0264c57ffbaad4e12e20443ceab5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/yargs-parser" - } - ] - }, - { - "type": "library", - "name": "jest", - "version": "29.7.0", - "bom-ref": "jest@29.7.0", - "description": "Delightful JavaScript Testing.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest@29.7.0#packages/jest", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "348cb7a00169f6c85d6b5f61cb81cad0745358ab4f26619d9efcb0bb4d673aa342daf660f99f9fbc90f1a4c400f3c79bd88f4471a7dc763620b03b619d84ef1b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest" - } - ] - }, - { - "type": "library", - "name": "core", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/core@29.7.0", - "description": "Delightful JavaScript Testing.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/core@29.7.0#packages/jest-core", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-core", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9fb69e5d628c9c6b43038f32f132d624f2662e6999eb8d827a8efc718584a620fb1730e098d0d5fc6095468acf0017572c967ff70cf38190251e35e3c431c6b2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/core" - } - ] - }, - { - "type": "library", - "name": "console", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/console@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/console@29.7.0#packages/jest-console", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-console", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e4d8b8094ed71d08b7d88277f7c1043f846b07c795d3db173f644ea83e1b92c1eb9d3ade7b9d8fb31bd7f2da4bf0bbd3677a45cd7c8f6cd411792378d420213a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/console" - } - ] - }, - { - "type": "library", - "name": "reporters", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/reporters@29.7.0", - "description": "Jest's reporters", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/reporters@29.7.0#packages/jest-reporters", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-reporters", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0c0a6ad0a25b24e1330056231c00cd371004dca6e1c50075cb92a995be566aac3acd56ee59ab529cc8c4e60b3c1548043e636c9d90373425a5f4d1b489ad383e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/reporters" - } - ] - }, - { - "type": "library", - "name": "test-result", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/test-result@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/test-result@29.7.0#packages/jest-test-result", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-result", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "15dc7eb6feb1d7396424f7165e6303006d87067691f573d277968359056c7eb6662d54f7954d5cc32c4b81199747dcabab8341a049bd04cb1f805cd34006c960" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/test-result" - } - ] - }, - { - "type": "library", - "name": "transform", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/transform@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/transform@29.7.0#packages/jest-transform", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-transform", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a24fc14cf17314a54cc0ee5e38746bbe70551dd472f48aecad6d46a4c690f4c0a78a534b5d02a6017f2cd585c315a6a2f7126969cdb24b357461e451102af657" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/transform" - } - ] - }, - { - "type": "library", - "name": "fs.realpath", - "version": "1.0.0", - "bom-ref": "fs.realpath@1.0.0", - "author": "Isaac Z. Schlueter", - "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/fs.realpath@1.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/fs.realpath.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/fs.realpath#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/fs.realpath/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "38ed291f694ae9ad2166701d6aee48b731cf23aa5496f23b8cc567c54411b70e28c05db093c94e49a6ed1830933f81a0ae0d8c6c69d63bd5fc2b5b78f9f18c0f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/fs.realpath" - } - ] - }, - { - "type": "library", - "name": "inflight", - "version": "1.0.6", - "bom-ref": "inflight@1.0.6", - "author": "Isaac Z. Schlueter", - "description": "Add callbacks to requests in flight to avoid async duplication", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/inflight@1.0.6", - "externalReferences": [ - { - "url": "git+https://github.com/npm/inflight.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/inflight", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/inflight/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "93dd88fdbd3cab8c2f16c71708bbea7ec1c2ae3ac5ef2897b10b8856f544ecdf365b7f9aaa9cee51d05b7e159ccbf159477ff82207e532028b3acbcf0eb18224" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/inflight" - } - ] - }, - { - "type": "library", - "name": "path-is-absolute", - "version": "1.0.1", - "bom-ref": "path-is-absolute@1.0.1", - "author": "Sindre Sorhus", - "description": "Node.js 0.12 path.isAbsolute() ponyfill", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/path-is-absolute@1.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/path-is-absolute.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/path-is-absolute#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/path-is-absolute/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0156f0dd42767bd6eaeb8bd2692f409b47e37b53daf296c6a934ec9977da2223299ebe4394385f24eb8b8fd49ff7964f5430147ab0df124f3c30f98f7bb50242" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/path-is-absolute" - } - ] - }, - { - "type": "library", - "name": "istanbul-lib-instrument", - "version": "6.0.2", - "bom-ref": "istanbul-lib-instrument@6.0.2", - "author": "Krishnan Anantheswaran", - "description": "Core istanbul API for JS code coverage", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/istanbul-lib-instrument@6.0.2#packages/istanbul-lib-instrument", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://istanbul.js.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/istanbuljs/istanbuljs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d5652c67d475940d07b414a8853926dfd5933e534a489e62164ed4c2a5e404ba07413fa17ea3ec7ec4c356e65d286681c27edd8a7f5b4bb4ac9e802bf78de1bf" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/istanbul-lib-instrument" - } - ] - }, - { - "type": "library", - "name": "make-dir", - "version": "4.0.0", - "bom-ref": "make-dir@4.0.0", - "author": "Sindre Sorhus", - "description": "Make a directory and its parents if needed - Think `mkdir -p`", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/make-dir@4.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/make-dir.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/make-dir#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/make-dir/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8577544d960854eb75131fff8c0422fb04d9669529c018ffd10b0ecea7a06f7ac630c78989212ee712c79d87c1ad1578447dbe38248e3bde48b3fef1d562786f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/make-dir" - } - ] - }, - { - "type": "library", - "name": "source-map", - "version": "0.6.1", - "bom-ref": "source-map@0.6.1", - "author": "Nick Fitzgerald", - "description": "Generates and consumes source maps", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/source-map@0.6.1", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/mozilla/source-map.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/mozilla/source-map", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mozilla/source-map/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/source-map" - } - ] - }, - { - "type": "library", - "name": "html-escaper", - "version": "2.0.2", - "bom-ref": "html-escaper@2.0.2", - "author": "Andrea Giammarchi", - "description": "fast and safe way to escape and unescape &<>'\" chars", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/html-escaper@2.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/WebReflection/html-escaper.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/WebReflection/html-escaper", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/WebReflection/html-escaper/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/html-escaper" - } - ] - }, - { - "type": "library", - "name": "jest-worker", - "version": "29.7.0", - "bom-ref": "jest-worker@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-worker@29.7.0#packages/jest-worker", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-worker", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "788cf69ac2ff1332fd5054c5171ee305391e65f92ed32500c99659989f771f64d8122ae8231d8f42311773062d625f335c2c5bf8f02603684b22dffa64490f1f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-worker" - } - ] - }, - { - "type": "library", - "name": "char-regex", - "version": "1.0.2", - "bom-ref": "char-regex@1.0.2", - "author": "Richie Bendall", - "description": "A regex to match any full character, considering weird character ranges.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/char-regex@1.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/Richienb/char-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Richienb/char-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Richienb/char-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "916597cedbd9e5205057e79180a15e87cab9b0bb99636fbc5942339715954e0fa81b0635e2aca5c7529b2b31ddf0fe99624020d31c880d4f4930787224c6758f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/char-regex" - } - ] - }, - { - "type": "library", - "name": "convert-source-map", - "version": "2.0.0", - "bom-ref": "convert-source-map@2.0.0", - "author": "Thorsten Lorenz", - "description": "Converts a source-map from/to different formats and allows adding/changing properties.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/convert-source-map@2.0.0", - "externalReferences": [ - { - "url": "git://github.com/thlorenz/convert-source-map.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/thlorenz/convert-source-map", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/thlorenz/convert-source-map/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2afa78e7d1eb576144275080b22d4abbe318de46ac1f5f53172913cf6c5698c7aae9b936354dd75ef7c9f90eb59b4c64b56c2dfb51d261fdc966c4e6b3769126" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/convert-source-map" - } - ] - }, - { - "type": "library", - "name": "jest-changed-files", - "version": "29.7.0", - "bom-ref": "jest-changed-files@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-changed-files@29.7.0#packages/jest-changed-files", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-changed-files", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7c402b162c1fd41a50fb86d74a9adc0dcdffc781d2ccbe1a976b68cf05690c5a6cc402e32d87728882b87b9573eba1902486d727cdbedf93edcaca1fa6d357db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-changed-files" - } - ] - }, - { - "type": "library", - "name": "get-stream", - "version": "6.0.1", - "bom-ref": "get-stream@6.0.1", - "author": "Sindre Sorhus", - "description": "Get a stream as a string, buffer, or array", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/get-stream@6.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/get-stream.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/get-stream#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/get-stream/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b6ce968beda3de3423aa2ef4c3902537c0c59e44b00be32a9b113374400b076a976585775ff6f50937e03cb18934c7805b174f7d4f053b59acdcd51f68708f62" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/get-stream" - } - ] - }, - { - "type": "library", - "name": "human-signals", - "version": "2.1.0", - "bom-ref": "human-signals@2.1.0", - "author": "ehmicky", - "description": "Human-friendly process signals", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/human-signals@2.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/ehmicky/human-signals.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://git.io/JeluP", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ehmicky/human-signals/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "07814567aabf4f68e1864b2091b116dc706f5887c35bce6c9e44206b0b74ed2ec9e505d393a064355fb4c80799acce50a4c01d625a1c1a89639f4b09fd642417" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/human-signals" - } - ] - }, - { - "type": "library", - "name": "npm-run-path", - "version": "4.0.1", - "bom-ref": "npm-run-path@4.0.1", - "author": "Sindre Sorhus", - "description": "Get your PATH prepended with locally installed binaries", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/npm-run-path@4.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/npm-run-path.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/npm-run-path#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/npm-run-path/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm-run-path" - } - ] - }, - { - "type": "library", - "name": "strip-final-newline", - "version": "2.0.0", - "bom-ref": "strip-final-newline@2.0.0", - "author": "Sindre Sorhus", - "description": "Strip the final newline character from a string/buffer", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/strip-final-newline@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/strip-final-newline.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/strip-final-newline#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/strip-final-newline/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/strip-final-newline" - } - ] - }, - { - "type": "library", - "name": "yocto-queue", - "version": "0.1.0", - "bom-ref": "yocto-queue@0.1.0", - "author": "Sindre Sorhus", - "description": "Tiny queue data structure", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/yocto-queue@0.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/yocto-queue.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/yocto-queue#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/yocto-queue/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ad592cbec9cd09d27fa2119ceb180fc3237c7a1782c6c88b33c9b1b84fedfe6395a897b03ee3b59a22e94c74224604ca08b7b12f831e00555a82db3b1e6359d9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/yocto-queue" - } - ] - }, - { - "type": "library", - "name": "jest-config", - "version": "29.7.0", - "bom-ref": "jest-config@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-config@29.7.0#packages/jest-config", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-config", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b976e97de43b47a4d906a237fd3c42538ab8b6d937bb43c9782f84d336df4a84a3aba6c9edbb813f1cd03cbd227eb918e0336ee0951d9342269415188bce3479" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-config" - } - ] - }, - { - "type": "library", - "name": "test-sequencer", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/test-sequencer@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/test-sequencer@29.7.0#packages/jest-test-sequencer", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-sequencer", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "190c09e56655aca9ce26e898880179d94354257813671d4d1e3152101d2a10c99264a02474ca08cf0fc28fac7a345e00bd5db7014a83a45cd090dfde602613c7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/test-sequencer" - } - ] - }, - { - "type": "library", - "name": "jest-haste-map", - "version": "29.7.0", - "bom-ref": "jest-haste-map@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-haste-map@29.7.0#packages/jest-haste-map", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-haste-map", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7cff2eda9c9fab1d0ad6b1a7d51f69c84d3f2939fe1bb3f192d5a274e053a853cb617d1bf64b1a3059212b9beb4b70d5ba7d3da5c90b765c7dd10b61956ec098" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-haste-map" - } - ] - }, - { - "type": "library", - "name": "babel-jest", - "version": "29.7.0", - "bom-ref": "babel-jest@29.7.0", - "description": "Jest plugin to use babel for transformation.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/babel-jest@29.7.0#packages/babel-jest", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/babel-jest", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "06bbc6637c594b011c0b32af2ac0a2d86807a83aac62438fe3f6f2e710a023019743120487ef1ec37826ac4d72ed7451e8b1d9223eb22d89d48bf9a6d8a5ca06" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/babel-jest" - } - ] - }, - { - "type": "library", - "name": "jest-circus", - "version": "29.7.0", - "bom-ref": "jest-circus@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-circus@29.7.0#packages/jest-circus", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-circus", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dc4d6708c822a5c4e40a8705c0cf745d741a6fd6d2f8632c8dda663eb95e95ac700fddc077c8951235ffbef1cf74b3e715ff8be34bbee7e8aeb51740d4df66cb" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-circus" - } - ] - }, - { - "type": "library", - "name": "environment", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/environment@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/environment@29.7.0#packages/jest-environment", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "69021f1c3ab7dc4c6c3788cfd4d5865e1c6043fc22c6ceb480388a3be5d531df0c9f43563d681cdf86500d36f68ca694590eccbb0a22b5702c3765d55cd32903" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/environment" - } - ] - }, - { - "type": "library", - "name": "expect", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/expect@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/expect@29.7.0#packages/jest-expect", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-expect", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f2e31e00cc9cb6da6f6b73f59411c1f157224bd5745c0af71b298fa62a5dc905db05cba190b40e49ef04fe9f7647201d4e84ba643d6d1645fe0a486810213475" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/expect" - } - ] - }, - { - "type": "library", - "name": "jest-snapshot", - "version": "29.7.0", - "bom-ref": "jest-snapshot@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-snapshot@29.7.0#packages/jest-snapshot", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-snapshot", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "466d01316b7105c8a81ebd7f397e5808ff14a2fe2b887bca3e49ce1acf34e1983d2466609880646ed971242ffb6789ac29855b209b5f53eb4a6fcc6560d7dd93" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-snapshot" - } - ] - }, - { - "type": "library", - "name": "dedent", - "version": "1.5.3", - "bom-ref": "dedent@1.5.3", - "author": "Desmond Brand", - "description": "A string tag that strips indentation from multi-line strings. ⬅️", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/dedent@1.5.3", - "externalReferences": [ - { - "url": "git+https://github.com/dmnd/dedent.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/dmnd/dedent", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/dmnd/dedent/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "34742d7ce396ebc583f25832a5b2c0e684fe06dd315c986262fa11e929a635765fa733865f074a5a67301bc37b3f0555595dde17febc9e60fd05a252b13061c9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/dedent" - } - ] - }, - { - "type": "library", - "name": "jest-each", - "version": "29.7.0", - "bom-ref": "jest-each@29.7.0", - "author": "Matt Phillips", - "description": "Parameterised tests for Jest", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-each@29.7.0#packages/jest-each", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-each", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "827b3e12bd78f99ac4a02e5f84e7d8098d4b3871ebd1323ead0507652f13b70da5ee097ef3478773f8057f62ad930d3e4880020d3796be915cbf7074e157a66d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-each" - } - ] - }, - { - "type": "library", - "name": "jest-runtime", - "version": "29.7.0", - "bom-ref": "jest-runtime@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-runtime@29.7.0#packages/jest-runtime", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-runtime", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8149cb8e0c1d1aa5bb0782ef38891b2acf5619b9fe40ba91410f63b82e879dd78389ecc8c210cffa684cc0758211c7d0e515176ba38f9c517c049879c5e830c1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-runtime" - } - ] - }, - { - "type": "library", - "name": "pure-rand", - "version": "6.1.0", - "bom-ref": "pure-rand@6.1.0", - "author": "Nicolas DUBIEN", - "description": " Pure random number generator written in TypeScript", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/pure-rand@6.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/dubzzz/pure-rand.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/dubzzz/pure-rand#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/dubzzz/pure-rand/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6d559ac2fa19a01629a7ac88a10b505c76639b3df94525479d439379f97c55c8ebf2c9d33d8d709e948f3167a4705c1bc48ea0b664fbad260f16fcfbd6576238" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/pure-rand" - } - ] - }, - { - "type": "library", - "name": "jest-environment-node", - "version": "29.7.0", - "bom-ref": "jest-environment-node@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-environment-node@29.7.0#packages/jest-environment-node", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0ce4b0091a978ab4ceca178cfb87796193ab59c76ed0b359f3b7b0528cb06dc6f65d1e302a0aa21bcbcd798c218c531b1247e3bbbc31d86607d0fda07af1af17" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-environment-node" - } - ] - }, - { - "type": "library", - "name": "fake-timers", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/fake-timers@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/fake-timers@29.7.0#packages/jest-fake-timers", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-fake-timers", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ab80c7d476b84d314f7712eca835cad5ddfe8a848bef22f9a023096600d89ba8bee82ca05b9139c55aff0f51ddb06c63b7565649f500b3d3b1481fc135e956ad" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/fake-timers" - } - ] - }, - { - "type": "library", - "name": "jest-regex-util", - "version": "29.6.3", - "bom-ref": "jest-regex-util@29.6.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-regex-util@29.6.3#packages/jest-regex-util", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-regex-util", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "289241b110b2c8b35608d04ebd9c910e70087d489127cbfe84e0506069fc803c85dd47a0c223f8830451dff4836b8da0d586d5c9c4e2754177aca8f22c50d66e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-regex-util" - } - ] - }, - { - "type": "library", - "name": "jest-resolve", - "version": "29.7.0", - "bom-ref": "jest-resolve@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-resolve@29.7.0#packages/jest-resolve", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "20e561652ae0f94bd502c843483b47c8508205497f43700026ff2267a6639d9ef8c73bf0bb32d789df482083e04e763ad922637eeba930a66c65046c0afc4480" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-resolve" - } - ] - }, - { - "type": "library", - "name": "jest-runner", - "version": "29.7.0", - "bom-ref": "jest-runner@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-runner@29.7.0#packages/jest-runner", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-runner", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7ec73837a70f0806a1c9b1817d345cab9c0547a7e92f39cc838eec639683a6ca1e8ce7156056f4ec01ee4a747496231c3d3801b00dd924bea414e8cf768362a5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-runner" - } - ] - }, - { - "type": "library", - "name": "jest-validate", - "version": "29.7.0", - "bom-ref": "jest-validate@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-validate@29.7.0#packages/jest-validate", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-validate", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "641ef01ea691195c3ff61493fceb85511786eccf2f29eab4fc9d9e80818b76f8c70a662a180461cd79ad822fa055e679b97145db5f5a39cdcbb36c8b836eed93" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-validate" - } - ] - }, - { - "type": "library", - "name": "bser", - "version": "2.1.1", - "bom-ref": "bser@2.1.1", - "author": "Wez Furlong", - "description": "JavaScript implementation of the BSER Binary Serialization", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/bser@2.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/watchman.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://facebook.github.io/watchman/docs/bser.html", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/watchman/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/bser" - } - ] - }, - { - "type": "library", - "name": "node-int64", - "version": "0.4.0", - "bom-ref": "node-int64@0.4.0", - "author": "Robert Kieffer", - "description": "Support for representing 64-bit integers in JavaScript", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/node-int64@0.4.0", - "externalReferences": [ - { - "url": "git+https://github.com/broofa/node-int64.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/broofa/node-int64#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/broofa/node-int64/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3b9973f75c5239ea173fa0ee9721df965a6af84834d0c5a2b5921bb4f7e8484bea207765e607dc63a858cc35a78f4a83e6dcf9d8f234f2ef6a52f49579405e1f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/node-int64" - } - ] - }, - { - "type": "library", - "name": "makeerror", - "version": "1.0.12", - "bom-ref": "makeerror@1.0.12", - "author": "Naitik Shah", - "description": "A library to make errors.", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/makeerror@1.0.12", - "externalReferences": [ - { - "url": "git+https://github.com/daaku/nodejs-makeerror.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/daaku/nodejs-makeerror#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/daaku/nodejs-makeerror/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "266a82bd4866b78de669d9691731b8050cc6d99de6eadbd00cd29d0a56673b755b22e749626c6c4f414d24c7a2076f894d295341349b53c41d7ac566c097262e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/makeerror" - } - ] - }, - { - "type": "library", - "name": "tmpl", - "version": "1.0.5", - "bom-ref": "tmpl@1.0.5", - "author": "Naitik Shah", - "description": "JavaScript micro templates.", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/tmpl@1.0.5", - "externalReferences": [ - { - "url": "git+https://github.com/daaku/nodejs-tmpl.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/daaku/nodejs-tmpl", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/daaku/nodejs-tmpl/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ddfd2e384010c08a86b965b6315cd883c7d5fd036773f229b89346f37eeb2ee73301a2d51ec9561d9423e081a2125e47b379246e1c0bf406fb1ebb26ba3f929b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tmpl" - } - ] - }, - { - "type": "library", - "name": "jest-resolve-dependencies", - "version": "29.7.0", - "bom-ref": "jest-resolve-dependencies@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-resolve-dependencies@29.7.0#packages/jest-resolve-dependencies", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve-dependencies", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ba7d330ffeaac49f92d1eb7b5b1788dc7e5749ef654c1051edb3870875e4291ea5b86e66c030e5233550d15e5c642ba84e011d71dc334e085891359fb9b8be9c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-resolve-dependencies" - } - ] - }, - { - "type": "library", - "name": "resolve.exports", - "version": "2.0.2", - "bom-ref": "resolve.exports@2.0.2", - "author": "Luke Edwards", - "description": "A tiny (952b), correct, general-purpose, and configurable \"exports\" and \"imports\" resolver without file-system reliance", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/resolve.exports@2.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/lukeed/resolve.exports.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/lukeed/resolve.exports#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/lukeed/resolve.exports/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5f6516e8dc379ff68c803572fb4ad2aa01e5bf7f56640959ad709d9dbc8488a9b5ec34aa1d7e0c99031a493dc56de591e454ee45c530600ce265a8e38b463b9a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/resolve.exports" - } - ] - }, - { - "type": "library", - "name": "emittery", - "version": "0.13.1", - "bom-ref": "emittery@0.13.1", - "author": "Sindre Sorhus", - "description": "Simple and modern async event emitter", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/emittery@0.13.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/emittery.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/emittery#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/emittery/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0de5b06b093aaf9c91f631609c3298b78b0b4b42e61c9262dd93a76f9fc975b6308f79d6f85c509c72238412b3f182c2ee844d3d533d350e3b237095c77e1ea9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/emittery" - } - ] - }, - { - "type": "library", - "name": "jest-docblock", - "version": "29.7.0", - "bom-ref": "jest-docblock@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-docblock@29.7.0#packages/jest-docblock", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-docblock", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "abad7b02ec3703ad7682ec9a160b1b15e62934fe6dd9aa1434bc0151b73fd240f5478b7d8b10dbc854c77759e89387a9a15169afb3e67961eb86fb95dd7689e2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-docblock" - } - ] - }, - { - "type": "library", - "name": "jest-leak-detector", - "version": "29.7.0", - "bom-ref": "jest-leak-detector@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-leak-detector@29.7.0#packages/jest-leak-detector", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-leak-detector", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "91803c20971262d493d8163d23e48c0b7da70e9053dc9d8dbd6271f3e242b82765fc247523810a50944e88ff17b42731aa04d304624d75b07503c5d129b4deb7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-leak-detector" - } - ] - }, - { - "type": "library", - "name": "jest-watcher", - "version": "29.7.0", - "bom-ref": "jest-watcher@29.7.0", - "description": "Delightful JavaScript Testing.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-watcher@29.7.0#packages/jest-watcher", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-watcher", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e3d160ed65e4537565da1e8b6cbb4c43f1f207aad74885fb4aabc12d09acb1104637d2343cdbcf980982592398e923afae3848fc5eff6c602ff51b67b0f034de" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-watcher" - } - ] - }, - { - "type": "library", - "name": "globals", - "group": "@jest", - "version": "29.7.0", - "bom-ref": "@jest/globals@29.7.0", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/globals@29.7.0#packages/jest-globals", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-globals", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9a98b3dddbad2db916d8c345b9b50650454b9131a2a96eb22d54c0f896cfe9f23a27988bf58d0d960f24f79a5c17c72d2b0092ed6571b5e06cdbd8617c0a2dcd" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/globals" - } - ] - }, - { - "type": "library", - "name": "source-map", - "group": "@jest", - "version": "29.6.3", - "bom-ref": "@jest/source-map@29.6.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/source-map@29.6.3#packages/jest-source-map", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-source-map", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3078d3f7942e8a970fae92ccfbc24c4b3171e9e1e9e419bee177850c9970b2f5418e628d88802f6ac18ad9fc73d966c64659efa9e8456e1d3b30c6bb9f76099f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jest/source-map" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-jsx", - "group": "@babel", - "version": "7.24.1", - "bom-ref": "@babel/plugin-syntax-jsx@7.24.1", - "author": "The Babel Team", - "description": "Allow parsing of jsx", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.24.1#packages/babel-plugin-syntax-jsx", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-jsx", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-jsx", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d9e0adc595dffa46e4308b174b8a684ef4f862ee6b5e245afbdc46553e7aada8218e605328ca4535cf51e080e20787a66a8f5e3b6d8ec7b0b1b891bb060131a8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-jsx" - } - ] - }, - { - "type": "library", - "name": "helper-plugin-utils", - "group": "@babel", - "version": "7.24.0", - "bom-ref": "@babel/helper-plugin-utils@7.24.0", - "author": "The Babel Team", - "description": "General utilities for plugins to use", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helper-plugin-utils@7.24.0#packages/babel-helper-plugin-utils", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-plugin-utils", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://babel.dev/docs/en/next/babel-helper-plugin-utils", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f5c5339d7306d3e17146e25fbcbf364254ea2338555bdb0bd0a8cc3c784038ebe94062fc42d7719c12882e306ac651f2962cf4c826b51bdd3765723f16e1f2db" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-plugin-utils" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-async-generators", - "group": "@babel", - "version": "7.8.4", - "bom-ref": "@babel/plugin-syntax-async-generators@7.8.4", - "description": "Allow parsing of async generator functions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4#master", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#master", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/babel/babel/tree/master#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-async-generators" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-bigint", - "group": "@babel", - "version": "7.8.3", - "bom-ref": "@babel/plugin-syntax-bigint@7.8.3", - "description": "Allow parsing of BigInt literals", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3#master", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#master", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/babel/babel/tree/master#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c274e71651be631426def0f1a46139ecf8f4b2b454e2c1c4fe60e4b75aafd9824949e50079cda66b858b52750f78a8f2adf9ed5707bf37a7425e953eccbdcda6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-bigint" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-class-properties", - "group": "@babel", - "version": "7.12.13", - "bom-ref": "@babel/plugin-syntax-class-properties@7.12.13", - "description": "Allow parsing of class properties", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13#packages/babel-plugin-syntax-class-properties", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-class-properties", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-class-properties", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7e6e227632a56b461a85436014d2c2074ab249db283e264fde2404deb932d26054b4c676df20c9f5225d83a7574d20e7ba5395aa21771e0afd9db5ef5d341960" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-class-properties" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-import-meta", - "group": "@babel", - "version": "7.10.4", - "bom-ref": "@babel/plugin-syntax-import-meta@7.10.4", - "description": "Allow parsing of import.meta", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4#packages/babel-plugin-syntax-import-meta", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-import-meta", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/babel/babel#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "62a7e6f970f1d3e3eb8775527844023d4f35c82f89599da90cf1524b865da5f661a7832414c6830b552ab1ea2f10ac125299c82fbfaf2be0a5a7b6df874883ee" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-import-meta" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-json-strings", - "group": "@babel", - "version": "7.8.3", - "bom-ref": "@babel/plugin-syntax-json-strings@7.8.3", - "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3#master", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#master", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/babel/babel/tree/master#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-json-strings" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-logical-assignment-operators", - "group": "@babel", - "version": "7.10.4", - "bom-ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", - "description": "Allow parsing of the logical assignment operators", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4#packages/babel-plugin-syntax-logical-assignment-operators", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-logical-assignment-operators", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/babel/babel#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "77cc1a4a19691438a743932dbc653dc4300ecca1f8efe145a277b2d9b68522832bf79da128e2e9d4747b56cce866f3ac57fe3e451b33358ec3d7b6dad2d7b48a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-logical-assignment-operators" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-nullish-coalescing-operator", - "group": "@babel", - "version": "7.8.3", - "bom-ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", - "description": "Allow parsing of the nullish-coalescing operator", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3#master", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#master", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/babel/babel/tree/master#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-nullish-coalescing-operator" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-numeric-separator", - "group": "@babel", - "version": "7.10.4", - "bom-ref": "@babel/plugin-syntax-numeric-separator@7.10.4", - "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4#packages/babel-plugin-syntax-numeric-separator", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-numeric-separator", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/babel/babel#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-numeric-separator" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-object-rest-spread", - "group": "@babel", - "version": "7.8.3", - "bom-ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", - "description": "Allow parsing of object rest/spread", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3#master", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#master", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/babel/babel/tree/master#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-object-rest-spread" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-optional-catch-binding", - "group": "@babel", - "version": "7.8.3", - "bom-ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", - "description": "Allow parsing of optional catch bindings", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3#master", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#master", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/babel/babel/tree/master#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-optional-catch-binding" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-optional-chaining", - "group": "@babel", - "version": "7.8.3", - "bom-ref": "@babel/plugin-syntax-optional-chaining@7.8.3", - "description": "Allow parsing of optional properties", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3#master", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#master", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/babel/babel/tree/master#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-optional-chaining" - } - ] - }, - { - "type": "library", - "name": "plugin-syntax-top-level-await", - "group": "@babel", - "version": "7.14.5", - "bom-ref": "@babel/plugin-syntax-top-level-await@7.14.5", - "author": "The Babel Team", - "description": "Allow parsing of top-level await in modules", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5#packages/babel-plugin-syntax-top-level-await", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-top-level-await", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-top-level-await", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "871fbeba92efe54d6b8187f07b5c41414851994e35344be952fae9f2392b48276f1929cce7fa9d44cb72949e8f1b938590168791b4c02939dddff63211244717" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/plugin-syntax-top-level-await" - } - ] - }, - { - "type": "library", - "name": "pkg-dir", - "version": "4.2.0", - "bom-ref": "pkg-dir@4.2.0", - "author": "Sindre Sorhus", - "description": "Find the root directory of a Node.js project or npm package", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/pkg-dir@4.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/pkg-dir.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/pkg-dir#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/pkg-dir/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1d10f36da2a30be00e5955f1014ff1e7808e19e22ff5e6fee82903490a0d4ede17c96a0826fb8fb178b3c6efc5af6dc489e91bb59c2687521c206fe5fdad7419" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/pkg-dir" - } - ] - }, - { - "type": "library", - "name": "resolve-cwd", - "version": "3.0.0", - "bom-ref": "resolve-cwd@3.0.0", - "author": "Sindre Sorhus", - "description": "Resolve the path of a module like `require.resolve()` but from the current working directory", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/resolve-cwd@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/resolve-cwd.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/resolve-cwd#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/resolve-cwd/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3ab65a5f631bfab242a47ffa0a94aab7dc4556937efb1d355e737689ef60e8fe7fdf17a52c0917595003a5dcf52070ff2857c45f213a574534d4e43750edab12" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/resolve-cwd" - } - ] - }, - { - "type": "library", - "name": "jest-cli", - "version": "29.7.0", - "bom-ref": "jest-cli@29.7.0", - "description": "Delightful JavaScript Testing.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-cli@29.7.0#packages/jest-cli", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/jest-cli", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3955686f0d88b9b37f19262cc444e2fa039eeca6b9f4414c47fb70394dc96f61a728a78c189079486514ac4cf7485566240494759533cbcdec2cd350da066c96" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jest-cli" - } - ] - }, - { - "type": "library", - "name": "create-jest", - "version": "29.7.0", - "bom-ref": "create-jest@29.7.0", - "description": "Create a new Jest project", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/create-jest@29.7.0#packages/create-jest", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/create-jest", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "01dcf66dd1f456adc5e772843093a87ed405bad582ba49ba276e306cf5913b893590c63b812eddb3fba826436e57cc030ad5969eec06709c2959c8a1fb3116d5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/create-jest" - } - ] - }, - { - "type": "library", - "name": "cliui", - "version": "8.0.1", - "bom-ref": "cliui@8.0.1", - "author": "Ben Coe", - "description": "easily create complex multi-column command-line-interfaces", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/cliui@8.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/yargs/cliui.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/yargs/cliui#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/yargs/cliui/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "05278d9f2bacef90b8fff350f6042dd7f72c4d7ca8ffc49bf9a7cb024cc0a6d16e32ca1df4716890636e759a62fe8415ef786754afac47ee4f55131df83afb61" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/cliui" - } - ] - }, - { - "type": "library", - "name": "get-caller-file", - "version": "2.0.5", - "bom-ref": "get-caller-file@2.0.5", - "author": "Stefan Penner", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/get-caller-file@2.0.5", - "externalReferences": [ - { - "url": "git+https://github.com/stefanpenner/get-caller-file.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/stefanpenner/get-caller-file#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/stefanpenner/get-caller-file/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/get-caller-file" - } - ] - }, - { - "type": "library", - "name": "require-directory", - "version": "2.1.1", - "bom-ref": "require-directory@2.1.1", - "author": "Troy Goode", - "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/require-directory@2.1.1", - "externalReferences": [ - { - "url": "git://github.com/troygoode/node-require-directory.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/troygoode/node-require-directory/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/troygoode/node-require-directory/issues/", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7c6c4423bfb0b06f71aef763b2b9662f6d8e3134e21d1c0032ba2211e320abc833a0b0bf3d0afb46c4434932d483f6d9019b45f9354890773aff84482abba2f9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/require-directory" - } - ] - }, - { - "type": "library", - "name": "y18n", - "version": "5.0.8", - "bom-ref": "y18n@5.0.8", - "author": "Ben Coe", - "description": "the bare-bones internationalization library used by yargs", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/y18n@5.0.8", - "externalReferences": [ - { - "url": "git+https://github.com/yargs/y18n.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/yargs/y18n", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/yargs/y18n/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d297c5cde81e0d62472480264cb44fd83c078dd179b3b8e8f6dbb3b5d43102120d09dbd2fb79c620da8f774d00a61a8947fd0b8403544baffeed209bf7c60e7c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/y18n" - } - ] - }, - { - "type": "library", - "name": "argparse", - "version": "2.0.1", - "bom-ref": "argparse@2.0.1", - "description": "CLI arguments parser. Native port of python's argparse.", - "licenses": [ - { - "license": { - "id": "Python-2.0" - } - } - ], - "purl": "pkg:npm/argparse@2.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/nodeca/argparse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/nodeca/argparse#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/nodeca/argparse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f3ef56a9e6db173a57f4e47e59ae8edbd6ac22881e44ccdc1ad00835da4c1c7c80835d1fd3969215505b704a867ff3d7c35123019faadbf6c4060dc3beeacadd" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/argparse" - } - ] - }, - { - "type": "library", - "name": "json-colorizer", - "version": "2.2.2", - "bom-ref": "json-colorizer@2.2.2", - "author": "Joe Attardi", - "description": "A library to format JSON with colors for display in the console", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/json-colorizer@2.2.2", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/joeattardi/json-colorizer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/joeattardi/json-colorizer#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/joeattardi/json-colorizer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/json-colorizer/-/json-colorizer-2.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e7aa19b70575a625eb42744d4ed25ea91bfe07d63f7570182ea04169897f08e71476867180b04b00ef3cf829e46d3e8cc4db3473913d98f0486f6b0570dcf7bf" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer" - } - ] - }, - { - "type": "library", - "name": "markdown-diff", - "version": "2.0.0", - "bom-ref": "markdown-diff@2.0.0", - "author": "Martijn van Duijneveldt", - "description": "Generate a diff between two markdown files in markdown format", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/markdown-diff@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/martijnvanduijneveldt/markdown-diff.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/martijnvanduijneveldt/markdown-diff#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/martijnvanduijneveldt/markdown-diff/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/markdown-diff/-/markdown-diff-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "625ac74890b6ac0b1e707082ddce556a178aec6a6dd749040552aa2b9012ead91b4e2fa1bfe9393d73e517e8aa010ff7e9720d36aaab2baf13f6811a66a49174" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/markdown-diff" - } - ] - }, - { - "type": "library", - "name": "marked", - "version": "12.0.2", - "bom-ref": "marked@12.0.2", - "author": "Christopher Jeffrey", - "description": "A markdown parser built for speed", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/marked@12.0.2", - "externalReferences": [ - { - "url": "git://github.com/markedjs/marked.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://marked.js.org", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/markedjs/marked/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a97526edefd8285a2a14f60f6b752483dc6523973202d1a6c8423331f5bffe6ea45f00b2d8fb3d0d87f98a88a314a43cab2bac72b1e8634e2224672dbb62a0d1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/marked" - } - ] - }, - { - "type": "library", - "name": "markdown-table-ts", - "version": "1.0.3", - "bom-ref": "markdown-table-ts@1.0.3", - "author": "Jiri Hajek", - "description": "A zero-dependency library for generating Markdown tables written in TypeScript.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/markdown-table-ts@1.0.3", - "externalReferences": [ - { - "url": "git+https://gitlab.com/jiri.hajek/markdown-table-ts.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://gitlab.com/jiri.hajek/markdown-table-ts", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://gitlab.com/jiri.hajek/markdown-table-ts/-/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/markdown-table-ts/-/markdown-table-ts-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "958ae9ec55e606aa661a6b0417dd969d2ba476062f2e6d7914f20e0d93b1f7ede7a1b9312718c161cb33a997f956a4e306d2123d2342ef38d4f68df3c292fa01" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/markdown-table-ts" - } - ] - }, - { - "type": "library", - "name": "mocha", - "version": "10.4.0", - "bom-ref": "mocha@10.4.0", - "author": "TJ Holowaychuk", - "description": "simple, flexible, fun test framework", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/mocha@10.4.0", - "externalReferences": [ - { - "url": "git+https://github.com/mochajs/mocha.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://mochajs.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/mochajs/mocha/issues/", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mocha/-/mocha-10.4.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7aa84607c24a6a9118702e32b57ff1af329fa2b8047378f5a469405d5cb7791c2bb40cb9fe721f4f54af806cdf3745d967178bab46905a4394026a88262bfe6c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mocha" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "browser-stdout", - "version": "1.3.1", - "bom-ref": "browser-stdout@1.3.1", - "author": "kumavis", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/browser-stdout@1.3.1", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/kumavis/browser-stdout.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kumavis/browser-stdout#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kumavis/browser-stdout/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "aa1015235f80bf65fba9e94e7c0218c1738da2877a5e5644fdf5da052996fd3e52ccb0260a0ce2f9e89613b7d4bdb1da78d0501f5dd47ed8e95f1b1f2e432983" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/browser-stdout" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "fill-range", - "version": "7.0.1", - "bom-ref": "fill-range@7.0.1", - "author": "Jon Schlinkert", - "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fill-range@7.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/jonschlinkert/fill-range.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jonschlinkert/fill-range", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jonschlinkert/fill-range/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/fill-range" - } - ] - }, - { - "type": "library", - "name": "to-regex-range", - "version": "5.0.1", - "bom-ref": "to-regex-range@5.0.1", - "author": "Jon Schlinkert", - "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/to-regex-range@5.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/micromatch/to-regex-range.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/micromatch/to-regex-range", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/micromatch/to-regex-range/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/to-regex-range" - } - ] - }, - { - "type": "library", - "name": "is-number", - "version": "7.0.0", - "bom-ref": "is-number@7.0.0", - "author": "Jon Schlinkert", - "description": "Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-number@7.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/jonschlinkert/is-number.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jonschlinkert/is-number", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jonschlinkert/is-number/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/is-number" - } - ] - }, - { - "type": "library", - "name": "is-binary-path", - "version": "2.1.0", - "bom-ref": "is-binary-path@2.1.0", - "author": "Sindre Sorhus", - "description": "Check if a file path is a binary file", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-binary-path@2.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/is-binary-path.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/is-binary-path#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/is-binary-path/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/is-binary-path" - } - ] - }, - { - "type": "library", - "name": "binary-extensions", - "version": "2.3.0", - "bom-ref": "binary-extensions@2.3.0", - "author": "Sindre Sorhus", - "description": "List of binary file extensions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/binary-extensions@2.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/binary-extensions.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/binary-extensions#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/binary-extensions/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "09e87eee8c79a9eecb26e2c7a18d1f7a1de91ee5031c071151ec8bd95620859c1fa64348cbffbc39c8346b752e4a86336af9b2970b8b59039fde19748e330c23" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/binary-extensions" - } - ] - }, - { - "type": "library", - "name": "readdirp", - "version": "3.6.0", - "bom-ref": "readdirp@3.6.0", - "author": "Thorsten Lorenz", - "description": "Recursive version of fs.readdir with streaming API.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/readdirp@3.6.0", - "externalReferences": [ - { - "url": "git://github.com/paulmillr/readdirp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/paulmillr/readdirp", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/paulmillr/readdirp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/readdirp" - } - ] - }, - { - "type": "library", - "name": "wrappy", - "version": "1.0.2", - "bom-ref": "wrappy@1.0.2", - "author": "Isaac Z. Schlueter", - "description": "Callback wrapping utility", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/wrappy@1.0.2", - "externalReferences": [ - { - "url": "git+https://github.com/npm/wrappy.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/wrappy", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/wrappy/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9784a9fc346c7a8afdc0be84bd5dbe4ee427eb774c90f8d9feca7d5e48214c46d5f4a94f4b5c54b19deeeff2103b8c31b5c141e1b82940f45c477402bdeccf71" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/wrappy" - } - ] - }, - { - "type": "library", - "name": "is-unicode-supported", - "version": "0.1.0", - "bom-ref": "is-unicode-supported@0.1.0", - "author": "Sindre Sorhus", - "description": "Detect whether the terminal supports Unicode", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-unicode-supported@0.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/is-unicode-supported.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/is-unicode-supported#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/is-unicode-supported/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "927c46daae140b7bbcb2d446c8054908e771166bf90d989171d94868041701b49f2726be3a1a29368b4b42bb2d061aaeaaee19a6e29b0dcffc4ba9a05e03c53f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/is-unicode-supported" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "serialize-javascript", - "version": "6.0.0", - "bom-ref": "serialize-javascript@6.0.0", - "author": "Eric Ferraiuolo", - "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/serialize-javascript@6.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/yahoo/serialize-javascript.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/yahoo/serialize-javascript", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/yahoo/serialize-javascript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "42bdd3a2cbe0b85b7c78f5aab2f45facac905c8896fa719b629cbc5cadb83501c4f3771ac56b7e988ca64d3d7d0c615b35634b7c4c2cae44a637ae2555607d6a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/serialize-javascript" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "randombytes", - "version": "2.1.0", - "bom-ref": "randombytes@2.1.0", - "description": "random bytes from browserify stand alone", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/randombytes@2.1.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/crypto-browserify/randombytes.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/crypto-browserify/randombytes", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/crypto-browserify/randombytes/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "bd897788e5fee022945aec468bd5248627ba7eca97a92f4513665a89ce2d3450f637641069738c15bb8a2b84260c70b424ee81d59a78d49d0ba53d2847af1a99" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/randombytes" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "workerpool", - "version": "6.2.1", - "bom-ref": "workerpool@6.2.1", - "author": "Jos de Jong", - "description": "Offload tasks to a pool of workers on node.js and in the browser", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/workerpool@6.2.1", - "externalReferences": [ - { - "url": "git://github.com/josdejong/workerpool.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/josdejong/workerpool", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/josdejong/workerpool/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "20b10813dee40d9bc5f566fd7fa8796972b8b304a528651c3841a22186f638ebbf22b0d4f62c23d1f0fffd2b00e84e626f0271a44be1ba59496384a5e0672903" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/workerpool" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "yargs-parser", - "version": "20.2.4", - "bom-ref": "yargs-parser@20.2.4", - "author": "Ben Coe", - "description": "the mighty option parser used by yargs", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/yargs-parser@20.2.4", - "externalReferences": [ - { - "url": "git+https://github.com/yargs/yargs-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/yargs/yargs-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/yargs/yargs-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "58e92980d84f4e513bde1e1514016c3a7a262556a8bcef15a8b0f3cb9b1a0a1441150141a0c622ae8c325be43d1c1e07145e19ed5653886de24b3249036f7244" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/yargs-parser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "yargs-unparser", - "version": "2.0.0", - "bom-ref": "yargs-unparser@2.0.0", - "author": "André Cruz", - "description": "Converts back a yargs argv object to its original array form", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/yargs-unparser@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/yargs/yargs-unparser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/yargs/yargs-unparser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/yargs/yargs-unparser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ee9453200f5073571a6746d9e9161119b1c9b61256b9a91ff969872b4ad578b90daeb1a17e869b04d76e7ba91d20d23aaf889fee872af5a0ff9fbc7028e77338" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/yargs-unparser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "decamelize", - "version": "4.0.0", - "bom-ref": "decamelize@4.0.0", - "author": "Sindre Sorhus", - "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/decamelize@4.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/decamelize.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/decamelize#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/decamelize/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f621353e04a293d1de208c3624ef78222767137781a10ac5277c3bb05bb3497e03a66677bf9b19a54895e52c1c7fa990105f98d2bbbc35ea3ea7e9f287627e85" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/decamelize" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "is-plain-obj", - "version": "2.1.0", - "bom-ref": "is-plain-obj@2.1.0", - "author": "Sindre Sorhus", - "description": "Check if a value is a plain object", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-plain-obj@2.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/is-plain-obj.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/is-plain-obj#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/is-plain-obj/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6169dfc91c312fff92b2b5987cea54b73e5bdd80fe9f27e41ef8db71a9f393cce0c8ee00483ebbb95311b7c9396cce252cc0e75dfae24613a97a6c3e35f4f578" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/is-plain-obj" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "mock-fs", - "version": "5.2.0", - "bom-ref": "mock-fs@5.2.0", - "author": "Tim Schaub", - "description": "A configurable mock file system. You know, for testing.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/mock-fs@5.2.0", - "externalReferences": [ - { - "url": "git://github.com/tschaub/mock-fs.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/tschaub/mock-fs", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/tschaub/mock-fs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mock-fs/-/mock-fs-5.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d9d17647a60c4996e98a9d55d561ca18b363aff938f2e40296a3156f91f730ebf073daa1622b37fc859b8f4daa220fd8f0c0d7285178739bf4af1c76a3ac5367" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mock-fs" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "objects-to-csv", - "version": "1.3.6", - "bom-ref": "objects-to-csv@1.3.6", - "author": "Anton Ivanov", - "description": "Converts an array of objects into a CSV file. Saves CSV to disk or returns as string.", - "licenses": [ - { - "license": { - "id": "Unlicense" - } - } - ], - "purl": "pkg:npm/objects-to-csv@1.3.6", - "externalReferences": [ - { - "url": "git+https://github.com/anton-bot/objects-to-csv.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/anton-bot/objects-to-csv#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/anton-bot/objects-to-csv/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/objects-to-csv/-/objects-to-csv-1.3.6.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "dfcdde4a94b786680292c5bce4a22a06d71b8125b90c356c0a6ccba0ce82deae32cce5f6ae6b56c45e296cb27be9fcfeb9f03ee3f4b0013e1075a63a2145a602" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/objects-to-csv" - } - ] - }, - { - "type": "library", - "name": "async-csv", - "version": "2.1.3", - "bom-ref": "async-csv@2.1.3", - "author": "Anton Ivanov", - "description": "ES7 async-await wrapper for the csv package.", - "licenses": [ - { - "license": { - "id": "Unlicense" - } - } - ], - "purl": "pkg:npm/async-csv@2.1.3", - "externalReferences": [ - { - "url": "git+https://github.com/anton-bot/async-csv.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/catcher-in-the-try/async-csv#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/catcher-in-the-try/async-csv/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/async-csv/-/async-csv-2.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9a9b0237e0fb9b365eaab943c3b5133e1bc3403971d62f35f44f5f6ca22df1dae48040f91523a506fdd193ffac5dd7af9cedb0c2546454e43891d4f4032a8fa9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/async-csv" - } - ] - }, - { - "type": "library", - "name": "csv", - "version": "5.5.3", - "bom-ref": "csv@5.5.3", - "author": "David Worms", - "description": "A mature CSV toolset with simple api, full of options and tested against large datasets.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/csv@5.5.3", - "externalReferences": [ - { - "url": "git+https://github.com/adaltas/node-csv.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://csv.js.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/adaltas/node-csv/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/csv/-/csv-5.5.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "413698d178e385340e760b80445d2518a9b9fe612af4f0fdfd585965e8070c806adad43080da47737767783e261a8da226cf9f4cabf9069d1f67e051b98dd9d2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/csv" - } - ] - }, - { - "type": "library", - "name": "csv-generate", - "version": "3.4.3", - "bom-ref": "csv-generate@3.4.3", - "author": "David Worms", - "description": "CSV and object generation implementing the Node.js `stream.Readable` API", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/csv-generate@3.4.3", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/adaltas/node-csv-generate.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://csv.js.org/generate/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/adaltas/node-csv-generate/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/csv-generate/-/csv-generate-3.4.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c3f4feaea474bf0bc7a96b3fd59c8c0d6b471d225a374ea4951a895c11290c968cffe75992ca3438a87555cbae62f2b75cce772b2b1536af0aa3f7a908af303b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/csv-generate" - } - ] - }, - { - "type": "library", - "name": "csv-stringify", - "version": "5.6.5", - "bom-ref": "csv-stringify@5.6.5", - "author": "David Worms", - "description": "CSV stringifier implementing the Node.js `stream.Transform` API", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/csv-stringify@5.6.5", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/adaltas/node-csv-stringify.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://csv.js.org/stringify/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/adaltas/node-csv-stringify/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3e3890eb9f5a43e7d44d0a92addd571039ceaf9da3877d1106eadfce4b1c684dad3da16c0c7e703801c98b0f17007a614649c2c0c504f4a45ac9ce0afcd6cef0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/csv-stringify" - } - ] - }, - { - "type": "library", - "name": "stream-transform", - "version": "2.1.3", - "bom-ref": "stream-transform@2.1.3", - "author": "David Worms", - "description": "Object transformations implementing the Node.js `stream.Transform` API", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/stream-transform@2.1.3", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/adaltas/node-stream-transform.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://csv.js.org/transform/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/adaltas/node-stream-transform/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/stream-transform/-/stream-transform-2.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f461d488ce613220a2e98d378c3d80442d5eb6d0579100684007bb9c9b0f9279c8d28c35d1a5e34e77b0f10b584262e3ce7f7be019e658400980263a64fd4379" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/stream-transform" - } - ] - }, - { - "type": "library", - "name": "mixme", - "version": "0.5.10", - "bom-ref": "mixme@0.5.10", - "author": "David Worms", - "description": "A library for recursively merging JavaScript objects", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/mixme@0.5.10", - "externalReferences": [ - { - "url": "git+https://github.com/adaltas/node-mixme.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/adaltas/node-mixme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/adaltas/node-mixme/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mixme/-/mixme-0.5.10.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e47efa00d5a29c1d47dedc2927a258f2ebc0b69985bc7340ae98a52408d744a5d20c32cf20ca1902bc39487d2af73fa52ecf08accc3b436556a568a614a153d5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mixme" - } - ] - }, - { - "type": "library", - "name": "oclif", - "version": "4.13.0", - "bom-ref": "oclif@4.13.0", - "author": "Salesforce", - "description": "oclif: create your own CLI", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/oclif@4.13.0", - "externalReferences": [ - { - "url": "git+https://github.com/oclif/oclif.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/oclif/oclif", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/oclif/oclif/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/oclif/-/oclif-4.13.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c12b4e4be3963c2c513ca2bc87a037648009aeed940377b6f568d791ad2085e0fd64a60375495d8e3b6df2d2930dfac3ac64009d17f06de32f4baea28620726d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/oclif" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "client-cloudfront", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Cloudfront Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-cloudfront@3.575.0#clients/client-cloudfront", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-cloudfront", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-cloudfront", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1a3a39ffdc9954b510287ef7fc531f8267a2b003663279a9c563b7b40ef5cad4106549b9183585e20e327c7a14d6745e453c284854a1c3b32f69d641a6e08693" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "xml-builder", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/xml-builder@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "XML builder for the AWS SDK", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/xml-builder@3.575.0#packages/xml-builder", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/xml-builder", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/xml-builder", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.575.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "716800c266c560d085ccfc312fbd39fa55a9b3417766f39c92e7ddd8a2a8119526b69570f7fb7151736b3f24945d29914d2461a1ab4830004d7d2b56474e376d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/xml-builder" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "util-waiter", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/util-waiter@3.0.0", - "author": "AWS SDK for JavaScript Team", - "description": "Shared utilities for client waiters for the AWS SDK", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40smithy/util-waiter@3.0.0#packages/util-waiter", - "externalReferences": [ - { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-waiter", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-waiter", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f9f1172711832c2a2a44a5529a8d1ab86c5aa9b882a3ef28a61fb86ae79f62368dc6338b2926363315507d1ce8eb93da66fe1fafee655a0f9abbbbd2b8927fcf" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/util-waiter" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "client-s3", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-s3@3.583.0#clients/client-s3", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-s3", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.583.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a52ef09dcba04ae210f1182d44813d0f2b2d76677798c9e37e388ed62035521197932020a09cd0e231f4afee57f9e5a660761071fcbd7d44174f682a577b7d18" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "sha1-browser", - "group": "@aws-crypto", - "version": "3.0.0", - "bom-ref": "@aws-crypto/sha1-browser@3.0.0", - "author": "AWS Crypto Tools Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-crypto/sha1-browser@3.0.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "349b61e5cf7dec62c7b3a9ce613cc52936d874c340ebfd5794a5609d9a1a65c43bcfb50994e823d8975b1c4f2d8982d2ddfcd734282e72defb48f19ab76ada4b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/sha1-browser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "region-config-resolver", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/region-config-resolver@3.577.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.577.0#packages/region-config-resolver", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e0284214008dc33ab1ff18e0df3805716f00962e91f42f797051022964ffec250cd43d0c1af91c9521f670b6ab9870a626053aa272a426ba05b56a74907860ca" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/region-config-resolver" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "util-user-agent-node", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/util-user-agent-node@3.577.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.577.0#packages/util-user-agent-node", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5eabed1636d232dc9c653595c037bc0d15a8beea0c6c0e789e1528670554eab5bd3920fa359586479d7605418715a5b35b45a0f3ef838f5d05aca4c6d97b6a7c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/util-user-agent-node" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "credential-provider-env", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-env@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from known environment variables", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.577.0#packages/credential-provider-env", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "271bb6e798f4813a0c1848aab9f3fc66d288f075bdd2538b8f02772eb7650ff34bb00634b4e41fd5f59ce77bb6f215a698d18cc660ab2f6a7ae883a030384353" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-env" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "credential-provider-process", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-process@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.577.0#packages/credential-provider-process", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1a29fa056b4e897c488084eb27737073e6363f5b954fa86e611e0471b03f0c950f5b23b49fdcb95052dec0fbd56cb9119f5e49784a84ac12d4ac772592238ab7" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-process" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "credential-provider-web-identity", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-web-identity@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.577.0#packages/credential-provider-web-identity", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6461c6351682b49266b336fd5139c2ee2ccd0ad454b6d74f94b74c921e3528f4b7daf7ddac10c7b3526ba5b6628c8b518f5c4ab8e5ec8984972c068719c2e1f1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-web-identity" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "token-providers", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/token-providers@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "A collection of token providers", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/token-providers@3.577.0#packages/token-providers", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d02908669702dc3350250d610e39b66dd4b2fd78ececdcb962f4ac69c6ac18e90d7e4f85764890cba37aedb657dd96dcf4a231f8dcf86eede20de3523699679d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/token-providers" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "client-sso-oidc", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/client-sso-oidc@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.577.0#clients/client-sso-oidc", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9e398a48f0d6b9e59661516915c6763f77c8ebfa5d4150dad05802c986613a724b8041d921c04183502c9e455669c06e2e8a69f5756dda6fbb84eeae818d7fd6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-sso-oidc" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "client-sts", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/client-sts@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sts@3.577.0#clients/client-sts", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e74f4a9258a6bdad575658466e94e9797de438fe8e4699b8e2dc09c431e96bd4d445b9a86b18fbbde5a59cb09b0e8af10d3adbb03821bd866c86f70bb288d5a6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-sts" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "core", - "group": "@aws-sdk", - "version": "3.576.0", - "bom-ref": "@aws-sdk/core@3.576.0", - "author": "AWS SDK for JavaScript Team", - "description": "Core functions & classes shared by multiple AWS SDK clients", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/core@3.576.0#packages/core", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.576.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "283bc395b7a2a524c87fe7df2ad4e0d66e35f532bbb3d9994960bc6efb99f6ac7afec8d014e5c828e56acae962e839dfc466ef45cc2846e63df4e7021f537fd3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/core" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "credential-provider-node", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-node@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from a Node.JS environment. ", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.577.0#packages/credential-provider-node", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7a96751ce32cad704d7337341d0a6fd15323a80129734f43500ed183781425f9fcba684c2fb03b6d79d4caa3c0f92e78ab7f7b51883595e40a7529f6dce8b041" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-node" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "middleware-user-agent", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-user-agent@3.577.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.577.0#packages/middleware-user-agent", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3f9e470178309a21c7a45c792443ef3a701b7e137bbfab16bfd3c142cfb3dad0bb42205c3d2d1c74947a3df57b2759f854f2b9dbf3a7acade5f55c5d43b32cd2" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-user-agent" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "util-endpoints", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/util-endpoints@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "Utilities to help with endpoint resolution", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.577.0#packages/util-endpoints", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "163b94cf529dcb8665cb6abf739f2da5da8777acfb88e754fdc698ce873c8f08001c10c16c824d40b094f615c99cf57633ca56c500f2219b28570b66bc4acfcf" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/util-endpoints" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "credential-provider-http", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-http@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider for containers and HTTP sources", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.577.0#packages/credential-provider-http", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9fefb2842a7aedbf7e651184758d6385a981e44fcef90b080ce3d2b9199d69218c08e77cda850428f8085445356e4ab10ec071822116bafb5f84aeac3620d2d0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-http" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "credential-provider-ini", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-ini@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.577.0#packages/credential-provider-ini", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "abb9473edbfa06346f0a1504de6d2d21a1192b13d3699d41de52b1198b0597754b02ee4df3218250ac2e0358b37f8b9c4fe2f22ac7151aa2ba543671d5ebf79f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-ini" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "credential-provider-sso", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/credential-provider-sso@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.577.0#packages/credential-provider-sso", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8959b9490bd2ec48194c9b116aa50e9834290503cf3dab78d9209b585bc540e2eb97ca9ec2af0e3fde21152e70da63fadb39e0798cea8499c37a5efd1d76f17b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/credential-provider-sso" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "client-sso", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/client-sso@3.577.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/client-sso@3.577.0#clients/client-sso", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "070ba3757af276593a504c8f99ec26e46a86e27910e8e5724614bf4b264fffa50a485bf6fec7f7f750a6cf484dd22b544c7d6b4785de2e59fc5c23ad6ab92bce" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-sso" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "middleware-bucket-endpoint", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-bucket-endpoint@3.577.0#packages/middleware-bucket-endpoint", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-bucket-endpoint", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-bucket-endpoint", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b70964357d95a1f33a9075f30c48893a260273db550017b971bcb1300ad15ac708b02586f666a63e10bbedecc6e17b0df5d144c157711180f90aba66ff91148b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-bucket-endpoint" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "util-arn-parser", - "group": "@aws-sdk", - "version": "3.568.0", - "bom-ref": "@aws-sdk/util-arn-parser@3.568.0", - "author": "AWS SDK for JavaScript Team", - "description": "A parser to Amazon Resource Names", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/util-arn-parser@3.568.0#packages/util-arn-parser", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-arn-parser", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-arn-parser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5d4289596a3e28e07b7db9cf3f4fa0fe8e54964bbf5f9dedee2fe1fac3c7af9c71613249f426276d3a28f799b3c5eef15af90baec36d27c2fe327367f4836cdb" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/util-arn-parser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "middleware-expect-continue", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-expect-continue@3.577.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-expect-continue@3.577.0#packages/middleware-expect-continue", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-expect-continue", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-expect-continue", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e9d3e9f13bf8174a1fe2e9f9200c86eaafbe1ab46b3504383f6340301d56d153b826812ed42f0689ebdb6c32e2f3c4c52059ad2a99c70743830b3c27a1ef09b0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-expect-continue" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "middleware-flexible-checksums", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-flexible-checksums@3.577.0#packages/middleware-flexible-checksums", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-flexible-checksums", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "207014122a487da823c3dd8b57c48e48188217b667a9f1dcc35e0891c656dbf99fac2cb5161fe4e343284bfb774eba36b50f75ae040fc14a12801fd00a2d8eae" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-flexible-checksums" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "crc32", - "group": "@aws-crypto", - "version": "3.0.0", - "bom-ref": "@aws-crypto/crc32@3.0.0", - "author": "AWS Crypto Tools Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-crypto/crc32@3.0.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2334a0b2bc5472cade8d06cf5629482b2d7a9004f9d84c01eb349a23e337c712212a1e7e6a5744caf23ecfa7ab33b4c22c1d8126c16bb478e9ebfe3fb2bfb774" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/crc32" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "crc32c", - "group": "@aws-crypto", - "version": "3.0.0", - "bom-ref": "@aws-crypto/crc32c@3.0.0", - "author": "AWS Crypto Tools Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-crypto/crc32c@3.0.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32c", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "10d34f3cc6a79a7549e014d794e8c0803ed446275b0339d446a0f42af7d1132738a36d033d874495d5357f9710ec96e3d0224948f68c224ffd66c85d077db5d3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/crc32c" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "middleware-location-constraint", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-location-constraint@3.577.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-location-constraint@3.577.0#packages/middleware-location-constraint", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-location-constraint", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-location-constraint", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "0ca3d30f60f6b3eb76414a3f21762d55affa527f0667ea61493064c81371da47d9cf82b06af865fc92734aa4d5dc67c25e455d16eec2ae3a17ec167aa9679350" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-location-constraint" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "middleware-sdk-s3", - "group": "@aws-sdk", - "version": "3.582.0", - "bom-ref": "@aws-sdk/middleware-sdk-s3@3.582.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-sdk-s3@3.582.0#packages/middleware-sdk-s3", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-sdk-s3", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-sdk-s3", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.582.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3c9a90a4ba0b6993d12382ff5d951e1e477d5152bc540afd477f30bf4a2c19e313bf30fd8b0cf39342364ed06a15d6bfe71101d58815619c32aaf992b579adb6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-sdk-s3" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "middleware-signing", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-signing@3.577.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-signing@3.577.0#packages/middleware-signing", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-signing", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-signing", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "412fdd877f8da996d7b58d23fc367cebba203f8d77a46e5c146a81cbd39e3a10ccb2895cc0bad06e2d12d1ceb6d5d73540dabe7abf5f7da32167f68f9325d722" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-signing" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "middleware-ssec", - "group": "@aws-sdk", - "version": "3.577.0", - "bom-ref": "@aws-sdk/middleware-ssec@3.577.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/middleware-ssec@3.577.0#packages/middleware-ssec", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-ssec", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-ssec", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.577.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8b604f251faba7cc6645520673487590344570cd89f469c296aaa973e34b4a399869d95c83898f9258accfd1f3c0555c44f2795dc19fdd4e0162ce46f3e893ca" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/middleware-ssec" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "signature-v4-multi-region", - "group": "@aws-sdk", - "version": "3.582.0", - "bom-ref": "@aws-sdk/signature-v4-multi-region@3.582.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/signature-v4-multi-region@3.582.0#packages/signature-v4-multi-region", - "externalReferences": [ - { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/signature-v4-multi-region", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/signature-v4-multi-region", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.582.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "68508e8e336a117da5f95f108ce5b2e45ec2b47202fd1958741bafdcda3acb19fea4cbd55147bacdd324db21d672e755a475accaf719cc050196200f7852cfb1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/signature-v4-multi-region" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eventstream-serde-browser", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/eventstream-serde-browser@3.0.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40smithy/eventstream-serde-browser@3.0.0#packages/eventstream-serde-browser", - "externalReferences": [ - { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-browser", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-browser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "341ec01623cde0dc4ffd80809ebbd8475f33dbf66c887885ed5b46df482c84ef466c5ac86f5ac2f1ea78346a49496af3e8feb8ba13d77a8e0cd14b022e764aab" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/eventstream-serde-browser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eventstream-serde-universal", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/eventstream-serde-universal@3.0.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40smithy/eventstream-serde-universal@3.0.0#packages/eventstream-serde-universal", - "externalReferences": [ - { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-universal", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-universal", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1cd15f4a19a8b5619e0285b8ba33fc99e57d0596af72999eac36cf2239096f129b37c46c51ca5143fd8ec88c563715cd1f6196080c6e481ef29e62062654370f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/eventstream-serde-universal" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eventstream-codec", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/eventstream-codec@3.0.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40smithy/eventstream-codec@3.0.0#packages/eventstream-codec", - "externalReferences": [ - { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-codec", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-codec", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3d4b72100d0e8a4e7449a105099d163d5b45f6dcffb5ecded9f0e9b56e9645797e46b11e9c7f146c48ee74ecfc89a922325de513794256a61fd98fb39cbf1015" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/eventstream-codec" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eventstream-serde-config-resolver", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/eventstream-serde-config-resolver@3.0.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40smithy/eventstream-serde-config-resolver@3.0.0#packages/eventstream-serde-config-resolver", - "externalReferences": [ - { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-config-resolver", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-config-resolver", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "454406def4372d7ee97aaa8701b99aca182b1796938a53e76b38a7692185d4fd3eb60337bef21158f1e694b233daa16a07d2ea148c5d8adc5cf0ed99ea9b2b47" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/eventstream-serde-config-resolver" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eventstream-serde-node", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/eventstream-serde-node@3.0.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40smithy/eventstream-serde-node@3.0.0#packages/eventstream-serde-node", - "externalReferences": [ - { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-node", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6da44f74c0433011316572140283c69bf867b62c63b7f545a54ebe5660b2898258cd11d1c68688d4c37ee5713e8484bc009d860872cc14420e2f3abdc71d4481" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/eventstream-serde-node" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "hash-blob-browser", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/hash-blob-browser@3.0.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40smithy/hash-blob-browser@3.0.0#packages/hash-blob-browser", - "externalReferences": [ - { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-blob-browser", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-blob-browser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "fd66e9760f9bc09bd6ee5c51ff3a5601cd7fc7f62472a82eb85d9b033909aef5eb899bb5be6f2bf8f51d138b32895c1083b3cf476757a62dc22c16fda910da55" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/hash-blob-browser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "chunked-blob-reader-native", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/chunked-blob-reader-native@3.0.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40smithy/chunked-blob-reader-native@3.0.0#packages/chunked-blob-reader-native", - "externalReferences": [ - { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader-native", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader-native", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5439290985bea5e4ae338cc98a9e560dfaaf836328fdef32c4ebf7545d66d75cbb07c28a30a545b666560dedfa16f93cac6b96acf6471d767bad1eee339c96ca" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/chunked-blob-reader-native" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "chunked-blob-reader", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/chunked-blob-reader@3.0.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40smithy/chunked-blob-reader@3.0.0#packages/chunked-blob-reader", - "externalReferences": [ - { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b1b9d4442c231748124e81a5b0188099dd654429929fbda7bbd6b17c9bb9948c7a4541201eee86c1331ba827614128b43ee99c9b9bc5c6c8bd5d65dbda64daa0" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/chunked-blob-reader" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "hash-stream-node", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/hash-stream-node@3.0.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40smithy/hash-stream-node@3.0.0#packages/hash-stream-node", - "externalReferences": [ - { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-stream-node", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-stream-node", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2748bb75ef848170c41884c3e1fc7398c5fc0b208d1134c84579718cc88d52fbeeefa5e7dc6277d70411f39ca794f936c08d65aa892700525a0f57e234395b20" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/hash-stream-node" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "md5-js", - "group": "@smithy", - "version": "3.0.0", - "bom-ref": "@smithy/md5-js@3.0.0", - "author": "AWS SDK for JavaScript Team", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40smithy/md5-js@3.0.0#packages/md5-js", - "externalReferences": [ - { - "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/md5-js", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/md5-js", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/awslabs/smithy-typescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4e6d2faeb5738e50fee910904f1ec3dcbb39f12dc5507d590ad53530887fa9099a3a8d47f6530dd9ab3a0a291c13081ab6d9c0f5251149da09276ef131c11f30" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@smithy/md5-js" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "confirm", - "group": "@inquirer", - "version": "3.1.9", - "bom-ref": "@inquirer/confirm@3.1.9", - "author": "Simon Boudrias", - "description": "Inquirer confirm prompt", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40inquirer/confirm@3.1.9", - "externalReferences": [ - { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/confirm/README.md", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-3.1.9.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "505d3d69e8f10a2e17aa6e8dfe32408855c0ad77e2f5a979d8015a483fb6b881e78591ad77577a94819344c3e8b95489c5b1848be1e43964986a2118ffeb3353" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/confirm" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "core", - "group": "@inquirer", - "version": "8.2.2", - "bom-ref": "@inquirer/core@8.2.2", - "author": "Simon Boudrias", - "description": "Core Inquirer prompt API", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40inquirer/core@8.2.2", - "externalReferences": [ - { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/core/README.md", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@inquirer/core/-/core-8.2.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2bc4ae357e398c41655f7101269bbd07e4b64c84b330f197648b89f4c13ddb84aa6dd5ba3ede9f2242af5e0ee638438a2785b1a50b318f45137dc2ff038df85b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/core" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "figures", - "group": "@inquirer", - "version": "1.0.3", - "bom-ref": "@inquirer/figures@1.0.3", - "author": "Simon Boudrias", - "description": "Vendored version of figures, for CJS compatibility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40inquirer/figures@1.0.3", - "externalReferences": [ - { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "12b5d7cc434c1f9a49b79fecb175740df59466a972f271b37f451c055f714e73fe2b27df1369aacb120c06b67c8a341c9369d4d13426e34110079dd8adec961f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/figures" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "type", - "group": "@inquirer", - "version": "1.3.3", - "bom-ref": "@inquirer/type@1.3.3", - "author": "Simon Boudrias", - "description": "Inquirer core TS types", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40inquirer/type@1.3.3", - "externalReferences": [ - { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@inquirer/type/-/type-1.3.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c5352dd0dba5ca55f6effcccc74e1961aaff92bd6b69a8854d5bd0e5f7a58d0b22020766d163e3e12ef7ff27b47dbb2587ed7942b22e0ef7c25d37a4ee9318e4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/type" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "mute-stream", - "group": "@types", - "version": "0.0.4", - "bom-ref": "@types/mute-stream@0.0.4", - "description": "TypeScript definitions for mute-stream", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/mute-stream@0.0.4#types/mute-stream", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mute-stream", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mute-stream", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/mute-stream/-/mute-stream-0.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "08f33d9f3ac23cf24740d03d91e1fd09591523e591e6431afbb5c4b398dc190d15a001a72efdb8db0f252158300047e6138a2e7c945a4dcf4f34b425d22a00a3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/mute-stream" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "wrap-ansi", - "group": "@types", - "version": "3.0.0", - "bom-ref": "@types/wrap-ansi@3.0.0", - "description": "TypeScript definitions for wrap-ansi", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/wrap-ansi@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "96d229c7e90cee0fcc2d165f91b2fb12c0848dfcc271270ba64837ede5c4b71e649ab00a0644c9c1dd462008c348bf304e933a1f39f960ee2949bf75044c2ed6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/wrap-ansi" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "input", - "group": "@inquirer", - "version": "2.1.9", - "bom-ref": "@inquirer/input@2.1.9", - "author": "Simon Boudrias", - "description": "Inquirer input text prompt", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40inquirer/input@2.1.9", - "externalReferences": [ - { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/input/README.md", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@inquirer/input/-/input-2.1.9.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d714c21e621ee3cc7d086d7ef209401eb555747f907d887380151b832a15a69e4da2f9d78117234a7fd236e95ea717fd3a5f070eade0cf0dd908052bfa1d44ca" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/input" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "select", - "group": "@inquirer", - "version": "2.3.5", - "bom-ref": "@inquirer/select@2.3.5", - "author": "Simon Boudrias", - "description": "Inquirer select/list prompt", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40inquirer/select@2.3.5", - "externalReferences": [ - { - "url": "git+https://github.com/SBoudrias/Inquirer.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/select/README.md", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/SBoudrias/Inquirer.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@inquirer/select/-/select-2.3.5.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "232063f2812d99d1761b1e052533ed1326b7ecc0fab342804cab07aa09a5b3494aec441b8584aaf46425705aba701b187bf720434160d9c0aa6183e2fddfdfc5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/select" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "plugin-not-found", - "group": "@oclif", - "version": "3.2.1", - "bom-ref": "@oclif/plugin-not-found@3.2.1", - "author": "Salesforce", - "description": "\"did you mean\" for oclif", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40oclif/plugin-not-found@3.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/oclif/plugin-not-found.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/oclif/plugin-not-found", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/oclif/plugin-not-found/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@oclif/plugin-not-found/-/plugin-not-found-3.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "63617258b133893ae0750c1de0bb59718bf754e31e0e15b4a56ea16c4d2eddf25dc6cf1fdc92df38724f77c14fa2b56dda576c6a3e3371751603abcc40a78a6d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-not-found" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "fast-levenshtein", - "version": "3.0.0", - "bom-ref": "fast-levenshtein@3.0.0", - "author": "Ramesh Nair", - "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fast-levenshtein@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/hiddentao/fast-levenshtein.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/hiddentao/fast-levenshtein#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/hiddentao/fast-levenshtein/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "84a28d6a39b8eae3664e58474b2664993a00739eae649c18abbcab722663a8ec6795f4301110d02661cf529ee6d66f70c7cbe039ef08682299e4abf69350dd09" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/fast-levenshtein" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "fastest-levenshtein", - "version": "1.0.16", - "bom-ref": "fastest-levenshtein@1.0.16", - "author": "Kasper U. Weihe", - "description": "Fastest Levenshtein distance implementation in JS.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fastest-levenshtein@1.0.16", - "externalReferences": [ - { - "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ka-weihe/fastest-levenshtein#README", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7919c2b534ed199169402c2126250ebb13d05915d52980e7d1bd8f7877d72fafd98b9dd22c0cc01df5615562b602bc82fd61f4e6419fc611483ef4c5d125d0ce" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/fastest-levenshtein" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "async-retry", - "version": "1.3.3", - "bom-ref": "async-retry@1.3.3", - "description": "Retrying made simple, easy and async", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/async-retry@1.3.3", - "externalReferences": [ - { - "url": "git+https://github.com/vercel/async-retry.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/vercel/async-retry#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/vercel/async-retry/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c1faff8ecb70f71362ff4b5e307ad15bb76ccf72ede4046160d6767b0a5a76785a229e666c02e13803fe10076c0bbb7867ac2ab0356ff7e5ba826d4393d984cb" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/async-retry" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "retry", - "version": "0.13.1", - "bom-ref": "retry@0.13.1", - "author": "Tim Koschützki", - "description": "Abstraction for exponential and custom retry strategies for failed operations.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/retry@0.13.1", - "externalReferences": [ - { - "url": "git://github.com/tim-kos/node-retry.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/tim-kos/node-retry", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/tim-kos/node-retry/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5d0050dc8f16d4281ed127a1fba8238f4dcb6e64455aea2cce02bda280a9c1822b861a0ef34a5fab8714914e439249f07ce7c5b5e470959e7a3d838663215676" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/retry" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "change-case", - "version": "4.1.2", - "bom-ref": "change-case@4.1.2", - "author": "Blake Embrey", - "description": "Transform a string between `camelCase`, `PascalCase`, `Capital Case`, `snake_case`, `param-case`, `CONSTANT_CASE` and others", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/change-case@4.1.2", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/change-case/-/change-case-4.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "6d2c58db0b3d3adbe220b1b51226392bb34dc64aa0fc99d19c5c4bb4a43de896af8a22318bb76332b49dd04093f400be96db429666302b0e77056a4e31b968ec" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/change-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "camel-case", - "version": "4.1.2", - "bom-ref": "camel-case@4.1.2", - "author": "Blake Embrey", - "description": "Transform into a string with the separator denoted by the next word capitalized", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/camel-case@4.1.2", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "83119606b4d3d49b8cc7a47ea393d35cc9949e19d5ccb43d48dbad0f862a2ad23a6a9f3deedded28409895aea0096124a655e794dc9b124660f46106c4a14283" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/camel-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "pascal-case", - "version": "3.1.2", - "bom-ref": "pascal-case@3.1.2", - "author": "Blake Embrey", - "description": "Transform into a string of capitalized words without separators", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/pascal-case@3.1.2", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/pascal-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b969464f76129caf71dc140968e75c670ae757a84fa5df23147d7fb9ca622d13e1ff6cc2549292d7d1381af607bda09c0029f77e85d9d1c2c1f56af1d4a19ee6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/pascal-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "capital-case", - "version": "1.0.4", - "bom-ref": "capital-case@1.0.4", - "author": "Blake Embrey", - "description": "Transform into a space separated string with each word capitalized", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/capital-case@1.0.4", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/capital-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/capital-case/-/capital-case-1.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "76cdfb5bc0b2b478309e11864e2f3ca5c3f2475e6aa0d90ea58c2630c7e75aaa9680449aa4baaf0f1ea1b858d0e6fa964a7d99d3ad7bdd7340ecbb4c39e521d4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/capital-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "no-case", - "version": "3.0.4", - "bom-ref": "no-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into a lower cased string with spaces between words", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/no-case@3.0.4", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/no-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7e000dde318087e468c541991d348e2c922a51cdb09a8070191e2d6e93402a69a8bc5a16ab439d4646f456495d45e3b66b68814ff384ba51bd5d251cd74af7ce" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/no-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "upper-case-first", - "version": "2.0.2", - "bom-ref": "upper-case-first@2.0.2", - "author": "Blake Embrey", - "description": "Transforms the string with the first character in upper cased", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/upper-case-first@2.0.2", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case-first#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/upper-case-first/-/upper-case-first-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e75e29a581c168ac1f2512bfa4d0ba73f3b17c66b4a1b4a7025d74eaef7b11dd08eb6e4d8a7f7a2808edb5917a64bdded572eda61c67aab3a2f625a09bebbe6e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/upper-case-first" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "constant-case", - "version": "3.0.4", - "bom-ref": "constant-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into upper case string with an underscore between words", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/constant-case@3.0.4", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/constant-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/constant-case/-/constant-case-3.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "236852062ed5becec112e243af97431dfcdbfd1ba3dc5caf17287b28b8a5023350c3705efb182a5010365bab1c54470bd212f57703d1b48a843d55022a44acc9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/constant-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "upper-case", - "version": "2.0.2", - "bom-ref": "upper-case@2.0.2", - "author": "Blake Embrey", - "description": "Transforms the string to upper case", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/upper-case@2.0.2", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/upper-case/-/upper-case-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2a07600c626dd93a6ec015088e01ba973c36196151096f5091f922bf40f1a871cb6091e6b6675420a71977cac78054a3a29553970ea08330a6d5bf0c150c2292" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/upper-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "dot-case", - "version": "3.0.4", - "bom-ref": "dot-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into a lower case string with a period between words", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/dot-case@3.0.4", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/dot-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2afe672a587ac91addac6bf1789d9ee72d9e454a64528b085b8036012dfccf04b3dbbceeeee7c3c103e2e4986cdd702518d7ad9776e69c6850b0cb642899e3df" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/dot-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "header-case", - "version": "2.0.4", - "bom-ref": "header-case@2.0.4", - "author": "Blake Embrey", - "description": "Transform into a dash separated string of capitalized words", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/header-case@2.0.4", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/header-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/header-case/-/header-case-2.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "1ffbee9394c4115670ad1d25a76cde77d382a35b8020b325c742443200b6eabcf2249dcdd6fe979301c75c941d4767684a37063cce8e28f6282607f4a65275d5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/header-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "lower-case", - "version": "2.0.2", - "bom-ref": "lower-case@2.0.2", - "author": "Blake Embrey", - "description": "Transforms the string to lower case", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/lower-case@2.0.2", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/lower-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "edf9b797734017d59f37a5b724e99fe5daf0a55a97efc26da0627703a5b46ba66795d338d70d9f5790f8f74a6c2854e931db3c4c9b1efde1cb145b0d1c78c782" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/lower-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "param-case", - "version": "3.0.4", - "bom-ref": "param-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into a lower cased string with dashes between words", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/param-case@3.0.4", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/param-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "457963ef3098a2445ea96a4e3c7f68622bd4ccb619e6f00f21f1260933558a8b02efc17c1741fdcbb4fb806d8cdfdca682eb7117981c144b326504a987d069dc" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/param-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "path-case", - "version": "3.0.4", - "bom-ref": "path-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into a lower case string with slashes between words", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/path-case@3.0.4", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/path-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/path-case/-/path-case-3.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a8ee2a0858d7a954eb71b3edfe141f85343e56116ca8d28e3edcad80d2a42b14a8129dd73d443c39b16e78fca5388a24e608e7ebdaf2f178942f10b0a2ddd67e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/path-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "sentence-case", - "version": "3.0.4", - "bom-ref": "sentence-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into a lower case with spaces between words, then capitalize the string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/sentence-case@3.0.4", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/sentence-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f0b4b42489da40c091a10ed8532b40a3fc54bb95b65e74315761c8ffab8ce94ec22134b546a3c496bdf457ab88ab230a33d949191545cb9ff80aecdc8b13584a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/sentence-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "snake-case", - "version": "3.0.4", - "bom-ref": "snake-case@3.0.4", - "author": "Blake Embrey", - "description": "Transform into a lower case string with underscores between words", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/snake-case@3.0.4", - "externalReferences": [ - { - "url": "git://github.com/blakeembrey/change-case.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/tree/master/packages/snake-case#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/blakeembrey/change-case/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2c03a1e33f3d6c642f97da457cd17c575e3a8bba3bfc2a853dbab36203fec98cc3203792f4768d16d5c005a9915be010cc454e0dcbc4efd96327ef1af5849d32" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/snake-case" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "find-yarn-workspace-root", - "version": "2.0.0", - "bom-ref": "find-yarn-workspace-root@2.0.0", - "author": "Square, Inc.", - "description": "Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/find-yarn-workspace-root@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/square/find-yarn-workspace-root.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/square/find-yarn-workspace-root#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/square/find-yarn-workspace-root/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d483276e3b782b3b107e7867ccd77cc141205d9e3823365a6669cb631ec3e45665687b76816db40ab8bc43e13fb79b488f8f9ea5306e6fed99c6efef3482f3a9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/find-yarn-workspace-root" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "github-slugger", - "version": "2.0.0", - "bom-ref": "github-slugger@2.0.0", - "author": "Dan Flettre", - "description": "Generate a slug just like GitHub does for markdown headings.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/github-slugger@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/Flet/github-slugger.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Flet/github-slugger", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/Flet/github-slugger/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/github-slugger/-/github-slugger-2.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "21a390f69b98b63ae4abb63462097d283667adffda89425852955ff3dcbc9326b16d11bb6354ab5ff8daba6aeff35bdceb5fa488c7a6a6e8ec337630ef0e6a73" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/github-slugger" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "got", - "version": "13.0.0", - "bom-ref": "got@13.0.0", - "description": "Human-friendly and powerful HTTP request library for Node.js", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/got@13.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/got.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/got#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/got/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5df064d42c4e39270370cafd3b5c8a90d690cb2f3ae4d6d8b3e17b76be07d0b64c5600a3d8b7b9f64e8fa9b347a0be53a1e684414621e9ceb231f55c73a489c4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/got" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "is", - "group": "@sindresorhus", - "version": "5.6.0", - "bom-ref": "@sindresorhus/is@5.6.0", - "author": "Sindre Sorhus", - "description": "Type check values", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40sindresorhus/is@5.6.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/is.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/is#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/is/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "4d5eedf062986895ac9f4d2d143a81c3cf94aa6afc0347d1535b6f4d08726731afd2c24219140bdc918c237b9cb8aa375c865d50ff8bc7bfe0876b7795ec32ee" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@sindresorhus/is" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "http-timer", - "group": "@szmarczak", - "version": "5.0.1", - "bom-ref": "@szmarczak/http-timer@5.0.1", - "author": "Szymon Marczak", - "description": "Timings for HTTP requests", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40szmarczak/http-timer@5.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/szmarczak/http-timer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/szmarczak/http-timer#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/szmarczak/http-timer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f8f9905f43e20183cc79561edb7ecb24062f38c616d63dab1f96113b24b76f8093549ba6df81df46f2af033a331c0406d139c735d51f63d9c2794c9102cfff73" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@szmarczak/http-timer" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "defer-to-connect", - "version": "2.0.1", - "bom-ref": "defer-to-connect@2.0.1", - "author": "Szymon Marczak", - "description": "The safe way to handle the `connect` socket event", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/defer-to-connect@2.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/szmarczak/defer-to-connect.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/szmarczak/defer-to-connect#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/szmarczak/defer-to-connect/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e2dbedb5ea571b555a606ad189b93913025dd6de2e76e9d239531d2d200bea621dd62c78dfca0fc0f64c00b638d450a28ee90ed4bd2dc0d706b1dcd2edd1e00e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/defer-to-connect" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "cacheable-lookup", - "version": "7.0.0", - "bom-ref": "cacheable-lookup@7.0.0", - "author": "Szymon Marczak", - "description": "A cacheable dns.lookup(…) that respects TTL", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/cacheable-lookup@7.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/szmarczak/cacheable-lookup.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/szmarczak/cacheable-lookup#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/szmarczak/cacheable-lookup/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "faa272c78c622ab6bc999adcc218cc44c5210f9351d51f1eb0f933218c57f7a26279c168c405c5bb3fc6a51dfe7afe0f13559a9878a9efcc15d2f7263d0b69f3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/cacheable-lookup" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "cacheable-request", - "version": "10.2.14", - "bom-ref": "cacheable-request@10.2.14", - "author": "Jared Wray", - "description": "Wrap native HTTP requests with RFC compliant cache support", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/cacheable-request@10.2.14", - "externalReferences": [ - { - "url": "git+https://github.com/jaredwray/cacheable.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jaredwray/cacheable#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jaredwray/cacheable/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ce40d3e56005e21492a148327e0e6d148c73f1740afb6e56fd32d5a2325330a05ac5ebcb041b4bc60aa0b80b95401f0f556efd1558c7714f8627db556c367d99" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/cacheable-request" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "http-cache-semantics", - "group": "@types", - "version": "4.0.4", - "bom-ref": "@types/http-cache-semantics@4.0.4", - "description": "TypeScript definitions for http-cache-semantics", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/http-cache-semantics@4.0.4#types/http-cache-semantics", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-cache-semantics", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-cache-semantics", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d66d1b20555cede256caf7bd4b4467b9181c42a17f5dde50b1464065e405af5437fe9f495a841012a995cbe0cf4cda465f086021eb40a1817c252737deadbd40" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/http-cache-semantics" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "http-cache-semantics", - "version": "4.1.1", - "bom-ref": "http-cache-semantics@4.1.1", - "author": "Kornel Lesiński", - "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/http-cache-semantics@4.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/kornelski/http-cache-semantics.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kornelski/http-cache-semantics#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kornelski/http-cache-semantics/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7abdbde4328f56c57cda3e64c351a3b7e00303f5d81ec6a397cd9c18d406d9eca83e4be05215fe9c32327a5ce12166dbb173f7f441dc23a979b58b36158a985d" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/http-cache-semantics" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "mimic-response", - "version": "4.0.0", - "bom-ref": "mimic-response@4.0.0", - "author": "Sindre Sorhus", - "description": "Mimic a Node.js HTTP response stream", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/mimic-response@4.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/mimic-response.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/mimic-response#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/mimic-response/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7b92121fdc4c614d03ceb4fe8e5f2adb37bd0fa79606da3e23c08da5ef9523e2b627f17f9373dd91d4ddcf8c2f1951f8353a68f8d4584d522e31010c31cb0baa" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/mimic-response" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "normalize-url", - "version": "8.0.1", - "bom-ref": "normalize-url@8.0.1", - "author": "Sindre Sorhus", - "description": "Normalize a URL", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/normalize-url@8.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/normalize-url.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/normalize-url#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/normalize-url/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "20ef50be350c5b13d0421b3ad283aed740919160a26734949336d718657da6f8989757d761cbe4cd0e6357dcfc63aba7f0046855197812d0babfa8cda9b689ff" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/normalize-url" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "responselike", - "version": "3.0.0", - "bom-ref": "responselike@3.0.0", - "author": "Luke Childs", - "description": "A response-like object for mocking a Node.js HTTP response stream", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/responselike@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/responselike.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/responselike#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/responselike/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "e34c87c5b35c976fabcd7bd9b9592b62885ab61b122653135caaf21b9cbcb9c887bf5fb10cb1d0a608c6eb82543bd9eb12ada318b1fa219f01719cb0df0af07a" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/responselike" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "decompress-response", - "version": "6.0.0", - "bom-ref": "decompress-response@6.0.0", - "author": "Sindre Sorhus", - "description": "Decompress a HTTP response if needed", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/decompress-response@6.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/decompress-response.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/decompress-response#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/decompress-response/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "696df9c9933a05bff8a099599dc307d8b0a866d2574d1c444b5eef137868462a305369161da24a1644810e70d1f9c9bd27ef5085799113221fbf4a638bd7a309" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/decompress-response" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "form-data-encoder", - "version": "2.1.4", - "bom-ref": "form-data-encoder@2.1.4", - "author": "Nick K.", - "description": "Encode FormData content into the multipart/form-data format", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/form-data-encoder@2.1.4", - "externalReferences": [ - { - "url": "git+https://github.com/octet-stream/form-data-encoder.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/octet-stream/form-data-encoder#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/octet-stream/form-data-encoder/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "c8361280d32b6aabe7c621173b8862f3cf986716870ba40acdbe4df388910930de44eed900ba62aff95599ffee5d4867c14af63b81d4f2cfe7eb1fb23634241f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/form-data-encoder" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "http2-wrapper", - "version": "2.2.1", - "bom-ref": "http2-wrapper@2.2.1", - "author": "Szymon Marczak", - "description": "HTTP2 client, just with the familiar `https` API", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/http2-wrapper@2.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/szmarczak/http2-wrapper.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/szmarczak/http2-wrapper#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/szmarczak/http2-wrapper/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "5799d5c353c03a07c8dcb99e6a3d84c667a0edf7a78e1454833d653d27b3cb50ae84f61b810b5b423e2365f10010c95a2febeea6cbe18ea0b28f3a1bd32c6c99" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/http2-wrapper" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "resolve-alpn", - "version": "1.2.1", - "bom-ref": "resolve-alpn@1.2.1", - "author": "Szymon Marczak", - "description": "Detects the ALPN protocol", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/resolve-alpn@1.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/szmarczak/resolve-alpn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/szmarczak/resolve-alpn#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/szmarczak/resolve-alpn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "d1ad45e25ef7fd915939a9099d0dc5be4276fa0493416cffaf6284e4e7436344f13e6e61e0692a91659f338ed3ec7b1b9ceb5c255105e1ea42572eaeed0dcafa" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/resolve-alpn" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "lowercase-keys", - "version": "3.0.0", - "bom-ref": "lowercase-keys@3.0.0", - "author": "Sindre Sorhus", - "description": "Lowercase the keys of an object", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/lowercase-keys@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/lowercase-keys.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/lowercase-keys#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/lowercase-keys/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "a33082ea0750fa0957390b2f78a0f462c0f2f034901630d3cf8cf2cc41cd579f893f90fad8b99f0d9ea8d5cc9c171f68b86f78d0ce5d13c0bc0937b0763d9859" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/lowercase-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "p-cancelable", - "version": "3.0.0", - "bom-ref": "p-cancelable@3.0.0", - "author": "Sindre Sorhus", - "description": "Create a promise that can be canceled", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/p-cancelable@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/p-cancelable.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/p-cancelable#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/p-cancelable/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9a55604773c6bb3968d0c993764e1c5ea5d69704032e738d4c083ab26eb65e430912247137718bdd27df918beac289db90905cac8ed4befe5987dca3be7da253" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/p-cancelable" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "normalize-package-data", - "version": "6.0.1", - "bom-ref": "normalize-package-data@6.0.1", - "author": "GitHub Inc.", - "description": "Normalizes data that can be found in package.json files.", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/normalize-package-data@6.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/npm/normalize-package-data.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/normalize-package-data#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/npm/normalize-package-data/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "eabbc27de456f8e1196a0001e2530b48db933586562d5b4a71c2bbf554937ffff24d8e5538281ca47f343be6d92bc35ea6cee95277791be425320d7257fda265" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/normalize-package-data" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "spdx-correct", - "version": "3.2.0", - "bom-ref": "spdx-correct@3.2.0", - "description": "correct invalid SPDX expressions", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/spdx-correct@3.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/jslicense/spdx-correct.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jslicense/spdx-correct.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jslicense/spdx-correct.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "90df5d25bbe7c921d42c896e0c7cb7d961d152edce83b07db1b63bb6c14b72d42422a9cc877844ad881d3234d8baa99c5d7fa52b94f596752ddc6ef336cc2664" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/spdx-correct" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "spdx-expression-parse", - "version": "3.0.1", - "bom-ref": "spdx-expression-parse@3.0.1", - "author": "Kyle E. Mitchell", - "description": "parse SPDX license expressions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/spdx-expression-parse@3.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/spdx-expression-parse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "spdx-license-ids", - "version": "3.0.17", - "bom-ref": "spdx-license-ids@3.0.17", - "author": "Shinnosuke Watanabe", - "description": "A list of SPDX license identifiers", - "licenses": [ - { - "license": { - "id": "CC0-1.0" - } - } - ], - "purl": "pkg:npm/spdx-license-ids@3.0.17", - "externalReferences": [ - { - "url": "git+https://github.com/jslicense/spdx-license-ids.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/jslicense/spdx-license-ids#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/jslicense/spdx-license-ids/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b21f0f59cfdfb4ca8001d16206ee85cba2543988ea0c9049bc88697c33321ebaf445ba7996266a7784e3b50fd181f2e328565bf8b331e61a66979a8e5b2d2abe" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/spdx-license-ids" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "spdx-exceptions", - "version": "2.5.0", - "bom-ref": "spdx-exceptions@2.5.0", - "author": "The Linux Foundation", - "description": "list of SPDX standard license exceptions", - "licenses": [ - { - "license": { - "id": "CC-BY-3.0" - } - } - ], - "purl": "pkg:npm/spdx-exceptions@2.5.0", - "externalReferences": [ - { - "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "3e2538dabfb13b851b512d5bba8dcb3c992394eef8df45e7e5254085da73cec3c7b236d855f9679c57404e069b9cbb9d7be0aabb6e69e8dfa0da5c3f3c5b1ae3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/spdx-exceptions" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "sort-package-json", - "version": "2.10.0", - "bom-ref": "sort-package-json@2.10.0", - "author": "Keith Cirkel", - "description": "Sort an Object or package.json based on the well-known package.json keys", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/sort-package-json@2.10.0", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/keithamus/sort-package-json.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/keithamus/sort-package-json#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/keithamus/sort-package-json/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-2.10.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "31879c7ef39b3302638c9b2487161fb8e003917a7564c3270850bcca1a7ef470ec93b1e1477dfa85dede881b3dea54d77e2aa650d23e59009e08c441865db9d6" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/sort-package-json" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "detect-indent", - "version": "7.0.1", - "bom-ref": "detect-indent@7.0.1", - "author": "Sindre Sorhus", - "description": "Detect the indentation of code", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/detect-indent@7.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/detect-indent.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/detect-indent#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/detect-indent/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/detect-indent/-/detect-indent-7.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "31ced0850f2cf9c2eb9d47d4fc98bde2f1bfafc336ea6f1ffbebf2adeb38668a236910e9675792221fc4a732cdc255aebf3499dd46c316ca6316f4c35dee9efe" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/detect-indent" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "get-stdin", - "version": "9.0.0", - "bom-ref": "get-stdin@9.0.0", - "author": "Sindre Sorhus", - "description": "Get stdin as a string or buffer", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/get-stdin@9.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/get-stdin.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/get-stdin#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/get-stdin/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "7552818df5a2b0b02271aac8d927fe26e044fc382157853334055ef7284426ecde44477726139313d7146894de49aefb7ec6d050ade970ea497cce7df9529968" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/get-stdin" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "git-hooks-list", - "version": "3.1.0", - "bom-ref": "git-hooks-list@3.1.0", - "author": "fisker Cheung", - "description": "List of Git hooks", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/git-hooks-list@3.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/fisker/git-hooks-list.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fisker/git-hooks-list#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fisker/git-hooks-list/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-3.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "2c5f15787791eeffb001b5ea7e04654d25ffd41251f50d6f10c47c240cf570483a197d3bfb3ca3dec01d0ef6238ffc679487d5b86823e2a05e8b52b784a1fe3c" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/git-hooks-list" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "sort-object-keys", - "version": "1.1.3", - "bom-ref": "sort-object-keys@1.1.3", - "author": "Keith Cirkel", - "description": "Sort an object's keys, including an optional key list", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/sort-object-keys@1.1.3", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/keithamus/sort-object-keys.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/keithamus/sort-object-keys#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/keithamus/sort-object-keys/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f39e69bcaf95914ecf68a60f73e2639e6b781337a3407ca1845df7ab7d6a1bcc7b99a0f391e1610004e174261acb5d422123bea803308ce04ff9f3d97b420fca" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/sort-object-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "tiny-jsonc", - "version": "1.0.1", - "bom-ref": "tiny-jsonc@1.0.1", - "description": "An absurdly small JSONC parser.", - "purl": "pkg:npm/tiny-jsonc@1.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/fabiospampinato/jsonc-simple-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fabiospampinato/jsonc-simple-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fabiospampinato/jsonc-simple-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tiny-jsonc/-/tiny-jsonc-1.0.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8a4e810b1cef6bd0e88847c35ff962d0bd9c58a3cf10d62f8b1529ac5765dd83e2e1b6595210e7348f5852469caeffae206f74767c51e6636a6a80fa5210fa07" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tiny-jsonc" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "open", - "version": "10.1.0", - "bom-ref": "open@10.1.0", - "author": "Sindre Sorhus", - "description": "Open stuff like URLs, files, executables. Cross-platform.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/open@10.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/open.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/open#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/open/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/open/-/open-10.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "9a791e435a8fe547b6c1df9a8af4c3dcd1ddfe567de8bbb48e07f4a7092d2cfb71e9c4d9887eedc9e191447b34cd7d2b6eb6a15cf9d79549db797c9a041b886b" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/open" - } - ] - }, - { - "type": "library", - "name": "default-browser", - "version": "5.2.1", - "bom-ref": "default-browser@5.2.1", - "author": "Sindre Sorhus", - "description": "Get the default browser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/default-browser@5.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/default-browser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/default-browser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/default-browser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "598ff74d4304d31dca3d875147110926f5d11d5e0fc8fa14b31b596bbf25c08b7045044785dd94f713ac71a4ff6137fcb825c8023789385055121ffb16d0fc5e" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/default-browser" - } - ] - }, - { - "type": "library", - "name": "bundle-name", - "version": "4.1.0", - "bom-ref": "bundle-name@4.1.0", - "author": "Sindre Sorhus", - "description": "Get bundle name from a bundle identifier (macOS): `com.apple.Safari` → `Safari`", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/bundle-name@4.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/bundle-name.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/bundle-name#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/bundle-name/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "b63c0ce5ec4c83a046448fa43664e7b4db2f7594b55fc045612ead9c9da1747d2457133afde559db1cbe16a4ad496bd89ad7c53032c8c6eae8ac7c0329f0f3e5" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/bundle-name" - } - ] - }, - { - "type": "library", - "name": "run-applescript", - "version": "7.0.0", - "bom-ref": "run-applescript@7.0.0", - "author": "Sindre Sorhus", - "description": "Run AppleScript and get the result", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/run-applescript@7.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/run-applescript.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/run-applescript#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/run-applescript/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "f5bcb8223f7d254aff3021415240ca2d62b71bd1d55e669b2b3f54e4c948008bafbb39223a271162cf1724bc57fb16a10fe98b8a20980ea17d74a020b7328fd4" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/run-applescript" - } - ] - }, - { - "type": "library", - "name": "default-browser-id", - "version": "5.0.0", - "bom-ref": "default-browser-id@5.0.0", - "author": "Sindre Sorhus", - "description": "Get the bundle identifier of the default browser (macOS). Example: com.apple.Safari", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/default-browser-id@5.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/default-browser-id.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/default-browser-id#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/default-browser-id/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "03aa7fa6effa7f205c0354d1cff1aa5983d58a996b7ed716da0642f6aefd9e0342280791fd7de070475740797828d5d5fb7c20209d423e4250dc81ccea572cc8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/default-browser-id" - } - ] - }, - { - "type": "library", - "name": "define-lazy-prop", - "version": "3.0.0", - "bom-ref": "define-lazy-prop@3.0.0", - "author": "Sindre Sorhus", - "description": "Define a lazily evaluated property on an object", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/define-lazy-prop@3.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/define-lazy-prop.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/define-lazy-prop#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/define-lazy-prop/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "37e31e5d8a2aaf7a4e827f317f244f44437b8076a42d88e1b07856193ddf58088be08900b74883c35e108a2126d9b137d1ce575f9ab416d000dc22b97fdfc152" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/define-lazy-prop" - } - ] - }, - { - "type": "library", - "name": "is-inside-container", - "version": "1.0.0", - "bom-ref": "is-inside-container@1.0.0", - "author": "Sindre Sorhus", - "description": "Check if the process is running inside a container (Docker/Podman)", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-inside-container@1.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/is-inside-container.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/is-inside-container#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sindresorhus/is-inside-container/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "28860b08226085f1d9c6a8d8044eeb132d0e06e4dde710874bbb47560bc22e4c7b4ad2286b1c0d5b784200b80452315f79193e306fd0c66a7fbed113105ded44" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/is-inside-container" - } - ] - }, - { - "type": "library", - "name": "prompt-sync", - "version": "4.2.0", - "bom-ref": "prompt-sync@4.2.0", - "description": "a synchronous prompt for node.js", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/prompt-sync@4.2.0", - "externalReferences": [ - { - "url": "git+https://github.com/heapwolf/prompt-sync.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/heapwolf/prompt-sync#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/heapwolf/prompt-sync/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/prompt-sync/-/prompt-sync-4.2.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "06e133cdce73a6d3f92ec815e4c6444e30da29259f72197953d2ee8aef122a9ee26560f9b596a53b1bcd719470bfe776a61345afcc656f198535c44a7c93b327" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/prompt-sync" - } - ] - }, - { - "type": "library", - "name": "lodash.truncate", - "version": "4.4.2", - "bom-ref": "lodash.truncate@4.4.2", - "author": "John-David Dalton", - "description": "The lodash method `_.truncate` exported as a module.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/lodash.truncate@4.4.2", - "externalReferences": [ - { - "url": "git+https://github.com/lodash/lodash.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://lodash.com/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/lodash/lodash/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "8edb6645eedb46c7b9d8eb1620c0cb697c56a91026b4851c70043781aaef882a898da7d739f34c3b4c8c7cda5d0facdb19a4d4d0fe4dcfb7bb8004fa70a98947" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/lodash.truncate" - } - ] - }, - { - "type": "library", - "name": "tmp", - "version": "0.2.3", - "bom-ref": "tmp@0.2.3", - "author": "KARASZI István", - "description": "Temporary file and directory creator", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/tmp@0.2.3", - "externalReferences": [ - { - "url": "git+https://github.com/raszi/node-tmp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "http://github.com/raszi/node-tmp", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "http://github.com/raszi/node-tmp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ { - "alg": "SHA-512", - "content": "9d90fb9bd8823c2e60d2962671ac688182a08127cbb1dc65f287f743fa086ea0aa2cb20ef48005d065a35f5cfd3594473e25eff167b1e320c2699b20130d18f3" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tmp" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "ts-jest", - "version": "29.1.4", - "bom-ref": "ts-jest@29.1.4", - "author": "Kulshekhar Kabra", - "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ts-jest@29.1.4", - "externalReferences": [ - { - "url": "git+https://github.com/kulshekhar/ts-jest.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://kulshekhar.github.io/ts-jest", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/kulshekhar/ts-jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/shebang-regex@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/shebang-regex.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "6221f00e14af0a222da0082c2ada0b142b9a903cc3b09d432c39d2a2e4da4e674e70ec08912cdb2d776e690e8ce4345586e642fcd61a699fe6b476d632ffd2e9" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ts-jest" - } - ] - }, - { - "type": "library", - "name": "remapping", - "group": "@ampproject", - "version": "2.3.0", - "bom-ref": "@ampproject/remapping@2.3.0", - "author": "Justin Ridgewell", - "description": "Remap sequential sourcemaps through transformations to point at the original source code", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40ampproject/remapping@2.3.0", - "externalReferences": [ - { - "url": "git+https://github.com/ampproject/remapping.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/ampproject/remapping#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/ampproject/remapping/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", - "type": "distribution", - "hashes": [ + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, { - "alg": "SHA-512", - "content": "df4899b403e0cfe2d3218a1e8afa98a3ce777f4da305849de6e1a71a9905574337c4eb7d68def77ab920600999538df1e157ea7272f15bd2a98374792c2e1863" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@ampproject/remapping" - } - ] - }, - { - "type": "library", - "name": "js-tokens", - "version": "4.0.0", - "bom-ref": "js-tokens@4.0.0", - "author": "Simon Lydell", - "description": "A regex that tokenizes JavaScript.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/js-tokens@4.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/lydell/js-tokens.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/lydell/js-tokens#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/lydell/js-tokens/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", - "type": "distribution", - "hashes": [ + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, { - "alg": "SHA-512", - "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29" + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/js-tokens" - } - ] - }, - { - "type": "library", - "name": "helper-compilation-targets", - "group": "@babel", - "version": "7.23.6", - "bom-ref": "@babel/helper-compilation-targets@7.23.6", - "author": "The Babel Team", - "description": "Helper functions on Babel compilation targets", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helper-compilation-targets@7.23.6#packages/babel-helper-compilation-targets", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-compilation-targets", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/babel/babel#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ { - "alg": "SHA-512", - "content": "f49079e3c199a10566ceb160a7ca3b2b17609131a6eb1b3d0d6d28fcf8a6ef65038f3af939b510e99cd83ea03e83d3934b66c142872d2c9ae4cb444308059181" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-compilation-targets" - } - ] - }, - { - "type": "library", - "name": "compat-data", - "group": "@babel", - "version": "7.24.4", - "bom-ref": "@babel/compat-data@7.24.4", - "author": "The Babel Team", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/compat-data@7.24.4#packages/babel-compat-data", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-compat-data", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/babel/babel#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.4.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/isexe@2.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "be0f068a1d8c2cafa43a41c9a788011089326888b4d23816a2dd83f503a699f2c2f2320d48ece608bb5ae81bf3fc94810aa9de815d0bf348e1c64a25e4658d7d" + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/compat-data" - } - ] - }, - { - "type": "library", - "name": "helper-validator-option", - "group": "@babel", - "version": "7.23.5", - "bom-ref": "@babel/helper-validator-option@7.23.5", - "author": "The Babel Team", - "description": "Validate plugin/preset options", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helper-validator-option@7.23.5#packages/babel-helper-validator-option", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-option", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/babel/babel#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "npm@10.8.0|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ { - "alg": "SHA-512", - "content": "f39b6d00e30bb2be775605e44db931f2803a6137d3e2aeff1f35d22c46268dc49324f30f42dbead410fbf41c9ea79c4c5186c64731290ec8d47f7772a79e082b" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-validator-option" - } - ] - }, - { - "type": "library", - "name": "lru-cache", - "version": "5.1.1", - "bom-ref": "lru-cache@5.1.1", - "author": "Isaac Z. Schlueter", - "description": "A cache object that deletes the least-recently-used items.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/lru-cache@5.1.1", - "externalReferences": [ - { - "url": "git://github.com/isaacs/node-lru-cache.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/node-lru-cache#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/node-lru-cache/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/signal-exit@4.1.0?vcs_url=git%2Bhttps%3A//github.com/tapjs/signal-exit.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "2a9340450037230bfe8d3034bad51555bae1f8996baf516fd1ee7a186cc014e5cdedd93f16f89a0d6f0b1e62b9d8395c1f858fda7ea023cbcdd5a7ac045828f7" + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/lru-cache" - } - ] - }, - { - "type": "library", - "name": "yallist", - "version": "3.1.1", - "bom-ref": "yallist@3.1.1", - "author": "Isaac Z. Schlueter", - "description": "Yet Another Linked List", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/yallist@3.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/yallist.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/yallist#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/yallist/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "npm@10.8.0|jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ { - "alg": "SHA-512", - "content": "6b850641a58f1f9f663975189c01b67b09dc412e22e05e374efdc9a0033eb365430264bd36c2bc1a90cc2eb0873e4b054fb8772ba4cea14367da96fb4685f1e2" + "license": { + "id": "BlueOak-1.0.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/yallist" - } - ] - }, - { - "type": "library", - "name": "helper-module-transforms", - "group": "@babel", - "version": "7.23.3", - "bom-ref": "@babel/helper-module-transforms@7.23.3", - "author": "The Babel Team", - "description": "Babel helper functions for implementing ES6 module transformations", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helper-module-transforms@7.23.3#packages/babel-helper-module-transforms", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-transforms", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://babel.dev/docs/en/next/babel-helper-module-transforms", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/jackspeak@2.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/jackspeak.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "edb06ce040fd3a6b3075f0f3a73e0ca56812ad5ec55e5737cc86a0bcb1634b91fe324ed29ebdb5bd0e90c2bb2808631f342e1ee0b40f76850b12de32933d1245" + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-module-transforms" - } - ] - }, - { - "type": "library", - "name": "helper-environment-visitor", - "group": "@babel", - "version": "7.22.20", - "bom-ref": "@babel/helper-environment-visitor@7.22.20", - "author": "The Babel Team", - "description": "Helper visitor to only visit nodes in the current 'this' context", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helper-environment-visitor@7.22.20#packages/babel-helper-environment-visitor", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-environment-visitor", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://babel.dev/docs/en/next/babel-helper-environment-visitor", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jackspeak" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ { - "alg": "SHA-512", - "content": "cdf79d488cc585ab7f8058567c7b605af95e7349ea07d604215ae9bb08ebb8b9577d44a703c7090749a21cac2a0e743b777d9a2a8db1b7cf3fc59a6dc316df84" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-environment-visitor" - } - ] - }, - { - "type": "library", - "name": "helper-module-imports", - "group": "@babel", - "version": "7.24.3", - "bom-ref": "@babel/helper-module-imports@7.24.3", - "author": "The Babel Team", - "description": "Babel helper functions for inserting module loads", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helper-module-imports@7.24.3#packages/babel-helper-module-imports", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-imports", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://babel.dev/docs/en/next/babel-helper-module-imports", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/%40isaacs/cliui@8.0.2?vcs_url=git%2Bhttps%3A//github.com/yargs/cliui.git", + "externalReferences": [ { - "alg": "SHA-512", - "content": "be229bd05f5fdacd01092db6412177d3ccfffb5616295ffbea6c2deb5341cd2e62ccccc33f076ad694ebcdff8b8b79e90565fd29d41b91e0add6348033b959aa" + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-module-imports" - } - ] - }, - { - "type": "library", - "name": "helper-simple-access", - "group": "@babel", - "version": "7.22.5", - "bom-ref": "@babel/helper-simple-access@7.22.5", - "author": "The Babel Team", - "description": "Babel helper for ensuring that access to a given value is performed through simple accesses", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helper-simple-access@7.22.5#packages/babel-helper-simple-access", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-simple-access", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://babel.dev/docs/en/next/babel-helper-simple-access", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ { - "alg": "SHA-512", - "content": "9f41fdf44fcaf818a46b7fbe58d2f5ecf3afa38aca599ee5644a7543e7d2b556d48bc9f13d01013a54e608ec56ff426c4b9e9228a43ea2301eda91ca247377e7" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-simple-access" - } - ] - }, - { - "type": "library", - "name": "helper-split-export-declaration", - "group": "@babel", - "version": "7.22.6", - "bom-ref": "@babel/helper-split-export-declaration@7.22.6", - "author": "The Babel Team", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.22.6#packages/babel-helper-split-export-declaration", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-split-export-declaration", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/eastasianwidth@0.2.0?vcs_url=git%3A//github.com/komagata/eastasianwidth.git", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/eastasianwidth" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://babel.dev/docs/en/next/babel-helper-split-export-declaration", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ { - "alg": "SHA-512", - "content": "02c527c6e2e1458b22b0589a270be9d5017e2372a30f914ec6eb75e2afc6ce8bd47baa2b1cb7ac5b60bb77be789119b9de1e60aabcfab0597ab31738055b44fe" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-split-export-declaration" - } - ] - }, - { - "type": "library", - "name": "helpers", - "group": "@babel", - "version": "7.24.4", - "bom-ref": "@babel/helpers@7.24.4", - "author": "The Babel Team", - "description": "Collection of helper functions used by Babel transforms.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helpers@7.24.4#packages/babel-helpers", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helpers", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/color-convert@2.0.1?vcs_url=git%2Bhttps%3A//github.com/Qix-/color-convert.git", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-convert" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://babel.dev/docs/en/next/babel-helpers", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4?vcs_url=git%2Bssh%3A//git%40github.com/colorjs/color-name.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ { - "alg": "SHA-512", - "content": "15ec1d9596d28b06951a5813d433c0343b821da0cc88ea3e0ff2036111588c73aebfaeb131227b7d0c30383c113403e400320eff3d44a05fe5d810969560010f" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helpers" - } - ] - }, - { - "type": "library", - "name": "helper-function-name", - "group": "@babel", - "version": "7.23.0", - "bom-ref": "@babel/helper-function-name@7.23.0", - "author": "The Babel Team", - "description": "Helper function to change the property 'name' of every function", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helper-function-name@7.23.0#packages/babel-helper-function-name", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-function-name", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/ansi-styles@6.2.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://babel.dev/docs/en/next/babel-helper-function-name", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0?vcs_url=git%2Bssh%3A//git%40github.com/pkgjs/parseargs.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@pkgjs/parseargs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "path-scurry", + "version": "1.11.1", + "bom-ref": "npm@10.8.0|path-scurry@1.11.1", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.11.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/path-scurry.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-scurry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "npm@10.8.0|graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ { - "alg": "SHA-512", - "content": "384ac4aacaf18d94c97226783a8f9ea19a9e5bd50888e72e60a449038640815f66c80fa93978619a97cd08a8c41ff6ae55f11854527acb54dce2bd1e200a6a8b" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-function-name" - } - ] - }, - { - "type": "library", - "name": "helper-hoist-variables", - "group": "@babel", - "version": "7.22.5", - "bom-ref": "@babel/helper-hoist-variables@7.22.5", - "author": "The Babel Team", - "description": "Helper function to hoist variables", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helper-hoist-variables@7.22.5#packages/babel-helper-hoist-variables", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-hoist-variables", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/graceful-fs@4.2.11?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/graceful-fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://babel.dev/docs/en/next/babel-helper-hoist-variables", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "init-package-json", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|init-package-json@6.0.3", + "author": "GitHub Inc.", + "description": "A node module to get your node module started", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/init-package-json@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/init-package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/init-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/init-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/init-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/init-package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "promzard", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|promzard@1.0.2", + "author": "GitHub Inc.", + "description": "prompting wizardly", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promzard@1.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promzard.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promzard.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promzard#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promzard/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promzard" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "read", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|read@3.0.1", + "author": "GitHub Inc.", + "description": "read(1) for node programs", + "licenses": [ { - "alg": "SHA-512", - "content": "c068e4f50655cef92703ac8a2145116fccd8de0ad709c399b7effb59ccbc3b6b9cb7186996650f90e76582836199d55e7b673dd895db7f5c6932d54d6dfa3147" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-hoist-variables" - } - ] - }, - { - "type": "library", - "name": "helper-string-parser", - "group": "@babel", - "version": "7.24.1", - "bom-ref": "@babel/helper-string-parser@7.24.1", - "author": "The Babel Team", - "description": "A utility package to parse strings", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40babel/helper-string-parser@7.24.1#packages/babel-helper-string-parser", - "externalReferences": [ - { - "url": "git+https://github.com/babel/babel.git#packages/babel-helper-string-parser", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://babel.dev/docs/en/next/babel-helper-string-parser", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/babel/babel/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "purl": "pkg:npm/read@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/read.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ { - "alg": "SHA-512", - "content": "da87d10a39e703dcbec24f1bf4801112ba1e50fd36287a78df53769a12a78b2db22880caa5bac7bfd797c26f1c05e59061c266cefe6a282bbae4fe3b78217b09" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-string-parser" - } - ] - }, - { - "type": "library", - "name": "to-fast-properties", - "version": "2.0.0", - "bom-ref": "to-fast-properties@2.0.0", - "author": "Sindre Sorhus", - "description": "Force V8 to use fast properties for an object", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/to-fast-properties@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/to-fast-properties.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/validate-npm-package-license@3.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://github.com/sindresorhus/to-fast-properties#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-correct.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://github.com/sindresorhus/to-fast-properties/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "npm@10.8.0|spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "npm@10.8.0|spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ { - "alg": "SHA-512", - "content": "fce68a2b4c58aecdc39b1458a8bff20dcf85c455156210e55cc8519afdf3f75e70d87175b67375a26077e788fc55418efe16d1cf20fa637b00eefec64bf71ea2" + "license": { + "id": "CC0-1.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/to-fast-properties" - } - ] - }, - { - "type": "library", - "name": "gensync", - "version": "1.0.0-beta.2", - "bom-ref": "gensync@1.0.0-beta.2", - "author": "Logan Smyth", - "description": "Allows users to use generators in order to write common functions that can be both sync or async.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/gensync@1.0.0-beta.2", - "externalReferences": [ - { - "url": "git+https://github.com/loganfsmyth/gensync.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/spdx-license-ids@3.0.17?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-license-ids.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/loganfsmyth/gensync", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/validate-npm-package-name.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/loganfsmyth/gensync/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "is-cidr", + "version": "5.0.5", + "bom-ref": "npm@10.8.0|is-cidr@5.0.5", + "author": "silverwind", + "description": "Check if a string is an IP address in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/is-cidr@5.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/is-cidr.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/is-cidr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/is-cidr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/is-cidr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-cidr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "cidr-regex", + "version": "4.0.5", + "bom-ref": "npm@10.8.0|cidr-regex@4.0.5", + "author": "silverwind", + "description": "Regular expression for matching IP addresses in CIDR notation", + "licenses": [ { - "alg": "SHA-512", - "content": "de137b35ab2462f3032d0639e609d6dcd43e99eb0401ea53aa583e5446e3ef3cea10c055361cdc19861ea85a3f4e5633e9e42215ca751dcb0264efa71a04bcce" + "license": { + "id": "BSD-2-Clause" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/gensync" - } - ] - }, - { - "type": "library", - "name": "resolve-uri", - "group": "@jridgewell", - "version": "3.1.2", - "bom-ref": "@jridgewell/resolve-uri@3.1.2", - "author": "Justin Ridgewell", - "description": "Resolve a URI relative to an optional base URI", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/jridgewell/resolve-uri.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/cidr-regex@4.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/cidr-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/cidr-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cidr-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jridgewell/resolve-uri#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "ip-regex", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|ip-regex@5.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching IP addresses (IPv4 & IPv6)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-regex@5.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ip-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ip-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jridgewell/resolve-uri/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "libnpmaccess", + "version": "8.0.6", + "bom-ref": "npm@10.8.0|libnpmaccess@8.0.6", + "author": "GitHub Inc.", + "description": "programmatic library for `npm access` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmaccess@8.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmaccess", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmaccess", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmaccess", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmaccess/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmaccess" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "libnpmdiff", + "version": "6.1.2", + "bom-ref": "npm@10.8.0|libnpmdiff@6.1.2", + "author": "GitHub Inc.", + "description": "The registry diff", + "licenses": [ { - "alg": "SHA-512", - "content": "6d12128022233f6d3fb5b5923d63048b9e1054f45913192e0fd9492fe508c542adc15240f305b54eb6f58ccb354455e8d42053359ff98690bd42f98a59da292b" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@jridgewell/resolve-uri" - } - ] - }, - { - "type": "library", - "name": "load-nyc-config", - "group": "@istanbuljs", - "version": "1.1.0", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0", - "description": "Utility function to load nyc configuration", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", - "externalReferences": [ - { - "url": "git+https://github.com/istanbuljs/load-nyc-config.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/libnpmdiff@6.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmdiff", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmdiff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmdiff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/istanbuljs/load-nyc-config#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/binary-extensions.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/binary-extensions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/istanbuljs/load-nyc-config/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "npm@10.8.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0?vcs_url=git%3A//github.com/kpdecker/jsdiff.git", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "libnpmexec", + "version": "8.1.1", + "bom-ref": "npm@10.8.0|libnpmexec@8.1.1", + "author": "GitHub Inc.", + "description": "npm exec (npx) programmatic API", + "licenses": [ { - "alg": "SHA-512", - "content": "5637874a5233a6ffcdc83dcdd18b877d738f0c88b1700d6ad9957df30b0ca9c6253e6bf69f761bda560ff5730496768555783903b60b4de2eee95f38b900e399" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config" - } - ] - }, - { - "type": "library", - "name": "camelcase", - "version": "5.3.1", - "bom-ref": "camelcase@5.3.1", - "author": "Sindre Sorhus", - "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/camelcase@5.3.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/camelcase.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/libnpmexec@8.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmexec", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmexec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmexec" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/sindresorhus/camelcase#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "libnpmfund", + "version": "5.0.10", + "bom-ref": "npm@10.8.0|libnpmfund@5.0.10", + "author": "GitHub Inc.", + "description": "Programmatic API for npm fund", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmfund@5.0.10?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmfund", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmfund", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmfund" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/sindresorhus/camelcase/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "libnpmhook", + "version": "10.0.5", + "bom-ref": "npm@10.8.0|libnpmhook@10.0.5", + "author": "GitHub Inc.", + "description": "programmatic API for managing npm registry hooks", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmhook@10.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmhook", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmhook", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmhook" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "aproba", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|aproba@2.0.0", + "author": "Rebecca Turner", + "description": "A ridiculously light-weight argument validator (now browser friendly)", + "licenses": [ { - "alg": "SHA-512", - "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/camelcase" - } - ] - }, - { - "type": "library", - "name": "test-exclude", - "version": "6.0.0", - "bom-ref": "test-exclude@6.0.0", - "author": "Ben Coe", - "description": "test for inclusion or exclusion of paths using globs", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/test-exclude@6.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/istanbuljs/test-exclude.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/aproba@2.0.0?vcs_url=git%2Bhttps%3A//github.com/iarna/aproba.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/aproba.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/aproba", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/aproba/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aproba" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://istanbul.js.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "libnpmorg", + "version": "6.0.6", + "bom-ref": "npm@10.8.0|libnpmorg@6.0.6", + "author": "GitHub Inc.", + "description": "Programmatic api for `npm org` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmorg@6.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmorg", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmorg", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmorg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmorg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmorg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/istanbuljs/test-exclude/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "libnpmpack", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|libnpmpack@7.0.2", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm pack", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpack@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpack", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmpack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "libnpmpublish", + "version": "9.0.8", + "bom-ref": "npm@10.8.0|libnpmpublish@9.0.8", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm publish and unpublish", + "licenses": [ { - "alg": "SHA-512", - "content": "7001963c8c8e1d4eb396683cf23c26ed54725e730dee257af0e1806d80e4fcc87fc42fe9cd53e542d63a9e0a081ffe7fb5c8ae8467ef11253c1ab1eb7310f9eb" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/test-exclude" - } - ] - }, - { - "type": "library", - "name": "babel__generator", - "group": "@types", - "version": "7.6.8", - "bom-ref": "@types/babel__generator@7.6.8", - "description": "TypeScript definitions for @babel/generator", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/babel__generator@7.6.8#types/babel__generator", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__generator", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/libnpmpublish@9.0.8?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpublish", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpublish", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpublish", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpublish" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__generator", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "sigstore", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|sigstore@2.3.0", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/sigstore@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sigstore" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "bundle", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore bundle type", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/bundle@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/bundle" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "core", + "group": "@sigstore", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@sigstore/core@1.1.0", + "author": "bdehamer@github.com", + "description": "Base library for Sigstore", + "licenses": [ { - "alg": "SHA-512", - "content": "012b23fada440ec12216bd5aad6ae537a57799d7e344c66de8bb4afd5a7f92b7852e7af9407e7e0e1bc3e6720d6195f3c09bd7786abed398945dc03356ba96b7" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/babel__generator" - } - ] - }, - { - "type": "library", - "name": "babel__template", - "group": "@types", - "version": "7.4.4", - "bom-ref": "@types/babel__template@7.4.4", - "description": "TypeScript definitions for @babel/template", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/babel__template@7.4.4#types/babel__template", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__template", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/%40sigstore/core@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/core" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__template", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "sign", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore signing library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/sign@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/sign" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "verify", + "group": "@sigstore", + "version": "1.2.0", + "bom-ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "author": "bdehamer@github.com", + "description": "Verification of Sigstore signatures", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/verify@1.2.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/verify" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "libnpmsearch", + "version": "7.0.5", + "bom-ref": "npm@10.8.0|libnpmsearch@7.0.5", + "author": "GitHub Inc.", + "description": "Programmatic API for searching in npm and compatible registries.", + "licenses": [ { - "alg": "SHA-512", - "content": "87f354692c86e44cb1048a7c611c68e1131edbfa9082fca8c11c1533385884108e35b5bc3d4b20e2590532b86066151ee73dcbdcc88b0eebf227f09a3dad80f0" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/babel__template" - } - ] - }, - { - "type": "library", - "name": "babel-preset-jest", - "version": "29.6.3", - "bom-ref": "babel-preset-jest@29.6.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/babel-preset-jest@29.6.3#packages/babel-preset-jest", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/babel-preset-jest", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/libnpmsearch@7.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmsearch", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmsearch", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmsearch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmsearch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmsearch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "libnpmteam", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|libnpmteam@6.0.5", + "author": "GitHub Inc.", + "description": "npm Team management APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmteam@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmteam", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmteam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmteam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmteam" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "libnpmversion", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|libnpmversion@6.0.2", + "author": "GitHub Inc.", + "description": "library to do the things that 'npm version' does", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmversion@6.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmversion", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmversion", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmversion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "agent", + "group": "@npmcli", + "version": "2.2.2", + "bom-ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "author": "GitHub Inc.", + "description": "the http/https agent used by the npm cli", + "licenses": [ { - "alg": "SHA-512", - "content": "d01ddb87147ab27597259b51fd19621d30cf4609f5b0d1ce474c95b6afc8890172b8e563152fb0ba2a3f478812364c9898a989078c0666fd8d65a9e62a64e734" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/babel-preset-jest" - } - ] - }, - { - "type": "library", - "name": "babel-plugin-jest-hoist", - "version": "29.6.3", - "bom-ref": "babel-plugin-jest-hoist@29.6.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/babel-plugin-jest-hoist@29.6.3#packages/babel-plugin-jest-hoist", - "externalReferences": [ - { - "url": "git+https://github.com/jestjs/jest.git#packages/babel-plugin-jest-hoist", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/%40npmcli/agent@2.2.2?vcs_url=git%2Bhttps%3A//github.com/npm/agent.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "agent-base", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|agent-base@7.1.1", + "author": "Nathan Rajlich", + "description": "Turn a function into an `http.Agent` instance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/agent-base@7.1.1?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/agent-base" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/jestjs/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "http-proxy-agent", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-proxy-agent@7.0.2?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "https-proxy-agent", + "version": "7.0.4", + "bom-ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", + "licenses": [ { - "alg": "SHA-512", - "content": "11201cfd126f193144cd1c0e4d3e3e94d0e4fc634732429b373b2f4f4a8a45f0f2c984ec931079ae75369e3203615c570811c7108d5cd18c07a1bdd6698ba33a" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/babel-plugin-jest-hoist" - } - ] - }, - { - "type": "library", - "name": "ts-mocha", - "version": "10.0.0", - "bom-ref": "ts-mocha@10.0.0", - "author": "Piotr Witek", - "description": "Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ts-mocha@10.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/piotrwitek/ts-mocha.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/https-proxy-agent@7.0.4?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/https-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/piotrwitek/ts-mocha#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "socks-proxy-agent", + "version": "8.0.3", + "bom-ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "author": "Nathan Rajlich", + "description": "A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks-proxy-agent@8.0.3?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/piotrwitek/ts-mocha/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "socks", + "version": "2.8.3", + "bom-ref": "npm@10.8.0|socks@2.8.3", + "author": "Josh Glazebrook", + "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks@2.8.3?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/socks.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/socks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/ts-mocha/-/ts-mocha-10.0.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "ip-address", + "version": "9.0.5", + "bom-ref": "npm@10.8.0|ip-address@9.0.5", + "author": "Beau Gunderson", + "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.", + "licenses": [ { - "alg": "SHA-512", - "content": "5517e00cefa28ae24594d075f2dcce7f2a49db5c67db16ee6720ef26faa94db5a0900803d7b38d1abf2df9397cadc06d3817635e9e5efd193e777f5fed704747" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/ts-mocha" + "purl": "pkg:npm/ip-address@9.0.5?vcs_url=git%3A//github.com/beaugunderson/ip-address.git", + "externalReferences": [ + { + "url": "git://github.com/beaugunderson/ip-address.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-address" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "buffer-from", - "version": "1.1.2", - "bom-ref": "buffer-from@1.1.2", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/buffer-from@1.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/LinusU/buffer-from.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "jsbn", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|jsbn@1.1.0", + "author": "Tom Wu", + "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsbn@1.1.0?vcs_url=git%2Bhttps%3A//github.com/andyperlitch/jsbn.git", + "externalReferences": [ + { + "url": "git+https://github.com/andyperlitch/jsbn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsbn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/LinusU/buffer-from#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "sprintf-js", + "version": "1.1.3", + "bom-ref": "npm@10.8.0|sprintf-js@1.1.3", + "author": "Alexandru Mărășteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.1.3?vcs_url=git%2Bhttps%3A//github.com/alexei/sprintf.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/LinusU/buffer-from/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "smart-buffer", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|smart-buffer@4.2.0", + "author": "Josh Glazebrook", + "description": "smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/smart-buffer@4.2.0?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/smart-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/smart-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/smart-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "npm@10.8.0|http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1?vcs_url=git%2Bhttps%3A//github.com/kornelski/http-cache-semantics.git", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, { - "alg": "SHA-512", - "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/buffer-from" - } - ] - }, - { - "type": "library", - "name": "tsconfig-paths", - "version": "3.15.0", - "bom-ref": "tsconfig-paths@3.15.0", - "author": "Jonas Kello", - "description": "Load node modules according to tsconfig paths, in run-time or via API.", - "scope": "optional", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/tsconfig-paths@3.15.0", - "externalReferences": [ - { - "url": "git+https://github.com/dividab/tsconfig-paths.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/dividab/tsconfig-paths#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/dividab/tsconfig-paths/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "is-lambda", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|is-lambda@1.0.1", + "author": "Thomas Watson Steen", + "description": "Detect if your code is running on an AWS Lambda server", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-lambda@1.0.1?vcs_url=git%2Bhttps%3A//github.com/watson/is-lambda.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/is-lambda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/is-lambda", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/is-lambda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-lambda" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "minipass-fetch", + "version": "3.0.5", + "bom-ref": "npm@10.8.0|minipass-fetch@3.0.5", + "author": "GitHub Inc.", + "description": "An implementation of window.fetch in Node.js using Minipass streams", + "licenses": [ { - "alg": "SHA-512", - "content": "d80736460cc37bf727e3c1af39edccfa8f36a4415ec03dd43dbca85071dd29ab07c092a376ce1f2d759ffd4c799004c128ddb4a1a146bbe8db125a75a68b349a" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tsconfig-paths" + "purl": "pkg:npm/minipass-fetch@3.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "json5", - "group": "@types", - "version": "0.0.29", - "bom-ref": "@types/json5@0.0.29", - "author": "Jason Swearingen", - "description": "TypeScript definitions for JSON5", - "scope": "optional", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40types/json5@0.0.29", - "externalReferences": [ - { - "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "encoding", + "version": "0.1.13", + "bom-ref": "npm@10.8.0|encoding@0.1.13", + "author": "Andris Reinman", + "description": "Convert encodings, uses iconv-lite", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encoding@0.1.13?vcs_url=git%2Bhttps%3A//github.com/andris9/encoding.git", + "externalReferences": [ + { + "url": "git+https://github.com/andris9/encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andris9/encoding#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andris9/encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/encoding" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "iconv-lite", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|iconv-lite@0.6.3", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.6.3?vcs_url=git%3A//github.com/ashtuchkin/iconv-lite.git", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/iconv-lite" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2?vcs_url=git%2Bhttps%3A//github.com/ChALkeR/safer-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/safer-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "minipass-sized", + "version": "1.0.3", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that raises an error if you get a different number of bytes than expected", + "licenses": [ { - "alg": "SHA-512", - "content": "7512e30961d8838a1a03bedcc4eeb8a0efbb2700b09c8ce464f76bac2ef58d0990b6584ce79ea9c0aa396d4ceabd99dd9156de14b2088bef530b8d09345e6135" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@types/json5" + "purl": "pkg:npm/minipass-sized@1.0.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-sized.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-sized.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "source-map-support", - "group": "@cspotcode", - "version": "0.8.1", - "bom-ref": "@cspotcode/source-map-support@0.8.1", - "description": "Fixes stack traces for files with source maps", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40cspotcode/source-map-support@0.8.1", - "externalReferences": [ - { - "url": "git+https://github.com/cspotcode/node-source-map-support.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "minizlib", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|minizlib@2.1.2", + "author": "Isaac Z. Schlueter", + "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minizlib@2.1.2?vcs_url=git%2Bhttps%3A//github.com/isaacs/minizlib.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minizlib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minizlib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minizlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://github.com/cspotcode/node-source-map-support#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3?vcs_url=git%2Bhttps%3A//github.com/jshttp/negotiator.git", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/negotiator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/cspotcode/node-source-map-support/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "err-code", + "version": "2.0.3", + "bom-ref": "npm@10.8.0|err-code@2.0.3", + "author": "IndigoUnited", + "description": "Create an error with a code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/err-code@2.0.3?vcs_url=git%3A//github.com/IndigoUnited/js-err-code.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/js-err-code.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/err-code" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "retry", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|retry@0.12.0", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ { - "alg": "SHA-512", - "content": "21c84d7fa74de2d1e8305227ffb384f0b599d7d63aabfebb0667fabe719112ff1149b0556fd2cf27111c9f0adcc17ea2c52bda886a2898052fbb8612c57ad583" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@cspotcode/source-map-support" - } - ] - }, - { - "type": "library", - "name": "node10", - "group": "@tsconfig", - "version": "1.0.11", - "bom-ref": "@tsconfig/node10@1.0.11", - "description": "A base TSConfig for working with Node 10.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40tsconfig/node10@1.0.11#bases", - "externalReferences": [ - { - "url": "git+https://github.com/tsconfig/bases.git#bases", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/retry@0.12.0?vcs_url=git%3A//github.com/tim-kos/node-retry.git", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/tsconfig/bases#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1?vcs_url=git%3A//github.com/juliangruber/brace-expansion.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/tsconfig/bases/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2?vcs_url=git%3A//github.com/juliangruber/balanced-match.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/balanced-match" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "npm@10.8.0|ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3?vcs_url=git%2Bhttps%3A//github.com/vercel/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, { - "alg": "SHA-512", - "content": "0dc4630c2ba32bf90293f7147bc5f3f194a99bc992de634da6d6be8c6080e944840df92d94dbe6d7e22e67d7937036cd938d411f0a471de5be37594a0b3e333b" + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@tsconfig/node10" - } - ] - }, - { - "type": "library", - "name": "node12", - "group": "@tsconfig", - "version": "1.0.11", - "bom-ref": "@tsconfig/node12@1.0.11", - "description": "A base TSConfig for working with Node 12.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40tsconfig/node12@1.0.11#bases", - "externalReferences": [ - { - "url": "git+https://github.com/tsconfig/bases.git#bases", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/tsconfig/bases#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/tsconfig/bases/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/env-paths.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/env-paths" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "exponential-backoff", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|exponential-backoff@3.1.1", + "author": "Sami Sayegh", + "description": "A utility that allows retrying a function with an exponential delay between attempts.", + "licenses": [ { - "alg": "SHA-512", - "content": "72a79fb91b21d76a56c86b08a0128903d96e16ede6471080f8e459bc0e24b4b4b322e094b56571188b978a01303b9ff2c1614c67640418a5af9191b5cc33136a" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@tsconfig/node12" - } - ] - }, - { - "type": "library", - "name": "node14", - "group": "@tsconfig", - "version": "1.0.3", - "bom-ref": "@tsconfig/node14@1.0.3", - "description": "A base TSConfig for working with Node 14.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40tsconfig/node14@1.0.3#bases", - "externalReferences": [ - { - "url": "git+https://github.com/tsconfig/bases.git#bases", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/exponential-backoff@3.1.1?vcs_url=git%2Bhttps%3A//github.com/coveo/exponential-backoff.git", + "externalReferences": [ + { + "url": "git+https://github.com/coveo/exponential-backoff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/exponential-backoff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/tsconfig/bases#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "npm@10.8.0|is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1?vcs_url=git%2Bhttps%3A//github.com/inspect-js/is-core-module.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-core-module" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/tsconfig/bases/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2?vcs_url=git%2Bhttps%3A//github.com/inspect-js/hasOwn.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hasown" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "npm@10.8.0|function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ { - "alg": "SHA-512", - "content": "cac4fc9a1762c562ba1f0de2d55d80791a99e567d78351b8de6aa86253369dceb7f3c16ae63717cabe6646ca9588bc7f18961da0bd1b7d70fc9e617e667fc8a3" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@tsconfig/node14" - } - ] - }, - { - "type": "library", - "name": "node16", - "group": "@tsconfig", - "version": "1.0.4", - "bom-ref": "@tsconfig/node16@1.0.4", - "description": "A base TSConfig for working with Node 16.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40tsconfig/node16@1.0.4#bases", - "externalReferences": [ - { - "url": "git+https://github.com/tsconfig/bases.git#bases", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/function-bind@1.1.2?vcs_url=git%2Bhttps%3A//github.com/Raynos/function-bind.git", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/function-bind" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/tsconfig/bases#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "npm-audit-report", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|npm-audit-report@5.0.0", + "author": "GitHub Inc.", + "description": "Given a response from the npm security api, render it into a variety of security reports", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-audit-report@5.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-audit-report.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-audit-report.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-audit-report#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-audit-report/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-audit-report" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/tsconfig/bases/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "npm-profile", + "version": "10.0.0", + "bom-ref": "npm@10.8.0|npm-profile@10.0.0", + "author": "GitHub Inc.", + "description": "Library for updating an npmjs.com profile", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-profile@10.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-profile.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-profile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-profile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-profile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-profile" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "minipass-json-stream", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSONStream, but using Minipass streams", + "licenses": [ { - "alg": "SHA-512", - "content": "bf1854cb827c9727b28a71fb033975a5d778dc6261647fed3f6c1e37c4e7b506e5398f80d176d3f03264d7fa023ee38eca0fc96bbe7bac6d028077160bc39f30" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@tsconfig/node16" - } - ] - }, - { - "type": "library", - "name": "acorn-walk", - "version": "8.3.2", - "bom-ref": "acorn-walk@8.3.2", - "description": "ECMAScript (ESTree) AST walker", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/acorn-walk@8.3.2", - "externalReferences": [ - { - "url": "git+https://github.com/acornjs/acorn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/minipass-json-stream@1.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-json-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-json-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] }, { - "url": "https://github.com/acornjs/acorn", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "jsonparse", + "version": "1.3.1", + "bom-ref": "npm@10.8.0|jsonparse@1.3.1", + "author": "Tim Caswell", + "description": "This is a pure-js JSON streaming parser for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonparse@1.3.1?vcs_url=git%2Bssh%3A//git%40github.com/creationix/jsonparse.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/creationix/jsonparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/creationix/jsonparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/creationix/jsonparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsonparse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/acornjs/acorn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "npm-user-validate", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|npm-user-validate@2.0.1", + "author": "GitHub Inc.", + "description": "User validations for npm", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-user-validate@2.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-user-validate.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-user-validate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-user-validate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-user-validate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-user-validate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "aggregate-error", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|aggregate-error@3.1.0", + "author": "Sindre Sorhus", + "description": "Create an error from multiple errors", + "licenses": [ { - "alg": "SHA-512", - "content": "723932bf83ad34221eaa11eb7d2f354165e80813c4c51fc9eb6a3212a7a9570f16690792aa95b6ba1b8b3e1d66f5e5a10ee3a8fe35175539627ef7ac396a7fe0" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/acorn-walk" - } - ] - }, - { - "type": "library", - "name": "create-require", - "version": "1.1.1", - "bom-ref": "create-require@1.1.1", - "description": "Polyfill for Node.js module.createRequire (<= v12.2.0)", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/create-require@1.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/nuxt-contrib/create-require.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/aggregate-error@3.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/aggregate-error.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/aggregate-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aggregate-error" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/nuxt-contrib/create-require#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "clean-stack", + "version": "2.2.0", + "bom-ref": "npm@10.8.0|clean-stack@2.2.0", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/clean-stack.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/clean-stack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/nuxt-contrib/create-require/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/indent-string.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/indent-string" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "npm-packlist", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|npm-packlist@8.0.2", + "author": "GitHub Inc.", + "description": "Get a list of the files to add from a folder into an npm package", + "licenses": [ { - "alg": "SHA-512", - "content": "75c2855f78e7d0ca486978e2b2846f7b12095442b36aaef3dab64ac5ff8c4abf5391d9879ac5389b695c2e88eb8ff14797c9a4e55c4c99803e7ed4643ffde829" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/create-require" - } - ] - }, - { - "type": "library", - "name": "diff", - "version": "4.0.2", - "bom-ref": "diff@4.0.2", - "description": "A javascript text diff implementation.", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/diff@4.0.2", - "externalReferences": [ - { - "url": "git://github.com/kpdecker/jsdiff.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/npm-packlist@8.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-packlist.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-packlist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-packlist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-packlist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-packlist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/kpdecker/jsdiff#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "ignore-walk", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|ignore-walk@6.0.5", + "author": "GitHub Inc.", + "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ignore-walk@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/ignore-walk.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ignore-walk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ignore-walk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ignore-walk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ignore-walk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "http://github.com/kpdecker/jsdiff/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "just-diff-apply", + "version": "5.5.0", + "bom-ref": "npm@10.8.0|just-diff-apply@5.5.0", + "author": "Angus Croll", + "description": "Apply a diff to an object. Optionally supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff-apply@5.5.0?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff-apply" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "just-diff", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|just-diff@6.0.2", + "author": "Angus Croll", + "description": "Return an object representing the diffs between two objects. Supports jsonPatch protocol", + "licenses": [ { - "alg": "SHA-512", - "content": "e7c966c4a480e013722f3f871cc53394e129834f4557e7afe9931edef262860771ce073067c5681043e600b0991bd2e6a9f56834c30aa6db48613546eae0d8ec" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/diff" - } - ] - }, - { - "type": "library", - "name": "v8-compile-cache-lib", - "version": "3.0.1", - "bom-ref": "v8-compile-cache-lib@3.0.1", - "author": "Andrew Bradley", - "description": "Require hook for automatic V8 compile cache persistence", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/v8-compile-cache-lib@3.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/cspotcode/v8-compile-cache-lib.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/just-diff@6.0.2?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/cspotcode/v8-compile-cache-lib#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "qrcode-terminal", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|qrcode-terminal@0.12.0", + "description": "QRCodes, in the terminal", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/qrcode-terminal@0.12.0?vcs_url=git%2Bhttps%3A//github.com/gtanner/qrcode-terminal.git", + "externalReferences": [ + { + "url": "git+https://github.com/gtanner/qrcode-terminal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/qrcode-terminal" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/cspotcode/v8-compile-cache-lib/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/mute-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "spdx-expression-parse", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ { - "alg": "SHA-512", - "content": "c1aed88f25067cd667808fefb4ad141c037e9600c2c413c2ca55571a9d33bb9f45cf96a21ad3576aadc3848a2fd3adcca2b07e55fb9f2e1dc9945d8a7532b7c6" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/v8-compile-cache-lib" - } - ] - }, - { - "type": "library", - "name": "yn", - "version": "3.1.1", - "bom-ref": "yn@3.1.1", - "author": "Sindre Sorhus", - "description": "Parse yes/no like values", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/yn@3.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/yn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/spdx-expression-parse@4.0.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/sindresorhus/yn#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "npm@10.8.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0?vcs_url=git%2Bhttps%3A//github.com/chalk/supports-color.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/sindresorhus/yn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "chownr", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|chownr@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "like `chown -R`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/chownr@2.0.0?vcs_url=git%3A//github.com/isaacs/chownr.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/chownr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/chownr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/chownr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chownr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "mkdirp", + "version": "1.0.4", + "bom-ref": "npm@10.8.0|mkdirp@1.0.4", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ { - "alg": "SHA-512", - "content": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/yn" - } - ] - }, - { - "type": "library", - "name": "tsimportlib", - "version": "0.0.5", - "bom-ref": "tsimportlib@0.0.5", - "author": "Andrew Bradley", - "purl": "pkg:npm/tsimportlib@0.0.5", - "externalReferences": [ - { - "url": "https://github.com/cspotcode/tsimportlib", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "purl": "pkg:npm/mkdirp@1.0.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-mkdirp.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://github.com/cspotcode/tsimportlib/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0?vcs_url=git%3A//github.com/substack/text-table.git", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/text-table" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/tsimportlib/-/tsimportlib-0.0.5.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "tiny-relative-date", + "version": "1.3.0", + "bom-ref": "npm@10.8.0|tiny-relative-date@1.3.0", + "author": "Joseph Wynn", + "description": "Tiny function that provides relative, human-readable dates.", + "licenses": [ { - "alg": "SHA-512", - "content": "a9642ffc2dd80783f08fbed9d8794e45fcb912c58771262deba55094c334c5988a5f0b687b54b17e9ce61d7eb6b1d260cd4e9eb2b046b72448971e8ed8e14fad" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tsimportlib" + "purl": "pkg:npm/tiny-relative-date@1.3.0?vcs_url=git%2Bhttps%3A//github.com/wildlyinaccurate/relative-date.git", + "externalReferences": [ + { + "url": "git+https://github.com/wildlyinaccurate/relative-date.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tiny-relative-date" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "colors", - "group": "@colors", - "version": "1.6.0", - "bom-ref": "@colors/colors@1.6.0", - "author": "DABH", - "description": "get colors in your node.js console", + "name": "plugin-version", + "group": "@oclif", + "version": "2.2.2", + "bom-ref": "@oclif/plugin-version@2.2.2", + "author": "Salesforce", + "description": "A command that shows the CLI version", "licenses": [ { "license": { @@ -135438,30 +125240,30 @@ } } ], - "purl": "pkg:npm/%40colors/colors@1.6.0", + "purl": "pkg:npm/%40oclif/plugin-version@2.2.2", "externalReferences": [ { - "url": "git+ssh://git@github.com/DABH/colors.js.git", + "url": "git+https://github.com/oclif/plugin-version.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/DABH/colors.js", + "url": "https://github.com/oclif/plugin-version", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/DABH/colors.js/issues", + "url": "https://github.com/oclif/plugin-version/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "url": "https://registry.npmjs.org/@oclif/plugin-version/-/plugin-version-2.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "22bf803a26eaceb22c2fa6a3b77473dcbb2407b3a23151ea96d666b296d6fd326e4d5bb238c8ab56a0248df63a2484a22c783236a89c002f00c871c6ccd77f74" + "content": "e1f8b742bb15567ea42c0b01cd3679965b18c816f58717f0b58c976317ccac5019f3eb98164b4e113621e6d1f4fbd10248c3af30a66d979625c0b1f7bb4767a2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -135470,68 +125272,170 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@colors/colors" - } - ] - }, - { - "type": "library", - "name": "diagnostics", - "group": "@dabh", - "version": "2.0.3", - "bom-ref": "@dabh/diagnostics@2.0.3", - "author": "Arnout Kazemier", - "description": "Tools for debugging your node.js modules and event loop", - "licenses": [ - { - "license": { - "id": "MIT" - } + "value": "node_modules/@oclif/plugin-version" } ], - "purl": "pkg:npm/%40dabh/diagnostics@2.0.3", - "externalReferences": [ - { - "url": "git://github.com/3rd-Eden/diagnostics.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, + "components": [ { - "url": "https://github.com/3rd-Eden/diagnostics", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/@oclif/core" + } + ] }, { - "url": "https://github.com/3rd-Eden/diagnostics/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/debug" + } + ] }, { - "url": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-version@2.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ { - "alg": "SHA-512", - "content": "86b9503888bb8407f3b0caa519217256e72bc77f0efa3eb088639ffff1f679cbc812a60de000c1492da22cc879505c83ba708d9e25083e4feadeb885bf8e7144" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@dabh/diagnostics" + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/ms" + } + ] } ] }, { "type": "library", - "name": "colorspace", - "version": "1.1.4", - "bom-ref": "colorspace@1.1.4", - "author": "Arnout Kazemier", - "description": "Generate HEX colors for a given namespace.", + "name": "plugin-warn-if-update-available", + "group": "@oclif", + "version": "3.1.4", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "author": "Salesforce", + "description": "warns if there is a newer version of CLI released", "licenses": [ { "license": { @@ -135539,30 +125443,30 @@ } } ], - "purl": "pkg:npm/colorspace@1.1.4", + "purl": "pkg:npm/%40oclif/plugin-warn-if-update-available@3.1.4", "externalReferences": [ { - "url": "git+https://github.com/3rd-Eden/colorspace.git", + "url": "git+https://github.com/oclif/plugin-warn-if-update-available.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/3rd-Eden/colorspace", + "url": "https://github.com/oclif/plugin-warn-if-update-available", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/3rd-Eden/colorspace/issues", + "url": "https://github.com/oclif/plugin-warn-if-update-available/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", + "url": "https://registry.npmjs.org/@oclif/plugin-warn-if-update-available/-/plugin-warn-if-update-available-3.1.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "060bca262b95bb58a00541769048d10995e897ac228866d8e62a4bfe854fc26d012fdb08a4c23333c20aeefc2ec48233397315dc4cb9c3ebf1866d2b47f4cdf3" + "content": "c63eb3830bee105994ac76055c7a2a993a6f394b0482a5e2ca87fd3aa8e0955dd77813cdb109dbb96ff4f391c549606f2885500addb6b954556890b3de8ece0f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -135571,117 +125475,421 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/colorspace" - } - ] - }, - { - "type": "library", - "name": "text-hex", - "version": "1.0.0", - "bom-ref": "text-hex@1.0.0", - "author": "Arnout Kazemier", - "description": "Generate a hex color from the given text", - "licenses": [ - { - "license": { - "id": "MIT" - } + "value": "node_modules/@oclif/plugin-warn-if-update-available" } ], - "purl": "pkg:npm/text-hex@1.0.0", - "externalReferences": [ + "components": [ { - "url": "git+https://github.com/3rd-Eden/text-hex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/core" + } + ] }, { - "url": "https://github.com/3rd-Eden/text-hex", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/debug" + } + ] }, { - "url": "https://github.com/3rd-Eden/text-hex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/ms" + } + ] }, { - "url": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "http-call", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "author": "Jeff Dickey @jdxcode", + "description": "make http requests", + "licenses": [ { - "alg": "SHA-512", - "content": "bae546356ce0278ca145a3528ae6cf63b3a3212c38b30e04e54bf4c1b8e9f8ecdc6e6554febb13f2e8e07172619fdca9cec82be6f973a4fa8ff8c04129c1af6e" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/text-hex" - } - ] - }, - { - "type": "library", - "name": "enabled", - "version": "2.0.0", - "bom-ref": "enabled@2.0.0", - "author": "Arnout Kazemier", - "description": "Check if a certain debug flag is enabled.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/enabled@2.0.0", - "externalReferences": [ - { - "url": "git://github.com/3rd-Eden/enabled.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/http-call@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/heroku/http-call.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heroku/http-call", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heroku/http-call/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-call/-/http-call-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a1c229ac0b6dc8084e243e5f714c18ca0788a76d169e2f265e46e9c2ff5272fd9e97f2dbf6d8c1008caf8a04e31254b6aa5cf4d399df3adfcc1a54828b1b1db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call" + } + ], + "components": [ + { + "type": "library", + "name": "parse-json", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call/node_modules/parse-json" + } + ] + } + ] }, { - "url": "https://github.com/3rd-Eden/enabled#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "is-retry-allowed", + "version": "1.1.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "author": "Vsevolod Strukchinsky", + "description": "My prime module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-retry-allowed@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/is-retry-allowed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "11a060568b67339444033d0125a61a20d564fb34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/is-retry-allowed" + } + ] }, { - "url": "https://github.com/3rd-Eden/enabled/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "json-parse-better-errors", + "version": "1.0.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-better-errors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/zkat/json-parse-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/json-parse-better-errors" + } + ] }, { - "url": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "tunnel-agent", + "version": "0.6.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "author": "Mikeal Rogers", + "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", + "licenses": [ { - "alg": "SHA-512", - "content": "00aacdf7c92ec0eccc21d022cd7188f3a505068a36e822f6d5433beb7cb587f18c489e3f38753d936625b26069c92705a3fc1b2f35902413025b8f883b7ffe39" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/enabled" + "purl": "pkg:npm/tunnel-agent@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/mikeal/tunnel-agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/tunnel-agent" + } + ] } ] }, { "type": "library", - "name": "kuler", - "version": "2.0.0", - "bom-ref": "kuler@2.0.0", - "author": "Arnout Kazemier", - "description": "Color your terminal using CSS/hex color codes", + "name": "content-type", + "version": "1.0.5", + "bom-ref": "content-type@1.0.5", + "author": "Douglas Christopher Wilson", + "description": "Create and parse HTTP Content-Type header", "licenses": [ { "license": { @@ -135689,30 +125897,30 @@ } } ], - "purl": "pkg:npm/kuler@2.0.0", + "purl": "pkg:npm/content-type@1.0.5", "externalReferences": [ { - "url": "git+https://github.com/3rd-Eden/kuler.git", + "url": "git+https://github.com/jshttp/content-type.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/3rd-Eden/kuler", + "url": "https://github.com/jshttp/content-type#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/3rd-Eden/kuler/issues", + "url": "https://github.com/jshttp/content-type/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", + "url": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5eaf671fb2a559999702da1d5c30d113bbece8353581353ccd80c70e258b4a2a78e44830ab7a652c7ccf9f6ecd82fccbdabd4b30f0b5bddaa1f7cb10c6daa3e0" + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -135721,17 +125929,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/kuler" + "value": "node_modules/content-type" } ] }, { "type": "library", - "name": "logform", - "version": "2.6.0", - "bom-ref": "logform@2.6.0", - "author": "Charlie Robbins", - "description": "An mutable object-based log format designed for chaining & objectMode streams.", + "name": "is-stream", + "version": "2.0.1", + "bom-ref": "is-stream@2.0.1", + "author": "Sindre Sorhus", + "description": "Check if something is a Node.js stream", "licenses": [ { "license": { @@ -135739,30 +125947,30 @@ } } ], - "purl": "pkg:npm/logform@2.6.0", + "purl": "pkg:npm/is-stream@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/winstonjs/logform.git", + "url": "git+https://github.com/sindresorhus/is-stream.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/winstonjs/logform#readme", + "url": "https://github.com/sindresorhus/is-stream#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/winstonjs/logform/issues", + "url": "https://github.com/sindresorhus/is-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", + "url": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d6e94778d3e9ea4fcb0fc1fdd68ed56050678398b504313b1e82b155b66218589d4b5463eb9a9ccb02f15fea557c03e840912345dbca72eb0ac0eba91c254e55" + "content": "845a222624e5eb79e7fa4b2d1c606d7b05922a740ba726f5e7928785e035977f6ebed3bd9d6228a75a77b9da8f71477fc5b17554b30ee27ece23aa7b45b9e00e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -135771,17 +125979,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/logform" + "value": "node_modules/is-stream" } ] }, { "type": "library", - "name": "fecha", - "version": "4.2.3", - "bom-ref": "fecha@4.2.3", - "author": "Taylor Hakes", - "description": "Date formatting and parsing", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", "licenses": [ { "license": { @@ -135789,30 +125997,30 @@ } } ], - "purl": "pkg:npm/fecha@4.2.3", + "purl": "pkg:npm/is-arrayish@0.2.1", "externalReferences": [ { - "url": "git+https://taylorhakes@github.com/taylorhakes/fecha.git", + "url": "git+https://github.com/qix-/node-is-arrayish.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/taylorhakes/fecha", + "url": "https://github.com/qix-/node-is-arrayish#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/taylorhakes/fecha/issues", + "url": "https://github.com/qix-/node-is-arrayish/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "38fd88514e877982898b78b4cf8035f641cc4282d5b381dcf833eaab123687f0cf6474e6fef8ec7c2e8fd1be2308ccb5e178b32c1aaf9dd43e522943efbd3b27" + "content": "cf3d3a4bcb74a33a035cc1beb9b7b6eb37824cd5dc2883c96498bc841ac5e227422e6b38086f50b4aeea065d5ba22e4e0f31698ecc1be493e61c26cca63698ce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -135821,17 +126029,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fecha" + "value": "node_modules/is-arrayish" } ] }, - { - "type": "library", - "name": "safe-stable-stringify", - "version": "2.4.3", - "bom-ref": "safe-stable-stringify@2.4.3", - "author": "Ruben Bridgewater", - "description": "Deterministic and safely JSON.stringify to quickly serialize JavaScript objects", + { + "type": "library", + "name": "safe-buffer", + "version": "5.2.1", + "bom-ref": "safe-buffer@5.2.1", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", "licenses": [ { "license": { @@ -135839,30 +126047,30 @@ } } ], - "purl": "pkg:npm/safe-stable-stringify@2.4.3", + "purl": "pkg:npm/safe-buffer@5.2.1", "externalReferences": [ { - "url": "git+https://github.com/BridgeAR/safe-stable-stringify.git", + "url": "git://github.com/feross/safe-buffer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/BridgeAR/safe-stable-stringify#readme", + "url": "https://github.com/feross/safe-buffer", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/BridgeAR/safe-stable-stringify/issues", + "url": "https://github.com/feross/safe-buffer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7b66c30365894f4c31b1e55de25b033f8fb738d5fa1e931741ad5984543b494f868ef3910a64a16c2325b6bb480df9188551eb39c3ed8fe2a198305d3dd643d6" + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -135871,17 +126079,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/safe-stable-stringify" + "value": "node_modules/safe-buffer" } ] }, { "type": "library", - "name": "triple-beam", - "version": "1.4.1", - "bom-ref": "triple-beam@1.4.1", - "author": "Charlie Robbins", - "description": "Definitions of levels for logging purposes & shareable Symbol constants.", + "name": "test", + "group": "@oclif", + "version": "3.2.15", + "bom-ref": "@oclif/test@3.2.15", + "author": "Salesforce", + "description": "test helpers for oclif components", "licenses": [ { "license": { @@ -135889,30 +126098,30 @@ } } ], - "purl": "pkg:npm/triple-beam@1.4.1", + "purl": "pkg:npm/%40oclif/test@3.2.15", "externalReferences": [ { - "url": "git+https://github.com/winstonjs/triple-beam.git", + "url": "git+https://github.com/oclif/test.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/winstonjs/triple-beam#readme", + "url": "https://github.com/oclif/test", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/winstonjs/triple-beam/issues", + "url": "https://github.com/oclif/test/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", + "url": "https://registry.npmjs.org/@oclif/test/-/test-3.2.15.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6996e056266b83540d706f8b50b6bb9e16692536522e6fe65e71d79db01b8e63796926b4cbb57ec2fbfafb859a06da48489cd384acbe3c83f173536ad4427d9a" + "content": "5ea1b7468b28ccdab24a4c525c89d4d765de736b0f48e92a6072437dd1598961b76bc0b1bb87673e2010be6b3e049b0e94b4267c4425487aa2c9550a38c1e15c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -135921,17 +126130,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/triple-beam" + "value": "node_modules/@oclif/test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "one-time", - "version": "1.0.0", - "bom-ref": "one-time@1.0.0", - "author": "Arnout Kazemier", - "description": "Run the supplied function exactly one time (once)", + "name": "chai", + "version": "4.4.1", + "bom-ref": "chai@4.4.1", + "author": "Jake Luer", + "description": "BDD/TDD assertion library for node.js and the browser. Test framework agnostic.", "licenses": [ { "license": { @@ -135939,30 +126152,30 @@ } } ], - "purl": "pkg:npm/one-time@1.0.0", + "purl": "pkg:npm/chai@4.4.1", "externalReferences": [ { - "url": "git+https://github.com/3rd-Eden/one-time.git", + "url": "git+https://github.com/chaijs/chai.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/3rd-Eden/one-time#readme", + "url": "http://chaijs.com", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/3rd-Eden/one-time/issues", + "url": "https://github.com/chaijs/chai/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", + "url": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e435ce8912b0b9211c43f974906085e90de37000c5bf9b52991689724fceaa454570eceeb41d77e0a4527c5d310eb2f7f4c367ab16c705b51472364885381bda" + "content": "d77b0e7ccbf6f8359db8453eff16ee9f72d270ba2a375ee705e4cb52c9837ca768882d5faf49fd3d4e20baee0085170e54593fb16f0bc99587ba15ad419885fa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -135971,17 +126184,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/one-time" + "value": "node_modules/chai" } ] }, { "type": "library", - "name": "fn.name", - "version": "1.1.0", - "bom-ref": "fn.name@1.1.0", - "author": "Arnout Kazemier", - "description": "Extract names from functions", + "name": "fancy-test", + "version": "3.0.15", + "bom-ref": "fancy-test@3.0.15", + "author": "Salesforce", + "description": "extendable utilities for testing", "licenses": [ { "license": { @@ -135989,30 +126202,30 @@ } } ], - "purl": "pkg:npm/fn.name@1.1.0", + "purl": "pkg:npm/fancy-test@3.0.15", "externalReferences": [ { - "url": "git+https://github.com/3rd-Eden/fn.name.git", + "url": "git+https://github.com/oclif/fancy-test.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/3rd-Eden/fn.name", + "url": "https://github.com/oclif/fancy-test", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/3rd-Eden/fn.name/issues", + "url": "https://github.com/oclif/fancy-test/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", + "url": "https://registry.npmjs.org/fancy-test/-/fancy-test-3.0.15.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1919e607980fc89a4085341d4994d2a7db9a3d2be5d3d2a861c310b6c07dad0a0e9b3b3d747e9f7de71c1fe67e72fe8febc1eee5b0ba263461e0087f98748d47" + "content": "91964574fcd55ad2b106498b2d47f1862cec78697565946e0a69ae0a4a35a2202cfd7fccbc4e000a6fef973bf17eee0e79bffb309f2154ff2b522566dd1ef6f5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136021,16 +126234,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fn.name" + "value": "node_modules/fancy-test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "string_decoder", - "version": "1.3.0", - "bom-ref": "string_decoder@1.3.0", - "description": "The string_decoder module from Node core", + "name": "chai", + "group": "@types", + "version": "4.3.14", + "bom-ref": "@types/chai@4.3.14", + "description": "TypeScript definitions for chai", "licenses": [ { "license": { @@ -136038,30 +126256,30 @@ } } ], - "purl": "pkg:npm/string_decoder@1.3.0", + "purl": "pkg:npm/%40types/chai@4.3.14#types/chai", "externalReferences": [ { - "url": "git://github.com/nodejs/string_decoder.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/chai", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/nodejs/string_decoder", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chai", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodejs/string_decoder/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "url": "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78" + "content": "5a3ef5b1713843802419d1bd4efab5bbf7eab8dcfd11d1b82c824cc1554823b6ac8630fff1c7fc7f221f2408d1afa61cb179d213c70e1903ead60a9e47ccfedf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136070,17 +126288,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/string_decoder" + "value": "node_modules/@types/chai" } ] }, { "type": "library", - "name": "stack-trace", - "version": "0.0.10", - "bom-ref": "stack-trace@0.0.10", - "author": "Felix Geisendörfer", - "description": "Get v8 stack traces as an array of CallSite objects.", + "name": "sinon", + "group": "@types", + "version": "17.0.3", + "bom-ref": "@types/sinon@17.0.3", + "description": "TypeScript definitions for sinon", "licenses": [ { "license": { @@ -136088,30 +126306,30 @@ } } ], - "purl": "pkg:npm/stack-trace@0.0.10", + "purl": "pkg:npm/%40types/sinon@17.0.3#types/sinon", "externalReferences": [ { - "url": "git://github.com/felixge/node-stack-trace.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinon", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/felixge/node-stack-trace", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/felixge/node-stack-trace/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", + "url": "https://registry.npmjs.org/@types/sinon/-/sinon-17.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "286cda85cee9b942a4cf232df88a807a9f9354d6ca3fe9362e6c21b9bdfd9b502c4d291a0eeb71e7a6830a8f872c3cdffc3dba0481d32563624c6d4a0098900a" + "content": "8f7ba8bdd9fc7b0932f644411b5f5b3b06996dec49bbf5e3b641f28ef520b78c5f3c5cf5f1d70e44832a9d887ae85c773e8c2172bf39353e7e7abdfea1589aa7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136120,17 +126338,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/stack-trace" + "value": "node_modules/@types/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "winston-transport", - "version": "4.7.0", - "bom-ref": "winston-transport@4.7.0", - "author": "Charlie Robbins", - "description": "Base stream implementations for winston@3 and up.", + "name": "sinonjs__fake-timers", + "group": "@types", + "version": "8.1.5", + "bom-ref": "@types/sinonjs__fake-timers@8.1.5", + "description": "TypeScript definitions for @sinonjs/fake-timers", "licenses": [ { "license": { @@ -136138,30 +126360,30 @@ } } ], - "purl": "pkg:npm/winston-transport@4.7.0", + "purl": "pkg:npm/%40types/sinonjs__fake-timers@8.1.5#types/sinonjs__fake-timers", "externalReferences": [ { - "url": "git+ssh://git@github.com/winstonjs/winston-transport.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinonjs__fake-timers", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/winstonjs/winston-transport#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinonjs__fake-timers", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/winstonjs/winston-transport/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", + "url": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6a3063eb92b923b75e9f37abd88616ebed9b34856a2c60c7a83c373b0f0e861faf756fabbf8319e9e883bc7a0a85f2456766aec8df1bc9789e0c327de9588e36" + "content": "990914da363c8c9105ed81e31efb103bcfb7ba08532f599c9e7f7a8a07e138d991f9f50f48a22479f418a527bc6ec972d84a7ba106e7ffa546e7ff7fd2a700ad" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136170,17 +126392,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/winston-transport" + "value": "node_modules/@types/sinonjs__fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "xlsx-populate", - "version": "1.21.0", - "bom-ref": "xlsx-populate@1.21.0", - "author": "Dave T. Johnson", - "description": "Excel XLSX parser/generator written in JavaScript with Node.js and browser support, jQuery/d3-style method chaining, and a focus on keeping existing workbook features and styles in tact.", + "name": "mock-stdin", + "version": "1.0.0", + "bom-ref": "mock-stdin@1.0.0", + "author": "Caitlin Potter", + "description": "Mock STDIN file descriptor in Node.js", "licenses": [ { "license": { @@ -136188,30 +126414,30 @@ } } ], - "purl": "pkg:npm/xlsx-populate@1.21.0", + "purl": "pkg:npm/mock-stdin@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/dtjohnson/xlsx-populate.git", + "url": "git+https://github.com/caitp/node-mock-stdin.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/dtjohnson/xlsx-populate#readme", + "url": "https://github.com/caitp/node-mock-stdin", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dtjohnson/xlsx-populate/issues", + "url": "https://github.com/caitp/node-mock-stdin/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/xlsx-populate/-/xlsx-populate-1.21.0.tgz", + "url": "https://registry.npmjs.org/mock-stdin/-/mock-stdin-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f2fd869bc05e857a3a2d4eca4fcd364285d33e4618d522a4e55f20fd4b98667341dc9cd7aae77f3fdf4fc6bdb25de2b2b7eb0a9426ad9a2773ea340d89ed6147" + "content": "b6e91175bf417aedbbb7a74df97ced4911eaf49d01fc2a003b2486cc77e7f144df9aa8a9039c8d4ffb03504c987405771e991ae96c7a90e331b8e6dd39ec7ad1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136220,48 +126446,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/xlsx-populate" + "value": "node_modules/mock-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "cfb", - "version": "1.2.2", - "bom-ref": "cfb@1.2.2", - "author": "sheetjs", - "description": "Compound File Binary File Format extractor", + "name": "nock", + "version": "13.5.4", + "bom-ref": "nock@13.5.4", + "author": "Pedro Teixeira", + "description": "HTTP server mocking and expectations library for Node.js", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/cfb@1.2.2", + "purl": "pkg:npm/nock@13.5.4", "externalReferences": [ { - "url": "git://github.com/SheetJS/js-cfb.git", + "url": "git+https://github.com/nock/nock.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://sheetjs.com/", + "url": "https://github.com/nock/nock#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SheetJS/js-cfb/issues", + "url": "https://github.com/nock/nock/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cfb/-/cfb-1.2.2.tgz", + "url": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "29f75466c48ec35f7f39b1166acbc13ff01ce2b799bc019ab9986ce92fe0a8d857848edc2b0be51fbba58fe74e1189dc6b86e6e121a8f02d5b4c042f9d38e040" + "content": "c80c937dd78d24618117159dcd2282058c6ce45c4b6c28395f94387adb3def885c4331b5faa0b1bc8c8ea388f6472e8c52585654c5f83a860379f008230ba98f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136270,48 +126500,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/cfb" + "value": "node_modules/nock" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "adler-32", - "version": "1.3.1", - "bom-ref": "adler-32@1.3.1", - "author": "sheetjs", - "description": "Pure-JS ADLER-32", + "name": "json-stringify-safe", + "version": "5.0.1", + "bom-ref": "json-stringify-safe@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSON.stringify, but doesn't blow up on circular refs.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/adler-32@1.3.1", + "purl": "pkg:npm/json-stringify-safe@5.0.1", "externalReferences": [ { - "url": "git://github.com/SheetJS/js-adler32.git", + "url": "git://github.com/isaacs/json-stringify-safe.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://sheetjs.com/opensource", + "url": "https://github.com/isaacs/json-stringify-safe", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SheetJS/js-adler32/issues", + "url": "https://github.com/isaacs/json-stringify-safe/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/adler-32/-/adler-32-1.3.1.tgz", + "url": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ca7678c3f9d452fe6baec47c5141a87b5542f61663e95e6153d430d4794c0c9184270e52ed37d312b5938cccace8ceefaf461670faacdea02be2cb349c37cff8" + "content": "642960e80698bda9af60413cd9ddc8c9ddef49222343ea1d823693cd1b8edeceeda0274529cce86f68b4cc287b244f245a7d7bcaf016854571bea1b051a96c44" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136320,48 +126554,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/adler-32" + "value": "node_modules/json-stringify-safe" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "crc-32", - "version": "1.2.2", - "bom-ref": "crc-32@1.2.2", - "author": "sheetjs", - "description": "Pure-JS CRC-32", + "name": "propagate", + "version": "2.0.1", + "bom-ref": "propagate@2.0.1", + "author": "Pedro Teixeira", + "description": "Propagate events from one event emitter into another", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/crc-32@1.2.2", + "purl": "pkg:npm/propagate@2.0.1", "externalReferences": [ { - "url": "git://github.com/SheetJS/js-crc32.git", + "url": "git+https://github.com/nock/propagate.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://sheetjs.com/", + "url": "http://github.com/nock/propagate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/SheetJS/js-crc32/issues", + "url": "http://github.com/nock/propagate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", + "url": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "44e9b308aad39cec326cf709029000e960568a3db71d57c654d2aaaab669bb264e1ea2b60b01d2be91aecadfd434dbda22311df17e48146a78321f887b520725" + "content": "bc6ae139abcf493cf841536e04d75c35778f35d34c68ed718fdc81787d527103e393fae183db129425cf84c905b9a34d5bfb324ef62ab276c82713017d16db6a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136370,46 +126608,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/crc-32" + "value": "node_modules/propagate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jszip", - "version": "3.10.1", - "bom-ref": "jszip@3.10.1", - "author": "Stuart Knightley", - "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip", + "name": "sinon", + "version": "16.1.3", + "bom-ref": "sinon@16.1.3", + "author": "Christian Johansen", + "description": "JavaScript test spies, stubs and mocks.", "licenses": [ { - "expression": "(MIT OR GPL-3.0-or-later)" + "license": { + "id": "BSD-3-Clause" + } } ], - "purl": "pkg:npm/jszip@3.10.1", + "purl": "pkg:npm/sinon@16.1.3", "externalReferences": [ { - "url": "git+https://github.com/Stuk/jszip.git", + "url": "git+ssh://git@github.com/sinonjs/sinon.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Stuk/jszip#readme", + "url": "https://sinonjs.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Stuk/jszip/issues", + "url": "http://github.com/sinonjs/sinon/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", + "url": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c570ef79cc93a462eba85aef92b512a31c5f248e401fb53ccf1c6d55c969b14b4c0aae09436f742d8f005b973b1a09ebfd8fe82be6d031ba8adaa9ad937a4de2" + "content": "9a39d659ecb17007fd9c2d1b5dc3e6883badfa813c1d8ae275337305b17df006152e65b0191a76212129ca161f946d627c82d3f9e367dc198a5093f18d750f94" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136418,47 +126662,161 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jszip" + "value": "node_modules/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "sinon@16.1.3|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "sinon@16.1.3|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "lie", - "version": "3.3.0", - "bom-ref": "lie@3.3.0", - "description": "A basic but performant promise implementation", + "name": "commons", + "group": "@sinonjs", + "version": "3.0.1", + "bom-ref": "@sinonjs/commons@3.0.1", + "description": "Simple functions shared among the sinon end user libraries", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/lie@3.3.0", + "purl": "pkg:npm/%40sinonjs/commons@3.0.1", "externalReferences": [ { - "url": "git+https://github.com/calvinmetcalf/lie.git", + "url": "git+https://github.com/sinonjs/commons.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/calvinmetcalf/lie#readme", + "url": "https://github.com/sinonjs/commons#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/calvinmetcalf/lie/issues", + "url": "https://github.com/sinonjs/commons/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1" + "content": "2b79821ca43db1587ca350bd731930c5a3a65e800c943c42d666321eb8ea39611c06362befab7deb32f6ce58f9754199dc74b0db8d17d6a807dcc8dfd72256a5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136467,47 +126825,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/lie" + "value": "node_modules/@sinonjs/commons" } ] }, { "type": "library", - "name": "immediate", - "version": "3.0.6", - "bom-ref": "immediate@3.0.6", - "description": "A cross browser microtask library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "10.3.0", + "bom-ref": "@sinonjs/fake-timers@10.3.0", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/immediate@3.0.6", + "purl": "pkg:npm/%40sinonjs/fake-timers@10.3.0", "externalReferences": [ { - "url": "git://github.com/calvinmetcalf/immediate.git", + "url": "git+https://github.com/sinonjs/fake-timers.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/calvinmetcalf/immediate#readme", + "url": "https://github.com/sinonjs/fake-timers", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/calvinmetcalf/immediate/issues", + "url": "https://github.com/sinonjs/fake-timers/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz", + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5d7385b72a838cd0c043155f631b85ee0f4897f21b5a69a5420d8c60a387f04c484f5aa0eb1738cf24b71da10401382cd5bb5fcf1ab5e5c894898ee08d25d119" + "content": "578046d3b92e6125244c24811c6f06f1336133e175f635c55a742dce3fb07bc0eb92948109e7bd67732cf328867abfdd96685edf9fd7760ca8dffd2b40a83b60" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136516,45 +126876,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/immediate" + "value": "node_modules/@sinonjs/fake-timers" } ] }, { "type": "library", - "name": "pako", - "version": "1.0.11", - "bom-ref": "pako@1.0.11", - "description": "zlib port to javascript - fast, modularized, with browser support", + "name": "samsam", + "group": "@sinonjs", + "version": "8.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0", + "author": "Christian Johansen", + "description": "Value identification and comparison functions", "licenses": [ { - "expression": "(MIT AND Zlib)" + "license": { + "id": "BSD-3-Clause" + } } ], - "purl": "pkg:npm/pako@1.0.11", + "purl": "pkg:npm/%40sinonjs/samsam@8.0.0", "externalReferences": [ { - "url": "git+https://github.com/nodeca/pako.git", + "url": "git+https://github.com/sinonjs/samsam.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodeca/pako", + "url": "http://sinonjs.github.io/samsam/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodeca/pako/issues", + "url": "https://github.com/sinonjs/samsam/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", + "url": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63" + "content": "069f0a51594ba7c89b259ae7bead9fa1584fd08557d82229acc24f2b4bea1aa82b0dad0e1d529e67207292ab2492b77157ac8a04f9866ac3bc2d58c0291dc67b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136563,17 +126927,77 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pako" + "value": "node_modules/@sinonjs/samsam" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "2.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b8b6b48fce7d98cae0dac97041874efc092b39f987f97e8b4d598d4d2f42a9ec6e13622f54e448912a492ea78f01b127289efb68c982c2bd4d519e7bd76d1772" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam/node_modules/@sinonjs/commons" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "core-util-is", - "version": "1.0.3", - "bom-ref": "core-util-is@1.0.3", - "author": "Isaac Z. Schlueter", - "description": "The `util.is*` functions introduced in Node v0.12.", + "name": "lodash.get", + "version": "4.4.2", + "bom-ref": "lodash.get@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.get` exported as a module.", "licenses": [ { "license": { @@ -136581,30 +127005,30 @@ } } ], - "purl": "pkg:npm/core-util-is@1.0.3", + "purl": "pkg:npm/lodash.get@4.4.2", "externalReferences": [ { - "url": "git://github.com/isaacs/core-util-is.git", + "url": "git+https://github.com/lodash/lodash.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/core-util-is#readme", + "url": "https://lodash.com/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/core-util-is/issues", + "url": "https://github.com/lodash/lodash/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "url": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + "content": "cfe530fef2eecba8107bc71f685583ee9d3056ff1f265de66f35e1df7452fb4a16db0bd4aa2457890ebd80b5922e9801e7feac53eafa065411d0c0482da76a4d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136613,48 +127037,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/core-util-is" + "value": "node_modules/lodash.get" } ] }, { "type": "library", - "name": "isarray", - "version": "1.0.0", - "bom-ref": "isarray@1.0.0", - "author": "Julian Gruber", - "description": "Array#isArray for older browsers", + "name": "nise", + "version": "5.1.9", + "bom-ref": "nise@5.1.9", + "description": "Fake XHR and server", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/isarray@1.0.0", + "purl": "pkg:npm/nise@5.1.9", "externalReferences": [ { - "url": "git://github.com/juliangruber/isarray.git", + "url": "git+ssh://git@github.com/sinonjs/nise.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/juliangruber/isarray", + "url": "https://github.com/sinonjs/nise#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/isarray/issues", + "url": "https://github.com/sinonjs/nise/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "url": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + "content": "a8e9e8ba35b8495e9ee34758c4939bdeebeea0f1ed98bcc89384c5a3e8f48cf2680bee59f718dae6a1f9259a1b10fb1af3e618a6132b392c27aec844846daac3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136663,97 +127086,161 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/isarray" - } - ] - }, - { - "type": "library", - "name": "process-nextick-args", - "version": "2.0.1", - "bom-ref": "process-nextick-args@2.0.1", - "description": "process.nextTick but always with args", - "licenses": [ + "value": "node_modules/nise" + }, { - "license": { - "id": "MIT" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/process-nextick-args@2.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/calvinmetcalf/process-nextick-args", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "components": [ { - "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "11.2.2", + "bom-ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@11.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b6a62092c50ee858ec701920321477cf22cc9e2465d8b5cea615b9c503e9115e48849d397c73ff23ba5d92df6f621419c323d1c6a1e596019beebce91971c83" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/@sinonjs/fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "path-to-regexp", + "version": "6.2.2", + "bom-ref": "nise@5.1.9|path-to-regexp@6.2.2", + "description": "Express style path to RegExp utility", + "licenses": [ { - "alg": "SHA-512", - "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/process-nextick-args" + "purl": "pkg:npm/path-to-regexp@6.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1905f749232892781bdfafb085da515c4fb77fd57c533c80a2b958bce1b1f3bb9f1877a13539f9942c6b2ad2f2678625ff010a9cd9ebf7c6733b0c03655e6883" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/path-to-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "setimmediate", - "version": "1.0.5", - "bom-ref": "setimmediate@1.0.5", - "author": "YuzuJS", - "description": "A shim for the setImmediate efficient script yielding API", + "name": "text-encoding", + "group": "@sinonjs", + "version": "0.7.2", + "bom-ref": "@sinonjs/text-encoding@0.7.2", + "author": "Joshua Bell", + "description": "Polyfill for the Encoding Living Standard's API.", "licenses": [ { - "license": { - "id": "MIT" - } + "expression": "(Unlicense OR Apache-2.0)" } ], - "purl": "pkg:npm/setimmediate@1.0.5", + "purl": "pkg:npm/%40sinonjs/text-encoding@0.7.2", "externalReferences": [ { - "url": "git+https://github.com/YuzuJS/setImmediate.git", + "url": "git+https://github.com/sinonjs/text-encoding.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/YuzuJS/setImmediate#readme", + "url": "https://github.com/sinonjs/text-encoding", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/YuzuJS/setImmediate/issues", + "url": "https://github.com/sinonjs/text-encoding/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", + "url": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3004c9759a7cb0ba8397febc2df4266cff3328f2d0355e81219a0882bb1c14343e46cbcafc1c5e0d03a0cb128aa21d32ffc87706a5459c2a90fe077eade8885c" + "content": "b175ca1beb8bf48acaa95893b5aa365ace9dcb4ce7bbdb0e68fd5d8bf8ca196d4ce95b2c3bcbe5a5709072967e8e2b10d6d4c5002e49a3f10ecc56e08016a015" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136762,48 +127249,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/setimmediate" + "value": "node_modules/@sinonjs/text-encoding" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "sax", - "version": "1.2.1", - "bom-ref": "sax@1.2.1", - "author": "Isaac Z. Schlueter", - "description": "An evented streaming XML parser in JavaScript", + "name": "just-extend", + "version": "6.2.0", + "bom-ref": "just-extend@6.2.0", + "author": "Angus Croll", + "description": "extend an object", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/sax@1.2.1", + "purl": "pkg:npm/just-extend@6.2.0", "externalReferences": [ { - "url": "git://github.com/isaacs/sax-js.git", + "url": "git+https://github.com/angus-c/just.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/sax-js#readme", + "url": "https://github.com/angus-c/just#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/sax-js/issues", + "url": "https://github.com/angus-c/just/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "url": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f08d9adcba2f1d33a99bb355e723b23bc207aa056c7cae3e52ec92ad753c617912457ee4ea1095f5bdc7ae4282af79cca608fed1b9a871a2495a9be9d6873b64" + "content": "718a1f42ed97a689bcd92eaa0fbefc8c10e9c2fbf2dfdb3597f86b6228f6bbd00c750706469681bba918e26561ba7a39909562d43033e1a8a9840d96235fce03" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136812,17 +127303,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sax" + "value": "node_modules/just-extend" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "xmlbuilder", - "version": "11.0.1", - "bom-ref": "xmlbuilder@11.0.1", - "author": "Ozgur Ozcitak", - "description": "An XML builder for node.js", + "name": "stdout-stderr", + "version": "0.1.13", + "bom-ref": "stdout-stderr@0.1.13", + "author": "Jeff Dickey @jdxcode", + "description": "mock stdout and stderr", "licenses": [ { "license": { @@ -136830,30 +127325,30 @@ } } ], - "purl": "pkg:npm/xmlbuilder@11.0.1", + "purl": "pkg:npm/stdout-stderr@0.1.13", "externalReferences": [ { - "url": "git://github.com/oozcitak/xmlbuilder-js.git", + "url": "git+https://github.com/jdxcode/stdout-stderr.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://github.com/oozcitak/xmlbuilder-js", + "url": "https://github.com/jdxcode/stdout-stderr", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/oozcitak/xmlbuilder-js/issues", + "url": "https://github.com/jdxcode/stdout-stderr/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "url": "https://registry.npmjs.org/stdout-stderr/-/stdout-stderr-0.1.13.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7c396c23f905131ee02ef6de71cd3fa212c6e747ee810a7caf21f3313b96f6f49ad462745d858a9e1b14c7ba227b71bdf3eaf9e9a4d0214078921b78d91dc9bc" + "content": "5e7b7dfc71c761f8d9ecd7902efb900f22f52e76ec6dd760305282b9a40ac0609d266f0b9ecb59217a29fae398dfa511d545d7a075df31b0b52a555d55dd892c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136862,48 +127357,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/xmlbuilder" + "value": "node_modules/stdout-stderr" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "zip-lib", - "version": "1.0.4", - "bom-ref": "zip-lib@1.0.4", - "author": "fpsqdb", - "description": "zip and unzip library for node", + "name": "abort-controller", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/abort-controller@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A simple abort controller library", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/zip-lib@1.0.4", + "purl": "pkg:npm/%40smithy/abort-controller@3.0.0#packages/abort-controller", "externalReferences": [ { - "url": "git+https://github.com/fpsqdb/zip-lib.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/abort-controller", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/fpsqdb/zip-lib#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/abort-controller", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/fpsqdb/zip-lib/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/zip-lib/-/zip-lib-1.0.4.tgz", + "url": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b5cc0c2d4b13fddc60110330c685add0148fdd054af6f57faf0ece46452f1ba4045bc1a06550d3873844f050de44e0f4beb306f500c52eb789f5e4ce61ce7a4f" + "content": "a7a1a514606df4ae0c60bbbbd98b89e76dcd551e00f281e50b933624ee8e990a8df2401cfee87526a2c4f858b34e892b4891a0d024af0be06bb261b32adb1928" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136912,17 +127412,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/zip-lib" + "value": "node_modules/@smithy/abort-controller" } ] }, { "type": "library", - "name": "yauzl", - "version": "3.1.3", - "bom-ref": "yauzl@3.1.3", - "author": "Josh Wolfe", - "description": "yet another unzip library for node", + "name": "express", + "group": "@types", + "version": "4.17.21", + "bom-ref": "@types/express@4.17.21", + "description": "TypeScript definitions for express", "licenses": [ { "license": { @@ -136930,30 +127430,30 @@ } } ], - "purl": "pkg:npm/yauzl@3.1.3", + "purl": "pkg:npm/%40types/express@4.17.21#types/express", "externalReferences": [ { - "url": "git+https://github.com/thejoshwolfe/yauzl.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/thejoshwolfe/yauzl", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thejoshwolfe/yauzl/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yauzl/-/yauzl-3.1.3.tgz", + "url": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "24209d9a52495afecbd2afcaca539e93245a52b744a14c5691655c828ae8b1344e0855a24bda7634d3c4f586fdd5a93b6f53794b1019125896a6ca5b65c722bf" + "content": "7a394f337d79ab02e96909500d38cf76c50549ce99b0fe0037a0255a7a203e343b0958bb3d8177615cfe098de3136a7061fec4ffb1e50c0374ad5d86c531b41d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -136962,54 +127462,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yauzl" + "value": "node_modules/@types/express" } ] }, { "type": "library", - "name": "buffer-crc32", - "version": "0.2.13", - "bom-ref": "buffer-crc32@0.2.13", - "author": "Brian J. Brennan", - "description": "A pure javascript CRC32 algorithm that plays nice with binary data", + "name": "body-parser", + "group": "@types", + "version": "1.19.5", + "bom-ref": "@types/body-parser@1.19.5", + "description": "TypeScript definitions for body-parser", "licenses": [ { "license": { "id": "MIT" } - }, - { - "license": { - "id": "MIT", - "url": "https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE" - } } ], - "purl": "pkg:npm/buffer-crc32@0.2.13", + "purl": "pkg:npm/%40types/body-parser@1.19.5#types/body-parser", "externalReferences": [ { - "url": "git://github.com/brianloveswords/buffer-crc32.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/body-parser", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/brianloveswords/buffer-crc32", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/body-parser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/brianloveswords/buffer-crc32/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "url": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "54ef47b7ffa9dd237b48a5aa72b804ce319b4522584f1f90d694d00b4c2b5aa1f1d2fa49ada43a1ad1f1f2dbdc835ae52b56f2854e6071cc603a08fb0744c391" + "content": "7c1dd9bbddae71abb4890d0930215013b6ff76ff0eb74ecd23729a64890850d5eaf3693878102a51a9de5df95e198f495ac91e4bdcbebb49d7332b2972e42b0a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137018,17 +127512,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/buffer-crc32" + "value": "node_modules/@types/body-parser" } ] }, { "type": "library", - "name": "pend", - "version": "1.2.0", - "bom-ref": "pend@1.2.0", - "author": "Andrew Kelley", - "description": "dead-simple optimistic async helper", + "name": "connect", + "group": "@types", + "version": "3.4.38", + "bom-ref": "@types/connect@3.4.38", + "description": "TypeScript definitions for connect", "licenses": [ { "license": { @@ -137036,30 +127530,30 @@ } } ], - "purl": "pkg:npm/pend@1.2.0", + "purl": "pkg:npm/%40types/connect@3.4.38#types/connect", "externalReferences": [ { - "url": "git://github.com/andrewrk/node-pend.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/connect", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/andrewrk/node-pend#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/connect", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/andrewrk/node-pend/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", + "url": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1776acbf8d94b97721773b7ec57a9f5b538695505efa6c5ada6a88d29839c801d93ef16663763a76b49ffc643503ce9681610df4ace1fd6ae029aea219c1d72e" + "content": "2bab9139fd4b0fcf2e0d0a890a4b40e32ccbd586002ba3607ec234bff9938323ca5ac5f50a72745cf48385589e8ebbb519c4642d66fc465cc560946a1946daba" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137068,17 +127562,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pend" + "value": "node_modules/@types/connect" } ] }, { "type": "library", - "name": "yazl", - "version": "2.5.1", - "bom-ref": "yazl@2.5.1", - "author": "Josh Wolfe", - "description": "yet another zip library for node", + "name": "express-serve-static-core", + "group": "@types", + "version": "4.19.0", + "bom-ref": "@types/express-serve-static-core@4.19.0", + "description": "TypeScript definitions for express-serve-static-core", "licenses": [ { "license": { @@ -137086,30 +127580,30 @@ } } ], - "purl": "pkg:npm/yazl@2.5.1", + "purl": "pkg:npm/%40types/express-serve-static-core@4.19.0#types/express-serve-static-core", "externalReferences": [ { - "url": "git+https://github.com/thejoshwolfe/yazl.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express-serve-static-core", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/thejoshwolfe/yazl", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express-serve-static-core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/thejoshwolfe/yazl/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yazl/-/yazl-2.5.1.tgz", + "url": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a6110d8b63cb8879c76fa401568b7e7499da019d31a2c8fba777d697ece7223043967308d8fb19089677d3a04f4c539a1dfe6a743108f31e6a16b48e04de6faf" + "content": "6c6c9ea7726a3c246bcb5c2af8ee67ee88818065a67882573e35d70a8f042b4bbc76e6464986abedc1aa77730bd8952c2c6781edf99cd3a298a3d7cb196a8fbd" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137118,49 +127612,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yazl" + "value": "node_modules/@types/express-serve-static-core" } ] }, { "type": "library", - "name": "client-sso-oidc", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "name": "qs", + "group": "@types", + "version": "6.9.15", + "bom-ref": "@types/qs@6.9.15", + "description": "TypeScript definitions for qs", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "purl": "pkg:npm/%40types/qs@6.9.15#types/qs", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/qs", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/qs", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "url": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + "content": "b971d02844ba0d028a08b878e355effddc313aad53552dc93d432512aa04825be5851e8cc6795ec3f5eafcb4551e92f293b88adf33837b5a981c8325b4eed71a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137169,49 +127662,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso-oidc" + "value": "node_modules/@types/qs" } ] }, { "type": "library", - "name": "client-sts", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "name": "range-parser", + "group": "@types", + "version": "1.2.7", + "bom-ref": "@types/range-parser@1.2.7", + "description": "TypeScript definitions for range-parser", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "purl": "pkg:npm/%40types/range-parser@1.2.7#types/range-parser", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/range-parser", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/range-parser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "url": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + "content": "84aa2b9896e426acd01a1ce26b1e4f22d0d44cc00cf6e1365d7426337eddc9de2154cfb969597ba15c4c554895427da809014dfcb28265dbd2334a4546a6d299" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137220,49 +127712,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sts" + "value": "node_modules/@types/range-parser" } ] }, { "type": "library", - "name": "core", - "group": "@aws-sdk", - "version": "3.588.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", - "author": "AWS SDK for JavaScript Team", - "description": "Core functions & classes shared by multiple AWS SDK clients", + "name": "send", + "group": "@types", + "version": "0.17.4", + "bom-ref": "@types/send@0.17.4", + "description": "TypeScript definitions for send", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "purl": "pkg:npm/%40types/send@0.17.4#types/send", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/send", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/send", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "url": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + "content": "c7610ce9324ec9b79cedce76057d19b293e874cb1051de4be8f4703ae9d5c955215e205229fdc07b30cbf0382f82de68d147ca35fb80d1e30baf6c0b4f802204" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137271,49 +127762,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/core" + "value": "node_modules/@types/send" } ] }, { "type": "library", - "name": "credential-provider-node", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "name": "mime", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/mime@1.3.5", + "description": "TypeScript definitions for mime", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "purl": "pkg:npm/%40types/mime@1.3.5#types/mime", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mime", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mime", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "url": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + "content": "fe9c8165648b0f69f475c1c4de1abcb3c66f7044c7b44b85fb713b5d5b74220da7bec5505dd8211d57049085a3cbd034c0a7d39fdedafcf48362884a2259cfff" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137322,48 +127812,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-node" + "value": "node_modules/@types/mime" } ] }, { "type": "library", - "name": "middleware-user-agent", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "author": "AWS SDK for JavaScript Team", + "name": "serve-static", + "group": "@types", + "version": "1.15.7", + "bom-ref": "@types/serve-static@1.15.7", + "description": "TypeScript definitions for serve-static", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "purl": "pkg:npm/%40types/serve-static@1.15.7#types/serve-static", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/serve-static", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/serve-static", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "url": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + "content": "5bc626fa1f2786e47068a3da0f0df8414930b068ba45ce3262abca168e6b9b61541210856f3556af15d4c6e28af130128d6b32b096349ec98d086842388b2b3b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137372,48 +127862,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/middleware-user-agent" + "value": "node_modules/@types/serve-static" } ] }, { "type": "library", - "name": "region-config-resolver", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "author": "AWS SDK for JavaScript Team", + "name": "http-errors", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/http-errors@2.0.4", + "description": "TypeScript definitions for http-errors", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "purl": "pkg:npm/%40types/http-errors@2.0.4#types/http-errors", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-errors", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-errors", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "url": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + "content": "0f408530cb7275b2407a0ccec878ed88a3cb96f9e6de24d9c994526682eada64610dd98b7c858e0983df409e1cbb67ab2a0854fbe42f8dc523a7fe61ee1112a4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137422,49 +127912,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/region-config-resolver" + "value": "node_modules/@types/http-errors" } ] }, { "type": "library", - "name": "util-endpoints", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "Utilities to help with endpoint resolution", + "name": "fs-extra", + "group": "@types", + "version": "11.0.4", + "bom-ref": "@types/fs-extra@11.0.4", + "description": "TypeScript definitions for fs-extra", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "purl": "pkg:npm/%40types/fs-extra@11.0.4#types/fs-extra", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/fs-extra", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/fs-extra", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "url": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-11.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + "content": "c936c8b4236b791a28103df7aa3ba73ed8517128c444fd6be0ca8265cef0bf4bb6b149334c5a78e6d8147d2e7eafb16b64f76608235f94b85548ffe8f927a6b1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137473,48 +127962,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-endpoints" + "value": "node_modules/@types/fs-extra" } ] }, { "type": "library", - "name": "util-user-agent-node", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "author": "AWS SDK for JavaScript Team", + "name": "jsonfile", + "group": "@types", + "version": "6.1.4", + "bom-ref": "@types/jsonfile@6.1.4", + "description": "TypeScript definitions for jsonfile", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "purl": "pkg:npm/%40types/jsonfile@6.1.4#types/jsonfile", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jsonfile", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonfile", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "url": "https://registry.npmjs.org/@types/jsonfile/-/jsonfile-6.1.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + "content": "0f9a86518c23be734d7b1b5d539f7ff9f23eb299f0b53166c903f487e3df20e4a435fa54e803880943a49b88b43a74a4f8dca374f26bc420eba34b09b16951a5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137523,17 +128012,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-user-agent-node" + "value": "node_modules/@types/jsonfile" } ] }, { "type": "library", - "name": "fast-xml-parser", - "version": "4.2.5", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", - "author": "Amit Gupta", - "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "name": "get-installed-path", + "group": "@types", + "version": "4.0.3", + "bom-ref": "@types/get-installed-path@4.0.3", + "description": "TypeScript definitions for get-installed-path", "licenses": [ { "license": { @@ -137541,30 +128030,30 @@ } } ], - "purl": "pkg:npm/fast-xml-parser@4.2.5", + "purl": "pkg:npm/%40types/get-installed-path@4.0.3#types/get-installed-path", "externalReferences": [ { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/get-installed-path", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/get-installed-path", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "url": "https://registry.npmjs.org/@types/get-installed-path/-/get-installed-path-4.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + "content": "5deea74eebca3b776e98cb29b267f57b092b7bce5f866426335c88bf67e4c99458a9753538d6001fd6f61cc0e2ca43ef76315485eb9de298b3044a48eede8e53" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137573,49 +128062,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/fast-xml-parser" + "value": "node_modules/@types/get-installed-path" } ] }, { "type": "library", - "name": "credential-provider-env", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from known environment variables", + "name": "jest", + "group": "@types", + "version": "29.5.12", + "bom-ref": "@types/jest@29.5.12", + "description": "TypeScript definitions for jest", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "purl": "pkg:npm/%40types/jest@29.5.12#types/jest", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jest", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "url": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + "content": "7830bc6d3bd3fd0858771240ba542292e7a2818e40b1d0511f6c83296df2bde5bbb2f637f83ccdf38ff6354824c35d114e225b5aa66b4eda0655d625bc525d2f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137624,49 +128112,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-env" + "value": "node_modules/@types/jest" } ] }, { "type": "library", - "name": "credential-provider-http", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider for containers and HTTP sources", + "name": "expect", + "version": "29.7.0", + "bom-ref": "expect@29.7.0", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "purl": "pkg:npm/expect@29.7.0#packages/expect", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "url": "git+https://github.com/jestjs/jest.git#packages/expect", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "url": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + "content": "d9992cd217f554b15823591b8742398cfdca1c7c821e991fc87073b125d116097f060f665987cc5bca03f8f74c3e5130cb91cdb11f49bad632ea931e3a1eb59f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137675,49 +128160,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-http" + "value": "node_modules/expect" } ] }, { "type": "library", - "name": "credential-provider-ini", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "name": "expect-utils", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect-utils@29.7.0", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "purl": "pkg:npm/%40jest/expect-utils@29.7.0#packages/expect-utils", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "url": "git+https://github.com/jestjs/jest.git#packages/expect-utils", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + "content": "1a5b0d0568854050958bd4154b1edfe4080c78bc5ef58082b393ee3f63b62dd8c3000f0987d797ee503526aff1757c3759bde1caf94535f6487dc45eb52cd870" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137726,49 +128209,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-ini" + "value": "node_modules/@jest/expect-utils" } ] }, { "type": "library", - "name": "credential-provider-process", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "name": "jest-get-type", + "version": "29.6.3", + "bom-ref": "jest-get-type@29.6.3", + "description": "A utility function to get the type of a value", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "purl": "pkg:npm/jest-get-type@29.6.3#packages/jest-get-type", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-get-type", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + "content": "cebb5e5e7a98c5f421ee5e451f22f7f232f7f5d8bc1fcac7a1e70b1f724dc47dc1c0eac1b0d79a6dd6a9e5ed08db7943e071c8f16e5514166a1b811aab92cd73" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137777,49 +128258,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-process" + "value": "node_modules/jest-get-type" } ] }, { "type": "library", - "name": "credential-provider-sso", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "name": "jest-matcher-utils", + "version": "29.7.0", + "bom-ref": "jest-matcher-utils@29.7.0", + "description": "A set of utility functions for expect and related packages", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "purl": "pkg:npm/jest-matcher-utils@29.7.0#packages/jest-matcher-utils", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-matcher-utils", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + "content": "b01903f978bd0ed70286c2372f7bb4f8dd28a603d89c244fb4671062b817991fa19adfdf61f5802f4c515d853c79639d7ee2e005ed18096dc016d9d12da82afe" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137828,49 +128307,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-sso" + "value": "node_modules/jest-matcher-utils" } ] }, { "type": "library", - "name": "credential-provider-web-identity", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "name": "jest-diff", + "version": "29.7.0", + "bom-ref": "jest-diff@29.7.0", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "purl": "pkg:npm/jest-diff@29.7.0#packages/jest-diff", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-diff", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + "content": "2cc220888ae18a098faecd37247a71521db22122b7bcb14f900a1d3dea34f81b85ef003616841b904835bbc8016014e19dcbbb7b5a040d47c85d5b93a8b4548f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137879,49 +128355,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-web-identity" + "value": "node_modules/jest-diff" } ] }, { "type": "library", - "name": "client-sso", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "name": "diff-sequences", + "version": "29.6.3", + "bom-ref": "diff-sequences@29.6.3", + "description": "Compare items in two sequences to find a longest common subsequence", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "purl": "pkg:npm/diff-sequences@29.6.3#packages/diff-sequences", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "url": "git+https://github.com/jestjs/jest.git#packages/diff-sequences", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + "content": "12378f2b5b2b0f73f4f28da3e1fd04c67ca5a91b3907db498dca7db7592b1f6a918bc08276c61fc1ef498122eeac5056c2ae2e3a58a9cdf9397c736fc052abf1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137930,49 +128404,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso" + "value": "node_modules/diff-sequences" } ] }, { "type": "library", - "name": "token-providers", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "A collection of token providers", + "name": "pretty-format", + "version": "29.7.0", + "bom-ref": "pretty-format@29.7.0", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "purl": "pkg:npm/pretty-format@29.7.0#packages/pretty-format", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "url": "git+https://github.com/jestjs/jest.git#packages/pretty-format", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + "content": "3dd970fe83f137e69776633d474d09542f56545a022d3289bc354b82627ea807df04cc6c57ce65fcbbbbb0dc78cd2ccfca82f67ae226b84c0784e5dd12034565" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -137981,48 +128454,98 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/token-providers" + "value": "node_modules/pretty-format" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "pretty-format@29.7.0|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format/node_modules/ansi-styles" + } + ] } ] }, { "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", + "name": "jest-message-util", + "version": "29.7.0", + "bom-ref": "jest-message-util@29.7.0", "licenses": [ { "license": { - "id": "0BSD" + "id": "MIT" } } ], - "purl": "pkg:npm/tslib@1.14.1", + "purl": "pkg:npm/jest-message-util@29.7.0#packages/jest-message-util", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/tslib.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-message-util", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + "content": "181115e064400de3feaad076fbabbad6cb5e6bc98670e4f8982b6b608499c1fbbdfc8487149ff9cce31761ba4113d46c4b9f866fadc35b81609a7289efd29feb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138031,48 +128554,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/sha256-browser/node_modules/tslib" + "value": "node_modules/jest-message-util" } ] }, { "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", + "name": "types", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/types@29.6.3", "licenses": [ { "license": { - "id": "0BSD" + "id": "MIT" } } ], - "purl": "pkg:npm/tslib@1.14.1", + "purl": "pkg:npm/%40jest/types@29.6.3#packages/jest-types", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/tslib.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-types", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "url": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + "content": "bb750fb088a558a38cdc5f425edac6f0b10998dc70a02402fd7563e082985efbe9c7b4088bf2a0d4b239b83983a4a95a73ad8d52d5fb78b8d187e8d565c2cecf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138081,48 +128603,46 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/ie11-detection/node_modules/tslib" + "value": "node_modules/@jest/types" } ] }, { "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", + "name": "jest-util", + "version": "29.7.0", + "bom-ref": "jest-util@29.7.0", "licenses": [ { "license": { - "id": "0BSD" + "id": "MIT" } } ], - "purl": "pkg:npm/tslib@1.14.1", + "purl": "pkg:npm/jest-util@29.7.0#packages/jest-util", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/tslib.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-util", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "url": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + "content": "cfa11b29a8c8a6a18a539eb2e4a054832d5db758a18502605b352564702b03ff97d9a77b09be6217e00ad445952ff068ed1cfdbaeae9ab0e9288109e7d46c218" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138131,48 +128651,99 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/sha256-js/node_modules/tslib" + "value": "node_modules/jest-util" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-util@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util/node_modules/ci-info" + } + ] } ] }, { "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", + "name": "schemas", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/schemas@29.6.3", "licenses": [ { "license": { - "id": "0BSD" + "id": "MIT" } } ], - "purl": "pkg:npm/tslib@1.14.1", + "purl": "pkg:npm/%40jest/schemas@29.6.3#packages/jest-schemas", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/tslib.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-schemas", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + "content": "9a8e63e57fa321998942f78129e4bf72502e7a2a55eca8225f5bcc802c5a9b544d622a84d70eb69f4fed2499c7b635bc647710728e6063ce630379a2d0bfa748" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138181,48 +128752,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib" + "value": "node_modules/@jest/schemas" } ] }, { "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/util@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", + "name": "typebox", + "group": "@sinclair", + "version": "0.27.8", + "bom-ref": "@sinclair/typebox@0.27.8", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", "licenses": [ { "license": { - "id": "0BSD" + "id": "MIT" } } ], - "purl": "pkg:npm/tslib@1.14.1", + "purl": "pkg:npm/%40sinclair/typebox@0.27.8", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/tslib.git", + "url": "git+https://github.com/sinclairzx81/typebox.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://github.com/sinclairzx81/typebox#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/sinclairzx81/typebox/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + "content": "f858f8de948cc09b38291ac7ffddfc51ffae0042c881506643383fab5606d74763c9f0374e7ad4f0df17cea0a1fe891976ccea0504d97fdea274c7c4e659f04c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138231,49 +128803,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/util/node_modules/tslib" + "value": "node_modules/@sinclair/typebox" } ] }, { "type": "library", - "name": "client-sso-oidc", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "name": "js-yaml", + "group": "@types", + "version": "4.0.9", + "bom-ref": "@types/js-yaml@4.0.9", + "description": "TypeScript definitions for js-yaml", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "purl": "pkg:npm/%40types/js-yaml@4.0.9#types/js-yaml", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/js-yaml", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "url": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + "content": "9383066909794c6a3f8a2a6a6f65031b65308d7ce2496921d2ecac41e953949a57d6a1a5a546589bc3e73b80f11b5a81a26b4951d609eaa47ac5d21a875d092e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138282,49 +128853,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso-oidc" + "value": "node_modules/@types/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "client-sts", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "name": "mocha", + "group": "@types", + "version": "10.0.6", + "bom-ref": "@types/mocha@10.0.6", + "description": "TypeScript definitions for mocha", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "purl": "pkg:npm/%40types/mocha@10.0.6#types/mocha", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mocha", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mocha", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "url": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + "content": "749beb616c4ffd47179b7e909f7e9fc6150abbc03fc4c457553d9c962145d59ed403d9621b93ec8f77b3352670fb9a6e1f67330d744b7174317fc25b26dd1e8e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138333,49 +128907,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sts" + "value": "node_modules/@types/mocha" } ] }, { "type": "library", - "name": "core", - "group": "@aws-sdk", - "version": "3.588.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", - "author": "AWS SDK for JavaScript Team", - "description": "Core functions & classes shared by multiple AWS SDK clients", + "name": "mock-fs", + "group": "@types", + "version": "4.13.4", + "bom-ref": "@types/mock-fs@4.13.4", + "description": "TypeScript definitions for mock-fs", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "purl": "pkg:npm/%40types/mock-fs@4.13.4#types/mock-fs", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mock-fs", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mock-fs", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "url": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + "content": "99798cd28ea550b3c8f33dd7367402a4bd011b13f0c75525d705d810f04697879f4a1cb15b64659f424e3c4586c9969864c33a3955ccff5e7352e14c639da58e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138384,49 +128957,51 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/core" + "value": "node_modules/@types/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "credential-provider-node", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "name": "undici-types", + "version": "5.26.5", + "bom-ref": "undici-types@5.26.5", + "description": "A stand-alone types package for Undici", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "purl": "pkg:npm/undici-types@5.26.5", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "url": "git+https://github.com/nodejs/undici.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "url": "https://undici.nodejs.org", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/nodejs/undici/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "url": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + "content": "26508c3be7a174420aaa517193a21f568014566833edc53bcc3fe1f57674ab37a8b121e650954ecd242fbd84985979055c2f887cb29221f7e1bf4b1566ea7aa4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138435,48 +129010,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-node" + "value": "node_modules/undici-types" } ] }, { "type": "library", - "name": "middleware-user-agent", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", - "author": "AWS SDK for JavaScript Team", + "name": "objects-to-csv", + "group": "@types", + "version": "1.3.3", + "bom-ref": "@types/objects-to-csv@1.3.3", + "description": "TypeScript definitions for objects-to-csv", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "purl": "pkg:npm/%40types/objects-to-csv@1.3.3#types/objects-to-csv", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/objects-to-csv", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/objects-to-csv", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "url": "https://registry.npmjs.org/@types/objects-to-csv/-/objects-to-csv-1.3.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + "content": "0be7cc752da02beacd51ce620231ff778cfea0d6b272d06ba45e46f433b84a9a81efcc06fd3929d917c8f3fe9a29ffd1f8b39a0117106b14371bfe9498083c19" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138485,48 +129060,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/middleware-user-agent" + "value": "node_modules/@types/objects-to-csv" } ] }, { "type": "library", - "name": "region-config-resolver", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", - "author": "AWS SDK for JavaScript Team", + "name": "prompt-sync", + "group": "@types", + "version": "4.2.3", + "bom-ref": "@types/prompt-sync@4.2.3", + "description": "TypeScript definitions for prompt-sync", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "purl": "pkg:npm/%40types/prompt-sync@4.2.3#types/prompt-sync", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prompt-sync", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prompt-sync", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "url": "https://registry.npmjs.org/@types/prompt-sync/-/prompt-sync-4.2.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + "content": "3b1efb8024b1d18c9e6a41adfea7ce6544853524a2fac877001a063a20b088ed8a383c78f760499d49bda085d2f801c9b6aa75da233845db98eaf89327d6d8c0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138535,49 +129110,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/region-config-resolver" + "value": "node_modules/@types/prompt-sync" } ] }, { "type": "library", - "name": "util-endpoints", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "Utilities to help with endpoint resolution", + "name": "tmp", + "group": "@types", + "version": "0.2.6", + "bom-ref": "@types/tmp@0.2.6", + "description": "TypeScript definitions for tmp", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "purl": "pkg:npm/%40types/tmp@0.2.6#types/tmp", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/tmp", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "url": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + "content": "72185a35fda82879519031adfad88a136679689eaa6a59bb67dae52dd07098e88001fd3d610befa0b5e358ae0758f175c54fdfaaf3207cd7e956806c700fed28" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138586,48 +129160,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-endpoints" + "value": "node_modules/@types/tmp" } ] }, { "type": "library", - "name": "util-user-agent-node", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", - "author": "AWS SDK for JavaScript Team", + "name": "uuid", + "group": "@types", + "version": "9.0.8", + "bom-ref": "@types/uuid@9.0.8", + "description": "TypeScript definitions for uuid", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "purl": "pkg:npm/%40types/uuid@9.0.8#types/uuid", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/uuid", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "url": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + "content": "8e0fbdec4188718f4018724945a68f5607ad283b2b4e06d18d0e4cb208e1fc340a1059740edc91aff5423b20f54f647530d7963cafeeec9a068650d99ca0407c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138636,17 +129210,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-user-agent-node" + "value": "node_modules/@types/uuid" } ] }, { "type": "library", - "name": "fast-xml-parser", - "version": "4.2.5", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", - "author": "Amit Gupta", - "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0", + "description": "TypeScript plugin for ESLint", "licenses": [ { "license": { @@ -138654,30 +129228,30 @@ } } ], - "purl": "pkg:npm/fast-xml-parser@4.2.5", + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@7.12.0#packages/eslint-plugin", "externalReferences": [ { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "url": "https://typescript-eslint.io/packages/eslint-plugin", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + "content": "ec5f757dc6ee0dffdddd2f28db5fabdd99dc18891effe7969341293b6d4b5e10df2da86b89917d0868f87db01eb448e56817637529bd6ba55e5dba5b4fa678d1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138686,49 +129260,217 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/fast-xml-parser" + "value": "node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "credential-provider-env", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from known environment variables", + "name": "regexpp", + "group": "@eslint-community", + "version": "4.10.0", + "bom-ref": "@eslint-community/regexpp@4.10.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "purl": "pkg:npm/%40eslint-community/regexpp@4.10.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "url": "git+https://github.com/eslint-community/regexpp.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "url": "https://github.com/eslint-community/regexpp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/eslint-community/regexpp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "url": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + "content": "0aef7a49dd81cbd982353c768b228e9aad74bf6da351542fd25427946372d7aa04f79f3dc84f900033dbacc182900e7570a6528373eefda4c955319f2ffaa350" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138737,49 +129479,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-env" + "value": "node_modules/@eslint-community/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "credential-provider-http", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider for containers and HTTP sources", + "name": "parser", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/parser@7.7.1", + "description": "An ESLint custom parser which leverages TypeScript ESTree", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "purl": "pkg:npm/%40typescript-eslint/parser@7.7.1#packages/parser", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "url": "https://typescript-eslint.io/packages/parser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + "content": "be63f304e3adcf8f05e89006552fe46589381245daa3a886ac3f37f2ca75c37350402d16f2bcbfabae35294e0fac6ec028d01fe7a34e711f063a91fc97d14f0b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138788,49 +129533,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-http" + "value": "node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "credential-provider-ini", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/scope-manager@7.7.1", + "description": "TypeScript scope analyser for ESLint", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.7.1#packages/scope-manager", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "url": "https://typescript-eslint.io/packages/scope-manager", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + "content": "3f2b4189fd9217ef52a4450aca7627e60d511c575d254732ca71a9ced5f797f8a4eca99912fd7d5823215019075cf53d7acfd55860f7ff3837c20f74f83876ac" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138839,49 +129587,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-ini" + "value": "node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "credential-provider-process", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "name": "types", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/types@7.7.1", + "description": "Types for the TypeScript-ESTree AST spec", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "purl": "pkg:npm/%40typescript-eslint/types@7.7.1#packages/types", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "url": "https://typescript-eslint.io", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + "content": "0263e69c65b564b4e959afbfda898facf7d1ec171b514e2885ae5521b49b4b56b54eff7ae9b925bcb357c69de6adb73e3f68f830d3937c37df36c938a3473aff" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138890,49 +129641,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-process" + "value": "node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "credential-provider-sso", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/visitor-keys@7.7.1", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.7.1#packages/visitor-keys", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "url": "https://typescript-eslint.io", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + "content": "8012f712adb9b800f0d4b43d915a5fde144cf835b3b34b999271d82b786ae237133ea5420a51c60e707a514515d9215e05e0382961d66db2ea99b19c6781586f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138941,49 +129695,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-sso" + "value": "node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "credential-provider-web-identity", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/typescript-estree@7.7.1", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.7.1#packages/typescript-estree", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "url": "https://typescript-eslint.io/packages/typescript-estree", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + "content": "0977b4247097aeef056b7e9db5e5ea987d98c6780a2639102e3c73a23e8b630cd9eea66f82c2d273e7aa22d0aba88a29f1597650aa008b44ad556bbdec541921" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -138992,49 +129749,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-web-identity" + "value": "node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "client-sso", - "group": "@aws-sdk", - "version": "3.590.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "name": "ts-api-utils", + "version": "1.3.0", + "bom-ref": "ts-api-utils@1.3.0", + "author": "JoshuaKGoldberg", + "description": "Utility functions for working with TypeScript's API. Successor to the wonderful tsutils. 🛠️️", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "purl": "pkg:npm/ts-api-utils@1.3.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "url": "git+https://github.com/JoshuaKGoldberg/ts-api-utils.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "url": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + "content": "510308a3ba5bf1646898a475ffe30554b4eba08bc356d317dcae8e522afcca72f2cc1f097ab8a89edd9b4c0b6634f6b57a402037b60f0f27fa57eca0add53e79" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139043,18 +129803,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso" + "value": "node_modules/ts-api-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "token-providers", - "group": "@aws-sdk", - "version": "3.587.0", - "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", - "author": "AWS SDK for JavaScript Team", - "description": "A collection of token providers", + "name": "eslint-visitor-keys", + "version": "3.4.3", + "bom-ref": "eslint-visitor-keys@3.4.3", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", "licenses": [ { "license": { @@ -139062,30 +129825,30 @@ } } ], - "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "purl": "pkg:npm/eslint-visitor-keys@3.4.3", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "url": "https://github.com/eslint/eslint-visitor-keys#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/eslint/eslint-visitor-keys/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + "content": "c2973e2d77a2ca28acc4f944914cd4eacbf24b57eb20edcc8318f57ddcbb3e6f1883382e6b1d8ddc56bf0ff6a0d56a9b3a9add23eb98eb031497cfdad86fa26a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139094,17 +129857,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/token-providers" + "value": "node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "axios", - "version": "0.21.4", - "bom-ref": "@mitre/emass_client@3.10.0|axios@0.21.4", - "author": "Matt Zabriskie", - "description": "Promise based HTTP client for the browser and node.js", + "name": "eslint", + "version": "8.57.0", + "bom-ref": "eslint@8.57.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", "licenses": [ { "license": { @@ -139112,30 +129879,30 @@ } } ], - "purl": "pkg:npm/axios@0.21.4", + "purl": "pkg:npm/eslint@8.57.0", "externalReferences": [ { - "url": "git+https://github.com/axios/axios.git", + "url": "git+https://github.com/eslint/eslint.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://axios-http.com", + "url": "https://eslint.org", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/axios/axios/issues", + "url": "https://github.com/eslint/eslint/issues/", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", + "url": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bade6f7b0922bbc8e318176aa4ce385f18ee0a3abd2c029e1d59a855f1d5cf2f1e1e0c71abc49b01540da2f0c0f26562d3990fd046bf9ff5337121dc4c941f36" + "content": "759ebe99ec6769321b481656828bb9d54e8e9b322160cd9570d76d893b48eea3cd666df9024a6bd1feafb70df0d4a9a7e4f628fad6557e1d775ab8694baa0ba9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139144,66 +129911,239 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/emass_client/node_modules/axios" - } - ] - }, - { - "type": "library", - "name": "chalk", - "version": "1.1.3", - "bom-ref": "log-symbols@1.0.2|chalk@1.1.3", - "description": "Terminal string styling done right. Much color.", - "licenses": [ + "value": "node_modules/eslint" + }, { - "license": { - "id": "MIT" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/chalk@1.1.3", - "externalReferences": [ + "components": [ { - "url": "git+https://github.com/chalk/chalk.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint@8.57.0|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/chalk/chalk#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint@8.57.0|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/chalk/chalk/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint@8.57.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint@8.57.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, { - "alg": "SHA-512", - "content": "53795154b31296c09f8ea60f6cbc95bf5d4cf423d6e08ef6f1de9308a300389b9e11e07dffca3e792b0c9f13c90fe43e2bdd3db1d11283b0beb489281faa27d4" + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols/node_modules/chalk" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "ansi-styles", - "version": "2.2.1", - "bom-ref": "log-symbols@1.0.2|ansi-styles@2.2.1", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", + "name": "type-utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0", + "description": "Type utilities for working with TypeScript + ESLint together", "licenses": [ { "license": { @@ -139211,30 +130151,30 @@ } } ], - "purl": "pkg:npm/ansi-styles@2.2.1", + "purl": "pkg:npm/%40typescript-eslint/type-utils@7.12.0#packages/type-utils", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-styles.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/type-utils", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/chalk/ansi-styles#readme", + "url": "https://typescript-eslint.io", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-styles/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "92609ebc582146258cec7079cd33d42e5e2bf5b5454968f3eb6321aa2cc3194aead8d5ae34c432bafe2d1c7a0a247b3af4cfcc17ae2511c1dd608a1cadd59060" + "content": "9626fdeadc91b4c84bc706ae0d6529fee5b714c84b03a0f4ac9f13ec7987ef1db71a4d46c30bbc519f7834c5c1bce10b9fa7e548f881ac22a57a19225f26aac0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139243,117 +130183,185 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols/node_modules/ansi-styles" - } - ] - }, - { - "type": "library", - "name": "escape-string-regexp", - "version": "1.0.5", - "bom-ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", - "licenses": [ + "value": "node_modules/@typescript-eslint/type-utils" + }, { - "license": { - "id": "MIT" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/escape-string-regexp@1.0.5", - "externalReferences": [ - { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "components": [ { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ { - "alg": "SHA-512", - "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + "license": { + "id": "BSD-2-Clause" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols/node_modules/escape-string-regexp" - } - ] - }, - { - "type": "library", - "name": "strip-ansi", - "version": "3.0.1", - "bom-ref": "log-symbols@1.0.2|strip-ansi@3.0.1", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/strip-ansi@3.0.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/strip-ansi.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/strip-ansi#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/chalk/strip-ansi/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ { - "alg": "SHA-512", - "content": "561ba64926c1a834cff29d992ca8f8d148c1095e3ebfc6d4484a546f82a34605a4f696ea185e111058fa2846a089d6f67ff33a0330b41261720cd19ac3d382ce" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols/node_modules/strip-ansi" + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "ansi-regex", - "version": "2.1.1", - "bom-ref": "log-symbols@1.0.2|ansi-regex@2.1.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", + "name": "utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0", + "description": "Utilities for working with TypeScript + ESLint together", "licenses": [ { "license": { @@ -139361,30 +130369,30 @@ } } ], - "purl": "pkg:npm/ansi-regex@2.1.1", + "purl": "pkg:npm/%40typescript-eslint/utils@7.12.0#packages/utils", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-regex.git", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/utils", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/chalk/ansi-regex#readme", + "url": "https://typescript-eslint.io/packages/utils", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-regex/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + "content": "63a861c31c03c78d473698ee62cc18a7a8036e4899f078a7f417f9689427d5ba53b3769f618e065fe30f63199af23b68215d864704ccfd4266ff6b86095bfe0d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139393,67 +130401,240 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols/node_modules/ansi-regex" - } - ] - }, - { - "type": "library", - "name": "supports-color", - "version": "2.0.0", - "bom-ref": "log-symbols@1.0.2|supports-color@2.0.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ + "value": "node_modules/@typescript-eslint/utils" + }, { - "license": { - "id": "MIT" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/supports-color@2.0.0", - "externalReferences": [ + "components": [ { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ { - "alg": "SHA-512", - "content": "28a355b5dea909880f20a538729dbbdf71d6602a6995085d7592c152bc9a007a2eef6df1f854734390dff36e058fe232cae8904d1a2e6f84a72057c872ba7bd2" + "license": { + "id": "BSD-2-Clause" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/log-symbols/node_modules/supports-color" + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "ansi-regex", - "version": "2.1.1", - "bom-ref": "has-ansi@2.0.0|ansi-regex@2.1.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", + "name": "eslint-utils", + "group": "@eslint-community", + "version": "4.4.0", + "bom-ref": "@eslint-community/eslint-utils@4.4.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", "licenses": [ { "license": { @@ -139461,30 +130642,30 @@ } } ], - "purl": "pkg:npm/ansi-regex@2.1.1", + "purl": "pkg:npm/%40eslint-community/eslint-utils@4.4.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-regex.git", + "url": "git+https://github.com/eslint-community/eslint-utils.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/ansi-regex#readme", + "url": "https://github.com/eslint-community/eslint-utils#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-regex/issues", + "url": "https://github.com/eslint-community/eslint-utils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "url": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + "content": "d7fb00e1dc2bcc1032794a10ea8c5a8472a6ad9bec9cb0a0e117f15b76451869909123503c534b57d09410540fd71f446171d3a39a7ac5d85933535ef69fc07c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139493,48 +130674,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/has-ansi/node_modules/ansi-regex" + "value": "node_modules/@eslint-community/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "glob-parent", - "version": "5.1.2", - "bom-ref": "chokidar@3.5.3|glob-parent@5.1.2", - "author": "Gulp Team", - "description": "Extract the non-magic parent path from a glob string.", + "name": "graphemer", + "version": "1.4.0", + "bom-ref": "graphemer@1.4.0", + "author": "Matt Davies", + "description": "A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/glob-parent@5.1.2", + "purl": "pkg:npm/graphemer@1.4.0", "externalReferences": [ { - "url": "git+https://github.com/gulpjs/glob-parent.git", + "url": "git+https://github.com/flmnt/graphemer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/gulpjs/glob-parent#readme", + "url": "https://github.com/flmnt/graphemer", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/gulpjs/glob-parent/issues", + "url": "https://github.com/flmnt/graphemer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "url": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + "content": "12d2b0a0eea4c422fd58ee718a98874d9952cc19bb58b4fadbb4ea0bfb9545dd072a6abc357c9e6e7358c43a018bbc2df1e4d6ad4aca5c2395685abdc759206a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139543,17 +130728,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/chokidar/node_modules/glob-parent" + "value": "node_modules/graphemer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "glob-parent", - "version": "5.1.2", - "bom-ref": "fast-glob@3.3.2|glob-parent@5.1.2", - "author": "Gulp Team", - "description": "Extract the non-magic parent path from a glob string.", + "name": "accurate-search", + "version": "1.2.15", + "bom-ref": "accurate-search@1.2.15", + "author": "Florin Mirel Dumitrescu", + "description": "The fastest and most accurate javascript full-text search library. Accurate search uses match distance algorithm to return the accurate order of the matching items.", "licenses": [ { "license": { @@ -139561,30 +130750,30 @@ } } ], - "purl": "pkg:npm/glob-parent@5.1.2", + "purl": "pkg:npm/accurate-search@1.2.15", "externalReferences": [ { - "url": "git+https://github.com/gulpjs/glob-parent.git", + "url": "git+https://github.com/florind9/accurate-search.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/gulpjs/glob-parent#readme", + "url": "https://accuratesearch.org", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/gulpjs/glob-parent/issues", + "url": "https://github.com/florind9/accurate-search/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "url": "https://registry.npmjs.org/accurate-search/-/accurate-search-1.2.15.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + "content": "2356977547875158d69468d26c177c35a304fc2414f78d87dad1cc12e6797adff16f9da60e18a421e6c08bdb9f12801ef25c331eb6c29784797ae099f0aff07c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139593,17 +130782,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/fast-glob/node_modules/glob-parent" + "value": "node_modules/accurate-search" } ] }, { "type": "library", - "name": "lilconfig", - "version": "3.1.1", - "bom-ref": "postcss-load-config@4.0.2|lilconfig@3.1.1", - "author": "antonk52", - "description": "A zero-dependency alternative to cosmiconfig", + "name": "ajv", + "version": "8.16.0", + "bom-ref": "ajv@8.16.0", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", "licenses": [ { "license": { @@ -139611,30 +130800,30 @@ } } ], - "purl": "pkg:npm/lilconfig@3.1.1", + "purl": "pkg:npm/ajv@8.16.0", "externalReferences": [ { - "url": "git+https://github.com/antonk52/lilconfig.git", + "url": "git+https://github.com/ajv-validator/ajv.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/antonk52/lilconfig#readme", + "url": "https://ajv.js.org", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/antonk52/lilconfig/issues", + "url": "https://github.com/ajv-validator/ajv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", + "url": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3b5f297fb9f2bc74dc92e9cf5825755d4357535a62bb4d72d9bec04c9d29a6452493ca1ca95581ad88c9042c070e30ff65671fcab0343f880a8735868b910835" + "content": "174b7047c535654ebb24812d7a451c2e45e4a0ee6630c9a0183f2c2bfc5417327cd398f11d097dda1226140aaa5ccc8c62348f3b250f0301d8841ef6839b135f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139643,17 +130832,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/postcss-load-config/node_modules/lilconfig" + "value": "node_modules/ajv" } ] }, { "type": "library", - "name": "arg", - "version": "4.1.3", - "bom-ref": "ts-node@10.9.2|arg@4.1.3", - "author": "Josh Junon", - "description": "Another simple argument parser", + "name": "fast-deep-equal", + "version": "3.1.3", + "bom-ref": "fast-deep-equal@3.1.3", + "author": "Evgeny Poberezkin", + "description": "Fast deep equal", "licenses": [ { "license": { @@ -139661,30 +130850,30 @@ } } ], - "purl": "pkg:npm/arg@4.1.3", + "purl": "pkg:npm/fast-deep-equal@3.1.3", "externalReferences": [ { - "url": "git+https://github.com/zeit/arg.git", + "url": "git+https://github.com/epoberezkin/fast-deep-equal.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/zeit/arg#readme", + "url": "https://github.com/epoberezkin/fast-deep-equal#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zeit/arg/issues", + "url": "https://github.com/epoberezkin/fast-deep-equal/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "url": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e7c4bd403a86d17c76ed8c0f4adf5f2718af8d8978df6602c1f0cc7d9fbbd5102a52b65e7fb2eb2906772c72cec024b814b341a653f9df7671f3de5278e087bc" + "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139693,17 +130882,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ts-node/node_modules/arg" + "value": "node_modules/fast-deep-equal" } ] }, { "type": "library", - "name": "commander", - "version": "4.1.1", - "bom-ref": "sucrase@3.35.0|commander@4.1.1", - "author": "TJ Holowaychuk", - "description": "the complete solution for node.js command-line programs", + "name": "json-schema-traverse", + "version": "1.0.0", + "bom-ref": "json-schema-traverse@1.0.0", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", "licenses": [ { "license": { @@ -139711,30 +130900,30 @@ } } ], - "purl": "pkg:npm/commander@4.1.1", + "purl": "pkg:npm/json-schema-traverse@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/tj/commander.js.git", + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tj/commander.js#readme", + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tj/commander.js/issues", + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "34e2a6f31864cc08f3171f01dafe4e0074febb9a5141cd9409ad95abd8d82ffdf5a36c22f66c4103b2c816cdec5795520b8f73ea91217db3142ef4a12a3dba58" + "content": "34cf3f3fd9f75e35e12199f594b86415a0024ce5114178d6855e0103f4673aff31be0aadaa9017f483b89914314b1d51968e2dab37aa6f4b0e96bb9a3b2dddba" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139743,48 +130932,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sucrase/node_modules/commander" + "value": "node_modules/json-schema-traverse" } ] }, { "type": "library", - "name": "glob", - "version": "10.3.12", - "bom-ref": "sucrase@3.35.0|glob@10.3.12", - "author": "Isaac Z. Schlueter", - "description": "the most correct and second fastest glob implementation in JavaScript", + "name": "require-from-string", + "version": "2.0.2", + "bom-ref": "require-from-string@2.0.2", + "author": "Vsevolod Strukchinsky", + "description": "Require module from string", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/glob@10.3.12", + "purl": "pkg:npm/require-from-string@2.0.2", "externalReferences": [ { - "url": "git://github.com/isaacs/node-glob.git", + "url": "git+https://github.com/floatdrop/require-from-string.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-glob#readme", + "url": "https://github.com/floatdrop/require-from-string#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-glob/issues", + "url": "https://github.com/floatdrop/require-from-string/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "url": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + "content": "5dfd2759ee91b1ece214cbbe029f5b8a251b9a996ae92f7fa7eef0ed85cffc904786b5030d48706bebc0372b9bbaa7d9593bde53ffc36151ac0c6ed128bfef13" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139793,48 +130982,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sucrase/node_modules/glob" + "value": "node_modules/require-from-string" } ] }, { "type": "library", - "name": "minipass", - "version": "7.0.4", - "bom-ref": "sucrase@3.35.0|minipass@7.0.4", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", + "name": "uri-js", + "version": "4.4.1", + "bom-ref": "uri-js@4.4.1", + "author": "Gary Court", + "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/minipass@7.0.4", + "purl": "pkg:npm/uri-js@4.4.1", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass.git", + "url": "git+ssh://git@github.com/garycourt/uri-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minipass#readme", + "url": "https://github.com/garycourt/uri-js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass/issues", + "url": "https://github.com/garycourt/uri-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "url": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + "content": "eeb294cb2df7435c9cf7ca50d430262edc17d74f45ed321f5a55b561da3c5a5d628b549e1e279e8741c77cf78bd9f3172bacf4b3c79c2acf5fac2b8b26f9dd06" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139843,48 +131032,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sucrase/node_modules/minipass" + "value": "node_modules/uri-js" } ] }, { "type": "library", - "name": "signal-exit", - "version": "4.1.0", - "bom-ref": "foreground-child@3.1.1|signal-exit@4.1.0", - "author": "Ben Coe", - "description": "when you want to fire an event no matter how a process exits.", + "name": "punycode", + "version": "2.3.1", + "bom-ref": "punycode@2.3.1", + "author": "Mathias Bynens", + "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/signal-exit@4.1.0", + "purl": "pkg:npm/punycode@2.3.1", "externalReferences": [ { - "url": "git+https://github.com/tapjs/signal-exit.git", + "url": "git+https://github.com/mathiasbynens/punycode.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tapjs/signal-exit#readme", + "url": "https://mths.be/punycode", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tapjs/signal-exit/issues", + "url": "https://github.com/mathiasbynens/punycode.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139893,17 +131082,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/foreground-child/node_modules/signal-exit" + "value": "node_modules/punycode" } ] }, { "type": "library", - "name": "string-width", - "version": "5.1.2", - "bom-ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", - "author": "Sindre Sorhus", - "description": "Get the visual width of a string - the number of columns required to display it", + "name": "form-data", + "version": "4.0.0", + "bom-ref": "form-data@4.0.0", + "author": "Felix Geisendörfer", + "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.", "licenses": [ { "license": { @@ -139911,30 +131100,30 @@ } } ], - "purl": "pkg:npm/string-width@5.1.2", + "purl": "pkg:npm/form-data@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/string-width.git", + "url": "git://github.com/form-data/form-data.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/string-width#readme", + "url": "https://github.com/form-data/form-data#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/string-width/issues", + "url": "https://github.com/form-data/form-data/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "url": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1e72ce091def8dc63c6dea0d2ed723679fe7c67d9a7e6304ea586b0eb79ba24a8c6a9f976de5bc9fd4d7a4f0cea9d18ae6a708de84f418a4d6eb00bb10c895a8" + "content": "1131249521a2e6dd10319ba25e803f43abdc9f170b40fe6f76e812a6e0328ba4951a2d9c94f3e9fb180486e31a1c2fb31a09f7d4a776df95b7e5fec7ca491ac3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139943,17 +131132,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui/node_modules/string-width" + "value": "node_modules/form-data" } ] }, { "type": "library", - "name": "emoji-regex", - "version": "9.2.2", - "bom-ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", - "author": "Mathias Bynens", - "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "name": "proxy-from-env", + "version": "1.1.0", + "bom-ref": "proxy-from-env@1.1.0", + "author": "Rob Wu", + "description": "Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.", "licenses": [ { "license": { @@ -139961,30 +131150,30 @@ } } ], - "purl": "pkg:npm/emoji-regex@9.2.2", + "purl": "pkg:npm/proxy-from-env@1.1.0", "externalReferences": [ { - "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "url": "git+https://github.com/Rob--W/proxy-from-env.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://mths.be/emoji-regex", + "url": "https://github.com/Rob--W/proxy-from-env#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "url": "https://github.com/Rob--W/proxy-from-env/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "url": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2f5f03689b17494936fb8da9bfc98bb398c94f686a164144e23db5c0e9a06d4aac67684bef636c514efce60f515e0a37b3464d815978d93887a7766d3affd5ca" + "content": "0fece439109b03d7f5b5d5912b445a091dc63efe7470cc5caf3e17f24e4b4d2503d43930e3b98a24465036e9c8b514e45b082d6944a8d515454481bd65788562" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -139993,17 +131182,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui/node_modules/emoji-regex" + "value": "node_modules/proxy-from-env" } ] }, { "type": "library", - "name": "strip-ansi", - "version": "7.1.0", - "bom-ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", + "name": "assertion-error", + "version": "1.1.0", + "bom-ref": "assertion-error@1.1.0", + "author": "Jake Luer", + "description": "Error constructor for test and validation frameworks that implements standardized AssertionError specification.", "licenses": [ { "license": { @@ -140011,30 +131200,30 @@ } } ], - "purl": "pkg:npm/strip-ansi@7.1.0", + "purl": "pkg:npm/assertion-error@1.1.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/strip-ansi.git", + "url": "git+ssh://git@github.com/chaijs/assertion-error.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/strip-ansi#readme", + "url": "https://github.com/chaijs/assertion-error#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/strip-ansi/issues", + "url": "https://github.com/chaijs/assertion-error/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "url": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8aae9e55523ae274104d162ad8ab44836776b94ecb125853270b07e18cc81d9b21c658199acff021ce15a03413946fc8bd522b04a1b4e82ad99e9d2abfb86471" + "content": "8e0b1a35dbb3fa776f1b216ddee4ae5aabf2e250a72098a8beda2e40de4964738a092d90ba111d6dc407161564b33d8dd94f615c9a3ca1d1bb113c969447ae0f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -140043,17 +131232,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui/node_modules/strip-ansi" + "value": "node_modules/assertion-error" } ] }, { "type": "library", - "name": "ansi-regex", - "version": "6.0.1", - "bom-ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", + "name": "check-error", + "version": "1.0.3", + "bom-ref": "check-error@1.0.3", + "author": "Jake Luer", + "description": "Error comparison and information related utility for node and the browser", "licenses": [ { "license": { @@ -140061,30 +131250,30 @@ } } ], - "purl": "pkg:npm/ansi-regex@6.0.1", + "purl": "pkg:npm/check-error@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-regex.git", + "url": "git+ssh://git@github.com/chaijs/check-error.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/ansi-regex#readme", + "url": "https://github.com/chaijs/check-error#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-regex/issues", + "url": "https://github.com/chaijs/check-error/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "url": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9f933ce797ca6f64ac7cc222145a15ac0047242f10b47c15c7e98758fdd0704a811d889e9e3e5d1d28236f1b42d161195d8b78c1c0faceb4049433e116e6607c" + "content": "88a1280d869199dd66c4cf746b63847d6863b233e960fb90fa5318b28c41d76ebeb7c7f0ef24843b8f2798383908e4e3c4323ae7f636396a5e10793764e7bcce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -140093,17 +131282,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui/node_modules/ansi-regex" + "value": "node_modules/check-error" } ] }, { "type": "library", - "name": "wrap-ansi", - "version": "8.1.0", - "bom-ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", - "author": "Sindre Sorhus", - "description": "Wordwrap a string with ANSI escape codes", + "name": "get-func-name", + "version": "2.0.2", + "bom-ref": "get-func-name@2.0.2", + "author": "Jake Luer", + "description": "Utility for getting a function's name for node and the browser", "licenses": [ { "license": { @@ -140111,30 +131300,30 @@ } } ], - "purl": "pkg:npm/wrap-ansi@8.1.0", + "purl": "pkg:npm/get-func-name@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/chalk/wrap-ansi.git", + "url": "git+ssh://git@github.com/chaijs/get-func-name.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/wrap-ansi#readme", + "url": "https://github.com/chaijs/get-func-name#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/wrap-ansi/issues", + "url": "https://github.com/chaijs/get-func-name/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "url": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b22ed0588eb350cab9e9b11216f6a0b66ccc7463ada317d1f927b3d753286df73bb66f9591472493d6d6d9479f7d319551b3a4b31992c34000da0b3c83bd4d09" + "content": "f2f5cebee135ebb0ad21cdcec88b5ca3b37f76946d05b60eb0fb170b3ed7fcf3279468d88d21ae64980cd58ee699ec3b04a7fd06abcb5f6b67395cb504152cc5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -140143,17 +131332,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui/node_modules/wrap-ansi" + "value": "node_modules/get-func-name" } ] }, { "type": "library", - "name": "ansi-styles", - "version": "6.2.1", - "bom-ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", + "name": "deep-eql", + "version": "4.1.3", + "bom-ref": "deep-eql@4.1.3", + "author": "Jake Luer", + "description": "Improved deep equality testing for Node.js and the browser.", "licenses": [ { "license": { @@ -140161,30 +131350,30 @@ } } ], - "purl": "pkg:npm/ansi-styles@6.2.1", + "purl": "pkg:npm/deep-eql@4.1.3", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-styles.git", + "url": "git+ssh://git@github.com/chaijs/deep-eql.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/ansi-styles#readme", + "url": "https://github.com/chaijs/deep-eql#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-styles/issues", + "url": "https://github.com/chaijs/deep-eql/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "url": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6cdefdf2015f417faf8b0dd1ef2ac6591aa7acdda84641245238e5e09367e04f06c716e3b46dc56eb108218de5f3f86bc14c0878266f8b842e3933f8304ad5ba" + "content": "59a12d00ea51035310d1ea21a998e9183f33748d0ebec9bc9a616168337c76f0d9cf2a1431c6039dfe58ea2bbb1d35f17fc2434b6dea59ae1afa12820f238fcf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -140193,48 +131382,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@isaacs/cliui/node_modules/ansi-styles" + "value": "node_modules/deep-eql" } ] }, { "type": "library", - "name": "lru-cache", - "version": "10.2.0", - "bom-ref": "path-scurry@1.10.2|lru-cache@10.2.0", - "author": "Isaac Z. Schlueter", - "description": "A cache object that deletes the least-recently-used items.", + "name": "loupe", + "version": "2.3.7", + "bom-ref": "loupe@2.3.7", + "author": "Veselin Todorov", + "description": "Inspect utility for Node.js and browsers", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/lru-cache@10.2.0", + "purl": "pkg:npm/loupe@2.3.7", "externalReferences": [ { - "url": "git://github.com/isaacs/node-lru-cache.git", + "url": "git+https://github.com/chaijs/loupe.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-lru-cache#readme", + "url": "https://github.com/chaijs/loupe", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-lru-cache/issues", + "url": "https://github.com/chaijs/loupe/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "url": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d9b20cf31f9501fe894f86ca0258d2d6a51680cb2a6513c6252e8549a84830f56f72d70d872569ec026eeeabb1396f63c24af205178a658e6d639258bf69ffed" + "content": "cd230834655891da5848e0662e2d03d54a3b254f6755d40aac7c42f1e62557ef5828af5678fa8094bee54a5a2b1bf536170d70d214c199a6bf8eb43751b3c7b4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -140243,48 +131432,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/path-scurry/node_modules/lru-cache" + "value": "node_modules/loupe" } ] }, { "type": "library", - "name": "minipass", - "version": "7.0.4", - "bom-ref": "path-scurry@1.10.2|minipass@7.0.4", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", + "name": "pathval", + "version": "1.1.1", + "bom-ref": "pathval@1.1.1", + "author": "Veselin Todorov", + "description": "Object value retrieval given a string path", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minipass@7.0.4", + "purl": "pkg:npm/pathval@1.1.1", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass.git", + "url": "git+ssh://git@github.com/chaijs/pathval.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minipass#readme", + "url": "https://github.com/chaijs/pathval", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass/issues", + "url": "https://github.com/chaijs/pathval/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "url": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + "content": "0e9eb31aaa537444dd47ade57a12583de20eaa988d04db5cec1a5648bace8deed4688b04e5a63ddabfc0ba7400eebb17bdeb7796b277267657dbd50f4ca5f229" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -140293,16 +131482,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/path-scurry/node_modules/minipass" + "value": "node_modules/pathval" } ] }, { "type": "library", - "name": "tailwindcss", - "version": "3.3.0", - "bom-ref": "tw-elements@1.1.0|tailwindcss@3.3.0", - "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "name": "colors", + "version": "1.4.0", + "bom-ref": "colors@1.4.0", + "author": "Marak Squires", + "description": "get colors in your node.js console", "licenses": [ { "license": { @@ -140310,30 +131500,30 @@ } } ], - "purl": "pkg:npm/tailwindcss@3.3.0", + "purl": "pkg:npm/colors@1.4.0", "externalReferences": [ { - "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "url": "git+ssh://git@github.com/Marak/colors.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://tailwindcss.com", + "url": "https://github.com/Marak/colors.js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "url": "https://github.com/Marak/colors.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.0.tgz", + "url": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "84e5e5171f98724949f245e20807e4fc5332af83e6f5c938efb1b49bfbacdb7e3856e8f7e79229a040c1e5498602c4a94c19abfb86618f35b4e09b855e46ff7f" + "content": "6be52a4e1e2481983f4a51af7dbcc31e9811bbb00040e9a6a911c99f185164808a1544fdd5bad584d36de7c08c594f4fb016efdcf0c26541db571b83887da6b4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -140342,17 +131532,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tw-elements/node_modules/tailwindcss" + "value": "node_modules/colors" } ] }, { "type": "library", - "name": "postcss-import", - "version": "14.1.0", - "bom-ref": "tw-elements@1.1.0|postcss-import@14.1.0", - "author": "Maxime Thirouin", - "description": "PostCSS plugin to import CSS files", + "name": "csv-parse", + "version": "4.16.3", + "bom-ref": "csv-parse@4.16.3", + "author": "David Worms", + "description": "CSV parsing implementing the Node.js `stream.Transform` API", "licenses": [ { "license": { @@ -140360,30 +131550,30 @@ } } ], - "purl": "pkg:npm/postcss-import@14.1.0", + "purl": "pkg:npm/csv-parse@4.16.3", "externalReferences": [ { - "url": "git+https://github.com/postcss/postcss-import.git", + "url": "git+https://github.com/wdavidw/node-csv-parse.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/postcss/postcss-import#readme", + "url": "https://csv.js.org/parse/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/postcss/postcss-import/issues", + "url": "https://github.com/wdavidw/node-csv-parse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz", + "url": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.16.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7e5c08f95826e1212539b1553e94c84fb494ed1dea9362fb3f276e31ca2489a54ab96bfd77f53e1a6fd001df0d0cbbb291359391cae339e0f63e9d6b31e0531b" + "content": "70ed48ff39b3e30d9d70a1d5be90abec9551bbcfc5ca61b9384a66bec65895c718a253c12e85462941e03687386469057859561840e633204cf934ea45d5bfc2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -140392,48 +131582,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tw-elements/node_modules/postcss-import" + "value": "node_modules/csv-parse" } ] }, { "type": "library", - "name": "postcss-load-config", - "version": "3.1.4", - "bom-ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", - "author": "Michael Ciniawky", - "description": "Autoload Config for PostCSS", + "name": "dotenv", + "version": "16.4.5", + "bom-ref": "dotenv@16.4.5", + "description": "Loads environment variables from .env file", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/postcss-load-config@3.1.4", + "purl": "pkg:npm/dotenv@16.4.5", "externalReferences": [ { - "url": "git+https://github.com/postcss/postcss-load-config.git", + "url": "git://github.com/motdotla/dotenv.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/postcss/postcss-load-config#readme", + "url": "https://github.com/motdotla/dotenv#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/postcss/postcss-load-config/issues", + "url": "https://github.com/motdotla/dotenv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", + "url": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e8388ce04eefe1ca13138bb303c53ffd686d3f0ca18a29b77b28c43050a7529cdbae42bdc091e02834f6991f876ed4ab77f36e6d56984cea52a63525f0d41e46" + "content": "66674bdabba2f9e07663086c5b38c89d1f0b95db591c60e8435ba01fce69a472b0a541cbee3eeb3744e2f4d0a71a241b85a675d45a51fbb6a8d5d36c99db8d52" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -140442,48 +131631,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tw-elements/node_modules/postcss-load-config" + "value": "node_modules/dotenv" } ] }, { "type": "library", - "name": "yaml", - "version": "1.10.2", - "bom-ref": "tw-elements@1.1.0|yaml@1.10.2", - "author": "Eemeli Aro", - "description": "JavaScript parser and stringifier for YAML", + "name": "eslint-config-oclif-typescript", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3", + "author": "oclif", + "description": "eslint config for Typscript'd oclif", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/yaml@1.10.2", + "purl": "pkg:npm/eslint-config-oclif-typescript@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/eemeli/yaml.git", + "url": "git+https://github.com/oclif/eslint-config-oclif-typescript.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://eemeli.org/yaml/v1/", + "url": "https://github.com/oclif/eslint-config-oclif-typescript", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eemeli/yaml/issues", + "url": "https://github.com/oclif/eslint-config-oclif-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "url": "https://registry.npmjs.org/eslint-config-oclif-typescript/-/eslint-config-oclif-typescript-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + "content": "4de24a5d6050dee28cb73833fbe505356a5ed560b1f267ea46ecd9cb52e2ad112046556feb9e929151b880d65ab79ad13484207c39934be61e6f12b4da47f294" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -140492,857 +131681,1705 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tw-elements/node_modules/yaml" - } - ] - }, - { - "type": "library", - "name": "postcss-nested", - "version": "6.0.0", - "bom-ref": "tw-elements@1.1.0|postcss-nested@6.0.0", - "author": "Andrey Sitnik", - "description": "PostCSS plugin to unwrap nested rules like how Sass does it", - "licenses": [ + "value": "node_modules/eslint-config-oclif-typescript" + }, { - "license": { - "id": "MIT" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/postcss-nested@6.0.0", - "externalReferences": [ + "components": [ { - "url": "git+https://github.com/postcss/postcss-nested.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@4.33.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68836203119574e975789c958da5a7fd871502ae068bf628df9a871829ea6d6573eb5837f43d21db7bde63f300d2b14519fc4aed3c92836bb00de36ff89815a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/postcss/postcss-nested#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@4.33.0#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66885db1b5da76318148ad3fafe77ced7d120662b33aae3f4b99f32ba481809b29168f7f0940c9ee18dacaecdef892bb09940b0ccae8ab2b69ee939c14a4f164" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/postcss/postcss-nested/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "7.32.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@7.32.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54767c817f840dfcfef7b8c6720c860b24626bf74f39de9787dc8fbfc065d7e4a8688c03f9afef96b3a6191532398bbb33052173b0b1a9e683654d774b8f84a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.12.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "author": "Sebastian McKenzie", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.12.11#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babeljs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66dd72a1d071d5473289e3cc4a45a753884faa1c2aee11a2da714bd4b780dc4525faad8b431d7a3084a0274fb3edd9e682f3fd42d2257ae11318e88e1f545c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@babel/code-frame" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "0.4.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ { - "alg": "SHA-512", - "content": "d0391a9aaacf7269010ec2e7faf40322bb6449b364bf9003fccdf6db24a8f64a85902218925ca6db11265a4c28f98dffa99a37e2dcc43cd530e32ef230276fe7" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/tw-elements/node_modules/postcss-nested" - } - ] - }, - { - "type": "library", - "name": "debug", - "version": "2.6.9", - "bom-ref": "express@4.19.2|debug@2.6.9", - "author": "TJ Holowaychuk", - "description": "small debugging utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/debug@2.6.9", - "externalReferences": [ - { - "url": "git://github.com/visionmedia/debug.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/visionmedia/debug#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/visionmedia/debug/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/%40eslint/eslintrc@0.4.3", + "externalReferences": [ { - "alg": "SHA-512", - "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27a285173e50098509ab7a5fd268c47022551116f3bfbd4f5080dccee87d264c0613371e77a08ee400cb1c1d6b6dfffea0f06da0f7cc60d3a9183cc200d95b5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/express/node_modules/debug" - } - ] - }, - { - "type": "library", - "name": "ms", - "version": "2.0.0", - "bom-ref": "express@4.19.2|ms@2.0.0", - "description": "Tiny milisecond conversion utility", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ms@2.0.0", - "externalReferences": [ - { - "url": "git+https://github.com/zeit/ms.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/zeit/ms#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/zeit/ms/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] }, { - "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ { - "alg": "SHA-512", - "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/express/node_modules/ms" - } - ] - }, - { - "type": "library", - "name": "fast-xml-parser", - "version": "3.21.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", - "author": "Amit Gupta", - "description": "Validate XML or Parse XML to JS/JSON very fast without C/C++ based libraries", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/fast-xml-parser@3.21.1", - "externalReferences": [ - { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ { - "alg": "SHA-512", - "content": "1531558d8a013994c97a4894b1ac06b12615f502f403ecc3602463ef2df820ee8983ed8831812d41af9b6e272da5da55f1d1f15f2c2a53b0b48110c4385b4116" + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/fast-xml-parser" - } - ] - }, - { - "type": "library", - "name": "htmlparser2", - "version": "7.2.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", - "author": "Felix Boehm", - "description": "Fast & forgiving HTML/XML parser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/htmlparser2@7.2.0", - "externalReferences": [ - { - "url": "git://github.com/fb55/htmlparser2.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fb55/htmlparser2#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fb55/htmlparser2/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "espree", + "version": "7.3.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ { - "alg": "SHA-512", - "content": "1fb308980e0c4ba730ee76f2511b4b3ced539acec2e47eb4d8b4444eff79cf53313bfec23fbac355139e85461e60151810e37de0d5d70c43e666eabe857e2ca2" + "license": { + "id": "BSD-2-Clause" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/htmlparser2" - } - ] - }, - { - "type": "library", - "name": "domhandler", - "version": "4.3.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", - "author": "Felix Boehm", - "description": "Handler for htmlparser2 that turns pages into a dom", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/domhandler@4.3.1", - "externalReferences": [ - { - "url": "git://github.com/fb55/domhandler.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fb55/domhandler#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fb55/domhandler/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/espree@7.3.1", + "externalReferences": [ { - "alg": "SHA-512", - "content": "1abc28c5837eb969733bcba1517465d0ffa41c4e06b553df63354b714c4f2fb28d7472a3ebabef9618b07881ea6185d6970f93f222cca78d8b9baee0870e1631" + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/eslint/espree.git", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf724234213ae2e9a41699a4146ab354ab0e4f4b4dd59afeb9ea8b65fa55d4e6fc7be08480f59af8ec42a061f7b6786298c2886819b89bfbda46927f92b473da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/domhandler" - } - ] - }, - { - "type": "library", - "name": "domutils", - "version": "2.8.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", - "author": "Felix Boehm", - "description": "Utilities for working with htmlparser2's dom", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/domutils@2.8.0", - "externalReferences": [ - { - "url": "git://github.com/fb55/domutils.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/fb55/domutils#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/fb55/domutils/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] }, { - "url": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ { - "alg": "SHA-512", - "content": "c3de828e87e9ef63392088698e0a1b06299811fa0f8f1d55c740525fd3f7d1605d656d9620a5344f505dd24cf678d67d8a48ca8076c4c8ac7c041e87d4bde1dc" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/domutils" - } - ] - }, - { - "type": "library", - "name": "dom-serializer", - "version": "1.4.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", - "author": "Felix Boehm", - "description": "render domhandler DOM nodes to a string", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/dom-serializer@1.4.1", - "externalReferences": [ - { - "url": "git://github.com/cheeriojs/dom-renderer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/cheeriojs/dom-renderer#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/cheeriojs/dom-renderer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.5.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ { - "alg": "SHA-512", - "content": "547c01dca7eb70e3a47a5106d9939fc6a2d975f92297c3ed262e0ff0dd8c317b9c66adb22e9ef90a5562525395c32a071038d8538df702afb9cd63fad7e4466a" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer" - } - ] - }, - { - "type": "library", - "name": "entities", - "version": "3.0.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1", - "author": "Felix Boehm", - "description": "Encode & decode XML and HTML entities with ease", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/entities@3.0.1", - "externalReferences": [ - { - "url": "git://github.com/fb55/entities.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "purl": "pkg:npm/%40humanwhocodes/config-array@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15a82d285cfbe17ad397bcba1c2cd0a700df5cfd328717bd9472c3d546718ef64871bc91cfccd3145ff260d7d27f3538d78783c19d52aced10bedc9ffb014c42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/fb55/entities#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "1.2.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66740c9cb5787bb843954bf0f07f94f0048bd36492d869fafbd01cdf01862c87bbfa37b601e00ec4f63e8b320f2437c50dbede0e37afd14b3c30ed6215137c84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/fb55/entities/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ { - "alg": "SHA-512", - "content": "5a2c81aa8a26af031d146d5ed24aaf01261f9e56f4969f0ce68e45c36385ab584d671c5c364f089345e6ecbc73061ba2767641fd4b41a950a0533de404e3f9d5" + "license": { + "id": "BSD-2-Clause" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/entities" - } - ] - }, - { - "type": "library", - "name": "jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", - "description": "Delightful JavaScript Testing.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest@28.1.3#packages/jest", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest/-/jest-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ { - "alg": "SHA-512", - "content": "378193e689fc5246601f43b92d46af3115751031213532f42847d198321e647495ee9d9780ba18f6df550d480bea8fb27dd8181d5c6ecfcd46f2807d546e6ec8" + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest" - } - ] - }, - { - "type": "library", - "name": "core", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", - "description": "Delightful JavaScript Testing.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/core@28.1.3#packages/jest-core", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-core", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@jest/core/-/core-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ { - "alg": "SHA-512", - "content": "088281ae568a3b303b606d7d044a82c3748b22c1308d991e2737f96dda285675b86c7e5c92da9edc95fe1b6615d5a2b9bcff0df676b5206585cd8693a7a93a34" + "license": { + "id": "BSD-2-Clause" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/core" - } - ] - }, - { - "type": "library", - "name": "console", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/console@28.1.3#packages/jest-console", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-console", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ { - "alg": "SHA-512", - "content": "40f0243f913029d2bf6f122be82d48e15b34ae6da71e200dce3fd9e57d89424ad9a3a22abc2e25759f4af79b45d0776276103c068e9e8314b35053d829c1172f" + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/console" - } - ] - }, - { - "type": "library", - "name": "types", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/types@28.1.3#packages/jest-types", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-types", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ { - "alg": "SHA-512", - "content": "4728e2c8c519acacff73ece53053b5a66ef40dc225493f007964e4a147597af7b0e38c1c359407b0454e88256d8159e51450fcd853da5f2732b39f1c7f69ae55" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/types" - } - ] - }, - { - "type": "library", - "name": "jest-message-util", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-message-util@28.1.3#packages/jest-message-util", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-message-util", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] }, { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "acorn", + "version": "7.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@7.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d0ca9d28d7f98d75b4ced4f3ba9079304ab9a0674313fe3082a4d8b06d48c6a11378765061a89b6842e0a710e2b3813570834656882a10cba4b131e6d0561f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/acorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ { - "alg": "SHA-512", - "content": "3c5767f487b06ede7be7328f7f5dbce87b7d10fa099984fb3f4918f9189b7986765ed3abe77a432c41684d65db7758782621a25a94c10bce1f73cc4c5d031bee" + "license": { + "id": "ISC" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-message-util" - } - ] - }, - { - "type": "library", - "name": "jest-util", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-util@28.1.3#packages/jest-util", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-util", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/glob-parent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/argparse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ { - "alg": "SHA-512", - "content": "5dda9fa47c29712464a3f0b7e6e2d814cd9e991025b4820a66227d7809a18ec8f40aa64c6b4a7589bd11e5f588a86867d5ad74dc379b4dba6a21a3f5a8243ab5" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-util" - } - ] - }, - { - "type": "library", - "name": "reporters", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", - "description": "Jest's reporters", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/reporters@28.1.3#packages/jest-reporters", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-reporters", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://jestjs.io/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.29.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.29.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.29.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a65195478e6ce5dc8d5a3b633fda0129a9afc61d74e5ecb17fbd07805f85be990214fb6932a98f7b16432749cd89f0eb28abebc2497098fc78c552614817f02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "eslint-config-xo", + "version": "0.38.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ { - "alg": "SHA-512", - "content": "26e032ef093141954d53f57a83dc4acc2182e4b557c7d14370004ab125e9e4c88a3c4136d78e1afef5d3103a32ce352964a7d5c29d3c5aa83903859f4cc0338e" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/reporters" - } - ] - }, - { - "type": "library", - "name": "test-result", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40jest/test-result@28.1.3#packages/jest-test-result", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-test-result", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/eslint-config-xo@0.38.0", + "externalReferences": [ { - "alg": "SHA-512", - "content": "919024c67484f85a84f188d6f2036ea159240bd23b4b5aa67a797cb0670338bae8a4048ff8191c18ac215e8caa42e18e19e618d32fe2c63addfe2111a445c736" + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.38.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b68cbf95c9f91c656f06a139aa2ec131beb5acb0179d4a8690435d6fca17e50de4f772c31d055a743a7f805628eb46ebe09a459e0f0c142f9463d2a0d11caea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-result" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "transform", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "name": "experimental-utils", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0", + "description": "(Experimental) Utilities for working with TypeScript + ESLint together", "licenses": [ { "license": { @@ -141350,30 +133387,30 @@ } } ], - "purl": "pkg:npm/%40jest/transform@28.1.3#packages/jest-transform", + "purl": "pkg:npm/%40typescript-eslint/experimental-utils@4.33.0#packages/experimental-utils", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-transform", + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/experimental-utils", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jest/transform/-/transform-28.1.3.tgz", + "url": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.33.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bb9753e5d8bea0523a85f70b38719301f994c4546b8cafaf9da3f4924568c3d31dfcced5fccc6a40c3b3fd5576e5464ef29cde03d3e37d3a4ebba043bb048f40" + "content": "cde4233a8112e491634e7021239418ed9be27333330e9b65b35e4616c23a8f250eab490e7fdf96a27921b652218744601d19ea8f981d3715b98f512f032620e9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -141382,406 +133419,399 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/transform" - } - ] - }, - { - "type": "library", - "name": "istanbul-lib-instrument", - "version": "5.2.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", - "author": "Krishnan Anantheswaran", - "description": "Core istanbul API for JS code coverage", - "licenses": [ + "value": "node_modules/@typescript-eslint/experimental-utils" + }, { - "license": { - "id": "BSD-3-Clause" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://istanbul.js.org/", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/istanbuljs/istanbuljs/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "components": [ { - "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ { - "alg": "SHA-512", - "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument" - } - ] - }, - { - "type": "library", - "name": "jest-worker", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-worker@28.1.3#packages/jest-worker", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-worker", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ { - "alg": "SHA-512", - "content": "0aa440db6d1857fea30a8f155af02dd4a2b1e9e7a4d5520730f78b11ba5c7d27e411e5b204da69ca733fa3aabe5a6c3eb0e868b369a5df8c196d25f71b5dfffe" + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-worker" - } - ] - }, - { - "type": "library", - "name": "convert-source-map", - "version": "1.9.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", - "author": "Thorsten Lorenz", - "description": "Converts a source-map from/to different formats and allows adding/changing properties.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/convert-source-map@1.9.0", - "externalReferences": [ - { - "url": "git://github.com/thlorenz/convert-source-map.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/thlorenz/convert-source-map", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/thlorenz/convert-source-map/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ { - "alg": "SHA-512", - "content": "012141ba9d0ccf5bb28888c035a9f58f32d06a68bdcf53e86126428a2616d857333db7a75dce3915974164bcce4feafafa2722b8432876d982b62fa18da024d0" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/convert-source-map" - } - ] - }, - { - "type": "library", - "name": "jest-haste-map", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-haste-map@28.1.3#packages/jest-haste-map", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-haste-map", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ { - "alg": "SHA-512", - "content": "dd2f914160d771c5c32925a79076bf74fc2dfb6ab003c089cd1eb5c37168602be8a373e7f2dbc6732b26305d018f4117e5162f008d8422f0b9ece9a8b5f76d28" + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-haste-map" - } - ] - }, - { - "type": "library", - "name": "jest-regex-util", - "version": "28.0.2", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-regex-util@28.0.2#packages/jest-regex-util", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-regex-util", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ { - "alg": "SHA-512", - "content": "e2cd08832348cb4cbd14af9c8e8558a316a64fb65ea3b321cea446c7b6036266909f5c2e718f6ba2d886901cf370c5d3b63ac200ffdfedff84d05efe7f13cd77" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-regex-util" - } - ] - }, - { - "type": "library", - "name": "ci-info", - "version": "3.9.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ci-info@3.9.0", - "externalReferences": [ - { - "url": "git+https://github.com/watson/ci-info.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/watson/ci-info", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/watson/ci-info/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ { - "alg": "SHA-512", - "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/ci-info" - } - ] - }, - { - "type": "library", - "name": "jest-changed-files", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-changed-files@28.1.3#packages/jest-changed-files", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-changed-files", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ { - "alg": "SHA-512", - "content": "7ac68e7d45895e4da77d9b7d48fc82f2003590d7dd28b9105b2cec325aaaf26b184a534a7e66717d18199f809de0c195505fbbbfa741b347794ce00a6bb88888" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-changed-files" - } - ] - }, - { - "type": "library", - "name": "jest-config", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-config@28.1.3#packages/jest-config", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-config", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/jest-config/-/jest-config-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ { - "alg": "SHA-512", - "content": "306dc836307227427802c3419bb4f786cbb1290a85222468fc052a6f5abd2d1288e5453a01aafd2476ebf48be7d535707d40fd2a2ad1a0cfd3eaef1795c40f1d" + "license": { + "id": "BSD-2-Clause" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-config" + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "test-sequencer", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "name": "json-schema", + "group": "@types", + "version": "7.0.15", + "bom-ref": "@types/json-schema@7.0.15", + "description": "TypeScript definitions for json-schema", "licenses": [ { "license": { @@ -141789,30 +133819,30 @@ } } ], - "purl": "pkg:npm/%40jest/test-sequencer@28.1.3#packages/jest-test-sequencer", + "purl": "pkg:npm/%40types/json-schema@7.0.15#types/json-schema", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-test-sequencer", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-schema", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-28.1.3.tgz", + "url": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "34830f12aa9ae7d3169c38b592f5d7a586eab1f426489b086e777ce667551a48837d0f564104d738bb2f21251fa279a7053fb0f395848277828a01047470c5c7" + "content": "e7e7cff0ff0c14d0be0326420f1ac1da991914f1b3a90594ce949ebae54bbe6f1531ca2b3586af06aa057312bc6d0cf842c6e7e2850411e9b8c032df732b061c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -141821,16 +133851,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-sequencer" + "value": "node_modules/@types/json-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "babel-jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", - "description": "Jest plugin to use babel for transformation.", + "name": "tsutils", + "version": "3.21.0", + "bom-ref": "tsutils@3.21.0", + "author": "Klaus Meinhardt", + "description": "utilities for working with typescript's AST", "licenses": [ { "license": { @@ -141838,30 +133873,30 @@ } } ], - "purl": "pkg:npm/babel-jest@28.1.3#packages/babel-jest", + "purl": "pkg:npm/tsutils@3.21.0", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/babel-jest", + "url": "git+https://github.com/ajafff/tsutils.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/ajafff/tsutils#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/ajafff/tsutils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-28.1.3.tgz", + "url": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7a951a3ce116324ddc597d0cfec3ef0871c27bd7cc1406bff615c480a3fc9c57cd97f8e51a413db9cabd36a9191972c376e089612d14bd294f5300b44beac7e9" + "content": "98728ade25172fedd417ac4be64d0f12129150128f042bfff919043a98d15b1c71dbb28a4419a603ad00f6980e52f322f062a144c3c49a30513f3b365bb3b538" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -141870,95 +133905,107 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/babel-jest" - } - ] - }, - { - "type": "library", - "name": "jest-circus", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", - "licenses": [ + "value": "node_modules/tsutils" + }, { - "license": { - "id": "MIT" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/jest-circus@28.1.3#packages/jest-circus", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-circus", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "components": [ { - "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "tsutils@3.21.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ { - "alg": "SHA-512", - "content": "719f9e4b9cdcefd301c2df88850862129d0e78175da5cd67f0c068d67301f00ee83cc2843be4ab7bec0768b25ec50523f586bff0d3816344444948188c1e9fa3" + "license": { + "id": "0BSD" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-circus" + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "environment", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "name": "esrecurse", + "version": "4.3.0", + "bom-ref": "esrecurse@4.3.0", + "description": "ECMAScript AST recursive visitor", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40jest/environment@28.1.3#packages/jest-environment", + "purl": "pkg:npm/esrecurse@4.3.0", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-environment", + "url": "git+https://github.com/estools/esrecurse.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/estools/esrecurse", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/estools/esrecurse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jest/environment/-/environment-28.1.3.tgz", + "url": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d5b7f8d1c3054c490ac847f9f3947d233d566b20e31e81eabedb345c5604ab228cddc1560e978ca2a28a4c017d2d261032874f52587c14aa6da0cd9870c5805c" + "content": "2a67ca2f76fa1be457bcff0dd6faf74ead642ffa021609f63585c4b6a3fcfcbde929aa540381bc70555aa05dd2537db7083e17ca947f7df8a81e692d8bafd36a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -141967,16 +134014,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/environment" + "value": "node_modules/esrecurse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "expect", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "name": "eslint-utils", + "version": "3.0.0", + "bom-ref": "eslint-utils@3.0.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", "licenses": [ { "license": { @@ -141984,30 +134036,30 @@ } } ], - "purl": "pkg:npm/%40jest/expect@28.1.3#packages/jest-expect", + "purl": "pkg:npm/eslint-utils@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-expect", + "url": "git+https://github.com/mysticatea/eslint-utils.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/mysticatea/eslint-utils#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/mysticatea/eslint-utils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jest/expect/-/expect-28.1.3.tgz", + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "97373c0a951b4a813876a4f453e835a8e0d08c14473e908f5e2b2c5c3e264bdfac5907669a9789f73487d6b4b51c492bb0c3747dbee72ab27d822011d5ddf007" + "content": "bae402e3720672dc3af29240d5181b412f3f34feeb721e82c1de23dd906d828e3ff05963e1e184ed96126513778aae69554bfa18f756e59d511657a8f38b8b0c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142016,63 +134068,78 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect" - } - ] - }, - { - "type": "library", - "name": "expect", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", - "licenses": [ + "value": "node_modules/eslint-utils" + }, { - "license": { - "id": "MIT" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/expect@28.1.3#packages/expect", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/expect", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "components": [ { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/expect/-/expect-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ { - "alg": "SHA-512", - "content": "784874c67f0796cb8e07116022cb3eda65fce55012e10cb739292357bae5056963b40e28587dfb825546c8e65266f12b0d3ff2072c1974f1b0097b93bd21bce6" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/expect" + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "jest-snapshot", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "name": "highlight", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/highlight@7.24.2", + "author": "The Babel Team", + "description": "Syntax highlight JavaScript strings for output in terminals.", "licenses": [ { "license": { @@ -142080,30 +134147,30 @@ } } ], - "purl": "pkg:npm/jest-snapshot@28.1.3#packages/jest-snapshot", + "purl": "pkg:npm/%40babel/highlight@7.24.2#packages/babel-highlight", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-snapshot", + "url": "git+https://github.com/babel/babel.git#packages/babel-highlight", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://babel.dev/docs/en/next/babel-highlight", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-28.1.3.tgz", + "url": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e25ccc82d88d95cdc353ff2565f9aac4ddc0603e8618b6e5fbbdab741a57bdc57ec215fb983ad113390f769d919e67c8896060d586ee15291776e17625c69f26" + "content": "61a7356a8e1f9644f14ed7820d92c4bddc60d9f65fcf5bfc338429686ca9abf58f0ea8378a31d86c37ecf8b1b986fcd2a2a69267dfd9f652923f70a3663bfea4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142112,166 +134179,368 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-snapshot" - } - ] - }, - { - "type": "library", - "name": "dedent", - "version": "0.7.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0", - "author": "Desmond Brand", - "description": "An ES6 string tag that strips indentation from multi-line strings", - "licenses": [ - { - "license": { - "id": "MIT" - } + "value": "node_modules/@babel/highlight" } ], - "purl": "pkg:npm/dedent@0.7.0", - "externalReferences": [ - { - "url": "git://github.com/dmnd/dedent.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/dmnd/dedent", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/dmnd/dedent/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "components": [ { - "url": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ { - "alg": "SHA-512", - "content": "43a7ca50faa7007032862520154ec15332e2bf491df2c687f5a97bb67bb943fa248fa767ba9c724e01480635732404dd7c8026f4d02cbd73738da29af9bc55c8" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/dedent" - } - ] - }, - { - "type": "library", - "name": "jest-each", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", - "author": "Matt Phillips", - "description": "Parameterised tests for Jest", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-each@28.1.3#packages/jest-each", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-each", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/chalk" + } + ] }, { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/ansi-styles" + } + ] }, { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-convert" + } + ] }, { - "url": "https://registry.npmjs.org/jest-each/-/jest-each-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "@babel/highlight@7.24.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ { - "alg": "SHA-512", - "content": "6ab4f5cf8b20db2001539ba880e6d53ef4a548c4250c0e3ca30c74ec10cf0226ac5b4c98a581d83a8e071cbcfdab4055cc3554e2120b163cc9c344a8f5a08bfe" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-each" - } - ] - }, - { - "type": "library", - "name": "jest-get-type", - "version": "28.0.2", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", - "description": "A utility function to get the type of a value", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/jest-get-type@28.0.2#packages/jest-get-type", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-get-type", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-name" + } + ] }, { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/escape-string-regexp" + } + ] }, { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/supports-color" + } + ] }, { - "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-28.0.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "@babel/highlight@7.24.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, { - "alg": "SHA-512", - "content": "8a88f6c3dfc3c526077ce9b994928275c0263c9cd05e66ccfd4ae5deb865821acfbd3dedb7eedaffea1773d6b390a98bbe88978ed57cddb116aa2fafb399e53c" + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-get-type" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/has-flag" + } + ] } ] }, { "type": "library", - "name": "pretty-format", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", - "author": "James Kyle", - "description": "Stringify any JavaScript value.", + "name": "globals", + "version": "13.24.0", + "bom-ref": "globals@13.24.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", "licenses": [ { "license": { @@ -142279,30 +134548,30 @@ } } ], - "purl": "pkg:npm/pretty-format@28.1.3#packages/pretty-format", + "purl": "pkg:npm/globals@13.24.0", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/pretty-format", + "url": "git+https://github.com/sindresorhus/globals.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/sindresorhus/globals#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/sindresorhus/globals/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", + "url": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f2015bfd3a343a6c4747df994dbd780dfdaf371746097f20d71586513a94c394e266f7107f9b0728e6dde5470fc8b2f2a303700c03131775d6386d41ea6c65d5" + "content": "0213b9414723f2596b6c6d3d89684f536076d38275c673de2fc910995a2b4accbe4a38f5b24f2023287a714a1c1a61f82f452e840272fa124c440e26800e2615" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142311,95 +134580,105 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/pretty-format" - } - ] - }, - { - "type": "library", - "name": "jest-matcher-utils", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", - "description": "A set of utility functions for expect and related packages", - "licenses": [ + "value": "node_modules/globals" + }, { - "license": { - "id": "MIT" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/jest-matcher-utils@28.1.3#packages/jest-matcher-utils", - "externalReferences": [ - { - "url": "git+https://github.com/facebook/jest.git#packages/jest-matcher-utils", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/facebook/jest#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/facebook/jest/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "components": [ { - "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "type-fest", + "version": "0.20.2", + "bom-ref": "globals@13.24.0|type-fest@0.20.2", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ { - "alg": "SHA-512", - "content": "910789eea1de98a7dbccaa068c71eb44a1fa6ad831324f049e493688f4375f03baa04fca603f253183b388291e481f46e1a74f3389d1d4313c4dfe497961fa07" + "expression": "(MIT OR CC0-1.0)" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-matcher-utils" + "purl": "pkg:npm/type-fest@0.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35ef9e138af4fe25a7a40c43f39db3dc0f8dd01b7944dfff36327045dd95147126af2c317f9bec66587847a962c65e81fb0cfff1dfa669348090dd452242372d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "jest-runtime", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "name": "doctrine", + "version": "3.0.0", + "bom-ref": "doctrine@3.0.0", + "description": "JSDoc parser", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/jest-runtime@28.1.3#packages/jest-runtime", + "purl": "pkg:npm/doctrine@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-runtime", + "url": "git+https://github.com/eslint/doctrine.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/eslint/doctrine", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/eslint/doctrine/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-28.1.3.tgz", + "url": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "354fbcf3549c05040b7352471b9789194ed48b790b2ab9b008f3ed62c26d072922c6b3363a15509693261562633320df7641a004c3635c2181fde6f3b2034643" + "content": "c92f90e62de105fec6064778286f1aede04d3563462d3684c306165228c860cef3ae56033340455c78e33d6956675460ed469d7597880e68bd8c5dc79aa890db" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142408,15 +134687,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runtime" + "value": "node_modules/doctrine" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jest-environment-node", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "name": "enquirer", + "version": "2.4.1", + "bom-ref": "enquirer@2.4.1", + "author": "Jon Schlinkert", + "description": "Stylish, intuitive and user-friendly prompt system. Fast and lightweight enough for small projects, powerful and extensible enough for the most advanced use cases.", "licenses": [ { "license": { @@ -142424,30 +134709,30 @@ } } ], - "purl": "pkg:npm/jest-environment-node@28.1.3#packages/jest-environment-node", + "purl": "pkg:npm/enquirer@2.4.1", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-environment-node", + "url": "git+https://github.com/enquirer/enquirer.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/enquirer/enquirer", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/enquirer/enquirer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-28.1.3.tgz", + "url": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ba03fa5ce844a6300484662fa795e3f7cf67b39701d4ae99763058b92df4ba64f80901044dac5288f719fc4d64164b57e0692b70ce2abb4ec82250d85f5829f8" + "content": "ad1a8983fea0779dfc547bd1dcf4ab75105bff5572d987f31eacef6e11884290d12886b816057fe786f9435c584b138ec0abe35f0792dba13443e9c0330a76a5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142456,16 +134741,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-environment-node" + "value": "node_modules/enquirer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "fake-timers", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "name": "ansi-colors", + "version": "4.1.1", + "bom-ref": "ansi-colors@4.1.1", + "author": "Brian Woodward", + "description": "Easily add ANSI colors to your text and symbols in the terminal. A faster drop-in replacement for chalk, kleur and turbocolor (without the dependencies and rendering bugs).", "licenses": [ { "license": { @@ -142473,30 +134763,30 @@ } } ], - "purl": "pkg:npm/%40jest/fake-timers@28.1.3#packages/jest-fake-timers", + "purl": "pkg:npm/ansi-colors@4.1.1", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-fake-timers", + "url": "git+https://github.com/doowb/ansi-colors.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/doowb/ansi-colors", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/doowb/ansi-colors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-28.1.3.tgz", + "url": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0ffc0e90bd8f387bf9da1fa89393a3ff580e1bd1d2cb07683ed16c44252694220b5cd9f97885a67277770c88969499e91af42d99a8ea04ff79122d048a6c5f2f" + "content": "2685f46a919b1da50904d97ac85fa9e89005619ebaebf86108628de6df501636c940a514fe0f0c35b1436ef7eb80a5ef23542966994f3a7c08a3df655ff00098" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142505,15 +134795,20 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/fake-timers" + "value": "node_modules/ansi-colors" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jest-mock", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "name": "acorn-jsx", + "version": "5.3.2", + "bom-ref": "acorn-jsx@5.3.2", + "description": "Modern, fast React.js JSX parser", "licenses": [ { "license": { @@ -142521,30 +134816,30 @@ } } ], - "purl": "pkg:npm/jest-mock@28.1.3#packages/jest-mock", + "purl": "pkg:npm/acorn-jsx@5.3.2", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-mock", + "url": "git+https://github.com/acornjs/acorn-jsx.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/acornjs/acorn-jsx", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/acornjs/acorn-jsx/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-28.1.3.tgz", + "url": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a372768ebe9d30c598547e0b87f34a9835dda2caec2608b802f892f285cbba3723a423016f514cb1b9439ce5ca64a7d28872f162e6f5792d081ee457b22a3d78" + "content": "aeaf6cf893617f4202863b435f196527b838d68664e52957b69d0b1f0c80e5c7a3c27eef2a62a9e293eb8ba60478fbf63d4eb9b00b1e81b5ed2229e60c50d781" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142553,46 +134848,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-mock" + "value": "node_modules/acorn-jsx" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jest-resolve", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "name": "esquery", + "version": "1.5.0", + "bom-ref": "esquery@1.5.0", + "author": "Joel Feenstra", + "description": "A query library for ECMAScript AST using a CSS selector like query language.", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/jest-resolve@28.1.3#packages/jest-resolve", + "purl": "pkg:npm/esquery@1.5.0", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve", + "url": "git+https://github.com/estools/esquery.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/estools/esquery/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/estools/esquery/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-28.1.3.tgz", + "url": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6755b7b538c4e9068d23dd2aa3f049a5f9efa71b5a153170e420e0c29c84fcacfc53fd3a3751e37f889af6ab94842877f6a206585d59bb1162062250c1211829" + "content": "6102d7529940c09802c9d43bf08309cb064271ea2a935a07d3538445d48025cffb5360329708e14822c312dab083cd7589d212ffd7c85391a31bbdc882328c56" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142601,46 +134902,51 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve" + "value": "node_modules/esquery" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jest-runner", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "name": "esutils", + "version": "2.0.3", + "bom-ref": "esutils@2.0.3", + "description": "utility box for ECMAScript language tools", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/jest-runner@28.1.3#packages/jest-runner", + "purl": "pkg:npm/esutils@2.0.3", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-runner", + "url": "git+ssh://git@github.com/estools/esutils.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/estools/esutils", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/estools/esutils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-28.1.3.tgz", + "url": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1a4330e03ff451277ad8e54ed281208e7db74ccf9825ad94d96bb9cf3f71b1007533158a0ce96b9f290fc6732c374b6726595f2cf8a71d391aeb5bb44216b104" + "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142649,15 +134955,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runner" + "value": "node_modules/esutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jest-validate", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "name": "file-entry-cache", + "version": "6.0.1", + "bom-ref": "file-entry-cache@6.0.1", + "author": "Roy Riojas", + "description": "Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process", "licenses": [ { "license": { @@ -142665,30 +134977,30 @@ } } ], - "purl": "pkg:npm/jest-validate@28.1.3#packages/jest-validate", + "purl": "pkg:npm/file-entry-cache@6.0.1", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-validate", + "url": "git+https://github.com/royriojas/file-entry-cache.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/royriojas/file-entry-cache#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/royriojas/file-entry-cache/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-28.1.3.tgz", + "url": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4996ce181584b1a4f104608ea6c45695796f364bd3918d17c517e1ef3626bddf2e2f9433ca0d021c05e25ca44e7e587cd35aae03afbf0ec4f83830ed84e0bf38" + "content": "ec6a6cfd75b299b2e4d902d82b8373a4c3ab623321748c57b88bf2d9006c2c4ea58eea1d2af7645acfdca72249dc25485691f43a2d47be0d68bdb3332dd14106" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142697,15 +135009,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-validate" + "value": "node_modules/file-entry-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jest-resolve-dependencies", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "name": "functional-red-black-tree", + "version": "1.0.1", + "bom-ref": "functional-red-black-tree@1.0.1", + "author": "Mikola Lysenko", + "description": "A fully persistent balanced binary search tree", "licenses": [ { "license": { @@ -142713,30 +135031,30 @@ } } ], - "purl": "pkg:npm/jest-resolve-dependencies@28.1.3#packages/jest-resolve-dependencies", + "purl": "pkg:npm/functional-red-black-tree@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve-dependencies", + "url": "git://github.com/mikolalysenko/functional-red-black-tree.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/mikolalysenko/functional-red-black-tree#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/mikolalysenko/functional-red-black-tree/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-28.1.3.tgz", + "url": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a9ad103b64345f342834fa2e31b09cec1bedb1e9bc7908153cd9309fd2e74be4769fc0da5433cbfd4d609e00b42d39754585c9534b896b604c0b60db4df16b1c" + "content": "76c28d40d763eb10374fe4250030c0ee6392957d2a88c20d8e7d1c82bf9e1871ac6d21f34da6dc228833dbea7f8aa3f55ece843ffb12d926ea1fe6eb1936ead2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142745,17 +135063,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve-dependencies" + "value": "node_modules/functional-red-black-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "resolve.exports", - "version": "1.1.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", - "author": "Luke Edwards", - "description": "A tiny (813b), correct, general-purpose, and configurable \"exports\" resolver without file-system reliance", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", "licenses": [ { "license": { @@ -142763,30 +135085,30 @@ } } ], - "purl": "pkg:npm/resolve.exports@1.1.1", + "purl": "pkg:npm/imurmurhash@0.1.4", "externalReferences": [ { - "url": "git+https://github.com/lukeed/resolve.exports.git", + "url": "git+https://github.com/jensyt/imurmurhash-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/lukeed/resolve.exports#readme", + "url": "https://github.com/jensyt/imurmurhash-js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/lukeed/resolve.exports/issues", + "url": "https://github.com/jensyt/imurmurhash-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", + "url": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fcdb691cd0cdee35a101a43d06f054619e984d7b110607ea58558fec16416a83093bf2371b9385cef4ee58d9590b768f8e29ecd45f9336b2cab066c7e2b7ec45" + "content": "2665cc67ac2ebc398b88712697dca4cea3ba97015ba1fd061b822470668435d0910c398c5679f2eece47b0880709b6aad30d8cc8f843aa48535204b62d4d8f1c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142795,17 +135117,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/resolve.exports" + "value": "node_modules/imurmurhash" } ] }, { "type": "library", - "name": "emittery", - "version": "0.10.2", - "bom-ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2", - "author": "Sindre Sorhus", - "description": "Simple and modern async event emitter", + "name": "json-stable-stringify-without-jsonify", + "version": "1.0.1", + "bom-ref": "json-stable-stringify-without-jsonify@1.0.1", + "author": "James Halliday", + "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies", "licenses": [ { "license": { @@ -142813,30 +135135,30 @@ } } ], - "purl": "pkg:npm/emittery@0.10.2", + "purl": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/emittery.git", + "url": "git://github.com/samn/json-stable-stringify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/emittery#readme", + "url": "https://github.com/samn/json-stable-stringify", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/emittery/issues", + "url": "https://github.com/samn/json-stable-stringify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", + "url": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6884ea3b09cb6a7a472cd5d924435b3a08d405e1e8703fb1b1226636b8e8bca056e476d2a56dddd69125b3b18540f5165e2c06f7ed0fe06b477c4a82ff833423" + "content": "05d6e8cbe97bb40dce196e858f21475a43f92ee0728f54e4df72e3caad1ac72cdd93dfff2528b6bb77cfd504a677528dc2ae9538a606940bbcec28ac562afa3f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142845,15 +135167,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/emittery" + "value": "node_modules/json-stable-stringify-without-jsonify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jest-docblock", - "version": "28.1.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "name": "levn", + "version": "0.4.1", + "bom-ref": "levn@0.4.1", + "author": "George Zahariev", + "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", "licenses": [ { "license": { @@ -142861,30 +135189,30 @@ } } ], - "purl": "pkg:npm/jest-docblock@28.1.1#packages/jest-docblock", + "purl": "pkg:npm/levn@0.4.1", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-docblock", + "url": "git://github.com/gkz/levn.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/gkz/levn", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/gkz/levn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-28.1.1.tgz", + "url": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "df06b2055362398c7473001b97daf09b990a14ff321c7dddfdf90468bd3634f4e40e88cfb6178607b1d9485638c335fe0f1cabbe15f3d0a482564b260a49c2b8" + "content": "f9b4f6b87e04e4b184ee1fe7ddebdc4bfb109495c2a48a7aca6f0e589e5e57afbaec3b2a97f2da693eea24102ddabcdfa1aff94011818710e2c7574cb7691029" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142893,15 +135221,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-docblock" + "value": "node_modules/levn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jest-leak-detector", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "name": "lodash.merge", + "version": "4.6.2", + "bom-ref": "lodash.merge@4.6.2", + "author": "John-David Dalton", + "description": "The Lodash method `_.merge` exported as a module.", "licenses": [ { "license": { @@ -142909,30 +135243,30 @@ } } ], - "purl": "pkg:npm/jest-leak-detector@28.1.3#packages/jest-leak-detector", + "purl": "pkg:npm/lodash.merge@4.6.2", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-leak-detector", + "url": "git+https://github.com/lodash/lodash.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://lodash.com/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/lodash/lodash/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-28.1.3.tgz", + "url": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "58554986742c88ab43128e651b698cd2fe344169c133eccc7471f226cf00599ec9d106494b9f4cb3229e2475a1a416411f7d92e3c14e56f1b23854f58740e5a8" + "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142941,16 +135275,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-leak-detector" + "value": "node_modules/lodash.merge" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jest-watcher", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", - "description": "Delightful JavaScript Testing.", + "name": "optionator", + "version": "0.9.3", + "bom-ref": "optionator@0.9.3", + "author": "George Zahariev", + "description": "option parsing and help generation", "licenses": [ { "license": { @@ -142958,30 +135297,30 @@ } } ], - "purl": "pkg:npm/jest-watcher@28.1.3#packages/jest-watcher", + "purl": "pkg:npm/optionator@0.9.3", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-watcher", + "url": "git://github.com/gkz/optionator.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://jestjs.io/", + "url": "https://github.com/gkz/optionator", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/gkz/optionator/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", + "url": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b78a9caa3f61cdefa3be214f50ddd802d0047859ebfdacc84d740430045fe5c330298d923014670904d72e2c53976d0e47a98b87d28b32b8152602484b29bed6" + "content": "2630a8ca9a7e8ca9f5b6d105131c617ad08a789b7dce102002f7b91571e2c53bc50d6ff968492d5fd6ee7c128b45131d53b6cdb692df706bbde01ddc7442608e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -142990,99 +135329,108 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-watcher" - } - ] - }, - { - "type": "library", - "name": "fake-timers", - "group": "@sinonjs", - "version": "9.1.2", - "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", - "author": "Christian Johansen", - "description": "Fake JavaScript timers", - "licenses": [ + "value": "node_modules/optionator" + }, { - "license": { - "id": "BSD-3-Clause" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/%40sinonjs/fake-timers@9.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/sinonjs/fake-timers.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/sinonjs/fake-timers", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/sinonjs/fake-timers/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "components": [ { - "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "fast-levenshtein", + "version": "2.0.6", + "bom-ref": "optionator@0.9.3|fast-levenshtein@2.0.6", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ { - "alg": "SHA-512", - "content": "04f4b8ca7256fe8f763d4478c20ae2cf651de60a524f9bf3e8641f322c440cad19f19094bf633b4a404bca41f9e93fbe5ecfbc967f734c66cebcd1887b4dbf8f" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/fake-timers" + "purl": "pkg:npm/fast-levenshtein@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c25eee887e1a9c92ced364a6371f1a77cbaaa9858e522599ab58c0eb29c11148e5d641d32153d220fcf62bcf2c3fba5f63388ca1d0de0cd2d6c2e61a1d83c77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator/node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "commons", - "group": "@sinonjs", - "version": "1.8.6", - "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", - "description": "Simple functions shared among the sinon end user libraries", + "name": "progress", + "version": "2.0.3", + "bom-ref": "progress@2.0.3", + "author": "TJ Holowaychuk", + "description": "Flexible ascii progress bar", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/%40sinonjs/commons@1.8.6", + "purl": "pkg:npm/progress@2.0.3", "externalReferences": [ { - "url": "git+https://github.com/sinonjs/commons.git", + "url": "git://github.com/visionmedia/node-progress.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sinonjs/commons#readme", + "url": "https://github.com/visionmedia/node-progress#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinonjs/commons/issues", + "url": "https://github.com/visionmedia/node-progress/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", + "url": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2b2f9790092a3d94a6dcd2c17949e0efb101425ddc99e2612136861dd607f248d507e6ae9f74b85c146d8b6cedd7b9adb7498850388dc587a8266e9dad5bc125" + "content": "ecf887b4b965e4b767288330d74d08fbcc495d1e605b6430598913ea226f6b46d78ad64a6bf5ccad26dd9a0debd979da89dcfd42e99dd153da32b66517d57db0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143091,16 +135439,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/commons" + "value": "node_modules/progress" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "globals", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "name": "regexpp", + "version": "3.2.0", + "bom-ref": "regexpp@3.2.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", "licenses": [ { "license": { @@ -143108,30 +135461,30 @@ } } ], - "purl": "pkg:npm/%40jest/globals@28.1.3#packages/jest-globals", + "purl": "pkg:npm/regexpp@3.2.0", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-globals", + "url": "git+https://github.com/mysticatea/regexpp.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/mysticatea/regexpp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/mysticatea/regexpp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jest/globals/-/globals-28.1.3.tgz", + "url": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5c55383f8a61cabc825eed696dca8c3b419241c61ed48b1a958083cd137285eb727b2c4c708c5ad75a8f343a5534b7ab7ad22d36a126618427d54633ff9c7534" + "content": "a6ad9b5a8f66543e379dbb6cdb01afd7b5cb88d2f26be1a4959f246832d5d99d3c8030ac1a99ca9fd04531ea6f5ae1c26f256f63b279a39f8156fa106e69492e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143140,47 +135493,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/globals" + "value": "node_modules/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "source-map", - "group": "@jest", - "version": "28.1.2", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "name": "table", + "version": "6.8.2", + "bom-ref": "table@6.8.2", + "author": "Gajus Kuizinas", + "description": "Formats data into a string table.", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/%40jest/source-map@28.1.2#packages/jest-source-map", + "purl": "pkg:npm/table@6.8.2", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-source-map", + "url": "git+https://github.com/gajus/table.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/gajus/table#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/gajus/table/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-28.1.2.tgz", + "url": "https://registry.npmjs.org/table/-/table-6.8.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "715f0bc7705e4ad25bf22a4f1e7a95c3f20cd9508c58eddcad6673628752224c579d1717262a42771d4908ad0ae4cb09268b994131fbde6cdfe2f83145a1fdc3" + "content": "c36b1fbfcd27ac08765426ea47900adbbc2cc1786a71c9360217e7356efa6de417b24199d55d761b04bfff26156b77777dcbc08a9d8e5276c30235b6937bfd7c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143189,16 +135547,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/source-map" + "value": "node_modules/table" } ] }, { "type": "library", - "name": "expect-utils", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", "licenses": [ { "license": { @@ -143206,30 +135565,30 @@ } } ], - "purl": "pkg:npm/%40jest/expect-utils@28.1.3#packages/expect-utils", + "purl": "pkg:npm/text-table@0.2.0", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/expect-utils", + "url": "git://github.com/substack/text-table.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/substack/text-table", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/substack/text-table/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-28.1.3.tgz", + "url": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c2f6e2f4b52b1c92e7dcd9435bac05da1bc832d77825497640d56b8eaf880521e2ae07eb477a3d46756dc7374418eda7f49c885b01e72df6f2e4acea04683660" + "content": "37ef148ac0170c693c3c55cfe07033551f676df995277cd82c05a24c8a2a0b9bf98ac8a786bfabe6e68ef3eeebdc131fb8d22e7c8b00ed176956069c0b6712a7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143238,15 +135597,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect-utils" + "value": "node_modules/text-table" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jest-diff", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "name": "v8-compile-cache", + "version": "2.4.0", + "bom-ref": "v8-compile-cache@2.4.0", + "author": "Andres Suarez", + "description": "Require hook for automatic V8 compile cache persistence", "licenses": [ { "license": { @@ -143254,30 +135619,30 @@ } } ], - "purl": "pkg:npm/jest-diff@28.1.3#packages/jest-diff", + "purl": "pkg:npm/v8-compile-cache@2.4.0", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-diff", + "url": "git+https://github.com/zertosh/v8-compile-cache.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/zertosh/v8-compile-cache#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/zertosh/v8-compile-cache/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-28.1.3.tgz", + "url": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f11a8fd41fce5f38e34d692a317ebb8aa830055251802c8a0f72fd9eafba66a24c76f8c4f1180792da99ea336b91d313f9d26e60d237ae1429c5acfb76b2477f" + "content": "a1cc967376c01c107f82ecaa250548e68e016643e1ce73d8506d9e6bcd06a2777f060356a5aa7c4ce98b49e7901bb6e787628c212c6c91d0031b9f63ef3aee87" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143286,16 +135651,20 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-diff" + "value": "node_modules/v8-compile-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "diff-sequences", - "version": "28.1.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", - "description": "Compare items in two sequences to find a longest common subsequence", + "name": "confusing-browser-globals", + "version": "1.0.10", + "bom-ref": "confusing-browser-globals@1.0.10", + "description": "A list of browser globals that are often used by mistake instead of local variables", "licenses": [ { "license": { @@ -143303,30 +135672,30 @@ } } ], - "purl": "pkg:npm/diff-sequences@28.1.1#packages/diff-sequences", + "purl": "pkg:npm/confusing-browser-globals@1.0.10#packages/confusing-browser-globals", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/diff-sequences", + "url": "git+https://github.com/facebook/create-react-app.git#packages/confusing-browser-globals", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/facebook/create-react-app#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/facebook/create-react-app/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-28.1.1.tgz", + "url": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "154d2215a1ff136ddaf9aef5f25f106bfd7d6c5f69d3a9201342a2a4c38c69dc1add28e768494accf6940b4be789bb3afc1ffd9e2f7bb3ad6671e8e4f16d5f43" + "content": "80d95dff7972487c2e85a565b8950a2de3d88ab33740d08acd5c6a01d849208f7f5972955f93d447331526ca52d634ec952aa37ae1b828c5534a8ba2b7960f1c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143335,17 +135704,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/diff-sequences" + "value": "node_modules/confusing-browser-globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "camelcase", - "version": "6.3.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", - "author": "Sindre Sorhus", - "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "name": "eslint-plugin-mocha", + "version": "9.0.0", + "bom-ref": "eslint-plugin-mocha@9.0.0", + "author": "Mathias Schreck", + "description": "Eslint rules for mocha.", "licenses": [ { "license": { @@ -143353,30 +135726,30 @@ } } ], - "purl": "pkg:npm/camelcase@6.3.0", + "purl": "pkg:npm/eslint-plugin-mocha@9.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/camelcase.git", + "url": "git://github.com/lo1tuma/eslint-plugin-mocha.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/camelcase#readme", + "url": "https://github.com/lo1tuma/eslint-plugin-mocha", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/camelcase/issues", + "url": "https://github.com/lo1tuma/eslint-plugin-mocha/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "url": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-9.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + "content": "77b92701c423d633c2cd97f771a781227dc19d6ea291cbdfcf4912a90a703d871518ba09579b33d25d0e241d8b47c23b76f4c36eaab5a15eb29614a0cc0d74ce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143385,16 +135758,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/camelcase" + "value": "node_modules/eslint-plugin-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "schemas", - "group": "@jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "name": "ramda", + "version": "0.27.2", + "bom-ref": "ramda@0.27.2", + "author": "Scott Sauyet", + "description": "A practical functional library for JavaScript programmers.", "licenses": [ { "license": { @@ -143402,30 +135780,30 @@ } } ], - "purl": "pkg:npm/%40jest/schemas@28.1.3#packages/jest-schemas", + "purl": "pkg:npm/ramda@0.27.2", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-schemas", + "url": "git://github.com/ramda/ramda.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://ramdajs.com/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/ramda/ramda/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", + "url": "https://registry.npmjs.org/ramda/-/ramda-0.27.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fe5fd55ac76dfda057823b212d6385c85b77215758ca9bb9cb65a7dab38ed6e9fa9e4a889fc48b5f38083185c5c98b11583c85e44b6198a24c21d26f934f20ae" + "content": "49b88b3d4e3426e2678877b141202069ddf685fc1df834547701763e556e2394590f4fef6a151ca3b47cbc3f3a27fb5c10a285f6f66b515c20b66182aa508ac8" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143434,17 +135812,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/schemas" + "value": "node_modules/ramda" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ansi-styles", - "version": "5.2.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", + "name": "eslint-plugin-node", + "version": "11.1.0", + "bom-ref": "eslint-plugin-node@11.1.0", + "author": "Toru Nagashima", + "description": "Additional ESLint's rules for Node.js", "licenses": [ { "license": { @@ -143452,30 +135834,30 @@ } } ], - "purl": "pkg:npm/ansi-styles@5.2.0", + "purl": "pkg:npm/eslint-plugin-node@11.1.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-styles.git", + "url": "git+https://github.com/mysticatea/eslint-plugin-node.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/ansi-styles#readme", + "url": "https://github.com/mysticatea/eslint-plugin-node#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-styles/issues", + "url": "https://github.com/mysticatea/eslint-plugin-node/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "url": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + "content": "a14c2d3c9d56d12283d13afec2abbdd9ce71b82790a81de14821dab27fd982315d03d88318d90d7f6662f73b58ed7fa136e3226f6dcb346466ebeb8df8a2c4de" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143484,18 +135866,293 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/ansi-styles" + "value": "node_modules/eslint-plugin-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "eslint-plugin-node@11.1.0|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "typebox", - "group": "@sinclair", - "version": "0.24.51", - "bom-ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51", - "author": "sinclairzx81", - "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "name": "eslint-plugin-es", + "version": "3.0.1", + "bom-ref": "eslint-plugin-es@3.0.1", + "author": "Toru Nagashima", + "description": "ESLint plugin about ECMAScript syntactic features.", "licenses": [ { "license": { @@ -143503,30 +136160,30 @@ } } ], - "purl": "pkg:npm/%40sinclair/typebox@0.24.51", + "purl": "pkg:npm/eslint-plugin-es@3.0.1", "externalReferences": [ { - "url": "git+https://github.com/sinclairzx81/typebox.git", + "url": "git+https://github.com/mysticatea/eslint-plugin-es.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sinclairzx81/typebox#readme", + "url": "https://github.com/mysticatea/eslint-plugin-es#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinclairzx81/typebox/issues", + "url": "https://github.com/mysticatea/eslint-plugin-es/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", + "url": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-3.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d4fd4e44e9bfaddb9b3f96850d265020b534beb2c22787ef1ede84a2a1c433ed83fc6e4c2b76c86b299428b8adf09b3d81b9ece54c899e43ff4d944e2f0e2d50" + "content": "194980b0968de0573b19bb65f2e38195aca8d83aa1c16bc4cf290c1d20991d4dd7749f8d4b3cd97158578775715f989ca90fa841d2046b05d7f31911de620599" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143535,16 +136192,131 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/@sinclair/typebox" + "value": "node_modules/eslint-plugin-es" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "jest-cli", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", - "description": "Delightful JavaScript Testing.", + "name": "eslint-config-oclif", + "version": "4.0.0", + "bom-ref": "eslint-config-oclif@4.0.0", + "author": "Jeff Dickey @jdxcode", + "description": "eslint config for oclif", "licenses": [ { "license": { @@ -143552,30 +136324,30 @@ } } ], - "purl": "pkg:npm/jest-cli@28.1.3#packages/jest-cli", + "purl": "pkg:npm/eslint-config-oclif@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/jest-cli", + "url": "git+https://github.com/oclif/eslint-config-oclif.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://jestjs.io/", + "url": "https://github.com/oclif/eslint-config-oclif", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/oclif/eslint-config-oclif/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-28.1.3.tgz", + "url": "https://registry.npmjs.org/eslint-config-oclif/-/eslint-config-oclif-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ae863792faefe7b0339f5c8f81d4de6cf017bdd476c5f7b368a298cd5c59e88b7fe4d0b1cc9ca6ead508e4fd7391d5a17d4624c4423db9959c41d6852e8f2625" + "content": "e6d91441e0b7deb1c0849c5a19e0466087e50cbba6795daa0ffe172c1757841ffa17ff899f075c7bdc181d2be4c74254a9441286942ff09115901a7fcf30fb86" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143584,17 +136356,131 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/jest-cli" + "value": "node_modules/eslint-config-oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "36.0.0", + "bom-ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "author": "Sindre Sorhus", + "description": "Various awesome ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@36.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-36.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c71376bd272d1969c35ba68b1259bf2ca23072b9a4ea676211c5b9e54bf992b72b55c20549632612073f870a5e9987d969c299e67a4511118dcf869386ca7500" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "ts-jest", - "version": "28.0.8", - "bom-ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", - "author": "Kulshekhar Kabra", - "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "name": "eslint-config-xo-space", + "version": "0.27.0", + "bom-ref": "eslint-config-xo-space@0.27.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", "licenses": [ { "license": { @@ -143602,30 +136488,30 @@ } } ], - "purl": "pkg:npm/ts-jest@28.0.8", + "purl": "pkg:npm/eslint-config-xo-space@0.27.0", "externalReferences": [ { - "url": "git+https://github.com/kulshekhar/ts-jest.git", + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://kulshekhar.github.io/ts-jest", + "url": "https://github.com/xojs/eslint-config-xo-space#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kulshekhar/ts-jest/issues", + "url": "https://github.com/xojs/eslint-config-xo-space/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-28.0.8.tgz", + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.27.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e45686d255e644fcc0a62c7ca051bc44a8c0cf87a1b66f3230a393cb91d7ddf63a5bc926bceae6718d212831255b9d85268bfe7258546eb280aa87e78f89974e" + "content": "6fc5235be9d0c8e921880355a48a6daa528fc84ed7472438d2e435368061cd57eef798317d91aba658aaf191c1a5a385db008b65a7b14d28e0ed1be6f7dbe3e0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143634,15 +136520,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/ts-jest" + "value": "node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "babel-preset-jest", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "name": "eslint-config-xo", + "version": "0.35.0", + "bom-ref": "eslint-config-xo@0.35.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", "licenses": [ { "license": { @@ -143650,30 +136542,30 @@ } } ], - "purl": "pkg:npm/babel-preset-jest@28.1.3#packages/babel-preset-jest", + "purl": "pkg:npm/eslint-config-xo@0.35.0", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/babel-preset-jest", + "url": "git+https://github.com/xojs/eslint-config-xo.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/xojs/eslint-config-xo#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/xojs/eslint-config-xo/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-28.1.3.tgz", + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.35.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2fe7eea49be55801db41f9fbe1ca0d5f7cdfeb42d7309b1eccdbefc7c78887b88e47596e275a68c5881093517c3d8b4dabfe903830c70aab129d3152582e3dd4" + "content": "f96c994cb594265bc4c45ac153f2ddc3c001fd2d1ddf1fb6e8941d0566dcaa283665a5a1d338a761c1e893e113e08a0f68471145fdc513d92322d3558c1c2702" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143682,15 +136574,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/babel-preset-jest" + "value": "node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "babel-plugin-jest-hoist", - "version": "28.1.3", - "bom-ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "name": "helper-validator-identifier", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-validator-identifier@7.22.20", + "author": "The Babel Team", + "description": "Validate identifier/keywords name", "licenses": [ { "license": { @@ -143698,30 +136597,30 @@ } } ], - "purl": "pkg:npm/babel-plugin-jest-hoist@28.1.3#packages/babel-plugin-jest-hoist", + "purl": "pkg:npm/%40babel/helper-validator-identifier@7.22.20#packages/babel-helper-validator-identifier", "externalReferences": [ { - "url": "git+https://github.com/facebook/jest.git#packages/babel-plugin-jest-hoist", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-identifier", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/facebook/jest#readme", + "url": "https://github.com/babel/babel#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/facebook/jest/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-28.1.3.tgz", + "url": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "62cded50a0267e79115293dda5af7c798ac04749d5fac4855196441ae43611b15dd72e1238bb43e500cd1c0abe6dbf5af9b6d7bd8402e1bf880ff4c720c714e9" + "content": "638399fb2b656ad47c008fbc2997cab8be6eacaa7ba9ecb4f216b7d4bf1bdc1c1ec0902825a993cf2bf13d1ff90fe2a47490863eaffef13ba41c1958d74157f4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143730,48 +136629,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/babel-plugin-jest-hoist" + "value": "node_modules/@babel/helper-validator-identifier" } ] }, { "type": "library", - "name": "typescript", - "version": "4.9.5", - "bom-ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5", - "author": "Microsoft Corp.", - "description": "TypeScript is a language for application scale JavaScript development", + "name": "clean-regexp", + "version": "1.0.0", + "bom-ref": "clean-regexp@1.0.0", + "author": "Sam Verschueren", + "description": "Clean up regular expressions", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/typescript@4.9.5", + "purl": "pkg:npm/clean-regexp@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/TypeScript.git", + "url": "git+https://github.com/SamVerschueren/clean-regexp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://github.com/SamVerschueren/clean-regexp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/SamVerschueren/clean-regexp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "url": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d455e4f44d879be433650ef3f8c7098872f8356d45d84cccbbd36af62df301a1aa89b69fa98c02554e96c9602ec90451cce971a2ef31652c972c437ca0a8f6e2" + "content": "19f8ac119109bf32ab9865a4bdf860cdccff06594dd5449ea83d95ead835e0e00e81a083d99fcf504bb19c067f9cfbe6687446edaf32efba754ff2114380f51f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143780,48 +136679,104 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/typescript" + "value": "node_modules/clean-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp/node_modules/escape-string-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "yargs-parser", - "version": "21.1.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1", - "author": "Ben Coe", - "description": "the mighty option parser used by yargs", + "name": "eslint-template-visitor", + "version": "2.3.2", + "bom-ref": "eslint-template-visitor@2.3.2", "licenses": [ { - "license": { - "id": "ISC" - } + "expression": "GPL-3.0-or-later OR MIT" } ], - "purl": "pkg:npm/yargs-parser@21.1.1", + "purl": "pkg:npm/eslint-template-visitor@2.3.2", "externalReferences": [ { - "url": "git+https://github.com/yargs/yargs-parser.git", + "url": "git+https://github.com/futpib/eslint-template-visitor.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/yargs/yargs-parser#readme", + "url": "https://github.com/futpib/eslint-template-visitor#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/yargs-parser/issues", + "url": "https://github.com/futpib/eslint-template-visitor/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "url": "https://registry.npmjs.org/eslint-template-visitor/-/eslint-template-visitor-2.3.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + "content": "df2761a85a6e57bc7533d10ae7604f363e95d0ac2ed0a2a470801fa548701db47ca1c4659ffa141e07f142ea58f0ed61e10bff3ce1c3ba66ff070c0d7f16ed9c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143830,48 +136785,109 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/yargs-parser" + "value": "node_modules/eslint-template-visitor" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "yaml", - "version": "1.10.2", - "bom-ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2", - "author": "Eemeli Aro", - "description": "JavaScript parser and stringifier for YAML", + "name": "eslint-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/eslint-parser@7.24.1", + "author": "The Babel Team", + "description": "ESLint parser that allows for linting of experimental syntax transformed by Babel", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/yaml@1.10.2", + "purl": "pkg:npm/%40babel/eslint-parser@7.24.1#eslint/babel-eslint-parser", "externalReferences": [ { - "url": "git+https://github.com/eemeli/yaml.git", + "url": "git+https://github.com/babel/babel.git#eslint/babel-eslint-parser", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://eemeli.org/yaml/v1/", + "url": "https://babel.dev/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eemeli/yaml/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "url": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + "content": "77982ebb33253de0df6486e943cfa0d4d68236e00604118d1028741d5ab3d6c8ce7952e1d8211a89fb8ecac087d7c5115ba47ba6a5c836f7f93da47f742ea32d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143880,17 +136896,131 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/yaml" + "value": "node_modules/@babel/eslint-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/eslint-parser@7.24.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "supports-color", - "version": "7.2.0", - "bom-ref": "chalk@4.1.2|supports-color@7.2.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", + "name": "eslint-scope-5-internals", + "group": "@nicolo-ribaudo", + "version": "5.1.1-v1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "description": "Proxy package exposing internals of eslint-scope@5 for @babel/eslint-parser", "licenses": [ { "license": { @@ -143898,30 +137028,15 @@ } } ], - "purl": "pkg:npm/supports-color@7.2.0", + "purl": "pkg:npm/%40nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", "externalReferences": [ { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "url": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + "content": "e78fc946f90b233cc35ac84259fba169d7eb7d954f884958f057209a0d47ae8125cbf1034accf384102c6ab0aec7e0ff90eb254d1aae373bb21929944934c71a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143930,48 +137045,160 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/chalk/node_modules/supports-color" + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "glob@7.2.3|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", + "name": "multimap", + "version": "1.1.0", + "bom-ref": "multimap@1.1.0", + "author": "villa.gao", + "description": "multi-map which allow multiple values for the same key", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minimatch@3.1.2", + "purl": "pkg:npm/multimap@1.1.0", "externalReferences": [ { - "url": "git://github.com/isaacs/minimatch.git", + "url": "git://github.com/villadora/multi-map.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minimatch#readme", + "url": "https://github.com/villadora/multi-map#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minimatch/issues", + "url": "https://github.com/villadora/multi-map/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "url": "https://registry.npmjs.org/multimap/-/multimap-1.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + "content": "d19211f4f6ac3f1197991b0417c8ec0f39ddcc70e3eed21abfe2549af20507f587b30962167aaec44093fc37bb191e3283df64cbf36544a253f361b5cb6ef56f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -143980,17 +137207,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/glob/node_modules/minimatch" + "value": "node_modules/multimap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "glob@7.2.3|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", + "name": "is-builtin-module", + "version": "3.2.1", + "bom-ref": "is-builtin-module@3.2.1", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", "licenses": [ { "license": { @@ -143998,30 +137229,30 @@ } } ], - "purl": "pkg:npm/brace-expansion@1.1.11", + "purl": "pkg:npm/is-builtin-module@3.2.1", "externalReferences": [ { - "url": "git://github.com/juliangruber/brace-expansion.git", + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/juliangruber/brace-expansion", + "url": "https://github.com/sindresorhus/is-builtin-module#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/brace-expansion/issues", + "url": "https://github.com/sindresorhus/is-builtin-module/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "url": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + "content": "0522c4dc79d5dacc99d052b488c03fc941a995478c98dcf8016e5f9d3ba76c222a662e2f1b75a3253f451cccb90faf719806011d742125d00b769c15c55e74d4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144030,48 +137261,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/glob/node_modules/brace-expansion" + "value": "node_modules/is-builtin-module" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "semver", - "version": "6.3.1", - "bom-ref": "@babel/core@7.24.4|semver@6.3.1", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", + "name": "pluralize", + "version": "8.0.0", + "bom-ref": "pluralize@8.0.0", + "author": "Blake Embrey", + "description": "Pluralize and singularize any word", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/semver@6.3.1", + "purl": "pkg:npm/pluralize@8.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/node-semver.git", + "url": "git+https://github.com/blakeembrey/pluralize.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/node-semver#readme", + "url": "https://github.com/blakeembrey/pluralize#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/node-semver/issues", + "url": "https://github.com/blakeembrey/pluralize/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "url": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + "content": "35cdc84f9c87cdf9537db8e0a967023e9a3b0da2b2e059e907497fcc2016d1373b8f1022baa4b11dab27b41dc3efcf3b2d2ac0f7790327d217a2fc49631c8b08" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144080,17 +137315,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/core/node_modules/semver" + "value": "node_modules/pluralize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "supports-color", - "version": "7.2.0", - "bom-ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "name": "read-pkg-up", + "version": "7.0.1", + "bom-ref": "read-pkg-up@7.0.1", "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", + "description": "Read the closest package.json file", "licenses": [ { "license": { @@ -144098,30 +137337,30 @@ } } ], - "purl": "pkg:npm/supports-color@7.2.0", + "purl": "pkg:npm/read-pkg-up@7.0.1", "externalReferences": [ { - "url": "git+https://github.com/chalk/supports-color.git", + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/supports-color#readme", + "url": "https://github.com/sindresorhus/read-pkg-up#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/supports-color/issues", + "url": "https://github.com/sindresorhus/read-pkg-up/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "url": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + "content": "ccad1307b5dde89a422e694b9ae7eaca4184fbf4e539e3c3eaa28294d5bb8470ca161fc9effee0096191ee3a044045b56caab76b7c9465239b3a858b150e2886" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144130,98 +137369,322 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/istanbul-lib-report/node_modules/supports-color" - } - ] - }, - { - "type": "library", - "name": "supports-color", - "version": "7.2.0", - "bom-ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ + "value": "node_modules/read-pkg-up" + }, { - "license": { - "id": "MIT" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/supports-color@7.2.0", - "externalReferences": [ + "components": [ { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ { - "alg": "SHA-512", - "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-limit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, { - "name": "cdx:npm:package:path", - "value": "node_modules/supports-hyperlinks/node_modules/supports-color" + "type": "library", + "name": "type-fest", + "version": "0.8.1", + "bom-ref": "read-pkg-up@7.0.1|type-fest@0.8.1", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1d6f3233aaf8ed822339af0d64e6b107b4100d2a676e7611b20446a3374d5f13285a00886ca0a372eb2efe20df7721fa45b7063d8aa8bb903fb1c0a850b0d24" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "istanbul-lib-instrument", - "version": "5.2.1", - "bom-ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", - "author": "Krishnan Anantheswaran", - "description": "Core istanbul API for JS code coverage", + "name": "regexp-tree", + "version": "0.1.27", + "bom-ref": "regexp-tree@0.1.27", + "author": "Dmitry Soshnikov", + "description": "Regular Expressions parser in JavaScript", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "purl": "pkg:npm/regexp-tree@0.1.27", "externalReferences": [ { - "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "url": "git+https://github.com/DmitrySoshnikov/regexp-tree.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://istanbul.js.org/", + "url": "https://github.com/DmitrySoshnikov/regexp-tree", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/istanbuljs/istanbuljs/issues", + "url": "https://github.com/DmitrySoshnikov/regexp-tree/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "url": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + "content": "8844f1a632ba628456246e68ea15cbc2f8d80285be144667f68b343c3fdbe803fac50c2c6bf63b942560222c416d43cc7e1bbe8b62ed75e02a5538069506ab7c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144230,48 +137693,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument" + "value": "node_modules/regexp-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "semver", - "version": "6.3.1", - "bom-ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", + "name": "safe-regex", + "version": "2.1.1", + "bom-ref": "safe-regex@2.1.1", + "author": "James C.", + "description": "detect possibly catastrophic, exponential-time regular expressions", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/semver@6.3.1", + "purl": "pkg:npm/safe-regex@2.1.1", "externalReferences": [ { - "url": "git+https://github.com/npm/node-semver.git", + "url": "git://github.com/davisjam/safe-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/node-semver#readme", + "url": "https://github.com/davisjam/safe-regex", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/node-semver/issues", + "url": "https://github.com/davisjam/safe-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "url": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + "content": "af1fb1f0033329be50e6543de59a22e996c9ab008b92a8b75ee257a793f7ad3f0e11ceac642246e40139754de5b2046bfc5e01b37d634a554dfa3e4aaec1aef4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144280,17 +137747,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/babel-plugin-istanbul/node_modules/semver" + "value": "node_modules/safe-regex" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "escape-string-regexp", - "version": "2.0.0", - "bom-ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0", + "name": "eslint-plugin-unicorn", + "version": "52.0.0", + "bom-ref": "eslint-plugin-unicorn@52.0.0", "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", + "description": "More than 100 powerful ESLint rules", "licenses": [ { "license": { @@ -144298,30 +137769,30 @@ } } ], - "purl": "pkg:npm/escape-string-regexp@2.0.0", + "purl": "pkg:npm/eslint-plugin-unicorn@52.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-52.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "529cdc2c25e895459c36ee47b5530761d5c98c0ae3b05f42d1a367aae658638b96fd5bb49a2cb96285af6d5df8e476ae56f700527a51ba130c72a4dc18e636fb" + "content": "d58ce6eff9bed11e1d8c7d2d8c38df55e8bf8eedb0dc0cd41a31baabc267b8d20be71230b1f9720a8a16e6c7c1bd0a76a4c61015259608538db2309ac751079e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144330,17 +137801,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/stack-utils/node_modules/escape-string-regexp" + "value": "node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "jsesc", - "version": "2.5.2", - "bom-ref": "@babel/generator@7.24.4|jsesc@2.5.2", - "author": "Mathias Bynens", - "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "name": "eslintrc", + "group": "@eslint", + "version": "2.1.4", + "bom-ref": "@eslint/eslintrc@2.1.4", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", "licenses": [ { "license": { @@ -144348,30 +137824,30 @@ } } ], - "purl": "pkg:npm/jsesc@2.5.2", + "purl": "pkg:npm/%40eslint/eslintrc@2.1.4", "externalReferences": [ { - "url": "git+https://github.com/mathiasbynens/jsesc.git", + "url": "git+https://github.com/eslint/eslintrc.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://mths.be/jsesc", + "url": "https://github.com/eslint/eslintrc#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mathiasbynens/jsesc/issues", + "url": "https://github.com/eslint/eslintrc/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780" + "content": "dbaf59dfd312eb0549b6ca14975d0beb459d92125574f1b6e10e1e6531f79e717a969bd24a110adf04230d7f494560143ef3e1ec23a8b8fa54f48aea69916fb5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144380,48 +137856,270 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/generator/node_modules/jsesc" + "value": "node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "globals", - "version": "11.12.0", - "bom-ref": "@babel/traverse@7.24.1|globals@11.12.0", - "author": "Sindre Sorhus", - "description": "Global identifiers from different JavaScript environments", + "name": "espree", + "version": "9.6.1", + "bom-ref": "espree@9.6.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/globals@11.12.0", + "purl": "pkg:npm/espree@9.6.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/globals.git", + "url": "git+https://github.com/eslint/espree.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/globals#readme", + "url": "https://github.com/eslint/espree", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/globals/issues", + "url": "https://github.com/eslint/espree/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "url": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354" + "content": "a2bb99685923a2b4e9177da40d2239ffbe558b019e6608a7186cb636839283743d6e7c259e60e6e072e7925d111379fe9e30d7474dfb698d7ec79f19ff315dc1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144430,48 +138128,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/traverse/node_modules/globals" + "value": "node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "yargs-parser", - "version": "21.1.1", - "bom-ref": "yargs@17.7.2|yargs-parser@21.1.1", - "author": "Ben Coe", - "description": "the mighty option parser used by yargs", + "name": "parent-module", + "version": "1.0.1", + "bom-ref": "parent-module@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the path of the parent module", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/yargs-parser@21.1.1", + "purl": "pkg:npm/parent-module@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/yargs/yargs-parser.git", + "url": "git+https://github.com/sindresorhus/parent-module.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/yargs/yargs-parser#readme", + "url": "https://github.com/sindresorhus/parent-module#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/yargs-parser/issues", + "url": "https://github.com/sindresorhus/parent-module/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "url": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144480,48 +138182,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yargs/node_modules/yargs-parser" + "value": "node_modules/parent-module" } ] }, { "type": "library", - "name": "glob", - "version": "10.3.12", - "bom-ref": "js-beautify@1.15.1|glob@10.3.12", - "author": "Isaac Z. Schlueter", - "description": "the most correct and second fastest glob implementation in JavaScript", + "name": "resolve-from", + "version": "4.0.0", + "bom-ref": "resolve-from@4.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/glob@10.3.12", + "purl": "pkg:npm/resolve-from@4.0.0", "externalReferences": [ { - "url": "git://github.com/isaacs/node-glob.git", + "url": "git+https://github.com/sindresorhus/resolve-from.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-glob#readme", + "url": "https://github.com/sindresorhus/resolve-from#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-glob/issues", + "url": "https://github.com/sindresorhus/resolve-from/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144530,48 +138232,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/js-beautify/node_modules/glob" + "value": "node_modules/resolve-from" } ] }, { "type": "library", - "name": "minipass", - "version": "7.0.4", - "bom-ref": "js-beautify@1.15.1|minipass@7.0.4", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minipass@7.0.4", + "purl": "pkg:npm/ci-info@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass.git", + "url": "git+https://github.com/watson/ci-info.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minipass#readme", + "url": "https://github.com/watson/ci-info", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass/issues", + "url": "https://github.com/watson/ci-info/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "url": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + "content": "4dd1ea8067fda1d77c49736ec6d501571f0dbfea9939e8c4eaacaa8b2e4db5b61840e7856bace61e4c653f399a2f15961ec53a9c9981ec01137553e2fb634152" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144580,48 +138282,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/js-beautify/node_modules/minipass" + "value": "node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "minimatch", - "version": "9.0.1", - "bom-ref": "editorconfig@1.0.4|minimatch@9.0.1", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", + "name": "core-js-compat", + "version": "3.37.0", + "bom-ref": "core-js-compat@3.37.0", + "author": "Denis Pushkarev", + "description": "core-js compat", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minimatch@9.0.1", + "purl": "pkg:npm/core-js-compat@3.37.0#packages/core-js-compat", "externalReferences": [ { - "url": "git://github.com/isaacs/minimatch.git", + "url": "git+https://github.com/zloirock/core-js.git#packages/core-js-compat", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/isaacs/minimatch#readme", + "url": "https://github.com/zloirock/core-js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minimatch/issues", + "url": "https://github.com/zloirock/core-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz", + "url": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d235a12690ff31d84f5f03ee8919026df61f48aa76aa79f678e736efda88edffa8b25fe5fa9aca4abbe1835e7bcd262fc7fd679a09f636a753ea4d99ef3487f7" + "content": "bd8ab82fe4fc692e54b858385300e173b60d45655e559c25b5a77d0bf8d5dd1d8b8153a94bd043afb97f58be8137475b5779355de8cf4c7aaa133260b1ad1fac" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144630,17 +138336,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/editorconfig/node_modules/minimatch" + "value": "node_modules/core-js-compat" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "debug", - "version": "4.3.5", - "bom-ref": "@oclif/core@3.26.9|debug@4.3.5", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", + "name": "browserslist", + "version": "4.23.0", + "bom-ref": "browserslist@4.23.0", + "author": "Andrey Sitnik", + "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset", "licenses": [ { "license": { @@ -144648,30 +138358,30 @@ } } ], - "purl": "pkg:npm/debug@4.3.5", + "purl": "pkg:npm/browserslist@4.23.0", "externalReferences": [ { - "url": "git://github.com/debug-js/debug.git", + "url": "git+https://github.com/browserslist/browserslist.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/debug-js/debug#readme", + "url": "https://github.com/browserslist/browserslist#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/debug-js/debug/issues", + "url": "https://github.com/browserslist/browserslist/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "url": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + "content": "416f0788cd6c8614f61aece4be495f8dc2838961571ce78508803f86e24fc07b2c97073276093b5fecf6cd7a448a33fdf14098ec76ee6d9b79276660bdfd0269" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144680,47 +138390,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/core/node_modules/debug" + "value": "node_modules/browserslist" } ] }, { "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "@oclif/core@3.26.9|ms@2.1.2", - "description": "Tiny millisecond conversion utility", + "name": "caniuse-lite", + "version": "1.0.30001612", + "bom-ref": "caniuse-lite@1.0.30001612", + "author": "Ben Briggs", + "description": "A smaller version of caniuse-db, with only the essentials!", "licenses": [ { "license": { - "id": "MIT" + "id": "CC-BY-4.0" } } ], - "purl": "pkg:npm/ms@2.1.2", + "purl": "pkg:npm/caniuse-lite@1.0.30001612", "externalReferences": [ { - "url": "git+https://github.com/zeit/ms.git", + "url": "git+https://github.com/browserslist/caniuse-lite.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/zeit/ms#readme", + "url": "https://github.com/browserslist/caniuse-lite#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zeit/ms/issues", + "url": "https://github.com/browserslist/caniuse-lite/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "url": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001612.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + "content": "945827674ed485a09cb12660596d0ae63e1eebd74ad6efe5b6b2fd95352214ec0d1ecd764b750c204620055d19e82ea14437afee2467333cd898a69b61d5c5f6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144729,48 +138440,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/core/node_modules/ms" + "value": "node_modules/caniuse-lite" } ] }, { "type": "library", - "name": "js-yaml", - "version": "3.14.1", - "bom-ref": "@oclif/core@3.26.9|js-yaml@3.14.1", - "author": "Vladimir Zapparov", - "description": "YAML 1.2 parser and serializer", + "name": "electron-to-chromium", + "version": "1.4.747", + "bom-ref": "electron-to-chromium@1.4.747", + "author": "Kilian Valkhof", + "description": "Provides a list of electron-to-chromium version mappings", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/js-yaml@3.14.1", + "purl": "pkg:npm/electron-to-chromium@1.4.747", "externalReferences": [ { - "url": "git+https://github.com/nodeca/js-yaml.git", + "url": "git+https://github.com/kilian/electron-to-chromium.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodeca/js-yaml", + "url": "https://github.com/kilian/electron-to-chromium#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodeca/js-yaml/issues", + "url": "https://github.com/kilian/electron-to-chromium/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "url": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.747.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + "content": "f859d2599200bc51dbb0d566531844a9689a3a23cc71fba6d464339560a0ff02e2815b6c84eb235c7c8415f9ade9c14aebe1e44b740e241bfaff738fba66c17f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144779,16 +138490,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/core/node_modules/js-yaml" + "value": "node_modules/electron-to-chromium" } ] }, { "type": "library", - "name": "argparse", - "version": "1.0.10", - "bom-ref": "@oclif/core@3.26.9|argparse@1.0.10", - "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "name": "node-releases", + "version": "2.0.14", + "bom-ref": "node-releases@2.0.14", + "author": "Sergey Rubanov", + "description": "Node.js releases data", "licenses": [ { "license": { @@ -144796,30 +138508,30 @@ } } ], - "purl": "pkg:npm/argparse@1.0.10", + "purl": "pkg:npm/node-releases@2.0.14", "externalReferences": [ { - "url": "git+https://github.com/nodeca/argparse.git", + "url": "git+https://github.com/chicoxyzzy/node-releases.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodeca/argparse#readme", + "url": "https://github.com/chicoxyzzy/node-releases#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodeca/argparse/issues", + "url": "https://github.com/chicoxyzzy/node-releases/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "url": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + "content": "cb5d30396b7cc99a6a5e63a0468efb59a1c49a1610606340eb2e36d4f2ac2985842bc696f9ca80a616e8ad90e1a9fc8aadb64437dd823755f629b69f636b3b63" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144828,48 +138540,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/core/node_modules/argparse" + "value": "node_modules/node-releases" } ] }, { "type": "library", - "name": "sprintf-js", - "version": "1.0.3", - "bom-ref": "@oclif/core@3.26.9|sprintf-js@1.0.3", - "author": "Alexandru Marasteanu", - "description": "JavaScript sprintf implementation", + "name": "update-browserslist-db", + "version": "1.0.13", + "bom-ref": "update-browserslist-db@1.0.13", + "author": "Andrey Sitnik", + "description": "CLI tool to update caniuse-lite to refresh target browsers from Browserslist config", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/sprintf-js@1.0.3", + "purl": "pkg:npm/update-browserslist-db@1.0.13", "externalReferences": [ { - "url": "git+https://github.com/alexei/sprintf.js.git", + "url": "git+https://github.com/browserslist/update-db.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/alexei/sprintf.js#readme", + "url": "https://github.com/browserslist/update-db#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/alexei/sprintf.js/issues", + "url": "https://github.com/browserslist/update-db/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "url": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + "content": "c5e6cff3548d70fb8da4f3f7bb3796d4d617c48debc72273177a43eac1f88c4ee8fc85fe5ad4a9c27554faa22c0cfca4d1dde198543b9a3a9ce80b55eb4e216e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144878,17 +138590,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/core/node_modules/sprintf-js" + "value": "node_modules/update-browserslist-db" } ] }, { "type": "library", - "name": "is-arrayish", - "version": "0.3.2", - "bom-ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2", - "author": "Qix", - "description": "Determines if an object can be used as an array", + "name": "escalade", + "version": "3.1.2", + "bom-ref": "escalade@3.1.2", + "author": "Luke Edwards", + "description": "A tiny (183B to 210B) and fast utility to ascend parent directories", "licenses": [ { "license": { @@ -144896,30 +138608,30 @@ } } ], - "purl": "pkg:npm/is-arrayish@0.3.2", + "purl": "pkg:npm/escalade@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/qix-/node-is-arrayish.git", + "url": "git+https://github.com/lukeed/escalade.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/qix-/node-is-arrayish#readme", + "url": "https://github.com/lukeed/escalade#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/qix-/node-is-arrayish/issues", + "url": "https://github.com/lukeed/escalade/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", + "url": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "79546a0af56565bbb0dc6acceb7a2f352340780d4ad7a91a47f2d163ff76c34cf1439ff5633c1b9545fae768b85ecf51c001a35bd77dcba5fcf2df0e68025f59" + "content": "12b08730269ed7dbd1f2f4067b9d3122c5689b2d7dae0ea016edfeaf78e410ee3ab2e2cc58192cbd5ca81a0415fa339f97ce1948e4a59afe86c5af3d3e64c698" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144928,48 +138640,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/simple-swizzle/node_modules/is-arrayish" + "value": "node_modules/escalade" } ] }, { "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "jake@10.8.7|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", + "name": "estraverse", + "version": "5.3.0", + "bom-ref": "estraverse@5.3.0", + "description": "ECMAScript JS AST traversal functions", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/minimatch@3.1.2", + "purl": "pkg:npm/estraverse@5.3.0", "externalReferences": [ { - "url": "git://github.com/isaacs/minimatch.git", + "url": "git+ssh://git@github.com/estools/estraverse.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minimatch#readme", + "url": "https://github.com/estools/estraverse", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minimatch/issues", + "url": "https://github.com/estools/estraverse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "url": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + "content": "30c74046e54443388d4de243f0380caa6870475d41450fdc04ffa92ed61d4939dfdcc20ef1f15e8883446d7dfa65d3657d4ffb03d7f7814c38f41de842cbf004" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -144978,17 +138689,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jake/node_modules/minimatch" + "value": "node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "jake@10.8.7|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", + "name": "builtin-modules", + "version": "3.3.0", + "bom-ref": "builtin-modules@3.3.0", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", "licenses": [ { "license": { @@ -144996,30 +138711,30 @@ } } ], - "purl": "pkg:npm/brace-expansion@1.1.11", + "purl": "pkg:npm/builtin-modules@3.3.0", "externalReferences": [ { - "url": "git://github.com/juliangruber/brace-expansion.git", + "url": "git+https://github.com/sindresorhus/builtin-modules.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/juliangruber/brace-expansion", + "url": "https://github.com/sindresorhus/builtin-modules#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/brace-expansion/issues", + "url": "https://github.com/sindresorhus/builtin-modules/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "url": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + "content": "ce16820e271d2ee58de546cde4832716a34c84d7e8f75f6c1fce72dbf79afb9620f53b1391e671a4bf892dba7a7206054b8b112e9dd85784bac83baa5561d83b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145028,48 +138743,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jake/node_modules/brace-expansion" + "value": "node_modules/builtin-modules" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "minimatch", - "version": "5.1.6", - "bom-ref": "filelist@1.0.4|minimatch@5.1.6", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", + "name": "jsesc", + "version": "3.0.2", + "bom-ref": "jsesc@3.0.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minimatch@5.1.6", + "purl": "pkg:npm/jsesc@3.0.2", "externalReferences": [ { - "url": "git://github.com/isaacs/minimatch.git", + "url": "git+https://github.com/mathiasbynens/jsesc.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minimatch#readme", + "url": "https://mths.be/jsesc", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minimatch/issues", + "url": "https://github.com/mathiasbynens/jsesc/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "url": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "94ac15ff56eba46ea6054147b5becd526b400426f65996669b6c0d88e0398406fc55d092e01dddb4c5b2bdca1589c730016fc23844635cbb74ccfd735d4376ea" + "content": "c4aab3cd65c3b6d26e39c6b006de0a9ca1c721fe6843f0b16b1fb43d6146f83143807340762f935c40800c8f91622154326c7cefddb1b0c6db8178f80b09cfe2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145078,18 +138797,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/filelist/node_modules/minimatch" + "value": "node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { - "type": "library", - "name": "core", - "group": "@oclif", - "version": "4.0.0-beta.13", - "bom-ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", - "author": "Salesforce", - "description": "base library for oclif CLIs", + "type": "library", + "name": "p-try", + "version": "2.2.0", + "bom-ref": "p-try@2.2.0", + "author": "Sindre Sorhus", + "description": "`Start a promise chain", "licenses": [ { "license": { @@ -145097,30 +138819,30 @@ } } ], - "purl": "pkg:npm/%40oclif/core@4.0.0-beta.13", + "purl": "pkg:npm/p-try@2.2.0", "externalReferences": [ { - "url": "git+https://github.com/oclif/core.git", + "url": "git+https://github.com/sindresorhus/p-try.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/core", + "url": "https://github.com/sindresorhus/p-try#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/core/issues", + "url": "https://github.com/sindresorhus/p-try/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.13.tgz", + "url": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ba0f02654089a6181eb5265581de07420c9ec256151861b52c87855c6c63818b2367f7f92379d20a3ef1a403040ea8d50ff970992ba3b55c1aeedbc480b1880b" + "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145129,17 +138851,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-help/node_modules/@oclif/core" + "value": "node_modules/p-try" } ] }, { "type": "library", - "name": "supports-color", - "version": "9.4.0", - "bom-ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "name": "path-exists", + "version": "4.0.0", + "bom-ref": "path-exists@4.0.0", "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", + "description": "Check if a path exists", "licenses": [ { "license": { @@ -145147,30 +138869,30 @@ } } ], - "purl": "pkg:npm/supports-color@9.4.0", + "purl": "pkg:npm/path-exists@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/supports-color.git", + "url": "git+https://github.com/sindresorhus/path-exists.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/supports-color#readme", + "url": "https://github.com/sindresorhus/path-exists#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/supports-color/issues", + "url": "https://github.com/sindresorhus/path-exists/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-9.4.0.tgz", + "url": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "54bfa536b128217c30d5ca0b3ce9a21262bfd2c1a2824a3908ec48d3d2b31dcd9525726c437ed4690fbcaaebb18c3780efe2a72c64d647239748b2d1d966f88f" + "content": "6a4f50cb943b8d86f65b071ecb9169be0d8aa0073f64884b48b392066466ca03ec1b091556dd1f65ad2aaed333fa6ead2530077d943c167981e0c1b82d6cbbff" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145179,16 +138901,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-help/node_modules/supports-color" + "value": "node_modules/path-exists" } ] }, { "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "debug@4.3.4|ms@2.1.2", - "description": "Tiny millisecond conversion utility", + "name": "read-pkg", + "version": "5.2.0", + "bom-ref": "read-pkg@5.2.0", + "author": "Sindre Sorhus", + "description": "Read a package.json file", "licenses": [ { "license": { @@ -145196,30 +138919,30 @@ } } ], - "purl": "pkg:npm/ms@2.1.2", + "purl": "pkg:npm/read-pkg@5.2.0", "externalReferences": [ { - "url": "git+https://github.com/zeit/ms.git", + "url": "git+https://github.com/sindresorhus/read-pkg.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/zeit/ms#readme", + "url": "https://github.com/sindresorhus/read-pkg#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zeit/ms/issues", + "url": "https://github.com/sindresorhus/read-pkg/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "url": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + "content": "520ebd98d3a97ef28301cd90f034693238f376dae7bfd1dc48c5fee15b19c43d5a67a673ac813bae5cd706d593ca150b48c2a0d3be805ba591e626690f42623a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145228,18 +138951,237 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/debug/node_modules/ms" + "value": "node_modules/read-pkg" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "normalize-package-data", + "version": "2.5.0", + "bom-ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.5.0", + "externalReferences": [ + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "2.8.9", + "bom-ref": "read-pkg@5.2.0|hosted-git-info@2.8.9", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.8.9", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9b120301bf4bb26e83a0e27bc47fb9f97e32d4b53fe078b9d0bf42e6c22cc0adc9cd42d2e1bc24d45be374182f611e1bcd3e2db944220b5e451367f91db2ef63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "5.7.2", + "bom-ref": "read-pkg@5.2.0|semver@5.7.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "701ce79d0f4a8c9a94ebb079d91302eb908c6ab2b6eb4d161676e471a8b05aadf1cbfe61685265b21827a63a2f31527e1df7f8f5df06127d1bf3b0b9a43435d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.6.0", + "bom-ref": "read-pkg@5.2.0|type-fest@0.6.0", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abe301f27611d4a0cbae0af81b9c9e99fb69302eff40ba959dd06610476ace6363e5d70538ee0ea3caa5c1913750b4f7f998a6d45f0aab87019e290d86508c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "core", - "group": "@oclif", - "version": "4.0.1", - "bom-ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", - "author": "Salesforce", - "description": "base library for oclif CLIs", + "name": "normalize-package-data", + "group": "@types", + "version": "2.4.4", + "bom-ref": "@types/normalize-package-data@2.4.4", + "description": "TypeScript definitions for normalize-package-data", "licenses": [ { "license": { @@ -145247,30 +139189,30 @@ } } ], - "purl": "pkg:npm/%40oclif/core@4.0.1", + "purl": "pkg:npm/%40types/normalize-package-data@2.4.4#types/normalize-package-data", "externalReferences": [ { - "url": "git+https://github.com/oclif/core.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/normalize-package-data", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/oclif/core", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/normalize-package-data", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/core/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "url": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + "content": "dfb8be39a59387da9e2b82d21cfb32442ecd6a19c6a2d36e66f8cb4a070fcdb9691c1debac227100e808e6009d2a6edca289ec697d4e7f420b8937276636dfc4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145279,48 +139221,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/@oclif/core" + "value": "node_modules/@types/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "debug", - "version": "4.3.5", - "bom-ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/debug@4.3.5", + "purl": "pkg:npm/validate-npm-package-license@3.0.4", "externalReferences": [ { - "url": "git://github.com/debug-js/debug.git", + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/debug-js/debug#readme", + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/debug-js/debug/issues", + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "url": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145329,47 +139275,51 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/debug" + "value": "node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2", - "description": "Tiny millisecond conversion utility", + "name": "regjsparser", + "version": "0.10.0", + "bom-ref": "regjsparser@0.10.0", + "author": "'Julian Viereck'", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/ms@2.1.2", + "purl": "pkg:npm/regjsparser@0.10.0", "externalReferences": [ { - "url": "git+https://github.com/zeit/ms.git", + "url": "git+ssh://git@github.com/jviereck/regjsparser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/zeit/ms#readme", + "url": "https://github.com/jviereck/regjsparser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zeit/ms/issues", + "url": "https://github.com/jviereck/regjsparser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "url": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + "content": "ab1fb1406655b32e79087d1ad61895c079aa8cbaf27e1ef04321791ced3b5c9f5fedd40c63f80f407865c83908cc9282fb1d9f502a42714383514505ae6ed21c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145378,48 +139328,109 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/ms" + "value": "node_modules/regjsparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "jsesc", + "version": "0.5.0", + "bom-ref": "regjsparser@0.10.0|jsesc@0.5.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "http://mths.be/mit" + } + } + ], + "purl": "pkg:npm/jsesc@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b99cf952707bbb84fd2efc2616a5e28bba594a8b9a44fa2b1ace70868d48a7b54ed30c5a9c5bc12fb1a433a7531e5817fa384102945eb5a5a99c369b39e4dc9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser/node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "npm-package-arg", - "version": "11.0.2", - "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", - "author": "GitHub Inc.", - "description": "Parse the things that can be arguments to `npm install`", + "name": "strip-indent", + "version": "3.0.0", + "bom-ref": "strip-indent@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip leading whitespace from each line in a string", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/npm-package-arg@11.0.2", + "purl": "pkg:npm/strip-indent@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/npm-package-arg.git", + "url": "git+https://github.com/sindresorhus/strip-indent.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/npm-package-arg", + "url": "https://github.com/sindresorhus/strip-indent#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/npm-package-arg/issues", + "url": "https://github.com/sindresorhus/strip-indent/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.2.tgz", + "url": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "206374200c26843270cb5dd673c93ee0f11b4cf86926732d7d1e7765b3b28e4be611c2d2e270b0a7a9af3168d2e6c5237a25b79a9c7a7079ae84a12ef5799c43" + "content": "95a2536b725bf95429682e83b1e1e117b75756a1d37c93c24436846e277f76b3a1822b60624bbf95eb4c52a397168595d3320851b8e9747dadfad623e1b40c45" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145428,48 +139439,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-package-arg" + "value": "node_modules/strip-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "proc-log", - "version": "4.2.0", - "bom-ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", - "author": "GitHub Inc.", - "description": "just emit 'log' events on the process object", + "name": "min-indent", + "version": "1.0.1", + "bom-ref": "min-indent@1.0.1", + "author": "James Kyle", + "description": "Get the shortest leading whitespace from lines in a string", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/proc-log@4.2.0", + "purl": "pkg:npm/min-indent@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/npm/proc-log.git", + "url": "git+https://github.com/thejameskyle/min-indent.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/proc-log#readme", + "url": "https://github.com/thejameskyle/min-indent#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/proc-log/issues", + "url": "https://github.com/thejameskyle/min-indent/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", + "url": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "83cf8e9d4fcbdaffb0ca254af83e5f037e09ec41fc8d9f030e5bf085108cc66323ed4081bf188ed6619e37edfa25720a178cdebd4e2444177c955806f6f2de94" + "content": "23d8f0327d3b4b2fc8c0e8f7cd59158a4d894ef8296b29036448a02fa471e8df4b6cccb0c1448cb71113fbb955a032cb7773b7217c09c2fbae9ecf1407f1de02" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145478,17 +139493,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/proc-log" + "value": "node_modules/min-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "npm-run-path", - "version": "5.3.0", - "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", - "author": "Sindre Sorhus", - "description": "Get your PATH prepended with locally installed binaries", + "name": "js", + "group": "@eslint", + "version": "8.57.0", + "bom-ref": "@eslint/js@8.57.0", + "description": "ESLint JavaScript language implementation", "licenses": [ { "license": { @@ -145496,30 +139515,30 @@ } } ], - "purl": "pkg:npm/npm-run-path@5.3.0", + "purl": "pkg:npm/%40eslint/js@8.57.0#packages/js", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "url": "git+https://github.com/eslint/eslint.git#packages/js", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/npm-run-path#readme", + "url": "https://eslint.org", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/npm-run-path/issues", + "url": "https://github.com/eslint/eslint/issues/", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", + "url": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a69c13b62259ab43bf6a2d33ef27ee76d069588a3133cc84ea71e2d57e3b785476116391a9f6eee829cf94db2378debcdde4f4a86e87fcfc9ff5f09cbe39e79d" + "content": "62cfb78364da5bb8000ce2733edf37489b420e13239dd703305550fd38fd880d417c9cc5283f660145d3dce7a7a6e3c76c8e8ffe6c840b1449ae87d4b03c7fe6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145528,54 +139547,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path" + "value": "node_modules/@eslint/js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "object-treeify", - "version": "4.0.1", - "bom-ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", - "author": "Lukas Siemon", - "description": "Stringify Object as tree structure", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.11.14", + "bom-ref": "@humanwhocodes/config-array@0.11.14", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", "licenses": [ { "license": { - "id": "MIT" - } - }, - { - "license": { - "id": "MIT", - "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/object-treeify@4.0.1", + "purl": "pkg:npm/%40humanwhocodes/config-array@0.11.14", "externalReferences": [ { - "url": "git+https://github.com/blackflux/object-treeify.git", + "url": "git+https://github.com/humanwhocodes/config-array.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/blackflux/object-treeify#readme", + "url": "https://github.com/humanwhocodes/config-array#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/blackflux/object-treeify/issues", + "url": "https://github.com/humanwhocodes/config-array/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-4.0.1.tgz", + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "63ab60e6b1dfb1e7d291f2ae8efd92c07ba522744ecbfac22f9178c3440e5b1badf009f16317f46263614e1f7965fcb1a6cb9da3aeaeaa4bb1d000859f231281" + "content": "dd3f0b90e9a0e39055e452026f5e5040cb325125ab43c0328157c2ed91b7db339a967aab8a59b4d7c6550b0d1e6a95eec7c16d037deaf0f4914acb6379ede34a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145584,48 +139602,163 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/object-treeify" + "value": "node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "which", - "version": "4.0.0", - "bom-ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", - "author": "GitHub Inc.", - "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "2.0.3", + "bom-ref": "@humanwhocodes/object-schema@2.0.3", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/which@4.0.0", + "purl": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", "externalReferences": [ { - "url": "git+https://github.com/npm/node-which.git", + "url": "git+https://github.com/humanwhocodes/object-schema.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/node-which#readme", + "url": "https://github.com/humanwhocodes/object-schema#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/node-which/issues", + "url": "https://github.com/humanwhocodes/object-schema/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1a5698c846f4ec33f16022a12b3a65096049b6fc5971932b2fee1492b4d22471cfc99538998613bf7a9a39eefb1fb10e0cb492a2901414073a5bc538caabec72" + "content": "f77cd874c112fdcd43ebdc9988a0c18f4576e2fa8dcc1fe4a05dba28f69a8007dddcfff8814961dc3cace688002be1318bd432ce50fcc7fd3c66def020a70370" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145634,48 +139767,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/which" + "value": "node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "isexe", - "version": "3.1.1", - "bom-ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1", - "author": "Isaac Z. Schlueter", - "description": "Minimal module to check if a file is executable.", + "name": "module-importer", + "group": "@humanwhocodes", + "version": "1.0.1", + "bom-ref": "@humanwhocodes/module-importer@1.0.1", + "author": "Nicholas C. Zaks", + "description": "Universal module importer for Node.js", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/isexe@3.1.1", + "purl": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/isaacs/isexe.git", + "url": "git+https://github.com/humanwhocodes/module-importer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/isexe#readme", + "url": "https://github.com/humanwhocodes/module-importer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/isexe/issues", + "url": "https://github.com/humanwhocodes/module-importer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", + "url": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2e907fe7807eff627986a43b8a66477dd537d4e96042ac7b6627159649bd93383dff0f0628b11c15f265fedec30840ee78ec81003eb3082c133ba173b3436811" + "content": "6f1bde57857cbf961be277054d3deb3d281904ea429237cad32e28555549c08b8354144c0d7acfc9744bf7cf22e5aa7d9bd6e7c8412359f9b95a4066b5f7cb7c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145684,47 +139822,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/isexe" + "value": "node_modules/@humanwhocodes/module-importer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "yarn", - "version": "1.22.22", - "bom-ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22", - "description": "📦🐈 Fast, reliable, and secure dependency management.", + "name": "fs.scandir", + "group": "@nodelib", + "version": "2.1.5", + "bom-ref": "@nodelib/fs.scandir@2.1.5", + "description": "List files and directories inside the specified directory", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/yarn@1.22.22", + "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5#master", "externalReferences": [ { - "url": "git+https://github.com/yarnpkg/yarn.git", + "url": "git+https://github.com/nodelib/nodelib.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/yarnpkg/yarn#readme", + "url": "https://github.com/nodelib/nodelib/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yarnpkg/yarn/issues", + "url": "https://github.com/nodelib/nodelib/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", + "url": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" + "content": "beadb806adf29b91c4426d8d282af7c970f08dceef4ec1138510e7929d832bda75baa2d1f831eeae6fcd393a34286ec760753b7a9a4a663dcccaa62e3017fada" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145733,48 +139876,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/yarn" + "value": "node_modules/@nodelib/fs.scandir" } ] }, { "type": "library", - "name": "lru-cache", - "version": "10.2.2", - "bom-ref": "hosted-git-info@7.0.2|lru-cache@10.2.2", - "author": "Isaac Z. Schlueter", - "description": "A cache object that deletes the least-recently-used items.", + "name": "run-parallel", + "version": "1.2.0", + "bom-ref": "run-parallel@1.2.0", + "author": "Feross Aboukhadijeh", + "description": "Run an array of functions in parallel", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/lru-cache@10.2.2", + "purl": "pkg:npm/run-parallel@1.2.0", "externalReferences": [ { - "url": "git://github.com/isaacs/node-lru-cache.git", + "url": "git://github.com/feross/run-parallel.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-lru-cache#readme", + "url": "https://github.com/feross/run-parallel", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-lru-cache/issues", + "url": "https://github.com/feross/run-parallel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "url": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f61a77569dbf845414888c0aa3c5c2785567ae0f0f9374d834f211eed2400ca8b961f705eef11a2bb6af1474e54b2de438a61a25069a95f128e98b9775c78139" + "content": "e65e15c9947ce8b67f943c594d1ea3a8bf00144d92d0814b30fdba01b8ec2d5003c4776107f734194b07fb2dfd51f0a2dddcf3f0e950b8f9a768938ca031d004" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -145783,62 +139926,67 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/hosted-git-info/node_modules/lru-cache" + "value": "node_modules/run-parallel" } ] }, { "type": "library", - "name": "string-locale-compare", - "group": "@isaacs", - "version": "1.1.0", - "bom-ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", - "author": "Isaac Z. Schlueter", - "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", + "name": "queue-microtask", + "version": "1.2.3", + "bom-ref": "queue-microtask@1.2.3", + "author": "Feross Aboukhadijeh", + "description": "fast, tiny `queueMicrotask` shim for modern engines", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40isaacs/string-locale-compare@1.1.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/string-locale-compare.git", + "purl": "pkg:npm/queue-microtask@1.2.3", "externalReferences": [ { - "url": "git+https://github.com/isaacs/string-locale-compare.git", + "url": "git://github.com/feross/queue-microtask.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/string-locale-compare#readme", + "url": "https://github.com/feross/queue-microtask", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/string-locale-compare/issues", + "url": "https://github.com/feross/queue-microtask/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36e68d49ae9f94a4f925a498433268934e09cd32f5080e9a1a1bf9adf2d6dcf82a03e3360a1a59427002f21f22e19164052f17e51aa40c11c0eebe217a3dcaf4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@isaacs/string-locale-compare" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/queue-microtask" } ] }, { "type": "library", - "name": "arborist", - "group": "@npmcli", - "version": "7.5.2", - "bom-ref": "npm@10.8.0|@npmcli/arborist@7.5.2", - "author": "GitHub Inc.", - "description": "Manage node_modules trees", + "name": "fastq", + "version": "1.17.1", + "bom-ref": "fastq@1.17.1", + "author": "Matteo Collina", + "description": "Fast, in memory work queue", "licenses": [ { "license": { @@ -145846,87 +139994,100 @@ } } ], - "purl": "pkg:npm/%40npmcli/arborist@7.5.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/arborist", + "purl": "pkg:npm/fastq@1.17.1", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/arborist", + "url": "git+https://github.com/mcollina/fastq.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/cli#readme", + "url": "https://github.com/mcollina/fastq#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cli/issues", + "url": "https://github.com/mcollina/fastq/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b11543de55952175a0e81cbaf1937bbe1a3d6b5a5070dfd604568002c0c31739498efa06c743fccfb575b7bda0ac525f261bb760f641baedb97fb29ac368cdd7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/arborist" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/fastq" } ] }, { "type": "library", - "name": "fs", - "group": "@npmcli", - "version": "3.1.1", - "bom-ref": "npm@10.8.0|@npmcli/fs@3.1.1", - "author": "GitHub Inc.", - "description": "filesystem utilities for the npm cli", + "name": "reusify", + "version": "1.0.4", + "bom-ref": "reusify@1.0.4", + "author": "Matteo Collina", + "description": "Reuse objects and functions with style", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40npmcli/fs@3.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/fs.git", + "purl": "pkg:npm/reusify@1.0.4", "externalReferences": [ { - "url": "git+https://github.com/npm/fs.git", + "url": "git+https://github.com/mcollina/reusify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/fs#readme", + "url": "https://github.com/mcollina/reusify#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/fs/issues", + "url": "https://github.com/mcollina/reusify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d9c7f3c6b77dcfde902175974fd43f5228b22b888f24e1ee106f5d530762055c7c6bedf3ded782e8f650e2c3788e411b69bbfeec3268b553e9f6ed0b04f2cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/fs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/reusify" } ] }, { "type": "library", - "name": "installed-package-contents", - "group": "@npmcli", - "version": "2.1.0", - "bom-ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", - "author": "GitHub Inc.", - "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", + "name": "structured-clone", + "group": "@ungap", + "version": "1.2.0", + "bom-ref": "@ungap/structured-clone@1.2.0", + "author": "Andrea Giammarchi", + "description": "A structuredClone polyfill", "licenses": [ { "license": { @@ -145934,173 +140095,203 @@ } } ], - "purl": "pkg:npm/%40npmcli/installed-package-contents@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/installed-package-contents.git", + "purl": "pkg:npm/%40ungap/structured-clone@1.2.0", "externalReferences": [ { - "url": "git+https://github.com/npm/installed-package-contents.git", + "url": "git+https://github.com/ungap/structured-clone.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/installed-package-contents#readme", + "url": "https://github.com/ungap/structured-clone#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/installed-package-contents/issues", + "url": "https://github.com/ungap/structured-clone/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cee55d16b3098ae083414302cd0683e8a2f6f0c8e7aaa37c5e702a884abd3cd9bf8423d34867eb5c239fc23d68c382c56ffb4dca624fc2c35b55e3dcd7116aad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/installed-package-contents" + "value": "node_modules/@ungap/structured-clone" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "npm-bundled", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|npm-bundled@3.0.1", - "author": "GitHub Inc.", - "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/npm-bundled@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-bundled.git", + "purl": "pkg:npm/path-key@3.1.1", "externalReferences": [ { - "url": "git+https://github.com/npm/npm-bundled.git", + "url": "git+https://github.com/sindresorhus/path-key.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/npm-bundled#readme", + "url": "https://github.com/sindresorhus/path-key#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/npm-bundled/issues", + "url": "https://github.com/sindresorhus/path-key/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-bundled" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/path-key" } ] }, { "type": "library", - "name": "npm-normalize-package-bin", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1", - "author": "GitHub Inc.", - "description": "Turn any flavor of allowable package.json bin into a normalized object", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/npm-normalize-package-bin@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-normalize-package-bin.git", + "purl": "pkg:npm/shebang-command@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/npm-normalize-package-bin.git", + "url": "git+https://github.com/kevva/shebang-command.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/npm-normalize-package-bin#readme", + "url": "https://github.com/kevva/shebang-command#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/npm-normalize-package-bin/issues", + "url": "https://github.com/kevva/shebang-command/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-normalize-package-bin" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/shebang-command" } ] }, { "type": "library", - "name": "map-workspaces", - "group": "@npmcli", - "version": "3.0.6", - "bom-ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", - "author": "GitHub Inc.", - "description": "Retrieves a name:pathname Map for a given workspaces config", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40npmcli/map-workspaces@3.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/map-workspaces.git", + "purl": "pkg:npm/shebang-regex@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/map-workspaces.git", + "url": "git+https://github.com/sindresorhus/shebang-regex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/map-workspaces#readme", + "url": "https://github.com/sindresorhus/shebang-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/map-workspaces/issues", + "url": "https://github.com/sindresorhus/shebang-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/map-workspaces" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/shebang-regex" } ] }, { "type": "library", - "name": "metavuln-calculator", - "group": "@npmcli", - "version": "7.1.1", - "bom-ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", - "author": "GitHub Inc.", - "description": "Calculate meta-vulnerabilities from package security advisories", + "name": "which", + "version": "2.0.2", + "bom-ref": "which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", "licenses": [ { "license": { @@ -146108,42 +140299,49 @@ } } ], - "purl": "pkg:npm/%40npmcli/metavuln-calculator@7.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/metavuln-calculator.git", + "purl": "pkg:npm/which@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/npm/metavuln-calculator.git", + "url": "git://github.com/isaacs/node-which.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/metavuln-calculator#readme", + "url": "https://github.com/isaacs/node-which#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/metavuln-calculator/issues", + "url": "https://github.com/isaacs/node-which/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/metavuln-calculator" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/which" } ] }, { "type": "library", - "name": "cacache", - "version": "18.0.3", - "bom-ref": "npm@10.8.0|cacache@18.0.3", - "author": "GitHub Inc.", - "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", "licenses": [ { "license": { @@ -146151,171 +140349,205 @@ } } ], - "purl": "pkg:npm/cacache@18.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cacache.git", + "purl": "pkg:npm/isexe@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/cacache.git", + "url": "git+https://github.com/isaacs/isexe.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/cacache#readme", + "url": "https://github.com/isaacs/isexe#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cacache/issues", + "url": "https://github.com/isaacs/isexe/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "447c4c2e9f659ca1c61d19e0f5016144231b600715a67ebdb2648672addfdfac638155564e18f8aaa2db4cb96aed2b23f01f9f210d44b8210623694ab3241e23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cacache" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/isexe" } ] }, { "type": "library", - "name": "json-parse-even-better-errors", - "version": "3.0.2", - "bom-ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2", - "author": "GitHub Inc.", - "description": "JSON.parse with context information on error", + "name": "eslint-scope", + "version": "7.2.2", + "bom-ref": "eslint-scope@7.2.2", + "description": "ECMAScript scope analyzer for ESLint", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/json-parse-even-better-errors@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/json-parse-even-better-errors.git", + "purl": "pkg:npm/eslint-scope@7.2.2", "externalReferences": [ { - "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "url": "git+https://github.com/eslint/eslint-scope.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "url": "http://github.com/eslint/eslint-scope", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "url": "https://github.com/eslint/eslint-scope/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74eb76d4eee54cc84333e5fd981e065fe0d9ad9b425093cbff095c4eac72af1e48bced0862d20b76dad0190a7ef27e52d20c1256639ff4d42b8cc3a07d066522" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/json-parse-even-better-errors" + "value": "node_modules/eslint-scope" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "pacote", - "version": "18.0.6", - "bom-ref": "npm@10.8.0|pacote@18.0.6", - "author": "GitHub Inc.", - "description": "JavaScript package downloader", + "name": "acorn", + "version": "8.11.3", + "bom-ref": "acorn@8.11.3", + "description": "ECMAScript parser", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/pacote@18.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/pacote.git", + "purl": "pkg:npm/acorn@8.11.3", "externalReferences": [ { - "url": "git+https://github.com/npm/pacote.git", + "url": "git+https://github.com/acornjs/acorn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/pacote#readme", + "url": "https://github.com/acornjs/acorn", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/pacote/issues", + "url": "https://github.com/acornjs/acorn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63dad17c91b98dc28e13408b8ac61ba2352322b20413b00633303f4a6e01b2500d85b4be70332980175c3d3f75a09eceb89f61609071e7d4636e1c559eb17c5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/pacote" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/acorn" } ] }, { "type": "library", - "name": "proc-log", - "version": "4.2.0", - "bom-ref": "npm@10.8.0|proc-log@4.2.0", - "author": "GitHub Inc.", - "description": "just emit 'log' events on the process object", + "name": "flat-cache", + "version": "3.2.0", + "bom-ref": "flat-cache@3.2.0", + "author": "Jared Wray", + "description": "A stupidly simple key/value storage using files to persist some data", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/proc-log@4.2.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "purl": "pkg:npm/flat-cache@3.2.0", "externalReferences": [ { - "url": "git+https://github.com/npm/proc-log.git", + "url": "git+https://github.com/jaredwray/flat-cache.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/proc-log#readme", + "url": "https://github.com/jaredwray/flat-cache#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/proc-log/issues", + "url": "https://github.com/jaredwray/flat-cache/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09870435af85b5c50a2e6861ab272da5c96cabb405dfca4a8d91ec18d892405e6be05b6828359a6c50e5de1cda11032f4f52c7132b30e6dc202efa5861be2f6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/proc-log" + "value": "node_modules/flat-cache" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "semver", - "version": "7.6.2", - "bom-ref": "npm@10.8.0|semver@7.6.2", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", + "name": "flatted", + "version": "3.3.1", + "bom-ref": "flatted@3.3.1", + "author": "Andrea Giammarchi", + "description": "A super light and fast circular JSON parser.", "licenses": [ { "license": { @@ -146323,216 +140555,269 @@ } } ], - "purl": "pkg:npm/semver@7.6.2?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "purl": "pkg:npm/flatted@3.3.1", "externalReferences": [ { - "url": "git+https://github.com/npm/node-semver.git", + "url": "git+https://github.com/WebReflection/flatted.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/node-semver#readme", + "url": "https://github.com/WebReflection/flatted#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/node-semver/issues", + "url": "https://github.com/WebReflection/flatted/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5fc72a30b2e27bb2ac3540d277378df0560af6b12de03b7aeceb06fc33469d84d20c11b8b850091419d47a257ecc2540bf0172e7a22333db07e758d568484dc7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/semver" + "value": "node_modules/flatted" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "name-from-folder", - "group": "@npmcli", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0", - "author": "GitHub Inc.", - "description": "Get the package name from a folder path", + "name": "keyv", + "version": "4.5.4", + "bom-ref": "keyv@4.5.4", + "author": "Jared Wray", + "description": "Simple key-value storage with support for multiple backends", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40npmcli/name-from-folder@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/name-from-folder.git", + "purl": "pkg:npm/keyv@4.5.4", "externalReferences": [ { - "url": "git+https://github.com/npm/name-from-folder.git", + "url": "git+https://github.com/jaredwray/keyv.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/name-from-folder#readme", + "url": "https://github.com/jaredwray/keyv", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/name-from-folder/issues", + "url": "https://github.com/jaredwray/keyv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3154790747f1097f608d5e75b144b5ba9a0ec9c82094706d03b441a62f672d528d4f3538a7d4f52297eafffb8af93295600bf7e7d648ecc7b9a34ae8caa88a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/name-from-folder" + "value": "node_modules/keyv" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "node-gyp", - "group": "@npmcli", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0", - "author": "GitHub Inc.", - "description": "Tools for dealing with node-gyp packages", + "name": "json-buffer", + "version": "3.0.1", + "bom-ref": "json-buffer@3.0.1", + "author": "Dominic Tarr", + "description": "JSON parse & stringify that supports binary via bops & base64", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40npmcli/node-gyp@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-gyp.git", + "purl": "pkg:npm/json-buffer@3.0.1", "externalReferences": [ { - "url": "git+https://github.com/npm/node-gyp.git", + "url": "git://github.com/dominictarr/json-buffer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/node-gyp#readme", + "url": "https://github.com/dominictarr/json-buffer", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/node-gyp/issues", + "url": "https://github.com/dominictarr/json-buffer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1b57905f4769aa7d04c99be579b4f3dd7fe669ba1888bd3b8007983c91cad7399a534ff430c15456072c17d68cebea512e3dd6c7c70689966f46ea6236b1f49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/node-gyp" + "value": "node_modules/json-buffer" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "package-json", - "group": "@npmcli", - "version": "5.1.0", - "bom-ref": "npm@10.8.0|@npmcli/package-json@5.1.0", - "author": "GitHub Inc.", - "description": "Programmatic API to update package.json", + "name": "find-up", + "version": "5.0.0", + "bom-ref": "find-up@5.0.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40npmcli/package-json@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/package-json.git", + "purl": "pkg:npm/find-up@5.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/package-json.git", + "url": "git+https://github.com/sindresorhus/find-up.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/package-json#readme", + "url": "https://github.com/sindresorhus/find-up#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/package-json/issues", + "url": "https://github.com/sindresorhus/find-up/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efcfcf5d3d7094b2c3813cc3b3bb23abd873cf4bd70fece7fbbc32a447b87d74310a6766a9f1ac10f4319a2092408dda8c557dd5b552b2f36dac94625ba9c69e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/package-json" + "value": "node_modules/find-up" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "query", - "group": "@npmcli", - "version": "3.1.0", - "bom-ref": "npm@10.8.0|@npmcli/query@3.1.0", - "author": "GitHub Inc.", - "description": "npm query parser and tools", + "name": "locate-path", + "version": "6.0.0", + "bom-ref": "locate-path@6.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40npmcli/query@3.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/query.git", + "purl": "pkg:npm/locate-path@6.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/query.git", + "url": "git+https://github.com/sindresorhus/locate-path.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/query#readme", + "url": "https://github.com/sindresorhus/locate-path#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/query/issues", + "url": "https://github.com/sindresorhus/locate-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88f64ae9e6236f146edee078fd667712c10830914ca80a28a65dd1fb3baad148dc026fcc3ba282c1e0e03df3f77a54f3b6828fdcab67547c539f63470520d553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/query" + "value": "node_modules/locate-path" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "postcss-selector-parser", - "version": "6.0.16", - "bom-ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "name": "p-locate", + "version": "5.0.0", + "bom-ref": "p-locate@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", "licenses": [ { "license": { @@ -146540,42 +140825,53 @@ } } ], - "purl": "pkg:npm/postcss-selector-parser@6.0.16?vcs_url=git%2Bhttps%3A//github.com/postcss/postcss-selector-parser.git", + "purl": "pkg:npm/p-locate@5.0.0", "externalReferences": [ { - "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "url": "git+https://github.com/sindresorhus/p-locate.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/postcss/postcss-selector-parser", + "url": "https://github.com/sindresorhus/p-locate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/postcss/postcss-selector-parser/issues", + "url": "https://github.com/sindresorhus/p-locate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2da363b51594058fbecc1e6713f37071aa0cca548f93e4be647341d53cdd6cc24c9f2e9dca7a401aded7fed97f418ab74c8784ea7c47a696e8d8b1b29ab1b93f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/postcss-selector-parser" + "value": "node_modules/p-locate" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "cssesc", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|cssesc@3.0.0", - "author": "Mathias Bynens", - "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "name": "is-extglob", + "version": "2.1.1", + "bom-ref": "is-extglob@2.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a string has an extglob.", "licenses": [ { "license": { @@ -146583,42 +140879,49 @@ } } ], - "purl": "pkg:npm/cssesc@3.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/cssesc.git", + "purl": "pkg:npm/is-extglob@2.1.1", "externalReferences": [ { - "url": "git+https://github.com/mathiasbynens/cssesc.git", + "url": "git+https://github.com/jonschlinkert/is-extglob.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://mths.be/cssesc", + "url": "https://github.com/jonschlinkert/is-extglob", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mathiasbynens/cssesc/issues", + "url": "https://github.com/jonschlinkert/is-extglob/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cssesc" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/is-extglob" } ] }, { "type": "library", - "name": "util-deprecate", - "version": "1.0.2", - "bom-ref": "npm@10.8.0|util-deprecate@1.0.2", - "author": "Nathan Rajlich", - "description": "The Node.js `util.deprecate()` function with browser support", + "name": "is-path-inside", + "version": "3.0.3", + "bom-ref": "is-path-inside@3.0.3", + "author": "Sindre Sorhus", + "description": "Check if a path is inside another path", "licenses": [ { "license": { @@ -146626,1103 +140929,1362 @@ } } ], - "purl": "pkg:npm/util-deprecate@1.0.2?vcs_url=git%3A//github.com/TooTallNate/util-deprecate.git", + "purl": "pkg:npm/is-path-inside@3.0.3", "externalReferences": [ { - "url": "git://github.com/TooTallNate/util-deprecate.git", + "url": "git+https://github.com/sindresorhus/is-path-inside.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/TooTallNate/util-deprecate", + "url": "https://github.com/sindresorhus/is-path-inside#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/TooTallNate/util-deprecate/issues", + "url": "https://github.com/sindresorhus/is-path-inside/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15de200016fec9c18098aa2ef1e31fb42ba94a2af9951c6a7f8683fef774703daa7381cbd3b3a309eb8732bf11a380a831a782283074fc40813955a34f052f3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/util-deprecate" + "value": "node_modules/is-path-inside" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "redact", - "group": "@npmcli", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|@npmcli/redact@2.0.0", - "author": "GitHub Inc.", - "description": "Redact sensitive npm information from output", + "name": "prelude-ls", + "version": "1.2.1", + "bom-ref": "prelude-ls@1.2.1", + "author": "George Zahariev", + "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40npmcli/redact@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/redact.git", + "purl": "pkg:npm/prelude-ls@1.2.1", "externalReferences": [ { - "url": "git+https://github.com/npm/redact.git", + "url": "git://github.com/gkz/prelude-ls.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/redact#readme", + "url": "http://preludels.com", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/redact/issues", + "url": "https://github.com/gkz/prelude-ls/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be47033eb459a354192db9f944b18fa60fd698843ae6aa165a170629ffdbe5ea659246ab5f49bdcfca6909ab789a53aa52c5a9c8db9880edd5472ad81d2cd7e6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/redact" + "value": "node_modules/prelude-ls" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "run-script", - "group": "@npmcli", - "version": "8.1.0", - "bom-ref": "npm@10.8.0|@npmcli/run-script@8.1.0", - "author": "GitHub Inc.", - "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", + "name": "type-check", + "version": "0.4.0", + "bom-ref": "type-check@0.4.0", + "author": "George Zahariev", + "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40npmcli/run-script@8.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/run-script.git", + "purl": "pkg:npm/type-check@0.4.0", "externalReferences": [ { - "url": "git+https://github.com/npm/run-script.git", + "url": "git://github.com/gkz/type-check.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/run-script#readme", + "url": "https://github.com/gkz/type-check", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/run-script/issues", + "url": "https://github.com/gkz/type-check/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5794a1cf6ec065ea8d6c176944d9026ccc705679f39f10036befc7552be7121c8b15c83fef0b9c50e0469954df4bacead7aa765b2415fbbe69ee0aefd3a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/run-script" + "value": "node_modules/type-check" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "bin-links", - "version": "4.0.4", - "bom-ref": "npm@10.8.0|bin-links@4.0.4", - "author": "GitHub Inc.", - "description": "JavaScript package binary linker", + "name": "word-wrap", + "group": "@aashutoshrathi", + "version": "1.2.6", + "bom-ref": "@aashutoshrathi/word-wrap@1.2.6", + "author": "Jon Schlinkert", + "description": "Wrap words to a specified length.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/bin-links@4.0.4?vcs_url=git%2Bhttps%3A//github.com/npm/bin-links.git", + "purl": "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6", "externalReferences": [ { - "url": "git+https://github.com/npm/bin-links.git", + "url": "git+https://github.com/aashutoshrathi/word-wrap.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/bin-links#readme", + "url": "https://github.com/aashutoshrathi/word-wrap", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/bin-links/issues", + "url": "https://github.com/aashutoshrathi/word-wrap/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d588ecd92bccf137e5111fce0f770e8e15963996f9f00dadef0a44d92f577c161388897e5c58501b66e3cb83eed48f8402508d533443603745c056142af5dc20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/bin-links" + "value": "node_modules/@aashutoshrathi/word-wrap" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "cmd-shim", - "version": "6.0.3", - "bom-ref": "npm@10.8.0|cmd-shim@6.0.3", - "author": "GitHub Inc.", - "description": "Used in npm for command line application support", + "name": "deep-is", + "version": "0.1.4", + "bom-ref": "deep-is@0.1.4", + "author": "Thorsten Lorenz", + "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/cmd-shim@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cmd-shim.git", + "purl": "pkg:npm/deep-is@0.1.4", "externalReferences": [ { - "url": "git+https://github.com/npm/cmd-shim.git", + "url": "git+ssh://git@github.com/thlorenz/deep-is.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/cmd-shim#readme", + "url": "https://github.com/thlorenz/deep-is#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cmd-shim/issues", + "url": "https://github.com/thlorenz/deep-is/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a083f392c993838fccae289a6063bea245c34fbced9ffc37129b6fffe81221d31d2ac268d2ee027d834524fcbee1228cb82a86c36c319c0f9444c837b7c6bf6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cmd-shim" + "value": "node_modules/deep-is" }, { - "name": "cdx:npm:package:bundled", + "name": "cdx:npm:package:development", "value": "true" } ] }, { "type": "library", - "name": "read-cmd-shim", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|read-cmd-shim@4.0.0", - "author": "GitHub Inc.", - "description": "Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.", + "name": "accepts", + "version": "1.3.8", + "bom-ref": "accepts@1.3.8", + "description": "Higher-level content negotiation", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/read-cmd-shim@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/read-cmd-shim.git", + "purl": "pkg:npm/accepts@1.3.8", "externalReferences": [ { - "url": "git+https://github.com/npm/read-cmd-shim.git", + "url": "git+https://github.com/jshttp/accepts.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/read-cmd-shim#readme", + "url": "https://github.com/jshttp/accepts#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/read-cmd-shim/issues", + "url": "https://github.com/jshttp/accepts/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/read-cmd-shim" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/accepts" } ] }, { "type": "library", - "name": "write-file-atomic", - "version": "5.0.1", - "bom-ref": "npm@10.8.0|write-file-atomic@5.0.1", - "author": "GitHub Inc.", - "description": "Write files in an atomic fashion w/configurable ownership", + "name": "mime-types", + "version": "2.1.35", + "bom-ref": "mime-types@2.1.35", + "description": "The ultimate javascript content-type utility.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/write-file-atomic@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/write-file-atomic.git", + "purl": "pkg:npm/mime-types@2.1.35", "externalReferences": [ { - "url": "git+https://github.com/npm/write-file-atomic.git", + "url": "git+https://github.com/jshttp/mime-types.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/write-file-atomic", + "url": "https://github.com/jshttp/mime-types#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/write-file-atomic/issues", + "url": "https://github.com/jshttp/mime-types/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/write-file-atomic" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/mime-types" } ] }, { "type": "library", - "name": "common-ancestor-path", - "version": "1.0.1", - "bom-ref": "npm@10.8.0|common-ancestor-path@1.0.1", - "author": "Isaac Z. Schlueter", - "description": "Find the common ancestor of 2 or more paths on Windows or Unix", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "negotiator@0.6.3", + "description": "HTTP content negotiation", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/common-ancestor-path@1.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/common-ancestor-path.git", + "purl": "pkg:npm/negotiator@0.6.3", "externalReferences": [ { - "url": "git+https://github.com/isaacs/common-ancestor-path.git", + "url": "git+https://github.com/jshttp/negotiator.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/common-ancestor-path#readme", + "url": "https://github.com/jshttp/negotiator#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/common-ancestor-path/issues", + "url": "https://github.com/jshttp/negotiator/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/common-ancestor-path" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/negotiator" } ] }, { "type": "library", - "name": "hosted-git-info", - "version": "7.0.2", - "bom-ref": "npm@10.8.0|hosted-git-info@7.0.2", - "author": "GitHub Inc.", - "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "name": "array-flatten", + "version": "1.1.1", + "bom-ref": "array-flatten@1.1.1", + "author": "Blake Embrey", + "description": "Flatten an array of nested arrays into a single flat array", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/hosted-git-info@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "purl": "pkg:npm/array-flatten@1.1.1", "externalReferences": [ { - "url": "git+https://github.com/npm/hosted-git-info.git", + "url": "git://github.com/blakeembrey/array-flatten.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/hosted-git-info", + "url": "https://github.com/blakeembrey/array-flatten", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/hosted-git-info/issues", + "url": "https://github.com/blakeembrey/array-flatten/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/hosted-git-info" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/array-flatten" } ] }, { "type": "library", - "name": "json-stringify-nice", - "version": "1.1.4", - "bom-ref": "npm@10.8.0|json-stringify-nice@1.1.4", - "author": "Isaac Z. Schlueter", - "description": "Stringify an object sorting scalars before objects, and defaulting to 2-space indent", + "name": "body-parser", + "version": "1.20.2", + "bom-ref": "body-parser@1.20.2", + "description": "Node.js body parsing middleware", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/json-stringify-nice@1.1.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/json-stringify-nice.git", + "purl": "pkg:npm/body-parser@1.20.2", "externalReferences": [ { - "url": "git+https://github.com/isaacs/json-stringify-nice.git", + "url": "git+https://github.com/expressjs/body-parser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/json-stringify-nice#readme", + "url": "https://github.com/expressjs/body-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/json-stringify-nice/issues", + "url": "https://github.com/expressjs/body-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a5f6945e0aedcceb590696aa139b6ba64974e5453b864f1d1b7d88feb8850a298c9c1b936d49b79eb55ddf69253a47b6a338fc3483f2753ef2b8a8dcbbb396c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/json-stringify-nice" + "value": "node_modules/body-parser" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "body-parser@1.20.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/debug" + } + ] }, { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "body-parser@1.20.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/ms" + } + ] } ] }, { "type": "library", - "name": "lru-cache", - "version": "10.2.2", - "bom-ref": "npm@10.8.0|lru-cache@10.2.2", - "author": "Isaac Z. Schlueter", - "description": "A cache object that deletes the least-recently-used items.", + "name": "bytes", + "version": "3.1.2", + "bom-ref": "bytes@3.1.2", + "author": "TJ Holowaychuk", + "description": "Utility to parse a string bytes to bytes and vice-versa", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/lru-cache@10.2.2?vcs_url=git%3A//github.com/isaacs/node-lru-cache.git", + "purl": "pkg:npm/bytes@3.1.2", "externalReferences": [ { - "url": "git://github.com/isaacs/node-lru-cache.git", + "url": "git+https://github.com/visionmedia/bytes.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-lru-cache#readme", + "url": "https://github.com/visionmedia/bytes.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-lru-cache/issues", + "url": "https://github.com/visionmedia/bytes.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/lru-cache" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/bytes" } ] }, { "type": "library", - "name": "minimatch", - "version": "9.0.4", - "bom-ref": "npm@10.8.0|minimatch@9.0.4", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", + "name": "depd", + "version": "2.0.0", + "bom-ref": "depd@2.0.0", + "author": "Douglas Christopher Wilson", + "description": "Deprecate all the things", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minimatch@9.0.4?vcs_url=git%3A//github.com/isaacs/minimatch.git", + "purl": "pkg:npm/depd@2.0.0", "externalReferences": [ { - "url": "git://github.com/isaacs/minimatch.git", + "url": "git+https://github.com/dougwilson/nodejs-depd.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minimatch#readme", + "url": "https://github.com/dougwilson/nodejs-depd#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minimatch/issues", + "url": "https://github.com/dougwilson/nodejs-depd/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minimatch" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/depd" } ] }, { "type": "library", - "name": "nopt", - "version": "7.2.1", - "bom-ref": "npm@10.8.0|nopt@7.2.1", - "author": "GitHub Inc.", - "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "name": "destroy", + "version": "1.2.0", + "bom-ref": "destroy@1.2.0", + "author": "Jonathan Ong", + "description": "destroy a stream if possible", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/nopt@7.2.1?vcs_url=git%2Bhttps%3A//github.com/npm/nopt.git", + "purl": "pkg:npm/destroy@1.2.0", "externalReferences": [ { - "url": "git+https://github.com/npm/nopt.git", + "url": "git+https://github.com/stream-utils/destroy.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/nopt#readme", + "url": "https://github.com/stream-utils/destroy#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/nopt/issues", + "url": "https://github.com/stream-utils/destroy/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/nopt" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/destroy" } ] }, { "type": "library", - "name": "npm-install-checks", - "version": "6.3.0", - "bom-ref": "npm@10.8.0|npm-install-checks@6.3.0", - "author": "GitHub Inc.", - "description": "Check the engines and platform fields in package.json", + "name": "http-errors", + "version": "2.0.0", + "bom-ref": "http-errors@2.0.0", + "author": "Jonathan Ong", + "description": "Create HTTP error objects", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/npm-install-checks@6.3.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-install-checks.git", + "purl": "pkg:npm/http-errors@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/npm-install-checks.git", + "url": "git+https://github.com/jshttp/http-errors.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/npm-install-checks#readme", + "url": "https://github.com/jshttp/http-errors#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/npm-install-checks/issues", + "url": "https://github.com/jshttp/http-errors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-install-checks" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/http-errors" } ] }, { "type": "library", - "name": "npm-package-arg", - "version": "11.0.2", - "bom-ref": "npm@10.8.0|npm-package-arg@11.0.2", - "author": "GitHub Inc.", - "description": "Parse the things that can be arguments to `npm install`", + "name": "iconv-lite", + "version": "0.4.24", + "bom-ref": "iconv-lite@0.4.24", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/npm-package-arg@11.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-package-arg.git", + "purl": "pkg:npm/iconv-lite@0.4.24", "externalReferences": [ { - "url": "git+https://github.com/npm/npm-package-arg.git", + "url": "git://github.com/ashtuchkin/iconv-lite.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/npm-package-arg", + "url": "https://github.com/ashtuchkin/iconv-lite", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/npm-package-arg/issues", + "url": "https://github.com/ashtuchkin/iconv-lite/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-package-arg" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/iconv-lite" } ] }, { "type": "library", - "name": "npm-pick-manifest", - "version": "9.0.1", - "bom-ref": "npm@10.8.0|npm-pick-manifest@9.0.1", - "author": "GitHub Inc.", - "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/npm-pick-manifest@9.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-pick-manifest.git", + "purl": "pkg:npm/safer-buffer@2.1.2", "externalReferences": [ { - "url": "git+https://github.com/npm/npm-pick-manifest.git", + "url": "git+https://github.com/ChALkeR/safer-buffer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/npm-pick-manifest#readme", + "url": "https://github.com/ChALkeR/safer-buffer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/npm-pick-manifest/issues", + "url": "https://github.com/ChALkeR/safer-buffer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-pick-manifest" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/safer-buffer" } ] }, { "type": "library", - "name": "npm-registry-fetch", - "version": "17.0.1", - "bom-ref": "npm@10.8.0|npm-registry-fetch@17.0.1", - "author": "GitHub Inc.", - "description": "Fetch-based http client for use with npm registry APIs", + "name": "on-finished", + "version": "2.4.1", + "bom-ref": "on-finished@2.4.1", + "description": "Execute a callback when a request closes, finishes, or errors", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/npm-registry-fetch@17.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-registry-fetch.git", + "purl": "pkg:npm/on-finished@2.4.1", "externalReferences": [ { - "url": "git+https://github.com/npm/npm-registry-fetch.git", + "url": "git+https://github.com/jshttp/on-finished.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/npm-registry-fetch#readme", + "url": "https://github.com/jshttp/on-finished#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/npm-registry-fetch/issues", + "url": "https://github.com/jshttp/on-finished/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-registry-fetch" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/on-finished" } ] }, { "type": "library", - "name": "parse-conflict-json", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|parse-conflict-json@3.0.1", - "author": "GitHub Inc.", - "description": "Parse a JSON string that has git merge conflicts, resolving if possible", + "name": "qs", + "version": "6.11.0", + "bom-ref": "qs@6.11.0", + "description": "A querystring parser that supports nesting and arrays, with a depth limit", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/parse-conflict-json@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/parse-conflict-json.git", + "purl": "pkg:npm/qs@6.11.0", "externalReferences": [ { - "url": "git+https://github.com/npm/parse-conflict-json.git", + "url": "git+https://github.com/ljharb/qs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/parse-conflict-json#readme", + "url": "https://github.com/ljharb/qs", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/parse-conflict-json/issues", + "url": "https://github.com/ljharb/qs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/parse-conflict-json" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/qs" } ] }, { "type": "library", - "name": "proggy", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|proggy@2.0.0", - "author": "GitHub Inc.", - "description": "Progress bar updates at a distance", + "name": "raw-body", + "version": "2.5.2", + "bom-ref": "raw-body@2.5.2", + "author": "Jonathan Ong", + "description": "Get and validate the raw body of a readable stream.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/proggy@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proggy.git", + "purl": "pkg:npm/raw-body@2.5.2", "externalReferences": [ { - "url": "git+https://github.com/npm/proggy.git", + "url": "git+https://github.com/stream-utils/raw-body.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/proggy#readme", + "url": "https://github.com/stream-utils/raw-body#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/proggy/issues", + "url": "https://github.com/stream-utils/raw-body/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/proggy" }, { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "promise-all-reject-late", - "version": "1.0.1", - "bom-ref": "npm@10.8.0|promise-all-reject-late@1.0.1", - "author": "Isaac Z. Schlueter", - "description": "Like Promise.all, but save rejections until all promises are resolved", - "licenses": [ - { - "license": { - "id": "ISC" - } + "url": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f331aaca97c4363088a868605d3a02f1a076afb62b057f804007c83ecfcc964f81b4f4f3b4ebd34b4d4d456ff7121eb427e6b8f25b7caac0b38ab43a9680957c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "purl": "pkg:npm/promise-all-reject-late@1.0.1", "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/promise-all-reject-late" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/raw-body" } ] }, { "type": "library", - "name": "promise-call-limit", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|promise-call-limit@3.0.1", - "author": "Isaac Z. Schlueter", - "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.", + "name": "unpipe", + "version": "1.0.0", + "bom-ref": "unpipe@1.0.0", + "author": "Douglas Christopher Wilson", + "description": "Unpipe a stream from all destinations", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/promise-call-limit@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/promise-call-limit.git", + "purl": "pkg:npm/unpipe@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/isaacs/promise-call-limit.git", + "url": "git+https://github.com/stream-utils/unpipe.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/promise-call-limit#readme", + "url": "https://github.com/stream-utils/unpipe#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/promise-call-limit/issues", + "url": "https://github.com/stream-utils/unpipe/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/promise-call-limit" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/unpipe" } ] }, { "type": "library", - "name": "read-package-json-fast", - "version": "3.0.2", - "bom-ref": "npm@10.8.0|read-package-json-fast@3.0.2", - "author": "GitHub Inc.", - "description": "Like read-package-json, but faster", + "name": "type-is", + "version": "1.6.18", + "bom-ref": "type-is@1.6.18", + "description": "Infer the content-type of a request.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/read-package-json-fast@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/read-package-json-fast.git", + "purl": "pkg:npm/type-is@1.6.18", "externalReferences": [ { - "url": "git+https://github.com/npm/read-package-json-fast.git", + "url": "git+https://github.com/jshttp/type-is.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/read-package-json-fast#readme", + "url": "https://github.com/jshttp/type-is#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/read-package-json-fast/issues", + "url": "https://github.com/jshttp/type-is/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/read-package-json-fast" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/type-is" } ] }, { "type": "library", - "name": "ssri", - "version": "10.0.6", - "bom-ref": "npm@10.8.0|ssri@10.0.6", - "author": "GitHub Inc.", - "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", + "name": "content-disposition", + "version": "0.5.4", + "bom-ref": "content-disposition@0.5.4", + "author": "Douglas Christopher Wilson", + "description": "Create and parse Content-Disposition header", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/ssri@10.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/ssri.git", + "purl": "pkg:npm/content-disposition@0.5.4", "externalReferences": [ { - "url": "git+https://github.com/npm/ssri.git", + "url": "git+https://github.com/jshttp/content-disposition.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/ssri#readme", + "url": "https://github.com/jshttp/content-disposition#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/ssri/issues", + "url": "https://github.com/jshttp/content-disposition/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ssri" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/content-disposition" } ] }, { "type": "library", - "name": "treeverse", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|treeverse@3.0.0", - "author": "GitHub Inc.", - "description": "Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.", + "name": "cookie-signature", + "version": "1.0.6", + "bom-ref": "cookie-signature@1.0.6", + "author": "TJ Holowaychuk", + "description": "Sign and unsign cookies", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/treeverse@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/treeverse.git", + "purl": "pkg:npm/cookie-signature@1.0.6", "externalReferences": [ { - "url": "git+https://github.com/npm/treeverse.git", + "url": "git+https://github.com/visionmedia/node-cookie-signature.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/treeverse#readme", + "url": "https://github.com/visionmedia/node-cookie-signature#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/treeverse/issues", + "url": "https://github.com/visionmedia/node-cookie-signature/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/treeverse" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/cookie-signature" } ] }, { "type": "library", - "name": "walk-up-path", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|walk-up-path@3.0.1", - "author": "Isaac Z. Schlueter", - "description": "Given a path string, return a generator that walks up the path, emitting each dirname.", + "name": "cookie", + "version": "0.6.0", + "bom-ref": "cookie@0.6.0", + "author": "Roman Shtylman", + "description": "HTTP server cookie parsing and serialization", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/walk-up-path@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/walk-up-path.git", + "purl": "pkg:npm/cookie@0.6.0", "externalReferences": [ { - "url": "git+https://github.com/isaacs/walk-up-path.git", + "url": "git+https://github.com/jshttp/cookie.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/walk-up-path#readme", + "url": "https://github.com/jshttp/cookie#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/walk-up-path/issues", + "url": "https://github.com/jshttp/cookie/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bd5cc936a6ba1d4244d09fa4663ab68dbc971bcdc0f1b81aecff1158e07f7266cefd2f943a756ad4fd792e5d0e33181ee7291db5a7b3a2f07f704acfab2f77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/walk-up-path" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/cookie" } ] }, { "type": "library", - "name": "config", - "group": "@npmcli", - "version": "8.3.2", - "bom-ref": "npm@10.8.0|@npmcli/config@8.3.2", - "author": "GitHub Inc.", - "description": "Configuration management for the npm cli", + "name": "encodeurl", + "version": "1.0.2", + "bom-ref": "encodeurl@1.0.2", + "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40npmcli/config@8.3.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/config", + "purl": "pkg:npm/encodeurl@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/config", + "url": "git+https://github.com/pillarjs/encodeurl.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/cli#readme", + "url": "https://github.com/pillarjs/encodeurl#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cli/issues", + "url": "https://github.com/pillarjs/encodeurl/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/config" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/encodeurl" } ] }, { "type": "library", - "name": "ci-info", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|ci-info@4.0.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", + "name": "escape-html", + "version": "1.0.3", + "bom-ref": "escape-html@1.0.3", + "description": "Escape string for use in HTML", "licenses": [ { "license": { @@ -147730,388 +142292,546 @@ } } ], - "purl": "pkg:npm/ci-info@4.0.0?vcs_url=git%2Bhttps%3A//github.com/watson/ci-info.git", + "purl": "pkg:npm/escape-html@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/watson/ci-info.git", + "url": "git+https://github.com/component/escape-html.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/watson/ci-info", + "url": "https://github.com/component/escape-html#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/watson/ci-info/issues", + "url": "https://github.com/component/escape-html/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ci-info" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/escape-html" } ] }, { "type": "library", - "name": "ini", - "version": "4.1.2", - "bom-ref": "npm@10.8.0|ini@4.1.2", - "author": "GitHub Inc.", - "description": "An ini encoder/decoder for node", + "name": "etag", + "version": "1.8.1", + "bom-ref": "etag@1.8.1", + "description": "Create simple HTTP ETags", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/ini@4.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/ini.git", + "purl": "pkg:npm/etag@1.8.1", "externalReferences": [ { - "url": "git+https://github.com/npm/ini.git", + "url": "git+https://github.com/jshttp/etag.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/ini#readme", + "url": "https://github.com/jshttp/etag#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/ini/issues", + "url": "https://github.com/jshttp/etag/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ini" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/etag" } ] }, { "type": "library", - "name": "glob", - "version": "10.3.15", - "bom-ref": "npm@10.8.0|glob@10.3.15", - "author": "Isaac Z. Schlueter", - "description": "the most correct and second fastest glob implementation in JavaScript", + "name": "finalhandler", + "version": "1.2.0", + "bom-ref": "finalhandler@1.2.0", + "author": "Douglas Christopher Wilson", + "description": "Node.js final http responder", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/glob@10.3.15?vcs_url=git%3A//github.com/isaacs/node-glob.git", + "purl": "pkg:npm/finalhandler@1.2.0", "externalReferences": [ { - "url": "git://github.com/isaacs/node-glob.git", + "url": "git+https://github.com/pillarjs/finalhandler.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-glob#readme", + "url": "https://github.com/pillarjs/finalhandler#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-glob/issues", + "url": "https://github.com/pillarjs/finalhandler/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/glob" + "value": "node_modules/finalhandler" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "finalhandler@1.2.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/debug" + } + ] }, { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "finalhandler@1.2.0|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/ms" + } + ] } ] }, { "type": "library", - "name": "git", - "group": "@npmcli", - "version": "5.0.7", - "bom-ref": "npm@10.8.0|@npmcli/git@5.0.7", - "author": "GitHub Inc.", - "description": "a util for spawning git from npm CLI contexts", + "name": "parseurl", + "version": "1.3.3", + "bom-ref": "parseurl@1.3.3", + "description": "parse a url with memoization", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40npmcli/git@5.0.7?vcs_url=git%2Bhttps%3A//github.com/npm/git.git", + "purl": "pkg:npm/parseurl@1.3.3", "externalReferences": [ { - "url": "git+https://github.com/npm/git.git", + "url": "git+https://github.com/pillarjs/parseurl.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/git#readme", + "url": "https://github.com/pillarjs/parseurl#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/git/issues", + "url": "https://github.com/pillarjs/parseurl/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/git" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/parseurl" } ] }, { "type": "library", - "name": "promise-spawn", - "group": "@npmcli", - "version": "7.0.2", - "bom-ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", - "author": "GitHub Inc.", - "description": "spawn processes the way the npm cli likes to do", + "name": "statuses", + "version": "2.0.1", + "bom-ref": "statuses@2.0.1", + "description": "HTTP status utility", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40npmcli/promise-spawn@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promise-spawn.git", + "purl": "pkg:npm/statuses@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/npm/promise-spawn.git", + "url": "git+https://github.com/jshttp/statuses.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/promise-spawn#readme", + "url": "https://github.com/jshttp/statuses#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/promise-spawn/issues", + "url": "https://github.com/jshttp/statuses/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/promise-spawn" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/statuses" } ] }, { "type": "library", - "name": "promise-inflight", - "version": "1.0.1", - "bom-ref": "npm@10.8.0|promise-inflight@1.0.1", - "author": "Rebecca Turner", - "description": "One promise for multiple requests in flight to avoid async duplication", + "name": "fresh", + "version": "0.5.2", + "bom-ref": "fresh@0.5.2", + "author": "TJ Holowaychuk", + "description": "HTTP response freshness testing", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/promise-inflight@1.0.1?vcs_url=git%2Bhttps%3A//github.com/iarna/promise-inflight.git", + "purl": "pkg:npm/fresh@0.5.2", "externalReferences": [ { - "url": "git+https://github.com/iarna/promise-inflight.git", + "url": "git+https://github.com/jshttp/fresh.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/iarna/promise-inflight#readme", + "url": "https://github.com/jshttp/fresh#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/iarna/promise-inflight/issues", + "url": "https://github.com/jshttp/fresh/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/promise-inflight" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/fresh" } ] }, { "type": "library", - "name": "promise-retry", - "version": "2.0.1", - "bom-ref": "npm@10.8.0|promise-retry@2.0.1", - "author": "IndigoUnited", - "description": "Retries a function that returns a promise, leveraging the power of the retry module.", + "name": "setprototypeof", + "version": "1.2.0", + "bom-ref": "setprototypeof@1.2.0", + "author": "Wes Todd", + "description": "A small polyfill for Object.setprototypeof", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/promise-retry@2.0.1?vcs_url=git%3A//github.com/IndigoUnited/node-promise-retry.git", + "purl": "pkg:npm/setprototypeof@1.2.0", "externalReferences": [ { - "url": "git://github.com/IndigoUnited/node-promise-retry.git", + "url": "git+https://github.com/wesleytodd/setprototypeof.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/IndigoUnited/node-promise-retry#readme", + "url": "https://github.com/wesleytodd/setprototypeof", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/IndigoUnited/node-promise-retry/issues/", + "url": "https://github.com/wesleytodd/setprototypeof/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/promise-retry" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/setprototypeof" } ] }, { "type": "library", - "name": "which", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|which@4.0.0", - "author": "GitHub Inc.", - "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "name": "toidentifier", + "version": "1.0.1", + "bom-ref": "toidentifier@1.0.1", + "author": "Douglas Christopher Wilson", + "description": "Convert a string of words to a JavaScript identifier", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/which@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-which.git", + "purl": "pkg:npm/toidentifier@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/npm/node-which.git", + "url": "git+https://github.com/component/toidentifier.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/node-which#readme", + "url": "https://github.com/component/toidentifier#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/node-which/issues", + "url": "https://github.com/component/toidentifier/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/which" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/toidentifier" } ] }, { "type": "library", - "name": "normalize-package-data", - "version": "6.0.1", - "bom-ref": "npm@10.8.0|normalize-package-data@6.0.1", - "author": "GitHub Inc.", - "description": "Normalizes data that can be found in package.json files.", + "name": "merge-descriptors", + "version": "1.0.1", + "bom-ref": "merge-descriptors@1.0.1", + "author": "Jonathan Ong", + "description": "Merge objects using descriptors", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/normalize-package-data@6.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/normalize-package-data.git", + "purl": "pkg:npm/merge-descriptors@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/npm/normalize-package-data.git", + "url": "git+https://github.com/component/merge-descriptors.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/normalize-package-data#readme", + "url": "https://github.com/component/merge-descriptors#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/normalize-package-data/issues", + "url": "https://github.com/component/merge-descriptors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/normalize-package-data" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/merge-descriptors" } ] }, { "type": "library", - "name": "node-gyp", - "version": "10.1.0", - "bom-ref": "npm@10.8.0|node-gyp@10.1.0", - "author": "Nathan Rajlich", - "description": "Node.js native addon build tool", + "name": "methods", + "version": "1.1.2", + "bom-ref": "methods@1.1.2", + "description": "HTTP methods that node supports", "licenses": [ { "license": { @@ -148119,130 +142839,148 @@ } } ], - "purl": "pkg:npm/node-gyp@10.1.0?vcs_url=git%3A//github.com/nodejs/node-gyp.git", + "purl": "pkg:npm/methods@1.1.2", "externalReferences": [ { - "url": "git://github.com/nodejs/node-gyp.git", + "url": "git+https://github.com/jshttp/methods.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodejs/node-gyp#readme", + "url": "https://github.com/jshttp/methods#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodejs/node-gyp/issues", + "url": "https://github.com/jshttp/methods/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/node-gyp" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/methods" } ] }, { "type": "library", - "name": "tuf", - "group": "@sigstore", - "version": "2.3.3", - "bom-ref": "npm@10.8.0|@sigstore/tuf@2.3.3", - "author": "bdehamer@github.com", - "description": "Client for the Sigstore TUF repository", + "name": "ee-first", + "version": "1.1.1", + "bom-ref": "ee-first@1.1.1", + "author": "Jonathan Ong", + "description": "return the first event in a set of ee/event pairs", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40sigstore/tuf@2.3.3?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "purl": "pkg:npm/ee-first@1.1.1", "externalReferences": [ { - "url": "git+https://github.com/sigstore/sigstore-js.git", + "url": "git+https://github.com/jonathanong/ee-first.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme", + "url": "https://github.com/jonathanong/ee-first#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sigstore/sigstore-js/issues", + "url": "https://github.com/jonathanong/ee-first/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@sigstore/tuf" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/ee-first" } ] }, { "type": "library", - "name": "protobuf-specs", - "group": "@sigstore", - "version": "0.3.2", - "bom-ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", - "author": "bdehamer@github.com", - "description": "code-signing for npm packages", + "name": "path-to-regexp", + "version": "0.1.7", + "bom-ref": "path-to-regexp@0.1.7", + "description": "Express style path to RegExp utility", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40sigstore/protobuf-specs@0.3.2?vcs_url=git%2Bhttps%3A//github.com/sigstore/protobuf-specs.git", + "purl": "pkg:npm/path-to-regexp@0.1.7", "externalReferences": [ { - "url": "git+https://github.com/sigstore/protobuf-specs.git", + "url": "git+https://github.com/component/path-to-regexp.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sigstore/protobuf-specs#readme", + "url": "https://github.com/component/path-to-regexp#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sigstore/protobuf-specs/issues", + "url": "https://github.com/component/path-to-regexp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@sigstore/protobuf-specs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/path-to-regexp" } ] }, { "type": "library", - "name": "tuf-js", - "version": "2.2.1", - "bom-ref": "npm@10.8.0|tuf-js@2.2.1", - "author": "bdehamer@github.com", - "description": "JavaScript implementation of The Update Framework (TUF)", + "name": "proxy-addr", + "version": "2.0.7", + "bom-ref": "proxy-addr@2.0.7", + "author": "Douglas Christopher Wilson", + "description": "Determine address of proxied request", "licenses": [ { "license": { @@ -148250,43 +142988,48 @@ } } ], - "purl": "pkg:npm/tuf-js@2.2.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "purl": "pkg:npm/proxy-addr@2.0.7", "externalReferences": [ { - "url": "git+https://github.com/theupdateframework/tuf-js.git", + "url": "git+https://github.com/jshttp/proxy-addr.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", + "url": "https://github.com/jshttp/proxy-addr#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/theupdateframework/tuf-js/issues", + "url": "https://github.com/jshttp/proxy-addr/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/tuf-js" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/proxy-addr" } ] }, { "type": "library", - "name": "models", - "group": "@tufjs", - "version": "2.0.1", - "bom-ref": "npm@10.8.0|@tufjs/models@2.0.1", - "author": "bdehamer@github.com", - "description": "TUF metadata models", + "name": "forwarded", + "version": "0.2.0", + "bom-ref": "forwarded@0.2.0", + "description": "Parse HTTP X-Forwarded-For header", "licenses": [ { "license": { @@ -148294,43 +143037,49 @@ } } ], - "purl": "pkg:npm/%40tufjs/models@2.0.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "purl": "pkg:npm/forwarded@0.2.0", "externalReferences": [ { - "url": "git+https://github.com/theupdateframework/tuf-js.git", + "url": "git+https://github.com/jshttp/forwarded.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", + "url": "https://github.com/jshttp/forwarded#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/theupdateframework/tuf-js/issues", + "url": "https://github.com/jshttp/forwarded/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@tufjs/models" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/forwarded" } ] }, { "type": "library", - "name": "canonical-json", - "group": "@tufjs", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0", - "author": "bdehamer@github.com", - "description": "OLPC JSON canonicalization", + "name": "ipaddr.js", + "version": "1.9.1", + "bom-ref": "ipaddr.js@1.9.1", + "author": "whitequark", + "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", "licenses": [ { "license": { @@ -148338,42 +143087,49 @@ } } ], - "purl": "pkg:npm/%40tufjs/canonical-json@2.0.0?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "purl": "pkg:npm/ipaddr.js@1.9.1", "externalReferences": [ { - "url": "git+https://github.com/theupdateframework/tuf-js.git", + "url": "git://github.com/whitequark/ipaddr.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/canonical-json#readme", + "url": "https://github.com/whitequark/ipaddr.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/theupdateframework/tuf-js/issues", + "url": "https://github.com/whitequark/ipaddr.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@tufjs/canonical-json" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/ipaddr.js" } ] }, { "type": "library", - "name": "debug", - "version": "4.3.4", - "bom-ref": "npm@10.8.0|debug@4.3.4", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", + "name": "side-channel", + "version": "1.0.6", + "bom-ref": "side-channel@1.0.6", + "author": "Jordan Harband", + "description": "Store information about any JS value in a side channel. Uses WeakMap if available.", "licenses": [ { "license": { @@ -148381,128 +143137,149 @@ } } ], - "purl": "pkg:npm/debug@4.3.4?vcs_url=git%3A//github.com/debug-js/debug.git", + "purl": "pkg:npm/side-channel@1.0.6", "externalReferences": [ { - "url": "git://github.com/debug-js/debug.git", + "url": "git+https://github.com/ljharb/side-channel.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/debug-js/debug#readme", + "url": "https://github.com/ljharb/side-channel#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/debug-js/debug/issues", + "url": "https://github.com/ljharb/side-channel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c35bf119e90f5188ef1e146f078feeeefe85be5eb3d320287008e336fad87603a39b943b58608a6f7bd9be2af23d6780bda9211795a191e9b4c460745eba094" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/debug" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/side-channel" } ] }, { "type": "library", - "name": "make-fetch-happen", - "version": "13.0.1", - "bom-ref": "npm@10.8.0|make-fetch-happen@13.0.1", - "author": "GitHub Inc.", - "description": "Opinionated, caching, retrying fetch client", + "name": "call-bind", + "version": "1.0.7", + "bom-ref": "call-bind@1.0.7", + "author": "Jordan Harband", + "description": "Robustly `.call.bind()` a function", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/make-fetch-happen@13.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/make-fetch-happen.git", + "purl": "pkg:npm/call-bind@1.0.7", "externalReferences": [ { - "url": "git+https://github.com/npm/make-fetch-happen.git", + "url": "git+https://github.com/ljharb/call-bind.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/make-fetch-happen#readme", + "url": "https://github.com/ljharb/call-bind#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/make-fetch-happen/issues", + "url": "https://github.com/ljharb/call-bind/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1874d2352608090eec707eec67e336ac5a294682e1f2dd9b2d25ba05b82bb4bb1a84e201e62c805497fd1a358addc6130da323e17741a4cd5c03aa484b42afdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/make-fetch-happen" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/call-bind" } ] }, { "type": "library", - "name": "abbrev", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|abbrev@2.0.0", - "author": "GitHub Inc.", - "description": "Like ruby's abbrev module, but in js", + "name": "es-define-property", + "version": "1.0.0", + "bom-ref": "es-define-property@1.0.0", + "author": "Jordan Harband", + "description": "`Object.defineProperty`, but not IE 8's broken one.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/abbrev@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/abbrev-js.git", + "purl": "pkg:npm/es-define-property@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/abbrev-js.git", + "url": "git+https://github.com/ljharb/es-define-property.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/abbrev-js#readme", + "url": "https://github.com/ljharb/es-define-property#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/abbrev-js/issues", + "url": "https://github.com/ljharb/es-define-property/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f16b22ca4a1ac4aaacc9d1eba641b5614d840cdbb09f4f54f7e7e8028031682fcd892ec5ea4c9efacefe80d182ce8049cb50cbcbcec0ec188ae5f0d1694f681" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/abbrev" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/es-define-property" } ] }, { "type": "library", - "name": "archy", - "version": "1.0.0", - "bom-ref": "npm@10.8.0|archy@1.0.0", - "author": "James Halliday", - "description": "render nested hierarchies `npm ls` style with unicode pipes", + "name": "get-intrinsic", + "version": "1.2.4", + "bom-ref": "get-intrinsic@1.2.4", + "author": "Jordan Harband", + "description": "Get and robustly cache all JS language-level intrinsics at first require time", "licenses": [ { "license": { @@ -148510,283 +143287,299 @@ } } ], - "purl": "pkg:npm/archy@1.0.0?vcs_url=git%2Bssh%3A//git%40github.com/substack/node-archy.git", + "purl": "pkg:npm/get-intrinsic@1.2.4", "externalReferences": [ { - "url": "git+ssh://git@github.com/substack/node-archy.git", + "url": "git+https://github.com/ljharb/get-intrinsic.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/substack/node-archy#readme", + "url": "https://github.com/ljharb/get-intrinsic#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/substack/node-archy/issues", + "url": "https://github.com/ljharb/get-intrinsic/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e621b091fc549053bfba2c960e01ce7258843a1123ac1a602c4c9827674eb702ac703f7c214aa13173d8928a1341dd0c5505effa10ba1cee99724aee968145" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/archy" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/get-intrinsic" } ] }, { "type": "library", - "name": "fs-minipass", - "version": "3.0.3", - "bom-ref": "npm@10.8.0|fs-minipass@3.0.3", - "author": "GitHub Inc.", - "description": "fs read and write streams based on minipass", + "name": "es-errors", + "version": "1.3.0", + "bom-ref": "es-errors@1.3.0", + "author": "Jordan Harband", + "description": "A simple cache for a few of the JS Error constructors.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/fs-minipass@3.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "purl": "pkg:npm/es-errors@1.3.0", "externalReferences": [ { - "url": "git+https://github.com/npm/fs-minipass.git", + "url": "git+https://github.com/ljharb/es-errors.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/fs-minipass#readme", + "url": "https://github.com/ljharb/es-errors#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/fs-minipass/issues", + "url": "https://github.com/ljharb/es-errors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65fe47d8ac6ddb18d3bdb26f3f66562c4202c40ea3fa1026333225ca9cb8c5c060d6f2959f1f3d5b2d066d2fa47f9730095145cdd0858765d20853542d2e9cb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/fs-minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/es-errors" } ] }, { "type": "library", - "name": "minipass-collect", - "version": "2.0.1", - "bom-ref": "npm@10.8.0|minipass-collect@2.0.1", - "author": "Isaac Z. Schlueter", - "description": "A Minipass stream that collects all the data into a single chunk", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minipass-collect@2.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-collect.git", + "purl": "pkg:npm/function-bind@1.1.2", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass-collect.git", + "url": "git+https://github.com/Raynos/function-bind.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minipass-collect#readme", + "url": "https://github.com/Raynos/function-bind", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass-collect/issues", + "url": "https://github.com/Raynos/function-bind/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-collect" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/function-bind" } ] }, { "type": "library", - "name": "minipass", - "version": "7.1.1", - "bom-ref": "npm@10.8.0|minipass@7.1.1", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", + "name": "set-function-length", + "version": "1.2.2", + "bom-ref": "set-function-length@1.2.2", + "author": "Jordan Harband", + "description": "Set a function's length property", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minipass@7.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "purl": "pkg:npm/set-function-length@1.2.2", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass.git", + "url": "git+https://github.com/ljharb/set-function-length.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minipass#readme", + "url": "https://github.com/ljharb/set-function-length#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass/issues", + "url": "https://github.com/ljharb/set-function-length/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6045ce21278fec363582492f409a74b8d31ddb34c0d39271e02f951a3014ccc899d4f741205a1d51cfe302f5e16ee01b8dfd4c198ca42e63fd6fdeb33b1cc7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/set-function-length" } ] }, { "type": "library", - "name": "minipass-flush", - "version": "1.0.5", - "bom-ref": "npm@10.8.0|minipass-flush@1.0.5", - "author": "Isaac Z. Schlueter", - "description": "A Minipass stream that calls a flush function before emitting 'end'", + "name": "define-data-property", + "version": "1.1.4", + "bom-ref": "define-data-property@1.1.4", + "author": "Jordan Harband", + "description": "Define a data property on an object. Will fall back to assignment in an engine without descriptors.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minipass-flush@1.0.5?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-flush.git", + "purl": "pkg:npm/define-data-property@1.1.4", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass-flush.git", + "url": "git+https://github.com/ljharb/define-data-property.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minipass-flush#readme", + "url": "https://github.com/ljharb/define-data-property#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass-flush/issues", + "url": "https://github.com/ljharb/define-data-property/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac132f23396903cbfa13e489668a3ef87018aac2eb920ecc49f2229cc3c5866928af0ed7f9d39754942cf904faf731a4cccc9f0e720c3765a2775f8d6cbdd3f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-flush" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/define-data-property" } ] }, { "type": "library", - "name": "yallist", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|yallist@4.0.0", - "author": "Isaac Z. Schlueter", - "description": "Yet Another Linked List", + "name": "gopd", + "version": "1.0.1", + "bom-ref": "gopd@1.0.1", + "author": "Jordan Harband", + "description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/yallist@4.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/yallist.git", + "purl": "pkg:npm/gopd@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/isaacs/yallist.git", + "url": "git+https://github.com/ljharb/gopd.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/yallist#readme", + "url": "https://github.com/ljharb/gopd#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/yallist/issues", + "url": "https://github.com/ljharb/gopd/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/yallist" }, { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "minipass-pipeline", - "version": "1.2.4", - "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4", - "author": "Isaac Z. Schlueter", - "description": "create a pipeline of streams using Minipass", - "licenses": [ - { - "license": { - "id": "ISC" - } + "url": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "purl": "pkg:npm/minipass-pipeline@1.2.4", "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-pipeline" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/gopd" } ] }, { "type": "library", - "name": "p-map", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|p-map@4.0.0", - "author": "Sindre Sorhus", - "description": "Map over promises concurrently", + "name": "has-property-descriptors", + "version": "1.0.2", + "bom-ref": "has-property-descriptors@1.0.2", + "author": "Jordan Harband", + "description": "Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.", "licenses": [ { "license": { @@ -148794,171 +143587,199 @@ } } ], - "purl": "pkg:npm/p-map@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/p-map.git", + "purl": "pkg:npm/has-property-descriptors@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/p-map.git", + "url": "git+https://github.com/inspect-js/has-property-descriptors.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/p-map#readme", + "url": "https://github.com/inspect-js/has-property-descriptors#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/p-map/issues", + "url": "https://github.com/inspect-js/has-property-descriptors/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7924d2ae216fafab829ed418ce4e333661cb5022f093ec61731f099f64f1a8e709eb82489dd1842d9c095e152aae9999b86b3de7d814be7ab6f2e62a49760ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/p-map" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/has-property-descriptors" } ] }, { "type": "library", - "name": "tar", - "version": "6.2.1", - "bom-ref": "npm@10.8.0|tar@6.2.1", - "author": "GitHub Inc.", - "description": "tar for node", + "name": "has-proto", + "version": "1.0.3", + "bom-ref": "has-proto@1.0.3", + "author": "Jordan Harband", + "description": "Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/tar@6.2.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-tar.git", + "purl": "pkg:npm/has-proto@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/isaacs/node-tar.git", + "url": "git+https://github.com/inspect-js/has-proto.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-tar#readme", + "url": "https://github.com/inspect-js/has-proto#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-tar/issues", + "url": "https://github.com/inspect-js/has-proto/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "489d5a999009522652f8f86c54b7f9b46c9d95a541f04745a5a48ee209a250a50ec64f2ace7e40232e19789526876db39c8764fee300513da9977171cd5507f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/tar" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/has-proto" } ] }, { "type": "library", - "name": "unique-filename", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|unique-filename@3.0.0", - "author": "GitHub Inc.", - "description": "Generate a unique filename for use in temporary directories or caches.", + "name": "has-symbols", + "version": "1.0.3", + "bom-ref": "has-symbols@1.0.3", + "author": "Jordan Harband", + "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/unique-filename@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-filename.git", + "purl": "pkg:npm/has-symbols@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/npm/unique-filename.git", + "url": "git://github.com/inspect-js/has-symbols.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/iarna/unique-filename", + "url": "https://github.com/ljharb/has-symbols#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/iarna/unique-filename/issues", + "url": "https://github.com/ljharb/has-symbols/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/unique-filename" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/has-symbols" } ] }, { "type": "library", - "name": "unique-slug", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|unique-slug@4.0.0", - "author": "GitHub Inc.", - "description": "Generate a unique character string suitible for use in files and URLs.", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/unique-slug@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-slug.git", + "purl": "pkg:npm/hasown@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/npm/unique-slug.git", + "url": "git+https://github.com/inspect-js/hasOwn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/unique-slug#readme", + "url": "https://github.com/inspect-js/hasOwn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/unique-slug/issues", + "url": "https://github.com/inspect-js/hasOwn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21254f5208fbe633320175916a34f5d66ba76a87b59d1f470823dcbe0b24bcac6de72f8f01725adaf4798a8555541f23d6347e58ef10f0001edb7e04a391431" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/unique-slug" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/hasown" } ] }, { "type": "library", - "name": "imurmurhash", - "version": "0.1.4", - "bom-ref": "npm@10.8.0|imurmurhash@0.1.4", - "author": "Jens Taylor", - "description": "An incremental implementation of MurmurHash3", + "name": "object-inspect", + "version": "1.13.1", + "bom-ref": "object-inspect@1.13.1", + "author": "James Halliday", + "description": "string representations of objects in node and the browser", "licenses": [ { "license": { @@ -148966,41 +143787,49 @@ } } ], - "purl": "pkg:npm/imurmurhash@0.1.4?vcs_url=git%2Bhttps%3A//github.com/jensyt/imurmurhash-js.git", + "purl": "pkg:npm/object-inspect@1.13.1", "externalReferences": [ { - "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "url": "git://github.com/inspect-js/object-inspect.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jensyt/imurmurhash-js", + "url": "https://github.com/inspect-js/object-inspect", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jensyt/imurmurhash-js/issues", + "url": "https://github.com/inspect-js/object-inspect/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/imurmurhash" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/object-inspect" } ] }, { "type": "library", - "name": "chalk", - "version": "5.3.0", - "bom-ref": "npm@10.8.0|chalk@5.3.0", - "description": "Terminal string styling done right", + "name": "range-parser", + "version": "1.2.1", + "bom-ref": "range-parser@1.2.1", + "author": "TJ Holowaychuk", + "description": "Range header field string parser", "licenses": [ { "license": { @@ -149008,42 +143837,49 @@ } } ], - "purl": "pkg:npm/chalk@5.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/chalk.git", + "purl": "pkg:npm/range-parser@1.2.1", "externalReferences": [ { - "url": "git+https://github.com/chalk/chalk.git", + "url": "git+https://github.com/jshttp/range-parser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/chalk#readme", + "url": "https://github.com/jshttp/range-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/chalk/issues", + "url": "https://github.com/jshttp/range-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/chalk" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/range-parser" } ] }, { "type": "library", - "name": "cli-columns", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|cli-columns@4.0.0", - "author": "Shannon Moeller", - "description": "Columnated lists for the CLI.", + "name": "send", + "version": "0.18.0", + "bom-ref": "send@0.18.0", + "author": "TJ Holowaychuk", + "description": "Better streaming static file server with Range and conditional-GET support", "licenses": [ { "license": { @@ -149051,42 +143887,152 @@ } } ], - "purl": "pkg:npm/cli-columns@4.0.0?vcs_url=git%2Bhttps%3A//github.com/shannonmoeller/cli-columns.git", + "purl": "pkg:npm/send@0.18.0", "externalReferences": [ { - "url": "git+https://github.com/shannonmoeller/cli-columns.git", + "url": "git+https://github.com/pillarjs/send.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/shannonmoeller/cli-columns#readme", + "url": "https://github.com/pillarjs/send#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/shannonmoeller/cli-columns/issues", + "url": "https://github.com/pillarjs/send/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cli-columns" - }, + "value": "node_modules/send" + } + ], + "components": [ { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "send@0.18.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "send@0.18.0|debug@2.6.9|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug/node_modules/ms" + } + ] + } + ] } ] }, { "type": "library", - "name": "string-width", - "version": "4.2.3", - "bom-ref": "npm@10.8.0|string-width@4.2.3", - "author": "Sindre Sorhus", - "description": "Get the visual width of a string - the number of columns required to display it", + "name": "mime", + "version": "1.6.0", + "bom-ref": "mime@1.6.0", + "author": "Robert Kieffer", + "description": "A comprehensive library for mime-type mapping", "licenses": [ { "license": { @@ -149094,42 +144040,49 @@ } } ], - "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "purl": "pkg:npm/mime@1.6.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/string-width.git", + "url": "git+https://github.com/broofa/node-mime.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/string-width#readme", + "url": "https://github.com/broofa/node-mime#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/string-width/issues", + "url": "https://github.com/broofa/node-mime/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/string-width" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/mime" } ] }, { "type": "library", - "name": "emoji-regex", - "version": "8.0.0", - "bom-ref": "npm@10.8.0|emoji-regex@8.0.0", - "author": "Mathias Bynens", - "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "name": "serve-static", + "version": "1.15.0", + "bom-ref": "serve-static@1.15.0", + "author": "Douglas Christopher Wilson", + "description": "Serve static files", "licenses": [ { "license": { @@ -149137,42 +144090,49 @@ } } ], - "purl": "pkg:npm/emoji-regex@8.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "purl": "pkg:npm/serve-static@1.15.0", "externalReferences": [ { - "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "url": "git+https://github.com/expressjs/serve-static.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://mths.be/emoji-regex", + "url": "https://github.com/expressjs/serve-static#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "url": "https://github.com/expressjs/serve-static/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/emoji-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/serve-static" } ] }, { "type": "library", - "name": "is-fullwidth-code-point", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0", - "author": "Sindre Sorhus", - "description": "Check if the character represented by a given Unicode code point is fullwidth", + "name": "media-typer", + "version": "0.3.0", + "bom-ref": "media-typer@0.3.0", + "author": "Douglas Christopher Wilson", + "description": "Simple RFC 6838 media type parser and formatter", "licenses": [ { "license": { @@ -149180,85 +144140,105 @@ } } ], - "purl": "pkg:npm/is-fullwidth-code-point@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "purl": "pkg:npm/media-typer@0.3.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "url": "git+https://github.com/jshttp/media-typer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "url": "https://github.com/jshttp/media-typer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "url": "https://github.com/jshttp/media-typer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/is-fullwidth-code-point" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/media-typer" } ] }, { "type": "library", - "name": "strip-ansi", - "version": "6.0.1", - "bom-ref": "npm@10.8.0|strip-ansi@6.0.1", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", + "name": "utils-merge", + "version": "1.0.1", + "bom-ref": "utils-merge@1.0.1", + "author": "Jared Hanson", + "description": "merge() utility function", "licenses": [ { "license": { "id": "MIT" } + }, + { + "license": { + "id": "MIT", + "url": "http://opensource.org/licenses/MIT" + } } ], - "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "purl": "pkg:npm/utils-merge@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/chalk/strip-ansi.git", + "url": "git://github.com/jaredhanson/utils-merge.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/strip-ansi#readme", + "url": "https://github.com/jaredhanson/utils-merge#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/strip-ansi/issues", + "url": "http://github.com/jaredhanson/utils-merge/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/strip-ansi" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/utils-merge" } ] }, { "type": "library", - "name": "ansi-regex", - "version": "5.0.1", - "bom-ref": "npm@10.8.0|ansi-regex@5.0.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", + "name": "vary", + "version": "1.1.2", + "bom-ref": "vary@1.1.2", + "author": "Douglas Christopher Wilson", + "description": "Manipulate the HTTP Vary header", "licenses": [ { "license": { @@ -149266,42 +144246,49 @@ } } ], - "purl": "pkg:npm/ansi-regex@5.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "purl": "pkg:npm/vary@1.1.2", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-regex.git", + "url": "git+https://github.com/jshttp/vary.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/ansi-regex#readme", + "url": "https://github.com/jshttp/vary#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-regex/issues", + "url": "https://github.com/jshttp/vary/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ansi-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/vary" } ] }, { "type": "library", - "name": "fastest-levenshtein", - "version": "1.0.16", - "bom-ref": "npm@10.8.0|fastest-levenshtein@1.0.16", - "author": "Kasper U. Weihe", - "description": "Fastest Levenshtein distance implementation in JS.", + "name": "asynckit", + "version": "0.4.0", + "bom-ref": "asynckit@0.4.0", + "author": "Alex Indigo", + "description": "Minimal async jobs utility library, with streams support", "licenses": [ { "license": { @@ -149309,85 +144296,99 @@ } } ], - "purl": "pkg:npm/fastest-levenshtein@1.0.16?vcs_url=git%2Bhttps%3A//github.com/ka-weihe/fastest-levenshtein.git", + "purl": "pkg:npm/asynckit@0.4.0", "externalReferences": [ { - "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "url": "git+https://github.com/alexindigo/asynckit.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "url": "https://github.com/alexindigo/asynckit#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "url": "https://github.com/alexindigo/asynckit/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39e8bd387e2d461d18a94dc6c615fbf5d33f9b0560bdb64969235a464f9bb21923d12e5c7c772061a92b7818eb1f06ad5ca6f3f88a087582f1aca8a6d8c8d6d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/fastest-levenshtein" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/asynckit" } ] }, { "type": "library", - "name": "foreground-child", - "version": "3.1.1", - "bom-ref": "npm@10.8.0|foreground-child@3.1.1", - "author": "Isaac Z. Schlueter", - "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "name": "combined-stream", + "version": "1.0.8", + "bom-ref": "combined-stream@1.0.8", + "author": "Felix Geisendörfer", + "description": "A stream that emits multiple other streams one after another.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/foreground-child@3.1.1?vcs_url=git%2Bhttps%3A//github.com/tapjs/foreground-child.git", + "purl": "pkg:npm/combined-stream@1.0.8", "externalReferences": [ { - "url": "git+https://github.com/tapjs/foreground-child.git", + "url": "git://github.com/felixge/node-combined-stream.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tapjs/foreground-child#readme", + "url": "https://github.com/felixge/node-combined-stream", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tapjs/foreground-child/issues", + "url": "https://github.com/felixge/node-combined-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/foreground-child" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/combined-stream" } ] }, { "type": "library", - "name": "cross-spawn", - "version": "7.0.3", - "bom-ref": "npm@10.8.0|cross-spawn@7.0.3", - "author": "André Cruz", - "description": "Cross platform child_process#spawn and child_process#spawnSync", + "name": "delayed-stream", + "version": "1.0.0", + "bom-ref": "delayed-stream@1.0.0", + "author": "Felix Geisendörfer", + "description": "Buffers events from a stream until you are ready to handle them.", "licenses": [ { "license": { @@ -149395,42 +144396,48 @@ } } ], - "purl": "pkg:npm/cross-spawn@7.0.3?vcs_url=git%2Bssh%3A//git%40github.com/moxystudio/node-cross-spawn.git", + "purl": "pkg:npm/delayed-stream@1.0.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "url": "git://github.com/felixge/node-delayed-stream.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/moxystudio/node-cross-spawn", + "url": "https://github.com/felixge/node-delayed-stream", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "url": "https://github.com/felixge/node-delayed-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "672483ecd7fdd5a2c1d11c4be0a1ab28705797b11db350c098475ca156b05e72c3ed20e1a4d82db88236680920edaed04b8d63c4f499d7ba7855d1a730793731" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cross-spawn" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/delayed-stream" } ] }, { "type": "library", - "name": "path-key", - "version": "3.1.1", - "bom-ref": "npm@10.8.0|path-key@3.1.1", - "author": "Sindre Sorhus", - "description": "Get the PATH environment variable key cross-platform", + "name": "mime-db", + "version": "1.52.0", + "bom-ref": "mime-db@1.52.0", + "description": "Media Type Database", "licenses": [ { "license": { @@ -149438,42 +144445,49 @@ } } ], - "purl": "pkg:npm/path-key@3.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-key.git", + "purl": "pkg:npm/mime-db@1.52.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/path-key.git", + "url": "git+https://github.com/jshttp/mime-db.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/path-key#readme", + "url": "https://github.com/jshttp/mime-db#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/path-key/issues", + "url": "https://github.com/jshttp/mime-db/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/path-key" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/mime-db" } ] }, { "type": "library", - "name": "shebang-command", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|shebang-command@2.0.0", - "author": "Kevin Mårtensson", - "description": "Get the command from a shebang", + "name": "fs-extra", + "version": "11.2.0", + "bom-ref": "fs-extra@11.2.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.", "licenses": [ { "license": { @@ -149481,42 +144495,49 @@ } } ], - "purl": "pkg:npm/shebang-command@2.0.0?vcs_url=git%2Bhttps%3A//github.com/kevva/shebang-command.git", + "purl": "pkg:npm/fs-extra@11.2.0", "externalReferences": [ { - "url": "git+https://github.com/kevva/shebang-command.git", + "url": "git+https://github.com/jprichardson/node-fs-extra.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kevva/shebang-command#readme", + "url": "https://github.com/jprichardson/node-fs-extra", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kevva/shebang-command/issues", + "url": "https://github.com/jprichardson/node-fs-extra/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e60e2deec0ae6716e5e1ed70d39559d2d7bc494bbbd6dfa8acdbec37c5cbfc495c620783720137f872d9156396e44a35f46389dbbd90aad7f123b44cabf64b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/shebang-command" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/fs-extra" } ] }, { "type": "library", - "name": "shebang-regex", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|shebang-regex@3.0.0", - "author": "Sindre Sorhus", - "description": "Regular expression for matching a shebang line", + "name": "jsonfile", + "version": "6.1.0", + "bom-ref": "jsonfile@6.1.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", "licenses": [ { "license": { @@ -149524,215 +144545,301 @@ } } ], - "purl": "pkg:npm/shebang-regex@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/shebang-regex.git", + "purl": "pkg:npm/jsonfile@6.1.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/shebang-regex#readme", + "url": "https://github.com/jprichardson/node-jsonfile#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/shebang-regex/issues", + "url": "https://github.com/jprichardson/node-jsonfile/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5d8277563ab8984a6e5c9d86893616a52cd0ca3aa170c8307faebd44f59b067221af28fb3c476c5818269cb9fdf3e8ad58283cf5f367ddf9f637727de932a5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/shebang-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jsonfile" } ] }, { "type": "library", - "name": "isexe", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|isexe@2.0.0", - "author": "Isaac Z. Schlueter", - "description": "Minimal module to check if a file is executable.", + "name": "universalify", + "version": "2.0.1", + "bom-ref": "universalify@2.0.1", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/isexe@2.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "purl": "pkg:npm/universalify@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/isaacs/isexe.git", + "url": "git+https://github.com/RyanZim/universalify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/isexe#readme", + "url": "https://github.com/RyanZim/universalify#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/isexe/issues", + "url": "https://github.com/RyanZim/universalify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "829b4735082120d9dcfef4c6224d12385185357c3b255ae5454b42a2725196f6b0e83b97d303b925e928f6c5ab301861f8fb18019ee85c088e9dffd42a88328b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/isexe" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/universalify" } ] }, { "type": "library", - "name": "signal-exit", - "version": "4.1.0", - "bom-ref": "npm@10.8.0|signal-exit@4.1.0", - "author": "Ben Coe", - "description": "when you want to fire an event no matter how a process exits.", + "name": "get-installed-path", + "version": "4.0.8", + "bom-ref": "get-installed-path@4.0.8", + "author": "Charlike Mike Reagent", + "description": "Get installation path where the given package is installed. Works for globally and locally installed packages", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/signal-exit@4.1.0?vcs_url=git%2Bhttps%3A//github.com/tapjs/signal-exit.git", + "purl": "pkg:npm/get-installed-path@4.0.8", "externalReferences": [ { - "url": "git+https://github.com/tapjs/signal-exit.git", + "url": "git+https://github.com/tunnckoCore/get-installed-path.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/tapjs/signal-exit#readme", + "url": "https://github.com/tunnckoCore/get-installed-path", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tapjs/signal-exit/issues", + "url": "https://github.com/tunnckoCore/get-installed-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-installed-path/-/get-installed-path-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e600d2b5c449481e51c7dad5df3a84e74835235f55f71af28ae99c8b6d49d20829f5a400f0bbaede556b6db8fcc95ab5c30d3d8c7ceeae01a2882ce15f8ad98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/signal-exit" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/get-installed-path" } ] }, { "type": "library", - "name": "jackspeak", - "version": "2.3.6", - "bom-ref": "npm@10.8.0|jackspeak@2.3.6", - "author": "Isaac Z. Schlueter", - "description": "A very strict and proper argument parser.", + "name": "global-modules", + "version": "1.0.0", + "bom-ref": "global-modules@1.0.0", + "author": "Jon Schlinkert", + "description": "The directory used by npm for globally installed npm modules.", "licenses": [ { "license": { - "id": "BlueOak-1.0.0" + "id": "MIT" } } ], - "purl": "pkg:npm/jackspeak@2.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/jackspeak.git", + "purl": "pkg:npm/global-modules@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/isaacs/jackspeak.git", + "url": "git+https://github.com/jonschlinkert/global-modules.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/jackspeak#readme", + "url": "https://github.com/jonschlinkert/global-modules", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/jackspeak/issues", + "url": "https://github.com/jonschlinkert/global-modules/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0ace91247f5d46a4e16ec346738f39ade01e146708ce706ef9ecf3efadf87170b15bab4c29b20a4eab1a71b71162086e03b46f7733a5d155b176a0675ebfb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/jackspeak" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/global-modules" } ] }, { "type": "library", - "name": "cliui", - "group": "@isaacs", - "version": "8.0.2", - "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2", - "author": "Ben Coe", - "description": "easily create complex multi-column command-line-interfaces", + "name": "global-prefix", + "version": "1.0.2", + "bom-ref": "global-prefix@1.0.2", + "author": "Jon Schlinkert", + "description": "Get the npm global path prefix.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40isaacs/cliui@8.0.2?vcs_url=git%2Bhttps%3A//github.com/yargs/cliui.git", + "purl": "pkg:npm/global-prefix@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/yargs/cliui.git", + "url": "git+https://github.com/jonschlinkert/global-prefix.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/yargs/cliui#readme", + "url": "https://github.com/jonschlinkert/global-prefix", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/cliui/issues", + "url": "https://github.com/jonschlinkert/global-prefix/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65b31d4d5031ed4a37e0d1e1e5998bd92aff3f9d5a97e1c9056ccf85ac6710fb4e0a59c585a3d3f93313d9612cd4bf2ce67536c8ec48b1f10e086c42c3ab32a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@isaacs/cliui" - }, + "value": "node_modules/global-prefix" + } + ], + "components": [ { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "which", + "version": "1.3.1", + "bom-ref": "global-prefix@1.0.2|which@1.3.1", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix/node_modules/which" + } + ] } ] }, { "type": "library", - "name": "string-width", - "version": "4.2.3", - "bom-ref": "BomRef.6h760ft6oi8.7sr4bitkllo", - "author": "Sindre Sorhus", - "description": "Get the visual width of a string - the number of columns required to display it", + "name": "expand-tilde", + "version": "2.0.2", + "bom-ref": "expand-tilde@2.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or `~+` to the cwd.", "licenses": [ { "license": { @@ -149740,42 +144847,49 @@ } } ], - "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "purl": "pkg:npm/expand-tilde@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/string-width.git", + "url": "git+https://github.com/jonschlinkert/expand-tilde.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/string-width#readme", + "url": "https://github.com/jonschlinkert/expand-tilde", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/string-width/issues", + "url": "https://github.com/jonschlinkert/expand-tilde/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0391267ac1d6eab7e767dcac1d08cf7494678b44916abd2d8ed1b930db66f67e5352fb1853ca28ce9aed443e00a87c5c6565a556e026428da758a7cdf68ca34f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/string-width-cjs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/expand-tilde" } ] }, { "type": "library", - "name": "eastasianwidth", - "version": "0.2.0", - "bom-ref": "npm@10.8.0|eastasianwidth@0.2.0", - "author": "Masaki Komagata", - "description": "Get East Asian Width from a character.", + "name": "homedir-polyfill", + "version": "1.0.3", + "bom-ref": "homedir-polyfill@1.0.3", + "author": "Brian Woodward", + "description": "Node.js os.homedir polyfill for older versions of node.js.", "licenses": [ { "license": { @@ -149783,42 +144897,49 @@ } } ], - "purl": "pkg:npm/eastasianwidth@0.2.0?vcs_url=git%3A//github.com/komagata/eastasianwidth.git", + "purl": "pkg:npm/homedir-polyfill@1.0.3", "externalReferences": [ { - "url": "git://github.com/komagata/eastasianwidth.git", + "url": "git+https://github.com/doowb/homedir-polyfill.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/komagata/eastasianwidth#readme", + "url": "https://github.com/doowb/homedir-polyfill", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/komagata/eastasianwidth/issues", + "url": "https://github.com/doowb/homedir-polyfill/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7929a6584e5b6532b6368bb8834008df367daecc29ec644aa0a5d2d412d492f3ef88eaace184cdd5d8d022aad7cbd939804b5d2cfcbce898d1c2c34cf6d9c370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/eastasianwidth" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/homedir-polyfill" } ] }, { "type": "library", - "name": "strip-ansi", - "version": "6.0.1", - "bom-ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", + "name": "parse-passwd", + "version": "1.0.0", + "bom-ref": "parse-passwd@1.0.0", + "author": "Brian Woodward", + "description": "Parse a passwd file into a list of users.", "licenses": [ { "license": { @@ -149826,42 +144947,49 @@ } } ], - "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "purl": "pkg:npm/parse-passwd@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/strip-ansi.git", + "url": "git+https://github.com/doowb/parse-passwd.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/strip-ansi#readme", + "url": "https://github.com/doowb/parse-passwd", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/strip-ansi/issues", + "url": "https://github.com/doowb/parse-passwd/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58d40fff4145c464aed82b3fab0fd5b275c135f84b8fafa64180a79c001f2d9a85ba505bf435111525ed69fa3471b5386471b6ca91fc086d625efc8784ea6d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/strip-ansi-cjs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/parse-passwd" } ] }, { "type": "library", - "name": "wrap-ansi", - "version": "7.0.0", - "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0", - "author": "Sindre Sorhus", - "description": "Wordwrap a string with ANSI escape codes", + "name": "is-windows", + "version": "1.0.2", + "bom-ref": "is-windows@1.0.2", + "author": "Jon Schlinkert", + "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", "licenses": [ { "license": { @@ -149869,42 +144997,49 @@ } } ], - "purl": "pkg:npm/wrap-ansi@7.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "purl": "pkg:npm/is-windows@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/chalk/wrap-ansi.git", + "url": "git+https://github.com/jonschlinkert/is-windows.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/wrap-ansi#readme", + "url": "https://github.com/jonschlinkert/is-windows", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/wrap-ansi/issues", + "url": "https://github.com/jonschlinkert/is-windows/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi-cjs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/is-windows" } ] }, { "type": "library", - "name": "color-convert", - "version": "2.0.1", - "bom-ref": "npm@10.8.0|color-convert@2.0.1", - "author": "Heather Arthur", - "description": "Plain color conversion functions", + "name": "resolve-dir", + "version": "1.0.1", + "bom-ref": "resolve-dir@1.0.1", + "author": "Jon Schlinkert", + "description": "Resolve a directory that is either local, global or in the user's home directory.", "licenses": [ { "license": { @@ -149912,128 +145047,149 @@ } } ], - "purl": "pkg:npm/color-convert@2.0.1?vcs_url=git%2Bhttps%3A//github.com/Qix-/color-convert.git", + "purl": "pkg:npm/resolve-dir@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/Qix-/color-convert.git", + "url": "git+https://github.com/jonschlinkert/resolve-dir.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Qix-/color-convert#readme", + "url": "https://github.com/jonschlinkert/resolve-dir", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Qix-/color-convert/issues", + "url": "https://github.com/jonschlinkert/resolve-dir/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bba24e3102cef3ac5927dd33440a14d05515c2b6eda1ce53076f2b9dc1716f33aa719d629d056e3f36732e78fb60383f6b45336d89e6445f7b547e94cff5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/color-convert" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/resolve-dir" } ] }, { "type": "library", - "name": "color-name", - "version": "1.1.4", - "bom-ref": "npm@10.8.0|color-name@1.1.4", - "author": "DY", - "description": "A list of color names and its values", + "name": "domhandler", + "version": "5.0.3", + "bom-ref": "domhandler@5.0.3", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/color-name@1.1.4?vcs_url=git%2Bssh%3A//git%40github.com/colorjs/color-name.git", + "purl": "pkg:npm/domhandler@5.0.3", "externalReferences": [ { - "url": "git+ssh://git@github.com/colorjs/color-name.git", + "url": "git://github.com/fb55/domhandler.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/colorjs/color-name", + "url": "https://github.com/fb55/domhandler#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/colorjs/color-name/issues", + "url": "https://github.com/fb55/domhandler/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "720c25bffd621508859d4f7a5d78113a1f314de7adb272620ec4dced36022c577dfbf58d908a8f4f188cffca5277c548ae15c64dfd4dcb5ab586ab95a83241e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/color-name" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/domhandler" } ] }, { "type": "library", - "name": "wrap-ansi", - "version": "8.1.0", - "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0", - "author": "Sindre Sorhus", - "description": "Wordwrap a string with ANSI escape codes", + "name": "domutils", + "version": "3.1.0", + "bom-ref": "domutils@3.1.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/wrap-ansi@8.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "purl": "pkg:npm/domutils@3.1.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/wrap-ansi.git", + "url": "git://github.com/fb55/domutils.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/wrap-ansi#readme", + "url": "https://github.com/fb55/domutils#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/wrap-ansi/issues", + "url": "https://github.com/fb55/domutils/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fbf2e32642d23602180326359e4261f0249d9b2cf0f718c98eed98dafd9661f38c249bee2eb7e2149d47516bcb82197f3c0e2571d63e8545ed577f11208c464" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/domutils" } ] }, { "type": "library", - "name": "ansi-styles", - "version": "6.2.1", - "bom-ref": "npm@10.8.0|ansi-styles@6.2.1", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", + "name": "dom-serializer", + "version": "2.0.0", + "bom-ref": "dom-serializer@2.0.0", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", "licenses": [ { "license": { @@ -150041,128 +145197,134 @@ } } ], - "purl": "pkg:npm/ansi-styles@6.2.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "purl": "pkg:npm/dom-serializer@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-styles.git", + "url": "git://github.com/cheeriojs/dom-serializer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/ansi-styles#readme", + "url": "https://github.com/cheeriojs/dom-serializer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-styles/issues", + "url": "https://github.com/cheeriojs/dom-serializer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c08900af28aab7f9d5e4440aa90a68dd24e848e57d2740e76c9ab02bb5affd3adcf76cc801867816532ef893c55b50df185b7cd594c21a00c469b7df5de2f226" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ansi-styles" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/dom-serializer" } ] }, { "type": "library", - "name": "parseargs", - "group": "@pkgjs", - "version": "0.11.0", - "bom-ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0", - "description": "Polyfill of future proposal for `util.parseArgs()`", - "scope": "optional", + "name": "entities", + "version": "4.5.0", + "bom-ref": "entities@4.5.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease & speed", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0?vcs_url=git%2Bssh%3A//git%40github.com/pkgjs/parseargs.git", + "purl": "pkg:npm/entities@4.5.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "url": "git://github.com/fb55/entities.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/pkgjs/parseargs#readme", + "url": "https://github.com/fb55/entities#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/pkgjs/parseargs/issues", + "url": "https://github.com/fb55/entities/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5748631f87463e1f40a39a74328458e8156ab700a3873eaf2392d3f00279e47fb883dff8bdb1f1d48e787d2d17b9c94b8431c0acf40288c8c3c6368bf1f3f187" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@pkgjs/parseargs" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/entities" } ] }, { "type": "library", - "name": "path-scurry", - "version": "1.11.1", - "bom-ref": "npm@10.8.0|path-scurry@1.11.1", - "author": "Isaac Z. Schlueter", - "description": "walk paths fast and efficiently", + "name": "https", + "version": "1.0.0", + "bom-ref": "https@1.0.0", + "author": "hardus van der berg", + "description": "https mediation", "licenses": [ { "license": { - "id": "BlueOak-1.0.0" + "id": "ISC" } } ], - "purl": "pkg:npm/path-scurry@1.11.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/path-scurry.git", + "purl": "pkg:npm/https@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/isaacs/path-scurry.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/path-scurry#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/isaacs/path-scurry/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "url": "https://registry.npmjs.org/https/-/https-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e040b9edd757ae4685d31f373a3f2c33a48b4070165f0f744a4aaed8ce0011610d677174d9d14913f180440f2280eefdb5c818a86ac3eda7b87f92f7ba6da582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/path-scurry" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/https" } ] }, { "type": "library", - "name": "graceful-fs", - "version": "4.2.11", - "bom-ref": "npm@10.8.0|graceful-fs@4.2.11", - "description": "A drop-in replacement for fs, making various improvements.", + "name": "inquirer-file-tree-selection-prompt", + "version": "2.0.2", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2", + "author": "anc95", + "description": "inquerer file tree selection prompt", "licenses": [ { "license": { @@ -150170,342 +145332,503 @@ } } ], - "purl": "pkg:npm/graceful-fs@4.2.11?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "purl": "pkg:npm/inquirer-file-tree-selection-prompt@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "url": "git+https://github.com/anc95/inquirer-file-tree-selection.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-graceful-fs#readme", + "url": "https://github.com/anc95/inquirer-file-tree-selection#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-graceful-fs/issues", + "url": "https://github.com/anc95/inquirer-file-tree-selection/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer-file-tree-selection-prompt/-/inquirer-file-tree-selection-prompt-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae56d0ec1ca4819fdf9aded259cdac681072b8cb10ad487e8aa9f2e1a32868bab6e426354ed643a7171a3bea0407335e5410fbe7d7789936884877e74a75414b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/graceful-fs" - }, + "value": "node_modules/inquirer-file-tree-selection-prompt" + } + ], + "components": [ { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "rxjs", + "version": "7.8.1", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@7.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://rxjs.dev", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "000dd3563fb40368ae2284245842bfb6a16306ada3fba3cee98d3325cbf32c016110520edc72f4be5b3d8562e77196c001b2b499aafba19e15d3bf48fea3ccc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt/node_modules/rxjs" + } + ] } ] }, { "type": "library", - "name": "init-package-json", - "version": "6.0.3", - "bom-ref": "npm@10.8.0|init-package-json@6.0.3", - "author": "GitHub Inc.", - "description": "A node module to get your node module started", + "name": "cli-cursor", + "version": "3.1.0", + "bom-ref": "cli-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Toggle the CLI cursor", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/init-package-json@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/init-package-json.git", + "purl": "pkg:npm/cli-cursor@3.1.0", "externalReferences": [ { - "url": "git+https://github.com/npm/init-package-json.git", + "url": "git+https://github.com/sindresorhus/cli-cursor.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/init-package-json#readme", + "url": "https://github.com/sindresorhus/cli-cursor#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/init-package-json/issues", + "url": "https://github.com/sindresorhus/cli-cursor/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23fcc7030b0a7fd16a1a85cce16591002a1bf7e48dba465377de03585e7b138b68a2e46e95b0b171487a44a5043909584c7267ce43ccc92bcf35a6922cd7cb67" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/init-package-json" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/cli-cursor" } ] }, { "type": "library", - "name": "promzard", - "version": "1.0.2", - "bom-ref": "npm@10.8.0|promzard@1.0.2", - "author": "GitHub Inc.", - "description": "prompting wizardly", + "name": "restore-cursor", + "version": "3.1.0", + "bom-ref": "restore-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Gracefully restore the CLI cursor on exit", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/promzard@1.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promzard.git", + "purl": "pkg:npm/restore-cursor@3.1.0", "externalReferences": [ { - "url": "git+https://github.com/npm/promzard.git", + "url": "git+https://github.com/sindresorhus/restore-cursor.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/promzard#readme", + "url": "https://github.com/sindresorhus/restore-cursor#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/promzard/issues", + "url": "https://github.com/sindresorhus/restore-cursor/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97eb1279fcc7a63e6a8a6845484e5af27b9f65800cdec05254c00fb589260bee041f66a7486684317483d22cd141bbbd9dfc90f72e49ad59a9ec4f2866b523bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/promzard" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/restore-cursor" } ] }, { "type": "library", - "name": "read", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|read@3.0.1", - "author": "GitHub Inc.", - "description": "read(1) for node programs", + "name": "onetime", + "version": "5.1.2", + "bom-ref": "onetime@5.1.2", + "author": "Sindre Sorhus", + "description": "Ensure a function is only called once", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/read@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/read.git", + "purl": "pkg:npm/onetime@5.1.2", "externalReferences": [ { - "url": "git+https://github.com/npm/read.git", + "url": "git+https://github.com/sindresorhus/onetime.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/read#readme", + "url": "https://github.com/sindresorhus/onetime#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/read/issues", + "url": "https://github.com/sindresorhus/onetime/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91ba5a4921894d674063928f55e30e2974ab3edafc0bc0bbc287496dcb1de758d19e60fe199bbc63456853a0e6e59e2f5abd0883fd4d2ae59129fee3e5a6984a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/read" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/onetime" } ] }, { "type": "library", - "name": "validate-npm-package-license", - "version": "3.0.4", - "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4", - "author": "Kyle E. Mitchell", - "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "name": "mimic-fn", + "version": "2.1.0", + "bom-ref": "mimic-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Make a function mimic another one", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/validate-npm-package-license@3.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "purl": "pkg:npm/mimic-fn@2.1.0", "externalReferences": [ { - "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "url": "git+https://github.com/sindresorhus/mimic-fn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "url": "https://github.com/sindresorhus/mimic-fn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "url": "https://github.com/sindresorhus/mimic-fn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/validate-npm-package-license" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/mimic-fn" } ] }, { "type": "library", - "name": "spdx-correct", - "version": "3.2.0", - "bom-ref": "npm@10.8.0|spdx-correct@3.2.0", - "description": "correct invalid SPDX expressions", + "name": "signal-exit", + "version": "3.0.7", + "bom-ref": "signal-exit@3.0.7", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/spdx-correct@3.2.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-correct.js.git", + "purl": "pkg:npm/signal-exit@3.0.7", "externalReferences": [ { - "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "url": "git+https://github.com/tapjs/signal-exit.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jslicense/spdx-correct.js#readme", + "url": "https://github.com/tapjs/signal-exit", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jslicense/spdx-correct.js/issues", + "url": "https://github.com/tapjs/signal-exit/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c270f6644fa5f923c2feea12d2f5de13d2f5fb4c2e68ca8a95fcfd00c528dfc26cc8b48159215c1d1d51ae2eb62d9735daf2ebd606f78e5ee2c10860c2901b19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/spdx-correct" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/signal-exit" } ] }, { "type": "library", - "name": "spdx-exceptions", - "version": "2.5.0", - "bom-ref": "npm@10.8.0|spdx-exceptions@2.5.0", - "author": "The Linux Foundation", - "description": "list of SPDX standard license exceptions", + "name": "figures", + "version": "3.2.0", + "bom-ref": "figures@3.2.0", + "author": "Sindre Sorhus", + "description": "Unicode symbols with Windows CMD fallbacks", "licenses": [ { "license": { - "id": "CC-BY-3.0" + "id": "MIT" } } ], - "purl": "pkg:npm/spdx-exceptions@2.5.0?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "purl": "pkg:npm/figures@3.2.0", "externalReferences": [ { - "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "url": "git+https://github.com/sindresorhus/figures.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "url": "https://github.com/sindresorhus/figures#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "url": "https://github.com/sindresorhus/figures/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c9a76e40544a2d760e1a0127e8065abbdd23de08123b28aa5d4d05f4965f79762135af899385feb38e40db38398e7b3cec60056b7e01066da45f0e17a4d71b76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/spdx-exceptions" - }, + "value": "node_modules/figures" + } + ], + "components": [ { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "figures@3.2.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures/node_modules/escape-string-regexp" + } + ] } ] }, { "type": "library", - "name": "spdx-license-ids", - "version": "3.0.17", - "bom-ref": "npm@10.8.0|spdx-license-ids@3.0.17", - "author": "Shinnosuke Watanabe", - "description": "A list of SPDX license identifiers", + "name": "inquirer", + "version": "8.0.0", + "bom-ref": "inquirer@8.0.0", + "author": "Simon Boudrias", + "description": "A collection of common interactive command line user interfaces.", "licenses": [ { "license": { - "id": "CC0-1.0" + "id": "MIT" } } ], - "purl": "pkg:npm/spdx-license-ids@3.0.17?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-license-ids.git", + "purl": "pkg:npm/inquirer@8.0.0", "externalReferences": [ { - "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jslicense/spdx-license-ids#readme", + "url": "https://github.com/SBoudrias/Inquirer.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jslicense/spdx-license-ids/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer/-/inquirer-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38df291093cf09dca3c63f9cc6c6117ba5df0897a94f100d74d9d379bb13b90817a51c994514fdb78749c2346e6e09af9f6d022d2127a334546b25f233d5535c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/spdx-license-ids" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/inquirer" } ] }, { "type": "library", - "name": "validate-npm-package-name", - "version": "5.0.1", - "bom-ref": "npm@10.8.0|validate-npm-package-name@5.0.1", - "author": "GitHub Inc.", - "description": "Give me a string and I'll tell you if it's a valid npm package name", + "name": "cli-width", + "version": "3.0.0", + "bom-ref": "cli-width@3.0.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", "licenses": [ { "license": { @@ -150513,128 +145836,201 @@ } } ], - "purl": "pkg:npm/validate-npm-package-name@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/validate-npm-package-name.git", + "purl": "pkg:npm/cli-width@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/validate-npm-package-name.git", + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/validate-npm-package-name", + "url": "https://github.com/knownasilya/cli-width", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/validate-npm-package-name/issues", + "url": "https://github.com/knownasilya/cli-width/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "171aa990f3f0bb51e3b8df773a67e6e21f2e21a9d7a1f5b44715445b793944ac7e9892584ad873361a77d8acf1c72dd800467f0dcfc458dd6f651634fa43a16f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/validate-npm-package-name" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/cli-width" } ] }, { "type": "library", - "name": "is-cidr", - "version": "5.0.5", - "bom-ref": "npm@10.8.0|is-cidr@5.0.5", - "author": "silverwind", - "description": "Check if a string is an IP address in CIDR notation", + "name": "external-editor", + "version": "3.1.0", + "bom-ref": "external-editor@3.1.0", + "author": "Kevin Gravier", + "description": "Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/is-cidr@5.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/is-cidr.git", + "purl": "pkg:npm/external-editor@3.1.0", "externalReferences": [ { - "url": "git+https://github.com/silverwind/is-cidr.git", + "url": "git+https://github.com/mrkmg/node-external-editor.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/silverwind/is-cidr#readme", + "url": "https://github.com/mrkmg/node-external-editor#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/silverwind/is-cidr/issues", + "url": "https://github.com/mrkmg/node-external-editor/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84c438097d69d62ce6b8b63266a2cc3bfa86370d74c12bfd40308f7f35dfc85ace682492a117ea13529fd6ce5a9fae89e49642eb635ec06fa62b8f63382b507b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/is-cidr" - }, + "value": "node_modules/external-editor" + } + ], + "components": [ { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "tmp", + "version": "0.0.33", + "bom-ref": "external-editor@3.1.0|tmp@0.0.33", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.0.33", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor/node_modules/tmp" + } + ] } ] }, { "type": "library", - "name": "cidr-regex", - "version": "4.0.5", - "bom-ref": "npm@10.8.0|cidr-regex@4.0.5", - "author": "silverwind", - "description": "Regular expression for matching IP addresses in CIDR notation", + "name": "chardet", + "version": "0.7.0", + "bom-ref": "chardet@0.7.0", + "author": "Dmitry Shirokov", + "description": "Character detector", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/cidr-regex@4.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/cidr-regex.git", + "purl": "pkg:npm/chardet@0.7.0", "externalReferences": [ { - "url": "git+https://github.com/silverwind/cidr-regex.git", + "url": "git+ssh://git@github.com/runk/node-chardet.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/silverwind/cidr-regex#readme", + "url": "https://github.com/runk/node-chardet", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/silverwind/cidr-regex/issues", + "url": "http://github.com/runk/node-chardet/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "993f220dcae1d37a83191466a00da1981267c69965311fb4ff4aa5ce3a99112e8d762583719902340938acf159f50f39af6eee9e488d360f193a2c195c11f070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cidr-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/chardet" } ] }, { "type": "library", - "name": "ip-regex", - "version": "5.0.0", - "bom-ref": "npm@10.8.0|ip-regex@5.0.0", + "name": "os-tmpdir", + "version": "1.0.2", + "bom-ref": "os-tmpdir@1.0.2", "author": "Sindre Sorhus", - "description": "Regular expression for matching IP addresses (IPv4 & IPv6)", + "description": "Node.js os.tmpdir() ponyfill", "licenses": [ { "license": { @@ -150642,42 +146038,49 @@ } } ], - "purl": "pkg:npm/ip-regex@5.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ip-regex.git", + "purl": "pkg:npm/os-tmpdir@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/ip-regex.git", + "url": "git+https://github.com/sindresorhus/os-tmpdir.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/ip-regex#readme", + "url": "https://github.com/sindresorhus/os-tmpdir#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/ip-regex/issues", + "url": "https://github.com/sindresorhus/os-tmpdir/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f6151d37562afb148bb8e57058db49936fefd9496074d2c8d4f637505edf37803ac8e19b73e45b3bff2cbbe20d8de52550638c58d6a0ebe2b35d770611557d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ip-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/os-tmpdir" } ] }, { "type": "library", - "name": "libnpmaccess", - "version": "8.0.6", - "bom-ref": "npm@10.8.0|libnpmaccess@8.0.6", - "author": "GitHub Inc.", - "description": "programmatic library for `npm access` commands", + "name": "mute-stream", + "version": "0.0.8", + "bom-ref": "mute-stream@0.0.8", + "author": "Isaac Z. Schlueter", + "description": "Bytes go in, but they don't come out (when muted).", "licenses": [ { "license": { @@ -150685,863 +146088,1095 @@ } } ], - "purl": "pkg:npm/libnpmaccess@8.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmaccess", + "purl": "pkg:npm/mute-stream@0.0.8", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmaccess", + "url": "git://github.com/isaacs/mute-stream.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://npmjs.com/package/libnpmaccess", + "url": "https://github.com/isaacs/mute-stream#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/libnpmaccess/issues", + "url": "https://github.com/isaacs/mute-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e76d658e9285b252c4e32ab8600f475ccf6da67644a7a58a9b123226da787086ec654a4a72c09981a3c87466a25d929ef799bf744acb0790de2bb1168101f00" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmaccess" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/mute-stream" } ] }, { "type": "library", - "name": "libnpmdiff", - "version": "6.1.2", - "bom-ref": "npm@10.8.0|libnpmdiff@6.1.2", - "author": "GitHub Inc.", - "description": "The registry diff", + "name": "run-async", + "version": "2.4.1", + "bom-ref": "run-async@2.4.1", + "author": "Simon Boudrias", + "description": "Utility method to run function either synchronously or asynchronously using the common `this.async()` style.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/libnpmdiff@6.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmdiff", + "purl": "pkg:npm/run-async@2.4.1", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmdiff", + "url": "git+https://github.com/SBoudrias/run-async.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/cli#readme", + "url": "https://github.com/SBoudrias/run-async#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cli/issues", + "url": "https://github.com/SBoudrias/run-async/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6f56756fd356fc73546b03a129ec9912b63f391aebff62b31cc2a6109f08ec012d9c4e698f181063023a425bb46b4a874d4a8136fea83d3b86dc78dbd4b8381" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmdiff" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/run-async" } ] }, { "type": "library", - "name": "binary-extensions", - "version": "2.3.0", - "bom-ref": "npm@10.8.0|binary-extensions@2.3.0", - "author": "Sindre Sorhus", - "description": "List of binary file extensions", + "name": "rxjs", + "version": "6.6.7", + "bom-ref": "rxjs@6.6.7", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/binary-extensions@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/binary-extensions.git", + "purl": "pkg:npm/rxjs@6.6.7", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "url": "git+https://github.com/reactivex/rxjs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/binary-extensions#readme", + "url": "https://github.com/ReactiveX/RxJS", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/binary-extensions/issues", + "url": "https://github.com/ReactiveX/RxJS/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "853770afeef260d213e67e00318a7ce4a03acb0d956b414b6b7460baf6e96b85b7239c729da059a38d5c3375ccfb843a7d1323dec058211d5502664c5d826f45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/binary-extensions" - }, + "value": "node_modules/rxjs" + } + ], + "components": [ { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "rxjs@6.6.7|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs/node_modules/tslib" + } + ] } ] }, { "type": "library", - "name": "diff", - "version": "5.2.0", - "bom-ref": "npm@10.8.0|diff@5.2.0", - "description": "A JavaScript text diff implementation.", + "name": "through", + "version": "2.3.8", + "bom-ref": "through@2.3.8", + "author": "Dominic Tarr", + "description": "simplified stream construction", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/diff@5.2.0?vcs_url=git%3A//github.com/kpdecker/jsdiff.git", + "purl": "pkg:npm/through@2.3.8", "externalReferences": [ { - "url": "git://github.com/kpdecker/jsdiff.git", + "url": "git+https://github.com/dominictarr/through.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kpdecker/jsdiff#readme", + "url": "https://github.com/dominictarr/through", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/kpdecker/jsdiff/issues", + "url": "https://github.com/dominictarr/through/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3cf6a83b3c8f3001dbd7eb46cc0cff9b1680f90ef866f682e1785a793b86b6405d1c4811ac057e2a66669d3ccbd5aa52c9041722f96a8618e00fbdc0de35256" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/diff" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/through" } ] }, { "type": "library", - "name": "libnpmexec", - "version": "8.1.1", - "bom-ref": "npm@10.8.0|libnpmexec@8.1.1", - "author": "GitHub Inc.", - "description": "npm exec (npx) programmatic API", + "name": "jest-mock", + "version": "29.7.0", + "bom-ref": "jest-mock@29.7.0", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/libnpmexec@8.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmexec", + "purl": "pkg:npm/jest-mock@29.7.0#packages/jest-mock", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmexec", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-mock", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/cli#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cli/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21338c667f949184b864587cdf16003b3592b65a0dcc914edacf035ab138961b460fe028ae09db92228445ee3041507274818fc74e7d83aae25b906da7a2e59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmexec" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-mock" } ] }, { "type": "library", - "name": "libnpmfund", - "version": "5.0.10", - "bom-ref": "npm@10.8.0|libnpmfund@5.0.10", - "author": "GitHub Inc.", - "description": "Programmatic API for npm fund", + "name": "istanbul-lib-report", + "group": "@types", + "version": "3.0.3", + "bom-ref": "@types/istanbul-lib-report@3.0.3", + "description": "TypeScript definitions for istanbul-lib-report", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/libnpmfund@5.0.10?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmfund", + "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.3#types/istanbul-lib-report", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmfund", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-report", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/cli#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-report", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cli/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3509fb00742793f4522cec6b05b1b224cfda550fa98e3e470a06ac1717342bf2a1a004df43fe3b032525d79236c815298a18e66acf9af952413aa79cac51feb8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmfund" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@types/istanbul-lib-report" } ] }, { "type": "library", - "name": "libnpmhook", - "version": "10.0.5", - "bom-ref": "npm@10.8.0|libnpmhook@10.0.5", - "author": "GitHub Inc.", - "description": "programmatic API for managing npm registry hooks", + "name": "yargs-parser", + "group": "@types", + "version": "21.0.3", + "bom-ref": "@types/yargs-parser@21.0.3", + "description": "TypeScript definitions for yargs-parser", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/libnpmhook@10.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmhook", + "purl": "pkg:npm/%40types/yargs-parser@21.0.3#types/yargs-parser", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmhook", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs-parser", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/cli#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs-parser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cli/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "238abd414f4c42fe2810ecf8b401c9b4dcf5730b8bc67d85df171cda257959da8b3e95278f7d1a52ec6dd660316131bea1ef0264c57ffbaad4e12e20443ceab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmhook" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@types/yargs-parser" } ] }, { "type": "library", - "name": "aproba", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|aproba@2.0.0", - "author": "Rebecca Turner", - "description": "A ridiculously light-weight argument validator (now browser friendly)", + "name": "jest", + "version": "29.7.0", + "bom-ref": "jest@29.7.0", + "description": "Delightful JavaScript Testing.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/aproba@2.0.0?vcs_url=git%2Bhttps%3A//github.com/iarna/aproba.git", + "purl": "pkg:npm/jest@29.7.0#packages/jest", "externalReferences": [ { - "url": "git+https://github.com/iarna/aproba.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/iarna/aproba", + "url": "https://jestjs.io/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/iarna/aproba/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348cb7a00169f6c85d6b5f61cb81cad0745358ab4f26619d9efcb0bb4d673aa342daf660f99f9fbc90f1a4c400f3c79bd88f4471a7dc763620b03b619d84ef1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/aproba" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest" } ] }, { "type": "library", - "name": "libnpmorg", - "version": "6.0.6", - "bom-ref": "npm@10.8.0|libnpmorg@6.0.6", - "author": "GitHub Inc.", - "description": "Programmatic api for `npm org` commands", + "name": "core", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/core@29.7.0", + "description": "Delightful JavaScript Testing.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/libnpmorg@6.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmorg", + "purl": "pkg:npm/%40jest/core@29.7.0#packages/jest-core", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmorg", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-core", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://npmjs.com/package/libnpmorg", + "url": "https://jestjs.io/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/libnpmorg/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fb69e5d628c9c6b43038f32f132d624f2662e6999eb8d827a8efc718584a620fb1730e098d0d5fc6095468acf0017572c967ff70cf38190251e35e3c431c6b2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmorg" - }, + "value": "node_modules/@jest/core" + } + ], + "components": [ { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@jest/core@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core/node_modules/ci-info" + } + ] } ] }, { "type": "library", - "name": "libnpmpack", - "version": "7.0.2", - "bom-ref": "npm@10.8.0|libnpmpack@7.0.2", - "author": "GitHub Inc.", - "description": "Programmatic API for the bits behind npm pack", + "name": "console", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/console@29.7.0", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/libnpmpack@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpack", + "purl": "pkg:npm/%40jest/console@29.7.0#packages/jest-console", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpack", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-console", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://npmjs.com/package/libnpmpack", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/libnpmpack/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e4d8b8094ed71d08b7d88277f7c1043f846b07c795d3db173f644ea83e1b92c1eb9d3ade7b9d8fb31bd7f2da4bf0bbd3677a45cd7c8f6cd411792378d420213a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmpack" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@jest/console" } ] }, { "type": "library", - "name": "libnpmpublish", - "version": "9.0.8", - "bom-ref": "npm@10.8.0|libnpmpublish@9.0.8", - "author": "GitHub Inc.", - "description": "Programmatic API for the bits behind npm publish and unpublish", + "name": "reporters", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/reporters@29.7.0", + "description": "Jest's reporters", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/libnpmpublish@9.0.8?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpublish", + "purl": "pkg:npm/%40jest/reporters@29.7.0#packages/jest-reporters", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpublish", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-reporters", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://npmjs.com/package/libnpmpublish", + "url": "https://jestjs.io/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cli/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c0a6ad0a25b24e1330056231c00cd371004dca6e1c50075cb92a995be566aac3acd56ee59ab529cc8c4e60b3c1548043e636c9d90373425a5f4d1b489ad383e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmpublish" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@jest/reporters" } ] }, { "type": "library", - "name": "sigstore", - "version": "2.3.0", - "bom-ref": "npm@10.8.0|sigstore@2.3.0", - "author": "bdehamer@github.com", - "description": "code-signing for npm packages", + "name": "test-result", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-result@29.7.0", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/sigstore@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "purl": "pkg:npm/%40jest/test-result@29.7.0#packages/jest-test-result", "externalReferences": [ { - "url": "git+https://github.com/sigstore/sigstore-js.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-result", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sigstore/sigstore-js/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15dc7eb6feb1d7396424f7165e6303006d87067691f573d277968359056c7eb6662d54f7954d5cc32c4b81199747dcabab8341a049bd04cb1f805cd34006c960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/sigstore" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@jest/test-result" } ] }, { "type": "library", - "name": "bundle", - "group": "@sigstore", - "version": "2.3.1", - "bom-ref": "npm@10.8.0|@sigstore/bundle@2.3.1", - "author": "bdehamer@github.com", - "description": "Sigstore bundle type", + "name": "transform", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/transform@29.7.0", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40sigstore/bundle@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "purl": "pkg:npm/%40jest/transform@29.7.0#packages/jest-transform", "externalReferences": [ { - "url": "git+https://github.com/sigstore/sigstore-js.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-transform", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sigstore/sigstore-js/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24fc14cf17314a54cc0ee5e38746bbe70551dd472f48aecad6d46a4c690f4c0a78a534b5d02a6017f2cd585c315a6a2f7126969cdb24b357461e451102af657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@sigstore/bundle" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@jest/transform" } ] }, { "type": "library", - "name": "core", - "group": "@sigstore", - "version": "1.1.0", - "bom-ref": "npm@10.8.0|@sigstore/core@1.1.0", - "author": "bdehamer@github.com", - "description": "Base library for Sigstore", + "name": "fs.realpath", + "version": "1.0.0", + "bom-ref": "fs.realpath@1.0.0", + "author": "Isaac Z. Schlueter", + "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/%40sigstore/core@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "purl": "pkg:npm/fs.realpath@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/sigstore/sigstore-js.git", + "url": "git+https://github.com/isaacs/fs.realpath.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme", + "url": "https://github.com/isaacs/fs.realpath#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sigstore/sigstore-js/issues", + "url": "https://github.com/isaacs/fs.realpath/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38ed291f694ae9ad2166701d6aee48b731cf23aa5496f23b8cc567c54411b70e28c05db093c94e49a6ed1830933f81a0ae0d8c6c69d63bd5fc2b5b78f9f18c0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@sigstore/core" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/fs.realpath" } ] }, { "type": "library", - "name": "sign", - "group": "@sigstore", - "version": "2.3.1", - "bom-ref": "npm@10.8.0|@sigstore/sign@2.3.1", - "author": "bdehamer@github.com", - "description": "Sigstore signing library", + "name": "inflight", + "version": "1.0.6", + "bom-ref": "inflight@1.0.6", + "author": "Isaac Z. Schlueter", + "description": "Add callbacks to requests in flight to avoid async duplication", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/%40sigstore/sign@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "purl": "pkg:npm/inflight@1.0.6", "externalReferences": [ { - "url": "git+https://github.com/sigstore/sigstore-js.git", + "url": "git+https://github.com/npm/inflight.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme", + "url": "https://github.com/isaacs/inflight", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sigstore/sigstore-js/issues", + "url": "https://github.com/isaacs/inflight/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93dd88fdbd3cab8c2f16c71708bbea7ec1c2ae3ac5ef2897b10b8856f544ecdf365b7f9aaa9cee51d05b7e159ccbf159477ff82207e532028b3acbcf0eb18224" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@sigstore/sign" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/inflight" } ] }, { "type": "library", - "name": "verify", - "group": "@sigstore", - "version": "1.2.0", - "bom-ref": "npm@10.8.0|@sigstore/verify@1.2.0", - "author": "bdehamer@github.com", - "description": "Verification of Sigstore signatures", + "name": "path-is-absolute", + "version": "1.0.1", + "bom-ref": "path-is-absolute@1.0.1", + "author": "Sindre Sorhus", + "description": "Node.js 0.12 path.isAbsolute() ponyfill", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40sigstore/verify@1.2.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "purl": "pkg:npm/path-is-absolute@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/sigstore/sigstore-js.git", + "url": "git+https://github.com/sindresorhus/path-is-absolute.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme", + "url": "https://github.com/sindresorhus/path-is-absolute#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sigstore/sigstore-js/issues", + "url": "https://github.com/sindresorhus/path-is-absolute/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0156f0dd42767bd6eaeb8bd2692f409b47e37b53daf296c6a934ec9977da2223299ebe4394385f24eb8b8fd49ff7964f5430147ab0df124f3c30f98f7bb50242" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@sigstore/verify" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/path-is-absolute" } ] }, { "type": "library", - "name": "libnpmsearch", - "version": "7.0.5", - "bom-ref": "npm@10.8.0|libnpmsearch@7.0.5", - "author": "GitHub Inc.", - "description": "Programmatic API for searching in npm and compatible registries.", + "name": "istanbul-lib-instrument", + "version": "6.0.2", + "bom-ref": "istanbul-lib-instrument@6.0.2", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/libnpmsearch@7.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmsearch", + "purl": "pkg:npm/istanbul-lib-instrument@6.0.2#packages/istanbul-lib-instrument", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmsearch", + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://npmjs.com/package/libnpmsearch", + "url": "https://istanbul.js.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/libnpmsearch/issues", + "url": "https://github.com/istanbuljs/istanbuljs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5652c67d475940d07b414a8853926dfd5933e534a489e62164ed4c2a5e404ba07413fa17ea3ec7ec4c356e65d286681c27edd8a7f5b4bb4ac9e802bf78de1bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmsearch" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/istanbul-lib-instrument" } ] }, { "type": "library", - "name": "libnpmteam", - "version": "6.0.5", - "bom-ref": "npm@10.8.0|libnpmteam@6.0.5", - "author": "GitHub Inc.", - "description": "npm Team management APIs", + "name": "make-dir", + "version": "4.0.0", + "bom-ref": "make-dir@4.0.0", + "author": "Sindre Sorhus", + "description": "Make a directory and its parents if needed - Think `mkdir -p`", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/libnpmteam@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmteam", + "purl": "pkg:npm/make-dir@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmteam", + "url": "git+https://github.com/sindresorhus/make-dir.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://npmjs.com/package/libnpmteam", + "url": "https://github.com/sindresorhus/make-dir#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cli/issues", + "url": "https://github.com/sindresorhus/make-dir/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8577544d960854eb75131fff8c0422fb04d9669529c018ffd10b0ecea7a06f7ac630c78989212ee712c79d87c1ad1578447dbe38248e3bde48b3fef1d562786f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmteam" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/make-dir" } ] }, { "type": "library", - "name": "libnpmversion", - "version": "6.0.2", - "bom-ref": "npm@10.8.0|libnpmversion@6.0.2", - "author": "GitHub Inc.", - "description": "library to do the things that 'npm version' does", + "name": "source-map", + "version": "0.6.1", + "bom-ref": "source-map@0.6.1", + "author": "Nick Fitzgerald", + "description": "Generates and consumes source maps", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/libnpmversion@6.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmversion", + "purl": "pkg:npm/source-map@0.6.1", "externalReferences": [ { - "url": "git+https://github.com/npm/cli.git#workspaces/libnpmversion", + "url": "git+ssh://git@github.com/mozilla/source-map.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/cli#readme", + "url": "https://github.com/mozilla/source-map", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/cli/issues", + "url": "https://github.com/mozilla/source-map/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/libnpmversion" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/source-map" } ] }, { "type": "library", - "name": "agent", - "group": "@npmcli", - "version": "2.2.2", - "bom-ref": "npm@10.8.0|@npmcli/agent@2.2.2", - "author": "GitHub Inc.", - "description": "the http/https agent used by the npm cli", + "name": "html-escaper", + "version": "2.0.2", + "bom-ref": "html-escaper@2.0.2", + "author": "Andrea Giammarchi", + "description": "fast and safe way to escape and unescape &<>'\" chars", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/%40npmcli/agent@2.2.2?vcs_url=git%2Bhttps%3A//github.com/npm/agent.git", + "purl": "pkg:npm/html-escaper@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/npm/agent.git", + "url": "git+https://github.com/WebReflection/html-escaper.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/agent#readme", + "url": "https://github.com/WebReflection/html-escaper", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/agent/issues", + "url": "https://github.com/WebReflection/html-escaper/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@npmcli/agent" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/html-escaper" } ] }, { "type": "library", - "name": "agent-base", - "version": "7.1.1", - "bom-ref": "npm@10.8.0|agent-base@7.1.1", - "author": "Nathan Rajlich", - "description": "Turn a function into an `http.Agent` instance", + "name": "jest-worker", + "version": "29.7.0", + "bom-ref": "jest-worker@29.7.0", "licenses": [ { "license": { @@ -151549,42 +147184,49 @@ } } ], - "purl": "pkg:npm/agent-base@7.1.1?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "purl": "pkg:npm/jest-worker@29.7.0#packages/jest-worker", "externalReferences": [ { - "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-worker", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/TooTallNate/proxy-agents#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/TooTallNate/proxy-agents/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "788cf69ac2ff1332fd5054c5171ee305391e65f92ed32500c99659989f771f64d8122ae8231d8f42311773062d625f335c2c5bf8f02603684b22dffa64490f1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/agent-base" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-worker" } ] }, { "type": "library", - "name": "http-proxy-agent", - "version": "7.0.2", - "bom-ref": "npm@10.8.0|http-proxy-agent@7.0.2", - "author": "Nathan Rajlich", - "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP", + "name": "char-regex", + "version": "1.0.2", + "bom-ref": "char-regex@1.0.2", + "author": "Richie Bendall", + "description": "A regex to match any full character, considering weird character ranges.", "licenses": [ { "license": { @@ -151592,42 +147234,49 @@ } } ], - "purl": "pkg:npm/http-proxy-agent@7.0.2?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "purl": "pkg:npm/char-regex@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "url": "git+https://github.com/Richienb/char-regex.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/TooTallNate/proxy-agents#readme", + "url": "https://github.com/Richienb/char-regex#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/TooTallNate/proxy-agents/issues", + "url": "https://github.com/Richienb/char-regex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "916597cedbd9e5205057e79180a15e87cab9b0bb99636fbc5942339715954e0fa81b0635e2aca5c7529b2b31ddf0fe99624020d31c880d4f4930787224c6758f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/http-proxy-agent" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/char-regex" } ] }, { "type": "library", - "name": "https-proxy-agent", - "version": "7.0.4", - "bom-ref": "npm@10.8.0|https-proxy-agent@7.0.4", - "author": "Nathan Rajlich", - "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", + "name": "convert-source-map", + "version": "2.0.0", + "bom-ref": "convert-source-map@2.0.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", "licenses": [ { "license": { @@ -151635,42 +147284,47 @@ } } ], - "purl": "pkg:npm/https-proxy-agent@7.0.4?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "purl": "pkg:npm/convert-source-map@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "url": "git://github.com/thlorenz/convert-source-map.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/TooTallNate/proxy-agents#readme", + "url": "https://github.com/thlorenz/convert-source-map", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/TooTallNate/proxy-agents/issues", + "url": "https://github.com/thlorenz/convert-source-map/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afa78e7d1eb576144275080b22d4abbe318de46ac1f5f53172913cf6c5698c7aae9b936354dd75ef7c9f90eb59b4c64b56c2dfb51d261fdc966c4e6b3769126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/https-proxy-agent" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/convert-source-map" } ] }, { "type": "library", - "name": "socks-proxy-agent", - "version": "8.0.3", - "bom-ref": "npm@10.8.0|socks-proxy-agent@8.0.3", - "author": "Nathan Rajlich", - "description": "A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS", + "name": "jest-changed-files", + "version": "29.7.0", + "bom-ref": "jest-changed-files@29.7.0", "licenses": [ { "license": { @@ -151678,42 +147332,49 @@ } } ], - "purl": "pkg:npm/socks-proxy-agent@8.0.3?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "purl": "pkg:npm/jest-changed-files@29.7.0#packages/jest-changed-files", "externalReferences": [ { - "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-changed-files", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/TooTallNate/proxy-agents#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/TooTallNate/proxy-agents/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c402b162c1fd41a50fb86d74a9adc0dcdffc781d2ccbe1a976b68cf05690c5a6cc402e32d87728882b87b9573eba1902486d727cdbedf93edcaca1fa6d357db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/socks-proxy-agent" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-changed-files" } ] }, { "type": "library", - "name": "socks", - "version": "2.8.3", - "bom-ref": "npm@10.8.0|socks@2.8.3", - "author": "Josh Glazebrook", - "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.", + "name": "get-stream", + "version": "6.0.1", + "bom-ref": "get-stream@6.0.1", + "author": "Sindre Sorhus", + "description": "Get a stream as a string, buffer, or array", "licenses": [ { "license": { @@ -151721,85 +147382,99 @@ } } ], - "purl": "pkg:npm/socks@2.8.3?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/socks.git", + "purl": "pkg:npm/get-stream@6.0.1", "externalReferences": [ { - "url": "git+https://github.com/JoshGlazebrook/socks.git", + "url": "git+https://github.com/sindresorhus/get-stream.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/JoshGlazebrook/socks/", + "url": "https://github.com/sindresorhus/get-stream#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/JoshGlazebrook/socks/issues", + "url": "https://github.com/sindresorhus/get-stream/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6ce968beda3de3423aa2ef4c3902537c0c59e44b00be32a9b113374400b076a976585775ff6f50937e03cb18934c7805b174f7d4f053b59acdcd51f68708f62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/socks" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/get-stream" } ] }, { "type": "library", - "name": "ip-address", - "version": "9.0.5", - "bom-ref": "npm@10.8.0|ip-address@9.0.5", - "author": "Beau Gunderson", - "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.", + "name": "human-signals", + "version": "2.1.0", + "bom-ref": "human-signals@2.1.0", + "author": "ehmicky", + "description": "Human-friendly process signals", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/ip-address@9.0.5?vcs_url=git%3A//github.com/beaugunderson/ip-address.git", + "purl": "pkg:npm/human-signals@2.1.0", "externalReferences": [ { - "url": "git://github.com/beaugunderson/ip-address.git", + "url": "git+https://github.com/ehmicky/human-signals.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/beaugunderson/ip-address#readme", + "url": "https://git.io/JeluP", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/beaugunderson/ip-address/issues", + "url": "https://github.com/ehmicky/human-signals/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07814567aabf4f68e1864b2091b116dc706f5887c35bce6c9e44206b0b74ed2ec9e505d393a064355fb4c80799acce50a4c01d625a1c1a89639f4b09fd642417" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ip-address" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/human-signals" } ] }, { "type": "library", - "name": "jsbn", - "version": "1.1.0", - "bom-ref": "npm@10.8.0|jsbn@1.1.0", - "author": "Tom Wu", - "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", + "name": "npm-run-path", + "version": "4.0.1", + "bom-ref": "npm-run-path@4.0.1", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", "licenses": [ { "license": { @@ -151807,85 +147482,99 @@ } } ], - "purl": "pkg:npm/jsbn@1.1.0?vcs_url=git%2Bhttps%3A//github.com/andyperlitch/jsbn.git", + "purl": "pkg:npm/npm-run-path@4.0.1", "externalReferences": [ { - "url": "git+https://github.com/andyperlitch/jsbn.git", + "url": "git+https://github.com/sindresorhus/npm-run-path.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/andyperlitch/jsbn#readme", + "url": "https://github.com/sindresorhus/npm-run-path#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/andyperlitch/jsbn/issues", + "url": "https://github.com/sindresorhus/npm-run-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/jsbn" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/npm-run-path" } ] }, { "type": "library", - "name": "sprintf-js", - "version": "1.1.3", - "bom-ref": "npm@10.8.0|sprintf-js@1.1.3", - "author": "Alexandru Mărășteanu", - "description": "JavaScript sprintf implementation", + "name": "strip-final-newline", + "version": "2.0.0", + "bom-ref": "strip-final-newline@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip the final newline character from a string/buffer", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/sprintf-js@1.1.3?vcs_url=git%2Bhttps%3A//github.com/alexei/sprintf.js.git", + "purl": "pkg:npm/strip-final-newline@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/alexei/sprintf.js.git", + "url": "git+https://github.com/sindresorhus/strip-final-newline.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/alexei/sprintf.js#readme", + "url": "https://github.com/sindresorhus/strip-final-newline#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/alexei/sprintf.js/issues", + "url": "https://github.com/sindresorhus/strip-final-newline/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/sprintf-js" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/strip-final-newline" } ] }, { "type": "library", - "name": "smart-buffer", - "version": "4.2.0", - "bom-ref": "npm@10.8.0|smart-buffer@4.2.0", - "author": "Josh Glazebrook", - "description": "smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.", + "name": "yocto-queue", + "version": "0.1.0", + "bom-ref": "yocto-queue@0.1.0", + "author": "Sindre Sorhus", + "description": "Tiny queue data structure", "licenses": [ { "license": { @@ -151893,85 +147582,148 @@ } } ], - "purl": "pkg:npm/smart-buffer@4.2.0?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/smart-buffer.git", + "purl": "pkg:npm/yocto-queue@0.1.0", "externalReferences": [ { - "url": "git+https://github.com/JoshGlazebrook/smart-buffer.git", + "url": "git+https://github.com/sindresorhus/yocto-queue.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/JoshGlazebrook/smart-buffer/", + "url": "https://github.com/sindresorhus/yocto-queue#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/JoshGlazebrook/smart-buffer/issues", + "url": "https://github.com/sindresorhus/yocto-queue/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad592cbec9cd09d27fa2119ceb180fc3237c7a1782c6c88b33c9b1b84fedfe6395a897b03ee3b59a22e94c74224604ca08b7b12f831e00555a82db3b1e6359d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/smart-buffer" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/yocto-queue" } ] }, { "type": "library", - "name": "http-cache-semantics", - "version": "4.1.1", - "bom-ref": "npm@10.8.0|http-cache-semantics@4.1.1", - "author": "Kornel Lesiński", - "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "name": "jest-config", + "version": "29.7.0", + "bom-ref": "jest-config@29.7.0", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/http-cache-semantics@4.1.1?vcs_url=git%2Bhttps%3A//github.com/kornelski/http-cache-semantics.git", + "purl": "pkg:npm/jest-config@29.7.0#packages/jest-config", "externalReferences": [ { - "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-config", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/kornelski/http-cache-semantics#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kornelski/http-cache-semantics/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b976e97de43b47a4d906a237fd3c42538ab8b6d937bb43c9782f84d336df4a84a3aba6c9edbb813f1cd03cbd227eb918e0336ee0951d9342269415188bce3479" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/http-cache-semantics" - }, + "value": "node_modules/jest-config" + } + ], + "components": [ { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-config@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config/node_modules/ci-info" + } + ] } ] }, { "type": "library", - "name": "is-lambda", - "version": "1.0.1", - "bom-ref": "npm@10.8.0|is-lambda@1.0.1", - "author": "Thomas Watson Steen", - "description": "Detect if your code is running on an AWS Lambda server", + "name": "test-sequencer", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-sequencer@29.7.0", "licenses": [ { "license": { @@ -151979,42 +147731,47 @@ } } ], - "purl": "pkg:npm/is-lambda@1.0.1?vcs_url=git%2Bhttps%3A//github.com/watson/is-lambda.git", + "purl": "pkg:npm/%40jest/test-sequencer@29.7.0#packages/jest-test-sequencer", "externalReferences": [ { - "url": "git+https://github.com/watson/is-lambda.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-sequencer", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/watson/is-lambda", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/watson/is-lambda/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190c09e56655aca9ce26e898880179d94354257813671d4d1e3152101d2a10c99264a02474ca08cf0fc28fac7a345e00bd5db7014a83a45cd090dfde602613c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/is-lambda" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@jest/test-sequencer" } ] }, { "type": "library", - "name": "minipass-fetch", - "version": "3.0.5", - "bom-ref": "npm@10.8.0|minipass-fetch@3.0.5", - "author": "GitHub Inc.", - "description": "An implementation of window.fetch in Node.js using Minipass streams", + "name": "jest-haste-map", + "version": "29.7.0", + "bom-ref": "jest-haste-map@29.7.0", "licenses": [ { "license": { @@ -152022,43 +147779,48 @@ } } ], - "purl": "pkg:npm/minipass-fetch@3.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-fetch.git", + "purl": "pkg:npm/jest-haste-map@29.7.0#packages/jest-haste-map", "externalReferences": [ { - "url": "git+https://github.com/npm/minipass-fetch.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-haste-map", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/minipass-fetch#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/minipass-fetch/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cff2eda9c9fab1d0ad6b1a7d51f69c84d3f2939fe1bb3f192d5a274e053a853cb617d1bf64b1a3059212b9beb4b70d5ba7d3da5c90b765c7dd10b61956ec098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-fetch" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-haste-map" } ] }, { "type": "library", - "name": "encoding", - "version": "0.1.13", - "bom-ref": "npm@10.8.0|encoding@0.1.13", - "author": "Andris Reinman", - "description": "Convert encodings, uses iconv-lite", - "scope": "optional", + "name": "babel-jest", + "version": "29.7.0", + "bom-ref": "babel-jest@29.7.0", + "description": "Jest plugin to use babel for transformation.", "licenses": [ { "license": { @@ -152066,43 +147828,47 @@ } } ], - "purl": "pkg:npm/encoding@0.1.13?vcs_url=git%2Bhttps%3A//github.com/andris9/encoding.git", + "purl": "pkg:npm/babel-jest@29.7.0#packages/babel-jest", "externalReferences": [ { - "url": "git+https://github.com/andris9/encoding.git", + "url": "git+https://github.com/jestjs/jest.git#packages/babel-jest", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/andris9/encoding#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/andris9/encoding/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06bbc6637c594b011c0b32af2ac0a2d86807a83aac62438fe3f6f2e710a023019743120487ef1ec37826ac4d72ed7451e8b1d9223eb22d89d48bf9a6d8a5ca06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/encoding" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/babel-jest" } ] }, { "type": "library", - "name": "iconv-lite", - "version": "0.6.3", - "bom-ref": "npm@10.8.0|iconv-lite@0.6.3", - "author": "Alexander Shtuchkin", - "description": "Convert character encodings in pure javascript.", - "scope": "optional", + "name": "jest-circus", + "version": "29.7.0", + "bom-ref": "jest-circus@29.7.0", "licenses": [ { "license": { @@ -152110,43 +147876,48 @@ } } ], - "purl": "pkg:npm/iconv-lite@0.6.3?vcs_url=git%3A//github.com/ashtuchkin/iconv-lite.git", + "purl": "pkg:npm/jest-circus@29.7.0#packages/jest-circus", "externalReferences": [ { - "url": "git://github.com/ashtuchkin/iconv-lite.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-circus", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/ashtuchkin/iconv-lite", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc4d6708c822a5c4e40a8705c0cf745d741a6fd6d2f8632c8dda663eb95e95ac700fddc077c8951235ffbef1cf74b3e715ff8be34bbee7e8aeb51740d4df66cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/iconv-lite" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-circus" } ] }, { "type": "library", - "name": "safer-buffer", - "version": "2.1.2", - "bom-ref": "npm@10.8.0|safer-buffer@2.1.2", - "author": "Nikita Skovoroda", - "description": "Modern Buffer API polyfill without footguns", - "scope": "optional", + "name": "environment", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/environment@29.7.0", "licenses": [ { "license": { @@ -152154,85 +147925,96 @@ } } ], - "purl": "pkg:npm/safer-buffer@2.1.2?vcs_url=git%2Bhttps%3A//github.com/ChALkeR/safer-buffer.git", + "purl": "pkg:npm/%40jest/environment@29.7.0#packages/jest-environment", "externalReferences": [ { - "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/ChALkeR/safer-buffer#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ChALkeR/safer-buffer/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69021f1c3ab7dc4c6c3788cfd4d5865e1c6043fc22c6ceb480388a3be5d531df0c9f43563d681cdf86500d36f68ca694590eccbb0a22b5702c3765d55cd32903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/safer-buffer" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@jest/environment" } ] }, { "type": "library", - "name": "minipass-sized", - "version": "1.0.3", - "bom-ref": "npm@10.8.0|minipass-sized@1.0.3", - "author": "Isaac Z. Schlueter", - "description": "A Minipass stream that raises an error if you get a different number of bytes than expected", + "name": "expect", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect@29.7.0", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minipass-sized@1.0.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-sized.git", + "purl": "pkg:npm/%40jest/expect@29.7.0#packages/jest-expect", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass-sized.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-expect", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/isaacs/minipass-sized#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass-sized/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e31e00cc9cb6da6f6b73f59411c1f157224bd5745c0af71b298fa62a5dc905db05cba190b40e49ef04fe9f7647201d4e84ba643d6d1645fe0a486810213475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-sized" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@jest/expect" } ] }, { "type": "library", - "name": "minizlib", - "version": "2.1.2", - "bom-ref": "npm@10.8.0|minizlib@2.1.2", - "author": "Isaac Z. Schlueter", - "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", + "name": "jest-snapshot", + "version": "29.7.0", + "bom-ref": "jest-snapshot@29.7.0", "licenses": [ { "license": { @@ -152240,41 +148022,49 @@ } } ], - "purl": "pkg:npm/minizlib@2.1.2?vcs_url=git%2Bhttps%3A//github.com/isaacs/minizlib.git", + "purl": "pkg:npm/jest-snapshot@29.7.0#packages/jest-snapshot", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minizlib.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-snapshot", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/isaacs/minizlib#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minizlib/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "466d01316b7105c8a81ebd7f397e5808ff14a2fe2b887bca3e49ce1acf34e1983d2466609880646ed971242ffb6789ac29855b209b5f53eb4a6fcc6560d7dd93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minizlib" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-snapshot" } ] }, { "type": "library", - "name": "negotiator", - "version": "0.6.3", - "bom-ref": "npm@10.8.0|negotiator@0.6.3", - "description": "HTTP content negotiation", + "name": "dedent", + "version": "1.5.3", + "bom-ref": "dedent@1.5.3", + "author": "Desmond Brand", + "description": "A string tag that strips indentation from multi-line strings. ⬅️", "licenses": [ { "license": { @@ -152282,42 +148072,49 @@ } } ], - "purl": "pkg:npm/negotiator@0.6.3?vcs_url=git%2Bhttps%3A//github.com/jshttp/negotiator.git", + "purl": "pkg:npm/dedent@1.5.3", "externalReferences": [ { - "url": "git+https://github.com/jshttp/negotiator.git", + "url": "git+https://github.com/dmnd/dedent.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jshttp/negotiator#readme", + "url": "https://github.com/dmnd/dedent", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jshttp/negotiator/issues", + "url": "https://github.com/dmnd/dedent/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34742d7ce396ebc583f25832a5b2c0e684fe06dd315c986262fa11e929a635765fa733865f074a5a67301bc37b3f0555595dde17febc9e60fd05a252b13061c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/negotiator" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/dedent" } ] }, { "type": "library", - "name": "err-code", - "version": "2.0.3", - "bom-ref": "npm@10.8.0|err-code@2.0.3", - "author": "IndigoUnited", - "description": "Create an error with a code", + "name": "jest-each", + "version": "29.7.0", + "bom-ref": "jest-each@29.7.0", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", "licenses": [ { "license": { @@ -152325,42 +148122,47 @@ } } ], - "purl": "pkg:npm/err-code@2.0.3?vcs_url=git%3A//github.com/IndigoUnited/js-err-code.git", + "purl": "pkg:npm/jest-each@29.7.0#packages/jest-each", "externalReferences": [ { - "url": "git://github.com/IndigoUnited/js-err-code.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-each", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/IndigoUnited/js-err-code#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/IndigoUnited/js-err-code/issues/", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "827b3e12bd78f99ac4a02e5f84e7d8098d4b3871ebd1323ead0507652f13b70da5ee097ef3478773f8057f62ad930d3e4880020d3796be915cbf7074e157a66d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/err-code" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-each" } ] }, { "type": "library", - "name": "retry", - "version": "0.12.0", - "bom-ref": "npm@10.8.0|retry@0.12.0", - "author": "Tim Koschützki", - "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "name": "jest-runtime", + "version": "29.7.0", + "bom-ref": "jest-runtime@29.7.0", "licenses": [ { "license": { @@ -152368,42 +148170,49 @@ } } ], - "purl": "pkg:npm/retry@0.12.0?vcs_url=git%3A//github.com/tim-kos/node-retry.git", + "purl": "pkg:npm/jest-runtime@29.7.0#packages/jest-runtime", "externalReferences": [ { - "url": "git://github.com/tim-kos/node-retry.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runtime", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/tim-kos/node-retry", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tim-kos/node-retry/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8149cb8e0c1d1aa5bb0782ef38891b2acf5619b9fe40ba91410f63b82e879dd78389ecc8c210cffa684cc0758211c7d0e515176ba38f9c517c049879c5e830c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/retry" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-runtime" } ] }, { "type": "library", - "name": "brace-expansion", - "version": "2.0.1", - "bom-ref": "npm@10.8.0|brace-expansion@2.0.1", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", + "name": "pure-rand", + "version": "6.1.0", + "bom-ref": "pure-rand@6.1.0", + "author": "Nicolas DUBIEN", + "description": " Pure random number generator written in TypeScript", "licenses": [ { "license": { @@ -152411,42 +148220,47 @@ } } ], - "purl": "pkg:npm/brace-expansion@2.0.1?vcs_url=git%3A//github.com/juliangruber/brace-expansion.git", + "purl": "pkg:npm/pure-rand@6.1.0", "externalReferences": [ { - "url": "git://github.com/juliangruber/brace-expansion.git", + "url": "git+https://github.com/dubzzz/pure-rand.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/juliangruber/brace-expansion", + "url": "https://github.com/dubzzz/pure-rand#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/brace-expansion/issues", + "url": "https://github.com/dubzzz/pure-rand/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d559ac2fa19a01629a7ac88a10b505c76639b3df94525479d439379f97c55c8ebf2c9d33d8d709e948f3167a4705c1bc48ea0b664fbad260f16fcfbd6576238" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/brace-expansion" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/pure-rand" } ] }, { "type": "library", - "name": "balanced-match", - "version": "1.0.2", - "bom-ref": "npm@10.8.0|balanced-match@1.0.2", - "author": "Julian Gruber", - "description": "Match balanced character pairs, like \"{\" and \"}\"", + "name": "jest-environment-node", + "version": "29.7.0", + "bom-ref": "jest-environment-node@29.7.0", "licenses": [ { "license": { @@ -152454,41 +148268,48 @@ } } ], - "purl": "pkg:npm/balanced-match@1.0.2?vcs_url=git%3A//github.com/juliangruber/balanced-match.git", + "purl": "pkg:npm/jest-environment-node@29.7.0#packages/jest-environment-node", "externalReferences": [ { - "url": "git://github.com/juliangruber/balanced-match.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/juliangruber/balanced-match", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/balanced-match/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ce4b0091a978ab4ceca178cfb87796193ab59c76ed0b359f3b7b0528cb06dc6f65d1e302a0aa21bcbcd798c218c531b1247e3bbbc31d86607d0fda07af1af17" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/balanced-match" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-environment-node" } ] }, { "type": "library", - "name": "ms", - "version": "2.1.3", - "bom-ref": "npm@10.8.0|ms@2.1.3", - "description": "Tiny millisecond conversion utility", + "name": "fake-timers", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/fake-timers@29.7.0", "licenses": [ { "license": { @@ -152496,42 +148317,47 @@ } } ], - "purl": "pkg:npm/ms@2.1.3?vcs_url=git%2Bhttps%3A//github.com/vercel/ms.git", + "purl": "pkg:npm/%40jest/fake-timers@29.7.0#packages/jest-fake-timers", "externalReferences": [ { - "url": "git+https://github.com/vercel/ms.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-fake-timers", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/vercel/ms#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/vercel/ms/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab80c7d476b84d314f7712eca835cad5ddfe8a848bef22f9a023096600d89ba8bee82ca05b9139c55aff0f51ddb06c63b7565649f500b3d3b1481fc135e956ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ms" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@jest/fake-timers" } ] }, { "type": "library", - "name": "env-paths", - "version": "2.2.1", - "bom-ref": "npm@10.8.0|env-paths@2.2.1", - "author": "Sindre Sorhus", - "description": "Get paths for storing things like data, config, cache, etc", + "name": "jest-regex-util", + "version": "29.6.3", + "bom-ref": "jest-regex-util@29.6.3", "licenses": [ { "license": { @@ -152539,85 +148365,95 @@ } } ], - "purl": "pkg:npm/env-paths@2.2.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/env-paths.git", + "purl": "pkg:npm/jest-regex-util@29.6.3#packages/jest-regex-util", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/env-paths.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-regex-util", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/env-paths#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/env-paths/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "289241b110b2c8b35608d04ebd9c910e70087d489127cbfe84e0506069fc803c85dd47a0c223f8830451dff4836b8da0d586d5c9c4e2754177aca8f22c50d66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/env-paths" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-regex-util" } ] }, { "type": "library", - "name": "exponential-backoff", - "version": "3.1.1", - "bom-ref": "npm@10.8.0|exponential-backoff@3.1.1", - "author": "Sami Sayegh", - "description": "A utility that allows retrying a function with an exponential delay between attempts.", + "name": "jest-resolve", + "version": "29.7.0", + "bom-ref": "jest-resolve@29.7.0", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/exponential-backoff@3.1.1?vcs_url=git%2Bhttps%3A//github.com/coveo/exponential-backoff.git", + "purl": "pkg:npm/jest-resolve@29.7.0#packages/jest-resolve", "externalReferences": [ { - "url": "git+https://github.com/coveo/exponential-backoff.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/coveo/exponential-backoff#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/coveo/exponential-backoff/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20e561652ae0f94bd502c843483b47c8508205497f43700026ff2267a6639d9ef8c73bf0bb32d789df482083e04e763ad922637eeba930a66c65046c0afc4480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/exponential-backoff" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-resolve" } ] }, { "type": "library", - "name": "is-core-module", - "version": "2.13.1", - "bom-ref": "npm@10.8.0|is-core-module@2.13.1", - "author": "Jordan Harband", - "description": "Is this specifier a node.js core module?", + "name": "jest-runner", + "version": "29.7.0", + "bom-ref": "jest-runner@29.7.0", "licenses": [ { "license": { @@ -152625,42 +148461,47 @@ } } ], - "purl": "pkg:npm/is-core-module@2.13.1?vcs_url=git%2Bhttps%3A//github.com/inspect-js/is-core-module.git", + "purl": "pkg:npm/jest-runner@29.7.0#packages/jest-runner", "externalReferences": [ { - "url": "git+https://github.com/inspect-js/is-core-module.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runner", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/inspect-js/is-core-module", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/inspect-js/is-core-module/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ec73837a70f0806a1c9b1817d345cab9c0547a7e92f39cc838eec639683a6ca1e8ce7156056f4ec01ee4a747496231c3d3801b00dd924bea414e8cf768362a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/is-core-module" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-runner" } ] }, { "type": "library", - "name": "hasown", - "version": "2.0.2", - "bom-ref": "npm@10.8.0|hasown@2.0.2", - "author": "Jordan Harband", - "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "name": "jest-validate", + "version": "29.7.0", + "bom-ref": "jest-validate@29.7.0", "licenses": [ { "license": { @@ -152668,214 +148509,299 @@ } } ], - "purl": "pkg:npm/hasown@2.0.2?vcs_url=git%2Bhttps%3A//github.com/inspect-js/hasOwn.git", + "purl": "pkg:npm/jest-validate@29.7.0#packages/jest-validate", "externalReferences": [ { - "url": "git+https://github.com/inspect-js/hasOwn.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-validate", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/inspect-js/hasOwn#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/inspect-js/hasOwn/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "641ef01ea691195c3ff61493fceb85511786eccf2f29eab4fc9d9e80818b76f8c70a662a180461cd79ad822fa055e679b97145db5f5a39cdcbb36c8b836eed93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/hasown" - }, + "value": "node_modules/jest-validate" + } + ], + "components": [ { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "jest-validate@29.7.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate/node_modules/camelcase" + } + ] } ] }, { "type": "library", - "name": "function-bind", - "version": "1.1.2", - "bom-ref": "npm@10.8.0|function-bind@1.1.2", - "author": "Raynos", - "description": "Implementation of Function.prototype.bind", + "name": "bser", + "version": "2.1.1", + "bom-ref": "bser@2.1.1", + "author": "Wez Furlong", + "description": "JavaScript implementation of the BSER Binary Serialization", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/function-bind@1.1.2?vcs_url=git%2Bhttps%3A//github.com/Raynos/function-bind.git", + "purl": "pkg:npm/bser@2.1.1", "externalReferences": [ { - "url": "git+https://github.com/Raynos/function-bind.git", + "url": "git+https://github.com/facebook/watchman.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Raynos/function-bind", + "url": "https://facebook.github.io/watchman/docs/bser.html", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Raynos/function-bind/issues", + "url": "https://github.com/facebook/watchman/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/function-bind" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/bser" } ] }, { "type": "library", - "name": "npm-audit-report", - "version": "5.0.0", - "bom-ref": "npm@10.8.0|npm-audit-report@5.0.0", - "author": "GitHub Inc.", - "description": "Given a response from the npm security api, render it into a variety of security reports", + "name": "node-int64", + "version": "0.4.0", + "bom-ref": "node-int64@0.4.0", + "author": "Robert Kieffer", + "description": "Support for representing 64-bit integers in JavaScript", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/npm-audit-report@5.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-audit-report.git", + "purl": "pkg:npm/node-int64@0.4.0", "externalReferences": [ { - "url": "git+https://github.com/npm/npm-audit-report.git", + "url": "git+https://github.com/broofa/node-int64.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/npm-audit-report#readme", + "url": "https://github.com/broofa/node-int64#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/npm-audit-report/issues", + "url": "https://github.com/broofa/node-int64/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b9973f75c5239ea173fa0ee9721df965a6af84834d0c5a2b5921bb4f7e8484bea207765e607dc63a858cc35a78f4a83e6dcf9d8f234f2ef6a52f49579405e1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-audit-report" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/node-int64" } ] }, { "type": "library", - "name": "npm-profile", - "version": "10.0.0", - "bom-ref": "npm@10.8.0|npm-profile@10.0.0", - "author": "GitHub Inc.", - "description": "Library for updating an npmjs.com profile", + "name": "makeerror", + "version": "1.0.12", + "bom-ref": "makeerror@1.0.12", + "author": "Naitik Shah", + "description": "A library to make errors.", "licenses": [ { "license": { - "id": "ISC" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/npm-profile@10.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-profile.git", + "purl": "pkg:npm/makeerror@1.0.12", "externalReferences": [ { - "url": "git+https://github.com/npm/npm-profile.git", + "url": "git+https://github.com/daaku/nodejs-makeerror.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/npm-profile#readme", + "url": "https://github.com/daaku/nodejs-makeerror#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/npm-profile/issues", + "url": "https://github.com/daaku/nodejs-makeerror/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "266a82bd4866b78de669d9691731b8050cc6d99de6eadbd00cd29d0a56673b755b22e749626c6c4f414d24c7a2076f894d295341349b53c41d7ac566c097262e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-profile" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/makeerror" } ] }, { "type": "library", - "name": "minipass-json-stream", - "version": "1.0.1", - "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1", - "author": "Isaac Z. Schlueter", - "description": "Like JSONStream, but using Minipass streams", + "name": "tmpl", + "version": "1.0.5", + "bom-ref": "tmpl@1.0.5", + "author": "Naitik Shah", + "description": "JavaScript micro templates.", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/minipass-json-stream@1.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-json-stream.git", + "purl": "pkg:npm/tmpl@1.0.5", "externalReferences": [ { - "url": "git+https://github.com/npm/minipass-json-stream.git", + "url": "git+https://github.com/daaku/nodejs-tmpl.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/minipass-json-stream#readme", + "url": "https://github.com/daaku/nodejs-tmpl", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/minipass-json-stream/issues", + "url": "https://github.com/daaku/nodejs-tmpl/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddfd2e384010c08a86b965b6315cd883c7d5fd036773f229b89346f37eeb2ee73301a2d51ec9561d9423e081a2125e47b379246e1c0bf406fb1ebb26ba3f929b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-json-stream" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/tmpl" } ] }, { "type": "library", - "name": "jsonparse", - "version": "1.3.1", - "bom-ref": "npm@10.8.0|jsonparse@1.3.1", - "author": "Tim Caswell", - "description": "This is a pure-js JSON streaming parser for node.js", + "name": "jest-resolve-dependencies", + "version": "29.7.0", + "bom-ref": "jest-resolve-dependencies@29.7.0", "licenses": [ { "license": { @@ -152883,85 +148809,99 @@ } } ], - "purl": "pkg:npm/jsonparse@1.3.1?vcs_url=git%2Bssh%3A//git%40github.com/creationix/jsonparse.git", + "purl": "pkg:npm/jest-resolve-dependencies@29.7.0#packages/jest-resolve-dependencies", "externalReferences": [ { - "url": "git+ssh://git@github.com/creationix/jsonparse.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve-dependencies", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/creationix/jsonparse#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/creationix/jsonparse/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d330ffeaac49f92d1eb7b5b1788dc7e5749ef654c1051edb3870875e4291ea5b86e66c030e5233550d15e5c642ba84e011d71dc334e085891359fb9b8be9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/jsonparse" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-resolve-dependencies" } ] }, { "type": "library", - "name": "npm-user-validate", - "version": "2.0.1", - "bom-ref": "npm@10.8.0|npm-user-validate@2.0.1", - "author": "GitHub Inc.", - "description": "User validations for npm", + "name": "resolve.exports", + "version": "2.0.2", + "bom-ref": "resolve.exports@2.0.2", + "author": "Luke Edwards", + "description": "A tiny (952b), correct, general-purpose, and configurable \"exports\" and \"imports\" resolver without file-system reliance", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/npm-user-validate@2.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-user-validate.git", + "purl": "pkg:npm/resolve.exports@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/npm/npm-user-validate.git", + "url": "git+https://github.com/lukeed/resolve.exports.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/npm-user-validate#readme", + "url": "https://github.com/lukeed/resolve.exports#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/npm-user-validate/issues", + "url": "https://github.com/lukeed/resolve.exports/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f6516e8dc379ff68c803572fb4ad2aa01e5bf7f56640959ad709d9dbc8488a9b5ec34aa1d7e0c99031a493dc56de591e454ee45c530600ce265a8e38b463b9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-user-validate" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/resolve.exports" } ] }, { "type": "library", - "name": "aggregate-error", - "version": "3.1.0", - "bom-ref": "npm@10.8.0|aggregate-error@3.1.0", + "name": "emittery", + "version": "0.13.1", + "bom-ref": "emittery@0.13.1", "author": "Sindre Sorhus", - "description": "Create an error from multiple errors", + "description": "Simple and modern async event emitter", "licenses": [ { "license": { @@ -152969,42 +148909,47 @@ } } ], - "purl": "pkg:npm/aggregate-error@3.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/aggregate-error.git", + "purl": "pkg:npm/emittery@0.13.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/aggregate-error.git", + "url": "git+https://github.com/sindresorhus/emittery.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/aggregate-error#readme", + "url": "https://github.com/sindresorhus/emittery#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/aggregate-error/issues", + "url": "https://github.com/sindresorhus/emittery/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0de5b06b093aaf9c91f631609c3298b78b0b4b42e61c9262dd93a76f9fc975b6308f79d6f85c509c72238412b3f182c2ee844d3d533d350e3b237095c77e1ea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/aggregate-error" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/emittery" } ] }, { "type": "library", - "name": "clean-stack", - "version": "2.2.0", - "bom-ref": "npm@10.8.0|clean-stack@2.2.0", - "author": "Sindre Sorhus", - "description": "Clean up error stack traces", + "name": "jest-docblock", + "version": "29.7.0", + "bom-ref": "jest-docblock@29.7.0", "licenses": [ { "license": { @@ -153012,42 +148957,47 @@ } } ], - "purl": "pkg:npm/clean-stack@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/clean-stack.git", + "purl": "pkg:npm/jest-docblock@29.7.0#packages/jest-docblock", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/clean-stack.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-docblock", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/clean-stack#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/clean-stack/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abad7b02ec3703ad7682ec9a160b1b15e62934fe6dd9aa1434bc0151b73fd240f5478b7d8b10dbc854c77759e89387a9a15169afb3e67961eb86fb95dd7689e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/clean-stack" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-docblock" } ] }, { "type": "library", - "name": "indent-string", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|indent-string@4.0.0", - "author": "Sindre Sorhus", - "description": "Indent each line in a string", + "name": "jest-leak-detector", + "version": "29.7.0", + "bom-ref": "jest-leak-detector@29.7.0", "licenses": [ { "license": { @@ -153055,128 +149005,146 @@ } } ], - "purl": "pkg:npm/indent-string@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/indent-string.git", + "purl": "pkg:npm/jest-leak-detector@29.7.0#packages/jest-leak-detector", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/indent-string.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-leak-detector", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/indent-string#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/indent-string/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91803c20971262d493d8163d23e48c0b7da70e9053dc9d8dbd6271f3e242b82765fc247523810a50944e88ff17b42731aa04d304624d75b07503c5d129b4deb7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/indent-string" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-leak-detector" } ] }, { "type": "library", - "name": "npm-packlist", - "version": "8.0.2", - "bom-ref": "npm@10.8.0|npm-packlist@8.0.2", - "author": "GitHub Inc.", - "description": "Get a list of the files to add from a folder into an npm package", + "name": "jest-watcher", + "version": "29.7.0", + "bom-ref": "jest-watcher@29.7.0", + "description": "Delightful JavaScript Testing.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/npm-packlist@8.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-packlist.git", + "purl": "pkg:npm/jest-watcher@29.7.0#packages/jest-watcher", "externalReferences": [ { - "url": "git+https://github.com/npm/npm-packlist.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-watcher", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/npm-packlist#readme", + "url": "https://jestjs.io/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/npm-packlist/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e3d160ed65e4537565da1e8b6cbb4c43f1f207aad74885fb4aabc12d09acb1104637d2343cdbcf980982592398e923afae3848fc5eff6c602ff51b67b0f034de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/npm-packlist" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/jest-watcher" } ] }, { "type": "library", - "name": "ignore-walk", - "version": "6.0.5", - "bom-ref": "npm@10.8.0|ignore-walk@6.0.5", - "author": "GitHub Inc.", - "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", + "name": "globals", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/globals@29.7.0", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/ignore-walk@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/ignore-walk.git", + "purl": "pkg:npm/%40jest/globals@29.7.0#packages/jest-globals", "externalReferences": [ { - "url": "git+https://github.com/npm/ignore-walk.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-globals", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/ignore-walk#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/ignore-walk/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a98b3dddbad2db916d8c345b9b50650454b9131a2a96eb22d54c0f896cfe9f23a27988bf58d0d960f24f79a5c17c72d2b0092ed6571b5e06cdbd8617c0a2dcd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/ignore-walk" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@jest/globals" } ] }, { "type": "library", - "name": "just-diff-apply", - "version": "5.5.0", - "bom-ref": "npm@10.8.0|just-diff-apply@5.5.0", - "author": "Angus Croll", - "description": "Apply a diff to an object. Optionally supports jsonPatch protocol", + "name": "source-map", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/source-map@29.6.3", "licenses": [ { "license": { @@ -153184,42 +149152,50 @@ } } ], - "purl": "pkg:npm/just-diff-apply@5.5.0?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "purl": "pkg:npm/%40jest/source-map@29.6.3#packages/jest-source-map", "externalReferences": [ { - "url": "git+https://github.com/angus-c/just.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-source-map", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/angus-c/just#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/angus-c/just/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3078d3f7942e8a970fae92ccfbc24c4b3171e9e1e9e419bee177850c9970b2f5418e628d88802f6ac18ad9fc73d966c64659efa9e8456e1d3b30c6bb9f76099f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/just-diff-apply" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@jest/source-map" } ] }, { "type": "library", - "name": "just-diff", - "version": "6.0.2", - "bom-ref": "npm@10.8.0|just-diff@6.0.2", - "author": "Angus Croll", - "description": "Return an object representing the diffs between two objects. Supports jsonPatch protocol", + "name": "plugin-syntax-jsx", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-jsx@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of jsx", "licenses": [ { "license": { @@ -153227,127 +149203,150 @@ } } ], - "purl": "pkg:npm/just-diff@6.0.2?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.24.1#packages/babel-plugin-syntax-jsx", "externalReferences": [ { - "url": "git+https://github.com/angus-c/just.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-jsx", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/angus-c/just#readme", + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-jsx", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/angus-c/just/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e0adc595dffa46e4308b174b8a684ef4f862ee6b5e245afbdc46553e7aada8218e605328ca4535cf51e080e20787a66a8f5e3b6d8ec7b0b1b891bb060131a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/just-diff" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@babel/plugin-syntax-jsx" } ] }, { "type": "library", - "name": "qrcode-terminal", - "version": "0.12.0", - "bom-ref": "npm@10.8.0|qrcode-terminal@0.12.0", - "description": "QRCodes, in the terminal", + "name": "helper-plugin-utils", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/helper-plugin-utils@7.24.0", + "author": "The Babel Team", + "description": "General utilities for plugins to use", "licenses": [ { "license": { - "name": "Apache 2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/qrcode-terminal@0.12.0?vcs_url=git%2Bhttps%3A//github.com/gtanner/qrcode-terminal.git", + "purl": "pkg:npm/%40babel/helper-plugin-utils@7.24.0#packages/babel-helper-plugin-utils", "externalReferences": [ { - "url": "git+https://github.com/gtanner/qrcode-terminal.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-plugin-utils", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/gtanner/qrcode-terminal", + "url": "https://babel.dev/docs/en/next/babel-helper-plugin-utils", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/gtanner/qrcode-terminal/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c5339d7306d3e17146e25fbcbf364254ea2338555bdb0bd0a8cc3c784038ebe94062fc42d7719c12882e306ac651f2962cf4c826b51bdd3765723f16e1f2db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/qrcode-terminal" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@babel/helper-plugin-utils" } ] }, { "type": "library", - "name": "mute-stream", - "version": "1.0.0", - "bom-ref": "npm@10.8.0|mute-stream@1.0.0", - "author": "GitHub Inc.", - "description": "Bytes go in, but they don't come out (when muted).", + "name": "plugin-syntax-async-generators", + "group": "@babel", + "version": "7.8.4", + "bom-ref": "@babel/plugin-syntax-async-generators@7.8.4", + "description": "Allow parsing of async generator functions", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/mute-stream@1.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/mute-stream.git", + "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4#master", "externalReferences": [ { - "url": "git+https://github.com/npm/mute-stream.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/mute-stream#readme", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/mute-stream/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/mute-stream" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@babel/plugin-syntax-async-generators" } ] }, { "type": "library", - "name": "spdx-expression-parse", - "version": "4.0.0", - "bom-ref": "npm@10.8.0|spdx-expression-parse@4.0.0", - "author": "Kyle E. Mitchell", - "description": "parse SPDX license expressions", + "name": "plugin-syntax-bigint", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-bigint@7.8.3", + "description": "Allow parsing of BigInt literals", "licenses": [ { "license": { @@ -153355,42 +149354,49 @@ } } ], - "purl": "pkg:npm/spdx-expression-parse@4.0.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "purl": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3#master", "externalReferences": [ { - "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c274e71651be631426def0f1a46139ecf8f4b2b454e2c1c4fe60e4b75aafd9824949e50079cda66b858b52750f78a8f2adf9ed5707bf37a7425e953eccbdcda6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/spdx-expression-parse" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@babel/plugin-syntax-bigint" } ] }, { "type": "library", - "name": "supports-color", - "version": "9.4.0", - "bom-ref": "npm@10.8.0|supports-color@9.4.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", + "name": "plugin-syntax-class-properties", + "group": "@babel", + "version": "7.12.13", + "bom-ref": "@babel/plugin-syntax-class-properties@7.12.13", + "description": "Allow parsing of class properties", "licenses": [ { "license": { @@ -153398,84 +149404,99 @@ } } ], - "purl": "pkg:npm/supports-color@9.4.0?vcs_url=git%2Bhttps%3A//github.com/chalk/supports-color.git", + "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13#packages/babel-plugin-syntax-class-properties", "externalReferences": [ { - "url": "git+https://github.com/chalk/supports-color.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-class-properties", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/chalk/supports-color#readme", + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-class-properties", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/supports-color/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e6e227632a56b461a85436014d2c2074ab249db283e264fde2404deb932d26054b4c676df20c9f5225d83a7574d20e7ba5395aa21771e0afd9db5ef5d341960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/supports-color" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@babel/plugin-syntax-class-properties" } ] }, { "type": "library", - "name": "chownr", - "version": "2.0.0", - "bom-ref": "npm@10.8.0|chownr@2.0.0", - "author": "Isaac Z. Schlueter", - "description": "like `chown -R`", + "name": "plugin-syntax-import-meta", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-import-meta@7.10.4", + "description": "Allow parsing of import.meta", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/chownr@2.0.0?vcs_url=git%3A//github.com/isaacs/chownr.git", + "purl": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4#packages/babel-plugin-syntax-import-meta", "externalReferences": [ { - "url": "git://github.com/isaacs/chownr.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-import-meta", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/isaacs/chownr#readme", + "url": "https://github.com/babel/babel#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/chownr/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62a7e6f970f1d3e3eb8775527844023d4f35c82f89599da90cf1524b865da5f661a7832414c6830b552ab1ea2f10ac125299c82fbfaf2be0a5a7b6df874883ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/chownr" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@babel/plugin-syntax-import-meta" } ] }, { "type": "library", - "name": "mkdirp", - "version": "1.0.4", - "bom-ref": "npm@10.8.0|mkdirp@1.0.4", - "description": "Recursively mkdir, like `mkdir -p`", + "name": "plugin-syntax-json-strings", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-json-strings@7.8.3", + "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings", "licenses": [ { "license": { @@ -153483,42 +149504,49 @@ } } ], - "purl": "pkg:npm/mkdirp@1.0.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-mkdirp.git", + "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3#master", "externalReferences": [ { - "url": "git+https://github.com/isaacs/node-mkdirp.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-mkdirp#readme", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-mkdirp/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/mkdirp" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@babel/plugin-syntax-json-strings" } ] }, { "type": "library", - "name": "text-table", - "version": "0.2.0", - "bom-ref": "npm@10.8.0|text-table@0.2.0", - "author": "James Halliday", - "description": "borderless text tables with alignment", + "name": "plugin-syntax-logical-assignment-operators", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "description": "Allow parsing of the logical assignment operators", "licenses": [ { "license": { @@ -153526,42 +149554,49 @@ } } ], - "purl": "pkg:npm/text-table@0.2.0?vcs_url=git%3A//github.com/substack/text-table.git", + "purl": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4#packages/babel-plugin-syntax-logical-assignment-operators", "externalReferences": [ { - "url": "git://github.com/substack/text-table.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-logical-assignment-operators", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/substack/text-table", + "url": "https://github.com/babel/babel#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/substack/text-table/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77cc1a4a19691438a743932dbc653dc4300ecca1f8efe145a277b2d9b68522832bf79da128e2e9d4747b56cce866f3ac57fe3e451b33358ec3d7b6dad2d7b48a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/text-table" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@babel/plugin-syntax-logical-assignment-operators" } ] }, { "type": "library", - "name": "tiny-relative-date", - "version": "1.3.0", - "bom-ref": "npm@10.8.0|tiny-relative-date@1.3.0", - "author": "Joseph Wynn", - "description": "Tiny function that provides relative, human-readable dates.", + "name": "plugin-syntax-nullish-coalescing-operator", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "description": "Allow parsing of the nullish-coalescing operator", "licenses": [ { "license": { @@ -153569,43 +149604,49 @@ } } ], - "purl": "pkg:npm/tiny-relative-date@1.3.0?vcs_url=git%2Bhttps%3A//github.com/wildlyinaccurate/relative-date.git", + "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3#master", "externalReferences": [ { - "url": "git+https://github.com/wildlyinaccurate/relative-date.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/wildlyinaccurate/relative-date#readme", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/wildlyinaccurate/relative-date/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/tiny-relative-date" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/@babel/plugin-syntax-nullish-coalescing-operator" } ] }, { "type": "library", - "name": "core", - "group": "@oclif", - "version": "4.0.1", - "bom-ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", - "author": "Salesforce", - "description": "base library for oclif CLIs", + "name": "plugin-syntax-numeric-separator", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator", "licenses": [ { "license": { @@ -153613,30 +149654,30 @@ } } ], - "purl": "pkg:npm/%40oclif/core@4.0.1", + "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4#packages/babel-plugin-syntax-numeric-separator", "externalReferences": [ { - "url": "git+https://github.com/oclif/core.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-numeric-separator", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/oclif/core", + "url": "https://github.com/babel/babel#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/core/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -153645,17 +149686,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-version/node_modules/@oclif/core" + "value": "node_modules/@babel/plugin-syntax-numeric-separator" } ] }, { "type": "library", - "name": "debug", - "version": "4.3.5", - "bom-ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", + "name": "plugin-syntax-object-rest-spread", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "description": "Allow parsing of object rest/spread", "licenses": [ { "license": { @@ -153663,30 +149704,30 @@ } } ], - "purl": "pkg:npm/debug@4.3.5", + "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3#master", "externalReferences": [ { - "url": "git://github.com/debug-js/debug.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/debug-js/debug#readme", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/debug-js/debug/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -153695,16 +149736,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-version/node_modules/debug" + "value": "node_modules/@babel/plugin-syntax-object-rest-spread" } ] }, { "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "@oclif/plugin-version@2.2.2|ms@2.1.2", - "description": "Tiny millisecond conversion utility", + "name": "plugin-syntax-optional-catch-binding", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "description": "Allow parsing of optional catch bindings", "licenses": [ { "license": { @@ -153712,30 +149754,30 @@ } } ], - "purl": "pkg:npm/ms@2.1.2", + "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3#master", "externalReferences": [ { - "url": "git+https://github.com/zeit/ms.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/zeit/ms#readme", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zeit/ms/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -153744,18 +149786,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-version/node_modules/ms" + "value": "node_modules/@babel/plugin-syntax-optional-catch-binding" } ] }, { "type": "library", - "name": "core", - "group": "@oclif", - "version": "4.0.1", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", - "author": "Salesforce", - "description": "base library for oclif CLIs", + "name": "plugin-syntax-optional-chaining", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "description": "Allow parsing of optional properties", "licenses": [ { "license": { @@ -153763,30 +149804,30 @@ } } ], - "purl": "pkg:npm/%40oclif/core@4.0.1", + "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3#master", "externalReferences": [ { - "url": "git+https://github.com/oclif/core.git", + "url": "git+https://github.com/babel/babel.git#master", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/oclif/core", + "url": "https://github.com/babel/babel/tree/master#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/core/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -153795,17 +149836,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/core" + "value": "node_modules/@babel/plugin-syntax-optional-chaining" } ] }, { "type": "library", - "name": "debug", - "version": "4.3.5", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", + "name": "plugin-syntax-top-level-await", + "group": "@babel", + "version": "7.14.5", + "bom-ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "author": "The Babel Team", + "description": "Allow parsing of top-level await in modules", "licenses": [ { "license": { @@ -153813,30 +149855,30 @@ } } ], - "purl": "pkg:npm/debug@4.3.5", + "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5#packages/babel-plugin-syntax-top-level-await", "externalReferences": [ { - "url": "git://github.com/debug-js/debug.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-top-level-await", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/debug-js/debug#readme", + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-top-level-await", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/debug-js/debug/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "url": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + "content": "871fbeba92efe54d6b8187f07b5c41414851994e35344be952fae9f2392b48276f1929cce7fa9d44cb72949e8f1b938590168791b4c02939dddff63211244717" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -153845,16 +149887,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/debug" + "value": "node_modules/@babel/plugin-syntax-top-level-await" } ] }, { "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2", - "description": "Tiny millisecond conversion utility", + "name": "pkg-dir", + "version": "4.2.0", + "bom-ref": "pkg-dir@4.2.0", + "author": "Sindre Sorhus", + "description": "Find the root directory of a Node.js project or npm package", "licenses": [ { "license": { @@ -153862,30 +149905,30 @@ } } ], - "purl": "pkg:npm/ms@2.1.2", + "purl": "pkg:npm/pkg-dir@4.2.0", "externalReferences": [ { - "url": "git+https://github.com/zeit/ms.git", + "url": "git+https://github.com/sindresorhus/pkg-dir.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/zeit/ms#readme", + "url": "https://github.com/sindresorhus/pkg-dir#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zeit/ms/issues", + "url": "https://github.com/sindresorhus/pkg-dir/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "url": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + "content": "1d10f36da2a30be00e5955f1014ff1e7808e19e22ff5e6fee82903490a0d4ede17c96a0826fb8fb178b3c6efc5af6dc489e91bb59c2687521c206fe5fdad7419" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -153894,48 +149937,250 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/ms" + "value": "node_modules/pkg-dir" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-limit" + } + ] } ] }, { "type": "library", - "name": "http-call", - "version": "5.3.0", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", - "author": "Jeff Dickey @jdxcode", - "description": "make http requests", + "name": "resolve-cwd", + "version": "3.0.0", + "bom-ref": "resolve-cwd@3.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from the current working directory", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/http-call@5.3.0", + "purl": "pkg:npm/resolve-cwd@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/heroku/http-call.git", + "url": "git+https://github.com/sindresorhus/resolve-cwd.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/heroku/http-call", + "url": "https://github.com/sindresorhus/resolve-cwd#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/heroku/http-call/issues", + "url": "https://github.com/sindresorhus/resolve-cwd/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/http-call/-/http-call-5.3.0.tgz", + "url": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6a1c229ac0b6dc8084e243e5f714c18ca0788a76d169e2f265e46e9c2ff5272fd9e97f2dbf6d8c1008caf8a04e31254b6aa5cf4d399df3adfcc1a54828b1b1db" + "content": "3ab65a5f631bfab242a47ffa0a94aab7dc4556937efb1d355e737689ef60e8fe7fdf17a52c0917595003a5dcf52070ff2857c45f213a574534d4e43750edab12" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -153944,17 +150189,68 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call" + "value": "node_modules/resolve-cwd" + } + ], + "components": [ + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "resolve-cwd@3.0.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd/node_modules/resolve-from" + } + ] } ] }, { "type": "library", - "name": "is-retry-allowed", - "version": "1.1.0", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", - "author": "Vsevolod Strukchinsky", - "description": "My prime module", + "name": "jest-cli", + "version": "29.7.0", + "bom-ref": "jest-cli@29.7.0", + "description": "Delightful JavaScript Testing.", "licenses": [ { "license": { @@ -153962,30 +150258,30 @@ } } ], - "purl": "pkg:npm/is-retry-allowed@1.1.0", + "purl": "pkg:npm/jest-cli@29.7.0#packages/jest-cli", "externalReferences": [ { - "url": "git+https://github.com/floatdrop/is-retry-allowed.git", + "url": "git+https://github.com/jestjs/jest.git#packages/jest-cli", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/floatdrop/is-retry-allowed#readme", + "url": "https://jestjs.io/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/floatdrop/is-retry-allowed/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", "type": "distribution", "hashes": [ { - "alg": "SHA-1", - "content": "11a060568b67339444033d0125a61a20d564fb34" + "alg": "SHA-512", + "content": "3955686f0d88b9b37f19262cc444e2fa039eeca6b9f4414c47fb70394dc96f61a728a78c189079486514ac4cf7485566240494759533cbcdec2cd350da066c96" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -153994,17 +150290,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/is-retry-allowed" + "value": "node_modules/jest-cli" } ] }, { "type": "library", - "name": "json-parse-better-errors", - "version": "1.0.2", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2", - "author": "Kat Marchán", - "description": "JSON.parse with context information on error", + "name": "create-jest", + "version": "29.7.0", + "bom-ref": "create-jest@29.7.0", + "description": "Create a new Jest project", "licenses": [ { "license": { @@ -154012,30 +150307,30 @@ } } ], - "purl": "pkg:npm/json-parse-better-errors@1.0.2", + "purl": "pkg:npm/create-jest@29.7.0#packages/create-jest", "externalReferences": [ { - "url": "git+https://github.com/zkat/json-parse-better-errors.git", + "url": "git+https://github.com/jestjs/jest.git#packages/create-jest", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/zkat/json-parse-better-errors#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zkat/json-parse-better-errors/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", + "url": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af" + "content": "01dcf66dd1f456adc5e772843093a87ed405bad582ba49ba276e306cf5913b893590c63b812eddb3fba826436e57cc030ad5969eec06709c2959c8a1fb3116d5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154044,48 +150339,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/json-parse-better-errors" + "value": "node_modules/create-jest" } ] }, { "type": "library", - "name": "tunnel-agent", - "version": "0.6.0", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", - "author": "Mikeal Rogers", - "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", + "name": "cliui", + "version": "8.0.1", + "bom-ref": "cliui@8.0.1", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/tunnel-agent@0.6.0", + "purl": "pkg:npm/cliui@8.0.1", "externalReferences": [ { - "url": "git+https://github.com/mikeal/tunnel-agent.git", + "url": "git+https://github.com/yargs/cliui.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/mikeal/tunnel-agent#readme", + "url": "https://github.com/yargs/cliui#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mikeal/tunnel-agent/issues", + "url": "https://github.com/yargs/cliui/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "url": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", "type": "distribution", "hashes": [ { - "alg": "SHA-1", - "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" + "alg": "SHA-512", + "content": "05278d9f2bacef90b8fff350f6042dd7f72c4d7ca8ffc49bf9a7cb024cc0a6d16e32ca1df4716890636e759a62fe8415ef786754afac47ee4f55131df83afb61" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154094,47 +150389,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/tunnel-agent" + "value": "node_modules/cliui" } ] }, { "type": "library", - "name": "diff", - "version": "5.2.0", - "bom-ref": "sinon@16.1.3|diff@5.2.0", - "description": "A JavaScript text diff implementation.", + "name": "get-caller-file", + "version": "2.0.5", + "bom-ref": "get-caller-file@2.0.5", + "author": "Stefan Penner", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "ISC" } } ], - "purl": "pkg:npm/diff@5.2.0", + "purl": "pkg:npm/get-caller-file@2.0.5", "externalReferences": [ { - "url": "git://github.com/kpdecker/jsdiff.git", + "url": "git+https://github.com/stefanpenner/get-caller-file.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kpdecker/jsdiff#readme", + "url": "https://github.com/stefanpenner/get-caller-file#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/kpdecker/jsdiff/issues", + "url": "https://github.com/stefanpenner/get-caller-file/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "url": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154143,21 +150438,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sinon/node_modules/diff" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/get-caller-file" } ] }, { "type": "library", - "name": "supports-color", - "version": "7.2.0", - "bom-ref": "sinon@16.1.3|supports-color@7.2.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", + "name": "require-directory", + "version": "2.1.1", + "bom-ref": "require-directory@2.1.1", + "author": "Troy Goode", + "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.", "licenses": [ { "license": { @@ -154165,30 +150456,30 @@ } } ], - "purl": "pkg:npm/supports-color@7.2.0", + "purl": "pkg:npm/require-directory@2.1.1", "externalReferences": [ { - "url": "git+https://github.com/chalk/supports-color.git", + "url": "git://github.com/troygoode/node-require-directory.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/supports-color#readme", + "url": "https://github.com/troygoode/node-require-directory/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/supports-color/issues", + "url": "http://github.com/troygoode/node-require-directory/issues/", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "url": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + "content": "7c6c4423bfb0b06f71aef763b2b9662f6d8e3134e21d1c0032ba2211e320abc833a0b0bf3d0afb46c4434932d483f6d9019b45f9354890773aff84482abba2f9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154197,52 +150488,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sinon/node_modules/supports-color" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/require-directory" } ] }, { "type": "library", - "name": "commons", - "group": "@sinonjs", - "version": "2.0.0", - "bom-ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", - "description": "Simple functions shared among the sinon end user libraries", + "name": "y18n", + "version": "5.0.8", + "bom-ref": "y18n@5.0.8", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "ISC" } } ], - "purl": "pkg:npm/%40sinonjs/commons@2.0.0", + "purl": "pkg:npm/y18n@5.0.8", "externalReferences": [ { - "url": "git+https://github.com/sinonjs/commons.git", + "url": "git+https://github.com/yargs/y18n.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sinonjs/commons#readme", + "url": "https://github.com/yargs/y18n", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinonjs/commons/issues", + "url": "https://github.com/yargs/y18n/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", + "url": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b8b6b48fce7d98cae0dac97041874efc092b39f987f97e8b4d598d4d2f42a9ec6e13622f54e448912a492ea78f01b127289efb68c982c2bd4d519e7bd76d1772" + "content": "d297c5cde81e0d62472480264cb44fd83c078dd179b3b8e8f6dbb3b5d43102120d09dbd2fb79c620da8f774d00a61a8947fd0b8403544baffeed209bf7c60e7c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154251,53 +150538,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@sinonjs/samsam/node_modules/@sinonjs/commons" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/y18n" } ] }, { "type": "library", - "name": "fake-timers", - "group": "@sinonjs", - "version": "11.2.2", - "bom-ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", - "author": "Christian Johansen", - "description": "Fake JavaScript timers", + "name": "argparse", + "version": "2.0.1", + "bom-ref": "argparse@2.0.1", + "description": "CLI arguments parser. Native port of python's argparse.", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "Python-2.0" } } ], - "purl": "pkg:npm/%40sinonjs/fake-timers@11.2.2", + "purl": "pkg:npm/argparse@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/sinonjs/fake-timers.git", + "url": "git+https://github.com/nodeca/argparse.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sinonjs/fake-timers", + "url": "https://github.com/nodeca/argparse#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sinonjs/fake-timers/issues", + "url": "https://github.com/nodeca/argparse/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", + "url": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1b6a62092c50ee858ec701920321477cf22cc9e2465d8b5cea615b9c503e9115e48849d397c73ff23ba5d92df6f621419c323d1c6a1e596019beebce91971c83" + "content": "f3ef56a9e6db173a57f4e47e59ae8edbd6ac22881e44ccdc1ad00835da4c1c7c80835d1fd3969215505b704a867ff3d7c35123019faadbf6c4060dc3beeacadd" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154306,20 +150587,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/nise/node_modules/@sinonjs/fake-timers" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/argparse" } ] }, { "type": "library", - "name": "path-to-regexp", - "version": "6.2.2", - "bom-ref": "nise@5.1.9|path-to-regexp@6.2.2", - "description": "Express style path to RegExp utility", + "name": "json-colorizer", + "version": "2.2.2", + "bom-ref": "json-colorizer@2.2.2", + "author": "Joe Attardi", + "description": "A library to format JSON with colors for display in the console", "licenses": [ { "license": { @@ -154327,30 +150605,30 @@ } } ], - "purl": "pkg:npm/path-to-regexp@6.2.2", + "purl": "pkg:npm/json-colorizer@2.2.2", "externalReferences": [ { - "url": "git+https://github.com/pillarjs/path-to-regexp.git", + "url": "git+ssh://git@github.com/joeattardi/json-colorizer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/pillarjs/path-to-regexp#readme", + "url": "https://github.com/joeattardi/json-colorizer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/pillarjs/path-to-regexp/issues", + "url": "https://github.com/joeattardi/json-colorizer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", + "url": "https://registry.npmjs.org/json-colorizer/-/json-colorizer-2.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1905f749232892781bdfafb085da515c4fb77fd57c533c80a2b958bce1b1f3bb9f1877a13539f9942c6b2ad2f2678625ff010a9cd9ebf7c6733b0c03655e6883" + "content": "e7aa19b70575a625eb42744d4ed25ea91bfe07d63f7570182ea04169897f08e71476867180b04b00ef3cf829e46d3e8cc4db3473913d98f0486f6b0570dcf7bf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154359,71 +150637,368 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/nise/node_modules/path-to-regexp" + "value": "node_modules/json-colorizer" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "json-colorizer@2.2.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/chalk" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "ansi-styles", - "version": "5.2.0", - "bom-ref": "pretty-format@29.7.0|ansi-styles@5.2.0", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", - "licenses": [ + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/ansi-styles" + } + ] + }, { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-styles@5.2.0", - "externalReferences": [ + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-convert" + } + ] + }, { - "url": "git+https://github.com/chalk/ansi-styles.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "json-colorizer@2.2.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-name" + } + ] }, { - "url": "https://github.com/chalk/ansi-styles#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/escape-string-regexp" + } + ] }, { - "url": "https://github.com/chalk/ansi-styles/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/supports-color" + } + ] }, { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "json-colorizer@2.2.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ { - "alg": "SHA-512", - "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/pretty-format/node_modules/ansi-styles" + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/has-flag" + } + ] } ] }, { "type": "library", - "name": "ci-info", - "version": "3.9.0", - "bom-ref": "jest-util@29.7.0|ci-info@3.9.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", + "name": "markdown-diff", + "version": "2.0.0", + "bom-ref": "markdown-diff@2.0.0", + "author": "Martijn van Duijneveldt", + "description": "Generate a diff between two markdown files in markdown format", "licenses": [ { "license": { @@ -154431,30 +151006,30 @@ } } ], - "purl": "pkg:npm/ci-info@3.9.0", + "purl": "pkg:npm/markdown-diff@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/watson/ci-info.git", + "url": "git+https://github.com/martijnvanduijneveldt/markdown-diff.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/watson/ci-info", + "url": "https://github.com/martijnvanduijneveldt/markdown-diff#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/watson/ci-info/issues", + "url": "https://github.com/martijnvanduijneveldt/markdown-diff/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "url": "https://registry.npmjs.org/markdown-diff/-/markdown-diff-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + "content": "625ac74890b6ac0b1e707082ddce556a178aec6a6dd749040552aa2b9012ead91b4e2fa1bfe9393d73e517e8aa010ff7e9720d36aaab2baf13f6811a66a49174" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154463,125 +151038,68 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-util/node_modules/ci-info" - } - ] - }, - { - "type": "library", - "name": "scope-manager", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", - "description": "TypeScript scope analyser for ESLint", - "licenses": [ - { - "license": { - "id": "MIT" - } + "value": "node_modules/markdown-diff" } ], - "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io/packages/scope-manager", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "components": [ { - "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "markdown-diff@2.0.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ { - "alg": "SHA-512", - "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + "license": { + "id": "BSD-3-Clause" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "types", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", - "description": "Types for the TypeScript-ESTree AST spec", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://typescript-eslint.io", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ { - "alg": "SHA-512", - "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff/node_modules/diff" + } + ] } ] }, { "type": "library", - "name": "visitor-keys", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "name": "marked", + "version": "12.0.2", + "bom-ref": "marked@12.0.2", + "author": "Christopher Jeffrey", + "description": "A markdown parser built for speed", "licenses": [ { "license": { @@ -154589,30 +151107,30 @@ } } ], - "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "purl": "pkg:npm/marked@12.0.2", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "url": "git://github.com/markedjs/marked.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io", + "url": "https://marked.js.org", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "http://github.com/markedjs/marked/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "url": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + "content": "a97526edefd8285a2a14f60f6b752483dc6523973202d1a6c8423331f5bffe6ea45f00b2d8fb3d0d87f98a88a314a43cab2bac72b1e8634e2224672dbb62a0d1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154621,21 +151139,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/marked" } ] }, { "type": "library", - "name": "ajv", - "version": "6.12.6", - "bom-ref": "eslint@8.57.0|ajv@6.12.6", - "author": "Evgeny Poberezkin", - "description": "Another JSON Schema Validator", + "name": "markdown-table-ts", + "version": "1.0.3", + "bom-ref": "markdown-table-ts@1.0.3", + "author": "Jiri Hajek", + "description": "A zero-dependency library for generating Markdown tables written in TypeScript.", "licenses": [ { "license": { @@ -154643,30 +151157,30 @@ } } ], - "purl": "pkg:npm/ajv@6.12.6", + "purl": "pkg:npm/markdown-table-ts@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/ajv-validator/ajv.git", + "url": "git+https://gitlab.com/jiri.hajek/markdown-table-ts.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ajv-validator/ajv", + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ajv-validator/ajv/issues", + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts/-/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "url": "https://registry.npmjs.org/markdown-table-ts/-/markdown-table-ts-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + "content": "958ae9ec55e606aa661a6b0417dd969d2ba476062f2e6d7914f20e0d93b1f7ede7a1b9312718c161cb33a997f956a4e306d2123d2342ef38d4f68df3c292fa01" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154675,21 +151189,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint/node_modules/ajv" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/markdown-table-ts" } ] }, { "type": "library", - "name": "json-schema-traverse", - "version": "0.4.1", - "bom-ref": "eslint@8.57.0|json-schema-traverse@0.4.1", - "author": "Evgeny Poberezkin", - "description": "Traverse JSON Schema passing each schema object to callback", + "name": "mocha", + "version": "10.4.0", + "bom-ref": "mocha@10.4.0", + "author": "TJ Holowaychuk", + "description": "simple, flexible, fun test framework", "licenses": [ { "license": { @@ -154697,30 +151207,30 @@ } } ], - "purl": "pkg:npm/json-schema-traverse@0.4.1", + "purl": "pkg:npm/mocha@10.4.0", "externalReferences": [ { - "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "url": "git+https://github.com/mochajs/mocha.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "url": "https://mochajs.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "url": "https://github.com/mochajs/mocha/issues/", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "url": "https://registry.npmjs.org/mocha/-/mocha-10.4.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + "content": "7aa84607c24a6a9118702e32b57ff1af329fa2b8047378f5a469405d5cb7791c2bb40cb9fe721f4f54af806cdf3745d967178bab46905a4394026a88262bfe6c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154729,106 +151239,375 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint/node_modules/json-schema-traverse" + "value": "node_modules/mocha" }, { "name": "cdx:npm:package:development", "value": "true" } - ] - }, - { - "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "eslint@8.57.0|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", - "licenses": [ - { - "license": { - "id": "ISC" - } - } ], - "purl": "pkg:npm/minimatch@3.1.2", - "externalReferences": [ + "components": [ { - "url": "git://github.com/isaacs/minimatch.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "diff", + "version": "5.0.0", + "bom-ref": "mocha@10.4.0|diff@5.0.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.0.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd54c2aef9b9674246b72fc158796387e0408b0dc82beda3f3b34632ef0dc1cfdfe3c5a80c00b7f79ba898ef590f5d7b64e05a1e6917d68c8bbe454cfda213df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/isaacs/minimatch#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "glob", + "version": "8.1.0", + "bom-ref": "mocha@10.4.0|glob@8.1.0", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@8.1.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afc869123890118945d9053475fddd4be9f1c5222b797412d6a461309334439343751dfce82ee36fb1f0c2877c1608ae7b1fa4d0616381fb75f32bf19b95e809" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/glob" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/isaacs/minimatch/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "minimatch", + "version": "5.0.1", + "bom-ref": "mocha@10.4.0|minimatch@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cb0f12054728436e5cf7a8cbaaf92a116440f8fa6889fc6fad743ae39249119e302c05ec5e1a98232c44346e5272eeb1e14766fddeb8506384afc96bbdbf4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "log-symbols", + "version": "4.1.0", + "bom-ref": "mocha@10.4.0|log-symbols@4.1.0", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: `✔︎ Success`", + "licenses": [ { - "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ + "purl": "pkg:npm/log-symbols@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f173efa4003cbb285fb5ebbca48bd0c69259ed2618769522bd9a46cbab05b01b8a458ffbad019abde75e07c68af99932ababa930554bffd016eaf398cdf4722e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/log-symbols" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint/node_modules/minimatch" + "type": "library", + "name": "yargs", + "version": "16.2.0", + "bom-ref": "mocha@10.4.0|yargs@16.2.0", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@16.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f59afbed0c6d0be5fb7f8c65a42e91b5fa6d1e43139f681bd33442eb6968f6db049550c5b1654bd880961c2a1ea3186224245847e0864f4214784caa5cf2607" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/yargs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" + "type": "library", + "name": "cliui", + "version": "7.0.4", + "bom-ref": "mocha@10.4.0|cliui@7.0.4", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39c444ebc70eb15317a7562fa2797f7f39103b28cb4aeffc6e13c37d0b747b4fc46f6f374ca3f6d05b3632aa0fb2bf52c00e7de6b44203e40ccd873d9c13fe25" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/cliui" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "eslint@8.57.0|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", + "name": "browser-stdout", + "version": "1.3.1", + "bom-ref": "browser-stdout@1.3.1", + "author": "kumavis", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/brace-expansion@1.1.11", + "purl": "pkg:npm/browser-stdout@1.3.1", "externalReferences": [ { - "url": "git://github.com/juliangruber/brace-expansion.git", + "url": "git+ssh://git@github.com/kumavis/browser-stdout.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/juliangruber/brace-expansion", + "url": "https://github.com/kumavis/browser-stdout#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/brace-expansion/issues", + "url": "https://github.com/kumavis/browser-stdout/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "url": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + "content": "aa1015235f80bf65fba9e94e7c0218c1738da2877a5e5644fdf5da052996fd3e52ccb0260a0ce2f9e89613b7d4bdb1da78d0501f5dd47ed8e95f1b1f2e432983" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154837,7 +151616,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint/node_modules/brace-expansion" + "value": "node_modules/browser-stdout" }, { "name": "cdx:npm:package:development", @@ -154847,42 +151626,42 @@ }, { "type": "library", - "name": "typescript-estree", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", - "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "name": "fill-range", + "version": "7.0.1", + "bom-ref": "fill-range@7.0.1", + "author": "Jon Schlinkert", + "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "purl": "pkg:npm/fill-range@7.0.1", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "url": "git+https://github.com/jonschlinkert/fill-range.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io/packages/typescript-estree", + "url": "https://github.com/jonschlinkert/fill-range", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/jonschlinkert/fill-range/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "url": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154891,21 +151670,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/fill-range" } ] }, { "type": "library", - "name": "types", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", - "description": "Types for the TypeScript-ESTree AST spec", + "name": "to-regex-range", + "version": "5.0.1", + "bom-ref": "to-regex-range@5.0.1", + "author": "Jon Schlinkert", + "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", "licenses": [ { "license": { @@ -154913,30 +151688,30 @@ } } ], - "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "purl": "pkg:npm/to-regex-range@5.0.1", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "url": "git+https://github.com/micromatch/to-regex-range.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io", + "url": "https://github.com/micromatch/to-regex-range", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/micromatch/to-regex-range/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "url": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154945,21 +151720,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/to-regex-range" } ] }, { "type": "library", - "name": "visitor-keys", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "name": "is-number", + "version": "7.0.0", + "bom-ref": "is-number@7.0.0", + "author": "Jon Schlinkert", + "description": "Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.", "licenses": [ { "license": { @@ -154967,30 +151738,30 @@ } } ], - "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "purl": "pkg:npm/is-number@7.0.0", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "url": "git+https://github.com/jonschlinkert/is-number.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io", + "url": "https://github.com/jonschlinkert/is-number", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/jonschlinkert/is-number/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "url": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -154999,21 +151770,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/is-number" } ] }, { "type": "library", - "name": "scope-manager", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", - "description": "TypeScript scope analyser for ESLint", + "name": "is-binary-path", + "version": "2.1.0", + "bom-ref": "is-binary-path@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a file path is a binary file", "licenses": [ { "license": { @@ -155021,30 +151788,30 @@ } } ], - "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "purl": "pkg:npm/is-binary-path@2.1.0", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "url": "git+https://github.com/sindresorhus/is-binary-path.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io/packages/scope-manager", + "url": "https://github.com/sindresorhus/is-binary-path#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/sindresorhus/is-binary-path/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "url": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155053,21 +151820,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/is-binary-path" } ] }, { "type": "library", - "name": "types", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", - "description": "Types for the TypeScript-ESTree AST spec", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", "licenses": [ { "license": { @@ -155075,30 +151838,30 @@ } } ], - "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "purl": "pkg:npm/binary-extensions@2.3.0", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "url": "git+https://github.com/sindresorhus/binary-extensions.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io", + "url": "https://github.com/sindresorhus/binary-extensions#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/sindresorhus/binary-extensions/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "url": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + "content": "09e87eee8c79a9eecb26e2c7a18d1f7a1de91ee5031c071151ec8bd95620859c1fa64348cbffbc39c8346b752e4a86336af9b2970b8b59039fde19748e330c23" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155107,21 +151870,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/binary-extensions" } ] }, { "type": "library", - "name": "visitor-keys", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", - "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "name": "readdirp", + "version": "3.6.0", + "bom-ref": "readdirp@3.6.0", + "author": "Thorsten Lorenz", + "description": "Recursive version of fs.readdir with streaming API.", "licenses": [ { "license": { @@ -155129,30 +151888,30 @@ } } ], - "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "purl": "pkg:npm/readdirp@3.6.0", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "url": "git://github.com/paulmillr/readdirp.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io", + "url": "https://github.com/paulmillr/readdirp", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/paulmillr/readdirp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "url": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155161,52 +151920,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/readdirp" } ] }, { "type": "library", - "name": "typescript-estree", - "group": "@typescript-eslint", - "version": "7.12.0", - "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", - "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "name": "wrappy", + "version": "1.0.2", + "bom-ref": "wrappy@1.0.2", + "author": "Isaac Z. Schlueter", + "description": "Callback wrapping utility", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "ISC" } } ], - "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "purl": "pkg:npm/wrappy@1.0.2", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "url": "git+https://github.com/npm/wrappy.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://typescript-eslint.io/packages/typescript-estree", + "url": "https://github.com/npm/wrappy", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/npm/wrappy/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "url": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + "content": "9784a9fc346c7a8afdc0be84bd5dbe4ee427eb774c90f8d9feca7d5e48214c46d5f4a94f4b5c54b19deeeff2103b8c31b5c141e1b82940f45c477402bdeccf71" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155215,21 +151970,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/wrappy" } ] }, { "type": "library", - "name": "eslint-plugin", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", - "description": "TypeScript plugin for ESLint", + "name": "is-unicode-supported", + "version": "0.1.0", + "bom-ref": "is-unicode-supported@0.1.0", + "author": "Sindre Sorhus", + "description": "Detect whether the terminal supports Unicode", "licenses": [ { "license": { @@ -155237,30 +151988,30 @@ } } ], - "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@4.33.0#packages/eslint-plugin", + "purl": "pkg:npm/is-unicode-supported@0.1.0", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "url": "git+https://github.com/sindresorhus/is-unicode-supported.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "url": "https://github.com/sindresorhus/is-unicode-supported#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/sindresorhus/is-unicode-supported/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", + "url": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "68836203119574e975789c958da5a7fd871502ae068bf628df9a871829ea6d6573eb5837f43d21db7bde63f300d2b14519fc4aed3c92836bb00de36ff89815a6" + "content": "927c46daae140b7bbcb2d446c8054908e771166bf90d989171d94868041701b49f2726be3a1a29368b4b42bb2d061aaeaaee19a6e29b0dcffc4ba9a05e03c53f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155269,7 +152020,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/eslint-plugin" + "value": "node_modules/is-unicode-supported" }, { "name": "cdx:npm:package:development", @@ -155279,42 +152030,42 @@ }, { "type": "library", - "name": "parser", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", - "description": "An ESLint custom parser which leverages TypeScript ESTree", + "name": "serialize-javascript", + "version": "6.0.0", + "bom-ref": "serialize-javascript@6.0.0", + "author": "Eric Ferraiuolo", + "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/%40typescript-eslint/parser@4.33.0#packages/parser", + "purl": "pkg:npm/serialize-javascript@6.0.0", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "url": "git+https://github.com/yahoo/serialize-javascript.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "url": "https://github.com/yahoo/serialize-javascript", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/yahoo/serialize-javascript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.33.0.tgz", + "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "66885db1b5da76318148ad3fafe77ced7d120662b33aae3f4b99f32ba481809b29168f7f0940c9ee18dacaecdef892bb09940b0ccae8ab2b69ee939c14a4f164" + "content": "42bdd3a2cbe0b85b7c78f5aab2f45facac905c8896fa719b629cbc5cadb83501c4f3771ac56b7e988ca64d3d7d0c615b35634b7c4c2cae44a637ae2555607d6a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155323,7 +152074,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/parser" + "value": "node_modules/serialize-javascript" }, { "name": "cdx:npm:package:development", @@ -155333,11 +152084,10 @@ }, { "type": "library", - "name": "scope-manager", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", - "description": "TypeScript scope analyser for ESLint", + "name": "randombytes", + "version": "2.1.0", + "bom-ref": "randombytes@2.1.0", + "description": "random bytes from browserify stand alone", "licenses": [ { "license": { @@ -155345,30 +152095,30 @@ } } ], - "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "purl": "pkg:npm/randombytes@2.1.0", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "url": "git+ssh://git@github.com/crypto-browserify/randombytes.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "url": "https://github.com/crypto-browserify/randombytes", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/crypto-browserify/randombytes/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "url": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + "content": "bd897788e5fee022945aec468bd5248627ba7eca97a92f4513665a89ce2d3450f637641069738c15bb8a2b84260c70b424ee81d59a78d49d0ba53d2847af1a99" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155377,7 +152127,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/scope-manager" + "value": "node_modules/randombytes" }, { "name": "cdx:npm:package:development", @@ -155387,42 +152137,42 @@ }, { "type": "library", - "name": "types", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", - "description": "Types for the TypeScript-ESTree AST spec", + "name": "workerpool", + "version": "6.2.1", + "bom-ref": "workerpool@6.2.1", + "author": "Jos de Jong", + "description": "Offload tasks to a pool of workers on node.js and in the browser", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "purl": "pkg:npm/workerpool@6.2.1", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "url": "git://github.com/josdejong/workerpool.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "url": "https://github.com/josdejong/workerpool", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/josdejong/workerpool/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "url": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + "content": "20b10813dee40d9bc5f566fd7fa8796972b8b304a528651c3841a22186f638ebbf22b0d4f62c23d1f0fffd2b00e84e626f0271a44be1ba59496384a5e0672903" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155431,7 +152181,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/types" + "value": "node_modules/workerpool" }, { "name": "cdx:npm:package:development", @@ -155441,42 +152191,42 @@ }, { "type": "library", - "name": "visitor-keys", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", - "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "name": "yargs-parser", + "version": "20.2.4", + "bom-ref": "yargs-parser@20.2.4", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "purl": "pkg:npm/yargs-parser@20.2.4", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "url": "git+https://github.com/yargs/yargs-parser.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "url": "https://github.com/yargs/yargs-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/yargs/yargs-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + "content": "58e92980d84f4e513bde1e1514016c3a7a262556a8bcef15a8b0f3cb9b1a0a1441150141a0c622ae8c325be43d1c1e07145e19ed5653886de24b3249036f7244" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155485,7 +152235,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/visitor-keys" + "value": "node_modules/yargs-parser" }, { "name": "cdx:npm:package:development", @@ -155495,42 +152245,42 @@ }, { "type": "library", - "name": "eslint-visitor-keys", - "version": "2.1.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", + "name": "yargs-unparser", + "version": "2.0.0", + "bom-ref": "yargs-unparser@2.0.0", + "author": "André Cruz", + "description": "Converts back a yargs argv object to its original array form", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "purl": "pkg:npm/yargs-unparser@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "url": "git+https://github.com/yargs/yargs-unparser.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "url": "https://github.com/yargs/yargs-unparser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "url": "https://github.com/yargs/yargs-unparser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "url": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + "content": "ee9453200f5073571a6746d9e9161119b1c9b61256b9a91ff969872b4ad578b90daeb1a17e869b04d76e7ba91d20d23aaf889fee872af5a0ff9fbc7028e77338" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155539,21 +152289,77 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-visitor-keys" + "value": "node_modules/yargs-unparser" }, { "name": "cdx:npm:package:development", "value": "true" } + ], + "components": [ + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "yargs-unparser@2.0.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser/node_modules/camelcase" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } ] }, { "type": "library", - "name": "eslint", - "version": "7.32.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", - "author": "Nicholas C. Zakas", - "description": "An AST-based pattern checker for JavaScript.", + "name": "decamelize", + "version": "4.0.0", + "bom-ref": "decamelize@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", "licenses": [ { "license": { @@ -155561,30 +152367,30 @@ } } ], - "purl": "pkg:npm/eslint@7.32.0", + "purl": "pkg:npm/decamelize@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint.git", + "url": "git+https://github.com/sindresorhus/decamelize.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://eslint.org", + "url": "https://github.com/sindresorhus/decamelize#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint/issues/", + "url": "https://github.com/sindresorhus/decamelize/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz", + "url": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "54767c817f840dfcfef7b8c6720c860b24626bf74f39de9787dc8fbfc065d7e4a8688c03f9afef96b3a6191532398bbb33052173b0b1a9e683654d774b8f84a4" + "content": "f621353e04a293d1de208c3624ef78222767137781a10ac5277c3bb05bb3497e03a66677bf9b19a54895e52c1c7fa990105f98d2bbbc35ea3ea7e9f287627e85" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155593,7 +152399,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint" + "value": "node_modules/decamelize" }, { "name": "cdx:npm:package:development", @@ -155603,12 +152409,11 @@ }, { "type": "library", - "name": "code-frame", - "group": "@babel", - "version": "7.12.11", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", - "author": "Sebastian McKenzie", - "description": "Generate errors that contain a code frame that point to source locations.", + "name": "is-plain-obj", + "version": "2.1.0", + "bom-ref": "is-plain-obj@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", "licenses": [ { "license": { @@ -155616,30 +152421,30 @@ } } ], - "purl": "pkg:npm/%40babel/code-frame@7.12.11#packages/babel-code-frame", + "purl": "pkg:npm/is-plain-obj@2.1.0", "externalReferences": [ { - "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://babeljs.io/", + "url": "https://github.com/sindresorhus/is-plain-obj#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/babel/babel/issues", + "url": "https://github.com/sindresorhus/is-plain-obj/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "66dd72a1d071d5473289e3cc4a45a753884faa1c2aee11a2da714bd4b780dc4525faad8b431d7a3084a0274fb3edd9e682f3fd42d2257ae11318e88e1f545c23" + "content": "6169dfc91c312fff92b2b5987cea54b73e5bdd80fe9f27e41ef8db71a9f393cce0c8ee00483ebbb95311b7c9396cce252cc0e75dfae24613a97a6c3e35f4f578" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155648,7 +152453,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@babel/code-frame" + "value": "node_modules/is-plain-obj" }, { "name": "cdx:npm:package:development", @@ -155658,12 +152463,11 @@ }, { "type": "library", - "name": "eslintrc", - "group": "@eslint", - "version": "0.4.3", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", - "author": "Nicholas C. Zakas", - "description": "The legacy ESLintRC config file format for ESLint", + "name": "mock-fs", + "version": "5.2.0", + "bom-ref": "mock-fs@5.2.0", + "author": "Tim Schaub", + "description": "A configurable mock file system. You know, for testing.", "licenses": [ { "license": { @@ -155671,30 +152475,30 @@ } } ], - "purl": "pkg:npm/%40eslint/eslintrc@0.4.3", + "purl": "pkg:npm/mock-fs@5.2.0", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslintrc.git", + "url": "git://github.com/tschaub/mock-fs.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/eslint/eslintrc#readme", + "url": "https://github.com/tschaub/mock-fs", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslintrc/issues", + "url": "https://github.com/tschaub/mock-fs/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", + "url": "https://registry.npmjs.org/mock-fs/-/mock-fs-5.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "27a285173e50098509ab7a5fd268c47022551116f3bfbd4f5080dccee87d264c0613371e77a08ee400cb1c1d6b6dfffea0f06da0f7cc60d3a9183cc200d95b5f" + "content": "d9d17647a60c4996e98a9d55d561ca18b363aff938f2e40296a3156f91f730ebf073daa1622b37fc859b8f4daa220fd8f0c0d7285178739bf4af1c76a3ac5367" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155703,7 +152507,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc" + "value": "node_modules/mock-fs" }, { "name": "cdx:npm:package:development", @@ -155713,42 +152517,42 @@ }, { "type": "library", - "name": "ajv", - "version": "6.12.6", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", - "author": "Evgeny Poberezkin", - "description": "Another JSON Schema Validator", + "name": "objects-to-csv", + "version": "1.3.6", + "bom-ref": "objects-to-csv@1.3.6", + "author": "Anton Ivanov", + "description": "Converts an array of objects into a CSV file. Saves CSV to disk or returns as string.", "licenses": [ { "license": { - "id": "MIT" + "id": "Unlicense" } } ], - "purl": "pkg:npm/ajv@6.12.6", + "purl": "pkg:npm/objects-to-csv@1.3.6", "externalReferences": [ { - "url": "git+https://github.com/ajv-validator/ajv.git", + "url": "git+https://github.com/anton-bot/objects-to-csv.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/ajv-validator/ajv", + "url": "https://github.com/anton-bot/objects-to-csv#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ajv-validator/ajv/issues", + "url": "https://github.com/anton-bot/objects-to-csv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "url": "https://registry.npmjs.org/objects-to-csv/-/objects-to-csv-1.3.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + "content": "dfcdde4a94b786680292c5bce4a22a06d71b8125b90c356c0a6ccba0ce82deae32cce5f6ae6b56c45e296cb27be9fcfeb9f03ee3f4b0013e1075a63a2145a602" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155757,52 +152561,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/ajv" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/objects-to-csv" } ] }, { "type": "library", - "name": "espree", - "version": "7.3.1", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", - "author": "Nicholas C. Zakas", - "description": "An Esprima-compatible JavaScript parser built on Acorn", + "name": "async-csv", + "version": "2.1.3", + "bom-ref": "async-csv@2.1.3", + "author": "Anton Ivanov", + "description": "ES7 async-await wrapper for the csv package.", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "Unlicense" } } ], - "purl": "pkg:npm/espree@7.3.1", + "purl": "pkg:npm/async-csv@2.1.3", "externalReferences": [ { - "url": "git+https://github.com/eslint/espree.git", + "url": "git+https://github.com/anton-bot/async-csv.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/eslint/espree", + "url": "https://github.com/catcher-in-the-try/async-csv#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/eslint/espree.git", + "url": "https://github.com/catcher-in-the-try/async-csv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz", + "url": "https://registry.npmjs.org/async-csv/-/async-csv-2.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bf724234213ae2e9a41699a4146ab354ab0e4f4b4dd59afeb9ea8b65fa55d4e6fc7be08480f59af8ec42a061f7b6786298c2886819b89bfbda46927f92b473da" + "content": "9a9b0237e0fb9b365eaab943c3b5133e1bc3403971d62f35f44f5f6ca22df1dae48040f91523a506fdd193ffac5dd7af9cedb0c2546454e43891d4f4032a8fa9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155811,21 +152611,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/async-csv" } ] }, { "type": "library", - "name": "js-yaml", - "version": "3.14.1", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", - "author": "Vladimir Zapparov", - "description": "YAML 1.2 parser and serializer", + "name": "csv", + "version": "5.5.3", + "bom-ref": "csv@5.5.3", + "author": "David Worms", + "description": "A mature CSV toolset with simple api, full of options and tested against large datasets.", "licenses": [ { "license": { @@ -155833,30 +152629,30 @@ } } ], - "purl": "pkg:npm/js-yaml@3.14.1", + "purl": "pkg:npm/csv@5.5.3", "externalReferences": [ { - "url": "git+https://github.com/nodeca/js-yaml.git", + "url": "git+https://github.com/adaltas/node-csv.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodeca/js-yaml", + "url": "https://csv.js.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodeca/js-yaml/issues", + "url": "https://github.com/adaltas/node-csv/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "url": "https://registry.npmjs.org/csv/-/csv-5.5.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + "content": "413698d178e385340e760b80445d2518a9b9fe612af4f0fdfd585965e8070c806adad43080da47737767783e261a8da226cf9f4cabf9069d1f67e051b98dd9d2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155865,52 +152661,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/js-yaml" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/csv" } ] }, { "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", + "name": "csv-generate", + "version": "3.4.3", + "bom-ref": "csv-generate@3.4.3", + "author": "David Worms", + "description": "CSV and object generation implementing the Node.js `stream.Readable` API", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minimatch@3.1.2", + "purl": "pkg:npm/csv-generate@3.4.3", "externalReferences": [ { - "url": "git://github.com/isaacs/minimatch.git", + "url": "git+ssh://git@github.com/adaltas/node-csv-generate.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minimatch#readme", + "url": "https://csv.js.org/generate/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minimatch/issues", + "url": "https://github.com/adaltas/node-csv-generate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "url": "https://registry.npmjs.org/csv-generate/-/csv-generate-3.4.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + "content": "c3f4feaea474bf0bc7a96b3fd59c8c0d6b471d225a374ea4951a895c11290c968cffe75992ca3438a87555cbae62f2b75cce772b2b1536af0aa3f7a908af303b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155919,53 +152711,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/minimatch" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/csv-generate" } ] }, { "type": "library", - "name": "config-array", - "group": "@humanwhocodes", - "version": "0.5.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", - "author": "Nicholas C. Zakas", - "description": "Glob-based configuration matching.", + "name": "csv-stringify", + "version": "5.6.5", + "bom-ref": "csv-stringify@5.6.5", + "author": "David Worms", + "description": "CSV stringifier implementing the Node.js `stream.Transform` API", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40humanwhocodes/config-array@0.5.0", + "purl": "pkg:npm/csv-stringify@5.6.5", "externalReferences": [ { - "url": "git+https://github.com/humanwhocodes/config-array.git", + "url": "git+ssh://git@github.com/adaltas/node-csv-stringify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/humanwhocodes/config-array#readme", + "url": "https://csv.js.org/stringify/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/humanwhocodes/config-array/issues", + "url": "https://github.com/adaltas/node-csv-stringify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz", + "url": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "15a82d285cfbe17ad397bcba1c2cd0a700df5cfd328717bd9472c3d546718ef64871bc91cfccd3145ff260d7d27f3538d78783c19d52aced10bedc9ffb014c42" + "content": "3e3890eb9f5a43e7d44d0a92addd571039ceaf9da3877d1106eadfce4b1c684dad3da16c0c7e703801c98b0f17007a614649c2c0c504f4a45ac9ce0afcd6cef0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -155974,53 +152761,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/config-array" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/csv-stringify" } ] }, { "type": "library", - "name": "object-schema", - "group": "@humanwhocodes", - "version": "1.2.1", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", - "author": "Nicholas C. Zakas", - "description": "An object schema merger/validator", + "name": "stream-transform", + "version": "2.1.3", + "bom-ref": "stream-transform@2.1.3", + "author": "David Worms", + "description": "Object transformations implementing the Node.js `stream.Transform` API", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/%40humanwhocodes/object-schema@1.2.1", + "purl": "pkg:npm/stream-transform@2.1.3", "externalReferences": [ { - "url": "git+https://github.com/humanwhocodes/object-schema.git", + "url": "git+ssh://git@github.com/adaltas/node-stream-transform.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/humanwhocodes/object-schema#readme", + "url": "https://csv.js.org/transform/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/humanwhocodes/object-schema/issues", + "url": "https://github.com/adaltas/node-stream-transform/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "url": "https://registry.npmjs.org/stream-transform/-/stream-transform-2.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "66740c9cb5787bb843954bf0f07f94f0048bd36492d869fafbd01cdf01862c87bbfa37b601e00ec4f63e8b320f2437c50dbede0e37afd14b3c30ed6215137c84" + "content": "f461d488ce613220a2e98d378c3d80442d5eb6d0579100684007bb9c9b0f9279c8d28c35d1a5e34e77b0f10b584262e3ce7f7be019e658400980263a64fd4379" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -156029,21 +152811,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/object-schema" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/stream-transform" } ] }, { "type": "library", - "name": "json-schema-traverse", - "version": "0.4.1", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", - "author": "Evgeny Poberezkin", - "description": "Traverse JSON Schema passing each schema object to callback", + "name": "mixme", + "version": "0.5.10", + "bom-ref": "mixme@0.5.10", + "author": "David Worms", + "description": "A library for recursively merging JavaScript objects", "licenses": [ { "license": { @@ -156051,30 +152829,30 @@ } } ], - "purl": "pkg:npm/json-schema-traverse@0.4.1", + "purl": "pkg:npm/mixme@0.5.10", "externalReferences": [ { - "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "url": "git+https://github.com/adaltas/node-mixme.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "url": "https://github.com/adaltas/node-mixme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "url": "https://github.com/adaltas/node-mixme/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "url": "https://registry.npmjs.org/mixme/-/mixme-0.5.10.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + "content": "e47efa00d5a29c1d47dedc2927a258f2ebc0b69985bc7340ae98a52408d744a5d20c32cf20ca1902bc39487d2af73fa52ecf08accc3b436556a568a614a153d5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -156083,51 +152861,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/json-schema-traverse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/mixme" } ] }, { "type": "library", - "name": "eslint-scope", - "version": "5.1.1", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", - "description": "ECMAScript scope analyzer for ESLint", + "name": "oclif", + "version": "4.13.0", + "bom-ref": "oclif@4.13.0", + "author": "Salesforce", + "description": "oclif: create your own CLI", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/eslint-scope@5.1.1", + "purl": "pkg:npm/oclif@4.13.0", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-scope.git", + "url": "git+https://github.com/oclif/oclif.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://github.com/eslint/eslint-scope", + "url": "https://github.com/oclif/oclif", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-scope/issues", + "url": "https://github.com/oclif/oclif/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "url": "https://registry.npmjs.org/oclif/-/oclif-4.13.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + "content": "c12b4e4be3963c2c513ca2bc87a037648009aeed940377b6f568d791ad2085e0fd64a60375495d8e3b6df2d2930dfac3ac64009d17f06de32f4baea28620726d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -156136,51 +152911,379 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-scope" + "value": "node_modules/oclif" }, { "name": "cdx:npm:package:development", "value": "true" } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "oclif@4.13.0|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "oclif@4.13.0|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/debug" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "oclif@4.13.0|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/ms" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "8.1.0", + "bom-ref": "oclif@4.13.0|fs-extra@8.1.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca1950800ea69ce25428eb11505b2025d402be42a1733f2d9591b91c141f45e619cb8e8ec0b718f9989ad26b5d1ec3a8f72fe13fe0b130dd1353d431a0eb46e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/fs-extra" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "4.0.0", + "bom-ref": "oclif@4.13.0|jsonfile@4.0.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@4.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ba175477cfc8e395fda29901d2d907b3e6c8ca590cdbbae86e27f14a605459bcf1373ee1dc48c559cdfb0b84654e91f776d286cbe5258405ec394a196ab8dc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/jsonfile" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "0.1.2", + "bom-ref": "oclif@4.13.0|universalify@0.1.2", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@0.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac125e2390970259b2d6957eeb5ed607d27add4e9771acc71c5d9fd9d6c98b1e17ce9505d114b765b8f414620e080bdae4ffddfc604e61a002435c3ed1acd492" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/universalify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } ] }, { "type": "library", - "name": "estraverse", - "version": "4.3.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0", - "description": "ECMAScript JS AST traversal functions", + "name": "client-cloudfront", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Cloudfront Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/estraverse@4.3.0", + "purl": "pkg:npm/%40aws-sdk/client-cloudfront@3.575.0#clients/client-cloudfront", "externalReferences": [ { - "url": "git+ssh://git@github.com/estools/estraverse.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-cloudfront", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/estools/estraverse", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-cloudfront", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/estools/estraverse/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + "content": "1a3a39ffdc9954b510287ef7fc531f8267a2b003663279a9c563b7b40ef5cad4106549b9183585e20e327c7a14d6745e453c284854a1c3b32f69d641a6e08693" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -156189,374 +153292,1257 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/estraverse" + "value": "node_modules/@aws-sdk/client-cloudfront" }, { "name": "cdx:npm:package:development", "value": "true" } - ] - }, - { - "type": "library", - "name": "eslint-utils", - "version": "2.1.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", - "author": "Toru Nagashima", - "description": "Utilities for ESLint plugins.", - "licenses": [ - { - "license": { - "id": "MIT" - } - } ], - "purl": "pkg:npm/eslint-utils@2.1.0", - "externalReferences": [ + "components": [ { - "url": "git+https://github.com/mysticatea/eslint-utils.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.575.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "602b2d55a5b9b40bd7b3ebf82d1f603403be55184839b8e4d7f92709d550e504114debed550b5d25678dac3658a38013a343871b2a860a3e59d3d4d632ff9ed5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/mysticatea/eslint-utils#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.575.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0cad3e09d9d462b247f42453062f954d06a3ef73a8a035adb5f0b1812731d798bb26d567c60869dc7bce11ed4d944abf283ce7a7bb45f34822ef310c996c659" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.575.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d75ed4fa44248b65e829c6107dea6695170dc67eab10b1a538538143c6762530571181db956da47b4ebb6b408b9b1170a7fcc25ae73b2068ddde29f7c78437ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.575.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac474da6a5b68c47399306dffecf57432c0c2d094890c8ee08aea6c3db05d8e5511871959e1fba7a1ff5245c7c2a3f9e539d5cb627d0eca6877bc746728f0761" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.575.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5765a82c1897342738ac8599b7a15470fe13374564d3603d3cf0815a44dfc8ea288aa7eaf96666663451069c25d7ee54b2f011b25aca585d15ce178c4573c92d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-host-header" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.575.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec310ac7d675d4c69ac9eec57e162d0bcae36ccfcf70570c3b637840401fca97205828fec3882c784d8e19d7c01fd3850e815ce98bcba79defd7abdb3e3cd04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-logger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.575.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae2f3d95d445a2ce8a64319a92758f4b65cf3bdaabfa067bfa63daa14f189123355b8b8aaad9d448e37273e3b7085189aea45eb861e146ad25d9295dd1b8f03b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-recursion-detection" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/mysticatea/eslint-utils/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.575.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7d696be117eb50d4b64773e03fe5aca0c60e44082fff8ecba742747dbddd5ced58bdd73335675d45b152517d8c43133fcbd5c57d03cba4b83396e8682f70a37a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ { - "alg": "SHA-512", - "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils" + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.575.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0124ac1358a096bbdcbc1735c88a3606c242abded0e43d733b072953a1ee96fad1a4a783a2ad5e225eb580f7345e3704d37a9a311ee7e87ea8c62bd06d708f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "acorn", - "version": "7.4.1", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", - "description": "ECMAScript parser", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/acorn@7.4.1", - "externalReferences": [ - { - "url": "git+https://github.com/acornjs/acorn.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.575.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eb9e89501acd305f176036e762ad1d783a034e6ab1fb59489fdfcfb63dde289d91fe2fb5e820b7a6d04800d6d469805a70da914795908d6801c33520446a5ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/acornjs/acorn", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.575.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c02e71f95eb0de446547a5fa5d520db003c3606f93cecdd6b61970f982ed8ee3ce0d435921002ab000476a1c677a417202fb1efb5f76f47c28f8268bf811d918" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/acornjs/acorn/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.575.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8800e89d7c9a5e0c2f0b84f4a91b8358274a227cfcd865f67327b3abfa2a5652fc6cf63b1c3f23c1966bbae25dab9b646898b51216cee3e7f592c66a3a264abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ { - "alg": "SHA-512", - "content": "9d0ca9d28d7f98d75b4ced4f3ba9079304ab9a0674313fe3082a4d8b06d48c6a11378765061a89b6842e0a710e2b3813570834656882a10cba4b131e6d0561f0" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/acorn" + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.575.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "930cef05f0342e820b0ce152e8157cb8e924b011eb62e94fea43577a00797999c348d89ae436c1b17ab143f1e49cd1796b8dbd496430d9a690244810bd907554" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "glob-parent", - "version": "5.1.2", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", - "author": "Gulp Team", - "description": "Extract the non-magic parent path from a glob string.", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/glob-parent@5.1.2", - "externalReferences": [ - { - "url": "git+https://github.com/gulpjs/glob-parent.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/gulpjs/glob-parent#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.575.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "613829ab7aef6015f35ba3930c1d34704efd7af42db2cfe5cf61a525782aa955c3d26ee2efb84603ccdbe3855ebcffd6c6d0da8925bb4928eebbc542046b20e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/gulpjs/glob-parent/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.575.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c507d599823ef4aa91be1598f1fc84967a5c5540415208bf1e88e2de853a58bad48eb5fdf24f771deee0283412c877fbca430b5002585b0b15e008d0da3ea78c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ { - "alg": "SHA-512", - "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/glob-parent" + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.575.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d33a6bfe5552e3607b773ac91bb1bcefb8b2b2e849fa877e44067d40df8537532699639697e773d877cf6362d7e6ae78e1cf64c34558892d1c3717e7050606" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "argparse", - "version": "1.0.10", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", - "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/argparse@1.0.10", - "externalReferences": [ - { - "url": "git+https://github.com/nodeca/argparse.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.575.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbfe4d255ecc672b0a825a89490fcef0e10b35cc0b707df192769b2fd35a82dcc1ed1341da9d405174745254decbdb120cb2f8a0298d6bffae9d8ba0956fc086" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/nodeca/argparse#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.575.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36d5c0f4e3c82aca9abecd85ee184b4ffb766438f026cbd07af8f7d68bf536999335831cece585583a6d386eeba69b1632c93928a99f88bdaa5624099decd734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/nodeca/argparse/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.575.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41cbd51fbc29be91515c600680205f41e885fe9b43d0d27e1eb73c74361f3c6845799d04a1540160da612e2db9c5eec967e5db6aa08aad444766daf87c010e27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.575.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, { - "alg": "SHA-512", - "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a5156a40b64b43dd7072e3b7ad1bcd062972bd2e1dec3423172e3712b34352d1f751210252db32b10bca8adb651099d14aa57c6d84d0f914a93b7cd12aad1fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/argparse" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "sprintf-js", - "version": "1.0.3", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3", - "author": "Alexandru Marasteanu", - "description": "JavaScript sprintf implementation", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause" - } - } - ], - "purl": "pkg:npm/sprintf-js@1.0.3", - "externalReferences": [ - { - "url": "git+https://github.com/alexei/sprintf.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/alexei/sprintf.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/alexei/sprintf.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ { - "alg": "SHA-512", - "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/sprintf-js" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/brace-expansion@1.1.11", - "externalReferences": [ - { - "url": "git://github.com/juliangruber/brace-expansion.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/%40aws-sdk/token-providers@3.575.0#packages/token-providers", + "externalReferences": [ { - "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f3433d0a109232aa9f80f6b7bd2a5736df76d95a032f4a05d1b9f2a0f5c8d595c6af1187f957770981f9a1363d26a1b727d58a465d091a19885cf10e1e4850" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/brace-expansion" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "typescript-estree", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", - "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "name": "xml-builder", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/xml-builder@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "XML builder for the AWS SDK", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "purl": "pkg:npm/%40aws-sdk/xml-builder@3.575.0#packages/xml-builder", "externalReferences": [ { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/xml-builder", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/xml-builder", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.575.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + "content": "716800c266c560d085ccfc312fbd39fa55a9b3417766f39c92e7ddd8a2a8119526b69570f7fb7151736b3f24945d29914d2461a1ab4830004d7d2b56474e376d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -156565,7 +154551,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/typescript-estree" + "value": "node_modules/@aws-sdk/xml-builder" }, { "name": "cdx:npm:package:development", @@ -156575,42 +154561,43 @@ }, { "type": "library", - "name": "eslint-config-xo-space", - "version": "0.29.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", - "author": "Sindre Sorhus", - "description": "ESLint shareable config for XO with 2-space indent", + "name": "util-waiter", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-waiter@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for client waiters for the AWS SDK", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/eslint-config-xo-space@0.29.0", + "purl": "pkg:npm/%40smithy/util-waiter@3.0.0#packages/util-waiter", "externalReferences": [ { - "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-waiter", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-waiter", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.29.0.tgz", + "url": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7a65195478e6ce5dc8d5a3b633fda0129a9afc61d74e5ecb17fbd07805f85be990214fb6932a98f7b16432749cd89f0eb28abebc2497098fc78c552614817f02" + "content": "f9f1172711832c2a2a44a5529a8d1ab86c5aa9b882a3ef28a61fb86ae79f62368dc6338b2926363315507d1ce8eb93da66fe1fafee655a0f9abbbbd2b8927fcf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -156619,7 +154606,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo-space" + "value": "node_modules/@smithy/util-waiter" }, { "name": "cdx:npm:package:development", @@ -156629,42 +154616,43 @@ }, { "type": "library", - "name": "eslint-config-xo", - "version": "0.38.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", - "author": "Sindre Sorhus", - "description": "ESLint shareable config for XO", + "name": "client-s3", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/eslint-config-xo@0.38.0", + "purl": "pkg:npm/%40aws-sdk/client-s3@3.583.0#clients/client-s3", "externalReferences": [ { - "url": "git+https://github.com/xojs/eslint-config-xo.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-s3", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/xojs/eslint-config-xo#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/xojs/eslint-config-xo/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.38.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.583.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1b68cbf95c9f91c656f06a139aa2ec131beb5acb0179d4a8690435d6fca17e50de4f772c31d055a743a7f805628eb46ebe09a459e0f0c142f9463d2a0d11caea" + "content": "a52ef09dcba04ae210f1182d44813d0f2b2d76677798c9e37e388ed62035521197932020a09cd0e231f4afee57f9e5a660761071fcbd7d44174f682a577b7d18" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -156673,183 +154661,626 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo" + "value": "node_modules/@aws-sdk/client-s3" }, { "name": "cdx:npm:package:development", "value": "true" } - ] - }, - { - "type": "library", - "name": "scope-manager", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", - "description": "TypeScript scope analyser for ESLint", - "licenses": [ - { - "license": { - "id": "MIT" - } - } ], - "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "components": [ { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.583.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cedf09ab1573e2da4344e3a943d570137d1aef74dc577780e54c5a2ea169abee5beaa1491c6e6b64576aff5c2859036cf41e20daba9842d5ef1bf2568955e4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ { - "alg": "SHA-512", - "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager" + "purl": "pkg:npm/%40aws-sdk/client-sts@3.583.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4333189e98f0d6afd758d90e00ca2c6446793f86f4ba7ece8e5b1b950b3d563b8ed885a01f3ac10602040c8032cb68e7e3fe82d4e43d78b9334110f1a1e2b04" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "types", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", - "description": "Types for the TypeScript-ESTree AST spec", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.582.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1f983f7a21073d83575bcaa942cb1bb97c21bb90897da75368379faf1815322dd6e63c25773dd83df6744760426ebf63201b1e405051833cc1dca9b2699d923" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.583.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81372a415e7cbbcc91fce52cf10e3f2cd666cb5eff5cfd56ead2a4774773ce8f689d67acb007faa52110b55f006ebf8f56be0f24035c0a5e4dcade3ae971523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.583.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c553575d70d6bc1548fc0795b52740f5256e9aac6265a11293f269527f463249ad4ca7ed7abd02c1e6a9fb5890f63f1b4403b4bcd8662246dcbdd0754b859553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ { - "alg": "SHA-512", - "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types" + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.583.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642f666f68eae811573d8b14b03dad99872796677ef4f18dc2714d9fc8e4e1a6e76b9263936c0392737cd726e4b66051e6db4df56f2e82692db8ab6f00c20309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "visitor-keys", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", - "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.582.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9063942b0e6bc8f90321807af4f8cadd289c54b4db581d3aa2e14dd96d44bea509a644063c0506cd872898ab6dde625a0937ffd647e8687c0044097a28a48ff1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.583.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d2858d83fca9b3a72d8e111e2ffa89f4121affec573fb44f0d0a85299db306459b98b2cea0c59746f97cb8a5010faa827be0c699cbbdb247d55de5d27ac11" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ { - "alg": "SHA-512", - "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + "license": { + "id": "Apache-2.0" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys" + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.583.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bfd44bcbf6d05ecd2894fb4ead1b82bf90ebc57cf8e785e4f82525ea8cf33bfaf8cace0a768f1a7527d30c77af73b388d55a89fddf6ccc786823ac2a65ccc12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.583.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d276326881b596708248f8f862d5af3ab0983e83f05069b6b15993b3e71a449feefd50f2dc58348ea063ddfc4518582789415b870d6e13ef5a80f1025f741f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "eslint-visitor-keys", - "version": "2.1.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", + "name": "sha1-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0", + "author": "AWS Crypto Tools Team", "licenses": [ { "license": { @@ -156857,30 +155288,30 @@ } } ], - "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "purl": "pkg:npm/%40aws-crypto/sha1-browser@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "url": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + "content": "349b61e5cf7dec62c7b3a9ce613cc52936d874c340ebfd5794a5609d9a1a65c43bcfb50994e823d8975b1c4f2d8982d2ddfcd734282e72defb48f19ab76ada4b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -156889,158 +155320,108 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-visitor-keys" + "value": "node_modules/@aws-crypto/sha1-browser" }, { "name": "cdx:npm:package:development", "value": "true" } - ] - }, - { - "type": "library", - "name": "typescript-estree", - "group": "@typescript-eslint", - "version": "4.33.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", - "description": "A parser that converts TypeScript source code into an ESTree compatible form", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } ], - "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", - "externalReferences": [ - { - "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, + "components": [ { - "url": "https://github.com/typescript-eslint/typescript-eslint#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/typescript-eslint/typescript-eslint/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ { - "alg": "SHA-512", - "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + "license": { + "id": "0BSD" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree" - }, - { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "eslint-scope", - "version": "5.1.1", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", - "description": "ECMAScript scope analyzer for ESLint", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause" - } - } - ], - "purl": "pkg:npm/eslint-scope@5.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/eslint/eslint-scope.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "http://github.com/eslint/eslint-scope", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/eslint/eslint-scope/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", - "type": "distribution", - "hashes": [ + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ { - "alg": "SHA-512", - "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-scope" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "estraverse", - "version": "4.3.0", - "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0", - "description": "ECMAScript JS AST traversal functions", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/region-config-resolver@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/estraverse@4.3.0", + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.577.0#packages/region-config-resolver", "externalReferences": [ { - "url": "git+ssh://git@github.com/estools/estraverse.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/estools/estraverse", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/estools/estraverse/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + "content": "e0284214008dc33ab1ff18e0df3805716f00962e91f42f797051022964ffec250cd43d0c1af91c9521f670b6ab9870a626053aa272a426ba05b56a74907860ca" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157049,7 +155430,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/estraverse" + "value": "node_modules/@aws-sdk/region-config-resolver" }, { "name": "cdx:npm:package:development", @@ -157059,42 +155440,42 @@ }, { "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "tsutils@3.21.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-node@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "0BSD" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/tslib@1.14.1", + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.577.0#packages/util-user-agent-node", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/tslib.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + "content": "5eabed1636d232dc9c653595c037bc0d15a8beea0c6c0e789e1528670554eab5bd3920fa359586479d7605418715a5b35b45a0f3ef838f5d05aca4c6d97b6a7c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157103,7 +155484,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tsutils/node_modules/tslib" + "value": "node_modules/@aws-sdk/util-user-agent-node" }, { "name": "cdx:npm:package:development", @@ -157113,11 +155494,12 @@ }, { "type": "library", - "name": "eslint-visitor-keys", - "version": "2.1.0", - "bom-ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-env@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", "licenses": [ { "license": { @@ -157125,30 +155507,30 @@ } } ], - "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.577.0#packages/credential-provider-env", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + "content": "271bb6e798f4813a0c1848aab9f3fc66d288f075bdd2538b8f02772eb7650ff34bb00634b4e41fd5f59ce77bb6f215a698d18cc660ab2f6a7ae883a030384353" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157157,7 +155539,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-utils/node_modules/eslint-visitor-keys" + "value": "node_modules/@aws-sdk/credential-provider-env" }, { "name": "cdx:npm:package:development", @@ -157167,41 +155549,43 @@ }, { "type": "library", - "name": "chalk", - "version": "2.4.2", - "bom-ref": "@babel/highlight@7.24.2|chalk@2.4.2", - "description": "Terminal string styling done right", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-process@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/chalk@2.4.2", + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.577.0#packages/credential-provider-process", "externalReferences": [ { - "url": "git+https://github.com/chalk/chalk.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/chalk/chalk#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/chalk/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + "content": "1a29fa056b4e897c488084eb27737073e6363f5b954fa86e611e0471b03f0c950f5b23b49fdcb95052dec0fbd56cb9119f5e49784a84ac12d4ac772592238ab7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157210,98 +155594,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/chalk" - } - ] - }, - { - "type": "library", - "name": "ansi-styles", - "version": "3.2.1", - "bom-ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/ansi-styles@3.2.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-styles.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-styles#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/ansi-styles/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "value": "node_modules/@aws-sdk/credential-provider-process" }, { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/ansi-styles" + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "color-convert", - "version": "1.9.3", - "bom-ref": "@babel/highlight@7.24.2|color-convert@1.9.3", - "author": "Heather Arthur", - "description": "Plain color conversion functions", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/color-convert@1.9.3", + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.577.0#packages/credential-provider-web-identity", "externalReferences": [ { - "url": "git+https://github.com/Qix-/color-convert.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/Qix-/color-convert#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Qix-/color-convert/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + "content": "6461c6351682b49266b336fd5139c2ee2ccd0ad454b6d74f94b74c921e3528f4b7daf7ddac10c7b3526ba5b6628c8b518f5c4ab8e5ec8984972c068719c2e1f1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157310,98 +155649,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/color-convert" - } - ] - }, - { - "type": "library", - "name": "color-name", - "version": "1.1.3", - "bom-ref": "@babel/highlight@7.24.2|color-name@1.1.3", - "author": "DY", - "description": "A list of color names and its values", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/color-name@1.1.3", - "externalReferences": [ - { - "url": "git+ssh://git@github.com/dfcreative/color-name.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/dfcreative/color-name", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/dfcreative/color-name/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "value": "node_modules/@aws-sdk/credential-provider-web-identity" }, { - "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/color-name" + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "escape-string-regexp", - "version": "1.0.5", - "bom-ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/token-providers@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/escape-string-regexp@1.0.5", + "purl": "pkg:npm/%40aws-sdk/token-providers@3.577.0#packages/token-providers", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + "content": "d02908669702dc3350250d610e39b66dd4b2fd78ececdcb962f4ac69c6ac18e90d7e4f85764890cba37aedb657dd96dcf4a231f8dcf86eede20de3523699679d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157410,98 +155704,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/escape-string-regexp" - } - ] - }, - { - "type": "library", - "name": "supports-color", - "version": "5.5.0", - "bom-ref": "@babel/highlight@7.24.2|supports-color@5.5.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/supports-color@5.5.0", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/supports-color.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/supports-color#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/chalk/supports-color/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "value": "node_modules/@aws-sdk/token-providers" }, { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "type": "distribution", - "hashes": [ - { - "alg": "SHA-512", - "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" - } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/supports-color" + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "has-flag", - "version": "3.0.0", - "bom-ref": "@babel/highlight@7.24.2|has-flag@3.0.0", - "author": "Sindre Sorhus", - "description": "Check if argv has a specific flag", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso-oidc@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/has-flag@3.0.0", + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.577.0#clients/client-sso-oidc", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/has-flag.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/has-flag#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/has-flag/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + "content": "9e398a48f0d6b9e59661516915c6763f77c8ebfa5d4150dad05802c986613a724b8041d921c04183502c9e455669c06e2e8a69f5756dda6fbb84eeae818d7fd6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157510,46 +155759,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/highlight/node_modules/has-flag" + "value": "node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "type-fest", - "version": "0.20.2", - "bom-ref": "globals@13.24.0|type-fest@0.20.2", - "author": "Sindre Sorhus", - "description": "A collection of essential TypeScript types", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sts@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", "licenses": [ { - "expression": "(MIT OR CC0-1.0)" + "license": { + "id": "Apache-2.0" + } } ], - "purl": "pkg:npm/type-fest@0.20.2", + "purl": "pkg:npm/%40aws-sdk/client-sts@3.577.0#clients/client-sts", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/type-fest.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/type-fest#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/type-fest/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "35ef9e138af4fe25a7a40c43f39db3dc0f8dd01b7944dfff36327045dd95147126af2c317f9bec66587847a962c65e81fb0cfff1dfa669348090dd452242372d" + "content": "e74f4a9258a6bdad575658466e94e9797de438fe8e4699b8e2dc09c431e96bd4d445b9a86b18fbbde5a59cb09b0e8af10d3adbb03821bd866c86f70bb288d5a6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157558,7 +155814,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/globals/node_modules/type-fest" + "value": "node_modules/@aws-sdk/client-sts" }, { "name": "cdx:npm:package:development", @@ -157568,42 +155824,43 @@ }, { "type": "library", - "name": "fast-levenshtein", - "version": "2.0.6", - "bom-ref": "optionator@0.9.3|fast-levenshtein@2.0.6", - "author": "Ramesh Nair", - "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "name": "core", + "group": "@aws-sdk", + "version": "3.576.0", + "bom-ref": "@aws-sdk/core@3.576.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/fast-levenshtein@2.0.6", + "purl": "pkg:npm/%40aws-sdk/core@3.576.0#packages/core", "externalReferences": [ { - "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.576.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0c25eee887e1a9c92ced364a6371f1a77cbaaa9858e522599ab58c0eb29c11148e5d641d32153d220fcf62bcf2c3fba5f63388ca1d0de0cd2d6c2e61a1d83c77" + "content": "283bc395b7a2a524c87fe7df2ad4e0d66e35f532bbb3d9994960bc6efb99f6ac7afec8d014e5c828e56acae962e839dfc466ef45cc2846e63df4e7021f537fd3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157612,52 +155869,109 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/optionator/node_modules/fast-levenshtein" + "value": "node_modules/@aws-sdk/core" }, { "name": "cdx:npm:package:development", "value": "true" } + ], + "components": [ + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } ] }, { "type": "library", - "name": "eslint-utils", - "version": "2.1.0", - "bom-ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", - "author": "Toru Nagashima", - "description": "Utilities for ESLint plugins.", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/eslint-utils@2.1.0", + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.577.0#packages/credential-provider-node", "externalReferences": [ { - "url": "git+https://github.com/mysticatea/eslint-utils.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/mysticatea/eslint-utils#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mysticatea/eslint-utils/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + "content": "7a96751ce32cad704d7337341d0a6fd15323a80129734f43500ed183781425f9fcba684c2fb03b6d79d4caa3c0f92e78ab7f7b51883595e40a7529f6dce8b041" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157666,7 +155980,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-node/node_modules/eslint-utils" + "value": "node_modules/@aws-sdk/credential-provider-node" }, { "name": "cdx:npm:package:development", @@ -157676,11 +155990,11 @@ }, { "type": "library", - "name": "eslint-visitor-keys", - "version": "1.3.0", - "bom-ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-user-agent@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { @@ -157688,30 +156002,30 @@ } } ], - "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.577.0#packages/middleware-user-agent", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + "content": "3f9e470178309a21c7a45c792443ef3a701b7e137bbfab16bfd3c142cfb3dad0bb42205c3d2d1c74947a3df57b2759f854f2b9dbf3a7acade5f55c5d43b32cd2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157720,7 +156034,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-node/node_modules/eslint-visitor-keys" + "value": "node_modules/@aws-sdk/middleware-user-agent" }, { "name": "cdx:npm:package:development", @@ -157730,42 +156044,43 @@ }, { "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-endpoints@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/minimatch@3.1.2", + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.577.0#packages/util-endpoints", "externalReferences": [ { - "url": "git://github.com/isaacs/minimatch.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/isaacs/minimatch#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minimatch/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + "content": "163b94cf529dcb8665cb6abf739f2da5da8777acfb88e754fdc698ce873c8f08001c10c16c824d40b094f615c99cf57633ca56c500f2219b28570b66bc4acfcf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157774,7 +156089,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-node/node_modules/minimatch" + "value": "node_modules/@aws-sdk/util-endpoints" }, { "name": "cdx:npm:package:development", @@ -157784,42 +156099,43 @@ }, { "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-http@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/brace-expansion@1.1.11", + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.577.0#packages/credential-provider-http", "externalReferences": [ { - "url": "git://github.com/juliangruber/brace-expansion.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/juliangruber/brace-expansion", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/brace-expansion/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + "content": "9fefb2842a7aedbf7e651184758d6385a981e44fcef90b080ce3d2b9199d69218c08e77cda850428f8085445356e4ab10ec071822116bafb5f84aeac3620d2d0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157828,7 +156144,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-node/node_modules/brace-expansion" + "value": "node_modules/@aws-sdk/credential-provider-http" }, { "name": "cdx:npm:package:development", @@ -157838,42 +156154,43 @@ }, { "type": "library", - "name": "semver", - "version": "6.3.1", - "bom-ref": "eslint-plugin-node@11.1.0|semver@6.3.1", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-ini@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/semver@6.3.1", + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.577.0#packages/credential-provider-ini", "externalReferences": [ { - "url": "git+https://github.com/npm/node-semver.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/node-semver#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/node-semver/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + "content": "abb9473edbfa06346f0a1504de6d2d21a1192b13d3699d41de52b1198b0597754b02ee4df3218250ac2e0358b37f8b9c4fe2f22ac7151aa2ba543671d5ebf79f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157882,7 +156199,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-node/node_modules/semver" + "value": "node_modules/@aws-sdk/credential-provider-ini" }, { "name": "cdx:npm:package:development", @@ -157892,42 +156209,43 @@ }, { "type": "library", - "name": "eslint-utils", - "version": "2.1.0", - "bom-ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", - "author": "Toru Nagashima", - "description": "Utilities for ESLint plugins.", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/eslint-utils@2.1.0", + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.577.0#packages/credential-provider-sso", "externalReferences": [ { - "url": "git+https://github.com/mysticatea/eslint-utils.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/mysticatea/eslint-utils#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mysticatea/eslint-utils/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + "content": "8959b9490bd2ec48194c9b116aa50e9834290503cf3dab78d9209b585bc540e2eb97ca9ec2af0e3fde21152e70da63fadb39e0798cea8499c37a5efd1d76f17b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157936,7 +156254,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-es/node_modules/eslint-utils" + "value": "node_modules/@aws-sdk/credential-provider-sso" }, { "name": "cdx:npm:package:development", @@ -157946,11 +156264,12 @@ }, { "type": "library", - "name": "eslint-visitor-keys", - "version": "1.3.0", - "bom-ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", "licenses": [ { "license": { @@ -157958,30 +156277,30 @@ } } ], - "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "purl": "pkg:npm/%40aws-sdk/client-sso@3.577.0#clients/client-sso", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + "content": "070ba3757af276593a504c8f99ec26e46a86e27910e8e5724614bf4b264fffa50a485bf6fec7f7f750a6cf484dd22b544c7d6b4785de2e59fc5c23ad6ab92bce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -157990,7 +156309,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-plugin-es/node_modules/eslint-visitor-keys" + "value": "node_modules/@aws-sdk/client-sso" }, { "name": "cdx:npm:package:development", @@ -158000,42 +156319,42 @@ }, { "type": "library", - "name": "eslint-plugin-unicorn", - "version": "36.0.0", - "bom-ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", - "author": "Sindre Sorhus", - "description": "Various awesome ESLint rules", + "name": "middleware-bucket-endpoint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/eslint-plugin-unicorn@36.0.0", + "purl": "pkg:npm/%40aws-sdk/middleware-bucket-endpoint@3.577.0#packages/middleware-bucket-endpoint", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-bucket-endpoint", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-bucket-endpoint", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-36.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c71376bd272d1969c35ba68b1259bf2ca23072b9a4ea676211c5b9e54bf992b72b55c20549632612073f870a5e9987d969c299e67a4511118dcf869386ca7500" + "content": "b70964357d95a1f33a9075f30c48893a260273db550017b971bcb1300ad15ac708b02586f666a63e10bbedecc6e17b0df5d144c157711180f90aba66ff91148b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158044,7 +156363,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif/node_modules/eslint-plugin-unicorn" + "value": "node_modules/@aws-sdk/middleware-bucket-endpoint" }, { "name": "cdx:npm:package:development", @@ -158054,42 +156373,43 @@ }, { "type": "library", - "name": "ci-info", - "version": "3.9.0", - "bom-ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", + "name": "util-arn-parser", + "group": "@aws-sdk", + "version": "3.568.0", + "bom-ref": "@aws-sdk/util-arn-parser@3.568.0", + "author": "AWS SDK for JavaScript Team", + "description": "A parser to Amazon Resource Names", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/ci-info@3.9.0", + "purl": "pkg:npm/%40aws-sdk/util-arn-parser@3.568.0#packages/util-arn-parser", "externalReferences": [ { - "url": "git+https://github.com/watson/ci-info.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-arn-parser", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/watson/ci-info", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-arn-parser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/watson/ci-info/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + "content": "5d4289596a3e28e07b7db9cf3f4fa0fe8e54964bbf5f9dedee2fe1fac3c7af9c71613249f426276d3a28f799b3c5eef15af90baec36d27c2fe327367f4836cdb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158098,7 +156418,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif/node_modules/ci-info" + "value": "node_modules/@aws-sdk/util-arn-parser" }, { "name": "cdx:npm:package:development", @@ -158108,42 +156428,42 @@ }, { "type": "library", - "name": "escape-string-regexp", - "version": "1.0.5", - "bom-ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", + "name": "middleware-expect-continue", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/escape-string-regexp@1.0.5", + "purl": "pkg:npm/%40aws-sdk/middleware-expect-continue@3.577.0#packages/middleware-expect-continue", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-expect-continue", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-expect-continue", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + "content": "e9d3e9f13bf8174a1fe2e9f9200c86eaafbe1ab46b3504383f6340301d56d153b826812ed42f0689ebdb6c32e2f3c4c52059ad2a99c70743830b3c27a1ef09b0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158152,7 +156472,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/clean-regexp/node_modules/escape-string-regexp" + "value": "node_modules/@aws-sdk/middleware-expect-continue" }, { "name": "cdx:npm:package:development", @@ -158162,11 +156482,11 @@ }, { "type": "library", - "name": "eslint-visitor-keys", - "version": "2.1.0", - "bom-ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", + "name": "middleware-flexible-checksums", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { @@ -158174,30 +156494,30 @@ } } ], - "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "purl": "pkg:npm/%40aws-sdk/middleware-flexible-checksums@3.577.0#packages/middleware-flexible-checksums", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-flexible-checksums", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + "content": "207014122a487da823c3dd8b57c48e48188217b667a9f1dcc35e0891c656dbf99fac2cb5161fe4e343284bfb774eba36b50f75ae040fc14a12801fd00a2d8eae" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158206,7 +156526,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-template-visitor/node_modules/eslint-visitor-keys" + "value": "node_modules/@aws-sdk/middleware-flexible-checksums" }, { "name": "cdx:npm:package:development", @@ -158216,11 +156536,11 @@ }, { "type": "library", - "name": "eslint-visitor-keys", - "version": "2.1.0", - "bom-ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", + "name": "crc32", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32@3.0.0", + "author": "AWS Crypto Tools Team", "licenses": [ { "license": { @@ -158228,30 +156548,30 @@ } } ], - "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "purl": "pkg:npm/%40aws-crypto/crc32@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "url": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + "content": "2334a0b2bc5472cade8d06cf5629482b2d7a9004f9d84c01eb349a23e337c712212a1e7e6a5744caf23ecfa7ab33b4c22c1d8126c16bb478e9ebfe3fb2bfb774" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158260,52 +156580,108 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys" + "value": "node_modules/@aws-crypto/crc32" }, { "name": "cdx:npm:package:development", "value": "true" } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } ] }, { "type": "library", - "name": "semver", - "version": "6.3.1", - "bom-ref": "@babel/eslint-parser@7.24.1|semver@6.3.1", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", + "name": "crc32c", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32c@3.0.0", + "author": "AWS Crypto Tools Team", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/semver@6.3.1", + "purl": "pkg:npm/%40aws-crypto/crc32c@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/node-semver.git", + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/node-semver#readme", + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32c", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/node-semver/issues", + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "url": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + "content": "10d34f3cc6a79a7549e014d794e8c0803ed446275b0339d446a0f42af7d1132738a36d033d874495d5357f9710ec96e3d0224948f68c224ffd66c85d077db5d3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158314,51 +156690,108 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/eslint-parser/node_modules/semver" + "value": "node_modules/@aws-crypto/crc32c" }, { "name": "cdx:npm:package:development", "value": "true" } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } ] }, { "type": "library", - "name": "eslint-scope", - "version": "5.1.1", - "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", - "description": "ECMAScript scope analyzer for ESLint", + "name": "middleware-location-constraint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/eslint-scope@5.1.1", + "purl": "pkg:npm/%40aws-sdk/middleware-location-constraint@3.577.0#packages/middleware-location-constraint", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-scope.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-location-constraint", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "http://github.com/eslint/eslint-scope", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-location-constraint", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-scope/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + "content": "0ca3d30f60f6b3eb76414a3f21762d55affa527f0667ea61493064c81371da47d9cf82b06af865fc92734aa4d5dc67c25e455d16eec2ae3a17ec167aa9679350" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158367,7 +156800,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope" + "value": "node_modules/@aws-sdk/middleware-location-constraint" }, { "name": "cdx:npm:package:development", @@ -158377,41 +156810,42 @@ }, { "type": "library", - "name": "estraverse", - "version": "4.3.0", - "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0", - "description": "ECMAScript JS AST traversal functions", + "name": "middleware-sdk-s3", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/estraverse@4.3.0", + "purl": "pkg:npm/%40aws-sdk/middleware-sdk-s3@3.582.0#packages/middleware-sdk-s3", "externalReferences": [ { - "url": "git+ssh://git@github.com/estools/estraverse.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-sdk-s3", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/estools/estraverse", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-sdk-s3", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/estools/estraverse/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.582.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + "content": "3c9a90a4ba0b6993d12382ff5d951e1e477d5152bc540afd477f30bf4a2c19e313bf30fd8b0cf39342364ed06a15d6bfe71101d58815619c32aaf992b579adb6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158420,7 +156854,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse" + "value": "node_modules/@aws-sdk/middleware-sdk-s3" }, { "name": "cdx:npm:package:development", @@ -158430,42 +156864,42 @@ }, { "type": "library", - "name": "find-up", - "version": "4.1.0", - "bom-ref": "read-pkg-up@7.0.1|find-up@4.1.0", - "author": "Sindre Sorhus", - "description": "Find a file or directory by walking up parent directories", + "name": "middleware-signing", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-signing@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/find-up@4.1.0", + "purl": "pkg:npm/%40aws-sdk/middleware-signing@3.577.0#packages/middleware-signing", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/find-up.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-signing", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/find-up#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-signing", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/find-up/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + "content": "412fdd877f8da996d7b58d23fc367cebba203f8d77a46e5c146a81cbd39e3a10ccb2895cc0bad06e2d12d1ceb6d5d73540dabe7abf5f7da32167f68f9325d722" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158474,7 +156908,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg-up/node_modules/find-up" + "value": "node_modules/@aws-sdk/middleware-signing" }, { "name": "cdx:npm:package:development", @@ -158484,42 +156918,42 @@ }, { "type": "library", - "name": "locate-path", - "version": "5.0.0", - "bom-ref": "read-pkg-up@7.0.1|locate-path@5.0.0", - "author": "Sindre Sorhus", - "description": "Get the first path that exists on disk of multiple paths", + "name": "middleware-ssec", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-ssec@3.577.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/locate-path@5.0.0", + "purl": "pkg:npm/%40aws-sdk/middleware-ssec@3.577.0#packages/middleware-ssec", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/locate-path.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-ssec", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/locate-path#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-ssec", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/locate-path/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.577.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + "content": "8b604f251faba7cc6645520673487590344570cd89f469c296aaa973e34b4a399869d95c83898f9258accfd1f3c0555c44f2795dc19fdd4e0162ce46f3e893ca" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158528,7 +156962,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg-up/node_modules/locate-path" + "value": "node_modules/@aws-sdk/middleware-ssec" }, { "name": "cdx:npm:package:development", @@ -158538,42 +156972,42 @@ }, { "type": "library", - "name": "p-locate", - "version": "4.1.0", - "bom-ref": "read-pkg-up@7.0.1|p-locate@4.1.0", - "author": "Sindre Sorhus", - "description": "Get the first fulfilled promise that satisfies the provided testing function", + "name": "signature-v4-multi-region", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/p-locate@4.1.0", + "purl": "pkg:npm/%40aws-sdk/signature-v4-multi-region@3.582.0#packages/signature-v4-multi-region", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/p-locate.git", + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/signature-v4-multi-region", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/p-locate#readme", + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/signature-v4-multi-region", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/p-locate/issues", + "url": "https://github.com/aws/aws-sdk-js-v3/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "url": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.582.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + "content": "68508e8e336a117da5f95f108ce5b2e45ec2b47202fd1958741bafdcda3acb19fea4cbd55147bacdd324db21d672e755a475accaf719cc050196200f7852cfb1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158582,7 +157016,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg-up/node_modules/p-locate" + "value": "node_modules/@aws-sdk/signature-v4-multi-region" }, { "name": "cdx:npm:package:development", @@ -158592,42 +157026,42 @@ }, { "type": "library", - "name": "p-limit", - "version": "2.3.0", - "bom-ref": "read-pkg-up@7.0.1|p-limit@2.3.0", - "author": "Sindre Sorhus", - "description": "Run multiple promise-returning & async functions with limited concurrency", + "name": "eventstream-serde-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/p-limit@2.3.0", + "purl": "pkg:npm/%40smithy/eventstream-serde-browser@3.0.0#packages/eventstream-serde-browser", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/p-limit.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-browser", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/p-limit#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-browser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/p-limit/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + "content": "341ec01623cde0dc4ffd80809ebbd8475f33dbf66c887885ed5b46df482c84ef466c5ac86f5ac2f1ea78346a49496af3e8feb8ba13d77a8e0cd14b022e764aab" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158636,7 +157070,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg-up/node_modules/p-limit" + "value": "node_modules/@smithy/eventstream-serde-browser" }, { "name": "cdx:npm:package:development", @@ -158646,40 +157080,42 @@ }, { "type": "library", - "name": "type-fest", - "version": "0.8.1", - "bom-ref": "read-pkg-up@7.0.1|type-fest@0.8.1", - "author": "Sindre Sorhus", - "description": "A collection of essential TypeScript types", + "name": "eventstream-serde-universal", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-universal@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { - "expression": "(MIT OR CC0-1.0)" + "license": { + "id": "Apache-2.0" + } } ], - "purl": "pkg:npm/type-fest@0.8.1", + "purl": "pkg:npm/%40smithy/eventstream-serde-universal@3.0.0#packages/eventstream-serde-universal", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/type-fest.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-universal", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/type-fest#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-universal", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/type-fest/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e1d6f3233aaf8ed822339af0d64e6b107b4100d2a676e7611b20446a3374d5f13285a00886ca0a372eb2efe20df7721fa45b7063d8aa8bb903fb1c0a850b0d24" + "content": "1cd15f4a19a8b5619e0285b8ba33fc99e57d0596af72999eac36cf2239096f129b37c46c51ca5143fd8ec88c563715cd1f6196080c6e481ef29e62062654370f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158688,7 +157124,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg-up/node_modules/type-fest" + "value": "node_modules/@smithy/eventstream-serde-universal" }, { "name": "cdx:npm:package:development", @@ -158698,42 +157134,42 @@ }, { "type": "library", - "name": "ajv", - "version": "6.12.6", - "bom-ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", - "author": "Evgeny Poberezkin", - "description": "Another JSON Schema Validator", + "name": "eventstream-codec", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-codec@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/ajv@6.12.6", + "purl": "pkg:npm/%40smithy/eventstream-codec@3.0.0#packages/eventstream-codec", "externalReferences": [ { - "url": "git+https://github.com/ajv-validator/ajv.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-codec", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/ajv-validator/ajv", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-codec", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ajv-validator/ajv/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "url": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + "content": "3d4b72100d0e8a4e7449a105099d163d5b45f6dcffb5ecded9f0e9b56e9645797e46b11e9c7f146c48ee74ecfc89a922325de513794256a61fd98fb39cbf1015" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158742,7 +157178,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@eslint/eslintrc/node_modules/ajv" + "value": "node_modules/@smithy/eventstream-codec" }, { "name": "cdx:npm:package:development", @@ -158752,42 +157188,42 @@ }, { "type": "library", - "name": "json-schema-traverse", - "version": "0.4.1", - "bom-ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", - "author": "Evgeny Poberezkin", - "description": "Traverse JSON Schema passing each schema object to callback", + "name": "eventstream-serde-config-resolver", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/json-schema-traverse@0.4.1", + "purl": "pkg:npm/%40smithy/eventstream-serde-config-resolver@3.0.0#packages/eventstream-serde-config-resolver", "externalReferences": [ { - "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-config-resolver", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-config-resolver", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + "content": "454406def4372d7ee97aaa8701b99aca182b1796938a53e76b38a7692185d4fd3eb60337bef21158f1e694b233daa16a07d2ea148c5d8adc5cf0ed99ea9b2b47" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158796,7 +157232,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse" + "value": "node_modules/@smithy/eventstream-serde-config-resolver" }, { "name": "cdx:npm:package:development", @@ -158806,42 +157242,42 @@ }, { "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", + "name": "eventstream-serde-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-node@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/minimatch@3.1.2", + "purl": "pkg:npm/%40smithy/eventstream-serde-node@3.0.0#packages/eventstream-serde-node", "externalReferences": [ { - "url": "git://github.com/isaacs/minimatch.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/isaacs/minimatch#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minimatch/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + "content": "6da44f74c0433011316572140283c69bf867b62c63b7f545a54ebe5660b2898258cd11d1c68688d4c37ee5713e8484bc009d860872cc14420e2f3abdc71d4481" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158850,7 +157286,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@eslint/eslintrc/node_modules/minimatch" + "value": "node_modules/@smithy/eventstream-serde-node" }, { "name": "cdx:npm:package:development", @@ -158860,42 +157296,42 @@ }, { "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", + "name": "hash-blob-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-blob-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/brace-expansion@1.1.11", + "purl": "pkg:npm/%40smithy/hash-blob-browser@3.0.0#packages/hash-blob-browser", "externalReferences": [ { - "url": "git://github.com/juliangruber/brace-expansion.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-blob-browser", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/juliangruber/brace-expansion", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-blob-browser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/brace-expansion/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "url": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + "content": "fd66e9760f9bc09bd6ee5c51ff3a5601cd7fc7f62472a82eb85d9b033909aef5eb899bb5be6f2bf8f51d138b32895c1083b3cf476757a62dc22c16fda910da55" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158904,7 +157340,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@eslint/eslintrc/node_modules/brace-expansion" + "value": "node_modules/@smithy/hash-blob-browser" }, { "name": "cdx:npm:package:development", @@ -158914,42 +157350,42 @@ }, { "type": "library", - "name": "normalize-package-data", - "version": "2.5.0", - "bom-ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", - "author": "Meryn Stol", - "description": "Normalizes data that can be found in package.json files.", + "name": "chunked-blob-reader-native", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader-native@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/normalize-package-data@2.5.0", + "purl": "pkg:npm/%40smithy/chunked-blob-reader-native@3.0.0#packages/chunked-blob-reader-native", "externalReferences": [ { - "url": "git://github.com/npm/normalize-package-data.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader-native", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/normalize-package-data#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader-native", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/normalize-package-data/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78" + "content": "5439290985bea5e4ae338cc98a9e560dfaaf836328fdef32c4ebf7545d66d75cbb07c28a30a545b666560dedfa16f93cac6b96acf6471d767bad1eee339c96ca" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -158958,7 +157394,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg/node_modules/normalize-package-data" + "value": "node_modules/@smithy/chunked-blob-reader-native" }, { "name": "cdx:npm:package:development", @@ -158968,42 +157404,42 @@ }, { "type": "library", - "name": "hosted-git-info", - "version": "2.8.9", - "bom-ref": "read-pkg@5.2.0|hosted-git-info@2.8.9", - "author": "Rebecca Turner", - "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "name": "chunked-blob-reader", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/hosted-git-info@2.8.9", + "purl": "pkg:npm/%40smithy/chunked-blob-reader@3.0.0#packages/chunked-blob-reader", "externalReferences": [ { - "url": "git+https://github.com/npm/hosted-git-info.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/hosted-git-info", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/hosted-git-info/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9b120301bf4bb26e83a0e27bc47fb9f97e32d4b53fe078b9d0bf42e6c22cc0adc9cd42d2e1bc24d45be374182f611e1bcd3e2db944220b5e451367f91db2ef63" + "content": "b1b9d4442c231748124e81a5b0188099dd654429929fbda7bbd6b17c9bb9948c7a4541201eee86c1331ba827614128b43ee99c9b9bc5c6c8bd5d65dbda64daa0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159012,7 +157448,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg/node_modules/hosted-git-info" + "value": "node_modules/@smithy/chunked-blob-reader" }, { "name": "cdx:npm:package:development", @@ -159022,42 +157458,42 @@ }, { "type": "library", - "name": "semver", - "version": "5.7.2", - "bom-ref": "read-pkg@5.2.0|semver@5.7.2", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", + "name": "hash-stream-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-stream-node@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { "license": { - "id": "ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/semver@5.7.2", + "purl": "pkg:npm/%40smithy/hash-stream-node@3.0.0#packages/hash-stream-node", "externalReferences": [ { - "url": "git+https://github.com/npm/node-semver.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-stream-node", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/node-semver#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-stream-node", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/node-semver/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "url": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "701ce79d0f4a8c9a94ebb079d91302eb908c6ab2b6eb4d161676e471a8b05aadf1cbfe61685265b21827a63a2f31527e1df7f8f5df06127d1bf3b0b9a43435d2" + "content": "2748bb75ef848170c41884c3e1fc7398c5fc0b208d1134c84579718cc88d52fbeeefa5e7dc6277d70411f39ca794f936c08d65aa892700525a0f57e234395b20" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159066,7 +157502,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg/node_modules/semver" + "value": "node_modules/@smithy/hash-stream-node" }, { "name": "cdx:npm:package:development", @@ -159076,40 +157512,42 @@ }, { "type": "library", - "name": "type-fest", - "version": "0.6.0", - "bom-ref": "read-pkg@5.2.0|type-fest@0.6.0", - "author": "Sindre Sorhus", - "description": "A collection of essential TypeScript types", + "name": "md5-js", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/md5-js@3.0.0", + "author": "AWS SDK for JavaScript Team", "licenses": [ { - "expression": "(MIT OR CC0-1.0)" + "license": { + "id": "Apache-2.0" + } } ], - "purl": "pkg:npm/type-fest@0.6.0", + "purl": "pkg:npm/%40smithy/md5-js@3.0.0#packages/md5-js", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/type-fest.git", + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/md5-js", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/type-fest#readme", + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/md5-js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/type-fest/issues", + "url": "https://github.com/awslabs/smithy-typescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", + "url": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "abe301f27611d4a0cbae0af81b9c9e99fb69302eff40ba959dd06610476ace6363e5d70538ee0ea3caa5c1913750b4f7f998a6d45f0aab87019e290d86508c96" + "content": "4e6d2faeb5738e50fee910904f1ec3dcbb39f12dc5507d590ad53530887fa9099a3a8d47f6530dd9ab3a0a291c13081ab6d9c0f5251149da09276ef131c11f30" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159118,7 +157556,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/read-pkg/node_modules/type-fest" + "value": "node_modules/@smithy/md5-js" }, { "name": "cdx:npm:package:development", @@ -159128,43 +157566,43 @@ }, { "type": "library", - "name": "jsesc", - "version": "0.5.0", - "bom-ref": "regjsparser@0.10.0|jsesc@0.5.0", - "author": "Mathias Bynens", - "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.", + "name": "confirm", + "group": "@inquirer", + "version": "3.1.9", + "bom-ref": "@inquirer/confirm@3.1.9", + "author": "Simon Boudrias", + "description": "Inquirer confirm prompt", "licenses": [ { "license": { - "id": "MIT", - "url": "http://mths.be/mit" + "id": "MIT" } } ], - "purl": "pkg:npm/jsesc@0.5.0", + "purl": "pkg:npm/%40inquirer/confirm@3.1.9", "externalReferences": [ { - "url": "git+https://github.com/mathiasbynens/jsesc.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://mths.be/jsesc", + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/confirm/README.md", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mathiasbynens/jsesc/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "url": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-3.1.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b99cf952707bbb84fd2efc2616a5e28bba594a8b9a44fa2b1ace70868d48a7b54ed30c5a9c5bc12fb1a433a7531e5817fa384102945eb5a5a99c369b39e4dc9c" + "content": "505d3d69e8f10a2e17aa6e8dfe32408855c0ad77e2f5a979d8015a483fb6b881e78591ad77577a94819344c3e8b95489c5b1848be1e43964986a2118ffeb3353" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159173,7 +157611,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/regjsparser/node_modules/jsesc" + "value": "node_modules/@inquirer/confirm" }, { "name": "cdx:npm:package:development", @@ -159183,42 +157621,43 @@ }, { "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", + "name": "core", + "group": "@inquirer", + "version": "8.2.2", + "bom-ref": "@inquirer/core@8.2.2", + "author": "Simon Boudrias", + "description": "Core Inquirer prompt API", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minimatch@3.1.2", + "purl": "pkg:npm/%40inquirer/core@8.2.2", "externalReferences": [ { - "url": "git://github.com/isaacs/minimatch.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minimatch#readme", + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/core/README.md", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minimatch/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "url": "https://registry.npmjs.org/@inquirer/core/-/core-8.2.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + "content": "2bc4ae357e398c41655f7101269bbd07e4b64c84b330f197648b89f4c13ddb84aa6dd5ba3ede9f2242af5e0ee638438a2785b1a50b318f45137dc2ff038df85b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159227,21 +157666,240 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@humanwhocodes/config-array/node_modules/minimatch" + "value": "node_modules/@inquirer/core" }, { "name": "cdx:npm:package:development", "value": "true" } + ], + "components": [ + { + "type": "library", + "name": "cli-width", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|cli-width@4.1.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@4.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2eb99778fdd9b64b0e469aacba6c6c8d34d7b5aadf51a66c6f78b48eeca720b139d4ed15dfb30fbf6ee9161a8d5a6e006230089cd3af2b72566c3b82169a6c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/cli-width" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "@inquirer/core@8.2.2|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6afb09421c9dfbaf3480a5f21bfb107349d7682eab0643ce7f21d87056fdfa1764a90911f5b767909d003198647b4a1eb0fa883be985149f8874173b9acb7820" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "6.2.0", + "bom-ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afa94f7011b1657948732984bbb227c43321756d0a0f1a4b82814b720b9ab3109a27f48e219c0835ab4af4a63fb5ff99ae5cb038a5345038f70135d405fc495c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } ] }, { "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", + "name": "figures", + "group": "@inquirer", + "version": "1.0.3", + "bom-ref": "@inquirer/figures@1.0.3", + "author": "Simon Boudrias", + "description": "Vendored version of figures, for CJS compatibility", "licenses": [ { "license": { @@ -159249,30 +157907,30 @@ } } ], - "purl": "pkg:npm/brace-expansion@1.1.11", + "purl": "pkg:npm/%40inquirer/figures@1.0.3", "externalReferences": [ { - "url": "git://github.com/juliangruber/brace-expansion.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/juliangruber/brace-expansion", + "url": "https://github.com/SBoudrias/Inquirer.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/juliangruber/brace-expansion/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "url": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + "content": "12b5d7cc434c1f9a49b79fecb175740df59466a972f271b37f451c055f714e73fe2b27df1369aacb120c06b67c8a341c9369d4d13426e34110079dd8adec961f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159281,7 +157939,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion" + "value": "node_modules/@inquirer/figures" }, { "name": "cdx:npm:package:development", @@ -159291,11 +157949,12 @@ }, { "type": "library", - "name": "debug", - "version": "2.6.9", - "bom-ref": "body-parser@1.20.2|debug@2.6.9", - "author": "TJ Holowaychuk", - "description": "small debugging utility", + "name": "type", + "group": "@inquirer", + "version": "1.3.3", + "bom-ref": "@inquirer/type@1.3.3", + "author": "Simon Boudrias", + "description": "Inquirer core TS types", "licenses": [ { "license": { @@ -159303,30 +157962,30 @@ } } ], - "purl": "pkg:npm/debug@2.6.9", + "purl": "pkg:npm/%40inquirer/type@1.3.3", "externalReferences": [ { - "url": "git://github.com/visionmedia/debug.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/visionmedia/debug#readme", + "url": "https://github.com/SBoudrias/Inquirer.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/visionmedia/debug/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "url": "https://registry.npmjs.org/@inquirer/type/-/type-1.3.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + "content": "c5352dd0dba5ca55f6effcccc74e1961aaff92bd6b69a8854d5bd0e5f7a58d0b22020766d163e3e12ef7ff27b47dbb2587ed7942b22e0ef7c25d37a4ee9318e4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159335,16 +157994,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/body-parser/node_modules/debug" + "value": "node_modules/@inquirer/type" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ms", - "version": "2.0.0", - "bom-ref": "body-parser@1.20.2|ms@2.0.0", - "description": "Tiny milisecond conversion utility", + "name": "mute-stream", + "group": "@types", + "version": "0.0.4", + "bom-ref": "@types/mute-stream@0.0.4", + "description": "TypeScript definitions for mute-stream", "licenses": [ { "license": { @@ -159352,30 +158016,30 @@ } } ], - "purl": "pkg:npm/ms@2.0.0", + "purl": "pkg:npm/%40types/mute-stream@0.0.4#types/mute-stream", "externalReferences": [ { - "url": "git+https://github.com/zeit/ms.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mute-stream", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/zeit/ms#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mute-stream", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zeit/ms/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "url": "https://registry.npmjs.org/@types/mute-stream/-/mute-stream-0.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + "content": "08f33d9f3ac23cf24740d03d91e1fd09591523e591e6431afbb5c4b398dc190d15a001a72efdb8db0f252158300047e6138a2e7c945a4dcf4f34b425d22a00a3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159384,17 +158048,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/body-parser/node_modules/ms" + "value": "node_modules/@types/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "debug", - "version": "2.6.9", - "bom-ref": "finalhandler@1.2.0|debug@2.6.9", - "author": "TJ Holowaychuk", - "description": "small debugging utility", + "name": "wrap-ansi", + "group": "@types", + "version": "3.0.0", + "bom-ref": "@types/wrap-ansi@3.0.0", + "description": "TypeScript definitions for wrap-ansi", "licenses": [ { "license": { @@ -159402,30 +158070,30 @@ } } ], - "purl": "pkg:npm/debug@2.6.9", + "purl": "pkg:npm/%40types/wrap-ansi@3.0.0", "externalReferences": [ { - "url": "git://github.com/visionmedia/debug.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/visionmedia/debug#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/visionmedia/debug/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "url": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + "content": "96d229c7e90cee0fcc2d165f91b2fb12c0848dfcc271270ba64837ede5c4b71e649ab00a0644c9c1dd462008c348bf304e933a1f39f960ee2949bf75044c2ed6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159434,16 +158102,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/finalhandler/node_modules/debug" + "value": "node_modules/@types/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ms", - "version": "2.0.0", - "bom-ref": "finalhandler@1.2.0|ms@2.0.0", - "description": "Tiny milisecond conversion utility", + "name": "input", + "group": "@inquirer", + "version": "2.1.9", + "bom-ref": "@inquirer/input@2.1.9", + "author": "Simon Boudrias", + "description": "Inquirer input text prompt", "licenses": [ { "license": { @@ -159451,30 +158125,30 @@ } } ], - "purl": "pkg:npm/ms@2.0.0", + "purl": "pkg:npm/%40inquirer/input@2.1.9", "externalReferences": [ { - "url": "git+https://github.com/zeit/ms.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/zeit/ms#readme", + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/input/README.md", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zeit/ms/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "url": "https://registry.npmjs.org/@inquirer/input/-/input-2.1.9.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + "content": "d714c21e621ee3cc7d086d7ef209401eb555747f907d887380151b832a15a69e4da2f9d78117234a7fd236e95ea717fd3a5f070eade0cf0dd908052bfa1d44ca" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159483,17 +158157,22 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/finalhandler/node_modules/ms" + "value": "node_modules/@inquirer/input" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "debug", - "version": "2.6.9", - "bom-ref": "send@0.18.0|debug@2.6.9", - "author": "TJ Holowaychuk", - "description": "small debugging utility", + "name": "select", + "group": "@inquirer", + "version": "2.3.5", + "bom-ref": "@inquirer/select@2.3.5", + "author": "Simon Boudrias", + "description": "Inquirer select/list prompt", "licenses": [ { "license": { @@ -159501,30 +158180,30 @@ } } ], - "purl": "pkg:npm/debug@2.6.9", + "purl": "pkg:npm/%40inquirer/select@2.3.5", "externalReferences": [ { - "url": "git://github.com/visionmedia/debug.git", + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/visionmedia/debug#readme", + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/select/README.md", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/visionmedia/debug/issues", + "url": "https://github.com/SBoudrias/Inquirer.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "url": "https://registry.npmjs.org/@inquirer/select/-/select-2.3.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + "content": "232063f2812d99d1761b1e052533ed1326b7ecc0fab342804cab07aa09a5b3494aec441b8584aaf46425705aba701b187bf720434160d9c0aa6183e2fddfdfc5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159533,48 +158212,53 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/send/node_modules/debug" + "value": "node_modules/@inquirer/select" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "which", - "version": "1.3.1", - "bom-ref": "global-prefix@1.0.2|which@1.3.1", - "author": "Isaac Z. Schlueter", - "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "name": "plugin-not-found", + "group": "@oclif", + "version": "3.2.1", + "bom-ref": "@oclif/plugin-not-found@3.2.1", + "author": "Salesforce", + "description": "\"did you mean\" for oclif", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/which@1.3.1", + "purl": "pkg:npm/%40oclif/plugin-not-found@3.2.1", "externalReferences": [ { - "url": "git://github.com/isaacs/node-which.git", + "url": "git+https://github.com/oclif/plugin-not-found.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-which#readme", + "url": "https://github.com/oclif/plugin-not-found", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-which/issues", + "url": "https://github.com/oclif/plugin-not-found/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "url": "https://registry.npmjs.org/@oclif/plugin-not-found/-/plugin-not-found-3.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221" + "content": "63617258b133893ae0750c1de0bb59718bf754e31e0e15b4a56ea16c4d2eddf25dc6cf1fdc92df38724f77c14fa2b56dda576c6a3e3371751603abcc40a78a6d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159583,48 +158267,109 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/global-prefix/node_modules/which" + "value": "node_modules/@oclif/plugin-not-found" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.15", + "bom-ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a66b5993c211e31a8fae5994a6365c83f7712363ad317a5911177dae63d41ac4bd7ad6bb80504a1545eac5f2f9132ff48cbf2c266b1b987b120039a5d27b4c3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "rxjs", - "version": "7.8.1", - "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", - "author": "Ben Lesh", - "description": "Reactive Extensions for modern JavaScript", + "name": "fast-levenshtein", + "version": "3.0.0", + "bom-ref": "fast-levenshtein@3.0.0", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/rxjs@7.8.1", + "purl": "pkg:npm/fast-levenshtein@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/reactivex/rxjs.git", + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://rxjs.dev", + "url": "https://github.com/hiddentao/fast-levenshtein#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/ReactiveX/RxJS/issues", + "url": "https://github.com/hiddentao/fast-levenshtein/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "000dd3563fb40368ae2284245842bfb6a16306ada3fba3cee98d3325cbf32c016110520edc72f4be5b3d8562e77196c001b2b499aafba19e15d3bf48fea3ccc6" + "content": "84a28d6a39b8eae3664e58474b2664993a00739eae649c18abbcab722663a8ec6795f4301110d02661cf529ee6d66f70c7cbe039ef08682299e4abf69350dd09" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159633,17 +158378,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/inquirer-file-tree-selection-prompt/node_modules/rxjs" + "value": "node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "escape-string-regexp", - "version": "1.0.5", - "bom-ref": "figures@3.2.0|escape-string-regexp@1.0.5", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", "licenses": [ { "license": { @@ -159651,30 +158400,30 @@ } } ], - "purl": "pkg:npm/escape-string-regexp@1.0.5", + "purl": "pkg:npm/fastest-levenshtein@1.0.16", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "url": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + "content": "7919c2b534ed199169402c2126250ebb13d05915d52980e7d1bd8f7877d72fafd98b9dd22c0cc01df5615562b602bc82fd61f4e6419fc611483ef4c5d125d0ce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159683,17 +158432,20 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/figures/node_modules/escape-string-regexp" + "value": "node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "tmp", - "version": "0.0.33", - "bom-ref": "external-editor@3.1.0|tmp@0.0.33", - "author": "KARASZI István", - "description": "Temporary file and directory creator", + "name": "async-retry", + "version": "1.3.3", + "bom-ref": "async-retry@1.3.3", + "description": "Retrying made simple, easy and async", "licenses": [ { "license": { @@ -159701,30 +158453,30 @@ } } ], - "purl": "pkg:npm/tmp@0.0.33", + "purl": "pkg:npm/async-retry@1.3.3", "externalReferences": [ { - "url": "git+https://github.com/raszi/node-tmp.git", + "url": "git+https://github.com/vercel/async-retry.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://github.com/raszi/node-tmp", + "url": "https://github.com/vercel/async-retry#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/raszi/node-tmp/issues", + "url": "https://github.com/vercel/async-retry/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", + "url": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b" + "content": "c1faff8ecb70f71362ff4b5e307ad15bb76ccf72ede4046160d6767b0a5a76785a229e666c02e13803fe10076c0bbb7867ac2ab0356ff7e5ba826d4393d984cb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159733,48 +158485,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/external-editor/node_modules/tmp" + "value": "node_modules/async-retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "rxjs@6.6.7|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", + "name": "retry", + "version": "0.13.1", + "bom-ref": "retry@0.13.1", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", "licenses": [ { "license": { - "id": "0BSD" + "id": "MIT" } } ], - "purl": "pkg:npm/tslib@1.14.1", + "purl": "pkg:npm/retry@0.13.1", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/tslib.git", + "url": "git://github.com/tim-kos/node-retry.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://github.com/tim-kos/node-retry", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/tim-kos/node-retry/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "url": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + "content": "5d0050dc8f16d4281ed127a1fba8238f4dcb6e64455aea2cce02bda280a9c1822b861a0ef34a5fab8714914e439249f07ce7c5b5e470959e7a3d838663215676" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159783,17 +158539,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/rxjs/node_modules/tslib" + "value": "node_modules/retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ci-info", - "version": "3.9.0", - "bom-ref": "@jest/core@29.7.0|ci-info@3.9.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", + "name": "change-case", + "version": "4.1.2", + "bom-ref": "change-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform a string between `camelCase`, `PascalCase`, `Capital Case`, `snake_case`, `param-case`, `CONSTANT_CASE` and others", "licenses": [ { "license": { @@ -159801,30 +158561,30 @@ } } ], - "purl": "pkg:npm/ci-info@3.9.0", + "purl": "pkg:npm/change-case@4.1.2", "externalReferences": [ { - "url": "git+https://github.com/watson/ci-info.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/watson/ci-info", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/watson/ci-info/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "url": "https://registry.npmjs.org/change-case/-/change-case-4.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + "content": "6d2c58db0b3d3adbe220b1b51226392bb34dc64aa0fc99d19c5c4bb4a43de896af8a22318bb76332b49dd04093f400be96db429666302b0e77056a4e31b968ec" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159833,17 +158593,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@jest/core/node_modules/ci-info" + "value": "node_modules/change-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ci-info", - "version": "3.9.0", - "bom-ref": "jest-config@29.7.0|ci-info@3.9.0", - "author": "Thomas Watson Steen", - "description": "Get details about the current Continuous Integration environment", + "name": "camel-case", + "version": "4.1.2", + "bom-ref": "camel-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform into a string with the separator denoted by the next word capitalized", "licenses": [ { "license": { @@ -159851,30 +158615,30 @@ } } ], - "purl": "pkg:npm/ci-info@3.9.0", + "purl": "pkg:npm/camel-case@4.1.2", "externalReferences": [ { - "url": "git+https://github.com/watson/ci-info.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/watson/ci-info", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/watson/ci-info/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "url": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + "content": "83119606b4d3d49b8cc7a47ea393d35cc9949e19d5ccb43d48dbad0f862a2ad23a6a9f3deedded28409895aea0096124a655e794dc9b124660f46106c4a14283" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159883,17 +158647,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-config/node_modules/ci-info" + "value": "node_modules/camel-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "camelcase", - "version": "6.3.0", - "bom-ref": "jest-validate@29.7.0|camelcase@6.3.0", - "author": "Sindre Sorhus", - "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "name": "pascal-case", + "version": "3.1.2", + "bom-ref": "pascal-case@3.1.2", + "author": "Blake Embrey", + "description": "Transform into a string of capitalized words without separators", "licenses": [ { "license": { @@ -159901,30 +158669,30 @@ } } ], - "purl": "pkg:npm/camelcase@6.3.0", + "purl": "pkg:npm/pascal-case@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/camelcase.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/camelcase#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/pascal-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/camelcase/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "url": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + "content": "b969464f76129caf71dc140968e75c670ae757a84fa5df23147d7fb9ca622d13e1ff6cc2549292d7d1381af607bda09c0029f77e85d9d1c2c1f56af1d4a19ee6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159933,17 +158701,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jest-validate/node_modules/camelcase" + "value": "node_modules/pascal-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "find-up", - "version": "4.1.0", - "bom-ref": "pkg-dir@4.2.0|find-up@4.1.0", - "author": "Sindre Sorhus", - "description": "Find a file or directory by walking up parent directories", + "name": "capital-case", + "version": "1.0.4", + "bom-ref": "capital-case@1.0.4", + "author": "Blake Embrey", + "description": "Transform into a space separated string with each word capitalized", "licenses": [ { "license": { @@ -159951,30 +158723,30 @@ } } ], - "purl": "pkg:npm/find-up@4.1.0", + "purl": "pkg:npm/capital-case@1.0.4", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/find-up.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/find-up#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/capital-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/find-up/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "url": "https://registry.npmjs.org/capital-case/-/capital-case-1.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + "content": "76cdfb5bc0b2b478309e11864e2f3ca5c3f2475e6aa0d90ea58c2630c7e75aaa9680449aa4baaf0f1ea1b858d0e6fa964a7d99d3ad7bdd7340ecbb4c39e521d4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -159983,17 +158755,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pkg-dir/node_modules/find-up" + "value": "node_modules/capital-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "locate-path", - "version": "5.0.0", - "bom-ref": "pkg-dir@4.2.0|locate-path@5.0.0", - "author": "Sindre Sorhus", - "description": "Get the first path that exists on disk of multiple paths", + "name": "no-case", + "version": "3.0.4", + "bom-ref": "no-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with spaces between words", "licenses": [ { "license": { @@ -160001,30 +158777,30 @@ } } ], - "purl": "pkg:npm/locate-path@5.0.0", + "purl": "pkg:npm/no-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/locate-path.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/locate-path#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/no-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/locate-path/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "url": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + "content": "7e000dde318087e468c541991d348e2c922a51cdb09a8070191e2d6e93402a69a8bc5a16ab439d4646f456495d45e3b66b68814ff384ba51bd5d251cd74af7ce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160033,17 +158809,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pkg-dir/node_modules/locate-path" + "value": "node_modules/no-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "p-locate", - "version": "4.1.0", - "bom-ref": "pkg-dir@4.2.0|p-locate@4.1.0", - "author": "Sindre Sorhus", - "description": "Get the first fulfilled promise that satisfies the provided testing function", + "name": "upper-case-first", + "version": "2.0.2", + "bom-ref": "upper-case-first@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string with the first character in upper cased", "licenses": [ { "license": { @@ -160051,30 +158831,30 @@ } } ], - "purl": "pkg:npm/p-locate@4.1.0", + "purl": "pkg:npm/upper-case-first@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/p-locate.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/p-locate#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case-first#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/p-locate/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "url": "https://registry.npmjs.org/upper-case-first/-/upper-case-first-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + "content": "e75e29a581c168ac1f2512bfa4d0ba73f3b17c66b4a1b4a7025d74eaef7b11dd08eb6e4d8a7f7a2808edb5917a64bdded572eda61c67aab3a2f625a09bebbe6e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160083,17 +158863,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pkg-dir/node_modules/p-locate" + "value": "node_modules/upper-case-first" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "p-limit", - "version": "2.3.0", - "bom-ref": "pkg-dir@4.2.0|p-limit@2.3.0", - "author": "Sindre Sorhus", - "description": "Run multiple promise-returning & async functions with limited concurrency", + "name": "constant-case", + "version": "3.0.4", + "bom-ref": "constant-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into upper case string with an underscore between words", "licenses": [ { "license": { @@ -160101,30 +158885,30 @@ } } ], - "purl": "pkg:npm/p-limit@2.3.0", + "purl": "pkg:npm/constant-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/p-limit.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/p-limit#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/constant-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/p-limit/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "url": "https://registry.npmjs.org/constant-case/-/constant-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + "content": "236852062ed5becec112e243af97431dfcdbfd1ba3dc5caf17287b28b8a5023350c3705efb182a5010365bab1c54470bd212f57703d1b48a843d55022a44acc9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160133,17 +158917,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/pkg-dir/node_modules/p-limit" + "value": "node_modules/constant-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "resolve-from", - "version": "5.0.0", - "bom-ref": "resolve-cwd@3.0.0|resolve-from@5.0.0", - "author": "Sindre Sorhus", - "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "name": "upper-case", + "version": "2.0.2", + "bom-ref": "upper-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to upper case", "licenses": [ { "license": { @@ -160151,30 +158939,30 @@ } } ], - "purl": "pkg:npm/resolve-from@5.0.0", + "purl": "pkg:npm/upper-case@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/resolve-from.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/resolve-from#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/resolve-from/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "url": "https://registry.npmjs.org/upper-case/-/upper-case-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + "content": "2a07600c626dd93a6ec015088e01ba973c36196151096f5091f922bf40f1a871cb6091e6b6675420a71977cac78054a3a29553970ea08330a6d5bf0c150c2292" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160183,16 +158971,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/resolve-cwd/node_modules/resolve-from" + "value": "node_modules/upper-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "chalk", - "version": "2.4.2", - "bom-ref": "json-colorizer@2.2.2|chalk@2.4.2", - "description": "Terminal string styling done right", + "name": "dot-case", + "version": "3.0.4", + "bom-ref": "dot-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with a period between words", "licenses": [ { "license": { @@ -160200,30 +158993,30 @@ } } ], - "purl": "pkg:npm/chalk@2.4.2", + "purl": "pkg:npm/dot-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/chalk/chalk.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/chalk#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/dot-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/chalk/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "url": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + "content": "2afe672a587ac91addac6bf1789d9ee72d9e454a64528b085b8036012dfccf04b3dbbceeeee7c3c103e2e4986cdd702518d7ad9776e69c6850b0cb642899e3df" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160232,17 +159025,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/chalk" + "value": "node_modules/dot-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "ansi-styles", - "version": "3.2.1", - "bom-ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", + "name": "header-case", + "version": "2.0.4", + "bom-ref": "header-case@2.0.4", + "author": "Blake Embrey", + "description": "Transform into a dash separated string of capitalized words", "licenses": [ { "license": { @@ -160250,30 +159047,30 @@ } } ], - "purl": "pkg:npm/ansi-styles@3.2.1", + "purl": "pkg:npm/header-case@2.0.4", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-styles.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/ansi-styles#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/header-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-styles/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "url": "https://registry.npmjs.org/header-case/-/header-case-2.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + "content": "1ffbee9394c4115670ad1d25a76cde77d382a35b8020b325c742443200b6eabcf2249dcdd6fe979301c75c941d4767684a37063cce8e28f6282607f4a65275d5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160282,17 +159079,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/ansi-styles" + "value": "node_modules/header-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "color-convert", - "version": "1.9.3", - "bom-ref": "json-colorizer@2.2.2|color-convert@1.9.3", - "author": "Heather Arthur", - "description": "Plain color conversion functions", + "name": "lower-case", + "version": "2.0.2", + "bom-ref": "lower-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to lower case", "licenses": [ { "license": { @@ -160300,30 +159101,30 @@ } } ], - "purl": "pkg:npm/color-convert@1.9.3", + "purl": "pkg:npm/lower-case@2.0.2", "externalReferences": [ { - "url": "git+https://github.com/Qix-/color-convert.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Qix-/color-convert#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/lower-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Qix-/color-convert/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "url": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + "content": "edf9b797734017d59f37a5b724e99fe5daf0a55a97efc26da0627703a5b46ba66795d338d70d9f5790f8f74a6c2854e931db3c4c9b1efde1cb145b0d1c78c782" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160332,17 +159133,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/color-convert" + "value": "node_modules/lower-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "color-name", - "version": "1.1.3", - "bom-ref": "json-colorizer@2.2.2|color-name@1.1.3", - "author": "DY", - "description": "A list of color names and its values", + "name": "param-case", + "version": "3.0.4", + "bom-ref": "param-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with dashes between words", "licenses": [ { "license": { @@ -160350,30 +159155,30 @@ } } ], - "purl": "pkg:npm/color-name@1.1.3", + "purl": "pkg:npm/param-case@3.0.4", "externalReferences": [ { - "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/dfcreative/color-name", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/param-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dfcreative/color-name/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "url": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + "content": "457963ef3098a2445ea96a4e3c7f68622bd4ccb619e6f00f21f1260933558a8b02efc17c1741fdcbb4fb806d8cdfdca682eb7117981c144b326504a987d069dc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160382,17 +159187,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/color-name" + "value": "node_modules/param-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "escape-string-regexp", - "version": "1.0.5", - "bom-ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5", - "author": "Sindre Sorhus", - "description": "Escape RegExp special characters", + "name": "path-case", + "version": "3.0.4", + "bom-ref": "path-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with slashes between words", "licenses": [ { "license": { @@ -160400,30 +159209,30 @@ } } ], - "purl": "pkg:npm/escape-string-regexp@1.0.5", + "purl": "pkg:npm/path-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/path-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "url": "https://registry.npmjs.org/path-case/-/path-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + "content": "a8ee2a0858d7a954eb71b3edfe141f85343e56116ca8d28e3edcad80d2a42b14a8129dd73d443c39b16e78fca5388a24e608e7ebdaf2f178942f10b0a2ddd67e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160432,17 +159241,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/escape-string-regexp" + "value": "node_modules/path-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "supports-color", - "version": "5.5.0", - "bom-ref": "json-colorizer@2.2.2|supports-color@5.5.0", - "author": "Sindre Sorhus", - "description": "Detect whether a terminal supports color", + "name": "sentence-case", + "version": "3.0.4", + "bom-ref": "sentence-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case with spaces between words, then capitalize the string", "licenses": [ { "license": { @@ -160450,30 +159263,30 @@ } } ], - "purl": "pkg:npm/supports-color@5.5.0", + "purl": "pkg:npm/sentence-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/chalk/supports-color.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/supports-color#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/sentence-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/supports-color/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "url": "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + "content": "f0b4b42489da40c091a10ed8532b40a3fc54bb95b65e74315761c8ffab8ce94ec22134b546a3c496bdf457ab88ab230a33d949191545cb9ff80aecdc8b13584a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160482,17 +159295,21 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/supports-color" + "value": "node_modules/sentence-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { - "type": "library", - "name": "has-flag", - "version": "3.0.0", - "bom-ref": "json-colorizer@2.2.2|has-flag@3.0.0", - "author": "Sindre Sorhus", - "description": "Check if argv has a specific flag", + "type": "library", + "name": "snake-case", + "version": "3.0.4", + "bom-ref": "snake-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with underscores between words", "licenses": [ { "license": { @@ -160500,30 +159317,30 @@ } } ], - "purl": "pkg:npm/has-flag@3.0.0", + "purl": "pkg:npm/snake-case@3.0.4", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/has-flag.git", + "url": "git://github.com/blakeembrey/change-case.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/has-flag#readme", + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/snake-case#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/has-flag/issues", + "url": "https://github.com/blakeembrey/change-case/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "url": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + "content": "2c03a1e33f3d6c642f97da457cd17c575e3a8bba3bfc2a853dbab36203fec98cc3203792f4768d16d5c005a9915be010cc454e0dcbc4efd96327ef1af5849d32" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160532,47 +159349,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/json-colorizer/node_modules/has-flag" + "value": "node_modules/snake-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "diff", - "version": "5.2.0", - "bom-ref": "markdown-diff@2.0.0|diff@5.2.0", - "description": "A JavaScript text diff implementation.", + "name": "find-yarn-workspace-root", + "version": "2.0.0", + "bom-ref": "find-yarn-workspace-root@2.0.0", + "author": "Square, Inc.", + "description": "Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/diff@5.2.0", + "purl": "pkg:npm/find-yarn-workspace-root@2.0.0", "externalReferences": [ { - "url": "git://github.com/kpdecker/jsdiff.git", + "url": "git+https://github.com/square/find-yarn-workspace-root.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kpdecker/jsdiff#readme", + "url": "https://github.com/square/find-yarn-workspace-root#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/kpdecker/jsdiff/issues", + "url": "https://github.com/square/find-yarn-workspace-root/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "url": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + "content": "d483276e3b782b3b107e7867ccd77cc141205d9e3823365a6669cb631ec3e45665687b76816db40ab8bc43e13fb79b488f8f9ea5306e6fed99c6efef3482f3a9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160581,47 +159403,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/markdown-diff/node_modules/diff" + "value": "node_modules/find-yarn-workspace-root" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "diff", - "version": "5.0.0", - "bom-ref": "mocha@10.4.0|diff@5.0.0", - "description": "A javascript text diff implementation.", + "name": "github-slugger", + "version": "2.0.0", + "bom-ref": "github-slugger@2.0.0", + "author": "Dan Flettre", + "description": "Generate a slug just like GitHub does for markdown headings.", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "ISC" } } ], - "purl": "pkg:npm/diff@5.0.0", + "purl": "pkg:npm/github-slugger@2.0.0", "externalReferences": [ { - "url": "git://github.com/kpdecker/jsdiff.git", + "url": "git+https://github.com/Flet/github-slugger.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kpdecker/jsdiff#readme", + "url": "https://github.com/Flet/github-slugger", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/kpdecker/jsdiff/issues", + "url": "https://github.com/Flet/github-slugger/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "url": "https://registry.npmjs.org/github-slugger/-/github-slugger-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "fd54c2aef9b9674246b72fc158796387e0408b0dc82beda3f3b34632ef0dc1cfdfe3c5a80c00b7f79ba898ef590f5d7b64e05a1e6917d68c8bbe454cfda213df" + "content": "21a390f69b98b63ae4abb63462097d283667adffda89425852955ff3dcbc9326b16d11bb6354ab5ff8daba6aeff35bdceb5fa488c7a6a6e8ec337630ef0e6a73" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160630,7 +159457,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mocha/node_modules/diff" + "value": "node_modules/github-slugger" }, { "name": "cdx:npm:package:development", @@ -160640,42 +159467,41 @@ }, { "type": "library", - "name": "glob", - "version": "8.1.0", - "bom-ref": "mocha@10.4.0|glob@8.1.0", - "author": "Isaac Z. Schlueter", - "description": "a little globber", + "name": "got", + "version": "13.0.0", + "bom-ref": "got@13.0.0", + "description": "Human-friendly and powerful HTTP request library for Node.js", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/glob@8.1.0", + "purl": "pkg:npm/got@13.0.0", "externalReferences": [ { - "url": "git://github.com/isaacs/node-glob.git", + "url": "git+https://github.com/sindresorhus/got.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-glob#readme", + "url": "https://github.com/sindresorhus/got#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-glob/issues", + "url": "https://github.com/sindresorhus/got/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "url": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "afc869123890118945d9053475fddd4be9f1c5222b797412d6a461309334439343751dfce82ee36fb1f0c2877c1608ae7b1fa4d0616381fb75f32bf19b95e809" + "content": "5df064d42c4e39270370cafd3b5c8a90d690cb2f3ae4d6d8b3e17b76be07d0b64c5600a3d8b7b9f64e8fa9b347a0be53a1e684414621e9ceb231f55c73a489c4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160684,7 +159510,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mocha/node_modules/glob" + "value": "node_modules/got" }, { "name": "cdx:npm:package:development", @@ -160694,42 +159520,43 @@ }, { "type": "library", - "name": "minimatch", - "version": "5.0.1", - "bom-ref": "mocha@10.4.0|minimatch@5.0.1", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", + "name": "is", + "group": "@sindresorhus", + "version": "5.6.0", + "bom-ref": "@sindresorhus/is@5.6.0", + "author": "Sindre Sorhus", + "description": "Type check values", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minimatch@5.0.1", + "purl": "pkg:npm/%40sindresorhus/is@5.6.0", "externalReferences": [ { - "url": "git://github.com/isaacs/minimatch.git", + "url": "git+https://github.com/sindresorhus/is.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minimatch#readme", + "url": "https://github.com/sindresorhus/is#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minimatch/issues", + "url": "https://github.com/sindresorhus/is/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "url": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9cb0f12054728436e5cf7a8cbaaf92a116440f8fa6889fc6fad743ae39249119e302c05ec5e1a98232c44346e5272eeb1e14766fddeb8506384afc96bbdbf4de" + "content": "4d5eedf062986895ac9f4d2d143a81c3cf94aa6afc0347d1535b6f4d08726731afd2c24219140bdc918c237b9cb8aa375c865d50ff8bc7bfe0876b7795ec32ee" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160738,7 +159565,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mocha/node_modules/minimatch" + "value": "node_modules/@sindresorhus/is" }, { "name": "cdx:npm:package:development", @@ -160748,11 +159575,12 @@ }, { "type": "library", - "name": "log-symbols", - "version": "4.1.0", - "bom-ref": "mocha@10.4.0|log-symbols@4.1.0", - "author": "Sindre Sorhus", - "description": "Colored symbols for various log levels. Example: `✔︎ Success`", + "name": "http-timer", + "group": "@szmarczak", + "version": "5.0.1", + "bom-ref": "@szmarczak/http-timer@5.0.1", + "author": "Szymon Marczak", + "description": "Timings for HTTP requests", "licenses": [ { "license": { @@ -160760,30 +159588,30 @@ } } ], - "purl": "pkg:npm/log-symbols@4.1.0", + "purl": "pkg:npm/%40szmarczak/http-timer@5.0.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/log-symbols.git", + "url": "git+https://github.com/szmarczak/http-timer.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/log-symbols#readme", + "url": "https://github.com/szmarczak/http-timer#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/log-symbols/issues", + "url": "https://github.com/szmarczak/http-timer/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "url": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f173efa4003cbb285fb5ebbca48bd0c69259ed2618769522bd9a46cbab05b01b8a458ffbad019abde75e07c68af99932ababa930554bffd016eaf398cdf4722e" + "content": "f8f9905f43e20183cc79561edb7ecb24062f38c616d63dab1f96113b24b76f8093549ba6df81df46f2af033a331c0406d139c735d51f63d9c2794c9102cfff73" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160792,7 +159620,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mocha/node_modules/log-symbols" + "value": "node_modules/@szmarczak/http-timer" }, { "name": "cdx:npm:package:development", @@ -160802,10 +159630,11 @@ }, { "type": "library", - "name": "yargs", - "version": "16.2.0", - "bom-ref": "mocha@10.4.0|yargs@16.2.0", - "description": "yargs the modern, pirate-themed, successor to optimist.", + "name": "defer-to-connect", + "version": "2.0.1", + "bom-ref": "defer-to-connect@2.0.1", + "author": "Szymon Marczak", + "description": "The safe way to handle the `connect` socket event", "licenses": [ { "license": { @@ -160813,30 +159642,30 @@ } } ], - "purl": "pkg:npm/yargs@16.2.0", + "purl": "pkg:npm/defer-to-connect@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/yargs/yargs.git", + "url": "git+https://github.com/szmarczak/defer-to-connect.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://yargs.js.org/", + "url": "https://github.com/szmarczak/defer-to-connect#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/yargs/issues", + "url": "https://github.com/szmarczak/defer-to-connect/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "url": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0f59afbed0c6d0be5fb7f8c65a42e91b5fa6d1e43139f681bd33442eb6968f6db049550c5b1654bd880961c2a1ea3186224245847e0864f4214784caa5cf2607" + "content": "e2dbedb5ea571b555a606ad189b93913025dd6de2e76e9d239531d2d200bea621dd62c78dfca0fc0f64c00b638d450a28ee90ed4bd2dc0d706b1dcd2edd1e00e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160845,7 +159674,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mocha/node_modules/yargs" + "value": "node_modules/defer-to-connect" }, { "name": "cdx:npm:package:development", @@ -160855,42 +159684,42 @@ }, { "type": "library", - "name": "cliui", - "version": "7.0.4", - "bom-ref": "mocha@10.4.0|cliui@7.0.4", - "author": "Ben Coe", - "description": "easily create complex multi-column command-line-interfaces", + "name": "cacheable-lookup", + "version": "7.0.0", + "bom-ref": "cacheable-lookup@7.0.0", + "author": "Szymon Marczak", + "description": "A cacheable dns.lookup(…) that respects TTL", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/cliui@7.0.4", + "purl": "pkg:npm/cacheable-lookup@7.0.0", "externalReferences": [ { - "url": "git+https://github.com/yargs/cliui.git", + "url": "git+https://github.com/szmarczak/cacheable-lookup.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/yargs/cliui#readme", + "url": "https://github.com/szmarczak/cacheable-lookup#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/cliui/issues", + "url": "https://github.com/szmarczak/cacheable-lookup/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "url": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "39c444ebc70eb15317a7562fa2797f7f39103b28cb4aeffc6e13c37d0b747b4fc46f6f374ca3f6d05b3632aa0fb2bf52c00e7de6b44203e40ccd873d9c13fe25" + "content": "faa272c78c622ab6bc999adcc218cc44c5210f9351d51f1eb0f933218c57f7a26279c168c405c5bb3fc6a51dfe7afe0f13559a9878a9efcc15d2f7263d0b69f3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160899,7 +159728,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/mocha/node_modules/cliui" + "value": "node_modules/cacheable-lookup" }, { "name": "cdx:npm:package:development", @@ -160909,11 +159738,11 @@ }, { "type": "library", - "name": "camelcase", - "version": "6.3.0", - "bom-ref": "yargs-unparser@2.0.0|camelcase@6.3.0", - "author": "Sindre Sorhus", - "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "name": "cacheable-request", + "version": "10.2.14", + "bom-ref": "cacheable-request@10.2.14", + "author": "Jared Wray", + "description": "Wrap native HTTP requests with RFC compliant cache support", "licenses": [ { "license": { @@ -160921,30 +159750,30 @@ } } ], - "purl": "pkg:npm/camelcase@6.3.0", + "purl": "pkg:npm/cacheable-request@10.2.14", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/camelcase.git", + "url": "git+https://github.com/jaredwray/cacheable.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/camelcase#readme", + "url": "https://github.com/jaredwray/cacheable#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/camelcase/issues", + "url": "https://github.com/jaredwray/cacheable/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "url": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + "content": "ce40d3e56005e21492a148327e0e6d148c73f1740afb6e56fd32d5a2325330a05ac5ebcb041b4bc60aa0b80b95401f0f556efd1558c7714f8627db556c367d99" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -160953,7 +159782,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/yargs-unparser/node_modules/camelcase" + "value": "node_modules/cacheable-request" }, { "name": "cdx:npm:package:development", @@ -160963,12 +159792,11 @@ }, { "type": "library", - "name": "core", - "group": "@oclif", - "version": "4.0.1", - "bom-ref": "oclif@4.13.0|@oclif/core@4.0.1", - "author": "Salesforce", - "description": "base library for oclif CLIs", + "name": "http-cache-semantics", + "group": "@types", + "version": "4.0.4", + "bom-ref": "@types/http-cache-semantics@4.0.4", + "description": "TypeScript definitions for http-cache-semantics", "licenses": [ { "license": { @@ -160976,30 +159804,30 @@ } } ], - "purl": "pkg:npm/%40oclif/core@4.0.1", + "purl": "pkg:npm/%40types/http-cache-semantics@4.0.4#types/http-cache-semantics", "externalReferences": [ { - "url": "git+https://github.com/oclif/core.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-cache-semantics", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/oclif/core", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-cache-semantics", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/core/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "url": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + "content": "d66d1b20555cede256caf7bd4b4467b9181c42a17f5dde50b1464065e405af5437fe9f495a841012a995cbe0cf4cda465f086021eb40a1817c252737deadbd40" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161008,7 +159836,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/oclif/node_modules/@oclif/core" + "value": "node_modules/@types/http-cache-semantics" }, { "name": "cdx:npm:package:development", @@ -161018,42 +159846,42 @@ }, { "type": "library", - "name": "debug", - "version": "4.3.5", - "bom-ref": "oclif@4.13.0|debug@4.3.5", - "author": "Josh Junon", - "description": "Lightweight debugging utility for Node.js and the browser", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/debug@4.3.5", + "purl": "pkg:npm/http-cache-semantics@4.1.1", "externalReferences": [ { - "url": "git://github.com/debug-js/debug.git", + "url": "git+https://github.com/kornelski/http-cache-semantics.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/debug-js/debug#readme", + "url": "https://github.com/kornelski/http-cache-semantics#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/debug-js/debug/issues", + "url": "https://github.com/kornelski/http-cache-semantics/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "url": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + "content": "7abdbde4328f56c57cda3e64c351a3b7e00303f5d81ec6a397cd9c18d406d9eca83e4be05215fe9c32327a5ce12166dbb173f7f441dc23a979b58b36158a985d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161062,7 +159890,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/oclif/node_modules/debug" + "value": "node_modules/http-cache-semantics" }, { "name": "cdx:npm:package:development", @@ -161072,10 +159900,11 @@ }, { "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "oclif@4.13.0|ms@2.1.2", - "description": "Tiny millisecond conversion utility", + "name": "mimic-response", + "version": "4.0.0", + "bom-ref": "mimic-response@4.0.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", "licenses": [ { "license": { @@ -161083,30 +159912,30 @@ } } ], - "purl": "pkg:npm/ms@2.1.2", + "purl": "pkg:npm/mimic-response@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/zeit/ms.git", + "url": "git+https://github.com/sindresorhus/mimic-response.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/zeit/ms#readme", + "url": "https://github.com/sindresorhus/mimic-response#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zeit/ms/issues", + "url": "https://github.com/sindresorhus/mimic-response/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + "content": "7b92121fdc4c614d03ceb4fe8e5f2adb37bd0fa79606da3e23c08da5ef9523e2b627f17f9373dd91d4ddcf8c2f1951f8353a68f8d4584d522e31010c31cb0baa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161115,7 +159944,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/oclif/node_modules/ms" + "value": "node_modules/mimic-response" }, { "name": "cdx:npm:package:development", @@ -161125,11 +159954,11 @@ }, { "type": "library", - "name": "fs-extra", - "version": "8.1.0", - "bom-ref": "oclif@4.13.0|fs-extra@8.1.0", - "author": "JP Richardson", - "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", + "name": "normalize-url", + "version": "8.0.1", + "bom-ref": "normalize-url@8.0.1", + "author": "Sindre Sorhus", + "description": "Normalize a URL", "licenses": [ { "license": { @@ -161137,30 +159966,30 @@ } } ], - "purl": "pkg:npm/fs-extra@8.1.0", + "purl": "pkg:npm/normalize-url@8.0.1", "externalReferences": [ { - "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "url": "git+https://github.com/sindresorhus/normalize-url.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jprichardson/node-fs-extra", + "url": "https://github.com/sindresorhus/normalize-url#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jprichardson/node-fs-extra/issues", + "url": "https://github.com/sindresorhus/normalize-url/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "url": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ca1950800ea69ce25428eb11505b2025d402be42a1733f2d9591b91c141f45e619cb8e8ec0b718f9989ad26b5d1ec3a8f72fe13fe0b130dd1353d431a0eb46e2" + "content": "20ef50be350c5b13d0421b3ad283aed740919160a26734949336d718657da6f8989757d761cbe4cd0e6357dcfc63aba7f0046855197812d0babfa8cda9b689ff" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161169,7 +159998,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/oclif/node_modules/fs-extra" + "value": "node_modules/normalize-url" }, { "name": "cdx:npm:package:development", @@ -161179,11 +160008,11 @@ }, { "type": "library", - "name": "jsonfile", - "version": "4.0.0", - "bom-ref": "oclif@4.13.0|jsonfile@4.0.0", - "author": "JP Richardson", - "description": "Easily read/write JSON files.", + "name": "responselike", + "version": "3.0.0", + "bom-ref": "responselike@3.0.0", + "author": "Luke Childs", + "description": "A response-like object for mocking a Node.js HTTP response stream", "licenses": [ { "license": { @@ -161191,30 +160020,30 @@ } } ], - "purl": "pkg:npm/jsonfile@4.0.0", + "purl": "pkg:npm/responselike@3.0.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "url": "git+https://github.com/sindresorhus/responselike.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jprichardson/node-jsonfile#readme", + "url": "https://github.com/sindresorhus/responselike#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jprichardson/node-jsonfile/issues", + "url": "https://github.com/sindresorhus/responselike/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "url": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9ba175477cfc8e395fda29901d2d907b3e6c8ca590cdbbae86e27f14a605459bcf1373ee1dc48c559cdfb0b84654e91f776d286cbe5258405ec394a196ab8dc6" + "content": "e34c87c5b35c976fabcd7bd9b9592b62885ab61b122653135caaf21b9cbcb9c887bf5fb10cb1d0a608c6eb82543bd9eb12ada318b1fa219f01719cb0df0af07a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161223,7 +160052,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/oclif/node_modules/jsonfile" + "value": "node_modules/responselike" }, { "name": "cdx:npm:package:development", @@ -161233,11 +160062,11 @@ }, { "type": "library", - "name": "universalify", - "version": "0.1.2", - "bom-ref": "oclif@4.13.0|universalify@0.1.2", - "author": "Ryan Zimmerman", - "description": "Make a callback- or promise-based function support both promises and callbacks.", + "name": "decompress-response", + "version": "6.0.0", + "bom-ref": "decompress-response@6.0.0", + "author": "Sindre Sorhus", + "description": "Decompress a HTTP response if needed", "licenses": [ { "license": { @@ -161245,30 +160074,30 @@ } } ], - "purl": "pkg:npm/universalify@0.1.2", + "purl": "pkg:npm/decompress-response@6.0.0", "externalReferences": [ { - "url": "git+https://github.com/RyanZim/universalify.git", + "url": "git+https://github.com/sindresorhus/decompress-response.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/RyanZim/universalify#readme", + "url": "https://github.com/sindresorhus/decompress-response#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/RyanZim/universalify/issues", + "url": "https://github.com/sindresorhus/decompress-response/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "url": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ac125e2390970259b2d6957eeb5ed607d27add4e9771acc71c5d9fd9d6c98b1e17ce9505d114b765b8f414620e080bdae4ffddfc604e61a002435c3ed1acd492" + "content": "696df9c9933a05bff8a099599dc307d8b0a866d2574d1c444b5eef137868462a305369161da24a1644810e70d1f9c9bd27ef5085799113221fbf4a638bd7a309" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161277,53 +160106,108 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/oclif/node_modules/universalify" + "value": "node_modules/decompress-response" }, { "name": "cdx:npm:package:development", "value": "true" } + ], + "components": [ + { + "type": "library", + "name": "mimic-response", + "version": "3.1.0", + "bom-ref": "decompress-response@6.0.0|mimic-response@3.1.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf4c9623ee050ebaf0792f199ade048f91dd266932d79f8bd9ee96827dfe88ae5f5b36fa4f77e1345ab6f8c79345bd3ae1ce96af837fc2fd03cd04e33731cd19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response/node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } ] }, { "type": "library", - "name": "client-sso-oidc", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "name": "form-data-encoder", + "version": "2.1.4", + "bom-ref": "form-data-encoder@2.1.4", + "author": "Nick K.", + "description": "Encode FormData content into the multipart/form-data format", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.575.0#clients/client-sso-oidc", + "purl": "pkg:npm/form-data-encoder@2.1.4", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "url": "git+https://github.com/octet-stream/form-data-encoder.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "url": "https://github.com/octet-stream/form-data-encoder#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/octet-stream/form-data-encoder/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.575.0.tgz", + "url": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "602b2d55a5b9b40bd7b3ebf82d1f603403be55184839b8e4d7f92709d550e504114debed550b5d25678dac3658a38013a343871b2a860a3e59d3d4d632ff9ed5" + "content": "c8361280d32b6aabe7c621173b8862f3cf986716870ba40acdbe4df388910930de44eed900ba62aff95599ffee5d4867c14af63b81d4f2cfe7eb1fb23634241f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161332,7 +160216,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso-oidc" + "value": "node_modules/form-data-encoder" }, { "name": "cdx:npm:package:development", @@ -161342,43 +160226,42 @@ }, { "type": "library", - "name": "client-sts", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "name": "http2-wrapper", + "version": "2.2.1", + "bom-ref": "http2-wrapper@2.2.1", + "author": "Szymon Marczak", + "description": "HTTP2 client, just with the familiar `https` API", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sts@3.575.0#clients/client-sts", + "purl": "pkg:npm/http2-wrapper@2.2.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "url": "git+https://github.com/szmarczak/http2-wrapper.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "url": "https://github.com/szmarczak/http2-wrapper#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/szmarczak/http2-wrapper/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.575.0.tgz", + "url": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f0cad3e09d9d462b247f42453062f954d06a3ef73a8a035adb5f0b1812731d798bb26d567c60869dc7bce11ed4d944abf283ce7a7bb45f34822ef310c996c659" + "content": "5799d5c353c03a07c8dcb99e6a3d84c667a0edf7a78e1454833d653d27b3cb50ae84f61b810b5b423e2365f10010c95a2febeea6cbe18ea0b28f3a1bd32c6c99" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161387,7 +160270,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sts" + "value": "node_modules/http2-wrapper" }, { "name": "cdx:npm:package:development", @@ -161397,43 +160280,42 @@ }, { "type": "library", - "name": "core", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "Core functions & classes shared by multiple AWS SDK clients", + "name": "resolve-alpn", + "version": "1.2.1", + "bom-ref": "resolve-alpn@1.2.1", + "author": "Szymon Marczak", + "description": "Detects the ALPN protocol", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/core@3.575.0#packages/core", + "purl": "pkg:npm/resolve-alpn@1.2.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "url": "git+https://github.com/szmarczak/resolve-alpn.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "url": "https://github.com/szmarczak/resolve-alpn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/szmarczak/resolve-alpn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.575.0.tgz", + "url": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d75ed4fa44248b65e829c6107dea6695170dc67eab10b1a538538143c6762530571181db956da47b4ebb6b408b9b1170a7fcc25ae73b2068ddde29f7c78437ae" + "content": "d1ad45e25ef7fd915939a9099d0dc5be4276fa0493416cffaf6284e4e7436344f13e6e61e0692a91659f338ed3ec7b1b9ceb5c255105e1ea42572eaeed0dcafa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161442,7 +160324,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/core" + "value": "node_modules/resolve-alpn" }, { "name": "cdx:npm:package:development", @@ -161452,43 +160334,42 @@ }, { "type": "library", - "name": "credential-provider-node", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "name": "lowercase-keys", + "version": "3.0.0", + "bom-ref": "lowercase-keys@3.0.0", + "author": "Sindre Sorhus", + "description": "Lowercase the keys of an object", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.575.0#packages/credential-provider-node", + "purl": "pkg:npm/lowercase-keys@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "url": "git+https://github.com/sindresorhus/lowercase-keys.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "url": "https://github.com/sindresorhus/lowercase-keys#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/lowercase-keys/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.575.0.tgz", + "url": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ac474da6a5b68c47399306dffecf57432c0c2d094890c8ee08aea6c3db05d8e5511871959e1fba7a1ff5245c7c2a3f9e539d5cb627d0eca6877bc746728f0761" + "content": "a33082ea0750fa0957390b2f78a0f462c0f2f034901630d3cf8cf2cc41cd579f893f90fad8b99f0d9ea8d5cc9c171f68b86f78d0ce5d13c0bc0937b0763d9859" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161497,7 +160378,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-node" + "value": "node_modules/lowercase-keys" }, { "name": "cdx:npm:package:development", @@ -161507,42 +160388,42 @@ }, { "type": "library", - "name": "middleware-host-header", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", - "author": "AWS SDK for JavaScript Team", + "name": "p-cancelable", + "version": "3.0.0", + "bom-ref": "p-cancelable@3.0.0", + "author": "Sindre Sorhus", + "description": "Create a promise that can be canceled", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.575.0#packages/middleware-host-header", + "purl": "pkg:npm/p-cancelable@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "url": "git+https://github.com/sindresorhus/p-cancelable.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "url": "https://github.com/sindresorhus/p-cancelable#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/p-cancelable/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.575.0.tgz", + "url": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5765a82c1897342738ac8599b7a15470fe13374564d3603d3cf0815a44dfc8ea288aa7eaf96666663451069c25d7ee54b2f011b25aca585d15ce178c4573c92d" + "content": "9a55604773c6bb3968d0c993764e1c5ea5d69704032e738d4c083ab26eb65e430912247137718bdd27df918beac289db90905cac8ed4befe5987dca3be7da253" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161551,7 +160432,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-host-header" + "value": "node_modules/p-cancelable" }, { "name": "cdx:npm:package:development", @@ -161561,42 +160442,42 @@ }, { "type": "library", - "name": "middleware-logger", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", - "author": "AWS SDK for JavaScript Team", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "BSD-2-Clause" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.575.0#packages/middleware-logger", + "purl": "pkg:npm/normalize-package-data@6.0.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "url": "git+https://github.com/npm/normalize-package-data.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "url": "https://github.com/npm/normalize-package-data#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/npm/normalize-package-data/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.575.0.tgz", + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ec310ac7d675d4c69ac9eec57e162d0bcae36ccfcf70570c3b637840401fca97205828fec3882c784d8e19d7c01fd3850e815ce98bcba79defd7abdb3e3cd04a" + "content": "eabbc27de456f8e1196a0001e2530b48db933586562d5b4a71c2bbf554937ffff24d8e5538281ca47f343be6d92bc35ea6cee95277791be425320d7257fda265" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161605,7 +160486,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-logger" + "value": "node_modules/normalize-package-data" }, { "name": "cdx:npm:package:development", @@ -161615,11 +160496,10 @@ }, { "type": "library", - "name": "middleware-recursion-detection", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", - "author": "AWS SDK for JavaScript Team", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", "licenses": [ { "license": { @@ -161627,30 +160507,30 @@ } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.575.0#packages/middleware-recursion-detection", + "purl": "pkg:npm/spdx-correct@3.2.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "url": "git+https://github.com/jslicense/spdx-correct.js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "url": "https://github.com/jslicense/spdx-correct.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/jslicense/spdx-correct.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.575.0.tgz", + "url": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ae2f3d95d445a2ce8a64319a92758f4b65cf3bdaabfa067bfa63daa14f189123355b8b8aaad9d448e37273e3b7085189aea45eb861e146ad25d9295dd1b8f03b" + "content": "90df5d25bbe7c921d42c896e0c7cb7d961d152edce83b07db1b63bb6c14b72d42422a9cc877844ad881d3234d8baa99c5d7fa52b94f596752ddc6ef336cc2664" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161659,7 +160539,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-recursion-detection" + "value": "node_modules/spdx-correct" }, { "name": "cdx:npm:package:development", @@ -161669,42 +160549,42 @@ }, { "type": "library", - "name": "middleware-user-agent", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", - "author": "AWS SDK for JavaScript Team", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.575.0#packages/middleware-user-agent", + "purl": "pkg:npm/spdx-expression-parse@3.0.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.575.0.tgz", + "url": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7d696be117eb50d4b64773e03fe5aca0c60e44082fff8ecba742747dbddd5ced58bdd73335675d45b152517d8c43133fcbd5c57d03cba4b83396e8682f70a37a" + "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161713,7 +160593,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-user-agent" + "value": "node_modules/spdx-expression-parse" }, { "name": "cdx:npm:package:development", @@ -161722,43 +160602,43 @@ ] }, { - "type": "library", - "name": "region-config-resolver", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", - "author": "AWS SDK for JavaScript Team", + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "CC0-1.0" } } ], - "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.575.0#packages/region-config-resolver", + "purl": "pkg:npm/spdx-license-ids@3.0.17", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "url": "git+https://github.com/jslicense/spdx-license-ids.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "url": "https://github.com/jslicense/spdx-license-ids#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/jslicense/spdx-license-ids/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.575.0.tgz", + "url": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b0124ac1358a096bbdcbc1735c88a3606c242abded0e43d733b072953a1ee96fad1a4a783a2ad5e225eb580f7345e3704d37a9a311ee7e87ea8c62bd06d708f2" + "content": "b21f0f59cfdfb4ca8001d16206ee85cba2543988ea0c9049bc88697c33321ebaf445ba7996266a7784e3b50fd181f2e328565bf8b331e61a66979a8e5b2d2abe" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161767,7 +160647,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/region-config-resolver" + "value": "node_modules/spdx-license-ids" }, { "name": "cdx:npm:package:development", @@ -161777,43 +160657,42 @@ }, { "type": "library", - "name": "types", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "Types for the AWS SDK", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "CC-BY-3.0" } } ], - "purl": "pkg:npm/%40aws-sdk/types@3.575.0#packages/types", + "purl": "pkg:npm/spdx-exceptions@2.5.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.575.0.tgz", + "url": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5eb9e89501acd305f176036e762ad1d783a034e6ab1fb59489fdfcfb63dde289d91fe2fb5e820b7a6d04800d6d469805a70da914795908d6801c33520446a5ee" + "content": "3e2538dabfb13b851b512d5bba8dcb3c992394eef8df45e7e5254085da73cec3c7b236d855f9679c57404e069b9cbb9d7be0aabb6e69e8dfa0da5c3f3c5b1ae3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161822,7 +160701,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/types" + "value": "node_modules/spdx-exceptions" }, { "name": "cdx:npm:package:development", @@ -161832,43 +160711,42 @@ }, { "type": "library", - "name": "util-endpoints", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "Utilities to help with endpoint resolution", + "name": "sort-package-json", + "version": "2.10.0", + "bom-ref": "sort-package-json@2.10.0", + "author": "Keith Cirkel", + "description": "Sort an Object or package.json based on the well-known package.json keys", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.575.0#packages/util-endpoints", + "purl": "pkg:npm/sort-package-json@2.10.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "url": "git+ssh://git@github.com/keithamus/sort-package-json.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "url": "https://github.com/keithamus/sort-package-json#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/keithamus/sort-package-json/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.575.0.tgz", + "url": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-2.10.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c02e71f95eb0de446547a5fa5d520db003c3606f93cecdd6b61970f982ed8ee3ce0d435921002ab000476a1c677a417202fb1efb5f76f47c28f8268bf811d918" + "content": "31879c7ef39b3302638c9b2487161fb8e003917a7564c3270850bcca1a7ef470ec93b1e1477dfa85dede881b3dea54d77e2aa650d23e59009e08c441865db9d6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161877,52 +160755,270 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-endpoints" + "value": "node_modules/sort-package-json" }, { "name": "cdx:npm:package:development", "value": "true" } + ], + "components": [ + { + "type": "library", + "name": "detect-newline", + "version": "4.0.1", + "bom-ref": "sort-package-json@2.10.0|detect-newline@4.0.1", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a84dd57a0d585f3187421940ea3cde6d9376a957fa357f80ee6eea9610861b7d1d262c6b0108583ac263b270632640929ae38fa42937d35e397ebf055746f3a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/detect-newline" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "13.2.2", + "bom-ref": "sort-package-json@2.10.0|globby@13.2.2", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@13.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635ccd195fa9cd0761ec7dfd97dce00783c9aa344dab276f7580831b81c55cce17baf49a41094473dd48535c802cbf205130e89a00407f3dd725d9944bea28d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/globby" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "4.0.0", + "bom-ref": "sort-package-json@2.10.0|slash@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddd3ac0075d7524413a4e61ca00c4b228acc4e9e20210af9216de255bec0ee5148a74547867ca79bd8b3c7a4ecb1dac87152044809558ed9ced8af1b83e0a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/slash" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "4.1.0", + "bom-ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f822faf32e50d909c84c62301b792251683322a7af9ce127852ca73e7c58e841179428219905c8d1c86c102d1f0cd502093946d9dd54db0344deb5fe6983aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } ] }, { "type": "library", - "name": "util-user-agent-browser", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", - "author": "AWS SDK for JavaScript Team", + "name": "detect-indent", + "version": "7.0.1", + "bom-ref": "detect-indent@7.0.1", + "author": "Sindre Sorhus", + "description": "Detect the indentation of code", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.575.0#packages/util-user-agent-browser", + "purl": "pkg:npm/detect-indent@7.0.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "url": "git+https://github.com/sindresorhus/detect-indent.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "url": "https://github.com/sindresorhus/detect-indent#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/detect-indent/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.575.0.tgz", + "url": "https://registry.npmjs.org/detect-indent/-/detect-indent-7.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "8800e89d7c9a5e0c2f0b84f4a91b8358274a227cfcd865f67327b3abfa2a5652fc6cf63b1c3f23c1966bbae25dab9b646898b51216cee3e7f592c66a3a264abd" + "content": "31ced0850f2cf9c2eb9d47d4fc98bde2f1bfafc336ea6f1ffbebf2adeb38668a236910e9675792221fc4a732cdc255aebf3499dd46c316ca6316f4c35dee9efe" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161931,7 +161027,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-browser" + "value": "node_modules/detect-indent" }, { "name": "cdx:npm:package:development", @@ -161941,42 +161037,42 @@ }, { "type": "library", - "name": "util-user-agent-node", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", - "author": "AWS SDK for JavaScript Team", + "name": "get-stdin", + "version": "9.0.0", + "bom-ref": "get-stdin@9.0.0", + "author": "Sindre Sorhus", + "description": "Get stdin as a string or buffer", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.575.0#packages/util-user-agent-node", + "purl": "pkg:npm/get-stdin@9.0.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "url": "git+https://github.com/sindresorhus/get-stdin.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "url": "https://github.com/sindresorhus/get-stdin#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/get-stdin/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.575.0.tgz", + "url": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "930cef05f0342e820b0ce152e8157cb8e924b011eb62e94fea43577a00797999c348d89ae436c1b17ab143f1e49cd1796b8dbd496430d9a690244810bd907554" + "content": "7552818df5a2b0b02271aac8d927fe26e044fc382157853334055ef7284426ecde44477726139313d7146894de49aefb7ec6d050ade970ea497cce7df9529968" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -161985,7 +161081,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-node" + "value": "node_modules/get-stdin" }, { "name": "cdx:npm:package:development", @@ -161995,11 +161091,11 @@ }, { "type": "library", - "name": "fast-xml-parser", - "version": "4.2.5", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", - "author": "Amit Gupta", - "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "name": "git-hooks-list", + "version": "3.1.0", + "bom-ref": "git-hooks-list@3.1.0", + "author": "fisker Cheung", + "description": "List of Git hooks", "licenses": [ { "license": { @@ -162007,30 +161103,30 @@ } } ], - "purl": "pkg:npm/fast-xml-parser@4.2.5", + "purl": "pkg:npm/git-hooks-list@3.1.0", "externalReferences": [ { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "url": "git+https://github.com/fisker/git-hooks-list.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "url": "https://github.com/fisker/git-hooks-list#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "url": "https://github.com/fisker/git-hooks-list/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "url": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-3.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + "content": "2c5f15787791eeffb001b5ea7e04654d25ffd41251f50d6f10c47c240cf570483a197d3bfb3ca3dec01d0ef6238ffc679487d5b86823e2a05e8b52b784a1fe3c" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162039,7 +161135,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/fast-xml-parser" + "value": "node_modules/git-hooks-list" }, { "name": "cdx:npm:package:development", @@ -162049,43 +161145,42 @@ }, { "type": "library", - "name": "credential-provider-env", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from known environment variables", + "name": "sort-object-keys", + "version": "1.1.3", + "bom-ref": "sort-object-keys@1.1.3", + "author": "Keith Cirkel", + "description": "Sort an object's keys, including an optional key list", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.575.0#packages/credential-provider-env", + "purl": "pkg:npm/sort-object-keys@1.1.3", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "url": "git+ssh://git@github.com/keithamus/sort-object-keys.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "url": "https://github.com/keithamus/sort-object-keys#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/keithamus/sort-object-keys/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.575.0.tgz", + "url": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "613829ab7aef6015f35ba3930c1d34704efd7af42db2cfe5cf61a525782aa955c3d26ee2efb84603ccdbe3855ebcffd6c6d0da8925bb4928eebbc542046b20e2" + "content": "f39e69bcaf95914ecf68a60f73e2639e6b781337a3407ca1845df7ab7d6a1bcc7b99a0f391e1610004e174261acb5d422123bea803308ce04ff9f3d97b420fca" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162094,7 +161189,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-env" + "value": "node_modules/sort-object-keys" }, { "name": "cdx:npm:package:development", @@ -162104,43 +161199,34 @@ }, { "type": "library", - "name": "credential-provider-http", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider for containers and HTTP sources", - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - } - ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.575.0#packages/credential-provider-http", + "name": "tiny-jsonc", + "version": "1.0.1", + "bom-ref": "tiny-jsonc@1.0.1", + "description": "An absurdly small JSONC parser.", + "purl": "pkg:npm/tiny-jsonc@1.0.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "url": "git+https://github.com/fabiospampinato/jsonc-simple-parser.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "url": "https://github.com/fabiospampinato/jsonc-simple-parser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/fabiospampinato/jsonc-simple-parser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.575.0.tgz", + "url": "https://registry.npmjs.org/tiny-jsonc/-/tiny-jsonc-1.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c507d599823ef4aa91be1598f1fc84967a5c5540415208bf1e88e2de853a58bad48eb5fdf24f771deee0283412c877fbca430b5002585b0b15e008d0da3ea78c" + "content": "8a4e810b1cef6bd0e88847c35ff962d0bd9c58a3cf10d62f8b1529ac5765dd83e2e1b6595210e7348f5852469caeffae206f74767c51e6636a6a80fa5210fa07" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162149,7 +161235,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-http" + "value": "node_modules/tiny-jsonc" }, { "name": "cdx:npm:package:development", @@ -162159,43 +161245,42 @@ }, { "type": "library", - "name": "credential-provider-ini", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "name": "open", + "version": "10.1.0", + "bom-ref": "open@10.1.0", + "author": "Sindre Sorhus", + "description": "Open stuff like URLs, files, executables. Cross-platform.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.575.0#packages/credential-provider-ini", + "purl": "pkg:npm/open@10.1.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "url": "git+https://github.com/sindresorhus/open.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "url": "https://github.com/sindresorhus/open#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/open/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.575.0.tgz", + "url": "https://registry.npmjs.org/open/-/open-10.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "05d33a6bfe5552e3607b773ac91bb1bcefb8b2b2e849fa877e44067d40df8537532699639697e773d877cf6362d7e6ae78e1cf64c34558892d1c3717e7050606" + "content": "9a791e435a8fe547b6c1df9a8af4c3dcd1ddfe567de8bbb48e07f4a7092d2cfb71e9c4d9887eedc9e191447b34cd7d2b6eb6a15cf9d79549db797c9a041b886b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162204,53 +161289,100 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-ini" - }, + "value": "node_modules/open" + } + ], + "components": [ { - "name": "cdx:npm:package:development", - "value": "true" + "type": "library", + "name": "is-wsl", + "version": "3.1.0", + "bom-ref": "open@10.1.0|is-wsl@3.1.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51c55f55f68ae127389bb5f77544a81e8a3340604415e0c2fb3568d3ab7df317bc0b31d265905e90d5c7fadbb435a947a25709fd0006a92e3a1de7fb41704833" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open/node_modules/is-wsl" + } + ] } ] }, { "type": "library", - "name": "credential-provider-process", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "name": "default-browser", + "version": "5.2.1", + "bom-ref": "default-browser@5.2.1", + "author": "Sindre Sorhus", + "description": "Get the default browser", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.575.0#packages/credential-provider-process", + "purl": "pkg:npm/default-browser@5.2.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "url": "git+https://github.com/sindresorhus/default-browser.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "url": "https://github.com/sindresorhus/default-browser#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/default-browser/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.575.0.tgz", + "url": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dbfe4d255ecc672b0a825a89490fcef0e10b35cc0b707df192769b2fd35a82dcc1ed1341da9d405174745254decbdb120cb2f8a0298d6bffae9d8ba0956fc086" + "content": "598ff74d4304d31dca3d875147110926f5d11d5e0fc8fa14b31b596bbf25c08b7045044785dd94f713ac71a4ff6137fcb825c8023789385055121ffb16d0fc5e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162259,53 +161391,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-process" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/default-browser" } ] }, { "type": "library", - "name": "credential-provider-sso", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "name": "bundle-name", + "version": "4.1.0", + "bom-ref": "bundle-name@4.1.0", + "author": "Sindre Sorhus", + "description": "Get bundle name from a bundle identifier (macOS): `com.apple.Safari` → `Safari`", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.575.0#packages/credential-provider-sso", + "purl": "pkg:npm/bundle-name@4.1.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "url": "git+https://github.com/sindresorhus/bundle-name.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "url": "https://github.com/sindresorhus/bundle-name#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/bundle-name/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.575.0.tgz", + "url": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "36d5c0f4e3c82aca9abecd85ee184b4ffb766438f026cbd07af8f7d68bf536999335831cece585583a6d386eeba69b1632c93928a99f88bdaa5624099decd734" + "content": "b63c0ce5ec4c83a046448fa43664e7b4db2f7594b55fc045612ead9c9da1747d2457133afde559db1cbe16a4ad496bd89ad7c53032c8c6eae8ac7c0329f0f3e5" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162314,53 +161441,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-sso" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/bundle-name" } ] }, { "type": "library", - "name": "credential-provider-web-identity", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "name": "run-applescript", + "version": "7.0.0", + "bom-ref": "run-applescript@7.0.0", + "author": "Sindre Sorhus", + "description": "Run AppleScript and get the result", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.575.0#packages/credential-provider-web-identity", + "purl": "pkg:npm/run-applescript@7.0.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "url": "git+https://github.com/sindresorhus/run-applescript.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "url": "https://github.com/sindresorhus/run-applescript#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/run-applescript/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.575.0.tgz", + "url": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "41cbd51fbc29be91515c600680205f41e885fe9b43d0d27e1eb73c74361f3c6845799d04a1540160da612e2db9c5eec967e5db6aa08aad444766daf87c010e27" + "content": "f5bcb8223f7d254aff3021415240ca2d62b71bd1d55e669b2b3f54e4c948008bafbb39223a271162cf1724bc57fb16a10fe98b8a20980ea17d74a020b7328fd4" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162369,53 +161491,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-web-identity" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/run-applescript" } ] }, { "type": "library", - "name": "client-sso", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "name": "default-browser-id", + "version": "5.0.0", + "bom-ref": "default-browser-id@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the bundle identifier of the default browser (macOS). Example: com.apple.Safari", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sso@3.575.0#clients/client-sso", + "purl": "pkg:npm/default-browser-id@5.0.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "url": "git+https://github.com/sindresorhus/default-browser-id.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "url": "https://github.com/sindresorhus/default-browser-id#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/default-browser-id/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.575.0.tgz", + "url": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7a5156a40b64b43dd7072e3b7ad1bcd062972bd2e1dec3423172e3712b34352d1f751210252db32b10bca8adb651099d14aa57c6d84d0f914a93b7cd12aad1fa" + "content": "03aa7fa6effa7f205c0354d1cff1aa5983d58a996b7ed716da0642f6aefd9e0342280791fd7de070475740797828d5d5fb7c20209d423e4250dc81ccea572cc8" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162424,53 +161541,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/default-browser-id" } ] }, { "type": "library", - "name": "token-providers", - "group": "@aws-sdk", - "version": "3.575.0", - "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", - "author": "AWS SDK for JavaScript Team", - "description": "A collection of token providers", + "name": "define-lazy-prop", + "version": "3.0.0", + "bom-ref": "define-lazy-prop@3.0.0", + "author": "Sindre Sorhus", + "description": "Define a lazily evaluated property on an object", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/token-providers@3.575.0#packages/token-providers", + "purl": "pkg:npm/define-lazy-prop@3.0.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "url": "git+https://github.com/sindresorhus/define-lazy-prop.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "url": "https://github.com/sindresorhus/define-lazy-prop#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/define-lazy-prop/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.575.0.tgz", + "url": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "10f3433d0a109232aa9f80f6b7bd2a5736df76d95a032f4a05d1b9f2a0f5c8d595c6af1187f957770981f9a1363d26a1b727d58a465d091a19885cf10e1e4850" + "content": "37e31e5d8a2aaf7a4e827f317f244f44437b8076a42d88e1b07856193ddf58088be08900b74883c35e108a2126d9b137d1ce575f9ab416d000dc22b97fdfc152" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162479,53 +161591,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/token-providers" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/define-lazy-prop" } ] }, { "type": "library", - "name": "client-sso-oidc", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "name": "is-inside-container", + "version": "1.0.0", + "bom-ref": "is-inside-container@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a container (Docker/Podman)", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.583.0#clients/client-sso-oidc", + "purl": "pkg:npm/is-inside-container@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "url": "git+https://github.com/sindresorhus/is-inside-container.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "url": "https://github.com/sindresorhus/is-inside-container#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/sindresorhus/is-inside-container/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.583.0.tgz", + "url": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "2cedf09ab1573e2da4344e3a943d570137d1aef74dc577780e54c5a2ea169abee5beaa1491c6e6b64576aff5c2859036cf41e20daba9842d5ef1bf2568955e4a" + "content": "28860b08226085f1d9c6a8d8044eeb132d0e06e4dde710874bbb47560bc22e4c7b4ad2286b1c0d5b784200b80452315f79193e306fd0c66a7fbed113105ded44" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162534,53 +161641,99 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso-oidc" - }, + "value": "node_modules/is-inside-container" + } + ], + "components": [ { - "name": "cdx:npm:package:development", - "value": "true" + "type": "library", + "name": "is-docker", + "version": "3.0.0", + "bom-ref": "is-inside-container@1.0.0|is-docker@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a58dc8040e5127b3fec05c5a2c0792bfda708ce0fec540f90673f0d62f2e6b985116bd96b21ab8a4d5df7f4086399c9e1ff58b15bc1900ea42691e7f6b21275" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container/node_modules/is-docker" + } + ] } ] }, { "type": "library", - "name": "client-sts", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "name": "prompt-sync", + "version": "4.2.0", + "bom-ref": "prompt-sync@4.2.0", + "description": "a synchronous prompt for node.js", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sts@3.583.0#clients/client-sts", + "purl": "pkg:npm/prompt-sync@4.2.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "url": "git+https://github.com/heapwolf/prompt-sync.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "url": "https://github.com/heapwolf/prompt-sync#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/heapwolf/prompt-sync/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.583.0.tgz", + "url": "https://registry.npmjs.org/prompt-sync/-/prompt-sync-4.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c4333189e98f0d6afd758d90e00ca2c6446793f86f4ba7ece8e5b1b950b3d563b8ed885a01f3ac10602040c8032cb68e7e3fe82d4e43d78b9334110f1a1e2b04" + "content": "06e133cdce73a6d3f92ec815e4c6444e30da29259f72197953d2ee8aef122a9ee26560f9b596a53b1bcd719470bfe776a61345afcc656f198535c44a7c93b327" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162589,53 +161742,150 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sts" + "value": "node_modules/prompt-sync" + } + ], + "components": [ + { + "type": "library", + "name": "strip-ansi", + "version": "5.2.0", + "bom-ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/strip-ansi" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" + "type": "library", + "name": "ansi-regex", + "version": "4.1.1", + "bom-ref": "prompt-sync@4.2.0|ansi-regex@4.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b96fe24ff77fabdf4383a83f6006be2ace92d950f7c6442f593d15a423c5adcbd5a6c181bb930c074f3a9bdb1a7702d014d542b97e38cf316462bab565edee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/ansi-regex" + } + ] } ] }, { "type": "library", - "name": "core", - "group": "@aws-sdk", - "version": "3.582.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", - "author": "AWS SDK for JavaScript Team", - "description": "Core functions & classes shared by multiple AWS SDK clients", + "name": "lodash.truncate", + "version": "4.4.2", + "bom-ref": "lodash.truncate@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.truncate` exported as a module.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/core@3.582.0#packages/core", + "purl": "pkg:npm/lodash.truncate@4.4.2", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "url": "git+https://github.com/lodash/lodash.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "url": "https://lodash.com/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/lodash/lodash/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.582.0.tgz", + "url": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a1f983f7a21073d83575bcaa942cb1bb97c21bb90897da75368379faf1815322dd6e63c25773dd83df6744760426ebf63201b1e405051833cc1dca9b2699d923" + "content": "8edb6645eedb46c7b9d8eb1620c0cb697c56a91026b4851c70043781aaef882a898da7d739f34c3b4c8c7cda5d0facdb19a4d4d0fe4dcfb7bb8004fa70a98947" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162644,53 +161894,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/core" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/lodash.truncate" } ] }, { "type": "library", - "name": "credential-provider-node", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "name": "tmp", + "version": "0.2.3", + "bom-ref": "tmp@0.2.3", + "author": "KARASZI István", + "description": "Temporary file and directory creator", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.583.0#packages/credential-provider-node", + "purl": "pkg:npm/tmp@0.2.3", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "url": "git+https://github.com/raszi/node-tmp.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "url": "http://github.com/raszi/node-tmp", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "http://github.com/raszi/node-tmp/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.583.0.tgz", + "url": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c81372a415e7cbbcc91fce52cf10e3f2cd666cb5eff5cfd56ead2a4774773ce8f689d67acb007faa52110b55f006ebf8f56be0f24035c0a5e4dcade3ae971523" + "content": "9d90fb9bd8823c2e60d2962671ac688182a08127cbb1dc65f287f743fa086ea0aa2cb20ef48005d065a35f5cfd3594473e25eff167b1e320c2699b20130d18f3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162699,7 +161944,7 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-node" + "value": "node_modules/tmp" }, { "name": "cdx:npm:package:development", @@ -162709,42 +161954,42 @@ }, { "type": "library", - "name": "middleware-user-agent", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", - "author": "AWS SDK for JavaScript Team", + "name": "ts-jest", + "version": "29.1.4", + "bom-ref": "ts-jest@29.1.4", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.583.0#packages/middleware-user-agent", + "purl": "pkg:npm/ts-jest@29.1.4", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "url": "git+https://github.com/kulshekhar/ts-jest.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "url": "https://kulshekhar.github.io/ts-jest", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/kulshekhar/ts-jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.583.0.tgz", + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "c553575d70d6bc1548fc0795b52740f5256e9aac6265a11293f269527f463249ad4ca7ed7abd02c1e6a9fb5890f63f1b4403b4bcd8662246dcbdd0754b859553" + "content": "6221f00e14af0a222da0082c2ada0b142b9a903cc3b09d432c39d2a2e4da4e674e70ec08912cdb2d776e690e8ce4345586e642fcd61a699fe6b476d632ffd2e9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162753,22 +161998,70 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/middleware-user-agent" - }, + "value": "node_modules/ts-jest" + } + ], + "components": [ { - "name": "cdx:npm:package:development", - "value": "true" + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "ts-jest@29.1.4|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest/node_modules/yargs-parser" + } + ] } ] }, { "type": "library", - "name": "util-endpoints", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "Utilities to help with endpoint resolution", + "name": "remapping", + "group": "@ampproject", + "version": "2.3.0", + "bom-ref": "@ampproject/remapping@2.3.0", + "author": "Justin Ridgewell", + "description": "Remap sequential sourcemaps through transformations to point at the original source code", "licenses": [ { "license": { @@ -162776,30 +162069,30 @@ } } ], - "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.583.0#packages/util-endpoints", + "purl": "pkg:npm/%40ampproject/remapping@2.3.0", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "url": "git+https://github.com/ampproject/remapping.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "url": "https://github.com/ampproject/remapping#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/ampproject/remapping/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.583.0.tgz", + "url": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "642f666f68eae811573d8b14b03dad99872796677ef4f18dc2714d9fc8e4e1a6e76b9263936c0392737cd726e4b66051e6db4df56f2e82692db8ab6f00c20309" + "content": "df4899b403e0cfe2d3218a1e8afa98a3ce777f4da305849de6e1a71a9905574337c4eb7d68def77ab920600999538df1e157ea7272f15bd2a98374792c2e1863" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162808,21 +162101,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/util-endpoints" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@ampproject/remapping" } ] }, { "type": "library", - "name": "fast-xml-parser", - "version": "4.2.5", - "bom-ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", - "author": "Amit Gupta", - "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "name": "js-tokens", + "version": "4.0.0", + "bom-ref": "js-tokens@4.0.0", + "author": "Simon Lydell", + "description": "A regex that tokenizes JavaScript.", "licenses": [ { "license": { @@ -162830,30 +162119,30 @@ } } ], - "purl": "pkg:npm/fast-xml-parser@4.2.5", + "purl": "pkg:npm/js-tokens@4.0.0", "externalReferences": [ { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "url": "git+https://github.com/lydell/js-tokens.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "url": "https://github.com/lydell/js-tokens#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "url": "https://github.com/lydell/js-tokens/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "url": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162862,53 +162151,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/fast-xml-parser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/js-tokens" } ] }, { "type": "library", - "name": "credential-provider-http", - "group": "@aws-sdk", - "version": "3.582.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider for containers and HTTP sources", + "name": "helper-compilation-targets", + "group": "@babel", + "version": "7.23.6", + "bom-ref": "@babel/helper-compilation-targets@7.23.6", + "author": "The Babel Team", + "description": "Helper functions on Babel compilation targets", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.582.0#packages/credential-provider-http", + "purl": "pkg:npm/%40babel/helper-compilation-targets@7.23.6#packages/babel-helper-compilation-targets", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-compilation-targets", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "url": "https://github.com/babel/babel#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.582.0.tgz", + "url": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9063942b0e6bc8f90321807af4f8cadd289c54b4db581d3aa2e14dd96d44bea509a644063c0506cd872898ab6dde625a0937ffd647e8687c0044097a28a48ff1" + "content": "f49079e3c199a10566ceb160a7ca3b2b17609131a6eb1b3d0d6d28fcf8a6ef65038f3af939b510e99cd83ea03e83d3934b66c142872d2c9ae4cb444308059181" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162917,53 +162202,100 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-http" - }, + "value": "node_modules/@babel/helper-compilation-targets" + } + ], + "components": [ { - "name": "cdx:npm:package:development", - "value": "true" + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets/node_modules/semver" + } + ] } ] }, { "type": "library", - "name": "credential-provider-ini", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "name": "compat-data", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/compat-data@7.24.4", + "author": "The Babel Team", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.583.0#packages/credential-provider-ini", + "purl": "pkg:npm/%40babel/compat-data@7.24.4#packages/babel-compat-data", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "url": "git+https://github.com/babel/babel.git#packages/babel-compat-data", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "url": "https://github.com/babel/babel#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.583.0.tgz", + "url": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f08d2858d83fca9b3a72d8e111e2ffa89f4121affec573fb44f0d0a85299db306459b98b2cea0c59746f97cb8a5010faa827be0c699cbbdb247d55de5d27ac11" + "content": "be0f068a1d8c2cafa43a41c9a788011089326888b4d23816a2dd83f503a699f2c2f2320d48ece608bb5ae81bf3fc94810aa9de815d0bf348e1c64a25e4658d7d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -162972,53 +162304,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-ini" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/compat-data" } ] }, { "type": "library", - "name": "credential-provider-sso", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "name": "helper-validator-option", + "group": "@babel", + "version": "7.23.5", + "bom-ref": "@babel/helper-validator-option@7.23.5", + "author": "The Babel Team", + "description": "Validate plugin/preset options", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.583.0#packages/credential-provider-sso", + "purl": "pkg:npm/%40babel/helper-validator-option@7.23.5#packages/babel-helper-validator-option", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-option", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "url": "https://github.com/babel/babel#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.583.0.tgz", + "url": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "1bfd44bcbf6d05ecd2894fb4ead1b82bf90ebc57cf8e785e4f82525ea8cf33bfaf8cace0a768f1a7527d30c77af73b388d55a89fddf6ccc786823ac2a65ccc12" + "content": "f39b6d00e30bb2be775605e44db931f2803a6137d3e2aeff1f35d22c46268dc49324f30f42dbead410fbf41c9ea79c4c5186c64731290ec8d47f7772a79e082b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163027,53 +162355,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-sso" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/helper-validator-option" } ] }, { "type": "library", - "name": "client-sso", - "group": "@aws-sdk", - "version": "3.583.0", - "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", - "author": "AWS SDK for JavaScript Team", - "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "name": "lru-cache", + "version": "5.1.1", + "bom-ref": "lru-cache@5.1.1", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "ISC" } } ], - "purl": "pkg:npm/%40aws-sdk/client-sso@3.583.0#clients/client-sso", + "purl": "pkg:npm/lru-cache@5.1.1", "externalReferences": [ { - "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "url": "git://github.com/isaacs/node-lru-cache.git", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "url": "https://github.com/isaacs/node-lru-cache#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "url": "https://github.com/isaacs/node-lru-cache/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.583.0.tgz", + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "14d276326881b596708248f8f862d5af3ab0983e83f05069b6b15993b3e71a449feefd50f2dc58348ea063ddfc4518582789415b870d6e13ef5a80f1025f741f" + "content": "2a9340450037230bfe8d3034bad51555bae1f8996baf516fd1ee7a186cc014e5cdedd93f16f89a0d6f0b1e62b9d8395c1f858fda7ea023cbcdd5a7ac045828f7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163082,52 +162405,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/lru-cache" } ] }, { "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", + "name": "yallist", + "version": "3.1.1", + "bom-ref": "yallist@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", "licenses": [ { "license": { - "id": "0BSD" + "id": "ISC" } } ], - "purl": "pkg:npm/tslib@1.14.1", + "purl": "pkg:npm/yallist@3.1.1", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/tslib.git", + "url": "git+https://github.com/isaacs/yallist.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://github.com/isaacs/yallist#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/isaacs/yallist/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "url": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + "content": "6b850641a58f1f9f663975189c01b67b09dc412e22e05e374efdc9a0033eb365430264bd36c2bc1a90cc2eb0873e4b054fb8772ba4cea14367da96fb4685f1e2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163136,21 +162455,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/sha1-browser/node_modules/tslib" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/yallist" } ] }, { "type": "library", - "name": "fast-xml-parser", - "version": "4.2.5", - "bom-ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", - "author": "Amit Gupta", - "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "name": "helper-module-transforms", + "group": "@babel", + "version": "7.23.3", + "bom-ref": "@babel/helper-module-transforms@7.23.3", + "author": "The Babel Team", + "description": "Babel helper functions for implementing ES6 module transformations", "licenses": [ { "license": { @@ -163158,30 +162474,30 @@ } } ], - "purl": "pkg:npm/fast-xml-parser@4.2.5", + "purl": "pkg:npm/%40babel/helper-module-transforms@7.23.3#packages/babel-helper-module-transforms", "externalReferences": [ { - "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-transforms", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "url": "https://babel.dev/docs/en/next/babel-helper-module-transforms", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "url": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + "content": "edb06ce040fd3a6b3075f0f3a73e0ca56812ad5ec55e5737cc86a0bcb1634b91fe324ed29ebdb5bd0e90c2bb2808631f342e1ee0b40f76850b12de32933d1245" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163190,52 +162506,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-sdk/core/node_modules/fast-xml-parser" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/helper-module-transforms" } ] }, { "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", + "name": "helper-environment-visitor", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-environment-visitor@7.22.20", + "author": "The Babel Team", + "description": "Helper visitor to only visit nodes in the current 'this' context", "licenses": [ { "license": { - "id": "0BSD" + "id": "MIT" } } ], - "purl": "pkg:npm/tslib@1.14.1", + "purl": "pkg:npm/%40babel/helper-environment-visitor@7.22.20#packages/babel-helper-environment-visitor", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/tslib.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-environment-visitor", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://babel.dev/docs/en/next/babel-helper-environment-visitor", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "url": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + "content": "cdf79d488cc585ab7f8058567c7b605af95e7349ea07d604215ae9bb08ebb8b9577d44a703c7090749a21cac2a0e743b777d9a2a8db1b7cf3fc59a6dc316df84" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163244,52 +162557,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/crc32/node_modules/tslib" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/helper-environment-visitor" } ] }, { "type": "library", - "name": "tslib", - "version": "1.14.1", - "bom-ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1", - "author": "Microsoft Corp.", - "description": "Runtime library for TypeScript helper functions", + "name": "helper-module-imports", + "group": "@babel", + "version": "7.24.3", + "bom-ref": "@babel/helper-module-imports@7.24.3", + "author": "The Babel Team", + "description": "Babel helper functions for inserting module loads", "licenses": [ { "license": { - "id": "0BSD" + "id": "MIT" } } ], - "purl": "pkg:npm/tslib@1.14.1", + "purl": "pkg:npm/%40babel/helper-module-imports@7.24.3#packages/babel-helper-module-imports", "externalReferences": [ { - "url": "git+https://github.com/Microsoft/tslib.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-imports", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://www.typescriptlang.org/", + "url": "https://babel.dev/docs/en/next/babel-helper-module-imports", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Microsoft/TypeScript/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "url": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + "content": "be229bd05f5fdacd01092db6412177d3ccfffb5616295ffbea6c2deb5341cd2e62ccccc33f076ad694ebcdff8b8b79e90565fd29d41b91e0add6348033b959aa" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163298,52 +162608,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@aws-crypto/crc32c/node_modules/tslib" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/helper-module-imports" } ] }, { "type": "library", - "name": "cli-width", - "version": "4.1.0", - "bom-ref": "@inquirer/core@8.2.2|cli-width@4.1.0", - "author": "Ilya Radchenko", - "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "name": "helper-simple-access", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-simple-access@7.22.5", + "author": "The Babel Team", + "description": "Babel helper for ensuring that access to a given value is performed through simple accesses", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/cli-width@4.1.0", + "purl": "pkg:npm/%40babel/helper-simple-access@7.22.5#packages/babel-helper-simple-access", "externalReferences": [ { - "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-simple-access", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/knownasilya/cli-width", + "url": "https://babel.dev/docs/en/next/babel-helper-simple-access", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/knownasilya/cli-width/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz", + "url": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a2eb99778fdd9b64b0e469aacba6c6c8d34d7b5aadf51a66c6f78b48eeca720b139d4ed15dfb30fbf6ee9161a8d5a6e006230089cd3af2b72566c3b82169a6c5" + "content": "9f41fdf44fcaf818a46b7fbe58d2f5ecf3afa38aca599ee5644a7543e7d2b556d48bc9f13d01013a54e608ec56ff426c4b9e9228a43ea2301eda91ca247377e7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163352,52 +162659,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/core/node_modules/cli-width" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/helper-simple-access" } ] }, { "type": "library", - "name": "mute-stream", - "version": "1.0.0", - "bom-ref": "@inquirer/core@8.2.2|mute-stream@1.0.0", - "author": "GitHub Inc.", - "description": "Bytes go in, but they don't come out (when muted).", + "name": "helper-split-export-declaration", + "group": "@babel", + "version": "7.22.6", + "bom-ref": "@babel/helper-split-export-declaration@7.22.6", + "author": "The Babel Team", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/mute-stream@1.0.0", + "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.22.6#packages/babel-helper-split-export-declaration", "externalReferences": [ { - "url": "git+https://github.com/npm/mute-stream.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-split-export-declaration", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/mute-stream#readme", + "url": "https://babel.dev/docs/en/next/babel-helper-split-export-declaration", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/mute-stream/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", + "url": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6afb09421c9dfbaf3480a5f21bfb107349d7682eab0643ce7f21d87056fdfa1764a90911f5b767909d003198647b4a1eb0fa883be985149f8874173b9acb7820" + "content": "02c527c6e2e1458b22b0589a270be9d5017e2372a30f914ec6eb75e2afc6ce8bd47baa2b1cb7ac5b60bb77be789119b9de1e60aabcfab0597ab31738055b44fe" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163406,52 +162709,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/core/node_modules/mute-stream" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/helper-split-export-declaration" } ] }, { "type": "library", - "name": "signal-exit", - "version": "4.1.0", - "bom-ref": "@inquirer/core@8.2.2|signal-exit@4.1.0", - "author": "Ben Coe", - "description": "when you want to fire an event no matter how a process exits.", + "name": "helpers", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/helpers@7.24.4", + "author": "The Babel Team", + "description": "Collection of helper functions used by Babel transforms.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/signal-exit@4.1.0", + "purl": "pkg:npm/%40babel/helpers@7.24.4#packages/babel-helpers", "externalReferences": [ { - "url": "git+https://github.com/tapjs/signal-exit.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-helpers", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/tapjs/signal-exit#readme", + "url": "https://babel.dev/docs/en/next/babel-helpers", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/tapjs/signal-exit/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "url": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + "content": "15ec1d9596d28b06951a5813d433c0343b821da0cc88ea3e0ff2036111588c73aebfaeb131227b7d0c30383c113403e400320eff3d44a05fe5d810969560010f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163460,21 +162760,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/core/node_modules/signal-exit" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/helpers" } ] }, { "type": "library", - "name": "wrap-ansi", - "version": "6.2.0", - "bom-ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", - "author": "Sindre Sorhus", - "description": "Wordwrap a string with ANSI escape codes", + "name": "helper-function-name", + "group": "@babel", + "version": "7.23.0", + "bom-ref": "@babel/helper-function-name@7.23.0", + "author": "The Babel Team", + "description": "Helper function to change the property 'name' of every function", "licenses": [ { "license": { @@ -163482,30 +162779,30 @@ } } ], - "purl": "pkg:npm/wrap-ansi@6.2.0", + "purl": "pkg:npm/%40babel/helper-function-name@7.23.0#packages/babel-helper-function-name", "externalReferences": [ { - "url": "git+https://github.com/chalk/wrap-ansi.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-function-name", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/chalk/wrap-ansi#readme", + "url": "https://babel.dev/docs/en/next/babel-helper-function-name", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/wrap-ansi/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "url": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "afa94f7011b1657948732984bbb227c43321756d0a0f1a4b82814b720b9ab3109a27f48e219c0835ab4af4a63fb5ff99ae5cb038a5345038f70135d405fc495c" + "content": "384ac4aacaf18d94c97226783a8f9ea19a9e5bd50888e72e60a449038640815f66c80fa93978619a97cd08a8c41ff6ae55f11854527acb54dce2bd1e200a6a8b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163514,22 +162811,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@inquirer/core/node_modules/wrap-ansi" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/helper-function-name" } ] }, { "type": "library", - "name": "core", - "group": "@oclif", - "version": "4.0.0-beta.15", - "bom-ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", - "author": "Salesforce", - "description": "base library for oclif CLIs", + "name": "helper-hoist-variables", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-hoist-variables@7.22.5", + "author": "The Babel Team", + "description": "Helper function to hoist variables", "licenses": [ { "license": { @@ -163537,30 +162830,30 @@ } } ], - "purl": "pkg:npm/%40oclif/core@4.0.0-beta.15", + "purl": "pkg:npm/%40babel/helper-hoist-variables@7.22.5#packages/babel-helper-hoist-variables", "externalReferences": [ { - "url": "git+https://github.com/oclif/core.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-hoist-variables", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/oclif/core", + "url": "https://babel.dev/docs/en/next/babel-helper-hoist-variables", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/oclif/core/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.15.tgz", + "url": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a66b5993c211e31a8fae5994a6365c83f7712363ad317a5911177dae63d41ac4bd7ad6bb80504a1545eac5f2f9132ff48cbf2c266b1b987b120039a5d27b4c3a" + "content": "c068e4f50655cef92703ac8a2145116fccd8de0ad709c399b7effb59ccbc3b6b9cb7186996650f90e76582836199d55e7b673dd895db7f5c6932d54d6dfa3147" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163569,21 +162862,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-not-found/node_modules/@oclif/core" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/helper-hoist-variables" } ] }, { "type": "library", - "name": "mimic-response", - "version": "3.1.0", - "bom-ref": "decompress-response@6.0.0|mimic-response@3.1.0", - "author": "Sindre Sorhus", - "description": "Mimic a Node.js HTTP response stream", + "name": "helper-string-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/helper-string-parser@7.24.1", + "author": "The Babel Team", + "description": "A utility package to parse strings", "licenses": [ { "license": { @@ -163591,30 +162881,30 @@ } } ], - "purl": "pkg:npm/mimic-response@3.1.0", + "purl": "pkg:npm/%40babel/helper-string-parser@7.24.1#packages/babel-helper-string-parser", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/mimic-response.git", + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-string-parser", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/mimic-response#readme", + "url": "https://babel.dev/docs/en/next/babel-helper-string-parser", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/mimic-response/issues", + "url": "https://github.com/babel/babel/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "url": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "cf4c9623ee050ebaf0792f199ade048f91dd266932d79f8bd9ee96827dfe88ae5f5b36fa4f77e1345ab6f8c79345bd3ae1ce96af837fc2fd03cd04e33731cd19" + "content": "da87d10a39e703dcbec24f1bf4801112ba1e50fd36287a78df53769a12a78b2db22880caa5bac7bfd797c26f1c05e59061c266cefe6a282bbae4fe3b78217b09" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163623,21 +162913,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/decompress-response/node_modules/mimic-response" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@babel/helper-string-parser" } ] }, { "type": "library", - "name": "detect-newline", - "version": "4.0.1", - "bom-ref": "sort-package-json@2.10.0|detect-newline@4.0.1", + "name": "to-fast-properties", + "version": "2.0.0", + "bom-ref": "to-fast-properties@2.0.0", "author": "Sindre Sorhus", - "description": "Detect the dominant newline character of a string", + "description": "Force V8 to use fast properties for an object", "licenses": [ { "license": { @@ -163645,30 +162931,30 @@ } } ], - "purl": "pkg:npm/detect-newline@4.0.1", + "purl": "pkg:npm/to-fast-properties@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/detect-newline.git", + "url": "git+https://github.com/sindresorhus/to-fast-properties.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/detect-newline#readme", + "url": "https://github.com/sindresorhus/to-fast-properties#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/detect-newline/issues", + "url": "https://github.com/sindresorhus/to-fast-properties/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-4.0.1.tgz", + "url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a84dd57a0d585f3187421940ea3cde6d9376a957fa357f80ee6eea9610861b7d1d262c6b0108583ac263b270632640929ae38fa42937d35e397ebf055746f3a2" + "content": "fce68a2b4c58aecdc39b1458a8bff20dcf85c455156210e55cc8519afdf3f75e70d87175b67375a26077e788fc55418efe16d1cf20fa637b00eefec64bf71ea2" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163677,21 +162963,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sort-package-json/node_modules/detect-newline" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/to-fast-properties" } ] }, { "type": "library", - "name": "globby", - "version": "13.2.2", - "bom-ref": "sort-package-json@2.10.0|globby@13.2.2", - "author": "Sindre Sorhus", - "description": "User-friendly glob matching", + "name": "gensync", + "version": "1.0.0-beta.2", + "bom-ref": "gensync@1.0.0-beta.2", + "author": "Logan Smyth", + "description": "Allows users to use generators in order to write common functions that can be both sync or async.", "licenses": [ { "license": { @@ -163699,30 +162981,30 @@ } } ], - "purl": "pkg:npm/globby@13.2.2", + "purl": "pkg:npm/gensync@1.0.0-beta.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/globby.git", + "url": "git+https://github.com/loganfsmyth/gensync.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/globby#readme", + "url": "https://github.com/loganfsmyth/gensync", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/globby/issues", + "url": "https://github.com/loganfsmyth/gensync/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", + "url": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "635ccd195fa9cd0761ec7dfd97dce00783c9aa344dab276f7580831b81c55cce17baf49a41094473dd48535c802cbf205130e89a00407f3dd725d9944bea28d3" + "content": "de137b35ab2462f3032d0639e609d6dcd43e99eb0401ea53aa583e5446e3ef3cea10c055361cdc19861ea85a3f4e5633e9e42215ca751dcb0264efa71a04bcce" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163731,21 +163013,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sort-package-json/node_modules/globby" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/gensync" } ] }, { "type": "library", - "name": "slash", - "version": "4.0.0", - "bom-ref": "sort-package-json@2.10.0|slash@4.0.0", - "author": "Sindre Sorhus", - "description": "Convert Windows backslash paths to slash paths", + "name": "resolve-uri", + "group": "@jridgewell", + "version": "3.1.2", + "bom-ref": "@jridgewell/resolve-uri@3.1.2", + "author": "Justin Ridgewell", + "description": "Resolve a URI relative to an optional base URI", "licenses": [ { "license": { @@ -163753,30 +163032,30 @@ } } ], - "purl": "pkg:npm/slash@4.0.0", + "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/slash.git", + "url": "git+https://github.com/jridgewell/resolve-uri.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/slash#readme", + "url": "https://github.com/jridgewell/resolve-uri#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/slash/issues", + "url": "https://github.com/jridgewell/resolve-uri/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "url": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ddd3ac0075d7524413a4e61ca00c4b228acc4e9e20210af9216de255bec0ee5148a74547867ca79bd8b3c7a4ecb1dac87152044809558ed9ced8af1b83e0a87b" + "content": "6d12128022233f6d3fb5b5923d63048b9e1054f45913192e0fd9492fe508c542adc15240f305b54eb6f58ccb354455e8d42053359ff98690bd42f98a59da292b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163785,52 +163064,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sort-package-json/node_modules/slash" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@jridgewell/resolve-uri" } ] }, { "type": "library", - "name": "is-plain-obj", - "version": "4.1.0", - "bom-ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0", - "author": "Sindre Sorhus", - "description": "Check if a value is a plain object", + "name": "load-nyc-config", + "group": "@istanbuljs", + "version": "1.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0", + "description": "Utility function to load nyc configuration", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/is-plain-obj@4.1.0", + "purl": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "url": "git+https://github.com/istanbuljs/load-nyc-config.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "url": "https://github.com/istanbuljs/load-nyc-config#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "url": "https://github.com/istanbuljs/load-nyc-config/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "url": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f8f822faf32e50d909c84c62301b792251683322a7af9ce127852ca73e7c58e841179428219905c8d1c86c102d1f0cd502093946d9dd54db0344deb5fe6983aa" + "content": "5637874a5233a6ffcdc83dcdd18b877d738f0c88b1700d6ad9957df30b0ca9c6253e6bf69f761bda560ff5730496768555783903b60b4de2eee95f38b900e399" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163839,71 +163114,418 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/sort-package-json/node_modules/is-plain-obj" + "value": "node_modules/@istanbuljs/load-nyc-config" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up" + } + ] }, { - "name": "cdx:npm:package:development", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "is-wsl", - "version": "3.1.0", - "bom-ref": "open@10.1.0|is-wsl@3.1.0", - "author": "Sindre Sorhus", - "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", - "licenses": [ + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path" + } + ] + }, { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/is-wsl@3.1.0", - "externalReferences": [ + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate" + } + ] + }, { - "url": "git+https://github.com/sindresorhus/is-wsl.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit" + } + ] }, { - "url": "https://github.com/sindresorhus/is-wsl#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml" + } + ] }, { - "url": "https://github.com/sindresorhus/is-wsl/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse" + } + ] }, { - "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ { - "alg": "SHA-512", - "content": "51c55f55f68ae127389bb5f77544a81e8a3340604415e0c2fb3568d3ab7df317bc0b31d265905e90d5c7fadbb435a947a25709fd0006a92e3a1de7fb41704833" + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from" } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/open/node_modules/is-wsl" + ] } ] }, { "type": "library", - "name": "is-docker", - "version": "3.0.0", - "bom-ref": "is-inside-container@1.0.0|is-docker@3.0.0", + "name": "camelcase", + "version": "5.3.1", + "bom-ref": "camelcase@5.3.1", "author": "Sindre Sorhus", - "description": "Check if the process is running inside a Docker container", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", "licenses": [ { "license": { @@ -163911,30 +163533,30 @@ } } ], - "purl": "pkg:npm/is-docker@3.0.0", + "purl": "pkg:npm/camelcase@5.3.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/is-docker.git", + "url": "git+https://github.com/sindresorhus/camelcase.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/is-docker#readme", + "url": "https://github.com/sindresorhus/camelcase#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/is-docker/issues", + "url": "https://github.com/sindresorhus/camelcase/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", + "url": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7a58dc8040e5127b3fec05c5a2c0792bfda708ce0fec540f90673f0d62f2e6b985116bd96b21ab8a4d5df7f4086399c9e1ff58b15bc1900ea42691e7f6b21275" + "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163943,48 +163565,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/is-inside-container/node_modules/is-docker" + "value": "node_modules/camelcase" } ] }, { "type": "library", - "name": "strip-ansi", - "version": "5.2.0", - "bom-ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", + "name": "test-exclude", + "version": "6.0.0", + "bom-ref": "test-exclude@6.0.0", + "author": "Ben Coe", + "description": "test for inclusion or exclusion of paths using globs", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/strip-ansi@5.2.0", + "purl": "pkg:npm/test-exclude@6.0.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/strip-ansi.git", + "url": "git+https://github.com/istanbuljs/test-exclude.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/strip-ansi#readme", + "url": "https://istanbul.js.org/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/strip-ansi/issues", + "url": "https://github.com/istanbuljs/test-exclude/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "url": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258" + "content": "7001963c8c8e1d4eb396683cf23c26ed54725e730dee257af0e1806d80e4fcc87fc42fe9cd53e542d63a9e0a081ffe7fb5c8ae8467ef11253c1ab1eb7310f9eb" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -163993,98 +163615,150 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/prompt-sync/node_modules/strip-ansi" - } - ] - }, - { - "type": "library", - "name": "ansi-regex", - "version": "4.1.1", - "bom-ref": "prompt-sync@4.2.0|ansi-regex@4.1.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", - "licenses": [ - { - "license": { - "id": "MIT" - } + "value": "node_modules/test-exclude" } ], - "purl": "pkg:npm/ansi-regex@4.1.1", - "externalReferences": [ - { - "url": "git+https://github.com/chalk/ansi-regex.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/chalk/ansi-regex#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "components": [ { - "url": "https://github.com/chalk/ansi-regex/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "test-exclude@6.0.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/minimatch" + } + ] }, { - "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ { - "alg": "SHA-512", - "content": "20b96fe24ff77fabdf4383a83f6006be2ace92d950f7c6442f593d15a423c5adcbd5a6c181bb930c074f3a9bdb1a7702d014d542b97e38cf316462bab565edee" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/prompt-sync/node_modules/ansi-regex" + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/brace-expansion" + } + ] } ] }, { "type": "library", - "name": "yargs-parser", - "version": "21.1.1", - "bom-ref": "ts-jest@29.1.4|yargs-parser@21.1.1", - "author": "Ben Coe", - "description": "the mighty option parser used by yargs", + "name": "babel__generator", + "group": "@types", + "version": "7.6.8", + "bom-ref": "@types/babel__generator@7.6.8", + "description": "TypeScript definitions for @babel/generator", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/yargs-parser@21.1.1", + "purl": "pkg:npm/%40types/babel__generator@7.6.8#types/babel__generator", "externalReferences": [ { - "url": "git+https://github.com/yargs/yargs-parser.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__generator", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/yargs/yargs-parser#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__generator", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/yargs/yargs-parser/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "url": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + "content": "012b23fada440ec12216bd5aad6ae537a57799d7e344c66de8bb4afd5a7f92b7852e7af9407e7e0e1bc3e6720d6195f3c09bd7786abed398945dc03356ba96b7" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164093,48 +163767,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ts-jest/node_modules/yargs-parser" + "value": "node_modules/@types/babel__generator" } ] }, { "type": "library", - "name": "semver", - "version": "6.3.1", - "bom-ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", + "name": "babel__template", + "group": "@types", + "version": "7.4.4", + "bom-ref": "@types/babel__template@7.4.4", + "description": "TypeScript definitions for @babel/template", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/semver@6.3.1", + "purl": "pkg:npm/%40types/babel__template@7.4.4#types/babel__template", "externalReferences": [ { - "url": "git+https://github.com/npm/node-semver.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__template", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/npm/node-semver#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__template", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/node-semver/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "url": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + "content": "87f354692c86e44cb1048a7c611c68e1131edbfa9082fca8c11c1533385884108e35b5bc3d4b20e2590532b86066151ee73dcbdcc88b0eebf227f09a3dad80f0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164143,17 +163817,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@babel/helper-compilation-targets/node_modules/semver" + "value": "node_modules/@types/babel__template" } ] }, { "type": "library", - "name": "find-up", - "version": "4.1.0", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", - "author": "Sindre Sorhus", - "description": "Find a file or directory by walking up parent directories", + "name": "babel-preset-jest", + "version": "29.6.3", + "bom-ref": "babel-preset-jest@29.6.3", "licenses": [ { "license": { @@ -164161,30 +163833,30 @@ } } ], - "purl": "pkg:npm/find-up@4.1.0", + "purl": "pkg:npm/babel-preset-jest@29.6.3#packages/babel-preset-jest", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/find-up.git", + "url": "git+https://github.com/jestjs/jest.git#packages/babel-preset-jest", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/find-up#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/find-up/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + "content": "d01ddb87147ab27597259b51fd19621d30cf4609f5b0d1ce474c95b6afc8890172b8e563152fb0ba2a3f478812364c9898a989078c0666fd8d65a9e62a64e734" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164193,17 +163865,15 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up" + "value": "node_modules/babel-preset-jest" } ] }, { "type": "library", - "name": "locate-path", - "version": "5.0.0", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", - "author": "Sindre Sorhus", - "description": "Get the first path that exists on disk of multiple paths", + "name": "babel-plugin-jest-hoist", + "version": "29.6.3", + "bom-ref": "babel-plugin-jest-hoist@29.6.3", "licenses": [ { "license": { @@ -164211,30 +163881,30 @@ } } ], - "purl": "pkg:npm/locate-path@5.0.0", + "purl": "pkg:npm/babel-plugin-jest-hoist@29.6.3#packages/babel-plugin-jest-hoist", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/locate-path.git", + "url": "git+https://github.com/jestjs/jest.git#packages/babel-plugin-jest-hoist", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/locate-path#readme", + "url": "https://github.com/jestjs/jest#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/locate-path/issues", + "url": "https://github.com/jestjs/jest/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + "content": "11201cfd126f193144cd1c0e4d3e3e94d0e4fc634732429b373b2f4f4a8a45f0f2c984ec931079ae75369e3203615c570811c7108d5cd18c07a1bdd6698ba33a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164243,17 +163913,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path" + "value": "node_modules/babel-plugin-jest-hoist" } ] }, { "type": "library", - "name": "p-locate", - "version": "4.1.0", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", - "author": "Sindre Sorhus", - "description": "Get the first fulfilled promise that satisfies the provided testing function", + "name": "ts-mocha", + "version": "10.0.0", + "bom-ref": "ts-mocha@10.0.0", + "author": "Piotr Witek", + "description": "Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity", "licenses": [ { "license": { @@ -164261,30 +163931,30 @@ } } ], - "purl": "pkg:npm/p-locate@4.1.0", + "purl": "pkg:npm/ts-mocha@10.0.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/p-locate.git", + "url": "git+https://github.com/piotrwitek/ts-mocha.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/p-locate#readme", + "url": "https://github.com/piotrwitek/ts-mocha#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/p-locate/issues", + "url": "https://github.com/piotrwitek/ts-mocha/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "url": "https://registry.npmjs.org/ts-mocha/-/ts-mocha-10.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + "content": "5517e00cefa28ae24594d075f2dcce7f2a49db5c67db16ee6720ef26faa94db5a0900803d7b38d1abf2df9397cadc06d3817635e9e5efd193e777f5fed704747" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164293,67 +163963,290 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate" - } - ] - }, - { - "type": "library", - "name": "p-limit", - "version": "2.3.0", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", - "author": "Sindre Sorhus", - "description": "Run multiple promise-returning & async functions with limited concurrency", - "licenses": [ + "value": "node_modules/ts-mocha" + }, { - "license": { - "id": "MIT" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/p-limit@2.3.0", - "externalReferences": [ + "components": [ { - "url": "git+https://github.com/sindresorhus/p-limit.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "type": "library", + "name": "ts-node", + "version": "7.0.1", + "bom-ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@7.0.1", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "055c156cf251b29ccd876c9fb25c93d4f49b979b88934dc46656f8f7744a1cde2a7a3fc3d3a9f570486394e246ebda05b04ece4fc5e3a5351c61fea92932cc87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/ts-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/sindresorhus/p-limit#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "arrify", + "version": "1.0.1", + "bom-ref": "ts-mocha@10.0.0|arrify@1.0.1", + "author": "Sindre Sorhus", + "description": "Convert a value to an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arrify@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/arrify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/arrify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/arrify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc26337b1f4cf451908c218c1b28baff7d5cf0625b81bd2a1b2af1e475b13ddd1a0b0878701d988cc6f65dff54ba8a20accae53bd713aa7079ac8e461d94dc50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/arrify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://github.com/sindresorhus/p-limit/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "diff", + "version": "3.5.0", + "bom-ref": "ts-mocha@10.0.0|diff@3.5.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@3.5.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "038eaab4581dfa0ee90d98a7a67c22449b716c2d61a607f4bb33f7886f3db1c1e4d00502ec0d531b17f93a288e52ffc931947c18eb7c84bf74d215746cecb9c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "mkdirp", + "version": "0.5.6", + "bom-ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "author": "James Halliday", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ { - "alg": "SHA-512", - "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ + "purl": "pkg:npm/mkdirp@0.5.6", + "externalReferences": [ + { + "url": "git+https://github.com/substack/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, { - "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit" + "type": "library", + "name": "yn", + "version": "2.0.0", + "bom-ref": "ts-mocha@10.0.0|yn@2.0.0", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b93bfc27fc225938144e0fbdbcb4e2fff95e525e6f0d04baba28bf7a67936f6b2c63bbe5e9059fd9f15b2081a39e18ef6dd2a553479ded03e063586d4c2f3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/yn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "js-yaml", - "version": "3.14.1", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", - "author": "Vladimir Zapparov", - "description": "YAML 1.2 parser and serializer", + "name": "buffer-from", + "version": "1.1.2", + "bom-ref": "buffer-from@1.1.2", "licenses": [ { "license": { @@ -164361,30 +164254,30 @@ } } ], - "purl": "pkg:npm/js-yaml@3.14.1", + "purl": "pkg:npm/buffer-from@1.1.2", "externalReferences": [ { - "url": "git+https://github.com/nodeca/js-yaml.git", + "url": "git+https://github.com/LinusU/buffer-from.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodeca/js-yaml", + "url": "https://github.com/LinusU/buffer-from#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodeca/js-yaml/issues", + "url": "https://github.com/LinusU/buffer-from/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "url": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164393,16 +164286,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml" + "value": "node_modules/buffer-from" } ] }, { "type": "library", - "name": "argparse", - "version": "1.0.10", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", - "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "name": "tsconfig-paths", + "version": "3.15.0", + "bom-ref": "tsconfig-paths@3.15.0", + "author": "Jonas Kello", + "description": "Load node modules according to tsconfig paths, in run-time or via API.", + "scope": "optional", "licenses": [ { "license": { @@ -164410,30 +164305,30 @@ } } ], - "purl": "pkg:npm/argparse@1.0.10", + "purl": "pkg:npm/tsconfig-paths@3.15.0", "externalReferences": [ { - "url": "git+https://github.com/nodeca/argparse.git", + "url": "git+https://github.com/dividab/tsconfig-paths.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodeca/argparse#readme", + "url": "https://github.com/dividab/tsconfig-paths#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodeca/argparse/issues", + "url": "https://github.com/dividab/tsconfig-paths/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "url": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + "content": "d80736460cc37bf727e3c1af39edccfa8f36a4415ec03dd43dbca85071dd29ab07c092a376ce1f2d759ffd4c799004c128ddb4a1a146bbe8db125a75a68b349a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164442,67 +164337,135 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse" - } - ] - }, - { - "type": "library", - "name": "sprintf-js", - "version": "1.0.3", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3", - "author": "Alexandru Marasteanu", - "description": "JavaScript sprintf implementation", - "licenses": [ + "value": "node_modules/tsconfig-paths" + }, { - "license": { - "id": "BSD-3-Clause" - } + "name": "cdx:npm:package:development", + "value": "true" } ], - "purl": "pkg:npm/sprintf-js@1.0.3", - "externalReferences": [ - { - "url": "git+https://github.com/alexei/sprintf.js.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/alexei/sprintf.js#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, + "components": [ { - "url": "https://github.com/alexei/sprintf.js/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "json5", + "version": "1.0.2", + "bom-ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "author": "Aseem Kishore", + "description": "JSON for humans.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83531630b062cfc14a8b57b8c3453254bdf0fa225c7960050406819e718a3a935ae5ff132e4b646eb7b5facea8202c9d5809be1d15064e623efffc6fda1bd760" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] }, { - "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "strip-bom", + "version": "3.0.0", + "bom-ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, { - "alg": "SHA-512", - "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdabc03115ce80154d17a9f210498bdc304ad7d891a437282305beb3043e09b1a2bbb963bbab7e264940d4c1f07a85ad69d82de0849552c5cbc83ab7e1d75cc0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/sprintf-js" + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/strip-bom" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] } ] }, { "type": "library", - "name": "resolve-from", - "version": "5.0.0", - "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0", - "author": "Sindre Sorhus", - "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "name": "json5", + "group": "@types", + "version": "0.0.29", + "bom-ref": "@types/json5@0.0.29", + "author": "Jason Swearingen", + "description": "TypeScript definitions for JSON5", + "scope": "optional", "licenses": [ { "license": { @@ -164510,30 +164473,30 @@ } } ], - "purl": "pkg:npm/resolve-from@5.0.0", + "purl": "pkg:npm/%40types/json5@0.0.29", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/resolve-from.git", + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/resolve-from#readme", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/resolve-from/issues", + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "url": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + "content": "7512e30961d8838a1a03bedcc4eeb8a0efbb2700b09c8ce464f76bac2ef58d0990b6584ce79ea9c0aa396d4ceabd99dd9156de14b2088bef530b8d09345e6135" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164542,48 +164505,52 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from" + "value": "node_modules/@types/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" } ] }, { "type": "library", - "name": "minimatch", - "version": "3.1.2", - "bom-ref": "test-exclude@6.0.0|minimatch@3.1.2", - "author": "Isaac Z. Schlueter", - "description": "a glob matcher in javascript", + "name": "source-map-support", + "group": "@cspotcode", + "version": "0.8.1", + "bom-ref": "@cspotcode/source-map-support@0.8.1", + "description": "Fixes stack traces for files with source maps", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minimatch@3.1.2", + "purl": "pkg:npm/%40cspotcode/source-map-support@0.8.1", "externalReferences": [ { - "url": "git://github.com/isaacs/minimatch.git", + "url": "git+https://github.com/cspotcode/node-source-map-support.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minimatch#readme", + "url": "https://github.com/cspotcode/node-source-map-support#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minimatch/issues", + "url": "https://github.com/cspotcode/node-source-map-support/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "url": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + "content": "21c84d7fa74de2d1e8305227ffb384f0b599d7d63aabfebb0667fabe719112ff1149b0556fd2cf27111c9f0adcc17ea2c52bda886a2898052fbb8612c57ad583" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164592,67 +164559,70 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/test-exclude/node_modules/minimatch" - } - ] - }, - { - "type": "library", - "name": "brace-expansion", - "version": "1.1.11", - "bom-ref": "test-exclude@6.0.0|brace-expansion@1.1.11", - "author": "Julian Gruber", - "description": "Brace expansion as known from sh/bash", - "licenses": [ - { - "license": { - "id": "MIT" - } + "value": "node_modules/@cspotcode/source-map-support" } ], - "purl": "pkg:npm/brace-expansion@1.1.11", - "externalReferences": [ - { - "url": "git://github.com/juliangruber/brace-expansion.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - }, - { - "url": "https://github.com/juliangruber/brace-expansion/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, + "components": [ { - "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.9", + "bom-ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ { - "alg": "SHA-512", - "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + "license": { + "id": "MIT" + } } ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/test-exclude/node_modules/brace-expansion" + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.9", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc17a5b7ab5d73c6cf800b5b72676d349962ad5a139846f97b6802f783e7930116f6323a0801d47a81bce6d8d63f95aabaa7dabe832d330886e0ff76e9928ab9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping" + } + ] } ] }, { "type": "library", - "name": "ts-node", - "version": "7.0.1", - "bom-ref": "ts-mocha@10.0.0|ts-node@7.0.1", - "author": "Blake Embrey", - "description": "TypeScript execution environment and REPL for node.js, with source map support", + "name": "node10", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node10@1.0.11", + "description": "A base TSConfig for working with Node 10.", "licenses": [ { "license": { @@ -164660,30 +164630,30 @@ } } ], - "purl": "pkg:npm/ts-node@7.0.1", + "purl": "pkg:npm/%40tsconfig/node10@1.0.11#bases", "externalReferences": [ { - "url": "git://github.com/TypeStrong/ts-node.git", + "url": "git+https://github.com/tsconfig/bases.git#bases", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/TypeStrong/ts-node", + "url": "https://github.com/tsconfig/bases#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/TypeStrong/ts-node/issues", + "url": "https://github.com/tsconfig/bases/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ts-node/-/ts-node-7.0.1.tgz", + "url": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "055c156cf251b29ccd876c9fb25c93d4f49b979b88934dc46656f8f7744a1cde2a7a3fc3d3a9f570486394e246ebda05b04ece4fc5e3a5351c61fea92932cc87" + "content": "0dc4630c2ba32bf90293f7147bc5f3f194a99bc992de634da6d6be8c6080e944840df92d94dbe6d7e22e67d7937036cd938d411f0a471de5be37594a0b3e333b" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164692,21 +164662,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ts-mocha/node_modules/ts-node" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@tsconfig/node10" } ] }, { "type": "library", - "name": "arrify", - "version": "1.0.1", - "bom-ref": "ts-mocha@10.0.0|arrify@1.0.1", - "author": "Sindre Sorhus", - "description": "Convert a value to an array", + "name": "node12", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node12@1.0.11", + "description": "A base TSConfig for working with Node 12.", "licenses": [ { "license": { @@ -164714,30 +164680,30 @@ } } ], - "purl": "pkg:npm/arrify@1.0.1", + "purl": "pkg:npm/%40tsconfig/node12@1.0.11#bases", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/arrify.git", + "url": "git+https://github.com/tsconfig/bases.git#bases", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/sindresorhus/arrify#readme", + "url": "https://github.com/tsconfig/bases#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/arrify/issues", + "url": "https://github.com/tsconfig/bases/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "url": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dc26337b1f4cf451908c218c1b28baff7d5cf0625b81bd2a1b2af1e475b13ddd1a0b0878701d988cc6f65dff54ba8a20accae53bd713aa7079ac8e461d94dc50" + "content": "72a79fb91b21d76a56c86b08a0128903d96e16ede6471080f8e459bc0e24b4b4b322e094b56571188b978a01303b9ff2c1614c67640418a5af9191b5cc33136a" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164746,51 +164712,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ts-mocha/node_modules/arrify" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@tsconfig/node12" } ] }, { "type": "library", - "name": "diff", - "version": "3.5.0", - "bom-ref": "ts-mocha@10.0.0|diff@3.5.0", - "description": "A javascript text diff implementation.", + "name": "node14", + "group": "@tsconfig", + "version": "1.0.3", + "bom-ref": "@tsconfig/node14@1.0.3", + "description": "A base TSConfig for working with Node 14.", "licenses": [ { "license": { - "id": "BSD-3-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/diff@3.5.0", + "purl": "pkg:npm/%40tsconfig/node14@1.0.3#bases", "externalReferences": [ { - "url": "git://github.com/kpdecker/jsdiff.git", + "url": "git+https://github.com/tsconfig/bases.git#bases", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/kpdecker/jsdiff#readme", + "url": "https://github.com/tsconfig/bases#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "http://github.com/kpdecker/jsdiff/issues", + "url": "https://github.com/tsconfig/bases/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", + "url": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "038eaab4581dfa0ee90d98a7a67c22449b716c2d61a607f4bb33f7886f3db1c1e4d00502ec0d531b17f93a288e52ffc931947c18eb7c84bf74d215746cecb9c4" + "content": "cac4fc9a1762c562ba1f0de2d55d80791a99e567d78351b8de6aa86253369dceb7f3c16ae63717cabe6646ca9588bc7f18961da0bd1b7d70fc9e617e667fc8a3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164799,21 +164762,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ts-mocha/node_modules/diff" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@tsconfig/node14" } ] }, { "type": "library", - "name": "mkdirp", - "version": "0.5.6", - "bom-ref": "ts-mocha@10.0.0|mkdirp@0.5.6", - "author": "James Halliday", - "description": "Recursively mkdir, like `mkdir -p`", + "name": "node16", + "group": "@tsconfig", + "version": "1.0.4", + "bom-ref": "@tsconfig/node16@1.0.4", + "description": "A base TSConfig for working with Node 16.", "licenses": [ { "license": { @@ -164821,30 +164780,30 @@ } } ], - "purl": "pkg:npm/mkdirp@0.5.6", + "purl": "pkg:npm/%40tsconfig/node16@1.0.4#bases", "externalReferences": [ { - "url": "git+https://github.com/substack/node-mkdirp.git", + "url": "git+https://github.com/tsconfig/bases.git#bases", "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" }, { - "url": "https://github.com/substack/node-mkdirp#readme", + "url": "https://github.com/tsconfig/bases#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/substack/node-mkdirp/issues", + "url": "https://github.com/tsconfig/bases/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "url": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + "content": "bf1854cb827c9727b28a71fb033975a5d778dc6261647fed3f6c1e37c4e7b506e5398f80d176d3f03264d7fa023ee38eca0fc96bbe7bac6d028077160bc39f30" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164853,21 +164812,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ts-mocha/node_modules/mkdirp" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/@tsconfig/node16" } ] }, { "type": "library", - "name": "yn", - "version": "2.0.0", - "bom-ref": "ts-mocha@10.0.0|yn@2.0.0", - "author": "Sindre Sorhus", - "description": "Parse yes/no like values", + "name": "acorn-walk", + "version": "8.3.2", + "bom-ref": "acorn-walk@8.3.2", + "description": "ECMAScript (ESTree) AST walker", "licenses": [ { "license": { @@ -164875,30 +164829,30 @@ } } ], - "purl": "pkg:npm/yn@2.0.0", + "purl": "pkg:npm/acorn-walk@8.3.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/yn.git", + "url": "git+https://github.com/acornjs/acorn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/yn#readme", + "url": "https://github.com/acornjs/acorn", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/yn/issues", + "url": "https://github.com/acornjs/acorn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/yn/-/yn-2.0.0.tgz", + "url": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "b93bfc27fc225938144e0fbdbcb4e2fff95e525e6f0d04baba28bf7a67936f6b2c63bbe5e9059fd9f15b2081a39e18ef6dd2a553479ded03e063586d4c2f3a8d" + "content": "723932bf83ad34221eaa11eb7d2f354165e80813c4c51fc9eb6a3212a7a9570f16690792aa95b6ba1b8b3e1d66f5e5a10ee3a8fe35175539627ef7ac396a7fe0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164907,22 +164861,16 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/ts-mocha/node_modules/yn" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/acorn-walk" } ] }, { "type": "library", - "name": "json5", - "version": "1.0.2", - "bom-ref": "tsconfig-paths@3.15.0|json5@1.0.2", - "author": "Aseem Kishore", - "description": "JSON for humans.", - "scope": "optional", + "name": "create-require", + "version": "1.1.1", + "bom-ref": "create-require@1.1.1", + "description": "Polyfill for Node.js module.createRequire (<= v12.2.0)", "licenses": [ { "license": { @@ -164930,30 +164878,30 @@ } } ], - "purl": "pkg:npm/json5@1.0.2", + "purl": "pkg:npm/create-require@1.1.1", "externalReferences": [ { - "url": "git+https://github.com/json5/json5.git", + "url": "git+https://github.com/nuxt-contrib/create-require.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "http://json5.org/", + "url": "https://github.com/nuxt-contrib/create-require#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/json5/json5/issues", + "url": "https://github.com/nuxt-contrib/create-require/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "url": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "83531630b062cfc14a8b57b8c3453254bdf0fa225c7960050406819e718a3a935ae5ff132e4b646eb7b5facea8202c9d5809be1d15064e623efffc6fda1bd760" + "content": "75c2855f78e7d0ca486978e2b2846f7b12095442b36aaef3dab64ac5ff8c4abf5391d9879ac5389b695c2e88eb8ff14797c9a4e55c4c99803e7ed4643ffde829" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -164962,53 +164910,47 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tsconfig-paths/node_modules/json5" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/create-require" } ] }, { "type": "library", - "name": "strip-bom", - "version": "3.0.0", - "bom-ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0", - "author": "Sindre Sorhus", - "description": "Strip UTF-8 byte order mark (BOM) from a string", - "scope": "optional", + "name": "diff", + "version": "4.0.2", + "bom-ref": "diff@4.0.2", + "description": "A javascript text diff implementation.", "licenses": [ { "license": { - "id": "MIT" + "id": "BSD-3-Clause" } } ], - "purl": "pkg:npm/strip-bom@3.0.0", + "purl": "pkg:npm/diff@4.0.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/strip-bom.git", + "url": "git://github.com/kpdecker/jsdiff.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/strip-bom#readme", + "url": "https://github.com/kpdecker/jsdiff#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/strip-bom/issues", + "url": "http://github.com/kpdecker/jsdiff/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", + "url": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "bdabc03115ce80154d17a9f210498bdc304ad7d891a437282305beb3043e09b1a2bbb963bbab7e264940d4c1f07a85ad69d82de0849552c5cbc83ab7e1d75cc0" + "content": "e7c966c4a480e013722f3f871cc53394e129834f4557e7afe9931edef262860771ce073067c5681043e600b0991bd2e6a9f56834c30aa6db48613546eae0d8ec" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -165017,22 +164959,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/tsconfig-paths/node_modules/strip-bom" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/diff" } ] }, { "type": "library", - "name": "trace-mapping", - "group": "@jridgewell", - "version": "0.3.9", - "bom-ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", - "author": "Justin Ridgewell", - "description": "Trace the original position through a source map", + "name": "v8-compile-cache-lib", + "version": "3.0.1", + "bom-ref": "v8-compile-cache-lib@3.0.1", + "author": "Andrew Bradley", + "description": "Require hook for automatic V8 compile cache persistence", "licenses": [ { "license": { @@ -165040,30 +164977,30 @@ } } ], - "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.9", + "purl": "pkg:npm/v8-compile-cache-lib@3.0.1", "externalReferences": [ { - "url": "git+https://github.com/jridgewell/trace-mapping.git", + "url": "git+https://github.com/cspotcode/v8-compile-cache-lib.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jridgewell/trace-mapping#readme", + "url": "https://github.com/cspotcode/v8-compile-cache-lib#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jridgewell/trace-mapping/issues", + "url": "https://github.com/cspotcode/v8-compile-cache-lib/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "url": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "dc17a5b7ab5d73c6cf800b5b72676d349962ad5a139846f97b6802f783e7930116f6323a0801d47a81bce6d8d63f95aabaa7dabe832d330886e0ff76e9928ab9" + "content": "c1aed88f25067cd667808fefb4ad141c037e9600c2c413c2ca55571a9d33bb9f45cf96a21ad3576aadc3848a2fd3adcca2b07e55fb9f2e1dc9945d8a7532b7c6" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -165072,16 +165009,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping" + "value": "node_modules/v8-compile-cache-lib" } ] }, { "type": "library", - "name": "color", - "version": "3.2.1", - "bom-ref": "colorspace@1.1.4|color@3.2.1", - "description": "Color conversion and manipulation with CSS string support", + "name": "yn", + "version": "3.1.1", + "bom-ref": "yn@3.1.1", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", "licenses": [ { "license": { @@ -165089,30 +165027,30 @@ } } ], - "purl": "pkg:npm/color@3.2.1", + "purl": "pkg:npm/yn@3.1.1", "externalReferences": [ { - "url": "git+https://github.com/Qix-/color.git", + "url": "git+https://github.com/sindresorhus/yn.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/Qix-/color#readme", + "url": "https://github.com/sindresorhus/yn#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Qix-/color/issues", + "url": "https://github.com/sindresorhus/yn/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", + "url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "68197b75923d10d37a7d4182ee65a93133cd1e659448d6a7f6db9637a6a187964b364f5b68b24e9d2325ad090772b7c5833dbf462823515023771dfa55c7a628" + "content": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -165121,48 +165059,35 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/colorspace/node_modules/color" + "value": "node_modules/yn" } ] }, { "type": "library", - "name": "color-convert", - "version": "1.9.3", - "bom-ref": "colorspace@1.1.4|color-convert@1.9.3", - "author": "Heather Arthur", - "description": "Plain color conversion functions", - "licenses": [ - { - "license": { - "id": "MIT" - } - } - ], - "purl": "pkg:npm/color-convert@1.9.3", + "name": "tsimportlib", + "version": "0.0.5", + "bom-ref": "tsimportlib@0.0.5", + "author": "Andrew Bradley", + "purl": "pkg:npm/tsimportlib@0.0.5", "externalReferences": [ { - "url": "git+https://github.com/Qix-/color-convert.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/Qix-/color-convert#readme", + "url": "https://github.com/cspotcode/tsimportlib", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/Qix-/color-convert/issues", + "url": "https://github.com/cspotcode/tsimportlib/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "url": "https://registry.npmjs.org/tsimportlib/-/tsimportlib-0.0.5.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + "content": "a9642ffc2dd80783f08fbed9d8794e45fcb912c58771262deba55094c334c5988a5f0b687b54b17e9ce61d7eb6b1d260cd4e9eb2b046b72448971e8ed8e14fad" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -165171,17 +165096,18 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/colorspace/node_modules/color-convert" + "value": "node_modules/tsimportlib" } ] }, { "type": "library", - "name": "color-name", - "version": "1.1.3", - "bom-ref": "colorspace@1.1.4|color-name@1.1.3", - "author": "DY", - "description": "A list of color names and its values", + "name": "colors", + "group": "@colors", + "version": "1.6.0", + "bom-ref": "@colors/colors@1.6.0", + "author": "DABH", + "description": "get colors in your node.js console", "licenses": [ { "license": { @@ -165189,30 +165115,30 @@ } } ], - "purl": "pkg:npm/color-name@1.1.3", + "purl": "pkg:npm/%40colors/colors@1.6.0", "externalReferences": [ { - "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "url": "git+ssh://git@github.com/DABH/colors.js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/dfcreative/color-name", + "url": "https://github.com/DABH/colors.js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/dfcreative/color-name/issues", + "url": "https://github.com/DABH/colors.js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "url": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + "content": "22bf803a26eaceb22c2fa6a3b77473dcbb2407b3a23151ea96d666b296d6fd326e4d5bb238c8ab56a0248df63a2484a22c783236a89c002f00c871c6ccd77f74" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -165221,48 +165147,49 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/colorspace/node_modules/color-name" + "value": "node_modules/@colors/colors" } ] }, { "type": "library", - "name": "sax", - "version": "1.3.0", - "bom-ref": "xlsx-populate@1.21.0|sax@1.3.0", - "author": "Isaac Z. Schlueter", - "description": "An evented streaming XML parser in JavaScript", + "name": "diagnostics", + "group": "@dabh", + "version": "2.0.3", + "bom-ref": "@dabh/diagnostics@2.0.3", + "author": "Arnout Kazemier", + "description": "Tools for debugging your node.js modules and event loop", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/sax@1.3.0", + "purl": "pkg:npm/%40dabh/diagnostics@2.0.3", "externalReferences": [ { - "url": "git://github.com/isaacs/sax-js.git", + "url": "git://github.com/3rd-Eden/diagnostics.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/sax-js#readme", + "url": "https://github.com/3rd-Eden/diagnostics", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/sax-js/issues", + "url": "https://github.com/3rd-Eden/diagnostics/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz", + "url": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "d2cfa8026c3dccb975575712f41b5937b240774716e5ed101f85b72d610ae9ae0b68b100d8e4e919858363ee976ac04bb73eb0926deed71470f79991b89e7d58" + "content": "86b9503888bb8407f3b0caa519217256e72bc77f0efa3eb088639ffff1f679cbc812a60de000c1492da22cc879505c83ba708d9e25083e4feadeb885bf8e7144" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -165271,16 +165198,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/xlsx-populate/node_modules/sax" + "value": "node_modules/@dabh/diagnostics" } ] }, { "type": "library", - "name": "readable-stream", - "version": "2.3.8", - "bom-ref": "jszip@3.10.1|readable-stream@2.3.8", - "description": "Streams3, a user-land copy of the stream library from Node.js", + "name": "colorspace", + "version": "1.1.4", + "bom-ref": "colorspace@1.1.4", + "author": "Arnout Kazemier", + "description": "Generate HEX colors for a given namespace.", "licenses": [ { "license": { @@ -165288,30 +165216,30 @@ } } ], - "purl": "pkg:npm/readable-stream@2.3.8", + "purl": "pkg:npm/colorspace@1.1.4", "externalReferences": [ { - "url": "git://github.com/nodejs/readable-stream.git", + "url": "git+https://github.com/3rd-Eden/colorspace.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodejs/readable-stream#readme", + "url": "https://github.com/3rd-Eden/colorspace", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodejs/readable-stream/issues", + "url": "https://github.com/3rd-Eden/colorspace/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "url": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + "content": "060bca262b95bb58a00541769048d10995e897ac228866d8e62a4bfe854fc26d012fdb08a4c23333c20aeefc2ec48233397315dc4cb9c3ebf1866d2b47f4cdf3" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -165320,66 +165248,168 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jszip/node_modules/readable-stream" - } - ] - }, - { - "type": "library", - "name": "safe-buffer", - "version": "5.1.2", - "bom-ref": "jszip@3.10.1|safe-buffer@5.1.2", - "author": "Feross Aboukhadijeh", - "description": "Safer Node.js Buffer API", - "licenses": [ - { - "license": { - "id": "MIT" - } + "value": "node_modules/colorspace" } ], - "purl": "pkg:npm/safe-buffer@5.1.2", - "externalReferences": [ - { - "url": "git://github.com/feross/safe-buffer.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, + "components": [ { - "url": "https://github.com/feross/safe-buffer", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" + "type": "library", + "name": "color", + "version": "3.2.1", + "bom-ref": "colorspace@1.1.4|color@3.2.1", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68197b75923d10d37a7d4182ee65a93133cd1e659448d6a7f6db9637a6a187964b364f5b68b24e9d2325ad090772b7c5833dbf462823515023771dfa55c7a628" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color" + } + ] }, { - "url": "https://github.com/feross/safe-buffer/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "colorspace@1.1.4|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-convert" + } + ] }, { - "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "type": "distribution", - "hashes": [ + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "colorspace@1.1.4|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ { - "alg": "SHA-512", - "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-name" } - ], - "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/jszip/node_modules/safe-buffer" + ] } ] }, { "type": "library", - "name": "string_decoder", - "version": "1.1.1", - "bom-ref": "jszip@3.10.1|string_decoder@1.1.1", - "description": "The string_decoder module from Node core", + "name": "text-hex", + "version": "1.0.0", + "bom-ref": "text-hex@1.0.0", + "author": "Arnout Kazemier", + "description": "Generate a hex color from the given text", "licenses": [ { "license": { @@ -165387,30 +165417,30 @@ } } ], - "purl": "pkg:npm/string_decoder@1.1.1", + "purl": "pkg:npm/text-hex@1.0.0", "externalReferences": [ { - "url": "git://github.com/nodejs/string_decoder.git", + "url": "git+https://github.com/3rd-Eden/text-hex.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/nodejs/string_decoder", + "url": "https://github.com/3rd-Eden/text-hex", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/nodejs/string_decoder/issues", + "url": "https://github.com/3rd-Eden/text-hex/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "url": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + "content": "bae546356ce0278ca145a3528ae6cf63b3a3212c38b30e04e54bf4c1b8e9f8ecdc6e6554febb13f2e8e07172619fdca9cec82be6f973a4fa8ff8c04129c1af6e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -165419,48 +165449,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/jszip/node_modules/string_decoder" + "value": "node_modules/text-hex" } ] }, { "type": "library", - "name": "entities", - "version": "2.2.0", - "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0", - "author": "Felix Boehm", - "description": "Encode & decode XML and HTML entities with ease", + "name": "enabled", + "version": "2.0.0", + "bom-ref": "enabled@2.0.0", + "author": "Arnout Kazemier", + "description": "Check if a certain debug flag is enabled.", "licenses": [ { "license": { - "id": "BSD-2-Clause" + "id": "MIT" } } ], - "purl": "pkg:npm/entities@2.2.0", + "purl": "pkg:npm/enabled@2.0.0", "externalReferences": [ { - "url": "git://github.com/fb55/entities.git", + "url": "git://github.com/3rd-Eden/enabled.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/fb55/entities#readme", + "url": "https://github.com/3rd-Eden/enabled#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/fb55/entities/issues", + "url": "https://github.com/3rd-Eden/enabled/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "url": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "a7dda27f9373eb5f48d30f9a909acb647d0c5f43dbe435f7f573b0413b5749d41039a607d374b5b88429e2684e66d017af1ab85623baed84e22c1a36eb7f28f4" + "content": "00aacdf7c92ec0eccc21d022cd7188f3a505068a36e822f6d5433beb7cb587f18c489e3f38753d936625b26069c92705a3fc1b2f35902413025b8f883b7ffe39" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -165469,48 +165499,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer/node_modules/entities" + "value": "node_modules/enabled" } ] }, { "type": "library", - "name": "semver", - "version": "6.3.1", - "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1", - "author": "GitHub Inc.", - "description": "The semantic version parser used by npm.", + "name": "kuler", + "version": "2.0.0", + "bom-ref": "kuler@2.0.0", + "author": "Arnout Kazemier", + "description": "Color your terminal using CSS/hex color codes", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/semver@6.3.1", + "purl": "pkg:npm/kuler@2.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/node-semver.git", + "url": "git+https://github.com/3rd-Eden/kuler.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/node-semver#readme", + "url": "https://github.com/3rd-Eden/kuler", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/node-semver/issues", + "url": "https://github.com/3rd-Eden/kuler/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "url": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + "content": "5eaf671fb2a559999702da1d5c30d113bbece8353581353ccd80c70e258b4a2a78e44830ab7a652c7ccf9f6ecd82fccbdabd4b30f0b5bddaa1f7cb10c6daa3e0" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -165519,17 +165549,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument/node_modules/semver" + "value": "node_modules/kuler" } ] }, { "type": "library", - "name": "path-key", - "version": "4.0.0", - "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0", - "author": "Sindre Sorhus", - "description": "Get the PATH environment variable key cross-platform", + "name": "logform", + "version": "2.6.0", + "bom-ref": "logform@2.6.0", + "author": "Charlie Robbins", + "description": "An mutable object-based log format designed for chaining & objectMode streams.", "licenses": [ { "license": { @@ -165537,30 +165567,30 @@ } } ], - "purl": "pkg:npm/path-key@4.0.0", + "purl": "pkg:npm/logform@2.6.0", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/path-key.git", + "url": "git+https://github.com/winstonjs/logform.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/path-key#readme", + "url": "https://github.com/winstonjs/logform#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/path-key/issues", + "url": "https://github.com/winstonjs/logform/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "url": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "85a444ca9abbc6433b12b7e0232034cfe063e0018a94c49d9501368ef268ea1b960f511d90a615f86fd3e27ab4604176be04d3f24a8c14aa35b879fde74af849" + "content": "d6e94778d3e9ea4fcb0fc1fdd68ed56050678398b504313b1e82b155b66218589d4b5463eb9a9ccb02f15fea557c03e840912345dbca72eb0ac0eba91c254e55" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -165569,102 +165599,67 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path/node_modules/path-key" + "value": "node_modules/logform" } ] }, { "type": "library", - "name": "isexe", - "version": "3.1.1", - "bom-ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1", - "author": "Isaac Z. Schlueter", - "description": "Minimal module to check if a file is executable.", + "name": "fecha", + "version": "4.2.3", + "bom-ref": "fecha@4.2.3", + "author": "Taylor Hakes", + "description": "Date formatting and parsing", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/isexe@3.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "purl": "pkg:npm/fecha@4.2.3", "externalReferences": [ { - "url": "git+https://github.com/isaacs/isexe.git", + "url": "git+https://taylorhakes@github.com/taylorhakes/fecha.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/isexe#readme", + "url": "https://github.com/taylorhakes/fecha", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/isexe/issues", + "url": "https://github.com/taylorhakes/fecha/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/which/node_modules/isexe" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "proc-log", - "version": "3.0.0", - "bom-ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", - "author": "GitHub Inc.", - "description": "just emit 'log' events on the process object", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/proc-log@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", - "externalReferences": [ - { - "url": "git+https://github.com/npm/proc-log.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/npm/proc-log#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/proc-log/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "url": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38fd88514e877982898b78b4cf8035f641cc4282d5b381dcf833eaab123687f0cf6474e6fef8ec7c2e8fd1be2308ccb5e178b32c1aaf9dd43e522943efbd3b27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/node-gyp/node_modules/proc-log" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/fecha" } ] }, { "type": "library", - "name": "ms", - "version": "2.1.2", - "bom-ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2", - "description": "Tiny millisecond conversion utility", + "name": "safe-stable-stringify", + "version": "2.4.3", + "bom-ref": "safe-stable-stringify@2.4.3", + "author": "Ruben Bridgewater", + "description": "Deterministic and safely JSON.stringify to quickly serialize JavaScript objects", "licenses": [ { "license": { @@ -165672,257 +165667,248 @@ } } ], - "purl": "pkg:npm/ms@2.1.2?vcs_url=git%2Bhttps%3A//github.com/zeit/ms.git", + "purl": "pkg:npm/safe-stable-stringify@2.4.3", "externalReferences": [ { - "url": "git+https://github.com/zeit/ms.git", + "url": "git+https://github.com/BridgeAR/safe-stable-stringify.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/zeit/ms#readme", + "url": "https://github.com/BridgeAR/safe-stable-stringify#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zeit/ms/issues", + "url": "https://github.com/BridgeAR/safe-stable-stringify/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/debug/node_modules/ms" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" - } - ] - }, - { - "type": "library", - "name": "minipass", - "version": "3.3.6", - "bom-ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", - "licenses": [ - { - "license": { - "id": "ISC" - } - } - ], - "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", - "externalReferences": [ - { - "url": "git+https://github.com/isaacs/minipass.git", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\"" - }, - { - "url": "https://github.com/isaacs/minipass#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" + "url": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b66c30365894f4c31b1e55de25b033f8fb738d5fa1e931741ad5984543b494f868ef3910a64a16c2325b6bb480df9188551eb39c3ed8fe2a198305d3dd643d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-flush/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/safe-stable-stringify" } ] }, { "type": "library", - "name": "minipass", - "version": "3.3.6", - "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", + "name": "triple-beam", + "version": "1.4.1", + "bom-ref": "triple-beam@1.4.1", + "author": "Charlie Robbins", + "description": "Definitions of levels for logging purposes & shareable Symbol constants.", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "purl": "pkg:npm/triple-beam@1.4.1", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass.git", + "url": "git+https://github.com/winstonjs/triple-beam.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minipass#readme", + "url": "https://github.com/winstonjs/triple-beam#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass/issues", + "url": "https://github.com/winstonjs/triple-beam/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6996e056266b83540d706f8b50b6bb9e16692536522e6fe65e71d79db01b8e63796926b4cbb57ec2fbfafb859a06da48489cd384acbe3c83f173536ad4427d9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/triple-beam" } ] }, { "type": "library", - "name": "fs-minipass", - "version": "2.1.0", - "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", - "author": "Isaac Z. Schlueter", - "description": "fs read and write streams based on minipass", + "name": "one-time", + "version": "1.0.0", + "bom-ref": "one-time@1.0.0", + "author": "Arnout Kazemier", + "description": "Run the supplied function exactly one time (once)", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/fs-minipass@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "purl": "pkg:npm/one-time@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/npm/fs-minipass.git", + "url": "git+https://github.com/3rd-Eden/one-time.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/npm/fs-minipass#readme", + "url": "https://github.com/3rd-Eden/one-time#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/npm/fs-minipass/issues", + "url": "https://github.com/3rd-Eden/one-time/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e435ce8912b0b9211c43f974906085e90de37000c5bf9b52991689724fceaa454570eceeb41d77e0a4527c5d310eb2f7f4c367ab16c705b51472364885381bda" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/one-time" } ] }, { "type": "library", - "name": "minipass", - "version": "5.0.0", - "bom-ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", + "name": "fn.name", + "version": "1.1.0", + "bom-ref": "fn.name@1.1.0", + "author": "Arnout Kazemier", + "description": "Extract names from functions", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minipass@5.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "purl": "pkg:npm/fn.name@1.1.0", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass.git", + "url": "git+https://github.com/3rd-Eden/fn.name.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minipass#readme", + "url": "https://github.com/3rd-Eden/fn.name", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass/issues", + "url": "https://github.com/3rd-Eden/fn.name/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1919e607980fc89a4085341d4994d2a7db9a3d2be5d3d2a861c310b6c07dad0a0e9b3b3d747e9f7de71c1fe67e72fe8febc1eee5b0ba263461e0087f98748d47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/tar/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/fn.name" } ] }, { "type": "library", - "name": "which", - "version": "2.0.2", - "bom-ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", - "author": "Isaac Z. Schlueter", - "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "name": "string_decoder", + "version": "1.3.0", + "bom-ref": "string_decoder@1.3.0", + "description": "The string_decoder module from Node core", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/which@2.0.2?vcs_url=git%3A//github.com/isaacs/node-which.git", + "purl": "pkg:npm/string_decoder@1.3.0", "externalReferences": [ { - "url": "git://github.com/isaacs/node-which.git", + "url": "git://github.com/nodejs/string_decoder.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/node-which#readme", + "url": "https://github.com/nodejs/string_decoder", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/node-which/issues", + "url": "https://github.com/nodejs/string_decoder/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/cross-spawn/node_modules/which" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/string_decoder" } ] }, { "type": "library", - "name": "string-width", - "version": "5.1.2", - "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", - "author": "Sindre Sorhus", - "description": "Get the visual width of a string - the number of columns required to display it", + "name": "stack-trace", + "version": "0.0.10", + "bom-ref": "stack-trace@0.0.10", + "author": "Felix Geisendörfer", + "description": "Get v8 stack traces as an array of CallSite objects.", "licenses": [ { "license": { @@ -165930,42 +165916,49 @@ } } ], - "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "purl": "pkg:npm/stack-trace@0.0.10", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/string-width.git", + "url": "git://github.com/felixge/node-stack-trace.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/string-width#readme", + "url": "https://github.com/felixge/node-stack-trace", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/string-width/issues", + "url": "https://github.com/felixge/node-stack-trace/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "286cda85cee9b942a4cf232df88a807a9f9354d6ca3fe9362e6c21b9bdfd9b502c4d291a0eeb71e7a6830a8f872c3cdffc3dba0481d32563624c6d4a0098900a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/stack-trace" } ] }, { "type": "library", - "name": "emoji-regex", - "version": "9.2.2", - "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", - "author": "Mathias Bynens", - "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "name": "winston-transport", + "version": "4.7.0", + "bom-ref": "winston-transport@4.7.0", + "author": "Charlie Robbins", + "description": "Base stream implementations for winston@3 and up.", "licenses": [ { "license": { @@ -165973,42 +165966,49 @@ } } ], - "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "purl": "pkg:npm/winston-transport@4.7.0", "externalReferences": [ { - "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "url": "git+ssh://git@github.com/winstonjs/winston-transport.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://mths.be/emoji-regex", + "url": "https://github.com/winstonjs/winston-transport#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "url": "https://github.com/winstonjs/winston-transport/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a3063eb92b923b75e9f37abd88616ebed9b34856a2c60c7a83c373b0f0e861faf756fabbf8319e9e883bc7a0a85f2456766aec8df1bc9789e0c327de9588e36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/winston-transport" } ] }, { "type": "library", - "name": "strip-ansi", - "version": "7.1.0", - "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", + "name": "xlsx-populate", + "version": "1.21.0", + "bom-ref": "xlsx-populate@1.21.0", + "author": "Dave T. Johnson", + "description": "Excel XLSX parser/generator written in JavaScript with Node.js and browser support, jQuery/d3-style method chaining, and a focus on keeping existing workbook features and styles in tact.", "licenses": [ { "license": { @@ -166016,214 +166016,448 @@ } } ], - "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "purl": "pkg:npm/xlsx-populate@1.21.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/strip-ansi.git", + "url": "git+https://github.com/dtjohnson/xlsx-populate.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/strip-ansi#readme", + "url": "https://github.com/dtjohnson/xlsx-populate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/strip-ansi/issues", + "url": "https://github.com/dtjohnson/xlsx-populate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xlsx-populate/-/xlsx-populate-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2fd869bc05e857a3a2d4eca4fcd364285d33e4618d522a4e55f20fd4b98667341dc9cd7aae77f3fdf4fc6bdb25de2b2b7eb0a9426ad9a2773ea340d89ed6147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi" - }, + "value": "node_modules/xlsx-populate" + } + ], + "components": [ { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "sax", + "version": "1.3.0", + "bom-ref": "xlsx-populate@1.21.0|sax@1.3.0", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2cfa8026c3dccb975575712f41b5937b240774716e5ed101f85b72d610ae9ae0b68b100d8e4e919858363ee976ac04bb73eb0926deed71470f79991b89e7d58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate/node_modules/sax" + } + ] } ] }, { "type": "library", - "name": "ansi-regex", - "version": "6.0.1", - "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", + "name": "cfb", + "version": "1.2.2", + "bom-ref": "cfb@1.2.2", + "author": "sheetjs", + "description": "Compound File Binary File Format extractor", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "purl": "pkg:npm/cfb@1.2.2", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-regex.git", + "url": "git://github.com/SheetJS/js-cfb.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/ansi-regex#readme", + "url": "http://sheetjs.com/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-regex/issues", + "url": "https://github.com/SheetJS/js-cfb/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cfb/-/cfb-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "29f75466c48ec35f7f39b1166acbc13ff01ce2b799bc019ab9986ce92fe0a8d857848edc2b0be51fbba58fe74e1189dc6b86e6e121a8f02d5b4c042f9d38e040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/cfb" } ] }, { "type": "library", - "name": "ansi-styles", - "version": "4.3.0", - "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", - "author": "Sindre Sorhus", - "description": "ANSI escape codes for styling strings in the terminal", + "name": "adler-32", + "version": "1.3.1", + "bom-ref": "adler-32@1.3.1", + "author": "sheetjs", + "description": "Pure-JS ADLER-32", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/ansi-styles@4.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "purl": "pkg:npm/adler-32@1.3.1", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-styles.git", + "url": "git://github.com/SheetJS/js-adler32.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/ansi-styles#readme", + "url": "http://sheetjs.com/opensource", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-styles/issues", + "url": "https://github.com/SheetJS/js-adler32/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/adler-32/-/adler-32-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca7678c3f9d452fe6baec47c5141a87b5542f61663e95e6153d430d4794c0c9184270e52ed37d312b5938cccace8ceefaf461670faacdea02be2cb349c37cff8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/adler-32" } ] }, { "type": "library", - "name": "string-width", - "version": "5.1.2", - "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", - "author": "Sindre Sorhus", - "description": "Get the visual width of a string - the number of columns required to display it", + "name": "crc-32", + "version": "1.2.2", + "bom-ref": "crc-32@1.2.2", + "author": "sheetjs", + "description": "Pure-JS CRC-32", "licenses": [ { "license": { - "id": "MIT" + "id": "Apache-2.0" } } ], - "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "purl": "pkg:npm/crc-32@1.2.2", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/string-width.git", + "url": "git://github.com/SheetJS/js-crc32.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/string-width#readme", + "url": "https://sheetjs.com/", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/string-width/issues", + "url": "https://github.com/SheetJS/js-crc32/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44e9b308aad39cec326cf709029000e960568a3db71d57c654d2aaaab669bb264e1ea2b60b01d2be91aecadfd434dbda22311df17e48146a78321f887b520725" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/string-width" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/crc-32" } ] }, { "type": "library", - "name": "emoji-regex", - "version": "9.2.2", - "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", - "author": "Mathias Bynens", - "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "name": "jszip", + "version": "3.10.1", + "bom-ref": "jszip@3.10.1", + "author": "Stuart Knightley", + "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip", "licenses": [ { - "license": { - "id": "MIT" - } + "expression": "(MIT OR GPL-3.0-or-later)" } ], - "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "purl": "pkg:npm/jszip@3.10.1", "externalReferences": [ { - "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "url": "git+https://github.com/Stuk/jszip.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://mths.be/emoji-regex", + "url": "https://github.com/Stuk/jszip#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "url": "https://github.com/Stuk/jszip/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c570ef79cc93a462eba85aef92b512a31c5f248e401fb53ccf1c6d55c969b14b4c0aae09436f742d8f005b973b1a09ebfd8fe82be6d031ba8adaa9ad937a4de2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex" + "value": "node_modules/jszip" + } + ], + "components": [ + { + "type": "library", + "name": "readable-stream", + "version": "2.3.8", + "bom-ref": "jszip@3.10.1|readable-stream@2.3.8", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/readable-stream" + } + ] }, { - "name": "cdx:npm:package:bundled", - "value": "true" + "type": "library", + "name": "safe-buffer", + "version": "5.1.2", + "bom-ref": "jszip@3.10.1|safe-buffer@5.1.2", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.1.1", + "bom-ref": "jszip@3.10.1|string_decoder@1.1.1", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/string_decoder" + } + ] } ] }, { "type": "library", - "name": "strip-ansi", - "version": "7.1.0", - "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", - "author": "Sindre Sorhus", - "description": "Strip ANSI escape codes from a string", + "name": "lie", + "version": "3.3.0", + "bom-ref": "lie@3.3.0", + "description": "A basic but performant promise implementation", "licenses": [ { "license": { @@ -166231,42 +166465,48 @@ } } ], - "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "purl": "pkg:npm/lie@3.3.0", "externalReferences": [ { - "url": "git+https://github.com/chalk/strip-ansi.git", + "url": "git+https://github.com/calvinmetcalf/lie.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/strip-ansi#readme", + "url": "https://github.com/calvinmetcalf/lie#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/strip-ansi/issues", + "url": "https://github.com/calvinmetcalf/lie/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/lie" } ] }, { "type": "library", - "name": "ansi-regex", - "version": "6.0.1", - "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1", - "author": "Sindre Sorhus", - "description": "Regular expression for matching ANSI escape codes", + "name": "immediate", + "version": "3.0.6", + "bom-ref": "immediate@3.0.6", + "description": "A cross browser microtask library", "licenses": [ { "license": { @@ -166274,85 +166514,96 @@ } } ], - "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "purl": "pkg:npm/immediate@3.0.6", "externalReferences": [ { - "url": "git+https://github.com/chalk/ansi-regex.git", + "url": "git://github.com/calvinmetcalf/immediate.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/chalk/ansi-regex#readme", + "url": "https://github.com/calvinmetcalf/immediate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/chalk/ansi-regex/issues", + "url": "https://github.com/calvinmetcalf/immediate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d7385b72a838cd0c043155f631b85ee0f4897f21b5a69a5420d8c60a387f04c484f5aa0eb1738cf24b71da10401382cd5bb5fcf1ab5e5c894898ee08d25d119" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/immediate" } ] }, { "type": "library", - "name": "spdx-expression-parse", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", - "author": "Kyle E. Mitchell", - "description": "parse SPDX license expressions", + "name": "pako", + "version": "1.0.11", + "bom-ref": "pako@1.0.11", + "description": "zlib port to javascript - fast, modularized, with browser support", "licenses": [ { - "license": { - "id": "MIT" - } + "expression": "(MIT AND Zlib)" } ], - "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "purl": "pkg:npm/pako@1.0.11", "externalReferences": [ { - "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "url": "git+https://github.com/nodeca/pako.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "url": "https://github.com/nodeca/pako", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "url": "https://github.com/nodeca/pako/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/pako" } ] }, { "type": "library", - "name": "spdx-expression-parse", - "version": "3.0.1", - "bom-ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", - "author": "Kyle E. Mitchell", - "description": "parse SPDX license expressions", + "name": "core-util-is", + "version": "1.0.3", + "bom-ref": "core-util-is@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "The `util.is*` functions introduced in Node v0.12.", "licenses": [ { "license": { @@ -166360,202 +166611,229 @@ } } ], - "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "purl": "pkg:npm/core-util-is@1.0.3", "externalReferences": [ { - "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "url": "git://github.com/isaacs/core-util-is.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "url": "https://github.com/isaacs/core-util-is#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "url": "https://github.com/isaacs/core-util-is/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/core-util-is" } ] }, { "type": "library", - "name": "minipass", - "version": "3.3.6", - "bom-ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", + "name": "isarray", + "version": "1.0.0", + "bom-ref": "isarray@1.0.0", + "author": "Julian Gruber", + "description": "Array#isArray for older browsers", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "purl": "pkg:npm/isarray@1.0.0", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass.git", + "url": "git://github.com/juliangruber/isarray.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minipass#readme", + "url": "https://github.com/juliangruber/isarray", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass/issues", + "url": "https://github.com/juliangruber/isarray/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-sized/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/isarray" } ] }, { "type": "library", - "name": "minipass", - "version": "3.3.6", - "bom-ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", + "name": "process-nextick-args", + "version": "2.0.1", + "bom-ref": "process-nextick-args@2.0.1", + "description": "process.nextTick but always with args", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "purl": "pkg:npm/process-nextick-args@2.0.1", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass.git", + "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minipass#readme", + "url": "https://github.com/calvinmetcalf/process-nextick-args", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass/issues", + "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minizlib/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/process-nextick-args" } ] }, { "type": "library", - "name": "minipass", - "version": "3.3.6", - "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", + "name": "setimmediate", + "version": "1.0.5", + "bom-ref": "setimmediate@1.0.5", + "author": "YuzuJS", + "description": "A shim for the setImmediate efficient script yielding API", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "purl": "pkg:npm/setimmediate@1.0.5", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass.git", + "url": "git+https://github.com/YuzuJS/setImmediate.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minipass#readme", + "url": "https://github.com/YuzuJS/setImmediate#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass/issues", + "url": "https://github.com/YuzuJS/setImmediate/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3004c9759a7cb0ba8397febc2df4266cff3328f2d0355e81219a0882bb1c14343e46cbcafc1c5e0d03a0cb128aa21d32ffc87706a5459c2a90fe077eade8885c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/minipass-json-stream/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/setimmediate" } ] }, { "type": "library", - "name": "parse-json", - "version": "4.0.0", - "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", - "author": "Sindre Sorhus", - "description": "Parse JSON with more helpful errors", + "name": "sax", + "version": "1.2.1", + "bom-ref": "sax@1.2.1", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", "licenses": [ { "license": { - "id": "MIT" + "id": "ISC" } } ], - "purl": "pkg:npm/parse-json@4.0.0", + "purl": "pkg:npm/sax@1.2.1", "externalReferences": [ { - "url": "git+https://github.com/sindresorhus/parse-json.git", + "url": "git://github.com/isaacs/sax-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/sindresorhus/parse-json#readme", + "url": "https://github.com/isaacs/sax-js#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/sindresorhus/parse-json/issues", + "url": "https://github.com/isaacs/sax-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", + "url": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", "type": "distribution", "hashes": [ { - "alg": "SHA-1", - "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" + "alg": "SHA-512", + "content": "f08d9adcba2f1d33a99bb355e723b23bc207aa056c7cae3e52ec92ad753c617912457ee4ea1095f5bdc7ae4282af79cca608fed1b9a871a2495a9be9d6873b64" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -166564,17 +166842,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call/node_modules/parse-json" + "value": "node_modules/sax" } ] }, { "type": "library", - "name": "ignore", - "version": "4.0.6", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", - "author": "kael", - "description": "Ignore is a manager and filter for .gitignore rules.", + "name": "xmlbuilder", + "version": "11.0.1", + "bom-ref": "xmlbuilder@11.0.1", + "author": "Ozgur Ozcitak", + "description": "An XML builder for node.js", "licenses": [ { "license": { @@ -166582,30 +166860,30 @@ } } ], - "purl": "pkg:npm/ignore@4.0.6", + "purl": "pkg:npm/xmlbuilder@11.0.1", "externalReferences": [ { - "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "url": "git://github.com/oozcitak/xmlbuilder-js.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kaelzhang/node-ignore#readme", + "url": "http://github.com/oozcitak/xmlbuilder-js", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kaelzhang/node-ignore/issues", + "url": "http://github.com/oozcitak/xmlbuilder-js/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "url": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + "content": "7c396c23f905131ee02ef6de71cd3fa212c6e747ee810a7caf21f3313b96f6f49ad462745d858a9e1b14c7ba227b71bdf3eaf9e9a4d0214078921b78d91dc9bc" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -166614,21 +166892,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint/node_modules/ignore" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/xmlbuilder" } ] }, { "type": "library", - "name": "ignore", - "version": "4.0.6", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", - "author": "kael", - "description": "Ignore is a manager and filter for .gitignore rules.", + "name": "zip-lib", + "version": "1.0.4", + "bom-ref": "zip-lib@1.0.4", + "author": "fpsqdb", + "description": "zip and unzip library for node", "licenses": [ { "license": { @@ -166636,30 +166910,30 @@ } } ], - "purl": "pkg:npm/ignore@4.0.6", + "purl": "pkg:npm/zip-lib@1.0.4", "externalReferences": [ { - "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "url": "git+https://github.com/fpsqdb/zip-lib.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/kaelzhang/node-ignore#readme", + "url": "https://github.com/fpsqdb/zip-lib#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/kaelzhang/node-ignore/issues", + "url": "https://github.com/fpsqdb/zip-lib/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "url": "https://registry.npmjs.org/zip-lib/-/zip-lib-1.0.4.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + "content": "b5cc0c2d4b13fddc60110330c685add0148fdd054af6f57faf0ece46452f1ba4045bc1a06550d3873844f050de44e0f4beb306f500c52eb789f5e4ce61ce7a4f" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -166668,52 +166942,48 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc/node_modules/ignore" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/zip-lib" } ] }, { "type": "library", - "name": "eslint-visitor-keys", - "version": "1.3.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", + "name": "yauzl", + "version": "3.1.3", + "bom-ref": "yauzl@3.1.3", + "author": "Josh Wolfe", + "description": "yet another unzip library for node", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" } } ], - "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "purl": "pkg:npm/yauzl@3.1.3", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "url": "git+https://github.com/thejoshwolfe/yauzl.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "url": "https://github.com/thejoshwolfe/yauzl", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "url": "https://github.com/thejoshwolfe/yauzl/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "url": "https://registry.npmjs.org/yauzl/-/yauzl-3.1.3.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + "content": "24209d9a52495afecbd2afcaca539e93245a52b744a14c5691655c828ae8b1344e0855a24bda7634d3c4f586fdd5a93b6f53794b1019125896a6ca5b65c722bf" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -166722,52 +166992,54 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree/node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/yauzl" } ] }, { "type": "library", - "name": "eslint-visitor-keys", - "version": "1.3.0", - "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0", - "author": "Toru Nagashima", - "description": "Constants and utilities about visitor keys to traverse AST.", + "name": "buffer-crc32", + "version": "0.2.13", + "bom-ref": "buffer-crc32@0.2.13", + "author": "Brian J. Brennan", + "description": "A pure javascript CRC32 algorithm that plays nice with binary data", "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE" } } ], - "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "purl": "pkg:npm/buffer-crc32@0.2.13", "externalReferences": [ { - "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "url": "git://github.com/brianloveswords/buffer-crc32.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "url": "https://github.com/brianloveswords/buffer-crc32", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "url": "https://github.com/brianloveswords/buffer-crc32/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "url": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + "content": "54ef47b7ffa9dd237b48a5aa72b804ce319b4522584f1f90d694d00b4c2b5aa1f1d2fa49ada43a1ad1f1f2dbdc835ae52b56f2854e6071cc603a08fb0744c391" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -166776,20 +167048,17 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils/node_modules/eslint-visitor-keys" - }, - { - "name": "cdx:npm:package:development", - "value": "true" + "value": "node_modules/buffer-crc32" } ] }, { "type": "library", - "name": "ms", - "version": "2.0.0", - "bom-ref": "send@0.18.0|debug@2.6.9|ms@2.0.0", - "description": "Tiny milisecond conversion utility", + "name": "pend", + "version": "1.2.0", + "bom-ref": "pend@1.2.0", + "author": "Andrew Kelley", + "description": "dead-simple optimistic async helper", "licenses": [ { "license": { @@ -166797,30 +167066,30 @@ } } ], - "purl": "pkg:npm/ms@2.0.0", + "purl": "pkg:npm/pend@1.2.0", "externalReferences": [ { - "url": "git+https://github.com/zeit/ms.git", + "url": "git://github.com/andrewrk/node-pend.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/zeit/ms#readme", + "url": "https://github.com/andrewrk/node-pend#readme", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/zeit/ms/issues", + "url": "https://github.com/andrewrk/node-pend/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" }, { - "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "url": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", "type": "distribution", "hashes": [ { "alg": "SHA-512", - "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + "content": "1776acbf8d94b97721773b7ec57a9f5b538695505efa6c5ada6a88d29839c801d93ef16663763a76b49ffc643503ce9681610df4ace1fd6ae029aea219c1d72e" } ], "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" @@ -166829,50 +167098,57 @@ "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/send/node_modules/debug/node_modules/ms" + "value": "node_modules/pend" } ] }, { "type": "library", - "name": "minipass", - "version": "3.3.6", - "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", - "author": "Isaac Z. Schlueter", - "description": "minimal implementation of a PassThrough stream", + "name": "yazl", + "version": "2.5.1", + "bom-ref": "yazl@2.5.1", + "author": "Josh Wolfe", + "description": "yet another zip library for node", "licenses": [ { "license": { - "id": "ISC" + "id": "MIT" } } ], - "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "purl": "pkg:npm/yazl@2.5.1", "externalReferences": [ { - "url": "git+https://github.com/isaacs/minipass.git", + "url": "git+https://github.com/thejoshwolfe/yazl.git", "type": "vcs", "comment": "as detected from PackageJson property \"repository.url\"" }, { - "url": "https://github.com/isaacs/minipass#readme", + "url": "https://github.com/thejoshwolfe/yazl", "type": "website", "comment": "as detected from PackageJson property \"homepage\"" }, { - "url": "https://github.com/isaacs/minipass/issues", + "url": "https://github.com/thejoshwolfe/yazl/issues", "type": "issue-tracker", "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yazl/-/yazl-2.5.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6110d8b63cb8879c76fa401568b7e7499da019d31a2c8fba777d697ece7223043967308d8fb19089677d3a04f4c539a1dfe6a743108f31e6a16b48e04de6faf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" } ], "properties": [ { "name": "cdx:npm:package:path", - "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass/node_modules/minipass" - }, - { - "name": "cdx:npm:package:bundled", - "value": "true" + "value": "node_modules/yazl" } ] } diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json index fbf6bd8b6a..097e0f174f 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json @@ -214,12 +214,6 @@ { "ref": "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar" } - ], - "affectedComponents": [ - { - "bom-ref": "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar", - "name": "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar" - } ] } ] diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 4779260f0b..16294d013c 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -4,9 +4,35 @@ import {version as HeimdallToolsVersion} from '../package.json'; import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; import {getCCIsForNISTTags} from './utils/global'; -import {RatingRepository} from '@cyclonedx/cyclonedx-library/dist.d/models/vulnerability'; +import { + RatingRepository, + VulnerabilityRepository +} from '@cyclonedx/cyclonedx-library/dist.d/models/vulnerability'; import {CweRepository} from '@cyclonedx/cyclonedx-library/dist.d/types'; import {Severity} from '@cyclonedx/cyclonedx-library/dist.d/enums/vulnerability'; +import { + Component, + ComponentRepository, + OptionalBomProperties +} from '@cyclonedx/cyclonedx-library/dist.d/models'; + +type IntermediaryComponent = { + components?: IntermediaryComponent[]; + affectingVulnerabilities?: string[]; + [key: string]: unknown; +}; + +type IntermediaryVulnerability = { + affectedComponents?: IntermediaryComponent[]; + affects?: Record[]; + [key: string]: unknown; +}; + +type DataStorage = { + components?: IntermediaryComponent[]; + vulnerabilities?: IntermediaryVulnerability[]; + raw: OptionalBomProperties; +}; const CWE_NIST_MAPPING = new CweNistMapping(); const DEFAULT_NIST_TAG = ['SI-2', 'RA-5']; @@ -20,10 +46,12 @@ const IMPACT_MAPPING: Map = new Map([ ['unknown', 0.0] ]); +// Convert object type to string[] and prepend `CWE` if used directly for tag display function formatCWETags(input: CweRepository, addPrefix = true): string[] { return [...input].map((cwe) => (addPrefix ? `CWE-${cwe}` : `${cwe}`)); } +// Convert gathered CWEs to corresponding NIST 800-53s function getNISTTags(input: CweRepository): string[] { return CWE_NIST_MAPPING.nistFilter( formatCWETags(input, false), @@ -51,20 +79,23 @@ function aggregateImpact(ratings: RatingRepository): number { } export class CycloneDXSBOMResults { - data: Record; + data: DataStorage; withRaw: boolean; constructor(sbomJson: string, withRaw = false) { - this.data = JSON.parse(sbomJson); + this.data = { + raw: JSON.parse(sbomJson) + }; this.withRaw = withRaw; - if (_.has(this.data, 'components')) { - // In-place manipulations on ingested SBOM data + if (this.data.raw.components) { + // We know this is SBOM data this.flattenComponents(this.data); - if (_.has(this.data, 'vulnerabilities')) { + if (this.data.raw.vulnerabilities) { + // If this SBOM data has a vulnerabilities field, we can create an intermediary object this.generateIntermediary(this.data); } - } else if (_.has(this.data, 'vulnerabilities')) { - // Back up operations in case we ingest VEX data instead + } else if (this.data.raw.vulnerabilities) { + // Back up in case we ingest VEX data instead this.formatVEX(this.data); } else { throw new Error( @@ -74,17 +105,19 @@ export class CycloneDXSBOMResults { } // Flatten any arbitrarily nested components list - flattenComponents(data: Record) { + flattenComponents(data: DataStorage) { + // Pull components from raw data + data.components = [ + ...(_.cloneDeep(data.raw.components) as ComponentRepository) + ].map((element) => element as {}); + // Look through every component at the top level of the list - for (const component of data.components as Record[]) { + for (const component of data.components) { // Identify if subcomponents exist - if (_.has(component, 'components')) { + if (component.components) { // If so, pull out the subcomponents and push them to end of top level component list for further flattening - for (const subcomponent of component.components as Record< - string, - unknown - >[]) { - (data.components as Record[]).push(subcomponent); + for (const subcomponent of component.components) { + data.components.push(subcomponent); } delete component.components; } @@ -93,15 +126,22 @@ export class CycloneDXSBOMResults { /* Copy all components that are affected by a vulnerability and place them under that corresponding vulnerability - In-place operation on `vulnerabilities` structure but will not affect `components` structure + Also note in each component the IDs of the vulnerabilities that affect them + This allows for bidirectional traversal in SBOM view Should result in the following general structure: { components: [...], vulnerabilities: [ vulnerability: { - affectedComponents: [ - component: {...}, + affectedComponents: [ // Added field + component: { + affectingVulnerabilities: [ // Added field + vulnID, + ... + ], + ... + }, ... ], ... @@ -111,46 +151,48 @@ export class CycloneDXSBOMResults { ... } */ - generateIntermediary(data: Record) { - for (const vulnerability of data.vulnerabilities as (Record< - string, - unknown - > & {affects: Record[]})[]) { - vulnerability.affectedComponents = []; - for (const id of vulnerability.affects) { - for (const component of data.components as Record[]) { - // Find every component that is affected via listed bom-refs - if (component['bom-ref'] === id.ref) { - // Add that affected component to the corresponding vulnerability object - // Selectively pick out fields to display; full components are listed in full component structure - ( - vulnerability.affectedComponents as Record[] - ).push( - _.pick(component, [ - 'type', - 'mime-type', - 'bom-ref', - 'supplier', - 'manufacturer', - 'authors', // Replaces `author` in v1.6 - 'author', // Deprecated in v1.6 - 'publisher', - 'group', - 'name', - 'version', - 'description', - 'licenses', - 'copyright' - ]) - ); + generateIntermediary(data: DataStorage) { + // Pull vulnerabilities from raw data + data.vulnerabilities = [ + ...(_.cloneDeep(data.raw.vulnerabilities) as VulnerabilityRepository) + ].map((element) => element as {}); - if (!component.affectingVulnerabilities) { - component.affectingVulnerabilities = []; + for (const vulnerability of data.vulnerabilities) { + if (vulnerability.affects) { + vulnerability.affectedComponents = []; + for (const id of vulnerability.affects) { + for (const component of data.components as IntermediaryComponent[]) { + // Find every component that is affected via listed bom-refs + if (component['bom-ref'] === id.ref) { + // Add that affected component to the corresponding vulnerability object + // Selectively pick out fields to display; full components are listed in full component structure + vulnerability.affectedComponents.push( + _.pick(component, [ + 'type', + 'mime-type', + 'bom-ref', + 'supplier', + 'manufacturer', + 'authors', // Replaces `author` in v1.6 + 'author', // Deprecated in v1.6 + 'publisher', + 'group', + 'name', + 'version', + 'description', + 'licenses', + 'copyright' + ]) + ); + + if (!component.affectingVulnerabilities) { + component.affectingVulnerabilities = []; + } + // Also record the ID of the vulnerability in the component for use in bidirectional traversal + component.affectingVulnerabilities.push( + vulnerability['bom-ref'] as string + ); } - // Also record the ID of the vulnerability in the component for use in bidirectional traversal - (component.affectingVulnerabilities as string[]).push( - vulnerability['bom-ref'] as string - ); } } } @@ -159,19 +201,23 @@ export class CycloneDXSBOMResults { // VEX by default has no component info, resulting in profile errors when parsing the vulnerabilities for OHDF // Fix that by adding a temporary result that refers the vulnerability back to its associated BOM - formatVEX(data: Record) { - for (const vulnerability of data.vulnerabilities as (Record< - string, - unknown - > & {affects: Record[]})[]) { - vulnerability.affectedComponents = []; - for (const id of vulnerability.affects) { - // Build a dummy component for each bom-ref identified as being affected by the vulnerability - // Add that component to the corresponding vulnerability object - (vulnerability.affectedComponents as Record[]).push({ - 'bom-ref': `${id.ref}`, - name: `${id.ref}` - }); + formatVEX(data: DataStorage) { + // Pull vulnerabilities from raw data + data.vulnerabilities = [ + ...(_.cloneDeep(data.raw.vulnerabilities) as VulnerabilityRepository) + ].map((element) => element as {}); + + for (const vulnerability of data.vulnerabilities) { + if (vulnerability.affects) { + vulnerability.affectedComponents = []; + for (const id of vulnerability.affects) { + // Build a dummy component for each bom-ref identified as being affected by the vulnerability + // Add that component to the corresponding vulnerability object + vulnerability.affectedComponents.push({ + 'bom-ref': `${id.ref}`, + name: `${id.ref}` + }); + } } } } @@ -197,15 +243,15 @@ export class CycloneDXSBOMMapper extends BaseConverter { profiles: [ { name: { - path: 'metadata.component', + path: 'raw.metadata.component', transformer: (input: Record): string => input['bom-ref'] ? `CycloneDX BOM Report: ${input.type}/${input['bom-ref']}` : 'CycloneDX BOM Report' }, title: { - path: 'metadata.component', - transformer: (input: Record): string => { + path: 'raw.metadata.component', + transformer: (input: Component): string => { if (input.name) { const group = input.group ? `${input.group}/` : ''; return `${group}${input.name} CycloneDX BOM Report`; @@ -215,12 +261,12 @@ export class CycloneDXSBOMMapper extends BaseConverter { } }, version: { - path: 'metadata.component.version', - transformer: (input: Record): string | undefined => + path: 'raw.metadata.component.version', + transformer: (input: string): string | undefined => input ? `${input}` : undefined }, maintainer: { - path: 'metadata.component', + path: 'raw.metadata.component', transformer: (input: Record): string | undefined => { // Check through every single possible field which may hold ownership over this component if (input.author) { @@ -242,18 +288,18 @@ export class CycloneDXSBOMMapper extends BaseConverter { } }, summary: { - path: 'metadata.component', - transformer: (input: Record): string | undefined => + path: 'raw.metadata.component', + transformer: (input: Component): string | undefined => input.description ? `${input.description}` : undefined }, copyright: { - path: 'metadata.component', - transformer: (input: Record): string | undefined => + path: 'raw.metadata.component', + transformer: (input: Component): string | undefined => input.copyright ? `${input.copyright}` : undefined }, license: { - path: 'metadata.component', - transformer: (input: Record): string | undefined => { + path: 'raw.metadata.component', + transformer: (input: Component): string | undefined => { let message = ''; if (Array.isArray(input.licenses)) { // Join together all applicable licenses for this component @@ -461,15 +507,15 @@ export class CycloneDXSBOMMapper extends BaseConverter { { name: 'SBOM', components: _.get(input, 'components'), - dependencies: _.get(input, 'dependencies'), - data: _.omit(input, [ + dependencies: _.get(input, 'raw.dependencies'), + data: _.omit(input.raw, [ 'components', 'vulnerabilities', 'dependencies' ]) } ], - ...(this.withRaw && {raw: input}) + ...(this.withRaw && {raw: input.raw}) }; } } From 7fd52f74729f9e5d104565544f1f1608926deba4 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 8 Aug 2024 12:08:18 -0400 Subject: [PATCH 36/61] Linting Signed-off-by: Charles Hu --- .../forward/cyclonedx_sbom_mapper.spec.ts | 36 ++++++++++++------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts index 7bdde39248..b6e1d347c2 100644 --- a/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts @@ -19,9 +19,12 @@ describe('sbom_mapper_saf', () => { expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( JSON.parse( - fs.readFileSync('sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json', { - encoding: 'utf-8' - }) + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json', + { + encoding: 'utf-8' + } + ) ) ) ); @@ -230,9 +233,12 @@ describe('sbom_mapper_dropwizard_vex', () => { describe('sbom_mapper_vex', () => { it('Successfully converts SBOM data', () => { const mapper = new CycloneDXSBOMResults( - fs.readFileSync('sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json', { - encoding: 'utf-8' - }) + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json', + { + encoding: 'utf-8' + } + ) ); // fs.writeFileSync( @@ -243,9 +249,12 @@ describe('sbom_mapper_vex', () => { expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( JSON.parse( - fs.readFileSync('sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json', { - encoding: 'utf-8' - }) + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json', + { + encoding: 'utf-8' + } + ) ) ) ); @@ -253,9 +262,12 @@ describe('sbom_mapper_vex', () => { it('Successfully converts withraw flagged SBOM data', () => { const mapper = new CycloneDXSBOMResults( - fs.readFileSync('sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json', { - encoding: 'utf-8' - }), + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json', + { + encoding: 'utf-8' + } + ), true ); From 02912ccdc10867e16eb3ffc3736bdaf01a36b511 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 8 Aug 2024 12:20:29 -0400 Subject: [PATCH 37/61] Linting Signed-off-by: Charles Hu --- .../src/cyclonedx-sbom-mapper.ts | 82 +++++++++---------- 1 file changed, 39 insertions(+), 43 deletions(-) diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 16294d013c..76c0fd8ed2 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -158,41 +158,39 @@ export class CycloneDXSBOMResults { ].map((element) => element as {}); for (const vulnerability of data.vulnerabilities) { - if (vulnerability.affects) { - vulnerability.affectedComponents = []; - for (const id of vulnerability.affects) { - for (const component of data.components as IntermediaryComponent[]) { - // Find every component that is affected via listed bom-refs - if (component['bom-ref'] === id.ref) { - // Add that affected component to the corresponding vulnerability object - // Selectively pick out fields to display; full components are listed in full component structure - vulnerability.affectedComponents.push( - _.pick(component, [ - 'type', - 'mime-type', - 'bom-ref', - 'supplier', - 'manufacturer', - 'authors', // Replaces `author` in v1.6 - 'author', // Deprecated in v1.6 - 'publisher', - 'group', - 'name', - 'version', - 'description', - 'licenses', - 'copyright' - ]) - ); + vulnerability.affectedComponents = []; + for (const id of vulnerability.affects!) { + for (const component of data.components as IntermediaryComponent[]) { + // Find every component that is affected via listed bom-refs + if (component['bom-ref'] === id.ref) { + // Add that affected component to the corresponding vulnerability object + // Selectively pick out fields to display; full components are listed in full component structure + vulnerability.affectedComponents.push( + _.pick(component, [ + 'type', + 'mime-type', + 'bom-ref', + 'supplier', + 'manufacturer', + 'authors', // Replaces `author` in v1.6 + 'author', // Deprecated in v1.6 + 'publisher', + 'group', + 'name', + 'version', + 'description', + 'licenses', + 'copyright' + ]) + ); - if (!component.affectingVulnerabilities) { - component.affectingVulnerabilities = []; - } - // Also record the ID of the vulnerability in the component for use in bidirectional traversal - component.affectingVulnerabilities.push( - vulnerability['bom-ref'] as string - ); + if (!component.affectingVulnerabilities) { + component.affectingVulnerabilities = []; } + // Also record the ID of the vulnerability in the component for use in bidirectional traversal + component.affectingVulnerabilities.push( + vulnerability['bom-ref'] as string + ); } } } @@ -208,16 +206,14 @@ export class CycloneDXSBOMResults { ].map((element) => element as {}); for (const vulnerability of data.vulnerabilities) { - if (vulnerability.affects) { - vulnerability.affectedComponents = []; - for (const id of vulnerability.affects) { - // Build a dummy component for each bom-ref identified as being affected by the vulnerability - // Add that component to the corresponding vulnerability object - vulnerability.affectedComponents.push({ - 'bom-ref': `${id.ref}`, - name: `${id.ref}` - }); - } + vulnerability.affectedComponents = []; + for (const id of vulnerability.affects!) { + // Build a dummy component for each bom-ref identified as being affected by the vulnerability + // Add that component to the corresponding vulnerability object + vulnerability.affectedComponents.push({ + 'bom-ref': `${id.ref}`, + name: `${id.ref}` + }); } } } From 603d6cbe31ddf2813d5fb99b4cd26ae58c132174 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 8 Aug 2024 12:24:16 -0400 Subject: [PATCH 38/61] Linting Signed-off-by: Charles Hu --- libs/hdf-converters/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libs/hdf-converters/README.md b/libs/hdf-converters/README.md index 52fc2eb933..b6f6e63e62 100644 --- a/libs/hdf-converters/README.md +++ b/libs/hdf-converters/README.md @@ -5,6 +5,7 @@ OHDF Converters supplies several methods to convert various types of security tool data to and from the OHDF standard. OHDF Converters can be used in a variety of tools, and is currently well integrated with Heimdall itself, and the [SAF CLI](https://github.com/mitre/saf). ## Supported Formats + 1. [**asff-mapper**] - AWS Security Finding Format JSON file, Prowler-derived AWS Security Finding Format results from concatenated JSON blobs, and Trivy-derived AWS Security Finding Format results from concatenated JSON blobs 2. [**aws-config-mapper**] - AWS Config 3. [**burpsuite-mapper**] - BurpSuite Pro XML file @@ -14,7 +15,7 @@ OHDF Converters supplies several methods to convert various types of security to 7. [**cyclonedx-sbom-mapper**] - CycloneDX SBOM JSON file 8. [**dbprotect-mapper**] - DBProtect report in "Check Results Details" XML format 9. [**fortify-mapper**] - Fortify results FVDL file -10. [**gosec-mapper**] - gosec results JSON file +10. [**gosec-mapper**] - gosec results JSON file 11. [**ionchannel-mapper**] - SBOM data from Ion Channel 12. [**jfrog-xray-mapper**] - JFrog Xray results JSON file 13. [**msft-secure-mapper**] - Microsoft Secure Score results file @@ -22,12 +23,12 @@ OHDF Converters supplies several methods to convert various types of security to 15. [**netsparker-mapper**] - Netsparker XML results file 16. [**nikto-mapper**] - Nikto results JSON file 17. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file -18. [**sarif-mapper**] - SARIF JSON file +18. [**sarif-mapper**] - SARIF JSON file 19. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object 20. [**snyk-mapper**] - Snyk results JSON file 21. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API 22. [**splunk-mapper**] - Splunk instance -23. [**trufflehog-mapper**] - Trufflehog results json file +23. [**trufflehog-mapper**] - Trufflehog results json file 24. [**twistlock-mapper**] - Twistlock CLI output file 25. [**veracode-mapper**] - Veracode Scan Results XML file 26. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report @@ -49,4 +50,4 @@ This software was produced for the U. S. Government under Contract Number HHSM-5 No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation. -For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000. +For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000. From 17b3426ade4984c1e6d819924907d0088ca910ca Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 8 Aug 2024 12:37:01 -0400 Subject: [PATCH 39/61] Linting Signed-off-by: Charles Hu --- .../sample_input_report/dropwizard-vex.json | 2970 ++++++++--------- .../sample_input_report/vex.json | 5 +- 2 files changed, 1489 insertions(+), 1486 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vex.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vex.json index b866b41fb0..6ea5f232b5 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vex.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vex.json @@ -1,2553 +1,2553 @@ { - "bomFormat" : "CycloneDX", - "specVersion" : "1.5", - "serialNumber" : "urn:uuid:b9d34fa9-4f62-4b08-ae38-af606a1dc7fd", - "version" : 1, - "metadata" : { - "timestamp" : "2024-07-08T17:31:55Z", - "tools" : [ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:b9d34fa9-4f62-4b08-ae38-af606a1dc7fd", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:31:55Z", + "tools": [ { - "vendor" : "OWASP", - "name" : "Dependency-Track", - "version" : "4.11.4" + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" } ], - "component" : { - "type" : "application", - "bom-ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7", - "name" : "test 9", - "version" : "SNAPSHOT", - "description" : "This is the project I want to use to generate data to understand the schema a bit better" + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" } }, - "vulnerabilities" : [ + "vulnerabilities": [ { - "bom-ref" : "b7a12947-7a8d-4031-b59d-640d33dbad6a", - "id" : "GHSA-5mg8-w23w-74h3", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "low", - "method" : "other" + "severity": "low", + "method": "other" } ], - "cwes" : [ + "cwes": [ 173, 200, 378, 732 ], - "description" : "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", - "published" : "2021-03-25T17:04:19Z", - "updated" : "2023-11-09T18:44:38Z", - "affects" : [ + "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "bb03c210-ea12-450d-85df-17d81a75ede2", - "id" : "GHSA-7g45-4rm6-3mm3", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 379, 552 ], - "description" : "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", - "published" : "2023-06-14T18:30:38Z", - "updated" : "2024-02-13T21:49:15Z", - "affects" : [ + "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", - "id" : "GHSA-5p34-5m6p-p58g", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "critical", - "method" : "other" + "severity": "critical", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", - "published" : "2020-04-23T21:08:40Z", - "updated" : "2023-02-01T05:02:59Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "f57dc81d-6b2d-4060-8c15-7613c1a37981", - "id" : "GHSA-27xj-rqx5-2255", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", - "published" : "2020-05-15T18:58:44Z", - "updated" : "2023-02-01T05:02:59Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", - "id" : "GHSA-58pp-9c76-5625", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", - "published" : "2020-06-10T21:12:41Z", - "updated" : "2023-02-01T05:03:03Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", - "id" : "GHSA-v3xw-c963-f5hc", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", - "published" : "2020-05-15T18:58:50Z", - "updated" : "2023-02-01T05:03:05Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "e5cba611-d1ce-48a5-8fc2-ac68ba133947", - "id" : "GHSA-h4rc-386g-6m85", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", - "published" : "2020-04-23T20:19:02Z", - "updated" : "2024-03-15T00:41:35Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", - "id" : "GHSA-9vvp-fxw6-jcxr", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", - "published" : "2020-05-15T18:58:47Z", - "updated" : "2024-03-15T00:48:55Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "343cd240-f667-4770-aecf-ddc11f9d0172", - "id" : "GHSA-rf6r-2c4q-2vwg", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", - "published" : "2020-05-15T18:58:54Z", - "updated" : "2024-03-15T00:50:18Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", - "id" : "GHSA-758m-v56v-grj4", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", - "published" : "2020-04-23T21:36:03Z", - "updated" : "2024-06-25T13:46:45Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", - "id" : "GHSA-95cm-88f5-f2c7", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", - "published" : "2020-04-23T16:32:59Z", - "updated" : "2024-07-03T21:10:50Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", - "id" : "GHSA-c2q3-4qrh-fm48", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", - "published" : "2020-06-18T14:44:50Z", - "updated" : "2023-02-01T05:04:14Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "97981cb2-9228-4b8b-a172-ad12f550a19f", - "id" : "GHSA-mc6h-4qgp-37qh", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", - "published" : "2020-06-18T14:44:43Z", - "updated" : "2024-03-15T00:37:17Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", - "id" : "GHSA-j823-4qch-3rgm", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", - "published" : "2020-06-18T14:44:46Z", - "updated" : "2024-03-15T00:39:55Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "7e3a7481-266e-4cb7-af3b-94dcaf462942", - "id" : "GHSA-c265-37vj-cwcc", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", - "published" : "2020-06-18T14:44:48Z", - "updated" : "2024-06-25T13:46:04Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "db7cfe67-0b1d-4504-af8b-da26e12af73a", - "id" : "GHSA-4w82-r329-3q67", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "critical", - "method" : "other" + "severity": "critical", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", - "published" : "2020-03-04T20:52:14Z", - "updated" : "2023-06-08T19:02:12Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", - "id" : "GHSA-rpr3-cw39-3pxh", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", - "published" : "2022-07-15T19:41:47Z", - "updated" : "2023-08-18T15:45:27Z", - "affects" : [ + "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "c037af59-a132-4727-8cc3-c6095c490df7", - "id" : "GHSA-fmmc-742q-jg75", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "critical", - "method" : "other" + "severity": "critical", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", - "published" : "2019-11-13T00:32:27Z", - "updated" : "2023-09-14T14:55:20Z", - "affects" : [ + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "0b8d112a-b683-414d-93b6-48fa2cabb7c9", - "id" : "GHSA-gjmw-vf9h-g25v", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "critical", - "method" : "other" + "severity": "critical", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", - "published" : "2019-11-13T00:32:38Z", - "updated" : "2023-09-14T14:55:25Z", - "affects" : [ + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "e8b21aeb-ce1d-4df2-8102-577b813e712f", - "id" : "GHSA-mx7p-6679-8g3q", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "critical", - "method" : "other" + "severity": "critical", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", - "published" : "2019-10-28T20:51:15Z", - "updated" : "2024-03-15T00:57:37Z", - "affects" : [ + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "e141c668-bc18-4738-b3b6-e7ba1057d124", - "id" : "GHSA-q93h-jc49-78gg", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "critical", - "method" : "other" + "severity": "critical", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", - "published" : "2020-05-15T18:59:10Z", - "updated" : "2023-09-14T15:09:40Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", - "id" : "GHSA-p43x-xfjf-5jhr", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "critical", - "method" : "other" + "severity": "critical", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", - "published" : "2020-05-15T18:59:01Z", - "updated" : "2024-03-15T00:20:09Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "6af6635c-bedd-40e5-88b8-324d3a80a33e", - "id" : "GHSA-h3cw-g4mq-c5x2", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 94, 502 ], - "description" : "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", - "published" : "2021-12-09T19:14:51Z", - "updated" : "2023-09-14T15:44:55Z", - "affects" : [ + "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "3ad04380-a25c-41d8-8fad-259c2561795b", - "id" : "GHSA-qjw2-hr98-qgfh", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", - "published" : "2021-12-09T19:15:36Z", - "updated" : "2023-09-14T15:47:50Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "86f78c35-adfb-48e4-9428-88084373e1c0", - "id" : "GHSA-8w26-6f25-cm9x", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", - "published" : "2021-12-09T19:16:02Z", - "updated" : "2023-09-14T15:52:49Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", - "id" : "GHSA-m6x4-97wx-4q27", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", - "published" : "2021-12-09T19:16:26Z", - "updated" : "2023-09-14T15:53:30Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "00033bff-66dc-4a36-ab38-a10b0625409f", - "id" : "GHSA-v585-23hc-c647", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", - "published" : "2021-11-19T20:13:06Z", - "updated" : "2023-09-14T15:59:33Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "14e2856b-f78d-4a6d-99eb-470c8566df29", - "id" : "GHSA-r695-7vr9-jgc2", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", - "published" : "2021-12-09T19:16:51Z", - "updated" : "2023-09-14T16:01:31Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "c224f923-be9a-4faa-a930-ef4db611bc2b", - "id" : "GHSA-vfqx-33qm-g869", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", - "published" : "2021-12-09T19:16:59Z", - "updated" : "2023-09-14T16:04:22Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "5201940b-1f04-4668-ae86-8261448d817d", - "id" : "GHSA-f9xh-2qgp-cq57", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", - "published" : "2021-12-09T19:16:42Z", - "updated" : "2023-09-14T16:04:22Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", - "id" : "GHSA-cvm9-fjm9-3572", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "published" : "2021-12-09T19:16:10Z", - "updated" : "2023-09-14T16:07:00Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", - "id" : "GHSA-9gph-22xh-8x98", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", - "published" : "2021-12-09T19:15:54Z", - "updated" : "2023-09-14T16:07:40Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "950cff67-088e-4f41-9818-25943c9e17c0", - "id" : "GHSA-89qr-369f-5m5x", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "published" : "2021-12-09T19:15:46Z", - "updated" : "2023-09-14T16:08:37Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "53eda8c2-268a-4866-89ac-234bfe7f74ce", - "id" : "GHSA-8c4j-34r4-xr8g", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", - "published" : "2021-12-09T19:16:18Z", - "updated" : "2023-09-14T16:13:01Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "9edaa51d-929b-457e-aab5-0fffecdb4938", - "id" : "GHSA-9m6f-7xcq-8vf8", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", - "published" : "2021-12-09T19:16:34Z", - "updated" : "2023-09-14T16:15:44Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "6d5189b4-d549-419a-b886-43a62cc43d40", - "id" : "GHSA-5r5r-6hpj-8gg9", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", - "published" : "2021-12-09T19:15:24Z", - "updated" : "2023-11-21T11:40:53Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "135c6dab-529e-4855-ab72-a0138e2110c8", - "id" : "GHSA-wh8g-3j2c-rqj5", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", - "published" : "2021-12-09T19:15:00Z", - "updated" : "2024-03-15T00:28:08Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "57f41366-73de-4a9c-ba15-4d09c9f60e33", - "id" : "GHSA-r3gr-cxrf-hg25", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502, 913 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", - "published" : "2021-12-09T19:15:11Z", - "updated" : "2024-06-25T13:47:23Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "ccd0ef88-c0fe-4a10-a648-c779ce82b888", - "id" : "GHSA-jjjh-jjxp-wpff", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 400, 502 ], - "description" : "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", - "published" : "2022-10-03T00:00:31Z", - "updated" : "2024-03-15T00:14:44Z", - "affects" : [ + "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "726a055c-f364-4cb7-a75a-d3c541dad0fa", - "id" : "GHSA-5949-rw7g-wx7w", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", - "published" : "2021-01-20T21:20:15Z", - "updated" : "2024-03-15T00:16:04Z", - "affects" : [ + "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", - "id" : "GHSA-57j2-w4cx-62h2", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 787 ], - "description" : "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", - "published" : "2022-03-12T00:00:36Z", - "updated" : "2024-03-15T00:24:56Z", - "affects" : [ + "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", - "id" : "GHSA-288c-cq4h-88gq", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 611 ], - "description" : "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", - "published" : "2021-02-18T20:51:54Z", - "updated" : "2024-03-15T00:31:24Z", - "affects" : [ + "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", - "id" : "GHSA-gww7-p5w4-wrfv", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "critical", - "method" : "other" + "severity": "critical", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", - "published" : "2020-03-04T20:52:11Z", - "updated" : "2024-03-15T00:52:59Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "87742746-bd8b-423d-979d-d9aa81a8ccfd", - "id" : "GHSA-rgv9-q543-rqg4", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 400, 502 ], - "description" : "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", - "published" : "2022-10-03T00:00:31Z", - "updated" : "2024-03-24T05:01:05Z", - "affects" : [ + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "5c0b94e1-0577-42c9-8028-f244d68f61da", - "id" : "GHSA-fqwf-pjwf-7vqv", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", - "published" : "2020-05-15T18:59:04Z", - "updated" : "2024-07-03T21:10:31Z", - "affects" : [ + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "f2fa9b19-418a-4901-9840-a8631227701e", - "id" : "GHSA-8jpx-m2wh-2v34", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 74 ], - "description" : "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "published" : "2020-04-10T18:42:20Z", - "updated" : "2023-01-09T05:02:18Z", - "affects" : [ + "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "00bc944f-fead-400b-8bbd-0c5b56ba2b14", - "id" : "GHSA-3mcp-9wr4-cjqf", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 74 ], - "description" : "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", - "published" : "2020-02-24T17:27:27Z", - "updated" : "2024-06-05T16:42:03Z", - "affects" : [ + "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", - "id" : "GHSA-rvwf-54qp-4r6v", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 776 ], - "description" : "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", - "published" : "2021-06-04T21:37:45Z", - "updated" : "2023-05-22T20:17:58Z", - "affects" : [ + "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "63a53dc7-5769-43dc-a053-50ccd5295d8b", - "id" : "GHSA-9w3m-gqgf-c4p9", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 121, 787 ], - "description" : "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", - "published" : "2022-09-06T00:00:27Z", - "updated" : "2024-03-15T12:30:36Z", - "affects" : [ + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "5ab41975-23cc-45e0-9a13-be603ea00595", - "id" : "GHSA-w37g-rhq8-7m4j", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 121, 787 ], - "description" : "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", - "published" : "2022-11-11T19:00:31Z", - "updated" : "2024-06-21T21:33:52Z", - "affects" : [ + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "dff65990-715e-4f71-aace-60d4436af108", - "id" : "GHSA-c4r9-r8fh-9vj2", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 121, 787 ], - "description" : "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published" : "2022-09-06T00:00:27Z", - "updated" : "2024-03-15T12:30:36Z", - "affects" : [ + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "d55a9a55-cf82-483f-9a7c-8bf5395ce510", - "id" : "GHSA-hhhw-99gj-p3c3", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 121, 787 ], - "description" : "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published" : "2022-09-06T00:00:27Z", - "updated" : "2024-03-15T12:30:36Z", - "affects" : [ + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "6c215a04-8ea0-421f-961b-d5cceb64fd13", - "id" : "GHSA-98wm-3w3q-mw94", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 121, 787 ], - "description" : "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", - "published" : "2022-09-06T00:00:27Z", - "updated" : "2024-03-15T12:30:36Z", - "affects" : [ + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "38c08d91-3487-44c4-b258-d5a274a4ad05", - "id" : "GHSA-3mc7-4q67-w48m", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 400, 776 ], - "description" : "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", - "published" : "2022-08-31T00:00:24Z", - "updated" : "2024-03-15T19:06:46Z", - "affects" : [ + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", - "id" : "GHSA-mjmj-j48q-9wg2", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 20, 502 ], - "description" : "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", - "published" : "2022-12-12T21:19:47Z", - "updated" : "2024-06-24T21:22:59Z", - "affects" : [ + "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "bdd3f85b-5284-4163-be5b-0dd84b9300ac", - "id" : "GHSA-668q-qrv7-99fm", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", - "published" : "2021-12-17T20:00:50Z", - "updated" : "2023-01-30T05:04:55Z", - "affects" : [ + "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", - "id" : "GHSA-vmq6-5m68-f53m", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "published" : "2023-11-29T12:30:16Z", - "updated" : "2023-12-05T21:31:13Z", - "affects" : [ + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", - "id" : "GHSA-vmq6-5m68-f53m", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", - "published" : "2023-11-29T12:30:16Z", - "updated" : "2023-12-05T21:31:13Z", - "affects" : [ + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", - "id" : "GHSA-m394-8rww-3jr7", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 400 ], - "description" : "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", - "published" : "2021-03-10T03:46:47Z", - "updated" : "2023-02-01T05:05:09Z", - "affects" : [ + "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "f32ca540-f068-4392-bea0-c0d7b050b7d1", - "id" : "GHSA-m6cp-vxjx-65j6", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "low", - "method" : "other" + "severity": "low", + "method": "other" } ], - "cwes" : [ + "cwes": [ 613 ], - "description" : "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", - "published" : "2021-06-23T20:23:04Z", - "updated" : "2023-02-01T05:05:59Z", - "affects" : [ + "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "6d35c4e5-f5ee-4572-af28-1ca71cf48158", - "id" : "GHSA-26vr-8j45-3r4w", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 400, 551, 755 ], - "description" : "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", - "published" : "2021-04-06T17:31:30Z", - "updated" : "2023-09-26T11:11:47Z", - "affects" : [ + "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "d5c5815d-1742-46b6-953a-a4ed90fdd920", - "id" : "GHSA-p26g-97m4-6q7c", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "low", - "method" : "other" + "severity": "low", + "method": "other" } ], - "cwes" : [ + "cwes": [ 200 ], - "description" : "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", - "published" : "2023-04-18T22:19:57Z", - "updated" : "2023-11-06T05:01:53Z", - "affects" : [ + "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "f6ff72c7-6603-4627-899d-658f8f7c5f23", - "id" : "GHSA-qw69-rqj8-6qw8", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 400, 770 ], - "description" : "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", - "published" : "2023-04-19T18:15:45Z", - "updated" : "2023-11-06T05:02:06Z", - "affects" : [ + "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", - "id" : "GHSA-86wm-rrjm-8wh8", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 226 ], - "description" : "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", - "published" : "2020-12-02T18:28:18Z", - "updated" : "2024-02-21T17:23:14Z", - "affects" : [ + "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "c19b779d-2699-44de-a189-a0d18d8dc953", - "id" : "GHSA-cj7v-27pg-wf7q", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "low", - "method" : "other" + "severity": "low", + "method": "other" } ], - "cwes" : [ + "cwes": [ 20 ], - "description" : "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "published" : "2022-07-07T20:55:34Z", - "updated" : "2023-01-29T05:06:01Z", - "affects" : [ + "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "a2897b13-bdeb-4a6c-802e-abf09fef10a9", - "id" : "GHSA-hmr7-m48g-48f6", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 130 ], - "description" : "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", - "published" : "2023-09-14T16:17:27Z", - "updated" : "2023-11-06T05:01:59Z", - "affects" : [ + "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", - "id" : "GHSA-g3wg-6mcf-8jj6", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 378, 379, 552 ], - "description" : "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", - "published" : "2020-11-04T17:50:24Z", - "updated" : "2023-11-27T23:07:53Z", - "affects" : [ + "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "76910119-ee18-4144-855b-b2fdab20e33c", - "id" : "GHSA-58qw-p7qm-5rvh", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "low", - "method" : "other" + "severity": "low", + "method": "other" } ], - "cwes" : [ + "cwes": [ 611 ], - "description" : "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", - "published" : "2023-07-10T21:52:39Z", - "updated" : "2023-09-05T22:39:32Z", - "affects" : [ + "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "d8add710-4eed-448d-b198-ecff8ffe86ea", - "id" : "GHSA-gwcr-j4wh-j3cq", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 200 ], - "description" : "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", - "published" : "2021-06-10T15:43:22Z", - "updated" : "2023-02-01T05:05:51Z", - "affects" : [ + "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "123b8eaf-5572-4945-975d-21ed3c2f101d", - "id" : "GHSA-3gh6-v5v9-6v9j", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "low", - "method" : "other" + "severity": "low", + "method": "other" } ], - "cwes" : [ + "cwes": [ 149 ], - "description" : "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", - "published" : "2023-09-14T16:16:00Z", - "updated" : "2023-11-06T05:01:59Z", - "affects" : [ + "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "499117ae-d134-4505-8674-ed498531e7a9", - "id" : "GHSA-269g-pwp5-87pp", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 200, 732 ], - "description" : "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", - "published" : "2020-10-12T17:33:00Z", - "updated" : "2023-02-01T05:04:50Z", - "affects" : [ + "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "4ad3464b-09c7-40fa-ab51-754f3f196cd4", - "id" : "INT-f70z-tbpp-4o5d", - "source" : { - "name" : "INTERNAL" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "source": { + "name": "INTERNAL" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "INTERNAL" + "source": { + "name": "INTERNAL" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "affects" : [ + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", - "id" : "INT-63e3-49kp-blqt", - "source" : { - "name" : "INTERNAL" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "source": { + "name": "INTERNAL" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "INTERNAL" + "source": { + "name": "INTERNAL" }, - "severity" : "low", - "method" : "other" + "severity": "low", + "method": "other" } ], - "description" : "testing", - "affects" : [ + "description": "testing", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "1f182b73-afb8-424c-8e08-533a0f702076", - "id" : "GHSA-j8jw-g6fq-mp7h", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 89 ], - "description" : "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", - "published" : "2022-02-09T22:57:29Z", - "updated" : "2024-06-27T16:39:59Z", - "affects" : [ + "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", - "id" : "GHSA-8grg-q944-cch5", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 89 ], - "description" : "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", - "published" : "2022-02-10T23:05:04Z", - "updated" : "2024-06-27T18:05:49Z", - "affects" : [ + "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "55ebe39e-12f6-4360-aeba-9913ef7efb68", - "id" : "GHSA-hwj3-m3p6-hj38", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "critical", - "method" : "other" + "severity": "critical", + "method": "other" } ], - "cwes" : [ + "cwes": [ 611 ], - "description" : "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", - "published" : "2020-06-05T16:13:36Z", - "updated" : "2023-01-27T05:02:30Z", - "affects" : [ + "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "8c0002e8-9326-40f7-9209-51020755ff02", - "id" : "GHSA-7r82-7xv7-xcpj", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 79 ], - "description" : "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", - "published" : "2021-06-03T23:40:23Z", - "updated" : "2023-02-01T05:05:30Z", - "affects" : [ + "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "7b0674fc-e326-47d0-b34b-b5bfb523784b", - "id" : "GHSA-jvfv-hrrc-6q72", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "critical", - "method" : "other" + "severity": "critical", + "method": "other" } ], - "cwes" : [ + "cwes": [ 611 ], - "description" : "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", - "published" : "2022-03-05T00:00:45Z", - "updated" : "2023-01-27T05:02:46Z", - "affects" : [ + "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "c3fdf61d-7886-423b-8a29-b6ab6790c127", - "id" : "GHSA-wgmr-mf83-7x4j", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 400, 410 ], - "description" : "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", - "published" : "2022-07-07T20:55:40Z", - "updated" : "2023-07-24T19:39:20Z", - "affects" : [ + "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "affa7af3-427f-4223-8028-d9ac45e80e08", - "id" : "GHSA-qppj-fm5r-hxr3", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 400 ], - "description" : "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", - "published" : "2023-10-10T21:28:24Z", - "updated" : "2024-06-21T21:34:00Z", - "affects" : [ + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", - "id" : "GHSA-rggv-cv7r-mw98", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 400 ], - "description" : "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", - "published" : "2024-02-26T20:13:46Z", - "updated" : "2024-05-02T18:38:19Z", - "affects" : [ + "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "affa7af3-427f-4223-8028-d9ac45e80e08", - "id" : "GHSA-qppj-fm5r-hxr3", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 400 ], - "description" : "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", - "published" : "2023-10-10T21:28:24Z", - "updated" : "2024-06-21T21:34:00Z", - "affects" : [ + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", - "id" : "GHSA-wgh7-54f2-x98r", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "high", - "method" : "other" + "severity": "high", + "method": "other" } ], - "cwes" : [ + "cwes": [ 190 ], - "description" : "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", - "published" : "2023-10-10T21:16:23Z", - "updated" : "2024-06-21T21:33:57Z", - "affects" : [ + "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "f987bc98-65f5-402b-8b39-7e8e3e730ebe", - "id" : "GHSA-w4g2-9hj6-5472", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 295 ], - "description" : "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", - "published" : "2018-10-18T18:06:08Z", - "updated" : "2023-01-09T05:03:38Z", - "affects" : [ + "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", - "id" : "GHSA-mm8h-8587-p46h", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "medium", - "method" : "other" + "severity": "medium", + "method": "other" } ], - "cwes" : [ + "cwes": [ 400 ], - "description" : "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", - "published" : "2023-10-24T01:49:09Z", - "updated" : "2023-11-05T05:04:23Z", - "affects" : [ + "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "815a1358-2bd4-4028-bd3e-8219747c78f6", - "id" : "GHSA-h376-j262-vhq6", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "critical", - "method" : "other" + "severity": "critical", + "method": "other" } ], - "cwes" : [ + "cwes": [ 502 ], - "description" : "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", - "published" : "2022-01-06T23:55:09Z", - "updated" : "2023-02-25T00:31:20Z", - "affects" : [ + "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] }, { - "bom-ref" : "c8a50465-16df-44e0-84e9-7acff5870a51", - "id" : "GHSA-45hx-wfhj-473x", - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "ratings" : [ + "ratings": [ { - "source" : { - "name" : "GITHUB", - "url" : "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" }, - "severity" : "critical", - "method" : "other" + "severity": "critical", + "method": "other" } ], - "cwes" : [ + "cwes": [ 88 ], - "description" : "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", - "published" : "2022-01-21T23:07:39Z", - "updated" : "2023-08-18T15:47:05Z", - "affects" : [ + "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "affects": [ { - "ref" : "602de70a-7107-4ac8-9ad2-3c1c816892a7" + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" } ] } diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json index 14c5067b42..4ffca24f0b 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json @@ -83,7 +83,10 @@ "analysis": { "state": "not_affected", "justification": "code_not_reachable", - "response": ["will_not_fix", "update"], + "response": [ + "will_not_fix", + "update" + ], "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." }, "affects": [ From 516ef250d25c66d296ab63878c3e10686c0dac26 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 8 Aug 2024 12:58:19 -0400 Subject: [PATCH 40/61] Fixing typing errors Signed-off-by: Charles Hu --- libs/hdf-converters/src/cyclonedx-sbom-mapper.ts | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 76c0fd8ed2..9327baa5df 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -24,7 +24,7 @@ type IntermediaryComponent = { type IntermediaryVulnerability = { affectedComponents?: IntermediaryComponent[]; - affects?: Record[]; + affects: Record[]; [key: string]: unknown; }; @@ -109,7 +109,7 @@ export class CycloneDXSBOMResults { // Pull components from raw data data.components = [ ...(_.cloneDeep(data.raw.components) as ComponentRepository) - ].map((element) => element as {}); + ].map((element) => Object(element)); // Look through every component at the top level of the list for (const component of data.components) { @@ -155,11 +155,11 @@ export class CycloneDXSBOMResults { // Pull vulnerabilities from raw data data.vulnerabilities = [ ...(_.cloneDeep(data.raw.vulnerabilities) as VulnerabilityRepository) - ].map((element) => element as {}); + ].map((element) => Object(element)); for (const vulnerability of data.vulnerabilities) { vulnerability.affectedComponents = []; - for (const id of vulnerability.affects!) { + for (const id of vulnerability.affects) { for (const component of data.components as IntermediaryComponent[]) { // Find every component that is affected via listed bom-refs if (component['bom-ref'] === id.ref) { @@ -203,11 +203,11 @@ export class CycloneDXSBOMResults { // Pull vulnerabilities from raw data data.vulnerabilities = [ ...(_.cloneDeep(data.raw.vulnerabilities) as VulnerabilityRepository) - ].map((element) => element as {}); + ].map((element) => Object(element)); for (const vulnerability of data.vulnerabilities) { vulnerability.affectedComponents = []; - for (const id of vulnerability.affects!) { + for (const id of vulnerability.affects) { // Build a dummy component for each bom-ref identified as being affected by the vulnerability // Add that component to the corresponding vulnerability object vulnerability.affectedComponents.push({ From a9a40071fab64c8e29ca6e8ef2fced70502a2e81 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Fri, 9 Aug 2024 13:15:18 -0400 Subject: [PATCH 41/61] Review changes Signed-off-by: Charles Hu --- .../src/cyclonedx-sbom-mapper.ts | 67 ++++++------------- 1 file changed, 21 insertions(+), 46 deletions(-) diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 9327baa5df..d2faced269 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -109,7 +109,7 @@ export class CycloneDXSBOMResults { // Pull components from raw data data.components = [ ...(_.cloneDeep(data.raw.components) as ComponentRepository) - ].map((element) => Object(element)); + ] as unknown as IntermediaryComponent[]; // Look through every component at the top level of the list for (const component of data.components) { @@ -155,7 +155,7 @@ export class CycloneDXSBOMResults { // Pull vulnerabilities from raw data data.vulnerabilities = [ ...(_.cloneDeep(data.raw.vulnerabilities) as VulnerabilityRepository) - ].map((element) => Object(element)); + ] as unknown as IntermediaryVulnerability[]; for (const vulnerability of data.vulnerabilities) { vulnerability.affectedComponents = []; @@ -203,18 +203,15 @@ export class CycloneDXSBOMResults { // Pull vulnerabilities from raw data data.vulnerabilities = [ ...(_.cloneDeep(data.raw.vulnerabilities) as VulnerabilityRepository) - ].map((element) => Object(element)); + ] as unknown as IntermediaryVulnerability[]; for (const vulnerability of data.vulnerabilities) { - vulnerability.affectedComponents = []; - for (const id of vulnerability.affects) { - // Build a dummy component for each bom-ref identified as being affected by the vulnerability - // Add that component to the corresponding vulnerability object - vulnerability.affectedComponents.push({ - 'bom-ref': `${id.ref}`, - name: `${id.ref}` - }); - } + // Build a dummy component for each bom-ref identified as being affected by the vulnerability + // Add that component to the corresponding vulnerability object + vulnerability.affectedComponents = vulnerability.affects.map((id) => ({ + 'bom-ref': `${id.ref}`, + name: `${id.ref}` + })); } } @@ -331,30 +328,22 @@ export class CycloneDXSBOMMapper extends BaseConverter { descriptions: [ { path: 'detail', - transformer: ( - input: Record - ): Record | undefined => + transformer: (input: Record) => input ? {data: input, label: 'Detail'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'recommendation', - transformer: ( - input: Record - ): Record | undefined => + transformer: (input: string) => input ? {data: input, label: 'Recommendation'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'workaround', - transformer: ( - input: Record - ): Record | undefined => + transformer: (input: string) => input ? {data: input, label: 'Workaround'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'proofOfConcept', - transformer: ( - input: Record - ): Record | undefined => + transformer: (input: Record) => input ? { data: JSON.stringify(input, null, 2), @@ -364,55 +353,41 @@ export class CycloneDXSBOMMapper extends BaseConverter { } as unknown as ExecJSON.ControlDescription, { path: 'created', - transformer: ( - input: Record - ): Record | undefined => + transformer: (input: Record) => input ? {data: input, label: 'Date created'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'published', - transformer: ( - input: Record - ): Record | undefined => + transformer: (input: Record) => input ? {data: input, label: 'Date published'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'updated', - transformer: ( - input: Record - ): Record | undefined => + transformer: (input: Record) => input ? {data: input, label: 'Date updated'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'rejected', - transformer: ( - input: Record - ): Record | undefined => + transformer: (input: Record) => input ? {data: input, label: 'Date rejected'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'credits', - transformer: ( - input: Record - ): Record | undefined => + transformer: (input: Record) => input ? {data: JSON.stringify(input, null, 2), label: 'Credits'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'tools', - transformer: ( - input: Record - ): Record | undefined => + transformer: (input: Record) => input ? {data: JSON.stringify(input, null, 2), label: 'Tools'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'analysis', - transformer: ( - input: Record - ): Record | undefined => + transformer: (input: Record) => input ? {data: JSON.stringify(input, null, 2), label: 'Analysis'} : undefined @@ -516,7 +491,7 @@ export class CycloneDXSBOMMapper extends BaseConverter { } } }; - constructor(exportJson: Record, withRaw = false) { + constructor(exportJson: DataStorage, withRaw = false) { super(exportJson, true); this.withRaw = withRaw; } From ec9c5e6799fb9534ae283a21b779ba4f679cf883 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 12 Aug 2024 09:01:11 -0400 Subject: [PATCH 42/61] Tag changes Signed-off-by: Charles Hu --- .../sbom-dropwizard-vex-hdf-withraw.json | 1425 ++++++----------- .../sbom-dropwizard-vex-hdf.json | 1425 ++++++----------- .../sbom-dropwizard-vulns-hdf-withraw.json | 1425 ++++++----------- .../sbom-dropwizard-vulns-hdf.json | 1425 ++++++----------- .../sbom-vex-hdf-withraw.json | 20 +- .../cyclonedx_sbom_mapper/sbom-vex-hdf.json | 20 +- .../src/cyclonedx-sbom-mapper.ts | 43 +- 7 files changed, 2063 insertions(+), 3720 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index f62531dd92..3f0a48f297 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -31,18 +31,13 @@ "CWE-200", "CWE-378", "CWE-732" - ] + ], + "created": "", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-03-25T17:04:19Z", - "label": "Date published" - }, - { - "data": "2023-11-09T18:44:38Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -81,18 +76,13 @@ "cwe": [ "CWE-379", "CWE-552" - ] + ], + "created": "", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-06-14T18:30:38Z", - "label": "Date published" - }, - { - "data": "2024-02-13T21:49:15Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -128,18 +118,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T21:08:40Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:02:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -175,18 +160,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:44Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:02:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -222,18 +202,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-10T21:12:41Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:03:03Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -269,18 +244,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:50Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:03:05Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -316,18 +286,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T20:19:02Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:41:35Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -363,18 +328,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:47Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:48:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -410,18 +370,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:54Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:50:18Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -457,18 +412,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T21:36:03Z", - "label": "Date published" - }, - { - "data": "2024-06-25T13:46:45Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -504,18 +454,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T16:32:59Z", - "label": "Date published" - }, - { - "data": "2024-07-03T21:10:50Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -551,18 +496,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:50Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:04:14Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -598,18 +538,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:43Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:37:17Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -645,18 +580,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:46Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:39:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -692,18 +622,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:48Z", - "label": "Date published" - }, - { - "data": "2024-06-25T13:46:04Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -739,18 +664,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-03-04T20:52:14Z", - "label": "Date published" - }, - { - "data": "2023-06-08T19:02:12Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -786,18 +706,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-07-15T19:41:47Z", - "label": "Date published" - }, - { - "data": "2023-08-18T15:45:27Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -833,18 +748,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2019-11-13T00:32:27Z", - "label": "Date published" - }, - { - "data": "2023-09-14T14:55:20Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -880,18 +790,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2019-11-13T00:32:38Z", - "label": "Date published" - }, - { - "data": "2023-09-14T14:55:25Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -927,18 +832,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2019-10-28T20:51:15Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:57:37Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -974,18 +874,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:59:10Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:09:40Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1021,18 +916,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:59:01Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:20:09Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1069,18 +959,13 @@ "cwe": [ "CWE-94", "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:14:51Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:44:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1116,18 +1001,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:36Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:47:50Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1163,18 +1043,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:02Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:52:49Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1210,18 +1085,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:26Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:53:30Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1257,18 +1127,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-11-19T20:13:06Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:59:33Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1304,18 +1169,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:51Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:01:31Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1351,18 +1211,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:59Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:04:22Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1398,18 +1253,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:42Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:04:22Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1445,18 +1295,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:10Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:07:00Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1492,18 +1337,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:54Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:07:40Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1539,18 +1379,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:46Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:08:37Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1586,18 +1421,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:18Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:13:01Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1633,18 +1463,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:34Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:15:44Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1680,18 +1505,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:24Z", - "label": "Date published" - }, - { - "data": "2023-11-21T11:40:53Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1727,18 +1547,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:00Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:28:08Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1775,18 +1590,13 @@ "cwe": [ "CWE-502", "CWE-913" - ] + ], + "created": "", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:11Z", - "label": "Date published" - }, - { - "data": "2024-06-25T13:47:23Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1823,18 +1633,13 @@ "cwe": [ "CWE-400", "CWE-502" - ] + ], + "created": "", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-10-03T00:00:31Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:14:44Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1870,18 +1675,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-01-20T21:20:15Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:16:04Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1917,18 +1717,13 @@ ], "cwe": [ "CWE-787" - ] + ], + "created": "", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-03-12T00:00:36Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:24:56Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1964,18 +1759,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-02-18T20:51:54Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:31:24Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2011,18 +1801,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-03-04T20:52:11Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:52:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2059,18 +1844,13 @@ "cwe": [ "CWE-400", "CWE-502" - ] + ], + "created": "", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-10-03T00:00:31Z", - "label": "Date published" - }, - { - "data": "2024-03-24T05:01:05Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2106,18 +1886,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:59:04Z", - "label": "Date published" - }, - { - "data": "2024-07-03T21:10:31Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2155,18 +1930,13 @@ ], "cwe": [ "CWE-74" - ] + ], + "created": "", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-10T18:42:20Z", - "label": "Date published" - }, - { - "data": "2023-01-09T05:02:18Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2204,18 +1974,13 @@ ], "cwe": [ "CWE-74" - ] + ], + "created": "", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-02-24T17:27:27Z", - "label": "Date published" - }, - { - "data": "2024-06-05T16:42:03Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2253,18 +2018,13 @@ ], "cwe": [ "CWE-776" - ] + ], + "created": "", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-04T21:37:45Z", - "label": "Date published" - }, - { - "data": "2023-05-22T20:17:58Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2301,18 +2061,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2349,18 +2104,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-11-11T19:00:31Z", - "label": "Date published" - }, - { - "data": "2024-06-21T21:33:52Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2397,18 +2147,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2445,18 +2190,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2493,18 +2233,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2541,18 +2276,13 @@ "cwe": [ "CWE-400", "CWE-776" - ] + ], + "created": "", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-08-31T00:00:24Z", - "label": "Date published" - }, - { - "data": "2024-03-15T19:06:46Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2589,18 +2319,13 @@ "cwe": [ "CWE-20", "CWE-502" - ] + ], + "created": "", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-12-12T21:19:47Z", - "label": "Date published" - }, - { - "data": "2024-06-24T21:22:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2636,18 +2361,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-17T20:00:50Z", - "label": "Date published" - }, - { - "data": "2023-01-30T05:04:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2683,18 +2403,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-11-29T12:30:16Z", - "label": "Date published" - }, - { - "data": "2023-12-05T21:31:13Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2730,18 +2445,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-03-10T03:46:47Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:09Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2777,18 +2487,13 @@ ], "cwe": [ "CWE-613" - ] + ], + "created": "", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-23T20:23:04Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2826,18 +2531,13 @@ "CWE-400", "CWE-551", "CWE-755" - ] + ], + "created": "", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-04-06T17:31:30Z", - "label": "Date published" - }, - { - "data": "2023-09-26T11:11:47Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2873,18 +2573,13 @@ ], "cwe": [ "CWE-200" - ] + ], + "created": "", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-04-18T22:19:57Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:01:53Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2921,18 +2616,13 @@ "cwe": [ "CWE-400", "CWE-770" - ] + ], + "created": "", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-04-19T18:15:45Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:02:06Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2968,18 +2658,13 @@ ], "cwe": [ "CWE-226" - ] + ], + "created": "", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-12-02T18:28:18Z", - "label": "Date published" - }, - { - "data": "2024-02-21T17:23:14Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3015,18 +2700,13 @@ ], "cwe": [ "CWE-20" - ] + ], + "created": "", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-07-07T20:55:34Z", - "label": "Date published" - }, - { - "data": "2023-01-29T05:06:01Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3064,18 +2744,13 @@ ], "cwe": [ "CWE-130" - ] + ], + "created": "", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-09-14T16:17:27Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:01:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3115,18 +2790,13 @@ "CWE-378", "CWE-379", "CWE-552" - ] + ], + "created": "", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-11-04T17:50:24Z", - "label": "Date published" - }, - { - "data": "2023-11-27T23:07:53Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3162,18 +2832,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-07-10T21:52:39Z", - "label": "Date published" - }, - { - "data": "2023-09-05T22:39:32Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3209,18 +2874,13 @@ ], "cwe": [ "CWE-200" - ] + ], + "created": "", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-10T15:43:22Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:51Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3258,18 +2918,13 @@ ], "cwe": [ "CWE-149" - ] + ], + "created": "", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-09-14T16:16:00Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:01:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3308,18 +2963,13 @@ "cwe": [ "CWE-200", "CWE-732" - ] + ], + "created": "", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-10-12T17:33:00Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:04:50Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3355,7 +3005,11 @@ "CCI-002605", "CCI-001643" ], - "cwe": [] + "cwe": [], + "created": "", + "published": "", + "updated": "", + "rejected": "" }, "descriptions": [], "refs": [ @@ -3391,7 +3045,11 @@ "CCI-002605", "CCI-001643" ], - "cwe": [] + "cwe": [], + "created": "", + "published": "", + "updated": "", + "rejected": "" }, "descriptions": [], "refs": [ @@ -3428,18 +3086,13 @@ ], "cwe": [ "CWE-89" - ] + ], + "created": "", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-02-09T22:57:29Z", - "label": "Date published" - }, - { - "data": "2024-06-27T16:39:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3475,18 +3128,13 @@ ], "cwe": [ "CWE-89" - ] + ], + "created": "", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-02-10T23:05:04Z", - "label": "Date published" - }, - { - "data": "2024-06-27T18:05:49Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3522,18 +3170,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-05T16:13:36Z", - "label": "Date published" - }, - { - "data": "2023-01-27T05:02:30Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3569,18 +3212,13 @@ ], "cwe": [ "CWE-79" - ] + ], + "created": "", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-03T23:40:23Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:30Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3616,18 +3254,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-03-05T00:00:45Z", - "label": "Date published" - }, - { - "data": "2023-01-27T05:02:46Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3664,18 +3297,13 @@ "cwe": [ "CWE-400", "CWE-410" - ] + ], + "created": "", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-07-07T20:55:40Z", - "label": "Date published" - }, - { - "data": "2023-07-24T19:39:20Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3711,18 +3339,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-10-10T21:28:24Z", - "label": "Date published" - }, - { - "data": "2024-06-21T21:34:00Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3758,18 +3381,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2024-02-26T20:13:46Z", - "label": "Date published" - }, - { - "data": "2024-05-02T18:38:19Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3805,18 +3423,13 @@ ], "cwe": [ "CWE-190" - ] + ], + "created": "", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-10-10T21:16:23Z", - "label": "Date published" - }, - { - "data": "2024-06-21T21:33:57Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3854,18 +3467,13 @@ ], "cwe": [ "CWE-295" - ] + ], + "created": "", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2018-10-18T18:06:08Z", - "label": "Date published" - }, - { - "data": "2023-01-09T05:03:38Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3901,18 +3509,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-10-24T01:49:09Z", - "label": "Date published" - }, - { - "data": "2023-11-05T05:04:23Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3948,18 +3551,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-01-06T23:55:09Z", - "label": "Date published" - }, - { - "data": "2023-02-25T00:31:20Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3997,18 +3595,13 @@ ], "cwe": [ "CWE-88" - ] + ], + "created": "", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-01-21T23:07:39Z", - "label": "Date published" - }, - { - "data": "2023-08-18T15:47:05Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -4035,7 +3628,7 @@ ] } ], - "sha256": "9902bf99c7a943ca3bf57d11dec58a10fb723eb05d3e3094fdb723af75718cee" + "sha256": "03b83542495c79a3357c8fbaf3866ed19ef80d11dc9e784b483cfa177cdcbf00" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json index cd69ef8849..f495576830 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -31,18 +31,13 @@ "CWE-200", "CWE-378", "CWE-732" - ] + ], + "created": "", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-03-25T17:04:19Z", - "label": "Date published" - }, - { - "data": "2023-11-09T18:44:38Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -81,18 +76,13 @@ "cwe": [ "CWE-379", "CWE-552" - ] + ], + "created": "", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-06-14T18:30:38Z", - "label": "Date published" - }, - { - "data": "2024-02-13T21:49:15Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -128,18 +118,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T21:08:40Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:02:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -175,18 +160,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:44Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:02:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -222,18 +202,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-10T21:12:41Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:03:03Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -269,18 +244,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:50Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:03:05Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -316,18 +286,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T20:19:02Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:41:35Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -363,18 +328,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:47Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:48:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -410,18 +370,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:54Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:50:18Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -457,18 +412,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T21:36:03Z", - "label": "Date published" - }, - { - "data": "2024-06-25T13:46:45Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -504,18 +454,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T16:32:59Z", - "label": "Date published" - }, - { - "data": "2024-07-03T21:10:50Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -551,18 +496,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:50Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:04:14Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -598,18 +538,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:43Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:37:17Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -645,18 +580,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:46Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:39:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -692,18 +622,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:48Z", - "label": "Date published" - }, - { - "data": "2024-06-25T13:46:04Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -739,18 +664,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-03-04T20:52:14Z", - "label": "Date published" - }, - { - "data": "2023-06-08T19:02:12Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -786,18 +706,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-07-15T19:41:47Z", - "label": "Date published" - }, - { - "data": "2023-08-18T15:45:27Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -833,18 +748,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2019-11-13T00:32:27Z", - "label": "Date published" - }, - { - "data": "2023-09-14T14:55:20Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -880,18 +790,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2019-11-13T00:32:38Z", - "label": "Date published" - }, - { - "data": "2023-09-14T14:55:25Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -927,18 +832,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2019-10-28T20:51:15Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:57:37Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -974,18 +874,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:59:10Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:09:40Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1021,18 +916,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:59:01Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:20:09Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1069,18 +959,13 @@ "cwe": [ "CWE-94", "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:14:51Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:44:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1116,18 +1001,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:36Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:47:50Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1163,18 +1043,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:02Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:52:49Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1210,18 +1085,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:26Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:53:30Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1257,18 +1127,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-11-19T20:13:06Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:59:33Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1304,18 +1169,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:51Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:01:31Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1351,18 +1211,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:59Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:04:22Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1398,18 +1253,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:42Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:04:22Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1445,18 +1295,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:10Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:07:00Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1492,18 +1337,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:54Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:07:40Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1539,18 +1379,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:46Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:08:37Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1586,18 +1421,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:18Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:13:01Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1633,18 +1463,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:34Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:15:44Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1680,18 +1505,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:24Z", - "label": "Date published" - }, - { - "data": "2023-11-21T11:40:53Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1727,18 +1547,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:00Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:28:08Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1775,18 +1590,13 @@ "cwe": [ "CWE-502", "CWE-913" - ] + ], + "created": "", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:11Z", - "label": "Date published" - }, - { - "data": "2024-06-25T13:47:23Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1823,18 +1633,13 @@ "cwe": [ "CWE-400", "CWE-502" - ] + ], + "created": "", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-10-03T00:00:31Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:14:44Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1870,18 +1675,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-01-20T21:20:15Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:16:04Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1917,18 +1717,13 @@ ], "cwe": [ "CWE-787" - ] + ], + "created": "", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-03-12T00:00:36Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:24:56Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1964,18 +1759,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-02-18T20:51:54Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:31:24Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2011,18 +1801,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-03-04T20:52:11Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:52:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2059,18 +1844,13 @@ "cwe": [ "CWE-400", "CWE-502" - ] + ], + "created": "", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-10-03T00:00:31Z", - "label": "Date published" - }, - { - "data": "2024-03-24T05:01:05Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2106,18 +1886,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:59:04Z", - "label": "Date published" - }, - { - "data": "2024-07-03T21:10:31Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2155,18 +1930,13 @@ ], "cwe": [ "CWE-74" - ] + ], + "created": "", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-10T18:42:20Z", - "label": "Date published" - }, - { - "data": "2023-01-09T05:02:18Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2204,18 +1974,13 @@ ], "cwe": [ "CWE-74" - ] + ], + "created": "", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-02-24T17:27:27Z", - "label": "Date published" - }, - { - "data": "2024-06-05T16:42:03Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2253,18 +2018,13 @@ ], "cwe": [ "CWE-776" - ] + ], + "created": "", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-04T21:37:45Z", - "label": "Date published" - }, - { - "data": "2023-05-22T20:17:58Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2301,18 +2061,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2349,18 +2104,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-11-11T19:00:31Z", - "label": "Date published" - }, - { - "data": "2024-06-21T21:33:52Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2397,18 +2147,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2445,18 +2190,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2493,18 +2233,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2541,18 +2276,13 @@ "cwe": [ "CWE-400", "CWE-776" - ] + ], + "created": "", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-08-31T00:00:24Z", - "label": "Date published" - }, - { - "data": "2024-03-15T19:06:46Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2589,18 +2319,13 @@ "cwe": [ "CWE-20", "CWE-502" - ] + ], + "created": "", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-12-12T21:19:47Z", - "label": "Date published" - }, - { - "data": "2024-06-24T21:22:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2636,18 +2361,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-17T20:00:50Z", - "label": "Date published" - }, - { - "data": "2023-01-30T05:04:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2683,18 +2403,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-11-29T12:30:16Z", - "label": "Date published" - }, - { - "data": "2023-12-05T21:31:13Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2730,18 +2445,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-03-10T03:46:47Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:09Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2777,18 +2487,13 @@ ], "cwe": [ "CWE-613" - ] + ], + "created": "", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-23T20:23:04Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2826,18 +2531,13 @@ "CWE-400", "CWE-551", "CWE-755" - ] + ], + "created": "", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-04-06T17:31:30Z", - "label": "Date published" - }, - { - "data": "2023-09-26T11:11:47Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2873,18 +2573,13 @@ ], "cwe": [ "CWE-200" - ] + ], + "created": "", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-04-18T22:19:57Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:01:53Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2921,18 +2616,13 @@ "cwe": [ "CWE-400", "CWE-770" - ] + ], + "created": "", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-04-19T18:15:45Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:02:06Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2968,18 +2658,13 @@ ], "cwe": [ "CWE-226" - ] + ], + "created": "", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-12-02T18:28:18Z", - "label": "Date published" - }, - { - "data": "2024-02-21T17:23:14Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3015,18 +2700,13 @@ ], "cwe": [ "CWE-20" - ] + ], + "created": "", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-07-07T20:55:34Z", - "label": "Date published" - }, - { - "data": "2023-01-29T05:06:01Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3064,18 +2744,13 @@ ], "cwe": [ "CWE-130" - ] + ], + "created": "", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-09-14T16:17:27Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:01:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3115,18 +2790,13 @@ "CWE-378", "CWE-379", "CWE-552" - ] + ], + "created": "", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-11-04T17:50:24Z", - "label": "Date published" - }, - { - "data": "2023-11-27T23:07:53Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3162,18 +2832,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-07-10T21:52:39Z", - "label": "Date published" - }, - { - "data": "2023-09-05T22:39:32Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3209,18 +2874,13 @@ ], "cwe": [ "CWE-200" - ] + ], + "created": "", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-10T15:43:22Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:51Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3258,18 +2918,13 @@ ], "cwe": [ "CWE-149" - ] + ], + "created": "", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-09-14T16:16:00Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:01:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3308,18 +2963,13 @@ "cwe": [ "CWE-200", "CWE-732" - ] + ], + "created": "", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-10-12T17:33:00Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:04:50Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3355,7 +3005,11 @@ "CCI-002605", "CCI-001643" ], - "cwe": [] + "cwe": [], + "created": "", + "published": "", + "updated": "", + "rejected": "" }, "descriptions": [], "refs": [ @@ -3391,7 +3045,11 @@ "CCI-002605", "CCI-001643" ], - "cwe": [] + "cwe": [], + "created": "", + "published": "", + "updated": "", + "rejected": "" }, "descriptions": [], "refs": [ @@ -3428,18 +3086,13 @@ ], "cwe": [ "CWE-89" - ] + ], + "created": "", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-02-09T22:57:29Z", - "label": "Date published" - }, - { - "data": "2024-06-27T16:39:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3475,18 +3128,13 @@ ], "cwe": [ "CWE-89" - ] + ], + "created": "", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-02-10T23:05:04Z", - "label": "Date published" - }, - { - "data": "2024-06-27T18:05:49Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3522,18 +3170,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-05T16:13:36Z", - "label": "Date published" - }, - { - "data": "2023-01-27T05:02:30Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3569,18 +3212,13 @@ ], "cwe": [ "CWE-79" - ] + ], + "created": "", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-03T23:40:23Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:30Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3616,18 +3254,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-03-05T00:00:45Z", - "label": "Date published" - }, - { - "data": "2023-01-27T05:02:46Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3664,18 +3297,13 @@ "cwe": [ "CWE-400", "CWE-410" - ] + ], + "created": "", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-07-07T20:55:40Z", - "label": "Date published" - }, - { - "data": "2023-07-24T19:39:20Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3711,18 +3339,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-10-10T21:28:24Z", - "label": "Date published" - }, - { - "data": "2024-06-21T21:34:00Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3758,18 +3381,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2024-02-26T20:13:46Z", - "label": "Date published" - }, - { - "data": "2024-05-02T18:38:19Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3805,18 +3423,13 @@ ], "cwe": [ "CWE-190" - ] + ], + "created": "", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-10-10T21:16:23Z", - "label": "Date published" - }, - { - "data": "2024-06-21T21:33:57Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3854,18 +3467,13 @@ ], "cwe": [ "CWE-295" - ] + ], + "created": "", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2018-10-18T18:06:08Z", - "label": "Date published" - }, - { - "data": "2023-01-09T05:03:38Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3901,18 +3509,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-10-24T01:49:09Z", - "label": "Date published" - }, - { - "data": "2023-11-05T05:04:23Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3948,18 +3551,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-01-06T23:55:09Z", - "label": "Date published" - }, - { - "data": "2023-02-25T00:31:20Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3997,18 +3595,13 @@ ], "cwe": [ "CWE-88" - ] + ], + "created": "", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-01-21T23:07:39Z", - "label": "Date published" - }, - { - "data": "2023-08-18T15:47:05Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -4035,7 +3628,7 @@ ] } ], - "sha256": "9902bf99c7a943ca3bf57d11dec58a10fb723eb05d3e3094fdb723af75718cee" + "sha256": "03b83542495c79a3357c8fbaf3866ed19ef80d11dc9e784b483cfa177cdcbf00" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index e87eea6038..dff9084bf6 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -31,18 +31,13 @@ "CWE-200", "CWE-378", "CWE-732" - ] + ], + "created": "", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-03-25T17:04:19Z", - "label": "Date published" - }, - { - "data": "2023-11-09T18:44:38Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -81,18 +76,13 @@ "cwe": [ "CWE-379", "CWE-552" - ] + ], + "created": "", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-06-14T18:30:38Z", - "label": "Date published" - }, - { - "data": "2024-02-13T21:49:15Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -128,18 +118,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T21:08:40Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:02:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -175,18 +160,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:44Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:02:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -222,18 +202,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-10T21:12:41Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:03:03Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -269,18 +244,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:50Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:03:05Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -316,18 +286,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T20:19:02Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:41:35Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -363,18 +328,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:47Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:48:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -410,18 +370,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:54Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:50:18Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -457,18 +412,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T21:36:03Z", - "label": "Date published" - }, - { - "data": "2024-06-25T13:46:45Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -504,18 +454,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T16:32:59Z", - "label": "Date published" - }, - { - "data": "2024-07-03T21:10:50Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -551,18 +496,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:50Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:04:14Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -598,18 +538,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:43Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:37:17Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -645,18 +580,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:46Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:39:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -692,18 +622,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:48Z", - "label": "Date published" - }, - { - "data": "2024-06-25T13:46:04Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -739,18 +664,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-03-04T20:52:14Z", - "label": "Date published" - }, - { - "data": "2023-06-08T19:02:12Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -786,18 +706,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-07-15T19:41:47Z", - "label": "Date published" - }, - { - "data": "2023-08-18T15:45:27Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -833,18 +748,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2019-11-13T00:32:27Z", - "label": "Date published" - }, - { - "data": "2023-09-14T14:55:20Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -880,18 +790,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2019-11-13T00:32:38Z", - "label": "Date published" - }, - { - "data": "2023-09-14T14:55:25Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -927,18 +832,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2019-10-28T20:51:15Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:57:37Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -974,18 +874,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:59:10Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:09:40Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1021,18 +916,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:59:01Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:20:09Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1069,18 +959,13 @@ "cwe": [ "CWE-94", "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:14:51Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:44:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1116,18 +1001,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:36Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:47:50Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1163,18 +1043,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:02Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:52:49Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1210,18 +1085,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:26Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:53:30Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1257,18 +1127,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-11-19T20:13:06Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:59:33Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1304,18 +1169,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:51Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:01:31Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1351,18 +1211,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:59Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:04:22Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1398,18 +1253,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:42Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:04:22Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1445,18 +1295,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:10Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:07:00Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1492,18 +1337,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:54Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:07:40Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1539,18 +1379,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:46Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:08:37Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1586,18 +1421,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:18Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:13:01Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1633,18 +1463,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:34Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:15:44Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1680,18 +1505,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:24Z", - "label": "Date published" - }, - { - "data": "2023-11-21T11:40:53Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1727,18 +1547,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:00Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:28:08Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1775,18 +1590,13 @@ "cwe": [ "CWE-502", "CWE-913" - ] + ], + "created": "", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:11Z", - "label": "Date published" - }, - { - "data": "2024-06-25T13:47:23Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1823,18 +1633,13 @@ "cwe": [ "CWE-400", "CWE-502" - ] + ], + "created": "", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-10-03T00:00:31Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:14:44Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1870,18 +1675,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-01-20T21:20:15Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:16:04Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1917,18 +1717,13 @@ ], "cwe": [ "CWE-787" - ] + ], + "created": "", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-03-12T00:00:36Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:24:56Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1964,18 +1759,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-02-18T20:51:54Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:31:24Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2011,18 +1801,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-03-04T20:52:11Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:52:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2059,18 +1844,13 @@ "cwe": [ "CWE-400", "CWE-502" - ] + ], + "created": "", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-10-03T00:00:31Z", - "label": "Date published" - }, - { - "data": "2024-03-24T05:01:05Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2106,18 +1886,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:59:04Z", - "label": "Date published" - }, - { - "data": "2024-07-03T21:10:31Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2155,18 +1930,13 @@ ], "cwe": [ "CWE-74" - ] + ], + "created": "", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-10T18:42:20Z", - "label": "Date published" - }, - { - "data": "2023-01-09T05:02:18Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2204,18 +1974,13 @@ ], "cwe": [ "CWE-74" - ] + ], + "created": "", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-02-24T17:27:27Z", - "label": "Date published" - }, - { - "data": "2024-06-05T16:42:03Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2253,18 +2018,13 @@ ], "cwe": [ "CWE-776" - ] + ], + "created": "", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-04T21:37:45Z", - "label": "Date published" - }, - { - "data": "2023-05-22T20:17:58Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2301,18 +2061,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2349,18 +2104,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-11-11T19:00:31Z", - "label": "Date published" - }, - { - "data": "2024-06-21T21:33:52Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2397,18 +2147,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2445,18 +2190,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2493,18 +2233,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2541,18 +2276,13 @@ "cwe": [ "CWE-400", "CWE-776" - ] + ], + "created": "", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-08-31T00:00:24Z", - "label": "Date published" - }, - { - "data": "2024-03-15T19:06:46Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2589,18 +2319,13 @@ "cwe": [ "CWE-20", "CWE-502" - ] + ], + "created": "", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-12-12T21:19:47Z", - "label": "Date published" - }, - { - "data": "2024-06-24T21:22:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2636,18 +2361,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-17T20:00:50Z", - "label": "Date published" - }, - { - "data": "2023-01-30T05:04:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2683,18 +2403,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-11-29T12:30:16Z", - "label": "Date published" - }, - { - "data": "2023-12-05T21:31:13Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2736,18 +2451,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-03-10T03:46:47Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:09Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2783,18 +2493,13 @@ ], "cwe": [ "CWE-613" - ] + ], + "created": "", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-23T20:23:04Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2832,18 +2537,13 @@ "CWE-400", "CWE-551", "CWE-755" - ] + ], + "created": "", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-04-06T17:31:30Z", - "label": "Date published" - }, - { - "data": "2023-09-26T11:11:47Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2879,18 +2579,13 @@ ], "cwe": [ "CWE-200" - ] + ], + "created": "", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-04-18T22:19:57Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:01:53Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2927,18 +2622,13 @@ "cwe": [ "CWE-400", "CWE-770" - ] + ], + "created": "", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-04-19T18:15:45Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:02:06Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2974,18 +2664,13 @@ ], "cwe": [ "CWE-226" - ] + ], + "created": "", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-12-02T18:28:18Z", - "label": "Date published" - }, - { - "data": "2024-02-21T17:23:14Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3021,18 +2706,13 @@ ], "cwe": [ "CWE-20" - ] + ], + "created": "", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-07-07T20:55:34Z", - "label": "Date published" - }, - { - "data": "2023-01-29T05:06:01Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3070,18 +2750,13 @@ ], "cwe": [ "CWE-130" - ] + ], + "created": "", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-09-14T16:17:27Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:01:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3121,18 +2796,13 @@ "CWE-378", "CWE-379", "CWE-552" - ] + ], + "created": "", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-11-04T17:50:24Z", - "label": "Date published" - }, - { - "data": "2023-11-27T23:07:53Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3168,18 +2838,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-07-10T21:52:39Z", - "label": "Date published" - }, - { - "data": "2023-09-05T22:39:32Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3215,18 +2880,13 @@ ], "cwe": [ "CWE-200" - ] + ], + "created": "", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-10T15:43:22Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:51Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3264,18 +2924,13 @@ ], "cwe": [ "CWE-149" - ] + ], + "created": "", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-09-14T16:16:00Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:01:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3314,18 +2969,13 @@ "cwe": [ "CWE-200", "CWE-732" - ] + ], + "created": "", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-10-12T17:33:00Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:04:50Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3361,7 +3011,11 @@ "CCI-002605", "CCI-001643" ], - "cwe": [] + "cwe": [], + "created": "", + "published": "", + "updated": "", + "rejected": "" }, "descriptions": [], "refs": [ @@ -3397,7 +3051,11 @@ "CCI-002605", "CCI-001643" ], - "cwe": [] + "cwe": [], + "created": "", + "published": "", + "updated": "", + "rejected": "" }, "descriptions": [], "refs": [ @@ -3434,18 +3092,13 @@ ], "cwe": [ "CWE-89" - ] + ], + "created": "", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-02-09T22:57:29Z", - "label": "Date published" - }, - { - "data": "2024-06-27T16:39:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3481,18 +3134,13 @@ ], "cwe": [ "CWE-89" - ] + ], + "created": "", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-02-10T23:05:04Z", - "label": "Date published" - }, - { - "data": "2024-06-27T18:05:49Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3528,18 +3176,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-05T16:13:36Z", - "label": "Date published" - }, - { - "data": "2023-01-27T05:02:30Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3575,18 +3218,13 @@ ], "cwe": [ "CWE-79" - ] + ], + "created": "", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-03T23:40:23Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:30Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3622,18 +3260,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-03-05T00:00:45Z", - "label": "Date published" - }, - { - "data": "2023-01-27T05:02:46Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3670,18 +3303,13 @@ "cwe": [ "CWE-400", "CWE-410" - ] + ], + "created": "", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-07-07T20:55:40Z", - "label": "Date published" - }, - { - "data": "2023-07-24T19:39:20Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3717,18 +3345,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-10-10T21:28:24Z", - "label": "Date published" - }, - { - "data": "2024-06-21T21:34:00Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3770,18 +3393,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2024-02-26T20:13:46Z", - "label": "Date published" - }, - { - "data": "2024-05-02T18:38:19Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3817,18 +3435,13 @@ ], "cwe": [ "CWE-190" - ] + ], + "created": "", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-10-10T21:16:23Z", - "label": "Date published" - }, - { - "data": "2024-06-21T21:33:57Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3866,18 +3479,13 @@ ], "cwe": [ "CWE-295" - ] + ], + "created": "", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2018-10-18T18:06:08Z", - "label": "Date published" - }, - { - "data": "2023-01-09T05:03:38Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3913,18 +3521,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-10-24T01:49:09Z", - "label": "Date published" - }, - { - "data": "2023-11-05T05:04:23Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3960,18 +3563,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-01-06T23:55:09Z", - "label": "Date published" - }, - { - "data": "2023-02-25T00:31:20Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -4009,18 +3607,13 @@ ], "cwe": [ "CWE-88" - ] + ], + "created": "", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-01-21T23:07:39Z", - "label": "Date published" - }, - { - "data": "2023-08-18T15:47:05Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -4047,7 +3640,7 @@ ] } ], - "sha256": "423500d681549aa5606b24248ba94a5e2801d4a5394a672d8b1292d679fe0cfc" + "sha256": "bf70242005c6b5e676974f138b98d38be83bb0d941a8a31a8985a17567976521" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json index cbb436af50..380c7645cf 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -31,18 +31,13 @@ "CWE-200", "CWE-378", "CWE-732" - ] + ], + "created": "", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-03-25T17:04:19Z", - "label": "Date published" - }, - { - "data": "2023-11-09T18:44:38Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -81,18 +76,13 @@ "cwe": [ "CWE-379", "CWE-552" - ] + ], + "created": "", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-06-14T18:30:38Z", - "label": "Date published" - }, - { - "data": "2024-02-13T21:49:15Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -128,18 +118,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T21:08:40Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:02:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -175,18 +160,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:44Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:02:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -222,18 +202,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-10T21:12:41Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:03:03Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -269,18 +244,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:50Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:03:05Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -316,18 +286,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T20:19:02Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:41:35Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -363,18 +328,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:47Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:48:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -410,18 +370,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:58:54Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:50:18Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -457,18 +412,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T21:36:03Z", - "label": "Date published" - }, - { - "data": "2024-06-25T13:46:45Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -504,18 +454,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-23T16:32:59Z", - "label": "Date published" - }, - { - "data": "2024-07-03T21:10:50Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -551,18 +496,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:50Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:04:14Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -598,18 +538,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:43Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:37:17Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -645,18 +580,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:46Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:39:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -692,18 +622,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-18T14:44:48Z", - "label": "Date published" - }, - { - "data": "2024-06-25T13:46:04Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -739,18 +664,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-03-04T20:52:14Z", - "label": "Date published" - }, - { - "data": "2023-06-08T19:02:12Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -786,18 +706,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-07-15T19:41:47Z", - "label": "Date published" - }, - { - "data": "2023-08-18T15:45:27Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -833,18 +748,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2019-11-13T00:32:27Z", - "label": "Date published" - }, - { - "data": "2023-09-14T14:55:20Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -880,18 +790,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2019-11-13T00:32:38Z", - "label": "Date published" - }, - { - "data": "2023-09-14T14:55:25Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -927,18 +832,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2019-10-28T20:51:15Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:57:37Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -974,18 +874,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:59:10Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:09:40Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1021,18 +916,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:59:01Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:20:09Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1069,18 +959,13 @@ "cwe": [ "CWE-94", "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:14:51Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:44:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1116,18 +1001,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:36Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:47:50Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1163,18 +1043,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:02Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:52:49Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1210,18 +1085,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:26Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:53:30Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1257,18 +1127,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-11-19T20:13:06Z", - "label": "Date published" - }, - { - "data": "2023-09-14T15:59:33Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1304,18 +1169,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:51Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:01:31Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1351,18 +1211,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:59Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:04:22Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1398,18 +1253,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:42Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:04:22Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1445,18 +1295,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:10Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:07:00Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1492,18 +1337,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:54Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:07:40Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1539,18 +1379,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:46Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:08:37Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1586,18 +1421,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:18Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:13:01Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1633,18 +1463,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:16:34Z", - "label": "Date published" - }, - { - "data": "2023-09-14T16:15:44Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1680,18 +1505,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:24Z", - "label": "Date published" - }, - { - "data": "2023-11-21T11:40:53Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1727,18 +1547,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:00Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:28:08Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1775,18 +1590,13 @@ "cwe": [ "CWE-502", "CWE-913" - ] + ], + "created": "", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-09T19:15:11Z", - "label": "Date published" - }, - { - "data": "2024-06-25T13:47:23Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1823,18 +1633,13 @@ "cwe": [ "CWE-400", "CWE-502" - ] + ], + "created": "", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-10-03T00:00:31Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:14:44Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1870,18 +1675,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-01-20T21:20:15Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:16:04Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1917,18 +1717,13 @@ ], "cwe": [ "CWE-787" - ] + ], + "created": "", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-03-12T00:00:36Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:24:56Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -1964,18 +1759,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-02-18T20:51:54Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:31:24Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2011,18 +1801,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-03-04T20:52:11Z", - "label": "Date published" - }, - { - "data": "2024-03-15T00:52:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2059,18 +1844,13 @@ "cwe": [ "CWE-400", "CWE-502" - ] + ], + "created": "", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-10-03T00:00:31Z", - "label": "Date published" - }, - { - "data": "2024-03-24T05:01:05Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2106,18 +1886,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-05-15T18:59:04Z", - "label": "Date published" - }, - { - "data": "2024-07-03T21:10:31Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2155,18 +1930,13 @@ ], "cwe": [ "CWE-74" - ] + ], + "created": "", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-04-10T18:42:20Z", - "label": "Date published" - }, - { - "data": "2023-01-09T05:02:18Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2204,18 +1974,13 @@ ], "cwe": [ "CWE-74" - ] + ], + "created": "", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-02-24T17:27:27Z", - "label": "Date published" - }, - { - "data": "2024-06-05T16:42:03Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2253,18 +2018,13 @@ ], "cwe": [ "CWE-776" - ] + ], + "created": "", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-04T21:37:45Z", - "label": "Date published" - }, - { - "data": "2023-05-22T20:17:58Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2301,18 +2061,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2349,18 +2104,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-11-11T19:00:31Z", - "label": "Date published" - }, - { - "data": "2024-06-21T21:33:52Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2397,18 +2147,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2445,18 +2190,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2493,18 +2233,13 @@ "cwe": [ "CWE-121", "CWE-787" - ] + ], + "created": "", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-09-06T00:00:27Z", - "label": "Date published" - }, - { - "data": "2024-03-15T12:30:36Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2541,18 +2276,13 @@ "cwe": [ "CWE-400", "CWE-776" - ] + ], + "created": "", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-08-31T00:00:24Z", - "label": "Date published" - }, - { - "data": "2024-03-15T19:06:46Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2589,18 +2319,13 @@ "cwe": [ "CWE-20", "CWE-502" - ] + ], + "created": "", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-12-12T21:19:47Z", - "label": "Date published" - }, - { - "data": "2024-06-24T21:22:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2636,18 +2361,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-12-17T20:00:50Z", - "label": "Date published" - }, - { - "data": "2023-01-30T05:04:55Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2683,18 +2403,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-11-29T12:30:16Z", - "label": "Date published" - }, - { - "data": "2023-12-05T21:31:13Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2736,18 +2451,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-03-10T03:46:47Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:09Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2783,18 +2493,13 @@ ], "cwe": [ "CWE-613" - ] + ], + "created": "", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-23T20:23:04Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2832,18 +2537,13 @@ "CWE-400", "CWE-551", "CWE-755" - ] + ], + "created": "", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-04-06T17:31:30Z", - "label": "Date published" - }, - { - "data": "2023-09-26T11:11:47Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2879,18 +2579,13 @@ ], "cwe": [ "CWE-200" - ] + ], + "created": "", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-04-18T22:19:57Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:01:53Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2927,18 +2622,13 @@ "cwe": [ "CWE-400", "CWE-770" - ] + ], + "created": "", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-04-19T18:15:45Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:02:06Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -2974,18 +2664,13 @@ ], "cwe": [ "CWE-226" - ] + ], + "created": "", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-12-02T18:28:18Z", - "label": "Date published" - }, - { - "data": "2024-02-21T17:23:14Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3021,18 +2706,13 @@ ], "cwe": [ "CWE-20" - ] + ], + "created": "", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-07-07T20:55:34Z", - "label": "Date published" - }, - { - "data": "2023-01-29T05:06:01Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3070,18 +2750,13 @@ ], "cwe": [ "CWE-130" - ] + ], + "created": "", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-09-14T16:17:27Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:01:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3121,18 +2796,13 @@ "CWE-378", "CWE-379", "CWE-552" - ] + ], + "created": "", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-11-04T17:50:24Z", - "label": "Date published" - }, - { - "data": "2023-11-27T23:07:53Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3168,18 +2838,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-07-10T21:52:39Z", - "label": "Date published" - }, - { - "data": "2023-09-05T22:39:32Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3215,18 +2880,13 @@ ], "cwe": [ "CWE-200" - ] + ], + "created": "", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-10T15:43:22Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:51Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3264,18 +2924,13 @@ ], "cwe": [ "CWE-149" - ] + ], + "created": "", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-09-14T16:16:00Z", - "label": "Date published" - }, - { - "data": "2023-11-06T05:01:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3314,18 +2969,13 @@ "cwe": [ "CWE-200", "CWE-732" - ] + ], + "created": "", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-10-12T17:33:00Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:04:50Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3361,7 +3011,11 @@ "CCI-002605", "CCI-001643" ], - "cwe": [] + "cwe": [], + "created": "", + "published": "", + "updated": "", + "rejected": "" }, "descriptions": [], "refs": [ @@ -3397,7 +3051,11 @@ "CCI-002605", "CCI-001643" ], - "cwe": [] + "cwe": [], + "created": "", + "published": "", + "updated": "", + "rejected": "" }, "descriptions": [], "refs": [ @@ -3434,18 +3092,13 @@ ], "cwe": [ "CWE-89" - ] + ], + "created": "", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-02-09T22:57:29Z", - "label": "Date published" - }, - { - "data": "2024-06-27T16:39:59Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3481,18 +3134,13 @@ ], "cwe": [ "CWE-89" - ] + ], + "created": "", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-02-10T23:05:04Z", - "label": "Date published" - }, - { - "data": "2024-06-27T18:05:49Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3528,18 +3176,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2020-06-05T16:13:36Z", - "label": "Date published" - }, - { - "data": "2023-01-27T05:02:30Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3575,18 +3218,13 @@ ], "cwe": [ "CWE-79" - ] + ], + "created": "", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2021-06-03T23:40:23Z", - "label": "Date published" - }, - { - "data": "2023-02-01T05:05:30Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3622,18 +3260,13 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-03-05T00:00:45Z", - "label": "Date published" - }, - { - "data": "2023-01-27T05:02:46Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3670,18 +3303,13 @@ "cwe": [ "CWE-400", "CWE-410" - ] + ], + "created": "", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-07-07T20:55:40Z", - "label": "Date published" - }, - { - "data": "2023-07-24T19:39:20Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3717,18 +3345,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-10-10T21:28:24Z", - "label": "Date published" - }, - { - "data": "2024-06-21T21:34:00Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3770,18 +3393,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2024-02-26T20:13:46Z", - "label": "Date published" - }, - { - "data": "2024-05-02T18:38:19Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3817,18 +3435,13 @@ ], "cwe": [ "CWE-190" - ] + ], + "created": "", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-10-10T21:16:23Z", - "label": "Date published" - }, - { - "data": "2024-06-21T21:33:57Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3866,18 +3479,13 @@ ], "cwe": [ "CWE-295" - ] + ], + "created": "", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2018-10-18T18:06:08Z", - "label": "Date published" - }, - { - "data": "2023-01-09T05:03:38Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3913,18 +3521,13 @@ ], "cwe": [ "CWE-400" - ] + ], + "created": "", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2023-10-24T01:49:09Z", - "label": "Date published" - }, - { - "data": "2023-11-05T05:04:23Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -3960,18 +3563,13 @@ ], "cwe": [ "CWE-502" - ] + ], + "created": "", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-01-06T23:55:09Z", - "label": "Date published" - }, - { - "data": "2023-02-25T00:31:20Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -4009,18 +3607,13 @@ ], "cwe": [ "CWE-88" - ] + ], + "created": "", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "rejected": "" }, - "descriptions": [ - { - "data": "2022-01-21T23:07:39Z", - "label": "Date published" - }, - { - "data": "2023-08-18T15:47:05Z", - "label": "Date updated" - } - ], + "descriptions": [], "refs": [ { "ref": [ @@ -4047,7 +3640,7 @@ ] } ], - "sha256": "423500d681549aa5606b24248ba94a5e2801d4a5394a672d8b1292d679fe0cfc" + "sha256": "bf70242005c6b5e676974f138b98d38be83bb0d941a8a31a8985a17567976521" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json index 097e0f174f..e7a30d0822 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json @@ -24,7 +24,11 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "2020-12-03T00:00:00.000Z", + "published": "2020-12-03T00:00:00.000Z", + "updated": "2021-10-26T00:00:00.000Z", + "rejected": "" }, "descriptions": [ { @@ -35,18 +39,6 @@ "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", "label": "Recommendation" }, - { - "data": "2020-12-03T00:00:00.000Z", - "label": "Date created" - }, - { - "data": "2020-12-03T00:00:00.000Z", - "label": "Date published" - }, - { - "data": "2021-10-26T00:00:00.000Z", - "label": "Date updated" - }, { "data": "{\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n}", "label": "Credits" @@ -105,7 +97,7 @@ ] } ], - "sha256": "ff54a575f2b6ba5b71509d4333cf7d81e8222be0d6f020b401421db15fdb371a" + "sha256": "de340123e25d2d20c70b9ffc2f7f9f59d264b331ea37b662be6def8a5eb7705b" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json index eb977a21be..4b9730ecac 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json @@ -24,7 +24,11 @@ ], "cwe": [ "CWE-611" - ] + ], + "created": "2020-12-03T00:00:00.000Z", + "published": "2020-12-03T00:00:00.000Z", + "updated": "2021-10-26T00:00:00.000Z", + "rejected": "" }, "descriptions": [ { @@ -35,18 +39,6 @@ "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", "label": "Recommendation" }, - { - "data": "2020-12-03T00:00:00.000Z", - "label": "Date created" - }, - { - "data": "2020-12-03T00:00:00.000Z", - "label": "Date published" - }, - { - "data": "2021-10-26T00:00:00.000Z", - "label": "Date updated" - }, { "data": "{\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n}", "label": "Credits" @@ -105,7 +97,7 @@ ] } ], - "sha256": "ff54a575f2b6ba5b71509d4333cf7d81e8222be0d6f020b401421db15fdb371a" + "sha256": "de340123e25d2d20c70b9ffc2f7f9f59d264b331ea37b662be6def8a5eb7705b" } ], "passthrough": { diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index d2faced269..43cceef3a2 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -293,13 +293,16 @@ export class CycloneDXSBOMMapper extends BaseConverter { license: { path: 'raw.metadata.component', transformer: (input: Component): string | undefined => { - let message = ''; - if (Array.isArray(input.licenses)) { - // Join together all applicable licenses for this component - input.licenses.map((license) => { - message = message.concat(`${license.license.id}, `); - }); - return message.slice(0, -2); + if (input.licenses) { + // Certain license reports only provide the license name in the `name` field + // Check there first and then default to `id` + return [..._.cloneDeep(input.licenses)] + .map((license) => + _.has(license, 'license.name') + ? _.get(license, 'license.name') + : _.get(license, 'license.id') + ) + .join(', '); } // If there are no found licenses, remove field return undefined; @@ -323,7 +326,11 @@ export class CycloneDXSBOMMapper extends BaseConverter { transformer: (input: CweRepository): string[] => getCCIsForNISTTags(getNISTTags(input)) }, - cwe: {path: 'cwes', transformer: formatCWETags} + cwe: {path: 'cwes', transformer: formatCWETags}, + created: {path: 'created'}, + published: {path: 'published'}, + updated: {path: 'updated'}, + rejected: {path: 'rejected'} }, descriptions: [ { @@ -351,26 +358,6 @@ export class CycloneDXSBOMMapper extends BaseConverter { } : undefined } as unknown as ExecJSON.ControlDescription, - { - path: 'created', - transformer: (input: Record) => - input ? {data: input, label: 'Date created'} : undefined - } as unknown as ExecJSON.ControlDescription, - { - path: 'published', - transformer: (input: Record) => - input ? {data: input, label: 'Date published'} : undefined - } as unknown as ExecJSON.ControlDescription, - { - path: 'updated', - transformer: (input: Record) => - input ? {data: input, label: 'Date updated'} : undefined - } as unknown as ExecJSON.ControlDescription, - { - path: 'rejected', - transformer: (input: Record) => - input ? {data: input, label: 'Date rejected'} : undefined - } as unknown as ExecJSON.ControlDescription, { path: 'credits', transformer: (input: Record) => From ef3f64e13a7ccf39dca3a0e90dd7374649571c43 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 12 Aug 2024 11:39:34 -0400 Subject: [PATCH 43/61] Ref refactor Signed-off-by: Charles Hu --- .../sbom-dropwizard-vex-hdf-withraw.json | 620 +++++++++++------- .../sbom-dropwizard-vex-hdf.json | 620 +++++++++++------- .../sbom-dropwizard-vulns-hdf-withraw.json | 620 +++++++++++------- .../sbom-dropwizard-vulns-hdf.json | 620 +++++++++++------- .../sbom-vex-hdf-withraw.json | 58 +- .../cyclonedx_sbom_mapper/sbom-vex-hdf.json | 58 +- .../src/cyclonedx-sbom-mapper.ts | 27 +- 7 files changed, 1652 insertions(+), 971 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index 3f0a48f297..642034a596 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -42,14 +42,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine...", + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "id": "GHSA-5mg8-w23w-74h3", "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, @@ -87,14 +89,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix...", + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "id": "GHSA-7g45-4rm6-3mm3", "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, @@ -129,8 +133,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -171,8 +177,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -213,8 +221,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -255,14 +265,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool,...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "id": "GHSA-v3xw-c963-f5hc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, @@ -297,8 +309,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -339,8 +353,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -381,8 +397,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -423,8 +441,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -465,8 +485,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -507,14 +529,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "id": "GHSA-c2q3-4qrh-fm48", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, @@ -549,8 +573,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -591,8 +617,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -633,8 +661,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -675,14 +705,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as...", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "id": "GHSA-4w82-r329-3q67", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, @@ -717,14 +749,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class...", + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "id": "GHSA-rpr3-cw39-3pxh", "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, @@ -759,14 +793,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "id": "GHSA-fmmc-742q-jg75", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, @@ -801,14 +837,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "id": "GHSA-gjmw-vf9h-g25v", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, @@ -843,14 +881,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or...", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "id": "GHSA-mx7p-6679-8g3q", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, @@ -885,14 +925,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "id": "GHSA-q93h-jc49-78gg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, @@ -927,14 +969,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "id": "GHSA-p43x-xfjf-5jhr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, @@ -970,14 +1014,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the...", + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "id": "GHSA-h3cw-g4mq-c5x2", "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, @@ -1012,14 +1058,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to...", + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "id": "GHSA-qjw2-hr98-qgfh", "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, @@ -1054,8 +1102,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1096,8 +1146,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1138,8 +1190,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1180,8 +1234,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1222,8 +1278,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1264,8 +1322,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1306,8 +1366,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1348,8 +1410,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1390,8 +1454,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1432,8 +1498,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1474,8 +1542,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1516,14 +1586,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "id": "GHSA-5r5r-6hpj-8gg9", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, @@ -1558,8 +1630,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1601,8 +1675,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1644,14 +1720,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of...", + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "id": "GHSA-jjjh-jjxp-wpff", "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, @@ -1686,14 +1764,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The...", + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-5949-rw7g-wx7w", "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, @@ -1728,14 +1808,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of...", + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, @@ -1770,14 +1852,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows...", + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, @@ -1812,8 +1896,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1855,14 +1941,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a...", + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "id": "GHSA-rgv9-q543-rqg4", "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, @@ -1897,8 +1985,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1941,14 +2031,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary...", + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-8jpx-m2wh-2v34", "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, @@ -1985,14 +2077,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard...", + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-3mcp-9wr4-cjqf", "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, @@ -2029,8 +2123,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -2072,14 +2168,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "id": "GHSA-9w3m-gqgf-c4p9", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, @@ -2115,14 +2213,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser...", + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "id": "GHSA-w37g-rhq8-7m4j", "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, @@ -2158,14 +2258,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-c4r9-r8fh-9vj2", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, @@ -2201,14 +2303,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-hhhw-99gj-p3c3", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, @@ -2244,14 +2348,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-98wm-3w3q-mw94", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, @@ -2287,14 +2393,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth...", + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "id": "GHSA-3mc7-4q67-w48m", "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, @@ -2330,14 +2438,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new...", + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "id": "GHSA-mjmj-j48q-9wg2", "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, @@ -2372,14 +2482,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a...", + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "id": "GHSA-668q-qrv7-99fm", "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, @@ -2414,14 +2526,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending...", + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "id": "GHSA-vmq6-5m68-f53m", "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, @@ -2456,14 +2570,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such...", + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "id": "GHSA-m394-8rww-3jr7", "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, @@ -2498,14 +2614,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the...", + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "id": "GHSA-m6cp-vxjx-65j6", "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, @@ -2542,14 +2660,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large...", + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "id": "GHSA-26vr-8j45-3r4w", "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, @@ -2584,14 +2704,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior...", + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "id": "GHSA-p26g-97m4-6q7c", "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, @@ -2627,14 +2749,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the...", + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "id": "GHSA-qw69-rqj8-6qw8", "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, @@ -2669,14 +2793,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection...", + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "id": "GHSA-86wm-rrjm-8wh8", "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, @@ -2711,14 +2837,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with...", + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-cj7v-27pg-wf7q", "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, @@ -2755,14 +2883,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive...", + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "id": "GHSA-hmr7-m48g-48f6", "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, @@ -2801,14 +2931,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated...", + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "id": "GHSA-g3wg-6mcf-8jj6", "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, @@ -2843,14 +2975,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when...", + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "id": "GHSA-58qw-p7qm-5rvh", "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, @@ -2885,14 +3019,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request...", + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "id": "GHSA-gwcr-j4wh-j3cq", "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, @@ -2929,14 +3065,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the...", + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "id": "GHSA-3gh6-v5v9-6v9j", "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, @@ -2974,14 +3112,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static...", + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "id": "GHSA-269g-pwp5-87pp", "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, @@ -3016,7 +3156,9 @@ { "ref": [ { - "name": "INTERNAL" + "source": { + "name": "INTERNAL" + } } ] } @@ -3056,7 +3198,9 @@ { "ref": [ { - "name": "INTERNAL" + "source": { + "name": "INTERNAL" + } } ] } @@ -3097,14 +3241,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A...", + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-j8jw-g6fq-mp7h", "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, @@ -3139,14 +3285,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation...", + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "id": "GHSA-8grg-q944-cch5", "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, @@ -3181,14 +3329,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular...", + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "id": "GHSA-hwj3-m3p6-hj38", "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, @@ -3223,14 +3373,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the...", + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "id": "GHSA-7r82-7xv7-xcpj", "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, @@ -3265,14 +3417,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of...", + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "id": "GHSA-jvfv-hrrc-6q72", "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, @@ -3308,14 +3462,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from...", + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-wgmr-mf83-7x4j", "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, @@ -3350,14 +3506,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should...", + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "id": "GHSA-qppj-fm5r-hxr3", "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, @@ -3392,14 +3550,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as...", + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "id": "GHSA-rggv-cv7r-mw98", "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, @@ -3434,14 +3594,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following...", + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "id": "GHSA-wgh7-54f2-x98r", "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, @@ -3478,14 +3640,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to...", + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "id": "GHSA-w4g2-9hj6-5472", "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, @@ -3520,14 +3684,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a...", + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "id": "GHSA-mm8h-8587-p46h", "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, @@ -3562,14 +3728,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote...", + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, @@ -3606,14 +3774,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring,...", + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, @@ -3628,7 +3798,7 @@ ] } ], - "sha256": "03b83542495c79a3357c8fbaf3866ed19ef80d11dc9e784b483cfa177cdcbf00" + "sha256": "ba1925e7477830950378df78dd2403f10875a6c54b1c64e7566bb2922d516ff5" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json index f495576830..d47456cb31 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -42,14 +42,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine...", + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "id": "GHSA-5mg8-w23w-74h3", "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, @@ -87,14 +89,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix...", + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "id": "GHSA-7g45-4rm6-3mm3", "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, @@ -129,8 +133,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -171,8 +177,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -213,8 +221,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -255,14 +265,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool,...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "id": "GHSA-v3xw-c963-f5hc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, @@ -297,8 +309,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -339,8 +353,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -381,8 +397,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -423,8 +441,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -465,8 +485,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -507,14 +529,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "id": "GHSA-c2q3-4qrh-fm48", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, @@ -549,8 +573,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -591,8 +617,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -633,8 +661,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -675,14 +705,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as...", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "id": "GHSA-4w82-r329-3q67", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, @@ -717,14 +749,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class...", + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "id": "GHSA-rpr3-cw39-3pxh", "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, @@ -759,14 +793,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "id": "GHSA-fmmc-742q-jg75", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, @@ -801,14 +837,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "id": "GHSA-gjmw-vf9h-g25v", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, @@ -843,14 +881,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or...", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "id": "GHSA-mx7p-6679-8g3q", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, @@ -885,14 +925,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "id": "GHSA-q93h-jc49-78gg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, @@ -927,14 +969,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "id": "GHSA-p43x-xfjf-5jhr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, @@ -970,14 +1014,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the...", + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "id": "GHSA-h3cw-g4mq-c5x2", "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, @@ -1012,14 +1058,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to...", + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "id": "GHSA-qjw2-hr98-qgfh", "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, @@ -1054,8 +1102,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1096,8 +1146,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1138,8 +1190,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1180,8 +1234,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1222,8 +1278,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1264,8 +1322,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1306,8 +1366,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1348,8 +1410,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1390,8 +1454,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1432,8 +1498,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1474,8 +1542,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1516,14 +1586,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "id": "GHSA-5r5r-6hpj-8gg9", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, @@ -1558,8 +1630,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1601,8 +1675,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1644,14 +1720,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of...", + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "id": "GHSA-jjjh-jjxp-wpff", "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, @@ -1686,14 +1764,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The...", + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-5949-rw7g-wx7w", "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, @@ -1728,14 +1808,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of...", + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, @@ -1770,14 +1852,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows...", + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, @@ -1812,8 +1896,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1855,14 +1941,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a...", + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "id": "GHSA-rgv9-q543-rqg4", "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, @@ -1897,8 +1985,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1941,14 +2031,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary...", + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-8jpx-m2wh-2v34", "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, @@ -1985,14 +2077,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard...", + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-3mcp-9wr4-cjqf", "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, @@ -2029,8 +2123,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -2072,14 +2168,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "id": "GHSA-9w3m-gqgf-c4p9", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, @@ -2115,14 +2213,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser...", + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "id": "GHSA-w37g-rhq8-7m4j", "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, @@ -2158,14 +2258,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-c4r9-r8fh-9vj2", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, @@ -2201,14 +2303,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-hhhw-99gj-p3c3", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, @@ -2244,14 +2348,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-98wm-3w3q-mw94", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, @@ -2287,14 +2393,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth...", + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "id": "GHSA-3mc7-4q67-w48m", "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, @@ -2330,14 +2438,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new...", + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "id": "GHSA-mjmj-j48q-9wg2", "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, @@ -2372,14 +2482,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a...", + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "id": "GHSA-668q-qrv7-99fm", "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, @@ -2414,14 +2526,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending...", + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "id": "GHSA-vmq6-5m68-f53m", "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, @@ -2456,14 +2570,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such...", + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "id": "GHSA-m394-8rww-3jr7", "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, @@ -2498,14 +2614,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the...", + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "id": "GHSA-m6cp-vxjx-65j6", "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, @@ -2542,14 +2660,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large...", + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "id": "GHSA-26vr-8j45-3r4w", "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, @@ -2584,14 +2704,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior...", + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "id": "GHSA-p26g-97m4-6q7c", "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, @@ -2627,14 +2749,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the...", + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "id": "GHSA-qw69-rqj8-6qw8", "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, @@ -2669,14 +2793,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection...", + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "id": "GHSA-86wm-rrjm-8wh8", "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, @@ -2711,14 +2837,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with...", + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-cj7v-27pg-wf7q", "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, @@ -2755,14 +2883,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive...", + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "id": "GHSA-hmr7-m48g-48f6", "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, @@ -2801,14 +2931,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated...", + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "id": "GHSA-g3wg-6mcf-8jj6", "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, @@ -2843,14 +2975,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when...", + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "id": "GHSA-58qw-p7qm-5rvh", "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, @@ -2885,14 +3019,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request...", + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "id": "GHSA-gwcr-j4wh-j3cq", "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, @@ -2929,14 +3065,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the...", + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "id": "GHSA-3gh6-v5v9-6v9j", "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, @@ -2974,14 +3112,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static...", + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "id": "GHSA-269g-pwp5-87pp", "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, @@ -3016,7 +3156,9 @@ { "ref": [ { - "name": "INTERNAL" + "source": { + "name": "INTERNAL" + } } ] } @@ -3056,7 +3198,9 @@ { "ref": [ { - "name": "INTERNAL" + "source": { + "name": "INTERNAL" + } } ] } @@ -3097,14 +3241,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A...", + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-j8jw-g6fq-mp7h", "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, @@ -3139,14 +3285,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation...", + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "id": "GHSA-8grg-q944-cch5", "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, @@ -3181,14 +3329,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular...", + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "id": "GHSA-hwj3-m3p6-hj38", "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, @@ -3223,14 +3373,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the...", + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "id": "GHSA-7r82-7xv7-xcpj", "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, @@ -3265,14 +3417,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of...", + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "id": "GHSA-jvfv-hrrc-6q72", "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, @@ -3308,14 +3462,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from...", + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-wgmr-mf83-7x4j", "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, @@ -3350,14 +3506,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should...", + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "id": "GHSA-qppj-fm5r-hxr3", "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, @@ -3392,14 +3550,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as...", + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "id": "GHSA-rggv-cv7r-mw98", "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, @@ -3434,14 +3594,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following...", + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "id": "GHSA-wgh7-54f2-x98r", "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, @@ -3478,14 +3640,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to...", + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "id": "GHSA-w4g2-9hj6-5472", "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, @@ -3520,14 +3684,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a...", + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "id": "GHSA-mm8h-8587-p46h", "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, @@ -3562,14 +3728,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote...", + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, @@ -3606,14 +3774,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring,...", + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, @@ -3628,7 +3798,7 @@ ] } ], - "sha256": "03b83542495c79a3357c8fbaf3866ed19ef80d11dc9e784b483cfa177cdcbf00" + "sha256": "ba1925e7477830950378df78dd2403f10875a6c54b1c64e7566bb2922d516ff5" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index dff9084bf6..cce4467857 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -42,14 +42,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine...", + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "id": "GHSA-5mg8-w23w-74h3", "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, @@ -87,14 +89,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix...", + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "id": "GHSA-7g45-4rm6-3mm3", "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, @@ -129,8 +133,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -171,8 +177,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -213,8 +221,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -255,14 +265,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool,...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "id": "GHSA-v3xw-c963-f5hc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, @@ -297,8 +309,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -339,8 +353,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -381,8 +397,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -423,8 +441,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -465,8 +485,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -507,14 +529,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "id": "GHSA-c2q3-4qrh-fm48", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, @@ -549,8 +573,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -591,8 +617,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -633,8 +661,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -675,14 +705,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as...", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "id": "GHSA-4w82-r329-3q67", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, @@ -717,14 +749,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class...", + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "id": "GHSA-rpr3-cw39-3pxh", "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, @@ -759,14 +793,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "id": "GHSA-fmmc-742q-jg75", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, @@ -801,14 +837,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "id": "GHSA-gjmw-vf9h-g25v", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, @@ -843,14 +881,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or...", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "id": "GHSA-mx7p-6679-8g3q", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, @@ -885,14 +925,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "id": "GHSA-q93h-jc49-78gg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, @@ -927,14 +969,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "id": "GHSA-p43x-xfjf-5jhr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, @@ -970,14 +1014,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the...", + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "id": "GHSA-h3cw-g4mq-c5x2", "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, @@ -1012,14 +1058,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to...", + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "id": "GHSA-qjw2-hr98-qgfh", "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, @@ -1054,8 +1102,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1096,8 +1146,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1138,8 +1190,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1180,8 +1234,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1222,8 +1278,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1264,8 +1322,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1306,8 +1366,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1348,8 +1410,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1390,8 +1454,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1432,8 +1498,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1474,8 +1542,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1516,14 +1586,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "id": "GHSA-5r5r-6hpj-8gg9", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, @@ -1558,8 +1630,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1601,8 +1675,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1644,14 +1720,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of...", + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "id": "GHSA-jjjh-jjxp-wpff", "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, @@ -1686,14 +1764,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The...", + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-5949-rw7g-wx7w", "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, @@ -1728,14 +1808,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of...", + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, @@ -1770,14 +1852,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows...", + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, @@ -1812,8 +1896,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1855,14 +1941,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a...", + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "id": "GHSA-rgv9-q543-rqg4", "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, @@ -1897,8 +1985,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1941,14 +2031,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary...", + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-8jpx-m2wh-2v34", "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, @@ -1985,14 +2077,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard...", + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-3mcp-9wr4-cjqf", "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, @@ -2029,8 +2123,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -2072,14 +2168,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "id": "GHSA-9w3m-gqgf-c4p9", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, @@ -2115,14 +2213,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser...", + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "id": "GHSA-w37g-rhq8-7m4j", "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, @@ -2158,14 +2258,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-c4r9-r8fh-9vj2", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, @@ -2201,14 +2303,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-hhhw-99gj-p3c3", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, @@ -2244,14 +2348,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-98wm-3w3q-mw94", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, @@ -2287,14 +2393,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth...", + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "id": "GHSA-3mc7-4q67-w48m", "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, @@ -2330,14 +2438,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new...", + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "id": "GHSA-mjmj-j48q-9wg2", "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, @@ -2372,14 +2482,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a...", + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "id": "GHSA-668q-qrv7-99fm", "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, @@ -2414,14 +2526,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending...", + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "id": "GHSA-vmq6-5m68-f53m", "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, @@ -2462,14 +2576,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such...", + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "id": "GHSA-m394-8rww-3jr7", "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, @@ -2504,14 +2620,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the...", + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "id": "GHSA-m6cp-vxjx-65j6", "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, @@ -2548,14 +2666,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large...", + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "id": "GHSA-26vr-8j45-3r4w", "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, @@ -2590,14 +2710,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior...", + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "id": "GHSA-p26g-97m4-6q7c", "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, @@ -2633,14 +2755,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the...", + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "id": "GHSA-qw69-rqj8-6qw8", "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, @@ -2675,14 +2799,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection...", + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "id": "GHSA-86wm-rrjm-8wh8", "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, @@ -2717,14 +2843,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with...", + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-cj7v-27pg-wf7q", "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, @@ -2761,14 +2889,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive...", + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "id": "GHSA-hmr7-m48g-48f6", "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, @@ -2807,14 +2937,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated...", + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "id": "GHSA-g3wg-6mcf-8jj6", "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, @@ -2849,14 +2981,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when...", + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "id": "GHSA-58qw-p7qm-5rvh", "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, @@ -2891,14 +3025,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request...", + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "id": "GHSA-gwcr-j4wh-j3cq", "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, @@ -2935,14 +3071,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the...", + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "id": "GHSA-3gh6-v5v9-6v9j", "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, @@ -2980,14 +3118,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static...", + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "id": "GHSA-269g-pwp5-87pp", "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, @@ -3022,7 +3162,9 @@ { "ref": [ { - "name": "INTERNAL" + "source": { + "name": "INTERNAL" + } } ] } @@ -3062,7 +3204,9 @@ { "ref": [ { - "name": "INTERNAL" + "source": { + "name": "INTERNAL" + } } ] } @@ -3103,14 +3247,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A...", + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-j8jw-g6fq-mp7h", "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, @@ -3145,14 +3291,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation...", + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "id": "GHSA-8grg-q944-cch5", "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, @@ -3187,14 +3335,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular...", + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "id": "GHSA-hwj3-m3p6-hj38", "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, @@ -3229,14 +3379,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the...", + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "id": "GHSA-7r82-7xv7-xcpj", "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, @@ -3271,14 +3423,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of...", + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "id": "GHSA-jvfv-hrrc-6q72", "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, @@ -3314,14 +3468,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from...", + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-wgmr-mf83-7x4j", "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, @@ -3356,14 +3512,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should...", + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "id": "GHSA-qppj-fm5r-hxr3", "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, @@ -3404,14 +3562,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as...", + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "id": "GHSA-rggv-cv7r-mw98", "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, @@ -3446,14 +3606,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following...", + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "id": "GHSA-wgh7-54f2-x98r", "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, @@ -3490,14 +3652,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to...", + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "id": "GHSA-w4g2-9hj6-5472", "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, @@ -3532,14 +3696,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a...", + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "id": "GHSA-mm8h-8587-p46h", "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, @@ -3574,14 +3740,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote...", + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, @@ -3618,14 +3786,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring,...", + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, @@ -3640,7 +3810,7 @@ ] } ], - "sha256": "bf70242005c6b5e676974f138b98d38be83bb0d941a8a31a8985a17567976521" + "sha256": "a2a9f29c527b6e627114bf5ca676805fe7920a9ad1e0d2d63f3444f0c35d1f69" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json index 380c7645cf..191b0ffda4 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -42,14 +42,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine...", + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "id": "GHSA-5mg8-w23w-74h3", "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, @@ -87,14 +89,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix...", + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "id": "GHSA-7g45-4rm6-3mm3", "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, @@ -129,8 +133,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -171,8 +177,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -213,8 +221,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -255,14 +265,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool,...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "id": "GHSA-v3xw-c963-f5hc", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, @@ -297,8 +309,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -339,8 +353,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -381,8 +397,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -423,8 +441,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -465,8 +485,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -507,14 +529,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "id": "GHSA-c2q3-4qrh-fm48", "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, @@ -549,8 +573,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -591,8 +617,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -633,8 +661,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -675,14 +705,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as...", + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "id": "GHSA-4w82-r329-3q67", "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, @@ -717,14 +749,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class...", + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "id": "GHSA-rpr3-cw39-3pxh", "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, @@ -759,14 +793,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "id": "GHSA-fmmc-742q-jg75", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, @@ -801,14 +837,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is...", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "id": "GHSA-gjmw-vf9h-g25v", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, @@ -843,14 +881,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or...", + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "id": "GHSA-mx7p-6679-8g3q", "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, @@ -885,14 +925,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "id": "GHSA-q93h-jc49-78gg", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, @@ -927,14 +969,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "id": "GHSA-p43x-xfjf-5jhr", "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, @@ -970,14 +1014,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the...", + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "id": "GHSA-h3cw-g4mq-c5x2", "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, @@ -1012,14 +1058,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to...", + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "id": "GHSA-qjw2-hr98-qgfh", "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, @@ -1054,8 +1102,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1096,8 +1146,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1138,8 +1190,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1180,8 +1234,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1222,8 +1278,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1264,8 +1322,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1306,8 +1366,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1348,8 +1410,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1390,8 +1454,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1432,8 +1498,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1474,8 +1542,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1516,14 +1586,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in...", + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "id": "GHSA-5r5r-6hpj-8gg9", "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, @@ -1558,8 +1630,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1601,8 +1675,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1644,14 +1720,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of...", + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "id": "GHSA-jjjh-jjxp-wpff", "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, @@ -1686,14 +1764,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The...", + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-5949-rw7g-wx7w", "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, @@ -1728,14 +1808,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of...", + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, @@ -1770,14 +1852,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows...", + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, @@ -1812,8 +1896,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1855,14 +1941,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a...", + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "id": "GHSA-rgv9-q543-rqg4", "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, @@ -1897,8 +1985,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -1941,14 +2031,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary...", + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-8jpx-m2wh-2v34", "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, @@ -1985,14 +2077,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard...", + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-3mcp-9wr4-cjqf", "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, @@ -2029,8 +2123,10 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } @@ -2072,14 +2168,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "id": "GHSA-9w3m-gqgf-c4p9", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, @@ -2115,14 +2213,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser...", + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "id": "GHSA-w37g-rhq8-7m4j", "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, @@ -2158,14 +2258,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-c4r9-r8fh-9vj2", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, @@ -2201,14 +2303,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-hhhw-99gj-p3c3", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, @@ -2244,14 +2348,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is...", + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-98wm-3w3q-mw94", "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, @@ -2287,14 +2393,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth...", + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "id": "GHSA-3mc7-4q67-w48m", "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, @@ -2330,14 +2438,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new...", + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "id": "GHSA-mjmj-j48q-9wg2", "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, @@ -2372,14 +2482,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a...", + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "id": "GHSA-668q-qrv7-99fm", "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, @@ -2414,14 +2526,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending...", + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "id": "GHSA-vmq6-5m68-f53m", "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, @@ -2462,14 +2576,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such...", + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "id": "GHSA-m394-8rww-3jr7", "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, @@ -2504,14 +2620,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the...", + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "id": "GHSA-m6cp-vxjx-65j6", "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, @@ -2548,14 +2666,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large...", + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "id": "GHSA-26vr-8j45-3r4w", "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, @@ -2590,14 +2710,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior...", + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "id": "GHSA-p26g-97m4-6q7c", "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, @@ -2633,14 +2755,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the...", + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "id": "GHSA-qw69-rqj8-6qw8", "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, @@ -2675,14 +2799,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection...", + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "id": "GHSA-86wm-rrjm-8wh8", "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, @@ -2717,14 +2843,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with...", + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-cj7v-27pg-wf7q", "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, @@ -2761,14 +2889,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive...", + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "id": "GHSA-hmr7-m48g-48f6", "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, @@ -2807,14 +2937,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated...", + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "id": "GHSA-g3wg-6mcf-8jj6", "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, @@ -2849,14 +2981,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when...", + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "id": "GHSA-58qw-p7qm-5rvh", "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, @@ -2891,14 +3025,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request...", + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "id": "GHSA-gwcr-j4wh-j3cq", "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, @@ -2935,14 +3071,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the...", + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "id": "GHSA-3gh6-v5v9-6v9j", "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, @@ -2980,14 +3118,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static...", + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "id": "GHSA-269g-pwp5-87pp", "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, @@ -3022,7 +3162,9 @@ { "ref": [ { - "name": "INTERNAL" + "source": { + "name": "INTERNAL" + } } ] } @@ -3062,7 +3204,9 @@ { "ref": [ { - "name": "INTERNAL" + "source": { + "name": "INTERNAL" + } } ] } @@ -3103,14 +3247,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A...", + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-j8jw-g6fq-mp7h", "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, @@ -3145,14 +3291,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation...", + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "id": "GHSA-8grg-q944-cch5", "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, @@ -3187,14 +3335,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular...", + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "id": "GHSA-hwj3-m3p6-hj38", "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, @@ -3229,14 +3379,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the...", + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "id": "GHSA-7r82-7xv7-xcpj", "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, @@ -3271,14 +3423,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of...", + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "id": "GHSA-jvfv-hrrc-6q72", "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, @@ -3314,14 +3468,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from...", + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-wgmr-mf83-7x4j", "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, @@ -3356,14 +3512,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should...", + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "id": "GHSA-qppj-fm5r-hxr3", "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, @@ -3404,14 +3562,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as...", + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "id": "GHSA-rggv-cv7r-mw98", "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, @@ -3446,14 +3606,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following...", + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "id": "GHSA-wgh7-54f2-x98r", "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, @@ -3490,14 +3652,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to...", + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "id": "GHSA-w4g2-9hj6-5472", "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, @@ -3532,14 +3696,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a...", + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "id": "GHSA-mm8h-8587-p46h", "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, @@ -3574,14 +3740,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote...", + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, @@ -3618,14 +3786,16 @@ { "ref": [ { - "name": "GITHUB", - "url": "https://github.com/advisories" + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } } ] } ], "source_location": {}, - "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring,...", + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, @@ -3640,7 +3810,7 @@ ] } ], - "sha256": "bf70242005c6b5e676974f138b98d38be83bb0d941a8a31a8985a17567976521" + "sha256": "a2a9f29c527b6e627114bf5ca676805fe7920a9ad1e0d2d63f3444f0c35d1f69" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json index e7a30d0822..4b9bd0f71f 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json @@ -52,37 +52,43 @@ { "ref": [ { - "name": "NVD", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" + } }, - [ - { - "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302", - "source": { - "name": "SNYK", - "url": "https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302" + { + "references": [ + { + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302", + "source": { + "name": "SNYK", + "url": "https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302" + } } - } - ], - [ - { - "title": "GitHub Commit", - "url": "https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/FasterXML/jackson-databind/issues/2589" - }, - { - "title": "RedHat Bugzilla Bug", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" - } - ] + ] + }, + { + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/2589" + }, + { + "title": "RedHat Bugzilla Bug", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" + } + ] + } ] } ], "source_location": {}, - "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package...", + "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", "id": "CVE-2020-25649", "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", "impact": 0.82, @@ -97,7 +103,7 @@ ] } ], - "sha256": "de340123e25d2d20c70b9ffc2f7f9f59d264b331ea37b662be6def8a5eb7705b" + "sha256": "b49665f82538e2550edbdc5cb008df636fbf721891c517523017b9aab060b92e" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json index 4b9730ecac..75e302f6be 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json @@ -52,37 +52,43 @@ { "ref": [ { - "name": "NVD", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" + } }, - [ - { - "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302", - "source": { - "name": "SNYK", - "url": "https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302" + { + "references": [ + { + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302", + "source": { + "name": "SNYK", + "url": "https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302" + } } - } - ], - [ - { - "title": "GitHub Commit", - "url": "https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/FasterXML/jackson-databind/issues/2589" - }, - { - "title": "RedHat Bugzilla Bug", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" - } - ] + ] + }, + { + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/2589" + }, + { + "title": "RedHat Bugzilla Bug", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" + } + ] + } ] } ], "source_location": {}, - "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package...", + "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", "id": "CVE-2020-25649", "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", "impact": 0.82, @@ -97,7 +103,7 @@ ] } ], - "sha256": "de340123e25d2d20c70b9ffc2f7f9f59d264b331ea37b662be6def8a5eb7705b" + "sha256": "b49665f82538e2550edbdc5cb008df636fbf721891c517523017b9aab060b92e" } ], "passthrough": { diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 43cceef3a2..2659929ab1 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -61,7 +61,7 @@ function getNISTTags(input: CweRepository): string[] { // A single SBOM vulnerability can contain multiple security ratings // Find the max of any existing ratings and then pass to `impact` -function aggregateImpact(ratings: RatingRepository): number { +function maxImpact(ratings: RatingRepository): number { let impact = 0; for (const rating of ratings) { // Prefer to use CVSS-based `score` field when possible @@ -296,7 +296,7 @@ export class CycloneDXSBOMMapper extends BaseConverter { if (input.licenses) { // Certain license reports only provide the license name in the `name` field // Check there first and then default to `id` - return [..._.cloneDeep(input.licenses)] + return [...input.licenses] .map((license) => _.has(license, 'license.name') ? _.get(license, 'license.name') @@ -386,12 +386,9 @@ export class CycloneDXSBOMMapper extends BaseConverter { input: Record ): Record => { const searchFor = ['source', 'references', 'advisories']; - const ref = []; - for (const key of searchFor) { - if (input[key]) { - ref.push(input[key] as Record); - } - } + const ref = searchFor + .filter((key) => input.hasOwnProperty(key)) + .map((key) => _.pick(input, key)); return {ref: ref}; } } @@ -399,16 +396,8 @@ export class CycloneDXSBOMMapper extends BaseConverter { source_location: {}, title: { // Give description as title if possible - // Cut off description after certain word count for frontend display on smaller screens - transformer: (input: Record): string => { - if (input.description) { - return (input.description as string).split(' ').length > 20 - ? `${(input.description as string).split(' ').splice(0, 20).join(' ')}...` - : `${input.description}`; - } else { - return `${input.id}`; - } - } + transformer: (input: Record): string => + input.description ? `${input.description}` : `${input.id}` }, id: {path: 'id'}, desc: { @@ -417,7 +406,7 @@ export class CycloneDXSBOMMapper extends BaseConverter { input: Record ): string | undefined => (input ? `${input}` : undefined) }, - impact: {path: 'ratings', transformer: aggregateImpact}, + impact: {path: 'ratings', transformer: maxImpact}, code: { transformer: (vulnerability: Record): string => JSON.stringify( From 4df5a0da79a4a0fbb9532a135da5803c552511ce Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 12 Aug 2024 16:15:31 -0400 Subject: [PATCH 44/61] Typing refactor, component hierarchy refactor Signed-off-by: Charles Hu --- .../src/cyclonedx-sbom-mapper.ts | 151 +++++++++++------- 1 file changed, 97 insertions(+), 54 deletions(-) diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 2659929ab1..945039ae8e 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -6,6 +6,7 @@ import {CweNistMapping} from './mappings/CweNistMapping'; import {getCCIsForNISTTags} from './utils/global'; import { RatingRepository, + Vulnerability, VulnerabilityRepository } from '@cyclonedx/cyclonedx-library/dist.d/models/vulnerability'; import {CweRepository} from '@cyclonedx/cyclonedx-library/dist.d/types'; @@ -13,19 +14,20 @@ import {Severity} from '@cyclonedx/cyclonedx-library/dist.d/enums/vulnerability' import { Component, ComponentRepository, - OptionalBomProperties + OptionalBomProperties, + OptionalComponentProperties } from '@cyclonedx/cyclonedx-library/dist.d/models'; -type IntermediaryComponent = { +type IntermediaryComponent = Omit & { components?: IntermediaryComponent[]; affectingVulnerabilities?: string[]; - [key: string]: unknown; + name: string; + 'bom-ref'?: string; + isDummy?: boolean; }; -type IntermediaryVulnerability = { - affectedComponents?: IntermediaryComponent[]; - affects: Record[]; - [key: string]: unknown; +type IntermediaryVulnerability = Vulnerability & { + affectedComponents?: number[]; }; type DataStorage = { @@ -125,23 +127,26 @@ export class CycloneDXSBOMResults { } /* - Copy all components that are affected by a vulnerability and place them under that corresponding vulnerability + Copy the indices of all components that are affected by a vulnerability and place them under that corresponding vulnerability Also note in each component the IDs of the vulnerabilities that affect them This allows for bidirectional traversal in SBOM view Should result in the following general structure: { - components: [...], + components: [ + component: { + affectingVulnerabilities: [ // Added field + vulnID, + ... + ], + ... + }, + ... + ], vulnerabilities: [ vulnerability: { - affectedComponents: [ // Added field - component: { - affectingVulnerabilities: [ // Added field - vulnID, - ... - ], - ... - }, + affectedComponents: [ // Added field + componentIndex, ... ], ... @@ -162,26 +167,10 @@ export class CycloneDXSBOMResults { for (const id of vulnerability.affects) { for (const component of data.components as IntermediaryComponent[]) { // Find every component that is affected via listed bom-refs - if (component['bom-ref'] === id.ref) { - // Add that affected component to the corresponding vulnerability object - // Selectively pick out fields to display; full components are listed in full component structure + if (_.get(component, 'bom-ref') === id.ref.toString()) { + // Add the index of that affected component to the corresponding vulnerability object vulnerability.affectedComponents.push( - _.pick(component, [ - 'type', - 'mime-type', - 'bom-ref', - 'supplier', - 'manufacturer', - 'authors', // Replaces `author` in v1.6 - 'author', // Deprecated in v1.6 - 'publisher', - 'group', - 'name', - 'version', - 'description', - 'licenses', - 'copyright' - ]) + (data.components as IntermediaryComponent[]).indexOf(component) ); if (!component.affectingVulnerabilities) { @@ -189,7 +178,7 @@ export class CycloneDXSBOMResults { } // Also record the ID of the vulnerability in the component for use in bidirectional traversal component.affectingVulnerabilities.push( - vulnerability['bom-ref'] as string + _.get(vulnerability, 'bom-ref') as unknown as string ); } } @@ -204,14 +193,24 @@ export class CycloneDXSBOMResults { data.vulnerabilities = [ ...(_.cloneDeep(data.raw.vulnerabilities) as VulnerabilityRepository) ] as unknown as IntermediaryVulnerability[]; + // Have an empty components listing since this is a VEX + data.components = []; for (const vulnerability of data.vulnerabilities) { - // Build a dummy component for each bom-ref identified as being affected by the vulnerability - // Add that component to the corresponding vulnerability object - vulnerability.affectedComponents = vulnerability.affects.map((id) => ({ - 'bom-ref': `${id.ref}`, - name: `${id.ref}` - })); + vulnerability.affectedComponents = [...vulnerability.affects].map( + (id) => { + // Build a dummy component for each bom-ref identified as being affected by the vulnerability + const dummy: IntermediaryComponent = { + name: `${id.ref}`, + 'bom-ref': `${id.ref}`, + isDummy: true + }; + // Add that component to the corresponding vulnerability object + (data.components as IntermediaryComponent[]).push(dummy); + // Return the index of that dummy object + return (data.components as IntermediaryComponent[]).indexOf(dummy); + } + ); } } @@ -223,6 +222,17 @@ export class CycloneDXSBOMResults { export class CycloneDXSBOMMapper extends BaseConverter { withRaw: boolean; + // Pull any keys from a given index for the stored components listing + getComponentValueAtIndex( + index: number, + keys: string[] + ): Record { + return _.pick( + (this.data.components as IntermediaryComponent[])[index], + keys + ); + } + mappings: MappedTransform< ExecJSON.Execution & {passthrough: unknown}, ILookupPath @@ -420,20 +430,48 @@ export class CycloneDXSBOMMapper extends BaseConverter { path: 'affectedComponents', status: ExecJSON.ControlResultStatus.Failed, code_desc: { - transformer: (input: Record): string => { - const group = input.group ? `${input.group}/` : ''; - const version = input.version ? `@${input.version}` : ''; - return `Component ${group}${input.name}${version} is vulnerable`; + transformer: (index: number): string => { + const selectComponentValues = this.getComponentValueAtIndex( + index, + ['group', 'version', 'name'] + ); + const group = _.has(selectComponentValues, 'group') + ? `${selectComponentValues.group}/` + : ''; + const version = _.has(selectComponentValues, 'version') + ? `@${selectComponentValues.version}` + : ''; + return `Component ${group}${_.get(selectComponentValues, 'name')}${version} is vulnerable`; } }, message: { - transformer: (input: Record): string => { + transformer: (index: number): string => { + // Selectively pick out fields to display; full components are listed in full component structure + const selectComponentValues = this.getComponentValueAtIndex( + index, + [ + 'type', + 'mime-type', + 'bom-ref', + 'supplier', + 'manufacturer', + 'authors', // Replaces `author` in v1.6 + 'author', // Deprecated in v1.6 + 'publisher', + 'group', + 'name', + 'version', + 'description', + 'licenses', + 'copyright' + ] + ); let msg = '-Component Summary-'; - for (const item in input) { - if (input[item] instanceof Array) { - msg += `\n\n- ${_.capitalize(item)}: ${JSON.stringify(input[item], null, 2).replace(/"/g, '')}`; + for (const item in selectComponentValues) { + if (_.get(selectComponentValues, item) instanceof Array) { + msg += `\n\n- ${_.capitalize(item)}: ${JSON.stringify(_.get(selectComponentValues, item), null, 2).replace(/"/g, '')}`; } else { - msg += `\n\n- ${_.capitalize(item)}: ${input[item]}`; + msg += `\n\n- ${_.capitalize(item)}: ${_.get(selectComponentValues, item)}`; } } return msg; @@ -448,12 +486,17 @@ export class CycloneDXSBOMMapper extends BaseConverter { } ], passthrough: { - transformer: (input: Record): Record => { + transformer: (input: DataStorage): Record => { + // VEX files will generate dummy components for control results + // Filter them out for the proper components listing + const components = ( + _.get(input, 'components') as IntermediaryComponent[] + ).filter((component) => !component.isDummy); return { auxiliary_data: [ { name: 'SBOM', - components: _.get(input, 'components'), + components: components.length ? components : undefined, dependencies: _.get(input, 'raw.dependencies'), data: _.omit(input.raw, [ 'components', From cd74818ad3315443a97298c5f6b6a11c23d44bf1 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Tue, 13 Aug 2024 09:42:09 -0400 Subject: [PATCH 45/61] Typing fixes Signed-off-by: Charles Hu --- .../sbom-dropwizard-vex-hdf-withraw.json | 427 +++++++----------- .../sbom-dropwizard-vex-hdf.json | 427 +++++++----------- .../sbom-dropwizard-vulns-hdf-withraw.json | 427 +++++++----------- .../sbom-dropwizard-vulns-hdf.json | 427 +++++++----------- .../sbom-vex-hdf-withraw.json | 5 +- .../cyclonedx_sbom_mapper/sbom-vex-hdf.json | 5 +- .../src/cyclonedx-sbom-mapper.ts | 70 +-- 7 files changed, 722 insertions(+), 1066 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index 642034a596..0832fa8901 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -32,10 +32,9 @@ "CWE-378", "CWE-732" ], - "created": "", + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", "published": "2021-03-25T17:04:19Z", - "updated": "2023-11-09T18:44:38Z", - "rejected": "" + "updated": "2023-11-09T18:44:38Z" }, "descriptions": [], "refs": [ @@ -79,10 +78,9 @@ "CWE-379", "CWE-552" ], - "created": "", + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", "published": "2023-06-14T18:30:38Z", - "updated": "2024-02-13T21:49:15Z", - "rejected": "" + "updated": "2024-02-13T21:49:15Z" }, "descriptions": [], "refs": [ @@ -123,10 +121,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", "published": "2020-04-23T21:08:40Z", - "updated": "2023-02-01T05:02:59Z", - "rejected": "" + "updated": "2023-02-01T05:02:59Z" }, "descriptions": [], "refs": [ @@ -167,10 +164,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", "published": "2020-05-15T18:58:44Z", - "updated": "2023-02-01T05:02:59Z", - "rejected": "" + "updated": "2023-02-01T05:02:59Z" }, "descriptions": [], "refs": [ @@ -211,10 +207,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", "published": "2020-06-10T21:12:41Z", - "updated": "2023-02-01T05:03:03Z", - "rejected": "" + "updated": "2023-02-01T05:03:03Z" }, "descriptions": [], "refs": [ @@ -255,10 +250,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", "published": "2020-05-15T18:58:50Z", - "updated": "2023-02-01T05:03:05Z", - "rejected": "" + "updated": "2023-02-01T05:03:05Z" }, "descriptions": [], "refs": [ @@ -299,10 +293,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", "published": "2020-04-23T20:19:02Z", - "updated": "2024-03-15T00:41:35Z", - "rejected": "" + "updated": "2024-03-15T00:41:35Z" }, "descriptions": [], "refs": [ @@ -343,10 +336,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", "published": "2020-05-15T18:58:47Z", - "updated": "2024-03-15T00:48:55Z", - "rejected": "" + "updated": "2024-03-15T00:48:55Z" }, "descriptions": [], "refs": [ @@ -387,10 +379,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", "published": "2020-05-15T18:58:54Z", - "updated": "2024-03-15T00:50:18Z", - "rejected": "" + "updated": "2024-03-15T00:50:18Z" }, "descriptions": [], "refs": [ @@ -431,10 +422,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", "published": "2020-04-23T21:36:03Z", - "updated": "2024-06-25T13:46:45Z", - "rejected": "" + "updated": "2024-06-25T13:46:45Z" }, "descriptions": [], "refs": [ @@ -475,10 +465,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", "published": "2020-04-23T16:32:59Z", - "updated": "2024-07-03T21:10:50Z", - "rejected": "" + "updated": "2024-07-03T21:10:50Z" }, "descriptions": [], "refs": [ @@ -519,10 +508,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", "published": "2020-06-18T14:44:50Z", - "updated": "2023-02-01T05:04:14Z", - "rejected": "" + "updated": "2023-02-01T05:04:14Z" }, "descriptions": [], "refs": [ @@ -563,10 +551,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", "published": "2020-06-18T14:44:43Z", - "updated": "2024-03-15T00:37:17Z", - "rejected": "" + "updated": "2024-03-15T00:37:17Z" }, "descriptions": [], "refs": [ @@ -607,10 +594,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", "published": "2020-06-18T14:44:46Z", - "updated": "2024-03-15T00:39:55Z", - "rejected": "" + "updated": "2024-03-15T00:39:55Z" }, "descriptions": [], "refs": [ @@ -651,10 +637,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", "published": "2020-06-18T14:44:48Z", - "updated": "2024-06-25T13:46:04Z", - "rejected": "" + "updated": "2024-06-25T13:46:04Z" }, "descriptions": [], "refs": [ @@ -695,10 +680,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", "published": "2020-03-04T20:52:14Z", - "updated": "2023-06-08T19:02:12Z", - "rejected": "" + "updated": "2023-06-08T19:02:12Z" }, "descriptions": [], "refs": [ @@ -739,10 +723,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", "published": "2022-07-15T19:41:47Z", - "updated": "2023-08-18T15:45:27Z", - "rejected": "" + "updated": "2023-08-18T15:45:27Z" }, "descriptions": [], "refs": [ @@ -783,10 +766,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", "published": "2019-11-13T00:32:27Z", - "updated": "2023-09-14T14:55:20Z", - "rejected": "" + "updated": "2023-09-14T14:55:20Z" }, "descriptions": [], "refs": [ @@ -827,10 +809,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", "published": "2019-11-13T00:32:38Z", - "updated": "2023-09-14T14:55:25Z", - "rejected": "" + "updated": "2023-09-14T14:55:25Z" }, "descriptions": [], "refs": [ @@ -871,10 +852,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", "published": "2019-10-28T20:51:15Z", - "updated": "2024-03-15T00:57:37Z", - "rejected": "" + "updated": "2024-03-15T00:57:37Z" }, "descriptions": [], "refs": [ @@ -915,10 +895,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", "published": "2020-05-15T18:59:10Z", - "updated": "2023-09-14T15:09:40Z", - "rejected": "" + "updated": "2023-09-14T15:09:40Z" }, "descriptions": [], "refs": [ @@ -959,10 +938,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", "published": "2020-05-15T18:59:01Z", - "updated": "2024-03-15T00:20:09Z", - "rejected": "" + "updated": "2024-03-15T00:20:09Z" }, "descriptions": [], "refs": [ @@ -1004,10 +982,9 @@ "CWE-94", "CWE-502" ], - "created": "", + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", "published": "2021-12-09T19:14:51Z", - "updated": "2023-09-14T15:44:55Z", - "rejected": "" + "updated": "2023-09-14T15:44:55Z" }, "descriptions": [], "refs": [ @@ -1048,10 +1025,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", "published": "2021-12-09T19:15:36Z", - "updated": "2023-09-14T15:47:50Z", - "rejected": "" + "updated": "2023-09-14T15:47:50Z" }, "descriptions": [], "refs": [ @@ -1092,10 +1068,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", "published": "2021-12-09T19:16:02Z", - "updated": "2023-09-14T15:52:49Z", - "rejected": "" + "updated": "2023-09-14T15:52:49Z" }, "descriptions": [], "refs": [ @@ -1136,10 +1111,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", "published": "2021-12-09T19:16:26Z", - "updated": "2023-09-14T15:53:30Z", - "rejected": "" + "updated": "2023-09-14T15:53:30Z" }, "descriptions": [], "refs": [ @@ -1180,10 +1154,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", "published": "2021-11-19T20:13:06Z", - "updated": "2023-09-14T15:59:33Z", - "rejected": "" + "updated": "2023-09-14T15:59:33Z" }, "descriptions": [], "refs": [ @@ -1224,10 +1197,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", "published": "2021-12-09T19:16:51Z", - "updated": "2023-09-14T16:01:31Z", - "rejected": "" + "updated": "2023-09-14T16:01:31Z" }, "descriptions": [], "refs": [ @@ -1268,10 +1240,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", "published": "2021-12-09T19:16:59Z", - "updated": "2023-09-14T16:04:22Z", - "rejected": "" + "updated": "2023-09-14T16:04:22Z" }, "descriptions": [], "refs": [ @@ -1312,10 +1283,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", "published": "2021-12-09T19:16:42Z", - "updated": "2023-09-14T16:04:22Z", - "rejected": "" + "updated": "2023-09-14T16:04:22Z" }, "descriptions": [], "refs": [ @@ -1356,10 +1326,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", "published": "2021-12-09T19:16:10Z", - "updated": "2023-09-14T16:07:00Z", - "rejected": "" + "updated": "2023-09-14T16:07:00Z" }, "descriptions": [], "refs": [ @@ -1400,10 +1369,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", "published": "2021-12-09T19:15:54Z", - "updated": "2023-09-14T16:07:40Z", - "rejected": "" + "updated": "2023-09-14T16:07:40Z" }, "descriptions": [], "refs": [ @@ -1444,10 +1412,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", "published": "2021-12-09T19:15:46Z", - "updated": "2023-09-14T16:08:37Z", - "rejected": "" + "updated": "2023-09-14T16:08:37Z" }, "descriptions": [], "refs": [ @@ -1488,10 +1455,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", "published": "2021-12-09T19:16:18Z", - "updated": "2023-09-14T16:13:01Z", - "rejected": "" + "updated": "2023-09-14T16:13:01Z" }, "descriptions": [], "refs": [ @@ -1532,10 +1498,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", "published": "2021-12-09T19:16:34Z", - "updated": "2023-09-14T16:15:44Z", - "rejected": "" + "updated": "2023-09-14T16:15:44Z" }, "descriptions": [], "refs": [ @@ -1576,10 +1541,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", "published": "2021-12-09T19:15:24Z", - "updated": "2023-11-21T11:40:53Z", - "rejected": "" + "updated": "2023-11-21T11:40:53Z" }, "descriptions": [], "refs": [ @@ -1620,10 +1584,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", "published": "2021-12-09T19:15:00Z", - "updated": "2024-03-15T00:28:08Z", - "rejected": "" + "updated": "2024-03-15T00:28:08Z" }, "descriptions": [], "refs": [ @@ -1665,10 +1628,9 @@ "CWE-502", "CWE-913" ], - "created": "", + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", "published": "2021-12-09T19:15:11Z", - "updated": "2024-06-25T13:47:23Z", - "rejected": "" + "updated": "2024-06-25T13:47:23Z" }, "descriptions": [], "refs": [ @@ -1710,10 +1672,9 @@ "CWE-400", "CWE-502" ], - "created": "", + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-15T00:14:44Z", - "rejected": "" + "updated": "2024-03-15T00:14:44Z" }, "descriptions": [], "refs": [ @@ -1754,10 +1715,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", "published": "2021-01-20T21:20:15Z", - "updated": "2024-03-15T00:16:04Z", - "rejected": "" + "updated": "2024-03-15T00:16:04Z" }, "descriptions": [], "refs": [ @@ -1798,10 +1758,9 @@ "cwe": [ "CWE-787" ], - "created": "", + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", "published": "2022-03-12T00:00:36Z", - "updated": "2024-03-15T00:24:56Z", - "rejected": "" + "updated": "2024-03-15T00:24:56Z" }, "descriptions": [], "refs": [ @@ -1842,10 +1801,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", "published": "2021-02-18T20:51:54Z", - "updated": "2024-03-15T00:31:24Z", - "rejected": "" + "updated": "2024-03-15T00:31:24Z" }, "descriptions": [], "refs": [ @@ -1886,10 +1844,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", "published": "2020-03-04T20:52:11Z", - "updated": "2024-03-15T00:52:59Z", - "rejected": "" + "updated": "2024-03-15T00:52:59Z" }, "descriptions": [], "refs": [ @@ -1931,10 +1888,9 @@ "CWE-400", "CWE-502" ], - "created": "", + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-24T05:01:05Z", - "rejected": "" + "updated": "2024-03-24T05:01:05Z" }, "descriptions": [], "refs": [ @@ -1975,10 +1931,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", "published": "2020-05-15T18:59:04Z", - "updated": "2024-07-03T21:10:31Z", - "rejected": "" + "updated": "2024-07-03T21:10:31Z" }, "descriptions": [], "refs": [ @@ -2021,10 +1976,9 @@ "cwe": [ "CWE-74" ], - "created": "", + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", "published": "2020-04-10T18:42:20Z", - "updated": "2023-01-09T05:02:18Z", - "rejected": "" + "updated": "2023-01-09T05:02:18Z" }, "descriptions": [], "refs": [ @@ -2067,10 +2021,9 @@ "cwe": [ "CWE-74" ], - "created": "", + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", "published": "2020-02-24T17:27:27Z", - "updated": "2024-06-05T16:42:03Z", - "rejected": "" + "updated": "2024-06-05T16:42:03Z" }, "descriptions": [], "refs": [ @@ -2113,10 +2066,9 @@ "cwe": [ "CWE-776" ], - "created": "", + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", "published": "2021-06-04T21:37:45Z", - "updated": "2023-05-22T20:17:58Z", - "rejected": "" + "updated": "2023-05-22T20:17:58Z" }, "descriptions": [], "refs": [ @@ -2158,10 +2110,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2203,10 +2154,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", "published": "2022-11-11T19:00:31Z", - "updated": "2024-06-21T21:33:52Z", - "rejected": "" + "updated": "2024-06-21T21:33:52Z" }, "descriptions": [], "refs": [ @@ -2248,10 +2198,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2293,10 +2242,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2338,10 +2286,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2383,10 +2330,9 @@ "CWE-400", "CWE-776" ], - "created": "", + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", "published": "2022-08-31T00:00:24Z", - "updated": "2024-03-15T19:06:46Z", - "rejected": "" + "updated": "2024-03-15T19:06:46Z" }, "descriptions": [], "refs": [ @@ -2428,10 +2374,9 @@ "CWE-20", "CWE-502" ], - "created": "", + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", "published": "2022-12-12T21:19:47Z", - "updated": "2024-06-24T21:22:59Z", - "rejected": "" + "updated": "2024-06-24T21:22:59Z" }, "descriptions": [], "refs": [ @@ -2472,10 +2417,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", "published": "2021-12-17T20:00:50Z", - "updated": "2023-01-30T05:04:55Z", - "rejected": "" + "updated": "2023-01-30T05:04:55Z" }, "descriptions": [], "refs": [ @@ -2516,10 +2460,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", "published": "2023-11-29T12:30:16Z", - "updated": "2023-12-05T21:31:13Z", - "rejected": "" + "updated": "2023-12-05T21:31:13Z" }, "descriptions": [], "refs": [ @@ -2560,10 +2503,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", "published": "2021-03-10T03:46:47Z", - "updated": "2023-02-01T05:05:09Z", - "rejected": "" + "updated": "2023-02-01T05:05:09Z" }, "descriptions": [], "refs": [ @@ -2604,10 +2546,9 @@ "cwe": [ "CWE-613" ], - "created": "", + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", "published": "2021-06-23T20:23:04Z", - "updated": "2023-02-01T05:05:59Z", - "rejected": "" + "updated": "2023-02-01T05:05:59Z" }, "descriptions": [], "refs": [ @@ -2650,10 +2591,9 @@ "CWE-551", "CWE-755" ], - "created": "", + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", "published": "2021-04-06T17:31:30Z", - "updated": "2023-09-26T11:11:47Z", - "rejected": "" + "updated": "2023-09-26T11:11:47Z" }, "descriptions": [], "refs": [ @@ -2694,10 +2634,9 @@ "cwe": [ "CWE-200" ], - "created": "", + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", "published": "2023-04-18T22:19:57Z", - "updated": "2023-11-06T05:01:53Z", - "rejected": "" + "updated": "2023-11-06T05:01:53Z" }, "descriptions": [], "refs": [ @@ -2739,10 +2678,9 @@ "CWE-400", "CWE-770" ], - "created": "", + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", "published": "2023-04-19T18:15:45Z", - "updated": "2023-11-06T05:02:06Z", - "rejected": "" + "updated": "2023-11-06T05:02:06Z" }, "descriptions": [], "refs": [ @@ -2783,10 +2721,9 @@ "cwe": [ "CWE-226" ], - "created": "", + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", "published": "2020-12-02T18:28:18Z", - "updated": "2024-02-21T17:23:14Z", - "rejected": "" + "updated": "2024-02-21T17:23:14Z" }, "descriptions": [], "refs": [ @@ -2827,10 +2764,9 @@ "cwe": [ "CWE-20" ], - "created": "", + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", "published": "2022-07-07T20:55:34Z", - "updated": "2023-01-29T05:06:01Z", - "rejected": "" + "updated": "2023-01-29T05:06:01Z" }, "descriptions": [], "refs": [ @@ -2873,10 +2809,9 @@ "cwe": [ "CWE-130" ], - "created": "", + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", "published": "2023-09-14T16:17:27Z", - "updated": "2023-11-06T05:01:59Z", - "rejected": "" + "updated": "2023-11-06T05:01:59Z" }, "descriptions": [], "refs": [ @@ -2921,10 +2856,9 @@ "CWE-379", "CWE-552" ], - "created": "", + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", "published": "2020-11-04T17:50:24Z", - "updated": "2023-11-27T23:07:53Z", - "rejected": "" + "updated": "2023-11-27T23:07:53Z" }, "descriptions": [], "refs": [ @@ -2965,10 +2899,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", "published": "2023-07-10T21:52:39Z", - "updated": "2023-09-05T22:39:32Z", - "rejected": "" + "updated": "2023-09-05T22:39:32Z" }, "descriptions": [], "refs": [ @@ -3009,10 +2942,9 @@ "cwe": [ "CWE-200" ], - "created": "", + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", "published": "2021-06-10T15:43:22Z", - "updated": "2023-02-01T05:05:51Z", - "rejected": "" + "updated": "2023-02-01T05:05:51Z" }, "descriptions": [], "refs": [ @@ -3055,10 +2987,9 @@ "cwe": [ "CWE-149" ], - "created": "", + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", "published": "2023-09-14T16:16:00Z", - "updated": "2023-11-06T05:01:59Z", - "rejected": "" + "updated": "2023-11-06T05:01:59Z" }, "descriptions": [], "refs": [ @@ -3102,10 +3033,9 @@ "CWE-200", "CWE-732" ], - "created": "", + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", "published": "2020-10-12T17:33:00Z", - "updated": "2023-02-01T05:04:50Z", - "rejected": "" + "updated": "2023-02-01T05:04:50Z" }, "descriptions": [], "refs": [ @@ -3146,10 +3076,7 @@ "CCI-001643" ], "cwe": [], - "created": "", - "published": "", - "updated": "", - "rejected": "" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4" }, "descriptions": [], "refs": [ @@ -3188,10 +3115,7 @@ "CCI-001643" ], "cwe": [], - "created": "", - "published": "", - "updated": "", - "rejected": "" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" }, "descriptions": [], "refs": [ @@ -3231,10 +3155,9 @@ "cwe": [ "CWE-89" ], - "created": "", + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", "published": "2022-02-09T22:57:29Z", - "updated": "2024-06-27T16:39:59Z", - "rejected": "" + "updated": "2024-06-27T16:39:59Z" }, "descriptions": [], "refs": [ @@ -3275,10 +3198,9 @@ "cwe": [ "CWE-89" ], - "created": "", + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", "published": "2022-02-10T23:05:04Z", - "updated": "2024-06-27T18:05:49Z", - "rejected": "" + "updated": "2024-06-27T18:05:49Z" }, "descriptions": [], "refs": [ @@ -3319,10 +3241,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", "published": "2020-06-05T16:13:36Z", - "updated": "2023-01-27T05:02:30Z", - "rejected": "" + "updated": "2023-01-27T05:02:30Z" }, "descriptions": [], "refs": [ @@ -3363,10 +3284,9 @@ "cwe": [ "CWE-79" ], - "created": "", + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", "published": "2021-06-03T23:40:23Z", - "updated": "2023-02-01T05:05:30Z", - "rejected": "" + "updated": "2023-02-01T05:05:30Z" }, "descriptions": [], "refs": [ @@ -3407,10 +3327,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", "published": "2022-03-05T00:00:45Z", - "updated": "2023-01-27T05:02:46Z", - "rejected": "" + "updated": "2023-01-27T05:02:46Z" }, "descriptions": [], "refs": [ @@ -3452,10 +3371,9 @@ "CWE-400", "CWE-410" ], - "created": "", + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", "published": "2022-07-07T20:55:40Z", - "updated": "2023-07-24T19:39:20Z", - "rejected": "" + "updated": "2023-07-24T19:39:20Z" }, "descriptions": [], "refs": [ @@ -3496,10 +3414,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", "published": "2023-10-10T21:28:24Z", - "updated": "2024-06-21T21:34:00Z", - "rejected": "" + "updated": "2024-06-21T21:34:00Z" }, "descriptions": [], "refs": [ @@ -3540,10 +3457,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", "published": "2024-02-26T20:13:46Z", - "updated": "2024-05-02T18:38:19Z", - "rejected": "" + "updated": "2024-05-02T18:38:19Z" }, "descriptions": [], "refs": [ @@ -3584,10 +3500,9 @@ "cwe": [ "CWE-190" ], - "created": "", + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", "published": "2023-10-10T21:16:23Z", - "updated": "2024-06-21T21:33:57Z", - "rejected": "" + "updated": "2024-06-21T21:33:57Z" }, "descriptions": [], "refs": [ @@ -3630,10 +3545,9 @@ "cwe": [ "CWE-295" ], - "created": "", + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", "published": "2018-10-18T18:06:08Z", - "updated": "2023-01-09T05:03:38Z", - "rejected": "" + "updated": "2023-01-09T05:03:38Z" }, "descriptions": [], "refs": [ @@ -3674,10 +3588,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", "published": "2023-10-24T01:49:09Z", - "updated": "2023-11-05T05:04:23Z", - "rejected": "" + "updated": "2023-11-05T05:04:23Z" }, "descriptions": [], "refs": [ @@ -3718,10 +3631,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", "published": "2022-01-06T23:55:09Z", - "updated": "2023-02-25T00:31:20Z", - "rejected": "" + "updated": "2023-02-25T00:31:20Z" }, "descriptions": [], "refs": [ @@ -3764,10 +3676,9 @@ "cwe": [ "CWE-88" ], - "created": "", + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", "published": "2022-01-21T23:07:39Z", - "updated": "2023-08-18T15:47:05Z", - "rejected": "" + "updated": "2023-08-18T15:47:05Z" }, "descriptions": [], "refs": [ @@ -3798,7 +3709,7 @@ ] } ], - "sha256": "ba1925e7477830950378df78dd2403f10875a6c54b1c64e7566bb2922d516ff5" + "sha256": "48314fff71076b9537498a3e1490bd1bc550593e966b044ae3123e05567b6f0d" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json index d47456cb31..9856f96ff8 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -32,10 +32,9 @@ "CWE-378", "CWE-732" ], - "created": "", + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", "published": "2021-03-25T17:04:19Z", - "updated": "2023-11-09T18:44:38Z", - "rejected": "" + "updated": "2023-11-09T18:44:38Z" }, "descriptions": [], "refs": [ @@ -79,10 +78,9 @@ "CWE-379", "CWE-552" ], - "created": "", + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", "published": "2023-06-14T18:30:38Z", - "updated": "2024-02-13T21:49:15Z", - "rejected": "" + "updated": "2024-02-13T21:49:15Z" }, "descriptions": [], "refs": [ @@ -123,10 +121,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", "published": "2020-04-23T21:08:40Z", - "updated": "2023-02-01T05:02:59Z", - "rejected": "" + "updated": "2023-02-01T05:02:59Z" }, "descriptions": [], "refs": [ @@ -167,10 +164,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", "published": "2020-05-15T18:58:44Z", - "updated": "2023-02-01T05:02:59Z", - "rejected": "" + "updated": "2023-02-01T05:02:59Z" }, "descriptions": [], "refs": [ @@ -211,10 +207,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", "published": "2020-06-10T21:12:41Z", - "updated": "2023-02-01T05:03:03Z", - "rejected": "" + "updated": "2023-02-01T05:03:03Z" }, "descriptions": [], "refs": [ @@ -255,10 +250,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", "published": "2020-05-15T18:58:50Z", - "updated": "2023-02-01T05:03:05Z", - "rejected": "" + "updated": "2023-02-01T05:03:05Z" }, "descriptions": [], "refs": [ @@ -299,10 +293,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", "published": "2020-04-23T20:19:02Z", - "updated": "2024-03-15T00:41:35Z", - "rejected": "" + "updated": "2024-03-15T00:41:35Z" }, "descriptions": [], "refs": [ @@ -343,10 +336,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", "published": "2020-05-15T18:58:47Z", - "updated": "2024-03-15T00:48:55Z", - "rejected": "" + "updated": "2024-03-15T00:48:55Z" }, "descriptions": [], "refs": [ @@ -387,10 +379,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", "published": "2020-05-15T18:58:54Z", - "updated": "2024-03-15T00:50:18Z", - "rejected": "" + "updated": "2024-03-15T00:50:18Z" }, "descriptions": [], "refs": [ @@ -431,10 +422,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", "published": "2020-04-23T21:36:03Z", - "updated": "2024-06-25T13:46:45Z", - "rejected": "" + "updated": "2024-06-25T13:46:45Z" }, "descriptions": [], "refs": [ @@ -475,10 +465,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", "published": "2020-04-23T16:32:59Z", - "updated": "2024-07-03T21:10:50Z", - "rejected": "" + "updated": "2024-07-03T21:10:50Z" }, "descriptions": [], "refs": [ @@ -519,10 +508,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", "published": "2020-06-18T14:44:50Z", - "updated": "2023-02-01T05:04:14Z", - "rejected": "" + "updated": "2023-02-01T05:04:14Z" }, "descriptions": [], "refs": [ @@ -563,10 +551,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", "published": "2020-06-18T14:44:43Z", - "updated": "2024-03-15T00:37:17Z", - "rejected": "" + "updated": "2024-03-15T00:37:17Z" }, "descriptions": [], "refs": [ @@ -607,10 +594,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", "published": "2020-06-18T14:44:46Z", - "updated": "2024-03-15T00:39:55Z", - "rejected": "" + "updated": "2024-03-15T00:39:55Z" }, "descriptions": [], "refs": [ @@ -651,10 +637,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", "published": "2020-06-18T14:44:48Z", - "updated": "2024-06-25T13:46:04Z", - "rejected": "" + "updated": "2024-06-25T13:46:04Z" }, "descriptions": [], "refs": [ @@ -695,10 +680,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", "published": "2020-03-04T20:52:14Z", - "updated": "2023-06-08T19:02:12Z", - "rejected": "" + "updated": "2023-06-08T19:02:12Z" }, "descriptions": [], "refs": [ @@ -739,10 +723,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", "published": "2022-07-15T19:41:47Z", - "updated": "2023-08-18T15:45:27Z", - "rejected": "" + "updated": "2023-08-18T15:45:27Z" }, "descriptions": [], "refs": [ @@ -783,10 +766,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", "published": "2019-11-13T00:32:27Z", - "updated": "2023-09-14T14:55:20Z", - "rejected": "" + "updated": "2023-09-14T14:55:20Z" }, "descriptions": [], "refs": [ @@ -827,10 +809,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", "published": "2019-11-13T00:32:38Z", - "updated": "2023-09-14T14:55:25Z", - "rejected": "" + "updated": "2023-09-14T14:55:25Z" }, "descriptions": [], "refs": [ @@ -871,10 +852,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", "published": "2019-10-28T20:51:15Z", - "updated": "2024-03-15T00:57:37Z", - "rejected": "" + "updated": "2024-03-15T00:57:37Z" }, "descriptions": [], "refs": [ @@ -915,10 +895,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", "published": "2020-05-15T18:59:10Z", - "updated": "2023-09-14T15:09:40Z", - "rejected": "" + "updated": "2023-09-14T15:09:40Z" }, "descriptions": [], "refs": [ @@ -959,10 +938,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", "published": "2020-05-15T18:59:01Z", - "updated": "2024-03-15T00:20:09Z", - "rejected": "" + "updated": "2024-03-15T00:20:09Z" }, "descriptions": [], "refs": [ @@ -1004,10 +982,9 @@ "CWE-94", "CWE-502" ], - "created": "", + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", "published": "2021-12-09T19:14:51Z", - "updated": "2023-09-14T15:44:55Z", - "rejected": "" + "updated": "2023-09-14T15:44:55Z" }, "descriptions": [], "refs": [ @@ -1048,10 +1025,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", "published": "2021-12-09T19:15:36Z", - "updated": "2023-09-14T15:47:50Z", - "rejected": "" + "updated": "2023-09-14T15:47:50Z" }, "descriptions": [], "refs": [ @@ -1092,10 +1068,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", "published": "2021-12-09T19:16:02Z", - "updated": "2023-09-14T15:52:49Z", - "rejected": "" + "updated": "2023-09-14T15:52:49Z" }, "descriptions": [], "refs": [ @@ -1136,10 +1111,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", "published": "2021-12-09T19:16:26Z", - "updated": "2023-09-14T15:53:30Z", - "rejected": "" + "updated": "2023-09-14T15:53:30Z" }, "descriptions": [], "refs": [ @@ -1180,10 +1154,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", "published": "2021-11-19T20:13:06Z", - "updated": "2023-09-14T15:59:33Z", - "rejected": "" + "updated": "2023-09-14T15:59:33Z" }, "descriptions": [], "refs": [ @@ -1224,10 +1197,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", "published": "2021-12-09T19:16:51Z", - "updated": "2023-09-14T16:01:31Z", - "rejected": "" + "updated": "2023-09-14T16:01:31Z" }, "descriptions": [], "refs": [ @@ -1268,10 +1240,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", "published": "2021-12-09T19:16:59Z", - "updated": "2023-09-14T16:04:22Z", - "rejected": "" + "updated": "2023-09-14T16:04:22Z" }, "descriptions": [], "refs": [ @@ -1312,10 +1283,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", "published": "2021-12-09T19:16:42Z", - "updated": "2023-09-14T16:04:22Z", - "rejected": "" + "updated": "2023-09-14T16:04:22Z" }, "descriptions": [], "refs": [ @@ -1356,10 +1326,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", "published": "2021-12-09T19:16:10Z", - "updated": "2023-09-14T16:07:00Z", - "rejected": "" + "updated": "2023-09-14T16:07:00Z" }, "descriptions": [], "refs": [ @@ -1400,10 +1369,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", "published": "2021-12-09T19:15:54Z", - "updated": "2023-09-14T16:07:40Z", - "rejected": "" + "updated": "2023-09-14T16:07:40Z" }, "descriptions": [], "refs": [ @@ -1444,10 +1412,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", "published": "2021-12-09T19:15:46Z", - "updated": "2023-09-14T16:08:37Z", - "rejected": "" + "updated": "2023-09-14T16:08:37Z" }, "descriptions": [], "refs": [ @@ -1488,10 +1455,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", "published": "2021-12-09T19:16:18Z", - "updated": "2023-09-14T16:13:01Z", - "rejected": "" + "updated": "2023-09-14T16:13:01Z" }, "descriptions": [], "refs": [ @@ -1532,10 +1498,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", "published": "2021-12-09T19:16:34Z", - "updated": "2023-09-14T16:15:44Z", - "rejected": "" + "updated": "2023-09-14T16:15:44Z" }, "descriptions": [], "refs": [ @@ -1576,10 +1541,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", "published": "2021-12-09T19:15:24Z", - "updated": "2023-11-21T11:40:53Z", - "rejected": "" + "updated": "2023-11-21T11:40:53Z" }, "descriptions": [], "refs": [ @@ -1620,10 +1584,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", "published": "2021-12-09T19:15:00Z", - "updated": "2024-03-15T00:28:08Z", - "rejected": "" + "updated": "2024-03-15T00:28:08Z" }, "descriptions": [], "refs": [ @@ -1665,10 +1628,9 @@ "CWE-502", "CWE-913" ], - "created": "", + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", "published": "2021-12-09T19:15:11Z", - "updated": "2024-06-25T13:47:23Z", - "rejected": "" + "updated": "2024-06-25T13:47:23Z" }, "descriptions": [], "refs": [ @@ -1710,10 +1672,9 @@ "CWE-400", "CWE-502" ], - "created": "", + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-15T00:14:44Z", - "rejected": "" + "updated": "2024-03-15T00:14:44Z" }, "descriptions": [], "refs": [ @@ -1754,10 +1715,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", "published": "2021-01-20T21:20:15Z", - "updated": "2024-03-15T00:16:04Z", - "rejected": "" + "updated": "2024-03-15T00:16:04Z" }, "descriptions": [], "refs": [ @@ -1798,10 +1758,9 @@ "cwe": [ "CWE-787" ], - "created": "", + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", "published": "2022-03-12T00:00:36Z", - "updated": "2024-03-15T00:24:56Z", - "rejected": "" + "updated": "2024-03-15T00:24:56Z" }, "descriptions": [], "refs": [ @@ -1842,10 +1801,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", "published": "2021-02-18T20:51:54Z", - "updated": "2024-03-15T00:31:24Z", - "rejected": "" + "updated": "2024-03-15T00:31:24Z" }, "descriptions": [], "refs": [ @@ -1886,10 +1844,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", "published": "2020-03-04T20:52:11Z", - "updated": "2024-03-15T00:52:59Z", - "rejected": "" + "updated": "2024-03-15T00:52:59Z" }, "descriptions": [], "refs": [ @@ -1931,10 +1888,9 @@ "CWE-400", "CWE-502" ], - "created": "", + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-24T05:01:05Z", - "rejected": "" + "updated": "2024-03-24T05:01:05Z" }, "descriptions": [], "refs": [ @@ -1975,10 +1931,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", "published": "2020-05-15T18:59:04Z", - "updated": "2024-07-03T21:10:31Z", - "rejected": "" + "updated": "2024-07-03T21:10:31Z" }, "descriptions": [], "refs": [ @@ -2021,10 +1976,9 @@ "cwe": [ "CWE-74" ], - "created": "", + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", "published": "2020-04-10T18:42:20Z", - "updated": "2023-01-09T05:02:18Z", - "rejected": "" + "updated": "2023-01-09T05:02:18Z" }, "descriptions": [], "refs": [ @@ -2067,10 +2021,9 @@ "cwe": [ "CWE-74" ], - "created": "", + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", "published": "2020-02-24T17:27:27Z", - "updated": "2024-06-05T16:42:03Z", - "rejected": "" + "updated": "2024-06-05T16:42:03Z" }, "descriptions": [], "refs": [ @@ -2113,10 +2066,9 @@ "cwe": [ "CWE-776" ], - "created": "", + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", "published": "2021-06-04T21:37:45Z", - "updated": "2023-05-22T20:17:58Z", - "rejected": "" + "updated": "2023-05-22T20:17:58Z" }, "descriptions": [], "refs": [ @@ -2158,10 +2110,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2203,10 +2154,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", "published": "2022-11-11T19:00:31Z", - "updated": "2024-06-21T21:33:52Z", - "rejected": "" + "updated": "2024-06-21T21:33:52Z" }, "descriptions": [], "refs": [ @@ -2248,10 +2198,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2293,10 +2242,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2338,10 +2286,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2383,10 +2330,9 @@ "CWE-400", "CWE-776" ], - "created": "", + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", "published": "2022-08-31T00:00:24Z", - "updated": "2024-03-15T19:06:46Z", - "rejected": "" + "updated": "2024-03-15T19:06:46Z" }, "descriptions": [], "refs": [ @@ -2428,10 +2374,9 @@ "CWE-20", "CWE-502" ], - "created": "", + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", "published": "2022-12-12T21:19:47Z", - "updated": "2024-06-24T21:22:59Z", - "rejected": "" + "updated": "2024-06-24T21:22:59Z" }, "descriptions": [], "refs": [ @@ -2472,10 +2417,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", "published": "2021-12-17T20:00:50Z", - "updated": "2023-01-30T05:04:55Z", - "rejected": "" + "updated": "2023-01-30T05:04:55Z" }, "descriptions": [], "refs": [ @@ -2516,10 +2460,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", "published": "2023-11-29T12:30:16Z", - "updated": "2023-12-05T21:31:13Z", - "rejected": "" + "updated": "2023-12-05T21:31:13Z" }, "descriptions": [], "refs": [ @@ -2560,10 +2503,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", "published": "2021-03-10T03:46:47Z", - "updated": "2023-02-01T05:05:09Z", - "rejected": "" + "updated": "2023-02-01T05:05:09Z" }, "descriptions": [], "refs": [ @@ -2604,10 +2546,9 @@ "cwe": [ "CWE-613" ], - "created": "", + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", "published": "2021-06-23T20:23:04Z", - "updated": "2023-02-01T05:05:59Z", - "rejected": "" + "updated": "2023-02-01T05:05:59Z" }, "descriptions": [], "refs": [ @@ -2650,10 +2591,9 @@ "CWE-551", "CWE-755" ], - "created": "", + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", "published": "2021-04-06T17:31:30Z", - "updated": "2023-09-26T11:11:47Z", - "rejected": "" + "updated": "2023-09-26T11:11:47Z" }, "descriptions": [], "refs": [ @@ -2694,10 +2634,9 @@ "cwe": [ "CWE-200" ], - "created": "", + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", "published": "2023-04-18T22:19:57Z", - "updated": "2023-11-06T05:01:53Z", - "rejected": "" + "updated": "2023-11-06T05:01:53Z" }, "descriptions": [], "refs": [ @@ -2739,10 +2678,9 @@ "CWE-400", "CWE-770" ], - "created": "", + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", "published": "2023-04-19T18:15:45Z", - "updated": "2023-11-06T05:02:06Z", - "rejected": "" + "updated": "2023-11-06T05:02:06Z" }, "descriptions": [], "refs": [ @@ -2783,10 +2721,9 @@ "cwe": [ "CWE-226" ], - "created": "", + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", "published": "2020-12-02T18:28:18Z", - "updated": "2024-02-21T17:23:14Z", - "rejected": "" + "updated": "2024-02-21T17:23:14Z" }, "descriptions": [], "refs": [ @@ -2827,10 +2764,9 @@ "cwe": [ "CWE-20" ], - "created": "", + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", "published": "2022-07-07T20:55:34Z", - "updated": "2023-01-29T05:06:01Z", - "rejected": "" + "updated": "2023-01-29T05:06:01Z" }, "descriptions": [], "refs": [ @@ -2873,10 +2809,9 @@ "cwe": [ "CWE-130" ], - "created": "", + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", "published": "2023-09-14T16:17:27Z", - "updated": "2023-11-06T05:01:59Z", - "rejected": "" + "updated": "2023-11-06T05:01:59Z" }, "descriptions": [], "refs": [ @@ -2921,10 +2856,9 @@ "CWE-379", "CWE-552" ], - "created": "", + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", "published": "2020-11-04T17:50:24Z", - "updated": "2023-11-27T23:07:53Z", - "rejected": "" + "updated": "2023-11-27T23:07:53Z" }, "descriptions": [], "refs": [ @@ -2965,10 +2899,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", "published": "2023-07-10T21:52:39Z", - "updated": "2023-09-05T22:39:32Z", - "rejected": "" + "updated": "2023-09-05T22:39:32Z" }, "descriptions": [], "refs": [ @@ -3009,10 +2942,9 @@ "cwe": [ "CWE-200" ], - "created": "", + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", "published": "2021-06-10T15:43:22Z", - "updated": "2023-02-01T05:05:51Z", - "rejected": "" + "updated": "2023-02-01T05:05:51Z" }, "descriptions": [], "refs": [ @@ -3055,10 +2987,9 @@ "cwe": [ "CWE-149" ], - "created": "", + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", "published": "2023-09-14T16:16:00Z", - "updated": "2023-11-06T05:01:59Z", - "rejected": "" + "updated": "2023-11-06T05:01:59Z" }, "descriptions": [], "refs": [ @@ -3102,10 +3033,9 @@ "CWE-200", "CWE-732" ], - "created": "", + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", "published": "2020-10-12T17:33:00Z", - "updated": "2023-02-01T05:04:50Z", - "rejected": "" + "updated": "2023-02-01T05:04:50Z" }, "descriptions": [], "refs": [ @@ -3146,10 +3076,7 @@ "CCI-001643" ], "cwe": [], - "created": "", - "published": "", - "updated": "", - "rejected": "" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4" }, "descriptions": [], "refs": [ @@ -3188,10 +3115,7 @@ "CCI-001643" ], "cwe": [], - "created": "", - "published": "", - "updated": "", - "rejected": "" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" }, "descriptions": [], "refs": [ @@ -3231,10 +3155,9 @@ "cwe": [ "CWE-89" ], - "created": "", + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", "published": "2022-02-09T22:57:29Z", - "updated": "2024-06-27T16:39:59Z", - "rejected": "" + "updated": "2024-06-27T16:39:59Z" }, "descriptions": [], "refs": [ @@ -3275,10 +3198,9 @@ "cwe": [ "CWE-89" ], - "created": "", + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", "published": "2022-02-10T23:05:04Z", - "updated": "2024-06-27T18:05:49Z", - "rejected": "" + "updated": "2024-06-27T18:05:49Z" }, "descriptions": [], "refs": [ @@ -3319,10 +3241,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", "published": "2020-06-05T16:13:36Z", - "updated": "2023-01-27T05:02:30Z", - "rejected": "" + "updated": "2023-01-27T05:02:30Z" }, "descriptions": [], "refs": [ @@ -3363,10 +3284,9 @@ "cwe": [ "CWE-79" ], - "created": "", + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", "published": "2021-06-03T23:40:23Z", - "updated": "2023-02-01T05:05:30Z", - "rejected": "" + "updated": "2023-02-01T05:05:30Z" }, "descriptions": [], "refs": [ @@ -3407,10 +3327,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", "published": "2022-03-05T00:00:45Z", - "updated": "2023-01-27T05:02:46Z", - "rejected": "" + "updated": "2023-01-27T05:02:46Z" }, "descriptions": [], "refs": [ @@ -3452,10 +3371,9 @@ "CWE-400", "CWE-410" ], - "created": "", + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", "published": "2022-07-07T20:55:40Z", - "updated": "2023-07-24T19:39:20Z", - "rejected": "" + "updated": "2023-07-24T19:39:20Z" }, "descriptions": [], "refs": [ @@ -3496,10 +3414,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", "published": "2023-10-10T21:28:24Z", - "updated": "2024-06-21T21:34:00Z", - "rejected": "" + "updated": "2024-06-21T21:34:00Z" }, "descriptions": [], "refs": [ @@ -3540,10 +3457,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", "published": "2024-02-26T20:13:46Z", - "updated": "2024-05-02T18:38:19Z", - "rejected": "" + "updated": "2024-05-02T18:38:19Z" }, "descriptions": [], "refs": [ @@ -3584,10 +3500,9 @@ "cwe": [ "CWE-190" ], - "created": "", + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", "published": "2023-10-10T21:16:23Z", - "updated": "2024-06-21T21:33:57Z", - "rejected": "" + "updated": "2024-06-21T21:33:57Z" }, "descriptions": [], "refs": [ @@ -3630,10 +3545,9 @@ "cwe": [ "CWE-295" ], - "created": "", + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", "published": "2018-10-18T18:06:08Z", - "updated": "2023-01-09T05:03:38Z", - "rejected": "" + "updated": "2023-01-09T05:03:38Z" }, "descriptions": [], "refs": [ @@ -3674,10 +3588,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", "published": "2023-10-24T01:49:09Z", - "updated": "2023-11-05T05:04:23Z", - "rejected": "" + "updated": "2023-11-05T05:04:23Z" }, "descriptions": [], "refs": [ @@ -3718,10 +3631,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", "published": "2022-01-06T23:55:09Z", - "updated": "2023-02-25T00:31:20Z", - "rejected": "" + "updated": "2023-02-25T00:31:20Z" }, "descriptions": [], "refs": [ @@ -3764,10 +3676,9 @@ "cwe": [ "CWE-88" ], - "created": "", + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", "published": "2022-01-21T23:07:39Z", - "updated": "2023-08-18T15:47:05Z", - "rejected": "" + "updated": "2023-08-18T15:47:05Z" }, "descriptions": [], "refs": [ @@ -3798,7 +3709,7 @@ ] } ], - "sha256": "ba1925e7477830950378df78dd2403f10875a6c54b1c64e7566bb2922d516ff5" + "sha256": "48314fff71076b9537498a3e1490bd1bc550593e966b044ae3123e05567b6f0d" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index cce4467857..a70a6d949f 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -32,10 +32,9 @@ "CWE-378", "CWE-732" ], - "created": "", + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", "published": "2021-03-25T17:04:19Z", - "updated": "2023-11-09T18:44:38Z", - "rejected": "" + "updated": "2023-11-09T18:44:38Z" }, "descriptions": [], "refs": [ @@ -79,10 +78,9 @@ "CWE-379", "CWE-552" ], - "created": "", + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", "published": "2023-06-14T18:30:38Z", - "updated": "2024-02-13T21:49:15Z", - "rejected": "" + "updated": "2024-02-13T21:49:15Z" }, "descriptions": [], "refs": [ @@ -123,10 +121,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", "published": "2020-04-23T21:08:40Z", - "updated": "2023-02-01T05:02:59Z", - "rejected": "" + "updated": "2023-02-01T05:02:59Z" }, "descriptions": [], "refs": [ @@ -167,10 +164,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", "published": "2020-05-15T18:58:44Z", - "updated": "2023-02-01T05:02:59Z", - "rejected": "" + "updated": "2023-02-01T05:02:59Z" }, "descriptions": [], "refs": [ @@ -211,10 +207,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", "published": "2020-06-10T21:12:41Z", - "updated": "2023-02-01T05:03:03Z", - "rejected": "" + "updated": "2023-02-01T05:03:03Z" }, "descriptions": [], "refs": [ @@ -255,10 +250,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", "published": "2020-05-15T18:58:50Z", - "updated": "2023-02-01T05:03:05Z", - "rejected": "" + "updated": "2023-02-01T05:03:05Z" }, "descriptions": [], "refs": [ @@ -299,10 +293,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", "published": "2020-04-23T20:19:02Z", - "updated": "2024-03-15T00:41:35Z", - "rejected": "" + "updated": "2024-03-15T00:41:35Z" }, "descriptions": [], "refs": [ @@ -343,10 +336,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", "published": "2020-05-15T18:58:47Z", - "updated": "2024-03-15T00:48:55Z", - "rejected": "" + "updated": "2024-03-15T00:48:55Z" }, "descriptions": [], "refs": [ @@ -387,10 +379,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", "published": "2020-05-15T18:58:54Z", - "updated": "2024-03-15T00:50:18Z", - "rejected": "" + "updated": "2024-03-15T00:50:18Z" }, "descriptions": [], "refs": [ @@ -431,10 +422,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", "published": "2020-04-23T21:36:03Z", - "updated": "2024-06-25T13:46:45Z", - "rejected": "" + "updated": "2024-06-25T13:46:45Z" }, "descriptions": [], "refs": [ @@ -475,10 +465,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", "published": "2020-04-23T16:32:59Z", - "updated": "2024-07-03T21:10:50Z", - "rejected": "" + "updated": "2024-07-03T21:10:50Z" }, "descriptions": [], "refs": [ @@ -519,10 +508,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", "published": "2020-06-18T14:44:50Z", - "updated": "2023-02-01T05:04:14Z", - "rejected": "" + "updated": "2023-02-01T05:04:14Z" }, "descriptions": [], "refs": [ @@ -563,10 +551,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", "published": "2020-06-18T14:44:43Z", - "updated": "2024-03-15T00:37:17Z", - "rejected": "" + "updated": "2024-03-15T00:37:17Z" }, "descriptions": [], "refs": [ @@ -607,10 +594,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", "published": "2020-06-18T14:44:46Z", - "updated": "2024-03-15T00:39:55Z", - "rejected": "" + "updated": "2024-03-15T00:39:55Z" }, "descriptions": [], "refs": [ @@ -651,10 +637,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", "published": "2020-06-18T14:44:48Z", - "updated": "2024-06-25T13:46:04Z", - "rejected": "" + "updated": "2024-06-25T13:46:04Z" }, "descriptions": [], "refs": [ @@ -695,10 +680,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", "published": "2020-03-04T20:52:14Z", - "updated": "2023-06-08T19:02:12Z", - "rejected": "" + "updated": "2023-06-08T19:02:12Z" }, "descriptions": [], "refs": [ @@ -739,10 +723,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", "published": "2022-07-15T19:41:47Z", - "updated": "2023-08-18T15:45:27Z", - "rejected": "" + "updated": "2023-08-18T15:45:27Z" }, "descriptions": [], "refs": [ @@ -783,10 +766,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", "published": "2019-11-13T00:32:27Z", - "updated": "2023-09-14T14:55:20Z", - "rejected": "" + "updated": "2023-09-14T14:55:20Z" }, "descriptions": [], "refs": [ @@ -827,10 +809,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", "published": "2019-11-13T00:32:38Z", - "updated": "2023-09-14T14:55:25Z", - "rejected": "" + "updated": "2023-09-14T14:55:25Z" }, "descriptions": [], "refs": [ @@ -871,10 +852,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", "published": "2019-10-28T20:51:15Z", - "updated": "2024-03-15T00:57:37Z", - "rejected": "" + "updated": "2024-03-15T00:57:37Z" }, "descriptions": [], "refs": [ @@ -915,10 +895,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", "published": "2020-05-15T18:59:10Z", - "updated": "2023-09-14T15:09:40Z", - "rejected": "" + "updated": "2023-09-14T15:09:40Z" }, "descriptions": [], "refs": [ @@ -959,10 +938,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", "published": "2020-05-15T18:59:01Z", - "updated": "2024-03-15T00:20:09Z", - "rejected": "" + "updated": "2024-03-15T00:20:09Z" }, "descriptions": [], "refs": [ @@ -1004,10 +982,9 @@ "CWE-94", "CWE-502" ], - "created": "", + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", "published": "2021-12-09T19:14:51Z", - "updated": "2023-09-14T15:44:55Z", - "rejected": "" + "updated": "2023-09-14T15:44:55Z" }, "descriptions": [], "refs": [ @@ -1048,10 +1025,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", "published": "2021-12-09T19:15:36Z", - "updated": "2023-09-14T15:47:50Z", - "rejected": "" + "updated": "2023-09-14T15:47:50Z" }, "descriptions": [], "refs": [ @@ -1092,10 +1068,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", "published": "2021-12-09T19:16:02Z", - "updated": "2023-09-14T15:52:49Z", - "rejected": "" + "updated": "2023-09-14T15:52:49Z" }, "descriptions": [], "refs": [ @@ -1136,10 +1111,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", "published": "2021-12-09T19:16:26Z", - "updated": "2023-09-14T15:53:30Z", - "rejected": "" + "updated": "2023-09-14T15:53:30Z" }, "descriptions": [], "refs": [ @@ -1180,10 +1154,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", "published": "2021-11-19T20:13:06Z", - "updated": "2023-09-14T15:59:33Z", - "rejected": "" + "updated": "2023-09-14T15:59:33Z" }, "descriptions": [], "refs": [ @@ -1224,10 +1197,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", "published": "2021-12-09T19:16:51Z", - "updated": "2023-09-14T16:01:31Z", - "rejected": "" + "updated": "2023-09-14T16:01:31Z" }, "descriptions": [], "refs": [ @@ -1268,10 +1240,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", "published": "2021-12-09T19:16:59Z", - "updated": "2023-09-14T16:04:22Z", - "rejected": "" + "updated": "2023-09-14T16:04:22Z" }, "descriptions": [], "refs": [ @@ -1312,10 +1283,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", "published": "2021-12-09T19:16:42Z", - "updated": "2023-09-14T16:04:22Z", - "rejected": "" + "updated": "2023-09-14T16:04:22Z" }, "descriptions": [], "refs": [ @@ -1356,10 +1326,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", "published": "2021-12-09T19:16:10Z", - "updated": "2023-09-14T16:07:00Z", - "rejected": "" + "updated": "2023-09-14T16:07:00Z" }, "descriptions": [], "refs": [ @@ -1400,10 +1369,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", "published": "2021-12-09T19:15:54Z", - "updated": "2023-09-14T16:07:40Z", - "rejected": "" + "updated": "2023-09-14T16:07:40Z" }, "descriptions": [], "refs": [ @@ -1444,10 +1412,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", "published": "2021-12-09T19:15:46Z", - "updated": "2023-09-14T16:08:37Z", - "rejected": "" + "updated": "2023-09-14T16:08:37Z" }, "descriptions": [], "refs": [ @@ -1488,10 +1455,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", "published": "2021-12-09T19:16:18Z", - "updated": "2023-09-14T16:13:01Z", - "rejected": "" + "updated": "2023-09-14T16:13:01Z" }, "descriptions": [], "refs": [ @@ -1532,10 +1498,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", "published": "2021-12-09T19:16:34Z", - "updated": "2023-09-14T16:15:44Z", - "rejected": "" + "updated": "2023-09-14T16:15:44Z" }, "descriptions": [], "refs": [ @@ -1576,10 +1541,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", "published": "2021-12-09T19:15:24Z", - "updated": "2023-11-21T11:40:53Z", - "rejected": "" + "updated": "2023-11-21T11:40:53Z" }, "descriptions": [], "refs": [ @@ -1620,10 +1584,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", "published": "2021-12-09T19:15:00Z", - "updated": "2024-03-15T00:28:08Z", - "rejected": "" + "updated": "2024-03-15T00:28:08Z" }, "descriptions": [], "refs": [ @@ -1665,10 +1628,9 @@ "CWE-502", "CWE-913" ], - "created": "", + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", "published": "2021-12-09T19:15:11Z", - "updated": "2024-06-25T13:47:23Z", - "rejected": "" + "updated": "2024-06-25T13:47:23Z" }, "descriptions": [], "refs": [ @@ -1710,10 +1672,9 @@ "CWE-400", "CWE-502" ], - "created": "", + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-15T00:14:44Z", - "rejected": "" + "updated": "2024-03-15T00:14:44Z" }, "descriptions": [], "refs": [ @@ -1754,10 +1715,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", "published": "2021-01-20T21:20:15Z", - "updated": "2024-03-15T00:16:04Z", - "rejected": "" + "updated": "2024-03-15T00:16:04Z" }, "descriptions": [], "refs": [ @@ -1798,10 +1758,9 @@ "cwe": [ "CWE-787" ], - "created": "", + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", "published": "2022-03-12T00:00:36Z", - "updated": "2024-03-15T00:24:56Z", - "rejected": "" + "updated": "2024-03-15T00:24:56Z" }, "descriptions": [], "refs": [ @@ -1842,10 +1801,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", "published": "2021-02-18T20:51:54Z", - "updated": "2024-03-15T00:31:24Z", - "rejected": "" + "updated": "2024-03-15T00:31:24Z" }, "descriptions": [], "refs": [ @@ -1886,10 +1844,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", "published": "2020-03-04T20:52:11Z", - "updated": "2024-03-15T00:52:59Z", - "rejected": "" + "updated": "2024-03-15T00:52:59Z" }, "descriptions": [], "refs": [ @@ -1931,10 +1888,9 @@ "CWE-400", "CWE-502" ], - "created": "", + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-24T05:01:05Z", - "rejected": "" + "updated": "2024-03-24T05:01:05Z" }, "descriptions": [], "refs": [ @@ -1975,10 +1931,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", "published": "2020-05-15T18:59:04Z", - "updated": "2024-07-03T21:10:31Z", - "rejected": "" + "updated": "2024-07-03T21:10:31Z" }, "descriptions": [], "refs": [ @@ -2021,10 +1976,9 @@ "cwe": [ "CWE-74" ], - "created": "", + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", "published": "2020-04-10T18:42:20Z", - "updated": "2023-01-09T05:02:18Z", - "rejected": "" + "updated": "2023-01-09T05:02:18Z" }, "descriptions": [], "refs": [ @@ -2067,10 +2021,9 @@ "cwe": [ "CWE-74" ], - "created": "", + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", "published": "2020-02-24T17:27:27Z", - "updated": "2024-06-05T16:42:03Z", - "rejected": "" + "updated": "2024-06-05T16:42:03Z" }, "descriptions": [], "refs": [ @@ -2113,10 +2066,9 @@ "cwe": [ "CWE-776" ], - "created": "", + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", "published": "2021-06-04T21:37:45Z", - "updated": "2023-05-22T20:17:58Z", - "rejected": "" + "updated": "2023-05-22T20:17:58Z" }, "descriptions": [], "refs": [ @@ -2158,10 +2110,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2203,10 +2154,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", "published": "2022-11-11T19:00:31Z", - "updated": "2024-06-21T21:33:52Z", - "rejected": "" + "updated": "2024-06-21T21:33:52Z" }, "descriptions": [], "refs": [ @@ -2248,10 +2198,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2293,10 +2242,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2338,10 +2286,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2383,10 +2330,9 @@ "CWE-400", "CWE-776" ], - "created": "", + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", "published": "2022-08-31T00:00:24Z", - "updated": "2024-03-15T19:06:46Z", - "rejected": "" + "updated": "2024-03-15T19:06:46Z" }, "descriptions": [], "refs": [ @@ -2428,10 +2374,9 @@ "CWE-20", "CWE-502" ], - "created": "", + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", "published": "2022-12-12T21:19:47Z", - "updated": "2024-06-24T21:22:59Z", - "rejected": "" + "updated": "2024-06-24T21:22:59Z" }, "descriptions": [], "refs": [ @@ -2472,10 +2417,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", "published": "2021-12-17T20:00:50Z", - "updated": "2023-01-30T05:04:55Z", - "rejected": "" + "updated": "2023-01-30T05:04:55Z" }, "descriptions": [], "refs": [ @@ -2516,10 +2460,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", "published": "2023-11-29T12:30:16Z", - "updated": "2023-12-05T21:31:13Z", - "rejected": "" + "updated": "2023-12-05T21:31:13Z" }, "descriptions": [], "refs": [ @@ -2566,10 +2509,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", "published": "2021-03-10T03:46:47Z", - "updated": "2023-02-01T05:05:09Z", - "rejected": "" + "updated": "2023-02-01T05:05:09Z" }, "descriptions": [], "refs": [ @@ -2610,10 +2552,9 @@ "cwe": [ "CWE-613" ], - "created": "", + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", "published": "2021-06-23T20:23:04Z", - "updated": "2023-02-01T05:05:59Z", - "rejected": "" + "updated": "2023-02-01T05:05:59Z" }, "descriptions": [], "refs": [ @@ -2656,10 +2597,9 @@ "CWE-551", "CWE-755" ], - "created": "", + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", "published": "2021-04-06T17:31:30Z", - "updated": "2023-09-26T11:11:47Z", - "rejected": "" + "updated": "2023-09-26T11:11:47Z" }, "descriptions": [], "refs": [ @@ -2700,10 +2640,9 @@ "cwe": [ "CWE-200" ], - "created": "", + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", "published": "2023-04-18T22:19:57Z", - "updated": "2023-11-06T05:01:53Z", - "rejected": "" + "updated": "2023-11-06T05:01:53Z" }, "descriptions": [], "refs": [ @@ -2745,10 +2684,9 @@ "CWE-400", "CWE-770" ], - "created": "", + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", "published": "2023-04-19T18:15:45Z", - "updated": "2023-11-06T05:02:06Z", - "rejected": "" + "updated": "2023-11-06T05:02:06Z" }, "descriptions": [], "refs": [ @@ -2789,10 +2727,9 @@ "cwe": [ "CWE-226" ], - "created": "", + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", "published": "2020-12-02T18:28:18Z", - "updated": "2024-02-21T17:23:14Z", - "rejected": "" + "updated": "2024-02-21T17:23:14Z" }, "descriptions": [], "refs": [ @@ -2833,10 +2770,9 @@ "cwe": [ "CWE-20" ], - "created": "", + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", "published": "2022-07-07T20:55:34Z", - "updated": "2023-01-29T05:06:01Z", - "rejected": "" + "updated": "2023-01-29T05:06:01Z" }, "descriptions": [], "refs": [ @@ -2879,10 +2815,9 @@ "cwe": [ "CWE-130" ], - "created": "", + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", "published": "2023-09-14T16:17:27Z", - "updated": "2023-11-06T05:01:59Z", - "rejected": "" + "updated": "2023-11-06T05:01:59Z" }, "descriptions": [], "refs": [ @@ -2927,10 +2862,9 @@ "CWE-379", "CWE-552" ], - "created": "", + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", "published": "2020-11-04T17:50:24Z", - "updated": "2023-11-27T23:07:53Z", - "rejected": "" + "updated": "2023-11-27T23:07:53Z" }, "descriptions": [], "refs": [ @@ -2971,10 +2905,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", "published": "2023-07-10T21:52:39Z", - "updated": "2023-09-05T22:39:32Z", - "rejected": "" + "updated": "2023-09-05T22:39:32Z" }, "descriptions": [], "refs": [ @@ -3015,10 +2948,9 @@ "cwe": [ "CWE-200" ], - "created": "", + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", "published": "2021-06-10T15:43:22Z", - "updated": "2023-02-01T05:05:51Z", - "rejected": "" + "updated": "2023-02-01T05:05:51Z" }, "descriptions": [], "refs": [ @@ -3061,10 +2993,9 @@ "cwe": [ "CWE-149" ], - "created": "", + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", "published": "2023-09-14T16:16:00Z", - "updated": "2023-11-06T05:01:59Z", - "rejected": "" + "updated": "2023-11-06T05:01:59Z" }, "descriptions": [], "refs": [ @@ -3108,10 +3039,9 @@ "CWE-200", "CWE-732" ], - "created": "", + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", "published": "2020-10-12T17:33:00Z", - "updated": "2023-02-01T05:04:50Z", - "rejected": "" + "updated": "2023-02-01T05:04:50Z" }, "descriptions": [], "refs": [ @@ -3152,10 +3082,7 @@ "CCI-001643" ], "cwe": [], - "created": "", - "published": "", - "updated": "", - "rejected": "" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4" }, "descriptions": [], "refs": [ @@ -3194,10 +3121,7 @@ "CCI-001643" ], "cwe": [], - "created": "", - "published": "", - "updated": "", - "rejected": "" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" }, "descriptions": [], "refs": [ @@ -3237,10 +3161,9 @@ "cwe": [ "CWE-89" ], - "created": "", + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", "published": "2022-02-09T22:57:29Z", - "updated": "2024-06-27T16:39:59Z", - "rejected": "" + "updated": "2024-06-27T16:39:59Z" }, "descriptions": [], "refs": [ @@ -3281,10 +3204,9 @@ "cwe": [ "CWE-89" ], - "created": "", + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", "published": "2022-02-10T23:05:04Z", - "updated": "2024-06-27T18:05:49Z", - "rejected": "" + "updated": "2024-06-27T18:05:49Z" }, "descriptions": [], "refs": [ @@ -3325,10 +3247,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", "published": "2020-06-05T16:13:36Z", - "updated": "2023-01-27T05:02:30Z", - "rejected": "" + "updated": "2023-01-27T05:02:30Z" }, "descriptions": [], "refs": [ @@ -3369,10 +3290,9 @@ "cwe": [ "CWE-79" ], - "created": "", + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", "published": "2021-06-03T23:40:23Z", - "updated": "2023-02-01T05:05:30Z", - "rejected": "" + "updated": "2023-02-01T05:05:30Z" }, "descriptions": [], "refs": [ @@ -3413,10 +3333,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", "published": "2022-03-05T00:00:45Z", - "updated": "2023-01-27T05:02:46Z", - "rejected": "" + "updated": "2023-01-27T05:02:46Z" }, "descriptions": [], "refs": [ @@ -3458,10 +3377,9 @@ "CWE-400", "CWE-410" ], - "created": "", + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", "published": "2022-07-07T20:55:40Z", - "updated": "2023-07-24T19:39:20Z", - "rejected": "" + "updated": "2023-07-24T19:39:20Z" }, "descriptions": [], "refs": [ @@ -3502,10 +3420,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", "published": "2023-10-10T21:28:24Z", - "updated": "2024-06-21T21:34:00Z", - "rejected": "" + "updated": "2024-06-21T21:34:00Z" }, "descriptions": [], "refs": [ @@ -3552,10 +3469,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", "published": "2024-02-26T20:13:46Z", - "updated": "2024-05-02T18:38:19Z", - "rejected": "" + "updated": "2024-05-02T18:38:19Z" }, "descriptions": [], "refs": [ @@ -3596,10 +3512,9 @@ "cwe": [ "CWE-190" ], - "created": "", + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", "published": "2023-10-10T21:16:23Z", - "updated": "2024-06-21T21:33:57Z", - "rejected": "" + "updated": "2024-06-21T21:33:57Z" }, "descriptions": [], "refs": [ @@ -3642,10 +3557,9 @@ "cwe": [ "CWE-295" ], - "created": "", + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", "published": "2018-10-18T18:06:08Z", - "updated": "2023-01-09T05:03:38Z", - "rejected": "" + "updated": "2023-01-09T05:03:38Z" }, "descriptions": [], "refs": [ @@ -3686,10 +3600,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", "published": "2023-10-24T01:49:09Z", - "updated": "2023-11-05T05:04:23Z", - "rejected": "" + "updated": "2023-11-05T05:04:23Z" }, "descriptions": [], "refs": [ @@ -3730,10 +3643,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", "published": "2022-01-06T23:55:09Z", - "updated": "2023-02-25T00:31:20Z", - "rejected": "" + "updated": "2023-02-25T00:31:20Z" }, "descriptions": [], "refs": [ @@ -3776,10 +3688,9 @@ "cwe": [ "CWE-88" ], - "created": "", + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", "published": "2022-01-21T23:07:39Z", - "updated": "2023-08-18T15:47:05Z", - "rejected": "" + "updated": "2023-08-18T15:47:05Z" }, "descriptions": [], "refs": [ @@ -3810,7 +3721,7 @@ ] } ], - "sha256": "a2a9f29c527b6e627114bf5ca676805fe7920a9ad1e0d2d63f3444f0c35d1f69" + "sha256": "06574c20a58f48f045cf9aba2effceb9634cdd9cca107aaeae15a889cdf4794f" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json index 191b0ffda4..c3a88b3705 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -32,10 +32,9 @@ "CWE-378", "CWE-732" ], - "created": "", + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", "published": "2021-03-25T17:04:19Z", - "updated": "2023-11-09T18:44:38Z", - "rejected": "" + "updated": "2023-11-09T18:44:38Z" }, "descriptions": [], "refs": [ @@ -79,10 +78,9 @@ "CWE-379", "CWE-552" ], - "created": "", + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", "published": "2023-06-14T18:30:38Z", - "updated": "2024-02-13T21:49:15Z", - "rejected": "" + "updated": "2024-02-13T21:49:15Z" }, "descriptions": [], "refs": [ @@ -123,10 +121,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", "published": "2020-04-23T21:08:40Z", - "updated": "2023-02-01T05:02:59Z", - "rejected": "" + "updated": "2023-02-01T05:02:59Z" }, "descriptions": [], "refs": [ @@ -167,10 +164,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", "published": "2020-05-15T18:58:44Z", - "updated": "2023-02-01T05:02:59Z", - "rejected": "" + "updated": "2023-02-01T05:02:59Z" }, "descriptions": [], "refs": [ @@ -211,10 +207,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", "published": "2020-06-10T21:12:41Z", - "updated": "2023-02-01T05:03:03Z", - "rejected": "" + "updated": "2023-02-01T05:03:03Z" }, "descriptions": [], "refs": [ @@ -255,10 +250,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", "published": "2020-05-15T18:58:50Z", - "updated": "2023-02-01T05:03:05Z", - "rejected": "" + "updated": "2023-02-01T05:03:05Z" }, "descriptions": [], "refs": [ @@ -299,10 +293,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", "published": "2020-04-23T20:19:02Z", - "updated": "2024-03-15T00:41:35Z", - "rejected": "" + "updated": "2024-03-15T00:41:35Z" }, "descriptions": [], "refs": [ @@ -343,10 +336,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", "published": "2020-05-15T18:58:47Z", - "updated": "2024-03-15T00:48:55Z", - "rejected": "" + "updated": "2024-03-15T00:48:55Z" }, "descriptions": [], "refs": [ @@ -387,10 +379,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", "published": "2020-05-15T18:58:54Z", - "updated": "2024-03-15T00:50:18Z", - "rejected": "" + "updated": "2024-03-15T00:50:18Z" }, "descriptions": [], "refs": [ @@ -431,10 +422,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", "published": "2020-04-23T21:36:03Z", - "updated": "2024-06-25T13:46:45Z", - "rejected": "" + "updated": "2024-06-25T13:46:45Z" }, "descriptions": [], "refs": [ @@ -475,10 +465,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", "published": "2020-04-23T16:32:59Z", - "updated": "2024-07-03T21:10:50Z", - "rejected": "" + "updated": "2024-07-03T21:10:50Z" }, "descriptions": [], "refs": [ @@ -519,10 +508,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", "published": "2020-06-18T14:44:50Z", - "updated": "2023-02-01T05:04:14Z", - "rejected": "" + "updated": "2023-02-01T05:04:14Z" }, "descriptions": [], "refs": [ @@ -563,10 +551,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", "published": "2020-06-18T14:44:43Z", - "updated": "2024-03-15T00:37:17Z", - "rejected": "" + "updated": "2024-03-15T00:37:17Z" }, "descriptions": [], "refs": [ @@ -607,10 +594,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", "published": "2020-06-18T14:44:46Z", - "updated": "2024-03-15T00:39:55Z", - "rejected": "" + "updated": "2024-03-15T00:39:55Z" }, "descriptions": [], "refs": [ @@ -651,10 +637,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", "published": "2020-06-18T14:44:48Z", - "updated": "2024-06-25T13:46:04Z", - "rejected": "" + "updated": "2024-06-25T13:46:04Z" }, "descriptions": [], "refs": [ @@ -695,10 +680,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", "published": "2020-03-04T20:52:14Z", - "updated": "2023-06-08T19:02:12Z", - "rejected": "" + "updated": "2023-06-08T19:02:12Z" }, "descriptions": [], "refs": [ @@ -739,10 +723,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", "published": "2022-07-15T19:41:47Z", - "updated": "2023-08-18T15:45:27Z", - "rejected": "" + "updated": "2023-08-18T15:45:27Z" }, "descriptions": [], "refs": [ @@ -783,10 +766,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", "published": "2019-11-13T00:32:27Z", - "updated": "2023-09-14T14:55:20Z", - "rejected": "" + "updated": "2023-09-14T14:55:20Z" }, "descriptions": [], "refs": [ @@ -827,10 +809,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", "published": "2019-11-13T00:32:38Z", - "updated": "2023-09-14T14:55:25Z", - "rejected": "" + "updated": "2023-09-14T14:55:25Z" }, "descriptions": [], "refs": [ @@ -871,10 +852,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", "published": "2019-10-28T20:51:15Z", - "updated": "2024-03-15T00:57:37Z", - "rejected": "" + "updated": "2024-03-15T00:57:37Z" }, "descriptions": [], "refs": [ @@ -915,10 +895,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", "published": "2020-05-15T18:59:10Z", - "updated": "2023-09-14T15:09:40Z", - "rejected": "" + "updated": "2023-09-14T15:09:40Z" }, "descriptions": [], "refs": [ @@ -959,10 +938,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", "published": "2020-05-15T18:59:01Z", - "updated": "2024-03-15T00:20:09Z", - "rejected": "" + "updated": "2024-03-15T00:20:09Z" }, "descriptions": [], "refs": [ @@ -1004,10 +982,9 @@ "CWE-94", "CWE-502" ], - "created": "", + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", "published": "2021-12-09T19:14:51Z", - "updated": "2023-09-14T15:44:55Z", - "rejected": "" + "updated": "2023-09-14T15:44:55Z" }, "descriptions": [], "refs": [ @@ -1048,10 +1025,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", "published": "2021-12-09T19:15:36Z", - "updated": "2023-09-14T15:47:50Z", - "rejected": "" + "updated": "2023-09-14T15:47:50Z" }, "descriptions": [], "refs": [ @@ -1092,10 +1068,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", "published": "2021-12-09T19:16:02Z", - "updated": "2023-09-14T15:52:49Z", - "rejected": "" + "updated": "2023-09-14T15:52:49Z" }, "descriptions": [], "refs": [ @@ -1136,10 +1111,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", "published": "2021-12-09T19:16:26Z", - "updated": "2023-09-14T15:53:30Z", - "rejected": "" + "updated": "2023-09-14T15:53:30Z" }, "descriptions": [], "refs": [ @@ -1180,10 +1154,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", "published": "2021-11-19T20:13:06Z", - "updated": "2023-09-14T15:59:33Z", - "rejected": "" + "updated": "2023-09-14T15:59:33Z" }, "descriptions": [], "refs": [ @@ -1224,10 +1197,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", "published": "2021-12-09T19:16:51Z", - "updated": "2023-09-14T16:01:31Z", - "rejected": "" + "updated": "2023-09-14T16:01:31Z" }, "descriptions": [], "refs": [ @@ -1268,10 +1240,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", "published": "2021-12-09T19:16:59Z", - "updated": "2023-09-14T16:04:22Z", - "rejected": "" + "updated": "2023-09-14T16:04:22Z" }, "descriptions": [], "refs": [ @@ -1312,10 +1283,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", "published": "2021-12-09T19:16:42Z", - "updated": "2023-09-14T16:04:22Z", - "rejected": "" + "updated": "2023-09-14T16:04:22Z" }, "descriptions": [], "refs": [ @@ -1356,10 +1326,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", "published": "2021-12-09T19:16:10Z", - "updated": "2023-09-14T16:07:00Z", - "rejected": "" + "updated": "2023-09-14T16:07:00Z" }, "descriptions": [], "refs": [ @@ -1400,10 +1369,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", "published": "2021-12-09T19:15:54Z", - "updated": "2023-09-14T16:07:40Z", - "rejected": "" + "updated": "2023-09-14T16:07:40Z" }, "descriptions": [], "refs": [ @@ -1444,10 +1412,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", "published": "2021-12-09T19:15:46Z", - "updated": "2023-09-14T16:08:37Z", - "rejected": "" + "updated": "2023-09-14T16:08:37Z" }, "descriptions": [], "refs": [ @@ -1488,10 +1455,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", "published": "2021-12-09T19:16:18Z", - "updated": "2023-09-14T16:13:01Z", - "rejected": "" + "updated": "2023-09-14T16:13:01Z" }, "descriptions": [], "refs": [ @@ -1532,10 +1498,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", "published": "2021-12-09T19:16:34Z", - "updated": "2023-09-14T16:15:44Z", - "rejected": "" + "updated": "2023-09-14T16:15:44Z" }, "descriptions": [], "refs": [ @@ -1576,10 +1541,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", "published": "2021-12-09T19:15:24Z", - "updated": "2023-11-21T11:40:53Z", - "rejected": "" + "updated": "2023-11-21T11:40:53Z" }, "descriptions": [], "refs": [ @@ -1620,10 +1584,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", "published": "2021-12-09T19:15:00Z", - "updated": "2024-03-15T00:28:08Z", - "rejected": "" + "updated": "2024-03-15T00:28:08Z" }, "descriptions": [], "refs": [ @@ -1665,10 +1628,9 @@ "CWE-502", "CWE-913" ], - "created": "", + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", "published": "2021-12-09T19:15:11Z", - "updated": "2024-06-25T13:47:23Z", - "rejected": "" + "updated": "2024-06-25T13:47:23Z" }, "descriptions": [], "refs": [ @@ -1710,10 +1672,9 @@ "CWE-400", "CWE-502" ], - "created": "", + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-15T00:14:44Z", - "rejected": "" + "updated": "2024-03-15T00:14:44Z" }, "descriptions": [], "refs": [ @@ -1754,10 +1715,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", "published": "2021-01-20T21:20:15Z", - "updated": "2024-03-15T00:16:04Z", - "rejected": "" + "updated": "2024-03-15T00:16:04Z" }, "descriptions": [], "refs": [ @@ -1798,10 +1758,9 @@ "cwe": [ "CWE-787" ], - "created": "", + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", "published": "2022-03-12T00:00:36Z", - "updated": "2024-03-15T00:24:56Z", - "rejected": "" + "updated": "2024-03-15T00:24:56Z" }, "descriptions": [], "refs": [ @@ -1842,10 +1801,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", "published": "2021-02-18T20:51:54Z", - "updated": "2024-03-15T00:31:24Z", - "rejected": "" + "updated": "2024-03-15T00:31:24Z" }, "descriptions": [], "refs": [ @@ -1886,10 +1844,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", "published": "2020-03-04T20:52:11Z", - "updated": "2024-03-15T00:52:59Z", - "rejected": "" + "updated": "2024-03-15T00:52:59Z" }, "descriptions": [], "refs": [ @@ -1931,10 +1888,9 @@ "CWE-400", "CWE-502" ], - "created": "", + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", "published": "2022-10-03T00:00:31Z", - "updated": "2024-03-24T05:01:05Z", - "rejected": "" + "updated": "2024-03-24T05:01:05Z" }, "descriptions": [], "refs": [ @@ -1975,10 +1931,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", "published": "2020-05-15T18:59:04Z", - "updated": "2024-07-03T21:10:31Z", - "rejected": "" + "updated": "2024-07-03T21:10:31Z" }, "descriptions": [], "refs": [ @@ -2021,10 +1976,9 @@ "cwe": [ "CWE-74" ], - "created": "", + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", "published": "2020-04-10T18:42:20Z", - "updated": "2023-01-09T05:02:18Z", - "rejected": "" + "updated": "2023-01-09T05:02:18Z" }, "descriptions": [], "refs": [ @@ -2067,10 +2021,9 @@ "cwe": [ "CWE-74" ], - "created": "", + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", "published": "2020-02-24T17:27:27Z", - "updated": "2024-06-05T16:42:03Z", - "rejected": "" + "updated": "2024-06-05T16:42:03Z" }, "descriptions": [], "refs": [ @@ -2113,10 +2066,9 @@ "cwe": [ "CWE-776" ], - "created": "", + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", "published": "2021-06-04T21:37:45Z", - "updated": "2023-05-22T20:17:58Z", - "rejected": "" + "updated": "2023-05-22T20:17:58Z" }, "descriptions": [], "refs": [ @@ -2158,10 +2110,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2203,10 +2154,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", "published": "2022-11-11T19:00:31Z", - "updated": "2024-06-21T21:33:52Z", - "rejected": "" + "updated": "2024-06-21T21:33:52Z" }, "descriptions": [], "refs": [ @@ -2248,10 +2198,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2293,10 +2242,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2338,10 +2286,9 @@ "CWE-121", "CWE-787" ], - "created": "", + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", "published": "2022-09-06T00:00:27Z", - "updated": "2024-03-15T12:30:36Z", - "rejected": "" + "updated": "2024-03-15T12:30:36Z" }, "descriptions": [], "refs": [ @@ -2383,10 +2330,9 @@ "CWE-400", "CWE-776" ], - "created": "", + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", "published": "2022-08-31T00:00:24Z", - "updated": "2024-03-15T19:06:46Z", - "rejected": "" + "updated": "2024-03-15T19:06:46Z" }, "descriptions": [], "refs": [ @@ -2428,10 +2374,9 @@ "CWE-20", "CWE-502" ], - "created": "", + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", "published": "2022-12-12T21:19:47Z", - "updated": "2024-06-24T21:22:59Z", - "rejected": "" + "updated": "2024-06-24T21:22:59Z" }, "descriptions": [], "refs": [ @@ -2472,10 +2417,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", "published": "2021-12-17T20:00:50Z", - "updated": "2023-01-30T05:04:55Z", - "rejected": "" + "updated": "2023-01-30T05:04:55Z" }, "descriptions": [], "refs": [ @@ -2516,10 +2460,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", "published": "2023-11-29T12:30:16Z", - "updated": "2023-12-05T21:31:13Z", - "rejected": "" + "updated": "2023-12-05T21:31:13Z" }, "descriptions": [], "refs": [ @@ -2566,10 +2509,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", "published": "2021-03-10T03:46:47Z", - "updated": "2023-02-01T05:05:09Z", - "rejected": "" + "updated": "2023-02-01T05:05:09Z" }, "descriptions": [], "refs": [ @@ -2610,10 +2552,9 @@ "cwe": [ "CWE-613" ], - "created": "", + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", "published": "2021-06-23T20:23:04Z", - "updated": "2023-02-01T05:05:59Z", - "rejected": "" + "updated": "2023-02-01T05:05:59Z" }, "descriptions": [], "refs": [ @@ -2656,10 +2597,9 @@ "CWE-551", "CWE-755" ], - "created": "", + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", "published": "2021-04-06T17:31:30Z", - "updated": "2023-09-26T11:11:47Z", - "rejected": "" + "updated": "2023-09-26T11:11:47Z" }, "descriptions": [], "refs": [ @@ -2700,10 +2640,9 @@ "cwe": [ "CWE-200" ], - "created": "", + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", "published": "2023-04-18T22:19:57Z", - "updated": "2023-11-06T05:01:53Z", - "rejected": "" + "updated": "2023-11-06T05:01:53Z" }, "descriptions": [], "refs": [ @@ -2745,10 +2684,9 @@ "CWE-400", "CWE-770" ], - "created": "", + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", "published": "2023-04-19T18:15:45Z", - "updated": "2023-11-06T05:02:06Z", - "rejected": "" + "updated": "2023-11-06T05:02:06Z" }, "descriptions": [], "refs": [ @@ -2789,10 +2727,9 @@ "cwe": [ "CWE-226" ], - "created": "", + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", "published": "2020-12-02T18:28:18Z", - "updated": "2024-02-21T17:23:14Z", - "rejected": "" + "updated": "2024-02-21T17:23:14Z" }, "descriptions": [], "refs": [ @@ -2833,10 +2770,9 @@ "cwe": [ "CWE-20" ], - "created": "", + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", "published": "2022-07-07T20:55:34Z", - "updated": "2023-01-29T05:06:01Z", - "rejected": "" + "updated": "2023-01-29T05:06:01Z" }, "descriptions": [], "refs": [ @@ -2879,10 +2815,9 @@ "cwe": [ "CWE-130" ], - "created": "", + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", "published": "2023-09-14T16:17:27Z", - "updated": "2023-11-06T05:01:59Z", - "rejected": "" + "updated": "2023-11-06T05:01:59Z" }, "descriptions": [], "refs": [ @@ -2927,10 +2862,9 @@ "CWE-379", "CWE-552" ], - "created": "", + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", "published": "2020-11-04T17:50:24Z", - "updated": "2023-11-27T23:07:53Z", - "rejected": "" + "updated": "2023-11-27T23:07:53Z" }, "descriptions": [], "refs": [ @@ -2971,10 +2905,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", "published": "2023-07-10T21:52:39Z", - "updated": "2023-09-05T22:39:32Z", - "rejected": "" + "updated": "2023-09-05T22:39:32Z" }, "descriptions": [], "refs": [ @@ -3015,10 +2948,9 @@ "cwe": [ "CWE-200" ], - "created": "", + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", "published": "2021-06-10T15:43:22Z", - "updated": "2023-02-01T05:05:51Z", - "rejected": "" + "updated": "2023-02-01T05:05:51Z" }, "descriptions": [], "refs": [ @@ -3061,10 +2993,9 @@ "cwe": [ "CWE-149" ], - "created": "", + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", "published": "2023-09-14T16:16:00Z", - "updated": "2023-11-06T05:01:59Z", - "rejected": "" + "updated": "2023-11-06T05:01:59Z" }, "descriptions": [], "refs": [ @@ -3108,10 +3039,9 @@ "CWE-200", "CWE-732" ], - "created": "", + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", "published": "2020-10-12T17:33:00Z", - "updated": "2023-02-01T05:04:50Z", - "rejected": "" + "updated": "2023-02-01T05:04:50Z" }, "descriptions": [], "refs": [ @@ -3152,10 +3082,7 @@ "CCI-001643" ], "cwe": [], - "created": "", - "published": "", - "updated": "", - "rejected": "" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4" }, "descriptions": [], "refs": [ @@ -3194,10 +3121,7 @@ "CCI-001643" ], "cwe": [], - "created": "", - "published": "", - "updated": "", - "rejected": "" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" }, "descriptions": [], "refs": [ @@ -3237,10 +3161,9 @@ "cwe": [ "CWE-89" ], - "created": "", + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", "published": "2022-02-09T22:57:29Z", - "updated": "2024-06-27T16:39:59Z", - "rejected": "" + "updated": "2024-06-27T16:39:59Z" }, "descriptions": [], "refs": [ @@ -3281,10 +3204,9 @@ "cwe": [ "CWE-89" ], - "created": "", + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", "published": "2022-02-10T23:05:04Z", - "updated": "2024-06-27T18:05:49Z", - "rejected": "" + "updated": "2024-06-27T18:05:49Z" }, "descriptions": [], "refs": [ @@ -3325,10 +3247,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", "published": "2020-06-05T16:13:36Z", - "updated": "2023-01-27T05:02:30Z", - "rejected": "" + "updated": "2023-01-27T05:02:30Z" }, "descriptions": [], "refs": [ @@ -3369,10 +3290,9 @@ "cwe": [ "CWE-79" ], - "created": "", + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", "published": "2021-06-03T23:40:23Z", - "updated": "2023-02-01T05:05:30Z", - "rejected": "" + "updated": "2023-02-01T05:05:30Z" }, "descriptions": [], "refs": [ @@ -3413,10 +3333,9 @@ "cwe": [ "CWE-611" ], - "created": "", + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", "published": "2022-03-05T00:00:45Z", - "updated": "2023-01-27T05:02:46Z", - "rejected": "" + "updated": "2023-01-27T05:02:46Z" }, "descriptions": [], "refs": [ @@ -3458,10 +3377,9 @@ "CWE-400", "CWE-410" ], - "created": "", + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", "published": "2022-07-07T20:55:40Z", - "updated": "2023-07-24T19:39:20Z", - "rejected": "" + "updated": "2023-07-24T19:39:20Z" }, "descriptions": [], "refs": [ @@ -3502,10 +3420,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", "published": "2023-10-10T21:28:24Z", - "updated": "2024-06-21T21:34:00Z", - "rejected": "" + "updated": "2024-06-21T21:34:00Z" }, "descriptions": [], "refs": [ @@ -3552,10 +3469,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", "published": "2024-02-26T20:13:46Z", - "updated": "2024-05-02T18:38:19Z", - "rejected": "" + "updated": "2024-05-02T18:38:19Z" }, "descriptions": [], "refs": [ @@ -3596,10 +3512,9 @@ "cwe": [ "CWE-190" ], - "created": "", + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", "published": "2023-10-10T21:16:23Z", - "updated": "2024-06-21T21:33:57Z", - "rejected": "" + "updated": "2024-06-21T21:33:57Z" }, "descriptions": [], "refs": [ @@ -3642,10 +3557,9 @@ "cwe": [ "CWE-295" ], - "created": "", + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", "published": "2018-10-18T18:06:08Z", - "updated": "2023-01-09T05:03:38Z", - "rejected": "" + "updated": "2023-01-09T05:03:38Z" }, "descriptions": [], "refs": [ @@ -3686,10 +3600,9 @@ "cwe": [ "CWE-400" ], - "created": "", + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", "published": "2023-10-24T01:49:09Z", - "updated": "2023-11-05T05:04:23Z", - "rejected": "" + "updated": "2023-11-05T05:04:23Z" }, "descriptions": [], "refs": [ @@ -3730,10 +3643,9 @@ "cwe": [ "CWE-502" ], - "created": "", + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", "published": "2022-01-06T23:55:09Z", - "updated": "2023-02-25T00:31:20Z", - "rejected": "" + "updated": "2023-02-25T00:31:20Z" }, "descriptions": [], "refs": [ @@ -3776,10 +3688,9 @@ "cwe": [ "CWE-88" ], - "created": "", + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", "published": "2022-01-21T23:07:39Z", - "updated": "2023-08-18T15:47:05Z", - "rejected": "" + "updated": "2023-08-18T15:47:05Z" }, "descriptions": [], "refs": [ @@ -3810,7 +3721,7 @@ ] } ], - "sha256": "a2a9f29c527b6e627114bf5ca676805fe7920a9ad1e0d2d63f3444f0c35d1f69" + "sha256": "06574c20a58f48f045cf9aba2effceb9634cdd9cca107aaeae15a889cdf4794f" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json index 4b9bd0f71f..afd1a1dcf3 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json @@ -27,8 +27,7 @@ ], "created": "2020-12-03T00:00:00.000Z", "published": "2020-12-03T00:00:00.000Z", - "updated": "2021-10-26T00:00:00.000Z", - "rejected": "" + "updated": "2021-10-26T00:00:00.000Z" }, "descriptions": [ { @@ -103,7 +102,7 @@ ] } ], - "sha256": "b49665f82538e2550edbdc5cb008df636fbf721891c517523017b9aab060b92e" + "sha256": "b15bd8e5f6b7f08dce1e8de61578c821e8b7a42d8d82dcaa8ebb3390667a0759" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json index 75e302f6be..44243a4da9 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json @@ -27,8 +27,7 @@ ], "created": "2020-12-03T00:00:00.000Z", "published": "2020-12-03T00:00:00.000Z", - "updated": "2021-10-26T00:00:00.000Z", - "rejected": "" + "updated": "2021-10-26T00:00:00.000Z" }, "descriptions": [ { @@ -103,7 +102,7 @@ ] } ], - "sha256": "b49665f82538e2550edbdc5cb008df636fbf721891c517523017b9aab060b92e" + "sha256": "b15bd8e5f6b7f08dce1e8de61578c821e8b7a42d8d82dcaa8ebb3390667a0759" } ], "passthrough": { diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 945039ae8e..36d2cc8942 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -80,6 +80,11 @@ function maxImpact(ratings: RatingRepository): number { return impact; } +// Return original string if it exists, else return undefined +function filterString(input: string): string | undefined { + return input ? input : undefined; +} + export class CycloneDXSBOMResults { data: DataStorage; withRaw: boolean; @@ -247,8 +252,8 @@ export class CycloneDXSBOMMapper extends BaseConverter { { name: { path: 'raw.metadata.component', - transformer: (input: Record): string => - input['bom-ref'] + transformer: (input: Component): string => + _.has(input, 'bom-ref') ? `CycloneDX BOM Report: ${input.type}/${input['bom-ref']}` : 'CycloneDX BOM Report' }, @@ -265,24 +270,21 @@ export class CycloneDXSBOMMapper extends BaseConverter { }, version: { path: 'raw.metadata.component.version', - transformer: (input: string): string | undefined => - input ? `${input}` : undefined + transformer: filterString }, maintainer: { path: 'raw.metadata.component', - transformer: (input: Record): string | undefined => { + transformer: (input: Component): string | undefined => { // Check through every single possible field which may hold ownership over this component if (input.author) { // `author` is deprecated in v1.6 but may still appear return `${input.author}`; - } else if (input.authors) { + } else if (_.has(input, 'authors')) { // Join list of component authors - let msg = ''; - for (const author of input.authors as Record[]) { - msg += `${author.name}, `; - } - return msg.slice(0, -2); - } else if (input.manufacturer) { + return (input.authors as Record[]) + .map((author) => author.name) + .join(', '); + } else if (_.has(input, 'manufacturer')) { // If we can't pinpoint the exact authors, resort to the organization return `${(input.manufacturer as Record).name}`; } else { @@ -291,14 +293,12 @@ export class CycloneDXSBOMMapper extends BaseConverter { } }, summary: { - path: 'raw.metadata.component', - transformer: (input: Component): string | undefined => - input.description ? `${input.description}` : undefined + path: 'raw.metadata.component.description', + transformer: filterString }, copyright: { - path: 'raw.metadata.component', - transformer: (input: Component): string | undefined => - input.copyright ? `${input.copyright}` : undefined + path: 'raw.metadata.component.copyright', + transformer: filterString }, license: { path: 'raw.metadata.component', @@ -337,15 +337,31 @@ export class CycloneDXSBOMMapper extends BaseConverter { getCCIsForNISTTags(getNISTTags(input)) }, cwe: {path: 'cwes', transformer: formatCWETags}, - created: {path: 'created'}, - published: {path: 'published'}, - updated: {path: 'updated'}, - rejected: {path: 'rejected'} + 'bom-ref': { + path: 'bom-ref', + transformer: filterString + }, + created: { + path: 'created', + transformer: filterString + }, + published: { + path: 'published', + transformer: filterString + }, + updated: { + path: 'updated', + transformer: filterString + }, + rejected: { + path: 'rejected', + transformer: filterString + } }, descriptions: [ { path: 'detail', - transformer: (input: Record) => + transformer: (input: string) => input ? {data: input, label: 'Detail'} : undefined } as unknown as ExecJSON.ControlDescription, { @@ -406,15 +422,13 @@ export class CycloneDXSBOMMapper extends BaseConverter { source_location: {}, title: { // Give description as title if possible - transformer: (input: Record): string => + transformer: (input: Vulnerability): string => input.description ? `${input.description}` : `${input.id}` }, id: {path: 'id'}, desc: { path: 'description', - transformer: ( - input: Record - ): string | undefined => (input ? `${input}` : undefined) + transformer: filterString }, impact: {path: 'ratings', transformer: maxImpact}, code: { @@ -468,7 +482,7 @@ export class CycloneDXSBOMMapper extends BaseConverter { ); let msg = '-Component Summary-'; for (const item in selectComponentValues) { - if (_.get(selectComponentValues, item) instanceof Array) { + if (Array.isArray(_.get(selectComponentValues, item))) { msg += `\n\n- ${_.capitalize(item)}: ${JSON.stringify(_.get(selectComponentValues, item), null, 2).replace(/"/g, '')}`; } else { msg += `\n\n- ${_.capitalize(item)}: ${_.get(selectComponentValues, item)}`; From 39480e387f6cd8c04e386b171dd2bfafd32028e5 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Tue, 13 Aug 2024 12:10:10 -0400 Subject: [PATCH 46/61] Continued typing edits Signed-off-by: Charles Hu --- .../sbom-vex-hdf-withraw.json | 4 +- .../cyclonedx_sbom_mapper/sbom-vex-hdf.json | 4 +- .../src/cyclonedx-sbom-mapper.ts | 38 ++++++++++++++----- 3 files changed, 32 insertions(+), 14 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json index afd1a1dcf3..6d3b3d889f 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json @@ -90,7 +90,7 @@ "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", "id": "CVE-2020-25649", "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", - "impact": 0.82, + "impact": 0, "code": "{\n \"id\": \"CVE-2020-25649\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-25649\"\n },\n \"references\": [\n {\n \"id\": \"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\",\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n }\n }\n ],\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1\"\n },\n \"score\": 7.5,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n },\n \"score\": 8.2,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"Acme Inc\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1\"\n },\n \"score\": 0,\n \"severity\": \"none\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\",\n \"detail\": \"XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\\n\\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\",\n \"recommendation\": \"Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.\",\n \"advisories\": [\n {\n \"title\": \"GitHub Commit\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59\"\n },\n {\n \"title\": \"GitHub Issue\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/issues/2589\"\n },\n {\n \"title\": \"RedHat Bugzilla Bug\",\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\"\n }\n ],\n \"created\": \"2020-12-03T00:00:00.000Z\",\n \"published\": \"2020-12-03T00:00:00.000Z\",\n \"updated\": \"2021-10-26T00:00:00.000Z\",\n \"credits\": {\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n },\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\"\n }\n ]\n}", "results": [ { @@ -102,7 +102,7 @@ ] } ], - "sha256": "b15bd8e5f6b7f08dce1e8de61578c821e8b7a42d8d82dcaa8ebb3390667a0759" + "sha256": "1fc25a62c2f831ebe656e348d1aa77c3d6515020aa67a84f73ce97211ba593a7" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json index 44243a4da9..71f655494d 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json @@ -90,7 +90,7 @@ "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", "id": "CVE-2020-25649", "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", - "impact": 0.82, + "impact": 0, "code": "{\n \"id\": \"CVE-2020-25649\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-25649\"\n },\n \"references\": [\n {\n \"id\": \"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\",\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n }\n }\n ],\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1\"\n },\n \"score\": 7.5,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n },\n \"score\": 8.2,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"Acme Inc\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1\"\n },\n \"score\": 0,\n \"severity\": \"none\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\",\n \"detail\": \"XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\\n\\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\",\n \"recommendation\": \"Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.\",\n \"advisories\": [\n {\n \"title\": \"GitHub Commit\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59\"\n },\n {\n \"title\": \"GitHub Issue\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/issues/2589\"\n },\n {\n \"title\": \"RedHat Bugzilla Bug\",\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\"\n }\n ],\n \"created\": \"2020-12-03T00:00:00.000Z\",\n \"published\": \"2020-12-03T00:00:00.000Z\",\n \"updated\": \"2021-10-26T00:00:00.000Z\",\n \"credits\": {\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n },\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\"\n }\n ]\n}", "results": [ { @@ -102,7 +102,7 @@ ] } ], - "sha256": "b15bd8e5f6b7f08dce1e8de61578c821e8b7a42d8d82dcaa8ebb3390667a0759" + "sha256": "1fc25a62c2f831ebe656e348d1aa77c3d6515020aa67a84f73ce97211ba593a7" } ], "passthrough": { diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 36d2cc8942..257a4a23ec 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -67,7 +67,7 @@ function maxImpact(ratings: RatingRepository): number { let impact = 0; for (const rating of ratings) { // Prefer to use CVSS-based `score` field when possible - if (rating.score && _.get(rating, 'method') == 'CVSSv31') { + if (rating.score && _.get(rating, 'method') === 'CVSSv31') { impact = rating.score / 10 > impact ? rating.score / 10 : impact; } else { // Else interpret it from `severity` field @@ -275,18 +275,19 @@ export class CycloneDXSBOMMapper extends BaseConverter { maintainer: { path: 'raw.metadata.component', transformer: (input: Component): string | undefined => { + // Find organization of authors if possible + const manufacturer = _.has(input, 'manufacturer') + ? ` (${(input.manufacturer as Record).name})` + : ''; // Check through every single possible field which may hold ownership over this component - if (input.author) { - // `author` is deprecated in v1.6 but may still appear - return `${input.author}`; - } else if (_.has(input, 'authors')) { + if (_.has(input, 'authors')) { // Join list of component authors return (input.authors as Record[]) - .map((author) => author.name) + .map((author) => `${author.name}${manufacturer}`) .join(', '); - } else if (_.has(input, 'manufacturer')) { - // If we can't pinpoint the exact authors, resort to the organization - return `${(input.manufacturer as Record).name}`; + } else if (input.author) { + // `author` is deprecated in v1.6 but may still appear + return `${input.author}${manufacturer}`; } else { return undefined; } @@ -430,7 +431,24 @@ export class CycloneDXSBOMMapper extends BaseConverter { path: 'description', transformer: filterString }, - impact: {path: 'ratings', transformer: maxImpact}, + impact: { + transformer: (input: Vulnerability): number => { + // The `rejected` and `analysis` field may contain information on whether this vulnerability is impactful + if ( + _.has(input, 'rejected') || + [ + 'resolved', + 'resolved_with_pedigree', + 'false_positive', + 'not_affected' + ].includes(_.get(input.analysis, 'state') as string) + ) { + return 0; + } else { + return maxImpact(input.ratings); + } + } + }, code: { transformer: (vulnerability: Record): string => JSON.stringify( From 86604cd62fb453eb4fac04f73e94eb35639610ee Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Tue, 13 Aug 2024 14:43:11 -0400 Subject: [PATCH 47/61] Message refactor Signed-off-by: Charles Hu --- .../sbom-dropwizard-vulns-hdf-withraw.json | 172 +++++++++--------- .../sbom-dropwizard-vulns-hdf.json | 172 +++++++++--------- .../src/cyclonedx-sbom-mapper.ts | 17 +- yarn.lock | 2 +- 4 files changed, 181 insertions(+), 182 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index a70a6d949f..46f39e0dda 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -59,7 +59,7 @@ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -105,7 +105,7 @@ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -148,7 +148,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -191,7 +191,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -234,7 +234,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -277,7 +277,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -320,7 +320,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -363,7 +363,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -406,7 +406,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -449,7 +449,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -492,7 +492,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -535,7 +535,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -578,7 +578,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -621,7 +621,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -664,7 +664,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -707,7 +707,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -750,7 +750,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -793,7 +793,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -836,7 +836,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -879,7 +879,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -922,7 +922,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -965,7 +965,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1009,7 +1009,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1052,7 +1052,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1095,7 +1095,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1138,7 +1138,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1181,7 +1181,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1224,7 +1224,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1267,7 +1267,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1310,7 +1310,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1353,7 +1353,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1396,7 +1396,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1439,7 +1439,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1482,7 +1482,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1525,7 +1525,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1568,7 +1568,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1611,7 +1611,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1655,7 +1655,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1699,7 +1699,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1742,7 +1742,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1785,7 +1785,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1828,7 +1828,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1871,7 +1871,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1915,7 +1915,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1958,7 +1958,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2093,7 +2093,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2137,7 +2137,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2181,7 +2181,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2225,7 +2225,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2269,7 +2269,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2313,7 +2313,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2357,7 +2357,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2401,7 +2401,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2444,7 +2444,7 @@ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n]", "start_time": "" } ] @@ -2487,13 +2487,13 @@ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n\n- Group: ch.qos.logback\n\n- Name: logback-classic\n\n- Version: 1.2.3\n\n- Description: logback-classic module\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n\n- Group: ch.qos.logback\n\n- Name: logback-classic\n\n- Version: 1.2.3\n\n- Description: logback-classic module\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n]", "start_time": "" } ] @@ -2536,7 +2536,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2579,7 +2579,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2624,7 +2624,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2667,7 +2667,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2711,7 +2711,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2754,7 +2754,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2797,7 +2797,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2842,7 +2842,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2889,7 +2889,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-webapp\n\n- Version: 9.4.18.v20190429\n\n- Description: Jetty web application support\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-webapp\n\n- Version: 9.4.18.v20190429\n\n- Description: Jetty web application support\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2932,7 +2932,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-xml\n\n- Version: 9.4.18.v20190429\n\n- Description: The jetty xml utilities.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-xml\n\n- Version: 9.4.18.v20190429\n\n- Description: The jetty xml utilities.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2975,7 +2975,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -3020,7 +3020,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -3066,7 +3066,7 @@ { "status": "failed", "code_desc": "Component junit/junit@4.12 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n\n- Group: junit\n\n- Name: junit\n\n- Version: 4.12\n\n- Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.eclipse.org/legal/epl-v10.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n\n- Group: junit\n\n- Name: junit\n\n- Version: 4.12\n\n- Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.eclipse.org/legal/epl-v10.html\"\n }\n }\n]", "start_time": "" } ] @@ -3105,7 +3105,7 @@ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -3145,7 +3145,7 @@ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -3188,7 +3188,7 @@ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n]", "start_time": "" } ] @@ -3231,7 +3231,7 @@ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n]", "start_time": "" } ] @@ -3274,7 +3274,7 @@ { "status": "failed", "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n\n- Group: org.dom4j\n\n- Name: dom4j\n\n- Version: 2.1.1\n\n- Description: flexible XML framework for Java\n\n- Licenses: [\n {\n license: {\n name: BSD 3-clause New License,\n url: https://github.com/dom4j/dom4j/blob/master/LICENSE\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n\n- Group: org.dom4j\n\n- Name: dom4j\n\n- Version: 2.1.1\n\n- Description: flexible XML framework for Java\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"BSD 3-clause New License\",\n \"url\": \"https://github.com/dom4j/dom4j/blob/master/LICENSE\"\n }\n }\n]", "start_time": "" } ] @@ -3317,7 +3317,7 @@ { "status": "failed", "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n\n- Group: org.apache.httpcomponents\n\n- Name: httpclient\n\n- Version: 4.5.7\n\n- Description: Apache HttpComponents Client\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n\n- Group: org.apache.httpcomponents\n\n- Name: httpclient\n\n- Version: 4.5.7\n\n- Description: Apache HttpComponents Client\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -3360,7 +3360,7 @@ { "status": "failed", "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n\n- Group: org.liquibase\n\n- Name: liquibase-core\n\n- Version: 3.6.3\n\n- Description: Liquibase is a tool for managing and executing database changes.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n\n- Group: org.liquibase\n\n- Name: liquibase-core\n\n- Version: 3.6.3\n\n- Description: Liquibase is a tool for managing and executing database changes.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -3404,7 +3404,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -3447,13 +3447,13 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -3496,7 +3496,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -3539,7 +3539,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-hpack\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-hpack\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -3584,7 +3584,7 @@ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n]", "start_time": "" } ] @@ -3627,7 +3627,7 @@ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n]", "start_time": "" } ] @@ -3670,7 +3670,7 @@ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n]", "start_time": "" } ] @@ -3715,13 +3715,13 @@ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n]", "start_time": "" } ] } ], - "sha256": "06574c20a58f48f045cf9aba2effceb9634cdd9cca107aaeae15a889cdf4794f" + "sha256": "53c9399539481b2d9a9b63e0a7edaf1dd2048d16e8af76e76e02dfa997bd4106" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json index c3a88b3705..446ebf3d81 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -59,7 +59,7 @@ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -105,7 +105,7 @@ { "status": "failed", "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -148,7 +148,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -191,7 +191,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -234,7 +234,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -277,7 +277,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -320,7 +320,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -363,7 +363,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -406,7 +406,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -449,7 +449,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -492,7 +492,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -535,7 +535,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -578,7 +578,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -621,7 +621,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -664,7 +664,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -707,7 +707,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -750,7 +750,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -793,7 +793,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -836,7 +836,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -879,7 +879,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -922,7 +922,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -965,7 +965,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1009,7 +1009,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1052,7 +1052,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1095,7 +1095,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1138,7 +1138,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1181,7 +1181,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1224,7 +1224,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1267,7 +1267,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1310,7 +1310,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1353,7 +1353,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1396,7 +1396,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1439,7 +1439,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1482,7 +1482,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1525,7 +1525,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1568,7 +1568,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1611,7 +1611,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1655,7 +1655,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1699,7 +1699,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1742,7 +1742,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1785,7 +1785,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1828,7 +1828,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1871,7 +1871,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1915,7 +1915,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -1958,7 +1958,7 @@ { "status": "failed", "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2093,7 +2093,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2137,7 +2137,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2181,7 +2181,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2225,7 +2225,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2269,7 +2269,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2313,7 +2313,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2357,7 +2357,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2401,7 +2401,7 @@ { "status": "failed", "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -2444,7 +2444,7 @@ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n]", "start_time": "" } ] @@ -2487,13 +2487,13 @@ { "status": "failed", "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n\n- Group: ch.qos.logback\n\n- Name: logback-classic\n\n- Version: 1.2.3\n\n- Description: logback-classic module\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n\n- Group: ch.qos.logback\n\n- Name: logback-classic\n\n- Version: 1.2.3\n\n- Description: logback-classic module\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n]", "start_time": "" } ] @@ -2536,7 +2536,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2579,7 +2579,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2624,7 +2624,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2667,7 +2667,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2711,7 +2711,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2754,7 +2754,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2797,7 +2797,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2842,7 +2842,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2889,7 +2889,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-webapp\n\n- Version: 9.4.18.v20190429\n\n- Description: Jetty web application support\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-webapp\n\n- Version: 9.4.18.v20190429\n\n- Description: Jetty web application support\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2932,7 +2932,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-xml\n\n- Version: 9.4.18.v20190429\n\n- Description: The jetty xml utilities.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-xml\n\n- Version: 9.4.18.v20190429\n\n- Description: The jetty xml utilities.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -2975,7 +2975,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -3020,7 +3020,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -3066,7 +3066,7 @@ { "status": "failed", "code_desc": "Component junit/junit@4.12 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n\n- Group: junit\n\n- Name: junit\n\n- Version: 4.12\n\n- Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0,\n url: http://www.eclipse.org/legal/epl-v10.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n\n- Group: junit\n\n- Name: junit\n\n- Version: 4.12\n\n- Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.eclipse.org/legal/epl-v10.html\"\n }\n }\n]", "start_time": "" } ] @@ -3105,7 +3105,7 @@ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -3145,7 +3145,7 @@ { "status": "failed", "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -3188,7 +3188,7 @@ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n]", "start_time": "" } ] @@ -3231,7 +3231,7 @@ { "status": "failed", "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n license: {\n name: GNU Lesser General Public License,\n url: http://www.gnu.org/licenses/lgpl-2.1.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n]", "start_time": "" } ] @@ -3274,7 +3274,7 @@ { "status": "failed", "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n\n- Group: org.dom4j\n\n- Name: dom4j\n\n- Version: 2.1.1\n\n- Description: flexible XML framework for Java\n\n- Licenses: [\n {\n license: {\n name: BSD 3-clause New License,\n url: https://github.com/dom4j/dom4j/blob/master/LICENSE\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n\n- Group: org.dom4j\n\n- Name: dom4j\n\n- Version: 2.1.1\n\n- Description: flexible XML framework for Java\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"BSD 3-clause New License\",\n \"url\": \"https://github.com/dom4j/dom4j/blob/master/LICENSE\"\n }\n }\n]", "start_time": "" } ] @@ -3317,7 +3317,7 @@ { "status": "failed", "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n\n- Group: org.apache.httpcomponents\n\n- Name: httpclient\n\n- Version: 4.5.7\n\n- Description: Apache HttpComponents Client\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n\n- Group: org.apache.httpcomponents\n\n- Name: httpclient\n\n- Version: 4.5.7\n\n- Description: Apache HttpComponents Client\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -3360,7 +3360,7 @@ { "status": "failed", "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n\n- Group: org.liquibase\n\n- Name: liquibase-core\n\n- Version: 3.6.3\n\n- Description: Liquibase is a tool for managing and executing database changes.\n\n- Licenses: [\n {\n license: {\n id: Apache-2.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n\n- Group: org.liquibase\n\n- Name: liquibase-core\n\n- Version: 3.6.3\n\n- Description: Liquibase is a tool for managing and executing database changes.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", "start_time": "" } ] @@ -3404,7 +3404,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -3447,13 +3447,13 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" }, { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -3496,7 +3496,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -3539,7 +3539,7 @@ { "status": "failed", "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-hpack\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n license: {\n id: EPL-1.0\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-hpack\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", "start_time": "" } ] @@ -3584,7 +3584,7 @@ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n]", "start_time": "" } ] @@ -3627,7 +3627,7 @@ { "status": "failed", "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n license: {\n id: MPL-1.1\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n]", "start_time": "" } ] @@ -3670,7 +3670,7 @@ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n]", "start_time": "" } ] @@ -3715,13 +3715,13 @@ { "status": "failed", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", - "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n license: {\n name: MPL 2.0 or EPL 1.0,\n url: http://h2database.com/html/license.html\n }\n }\n]", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n]", "start_time": "" } ] } ], - "sha256": "06574c20a58f48f045cf9aba2effceb9634cdd9cca107aaeae15a889cdf4794f" + "sha256": "53c9399539481b2d9a9b63e0a7edaf1dd2048d16e8af76e76e02dfa997bd4106" } ], "passthrough": { diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 257a4a23ec..869e89ff20 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -498,15 +498,14 @@ export class CycloneDXSBOMMapper extends BaseConverter { 'copyright' ] ); - let msg = '-Component Summary-'; - for (const item in selectComponentValues) { - if (Array.isArray(_.get(selectComponentValues, item))) { - msg += `\n\n- ${_.capitalize(item)}: ${JSON.stringify(_.get(selectComponentValues, item), null, 2).replace(/"/g, '')}`; - } else { - msg += `\n\n- ${_.capitalize(item)}: ${_.get(selectComponentValues, item)}`; - } - } - return msg; + const msg = Object.keys(selectComponentValues) + .map((key) => { + return Array.isArray(selectComponentValues[key]) + ? `\n\n- ${_.capitalize(key)}: ${JSON.stringify(selectComponentValues[key], null, 2)}` + : `\n\n- ${_.capitalize(key)}: ${selectComponentValues[key]}`; + }) + .join(''); + return `-Component Summary-${msg}`; } }, start_time: '' diff --git a/yarn.lock b/yarn.lock index 44c27b9859..d608b848a9 100644 --- a/yarn.lock +++ b/yarn.lock @@ -17104,7 +17104,7 @@ pretty@2.0.0, pretty@^2.0.0: extend-shallow "^2.0.1" js-beautify "^1.6.12" -prismjs@^1.23.0, prismjs@^1.29.0: +prismjs@1.29.0, prismjs@^1.23.0, prismjs@^1.29.0: version "1.29.0" resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.29.0.tgz#f113555a8fa9b57c35e637bba27509dcf802dd12" integrity sha512-Kx/1w86q/epKcmte75LNrEoT+lX8pBpavuAbvJWRXar7Hz8jrtF+e3vY751p0R8H9HdArwaCTNDDzHg/ScJK1Q== From 5bec25267e170370537ef12f6dea844c6b1bcf47 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Tue, 13 Aug 2024 15:29:23 -0400 Subject: [PATCH 48/61] Tags & description field changes Signed-off-by: Charles Hu --- .../sbom-dropwizard-vex-hdf-withraw.json | 91 ++++++++++++++++++- .../sbom-dropwizard-vex-hdf.json | 91 ++++++++++++++++++- .../sbom-dropwizard-vulns-hdf-withraw.json | 91 ++++++++++++++++++- .../sbom-dropwizard-vulns-hdf.json | 91 ++++++++++++++++++- .../sbom-vex-hdf-withraw.json | 14 ++- .../cyclonedx_sbom_mapper/sbom-vex-hdf.json | 14 ++- .../src/cyclonedx-sbom-mapper.ts | 53 +++++++---- 7 files changed, 398 insertions(+), 47 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index 0832fa8901..b985a3f544 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -33,6 +33,7 @@ "CWE-732" ], "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "ratings": "GITHUB - low", "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, @@ -79,6 +80,7 @@ "CWE-552" ], "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "ratings": "GITHUB - medium", "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, @@ -122,6 +124,7 @@ "CWE-502" ], "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "ratings": "GITHUB - critical", "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, @@ -165,6 +168,7 @@ "CWE-502" ], "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, @@ -208,6 +212,7 @@ "CWE-502" ], "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "ratings": "GITHUB - high", "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, @@ -251,6 +256,7 @@ "CWE-502" ], "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, @@ -294,6 +300,7 @@ "CWE-502" ], "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "ratings": "GITHUB - high", "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, @@ -337,6 +344,7 @@ "CWE-502" ], "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, @@ -380,6 +388,7 @@ "CWE-502" ], "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, @@ -423,6 +432,7 @@ "CWE-502" ], "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "ratings": "GITHUB - high", "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, @@ -466,6 +476,7 @@ "CWE-502" ], "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "ratings": "GITHUB - high", "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, @@ -509,6 +520,7 @@ "CWE-502" ], "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, @@ -552,6 +564,7 @@ "CWE-502" ], "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, @@ -595,6 +608,7 @@ "CWE-502" ], "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, @@ -638,6 +652,7 @@ "CWE-502" ], "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, @@ -681,6 +696,7 @@ "CWE-502" ], "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, @@ -724,6 +740,7 @@ "CWE-502" ], "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "ratings": "GITHUB - high", "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, @@ -767,6 +784,7 @@ "CWE-502" ], "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, @@ -810,6 +828,7 @@ "CWE-502" ], "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, @@ -853,6 +872,7 @@ "CWE-502" ], "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "ratings": "GITHUB - critical", "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, @@ -896,6 +916,7 @@ "CWE-502" ], "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, @@ -939,6 +960,7 @@ "CWE-502" ], "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, @@ -983,6 +1005,7 @@ "CWE-502" ], "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "ratings": "GITHUB - high", "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, @@ -1026,6 +1049,7 @@ "CWE-502" ], "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, @@ -1069,6 +1093,7 @@ "CWE-502" ], "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, @@ -1112,6 +1137,7 @@ "CWE-502" ], "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, @@ -1155,6 +1181,7 @@ "CWE-502" ], "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "ratings": "GITHUB - high", "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, @@ -1198,6 +1225,7 @@ "CWE-502" ], "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, @@ -1241,6 +1269,7 @@ "CWE-502" ], "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1284,6 +1313,7 @@ "CWE-502" ], "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1327,6 +1357,7 @@ "CWE-502" ], "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, @@ -1370,6 +1401,7 @@ "CWE-502" ], "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, @@ -1413,6 +1445,7 @@ "CWE-502" ], "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, @@ -1456,6 +1489,7 @@ "CWE-502" ], "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, @@ -1499,6 +1533,7 @@ "CWE-502" ], "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, @@ -1542,6 +1577,7 @@ "CWE-502" ], "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, @@ -1585,6 +1621,7 @@ "CWE-502" ], "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, @@ -1629,6 +1666,7 @@ "CWE-913" ], "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, @@ -1673,6 +1711,7 @@ "CWE-502" ], "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, @@ -1716,6 +1755,7 @@ "CWE-502" ], "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "ratings": "GITHUB - high", "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, @@ -1759,6 +1799,7 @@ "CWE-787" ], "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "ratings": "GITHUB - high", "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, @@ -1802,6 +1843,7 @@ "CWE-611" ], "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "ratings": "GITHUB - high", "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, @@ -1845,6 +1887,7 @@ "CWE-502" ], "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, @@ -1889,6 +1932,7 @@ "CWE-502" ], "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, @@ -1932,6 +1976,7 @@ "CWE-502" ], "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "ratings": "GITHUB - high", "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, @@ -1977,6 +2022,7 @@ "CWE-74" ], "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "ratings": "GITHUB - high", "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, @@ -2022,6 +2068,7 @@ "CWE-74" ], "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "ratings": "GITHUB - high", "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, @@ -2067,6 +2114,7 @@ "CWE-776" ], "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "ratings": "GITHUB - high", "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, @@ -2111,6 +2159,7 @@ "CWE-787" ], "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2155,6 +2204,7 @@ "CWE-787" ], "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "ratings": "GITHUB - medium", "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, @@ -2199,6 +2249,7 @@ "CWE-787" ], "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2243,6 +2294,7 @@ "CWE-787" ], "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2287,6 +2339,7 @@ "CWE-787" ], "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2331,6 +2384,7 @@ "CWE-776" ], "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "ratings": "GITHUB - high", "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, @@ -2375,6 +2429,7 @@ "CWE-502" ], "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "ratings": "GITHUB - high", "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, @@ -2418,6 +2473,7 @@ "CWE-502" ], "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "ratings": "GITHUB - medium", "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, @@ -2461,6 +2517,7 @@ "CWE-502" ], "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "ratings": "GITHUB - high", "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, @@ -2504,6 +2561,7 @@ "CWE-400" ], "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "ratings": "GITHUB - medium", "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, @@ -2547,6 +2605,7 @@ "CWE-613" ], "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "ratings": "GITHUB - low", "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, @@ -2592,6 +2651,7 @@ "CWE-755" ], "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "ratings": "GITHUB - high", "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, @@ -2635,6 +2695,7 @@ "CWE-200" ], "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "ratings": "GITHUB - low", "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, @@ -2679,6 +2740,7 @@ "CWE-770" ], "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ratings": "GITHUB - medium", "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, @@ -2722,6 +2784,7 @@ "CWE-226" ], "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "ratings": "GITHUB - medium", "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, @@ -2765,6 +2828,7 @@ "CWE-20" ], "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "ratings": "GITHUB - low", "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, @@ -2810,6 +2874,7 @@ "CWE-130" ], "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "ratings": "GITHUB - medium", "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, @@ -2857,6 +2922,7 @@ "CWE-552" ], "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "ratings": "GITHUB - high", "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, @@ -2900,6 +2966,7 @@ "CWE-611" ], "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "ratings": "GITHUB - low", "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, @@ -2943,6 +3010,7 @@ "CWE-200" ], "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "ratings": "GITHUB - medium", "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, @@ -2988,6 +3056,7 @@ "CWE-149" ], "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "ratings": "GITHUB - low", "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, @@ -3034,6 +3103,7 @@ "CWE-732" ], "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "ratings": "GITHUB - medium", "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, @@ -3076,7 +3146,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "ratings": "INTERNAL - high" }, "descriptions": [], "refs": [ @@ -3115,7 +3186,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "ratings": "INTERNAL - low" }, "descriptions": [], "refs": [ @@ -3156,6 +3228,7 @@ "CWE-89" ], "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "ratings": "GITHUB - high", "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, @@ -3199,6 +3272,7 @@ "CWE-89" ], "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "ratings": "GITHUB - medium", "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, @@ -3242,6 +3316,7 @@ "CWE-611" ], "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "ratings": "GITHUB - critical", "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, @@ -3285,6 +3360,7 @@ "CWE-79" ], "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "ratings": "GITHUB - medium", "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, @@ -3328,6 +3404,7 @@ "CWE-611" ], "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "ratings": "GITHUB - critical", "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, @@ -3372,6 +3449,7 @@ "CWE-410" ], "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "ratings": "GITHUB - high", "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, @@ -3415,6 +3493,7 @@ "CWE-400" ], "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "ratings": "GITHUB - medium", "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, @@ -3458,6 +3537,7 @@ "CWE-400" ], "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "ratings": "GITHUB - high", "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, @@ -3501,6 +3581,7 @@ "CWE-190" ], "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "ratings": "GITHUB - high", "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, @@ -3546,6 +3627,7 @@ "CWE-295" ], "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "ratings": "GITHUB - medium", "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, @@ -3589,6 +3671,7 @@ "CWE-400" ], "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "ratings": "GITHUB - medium", "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, @@ -3632,6 +3715,7 @@ "CWE-502" ], "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "ratings": "GITHUB - critical", "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, @@ -3677,6 +3761,7 @@ "CWE-88" ], "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "ratings": "GITHUB - critical", "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, @@ -3709,7 +3794,7 @@ ] } ], - "sha256": "48314fff71076b9537498a3e1490bd1bc550593e966b044ae3123e05567b6f0d" + "sha256": "ec883e068c134796d912e6ad9d064585a40b13e566eae02d3ab4d8da3b396c1e" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json index 9856f96ff8..90f3da63cd 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -33,6 +33,7 @@ "CWE-732" ], "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "ratings": "GITHUB - low", "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, @@ -79,6 +80,7 @@ "CWE-552" ], "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "ratings": "GITHUB - medium", "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, @@ -122,6 +124,7 @@ "CWE-502" ], "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "ratings": "GITHUB - critical", "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, @@ -165,6 +168,7 @@ "CWE-502" ], "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, @@ -208,6 +212,7 @@ "CWE-502" ], "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "ratings": "GITHUB - high", "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, @@ -251,6 +256,7 @@ "CWE-502" ], "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, @@ -294,6 +300,7 @@ "CWE-502" ], "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "ratings": "GITHUB - high", "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, @@ -337,6 +344,7 @@ "CWE-502" ], "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, @@ -380,6 +388,7 @@ "CWE-502" ], "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, @@ -423,6 +432,7 @@ "CWE-502" ], "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "ratings": "GITHUB - high", "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, @@ -466,6 +476,7 @@ "CWE-502" ], "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "ratings": "GITHUB - high", "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, @@ -509,6 +520,7 @@ "CWE-502" ], "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, @@ -552,6 +564,7 @@ "CWE-502" ], "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, @@ -595,6 +608,7 @@ "CWE-502" ], "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, @@ -638,6 +652,7 @@ "CWE-502" ], "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, @@ -681,6 +696,7 @@ "CWE-502" ], "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, @@ -724,6 +740,7 @@ "CWE-502" ], "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "ratings": "GITHUB - high", "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, @@ -767,6 +784,7 @@ "CWE-502" ], "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, @@ -810,6 +828,7 @@ "CWE-502" ], "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, @@ -853,6 +872,7 @@ "CWE-502" ], "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "ratings": "GITHUB - critical", "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, @@ -896,6 +916,7 @@ "CWE-502" ], "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, @@ -939,6 +960,7 @@ "CWE-502" ], "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, @@ -983,6 +1005,7 @@ "CWE-502" ], "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "ratings": "GITHUB - high", "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, @@ -1026,6 +1049,7 @@ "CWE-502" ], "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, @@ -1069,6 +1093,7 @@ "CWE-502" ], "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, @@ -1112,6 +1137,7 @@ "CWE-502" ], "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, @@ -1155,6 +1181,7 @@ "CWE-502" ], "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "ratings": "GITHUB - high", "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, @@ -1198,6 +1225,7 @@ "CWE-502" ], "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, @@ -1241,6 +1269,7 @@ "CWE-502" ], "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1284,6 +1313,7 @@ "CWE-502" ], "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1327,6 +1357,7 @@ "CWE-502" ], "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, @@ -1370,6 +1401,7 @@ "CWE-502" ], "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, @@ -1413,6 +1445,7 @@ "CWE-502" ], "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, @@ -1456,6 +1489,7 @@ "CWE-502" ], "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, @@ -1499,6 +1533,7 @@ "CWE-502" ], "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, @@ -1542,6 +1577,7 @@ "CWE-502" ], "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, @@ -1585,6 +1621,7 @@ "CWE-502" ], "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, @@ -1629,6 +1666,7 @@ "CWE-913" ], "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, @@ -1673,6 +1711,7 @@ "CWE-502" ], "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, @@ -1716,6 +1755,7 @@ "CWE-502" ], "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "ratings": "GITHUB - high", "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, @@ -1759,6 +1799,7 @@ "CWE-787" ], "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "ratings": "GITHUB - high", "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, @@ -1802,6 +1843,7 @@ "CWE-611" ], "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "ratings": "GITHUB - high", "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, @@ -1845,6 +1887,7 @@ "CWE-502" ], "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, @@ -1889,6 +1932,7 @@ "CWE-502" ], "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, @@ -1932,6 +1976,7 @@ "CWE-502" ], "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "ratings": "GITHUB - high", "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, @@ -1977,6 +2022,7 @@ "CWE-74" ], "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "ratings": "GITHUB - high", "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, @@ -2022,6 +2068,7 @@ "CWE-74" ], "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "ratings": "GITHUB - high", "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, @@ -2067,6 +2114,7 @@ "CWE-776" ], "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "ratings": "GITHUB - high", "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, @@ -2111,6 +2159,7 @@ "CWE-787" ], "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2155,6 +2204,7 @@ "CWE-787" ], "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "ratings": "GITHUB - medium", "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, @@ -2199,6 +2249,7 @@ "CWE-787" ], "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2243,6 +2294,7 @@ "CWE-787" ], "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2287,6 +2339,7 @@ "CWE-787" ], "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2331,6 +2384,7 @@ "CWE-776" ], "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "ratings": "GITHUB - high", "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, @@ -2375,6 +2429,7 @@ "CWE-502" ], "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "ratings": "GITHUB - high", "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, @@ -2418,6 +2473,7 @@ "CWE-502" ], "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "ratings": "GITHUB - medium", "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, @@ -2461,6 +2517,7 @@ "CWE-502" ], "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "ratings": "GITHUB - high", "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, @@ -2504,6 +2561,7 @@ "CWE-400" ], "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "ratings": "GITHUB - medium", "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, @@ -2547,6 +2605,7 @@ "CWE-613" ], "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "ratings": "GITHUB - low", "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, @@ -2592,6 +2651,7 @@ "CWE-755" ], "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "ratings": "GITHUB - high", "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, @@ -2635,6 +2695,7 @@ "CWE-200" ], "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "ratings": "GITHUB - low", "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, @@ -2679,6 +2740,7 @@ "CWE-770" ], "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ratings": "GITHUB - medium", "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, @@ -2722,6 +2784,7 @@ "CWE-226" ], "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "ratings": "GITHUB - medium", "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, @@ -2765,6 +2828,7 @@ "CWE-20" ], "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "ratings": "GITHUB - low", "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, @@ -2810,6 +2874,7 @@ "CWE-130" ], "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "ratings": "GITHUB - medium", "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, @@ -2857,6 +2922,7 @@ "CWE-552" ], "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "ratings": "GITHUB - high", "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, @@ -2900,6 +2966,7 @@ "CWE-611" ], "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "ratings": "GITHUB - low", "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, @@ -2943,6 +3010,7 @@ "CWE-200" ], "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "ratings": "GITHUB - medium", "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, @@ -2988,6 +3056,7 @@ "CWE-149" ], "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "ratings": "GITHUB - low", "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, @@ -3034,6 +3103,7 @@ "CWE-732" ], "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "ratings": "GITHUB - medium", "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, @@ -3076,7 +3146,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "ratings": "INTERNAL - high" }, "descriptions": [], "refs": [ @@ -3115,7 +3186,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "ratings": "INTERNAL - low" }, "descriptions": [], "refs": [ @@ -3156,6 +3228,7 @@ "CWE-89" ], "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "ratings": "GITHUB - high", "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, @@ -3199,6 +3272,7 @@ "CWE-89" ], "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "ratings": "GITHUB - medium", "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, @@ -3242,6 +3316,7 @@ "CWE-611" ], "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "ratings": "GITHUB - critical", "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, @@ -3285,6 +3360,7 @@ "CWE-79" ], "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "ratings": "GITHUB - medium", "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, @@ -3328,6 +3404,7 @@ "CWE-611" ], "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "ratings": "GITHUB - critical", "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, @@ -3372,6 +3449,7 @@ "CWE-410" ], "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "ratings": "GITHUB - high", "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, @@ -3415,6 +3493,7 @@ "CWE-400" ], "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "ratings": "GITHUB - medium", "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, @@ -3458,6 +3537,7 @@ "CWE-400" ], "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "ratings": "GITHUB - high", "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, @@ -3501,6 +3581,7 @@ "CWE-190" ], "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "ratings": "GITHUB - high", "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, @@ -3546,6 +3627,7 @@ "CWE-295" ], "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "ratings": "GITHUB - medium", "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, @@ -3589,6 +3671,7 @@ "CWE-400" ], "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "ratings": "GITHUB - medium", "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, @@ -3632,6 +3715,7 @@ "CWE-502" ], "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "ratings": "GITHUB - critical", "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, @@ -3677,6 +3761,7 @@ "CWE-88" ], "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "ratings": "GITHUB - critical", "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, @@ -3709,7 +3794,7 @@ ] } ], - "sha256": "48314fff71076b9537498a3e1490bd1bc550593e966b044ae3123e05567b6f0d" + "sha256": "ec883e068c134796d912e6ad9d064585a40b13e566eae02d3ab4d8da3b396c1e" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index 46f39e0dda..f9f0dab584 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -33,6 +33,7 @@ "CWE-732" ], "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "ratings": "GITHUB - low", "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, @@ -79,6 +80,7 @@ "CWE-552" ], "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "ratings": "GITHUB - medium", "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, @@ -122,6 +124,7 @@ "CWE-502" ], "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "ratings": "GITHUB - critical", "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, @@ -165,6 +168,7 @@ "CWE-502" ], "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, @@ -208,6 +212,7 @@ "CWE-502" ], "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "ratings": "GITHUB - high", "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, @@ -251,6 +256,7 @@ "CWE-502" ], "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, @@ -294,6 +300,7 @@ "CWE-502" ], "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "ratings": "GITHUB - high", "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, @@ -337,6 +344,7 @@ "CWE-502" ], "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, @@ -380,6 +388,7 @@ "CWE-502" ], "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, @@ -423,6 +432,7 @@ "CWE-502" ], "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "ratings": "GITHUB - high", "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, @@ -466,6 +476,7 @@ "CWE-502" ], "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "ratings": "GITHUB - high", "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, @@ -509,6 +520,7 @@ "CWE-502" ], "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, @@ -552,6 +564,7 @@ "CWE-502" ], "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, @@ -595,6 +608,7 @@ "CWE-502" ], "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, @@ -638,6 +652,7 @@ "CWE-502" ], "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, @@ -681,6 +696,7 @@ "CWE-502" ], "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, @@ -724,6 +740,7 @@ "CWE-502" ], "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "ratings": "GITHUB - high", "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, @@ -767,6 +784,7 @@ "CWE-502" ], "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, @@ -810,6 +828,7 @@ "CWE-502" ], "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, @@ -853,6 +872,7 @@ "CWE-502" ], "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "ratings": "GITHUB - critical", "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, @@ -896,6 +916,7 @@ "CWE-502" ], "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, @@ -939,6 +960,7 @@ "CWE-502" ], "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, @@ -983,6 +1005,7 @@ "CWE-502" ], "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "ratings": "GITHUB - high", "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, @@ -1026,6 +1049,7 @@ "CWE-502" ], "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, @@ -1069,6 +1093,7 @@ "CWE-502" ], "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, @@ -1112,6 +1137,7 @@ "CWE-502" ], "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, @@ -1155,6 +1181,7 @@ "CWE-502" ], "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "ratings": "GITHUB - high", "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, @@ -1198,6 +1225,7 @@ "CWE-502" ], "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, @@ -1241,6 +1269,7 @@ "CWE-502" ], "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1284,6 +1313,7 @@ "CWE-502" ], "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1327,6 +1357,7 @@ "CWE-502" ], "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, @@ -1370,6 +1401,7 @@ "CWE-502" ], "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, @@ -1413,6 +1445,7 @@ "CWE-502" ], "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, @@ -1456,6 +1489,7 @@ "CWE-502" ], "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, @@ -1499,6 +1533,7 @@ "CWE-502" ], "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, @@ -1542,6 +1577,7 @@ "CWE-502" ], "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, @@ -1585,6 +1621,7 @@ "CWE-502" ], "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, @@ -1629,6 +1666,7 @@ "CWE-913" ], "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, @@ -1673,6 +1711,7 @@ "CWE-502" ], "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, @@ -1716,6 +1755,7 @@ "CWE-502" ], "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "ratings": "GITHUB - high", "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, @@ -1759,6 +1799,7 @@ "CWE-787" ], "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "ratings": "GITHUB - high", "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, @@ -1802,6 +1843,7 @@ "CWE-611" ], "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "ratings": "GITHUB - high", "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, @@ -1845,6 +1887,7 @@ "CWE-502" ], "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, @@ -1889,6 +1932,7 @@ "CWE-502" ], "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, @@ -1932,6 +1976,7 @@ "CWE-502" ], "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "ratings": "GITHUB - high", "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, @@ -1977,6 +2022,7 @@ "CWE-74" ], "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "ratings": "GITHUB - high", "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, @@ -2022,6 +2068,7 @@ "CWE-74" ], "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "ratings": "GITHUB - high", "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, @@ -2067,6 +2114,7 @@ "CWE-776" ], "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "ratings": "GITHUB - high", "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, @@ -2111,6 +2159,7 @@ "CWE-787" ], "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2155,6 +2204,7 @@ "CWE-787" ], "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "ratings": "GITHUB - medium", "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, @@ -2199,6 +2249,7 @@ "CWE-787" ], "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2243,6 +2294,7 @@ "CWE-787" ], "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2287,6 +2339,7 @@ "CWE-787" ], "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2331,6 +2384,7 @@ "CWE-776" ], "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "ratings": "GITHUB - high", "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, @@ -2375,6 +2429,7 @@ "CWE-502" ], "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "ratings": "GITHUB - high", "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, @@ -2418,6 +2473,7 @@ "CWE-502" ], "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "ratings": "GITHUB - medium", "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, @@ -2461,6 +2517,7 @@ "CWE-502" ], "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "ratings": "GITHUB - high", "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, @@ -2510,6 +2567,7 @@ "CWE-400" ], "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "ratings": "GITHUB - medium", "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, @@ -2553,6 +2611,7 @@ "CWE-613" ], "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "ratings": "GITHUB - low", "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, @@ -2598,6 +2657,7 @@ "CWE-755" ], "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "ratings": "GITHUB - high", "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, @@ -2641,6 +2701,7 @@ "CWE-200" ], "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "ratings": "GITHUB - low", "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, @@ -2685,6 +2746,7 @@ "CWE-770" ], "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ratings": "GITHUB - medium", "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, @@ -2728,6 +2790,7 @@ "CWE-226" ], "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "ratings": "GITHUB - medium", "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, @@ -2771,6 +2834,7 @@ "CWE-20" ], "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "ratings": "GITHUB - low", "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, @@ -2816,6 +2880,7 @@ "CWE-130" ], "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "ratings": "GITHUB - medium", "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, @@ -2863,6 +2928,7 @@ "CWE-552" ], "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "ratings": "GITHUB - high", "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, @@ -2906,6 +2972,7 @@ "CWE-611" ], "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "ratings": "GITHUB - low", "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, @@ -2949,6 +3016,7 @@ "CWE-200" ], "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "ratings": "GITHUB - medium", "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, @@ -2994,6 +3062,7 @@ "CWE-149" ], "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "ratings": "GITHUB - low", "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, @@ -3040,6 +3109,7 @@ "CWE-732" ], "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "ratings": "GITHUB - medium", "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, @@ -3082,7 +3152,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "ratings": "INTERNAL - high" }, "descriptions": [], "refs": [ @@ -3121,7 +3192,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "ratings": "INTERNAL - low" }, "descriptions": [], "refs": [ @@ -3162,6 +3234,7 @@ "CWE-89" ], "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "ratings": "GITHUB - high", "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, @@ -3205,6 +3278,7 @@ "CWE-89" ], "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "ratings": "GITHUB - medium", "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, @@ -3248,6 +3322,7 @@ "CWE-611" ], "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "ratings": "GITHUB - critical", "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, @@ -3291,6 +3366,7 @@ "CWE-79" ], "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "ratings": "GITHUB - medium", "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, @@ -3334,6 +3410,7 @@ "CWE-611" ], "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "ratings": "GITHUB - critical", "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, @@ -3378,6 +3455,7 @@ "CWE-410" ], "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "ratings": "GITHUB - high", "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, @@ -3421,6 +3499,7 @@ "CWE-400" ], "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "ratings": "GITHUB - medium", "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, @@ -3470,6 +3549,7 @@ "CWE-400" ], "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "ratings": "GITHUB - high", "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, @@ -3513,6 +3593,7 @@ "CWE-190" ], "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "ratings": "GITHUB - high", "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, @@ -3558,6 +3639,7 @@ "CWE-295" ], "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "ratings": "GITHUB - medium", "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, @@ -3601,6 +3683,7 @@ "CWE-400" ], "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "ratings": "GITHUB - medium", "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, @@ -3644,6 +3727,7 @@ "CWE-502" ], "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "ratings": "GITHUB - critical", "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, @@ -3689,6 +3773,7 @@ "CWE-88" ], "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "ratings": "GITHUB - critical", "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, @@ -3721,7 +3806,7 @@ ] } ], - "sha256": "53c9399539481b2d9a9b63e0a7edaf1dd2048d16e8af76e76e02dfa997bd4106" + "sha256": "ea28e2b46ad51b20a477cf07159a7508c03ab784998b98901a8c5abdcc1f6bb9" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json index 446ebf3d81..8c66c31fa4 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -33,6 +33,7 @@ "CWE-732" ], "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "ratings": "GITHUB - low", "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, @@ -79,6 +80,7 @@ "CWE-552" ], "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "ratings": "GITHUB - medium", "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, @@ -122,6 +124,7 @@ "CWE-502" ], "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "ratings": "GITHUB - critical", "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, @@ -165,6 +168,7 @@ "CWE-502" ], "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, @@ -208,6 +212,7 @@ "CWE-502" ], "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "ratings": "GITHUB - high", "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, @@ -251,6 +256,7 @@ "CWE-502" ], "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, @@ -294,6 +300,7 @@ "CWE-502" ], "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "ratings": "GITHUB - high", "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, @@ -337,6 +344,7 @@ "CWE-502" ], "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, @@ -380,6 +388,7 @@ "CWE-502" ], "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "ratings": "GITHUB - high", "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, @@ -423,6 +432,7 @@ "CWE-502" ], "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "ratings": "GITHUB - high", "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, @@ -466,6 +476,7 @@ "CWE-502" ], "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "ratings": "GITHUB - high", "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, @@ -509,6 +520,7 @@ "CWE-502" ], "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, @@ -552,6 +564,7 @@ "CWE-502" ], "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, @@ -595,6 +608,7 @@ "CWE-502" ], "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, @@ -638,6 +652,7 @@ "CWE-502" ], "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "ratings": "GITHUB - high", "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, @@ -681,6 +696,7 @@ "CWE-502" ], "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, @@ -724,6 +740,7 @@ "CWE-502" ], "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "ratings": "GITHUB - high", "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, @@ -767,6 +784,7 @@ "CWE-502" ], "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, @@ -810,6 +828,7 @@ "CWE-502" ], "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "ratings": "GITHUB - critical", "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, @@ -853,6 +872,7 @@ "CWE-502" ], "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "ratings": "GITHUB - critical", "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, @@ -896,6 +916,7 @@ "CWE-502" ], "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, @@ -939,6 +960,7 @@ "CWE-502" ], "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "ratings": "GITHUB - critical", "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, @@ -983,6 +1005,7 @@ "CWE-502" ], "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "ratings": "GITHUB - high", "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, @@ -1026,6 +1049,7 @@ "CWE-502" ], "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, @@ -1069,6 +1093,7 @@ "CWE-502" ], "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, @@ -1112,6 +1137,7 @@ "CWE-502" ], "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, @@ -1155,6 +1181,7 @@ "CWE-502" ], "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "ratings": "GITHUB - high", "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, @@ -1198,6 +1225,7 @@ "CWE-502" ], "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, @@ -1241,6 +1269,7 @@ "CWE-502" ], "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1284,6 +1313,7 @@ "CWE-502" ], "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, @@ -1327,6 +1357,7 @@ "CWE-502" ], "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, @@ -1370,6 +1401,7 @@ "CWE-502" ], "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, @@ -1413,6 +1445,7 @@ "CWE-502" ], "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, @@ -1456,6 +1489,7 @@ "CWE-502" ], "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, @@ -1499,6 +1533,7 @@ "CWE-502" ], "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "ratings": "GITHUB - high", "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, @@ -1542,6 +1577,7 @@ "CWE-502" ], "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, @@ -1585,6 +1621,7 @@ "CWE-502" ], "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, @@ -1629,6 +1666,7 @@ "CWE-913" ], "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ratings": "GITHUB - high", "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, @@ -1673,6 +1711,7 @@ "CWE-502" ], "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, @@ -1716,6 +1755,7 @@ "CWE-502" ], "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "ratings": "GITHUB - high", "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, @@ -1759,6 +1799,7 @@ "CWE-787" ], "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "ratings": "GITHUB - high", "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, @@ -1802,6 +1843,7 @@ "CWE-611" ], "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "ratings": "GITHUB - high", "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, @@ -1845,6 +1887,7 @@ "CWE-502" ], "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "ratings": "GITHUB - critical", "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, @@ -1889,6 +1932,7 @@ "CWE-502" ], "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "ratings": "GITHUB - high", "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, @@ -1932,6 +1976,7 @@ "CWE-502" ], "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "ratings": "GITHUB - high", "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, @@ -1977,6 +2022,7 @@ "CWE-74" ], "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "ratings": "GITHUB - high", "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, @@ -2022,6 +2068,7 @@ "CWE-74" ], "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "ratings": "GITHUB - high", "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, @@ -2067,6 +2114,7 @@ "CWE-776" ], "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "ratings": "GITHUB - high", "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, @@ -2111,6 +2159,7 @@ "CWE-787" ], "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2155,6 +2204,7 @@ "CWE-787" ], "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "ratings": "GITHUB - medium", "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, @@ -2199,6 +2249,7 @@ "CWE-787" ], "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2243,6 +2294,7 @@ "CWE-787" ], "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2287,6 +2339,7 @@ "CWE-787" ], "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "ratings": "GITHUB - medium", "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, @@ -2331,6 +2384,7 @@ "CWE-776" ], "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "ratings": "GITHUB - high", "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, @@ -2375,6 +2429,7 @@ "CWE-502" ], "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "ratings": "GITHUB - high", "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, @@ -2418,6 +2473,7 @@ "CWE-502" ], "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "ratings": "GITHUB - medium", "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, @@ -2461,6 +2517,7 @@ "CWE-502" ], "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "ratings": "GITHUB - high", "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, @@ -2510,6 +2567,7 @@ "CWE-400" ], "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "ratings": "GITHUB - medium", "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, @@ -2553,6 +2611,7 @@ "CWE-613" ], "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "ratings": "GITHUB - low", "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, @@ -2598,6 +2657,7 @@ "CWE-755" ], "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "ratings": "GITHUB - high", "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, @@ -2641,6 +2701,7 @@ "CWE-200" ], "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "ratings": "GITHUB - low", "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, @@ -2685,6 +2746,7 @@ "CWE-770" ], "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ratings": "GITHUB - medium", "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, @@ -2728,6 +2790,7 @@ "CWE-226" ], "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "ratings": "GITHUB - medium", "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, @@ -2771,6 +2834,7 @@ "CWE-20" ], "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "ratings": "GITHUB - low", "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, @@ -2816,6 +2880,7 @@ "CWE-130" ], "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "ratings": "GITHUB - medium", "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, @@ -2863,6 +2928,7 @@ "CWE-552" ], "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "ratings": "GITHUB - high", "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, @@ -2906,6 +2972,7 @@ "CWE-611" ], "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "ratings": "GITHUB - low", "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, @@ -2949,6 +3016,7 @@ "CWE-200" ], "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "ratings": "GITHUB - medium", "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, @@ -2994,6 +3062,7 @@ "CWE-149" ], "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "ratings": "GITHUB - low", "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, @@ -3040,6 +3109,7 @@ "CWE-732" ], "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "ratings": "GITHUB - medium", "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, @@ -3082,7 +3152,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4" + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "ratings": "INTERNAL - high" }, "descriptions": [], "refs": [ @@ -3121,7 +3192,8 @@ "CCI-001643" ], "cwe": [], - "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "ratings": "INTERNAL - low" }, "descriptions": [], "refs": [ @@ -3162,6 +3234,7 @@ "CWE-89" ], "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "ratings": "GITHUB - high", "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, @@ -3205,6 +3278,7 @@ "CWE-89" ], "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "ratings": "GITHUB - medium", "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, @@ -3248,6 +3322,7 @@ "CWE-611" ], "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "ratings": "GITHUB - critical", "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, @@ -3291,6 +3366,7 @@ "CWE-79" ], "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "ratings": "GITHUB - medium", "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, @@ -3334,6 +3410,7 @@ "CWE-611" ], "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "ratings": "GITHUB - critical", "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, @@ -3378,6 +3455,7 @@ "CWE-410" ], "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "ratings": "GITHUB - high", "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, @@ -3421,6 +3499,7 @@ "CWE-400" ], "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "ratings": "GITHUB - medium", "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, @@ -3470,6 +3549,7 @@ "CWE-400" ], "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "ratings": "GITHUB - high", "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, @@ -3513,6 +3593,7 @@ "CWE-190" ], "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "ratings": "GITHUB - high", "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, @@ -3558,6 +3639,7 @@ "CWE-295" ], "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "ratings": "GITHUB - medium", "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, @@ -3601,6 +3683,7 @@ "CWE-400" ], "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "ratings": "GITHUB - medium", "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, @@ -3644,6 +3727,7 @@ "CWE-502" ], "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "ratings": "GITHUB - critical", "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, @@ -3689,6 +3773,7 @@ "CWE-88" ], "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "ratings": "GITHUB - critical", "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, @@ -3721,7 +3806,7 @@ ] } ], - "sha256": "53c9399539481b2d9a9b63e0a7edaf1dd2048d16e8af76e76e02dfa997bd4106" + "sha256": "ea28e2b46ad51b20a477cf07159a7508c03ab784998b98901a8c5abdcc1f6bb9" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json index 6d3b3d889f..6bc21c6975 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json @@ -25,22 +25,20 @@ "cwe": [ "CWE-611" ], + "ratings": "NVD - high, SNYK - high, Acme Inc - none", "created": "2020-12-03T00:00:00.000Z", "published": "2020-12-03T00:00:00.000Z", - "updated": "2021-10-26T00:00:00.000Z" + "updated": "2021-10-26T00:00:00.000Z", + "credits": "Bartosz Baranowski" }, "descriptions": [ { "data": "XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", - "label": "Detail" + "label": "rationale" }, { "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", - "label": "Recommendation" - }, - { - "data": "{\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n}", - "label": "Credits" + "label": "fix" }, { "data": "{\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n}", @@ -102,7 +100,7 @@ ] } ], - "sha256": "1fc25a62c2f831ebe656e348d1aa77c3d6515020aa67a84f73ce97211ba593a7" + "sha256": "80466705423821c0dce64f9d0781cbdc24c8bb7a95f55957a21ecc0077ac8f13" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json index 71f655494d..b3bc91778f 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json @@ -25,22 +25,20 @@ "cwe": [ "CWE-611" ], + "ratings": "NVD - high, SNYK - high, Acme Inc - none", "created": "2020-12-03T00:00:00.000Z", "published": "2020-12-03T00:00:00.000Z", - "updated": "2021-10-26T00:00:00.000Z" + "updated": "2021-10-26T00:00:00.000Z", + "credits": "Bartosz Baranowski" }, "descriptions": [ { "data": "XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", - "label": "Detail" + "label": "rationale" }, { "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", - "label": "Recommendation" - }, - { - "data": "{\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n}", - "label": "Credits" + "label": "fix" }, { "data": "{\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n}", @@ -102,7 +100,7 @@ ] } ], - "sha256": "1fc25a62c2f831ebe656e348d1aa77c3d6515020aa67a84f73ce97211ba593a7" + "sha256": "80466705423821c0dce64f9d0781cbdc24c8bb7a95f55957a21ecc0077ac8f13" } ], "passthrough": { diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 869e89ff20..2e7475d2ae 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -5,7 +5,9 @@ import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; import {getCCIsForNISTTags} from './utils/global'; import { + Credits, RatingRepository, + Source, Vulnerability, VulnerabilityRepository } from '@cyclonedx/cyclonedx-library/dist.d/models/vulnerability'; @@ -15,7 +17,8 @@ import { Component, ComponentRepository, OptionalBomProperties, - OptionalComponentProperties + OptionalComponentProperties, + ToolRepository } from '@cyclonedx/cyclonedx-library/dist.d/models'; type IntermediaryComponent = Omit & { @@ -342,6 +345,18 @@ export class CycloneDXSBOMMapper extends BaseConverter { path: 'bom-ref', transformer: filterString }, + ratings: { + path: 'ratings', + transformer: (input: RatingRepository): string | undefined => + input + ? [...input] + .map( + (rating) => + `${(rating.source as Source).name} - ${rating.severity}` + ) + .join(', ') + : undefined + }, created: { path: 'created', transformer: filterString @@ -357,23 +372,37 @@ export class CycloneDXSBOMMapper extends BaseConverter { rejected: { path: 'rejected', transformer: filterString + }, + credits: { + path: 'credits', + transformer: (input: Credits): string | undefined => + input + ? `${[...input.individuals].map((individual) => individual.name).join(', ')}` + : undefined + }, + tools: { + path: 'tools', + transformer: (input: ToolRepository): string | undefined => + input + ? [...input].map((tool) => tool.name).join(', ') + : undefined } }, descriptions: [ { path: 'detail', transformer: (input: string) => - input ? {data: input, label: 'Detail'} : undefined + input ? {data: input, label: 'rationale'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'recommendation', transformer: (input: string) => - input ? {data: input, label: 'Recommendation'} : undefined + input ? {data: input, label: 'fix'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'workaround', transformer: (input: string) => - input ? {data: input, label: 'Workaround'} : undefined + input ? {data: input, label: 'workaround'} : undefined } as unknown as ExecJSON.ControlDescription, { path: 'proofOfConcept', @@ -381,24 +410,10 @@ export class CycloneDXSBOMMapper extends BaseConverter { input ? { data: JSON.stringify(input, null, 2), - label: 'Proof of concept' + label: 'check' } : undefined } as unknown as ExecJSON.ControlDescription, - { - path: 'credits', - transformer: (input: Record) => - input - ? {data: JSON.stringify(input, null, 2), label: 'Credits'} - : undefined - } as unknown as ExecJSON.ControlDescription, - { - path: 'tools', - transformer: (input: Record) => - input - ? {data: JSON.stringify(input, null, 2), label: 'Tools'} - : undefined - } as unknown as ExecJSON.ControlDescription, { path: 'analysis', transformer: (input: Record) => From 848723357ece951125f45668320a2caefb82755d Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Wed, 14 Aug 2024 12:20:01 -0400 Subject: [PATCH 49/61] Generic testing Signed-off-by: Charles Hu --- libs/hdf-converters/src/base-converter.ts | 11 +++++++---- libs/hdf-converters/src/cyclonedx-sbom-mapper.ts | 4 ++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/libs/hdf-converters/src/base-converter.ts b/libs/hdf-converters/src/base-converter.ts index 07b96c1009..cfac08af5e 100644 --- a/libs/hdf-converters/src/base-converter.ts +++ b/libs/hdf-converters/src/base-converter.ts @@ -146,12 +146,12 @@ function collapseDuplicates( return newArray; } -export class BaseConverter { - data: Record; +export class BaseConverter> { + data: D; mappings?: MappedTransform; collapseResults: boolean; - constructor(data: Record, collapseResults = false) { + constructor(data: D, collapseResults = false) { this.data = data; this.collapseResults = collapseResults; } @@ -166,7 +166,10 @@ export class BaseConverter { if (this.mappings === undefined) { throw new Error('Mappings must be provided'); } else { - const v = this.convertInternal(this.data, this.mappings); + const v = this.convertInternal( + this.data as Record, + this.mappings + ); v.profiles.forEach((element) => { element.sha256 = generateHash(JSON.stringify(element)); }); diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 2e7475d2ae..4e94668649 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -175,7 +175,7 @@ export class CycloneDXSBOMResults { for (const id of vulnerability.affects) { for (const component of data.components as IntermediaryComponent[]) { // Find every component that is affected via listed bom-refs - if (_.get(component, 'bom-ref') === id.ref.toString()) { + if (component['bom-ref'] === id.ref.toString()) { // Add the index of that affected component to the corresponding vulnerability object vulnerability.affectedComponents.push( (data.components as IntermediaryComponent[]).indexOf(component) @@ -227,7 +227,7 @@ export class CycloneDXSBOMResults { } } -export class CycloneDXSBOMMapper extends BaseConverter { +export class CycloneDXSBOMMapper extends BaseConverter { withRaw: boolean; // Pull any keys from a given index for the stored components listing From 68087091deb33259006d04aead126d36c436b5c8 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 15 Aug 2024 09:13:20 -0400 Subject: [PATCH 50/61] Refactoring Signed-off-by: Charles Hu --- .../src/cyclonedx-sbom-mapper.ts | 95 +++++++++---------- libs/hdf-converters/src/utils/global.ts | 5 + 2 files changed, 49 insertions(+), 51 deletions(-) diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 4e94668649..f5e43a21a7 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -3,7 +3,7 @@ import _ from 'lodash'; import {version as HeimdallToolsVersion} from '../package.json'; import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; -import {getCCIsForNISTTags} from './utils/global'; +import {filterString, getCCIsForNISTTags} from './utils/global'; import { Credits, RatingRepository, @@ -34,8 +34,8 @@ type IntermediaryVulnerability = Vulnerability & { }; type DataStorage = { - components?: IntermediaryComponent[]; - vulnerabilities?: IntermediaryVulnerability[]; + components: IntermediaryComponent[]; + vulnerabilities: IntermediaryVulnerability[]; raw: OptionalBomProperties; }; @@ -67,25 +67,20 @@ function getNISTTags(input: CweRepository): string[] { // A single SBOM vulnerability can contain multiple security ratings // Find the max of any existing ratings and then pass to `impact` function maxImpact(ratings: RatingRepository): number { - let impact = 0; - for (const rating of ratings) { - // Prefer to use CVSS-based `score` field when possible - if (rating.score && _.get(rating, 'method') === 'CVSSv31') { - impact = rating.score / 10 > impact ? rating.score / 10 : impact; - } else { - // Else interpret it from `severity` field - const severity = IMPACT_MAPPING.get( - (rating.severity as Severity).toLowerCase() - ) as number; - impact = severity > impact ? severity : impact; - } - } - return impact; -} - -// Return original string if it exists, else return undefined -function filterString(input: string): string | undefined { - return input ? input : undefined; + return [...ratings] + .map((rating) => + rating.score && _.get(rating, 'method') === 'CVSSv31' + ? // Prefer to use CVSS-based `score` field when possible + rating.score / 10 + : // Else interpret it from `severity` field + (IMPACT_MAPPING.get( + (rating.severity as Severity).toLowerCase() + ) as number) + ) + .reduce((maxValue, newValue) => + // Find max of existing ratings + maxValue > newValue ? maxValue : newValue + ); } export class CycloneDXSBOMResults { @@ -93,6 +88,8 @@ export class CycloneDXSBOMResults { withRaw: boolean; constructor(sbomJson: string, withRaw = false) { this.data = { + components: [], + vulnerabilities: [], raw: JSON.parse(sbomJson) }; this.withRaw = withRaw; @@ -126,9 +123,7 @@ export class CycloneDXSBOMResults { // Identify if subcomponents exist if (component.components) { // If so, pull out the subcomponents and push them to end of top level component list for further flattening - for (const subcomponent of component.components) { - data.components.push(subcomponent); - } + data.components.push(...component.components); delete component.components; } } @@ -172,24 +167,27 @@ export class CycloneDXSBOMResults { for (const vulnerability of data.vulnerabilities) { vulnerability.affectedComponents = []; - for (const id of vulnerability.affects) { - for (const component of data.components as IntermediaryComponent[]) { + + vulnerability.affectedComponents.push( + ...Array.from(data.components.entries()) // Find every component that is affected via listed bom-refs - if (component['bom-ref'] === id.ref.toString()) { - // Add the index of that affected component to the corresponding vulnerability object - vulnerability.affectedComponents.push( - (data.components as IntermediaryComponent[]).indexOf(component) - ); + .filter((iteratorElement) => + [...vulnerability.affects] + .map((id) => id.ref.toString()) + .includes(iteratorElement[1]['bom-ref'] as string) + ) + // Add the index of that affected component to the corresponding vulnerability object + .map((iteratorElement) => iteratorElement[0]) + ); - if (!component.affectingVulnerabilities) { - component.affectingVulnerabilities = []; - } - // Also record the ID of the vulnerability in the component for use in bidirectional traversal - component.affectingVulnerabilities.push( - _.get(vulnerability, 'bom-ref') as unknown as string - ); - } + // Also record the ID of the vulnerability in the component for use in bidirectional traversal + for (const index of vulnerability.affectedComponents) { + if (!data.components[index].affectingVulnerabilities) { + data.components[index].affectingVulnerabilities = []; } + (data.components[index].affectingVulnerabilities as string[]).push( + _.get(vulnerability, 'bom-ref') as unknown as string + ); } } } @@ -201,8 +199,6 @@ export class CycloneDXSBOMResults { data.vulnerabilities = [ ...(_.cloneDeep(data.raw.vulnerabilities) as VulnerabilityRepository) ] as unknown as IntermediaryVulnerability[]; - // Have an empty components listing since this is a VEX - data.components = []; for (const vulnerability of data.vulnerabilities) { vulnerability.affectedComponents = [...vulnerability.affects].map( @@ -214,9 +210,9 @@ export class CycloneDXSBOMResults { isDummy: true }; // Add that component to the corresponding vulnerability object - (data.components as IntermediaryComponent[]).push(dummy); + data.components.push(dummy); // Return the index of that dummy object - return (data.components as IntermediaryComponent[]).indexOf(dummy); + return data.components.length - 1; } ); } @@ -235,10 +231,7 @@ export class CycloneDXSBOMMapper extends BaseConverter { index: number, keys: string[] ): Record { - return _.pick( - (this.data.components as IntermediaryComponent[])[index], - keys - ); + return _.pick(this.data.components[index], keys); } mappings: MappedTransform< @@ -535,9 +528,9 @@ export class CycloneDXSBOMMapper extends BaseConverter { transformer: (input: DataStorage): Record => { // VEX files will generate dummy components for control results // Filter them out for the proper components listing - const components = ( - _.get(input, 'components') as IntermediaryComponent[] - ).filter((component) => !component.isDummy); + const components = input.components.filter( + (component) => !component.isDummy + ); return { auxiliary_data: [ { diff --git a/libs/hdf-converters/src/utils/global.ts b/libs/hdf-converters/src/utils/global.ts index 98bdf97996..1482e01c9d 100644 --- a/libs/hdf-converters/src/utils/global.ts +++ b/libs/hdf-converters/src/utils/global.ts @@ -99,3 +99,8 @@ export function ensureContextualizedEvaluation( return contextualizeEvaluation(data); } } + +// Return original string if it exists, else return undefined +export function filterString(input: string): string | undefined { + return input ? input : undefined; +} From f68d4dc7810e131b822d4ccb67d618855109139b Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Thu, 15 Aug 2024 09:31:26 -0400 Subject: [PATCH 51/61] Typing refactor Signed-off-by: Charles Hu --- .../src/cyclonedx-sbom-mapper.ts | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index f5e43a21a7..32ea615637 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -77,9 +77,11 @@ function maxImpact(ratings: RatingRepository): number { (rating.severity as Severity).toLowerCase() ) as number) ) - .reduce((maxValue, newValue) => - // Find max of existing ratings - maxValue > newValue ? maxValue : newValue + .reduce( + (maxValue, newValue) => + // Find max of existing ratings + maxValue > newValue ? maxValue : newValue, + 0 ); } @@ -343,10 +345,12 @@ export class CycloneDXSBOMMapper extends BaseConverter { transformer: (input: RatingRepository): string | undefined => input ? [...input] - .map( - (rating) => - `${(rating.source as Source).name} - ${rating.severity}` - ) + .map((rating) => { + const ratingSource = (rating.source as Source).name + ? `${(rating.source as Source).name} - ` + : 'Unidentified Source - '; + return `${ratingSource}${rating.severity}`; + }) .join(', ') : undefined }, From d4cc79a7bb35ff87af1c65b06485ce99a99f5dab Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Fri, 16 Aug 2024 10:53:29 -0400 Subject: [PATCH 52/61] Eugene changes Signed-off-by: Charles Hu --- .../sample_input_report/dropwizard-vulns.json | 12 +- .../sbom-dropwizard-no-vulns-hdf-withraw.json | 4 +- .../sbom-dropwizard-no-vulns-hdf.json | 4 +- .../sbom-dropwizard-vex-hdf-withraw.json | 91 +---------- .../sbom-dropwizard-vex-hdf.json | 91 +---------- .../sbom-dropwizard-vulns-hdf-withraw.json | 129 ++++------------ .../sbom-dropwizard-vulns-hdf.json | 117 ++------------ .../sbom-saf-hdf-withraw.json | 4 +- .../cyclonedx_sbom_mapper/sbom-saf-hdf.json | 4 +- .../sbom-vex-hdf-withraw.json | 34 ++-- .../cyclonedx_sbom_mapper/sbom-vex-hdf.json | 34 ++-- .../src/cyclonedx-sbom-mapper.ts | 146 ++++++++++++------ 12 files changed, 191 insertions(+), 479 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json index f1435e08df..d2e7aff08b 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json @@ -12499,6 +12499,14 @@ }, "severity": "medium", "method": "other" + }, + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "info", + "method": "other" } ], "cwes": [ @@ -12526,7 +12534,7 @@ "name": "GITHUB", "url": "https://github.com/advisories" }, - "severity": "critical", + "severity": "unknown", "method": "other" } ], @@ -12555,7 +12563,7 @@ "name": "GITHUB", "url": "https://github.com/advisories" }, - "severity": "critical", + "severity": "info", "method": "other" } ], diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json index b7ff368445..9360c659d9 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.13" + "release": "2.10.14" }, - "version": "2.10.13", + "version": "2.10.14", "statistics": {}, "profiles": [ { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json index 38e81c0124..8e6b8f1e11 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.13" + "release": "2.10.14" }, - "version": "2.10.13", + "version": "2.10.14", "statistics": {}, "profiles": [ { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index b985a3f544..954632dbc3 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.13" + "release": "2.10.14" }, - "version": "2.10.13", + "version": "2.10.14", "statistics": {}, "profiles": [ { @@ -37,7 +37,6 @@ "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -84,7 +83,6 @@ "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -128,7 +126,6 @@ "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -172,7 +169,6 @@ "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -216,7 +212,6 @@ "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -260,7 +255,6 @@ "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -304,7 +298,6 @@ "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -348,7 +341,6 @@ "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -392,7 +384,6 @@ "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -436,7 +427,6 @@ "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -480,7 +470,6 @@ "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -524,7 +513,6 @@ "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -568,7 +556,6 @@ "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -612,7 +599,6 @@ "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -656,7 +642,6 @@ "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -700,7 +685,6 @@ "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -744,7 +728,6 @@ "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -788,7 +771,6 @@ "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -832,7 +814,6 @@ "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -876,7 +857,6 @@ "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -920,7 +900,6 @@ "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -964,7 +943,6 @@ "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1009,7 +987,6 @@ "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1053,7 +1030,6 @@ "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1097,7 +1073,6 @@ "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1141,7 +1116,6 @@ "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1185,7 +1159,6 @@ "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1229,7 +1202,6 @@ "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1273,7 +1245,6 @@ "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1317,7 +1288,6 @@ "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1361,7 +1331,6 @@ "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1405,7 +1374,6 @@ "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1449,7 +1417,6 @@ "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1493,7 +1460,6 @@ "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1537,7 +1503,6 @@ "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1581,7 +1546,6 @@ "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1625,7 +1589,6 @@ "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1670,7 +1633,6 @@ "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1715,7 +1677,6 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1759,7 +1720,6 @@ "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1803,7 +1763,6 @@ "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1847,7 +1806,6 @@ "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1891,7 +1849,6 @@ "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1936,7 +1893,6 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1980,7 +1936,6 @@ "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2026,7 +1981,6 @@ "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2072,7 +2026,6 @@ "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2118,7 +2071,6 @@ "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2163,7 +2115,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2208,7 +2159,6 @@ "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2253,7 +2203,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2298,7 +2247,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2343,7 +2291,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2388,7 +2335,6 @@ "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2433,7 +2379,6 @@ "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2477,7 +2422,6 @@ "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2521,7 +2465,6 @@ "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2565,7 +2508,6 @@ "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2609,7 +2551,6 @@ "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2655,7 +2596,6 @@ "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2699,7 +2639,6 @@ "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2744,7 +2683,6 @@ "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2788,7 +2726,6 @@ "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2832,7 +2769,6 @@ "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2878,7 +2814,6 @@ "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2926,7 +2861,6 @@ "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2970,7 +2904,6 @@ "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3014,7 +2947,6 @@ "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3060,7 +2992,6 @@ "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3107,7 +3038,6 @@ "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3149,7 +3079,6 @@ "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "ratings": "INTERNAL - high" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3189,7 +3118,6 @@ "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "ratings": "INTERNAL - low" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3232,7 +3160,6 @@ "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3276,7 +3203,6 @@ "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3320,7 +3246,6 @@ "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3364,7 +3289,6 @@ "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3408,7 +3332,6 @@ "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3453,7 +3376,6 @@ "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3497,7 +3419,6 @@ "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3541,7 +3462,6 @@ "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3585,7 +3505,6 @@ "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3631,7 +3550,6 @@ "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3675,7 +3593,6 @@ "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3719,7 +3636,6 @@ "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3765,7 +3681,6 @@ "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3794,7 +3709,7 @@ ] } ], - "sha256": "ec883e068c134796d912e6ad9d064585a40b13e566eae02d3ab4d8da3b396c1e" + "sha256": "0e9d12b4e4d7e6df7235a588557c125cd7f8c09240ae907dfc031dd83c252260" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json index 90f3da63cd..7cae8f2786 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.13" + "release": "2.10.14" }, - "version": "2.10.13", + "version": "2.10.14", "statistics": {}, "profiles": [ { @@ -37,7 +37,6 @@ "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -84,7 +83,6 @@ "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -128,7 +126,6 @@ "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -172,7 +169,6 @@ "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -216,7 +212,6 @@ "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -260,7 +255,6 @@ "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -304,7 +298,6 @@ "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -348,7 +341,6 @@ "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -392,7 +384,6 @@ "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -436,7 +427,6 @@ "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -480,7 +470,6 @@ "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -524,7 +513,6 @@ "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -568,7 +556,6 @@ "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -612,7 +599,6 @@ "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -656,7 +642,6 @@ "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -700,7 +685,6 @@ "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -744,7 +728,6 @@ "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -788,7 +771,6 @@ "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -832,7 +814,6 @@ "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -876,7 +857,6 @@ "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -920,7 +900,6 @@ "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -964,7 +943,6 @@ "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1009,7 +987,6 @@ "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1053,7 +1030,6 @@ "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1097,7 +1073,6 @@ "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1141,7 +1116,6 @@ "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1185,7 +1159,6 @@ "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1229,7 +1202,6 @@ "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1273,7 +1245,6 @@ "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1317,7 +1288,6 @@ "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1361,7 +1331,6 @@ "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1405,7 +1374,6 @@ "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1449,7 +1417,6 @@ "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1493,7 +1460,6 @@ "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1537,7 +1503,6 @@ "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1581,7 +1546,6 @@ "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1625,7 +1589,6 @@ "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1670,7 +1633,6 @@ "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1715,7 +1677,6 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1759,7 +1720,6 @@ "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1803,7 +1763,6 @@ "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1847,7 +1806,6 @@ "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1891,7 +1849,6 @@ "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1936,7 +1893,6 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1980,7 +1936,6 @@ "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2026,7 +1981,6 @@ "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2072,7 +2026,6 @@ "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2118,7 +2071,6 @@ "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2163,7 +2115,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2208,7 +2159,6 @@ "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2253,7 +2203,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2298,7 +2247,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2343,7 +2291,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2388,7 +2335,6 @@ "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2433,7 +2379,6 @@ "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2477,7 +2422,6 @@ "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2521,7 +2465,6 @@ "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2565,7 +2508,6 @@ "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2609,7 +2551,6 @@ "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2655,7 +2596,6 @@ "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2699,7 +2639,6 @@ "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2744,7 +2683,6 @@ "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2788,7 +2726,6 @@ "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2832,7 +2769,6 @@ "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2878,7 +2814,6 @@ "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2926,7 +2861,6 @@ "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2970,7 +2904,6 @@ "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3014,7 +2947,6 @@ "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3060,7 +2992,6 @@ "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3107,7 +3038,6 @@ "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3149,7 +3079,6 @@ "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "ratings": "INTERNAL - high" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3189,7 +3118,6 @@ "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "ratings": "INTERNAL - low" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3232,7 +3160,6 @@ "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3276,7 +3203,6 @@ "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3320,7 +3246,6 @@ "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3364,7 +3289,6 @@ "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3408,7 +3332,6 @@ "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3453,7 +3376,6 @@ "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3497,7 +3419,6 @@ "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3541,7 +3462,6 @@ "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3585,7 +3505,6 @@ "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3631,7 +3550,6 @@ "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3675,7 +3593,6 @@ "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3719,7 +3636,6 @@ "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3765,7 +3681,6 @@ "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3794,7 +3709,7 @@ ] } ], - "sha256": "ec883e068c134796d912e6ad9d064585a40b13e566eae02d3ab4d8da3b396c1e" + "sha256": "0e9d12b4e4d7e6df7235a588557c125cd7f8c09240ae907dfc031dd83c252260" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index f9f0dab584..6c8c9cc63b 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.13" + "release": "2.10.14" }, - "version": "2.10.13", + "version": "2.10.14", "statistics": {}, "profiles": [ { @@ -37,7 +37,6 @@ "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -84,7 +83,6 @@ "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -128,7 +126,6 @@ "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -172,7 +169,6 @@ "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -216,7 +212,6 @@ "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -260,7 +255,6 @@ "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -304,7 +298,6 @@ "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -348,7 +341,6 @@ "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -392,7 +384,6 @@ "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -436,7 +427,6 @@ "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -480,7 +470,6 @@ "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -524,7 +513,6 @@ "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -568,7 +556,6 @@ "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -612,7 +599,6 @@ "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -656,7 +642,6 @@ "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -700,7 +685,6 @@ "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -744,7 +728,6 @@ "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -788,7 +771,6 @@ "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -832,7 +814,6 @@ "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -876,7 +857,6 @@ "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -920,7 +900,6 @@ "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -964,7 +943,6 @@ "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1009,7 +987,6 @@ "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1053,7 +1030,6 @@ "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1097,7 +1073,6 @@ "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1141,7 +1116,6 @@ "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1185,7 +1159,6 @@ "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1229,7 +1202,6 @@ "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1273,7 +1245,6 @@ "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1317,7 +1288,6 @@ "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1361,7 +1331,6 @@ "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1405,7 +1374,6 @@ "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1449,7 +1417,6 @@ "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1493,7 +1460,6 @@ "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1537,7 +1503,6 @@ "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1581,7 +1546,6 @@ "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1625,7 +1589,6 @@ "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1670,7 +1633,6 @@ "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1715,7 +1677,6 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1759,7 +1720,6 @@ "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1803,7 +1763,6 @@ "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1847,7 +1806,6 @@ "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1891,7 +1849,6 @@ "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1936,7 +1893,6 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1980,7 +1936,6 @@ "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2026,7 +1981,6 @@ "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2072,7 +2026,6 @@ "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2118,7 +2071,6 @@ "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2163,7 +2115,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2208,7 +2159,6 @@ "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2253,7 +2203,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2298,7 +2247,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2343,7 +2291,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2388,7 +2335,6 @@ "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2433,7 +2379,6 @@ "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2477,7 +2422,6 @@ "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2521,7 +2465,6 @@ "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2571,7 +2514,6 @@ "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2615,7 +2557,6 @@ "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2661,7 +2602,6 @@ "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2705,7 +2645,6 @@ "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2750,7 +2689,6 @@ "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2794,7 +2732,6 @@ "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2838,7 +2775,6 @@ "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2884,7 +2820,6 @@ "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2932,7 +2867,6 @@ "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2976,7 +2910,6 @@ "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3020,7 +2953,6 @@ "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3066,7 +2998,6 @@ "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3113,7 +3044,6 @@ "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3155,7 +3085,6 @@ "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "ratings": "INTERNAL - high" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3195,7 +3124,6 @@ "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "ratings": "INTERNAL - low" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3238,7 +3166,6 @@ "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3282,7 +3209,6 @@ "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3326,7 +3252,6 @@ "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3370,7 +3295,6 @@ "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3414,7 +3338,6 @@ "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3459,7 +3382,6 @@ "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3503,7 +3425,6 @@ "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3553,7 +3474,6 @@ "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3597,7 +3517,6 @@ "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3643,7 +3562,6 @@ "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3683,11 +3601,10 @@ "CWE-400" ], "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", - "ratings": "GITHUB - medium", + "ratings": "GITHUB - medium, GITHUB - info", "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3705,7 +3622,7 @@ "id": "GHSA-mm8h-8587-p46h", "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n },\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"info\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ { "status": "failed", @@ -3727,11 +3644,10 @@ "CWE-502" ], "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", - "ratings": "GITHUB - critical", + "ratings": "GITHUB - unknown", "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3748,14 +3664,15 @@ "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", - "impact": 1, - "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"unknown\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ { - "status": "failed", + "status": "skipped", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n]", - "start_time": "" + "start_time": "", + "skip_message": "Manual review required because a CycloneDX rating severity is set to `info` or `unknown`." } ] }, @@ -3773,11 +3690,10 @@ "CWE-88" ], "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", - "ratings": "GITHUB - critical", + "ratings": "GITHUB - info", "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3794,19 +3710,20 @@ "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", - "impact": 1, - "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"info\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ { - "status": "failed", + "status": "skipped", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n]", - "start_time": "" + "start_time": "", + "skip_message": "Manual review required because a CycloneDX rating severity is set to `info` or `unknown`." } ] } ], - "sha256": "ea28e2b46ad51b20a477cf07159a7508c03ab784998b98901a8c5abdcc1f6bb9" + "sha256": "e54441fe70f87286068bd155ef9542dd7e3e43a774d4d34eeaf95b816b547784" } ], "passthrough": { @@ -26490,6 +26407,14 @@ }, "severity": "medium", "method": "other" + }, + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "info", + "method": "other" } ], "cwes": [ @@ -26517,7 +26442,7 @@ "name": "GITHUB", "url": "https://github.com/advisories" }, - "severity": "critical", + "severity": "unknown", "method": "other" } ], @@ -26546,7 +26471,7 @@ "name": "GITHUB", "url": "https://github.com/advisories" }, - "severity": "critical", + "severity": "info", "method": "other" } ], diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json index 8c66c31fa4..06dc57578e 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.13" + "release": "2.10.14" }, - "version": "2.10.13", + "version": "2.10.14", "statistics": {}, "profiles": [ { @@ -37,7 +37,6 @@ "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -84,7 +83,6 @@ "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -128,7 +126,6 @@ "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -172,7 +169,6 @@ "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -216,7 +212,6 @@ "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -260,7 +255,6 @@ "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -304,7 +298,6 @@ "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -348,7 +341,6 @@ "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -392,7 +384,6 @@ "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -436,7 +427,6 @@ "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -480,7 +470,6 @@ "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -524,7 +513,6 @@ "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -568,7 +556,6 @@ "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -612,7 +599,6 @@ "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -656,7 +642,6 @@ "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -700,7 +685,6 @@ "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -744,7 +728,6 @@ "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -788,7 +771,6 @@ "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -832,7 +814,6 @@ "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -876,7 +857,6 @@ "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -920,7 +900,6 @@ "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -964,7 +943,6 @@ "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1009,7 +987,6 @@ "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1053,7 +1030,6 @@ "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1097,7 +1073,6 @@ "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1141,7 +1116,6 @@ "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1185,7 +1159,6 @@ "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1229,7 +1202,6 @@ "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1273,7 +1245,6 @@ "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1317,7 +1288,6 @@ "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1361,7 +1331,6 @@ "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1405,7 +1374,6 @@ "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1449,7 +1417,6 @@ "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1493,7 +1460,6 @@ "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1537,7 +1503,6 @@ "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1581,7 +1546,6 @@ "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1625,7 +1589,6 @@ "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1670,7 +1633,6 @@ "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1715,7 +1677,6 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1759,7 +1720,6 @@ "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1803,7 +1763,6 @@ "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1847,7 +1806,6 @@ "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1891,7 +1849,6 @@ "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1936,7 +1893,6 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -1980,7 +1936,6 @@ "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2026,7 +1981,6 @@ "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2072,7 +2026,6 @@ "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2118,7 +2071,6 @@ "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2163,7 +2115,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2208,7 +2159,6 @@ "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2253,7 +2203,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2298,7 +2247,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2343,7 +2291,6 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2388,7 +2335,6 @@ "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2433,7 +2379,6 @@ "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2477,7 +2422,6 @@ "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2521,7 +2465,6 @@ "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2571,7 +2514,6 @@ "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2615,7 +2557,6 @@ "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2661,7 +2602,6 @@ "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2705,7 +2645,6 @@ "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2750,7 +2689,6 @@ "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2794,7 +2732,6 @@ "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2838,7 +2775,6 @@ "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2884,7 +2820,6 @@ "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2932,7 +2867,6 @@ "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -2976,7 +2910,6 @@ "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3020,7 +2953,6 @@ "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3066,7 +2998,6 @@ "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3113,7 +3044,6 @@ "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3155,7 +3085,6 @@ "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "ratings": "INTERNAL - high" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3195,7 +3124,6 @@ "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "ratings": "INTERNAL - low" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3238,7 +3166,6 @@ "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3282,7 +3209,6 @@ "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3326,7 +3252,6 @@ "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3370,7 +3295,6 @@ "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3414,7 +3338,6 @@ "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3459,7 +3382,6 @@ "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3503,7 +3425,6 @@ "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3553,7 +3474,6 @@ "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3597,7 +3517,6 @@ "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3643,7 +3562,6 @@ "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3683,11 +3601,10 @@ "CWE-400" ], "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", - "ratings": "GITHUB - medium", + "ratings": "GITHUB - medium, GITHUB - info", "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3705,7 +3622,7 @@ "id": "GHSA-mm8h-8587-p46h", "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, - "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", + "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n },\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"info\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ { "status": "failed", @@ -3727,11 +3644,10 @@ "CWE-502" ], "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", - "ratings": "GITHUB - critical", + "ratings": "GITHUB - unknown", "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3748,14 +3664,15 @@ "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", - "impact": 1, - "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"unknown\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ { - "status": "failed", + "status": "skipped", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n]", - "start_time": "" + "start_time": "", + "skip_message": "Manual review required because a CycloneDX rating severity is set to `info` or `unknown`." } ] }, @@ -3773,11 +3690,10 @@ "CWE-88" ], "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", - "ratings": "GITHUB - critical", + "ratings": "GITHUB - info", "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, - "descriptions": [], "refs": [ { "ref": [ @@ -3794,19 +3710,20 @@ "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", - "impact": 1, - "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"info\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ { - "status": "failed", + "status": "skipped", "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n]", - "start_time": "" + "start_time": "", + "skip_message": "Manual review required because a CycloneDX rating severity is set to `info` or `unknown`." } ] } ], - "sha256": "ea28e2b46ad51b20a477cf07159a7508c03ab784998b98901a8c5abdcc1f6bb9" + "sha256": "e54441fe70f87286068bd155ef9542dd7e3e43a774d4d34eeaf95b816b547784" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json index 994a103868..4df777e680 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.13" + "release": "2.10.14" }, - "version": "2.10.13", + "version": "2.10.14", "statistics": {}, "profiles": [ { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json index ab68025c9f..5f559069d2 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.13" + "release": "2.10.14" }, - "version": "2.10.13", + "version": "2.10.14", "statistics": {}, "profiles": [ { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json index 6bc21c6975..f298657f3e 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.13" + "release": "2.10.14" }, - "version": "2.10.13", + "version": "2.10.14", "statistics": {}, "profiles": [ { @@ -29,22 +29,16 @@ "created": "2020-12-03T00:00:00.000Z", "published": "2020-12-03T00:00:00.000Z", "updated": "2021-10-26T00:00:00.000Z", - "credits": "Bartosz Baranowski" + "credits": "Bartosz Baranowski", + "analysis.state": "not_affected", + "analysis.justification": "code_not_reachable", + "analysis.response": "will_not_fix, update", + "analysis.detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." + }, + "descriptions": { + "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", + "label": "fix" }, - "descriptions": [ - { - "data": "XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", - "label": "rationale" - }, - { - "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", - "label": "fix" - }, - { - "data": "{\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n}", - "label": "Analysis" - } - ], "refs": [ { "ref": [ @@ -87,8 +81,8 @@ "source_location": {}, "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", "id": "CVE-2020-25649", - "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", - "impact": 0, + "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\n\nXXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", + "impact": 0.82, "code": "{\n \"id\": \"CVE-2020-25649\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-25649\"\n },\n \"references\": [\n {\n \"id\": \"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\",\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n }\n }\n ],\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1\"\n },\n \"score\": 7.5,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n },\n \"score\": 8.2,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"Acme Inc\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1\"\n },\n \"score\": 0,\n \"severity\": \"none\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\",\n \"detail\": \"XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\\n\\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\",\n \"recommendation\": \"Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.\",\n \"advisories\": [\n {\n \"title\": \"GitHub Commit\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59\"\n },\n {\n \"title\": \"GitHub Issue\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/issues/2589\"\n },\n {\n \"title\": \"RedHat Bugzilla Bug\",\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\"\n }\n ],\n \"created\": \"2020-12-03T00:00:00.000Z\",\n \"published\": \"2020-12-03T00:00:00.000Z\",\n \"updated\": \"2021-10-26T00:00:00.000Z\",\n \"credits\": {\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n },\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\"\n }\n ]\n}", "results": [ { @@ -100,7 +94,7 @@ ] } ], - "sha256": "80466705423821c0dce64f9d0781cbdc24c8bb7a95f55957a21ecc0077ac8f13" + "sha256": "af5191b5b0cf612521ae967c953aaa38a72d2e796d7c980bae73e15f227d4217" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json index b3bc91778f..20cc38d266 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.13" + "release": "2.10.14" }, - "version": "2.10.13", + "version": "2.10.14", "statistics": {}, "profiles": [ { @@ -29,22 +29,16 @@ "created": "2020-12-03T00:00:00.000Z", "published": "2020-12-03T00:00:00.000Z", "updated": "2021-10-26T00:00:00.000Z", - "credits": "Bartosz Baranowski" + "credits": "Bartosz Baranowski", + "analysis.state": "not_affected", + "analysis.justification": "code_not_reachable", + "analysis.response": "will_not_fix, update", + "analysis.detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." + }, + "descriptions": { + "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", + "label": "fix" }, - "descriptions": [ - { - "data": "XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", - "label": "rationale" - }, - { - "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", - "label": "fix" - }, - { - "data": "{\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n}", - "label": "Analysis" - } - ], "refs": [ { "ref": [ @@ -87,8 +81,8 @@ "source_location": {}, "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", "id": "CVE-2020-25649", - "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", - "impact": 0, + "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\n\nXXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", + "impact": 0.82, "code": "{\n \"id\": \"CVE-2020-25649\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-25649\"\n },\n \"references\": [\n {\n \"id\": \"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\",\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n }\n }\n ],\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1\"\n },\n \"score\": 7.5,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n },\n \"score\": 8.2,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"Acme Inc\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1\"\n },\n \"score\": 0,\n \"severity\": \"none\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\",\n \"detail\": \"XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\\n\\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\",\n \"recommendation\": \"Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.\",\n \"advisories\": [\n {\n \"title\": \"GitHub Commit\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59\"\n },\n {\n \"title\": \"GitHub Issue\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/issues/2589\"\n },\n {\n \"title\": \"RedHat Bugzilla Bug\",\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\"\n }\n ],\n \"created\": \"2020-12-03T00:00:00.000Z\",\n \"published\": \"2020-12-03T00:00:00.000Z\",\n \"updated\": \"2021-10-26T00:00:00.000Z\",\n \"credits\": {\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n },\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\"\n }\n ]\n}", "results": [ { @@ -100,7 +94,7 @@ ] } ], - "sha256": "80466705423821c0dce64f9d0781cbdc24c8bb7a95f55957a21ecc0077ac8f13" + "sha256": "af5191b5b0cf612521ae967c953aaa38a72d2e796d7c980bae73e15f227d4217" } ], "passthrough": { diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 32ea615637..ef42404716 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -12,7 +12,10 @@ import { VulnerabilityRepository } from '@cyclonedx/cyclonedx-library/dist.d/models/vulnerability'; import {CweRepository} from '@cyclonedx/cyclonedx-library/dist.d/types'; -import {Severity} from '@cyclonedx/cyclonedx-library/dist.d/enums/vulnerability'; +import { + AnalysisResponseRepository, + Severity +} from '@cyclonedx/cyclonedx-library/dist.d/enums/vulnerability'; import { Component, ComponentRepository, @@ -46,9 +49,9 @@ const IMPACT_MAPPING: Map = new Map([ ['high', 0.7], ['medium', 0.5], ['low', 0.3], - ['info', 0.0], + ['info', 0.5], ['none', 0.0], - ['unknown', 0.0] + ['unknown', 0.5] ]); // Convert object type to string[] and prepend `CWE` if used directly for tag display @@ -85,6 +88,38 @@ function maxImpact(ratings: RatingRepository): number { ); } +// If the highest rating severity for a control is `info` or `unknown`, set the results to skipped and request a manual review +function skipSeverityInfoOrUnknown(controls: unknown[]): unknown[] { + if (controls) { + (controls as ExecJSON.Control[]) + // Filter to controls whose highest rating severity is either `info` or `unknown` + .filter((control) => { + const ratings = (_.get(control, 'tags.ratings', '') as string).split( + / - |, / + ); + return ( + (ratings.includes('info') || ratings.includes('unknown')) && + !( + ratings.includes('critical') || + ratings.includes('high') || + ratings.includes('medium') || + ratings.includes('low') || + ratings.includes('none') + ) + ); + }) + // For every result contained by that control, set the status to skipped and request a manual review + .map((control) => + control.results.map((result) => { + result.status = ExecJSON.ControlResultStatus.Skipped; + result.skip_message = + 'Manual review required because a CycloneDX rating severity is set to `info` or `unknown`.'; + }) + ); + } + return controls; +} + export class CycloneDXSBOMResults { data: DataStorage; withRaw: boolean; @@ -383,42 +418,62 @@ export class CycloneDXSBOMMapper extends BaseConverter { input ? [...input].map((tool) => tool.name).join(', ') : undefined + }, + 'analysis.state': { + path: 'analysis.state', + transformer: filterString + }, + 'analysis.justification': { + path: 'analysis.justification', + transformer: filterString + }, + 'analysis.response': { + path: 'analysis.response', + transformer: ( + input: AnalysisResponseRepository + ): string | undefined => + input && [...input].length > 0 + ? [...input].join(', ') + : undefined + }, + 'analysis.detail': { + path: 'analysis.detail', + transformer: filterString + }, + 'analysis.firstIssued': { + path: 'analysis.firstIssued', + transformer: filterString + }, + 'analysis.lastUpdated': { + path: 'analysis.lastUpdated', + transformer: filterString } }, - descriptions: [ - { - path: 'detail', - transformer: (input: string) => - input ? {data: input, label: 'rationale'} : undefined - } as unknown as ExecJSON.ControlDescription, - { - path: 'recommendation', - transformer: (input: string) => - input ? {data: input, label: 'fix'} : undefined - } as unknown as ExecJSON.ControlDescription, - { - path: 'workaround', - transformer: (input: string) => - input ? {data: input, label: 'workaround'} : undefined - } as unknown as ExecJSON.ControlDescription, - { - path: 'proofOfConcept', - transformer: (input: Record) => - input + descriptions: { + transformer: (input: Vulnerability) => { + const descriptions = [ + _.has(input, 'recommendation') || _.has(input, 'workaround') + ? { + data: filterString( + `${_.get(input, 'recommendation', '')}\n\n${_.get(input, 'workaround', '')}`.trim() + ), + label: 'fix' + } + : undefined, + _.has(input, 'proofOfConcept') ? { - data: JSON.stringify(input, null, 2), + data: JSON.stringify( + _.get(input, 'proofOfConcept'), + null, + 2 + ), label: 'check' } : undefined - } as unknown as ExecJSON.ControlDescription, - { - path: 'analysis', - transformer: (input: Record) => - input - ? {data: JSON.stringify(input, null, 2), label: 'Analysis'} - : undefined - } as unknown as ExecJSON.ControlDescription - ], + ].reduce((subdescription) => subdescription); + return descriptions ? descriptions : undefined; + } + } as unknown as ExecJSON.ControlDescription[], refs: [ { transformer: ( @@ -440,26 +495,14 @@ export class CycloneDXSBOMMapper extends BaseConverter { }, id: {path: 'id'}, desc: { - path: 'description', - transformer: filterString + transformer: (input: Vulnerability): string | undefined => + filterString( + `${_.get(input, 'description', '')}\n\n${_.get(input, 'detail', '')}`.trim() + ) }, impact: { - transformer: (input: Vulnerability): number => { - // The `rejected` and `analysis` field may contain information on whether this vulnerability is impactful - if ( - _.has(input, 'rejected') || - [ - 'resolved', - 'resolved_with_pedigree', - 'false_positive', - 'not_affected' - ].includes(_.get(input.analysis, 'state') as string) - ) { - return 0; - } else { - return maxImpact(input.ratings); - } - } + transformer: (input: Vulnerability): number => + maxImpact(input.ratings) }, code: { transformer: (vulnerability: Record): string => @@ -469,6 +512,7 @@ export class CycloneDXSBOMMapper extends BaseConverter { 2 ) }, + arrayTransformer: skipSeverityInfoOrUnknown, results: [ { path: 'affectedComponents', From a5dad399f566272a0c14a8d01ac2e419dfabe71b Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Fri, 16 Aug 2024 11:18:43 -0400 Subject: [PATCH 53/61] Descriptions field fix Signed-off-by: Charles Hu --- .../sbom-dropwizard-vex-hdf-withraw.json | 87 ++++++++++++++++++- .../sbom-dropwizard-vex-hdf.json | 87 ++++++++++++++++++- .../sbom-dropwizard-vulns-hdf-withraw.json | 87 ++++++++++++++++++- .../sbom-dropwizard-vulns-hdf.json | 87 ++++++++++++++++++- .../sbom-vex-hdf-withraw.json | 12 +-- .../cyclonedx_sbom_mapper/sbom-vex-hdf.json | 12 +-- .../src/cyclonedx-sbom-mapper.ts | 5 +- 7 files changed, 360 insertions(+), 17 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index 954632dbc3..d896f6101e 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -37,6 +37,7 @@ "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -83,6 +84,7 @@ "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -126,6 +128,7 @@ "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -169,6 +172,7 @@ "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -212,6 +216,7 @@ "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -255,6 +260,7 @@ "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -298,6 +304,7 @@ "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -341,6 +348,7 @@ "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -384,6 +392,7 @@ "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -427,6 +436,7 @@ "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -470,6 +480,7 @@ "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -513,6 +524,7 @@ "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -556,6 +568,7 @@ "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -599,6 +612,7 @@ "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -642,6 +656,7 @@ "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -685,6 +700,7 @@ "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -728,6 +744,7 @@ "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -771,6 +788,7 @@ "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -814,6 +832,7 @@ "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -857,6 +876,7 @@ "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -900,6 +920,7 @@ "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -943,6 +964,7 @@ "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -987,6 +1009,7 @@ "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1030,6 +1053,7 @@ "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1073,6 +1097,7 @@ "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1116,6 +1141,7 @@ "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1159,6 +1185,7 @@ "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1202,6 +1229,7 @@ "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1245,6 +1273,7 @@ "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1288,6 +1317,7 @@ "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1331,6 +1361,7 @@ "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1374,6 +1405,7 @@ "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1417,6 +1449,7 @@ "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1460,6 +1493,7 @@ "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1503,6 +1537,7 @@ "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1546,6 +1581,7 @@ "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1589,6 +1625,7 @@ "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1633,6 +1670,7 @@ "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1677,6 +1715,7 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1720,6 +1759,7 @@ "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1763,6 +1803,7 @@ "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1806,6 +1847,7 @@ "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1849,6 +1891,7 @@ "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1893,6 +1936,7 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1936,6 +1980,7 @@ "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1981,6 +2026,7 @@ "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2026,6 +2072,7 @@ "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2071,6 +2118,7 @@ "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2115,6 +2163,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2159,6 +2208,7 @@ "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2203,6 +2253,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2247,6 +2298,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2291,6 +2343,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2335,6 +2388,7 @@ "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2379,6 +2433,7 @@ "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2422,6 +2477,7 @@ "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2465,6 +2521,7 @@ "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2508,6 +2565,7 @@ "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2551,6 +2609,7 @@ "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2596,6 +2655,7 @@ "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2639,6 +2699,7 @@ "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2683,6 +2744,7 @@ "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2726,6 +2788,7 @@ "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2769,6 +2832,7 @@ "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2814,6 +2878,7 @@ "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2861,6 +2926,7 @@ "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2904,6 +2970,7 @@ "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2947,6 +3014,7 @@ "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2992,6 +3060,7 @@ "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3038,6 +3107,7 @@ "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3079,6 +3149,7 @@ "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "ratings": "INTERNAL - high" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3118,6 +3189,7 @@ "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "ratings": "INTERNAL - low" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3160,6 +3232,7 @@ "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3203,6 +3276,7 @@ "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3246,6 +3320,7 @@ "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3289,6 +3364,7 @@ "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3332,6 +3408,7 @@ "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3376,6 +3453,7 @@ "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3419,6 +3497,7 @@ "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3462,6 +3541,7 @@ "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3505,6 +3585,7 @@ "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3550,6 +3631,7 @@ "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3593,6 +3675,7 @@ "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3636,6 +3719,7 @@ "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3681,6 +3765,7 @@ "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3709,7 +3794,7 @@ ] } ], - "sha256": "0e9d12b4e4d7e6df7235a588557c125cd7f8c09240ae907dfc031dd83c252260" + "sha256": "ec883e068c134796d912e6ad9d064585a40b13e566eae02d3ab4d8da3b396c1e" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json index 7cae8f2786..3c4a04cd08 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -37,6 +37,7 @@ "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -83,6 +84,7 @@ "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -126,6 +128,7 @@ "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -169,6 +172,7 @@ "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -212,6 +216,7 @@ "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -255,6 +260,7 @@ "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -298,6 +304,7 @@ "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -341,6 +348,7 @@ "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -384,6 +392,7 @@ "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -427,6 +436,7 @@ "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -470,6 +480,7 @@ "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -513,6 +524,7 @@ "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -556,6 +568,7 @@ "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -599,6 +612,7 @@ "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -642,6 +656,7 @@ "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -685,6 +700,7 @@ "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -728,6 +744,7 @@ "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -771,6 +788,7 @@ "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -814,6 +832,7 @@ "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -857,6 +876,7 @@ "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -900,6 +920,7 @@ "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -943,6 +964,7 @@ "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -987,6 +1009,7 @@ "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1030,6 +1053,7 @@ "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1073,6 +1097,7 @@ "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1116,6 +1141,7 @@ "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1159,6 +1185,7 @@ "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1202,6 +1229,7 @@ "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1245,6 +1273,7 @@ "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1288,6 +1317,7 @@ "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1331,6 +1361,7 @@ "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1374,6 +1405,7 @@ "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1417,6 +1449,7 @@ "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1460,6 +1493,7 @@ "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1503,6 +1537,7 @@ "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1546,6 +1581,7 @@ "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1589,6 +1625,7 @@ "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1633,6 +1670,7 @@ "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1677,6 +1715,7 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1720,6 +1759,7 @@ "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1763,6 +1803,7 @@ "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1806,6 +1847,7 @@ "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1849,6 +1891,7 @@ "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1893,6 +1936,7 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1936,6 +1980,7 @@ "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1981,6 +2026,7 @@ "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2026,6 +2072,7 @@ "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2071,6 +2118,7 @@ "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2115,6 +2163,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2159,6 +2208,7 @@ "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2203,6 +2253,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2247,6 +2298,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2291,6 +2343,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2335,6 +2388,7 @@ "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2379,6 +2433,7 @@ "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2422,6 +2477,7 @@ "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2465,6 +2521,7 @@ "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2508,6 +2565,7 @@ "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2551,6 +2609,7 @@ "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2596,6 +2655,7 @@ "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2639,6 +2699,7 @@ "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2683,6 +2744,7 @@ "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2726,6 +2788,7 @@ "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2769,6 +2832,7 @@ "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2814,6 +2878,7 @@ "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2861,6 +2926,7 @@ "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2904,6 +2970,7 @@ "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2947,6 +3014,7 @@ "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2992,6 +3060,7 @@ "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3038,6 +3107,7 @@ "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3079,6 +3149,7 @@ "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "ratings": "INTERNAL - high" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3118,6 +3189,7 @@ "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "ratings": "INTERNAL - low" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3160,6 +3232,7 @@ "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3203,6 +3276,7 @@ "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3246,6 +3320,7 @@ "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3289,6 +3364,7 @@ "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3332,6 +3408,7 @@ "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3376,6 +3453,7 @@ "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3419,6 +3497,7 @@ "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3462,6 +3541,7 @@ "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3505,6 +3585,7 @@ "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3550,6 +3631,7 @@ "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3593,6 +3675,7 @@ "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3636,6 +3719,7 @@ "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3681,6 +3765,7 @@ "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3709,7 +3794,7 @@ ] } ], - "sha256": "0e9d12b4e4d7e6df7235a588557c125cd7f8c09240ae907dfc031dd83c252260" + "sha256": "ec883e068c134796d912e6ad9d064585a40b13e566eae02d3ab4d8da3b396c1e" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index 6c8c9cc63b..ad70dac858 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -37,6 +37,7 @@ "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -83,6 +84,7 @@ "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -126,6 +128,7 @@ "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -169,6 +172,7 @@ "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -212,6 +216,7 @@ "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -255,6 +260,7 @@ "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -298,6 +304,7 @@ "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -341,6 +348,7 @@ "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -384,6 +392,7 @@ "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -427,6 +436,7 @@ "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -470,6 +480,7 @@ "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -513,6 +524,7 @@ "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -556,6 +568,7 @@ "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -599,6 +612,7 @@ "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -642,6 +656,7 @@ "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -685,6 +700,7 @@ "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -728,6 +744,7 @@ "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -771,6 +788,7 @@ "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -814,6 +832,7 @@ "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -857,6 +876,7 @@ "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -900,6 +920,7 @@ "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -943,6 +964,7 @@ "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -987,6 +1009,7 @@ "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1030,6 +1053,7 @@ "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1073,6 +1097,7 @@ "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1116,6 +1141,7 @@ "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1159,6 +1185,7 @@ "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1202,6 +1229,7 @@ "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1245,6 +1273,7 @@ "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1288,6 +1317,7 @@ "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1331,6 +1361,7 @@ "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1374,6 +1405,7 @@ "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1417,6 +1449,7 @@ "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1460,6 +1493,7 @@ "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1503,6 +1537,7 @@ "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1546,6 +1581,7 @@ "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1589,6 +1625,7 @@ "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1633,6 +1670,7 @@ "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1677,6 +1715,7 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1720,6 +1759,7 @@ "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1763,6 +1803,7 @@ "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1806,6 +1847,7 @@ "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1849,6 +1891,7 @@ "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1893,6 +1936,7 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1936,6 +1980,7 @@ "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1981,6 +2026,7 @@ "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2026,6 +2072,7 @@ "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2071,6 +2118,7 @@ "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2115,6 +2163,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2159,6 +2208,7 @@ "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2203,6 +2253,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2247,6 +2298,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2291,6 +2343,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2335,6 +2388,7 @@ "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2379,6 +2433,7 @@ "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2422,6 +2477,7 @@ "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2465,6 +2521,7 @@ "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2514,6 +2571,7 @@ "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2557,6 +2615,7 @@ "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2602,6 +2661,7 @@ "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2645,6 +2705,7 @@ "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2689,6 +2750,7 @@ "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2732,6 +2794,7 @@ "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2775,6 +2838,7 @@ "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2820,6 +2884,7 @@ "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2867,6 +2932,7 @@ "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2910,6 +2976,7 @@ "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2953,6 +3020,7 @@ "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2998,6 +3066,7 @@ "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3044,6 +3113,7 @@ "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3085,6 +3155,7 @@ "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "ratings": "INTERNAL - high" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3124,6 +3195,7 @@ "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "ratings": "INTERNAL - low" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3166,6 +3238,7 @@ "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3209,6 +3282,7 @@ "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3252,6 +3326,7 @@ "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3295,6 +3370,7 @@ "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3338,6 +3414,7 @@ "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3382,6 +3459,7 @@ "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3425,6 +3503,7 @@ "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3474,6 +3553,7 @@ "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3517,6 +3597,7 @@ "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3562,6 +3643,7 @@ "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3605,6 +3687,7 @@ "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3648,6 +3731,7 @@ "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3694,6 +3778,7 @@ "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3723,7 +3808,7 @@ ] } ], - "sha256": "e54441fe70f87286068bd155ef9542dd7e3e43a774d4d34eeaf95b816b547784" + "sha256": "982d6fa2680d1e0da23e39a4fd331faae88ecfe2245dd1606020ea635146bbd4" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json index 06dc57578e..979e8129d8 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -37,6 +37,7 @@ "published": "2021-03-25T17:04:19Z", "updated": "2023-11-09T18:44:38Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -83,6 +84,7 @@ "published": "2023-06-14T18:30:38Z", "updated": "2024-02-13T21:49:15Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -126,6 +128,7 @@ "published": "2020-04-23T21:08:40Z", "updated": "2023-02-01T05:02:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -169,6 +172,7 @@ "published": "2020-05-15T18:58:44Z", "updated": "2023-02-01T05:02:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -212,6 +216,7 @@ "published": "2020-06-10T21:12:41Z", "updated": "2023-02-01T05:03:03Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -255,6 +260,7 @@ "published": "2020-05-15T18:58:50Z", "updated": "2023-02-01T05:03:05Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -298,6 +304,7 @@ "published": "2020-04-23T20:19:02Z", "updated": "2024-03-15T00:41:35Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -341,6 +348,7 @@ "published": "2020-05-15T18:58:47Z", "updated": "2024-03-15T00:48:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -384,6 +392,7 @@ "published": "2020-05-15T18:58:54Z", "updated": "2024-03-15T00:50:18Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -427,6 +436,7 @@ "published": "2020-04-23T21:36:03Z", "updated": "2024-06-25T13:46:45Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -470,6 +480,7 @@ "published": "2020-04-23T16:32:59Z", "updated": "2024-07-03T21:10:50Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -513,6 +524,7 @@ "published": "2020-06-18T14:44:50Z", "updated": "2023-02-01T05:04:14Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -556,6 +568,7 @@ "published": "2020-06-18T14:44:43Z", "updated": "2024-03-15T00:37:17Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -599,6 +612,7 @@ "published": "2020-06-18T14:44:46Z", "updated": "2024-03-15T00:39:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -642,6 +656,7 @@ "published": "2020-06-18T14:44:48Z", "updated": "2024-06-25T13:46:04Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -685,6 +700,7 @@ "published": "2020-03-04T20:52:14Z", "updated": "2023-06-08T19:02:12Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -728,6 +744,7 @@ "published": "2022-07-15T19:41:47Z", "updated": "2023-08-18T15:45:27Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -771,6 +788,7 @@ "published": "2019-11-13T00:32:27Z", "updated": "2023-09-14T14:55:20Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -814,6 +832,7 @@ "published": "2019-11-13T00:32:38Z", "updated": "2023-09-14T14:55:25Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -857,6 +876,7 @@ "published": "2019-10-28T20:51:15Z", "updated": "2024-03-15T00:57:37Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -900,6 +920,7 @@ "published": "2020-05-15T18:59:10Z", "updated": "2023-09-14T15:09:40Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -943,6 +964,7 @@ "published": "2020-05-15T18:59:01Z", "updated": "2024-03-15T00:20:09Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -987,6 +1009,7 @@ "published": "2021-12-09T19:14:51Z", "updated": "2023-09-14T15:44:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1030,6 +1053,7 @@ "published": "2021-12-09T19:15:36Z", "updated": "2023-09-14T15:47:50Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1073,6 +1097,7 @@ "published": "2021-12-09T19:16:02Z", "updated": "2023-09-14T15:52:49Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1116,6 +1141,7 @@ "published": "2021-12-09T19:16:26Z", "updated": "2023-09-14T15:53:30Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1159,6 +1185,7 @@ "published": "2021-11-19T20:13:06Z", "updated": "2023-09-14T15:59:33Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1202,6 +1229,7 @@ "published": "2021-12-09T19:16:51Z", "updated": "2023-09-14T16:01:31Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1245,6 +1273,7 @@ "published": "2021-12-09T19:16:59Z", "updated": "2023-09-14T16:04:22Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1288,6 +1317,7 @@ "published": "2021-12-09T19:16:42Z", "updated": "2023-09-14T16:04:22Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1331,6 +1361,7 @@ "published": "2021-12-09T19:16:10Z", "updated": "2023-09-14T16:07:00Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1374,6 +1405,7 @@ "published": "2021-12-09T19:15:54Z", "updated": "2023-09-14T16:07:40Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1417,6 +1449,7 @@ "published": "2021-12-09T19:15:46Z", "updated": "2023-09-14T16:08:37Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1460,6 +1493,7 @@ "published": "2021-12-09T19:16:18Z", "updated": "2023-09-14T16:13:01Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1503,6 +1537,7 @@ "published": "2021-12-09T19:16:34Z", "updated": "2023-09-14T16:15:44Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1546,6 +1581,7 @@ "published": "2021-12-09T19:15:24Z", "updated": "2023-11-21T11:40:53Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1589,6 +1625,7 @@ "published": "2021-12-09T19:15:00Z", "updated": "2024-03-15T00:28:08Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1633,6 +1670,7 @@ "published": "2021-12-09T19:15:11Z", "updated": "2024-06-25T13:47:23Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1677,6 +1715,7 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-15T00:14:44Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1720,6 +1759,7 @@ "published": "2021-01-20T21:20:15Z", "updated": "2024-03-15T00:16:04Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1763,6 +1803,7 @@ "published": "2022-03-12T00:00:36Z", "updated": "2024-03-15T00:24:56Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1806,6 +1847,7 @@ "published": "2021-02-18T20:51:54Z", "updated": "2024-03-15T00:31:24Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1849,6 +1891,7 @@ "published": "2020-03-04T20:52:11Z", "updated": "2024-03-15T00:52:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1893,6 +1936,7 @@ "published": "2022-10-03T00:00:31Z", "updated": "2024-03-24T05:01:05Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1936,6 +1980,7 @@ "published": "2020-05-15T18:59:04Z", "updated": "2024-07-03T21:10:31Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -1981,6 +2026,7 @@ "published": "2020-04-10T18:42:20Z", "updated": "2023-01-09T05:02:18Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2026,6 +2072,7 @@ "published": "2020-02-24T17:27:27Z", "updated": "2024-06-05T16:42:03Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2071,6 +2118,7 @@ "published": "2021-06-04T21:37:45Z", "updated": "2023-05-22T20:17:58Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2115,6 +2163,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2159,6 +2208,7 @@ "published": "2022-11-11T19:00:31Z", "updated": "2024-06-21T21:33:52Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2203,6 +2253,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2247,6 +2298,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2291,6 +2343,7 @@ "published": "2022-09-06T00:00:27Z", "updated": "2024-03-15T12:30:36Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2335,6 +2388,7 @@ "published": "2022-08-31T00:00:24Z", "updated": "2024-03-15T19:06:46Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2379,6 +2433,7 @@ "published": "2022-12-12T21:19:47Z", "updated": "2024-06-24T21:22:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2422,6 +2477,7 @@ "published": "2021-12-17T20:00:50Z", "updated": "2023-01-30T05:04:55Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2465,6 +2521,7 @@ "published": "2023-11-29T12:30:16Z", "updated": "2023-12-05T21:31:13Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2514,6 +2571,7 @@ "published": "2021-03-10T03:46:47Z", "updated": "2023-02-01T05:05:09Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2557,6 +2615,7 @@ "published": "2021-06-23T20:23:04Z", "updated": "2023-02-01T05:05:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2602,6 +2661,7 @@ "published": "2021-04-06T17:31:30Z", "updated": "2023-09-26T11:11:47Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2645,6 +2705,7 @@ "published": "2023-04-18T22:19:57Z", "updated": "2023-11-06T05:01:53Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2689,6 +2750,7 @@ "published": "2023-04-19T18:15:45Z", "updated": "2023-11-06T05:02:06Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2732,6 +2794,7 @@ "published": "2020-12-02T18:28:18Z", "updated": "2024-02-21T17:23:14Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2775,6 +2838,7 @@ "published": "2022-07-07T20:55:34Z", "updated": "2023-01-29T05:06:01Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2820,6 +2884,7 @@ "published": "2023-09-14T16:17:27Z", "updated": "2023-11-06T05:01:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2867,6 +2932,7 @@ "published": "2020-11-04T17:50:24Z", "updated": "2023-11-27T23:07:53Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2910,6 +2976,7 @@ "published": "2023-07-10T21:52:39Z", "updated": "2023-09-05T22:39:32Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2953,6 +3020,7 @@ "published": "2021-06-10T15:43:22Z", "updated": "2023-02-01T05:05:51Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -2998,6 +3066,7 @@ "published": "2023-09-14T16:16:00Z", "updated": "2023-11-06T05:01:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3044,6 +3113,7 @@ "published": "2020-10-12T17:33:00Z", "updated": "2023-02-01T05:04:50Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3085,6 +3155,7 @@ "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", "ratings": "INTERNAL - high" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3124,6 +3195,7 @@ "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", "ratings": "INTERNAL - low" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3166,6 +3238,7 @@ "published": "2022-02-09T22:57:29Z", "updated": "2024-06-27T16:39:59Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3209,6 +3282,7 @@ "published": "2022-02-10T23:05:04Z", "updated": "2024-06-27T18:05:49Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3252,6 +3326,7 @@ "published": "2020-06-05T16:13:36Z", "updated": "2023-01-27T05:02:30Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3295,6 +3370,7 @@ "published": "2021-06-03T23:40:23Z", "updated": "2023-02-01T05:05:30Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3338,6 +3414,7 @@ "published": "2022-03-05T00:00:45Z", "updated": "2023-01-27T05:02:46Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3382,6 +3459,7 @@ "published": "2022-07-07T20:55:40Z", "updated": "2023-07-24T19:39:20Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3425,6 +3503,7 @@ "published": "2023-10-10T21:28:24Z", "updated": "2024-06-21T21:34:00Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3474,6 +3553,7 @@ "published": "2024-02-26T20:13:46Z", "updated": "2024-05-02T18:38:19Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3517,6 +3597,7 @@ "published": "2023-10-10T21:16:23Z", "updated": "2024-06-21T21:33:57Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3562,6 +3643,7 @@ "published": "2018-10-18T18:06:08Z", "updated": "2023-01-09T05:03:38Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3605,6 +3687,7 @@ "published": "2023-10-24T01:49:09Z", "updated": "2023-11-05T05:04:23Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3648,6 +3731,7 @@ "published": "2022-01-06T23:55:09Z", "updated": "2023-02-25T00:31:20Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3694,6 +3778,7 @@ "published": "2022-01-21T23:07:39Z", "updated": "2023-08-18T15:47:05Z" }, + "descriptions": [], "refs": [ { "ref": [ @@ -3723,7 +3808,7 @@ ] } ], - "sha256": "e54441fe70f87286068bd155ef9542dd7e3e43a774d4d34eeaf95b816b547784" + "sha256": "982d6fa2680d1e0da23e39a4fd331faae88ecfe2245dd1606020ea635146bbd4" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json index f298657f3e..ba00cac958 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json @@ -35,10 +35,12 @@ "analysis.response": "will_not_fix, update", "analysis.detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." }, - "descriptions": { - "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", - "label": "fix" - }, + "descriptions": [ + { + "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", + "label": "fix" + } + ], "refs": [ { "ref": [ @@ -94,7 +96,7 @@ ] } ], - "sha256": "af5191b5b0cf612521ae967c953aaa38a72d2e796d7c980bae73e15f227d4217" + "sha256": "fdac7ce337092379d47151be7f98cdd2179722273014faa8d29e4da235f8b46f" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json index 20cc38d266..894baf46ca 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json @@ -35,10 +35,12 @@ "analysis.response": "will_not_fix, update", "analysis.detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." }, - "descriptions": { - "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", - "label": "fix" - }, + "descriptions": [ + { + "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", + "label": "fix" + } + ], "refs": [ { "ref": [ @@ -94,7 +96,7 @@ ] } ], - "sha256": "af5191b5b0cf612521ae967c953aaa38a72d2e796d7c980bae73e15f227d4217" + "sha256": "fdac7ce337092379d47151be7f98cdd2179722273014faa8d29e4da235f8b46f" } ], "passthrough": { diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index ef42404716..b628000ba3 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -451,7 +451,7 @@ export class CycloneDXSBOMMapper extends BaseConverter { }, descriptions: { transformer: (input: Vulnerability) => { - const descriptions = [ + return [ _.has(input, 'recommendation') || _.has(input, 'workaround') ? { data: filterString( @@ -470,8 +470,7 @@ export class CycloneDXSBOMMapper extends BaseConverter { label: 'check' } : undefined - ].reduce((subdescription) => subdescription); - return descriptions ? descriptions : undefined; + ].filter((subdescription) => subdescription); } } as unknown as ExecJSON.ControlDescription[], refs: [ From c86b7279120288ffadbd0b1f9b2553ad1e03b621 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Fri, 16 Aug 2024 15:35:47 -0400 Subject: [PATCH 54/61] Quick review change Signed-off-by: Charles Hu --- libs/hdf-converters/src/cyclonedx-sbom-mapper.ts | 12 +++++++----- libs/hdf-converters/src/utils/global.ts | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index b628000ba3..7fdb654ada 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -208,13 +208,13 @@ export class CycloneDXSBOMResults { vulnerability.affectedComponents.push( ...Array.from(data.components.entries()) // Find every component that is affected via listed bom-refs - .filter((iteratorElement) => + .filter(([_index, component]) => [...vulnerability.affects] .map((id) => id.ref.toString()) - .includes(iteratorElement[1]['bom-ref'] as string) + .includes(component['bom-ref'] as string) ) // Add the index of that affected component to the corresponding vulnerability object - .map((iteratorElement) => iteratorElement[0]) + .map(([index, _component]) => index) ); // Also record the ID of the vulnerability in the component for use in bidirectional traversal @@ -401,6 +401,7 @@ export class CycloneDXSBOMMapper extends BaseConverter { path: 'updated', transformer: filterString }, + // Workflow items will not affect `impact` rejected: { path: 'rejected', transformer: filterString @@ -419,6 +420,7 @@ export class CycloneDXSBOMMapper extends BaseConverter { ? [...input].map((tool) => tool.name).join(', ') : undefined }, + // Workflow items will not affect `impact` 'analysis.state': { path: 'analysis.state', transformer: filterString @@ -462,11 +464,11 @@ export class CycloneDXSBOMMapper extends BaseConverter { : undefined, _.has(input, 'proofOfConcept') ? { - data: JSON.stringify( + data: `Proof of concept: ${JSON.stringify( _.get(input, 'proofOfConcept'), null, 2 - ), + )}`, label: 'check' } : undefined diff --git a/libs/hdf-converters/src/utils/global.ts b/libs/hdf-converters/src/utils/global.ts index 1482e01c9d..26dc1e292d 100644 --- a/libs/hdf-converters/src/utils/global.ts +++ b/libs/hdf-converters/src/utils/global.ts @@ -102,5 +102,5 @@ export function ensureContextualizedEvaluation( // Return original string if it exists, else return undefined export function filterString(input: string): string | undefined { - return input ? input : undefined; + return input || undefined; } From 94f4879f38009a02d4a8962b541006e8a0a3c13e Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Fri, 16 Aug 2024 15:46:36 -0400 Subject: [PATCH 55/61] Add string headers Signed-off-by: Charles Hu --- .../sbom-dropwizard-vex-hdf-withraw.json | 170 +++++++++--------- .../sbom-dropwizard-vex-hdf.json | 170 +++++++++--------- .../sbom-dropwizard-vulns-hdf-withraw.json | 170 +++++++++--------- .../sbom-dropwizard-vulns-hdf.json | 170 +++++++++--------- .../sbom-vex-hdf-withraw.json | 6 +- .../cyclonedx_sbom_mapper/sbom-vex-hdf.json | 6 +- .../src/cyclonedx-sbom-mapper.ts | 24 ++- 7 files changed, 362 insertions(+), 354 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json index d896f6101e..bf4afef291 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -53,7 +53,7 @@ "source_location": {}, "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "id": "GHSA-5mg8-w23w-74h3", - "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "desc": "Description: A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -100,7 +100,7 @@ "source_location": {}, "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "id": "GHSA-7g45-4rm6-3mm3", - "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "desc": "Description: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -144,7 +144,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "id": "GHSA-5p34-5m6p-p58g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -188,7 +188,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "id": "GHSA-27xj-rqx5-2255", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -232,7 +232,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "id": "GHSA-58pp-9c76-5625", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -276,7 +276,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "id": "GHSA-v3xw-c963-f5hc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -320,7 +320,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "id": "GHSA-h4rc-386g-6m85", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -364,7 +364,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "id": "GHSA-9vvp-fxw6-jcxr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -408,7 +408,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "id": "GHSA-rf6r-2c4q-2vwg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -452,7 +452,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "id": "GHSA-758m-v56v-grj4", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -496,7 +496,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "id": "GHSA-95cm-88f5-f2c7", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -540,7 +540,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "id": "GHSA-c2q3-4qrh-fm48", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -584,7 +584,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "id": "GHSA-mc6h-4qgp-37qh", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -628,7 +628,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "id": "GHSA-j823-4qch-3rgm", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -672,7 +672,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "id": "GHSA-c265-37vj-cwcc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -716,7 +716,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "id": "GHSA-4w82-r329-3q67", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -760,7 +760,7 @@ "source_location": {}, "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "id": "GHSA-rpr3-cw39-3pxh", - "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "desc": "Description: The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -804,7 +804,7 @@ "source_location": {}, "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "id": "GHSA-fmmc-742q-jg75", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -848,7 +848,7 @@ "source_location": {}, "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "id": "GHSA-gjmw-vf9h-g25v", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -892,7 +892,7 @@ "source_location": {}, "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "id": "GHSA-mx7p-6679-8g3q", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -936,7 +936,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "id": "GHSA-q93h-jc49-78gg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -980,7 +980,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "id": "GHSA-p43x-xfjf-5jhr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1025,7 +1025,7 @@ "source_location": {}, "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "id": "GHSA-h3cw-g4mq-c5x2", - "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "desc": "Description: This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1069,7 +1069,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "id": "GHSA-qjw2-hr98-qgfh", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1113,7 +1113,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "id": "GHSA-8w26-6f25-cm9x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1157,7 +1157,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-m6x4-97wx-4q27", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1201,7 +1201,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "id": "GHSA-v585-23hc-c647", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1245,7 +1245,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "id": "GHSA-r695-7vr9-jgc2", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1289,7 +1289,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "id": "GHSA-vfqx-33qm-g869", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1333,7 +1333,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "id": "GHSA-f9xh-2qgp-cq57", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1377,7 +1377,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-cvm9-fjm9-3572", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1421,7 +1421,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-9gph-22xh-8x98", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1465,7 +1465,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-89qr-369f-5m5x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1509,7 +1509,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1553,7 +1553,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "id": "GHSA-9m6f-7xcq-8vf8", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1597,7 +1597,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "id": "GHSA-5r5r-6hpj-8gg9", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1641,7 +1641,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-wh8g-3j2c-rqj5", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1686,7 +1686,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "id": "GHSA-r3gr-cxrf-hg25", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1731,7 +1731,7 @@ "source_location": {}, "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "id": "GHSA-jjjh-jjxp-wpff", - "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "desc": "Description: In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1775,7 +1775,7 @@ "source_location": {}, "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-5949-rw7g-wx7w", - "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "desc": "Description: A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1819,7 +1819,7 @@ "source_location": {}, "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", - "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "desc": "Description: jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1863,7 +1863,7 @@ "source_location": {}, "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", - "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "desc": "Description: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1907,7 +1907,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "id": "GHSA-gww7-p5w4-wrfv", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1952,7 +1952,7 @@ "source_location": {}, "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "id": "GHSA-rgv9-q543-rqg4", - "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "desc": "Description: In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1996,7 +1996,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "id": "GHSA-fqwf-pjwf-7vqv", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2042,7 +2042,7 @@ "source_location": {}, "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-8jpx-m2wh-2v34", - "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "desc": "Description: ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2088,7 +2088,7 @@ "source_location": {}, "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-3mcp-9wr4-cjqf", - "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "desc": "Description: Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2134,7 +2134,7 @@ "source_location": {}, "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "id": "GHSA-rvwf-54qp-4r6v", - "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "desc": "Description: The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2179,7 +2179,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "id": "GHSA-9w3m-gqgf-c4p9", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2224,7 +2224,7 @@ "source_location": {}, "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "id": "GHSA-w37g-rhq8-7m4j", - "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "desc": "Description: Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2269,7 +2269,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-c4r9-r8fh-9vj2", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2314,7 +2314,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-hhhw-99gj-p3c3", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2359,7 +2359,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-98wm-3w3q-mw94", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2404,7 +2404,7 @@ "source_location": {}, "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "id": "GHSA-3mc7-4q67-w48m", - "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "desc": "Description: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2449,7 +2449,7 @@ "source_location": {}, "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "id": "GHSA-mjmj-j48q-9wg2", - "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "desc": "Description: ### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2493,7 +2493,7 @@ "source_location": {}, "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "id": "GHSA-668q-qrv7-99fm", - "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "desc": "Description: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2537,7 +2537,7 @@ "source_location": {}, "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "id": "GHSA-vmq6-5m68-f53m", - "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "desc": "Description: A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2581,7 +2581,7 @@ "source_location": {}, "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "id": "GHSA-m394-8rww-3jr7", - "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "desc": "Description: ### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2625,7 +2625,7 @@ "source_location": {}, "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "id": "GHSA-m6cp-vxjx-65j6", - "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "desc": "Description: ### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2671,7 +2671,7 @@ "source_location": {}, "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "id": "GHSA-26vr-8j45-3r4w", - "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "desc": "Description: ### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2715,7 +2715,7 @@ "source_location": {}, "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "id": "GHSA-p26g-97m4-6q7c", - "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "desc": "Description: Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2760,7 +2760,7 @@ "source_location": {}, "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "id": "GHSA-qw69-rqj8-6qw8", - "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "desc": "Description: ### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2804,7 +2804,7 @@ "source_location": {}, "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "id": "GHSA-86wm-rrjm-8wh8", - "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "desc": "Description: ### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2848,7 +2848,7 @@ "source_location": {}, "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-cj7v-27pg-wf7q", - "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "desc": "Description: ### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2894,7 +2894,7 @@ "source_location": {}, "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "id": "GHSA-hmr7-m48g-48f6", - "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "desc": "Description: ### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2942,7 +2942,7 @@ "source_location": {}, "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "id": "GHSA-g3wg-6mcf-8jj6", - "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "desc": "Description: ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2986,7 +2986,7 @@ "source_location": {}, "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "id": "GHSA-58qw-p7qm-5rvh", - "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "desc": "Description: ### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3030,7 +3030,7 @@ "source_location": {}, "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "id": "GHSA-gwcr-j4wh-j3cq", - "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "desc": "Description: Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3076,7 +3076,7 @@ "source_location": {}, "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "id": "GHSA-3gh6-v5v9-6v9j", - "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "desc": "Description: If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3123,7 +3123,7 @@ "source_location": {}, "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "id": "GHSA-269g-pwp5-87pp", - "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "desc": "Description: ### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3204,7 +3204,7 @@ "source_location": {}, "title": "testing", "id": "INT-63e3-49kp-blqt", - "desc": "testing", + "desc": "Description: testing", "impact": 0.3, "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3248,7 +3248,7 @@ "source_location": {}, "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-j8jw-g6fq-mp7h", - "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "desc": "Description: A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3292,7 +3292,7 @@ "source_location": {}, "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "id": "GHSA-8grg-q944-cch5", - "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "desc": "Description: A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3336,7 +3336,7 @@ "source_location": {}, "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "id": "GHSA-hwj3-m3p6-hj38", - "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "desc": "Description: dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3380,7 +3380,7 @@ "source_location": {}, "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "id": "GHSA-7r82-7xv7-xcpj", - "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "desc": "Description: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3424,7 +3424,7 @@ "source_location": {}, "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "id": "GHSA-jvfv-hrrc-6q72", - "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "desc": "Description: The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3469,7 +3469,7 @@ "source_location": {}, "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-wgmr-mf83-7x4j", - "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "desc": "Description: ### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3513,7 +3513,7 @@ "source_location": {}, "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "id": "GHSA-qppj-fm5r-hxr3", - "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "desc": "Description: ## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3557,7 +3557,7 @@ "source_location": {}, "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "id": "GHSA-rggv-cv7r-mw98", - "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "desc": "Description: ### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3601,7 +3601,7 @@ "source_location": {}, "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "id": "GHSA-wgh7-54f2-x98r", - "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "desc": "Description: An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3647,7 +3647,7 @@ "source_location": {}, "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "id": "GHSA-w4g2-9hj6-5472", - "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "desc": "Description: Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3691,7 +3691,7 @@ "source_location": {}, "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "id": "GHSA-mm8h-8587-p46h", - "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "desc": "Description: ### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3735,7 +3735,7 @@ "source_location": {}, "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", - "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "desc": "Description: ### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3781,7 +3781,7 @@ "source_location": {}, "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", - "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "desc": "Description: H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3794,7 +3794,7 @@ ] } ], - "sha256": "ec883e068c134796d912e6ad9d064585a40b13e566eae02d3ab4d8da3b396c1e" + "sha256": "f7fcd590f502add6e584b6890c29f6a329ea52928100784f014e4013dcefb42c" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json index 3c4a04cd08..3136acb0e5 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -53,7 +53,7 @@ "source_location": {}, "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "id": "GHSA-5mg8-w23w-74h3", - "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "desc": "Description: A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -100,7 +100,7 @@ "source_location": {}, "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "id": "GHSA-7g45-4rm6-3mm3", - "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "desc": "Description: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -144,7 +144,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "id": "GHSA-5p34-5m6p-p58g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -188,7 +188,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "id": "GHSA-27xj-rqx5-2255", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -232,7 +232,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "id": "GHSA-58pp-9c76-5625", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -276,7 +276,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "id": "GHSA-v3xw-c963-f5hc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -320,7 +320,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "id": "GHSA-h4rc-386g-6m85", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -364,7 +364,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "id": "GHSA-9vvp-fxw6-jcxr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -408,7 +408,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "id": "GHSA-rf6r-2c4q-2vwg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -452,7 +452,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "id": "GHSA-758m-v56v-grj4", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -496,7 +496,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "id": "GHSA-95cm-88f5-f2c7", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -540,7 +540,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "id": "GHSA-c2q3-4qrh-fm48", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -584,7 +584,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "id": "GHSA-mc6h-4qgp-37qh", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -628,7 +628,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "id": "GHSA-j823-4qch-3rgm", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -672,7 +672,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "id": "GHSA-c265-37vj-cwcc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -716,7 +716,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "id": "GHSA-4w82-r329-3q67", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -760,7 +760,7 @@ "source_location": {}, "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "id": "GHSA-rpr3-cw39-3pxh", - "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "desc": "Description: The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -804,7 +804,7 @@ "source_location": {}, "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "id": "GHSA-fmmc-742q-jg75", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -848,7 +848,7 @@ "source_location": {}, "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "id": "GHSA-gjmw-vf9h-g25v", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -892,7 +892,7 @@ "source_location": {}, "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "id": "GHSA-mx7p-6679-8g3q", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -936,7 +936,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "id": "GHSA-q93h-jc49-78gg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -980,7 +980,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "id": "GHSA-p43x-xfjf-5jhr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1025,7 +1025,7 @@ "source_location": {}, "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "id": "GHSA-h3cw-g4mq-c5x2", - "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "desc": "Description: This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1069,7 +1069,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "id": "GHSA-qjw2-hr98-qgfh", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1113,7 +1113,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "id": "GHSA-8w26-6f25-cm9x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1157,7 +1157,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-m6x4-97wx-4q27", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1201,7 +1201,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "id": "GHSA-v585-23hc-c647", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1245,7 +1245,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "id": "GHSA-r695-7vr9-jgc2", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1289,7 +1289,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "id": "GHSA-vfqx-33qm-g869", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1333,7 +1333,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "id": "GHSA-f9xh-2qgp-cq57", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1377,7 +1377,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-cvm9-fjm9-3572", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1421,7 +1421,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-9gph-22xh-8x98", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1465,7 +1465,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-89qr-369f-5m5x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1509,7 +1509,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1553,7 +1553,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "id": "GHSA-9m6f-7xcq-8vf8", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1597,7 +1597,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "id": "GHSA-5r5r-6hpj-8gg9", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1641,7 +1641,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-wh8g-3j2c-rqj5", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1686,7 +1686,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "id": "GHSA-r3gr-cxrf-hg25", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1731,7 +1731,7 @@ "source_location": {}, "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "id": "GHSA-jjjh-jjxp-wpff", - "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "desc": "Description: In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1775,7 +1775,7 @@ "source_location": {}, "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-5949-rw7g-wx7w", - "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "desc": "Description: A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1819,7 +1819,7 @@ "source_location": {}, "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", - "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "desc": "Description: jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1863,7 +1863,7 @@ "source_location": {}, "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", - "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "desc": "Description: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1907,7 +1907,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "id": "GHSA-gww7-p5w4-wrfv", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1952,7 +1952,7 @@ "source_location": {}, "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "id": "GHSA-rgv9-q543-rqg4", - "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "desc": "Description: In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -1996,7 +1996,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "id": "GHSA-fqwf-pjwf-7vqv", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2042,7 +2042,7 @@ "source_location": {}, "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-8jpx-m2wh-2v34", - "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "desc": "Description: ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2088,7 +2088,7 @@ "source_location": {}, "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-3mcp-9wr4-cjqf", - "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "desc": "Description: Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2134,7 +2134,7 @@ "source_location": {}, "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "id": "GHSA-rvwf-54qp-4r6v", - "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "desc": "Description: The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2179,7 +2179,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "id": "GHSA-9w3m-gqgf-c4p9", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2224,7 +2224,7 @@ "source_location": {}, "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "id": "GHSA-w37g-rhq8-7m4j", - "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "desc": "Description: Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2269,7 +2269,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-c4r9-r8fh-9vj2", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2314,7 +2314,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-hhhw-99gj-p3c3", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2359,7 +2359,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-98wm-3w3q-mw94", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2404,7 +2404,7 @@ "source_location": {}, "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "id": "GHSA-3mc7-4q67-w48m", - "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "desc": "Description: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2449,7 +2449,7 @@ "source_location": {}, "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "id": "GHSA-mjmj-j48q-9wg2", - "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "desc": "Description: ### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2493,7 +2493,7 @@ "source_location": {}, "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "id": "GHSA-668q-qrv7-99fm", - "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "desc": "Description: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2537,7 +2537,7 @@ "source_location": {}, "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "id": "GHSA-vmq6-5m68-f53m", - "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "desc": "Description: A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2581,7 +2581,7 @@ "source_location": {}, "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "id": "GHSA-m394-8rww-3jr7", - "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "desc": "Description: ### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2625,7 +2625,7 @@ "source_location": {}, "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "id": "GHSA-m6cp-vxjx-65j6", - "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "desc": "Description: ### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2671,7 +2671,7 @@ "source_location": {}, "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "id": "GHSA-26vr-8j45-3r4w", - "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "desc": "Description: ### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2715,7 +2715,7 @@ "source_location": {}, "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "id": "GHSA-p26g-97m4-6q7c", - "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "desc": "Description: Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2760,7 +2760,7 @@ "source_location": {}, "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "id": "GHSA-qw69-rqj8-6qw8", - "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "desc": "Description: ### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2804,7 +2804,7 @@ "source_location": {}, "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "id": "GHSA-86wm-rrjm-8wh8", - "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "desc": "Description: ### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2848,7 +2848,7 @@ "source_location": {}, "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-cj7v-27pg-wf7q", - "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "desc": "Description: ### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2894,7 +2894,7 @@ "source_location": {}, "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "id": "GHSA-hmr7-m48g-48f6", - "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "desc": "Description: ### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2942,7 +2942,7 @@ "source_location": {}, "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "id": "GHSA-g3wg-6mcf-8jj6", - "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "desc": "Description: ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -2986,7 +2986,7 @@ "source_location": {}, "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "id": "GHSA-58qw-p7qm-5rvh", - "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "desc": "Description: ### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3030,7 +3030,7 @@ "source_location": {}, "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "id": "GHSA-gwcr-j4wh-j3cq", - "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "desc": "Description: Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3076,7 +3076,7 @@ "source_location": {}, "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "id": "GHSA-3gh6-v5v9-6v9j", - "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "desc": "Description: If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3123,7 +3123,7 @@ "source_location": {}, "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "id": "GHSA-269g-pwp5-87pp", - "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "desc": "Description: ### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3204,7 +3204,7 @@ "source_location": {}, "title": "testing", "id": "INT-63e3-49kp-blqt", - "desc": "testing", + "desc": "Description: testing", "impact": 0.3, "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3248,7 +3248,7 @@ "source_location": {}, "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-j8jw-g6fq-mp7h", - "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "desc": "Description: A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3292,7 +3292,7 @@ "source_location": {}, "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "id": "GHSA-8grg-q944-cch5", - "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "desc": "Description: A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3336,7 +3336,7 @@ "source_location": {}, "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "id": "GHSA-hwj3-m3p6-hj38", - "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "desc": "Description: dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3380,7 +3380,7 @@ "source_location": {}, "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "id": "GHSA-7r82-7xv7-xcpj", - "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "desc": "Description: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3424,7 +3424,7 @@ "source_location": {}, "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "id": "GHSA-jvfv-hrrc-6q72", - "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "desc": "Description: The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3469,7 +3469,7 @@ "source_location": {}, "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-wgmr-mf83-7x4j", - "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "desc": "Description: ### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3513,7 +3513,7 @@ "source_location": {}, "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "id": "GHSA-qppj-fm5r-hxr3", - "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "desc": "Description: ## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3557,7 +3557,7 @@ "source_location": {}, "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "id": "GHSA-rggv-cv7r-mw98", - "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "desc": "Description: ### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3601,7 +3601,7 @@ "source_location": {}, "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "id": "GHSA-wgh7-54f2-x98r", - "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "desc": "Description: An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3647,7 +3647,7 @@ "source_location": {}, "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "id": "GHSA-w4g2-9hj6-5472", - "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "desc": "Description: Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3691,7 +3691,7 @@ "source_location": {}, "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "id": "GHSA-mm8h-8587-p46h", - "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "desc": "Description: ### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3735,7 +3735,7 @@ "source_location": {}, "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", - "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "desc": "Description: ### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 1, "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3781,7 +3781,7 @@ "source_location": {}, "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", - "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "desc": "Description: H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 1, "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", "results": [ @@ -3794,7 +3794,7 @@ ] } ], - "sha256": "ec883e068c134796d912e6ad9d064585a40b13e566eae02d3ab4d8da3b396c1e" + "sha256": "f7fcd590f502add6e584b6890c29f6a329ea52928100784f014e4013dcefb42c" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json index ad70dac858..0b7bf10c99 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -53,7 +53,7 @@ "source_location": {}, "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "id": "GHSA-5mg8-w23w-74h3", - "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "desc": "Description: A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ @@ -100,7 +100,7 @@ "source_location": {}, "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "id": "GHSA-7g45-4rm6-3mm3", - "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "desc": "Description: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ @@ -144,7 +144,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "id": "GHSA-5p34-5m6p-p58g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -188,7 +188,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "id": "GHSA-27xj-rqx5-2255", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -232,7 +232,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "id": "GHSA-58pp-9c76-5625", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -276,7 +276,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "id": "GHSA-v3xw-c963-f5hc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -320,7 +320,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "id": "GHSA-h4rc-386g-6m85", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -364,7 +364,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "id": "GHSA-9vvp-fxw6-jcxr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -408,7 +408,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "id": "GHSA-rf6r-2c4q-2vwg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -452,7 +452,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "id": "GHSA-758m-v56v-grj4", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -496,7 +496,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "id": "GHSA-95cm-88f5-f2c7", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -540,7 +540,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "id": "GHSA-c2q3-4qrh-fm48", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -584,7 +584,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "id": "GHSA-mc6h-4qgp-37qh", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -628,7 +628,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "id": "GHSA-j823-4qch-3rgm", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -672,7 +672,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "id": "GHSA-c265-37vj-cwcc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -716,7 +716,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "id": "GHSA-4w82-r329-3q67", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -760,7 +760,7 @@ "source_location": {}, "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "id": "GHSA-rpr3-cw39-3pxh", - "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "desc": "Description: The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -804,7 +804,7 @@ "source_location": {}, "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "id": "GHSA-fmmc-742q-jg75", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -848,7 +848,7 @@ "source_location": {}, "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "id": "GHSA-gjmw-vf9h-g25v", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -892,7 +892,7 @@ "source_location": {}, "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "id": "GHSA-mx7p-6679-8g3q", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -936,7 +936,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "id": "GHSA-q93h-jc49-78gg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -980,7 +980,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "id": "GHSA-p43x-xfjf-5jhr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1025,7 +1025,7 @@ "source_location": {}, "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "id": "GHSA-h3cw-g4mq-c5x2", - "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "desc": "Description: This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1069,7 +1069,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "id": "GHSA-qjw2-hr98-qgfh", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1113,7 +1113,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "id": "GHSA-8w26-6f25-cm9x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1157,7 +1157,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-m6x4-97wx-4q27", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1201,7 +1201,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "id": "GHSA-v585-23hc-c647", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1245,7 +1245,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "id": "GHSA-r695-7vr9-jgc2", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1289,7 +1289,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "id": "GHSA-vfqx-33qm-g869", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1333,7 +1333,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "id": "GHSA-f9xh-2qgp-cq57", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1377,7 +1377,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-cvm9-fjm9-3572", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1421,7 +1421,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-9gph-22xh-8x98", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1465,7 +1465,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-89qr-369f-5m5x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1509,7 +1509,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1553,7 +1553,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "id": "GHSA-9m6f-7xcq-8vf8", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1597,7 +1597,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "id": "GHSA-5r5r-6hpj-8gg9", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1641,7 +1641,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-wh8g-3j2c-rqj5", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1686,7 +1686,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "id": "GHSA-r3gr-cxrf-hg25", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1731,7 +1731,7 @@ "source_location": {}, "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "id": "GHSA-jjjh-jjxp-wpff", - "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "desc": "Description: In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1775,7 +1775,7 @@ "source_location": {}, "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-5949-rw7g-wx7w", - "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "desc": "Description: A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1819,7 +1819,7 @@ "source_location": {}, "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", - "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "desc": "Description: jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1863,7 +1863,7 @@ "source_location": {}, "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", - "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "desc": "Description: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1907,7 +1907,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "id": "GHSA-gww7-p5w4-wrfv", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1952,7 +1952,7 @@ "source_location": {}, "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "id": "GHSA-rgv9-q543-rqg4", - "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "desc": "Description: In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1996,7 +1996,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "id": "GHSA-fqwf-pjwf-7vqv", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2042,7 +2042,7 @@ "source_location": {}, "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-8jpx-m2wh-2v34", - "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "desc": "Description: ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ @@ -2088,7 +2088,7 @@ "source_location": {}, "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-3mcp-9wr4-cjqf", - "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "desc": "Description: Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ @@ -2134,7 +2134,7 @@ "source_location": {}, "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "id": "GHSA-rvwf-54qp-4r6v", - "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "desc": "Description: The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2179,7 +2179,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "id": "GHSA-9w3m-gqgf-c4p9", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2224,7 +2224,7 @@ "source_location": {}, "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "id": "GHSA-w37g-rhq8-7m4j", - "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "desc": "Description: Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2269,7 +2269,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-c4r9-r8fh-9vj2", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2314,7 +2314,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-hhhw-99gj-p3c3", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2359,7 +2359,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-98wm-3w3q-mw94", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2404,7 +2404,7 @@ "source_location": {}, "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "id": "GHSA-3mc7-4q67-w48m", - "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "desc": "Description: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2449,7 +2449,7 @@ "source_location": {}, "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "id": "GHSA-mjmj-j48q-9wg2", - "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "desc": "Description: ### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2493,7 +2493,7 @@ "source_location": {}, "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "id": "GHSA-668q-qrv7-99fm", - "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "desc": "Description: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ @@ -2537,7 +2537,7 @@ "source_location": {}, "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "id": "GHSA-vmq6-5m68-f53m", - "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "desc": "Description: A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ @@ -2587,7 +2587,7 @@ "source_location": {}, "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "id": "GHSA-m394-8rww-3jr7", - "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "desc": "Description: ### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2631,7 +2631,7 @@ "source_location": {}, "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "id": "GHSA-m6cp-vxjx-65j6", - "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "desc": "Description: ### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2677,7 +2677,7 @@ "source_location": {}, "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "id": "GHSA-26vr-8j45-3r4w", - "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "desc": "Description: ### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2721,7 +2721,7 @@ "source_location": {}, "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "id": "GHSA-p26g-97m4-6q7c", - "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "desc": "Description: Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2766,7 +2766,7 @@ "source_location": {}, "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "id": "GHSA-qw69-rqj8-6qw8", - "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "desc": "Description: ### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2810,7 +2810,7 @@ "source_location": {}, "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "id": "GHSA-86wm-rrjm-8wh8", - "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "desc": "Description: ### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2854,7 +2854,7 @@ "source_location": {}, "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-cj7v-27pg-wf7q", - "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "desc": "Description: ### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ @@ -2900,7 +2900,7 @@ "source_location": {}, "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "id": "GHSA-hmr7-m48g-48f6", - "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "desc": "Description: ### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ @@ -2948,7 +2948,7 @@ "source_location": {}, "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "id": "GHSA-g3wg-6mcf-8jj6", - "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "desc": "Description: ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ]\n}", "results": [ @@ -2992,7 +2992,7 @@ "source_location": {}, "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "id": "GHSA-58qw-p7qm-5rvh", - "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "desc": "Description: ### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ]\n}", "results": [ @@ -3036,7 +3036,7 @@ "source_location": {}, "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "id": "GHSA-gwcr-j4wh-j3cq", - "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "desc": "Description: Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ @@ -3082,7 +3082,7 @@ "source_location": {}, "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "id": "GHSA-3gh6-v5v9-6v9j", - "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "desc": "Description: If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ @@ -3129,7 +3129,7 @@ "source_location": {}, "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "id": "GHSA-269g-pwp5-87pp", - "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "desc": "Description: ### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ]\n}", "results": [ @@ -3210,7 +3210,7 @@ "source_location": {}, "title": "testing", "id": "INT-63e3-49kp-blqt", - "desc": "testing", + "desc": "Description: testing", "impact": 0.3, "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", "results": [ @@ -3254,7 +3254,7 @@ "source_location": {}, "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-j8jw-g6fq-mp7h", - "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "desc": "Description: A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ @@ -3298,7 +3298,7 @@ "source_location": {}, "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "id": "GHSA-8grg-q944-cch5", - "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "desc": "Description: A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ @@ -3342,7 +3342,7 @@ "source_location": {}, "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "id": "GHSA-hwj3-m3p6-hj38", - "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "desc": "Description: dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ]\n}", "results": [ @@ -3386,7 +3386,7 @@ "source_location": {}, "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "id": "GHSA-7r82-7xv7-xcpj", - "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "desc": "Description: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ]\n}", "results": [ @@ -3430,7 +3430,7 @@ "source_location": {}, "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "id": "GHSA-jvfv-hrrc-6q72", - "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "desc": "Description: The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ]\n}", "results": [ @@ -3475,7 +3475,7 @@ "source_location": {}, "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-wgmr-mf83-7x4j", - "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "desc": "Description: ### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ @@ -3519,7 +3519,7 @@ "source_location": {}, "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "id": "GHSA-qppj-fm5r-hxr3", - "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "desc": "Description: ## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ @@ -3569,7 +3569,7 @@ "source_location": {}, "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "id": "GHSA-rggv-cv7r-mw98", - "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "desc": "Description: ### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ]\n}", "results": [ @@ -3613,7 +3613,7 @@ "source_location": {}, "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "id": "GHSA-wgh7-54f2-x98r", - "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "desc": "Description: An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ]\n}", "results": [ @@ -3659,7 +3659,7 @@ "source_location": {}, "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "id": "GHSA-w4g2-9hj6-5472", - "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "desc": "Description: Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ @@ -3703,7 +3703,7 @@ "source_location": {}, "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "id": "GHSA-mm8h-8587-p46h", - "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "desc": "Description: ### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n },\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"info\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ @@ -3747,7 +3747,7 @@ "source_location": {}, "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", - "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "desc": "Description: ### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 0.5, "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"unknown\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ @@ -3794,7 +3794,7 @@ "source_location": {}, "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", - "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "desc": "Description: H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 0.5, "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"info\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ @@ -3808,7 +3808,7 @@ ] } ], - "sha256": "982d6fa2680d1e0da23e39a4fd331faae88ecfe2245dd1606020ea635146bbd4" + "sha256": "22b4ee8c7d3d66424b9fe6ad562b5434f836acc2fb780c89216dbea1d0c21bc7" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json index 979e8129d8..14fbc9db53 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -53,7 +53,7 @@ "source_location": {}, "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "id": "GHSA-5mg8-w23w-74h3", - "desc": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "desc": "Description: A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "impact": 0.3, "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ @@ -100,7 +100,7 @@ "source_location": {}, "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "id": "GHSA-7g45-4rm6-3mm3", - "desc": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "desc": "Description: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", "results": [ @@ -144,7 +144,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "id": "GHSA-5p34-5m6p-p58g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "impact": 1, "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -188,7 +188,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "id": "GHSA-27xj-rqx5-2255", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", "impact": 0.7, "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -232,7 +232,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "id": "GHSA-58pp-9c76-5625", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -276,7 +276,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "id": "GHSA-v3xw-c963-f5hc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -320,7 +320,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "id": "GHSA-h4rc-386g-6m85", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", "impact": 0.7, "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -364,7 +364,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "id": "GHSA-9vvp-fxw6-jcxr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", "impact": 0.7, "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -408,7 +408,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "id": "GHSA-rf6r-2c4q-2vwg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", "impact": 0.7, "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -452,7 +452,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "id": "GHSA-758m-v56v-grj4", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", "impact": 0.7, "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -496,7 +496,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "id": "GHSA-95cm-88f5-f2c7", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -540,7 +540,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "id": "GHSA-c2q3-4qrh-fm48", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", "impact": 0.7, "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -584,7 +584,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "id": "GHSA-mc6h-4qgp-37qh", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", "impact": 0.7, "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -628,7 +628,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "id": "GHSA-j823-4qch-3rgm", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", "impact": 0.7, "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -672,7 +672,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "id": "GHSA-c265-37vj-cwcc", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", "impact": 0.7, "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -716,7 +716,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "id": "GHSA-4w82-r329-3q67", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", "impact": 1, "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -760,7 +760,7 @@ "source_location": {}, "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "id": "GHSA-rpr3-cw39-3pxh", - "desc": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "desc": "Description: The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -804,7 +804,7 @@ "source_location": {}, "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "id": "GHSA-fmmc-742q-jg75", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -848,7 +848,7 @@ "source_location": {}, "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "id": "GHSA-gjmw-vf9h-g25v", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "impact": 1, "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -892,7 +892,7 @@ "source_location": {}, "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "id": "GHSA-mx7p-6679-8g3q", - "desc": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "impact": 1, "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -936,7 +936,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "id": "GHSA-q93h-jc49-78gg", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", "impact": 1, "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -980,7 +980,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "id": "GHSA-p43x-xfjf-5jhr", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", "impact": 1, "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1025,7 +1025,7 @@ "source_location": {}, "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "id": "GHSA-h3cw-g4mq-c5x2", - "desc": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "desc": "Description: This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1069,7 +1069,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "id": "GHSA-qjw2-hr98-qgfh", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "impact": 0.7, "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1113,7 +1113,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "id": "GHSA-8w26-6f25-cm9x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1157,7 +1157,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-m6x4-97wx-4q27", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1201,7 +1201,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "id": "GHSA-v585-23hc-c647", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1245,7 +1245,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "id": "GHSA-r695-7vr9-jgc2", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1289,7 +1289,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "id": "GHSA-vfqx-33qm-g869", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1333,7 +1333,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "id": "GHSA-f9xh-2qgp-cq57", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1377,7 +1377,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-cvm9-fjm9-3572", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1421,7 +1421,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "id": "GHSA-9gph-22xh-8x98", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "impact": 0.7, "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1465,7 +1465,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-89qr-369f-5m5x", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1509,7 +1509,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "impact": 0.7, "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1553,7 +1553,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "id": "GHSA-9m6f-7xcq-8vf8", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "impact": 0.7, "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1597,7 +1597,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "id": "GHSA-5r5r-6hpj-8gg9", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1641,7 +1641,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "id": "GHSA-wh8g-3j2c-rqj5", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1686,7 +1686,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "id": "GHSA-r3gr-cxrf-hg25", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", "impact": 0.7, "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1731,7 +1731,7 @@ "source_location": {}, "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "id": "GHSA-jjjh-jjxp-wpff", - "desc": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "desc": "Description: In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", "impact": 0.7, "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1775,7 +1775,7 @@ "source_location": {}, "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-5949-rw7g-wx7w", - "desc": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "desc": "Description: A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "impact": 0.7, "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1819,7 +1819,7 @@ "source_location": {}, "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", - "desc": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "desc": "Description: jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "impact": 0.7, "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1863,7 +1863,7 @@ "source_location": {}, "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", - "desc": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "desc": "Description: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1907,7 +1907,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "id": "GHSA-gww7-p5w4-wrfv", - "desc": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", "impact": 1, "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1952,7 +1952,7 @@ "source_location": {}, "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "id": "GHSA-rgv9-q543-rqg4", - "desc": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "desc": "Description: In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", "impact": 0.7, "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -1996,7 +1996,7 @@ "source_location": {}, "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "id": "GHSA-fqwf-pjwf-7vqv", - "desc": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", "impact": 0.7, "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", "results": [ @@ -2042,7 +2042,7 @@ "source_location": {}, "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-8jpx-m2wh-2v34", - "desc": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "desc": "Description: ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ @@ -2088,7 +2088,7 @@ "source_location": {}, "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "id": "GHSA-3mcp-9wr4-cjqf", - "desc": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "desc": "Description: Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", "impact": 0.7, "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", "results": [ @@ -2134,7 +2134,7 @@ "source_location": {}, "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "id": "GHSA-rvwf-54qp-4r6v", - "desc": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "desc": "Description: The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "impact": 0.7, "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2179,7 +2179,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "id": "GHSA-9w3m-gqgf-c4p9", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2224,7 +2224,7 @@ "source_location": {}, "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "id": "GHSA-w37g-rhq8-7m4j", - "desc": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "desc": "Description: Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2269,7 +2269,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-c4r9-r8fh-9vj2", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2314,7 +2314,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-hhhw-99gj-p3c3", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2359,7 +2359,7 @@ "source_location": {}, "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "id": "GHSA-98wm-3w3q-mw94", - "desc": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "impact": 0.5, "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2404,7 +2404,7 @@ "source_location": {}, "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "id": "GHSA-3mc7-4q67-w48m", - "desc": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "desc": "Description: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", "impact": 0.7, "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2449,7 +2449,7 @@ "source_location": {}, "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "id": "GHSA-mjmj-j48q-9wg2", - "desc": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "desc": "Description: ### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", "impact": 0.7, "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", "results": [ @@ -2493,7 +2493,7 @@ "source_location": {}, "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "id": "GHSA-668q-qrv7-99fm", - "desc": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "desc": "Description: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", "impact": 0.5, "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ @@ -2537,7 +2537,7 @@ "source_location": {}, "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "id": "GHSA-vmq6-5m68-f53m", - "desc": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "desc": "Description: A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", "impact": 0.7, "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", "results": [ @@ -2587,7 +2587,7 @@ "source_location": {}, "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "id": "GHSA-m394-8rww-3jr7", - "desc": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "desc": "Description: ### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", "impact": 0.5, "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2631,7 +2631,7 @@ "source_location": {}, "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "id": "GHSA-m6cp-vxjx-65j6", - "desc": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "desc": "Description: ### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "impact": 0.3, "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2677,7 +2677,7 @@ "source_location": {}, "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "id": "GHSA-26vr-8j45-3r4w", - "desc": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "desc": "Description: ### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", "impact": 0.7, "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2721,7 +2721,7 @@ "source_location": {}, "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "id": "GHSA-p26g-97m4-6q7c", - "desc": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "desc": "Description: Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", "impact": 0.3, "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2766,7 +2766,7 @@ "source_location": {}, "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "id": "GHSA-qw69-rqj8-6qw8", - "desc": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "desc": "Description: ### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "impact": 0.5, "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2810,7 +2810,7 @@ "source_location": {}, "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "id": "GHSA-86wm-rrjm-8wh8", - "desc": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "desc": "Description: ### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", "impact": 0.5, "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", "results": [ @@ -2854,7 +2854,7 @@ "source_location": {}, "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-cj7v-27pg-wf7q", - "desc": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "desc": "Description: ### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.3, "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ @@ -2900,7 +2900,7 @@ "source_location": {}, "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "id": "GHSA-hmr7-m48g-48f6", - "desc": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "desc": "Description: ### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", "impact": 0.5, "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", "results": [ @@ -2948,7 +2948,7 @@ "source_location": {}, "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "id": "GHSA-g3wg-6mcf-8jj6", - "desc": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "desc": "Description: ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", "impact": 0.7, "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ]\n}", "results": [ @@ -2992,7 +2992,7 @@ "source_location": {}, "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "id": "GHSA-58qw-p7qm-5rvh", - "desc": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "desc": "Description: ### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", "impact": 0.3, "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ]\n}", "results": [ @@ -3036,7 +3036,7 @@ "source_location": {}, "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "id": "GHSA-gwcr-j4wh-j3cq", - "desc": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "desc": "Description: Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", "impact": 0.5, "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ @@ -3082,7 +3082,7 @@ "source_location": {}, "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "id": "GHSA-3gh6-v5v9-6v9j", - "desc": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "desc": "Description: If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", "impact": 0.3, "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", "results": [ @@ -3129,7 +3129,7 @@ "source_location": {}, "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "id": "GHSA-269g-pwp5-87pp", - "desc": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "desc": "Description: ### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", "impact": 0.5, "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ]\n}", "results": [ @@ -3210,7 +3210,7 @@ "source_location": {}, "title": "testing", "id": "INT-63e3-49kp-blqt", - "desc": "testing", + "desc": "Description: testing", "impact": 0.3, "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", "results": [ @@ -3254,7 +3254,7 @@ "source_location": {}, "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-j8jw-g6fq-mp7h", - "desc": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "desc": "Description: A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "impact": 0.7, "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ @@ -3298,7 +3298,7 @@ "source_location": {}, "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "id": "GHSA-8grg-q944-cch5", - "desc": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "desc": "Description: A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", "results": [ @@ -3342,7 +3342,7 @@ "source_location": {}, "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "id": "GHSA-hwj3-m3p6-hj38", - "desc": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "desc": "Description: dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", "impact": 1, "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ]\n}", "results": [ @@ -3386,7 +3386,7 @@ "source_location": {}, "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "id": "GHSA-7r82-7xv7-xcpj", - "desc": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "desc": "Description: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "impact": 0.5, "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ]\n}", "results": [ @@ -3430,7 +3430,7 @@ "source_location": {}, "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "id": "GHSA-jvfv-hrrc-6q72", - "desc": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "desc": "Description: The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", "impact": 1, "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ]\n}", "results": [ @@ -3475,7 +3475,7 @@ "source_location": {}, "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "id": "GHSA-wgmr-mf83-7x4j", - "desc": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "desc": "Description: ### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", "impact": 0.7, "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ @@ -3519,7 +3519,7 @@ "source_location": {}, "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "id": "GHSA-qppj-fm5r-hxr3", - "desc": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "desc": "Description: ## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", "impact": 0.5, "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", "results": [ @@ -3569,7 +3569,7 @@ "source_location": {}, "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "id": "GHSA-rggv-cv7r-mw98", - "desc": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "desc": "Description: ### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", "impact": 0.7, "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ]\n}", "results": [ @@ -3613,7 +3613,7 @@ "source_location": {}, "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "id": "GHSA-wgh7-54f2-x98r", - "desc": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "desc": "Description: An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", "impact": 0.7, "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ]\n}", "results": [ @@ -3659,7 +3659,7 @@ "source_location": {}, "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "id": "GHSA-w4g2-9hj6-5472", - "desc": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "desc": "Description: Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "impact": 0.5, "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ @@ -3703,7 +3703,7 @@ "source_location": {}, "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "id": "GHSA-mm8h-8587-p46h", - "desc": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "desc": "Description: ### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", "impact": 0.5, "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n },\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"info\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", "results": [ @@ -3747,7 +3747,7 @@ "source_location": {}, "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "id": "GHSA-h376-j262-vhq6", - "desc": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "desc": "Description: ### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", "impact": 0.5, "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"unknown\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ @@ -3794,7 +3794,7 @@ "source_location": {}, "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "id": "GHSA-45hx-wfhj-473x", - "desc": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "desc": "Description: H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", "impact": 0.5, "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"info\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", "results": [ @@ -3808,7 +3808,7 @@ ] } ], - "sha256": "982d6fa2680d1e0da23e39a4fd331faae88ecfe2245dd1606020ea635146bbd4" + "sha256": "22b4ee8c7d3d66424b9fe6ad562b5434f836acc2fb780c89216dbea1d0c21bc7" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json index ba00cac958..a55cb69884 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json @@ -37,7 +37,7 @@ }, "descriptions": [ { - "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", + "data": "Recommendation: Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", "label": "fix" } ], @@ -83,7 +83,7 @@ "source_location": {}, "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", "id": "CVE-2020-25649", - "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\n\nXXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", + "desc": "Description: com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\n\nDetail: XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", "impact": 0.82, "code": "{\n \"id\": \"CVE-2020-25649\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-25649\"\n },\n \"references\": [\n {\n \"id\": \"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\",\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n }\n }\n ],\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1\"\n },\n \"score\": 7.5,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n },\n \"score\": 8.2,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"Acme Inc\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1\"\n },\n \"score\": 0,\n \"severity\": \"none\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\",\n \"detail\": \"XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\\n\\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\",\n \"recommendation\": \"Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.\",\n \"advisories\": [\n {\n \"title\": \"GitHub Commit\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59\"\n },\n {\n \"title\": \"GitHub Issue\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/issues/2589\"\n },\n {\n \"title\": \"RedHat Bugzilla Bug\",\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\"\n }\n ],\n \"created\": \"2020-12-03T00:00:00.000Z\",\n \"published\": \"2020-12-03T00:00:00.000Z\",\n \"updated\": \"2021-10-26T00:00:00.000Z\",\n \"credits\": {\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n },\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\"\n }\n ]\n}", "results": [ @@ -96,7 +96,7 @@ ] } ], - "sha256": "fdac7ce337092379d47151be7f98cdd2179722273014faa8d29e4da235f8b46f" + "sha256": "6e7fa4296080be8402cc3a052be4ef033a98f9520959b3ec5dce5c906651160f" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json index 894baf46ca..e0a9a7243f 100644 --- a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json @@ -37,7 +37,7 @@ }, "descriptions": [ { - "data": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", + "data": "Recommendation: Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", "label": "fix" } ], @@ -83,7 +83,7 @@ "source_location": {}, "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", "id": "CVE-2020-25649", - "desc": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\n\nXXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", + "desc": "Description: com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\n\nDetail: XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", "impact": 0.82, "code": "{\n \"id\": \"CVE-2020-25649\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-25649\"\n },\n \"references\": [\n {\n \"id\": \"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\",\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n }\n }\n ],\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1\"\n },\n \"score\": 7.5,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n },\n \"score\": 8.2,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"Acme Inc\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1\"\n },\n \"score\": 0,\n \"severity\": \"none\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\",\n \"detail\": \"XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\\n\\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\",\n \"recommendation\": \"Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.\",\n \"advisories\": [\n {\n \"title\": \"GitHub Commit\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59\"\n },\n {\n \"title\": \"GitHub Issue\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/issues/2589\"\n },\n {\n \"title\": \"RedHat Bugzilla Bug\",\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\"\n }\n ],\n \"created\": \"2020-12-03T00:00:00.000Z\",\n \"published\": \"2020-12-03T00:00:00.000Z\",\n \"updated\": \"2021-10-26T00:00:00.000Z\",\n \"credits\": {\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n },\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\"\n }\n ]\n}", "results": [ @@ -96,7 +96,7 @@ ] } ], - "sha256": "fdac7ce337092379d47151be7f98cdd2179722273014faa8d29e4da235f8b46f" + "sha256": "6e7fa4296080be8402cc3a052be4ef033a98f9520959b3ec5dce5c906651160f" } ], "passthrough": { diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 7fdb654ada..59bba2615b 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -453,12 +453,17 @@ export class CycloneDXSBOMMapper extends BaseConverter { }, descriptions: { transformer: (input: Vulnerability) => { + const recommendation = input.recommendation + ? `Recommendation: ${input.recommendation}` + : ''; + // Workaround not defined by types? Use lodash for now until proper type is implemented + const workaround = _.has(input, 'workaround') + ? `Workaround: ${input.workaround}` + : ''; return [ - _.has(input, 'recommendation') || _.has(input, 'workaround') + recommendation || workaround ? { - data: filterString( - `${_.get(input, 'recommendation', '')}\n\n${_.get(input, 'workaround', '')}`.trim() - ), + data: `${recommendation}\n\n${workaround}`.trim(), label: 'fix' } : undefined, @@ -496,10 +501,13 @@ export class CycloneDXSBOMMapper extends BaseConverter { }, id: {path: 'id'}, desc: { - transformer: (input: Vulnerability): string | undefined => - filterString( - `${_.get(input, 'description', '')}\n\n${_.get(input, 'detail', '')}`.trim() - ) + transformer: (input: Vulnerability): string | undefined => { + const description = input.description + ? `Description: ${input.description}` + : ''; + const detail = input.detail ? `Detail: ${input.detail}` : ''; + return filterString(`${description}\n\n${detail}`.trim()); + } }, impact: { transformer: (input: Vulnerability): number => From 148d43879d9de700b94092c651940b549e98ee76 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 19 Aug 2024 09:04:47 -0400 Subject: [PATCH 56/61] Added additional tests Signed-off-by: Charles Hu --- .../SPDXJSONExample-v2.2.spdx.json | 277 ++ .../spdx-to-cyclonedx.json | 550 +++ .../syft-scan-alpine-container.json | 1115 ++++++ .../sbom-converted-spdx-hdf-withraw.json | 1127 ++++++ .../sbom-converted-spdx-hdf.json | 577 ++++ ...bom-syft-alpine-container-hdf-withraw.json | 3072 +++++++++++++++++ .../sbom-syft-alpine-container-hdf.json | 1550 +++++++++ .../forward/cyclonedx_sbom_mapper.spec.ts | 122 + 8 files changed, 8390 insertions(+) create mode 100644 libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/SPDXJSONExample-v2.2.spdx.json create mode 100644 libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/spdx-to-cyclonedx.json create mode 100644 libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/syft-scan-alpine-container.json create mode 100644 libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf-withraw.json create mode 100644 libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf.json create mode 100644 libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf-withraw.json create mode 100644 libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf.json diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/SPDXJSONExample-v2.2.spdx.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/SPDXJSONExample-v2.2.spdx.json new file mode 100644 index 0000000000..386c780354 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/SPDXJSONExample-v2.2.spdx.json @@ -0,0 +1,277 @@ +{ + "SPDXID" : "SPDXRef-DOCUMENT", + "spdxVersion" : "SPDX-2.2", + "creationInfo" : { + "comment" : "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", + "created" : "2010-01-29T18:30:22Z", + "creators" : [ "Tool: LicenseFind-1.0", "Organization: ExampleCodeInspect ()", "Person: Jane Doe ()" ], + "licenseListVersion" : "3.9" + }, + "name" : "SPDX-Tools-v2.0", + "dataLicense" : "CC0-1.0", + "comment" : "This document was created using SPDX 2.0 using licenses from the web site.", + "externalDocumentRefs" : [ { + "externalDocumentId" : "DocumentRef-spdx-tool-1.2", + "checksum" : { + "algorithm" : "SHA1", + "checksumValue" : "d6a770ba38583ed4bb4525bd96e50461655d2759" + }, + "spdxDocument" : "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301" + } ], + "hasExtractedLicensingInfos" : [ { + "extractedText" : "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp ", + "name": "alpine-baselayout", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { "name": "syft:metadata:installedSize", "value": "331776" }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1zwvKMnYs1b6ZdPTBJ0Z7D5P3jyA=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "alpine-baselayout-data=3.4.3-r1" + }, + { "name": "syft:metadata:pullDependencies:1", "value": "/bin/sh" }, + { "name": "syft:metadata:size", "value": "8914" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout-data", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout-data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { "name": "syft:metadata:installedSize", "value": "77824" }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1YCAH7jdO2W816b85sUh9Z8av4Cc=" + }, + { "name": "syft:metadata:size", "value": "11705" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c3e1269ff75aa1d8", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-keys", + "version": "2.4-r1", + "description": "Public keys for Alpine Linux packages", + "licenses": [{ "license": { "id": "MIT" } }], + "cpe": "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://alpinelinux.org", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "aab68f8c9ab434a46710de8e12fb3206e2930a59" + }, + { "name": "syft:metadata:installedSize", "value": "159744" }, + { "name": "syft:metadata:originPackage", "value": "alpine-keys" }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q17Do9XvTHoWjQlRYJe7MhnKd8FTQ=" + }, + { "name": "syft:metadata:size", "value": "13360" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "type": "library", + "publisher": "Natanael Copa ", + "name": "apk-tools", + "version": "2.14.0-r2", + "description": "Alpine Package Keeper - package manager for alpine", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:apk-tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/apk-tools", + "type": "distribution" + } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk-tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "cbaf845cd82388decc932885aa5b6d695bd8a306" + }, + { "name": "syft:metadata:installedSize", "value": "311296" }, + { "name": "syft:metadata:originPackage", "value": "apk-tools" }, + { + "name": "syft:metadata:provides:0", + "value": "so:libapk.so.2.14.0=2.14.0" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:apk=2.14.0-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1jN4l8jnr9pHNE1o5VOUZPBrCrhM=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl>=1.2.3_git20230424" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "ca-certificates-bundle" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:3", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:4", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:pullDependencies:5", + "value": "so:libz.so.1" + }, + { "name": "syft:metadata:size", "value": "125679" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox", + "version": "1.36.1-r2", + "description": "Size optimized toolbox of many common UNIX utilities", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:busybox:busybox:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://busybox.net/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { "name": "syft:metadata:installedSize", "value": "946176" }, + { "name": "syft:metadata:originPackage", "value": "busybox" }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1gQ/L3UBnSjgkFWEHQaUkUDubqdI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { "name": "syft:metadata:size", "value": "510086" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox-binsh", + "version": "1.36.1-r2", + "description": "busybox ash /bin/sh", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://busybox.net/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { "name": "syft:metadata:installedSize", "value": "8192" }, + { "name": "syft:metadata:originPackage", "value": "busybox" }, + { "name": "syft:metadata:provides:0", "value": "/bin/sh" }, + { "name": "syft:metadata:provides:1", "value": "cmd:sh=1.36.1-r2" }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1ng9K4zeuARW5It8leWhwxor0cRQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "busybox=1.36.1-r2" + }, + { "name": "syft:metadata:size", "value": "1543" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "type": "library", + "publisher": "Natanael Copa ", + "name": "ca-certificates-bundle", + "version": "20230506-r0", + "description": "Pre generated bundle of Mozilla certificates", + "licenses": [{ "expression": "MPL-2.0 AND MIT" }], + "cpe": "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/", + "type": "distribution" + } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "59534a02716a92a10d177a118c34066162eff4a6" + }, + { "name": "syft:metadata:installedSize", "value": "237568" }, + { + "name": "syft:metadata:originPackage", + "value": "ca-certificates" + }, + { + "name": "syft:metadata:provides:0", + "value": "ca-certificates-cacert=20230506-r0" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1R/SF0IZwqesh6/EOcK5l3EOrbD0=" + }, + { "name": "syft:metadata:size", "value": "126311" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "type": "library", + "publisher": "Natanael Copa ", + "name": "libc-utils", + "version": "0.7.2-r5", + "description": "Meta package to pull in correct libc", + "licenses": [{ "expression": "BSD-2-Clause AND BSD-3-Clause" }], + "cpe": "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://alpinelinux.org", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc-utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "988f183cc9d6699930c3e18ccf4a9e36010afb56" + }, + { "name": "syft:metadata:installedSize", "value": "4096" }, + { "name": "syft:metadata:originPackage", "value": "libc-dev" }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1Llna/ri8oHhlQIRsaG8SGug0ikI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl-utils" + }, + { "name": "syft:metadata:size", "value": "1484" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libcrypto3", + "version": "3.1.2-r0", + "description": "Crypto library from openssl", + "licenses": [{ "license": { "id": "Apache-2.0" } }], + "cpe": "cpe:2.3:a:libcrypto3:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://www.openssl.org/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto3:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { "name": "syft:metadata:installedSize", "value": "4575232" }, + { "name": "syft:metadata:originPackage", "value": "openssl" }, + { + "name": "syft:metadata:provides:0", + "value": "so:libcrypto.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1NsXXS8muNMooXArl1YhRLj5Rvno=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { "name": "syft:metadata:size", "value": "1740170" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libssl3", + "version": "3.1.2-r0", + "description": "SSL shared libraries", + "licenses": [{ "license": { "id": "Apache-2.0" } }], + "cpe": "cpe:2.3:a:libssl3:libssl3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://www.openssl.org/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl3:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { "name": "syft:metadata:installedSize", "value": "565248" }, + { "name": "syft:metadata:originPackage", "value": "openssl" }, + { "name": "syft:metadata:provides:0", "value": "so:libssl.so.3=3" }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q16d3kU5nHnWY7SeXMWOWZGiQjKcg=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { "name": "syft:metadata:size", "value": "236713" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [{ "license": { "id": "MIT" } }], + "cpe": "cpe:2.3:a:musl-libc:musl:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://musl.libc.org/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_libc:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { "name": "syft:metadata:installedSize", "value": "634880" }, + { "name": "syft:metadata:originPackage", "value": "musl" }, + { + "name": "syft:metadata:provides:0", + "value": "so:libc.musl-x86_64.so.1=1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q12qHLEadu7QpBuz8kHB5EDF3mKB4=" + }, + { "name": "syft:metadata:size", "value": "390477" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl-utils", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { "expression": "MIT AND BSD-2-Clause AND GPL-2.0-or-later" } + ], + "cpe": "cpe:2.3:a:musl-utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://musl.libc.org/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { "name": "syft:metadata:installedSize", "value": "135168" }, + { "name": "syft:metadata:originPackage", "value": "musl" }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:getconf=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:getent=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:2", + "value": "cmd:iconv=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:3", + "value": "cmd:ldconfig=1.2.4-r1" + }, + { "name": "syft:metadata:provides:4", "value": "cmd:ldd=1.2.4-r1" }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1x4sUHXjWjUzYP5FPvJL1HWBjL1M=" + }, + { "name": "syft:metadata:pullDependencies:0", "value": "scanelf" }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libc.musl-x86_64.so.1" + }, + { "name": "syft:metadata:size", "value": "36691" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "type": "library", + "publisher": "Natanael Copa ", + "name": "scanelf", + "version": "1.3.7-r1", + "description": "Scan ELF binaries for stuff", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:scanelf:scanelf:1.3.7-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities", + "type": "distribution" + } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { "name": "syft:metadata:installedSize", "value": "90112" }, + { "name": "syft:metadata:originPackage", "value": "pax-utils" }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:scanelf=1.3.7-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q14nq9o4+uo2NaLbTVDQB3UeooC0M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { "name": "syft:metadata:size", "value": "35664" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "type": "library", + "publisher": "Sören Tempel ", + "name": "ssl_client", + "version": "1.36.1-r2", + "description": "EXternal ssl_client for busybox wget", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:ssl-client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://busybox.net/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl-client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { "name": "syft:metadata:installedSize", "value": "28672" }, + { "name": "syft:metadata:originPackage", "value": "busybox" }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:ssl_client=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1j6LHWpavmnFtpYjzQkH7apSIVOc=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libssl.so.3" + }, + { "name": "syft:metadata:size", "value": "4944" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "type": "library", + "publisher": "Natanael Copa ", + "name": "zlib", + "version": "1.2.13-r1", + "description": "A compression/decompression Library", + "licenses": [{ "license": { "id": "Zlib" } }], + "cpe": "cpe:2.3:a:zlib:zlib:1.2.13-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://zlib.net/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { "name": "syft:metadata:installedSize", "value": "110592" }, + { "name": "syft:metadata:originPackage", "value": "zlib" }, + { + "name": "syft:metadata:provides:0", + "value": "so:libz.so.1=1.2.13" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1JlboSJkrN4qkDcokr4zenpcWEXQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { "name": "syft:metadata:size", "value": "54253" } + ] + }, + { + "bom-ref": "os:alpine@3.18.3", + "type": "operating-system", + "name": "alpine", + "version": "3.18.3", + "description": "Alpine Linux v3.18", + "swid": { "tagId": "alpine", "name": "alpine", "version": "3.18.3" }, + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues", + "type": "issue-tracker" + }, + { "url": "https://alpinelinux.org/", "type": "website" } + ], + "properties": [ + { "name": "syft:distro:id", "value": "alpine" }, + { "name": "syft:distro:prettyName", "value": "Alpine Linux v3.18" }, + { "name": "syft:distro:versionID", "value": "3.18.3" } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "dependsOn": [ + "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca" + ] + }, + { + "ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "dependsOn": [ + "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc" + ] + }, + { + "ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "dependsOn": [ + "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5" + ] + }, + { + "ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "dependsOn": [ + "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6" + ] + }, + { + "ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970" + ] + }, + { + "ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + } + ] +} diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf-withraw.json new file mode 100644 index 0000000000..cc5e99b8a2 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf-withraw.json @@ -0,0 +1,1127 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report", + "title": "CycloneDX BOM Report", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "6ee2405d5989a8a247a146594423542db865fb915d4896a411a783460935e3d6" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "type": "library", + "supplier": { + "name": "Jane Doe", + "contact": [ + { + "email": "jane.doe@example.com" + } + ] + }, + "author": "ExampleCodeInspect", + "name": "glibc", + "version": "2.11.1", + "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + }, + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-256", + "content": "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" + } + ], + "licenses": [ + { + "expression": "(LGPL-2.0-only AND LicenseRef-3)" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "externalReferences": [ + { + "url": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + "type": "distribution" + }, + { + "url": "http://ftp.gnu.org/gnu/glibc", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Package" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: Package Commenter\",\"Comment\":\"Package level annotation\"}" + }, + { + "name": "spdx:files-analyzed", + "value": "true" + }, + { + "name": "spdx:license-comments", + "value": "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-3)" + }, + { + "name": "spdx:package:file-name", + "value": "glibc-2.11.1.tar.gz" + }, + { + "name": "spdx:package:verification-code:value", + "value": "d6a770ba38583ed4bb4525bd96e50461655d2758" + }, + { + "name": "spdx:package:verification-code:excluded-file", + "value": "./package.spdx" + }, + { + "name": "spdx:package:source-info", + "value": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git." + }, + { + "name": "spdx:package:summary", + "value": "GNU C library." + }, + { + "name": "spdx:package:originator:organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:package:originator:email", + "value": "contact@example.com" + }, + { + "name": "spdx:external-reference:other:http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", + "value": "acmecorp/acmenator/4.1.3-alpha This is the external ref for Acme" + }, + { + "name": "spdx:download-location", + "value": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz" + }, + { + "name": "spdx:homepage", + "value": "http://ftp.gnu.org/gnu/glibc" + } + ], + "evidence": { + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "VGhpcyBwYWNrYWdlIGluY2x1ZGVzIHRoZSBHUkRETCBwYXJzZXIgZGV2ZWxvcGVkIGJ5IEhld2xldHQgUGFja2FyZCB1bmRlciB0aGUgZm9sbG93aW5nIGxpY2Vuc2U6Cu+/vSBDb3B5cmlnaHQgMjAwNyBIZXdsZXR0LVBhY2thcmQgRGV2ZWxvcG1lbnQgQ29tcGFueSwgTFAKClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dCBtb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlIG1ldDogCgpSZWRpc3RyaWJ1dGlvbnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuIApSZWRpc3RyaWJ1dGlvbnMgaW4gYmluYXJ5IGZvcm0gbXVzdCByZXByb2R1Y2UgdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIgaW4gdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZSBkaXN0cmlidXRpb24uIApUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uIApUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBBVVRIT1IgYGBBUyBJUycnIEFORCBBTlkgRVhQUkVTUyBPUiBJTVBMSUVEIFdBUlJBTlRJRVMsIElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBUSEUgSU1QTElFRCBXQVJSQU5USUVTIE9GIE1FUkNIQU5UQUJJTElUWSBBTkQgRklUTkVTUyBGT1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UgQVJFIERJU0NMQUlNRUQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBBVVRIT1IgQkUgTElBQkxFIEZPUiBBTlkgRElSRUNULCBJTkRJUkVDVCwgSU5DSURFTlRBTCwgU1BFQ0lBTCwgRVhFTVBMQVJZLCBPUiBDT05TRVFVRU5USUFMIERBTUFHRVMgKElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBQUk9DVVJFTUVOVCBPRiBTVUJTVElUVVRFIEdPT0RTIE9SIFNFUlZJQ0VTOyBMT1NTIE9GIFVTRSwgREFUQSwgT1IgUFJPRklUUzsgT1IgQlVTSU5FU1MgSU5URVJSVVBUSU9OKSBIT1dFVkVSIENBVVNFRCBBTkQgT04gQU5ZIFRIRU9SWSBPRiBMSUFCSUxJVFksIFdIRVRIRVIgSU4gQ09OVFJBQ1QsIFNUUklDVCBMSUFCSUxJVFksIE9SIFRPUlQgKElOQ0xVRElORyBORUdMSUdFTkNFIE9SIE9USEVSV0lTRSkgQVJJU0lORyBJTiBBTlkgV0FZIE9VVCBPRiBUSEUgVVNFIE9GIFRISVMgU09GVFdBUkUsIEVWRU4gSUYgQURWSVNFRCBPRiBUSEUgUE9TU0lCSUxJVFkgT0YgU1VDSCBEQU1BR0Uu" + } + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "LyoKICogKGMpIENvcHlyaWdodCAyMDAwLCAyMDAxLCAyMDAyLCAyMDAzLCAyMDA0LCAyMDA1LCAyMDA2LCAyMDA3LCAyMDA4LCAyMDA5IEhld2xldHQtUGFja2FyZCBEZXZlbG9wbWVudCBDb21wYW55LCBMUAogKiBBbGwgcmlnaHRzIHJlc2VydmVkLgogKgogKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKICogbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zCiAqIGFyZSBtZXQ6CiAqIDEuIFJlZGlzdHJpYnV0aW9ucyBvZiBzb3VyY2UgY29kZSBtdXN0IHJldGFpbiB0aGUgYWJvdmUgY29weXJpZ2h0CiAqICAgIG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lci4KICogMi4gUmVkaXN0cmlidXRpb25zIGluIGJpbmFyeSBmb3JtIG11c3QgcmVwcm9kdWNlIHRoZSBhYm92ZSBjb3B5cmlnaHQKICogICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluIHRoZQogKiAgICBkb2N1bWVudGF0aW9uIGFuZC9vciBvdGhlciBtYXRlcmlhbHMgcHJvdmlkZWQgd2l0aCB0aGUgZGlzdHJpYnV0aW9uLgogKiAzLiBUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMKICogICAgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCiAqCiAqIFRISVMgU09GVFdBUkUgSVMgUFJPVklERUQgQlkgVEhFIEFVVEhPUiBgYEFTIElTJycgQU5EIEFOWSBFWFBSRVNTIE9SCiAqIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMKICogT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4KICogSU4gTk8gRVZFTlQgU0hBTEwgVEhFIEFVVEhPUiBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULAogKiBJTkNJREVOVEFMLCBTUEVDSUFMLCBFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQKICogTk9UIExJTUlURUQgVE8sIFBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLAogKiBEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkKICogVEhFT1JZIE9GIExJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVAogKiAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YKICogVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4KKi8=" + } + } + } + ], + "copyright": [ + { + "text": "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." + } + ] + } + }, + { + "type": "library", + "name": "Apache Commons Lang", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://commons.apache.org/proper/commons-lang/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-1" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://commons.apache.org/proper/commons-lang/" + } + ] + }, + { + "type": "library", + "name": "Jena", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://www.openjena.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-0" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://www.openjena.org/" + } + ] + }, + { + "type": "library", + "name": "Saxon", + "version": "8.8", + "description": "The Saxon package is a collection of tools for processing XML documents.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + } + ], + "licenses": [ + { + "expression": "MPL-1.0" + } + ], + "copyright": "Copyright Saxonica Ltd", + "externalReferences": [ + { + "url": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + "type": "distribution" + }, + { + "url": "http://saxon.sourceforge.net/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Saxon" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-comments", + "value": "Other versions available for a commercial license" + }, + { + "name": "spdx:license-concluded", + "value": "MPL-1.0" + }, + { + "name": "spdx:package:file-name", + "value": "saxonB-8.8.zip" + }, + { + "name": "spdx:download-location", + "value": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download" + }, + { + "name": "spdx:homepage", + "value": "http://saxon.sourceforge.net/" + } + ] + }, + { + "type": "file", + "name": "./src/org/spdx/parser/DOAPProject.java", + "hashes": [ + { + "alg": "SHA-1", + "content": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + } + ], + "copyright": "Copyright 2010, 2011 Source Auditor Inc.", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DoapSource" + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Protecode Inc." + }, + { + "name": "spdx:file:contributor", + "value": "SPDX Technical Team Members" + }, + { + "name": "spdx:file:contributor", + "value": "Open Logic Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Source Auditor Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Black Duck Software In.c" + } + ] + }, + { + "type": "file", + "name": "./lib-source/commons-lang3-3.1-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "Copyright 2001-2011 The Apache Software Foundation", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-CommonsLangSrc" + }, + { + "name": "spdx:comment", + "value": "This file is used by Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:notice-text", + "value": "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" + } + ] + }, + { + "type": "file", + "name": "./lib-source/jena-2.6.3-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-JenaLib" + }, + { + "name": "spdx:comment", + "value": "This file belongs to Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-comments", + "value": "This license is used by Jena" + }, + { + "name": "spdx:license-concluded", + "value": "LicenseRef-1" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:contributor", + "value": "Hewlett Packard Inc." + } + ] + }, + { + "type": "file", + "name": "./package/foo.c", + "hashes": [ + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-1", + "content": "d6a770ba38583ed4bb4525bd96e50461655d2758" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-File" + }, + { + "name": "spdx:comment", + "value": "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory." + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: File Commenter\",\"Comment\":\"File level annotation\"}" + }, + { + "name": "spdx:license-comments", + "value": "The concluded license was taken from the package level that the file was included in." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-2)" + }, + { + "name": "spdx:file:contributor", + "value": "The Regents of the University of California" + }, + { + "name": "spdx:file:contributor", + "value": "Modified by Paul Mundt lethal@linux-sh.org" + }, + { + "name": "spdx:file:contributor", + "value": "IBM Corporation" + }, + { + "name": "spdx:file:notice-text", + "value": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." + } + ] + } + ], + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "metadata": { + "timestamp": "2010-01-29T18:30:22Z", + "tools": [ + { + "name": "LicenseFind", + "version": "1.0" + } + ], + "authors": [ + { + "name": "ExampleCodeInspect", + "email": "" + }, + { + "name": "Jane Doe", + "email": "" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DOCUMENT" + }, + { + "name": "spdx:document:spdx-version", + "value": "SPDX-2.2" + }, + { + "name": "spdx:comment", + "value": "This document was created using SPDX 2.0 using licenses from the web site." + }, + { + "name": "spdx:document:name", + "value": "SPDX-Tools-v2.0" + }, + { + "name": "spdx:document:document-namespace", + "value": "http://spdx.org/spdxdocs/spdx-example-json-2.2-444504E0-4F89-41D3-9A0C-0305E82C3301" + }, + { + "name": "spdx:creation-info:comment", + "value": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries." + }, + { + "name": "spdx:creation-info:creators-organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:creation-info:license-list-version", + "value": "3.9" + }, + { + "name": "spdx:document:external-document-ref", + "value": "{\"ExternalDocumentId\":\"DocumentRef-spdx-tool-1.2\",\"Checksum\":{\"Algorithm\":1,\"ChecksumValue\":\"d6a770ba38583ed4bb4525bd96e50461655d2759\"},\"SpdxDocument\":\"http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2010-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: Jane Doe ()\",\"Comment\":\"Document level annotation\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-03-13T00:00:00Z\",\"AnnotationType\":1,\"Annotator\":\"Person: Suzanne Reviewer\",\"Comment\":\"Another example reviewer.\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2010-02-10T00:00:00Z\",\"AnnotationType\":1,\"Annotator\":\"Person: Joe Reviewer\",\"Comment\":\"This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses\"}" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-File" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-Package" + } + ] + } + } + } + ], + "raw": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "metadata": { + "timestamp": "2010-01-29T18:30:22Z", + "tools": [ + { + "name": "LicenseFind", + "version": "1.0" + } + ], + "authors": [ + { + "name": "ExampleCodeInspect", + "email": "" + }, + { + "name": "Jane Doe", + "email": "" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DOCUMENT" + }, + { + "name": "spdx:document:spdx-version", + "value": "SPDX-2.2" + }, + { + "name": "spdx:comment", + "value": "This document was created using SPDX 2.0 using licenses from the web site." + }, + { + "name": "spdx:document:name", + "value": "SPDX-Tools-v2.0" + }, + { + "name": "spdx:document:document-namespace", + "value": "http://spdx.org/spdxdocs/spdx-example-json-2.2-444504E0-4F89-41D3-9A0C-0305E82C3301" + }, + { + "name": "spdx:creation-info:comment", + "value": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries." + }, + { + "name": "spdx:creation-info:creators-organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:creation-info:license-list-version", + "value": "3.9" + }, + { + "name": "spdx:document:external-document-ref", + "value": "{\"ExternalDocumentId\":\"DocumentRef-spdx-tool-1.2\",\"Checksum\":{\"Algorithm\":1,\"ChecksumValue\":\"d6a770ba38583ed4bb4525bd96e50461655d2759\"},\"SpdxDocument\":\"http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2010-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: Jane Doe ()\",\"Comment\":\"Document level annotation\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-03-13T00:00:00Z\",\"AnnotationType\":1,\"Annotator\":\"Person: Suzanne Reviewer\",\"Comment\":\"Another example reviewer.\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2010-02-10T00:00:00Z\",\"AnnotationType\":1,\"Annotator\":\"Person: Joe Reviewer\",\"Comment\":\"This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses\"}" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-File" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-Package" + } + ] + }, + "components": [ + { + "type": "library", + "supplier": { + "name": "Jane Doe", + "contact": [ + { + "email": "jane.doe@example.com" + } + ] + }, + "author": "ExampleCodeInspect", + "name": "glibc", + "version": "2.11.1", + "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + }, + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-256", + "content": "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" + } + ], + "licenses": [ + { + "expression": "(LGPL-2.0-only AND LicenseRef-3)" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "externalReferences": [ + { + "url": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + "type": "distribution" + }, + { + "url": "http://ftp.gnu.org/gnu/glibc", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Package" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: Package Commenter\",\"Comment\":\"Package level annotation\"}" + }, + { + "name": "spdx:files-analyzed", + "value": "true" + }, + { + "name": "spdx:license-comments", + "value": "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-3)" + }, + { + "name": "spdx:package:file-name", + "value": "glibc-2.11.1.tar.gz" + }, + { + "name": "spdx:package:verification-code:value", + "value": "d6a770ba38583ed4bb4525bd96e50461655d2758" + }, + { + "name": "spdx:package:verification-code:excluded-file", + "value": "./package.spdx" + }, + { + "name": "spdx:package:source-info", + "value": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git." + }, + { + "name": "spdx:package:summary", + "value": "GNU C library." + }, + { + "name": "spdx:package:originator:organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:package:originator:email", + "value": "contact@example.com" + }, + { + "name": "spdx:external-reference:other:http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", + "value": "acmecorp/acmenator/4.1.3-alpha This is the external ref for Acme" + }, + { + "name": "spdx:download-location", + "value": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz" + }, + { + "name": "spdx:homepage", + "value": "http://ftp.gnu.org/gnu/glibc" + } + ], + "evidence": { + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "VGhpcyBwYWNrYWdlIGluY2x1ZGVzIHRoZSBHUkRETCBwYXJzZXIgZGV2ZWxvcGVkIGJ5IEhld2xldHQgUGFja2FyZCB1bmRlciB0aGUgZm9sbG93aW5nIGxpY2Vuc2U6Cu+/vSBDb3B5cmlnaHQgMjAwNyBIZXdsZXR0LVBhY2thcmQgRGV2ZWxvcG1lbnQgQ29tcGFueSwgTFAKClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dCBtb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlIG1ldDogCgpSZWRpc3RyaWJ1dGlvbnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuIApSZWRpc3RyaWJ1dGlvbnMgaW4gYmluYXJ5IGZvcm0gbXVzdCByZXByb2R1Y2UgdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIgaW4gdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZSBkaXN0cmlidXRpb24uIApUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uIApUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBBVVRIT1IgYGBBUyBJUycnIEFORCBBTlkgRVhQUkVTUyBPUiBJTVBMSUVEIFdBUlJBTlRJRVMsIElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBUSEUgSU1QTElFRCBXQVJSQU5USUVTIE9GIE1FUkNIQU5UQUJJTElUWSBBTkQgRklUTkVTUyBGT1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UgQVJFIERJU0NMQUlNRUQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBBVVRIT1IgQkUgTElBQkxFIEZPUiBBTlkgRElSRUNULCBJTkRJUkVDVCwgSU5DSURFTlRBTCwgU1BFQ0lBTCwgRVhFTVBMQVJZLCBPUiBDT05TRVFVRU5USUFMIERBTUFHRVMgKElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBQUk9DVVJFTUVOVCBPRiBTVUJTVElUVVRFIEdPT0RTIE9SIFNFUlZJQ0VTOyBMT1NTIE9GIFVTRSwgREFUQSwgT1IgUFJPRklUUzsgT1IgQlVTSU5FU1MgSU5URVJSVVBUSU9OKSBIT1dFVkVSIENBVVNFRCBBTkQgT04gQU5ZIFRIRU9SWSBPRiBMSUFCSUxJVFksIFdIRVRIRVIgSU4gQ09OVFJBQ1QsIFNUUklDVCBMSUFCSUxJVFksIE9SIFRPUlQgKElOQ0xVRElORyBORUdMSUdFTkNFIE9SIE9USEVSV0lTRSkgQVJJU0lORyBJTiBBTlkgV0FZIE9VVCBPRiBUSEUgVVNFIE9GIFRISVMgU09GVFdBUkUsIEVWRU4gSUYgQURWSVNFRCBPRiBUSEUgUE9TU0lCSUxJVFkgT0YgU1VDSCBEQU1BR0Uu" + } + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "LyoKICogKGMpIENvcHlyaWdodCAyMDAwLCAyMDAxLCAyMDAyLCAyMDAzLCAyMDA0LCAyMDA1LCAyMDA2LCAyMDA3LCAyMDA4LCAyMDA5IEhld2xldHQtUGFja2FyZCBEZXZlbG9wbWVudCBDb21wYW55LCBMUAogKiBBbGwgcmlnaHRzIHJlc2VydmVkLgogKgogKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKICogbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zCiAqIGFyZSBtZXQ6CiAqIDEuIFJlZGlzdHJpYnV0aW9ucyBvZiBzb3VyY2UgY29kZSBtdXN0IHJldGFpbiB0aGUgYWJvdmUgY29weXJpZ2h0CiAqICAgIG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lci4KICogMi4gUmVkaXN0cmlidXRpb25zIGluIGJpbmFyeSBmb3JtIG11c3QgcmVwcm9kdWNlIHRoZSBhYm92ZSBjb3B5cmlnaHQKICogICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluIHRoZQogKiAgICBkb2N1bWVudGF0aW9uIGFuZC9vciBvdGhlciBtYXRlcmlhbHMgcHJvdmlkZWQgd2l0aCB0aGUgZGlzdHJpYnV0aW9uLgogKiAzLiBUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMKICogICAgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCiAqCiAqIFRISVMgU09GVFdBUkUgSVMgUFJPVklERUQgQlkgVEhFIEFVVEhPUiBgYEFTIElTJycgQU5EIEFOWSBFWFBSRVNTIE9SCiAqIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMKICogT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4KICogSU4gTk8gRVZFTlQgU0hBTEwgVEhFIEFVVEhPUiBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULAogKiBJTkNJREVOVEFMLCBTUEVDSUFMLCBFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQKICogTk9UIExJTUlURUQgVE8sIFBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLAogKiBEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkKICogVEhFT1JZIE9GIExJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVAogKiAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YKICogVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4KKi8=" + } + } + } + ], + "copyright": [ + { + "text": "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." + } + ] + } + }, + { + "type": "library", + "name": "Apache Commons Lang", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://commons.apache.org/proper/commons-lang/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-1" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://commons.apache.org/proper/commons-lang/" + } + ] + }, + { + "type": "library", + "name": "Jena", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://www.openjena.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-0" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://www.openjena.org/" + } + ] + }, + { + "type": "library", + "name": "Saxon", + "version": "8.8", + "description": "The Saxon package is a collection of tools for processing XML documents.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + } + ], + "licenses": [ + { + "expression": "MPL-1.0" + } + ], + "copyright": "Copyright Saxonica Ltd", + "externalReferences": [ + { + "url": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + "type": "distribution" + }, + { + "url": "http://saxon.sourceforge.net/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Saxon" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-comments", + "value": "Other versions available for a commercial license" + }, + { + "name": "spdx:license-concluded", + "value": "MPL-1.0" + }, + { + "name": "spdx:package:file-name", + "value": "saxonB-8.8.zip" + }, + { + "name": "spdx:download-location", + "value": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download" + }, + { + "name": "spdx:homepage", + "value": "http://saxon.sourceforge.net/" + } + ] + }, + { + "type": "file", + "name": "./src/org/spdx/parser/DOAPProject.java", + "hashes": [ + { + "alg": "SHA-1", + "content": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + } + ], + "copyright": "Copyright 2010, 2011 Source Auditor Inc.", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DoapSource" + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Protecode Inc." + }, + { + "name": "spdx:file:contributor", + "value": "SPDX Technical Team Members" + }, + { + "name": "spdx:file:contributor", + "value": "Open Logic Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Source Auditor Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Black Duck Software In.c" + } + ] + }, + { + "type": "file", + "name": "./lib-source/commons-lang3-3.1-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "Copyright 2001-2011 The Apache Software Foundation", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-CommonsLangSrc" + }, + { + "name": "spdx:comment", + "value": "This file is used by Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:notice-text", + "value": "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" + } + ] + }, + { + "type": "file", + "name": "./lib-source/jena-2.6.3-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-JenaLib" + }, + { + "name": "spdx:comment", + "value": "This file belongs to Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-comments", + "value": "This license is used by Jena" + }, + { + "name": "spdx:license-concluded", + "value": "LicenseRef-1" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:contributor", + "value": "Hewlett Packard Inc." + } + ] + }, + { + "type": "file", + "name": "./package/foo.c", + "hashes": [ + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-1", + "content": "d6a770ba38583ed4bb4525bd96e50461655d2758" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-File" + }, + { + "name": "spdx:comment", + "value": "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory." + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: File Commenter\",\"Comment\":\"File level annotation\"}" + }, + { + "name": "spdx:license-comments", + "value": "The concluded license was taken from the package level that the file was included in." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-2)" + }, + { + "name": "spdx:file:contributor", + "value": "The Regents of the University of California" + }, + { + "name": "spdx:file:contributor", + "value": "Modified by Paul Mundt lethal@linux-sh.org" + }, + { + "name": "spdx:file:contributor", + "value": "IBM Corporation" + }, + { + "name": "spdx:file:notice-text", + "value": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf.json new file mode 100644 index 0000000000..f81b3e643e --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf.json @@ -0,0 +1,577 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report", + "title": "CycloneDX BOM Report", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "6ee2405d5989a8a247a146594423542db865fb915d4896a411a783460935e3d6" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "type": "library", + "supplier": { + "name": "Jane Doe", + "contact": [ + { + "email": "jane.doe@example.com" + } + ] + }, + "author": "ExampleCodeInspect", + "name": "glibc", + "version": "2.11.1", + "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + }, + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-256", + "content": "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" + } + ], + "licenses": [ + { + "expression": "(LGPL-2.0-only AND LicenseRef-3)" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "externalReferences": [ + { + "url": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + "type": "distribution" + }, + { + "url": "http://ftp.gnu.org/gnu/glibc", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Package" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: Package Commenter\",\"Comment\":\"Package level annotation\"}" + }, + { + "name": "spdx:files-analyzed", + "value": "true" + }, + { + "name": "spdx:license-comments", + "value": "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-3)" + }, + { + "name": "spdx:package:file-name", + "value": "glibc-2.11.1.tar.gz" + }, + { + "name": "spdx:package:verification-code:value", + "value": "d6a770ba38583ed4bb4525bd96e50461655d2758" + }, + { + "name": "spdx:package:verification-code:excluded-file", + "value": "./package.spdx" + }, + { + "name": "spdx:package:source-info", + "value": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git." + }, + { + "name": "spdx:package:summary", + "value": "GNU C library." + }, + { + "name": "spdx:package:originator:organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:package:originator:email", + "value": "contact@example.com" + }, + { + "name": "spdx:external-reference:other:http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", + "value": "acmecorp/acmenator/4.1.3-alpha This is the external ref for Acme" + }, + { + "name": "spdx:download-location", + "value": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz" + }, + { + "name": "spdx:homepage", + "value": "http://ftp.gnu.org/gnu/glibc" + } + ], + "evidence": { + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "VGhpcyBwYWNrYWdlIGluY2x1ZGVzIHRoZSBHUkRETCBwYXJzZXIgZGV2ZWxvcGVkIGJ5IEhld2xldHQgUGFja2FyZCB1bmRlciB0aGUgZm9sbG93aW5nIGxpY2Vuc2U6Cu+/vSBDb3B5cmlnaHQgMjAwNyBIZXdsZXR0LVBhY2thcmQgRGV2ZWxvcG1lbnQgQ29tcGFueSwgTFAKClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dCBtb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlIG1ldDogCgpSZWRpc3RyaWJ1dGlvbnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuIApSZWRpc3RyaWJ1dGlvbnMgaW4gYmluYXJ5IGZvcm0gbXVzdCByZXByb2R1Y2UgdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIgaW4gdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZSBkaXN0cmlidXRpb24uIApUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uIApUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBBVVRIT1IgYGBBUyBJUycnIEFORCBBTlkgRVhQUkVTUyBPUiBJTVBMSUVEIFdBUlJBTlRJRVMsIElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBUSEUgSU1QTElFRCBXQVJSQU5USUVTIE9GIE1FUkNIQU5UQUJJTElUWSBBTkQgRklUTkVTUyBGT1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UgQVJFIERJU0NMQUlNRUQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBBVVRIT1IgQkUgTElBQkxFIEZPUiBBTlkgRElSRUNULCBJTkRJUkVDVCwgSU5DSURFTlRBTCwgU1BFQ0lBTCwgRVhFTVBMQVJZLCBPUiBDT05TRVFVRU5USUFMIERBTUFHRVMgKElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBQUk9DVVJFTUVOVCBPRiBTVUJTVElUVVRFIEdPT0RTIE9SIFNFUlZJQ0VTOyBMT1NTIE9GIFVTRSwgREFUQSwgT1IgUFJPRklUUzsgT1IgQlVTSU5FU1MgSU5URVJSVVBUSU9OKSBIT1dFVkVSIENBVVNFRCBBTkQgT04gQU5ZIFRIRU9SWSBPRiBMSUFCSUxJVFksIFdIRVRIRVIgSU4gQ09OVFJBQ1QsIFNUUklDVCBMSUFCSUxJVFksIE9SIFRPUlQgKElOQ0xVRElORyBORUdMSUdFTkNFIE9SIE9USEVSV0lTRSkgQVJJU0lORyBJTiBBTlkgV0FZIE9VVCBPRiBUSEUgVVNFIE9GIFRISVMgU09GVFdBUkUsIEVWRU4gSUYgQURWSVNFRCBPRiBUSEUgUE9TU0lCSUxJVFkgT0YgU1VDSCBEQU1BR0Uu" + } + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "LyoKICogKGMpIENvcHlyaWdodCAyMDAwLCAyMDAxLCAyMDAyLCAyMDAzLCAyMDA0LCAyMDA1LCAyMDA2LCAyMDA3LCAyMDA4LCAyMDA5IEhld2xldHQtUGFja2FyZCBEZXZlbG9wbWVudCBDb21wYW55LCBMUAogKiBBbGwgcmlnaHRzIHJlc2VydmVkLgogKgogKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKICogbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zCiAqIGFyZSBtZXQ6CiAqIDEuIFJlZGlzdHJpYnV0aW9ucyBvZiBzb3VyY2UgY29kZSBtdXN0IHJldGFpbiB0aGUgYWJvdmUgY29weXJpZ2h0CiAqICAgIG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lci4KICogMi4gUmVkaXN0cmlidXRpb25zIGluIGJpbmFyeSBmb3JtIG11c3QgcmVwcm9kdWNlIHRoZSBhYm92ZSBjb3B5cmlnaHQKICogICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluIHRoZQogKiAgICBkb2N1bWVudGF0aW9uIGFuZC9vciBvdGhlciBtYXRlcmlhbHMgcHJvdmlkZWQgd2l0aCB0aGUgZGlzdHJpYnV0aW9uLgogKiAzLiBUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMKICogICAgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCiAqCiAqIFRISVMgU09GVFdBUkUgSVMgUFJPVklERUQgQlkgVEhFIEFVVEhPUiBgYEFTIElTJycgQU5EIEFOWSBFWFBSRVNTIE9SCiAqIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMKICogT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4KICogSU4gTk8gRVZFTlQgU0hBTEwgVEhFIEFVVEhPUiBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULAogKiBJTkNJREVOVEFMLCBTUEVDSUFMLCBFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQKICogTk9UIExJTUlURUQgVE8sIFBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLAogKiBEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkKICogVEhFT1JZIE9GIExJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVAogKiAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YKICogVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4KKi8=" + } + } + } + ], + "copyright": [ + { + "text": "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." + } + ] + } + }, + { + "type": "library", + "name": "Apache Commons Lang", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://commons.apache.org/proper/commons-lang/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-1" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://commons.apache.org/proper/commons-lang/" + } + ] + }, + { + "type": "library", + "name": "Jena", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://www.openjena.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-0" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://www.openjena.org/" + } + ] + }, + { + "type": "library", + "name": "Saxon", + "version": "8.8", + "description": "The Saxon package is a collection of tools for processing XML documents.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + } + ], + "licenses": [ + { + "expression": "MPL-1.0" + } + ], + "copyright": "Copyright Saxonica Ltd", + "externalReferences": [ + { + "url": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + "type": "distribution" + }, + { + "url": "http://saxon.sourceforge.net/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Saxon" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-comments", + "value": "Other versions available for a commercial license" + }, + { + "name": "spdx:license-concluded", + "value": "MPL-1.0" + }, + { + "name": "spdx:package:file-name", + "value": "saxonB-8.8.zip" + }, + { + "name": "spdx:download-location", + "value": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download" + }, + { + "name": "spdx:homepage", + "value": "http://saxon.sourceforge.net/" + } + ] + }, + { + "type": "file", + "name": "./src/org/spdx/parser/DOAPProject.java", + "hashes": [ + { + "alg": "SHA-1", + "content": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + } + ], + "copyright": "Copyright 2010, 2011 Source Auditor Inc.", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DoapSource" + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Protecode Inc." + }, + { + "name": "spdx:file:contributor", + "value": "SPDX Technical Team Members" + }, + { + "name": "spdx:file:contributor", + "value": "Open Logic Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Source Auditor Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Black Duck Software In.c" + } + ] + }, + { + "type": "file", + "name": "./lib-source/commons-lang3-3.1-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "Copyright 2001-2011 The Apache Software Foundation", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-CommonsLangSrc" + }, + { + "name": "spdx:comment", + "value": "This file is used by Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:notice-text", + "value": "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" + } + ] + }, + { + "type": "file", + "name": "./lib-source/jena-2.6.3-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-JenaLib" + }, + { + "name": "spdx:comment", + "value": "This file belongs to Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-comments", + "value": "This license is used by Jena" + }, + { + "name": "spdx:license-concluded", + "value": "LicenseRef-1" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:contributor", + "value": "Hewlett Packard Inc." + } + ] + }, + { + "type": "file", + "name": "./package/foo.c", + "hashes": [ + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-1", + "content": "d6a770ba38583ed4bb4525bd96e50461655d2758" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-File" + }, + { + "name": "spdx:comment", + "value": "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory." + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: File Commenter\",\"Comment\":\"File level annotation\"}" + }, + { + "name": "spdx:license-comments", + "value": "The concluded license was taken from the package level that the file was included in." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-2)" + }, + { + "name": "spdx:file:contributor", + "value": "The Regents of the University of California" + }, + { + "name": "spdx:file:contributor", + "value": "Modified by Paul Mundt lethal@linux-sh.org" + }, + { + "name": "spdx:file:contributor", + "value": "IBM Corporation" + }, + { + "name": "spdx:file:notice-text", + "value": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." + } + ] + } + ], + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "metadata": { + "timestamp": "2010-01-29T18:30:22Z", + "tools": [ + { + "name": "LicenseFind", + "version": "1.0" + } + ], + "authors": [ + { + "name": "ExampleCodeInspect", + "email": "" + }, + { + "name": "Jane Doe", + "email": "" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DOCUMENT" + }, + { + "name": "spdx:document:spdx-version", + "value": "SPDX-2.2" + }, + { + "name": "spdx:comment", + "value": "This document was created using SPDX 2.0 using licenses from the web site." + }, + { + "name": "spdx:document:name", + "value": "SPDX-Tools-v2.0" + }, + { + "name": "spdx:document:document-namespace", + "value": "http://spdx.org/spdxdocs/spdx-example-json-2.2-444504E0-4F89-41D3-9A0C-0305E82C3301" + }, + { + "name": "spdx:creation-info:comment", + "value": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries." + }, + { + "name": "spdx:creation-info:creators-organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:creation-info:license-list-version", + "value": "3.9" + }, + { + "name": "spdx:document:external-document-ref", + "value": "{\"ExternalDocumentId\":\"DocumentRef-spdx-tool-1.2\",\"Checksum\":{\"Algorithm\":1,\"ChecksumValue\":\"d6a770ba38583ed4bb4525bd96e50461655d2759\"},\"SpdxDocument\":\"http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2010-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: Jane Doe ()\",\"Comment\":\"Document level annotation\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-03-13T00:00:00Z\",\"AnnotationType\":1,\"Annotator\":\"Person: Suzanne Reviewer\",\"Comment\":\"Another example reviewer.\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2010-02-10T00:00:00Z\",\"AnnotationType\":1,\"Annotator\":\"Person: Joe Reviewer\",\"Comment\":\"This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses\"}" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-File" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-Package" + } + ] + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf-withraw.json new file mode 100644 index 0000000000..32b1c6d73c --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf-withraw.json @@ -0,0 +1,3072 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report: container/1d098408640ab242", + "title": "alpine CycloneDX BOM Report", + "version": "sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "f57879a123b5e7ca79958826037eca3b44402838eab9c4418280c4abc06ec12e" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { + "name": "syft:metadata:installedSize", + "value": "331776" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1zwvKMnYs1b6ZdPTBJ0Z7D5P3jyA=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "alpine-baselayout-data=3.4.3-r1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "/bin/sh" + }, + { + "name": "syft:metadata:size", + "value": "8914" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout-data", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout-data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { + "name": "syft:metadata:installedSize", + "value": "77824" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1YCAH7jdO2W816b85sUh9Z8av4Cc=" + }, + { + "name": "syft:metadata:size", + "value": "11705" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c3e1269ff75aa1d8", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-keys", + "version": "2.4-r1", + "description": "Public keys for Alpine Linux packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://alpinelinux.org", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "aab68f8c9ab434a46710de8e12fb3206e2930a59" + }, + { + "name": "syft:metadata:installedSize", + "value": "159744" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-keys" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q17Do9XvTHoWjQlRYJe7MhnKd8FTQ=" + }, + { + "name": "syft:metadata:size", + "value": "13360" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "type": "library", + "publisher": "Natanael Copa ", + "name": "apk-tools", + "version": "2.14.0-r2", + "description": "Alpine Package Keeper - package manager for alpine", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:apk-tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/apk-tools", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk-tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "cbaf845cd82388decc932885aa5b6d695bd8a306" + }, + { + "name": "syft:metadata:installedSize", + "value": "311296" + }, + { + "name": "syft:metadata:originPackage", + "value": "apk-tools" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libapk.so.2.14.0=2.14.0" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:apk=2.14.0-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1jN4l8jnr9pHNE1o5VOUZPBrCrhM=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl>=1.2.3_git20230424" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "ca-certificates-bundle" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:3", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:4", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:pullDependencies:5", + "value": "so:libz.so.1" + }, + { + "name": "syft:metadata:size", + "value": "125679" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox", + "version": "1.36.1-r2", + "description": "Size optimized toolbox of many common UNIX utilities", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:busybox:busybox:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "946176" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1gQ/L3UBnSjgkFWEHQaUkUDubqdI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "510086" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox-binsh", + "version": "1.36.1-r2", + "description": "busybox ash /bin/sh", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "8192" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "/bin/sh" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:sh=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1ng9K4zeuARW5It8leWhwxor0cRQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:size", + "value": "1543" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "type": "library", + "publisher": "Natanael Copa ", + "name": "ca-certificates-bundle", + "version": "20230506-r0", + "description": "Pre generated bundle of Mozilla certificates", + "licenses": [ + { + "expression": "MPL-2.0 AND MIT" + } + ], + "cpe": "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "59534a02716a92a10d177a118c34066162eff4a6" + }, + { + "name": "syft:metadata:installedSize", + "value": "237568" + }, + { + "name": "syft:metadata:originPackage", + "value": "ca-certificates" + }, + { + "name": "syft:metadata:provides:0", + "value": "ca-certificates-cacert=20230506-r0" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1R/SF0IZwqesh6/EOcK5l3EOrbD0=" + }, + { + "name": "syft:metadata:size", + "value": "126311" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "type": "library", + "publisher": "Natanael Copa ", + "name": "libc-utils", + "version": "0.7.2-r5", + "description": "Meta package to pull in correct libc", + "licenses": [ + { + "expression": "BSD-2-Clause AND BSD-3-Clause" + } + ], + "cpe": "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://alpinelinux.org", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc-utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "988f183cc9d6699930c3e18ccf4a9e36010afb56" + }, + { + "name": "syft:metadata:installedSize", + "value": "4096" + }, + { + "name": "syft:metadata:originPackage", + "value": "libc-dev" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1Llna/ri8oHhlQIRsaG8SGug0ikI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl-utils" + }, + { + "name": "syft:metadata:size", + "value": "1484" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libcrypto3", + "version": "3.1.2-r0", + "description": "Crypto library from openssl", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:libcrypto3:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.openssl.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto3:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { + "name": "syft:metadata:installedSize", + "value": "4575232" + }, + { + "name": "syft:metadata:originPackage", + "value": "openssl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libcrypto.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1NsXXS8muNMooXArl1YhRLj5Rvno=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "1740170" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libssl3", + "version": "3.1.2-r0", + "description": "SSL shared libraries", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:libssl3:libssl3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.openssl.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl3:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { + "name": "syft:metadata:installedSize", + "value": "565248" + }, + { + "name": "syft:metadata:originPackage", + "value": "openssl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libssl.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q16d3kU5nHnWY7SeXMWOWZGiQjKcg=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:size", + "value": "236713" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:musl-libc:musl:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://musl.libc.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_libc:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { + "name": "syft:metadata:installedSize", + "value": "634880" + }, + { + "name": "syft:metadata:originPackage", + "value": "musl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libc.musl-x86_64.so.1=1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q12qHLEadu7QpBuz8kHB5EDF3mKB4=" + }, + { + "name": "syft:metadata:size", + "value": "390477" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl-utils", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { + "expression": "MIT AND BSD-2-Clause AND GPL-2.0-or-later" + } + ], + "cpe": "cpe:2.3:a:musl-utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://musl.libc.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { + "name": "syft:metadata:installedSize", + "value": "135168" + }, + { + "name": "syft:metadata:originPackage", + "value": "musl" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:getconf=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:getent=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:2", + "value": "cmd:iconv=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:3", + "value": "cmd:ldconfig=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:4", + "value": "cmd:ldd=1.2.4-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1x4sUHXjWjUzYP5FPvJL1HWBjL1M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "scanelf" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "36691" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "type": "library", + "publisher": "Natanael Copa ", + "name": "scanelf", + "version": "1.3.7-r1", + "description": "Scan ELF binaries for stuff", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:scanelf:scanelf:1.3.7-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { + "name": "syft:metadata:installedSize", + "value": "90112" + }, + { + "name": "syft:metadata:originPackage", + "value": "pax-utils" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:scanelf=1.3.7-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q14nq9o4+uo2NaLbTVDQB3UeooC0M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "35664" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "type": "library", + "publisher": "Sören Tempel ", + "name": "ssl_client", + "version": "1.36.1-r2", + "description": "EXternal ssl_client for busybox wget", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:ssl-client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl-client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "28672" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:ssl_client=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1j6LHWpavmnFtpYjzQkH7apSIVOc=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:size", + "value": "4944" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "type": "library", + "publisher": "Natanael Copa ", + "name": "zlib", + "version": "1.2.13-r1", + "description": "A compression/decompression Library", + "licenses": [ + { + "license": { + "id": "Zlib" + } + } + ], + "cpe": "cpe:2.3:a:zlib:zlib:1.2.13-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://zlib.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { + "name": "syft:metadata:installedSize", + "value": "110592" + }, + { + "name": "syft:metadata:originPackage", + "value": "zlib" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libz.so.1=1.2.13" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1JlboSJkrN4qkDcokr4zenpcWEXQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "54253" + } + ] + }, + { + "bom-ref": "os:alpine@3.18.3", + "type": "operating-system", + "name": "alpine", + "version": "3.18.3", + "description": "Alpine Linux v3.18", + "swid": { + "tagId": "alpine", + "name": "alpine", + "version": "3.18.3" + }, + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues", + "type": "issue-tracker" + }, + { + "url": "https://alpinelinux.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "syft:distro:id", + "value": "alpine" + }, + { + "name": "syft:distro:prettyName", + "value": "Alpine Linux v3.18" + }, + { + "name": "syft:distro:versionID", + "value": "3.18.3" + } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "dependsOn": [ + "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca" + ] + }, + { + "ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "dependsOn": [ + "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc" + ] + }, + { + "ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "dependsOn": [ + "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5" + ] + }, + { + "ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "dependsOn": [ + "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6" + ] + }, + { + "ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970" + ] + }, + { + "ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + } + ], + "data": { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:600bf98a-94fb-4a9c-b7b5-0bae4f32aeb7", + "version": 1, + "metadata": { + "timestamp": "2024-08-19T08:25:05-04:00", + "tools": { + "components": [ + { + "type": "application", + "author": "anchore", + "name": "syft", + "version": "1.11.0" + } + ] + }, + "component": { + "bom-ref": "1d098408640ab242", + "type": "container", + "name": "alpine", + "version": "sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33" + } + } + } + } + ], + "raw": { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:600bf98a-94fb-4a9c-b7b5-0bae4f32aeb7", + "version": 1, + "metadata": { + "timestamp": "2024-08-19T08:25:05-04:00", + "tools": { + "components": [ + { + "type": "application", + "author": "anchore", + "name": "syft", + "version": "1.11.0" + } + ] + }, + "component": { + "bom-ref": "1d098408640ab242", + "type": "container", + "name": "alpine", + "version": "sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33" + } + }, + "components": [ + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { + "name": "syft:metadata:installedSize", + "value": "331776" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1zwvKMnYs1b6ZdPTBJ0Z7D5P3jyA=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "alpine-baselayout-data=3.4.3-r1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "/bin/sh" + }, + { + "name": "syft:metadata:size", + "value": "8914" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout-data", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout-data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { + "name": "syft:metadata:installedSize", + "value": "77824" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1YCAH7jdO2W816b85sUh9Z8av4Cc=" + }, + { + "name": "syft:metadata:size", + "value": "11705" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c3e1269ff75aa1d8", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-keys", + "version": "2.4-r1", + "description": "Public keys for Alpine Linux packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://alpinelinux.org", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "aab68f8c9ab434a46710de8e12fb3206e2930a59" + }, + { + "name": "syft:metadata:installedSize", + "value": "159744" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-keys" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q17Do9XvTHoWjQlRYJe7MhnKd8FTQ=" + }, + { + "name": "syft:metadata:size", + "value": "13360" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "type": "library", + "publisher": "Natanael Copa ", + "name": "apk-tools", + "version": "2.14.0-r2", + "description": "Alpine Package Keeper - package manager for alpine", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:apk-tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/apk-tools", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk-tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "cbaf845cd82388decc932885aa5b6d695bd8a306" + }, + { + "name": "syft:metadata:installedSize", + "value": "311296" + }, + { + "name": "syft:metadata:originPackage", + "value": "apk-tools" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libapk.so.2.14.0=2.14.0" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:apk=2.14.0-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1jN4l8jnr9pHNE1o5VOUZPBrCrhM=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl>=1.2.3_git20230424" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "ca-certificates-bundle" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:3", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:4", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:pullDependencies:5", + "value": "so:libz.so.1" + }, + { + "name": "syft:metadata:size", + "value": "125679" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox", + "version": "1.36.1-r2", + "description": "Size optimized toolbox of many common UNIX utilities", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:busybox:busybox:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "946176" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1gQ/L3UBnSjgkFWEHQaUkUDubqdI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "510086" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox-binsh", + "version": "1.36.1-r2", + "description": "busybox ash /bin/sh", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "8192" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "/bin/sh" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:sh=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1ng9K4zeuARW5It8leWhwxor0cRQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:size", + "value": "1543" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "type": "library", + "publisher": "Natanael Copa ", + "name": "ca-certificates-bundle", + "version": "20230506-r0", + "description": "Pre generated bundle of Mozilla certificates", + "licenses": [ + { + "expression": "MPL-2.0 AND MIT" + } + ], + "cpe": "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "59534a02716a92a10d177a118c34066162eff4a6" + }, + { + "name": "syft:metadata:installedSize", + "value": "237568" + }, + { + "name": "syft:metadata:originPackage", + "value": "ca-certificates" + }, + { + "name": "syft:metadata:provides:0", + "value": "ca-certificates-cacert=20230506-r0" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1R/SF0IZwqesh6/EOcK5l3EOrbD0=" + }, + { + "name": "syft:metadata:size", + "value": "126311" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "type": "library", + "publisher": "Natanael Copa ", + "name": "libc-utils", + "version": "0.7.2-r5", + "description": "Meta package to pull in correct libc", + "licenses": [ + { + "expression": "BSD-2-Clause AND BSD-3-Clause" + } + ], + "cpe": "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://alpinelinux.org", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc-utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "988f183cc9d6699930c3e18ccf4a9e36010afb56" + }, + { + "name": "syft:metadata:installedSize", + "value": "4096" + }, + { + "name": "syft:metadata:originPackage", + "value": "libc-dev" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1Llna/ri8oHhlQIRsaG8SGug0ikI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl-utils" + }, + { + "name": "syft:metadata:size", + "value": "1484" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libcrypto3", + "version": "3.1.2-r0", + "description": "Crypto library from openssl", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:libcrypto3:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.openssl.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto3:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { + "name": "syft:metadata:installedSize", + "value": "4575232" + }, + { + "name": "syft:metadata:originPackage", + "value": "openssl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libcrypto.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1NsXXS8muNMooXArl1YhRLj5Rvno=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "1740170" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libssl3", + "version": "3.1.2-r0", + "description": "SSL shared libraries", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:libssl3:libssl3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.openssl.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl3:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { + "name": "syft:metadata:installedSize", + "value": "565248" + }, + { + "name": "syft:metadata:originPackage", + "value": "openssl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libssl.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q16d3kU5nHnWY7SeXMWOWZGiQjKcg=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:size", + "value": "236713" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:musl-libc:musl:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://musl.libc.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_libc:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { + "name": "syft:metadata:installedSize", + "value": "634880" + }, + { + "name": "syft:metadata:originPackage", + "value": "musl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libc.musl-x86_64.so.1=1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q12qHLEadu7QpBuz8kHB5EDF3mKB4=" + }, + { + "name": "syft:metadata:size", + "value": "390477" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl-utils", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { + "expression": "MIT AND BSD-2-Clause AND GPL-2.0-or-later" + } + ], + "cpe": "cpe:2.3:a:musl-utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://musl.libc.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { + "name": "syft:metadata:installedSize", + "value": "135168" + }, + { + "name": "syft:metadata:originPackage", + "value": "musl" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:getconf=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:getent=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:2", + "value": "cmd:iconv=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:3", + "value": "cmd:ldconfig=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:4", + "value": "cmd:ldd=1.2.4-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1x4sUHXjWjUzYP5FPvJL1HWBjL1M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "scanelf" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "36691" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "type": "library", + "publisher": "Natanael Copa ", + "name": "scanelf", + "version": "1.3.7-r1", + "description": "Scan ELF binaries for stuff", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:scanelf:scanelf:1.3.7-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { + "name": "syft:metadata:installedSize", + "value": "90112" + }, + { + "name": "syft:metadata:originPackage", + "value": "pax-utils" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:scanelf=1.3.7-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q14nq9o4+uo2NaLbTVDQB3UeooC0M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "35664" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "type": "library", + "publisher": "Sören Tempel ", + "name": "ssl_client", + "version": "1.36.1-r2", + "description": "EXternal ssl_client for busybox wget", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:ssl-client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl-client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "28672" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:ssl_client=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1j6LHWpavmnFtpYjzQkH7apSIVOc=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:size", + "value": "4944" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "type": "library", + "publisher": "Natanael Copa ", + "name": "zlib", + "version": "1.2.13-r1", + "description": "A compression/decompression Library", + "licenses": [ + { + "license": { + "id": "Zlib" + } + } + ], + "cpe": "cpe:2.3:a:zlib:zlib:1.2.13-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://zlib.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { + "name": "syft:metadata:installedSize", + "value": "110592" + }, + { + "name": "syft:metadata:originPackage", + "value": "zlib" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libz.so.1=1.2.13" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1JlboSJkrN4qkDcokr4zenpcWEXQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "54253" + } + ] + }, + { + "bom-ref": "os:alpine@3.18.3", + "type": "operating-system", + "name": "alpine", + "version": "3.18.3", + "description": "Alpine Linux v3.18", + "swid": { + "tagId": "alpine", + "name": "alpine", + "version": "3.18.3" + }, + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues", + "type": "issue-tracker" + }, + { + "url": "https://alpinelinux.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "syft:distro:id", + "value": "alpine" + }, + { + "name": "syft:distro:prettyName", + "value": "Alpine Linux v3.18" + }, + { + "name": "syft:distro:versionID", + "value": "3.18.3" + } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "dependsOn": [ + "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca" + ] + }, + { + "ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "dependsOn": [ + "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc" + ] + }, + { + "ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "dependsOn": [ + "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5" + ] + }, + { + "ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "dependsOn": [ + "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6" + ] + }, + { + "ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970" + ] + }, + { + "ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf.json new file mode 100644 index 0000000000..9d793fb7c9 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf.json @@ -0,0 +1,1550 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report: container/1d098408640ab242", + "title": "alpine CycloneDX BOM Report", + "version": "sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "f57879a123b5e7ca79958826037eca3b44402838eab9c4418280c4abc06ec12e" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { + "name": "syft:metadata:installedSize", + "value": "331776" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1zwvKMnYs1b6ZdPTBJ0Z7D5P3jyA=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "alpine-baselayout-data=3.4.3-r1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "/bin/sh" + }, + { + "name": "syft:metadata:size", + "value": "8914" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout-data", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout-data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { + "name": "syft:metadata:installedSize", + "value": "77824" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1YCAH7jdO2W816b85sUh9Z8av4Cc=" + }, + { + "name": "syft:metadata:size", + "value": "11705" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c3e1269ff75aa1d8", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-keys", + "version": "2.4-r1", + "description": "Public keys for Alpine Linux packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://alpinelinux.org", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "aab68f8c9ab434a46710de8e12fb3206e2930a59" + }, + { + "name": "syft:metadata:installedSize", + "value": "159744" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-keys" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q17Do9XvTHoWjQlRYJe7MhnKd8FTQ=" + }, + { + "name": "syft:metadata:size", + "value": "13360" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "type": "library", + "publisher": "Natanael Copa ", + "name": "apk-tools", + "version": "2.14.0-r2", + "description": "Alpine Package Keeper - package manager for alpine", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:apk-tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/apk-tools", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk-tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "cbaf845cd82388decc932885aa5b6d695bd8a306" + }, + { + "name": "syft:metadata:installedSize", + "value": "311296" + }, + { + "name": "syft:metadata:originPackage", + "value": "apk-tools" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libapk.so.2.14.0=2.14.0" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:apk=2.14.0-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1jN4l8jnr9pHNE1o5VOUZPBrCrhM=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl>=1.2.3_git20230424" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "ca-certificates-bundle" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:3", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:4", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:pullDependencies:5", + "value": "so:libz.so.1" + }, + { + "name": "syft:metadata:size", + "value": "125679" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox", + "version": "1.36.1-r2", + "description": "Size optimized toolbox of many common UNIX utilities", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:busybox:busybox:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "946176" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1gQ/L3UBnSjgkFWEHQaUkUDubqdI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "510086" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox-binsh", + "version": "1.36.1-r2", + "description": "busybox ash /bin/sh", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "8192" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "/bin/sh" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:sh=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1ng9K4zeuARW5It8leWhwxor0cRQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:size", + "value": "1543" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "type": "library", + "publisher": "Natanael Copa ", + "name": "ca-certificates-bundle", + "version": "20230506-r0", + "description": "Pre generated bundle of Mozilla certificates", + "licenses": [ + { + "expression": "MPL-2.0 AND MIT" + } + ], + "cpe": "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "59534a02716a92a10d177a118c34066162eff4a6" + }, + { + "name": "syft:metadata:installedSize", + "value": "237568" + }, + { + "name": "syft:metadata:originPackage", + "value": "ca-certificates" + }, + { + "name": "syft:metadata:provides:0", + "value": "ca-certificates-cacert=20230506-r0" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1R/SF0IZwqesh6/EOcK5l3EOrbD0=" + }, + { + "name": "syft:metadata:size", + "value": "126311" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "type": "library", + "publisher": "Natanael Copa ", + "name": "libc-utils", + "version": "0.7.2-r5", + "description": "Meta package to pull in correct libc", + "licenses": [ + { + "expression": "BSD-2-Clause AND BSD-3-Clause" + } + ], + "cpe": "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://alpinelinux.org", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc-utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "988f183cc9d6699930c3e18ccf4a9e36010afb56" + }, + { + "name": "syft:metadata:installedSize", + "value": "4096" + }, + { + "name": "syft:metadata:originPackage", + "value": "libc-dev" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1Llna/ri8oHhlQIRsaG8SGug0ikI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl-utils" + }, + { + "name": "syft:metadata:size", + "value": "1484" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libcrypto3", + "version": "3.1.2-r0", + "description": "Crypto library from openssl", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:libcrypto3:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.openssl.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto3:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { + "name": "syft:metadata:installedSize", + "value": "4575232" + }, + { + "name": "syft:metadata:originPackage", + "value": "openssl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libcrypto.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1NsXXS8muNMooXArl1YhRLj5Rvno=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "1740170" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libssl3", + "version": "3.1.2-r0", + "description": "SSL shared libraries", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:libssl3:libssl3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.openssl.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl3:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { + "name": "syft:metadata:installedSize", + "value": "565248" + }, + { + "name": "syft:metadata:originPackage", + "value": "openssl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libssl.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q16d3kU5nHnWY7SeXMWOWZGiQjKcg=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:size", + "value": "236713" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:musl-libc:musl:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://musl.libc.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_libc:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { + "name": "syft:metadata:installedSize", + "value": "634880" + }, + { + "name": "syft:metadata:originPackage", + "value": "musl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libc.musl-x86_64.so.1=1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q12qHLEadu7QpBuz8kHB5EDF3mKB4=" + }, + { + "name": "syft:metadata:size", + "value": "390477" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl-utils", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { + "expression": "MIT AND BSD-2-Clause AND GPL-2.0-or-later" + } + ], + "cpe": "cpe:2.3:a:musl-utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://musl.libc.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { + "name": "syft:metadata:installedSize", + "value": "135168" + }, + { + "name": "syft:metadata:originPackage", + "value": "musl" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:getconf=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:getent=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:2", + "value": "cmd:iconv=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:3", + "value": "cmd:ldconfig=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:4", + "value": "cmd:ldd=1.2.4-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1x4sUHXjWjUzYP5FPvJL1HWBjL1M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "scanelf" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "36691" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "type": "library", + "publisher": "Natanael Copa ", + "name": "scanelf", + "version": "1.3.7-r1", + "description": "Scan ELF binaries for stuff", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:scanelf:scanelf:1.3.7-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { + "name": "syft:metadata:installedSize", + "value": "90112" + }, + { + "name": "syft:metadata:originPackage", + "value": "pax-utils" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:scanelf=1.3.7-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q14nq9o4+uo2NaLbTVDQB3UeooC0M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "35664" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "type": "library", + "publisher": "Sören Tempel ", + "name": "ssl_client", + "version": "1.36.1-r2", + "description": "EXternal ssl_client for busybox wget", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:ssl-client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl-client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "28672" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:ssl_client=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1j6LHWpavmnFtpYjzQkH7apSIVOc=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:size", + "value": "4944" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "type": "library", + "publisher": "Natanael Copa ", + "name": "zlib", + "version": "1.2.13-r1", + "description": "A compression/decompression Library", + "licenses": [ + { + "license": { + "id": "Zlib" + } + } + ], + "cpe": "cpe:2.3:a:zlib:zlib:1.2.13-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://zlib.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { + "name": "syft:metadata:installedSize", + "value": "110592" + }, + { + "name": "syft:metadata:originPackage", + "value": "zlib" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libz.so.1=1.2.13" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1JlboSJkrN4qkDcokr4zenpcWEXQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "54253" + } + ] + }, + { + "bom-ref": "os:alpine@3.18.3", + "type": "operating-system", + "name": "alpine", + "version": "3.18.3", + "description": "Alpine Linux v3.18", + "swid": { + "tagId": "alpine", + "name": "alpine", + "version": "3.18.3" + }, + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues", + "type": "issue-tracker" + }, + { + "url": "https://alpinelinux.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "syft:distro:id", + "value": "alpine" + }, + { + "name": "syft:distro:prettyName", + "value": "Alpine Linux v3.18" + }, + { + "name": "syft:distro:versionID", + "value": "3.18.3" + } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "dependsOn": [ + "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca" + ] + }, + { + "ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "dependsOn": [ + "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc" + ] + }, + { + "ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "dependsOn": [ + "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5" + ] + }, + { + "ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "dependsOn": [ + "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6" + ] + }, + { + "ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970" + ] + }, + { + "ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + } + ], + "data": { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:600bf98a-94fb-4a9c-b7b5-0bae4f32aeb7", + "version": 1, + "metadata": { + "timestamp": "2024-08-19T08:25:05-04:00", + "tools": { + "components": [ + { + "type": "application", + "author": "anchore", + "name": "syft", + "version": "1.11.0" + } + ] + }, + "component": { + "bom-ref": "1d098408640ab242", + "type": "container", + "name": "alpine", + "version": "sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33" + } + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts index b6e1d347c2..212849e645 100644 --- a/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts @@ -290,3 +290,125 @@ describe('sbom_mapper_vex', () => { ); }); }); + +describe('sbom_mapper_syft_alpine_container', () => { + it('Successfully converts SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/syft-scan-alpine-container.json', + { + encoding: 'utf-8' + } + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/syft-scan-alpine-container.json', + { + encoding: 'utf-8' + } + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('sbom_mapper_converted_spdx', () => { + it('Successfully converts SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/spdx-to-cyclonedx.json', + { + encoding: 'utf-8' + } + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/spdx-to-cyclonedx.json', + { + encoding: 'utf-8' + } + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); From d3a799b5199e9ef1d6e06427c41f5b664921f342 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 19 Aug 2024 11:57:54 -0400 Subject: [PATCH 57/61] Lint ignore Signed-off-by: Charles Hu --- libs/hdf-converters/src/cyclonedx-sbom-mapper.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 59bba2615b..afb1de4318 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -205,6 +205,7 @@ export class CycloneDXSBOMResults { for (const vulnerability of data.vulnerabilities) { vulnerability.affectedComponents = []; + /*eslint no-unused-vars: ["error", { "argsIgnorePattern": "^_" }]*/ vulnerability.affectedComponents.push( ...Array.from(data.components.entries()) // Find every component that is affected via listed bom-refs From 9aaceb260811ea07a18f26dd2b71b07e6ae9892e Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 19 Aug 2024 12:01:23 -0400 Subject: [PATCH 58/61] Linting Signed-off-by: Charles Hu --- libs/hdf-converters/src/cyclonedx-sbom-mapper.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index afb1de4318..226cbd554c 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -196,6 +196,7 @@ export class CycloneDXSBOMResults { ... } */ + /*eslint no-unused-vars: ["error", { "argsIgnorePattern": "^_" }]*/ generateIntermediary(data: DataStorage) { // Pull vulnerabilities from raw data data.vulnerabilities = [ @@ -205,7 +206,6 @@ export class CycloneDXSBOMResults { for (const vulnerability of data.vulnerabilities) { vulnerability.affectedComponents = []; - /*eslint no-unused-vars: ["error", { "argsIgnorePattern": "^_" }]*/ vulnerability.affectedComponents.push( ...Array.from(data.components.entries()) // Find every component that is affected via listed bom-refs From 5ded6856b6165987f0dd9c48db354cc1c11443bf Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 19 Aug 2024 12:04:27 -0400 Subject: [PATCH 59/61] Linting :( Signed-off-by: Charles Hu --- libs/hdf-converters/src/cyclonedx-sbom-mapper.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 226cbd554c..3b1c43bb90 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -196,7 +196,6 @@ export class CycloneDXSBOMResults { ... } */ - /*eslint no-unused-vars: ["error", { "argsIgnorePattern": "^_" }]*/ generateIntermediary(data: DataStorage) { // Pull vulnerabilities from raw data data.vulnerabilities = [ @@ -209,12 +208,14 @@ export class CycloneDXSBOMResults { vulnerability.affectedComponents.push( ...Array.from(data.components.entries()) // Find every component that is affected via listed bom-refs + /*eslint no-unused-vars: ["error", { "argsIgnorePattern": "^_" }]*/ .filter(([_index, component]) => [...vulnerability.affects] .map((id) => id.ref.toString()) .includes(component['bom-ref'] as string) ) // Add the index of that affected component to the corresponding vulnerability object + /*eslint no-unused-vars: ["error", { "argsIgnorePattern": "^_" }]*/ .map(([index, _component]) => index) ); From 77fc324710766ffd80f224c4105d59fc222c093d Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 19 Aug 2024 12:14:58 -0400 Subject: [PATCH 60/61] Linting rules change Signed-off-by: Charles Hu --- libs/hdf-converters/.eslintrc.js | 5 +++++ libs/hdf-converters/src/cyclonedx-sbom-mapper.ts | 2 -- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/libs/hdf-converters/.eslintrc.js b/libs/hdf-converters/.eslintrc.js index f6a0b20696..6321189123 100644 --- a/libs/hdf-converters/.eslintrc.js +++ b/libs/hdf-converters/.eslintrc.js @@ -29,5 +29,10 @@ module.exports = { ], 'object-curly-spacing': 'warn', '@typescript-eslint/no-explicit-any': 'off', + "no-unused-vars": [ + "error", { + "argsIgnorePattern": "^_" + } + ] }, }; diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 3b1c43bb90..59bba2615b 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -208,14 +208,12 @@ export class CycloneDXSBOMResults { vulnerability.affectedComponents.push( ...Array.from(data.components.entries()) // Find every component that is affected via listed bom-refs - /*eslint no-unused-vars: ["error", { "argsIgnorePattern": "^_" }]*/ .filter(([_index, component]) => [...vulnerability.affects] .map((id) => id.ref.toString()) .includes(component['bom-ref'] as string) ) // Add the index of that affected component to the corresponding vulnerability object - /*eslint no-unused-vars: ["error", { "argsIgnorePattern": "^_" }]*/ .map(([index, _component]) => index) ); From 41e4effcb4292a8c39ecab8dc9ade113f4c095c0 Mon Sep 17 00:00:00 2001 From: Charles Hu Date: Mon, 19 Aug 2024 12:22:00 -0400 Subject: [PATCH 61/61] Linting rules exception for unused vars prefixed with _ Signed-off-by: Charles Hu --- libs/hdf-converters/.eslintrc.js | 71 ++++++++++++++++---------------- 1 file changed, 36 insertions(+), 35 deletions(-) diff --git a/libs/hdf-converters/.eslintrc.js b/libs/hdf-converters/.eslintrc.js index 6321189123..f7d4afc545 100644 --- a/libs/hdf-converters/.eslintrc.js +++ b/libs/hdf-converters/.eslintrc.js @@ -1,38 +1,39 @@ module.exports = { - parser: '@typescript-eslint/parser', - parserOptions: { - project: 'tsconfig.json', - sourceType: 'module', - }, - plugins: ['@typescript-eslint/eslint-plugin'], - extends: [ - 'plugin:@typescript-eslint/eslint-recommended', - 'plugin:@typescript-eslint/recommended', - 'prettier', - 'plugin:prettier/recommended', + parser: '@typescript-eslint/parser', + parserOptions: { + project: 'tsconfig.json', + sourceType: 'module' + }, + plugins: ['@typescript-eslint/eslint-plugin'], + extends: [ + 'plugin:@typescript-eslint/eslint-recommended', + 'plugin:@typescript-eslint/recommended', + 'prettier', + 'plugin:prettier/recommended' + ], + root: true, + env: { + node: true + }, + rules: { + '@typescript-eslint/naming-convention': [ + 'warn', + { + selector: 'interface', + format: ['PascalCase'], + custom: { + regex: '^I[A-Z]', + match: true + } + } ], - root: true, - env: { - node: true, - }, - rules: { - "@typescript-eslint/naming-convention": [ - "warn", - { - "selector": "interface", - "format": ["PascalCase"], - "custom": { - "regex": "^I[A-Z]", - "match": true - } - } - ], - 'object-curly-spacing': 'warn', - '@typescript-eslint/no-explicit-any': 'off', - "no-unused-vars": [ - "error", { - "argsIgnorePattern": "^_" - } - ] - }, + 'object-curly-spacing': 'warn', + '@typescript-eslint/no-explicit-any': 'off', + '@typescript-eslint/no-unused-vars': [ + 'warn', + { + argsIgnorePattern: '^_' + } + ] + } };